diff --git a/source/libs/libwolfssl/callbacks.h b/source/libs/libwolfssl/callbacks.h index 3aa12638..77376e0f 100644 --- a/source/libs/libwolfssl/callbacks.h +++ b/source/libs/libwolfssl/callbacks.h @@ -1,6 +1,6 @@ /* callbacks.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/certs_test.h b/source/libs/libwolfssl/certs_test.h index ad7a6105..e43c6cea 100644 --- a/source/libs/libwolfssl/certs_test.h +++ b/source/libs/libwolfssl/certs_test.h @@ -98,110 +98,112 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); /* ./certs/1024/client-cert.der, 1024-bit */ static const unsigned char client_cert_der_1024[] = { - 0x30, 0x82, 0x04, 0x02, 0x30, 0x82, 0x03, 0x6B, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xC5, 0x19, 0x90, 0xA1, - 0xC9, 0x01, 0x0F, 0xB9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, - 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, - 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, - 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, - 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, - 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, - 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, - 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, - 0xA9, 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, - 0xEC, 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, - 0xEC, 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, - 0x94, 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, - 0x4D, 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, - 0x25, 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, - 0xCC, 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, - 0xDA, 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, - 0x77, 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, - 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, - 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, - 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x44, 0x30, - 0x82, 0x01, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, - 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, - 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, - 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, - 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, - 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, - 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, - 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, - 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, - 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xC5, 0x19, 0x90, 0xA1, 0xC9, 0x01, 0x0F, 0xB9, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, - 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, - 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, - 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, - 0x81, 0x00, 0x30, 0xCE, 0x46, 0x43, 0x6D, 0x70, 0xE1, 0x6D, - 0xBB, 0x8F, 0x4A, 0x05, 0x64, 0xF7, 0x2C, 0x8D, 0x0E, 0xD6, - 0xF9, 0x1E, 0xB6, 0x2A, 0x8E, 0xED, 0x52, 0xE1, 0x7C, 0x44, - 0xBF, 0x59, 0x54, 0xDA, 0x2D, 0x31, 0x4D, 0xE6, 0x79, 0xD2, - 0xD0, 0xD8, 0xB4, 0xCF, 0x5B, 0x16, 0x0A, 0x16, 0xA1, 0xBE, - 0x62, 0x9F, 0x6C, 0x24, 0x46, 0x7B, 0xB8, 0xDD, 0xB8, 0x8D, - 0x7F, 0xFE, 0xF1, 0xAC, 0x62, 0x94, 0xE0, 0x34, 0xCE, 0x4C, - 0x59, 0x3A, 0xC5, 0x5A, 0xE6, 0x40, 0xD5, 0x60, 0x7E, 0x20, - 0x5D, 0xED, 0x43, 0x92, 0xD3, 0xF3, 0xEA, 0xE0, 0xD1, 0x57, - 0xC8, 0xCE, 0x41, 0x79, 0xDB, 0x81, 0x41, 0xC6, 0xF0, 0x0E, - 0x35, 0xD4, 0x6F, 0x92, 0x58, 0x2D, 0xD6, 0xB2, 0xEC, 0xF1, - 0x88, 0xFF, 0x6D, 0xCA, 0x63, 0xD6, 0x4A, 0x8D, 0x10, 0xA6, - 0x23, 0x06, 0x77, 0x9A, 0xD5, 0xAB, 0x9D, 0x64, 0x46, 0x02 - + 0x30, 0x82, 0x04, 0x18, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x41, 0x1F, 0xEC, 0xCF, 0x49, + 0x20, 0x14, 0x81, 0xDC, 0xAB, 0x32, 0x02, 0x01, 0x6A, 0xCD, + 0x18, 0xBD, 0xF5, 0xE3, 0x53, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, + 0x81, 0x81, 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, + 0xA2, 0xA9, 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, + 0xC8, 0xEC, 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, + 0x37, 0xEC, 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, + 0xDF, 0x94, 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, + 0xE8, 0x4D, 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, + 0x77, 0x25, 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, + 0x38, 0xCC, 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, + 0xAA, 0xDA, 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, + 0xDC, 0x77, 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, + 0xBA, 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, + 0x8A, 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, + 0x3C, 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, + 0xA9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, + 0x30, 0x82, 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, + 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, + 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xDE, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, + 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, + 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, + 0xEC, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x41, 0x1F, 0xEC, 0xCF, 0x49, 0x20, 0x14, 0x81, 0xDC, 0xAB, + 0x32, 0x02, 0x01, 0x6A, 0xCD, 0x18, 0xBD, 0xF5, 0xE3, 0x53, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, + 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x81, 0x81, 0x00, 0x64, 0x0E, 0x1B, 0xA2, 0xB2, 0x39, + 0xCC, 0xDF, 0x9C, 0x63, 0x48, 0x4B, 0x58, 0x2C, 0xE5, 0xAF, + 0xE2, 0xBA, 0xD2, 0x74, 0x37, 0xF8, 0xA0, 0xC8, 0x2F, 0x62, + 0x36, 0x84, 0x49, 0x55, 0xD6, 0x8D, 0x2B, 0x4D, 0x96, 0x4F, + 0xB4, 0x2E, 0x83, 0xF9, 0x00, 0xE8, 0xCB, 0x7E, 0x04, 0xF1, + 0x19, 0xF2, 0x00, 0x24, 0x0D, 0x2B, 0xBA, 0x30, 0x89, 0x7F, + 0x8A, 0xE3, 0x64, 0xE2, 0xD5, 0x1B, 0x5A, 0x0A, 0x9D, 0x26, + 0xDB, 0xE8, 0x6A, 0x60, 0xC2, 0x79, 0xAA, 0xAD, 0x8D, 0xF1, + 0x1C, 0x2A, 0x33, 0xD4, 0x66, 0x42, 0x98, 0x7A, 0x94, 0xD4, + 0xB7, 0x2D, 0x0B, 0xCB, 0xF5, 0xB5, 0x62, 0xAE, 0xE1, 0x88, + 0x47, 0xAD, 0xEE, 0x8D, 0x32, 0xB5, 0x60, 0x1A, 0x5B, 0xA1, + 0xD3, 0xA1, 0x58, 0xCC, 0x0C, 0x40, 0x30, 0x0D, 0x05, 0xCB, + 0x4B, 0xD2, 0xE1, 0xD7, 0xCA, 0x63, 0xDE, 0xA8, 0x78, 0x56, + 0x96, 0xE7 }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -414,29 +416,70 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); /* ./certs/1024/ca-cert.der, 1024-bit */ static const unsigned char ca_cert_der_1024[] = { - 0x30, 0x82, 0x03, 0xF3, 0x30, 0x82, 0x03, 0x5C, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x97, 0x1D, 0x33, 0x11, - 0xE8, 0x40, 0x6E, 0x95, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, - 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, - 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, - 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x33, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x99, + 0x30, 0x82, 0x04, 0x09, 0x30, 0x82, 0x03, 0x72, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x0E, 0x75, 0x3B, 0x39, 0xAD, + 0x1F, 0x53, 0xD1, 0x85, 0x3B, 0x05, 0x3B, 0x11, 0x62, 0x4F, + 0xDC, 0x7B, 0x11, 0x72, 0x11, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, + 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, + 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x39, 0x31, + 0x31, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, + 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, + 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, + 0x81, 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, + 0x24, 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, + 0x16, 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, + 0x04, 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, + 0x50, 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, + 0x24, 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, + 0xA8, 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, + 0xA2, 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, + 0x54, 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, + 0x72, 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, + 0x9B, 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, + 0x94, 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, + 0xE5, 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, + 0x09, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4A, + 0x30, 0x82, 0x01, 0x46, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, + 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, + 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xD9, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD1, 0x30, 0x81, 0xCE, 0x80, + 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, + 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, + 0xA8, 0xA1, 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, @@ -452,70 +495,31 @@ static const unsigned char ca_cert_der_1024[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, - 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, - 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, - 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, - 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, - 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, - 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, - 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, - 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, - 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, - 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, - 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, - 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3F, 0x30, - 0x82, 0x01, 0x3B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, - 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, - 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, - 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, - 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, - 0xA1, 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, - 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, - 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, - 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, - 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, - 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x97, 0x1D, 0x33, 0x11, 0xE8, - 0x40, 0x6E, 0x95, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, - 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, - 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, - 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, - 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, - 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, - 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, - 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4E, 0xB1, 0x39, - 0x6A, 0x23, 0xA3, 0x65, 0x17, 0x14, 0xB6, 0x52, 0x2E, 0x86, - 0x46, 0xD5, 0x4F, 0x7C, 0xD5, 0x6C, 0xBB, 0xFA, 0x66, 0xB1, - 0x71, 0x54, 0xA1, 0xAD, 0x0E, 0xA2, 0xB7, 0xBA, 0x59, 0x65, - 0x8B, 0xD5, 0x87, 0x5D, 0x51, 0xD0, 0x65, 0xDE, 0x74, 0x04, - 0x80, 0x7C, 0xDA, 0x3A, 0x52, 0x57, 0x7A, 0x1D, 0x5D, 0x46, - 0x7A, 0x06, 0x79, 0x75, 0xE5, 0x31, 0xDD, 0x1D, 0xF6, 0x54, - 0x77, 0xFC, 0x40, 0x13, 0xA1, 0x5B, 0xFD, 0x9E, 0x7D, 0x1C, - 0xFD, 0x04, 0x4F, 0x7C, 0xEE, 0x92, 0xA2, 0x80, 0x55, 0x3C, - 0x3F, 0x2A, 0x1C, 0xBD, 0x3A, 0x37, 0x12, 0x0E, 0xFD, 0x52, - 0x60, 0x66, 0x19, 0xD5, 0x4B, 0xF6, 0x35, 0x50, 0xA3, 0x59, - 0xD3, 0x7F, 0x6D, 0x95, 0xD7, 0x56, 0x10, 0xC6, 0x86, 0x28, - 0xF4, 0x6E, 0x6D, 0xDA, 0x4E, 0x1C, 0xB4, 0xE9, 0x0B, 0x4C, - 0xED, 0x62, 0x0F, 0x64, 0x06 + 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x0E, 0x75, 0x3B, 0x39, 0xAD, + 0x1F, 0x53, 0xD1, 0x85, 0x3B, 0x05, 0x3B, 0x11, 0x62, 0x4F, + 0xDC, 0x7B, 0x11, 0x72, 0x11, 0x30, 0x0C, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, + 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, + 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xB8, + 0x80, 0xBF, 0xB2, 0xF5, 0x83, 0x95, 0x51, 0x81, 0x6A, 0x7E, + 0x41, 0x87, 0x29, 0xD7, 0xC3, 0xC9, 0xC6, 0x9B, 0x60, 0xE4, + 0x65, 0xA1, 0x04, 0x97, 0x1D, 0x1B, 0x3B, 0xE9, 0x27, 0xFA, + 0x43, 0xD6, 0x89, 0x6A, 0x3C, 0x9E, 0xBF, 0x28, 0xD1, 0x75, + 0x37, 0x21, 0xF3, 0x0D, 0x64, 0x17, 0xB2, 0xA3, 0x2D, 0x83, + 0x52, 0xFF, 0x57, 0xF0, 0x42, 0xA9, 0x48, 0xAA, 0xD8, 0x84, + 0xEA, 0x0D, 0x80, 0x05, 0x71, 0x0A, 0xAA, 0x23, 0xB4, 0x6C, + 0xC6, 0xD6, 0x7F, 0x13, 0x4A, 0xF4, 0x82, 0xB9, 0xE2, 0x81, + 0xAE, 0x46, 0x8C, 0x59, 0xFB, 0xC3, 0x8C, 0x6D, 0x5B, 0xF3, + 0x32, 0xEC, 0x86, 0xF0, 0x6E, 0xDA, 0x2A, 0x78, 0xAB, 0xF2, + 0x36, 0xFB, 0x48, 0xFA, 0x74, 0x09, 0x0E, 0x19, 0xC2, 0xBF, + 0xEB, 0xCC, 0xFB, 0xA9, 0x05, 0xC1, 0xC9, 0xE1, 0xAB, 0x8B, + 0x79, 0xF6, 0xF1, 0xAD, 0x4A, 0x9F, 0xAA }; static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024); @@ -589,7 +593,7 @@ static const int sizeof_server_key_der_1024 = sizeof(server_key_der_1024); /* ./certs/1024/server-cert.der, 1024-bit */ static const unsigned char server_cert_der_1024[] = { - 0x30, 0x82, 0x03, 0xE7, 0x30, 0x82, 0x03, 0x50, 0xA0, 0x03, + 0x30, 0x82, 0x03, 0xF2, 0x30, 0x82, 0x03, 0x5B, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -608,9 +612,9 @@ static const unsigned char server_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, - 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x31, - 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x30, + 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31, + 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x39, + 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -642,12 +646,12 @@ static const unsigned char server_cert_der_1024[] = 0xAD, 0xFD, 0x5C, 0x86, 0x73, 0xAA, 0x6B, 0x47, 0xD8, 0x8B, 0x2E, 0x58, 0x4B, 0x69, 0x12, 0x82, 0x26, 0x55, 0xE6, 0x14, 0xBF, 0x55, 0x70, 0x88, 0xFE, 0xF9, 0x75, 0xE1, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3F, 0x30, 0x82, 0x01, - 0x3B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4A, 0x30, 0x82, 0x01, + 0x46, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xD9, 0x3C, 0x35, 0xEA, 0x74, 0x0E, 0x23, 0xBE, 0x9C, 0xFC, 0xFA, 0x29, 0x90, 0x09, 0xC1, 0xE7, 0x84, 0x16, - 0x9F, 0x7C, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, 0x22, + 0x9F, 0x7C, 0x30, 0x81, 0xD9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xD1, 0x30, 0x81, 0xCE, 0x80, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, @@ -666,30 +670,31 @@ static const unsigned char server_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x09, 0x00, 0x97, 0x1D, 0x33, 0x11, 0xE8, 0x40, 0x6E, - 0x95, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, - 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, - 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, - 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, - 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, - 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, - 0x00, 0x03, 0x81, 0x81, 0x00, 0x27, 0x0A, 0x4E, 0x08, 0x8C, - 0xBA, 0x73, 0xD0, 0x05, 0xF2, 0xEA, 0xF9, 0x51, 0x8C, 0x7E, - 0x29, 0x14, 0x23, 0x8E, 0x9E, 0x9A, 0xFC, 0x46, 0x6F, 0x10, - 0x68, 0x59, 0xD9, 0xA0, 0xEA, 0x53, 0x19, 0xBD, 0x28, 0x89, - 0xE1, 0x97, 0x1E, 0x4C, 0xB8, 0x1E, 0xBE, 0x0F, 0x4D, 0x9D, - 0x1D, 0x76, 0x57, 0x17, 0x31, 0x95, 0xC2, 0x80, 0xBE, 0x04, - 0xD0, 0xC2, 0xE9, 0x5C, 0xE0, 0xF4, 0x81, 0x3F, 0xC4, 0xB0, - 0xC5, 0x86, 0xAE, 0x58, 0x68, 0xB9, 0xAE, 0x0F, 0x88, 0xE8, - 0x63, 0x6F, 0xB9, 0x08, 0xF1, 0x1B, 0x56, 0x90, 0xFB, 0x1F, - 0x2E, 0xCC, 0xE5, 0x69, 0x1F, 0x7C, 0x02, 0x4F, 0xED, 0xB0, - 0x45, 0x7C, 0x2D, 0xA8, 0x59, 0x11, 0xA5, 0x95, 0x51, 0xC7, - 0x50, 0xD8, 0x89, 0xC2, 0x90, 0x63, 0x68, 0xA8, 0x41, 0x6F, - 0xD0, 0x37, 0x26, 0x6F, 0xC8, 0x0E, 0xB5, 0xA0, 0x15, 0x9D, - 0xA5, 0xE6, 0xD2 + 0x82, 0x14, 0x0E, 0x75, 0x3B, 0x39, 0xAD, 0x1F, 0x53, 0xD1, + 0x85, 0x3B, 0x05, 0x3B, 0x11, 0x62, 0x4F, 0xDC, 0x7B, 0x11, + 0x72, 0x11, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xC0, 0x94, 0x34, 0x0D, + 0x41, 0xA3, 0x03, 0x17, 0x05, 0x08, 0xD9, 0x54, 0xD9, 0xA2, + 0xF0, 0xE9, 0x22, 0x58, 0x25, 0x50, 0x10, 0x6D, 0xDA, 0x09, + 0x2D, 0x7D, 0xFC, 0x0D, 0xC0, 0x13, 0x35, 0x0E, 0x96, 0x7F, + 0x1E, 0x38, 0xA1, 0x11, 0x97, 0x42, 0xDF, 0x83, 0x07, 0x05, + 0xCE, 0xD6, 0xDE, 0x90, 0x22, 0xAB, 0x0F, 0x6D, 0x56, 0x90, + 0x02, 0x9A, 0xA5, 0xCF, 0x5A, 0x9B, 0x96, 0x66, 0x0F, 0x71, + 0xED, 0xB2, 0x72, 0x7A, 0xE4, 0x9D, 0x61, 0x9F, 0x2A, 0x45, + 0xB8, 0x51, 0xB9, 0xA6, 0xEE, 0xD6, 0x73, 0x2A, 0x03, 0xF4, + 0x03, 0x32, 0x6E, 0x19, 0x6E, 0x70, 0x48, 0x6B, 0x72, 0x29, + 0x30, 0x19, 0x87, 0x06, 0x30, 0xD6, 0x2F, 0x19, 0xF5, 0x39, + 0x78, 0x2F, 0x2F, 0xC2, 0x49, 0x38, 0x5A, 0xD8, 0x38, 0x06, + 0xF9, 0xFE, 0xBF, 0x45, 0xEA, 0x7B, 0xE6, 0x7B, 0xA6, 0x0B, + 0xB5, 0xBA, 0x06, 0x80 }; static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024); @@ -862,10 +867,84 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); /* ./certs/client-cert.der, 2048-bit */ static const unsigned char client_cert_der_2048[] = { - 0x30, 0x82, 0x05, 0x07, 0x30, 0x82, 0x03, 0xEF, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xF1, 0x5C, 0x99, 0x43, - 0x66, 0x3D, 0x96, 0x04, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x30, 0x82, 0x05, 0x1D, 0x30, 0x82, 0x04, 0x05, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x73, 0xFB, 0x54, 0xD6, 0x03, + 0x7D, 0x4C, 0x07, 0x84, 0xE2, 0x00, 0x11, 0x8C, 0xDD, 0x90, + 0xDC, 0x48, 0x8D, 0xEA, 0x53, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, + 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, + 0x2B, 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, + 0x2B, 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, + 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, + 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, + 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, + 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, + 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, + 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, + 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, + 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, + 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, + 0xF1, 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, + 0x7E, 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, + 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, + 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, + 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, + 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, + 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, + 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, + 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, + 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, + 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, + 0x15, 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, + 0xA1, 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, + 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, + 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, + 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, + 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, + 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -882,116 +961,44 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, - 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, - 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, - 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, - 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, - 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, - 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, - 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, - 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, - 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, - 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, - 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, - 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, - 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, - 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, - 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, - 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, - 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, - 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, - 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, - 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, - 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, - 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, - 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, - 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, - 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, - 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, - 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, - 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, - 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, - 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, - 0x44, 0x30, 0x82, 0x01, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, - 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, - 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, - 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xD3, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, - 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, - 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, - 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, - 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, - 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, - 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, - 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, - 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xF1, 0x5C, 0x99, 0x43, 0x66, 0x3D, 0x96, 0x04, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, - 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, - 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, - 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, - 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0xBA, 0x2B, 0x48, 0xD1, 0xA8, - 0xE3, 0xC2, 0x84, 0x42, 0x96, 0xA1, 0x7C, 0xE5, 0xF1, 0x46, - 0xBA, 0x4C, 0xF7, 0x87, 0x57, 0xC7, 0x78, 0xC8, 0xC1, 0x32, - 0xC4, 0x69, 0xFF, 0x85, 0xBB, 0x5D, 0x6A, 0xDD, 0xC9, 0x87, - 0x7E, 0xFE, 0xBB, 0xF4, 0xFD, 0x15, 0x0A, 0x4C, 0x94, 0x95, - 0x80, 0x30, 0x90, 0x45, 0x03, 0xF8, 0x33, 0x87, 0xCA, 0x5F, - 0x74, 0x38, 0xA4, 0xD0, 0x5A, 0xC7, 0x65, 0x38, 0xC3, 0xB0, - 0xE8, 0x87, 0xB1, 0x49, 0x32, 0xB9, 0xAC, 0xE9, 0xFB, 0xD3, - 0x08, 0x1D, 0xA4, 0x51, 0x7B, 0xD7, 0xD9, 0x4B, 0x79, 0x35, - 0xA2, 0x3A, 0x0B, 0xE4, 0x0C, 0xA0, 0x02, 0x9C, 0xA1, 0x68, - 0xE1, 0x5D, 0x6C, 0x8E, 0x2E, 0x3A, 0x24, 0xDE, 0xBB, 0xD6, - 0x1C, 0xA7, 0xAC, 0x2E, 0xCD, 0x57, 0x44, 0x48, 0xF6, 0x72, - 0xE0, 0xC7, 0x5B, 0x93, 0xDC, 0x7D, 0x5B, 0x64, 0x0E, 0x17, - 0x84, 0x68, 0x2C, 0x95, 0x1D, 0x2C, 0x86, 0xD6, 0xB0, 0x74, - 0x67, 0x51, 0x6E, 0x7B, 0xF4, 0xD5, 0x61, 0x38, 0x51, 0xB3, - 0x18, 0xE3, 0x10, 0x16, 0x73, 0x4B, 0x36, 0x8A, 0x8A, 0x62, - 0x05, 0xF5, 0x56, 0x8A, 0xBE, 0x21, 0xE1, 0x78, 0x7D, 0xBF, - 0xAD, 0x45, 0xF9, 0x0B, 0xF5, 0xAF, 0xA0, 0x62, 0x01, 0xFD, - 0x3F, 0x49, 0xDF, 0x39, 0x3C, 0xFF, 0x46, 0xE8, 0x0A, 0xFE, - 0x5C, 0x6B, 0xBB, 0x41, 0xA5, 0x64, 0xF1, 0x5C, 0x9B, 0x51, - 0x4C, 0xBC, 0x6D, 0x9F, 0xA3, 0x20, 0xED, 0xE9, 0x48, 0xE1, - 0xA9, 0xBE, 0x08, 0x2D, 0x85, 0x42, 0x59, 0xD6, 0x43, 0x7D, - 0x47, 0x22, 0xA5, 0xFA, 0x1F, 0xA2, 0x58, 0x76, 0x0B, 0x70, - 0x1C, 0x1D, 0x59, 0x1D, 0xAA, 0xBE, 0x5D, 0x2D, 0x25, 0x7C, - 0xB1, 0x06, 0xB6, 0xC0, 0xAA, 0x28, 0xAA, 0x93, 0x7C, 0xD0, - 0xBD, 0x43, 0xAD, 0x91, 0x50, 0x1C, 0x7B, 0x4D, 0xF3, 0xE4, - 0xD7 + 0x82, 0x14, 0x73, 0xFB, 0x54, 0xD6, 0x03, 0x7D, 0x4C, 0x07, + 0x84, 0xE2, 0x00, 0x11, 0x8C, 0xDD, 0x90, 0xDC, 0x48, 0x8D, + 0xEA, 0x53, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x36, 0xCB, 0xBC, + 0xC5, 0x52, 0x9A, 0x66, 0xCD, 0x91, 0x4D, 0x8F, 0x27, 0x9F, + 0xB3, 0x64, 0x80, 0x0E, 0x64, 0xB4, 0xCB, 0x1A, 0xCD, 0x75, + 0x9E, 0x82, 0x7C, 0x55, 0x67, 0xD8, 0x9F, 0x90, 0xA3, 0x34, + 0x96, 0x99, 0x43, 0xF7, 0x49, 0x53, 0xA2, 0x58, 0x85, 0xA0, + 0xB3, 0x83, 0x4F, 0xAF, 0xB8, 0x15, 0x8A, 0x88, 0x1E, 0xF3, + 0x60, 0xF4, 0x7C, 0x94, 0xB5, 0x58, 0x68, 0xF1, 0x2A, 0x13, + 0x80, 0x34, 0xC2, 0x6F, 0xA5, 0xF8, 0x7E, 0x76, 0x16, 0x81, + 0x4F, 0x36, 0x8B, 0xC3, 0x59, 0xBD, 0x51, 0xDD, 0x60, 0x87, + 0xD7, 0x1D, 0x96, 0x44, 0x69, 0x07, 0x3C, 0x8F, 0x28, 0x56, + 0xB1, 0x11, 0x5C, 0x4E, 0x81, 0x3F, 0x57, 0x25, 0xFD, 0x65, + 0xDD, 0x07, 0xCF, 0x17, 0x0A, 0x01, 0x7E, 0x4E, 0x3F, 0x8E, + 0x73, 0xDB, 0xFE, 0xF4, 0xF2, 0xC5, 0xFF, 0xA3, 0x76, 0xA8, + 0x74, 0x46, 0x2E, 0x47, 0x0D, 0xB0, 0xED, 0x0A, 0xC0, 0xC5, + 0x0A, 0x65, 0xD3, 0xDC, 0x62, 0xB2, 0xE0, 0x1E, 0x8E, 0xBD, + 0xF3, 0xBD, 0xAF, 0xAF, 0x66, 0x84, 0x36, 0x92, 0xE2, 0x3B, + 0x80, 0xD0, 0x57, 0xA6, 0x41, 0xA3, 0x62, 0xD1, 0xA6, 0x6D, + 0x14, 0x6C, 0xCD, 0x82, 0xB1, 0xC1, 0xC1, 0x35, 0x55, 0xAE, + 0x59, 0x49, 0xA8, 0x26, 0x52, 0xBD, 0xEF, 0x1B, 0x2C, 0x1F, + 0x9D, 0x39, 0x04, 0xD2, 0x82, 0xA0, 0x6B, 0x39, 0x71, 0x59, + 0x33, 0x82, 0xBA, 0x55, 0x6C, 0x97, 0xF2, 0x1B, 0x5B, 0xE0, + 0x4D, 0xE2, 0xCF, 0x89, 0xE7, 0x26, 0xB8, 0x2C, 0x6C, 0x9F, + 0x83, 0xD6, 0xED, 0x4E, 0x2F, 0x75, 0xA9, 0x30, 0x4E, 0x01, + 0x95, 0x0D, 0x4F, 0x83, 0x5E, 0xC8, 0xAF, 0x7F, 0x67, 0xEA, + 0x53, 0xBF, 0xCA, 0x9B, 0x1F, 0xD4, 0xFF, 0x36, 0x97, 0x02, + 0x71, 0x8E, 0x33, 0xDE, 0xE2, 0x58, 0x27, 0xAA, 0x70, 0x0C, + 0x5B, 0xDE, 0x0E }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1526,10 +1533,82 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048); /* ./certs/ca-cert.der, 2048-bit */ static const unsigned char ca_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0xE9, 0x30, 0x82, 0x03, 0xD1, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xD3, 0x3F, 0xAC, - 0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x30, 0x82, 0x04, 0xFF, 0x30, 0x82, 0x03, 0xE7, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x2C, 0x80, 0xCE, 0xDB, 0x47, + 0x9D, 0x07, 0x66, 0x92, 0x3D, 0x68, 0xD7, 0xCA, 0xAC, 0x90, + 0x4F, 0xCA, 0x69, 0x41, 0x4B, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, + 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, + 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, + 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, + 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, + 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, + 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, + 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, + 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, + 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, + 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, + 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, + 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, + 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, + 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, + 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, + 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, + 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, + 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, + 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, + 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, + 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, + 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, + 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, + 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, + 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, + 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, + 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, + 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, + 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, + 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, + 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, + 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xD4, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, + 0xC9, 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, + 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, + 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -1545,78 +1624,130 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x32, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, - 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, - 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, + 0x82, 0x14, 0x2C, 0x80, 0xCE, 0xDB, 0x47, 0x9D, 0x07, 0x66, + 0x92, 0x3D, 0x68, 0xD7, 0xCA, 0xAC, 0x90, 0x4F, 0xCA, 0x69, + 0x41, 0x4B, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xAE, 0xB0, 0xA4, + 0x35, 0x8E, 0x8A, 0x1B, 0xA6, 0xEB, 0xB3, 0xA2, 0x57, 0xCF, + 0x3A, 0x1F, 0xDC, 0x6E, 0xBC, 0xD2, 0xD0, 0xA6, 0x4A, 0x8F, + 0x88, 0x0A, 0x6E, 0x74, 0xD5, 0xD1, 0x7C, 0xD1, 0x44, 0xB1, + 0xD4, 0x3B, 0x17, 0x03, 0x09, 0x5A, 0x46, 0xED, 0x08, 0x08, + 0xCF, 0xF1, 0xFD, 0x20, 0x07, 0x67, 0xC0, 0x97, 0xEC, 0x35, + 0xF3, 0x75, 0xCA, 0x20, 0x61, 0x98, 0x3E, 0xF5, 0x4D, 0xBE, + 0xE6, 0x9D, 0x75, 0x1E, 0xE4, 0x03, 0xAD, 0x8C, 0xA6, 0x1E, + 0x3D, 0xEC, 0xE4, 0x1A, 0x92, 0x5B, 0xF9, 0xA3, 0xAD, 0x83, + 0xCA, 0x4F, 0xCD, 0xAA, 0x38, 0xBB, 0x6E, 0xAE, 0xAD, 0xFA, + 0xA7, 0x46, 0xF1, 0x8B, 0x73, 0xEC, 0x09, 0x23, 0xBC, 0xF2, + 0x18, 0xE5, 0xB7, 0x92, 0x86, 0x3E, 0xA4, 0x75, 0x60, 0xC7, + 0x3D, 0x0F, 0x3F, 0x83, 0x00, 0xC3, 0x06, 0x08, 0x9C, 0xD1, + 0x54, 0xD6, 0xBA, 0x6D, 0x95, 0x3D, 0x34, 0xA1, 0xBE, 0x24, + 0x91, 0xCC, 0x20, 0x03, 0x11, 0x5B, 0x72, 0x1C, 0xD4, 0x65, + 0xD0, 0x11, 0x88, 0x75, 0x26, 0x04, 0x26, 0xEF, 0x66, 0x70, + 0xE6, 0x3B, 0x38, 0x87, 0x9C, 0x53, 0x71, 0x1B, 0x09, 0x51, + 0x70, 0x50, 0x99, 0x4C, 0x31, 0x0C, 0x62, 0x44, 0x57, 0x30, + 0x60, 0x04, 0xFC, 0x12, 0x2C, 0xA3, 0x24, 0xB4, 0xF7, 0x11, + 0xD5, 0x0E, 0xB5, 0x21, 0x0B, 0xED, 0x86, 0x11, 0x67, 0x4D, + 0x36, 0xFA, 0x57, 0xA0, 0x59, 0x55, 0x21, 0xB3, 0x6D, 0xE4, + 0x77, 0x5E, 0xEC, 0x7E, 0xF0, 0x09, 0x13, 0x8E, 0x99, 0x98, + 0xB2, 0xE1, 0x82, 0xB6, 0x4B, 0x3E, 0x0F, 0x41, 0xA6, 0x0C, + 0xCD, 0x49, 0x99, 0x7E, 0xE4, 0x8A, 0xCB, 0x37, 0xED, 0x53, + 0xCF, 0x86, 0x5D, 0xA9, 0x26, 0xA8, 0xE5, 0x01, 0x25, 0x5A, + 0xB4, 0xBC, 0x25, 0x35, 0xF1, 0xFA, 0x5A, 0x5C, 0xCE, 0xD4, + 0xB8, 0x9A, 0x2C +}; +static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); + +/* ./certs/ca-cert-chain.der, 2048-bit */ +static const unsigned char ca_cert_chain_der[] = +{ + 0x30, 0x82, 0x03, 0xFA, 0x30, 0x82, 0x03, 0x63, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x5C, 0x79, 0xE0, 0x7D, 0x3D, + 0xBC, 0xB0, 0xFE, 0x85, 0xCF, 0xA0, 0x28, 0xE9, 0xF6, 0x27, + 0xDD, 0x0C, 0xBF, 0xA3, 0x36, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, + 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, + 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, + 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, - 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, - 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, - 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, - 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, - 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, - 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, - 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, - 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, - 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, - 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, - 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, - 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, - 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, - 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, - 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, - 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, - 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, - 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, - 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, - 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, - 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, - 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, - 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, - 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, - 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, - 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, - 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, - 0x3A, 0x30, 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, - 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, - 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, - 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, - 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, - 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, - 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, - 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, - 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, - 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, - 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, - 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D, + 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, + 0x81, 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, + 0x24, 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, + 0x16, 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, + 0x04, 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, + 0x50, 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, + 0x24, 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, + 0xA8, 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, + 0xA2, 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, + 0x54, 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, + 0x72, 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, + 0x9B, 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, + 0x94, 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, + 0xE5, 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, + 0x09, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x45, + 0x30, 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, + 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, + 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xD4, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, 0xC9, 0x80, + 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, + 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, + 0xA8, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, + 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x5C, 0x79, 0xE0, 0x7D, 0x3D, 0xBC, 0xB0, 0xFE, 0x85, 0xCF, + 0xA0, 0x28, 0xE9, 0xF6, 0x27, 0xDD, 0x0C, 0xBF, 0xA3, 0x36, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, @@ -1626,140 +1757,20 @@ static const unsigned char ca_cert_der_2048[] = 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x62, 0x98, 0xC8, 0x58, 0xCF, - 0x56, 0x03, 0x86, 0x5B, 0x1B, 0x71, 0x49, 0x7D, 0x05, 0x03, - 0x5D, 0xE0, 0x08, 0x86, 0xAD, 0xDB, 0x4A, 0xDE, 0xAB, 0x22, - 0x96, 0xA8, 0xC3, 0x59, 0x68, 0xC1, 0x37, 0x90, 0x40, 0xDF, - 0xBD, 0x89, 0xD0, 0xBC, 0xDA, 0x8E, 0xEF, 0x87, 0xB2, 0xC2, - 0x62, 0x52, 0xE1, 0x1A, 0x29, 0x17, 0x6A, 0x96, 0x99, 0xC8, - 0x4E, 0xD8, 0x32, 0xFE, 0xB8, 0xD1, 0x5C, 0x3B, 0x0A, 0xC2, - 0x3C, 0x5F, 0xA1, 0x1E, 0x98, 0x7F, 0xCE, 0x89, 0x26, 0x21, - 0x1F, 0x64, 0x9C, 0x15, 0x7A, 0x9C, 0xEF, 0xFB, 0x1D, 0x85, - 0x6A, 0xFA, 0x98, 0xCE, 0xA8, 0xA9, 0xAB, 0xC3, 0xA2, 0xC0, - 0xEB, 0x87, 0xED, 0xBC, 0x21, 0xDF, 0xF3, 0x07, 0x5B, 0xAE, - 0xFD, 0x40, 0xD4, 0xAE, 0x20, 0xD0, 0x76, 0x8A, 0x31, 0x0A, - 0xA2, 0x62, 0x7C, 0x61, 0x0D, 0xCE, 0x5D, 0x9A, 0x1E, 0xE4, - 0x20, 0x88, 0x51, 0x49, 0xFB, 0x77, 0xA9, 0xCD, 0x4D, 0xC6, - 0xBF, 0x54, 0x99, 0x33, 0xEF, 0x4B, 0xA0, 0x73, 0x70, 0x6D, - 0x2E, 0xD9, 0x3D, 0x08, 0xF6, 0x12, 0x39, 0x31, 0x68, 0xC6, - 0x61, 0x5C, 0x41, 0xB5, 0x1B, 0xF4, 0x38, 0x7D, 0xFC, 0xBE, - 0x73, 0x66, 0x2D, 0xF7, 0xCA, 0x5B, 0x2C, 0x5B, 0x31, 0xAA, - 0xCF, 0xF6, 0x7F, 0x30, 0xE4, 0x12, 0x2C, 0x8E, 0xD6, 0x38, - 0x51, 0xE6, 0x45, 0xEE, 0xD5, 0xDA, 0xC3, 0x83, 0xD6, 0xED, - 0x5E, 0xEC, 0xD6, 0xB6, 0x14, 0xB3, 0x93, 0x59, 0xE1, 0x55, - 0x4A, 0x7F, 0x04, 0xDF, 0xCE, 0x65, 0xD4, 0xDF, 0x18, 0x4F, - 0xDD, 0xB4, 0x45, 0x7F, 0xA6, 0x56, 0x30, 0xC4, 0x05, 0x44, - 0x98, 0x9D, 0x4F, 0x26, 0x6D, 0x84, 0x80, 0xA0, 0x5E, 0xED, - 0x23, 0xD1, 0x48, 0x87, 0x0E, 0x05, 0x06, 0x91, 0x3B, 0xB0, - 0x3C, 0xBB, 0x8C, 0x8F, 0x3C, 0x7B, 0x4C, 0x4F, 0xA1, 0xCA, - 0x98 -}; -static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); - -/* ./certs/ca-cert-chain.der, 2048-bit */ -static const unsigned char ca_cert_chain_der[] = -{ - 0x30, 0x82, 0x03, 0xE4, 0x30, 0x82, 0x03, 0x4D, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE9, 0x2F, 0xDA, 0xA8, - 0x53, 0xBD, 0xBD, 0xD5, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, - 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, - 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, - 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x32, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, - 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, - 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, - 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, - 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, - 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, - 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, - 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, - 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, - 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, - 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, - 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, - 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, - 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, - 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3A, 0x30, - 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, - 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, - 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, - 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, - 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, - 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, - 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, - 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xE9, 0x2F, 0xDA, 0xA8, 0x53, 0xBD, 0xBD, 0xD5, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, - 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, - 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, - 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, - 0x81, 0x00, 0xB3, 0xE9, 0x88, 0x6A, 0xEA, 0x5F, 0x35, 0x7C, - 0x6C, 0xFD, 0x93, 0xFE, 0x9A, 0x98, 0xE7, 0x1C, 0xBC, 0xD1, - 0xC8, 0x7A, 0x15, 0xC5, 0x69, 0xE1, 0xFB, 0x35, 0x1B, 0xEC, - 0x92, 0x3F, 0xD1, 0x3E, 0x69, 0x2A, 0x11, 0x95, 0x44, 0x3D, - 0x3F, 0x7C, 0xFF, 0xF6, 0x64, 0xD8, 0xE4, 0x1D, 0xEC, 0x86, - 0x95, 0x69, 0x48, 0x3D, 0x5B, 0x6D, 0x39, 0xE7, 0x7E, 0x51, - 0x12, 0x15, 0x4B, 0x90, 0xA8, 0xFA, 0x1E, 0xAA, 0x81, 0x53, - 0xDE, 0x85, 0x29, 0x4D, 0x79, 0x6C, 0x08, 0xC2, 0xC4, 0x5E, - 0x4D, 0x39, 0xA6, 0x09, 0xA4, 0x67, 0xAC, 0xDC, 0xF0, 0xCD, - 0xB7, 0x4E, 0xE5, 0xF9, 0x72, 0xC3, 0x25, 0x1C, 0x8D, 0xE0, - 0x03, 0x30, 0x19, 0x5A, 0xA5, 0x63, 0xA6, 0xBA, 0xEC, 0x12, - 0x87, 0xEF, 0x6D, 0x56, 0x22, 0xA7, 0x42, 0x4A, 0x8F, 0x3B, - 0xFD, 0x20, 0xAB, 0xEF, 0x29, 0x5E, 0x3D, 0x16, 0xD7, 0xAC - + 0x03, 0x81, 0x81, 0x00, 0x84, 0x96, 0x5D, 0x69, 0x2C, 0xEF, + 0x4C, 0x96, 0xD6, 0x90, 0xB8, 0xE5, 0x98, 0x2F, 0x35, 0x84, + 0xE3, 0x05, 0x83, 0xE2, 0x69, 0xA3, 0xBF, 0x39, 0xF8, 0xD3, + 0x2A, 0xB5, 0x50, 0x16, 0xCB, 0xD6, 0x02, 0x5B, 0x1B, 0x9B, + 0x7F, 0x84, 0x87, 0xB0, 0x71, 0xC3, 0xC5, 0xC6, 0xDF, 0xBF, + 0xAE, 0xC5, 0x19, 0x18, 0x23, 0x5E, 0x71, 0x52, 0xED, 0x00, + 0xC5, 0x75, 0x22, 0xDA, 0x46, 0x3A, 0x80, 0x7C, 0xF9, 0x63, + 0xE7, 0x15, 0x6D, 0xD5, 0x0B, 0x1C, 0x0A, 0x9C, 0xCC, 0x23, + 0xEC, 0x51, 0xAE, 0x2B, 0xB5, 0x47, 0x02, 0x42, 0xF4, 0x8E, + 0x06, 0x89, 0xE9, 0x71, 0x52, 0x16, 0x04, 0x0C, 0xBC, 0xC8, + 0x05, 0x2A, 0xE5, 0xAC, 0xE8, 0x0F, 0xC8, 0xCD, 0x22, 0x02, + 0x7E, 0x7A, 0x63, 0x55, 0x10, 0x0B, 0x8C, 0xB9, 0x02, 0x9B, + 0x17, 0x62, 0xA7, 0x84, 0x26, 0x24, 0xDB, 0xEF, 0x34, 0x1E, + 0xF9, 0x0D }; static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der); @@ -1892,7 +1903,7 @@ static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048); /* ./certs/server-cert.der, 2048-bit */ static const unsigned char server_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0xDD, 0x30, 0x82, 0x03, 0xC5, 0xA0, 0x03, + 0x30, 0x82, 0x04, 0xE8, 0x30, 0x82, 0x03, 0xD0, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -1910,10 +1921,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, - 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, - 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, - 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, + 0x31, 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, + 0x0D, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, + 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1957,12 +1968,12 @@ static const unsigned char server_cert_der_2048[] = 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x3A, 0x30, - 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x45, 0x30, + 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, - 0x1F, 0x0E, 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, + 0x1F, 0x0E, 0x8E, 0x3C, 0x30, 0x81, 0xD4, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, 0xC9, 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, @@ -1980,43 +1991,45 @@ static const unsigned char server_cert_der_2048[] = 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, - 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, - 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, - 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x1B, 0x0D, 0xA6, 0x44, 0x93, 0x0D, 0x0E, - 0x0C, 0x35, 0x28, 0x26, 0x40, 0x31, 0xD2, 0xEB, 0x26, 0x4C, - 0x47, 0x5B, 0x19, 0xFB, 0xAD, 0xFE, 0x3A, 0xF5, 0x30, 0x3A, - 0x28, 0xD7, 0xAA, 0x69, 0xA4, 0x15, 0xE7, 0x26, 0x6E, 0xB7, - 0x33, 0x56, 0xAC, 0x8F, 0x34, 0x3D, 0xF3, 0x21, 0x2F, 0x53, - 0x58, 0x91, 0xD0, 0x3E, 0xB4, 0x39, 0x48, 0xBF, 0x93, 0x11, - 0x74, 0x36, 0xD3, 0x87, 0x49, 0xC3, 0x34, 0x0D, 0x30, 0x30, - 0xAB, 0xF4, 0x4C, 0x27, 0x19, 0xD5, 0xC4, 0x0C, 0xAD, 0x49, - 0xBD, 0x91, 0xF8, 0xDA, 0x9E, 0xC8, 0x2D, 0x2A, 0xAC, 0xE2, - 0x75, 0x8E, 0xAA, 0x08, 0xD9, 0xBF, 0x65, 0xFF, 0xA3, 0xB1, - 0x4F, 0xF0, 0x60, 0x6F, 0x4D, 0x95, 0xC4, 0x06, 0x7F, 0xAF, - 0x66, 0x6A, 0x23, 0x3B, 0x3A, 0xA4, 0x61, 0xB6, 0x6C, 0xCA, - 0xBE, 0xE1, 0xB0, 0x77, 0xF3, 0xEC, 0x83, 0xD5, 0x8C, 0x1D, - 0x85, 0x7F, 0x8D, 0x74, 0xC8, 0xEC, 0x1E, 0x49, 0xEC, 0x57, - 0x4A, 0xCC, 0xFD, 0xE2, 0x3A, 0x3E, 0x54, 0x50, 0xAE, 0x67, - 0xCD, 0x17, 0xB0, 0x67, 0xA5, 0x53, 0x7F, 0xC3, 0x0E, 0x3E, - 0xA7, 0x58, 0xE8, 0xDF, 0xD5, 0x0C, 0xF2, 0x64, 0xF3, 0xAD, - 0x12, 0x70, 0xE3, 0xB9, 0x42, 0xBC, 0x08, 0x60, 0x76, 0xD5, - 0x0C, 0xA5, 0x31, 0x77, 0x50, 0xE0, 0xC8, 0xF3, 0x3A, 0x3D, - 0x45, 0xCF, 0x32, 0x75, 0xEF, 0x10, 0xDD, 0xB5, 0xED, 0x6E, - 0xD2, 0x2D, 0x57, 0x82, 0x95, 0x38, 0xBC, 0x7D, 0x54, 0xC4, - 0x84, 0x5E, 0xFB, 0x7E, 0x83, 0xF5, 0xF1, 0x2D, 0x9C, 0x98, - 0xAC, 0x73, 0xE3, 0xA7, 0xD2, 0x02, 0x30, 0xD6, 0x1F, 0x06, - 0x1E, 0xD0, 0xDC, 0x3A, 0xAC, 0xF4, 0xC2, 0xC2, 0xBE, 0x72, - 0x40, 0x9A, 0xEA, 0xCF, 0x35, 0x21, 0x3B, 0x56, 0x6D, 0xE1, - 0x52, 0xF2, 0x80, 0xD7, 0x35, 0x83, 0x97, 0x07, 0xCC + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2C, + 0x80, 0xCE, 0xDB, 0x47, 0x9D, 0x07, 0x66, 0x92, 0x3D, 0x68, + 0xD7, 0xCA, 0xAC, 0x90, 0x4F, 0xCA, 0x69, 0x41, 0x4B, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, + 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, + 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xB9, 0x10, 0xF0, 0xBE, 0xFE, 0xC8, + 0x67, 0x5E, 0x7D, 0x0F, 0x36, 0x33, 0xC7, 0x17, 0x2A, 0x01, + 0xC4, 0xBB, 0x74, 0x83, 0x4C, 0xBC, 0xBB, 0xE2, 0xBA, 0x92, + 0x82, 0x3A, 0xD9, 0x2D, 0x8C, 0x0E, 0xE3, 0x75, 0x1B, 0xC0, + 0x14, 0xAA, 0x40, 0x1E, 0xA8, 0x11, 0x7D, 0x94, 0x9C, 0x3D, + 0x74, 0x7A, 0x3B, 0x16, 0x7B, 0xD8, 0x9D, 0xF0, 0xE8, 0x7D, + 0x1D, 0xFA, 0x3B, 0x14, 0x42, 0x20, 0xE3, 0x05, 0xA3, 0xFD, + 0xB1, 0x0C, 0xF1, 0x2A, 0xC4, 0x00, 0x50, 0x8D, 0x1E, 0x97, + 0x93, 0x6A, 0xDE, 0x82, 0x13, 0x24, 0x9E, 0x2B, 0xFA, 0x08, + 0x85, 0xE3, 0x4F, 0x40, 0xFD, 0x63, 0xC7, 0x3D, 0xE9, 0xBD, + 0x6F, 0x7C, 0x03, 0x98, 0x85, 0xFE, 0xB4, 0x51, 0x5D, 0x7F, + 0x8C, 0x83, 0xB3, 0xAD, 0x4A, 0x88, 0xE9, 0xF3, 0x4C, 0x33, + 0x84, 0x77, 0xD3, 0x02, 0x35, 0x59, 0xE3, 0x4E, 0x64, 0xA1, + 0xB7, 0xBB, 0xFB, 0xF8, 0xFB, 0x14, 0x2A, 0xAE, 0x36, 0xBF, + 0xD9, 0x82, 0xE7, 0xCB, 0x98, 0x48, 0x16, 0xC8, 0x81, 0xD6, + 0xA0, 0xF1, 0x74, 0x14, 0xE3, 0x74, 0x4A, 0x72, 0x4A, 0xF1, + 0x6F, 0xDD, 0xBE, 0x86, 0x1E, 0x20, 0xF3, 0x05, 0x16, 0x83, + 0x1F, 0xAA, 0x7C, 0x59, 0x35, 0x97, 0x24, 0xB8, 0x27, 0xB7, + 0x56, 0x9F, 0x30, 0x2E, 0x90, 0xE0, 0x19, 0xE0, 0x21, 0xCA, + 0x9D, 0x3F, 0xDA, 0x99, 0x07, 0x94, 0x79, 0x49, 0x53, 0x14, + 0x5C, 0xA2, 0x2C, 0x56, 0x5B, 0xB2, 0x55, 0x68, 0x5C, 0x1F, + 0x91, 0x58, 0x9A, 0xCD, 0x53, 0xB5, 0xEA, 0x63, 0x5A, 0x72, + 0x49, 0x41, 0xCC, 0x76, 0x9F, 0x88, 0x35, 0x86, 0x0D, 0x60, + 0x5D, 0xE5, 0x91, 0xBD, 0xAC, 0x6F, 0xCF, 0xD5, 0x92, 0x27, + 0x72, 0x4A, 0x21, 0xF4, 0x58, 0x98, 0x8E, 0x3B, 0xD2, 0x29, + 0xE6, 0xEE, 0xFA, 0xE6, 0xB0, 0x6C, 0x8B, 0x1E, 0xE0, 0x54 + }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); @@ -2619,161 +2632,163 @@ static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072); /* ./certs/3072/client-cert.der, 3072-bit */ static const unsigned char client_cert_der_3072[] = { - 0x30, 0x82, 0x06, 0x07, 0x30, 0x82, 0x04, 0x6F, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA4, 0xE0, 0xAA, 0xF3, - 0x29, 0x50, 0x39, 0x8A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, - 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, - 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, - 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, 0x37, - 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, - 0x53, 0x4C, 0x5F, 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, - 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, - 0x33, 0x30, 0x37, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01, - 0x8A, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, - 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, - 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, - 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, - 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, - 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, - 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, - 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, - 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, - 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, - 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, - 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, - 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, - 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, - 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, - 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, - 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, - 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, - 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, - 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, - 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, - 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, - 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, - 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, - 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, - 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, - 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, - 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, - 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, - 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, - 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, - 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, - 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, - 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, - 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, - 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, - 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, - 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, - 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x44, 0x30, - 0x82, 0x01, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0, - 0x20, 0x49, 0xBC, 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2, - 0xD4, 0x0C, 0xA3, 0xA8, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, - 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0, 0x20, 0x49, 0xBC, 0x74, - 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2, 0xD4, 0x0C, 0xA3, 0xA8, - 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, - 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x33, 0x30, 0x37, - 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, - 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, - 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, 0x37, 0x32, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xA4, 0xE0, 0xAA, 0xF3, 0x29, 0x50, 0x39, 0x8A, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, - 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, - 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, - 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x81, 0x00, 0x57, 0x21, 0xC0, 0xAD, 0x6E, 0x16, 0x74, - 0xD5, 0xB1, 0x8B, 0x19, 0x55, 0x49, 0x7A, 0xA4, 0x5E, 0xD6, - 0x18, 0xF9, 0x03, 0x80, 0x4B, 0xC2, 0x71, 0xD1, 0x04, 0x47, - 0x9C, 0xB3, 0x73, 0x9C, 0x4F, 0x62, 0x4A, 0x3A, 0x9A, 0xD4, - 0x48, 0xE4, 0x81, 0xDB, 0x8D, 0x15, 0xDF, 0x5D, 0x0F, 0x08, - 0x13, 0x28, 0x28, 0xD7, 0x05, 0x44, 0xC1, 0xB9, 0x6D, 0xF1, - 0x75, 0x60, 0x74, 0xD0, 0x44, 0xAE, 0x91, 0x0F, 0x3A, 0x7C, - 0xF4, 0xEE, 0xEA, 0x6F, 0x06, 0x3A, 0x41, 0xAE, 0x6B, 0x5C, - 0x8A, 0x0D, 0x85, 0x6B, 0xB3, 0xFB, 0xB1, 0x5F, 0x70, 0xF7, - 0x9B, 0x32, 0x57, 0xFB, 0xC4, 0x6B, 0xCE, 0x90, 0x86, 0x0C, - 0x96, 0x8A, 0x41, 0x4E, 0x61, 0xF3, 0xA1, 0x3F, 0x55, 0xE8, - 0x94, 0x56, 0x12, 0x6D, 0x9E, 0x46, 0x2C, 0x31, 0xBD, 0x3F, - 0x8A, 0x70, 0xC8, 0x20, 0xA4, 0xFB, 0xFA, 0xC6, 0x53, 0x58, - 0xBB, 0x05, 0x28, 0xBA, 0x89, 0x0C, 0xB1, 0x5F, 0x21, 0xAC, - 0x1E, 0xF1, 0x35, 0xFD, 0x6B, 0x14, 0xC1, 0x69, 0x08, 0xE9, - 0x37, 0x14, 0xD8, 0x76, 0x50, 0x2A, 0xFC, 0xAA, 0x94, 0x7F, - 0x39, 0x52, 0x3A, 0xA7, 0x3C, 0x0A, 0x53, 0x5E, 0xE0, 0x13, - 0x1A, 0x00, 0xCA, 0xAC, 0xAA, 0x7E, 0xF7, 0x09, 0x68, 0x78, - 0x60, 0x11, 0x73, 0xAB, 0x7D, 0x58, 0xFE, 0x03, 0x9F, 0xE6, - 0x84, 0xEA, 0x51, 0x58, 0x40, 0x82, 0xA5, 0xFF, 0xA7, 0x2C, - 0xEA, 0x42, 0xA5, 0x4C, 0xB6, 0x3B, 0x5C, 0x6B, 0xAB, 0xCF, - 0x56, 0x8A, 0x8C, 0xEC, 0x3C, 0xF0, 0xAE, 0xD3, 0xCA, 0x0E, - 0x09, 0x71, 0xCF, 0x79, 0x96, 0x72, 0x63, 0x4B, 0x24, 0x7A, - 0xF3, 0x79, 0xCA, 0x69, 0x75, 0xC9, 0xB2, 0xA4, 0x54, 0xB8, - 0x84, 0x40, 0x2B, 0x8F, 0x24, 0x27, 0x6A, 0xED, 0x8F, 0x53, - 0xE0, 0x55, 0x9B, 0x35, 0x91, 0x18, 0x11, 0xCF, 0xB0, 0x3B, - 0xB8, 0x65, 0x3C, 0xC6, 0xEF, 0xB0, 0x78, 0x7C, 0x43, 0x26, - 0xF1, 0x12, 0x84, 0x6B, 0x2B, 0xF0, 0x7D, 0x3C, 0x7F, 0xDC, - 0x67, 0xA4, 0x17, 0x89, 0x75, 0x00, 0x86, 0x1A, 0xEA, 0xCD, - 0x1A, 0xCF, 0xDA, 0x11, 0x64, 0xCC, 0xBD, 0x10, 0x26, 0xEF, - 0x6B, 0x1B, 0x93, 0xB3, 0x37, 0x14, 0x7F, 0x12, 0x80, 0x81, - 0xB6, 0xFD, 0x8A, 0x8A, 0xD8, 0x95, 0x5F, 0xF9, 0x1E, 0xA5, - 0x1E, 0x65, 0x5F, 0x75, 0x8D, 0x90, 0x2A, 0x0D, 0xB1, 0xAB, - 0x26, 0x16, 0x31, 0xB2, 0x06, 0x64, 0x6F, 0x2B, 0x7E, 0x4A, - 0xF4, 0xDE, 0xE9, 0x7A, 0xEC, 0x67, 0x35, 0xF3, 0x40, 0x71, - 0x75, 0x37, 0xB3, 0xE1, 0x1D, 0xEF, 0x7D, 0xE2, 0x92, 0xEC, - 0xD5, 0xE5, 0xBB, 0x99, 0x79, 0x50, 0x11, 0xB2, 0x8A, 0x57, - 0x1B, 0x30, 0x2E, 0xB7, 0x16, 0x4C, 0xC8, 0xA6, 0x99, 0xB1, - 0x01, 0x34, 0x08, 0x9D, 0xD8, 0xDF, 0xAF + 0x30, 0x82, 0x06, 0x1D, 0x30, 0x82, 0x04, 0x85, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x03, 0x33, 0x56, 0x6E, 0x5F, + 0xE0, 0x69, 0x69, 0x99, 0x6B, 0xEB, 0xD0, 0xEB, 0x47, 0xCF, + 0xF2, 0x05, 0x3F, 0x98, 0x15, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, + 0x37, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x33, 0x30, 0x37, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, + 0x01, 0x8A, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, + 0x68, 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, + 0x9C, 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, + 0x55, 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, + 0x5F, 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, + 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, + 0xC7, 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, + 0x5C, 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, + 0x3D, 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, + 0x22, 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, + 0x31, 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, + 0x69, 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, + 0xC8, 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, + 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, + 0x2C, 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, + 0x11, 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, + 0x85, 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, + 0x3E, 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, + 0x87, 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, + 0xC3, 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, + 0x35, 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, + 0x03, 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, + 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, + 0x2F, 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, + 0xD6, 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, + 0x32, 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, + 0xA9, 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, + 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, + 0xCD, 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, + 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, + 0x01, 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, + 0xEF, 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, + 0xAD, 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, + 0x68, 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, + 0xD7, 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, + 0x88, 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, + 0x08, 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, + 0xF9, 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, + 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, + 0x30, 0x82, 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, + 0xB0, 0x20, 0x49, 0xBC, 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, + 0xD2, 0xD4, 0x0C, 0xA3, 0xA8, 0x30, 0x81, 0xDE, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, + 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0, 0x20, 0x49, 0xBC, + 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2, 0xD4, 0x0C, 0xA3, + 0xA8, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x33, 0x30, + 0x37, 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, 0x37, 0x32, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x03, 0x33, 0x56, 0x6E, 0x5F, 0xE0, 0x69, 0x69, 0x99, 0x6B, + 0xEB, 0xD0, 0xEB, 0x47, 0xCF, 0xF2, 0x05, 0x3F, 0x98, 0x15, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, + 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x81, 0x00, 0x90, 0xE4, 0x43, 0x8E, 0xBE, + 0x9D, 0xDE, 0x45, 0x4E, 0xDF, 0xDF, 0x8D, 0xE7, 0x7C, 0x2D, + 0x1B, 0xA9, 0x1A, 0xEF, 0x90, 0x15, 0xFB, 0xD3, 0xA9, 0x99, + 0xA8, 0x5B, 0xD7, 0xF9, 0xB8, 0x95, 0x19, 0xFE, 0xE0, 0x00, + 0x09, 0xC1, 0xE3, 0xE8, 0x27, 0x82, 0x11, 0x7C, 0x39, 0x23, + 0x92, 0x38, 0x45, 0x86, 0x6D, 0x77, 0xC2, 0x83, 0x8C, 0x1A, + 0x0F, 0x4B, 0xC5, 0x94, 0x0D, 0xE9, 0x17, 0x28, 0x8C, 0xCF, + 0x8F, 0x6D, 0xE9, 0x43, 0x82, 0x0F, 0x31, 0x67, 0xBB, 0xD5, + 0xD7, 0x3F, 0x0B, 0xCE, 0xCE, 0x22, 0xF4, 0xA8, 0x5B, 0x84, + 0x8D, 0xFD, 0xD2, 0xCB, 0xD6, 0xDC, 0xEE, 0x31, 0xF3, 0xE7, + 0x26, 0xB7, 0x58, 0x6A, 0xC5, 0x9E, 0xFF, 0x89, 0x5F, 0xF6, + 0x70, 0xFB, 0x6B, 0x02, 0xBA, 0x79, 0x6A, 0x9A, 0x12, 0x1B, + 0x82, 0x94, 0x1B, 0x02, 0x22, 0x30, 0x7D, 0x74, 0x44, 0x46, + 0x25, 0x85, 0xA1, 0xA8, 0x7D, 0xA0, 0xAB, 0xC3, 0xA7, 0x9E, + 0x08, 0xA3, 0xD7, 0x5C, 0x42, 0xA2, 0xAF, 0x96, 0x42, 0x9C, + 0x76, 0x9B, 0x8D, 0xEC, 0x08, 0x68, 0x71, 0x95, 0x92, 0xA5, + 0xB9, 0xAA, 0x12, 0xF9, 0xC5, 0x62, 0xAC, 0x8E, 0x4F, 0xDF, + 0xCC, 0xB7, 0x53, 0xE3, 0xC4, 0x70, 0x74, 0x9B, 0x38, 0xD2, + 0xE9, 0xDA, 0x3F, 0xEF, 0xC4, 0x55, 0x01, 0x9A, 0xB9, 0x3E, + 0xC4, 0x33, 0xE7, 0x33, 0xDB, 0x0F, 0xBA, 0x55, 0x84, 0x0F, + 0x3C, 0x4C, 0xA5, 0x85, 0xEC, 0x5A, 0xF2, 0x98, 0x75, 0xE0, + 0xEB, 0x47, 0xB8, 0x4B, 0xD3, 0x85, 0x63, 0xDC, 0xB0, 0x29, + 0x85, 0x51, 0x62, 0xBF, 0x6A, 0x61, 0x9B, 0x40, 0x01, 0x66, + 0x0D, 0x72, 0x42, 0xBD, 0x4F, 0xE0, 0xC6, 0x31, 0xA6, 0x06, + 0xDF, 0xC1, 0xE9, 0x8A, 0xA0, 0x57, 0xC7, 0x4D, 0x4F, 0xE7, + 0xC0, 0x45, 0x7F, 0x7F, 0xA7, 0x53, 0xCA, 0x90, 0x1D, 0x70, + 0xA8, 0x46, 0x95, 0x99, 0xEF, 0x19, 0xEE, 0xE2, 0x45, 0x35, + 0x1A, 0xDC, 0x0D, 0xCB, 0xC3, 0xB0, 0xD5, 0x88, 0x8B, 0xB9, + 0x9F, 0xB5, 0xEA, 0xC1, 0xFE, 0x5E, 0x7A, 0xC1, 0x83, 0xC8, + 0x74, 0xF5, 0x1A, 0x29, 0x52, 0x38, 0x5D, 0x14, 0xEA, 0x17, + 0x2D, 0x39, 0xF6, 0x19, 0x16, 0xC4, 0x91, 0xB0, 0xE7, 0x18, + 0x36, 0x56, 0xA0, 0x64, 0x75, 0x8D, 0x66, 0x57, 0x48, 0x1B, + 0x38, 0xF2, 0xA0, 0x01, 0xB1, 0x44, 0x32, 0x34, 0xA5, 0x0E, + 0xBC, 0x28, 0x46, 0x77, 0xED, 0x65, 0xC1, 0x75, 0x34, 0xF8, + 0x06, 0x12, 0x45, 0x1A, 0x70, 0x78, 0x81, 0xD1, 0x55, 0x27, + 0xCF, 0xAD, 0xB3, 0xD4, 0x5A, 0x97, 0x43, 0x88, 0x02, 0xBB, + 0x93, 0xBA, 0x17, 0x42, 0x51, 0x59, 0x52, 0x13, 0xEC, 0xFC, + 0xEF, 0x6B, 0x53, 0xF7, 0xF2, 0x41, 0x8A, 0x42, 0x06, 0x56, + 0xE2, 0xF4, 0x97, 0xD2, 0x22, 0x31, 0x02, 0x2A, 0x47 }; static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072); @@ -3087,9 +3102,10 @@ static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096); /* ./certs/4096/client-cert.der, 4096-bit */ static const unsigned char client_cert_der_4096[] = { - 0x30, 0x82, 0x07, 0x07, 0x30, 0x82, 0x04, 0xEF, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA0, 0x3E, 0xDB, 0xCF, - 0x97, 0x9A, 0x72, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x30, 0x82, 0x07, 0x1B, 0x30, 0x82, 0x05, 0x03, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x13, 0x31, 0xFE, 0x22, 0xAF, 0x75, + 0x2F, 0xDC, 0x63, 0xBD, 0xE4, 0x94, 0xF2, 0x94, 0x38, 0xC3, + 0x0D, 0x7D, 0x9A, 0xD1, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, @@ -3107,10 +3123,10 @@ static const unsigned char client_cert_der_4096[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, + 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, 0x34, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -3181,12 +3197,12 @@ static const unsigned char client_cert_der_4096[] = 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01, - 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4E, 0x30, 0x82, 0x01, + 0x4A, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xFA, 0x54, 0x89, 0x67, 0xE5, 0x5F, 0xB7, 0x31, 0x40, 0xEA, 0xFD, 0xE7, 0xF6, 0xA3, 0xC6, 0x5A, 0x56, 0x16, - 0xA5, 0x6E, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, 0xFA, 0x54, + 0xA5, 0x6E, 0x30, 0x81, 0xDD, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xD5, 0x30, 0x81, 0xD2, 0x80, 0x14, 0xFA, 0x54, 0x89, 0x67, 0xE5, 0x5F, 0xB7, 0x31, 0x40, 0xEA, 0xFD, 0xE7, 0xF6, 0xA3, 0xC6, 0x5A, 0x56, 0x16, 0xA5, 0x6E, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, @@ -3205,8 +3221,9 @@ static const unsigned char client_cert_der_4096[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xA0, 0x3E, - 0xDB, 0xCF, 0x97, 0x9A, 0x72, 0x8C, 0x30, 0x0C, 0x06, 0x03, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x13, 0x31, 0xFE, 0x22, + 0xAF, 0x75, 0x2F, 0xDC, 0x63, 0xBD, 0xE4, 0x94, 0xF2, 0x94, + 0x38, 0xC3, 0x0D, 0x7D, 0x9A, 0xD1, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, @@ -3216,58 +3233,58 @@ static const unsigned char client_cert_der_4096[] = 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, - 0x00, 0x17, 0xAB, 0x22, 0x61, 0x05, 0x6D, 0x3A, 0xC0, 0x0D, - 0x6B, 0xD9, 0x15, 0x82, 0x11, 0xCF, 0xE7, 0xF8, 0x65, 0xDA, - 0xC7, 0xEF, 0xDA, 0x0F, 0x50, 0x75, 0xBD, 0x55, 0xCF, 0x3D, - 0x50, 0xDD, 0xD4, 0x0D, 0x2C, 0x04, 0x48, 0xA8, 0x25, 0x3A, - 0xB9, 0xC4, 0xCE, 0x48, 0x7E, 0xB8, 0x63, 0xCD, 0xCD, 0xCE, - 0xBC, 0x50, 0x26, 0xDC, 0x6D, 0xC2, 0x1E, 0xD1, 0x71, 0x3A, - 0x2F, 0xDB, 0xE5, 0x03, 0x6B, 0x73, 0x55, 0x23, 0x70, 0x76, - 0x1E, 0x08, 0x2A, 0x92, 0x7B, 0xD6, 0x6A, 0xEF, 0x17, 0xA0, - 0xF3, 0x8C, 0xEA, 0xEB, 0xC4, 0x2E, 0xCB, 0xD4, 0xD9, 0xD5, - 0xAB, 0xF7, 0xE6, 0x8D, 0xEC, 0xD9, 0x97, 0xA1, 0x56, 0xA7, - 0x0B, 0x5D, 0xE5, 0x3F, 0x1F, 0x5E, 0x6A, 0x7A, 0xA4, 0x64, - 0xD7, 0xB2, 0x42, 0x1A, 0x1E, 0x49, 0x37, 0x93, 0xBC, 0xBE, - 0x13, 0xA8, 0xFB, 0xB1, 0x93, 0x7B, 0xA8, 0x2B, 0x49, 0x90, - 0x43, 0x84, 0x24, 0x60, 0x44, 0xFC, 0x32, 0x74, 0x85, 0x0E, - 0x1B, 0xF8, 0x3A, 0x92, 0x3D, 0xAA, 0x25, 0x1B, 0x9F, 0x97, - 0x31, 0x95, 0x97, 0xC5, 0x3D, 0x51, 0xDD, 0xB6, 0xD5, 0x4A, - 0x7E, 0x41, 0xB3, 0x90, 0x83, 0x7C, 0x98, 0xFA, 0xCB, 0x22, - 0x33, 0xA5, 0xF4, 0x32, 0x74, 0xBD, 0x3E, 0xB1, 0x3B, 0x34, - 0xF9, 0xC3, 0x3F, 0xBE, 0xDB, 0x0E, 0xD9, 0x2F, 0x1A, 0xF9, - 0xD2, 0x4F, 0x14, 0x53, 0x63, 0xF2, 0x21, 0xA3, 0xE9, 0xC3, - 0xAD, 0x04, 0x6E, 0xE7, 0xAD, 0x1F, 0x6B, 0xCE, 0x4E, 0x35, - 0x4A, 0x61, 0x84, 0xB9, 0x61, 0x65, 0x1D, 0xA2, 0xD7, 0xA1, - 0xE6, 0x74, 0x08, 0x15, 0x38, 0x75, 0xB0, 0x23, 0x70, 0x22, - 0x15, 0x59, 0x2C, 0x48, 0xF0, 0xDA, 0x9A, 0x99, 0xD4, 0x2B, - 0x83, 0xDF, 0x9A, 0x93, 0x78, 0x45, 0xB9, 0x84, 0x5C, 0x7E, - 0x71, 0x90, 0xDA, 0x56, 0x1C, 0x9F, 0x57, 0xED, 0x76, 0xF7, - 0x17, 0xE5, 0xD2, 0x01, 0x90, 0x99, 0x5F, 0x4C, 0x07, 0x49, - 0x07, 0x82, 0x75, 0x92, 0x44, 0x7A, 0xFE, 0x9B, 0xA7, 0x4D, - 0xEC, 0xC8, 0xDC, 0x46, 0x67, 0x28, 0x04, 0x8B, 0x08, 0x17, - 0x94, 0x13, 0xE9, 0xA0, 0xD2, 0xB2, 0x26, 0x56, 0x27, 0x60, - 0x94, 0x5A, 0x50, 0x5C, 0xCF, 0x34, 0x4D, 0x3F, 0x35, 0xE7, - 0x12, 0x5D, 0xC5, 0x32, 0x00, 0x2F, 0xE0, 0x1D, 0x09, 0xE5, - 0x36, 0x8D, 0x77, 0x93, 0xF6, 0xE5, 0x62, 0xB4, 0xA3, 0x9B, - 0xC6, 0x7C, 0xE6, 0x3D, 0xD5, 0x38, 0x33, 0x5F, 0x23, 0x5B, - 0x81, 0x2E, 0x24, 0x26, 0x9E, 0x98, 0xA8, 0xAF, 0x04, 0x3D, - 0x65, 0x3F, 0x71, 0x88, 0x48, 0x44, 0x5C, 0x1A, 0x11, 0x0E, - 0x1B, 0xE1, 0x81, 0xB1, 0xB6, 0x66, 0xE6, 0x3C, 0x13, 0x67, - 0xD6, 0x6B, 0xA3, 0xF3, 0xB7, 0xF6, 0x9F, 0x14, 0xA6, 0x87, - 0x7F, 0x2B, 0x14, 0x31, 0x22, 0x7A, 0xF5, 0x0D, 0x44, 0xE6, - 0xA3, 0x1A, 0xD6, 0xD2, 0xDC, 0x88, 0x71, 0x37, 0x28, 0x11, - 0x6C, 0xEF, 0x95, 0xAB, 0x1D, 0xC5, 0xC3, 0x9A, 0xEF, 0x1A, - 0x54, 0x11, 0x92, 0x8E, 0x89, 0x43, 0x03, 0x26, 0xD0, 0xE9, - 0x63, 0x33, 0xFE, 0x79, 0x4C, 0xA6, 0x6F, 0xC4, 0x58, 0x58, - 0x2E, 0xB6, 0xAB, 0x57, 0xA0, 0x39, 0x4D, 0xFF, 0x88, 0xC0, - 0x23, 0x2C, 0x3B, 0xE3, 0x9A, 0xDF, 0x48, 0xD3, 0x17, 0x45, - 0x5D, 0x36, 0x4E, 0x00, 0x58, 0x72, 0xC3, 0xEF, 0xE7, 0x76, - 0x0B, 0xF8, 0x19, 0xA8, 0x5F, 0xF6, 0x53, 0x98, 0x49, 0x2B, - 0x52, 0xB5, 0x8E, 0xA5, 0xD8, 0x73, 0x6E, 0x3C, 0x23, 0x23, - 0x06, 0x86, 0x25, 0x6B, 0x0D, 0x3B, 0xF2, 0x9A, 0x17, 0x33, - 0xA4, 0x4E, 0xF5, 0x6B, 0xDE, 0xB3, 0x64, 0x20, 0x58, 0xC6, - 0x6D, 0x22, 0xA9, 0xAE, 0xF4, 0x09, 0x9D, 0x0D, 0x6E, 0x9F, - 0x96, 0x2A, 0x9E + 0x00, 0xDD, 0x6B, 0x7F, 0xCA, 0xDC, 0x80, 0xE0, 0x6D, 0xE2, + 0x5F, 0x6C, 0x32, 0x01, 0x2F, 0x8F, 0x3A, 0xE9, 0x41, 0x5F, + 0x35, 0xC6, 0xBB, 0xA9, 0xA5, 0x84, 0x57, 0xEE, 0xA4, 0x21, + 0x4F, 0xB3, 0xB9, 0xAE, 0x24, 0xDC, 0xD1, 0x80, 0x30, 0x7A, + 0x2A, 0x7F, 0x7E, 0xFC, 0x6C, 0xBE, 0x50, 0xD3, 0x5A, 0x51, + 0x2D, 0xE6, 0xFD, 0x15, 0xDB, 0x9D, 0xFF, 0xFA, 0xCA, 0xC0, + 0xCF, 0xBE, 0x97, 0x59, 0xD0, 0x83, 0x20, 0xCE, 0x3A, 0xD8, + 0x10, 0xFE, 0x41, 0xD5, 0xA9, 0x6B, 0x19, 0xE2, 0x9F, 0x28, + 0xFE, 0xC0, 0x21, 0x75, 0x47, 0x46, 0x94, 0x31, 0x6A, 0xC4, + 0xC4, 0x52, 0x3B, 0x02, 0x73, 0xC4, 0x47, 0x2A, 0xB5, 0xCE, + 0x65, 0x6D, 0x58, 0xC7, 0xFA, 0x3E, 0x0A, 0x6F, 0xE1, 0xA8, + 0xA1, 0x3B, 0x33, 0x8A, 0x6F, 0xCA, 0x4A, 0xEF, 0x52, 0x88, + 0x09, 0xCA, 0xB2, 0xF2, 0x1D, 0x3D, 0x69, 0xF5, 0x5B, 0x80, + 0x4F, 0x29, 0x66, 0xB1, 0x25, 0xC7, 0xEB, 0xD1, 0xBB, 0xDF, + 0xCF, 0x91, 0xC8, 0xCE, 0x58, 0x3B, 0x9D, 0x10, 0x5B, 0x8E, + 0x55, 0x93, 0x5A, 0x32, 0xED, 0x0B, 0xC7, 0x7F, 0xC8, 0xF5, + 0xF2, 0x7F, 0x0A, 0xCE, 0xAD, 0xBB, 0xDB, 0x43, 0x2A, 0x92, + 0xF6, 0xF2, 0xA0, 0x34, 0x8E, 0x7C, 0x22, 0x4A, 0x5A, 0xF9, + 0x84, 0xB0, 0x88, 0xE3, 0xA4, 0x2A, 0xBF, 0x23, 0x3A, 0xEC, + 0xAA, 0x32, 0x77, 0xC9, 0xAB, 0xBC, 0x4B, 0xBB, 0x82, 0xBC, + 0xC0, 0x07, 0xE6, 0xFC, 0xCF, 0x33, 0x72, 0x8F, 0xB2, 0x4E, + 0xDA, 0x2B, 0x7E, 0x08, 0x44, 0x72, 0x2B, 0xA0, 0xC7, 0x3A, + 0x7E, 0x6F, 0xB4, 0x31, 0xB1, 0x3A, 0x34, 0xC3, 0x5C, 0xBE, + 0x9C, 0x85, 0xD8, 0x82, 0x99, 0x35, 0x92, 0xB4, 0xB4, 0x31, + 0x24, 0x31, 0xDF, 0xFB, 0x17, 0xDB, 0x1D, 0x3B, 0xA7, 0xD1, + 0xE2, 0xA4, 0x44, 0xC7, 0x3F, 0x6B, 0x17, 0x1C, 0x32, 0xCC, + 0xF9, 0x48, 0xF0, 0xC0, 0x38, 0x45, 0xE8, 0xF5, 0x84, 0x6C, + 0x59, 0x29, 0x5A, 0xEC, 0x38, 0x43, 0x10, 0x97, 0x67, 0x76, + 0xB5, 0x60, 0xB7, 0x8C, 0x42, 0x11, 0x44, 0x9A, 0x62, 0x87, + 0xDB, 0x02, 0xAA, 0xE7, 0x1E, 0xEC, 0x9F, 0x6B, 0x7F, 0xC5, + 0xFA, 0x9E, 0x03, 0x80, 0x73, 0x74, 0x20, 0xE9, 0x7A, 0xE1, + 0x3F, 0x49, 0x41, 0xBB, 0xC4, 0x9A, 0x70, 0x14, 0xA1, 0x13, + 0x2A, 0x90, 0xEF, 0x06, 0xCC, 0x9D, 0xBA, 0x32, 0x94, 0x8C, + 0xA9, 0x95, 0x45, 0xA4, 0x89, 0x04, 0xD2, 0x68, 0xB9, 0x13, + 0xFD, 0x73, 0x43, 0xEA, 0xC5, 0xEE, 0x7F, 0x00, 0x75, 0xF0, + 0xCA, 0x4D, 0x91, 0xD3, 0x04, 0x72, 0xE6, 0xAF, 0xC8, 0xAD, + 0x43, 0x11, 0x70, 0x36, 0x45, 0xAA, 0xB5, 0x46, 0xA6, 0xBF, + 0xAC, 0x6C, 0x20, 0x86, 0x3E, 0x5E, 0x66, 0xA5, 0x15, 0x6A, + 0xA2, 0x58, 0xE6, 0x6F, 0xE8, 0xAE, 0xB4, 0x1D, 0x67, 0xDA, + 0x18, 0xD6, 0xAD, 0xDE, 0x11, 0x9C, 0xF3, 0xD1, 0xA4, 0x06, + 0x3F, 0xD5, 0x01, 0xFD, 0x3D, 0xB8, 0xFD, 0x14, 0x0F, 0x1A, + 0xE8, 0x7E, 0xB4, 0xA3, 0x2B, 0x8B, 0x52, 0x4C, 0x71, 0x72, + 0x5E, 0x7C, 0x9E, 0x23, 0xFF, 0x50, 0x83, 0x7D, 0x5B, 0xEC, + 0x60, 0xD5, 0xAD, 0xA5, 0x44, 0x0B, 0xDD, 0x66, 0xCC, 0xA5, + 0xF8, 0x0C, 0x65, 0xDB, 0xB2, 0x76, 0x1E, 0x1C, 0x01, 0x87, + 0xCB, 0x1C, 0x76, 0x17, 0x5D, 0x12, 0xCD, 0x28, 0xDC, 0x20, + 0xE0, 0x3A, 0xC8, 0x65, 0xFE, 0xDD, 0xE3, 0xBC, 0x6A, 0x8B, + 0x24, 0x6B, 0x86, 0xA7, 0x2D, 0xBC, 0x4F, 0x26, 0x3F, 0xD7, + 0x3F, 0x04, 0xBF, 0xA4, 0x5D, 0x06, 0x52, 0xB5, 0xE4, 0xFD, + 0x85, 0xB0, 0x2C, 0x52, 0xAC, 0x99, 0x49, 0xEF, 0x56, 0x76, + 0x2A, 0x7C, 0xE3, 0xD8, 0x8E, 0xE4, 0xEB, 0xB2, 0xDB, 0xC1, + 0x54, 0x20, 0x64 }; static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096); @@ -3332,6 +3349,4310 @@ static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096); #endif /* USE_CERT_BUFFERS_4096 */ +#if defined(HAVE_PQC) && defined(HAVE_FALCON) + +/* certs/falcon/bench_falcon_level1_key.der */ +static const unsigned char bench_falcon_level1_key[] = +{ + 0x30, 0x82, 0x08, 0x96, 0x02, 0x01, 0x00, 0x30, 0x07, 0x06, + 0x05, 0x2B, 0xCE, 0x0F, 0x03, 0x01, 0x04, 0x82, 0x08, 0x86, + 0x04, 0x82, 0x08, 0x82, 0x59, 0xFC, 0x32, 0x7D, 0x04, 0x41, + 0x01, 0xEC, 0x41, 0x7B, 0x04, 0x1F, 0x7F, 0xFC, 0x30, 0xBF, + 0x08, 0x80, 0x41, 0x10, 0x3F, 0x81, 0xFB, 0xFF, 0xC6, 0x07, + 0xCF, 0xC6, 0x0C, 0x11, 0x79, 0xFC, 0x2F, 0xC1, 0xFB, 0xFF, + 0x40, 0x1F, 0xA1, 0x3F, 0x0B, 0xF1, 0xC3, 0x0F, 0xB0, 0x43, + 0xFC, 0x61, 0x40, 0x0C, 0x1E, 0xFE, 0x08, 0x5E, 0xBE, 0x00, + 0x41, 0x3D, 0x13, 0xA0, 0xC0, 0xDB, 0xCF, 0x80, 0xF0, 0x20, + 0x80, 0x1C, 0x5F, 0x07, 0x07, 0xBF, 0xC3, 0x18, 0x5E, 0x85, + 0x0C, 0x1F, 0xC7, 0xD8, 0x0F, 0x86, 0x04, 0x10, 0xC0, 0xFC, + 0x32, 0x7E, 0xEF, 0xEF, 0x81, 0xF0, 0x2F, 0xC1, 0x04, 0x0E, + 0xC3, 0xF3, 0xD1, 0x47, 0xF7, 0xE0, 0xC0, 0xF8, 0x40, 0x42, + 0x13, 0xED, 0x82, 0xF0, 0x3E, 0xFB, 0xFF, 0xE0, 0x00, 0xFF, + 0xFF, 0xFA, 0x1F, 0xF1, 0x3D, 0x03, 0xCF, 0xBA, 0xFC, 0x90, + 0x43, 0x0B, 0x6F, 0xC7, 0xEF, 0xDF, 0x02, 0xFF, 0xCF, 0x41, + 0x03, 0xDF, 0xC2, 0x1B, 0xDE, 0xF9, 0x00, 0x90, 0x03, 0xFC, + 0x20, 0xBD, 0x04, 0x10, 0x38, 0xEF, 0xF1, 0x07, 0xE8, 0x51, + 0x07, 0xF7, 0x9F, 0xC2, 0x14, 0x00, 0x04, 0x04, 0x00, 0x00, + 0x04, 0x0F, 0x3F, 0xFF, 0xFF, 0x7D, 0xE0, 0x2F, 0x00, 0xF7, + 0xC1, 0x83, 0xFF, 0xBF, 0x87, 0x03, 0xA0, 0xC4, 0xEF, 0xEF, + 0xFF, 0xFC, 0x00, 0xFE, 0x20, 0x6F, 0xBE, 0x14, 0x9F, 0x01, + 0x17, 0xAE, 0xFE, 0x08, 0x3F, 0x7A, 0x17, 0xFF, 0x80, 0x14, + 0x3E, 0xC2, 0x04, 0x1F, 0xFB, 0x08, 0x4F, 0x41, 0xFC, 0x41, + 0xC2, 0x0C, 0x20, 0x82, 0x03, 0xC2, 0x43, 0x20, 0x20, 0xF8, + 0x07, 0xFF, 0x7E, 0xF8, 0x3E, 0x81, 0xEF, 0xDE, 0xC3, 0x00, + 0x4F, 0x85, 0x03, 0xD0, 0x7E, 0xF8, 0x2F, 0x42, 0xDF, 0xB1, + 0x3E, 0xFB, 0xF1, 0x45, 0x0B, 0xF1, 0x41, 0x1B, 0xF0, 0xC0, + 0x03, 0xEF, 0x03, 0xEB, 0x9E, 0xFE, 0xE8, 0x21, 0x42, 0x14, + 0x4E, 0xC4, 0xFC, 0x3E, 0x00, 0xF3, 0xFF, 0xBC, 0x18, 0x40, + 0x87, 0x08, 0x51, 0x7D, 0x03, 0xFF, 0x42, 0x18, 0x00, 0x43, + 0xF8, 0x6F, 0x7F, 0xFC, 0x21, 0x05, 0xFB, 0xF0, 0xFA, 0x00, + 0x2F, 0xC2, 0x04, 0x00, 0x43, 0x1B, 0xE1, 0x07, 0xF0, 0x50, + 0x05, 0x00, 0x11, 0x41, 0xF4, 0x4E, 0xC9, 0x0B, 0xDF, 0xBD, + 0x20, 0xB0, 0x7B, 0x04, 0xE0, 0xFF, 0xF3, 0xEF, 0x3F, 0x20, + 0x5F, 0xC8, 0xFF, 0xF0, 0xFE, 0xFB, 0x9F, 0x3C, 0xFB, 0xFF, + 0xC1, 0x13, 0x51, 0x05, 0x03, 0xFF, 0x03, 0xFB, 0xE1, 0xBE, + 0x1B, 0xC0, 0x8B, 0x03, 0xF1, 0x7F, 0x10, 0x6E, 0x39, 0x08, + 0x3F, 0xC9, 0xFC, 0x40, 0x82, 0xFB, 0xE0, 0xBC, 0xF0, 0x21, + 0x03, 0xE4, 0x6F, 0x7E, 0xD8, 0x00, 0x81, 0xF8, 0x41, 0x46, + 0x07, 0xC0, 0x45, 0x24, 0x2F, 0x80, 0x0C, 0x3F, 0x05, 0x20, + 0x8F, 0x84, 0xF8, 0x6F, 0xFF, 0xEC, 0x30, 0x85, 0xFF, 0xF0, + 0xBD, 0xF4, 0x50, 0x87, 0x00, 0x3F, 0xC2, 0xFB, 0xC0, 0xC1, + 0x03, 0xEF, 0xB8, 0xFF, 0xFF, 0x45, 0x13, 0xBE, 0xC1, 0x03, + 0xC0, 0x40, 0x07, 0x90, 0x3E, 0xE0, 0x0E, 0xFD, 0xFB, 0xA0, + 0xFF, 0xF8, 0x0F, 0xC5, 0xFF, 0xFF, 0x43, 0xE3, 0xFF, 0x06, + 0x0F, 0xB0, 0x43, 0xF0, 0x90, 0x7B, 0xE7, 0xD1, 0x79, 0x07, + 0xDF, 0xFB, 0x03, 0xE0, 0x04, 0xF7, 0xD0, 0x45, 0xFF, 0xEF, + 0xBB, 0x20, 0x01, 0x42, 0xD0, 0x7E, 0xC3, 0x13, 0xEF, 0xC8, + 0x0B, 0x8E, 0xBE, 0xF8, 0x1F, 0xFE, 0xDF, 0xCF, 0xBE, 0x13, + 0xD1, 0xFC, 0x0C, 0x61, 0xC2, 0x04, 0x40, 0x01, 0x00, 0x2F, + 0xFC, 0x0B, 0xDF, 0x00, 0x14, 0x61, 0x02, 0xE4, 0x0F, 0x81, + 0xF0, 0x3F, 0x81, 0xFC, 0x00, 0x82, 0xF4, 0x21, 0x7E, 0x0B, + 0xF0, 0x48, 0x00, 0x00, 0x3A, 0xE8, 0x5F, 0x05, 0x17, 0xF0, + 0xC0, 0x00, 0x61, 0x39, 0xF8, 0x4F, 0x81, 0xEB, 0x5F, 0x06, + 0x08, 0x2F, 0xC0, 0x04, 0x1F, 0xFF, 0x0B, 0xBF, 0xBA, 0x0B, + 0xFF, 0x40, 0x07, 0xCF, 0x42, 0x10, 0x1F, 0x3D, 0xDB, 0xC0, + 0x85, 0x03, 0xD1, 0xC0, 0x04, 0x0F, 0x7E, 0x03, 0xBF, 0x81, + 0xF7, 0xD0, 0x7D, 0xE8, 0x1E, 0x00, 0x00, 0x31, 0x46, 0x04, + 0x21, 0x40, 0xF3, 0xBF, 0x05, 0x03, 0xD1, 0x40, 0xFB, 0xEE, + 0xFD, 0x03, 0xF0, 0xBA, 0xE7, 0xFE, 0xBD, 0xE8, 0x6F, 0xBC, + 0x07, 0xEF, 0x82, 0x0C, 0x40, 0x3F, 0x00, 0x20, 0x80, 0x0F, + 0xB1, 0x42, 0xFC, 0x10, 0x3F, 0x07, 0xEF, 0xBF, 0xF0, 0x1E, + 0x82, 0xFC, 0x3F, 0x80, 0x1C, 0x50, 0xC3, 0x13, 0xD0, 0xFC, + 0xEF, 0xEF, 0x7C, 0x0C, 0x6F, 0xBF, 0x1B, 0x90, 0xFF, 0x00, + 0x70, 0xC5, 0x04, 0x00, 0x03, 0xEF, 0x8F, 0x80, 0xF8, 0x00, + 0x7F, 0x04, 0x01, 0x41, 0xE8, 0x21, 0x43, 0x08, 0x9F, 0x44, + 0xF7, 0xF2, 0x7C, 0x0F, 0xC0, 0x3E, 0xEC, 0x4F, 0xFF, 0x00, + 0x31, 0x3E, 0x13, 0xEE, 0x40, 0xFB, 0xE0, 0xFA, 0xEB, 0xD0, + 0xBF, 0x04, 0x0F, 0x46, 0xFF, 0xE2, 0x7D, 0x03, 0xDE, 0x81, + 0xF4, 0x2F, 0xBD, 0x08, 0x0F, 0x42, 0xEF, 0xA0, 0x40, 0xF8, + 0x01, 0x41, 0xF3, 0xD1, 0x00, 0x00, 0x01, 0x00, 0x13, 0xB0, + 0x7E, 0xE7, 0xE0, 0x7F, 0x08, 0x2F, 0x3E, 0x03, 0xD2, 0xC3, + 0x23, 0x9F, 0xFF, 0x17, 0xEE, 0xBB, 0xF0, 0x2E, 0xBE, 0xFC, + 0x2F, 0x3F, 0xF4, 0x00, 0x48, 0xE3, 0xDE, 0x7B, 0x0B, 0xFF, + 0xC4, 0x04, 0x01, 0x02, 0xFF, 0xB1, 0x84, 0x00, 0x7E, 0xC5, + 0x08, 0x11, 0xBE, 0xF7, 0x90, 0xC5, 0xEF, 0xDE, 0x09, 0x0B, + 0xD0, 0x86, 0xEC, 0x4F, 0xFC, 0x0B, 0xA1, 0x06, 0xEC, 0x50, + 0xC3, 0xFF, 0xA1, 0x3D, 0x20, 0x4F, 0xFF, 0x13, 0x8F, 0x45, + 0xF3, 0xF0, 0x83, 0x04, 0x06, 0x09, 0xE4, 0xEB, 0xFA, 0xFD, + 0xD6, 0x04, 0x2A, 0x25, 0x0F, 0xF3, 0xE6, 0x10, 0xFD, 0xEB, + 0x0C, 0x0B, 0x0C, 0xF3, 0x1F, 0x06, 0x21, 0xFF, 0x2E, 0xDD, + 0xFA, 0xF3, 0xF1, 0x21, 0xEE, 0x1B, 0x06, 0xC6, 0x05, 0x21, + 0xF7, 0x07, 0xE1, 0x01, 0x19, 0x0D, 0xEE, 0xE2, 0xD2, 0x0F, + 0xF9, 0xEE, 0xEC, 0x13, 0xF3, 0xE5, 0x1C, 0xF6, 0xF4, 0xE5, + 0x09, 0xF0, 0x32, 0x09, 0x0D, 0xD4, 0x17, 0x1F, 0xE4, 0xDA, + 0xF7, 0x08, 0xD9, 0xD6, 0x01, 0xED, 0x07, 0xDD, 0xE4, 0x1A, + 0x09, 0x34, 0xE0, 0xFE, 0x0D, 0xD4, 0xF8, 0x03, 0xF8, 0xF6, + 0xFB, 0x1C, 0xDF, 0x11, 0x1C, 0x08, 0x13, 0x0F, 0xE8, 0xF5, + 0xFA, 0x19, 0x06, 0xEF, 0xFC, 0x09, 0x1B, 0x22, 0xED, 0x02, + 0xE6, 0x09, 0x04, 0xD8, 0xF5, 0x10, 0x02, 0x24, 0x15, 0x26, + 0xEA, 0xFA, 0x1D, 0x15, 0x09, 0xFD, 0xD1, 0x02, 0x0D, 0xF5, + 0xF7, 0xF4, 0x1E, 0x40, 0x0E, 0xFD, 0xEE, 0x19, 0x15, 0xF2, + 0xE6, 0xE5, 0xF0, 0xFC, 0x03, 0x07, 0x03, 0xFE, 0xFC, 0x03, + 0x09, 0xE8, 0xEF, 0xF9, 0xEF, 0xED, 0x0A, 0x07, 0x0A, 0x02, + 0x08, 0xD0, 0xEE, 0x1D, 0xD3, 0xF0, 0xB2, 0xEA, 0x07, 0xFA, + 0x39, 0x13, 0x18, 0xF4, 0xEA, 0xF5, 0x0A, 0xE6, 0xE1, 0x1E, + 0x0B, 0x14, 0xF3, 0x26, 0xDA, 0xEA, 0x18, 0xE6, 0x10, 0x06, + 0xFF, 0xE9, 0x08, 0xE9, 0x10, 0xD0, 0xF7, 0x08, 0xEE, 0xEF, + 0x05, 0xEB, 0xF5, 0x10, 0xD5, 0x12, 0x1F, 0xDF, 0xFF, 0xF5, + 0x33, 0x05, 0x31, 0xFD, 0x19, 0xF8, 0xEE, 0x2B, 0x08, 0x01, + 0x17, 0x0A, 0xF6, 0x21, 0xF7, 0x11, 0x00, 0x23, 0xFF, 0x03, + 0xD7, 0xEF, 0x16, 0xF5, 0xED, 0x0A, 0xF7, 0x00, 0x00, 0xDD, + 0xF8, 0x07, 0x0A, 0xF0, 0xFB, 0xF1, 0xCC, 0x11, 0x1F, 0xFC, + 0xE1, 0x03, 0x46, 0x01, 0x06, 0x0C, 0xE7, 0x36, 0x05, 0xDC, + 0xD1, 0x0A, 0x43, 0x09, 0x04, 0xF6, 0xFE, 0x09, 0x1F, 0x06, + 0xEB, 0xE7, 0x08, 0xFD, 0xDA, 0x0D, 0x23, 0xC6, 0x13, 0x30, + 0x02, 0x23, 0x03, 0xED, 0xE1, 0x0B, 0x12, 0x27, 0x1E, 0x1B, + 0x01, 0xF5, 0xF5, 0xF4, 0xED, 0xDC, 0xF7, 0x14, 0xF1, 0x3E, + 0x2F, 0x18, 0x04, 0x22, 0x08, 0x03, 0x1F, 0x0E, 0x19, 0xEB, + 0x21, 0xDC, 0xCE, 0xD2, 0x23, 0x14, 0xE3, 0x16, 0xF7, 0x29, + 0x0A, 0x0F, 0x04, 0xF7, 0xEF, 0x15, 0xFA, 0x30, 0xE7, 0xD3, + 0x13, 0x05, 0x0E, 0x06, 0x04, 0x11, 0xF9, 0x2D, 0x1C, 0xEF, + 0x0F, 0x03, 0x05, 0xF4, 0x09, 0xE7, 0xE3, 0xFC, 0x04, 0xED, + 0x15, 0xF2, 0x2F, 0xF1, 0xF9, 0x1D, 0x08, 0x46, 0xED, 0xF1, + 0x0C, 0xF9, 0x38, 0xEF, 0xE6, 0xEB, 0xD1, 0xDE, 0x04, 0xFD, + 0x1B, 0xFB, 0x30, 0xE5, 0xCD, 0xF6, 0xDE, 0xEA, 0x09, 0x00, + 0xE8, 0x0C, 0x27, 0x01, 0xC1, 0x2A, 0x05, 0xF4, 0xED, 0x11, + 0xF9, 0xF7, 0xFD, 0x0A, 0xD6, 0xF8, 0x03, 0x0C, 0x05, 0x16, + 0xFB, 0x1F, 0xEC, 0x13, 0x07, 0xF3, 0x04, 0xC6, 0x1E, 0x0A, + 0x01, 0x0A, 0x09, 0xDE, 0x0D, 0xDC, 0xDF, 0xD8, 0x0E, 0x25, + 0xDF, 0xC3, 0xF4, 0x0C, 0xE9, 0xE5, 0xEC, 0xE9, 0xEE, 0xEC, + 0x23, 0xF2, 0xEE, 0x17, 0xF7, 0x1D, 0xE4, 0x0D, 0x0E, 0x0E, + 0x0A, 0xF5, 0xFF, 0x0B, 0x0F, 0xF3, 0xF1, 0x18, 0x08, 0xEB, + 0x03, 0x01, 0x1E, 0xF7, 0xF2, 0x0E, 0xDF, 0xF8, 0xD3, 0xCB, + 0xFB, 0xFE, 0xEF, 0xED, 0x17, 0x24, 0xD9, 0x06, 0xF5, 0xDD, + 0xFF, 0xEF, 0x1E, 0xE7, 0xC6, 0xFB, 0x03, 0x14, 0x12, 0x00, + 0x1E, 0x2B, 0x2B, 0xEB, 0x0E, 0x2D, 0xE9, 0x17, 0x13, 0x05, + 0x2F, 0x23, 0xF5, 0xF6, 0xEE, 0xF1, 0xD3, 0xE3, 0xFC, 0xEC, + 0xE4, 0xFE, 0xEA, 0xFC, 0x05, 0x2E, 0x0E, 0xF6, 0x0F, 0xE5, + 0xEF, 0x08, 0xEF, 0x01, 0xE1, 0x09, 0x00, 0x81, 0xF2, 0x10, + 0x17, 0x97, 0x32, 0xA5, 0x89, 0x54, 0x64, 0xC7, 0x47, 0x1C, + 0x52, 0xBC, 0xBF, 0xF6, 0x8A, 0x47, 0x0A, 0x87, 0x1E, 0x61, + 0x92, 0xEF, 0x56, 0x48, 0x88, 0x88, 0xAF, 0x14, 0x0B, 0x88, + 0xBD, 0x82, 0xB8, 0x32, 0x62, 0xF4, 0xD7, 0x40, 0xAD, 0xA6, + 0xE9, 0x1A, 0x03, 0x44, 0x60, 0x71, 0x58, 0xC3, 0x76, 0x2A, + 0x8F, 0x5B, 0x9F, 0x24, 0x8A, 0x92, 0x4E, 0xC4, 0x99, 0x3D, + 0x39, 0x8B, 0x25, 0xEB, 0xDA, 0x39, 0x91, 0x21, 0x70, 0x2B, + 0x77, 0x63, 0x1C, 0xA9, 0xD6, 0xD5, 0x30, 0x26, 0x10, 0xCF, + 0x1D, 0xD8, 0x32, 0xB2, 0xE8, 0x5C, 0x88, 0x04, 0x11, 0x9E, + 0x7A, 0xB4, 0x6E, 0xF2, 0x4D, 0x78, 0x3C, 0xF1, 0xA7, 0xA5, + 0xF3, 0x98, 0xAA, 0x8A, 0x08, 0xED, 0x17, 0xCA, 0xA1, 0x9E, + 0x6B, 0xC6, 0xEB, 0x4D, 0x47, 0x7B, 0x04, 0x41, 0x1B, 0x19, + 0x61, 0x19, 0x0F, 0xB5, 0xAF, 0x02, 0xE8, 0x8A, 0x43, 0xB8, + 0xF9, 0xA6, 0x43, 0x5A, 0xEA, 0x1B, 0x94, 0x8A, 0xD2, 0x71, + 0x2B, 0x2F, 0x6A, 0xBF, 0x26, 0x5E, 0x84, 0xAC, 0x4F, 0x03, + 0x40, 0x0C, 0x68, 0xA4, 0x36, 0xE3, 0xFD, 0x0B, 0xD0, 0x31, + 0xD9, 0x58, 0xD3, 0xC2, 0x76, 0xA2, 0x25, 0x69, 0x59, 0x00, + 0xA8, 0x43, 0x12, 0x85, 0x69, 0x16, 0x24, 0x50, 0x15, 0x74, + 0x1B, 0x02, 0xB9, 0xC0, 0x7B, 0x81, 0x64, 0x7E, 0x63, 0xB7, + 0x16, 0x68, 0x49, 0x92, 0x60, 0x7B, 0xC0, 0xC4, 0xFB, 0x9E, + 0x7E, 0x23, 0x87, 0x81, 0x48, 0xD4, 0x5F, 0xAD, 0xDA, 0xA7, + 0xA3, 0x5C, 0x6C, 0x4E, 0x60, 0x43, 0xB4, 0x48, 0x5B, 0xD1, + 0x3C, 0xE4, 0x5C, 0x5A, 0x8A, 0x85, 0xBC, 0x76, 0xEC, 0xA5, + 0x40, 0x1E, 0x02, 0xFE, 0x06, 0x8D, 0x60, 0xD6, 0x37, 0x82, + 0x47, 0x22, 0xA5, 0x18, 0xA6, 0x62, 0x44, 0x08, 0x0D, 0xE2, + 0x46, 0xA6, 0x6C, 0xCB, 0x8D, 0x9B, 0xD5, 0xFA, 0x31, 0x4C, + 0xCF, 0x74, 0x6D, 0xAA, 0x93, 0x21, 0xEB, 0xA4, 0xC9, 0xB2, + 0x95, 0xFE, 0x42, 0x28, 0xE7, 0x1A, 0x3A, 0xB9, 0xA8, 0x9B, + 0x6D, 0x59, 0xFC, 0x38, 0xA6, 0xC9, 0xC6, 0x5D, 0xEC, 0xF2, + 0x1D, 0xF0, 0x64, 0x86, 0x63, 0x19, 0x93, 0x57, 0x71, 0xCF, + 0x85, 0xA5, 0x27, 0x43, 0xB3, 0x81, 0xF2, 0x14, 0x17, 0x05, + 0x2E, 0x26, 0xE2, 0x4C, 0xF3, 0xCB, 0x42, 0xC7, 0x23, 0x91, + 0xF2, 0x51, 0x54, 0xDB, 0x95, 0x6B, 0x26, 0x3F, 0xF0, 0xF3, + 0x29, 0xDE, 0x64, 0x59, 0x10, 0x5A, 0x70, 0x81, 0x96, 0x0D, + 0xD6, 0xBD, 0x9B, 0xBA, 0x52, 0xE4, 0x47, 0xB4, 0xC5, 0x81, + 0x4F, 0xA3, 0x1C, 0x53, 0x29, 0xBE, 0xF0, 0x0A, 0x19, 0xA8, + 0x79, 0x5A, 0x08, 0x17, 0x9B, 0x1C, 0x54, 0x0C, 0xDD, 0x9F, + 0xB0, 0xFE, 0xA2, 0xBD, 0x7E, 0xD1, 0x44, 0xFA, 0x6A, 0x19, + 0x15, 0x9B, 0xCA, 0x77, 0x24, 0x8A, 0xC4, 0x6F, 0x02, 0xBC, + 0x2C, 0x07, 0x1C, 0x6A, 0x69, 0x89, 0x9D, 0x84, 0xE9, 0x14, + 0xE1, 0x8E, 0x49, 0xA0, 0x1D, 0x76, 0x9F, 0x54, 0x49, 0x5E, + 0x42, 0x90, 0x1A, 0xE4, 0x2B, 0xF0, 0x36, 0xF6, 0xB7, 0x38, + 0x9A, 0xD3, 0xBB, 0x08, 0xFA, 0x96, 0xC9, 0xE8, 0xEF, 0x7E, + 0x79, 0xE9, 0xDE, 0xA5, 0xA6, 0x97, 0x15, 0x9E, 0xEA, 0xB4, + 0x8B, 0xC8, 0xA1, 0xB7, 0x50, 0x78, 0x04, 0x00, 0xFC, 0x13, + 0xF0, 0x96, 0xCC, 0x45, 0xC8, 0x74, 0x2B, 0xCA, 0x98, 0x7E, + 0x6C, 0x91, 0x22, 0x0B, 0x49, 0x07, 0xB6, 0xE0, 0x44, 0xD8, + 0x44, 0x4A, 0x0E, 0x65, 0x3F, 0x45, 0x90, 0x95, 0x59, 0x72, + 0xCD, 0xB3, 0xE7, 0x56, 0x65, 0x23, 0xB0, 0x9D, 0x13, 0x66, + 0x13, 0xCC, 0xB9, 0x96, 0xB9, 0xAD, 0x2B, 0x15, 0x48, 0xB3, + 0x84, 0xC2, 0x9D, 0xC3, 0xC8, 0x8C, 0x41, 0x32, 0xBE, 0x1A, + 0x98, 0xAE, 0xD8, 0x66, 0x5B, 0xA6, 0x4A, 0xA8, 0x75, 0xCC, + 0x58, 0x63, 0x34, 0xD6, 0x23, 0xDF, 0xA3, 0x72, 0x07, 0xA2, + 0x7B, 0xD5, 0x81, 0x14, 0xDB, 0x56, 0xF4, 0x07, 0x22, 0x0E, + 0x2C, 0x03, 0x9A, 0xB8, 0x48, 0x58, 0xB2, 0xE8, 0x21, 0x55, + 0x14, 0x2A, 0xA3, 0x45, 0x89, 0xCD, 0x29, 0x76, 0x3F, 0x0A, + 0x54, 0x60, 0x06, 0x94, 0x82, 0x53, 0x49, 0x5C, 0x92, 0x2E, + 0x0E, 0x7C, 0x10, 0x97, 0x35, 0x25, 0x22, 0xA7, 0x28, 0x24, + 0x30, 0x68, 0x2F, 0x46, 0x78, 0xD6, 0x55, 0xCA, 0xE3, 0x88, + 0x56, 0x94, 0x78, 0x4D, 0x66, 0x26, 0xD7, 0x9F, 0x7A, 0x36, + 0x23, 0x77, 0x35, 0xB0, 0x00, 0x25, 0xB0, 0x41, 0x67, 0x82, + 0xCC, 0x61, 0x3D, 0x26, 0x46, 0xC7, 0xB6, 0x95, 0xA5, 0x1F, + 0x49, 0x13, 0xB9, 0x7A, 0x91, 0x82, 0x99, 0x06, 0xAE, 0x01, + 0x45, 0xAE, 0x53, 0x1B, 0xE6, 0x51, 0x34, 0x96, 0x81, 0x62, + 0x06, 0xA9, 0x0E, 0x46, 0xB8, 0x18, 0x1E, 0xAF, 0x24, 0x54, + 0x89, 0x80, 0xE3, 0xD2, 0x11, 0x8D, 0xB7, 0x80, 0x31, 0x21, + 0xEF, 0x81, 0x9D, 0x22, 0x08, 0xE5, 0x0E, 0x3E, 0x9A, 0x8C, + 0xA4, 0xBA, 0xAB, 0x1A, 0xC9, 0x75, 0xD1, 0x6B, 0x16, 0x37, + 0x5B, 0x36, 0x12, 0x34, 0x06, 0xA6, 0xD7, 0x4B, 0x82, 0x35, + 0xC9, 0x64, 0xC3, 0x66, 0x4E, 0x66, 0x0F, 0x62, 0xA5, 0x2B, + 0x71, 0x8A, 0x23, 0x0A, 0xD1, 0x06, 0x94, 0xE1, 0x44, 0x8E, + 0x59, 0x41, 0x41, 0x09, 0xC9, 0x4D, 0xB7, 0x1D, 0xEE, 0x2E, + 0xB7, 0x35, 0x01, 0x89, 0x6B, 0xF4, 0xE2, 0xB1, 0xE7, 0x94, + 0xD3, 0x30, 0x34, 0xB8, 0x36, 0xA4, 0x59, 0xBE, 0x0E, 0xC9, + 0x49, 0x34, 0x70, 0x55, 0xDB, 0x87, 0x46, 0x2F, 0x68, 0xED, + 0x59, 0xB3, 0x7F, 0x2E, 0x0B, 0x8B, 0x90, 0x1F, 0x51, 0x3D, + 0x3E, 0xC2, 0xB5, 0x13, 0xCE, 0xAE, 0x6C, 0x56, 0x0D, 0x4A, + 0xAB, 0x99, 0x8B, 0x89, 0xEC, 0xBE, 0xCA, 0x02, 0x47, 0x6C, + 0xA8, 0x31, 0xEC, 0x98, 0xAA, 0xC1, 0xE1, 0x36, 0x22, 0x2E, + 0x81, 0xB0, 0xA2, 0xD2, 0x27, 0x49, 0xCF, 0x60, 0x9E, 0x8C, + 0xC3, 0xA0, 0x6E, 0x98, 0x8A, 0xF7, 0x2C, 0x36, 0x3B, 0x7E, + 0x25, 0x90, 0xD6, 0xC2, 0x70, 0x0C, 0xF5, 0xEC, 0x07, 0xA5, + 0xAE, 0x55, 0x64, 0x04, 0x03, 0xC3, 0x80, 0x55, 0x3C, 0x37, + 0x3E, 0xD1, 0x83, 0x7C, 0x2F, 0x11, 0x4C, 0xDE, 0xB8, 0x44, + 0xCA, 0x0F, 0xBF, 0x7B, 0x82, 0x2B, 0xB5, 0xD3, 0x10, 0x66, + 0x86, 0x8E, 0x39, 0xF6, 0x33, 0x9D, 0x0D, 0x70, 0xB0, 0x02, + 0x50, 0xC5, 0x0F, 0x27, 0x35, 0x2C, 0xEF, 0x53, 0x4E, 0x13, + 0x58, 0xB8, 0xA8, 0xC0, 0x4A, 0x95, 0x61, 0xFB, 0x48, 0x05, + 0xCB, 0xC9, 0x40, 0xD2, 0x3A, 0xBE, 0xA9, 0xB7, 0x78, 0x76, + 0x9F, 0x1E +}; +static const int sizeof_bench_falcon_level1_key = sizeof(bench_falcon_level1_key); + +/* certs/falcon/bench_falcon_level5_key.der */ +static const unsigned char bench_falcon_level5_key[] = +{ + 0x30, 0x82, 0x10, 0x16, 0x02, 0x01, 0x00, 0x30, 0x07, 0x06, + 0x05, 0x2B, 0xCE, 0x0F, 0x03, 0x04, 0x04, 0x82, 0x10, 0x06, + 0x04, 0x82, 0x10, 0x02, 0x5A, 0xDF, 0x13, 0xB0, 0x70, 0x81, + 0x21, 0x02, 0x3D, 0x7F, 0xFF, 0xD0, 0x47, 0xFE, 0x0F, 0xC2, + 0xE6, 0xC5, 0xFF, 0x9F, 0xDB, 0xF0, 0x0D, 0xE0, 0xFC, 0x43, + 0x07, 0xFE, 0x01, 0x80, 0x20, 0x00, 0xC3, 0xD0, 0x74, 0x3F, + 0x07, 0x41, 0xFF, 0xF7, 0x81, 0xEF, 0xFF, 0xF1, 0x10, 0x04, + 0x10, 0x4C, 0x32, 0x7C, 0x42, 0x30, 0x08, 0x42, 0x70, 0x45, + 0xFF, 0x3F, 0xCF, 0x07, 0x60, 0x00, 0x82, 0x00, 0x84, 0x01, + 0x20, 0x04, 0x00, 0x7B, 0xC0, 0x18, 0x42, 0x11, 0x00, 0x22, + 0x17, 0x46, 0x00, 0x70, 0x43, 0xDF, 0x82, 0x10, 0x0B, 0xDA, + 0x17, 0x01, 0xE0, 0x0B, 0xFF, 0xF7, 0xBD, 0xE0, 0x7C, 0x1E, + 0xF7, 0x7E, 0x40, 0x78, 0x1E, 0x17, 0xC5, 0xD0, 0x18, 0x3D, + 0x19, 0x3E, 0x31, 0x68, 0x3F, 0xF8, 0x87, 0xCF, 0xF8, 0x9F, + 0x37, 0x7F, 0xE0, 0x7B, 0xC0, 0xF1, 0x40, 0x1F, 0x04, 0x5F, + 0x08, 0x42, 0x2E, 0x03, 0xA5, 0xD8, 0x06, 0x52, 0xF0, 0x24, + 0x00, 0x01, 0xEF, 0xE8, 0x42, 0xE9, 0xBD, 0xF2, 0x9B, 0xBA, + 0x16, 0xFD, 0xCF, 0x83, 0x81, 0x08, 0x3F, 0xFE, 0x88, 0x40, + 0x01, 0xB0, 0x12, 0x8B, 0xA1, 0x10, 0xBD, 0xF1, 0x7C, 0x1F, + 0x18, 0x47, 0xC0, 0x13, 0xC1, 0xF7, 0x84, 0x00, 0x03, 0x5F, + 0xF8, 0x46, 0x21, 0xF8, 0x1D, 0x17, 0x80, 0x0F, 0x8B, 0xC0, + 0x0E, 0xC3, 0xEE, 0x87, 0xBE, 0xF0, 0xF4, 0x01, 0xEC, 0x1D, + 0xF7, 0xC6, 0x11, 0xF8, 0x1B, 0x18, 0x7F, 0xCE, 0xFF, 0xBA, + 0x10, 0x46, 0x3E, 0xF3, 0xFE, 0x31, 0x3E, 0x40, 0xFB, 0x80, + 0x18, 0x43, 0xD0, 0x04, 0xFE, 0x00, 0x70, 0x0E, 0x08, 0x3F, + 0xF7, 0xFE, 0x0F, 0x70, 0x22, 0xE7, 0x86, 0x20, 0x94, 0x3F, + 0x10, 0xF6, 0x4F, 0x80, 0x00, 0x17, 0x86, 0x3F, 0x6F, 0x41, + 0xE8, 0x44, 0x0F, 0x8B, 0xE3, 0xF0, 0x82, 0x2E, 0xEC, 0x00, + 0x20, 0xFE, 0x00, 0x78, 0x1B, 0x27, 0xF8, 0x10, 0x8F, 0xBD, + 0x17, 0x78, 0x5F, 0xE0, 0x04, 0xF8, 0xC2, 0x0F, 0xFB, 0xFE, + 0xF9, 0xF5, 0xF0, 0x8F, 0xC2, 0x01, 0x3D, 0xD1, 0x77, 0x61, + 0x10, 0xC4, 0x41, 0x04, 0x9F, 0x0E, 0xC9, 0x9F, 0xFF, 0xC3, + 0xD8, 0x7A, 0x00, 0x07, 0x61, 0xF0, 0x04, 0x0F, 0x6F, 0x61, + 0xE7, 0x78, 0x1E, 0xFF, 0xDD, 0x31, 0x02, 0x00, 0x84, 0x40, + 0xFF, 0x42, 0x00, 0xF8, 0x02, 0x10, 0xFE, 0x71, 0x7C, 0x41, + 0x37, 0xC2, 0x22, 0x83, 0x9B, 0xEF, 0xFD, 0xFF, 0x78, 0x5E, + 0xF8, 0x05, 0xD0, 0x73, 0xE3, 0xFF, 0x3E, 0x5E, 0xFC, 0x21, + 0x1F, 0xBC, 0x00, 0x07, 0xC2, 0xF0, 0xC2, 0x3E, 0x07, 0xE0, + 0x08, 0x02, 0x10, 0xFC, 0x63, 0xF0, 0x05, 0xFF, 0xEF, 0x7D, + 0x07, 0x86, 0x02, 0x07, 0xE5, 0x08, 0x46, 0x42, 0x0B, 0xA1, + 0xE7, 0xFD, 0xEF, 0x6C, 0x42, 0xF0, 0x04, 0x00, 0x84, 0x60, + 0xF9, 0x84, 0x1F, 0x0F, 0x98, 0xD8, 0xBF, 0xEF, 0x77, 0xC2, + 0x08, 0x41, 0xF1, 0xFB, 0xE0, 0x17, 0x7B, 0xED, 0x78, 0x5C, + 0x10, 0x42, 0x2F, 0x83, 0xDE, 0x50, 0xB6, 0x22, 0x07, 0xE3, + 0x10, 0x45, 0xE0, 0x7F, 0xA1, 0xE9, 0x00, 0x11, 0x7B, 0xE1, + 0xD8, 0xC4, 0x4E, 0xFF, 0xFF, 0x17, 0xFC, 0x31, 0x1B, 0xA2, + 0xF8, 0x41, 0xDF, 0x10, 0x3F, 0xE8, 0x3F, 0xFF, 0x87, 0xC2, + 0x1F, 0x44, 0x20, 0x83, 0xBF, 0x17, 0x02, 0x20, 0x04, 0x3B, + 0xF8, 0x01, 0xC0, 0x83, 0xE2, 0x30, 0x40, 0x5F, 0x80, 0x23, + 0x07, 0x83, 0xC0, 0xF0, 0x60, 0x00, 0xC4, 0x10, 0x08, 0x9F, + 0xE8, 0xBA, 0x2F, 0xFF, 0xE3, 0x0E, 0x41, 0xA3, 0x7C, 0x62, + 0x17, 0x7C, 0x0F, 0xFB, 0xC0, 0x07, 0x7D, 0xD2, 0xEC, 0x82, + 0xFF, 0x49, 0xB0, 0x74, 0x9F, 0x07, 0xFC, 0x5F, 0x14, 0x7F, + 0x17, 0x3C, 0x42, 0x08, 0x5C, 0xD9, 0x36, 0x50, 0xFB, 0xC1, + 0x09, 0x80, 0x41, 0x93, 0xE6, 0xF8, 0xBC, 0x11, 0x0C, 0x05, + 0x0E, 0x83, 0xBF, 0xFB, 0x9C, 0xF8, 0x3E, 0x20, 0x7C, 0x3F, + 0x09, 0x3E, 0x01, 0x8B, 0xA1, 0xFF, 0xFC, 0x3F, 0x00, 0x24, + 0x17, 0x82, 0x23, 0x7C, 0x3D, 0xD7, 0x76, 0x1F, 0x0C, 0x3E, + 0x1F, 0xFE, 0x22, 0xFF, 0xFE, 0xE0, 0x82, 0x00, 0x97, 0xC3, + 0xE0, 0x45, 0xD1, 0x06, 0xC2, 0x17, 0xF7, 0xEE, 0x7B, 0xA8, + 0x00, 0x84, 0x3F, 0xFF, 0x81, 0xF0, 0xB0, 0x11, 0xF4, 0x00, + 0x16, 0xB8, 0x5F, 0x7B, 0xDD, 0xEF, 0xC0, 0x3F, 0x08, 0x02, + 0x0F, 0xD1, 0xF0, 0x94, 0x42, 0xF0, 0x0D, 0xC0, 0x7C, 0x21, + 0x0F, 0xC6, 0x01, 0x7C, 0x7E, 0x0F, 0x01, 0xD1, 0x01, 0x01, + 0x1F, 0x39, 0xE0, 0x83, 0xDF, 0x07, 0x7E, 0x1F, 0x0B, 0xFB, + 0x2F, 0xC7, 0xE3, 0x70, 0x63, 0x1F, 0xC6, 0x10, 0x7C, 0x5E, + 0x00, 0x3E, 0x02, 0x98, 0x41, 0xF7, 0x84, 0x0F, 0xF4, 0x01, + 0x07, 0x05, 0xF0, 0x23, 0xBE, 0xF0, 0x46, 0x30, 0x83, 0xE0, + 0x00, 0x79, 0xDF, 0x0C, 0xE3, 0x0F, 0x44, 0x00, 0xFF, 0xDF, + 0xE8, 0xC4, 0x14, 0x13, 0xBF, 0x08, 0x7D, 0x92, 0x03, 0xE0, + 0x20, 0x03, 0x91, 0x10, 0xA1, 0xF1, 0x01, 0xCE, 0x73, 0x84, + 0xF7, 0xBA, 0x23, 0x68, 0x3F, 0xF0, 0x7C, 0x2D, 0x03, 0xFF, + 0x07, 0xBE, 0x3F, 0x7F, 0xD9, 0x10, 0x03, 0xC1, 0x03, 0xC2, + 0xEA, 0x0A, 0x1E, 0x00, 0x03, 0xF8, 0x46, 0x3E, 0xF8, 0x02, + 0x18, 0x44, 0x3F, 0x00, 0xA0, 0xF7, 0x3C, 0x0D, 0x73, 0xFF, + 0xEE, 0xC0, 0x30, 0x10, 0x5F, 0xFF, 0xCA, 0x3E, 0xF3, 0xE1, + 0xE9, 0x02, 0x0D, 0x77, 0xDF, 0xF8, 0xBF, 0xCF, 0xFC, 0x62, + 0xE8, 0xBE, 0x40, 0xF4, 0x01, 0x0E, 0xF9, 0xE1, 0x7B, 0xC1, + 0x18, 0x7C, 0x3F, 0xF7, 0xE4, 0x10, 0xC2, 0x20, 0x88, 0x41, + 0x1F, 0x0F, 0xFF, 0x0C, 0x45, 0x10, 0xFF, 0xCF, 0x7B, 0xA0, + 0xFF, 0x4B, 0xF0, 0x78, 0x39, 0x07, 0x84, 0x2F, 0x04, 0xBC, + 0xE8, 0x04, 0x0F, 0x00, 0x3E, 0xFF, 0xC1, 0xCF, 0x93, 0xFC, + 0xF0, 0x33, 0xCE, 0x80, 0x21, 0x01, 0x4B, 0xD1, 0xF7, 0x9B, + 0xD8, 0x44, 0x00, 0x8F, 0xC3, 0x37, 0x38, 0x12, 0x7F, 0xA0, + 0x09, 0x00, 0x22, 0x00, 0x7E, 0xF8, 0x44, 0x5F, 0x17, 0xFE, + 0xF8, 0x7C, 0x1F, 0x88, 0x82, 0x17, 0x36, 0x0F, 0x0C, 0x24, + 0x08, 0x39, 0x80, 0x6F, 0xC1, 0x10, 0x44, 0x1F, 0x9B, 0xFE, + 0x27, 0x03, 0xF2, 0x04, 0xBF, 0xE0, 0xCC, 0x0E, 0xFB, 0xC4, + 0x00, 0x40, 0x50, 0x74, 0x23, 0x17, 0xBE, 0x0F, 0x7C, 0xDB, + 0xE9, 0x00, 0x41, 0x80, 0xBF, 0x20, 0xF8, 0x00, 0x87, 0xFE, + 0x08, 0x3F, 0xFF, 0x00, 0x21, 0x18, 0x83, 0x50, 0xF7, 0xC2, + 0x09, 0x81, 0xC2, 0x07, 0x9D, 0x27, 0x83, 0xD0, 0x04, 0x1C, + 0xE8, 0x06, 0x41, 0xFC, 0x44, 0xD9, 0x3F, 0xFF, 0x04, 0x41, + 0x29, 0x80, 0x0B, 0x7F, 0xC0, 0xF0, 0x7C, 0x00, 0x77, 0xA2, + 0x08, 0xB7, 0xE0, 0xF7, 0xDD, 0xF7, 0xC7, 0xF1, 0x6B, 0xE1, + 0x00, 0x09, 0xF4, 0xFB, 0xDD, 0xF6, 0xC9, 0xE2, 0x0B, 0xE1, + 0x00, 0xB9, 0xDD, 0x78, 0x41, 0x18, 0xFF, 0xE1, 0xFC, 0x3F, + 0xF7, 0xBF, 0xE0, 0x93, 0xBD, 0x28, 0x4D, 0xFF, 0xF8, 0x01, + 0x00, 0x09, 0xDE, 0x88, 0x24, 0xE8, 0x85, 0xD0, 0x7B, 0x80, + 0xFF, 0xC2, 0x10, 0xF0, 0x5D, 0xEF, 0x7F, 0xFE, 0xF4, 0x1F, + 0x0F, 0xC2, 0x10, 0x84, 0x3D, 0xD7, 0x7C, 0x20, 0x80, 0x17, + 0xE8, 0x85, 0xED, 0x8C, 0x03, 0xD7, 0x85, 0xDE, 0xF4, 0x9E, + 0x00, 0x80, 0x01, 0x08, 0x03, 0x08, 0x3D, 0xFE, 0x08, 0x3F, + 0xE8, 0x08, 0x31, 0x08, 0x02, 0x06, 0xFF, 0xFE, 0x8C, 0xC0, + 0xF8, 0x40, 0x00, 0x14, 0x60, 0x06, 0xC2, 0x2C, 0x88, 0x01, + 0x30, 0x34, 0x20, 0x94, 0x5D, 0x17, 0x7F, 0xBF, 0x9B, 0x62, + 0xDF, 0xBE, 0x4F, 0xF4, 0x21, 0xFF, 0xC2, 0x30, 0x88, 0xA1, + 0xEF, 0x40, 0x00, 0xFC, 0x43, 0xF8, 0x3B, 0xAF, 0x78, 0x01, + 0xF0, 0x45, 0xEC, 0x8B, 0xFE, 0x10, 0x3A, 0x2F, 0xF7, 0xFF, + 0x08, 0x00, 0x21, 0x17, 0xBD, 0x07, 0xC2, 0x0E, 0xFC, 0x45, + 0x3F, 0xC1, 0xEE, 0xFB, 0x3A, 0xF0, 0xC1, 0xD1, 0x84, 0x5A, + 0xE8, 0x09, 0xC1, 0x78, 0x00, 0x0E, 0xF4, 0x1E, 0x7F, 0x3C, + 0x18, 0xC1, 0xDE, 0x88, 0xA2, 0x0F, 0x84, 0x10, 0x04, 0x7A, + 0x17, 0xBF, 0xC1, 0x74, 0x26, 0x18, 0x81, 0xFF, 0x6C, 0x3B, + 0x0F, 0xCC, 0x2F, 0x80, 0x1F, 0xF0, 0x3E, 0x10, 0x88, 0xBD, + 0xFE, 0xC9, 0xB0, 0x03, 0xFE, 0xF8, 0x3E, 0x21, 0xFC, 0xC2, + 0x3F, 0x80, 0x00, 0x8F, 0xE0, 0x1F, 0x85, 0xCE, 0x8B, 0xC5, + 0x0F, 0x41, 0xB1, 0x7F, 0x83, 0x09, 0x02, 0x3E, 0xFC, 0x21, + 0xE8, 0x7E, 0x22, 0x07, 0xA1, 0x38, 0x3D, 0xF0, 0x80, 0x3C, + 0x10, 0x44, 0x20, 0x0F, 0xDF, 0x0F, 0x7A, 0x01, 0x88, 0x00, + 0x0F, 0xFA, 0x0E, 0x73, 0xDF, 0xF0, 0x83, 0xD2, 0x7C, 0xDF, + 0xEE, 0xCC, 0x00, 0xF4, 0x43, 0x00, 0x3F, 0xFF, 0x00, 0x3D, + 0xFE, 0x83, 0xA0, 0xFC, 0x43, 0x07, 0x81, 0xED, 0xFC, 0x01, + 0x20, 0x42, 0x2F, 0x87, 0xFE, 0xF7, 0x47, 0xB1, 0x1B, 0xDE, + 0x10, 0x08, 0x10, 0x78, 0xBD, 0xE9, 0xB9, 0xCE, 0x7C, 0x9D, + 0x00, 0x36, 0x1F, 0xEF, 0xDE, 0xF7, 0x87, 0xD0, 0x87, 0xC4, + 0x0E, 0xB6, 0x8D, 0x8B, 0xE1, 0xF8, 0xCD, 0xDF, 0x0B, 0x3D, + 0x0F, 0xCF, 0xEE, 0x80, 0x01, 0x01, 0x3D, 0xE0, 0xFC, 0x62, + 0x29, 0x41, 0xF0, 0x07, 0xFF, 0xFF, 0x46, 0x61, 0x80, 0x1D, + 0x27, 0xFE, 0x1F, 0xF4, 0x3B, 0x0F, 0xFF, 0xCF, 0x8B, 0xFE, + 0xE8, 0x84, 0x4F, 0x84, 0x24, 0x0F, 0x1D, 0xFB, 0xDA, 0xFE, + 0x0E, 0x16, 0x10, 0x03, 0x15, 0xE6, 0xE3, 0xF8, 0xFF, 0xD8, + 0x4B, 0xC8, 0xE5, 0xF4, 0x26, 0x03, 0xDB, 0x2A, 0xFD, 0x05, + 0xE1, 0xEF, 0x0B, 0xFC, 0x20, 0xFB, 0x31, 0x11, 0x1C, 0x03, + 0x15, 0xE1, 0xD6, 0x0B, 0xDC, 0xF5, 0x12, 0xED, 0xEA, 0x28, + 0x20, 0xE5, 0x21, 0xDC, 0xE7, 0xDF, 0x05, 0xDE, 0xF4, 0xFF, + 0x1F, 0xEF, 0x4A, 0xE6, 0x15, 0x0A, 0x07, 0x06, 0xF7, 0xE6, + 0xEE, 0xEC, 0x00, 0xF0, 0x03, 0xFF, 0xBB, 0x0D, 0xFB, 0x35, + 0xE3, 0xF5, 0xE6, 0xEA, 0x26, 0x00, 0x0E, 0x10, 0xFB, 0xDA, + 0x1B, 0xD1, 0xEF, 0x09, 0x02, 0x03, 0x16, 0x1F, 0x06, 0xDC, + 0xF8, 0x25, 0x17, 0xE9, 0xEA, 0x0F, 0xD5, 0x15, 0x0B, 0xE3, + 0x04, 0x20, 0xF5, 0x09, 0xE9, 0x1A, 0xE8, 0x0F, 0xEB, 0xE4, + 0xE9, 0x36, 0x03, 0xF5, 0xFF, 0x42, 0xFD, 0xE7, 0xFA, 0xF7, + 0xD2, 0x19, 0xCA, 0xE8, 0x22, 0x00, 0xEE, 0xDB, 0x00, 0xFE, + 0x18, 0x19, 0x14, 0x0C, 0x0A, 0xD0, 0x14, 0x21, 0x2E, 0xFD, + 0x36, 0xED, 0xAE, 0x1B, 0x00, 0x15, 0xF4, 0x13, 0xDC, 0x12, + 0xCB, 0x0A, 0xD4, 0xDD, 0x01, 0xCB, 0xED, 0xC2, 0xE5, 0xF2, + 0xD7, 0x02, 0xEF, 0xDB, 0x1D, 0x2F, 0xE2, 0x20, 0x3A, 0xE4, + 0x25, 0x1B, 0x14, 0x18, 0xF5, 0x04, 0x06, 0x18, 0x0D, 0x39, + 0xFC, 0x06, 0xF9, 0x0A, 0x20, 0xE1, 0xF7, 0x2E, 0xFB, 0xE3, + 0xF2, 0x21, 0xF9, 0xD3, 0x04, 0x07, 0xF9, 0x0B, 0xFC, 0xFA, + 0x27, 0x05, 0xF8, 0x2A, 0xFA, 0x0B, 0xFB, 0xEF, 0xB9, 0x08, + 0xFE, 0x0C, 0x14, 0x05, 0xE2, 0xFA, 0xFD, 0xC9, 0x0C, 0xF4, + 0x38, 0xCD, 0xFA, 0xD6, 0xE4, 0x05, 0x05, 0x1E, 0xF8, 0x3B, + 0x2E, 0x0E, 0x16, 0x07, 0x2C, 0x10, 0xF3, 0x1B, 0xF1, 0x00, + 0x08, 0xF0, 0xC7, 0x14, 0xD7, 0xDD, 0x06, 0xC2, 0xF3, 0xFD, + 0x10, 0x05, 0x18, 0x24, 0xE6, 0xDD, 0x0A, 0xDC, 0xDB, 0xEE, + 0xFE, 0xF6, 0xF9, 0x19, 0x40, 0x0B, 0x2B, 0x37, 0x28, 0xC7, + 0xFD, 0xF7, 0x07, 0xD5, 0x0C, 0x0C, 0x01, 0xDC, 0x2B, 0xD8, + 0xFD, 0x0C, 0xD1, 0xFC, 0x12, 0xE8, 0x02, 0xDC, 0x05, 0xDA, + 0xEB, 0x00, 0x1C, 0xDC, 0xFF, 0x07, 0xF8, 0x0F, 0xC8, 0x13, + 0x06, 0x08, 0x03, 0xEC, 0x11, 0xE8, 0xFD, 0xFD, 0xFF, 0x0D, + 0xF2, 0xD8, 0xF7, 0xFF, 0xFB, 0x11, 0xF4, 0xE2, 0xE9, 0x07, + 0xE7, 0xF6, 0xE9, 0x53, 0x13, 0x33, 0xEE, 0x1C, 0x15, 0x13, + 0x00, 0x24, 0xFC, 0xEA, 0x09, 0x15, 0xEC, 0x28, 0xF5, 0x1F, + 0xDB, 0xE3, 0xFC, 0x02, 0xF9, 0x0C, 0x0D, 0x26, 0x05, 0xF6, + 0x04, 0x02, 0xE4, 0x2F, 0x02, 0xF1, 0xE9, 0xE6, 0xEC, 0x03, + 0xEA, 0x16, 0xFA, 0x09, 0x13, 0xF6, 0x29, 0xE7, 0x13, 0xFB, + 0xF9, 0xDD, 0x03, 0xF7, 0xD4, 0x0B, 0xE7, 0xF2, 0x24, 0x2C, + 0x24, 0x35, 0x02, 0xFE, 0x21, 0xE9, 0x20, 0x01, 0x2A, 0x10, + 0x01, 0x1F, 0x03, 0x28, 0x2D, 0x20, 0xF8, 0x10, 0x0A, 0x09, + 0xF5, 0x32, 0xD5, 0xF6, 0xE4, 0x1F, 0xF8, 0xF4, 0xD8, 0xF4, + 0xD8, 0x0A, 0x07, 0x16, 0x0A, 0xFD, 0x14, 0xF8, 0x22, 0xDC, + 0x03, 0xDD, 0xFA, 0xEB, 0xD3, 0xE4, 0x0D, 0x04, 0xF6, 0x1D, + 0x1E, 0xDF, 0xF6, 0x28, 0x25, 0x17, 0x0B, 0xCF, 0xF1, 0x14, + 0xD9, 0x17, 0xEB, 0x34, 0xF7, 0xEC, 0xCE, 0x20, 0x1E, 0xD5, + 0x20, 0x07, 0xEB, 0xE8, 0x13, 0x04, 0x3D, 0x07, 0xF7, 0xF8, + 0xFE, 0xF6, 0xEA, 0xE9, 0xEE, 0xD7, 0xEE, 0xFC, 0xEA, 0xFA, + 0xFB, 0xDA, 0x33, 0x0F, 0xED, 0x0B, 0x2B, 0x00, 0x1A, 0xED, + 0x12, 0xF4, 0x0D, 0x15, 0x14, 0xFB, 0xF0, 0xF4, 0x0F, 0x0C, + 0xEC, 0x27, 0x11, 0x13, 0xF0, 0x0E, 0x2D, 0xE5, 0x00, 0xD2, + 0x0F, 0xD5, 0xF5, 0xFA, 0xF3, 0x03, 0x00, 0xDB, 0x17, 0xDD, + 0x2C, 0xE8, 0xFE, 0xE7, 0x46, 0xF6, 0xEF, 0xFD, 0x1F, 0xFF, + 0x0F, 0xEF, 0xE7, 0xEE, 0x18, 0x02, 0x27, 0x2B, 0xFC, 0x2D, + 0xF6, 0x13, 0xFC, 0xFD, 0xBB, 0xF8, 0xEE, 0xDD, 0x12, 0x0D, + 0x01, 0x22, 0x2F, 0xF0, 0xF1, 0x1B, 0x0C, 0x09, 0xE7, 0x33, + 0xE5, 0xFF, 0xFA, 0xFC, 0x1E, 0x15, 0x08, 0xF2, 0xDA, 0xE3, + 0xF4, 0xEA, 0xEF, 0x29, 0x3A, 0x02, 0x0B, 0x1E, 0xF4, 0x46, + 0xC5, 0x1C, 0xBD, 0xFC, 0xE5, 0x05, 0x0E, 0x24, 0xF9, 0xDE, + 0xD6, 0x1B, 0x05, 0xFF, 0xD3, 0xF3, 0xF2, 0x0D, 0xF0, 0x03, + 0xF5, 0x19, 0xFE, 0xDB, 0x0B, 0x00, 0x02, 0xC5, 0x12, 0x04, + 0xED, 0x1A, 0xF0, 0x12, 0x1C, 0x28, 0x1F, 0xEF, 0xDD, 0xCB, + 0xFC, 0x02, 0xF2, 0xED, 0xD1, 0xEC, 0xE5, 0xCC, 0xFE, 0xF6, + 0x03, 0xEE, 0xDF, 0x3F, 0x0F, 0xFD, 0x04, 0x05, 0x32, 0x11, + 0x1C, 0xF2, 0xF0, 0x1E, 0x07, 0xEF, 0x07, 0x1E, 0x17, 0x15, + 0x04, 0x01, 0x03, 0xF7, 0xFA, 0x02, 0xD9, 0xEB, 0x19, 0xCD, + 0xEA, 0x2B, 0x22, 0xFD, 0xD7, 0x08, 0xF0, 0xF4, 0xF4, 0xF1, + 0x44, 0x09, 0xE5, 0x0B, 0xFE, 0xEE, 0x1F, 0x1A, 0xED, 0xFF, + 0xFB, 0x07, 0xFD, 0xF6, 0x1E, 0x1D, 0x02, 0xFF, 0xDA, 0x01, + 0x1E, 0xEE, 0x04, 0xD2, 0xDF, 0xDA, 0x0D, 0xFC, 0xFA, 0xF9, + 0xFE, 0x12, 0x0B, 0x42, 0x26, 0x0E, 0x00, 0xD9, 0xEF, 0x17, + 0x02, 0xD3, 0x1B, 0x03, 0xEB, 0xDE, 0x0C, 0x11, 0xFF, 0x0E, + 0x1D, 0xCD, 0xF9, 0xEF, 0x12, 0x0E, 0x0F, 0x03, 0xF7, 0x21, + 0x16, 0x1F, 0x11, 0xD9, 0x02, 0x01, 0xE4, 0x0D, 0xDB, 0x2D, + 0xD6, 0x16, 0xE0, 0xEE, 0x1D, 0xF7, 0xFA, 0xE8, 0x10, 0xF3, + 0x39, 0xF0, 0xEA, 0xEC, 0x2D, 0xCE, 0x22, 0xCE, 0x2C, 0xF8, + 0x1F, 0xEA, 0xFC, 0xD9, 0x28, 0x14, 0xFC, 0x22, 0x15, 0xE4, + 0xCF, 0x19, 0xFD, 0xE0, 0xEC, 0xEE, 0xFC, 0xEE, 0x0F, 0xE4, + 0x03, 0xF8, 0xDF, 0xF3, 0x12, 0xF3, 0xF1, 0xED, 0xEB, 0x14, + 0xD4, 0x4E, 0x0B, 0x25, 0xC8, 0x14, 0x01, 0x10, 0xFA, 0x18, + 0x12, 0x13, 0x0A, 0xE0, 0xED, 0xD7, 0x01, 0xD5, 0xF6, 0xDD, + 0xBC, 0x0C, 0xD9, 0xFC, 0xE1, 0x07, 0x06, 0xEE, 0xBD, 0x1F, + 0xEC, 0x1A, 0x22, 0x04, 0xFC, 0x18, 0xF2, 0xEA, 0x01, 0x0B, + 0xF6, 0xFA, 0x13, 0x26, 0x09, 0x07, 0xEC, 0x0B, 0x08, 0x0F, + 0xFE, 0x0E, 0xD2, 0x15, 0xB3, 0xE0, 0xD8, 0x34, 0xE3, 0xEC, + 0xF6, 0x21, 0xEB, 0x13, 0x01, 0xF3, 0x0B, 0x02, 0x07, 0xF7, + 0x0D, 0xF6, 0x2F, 0x22, 0xFE, 0x21, 0x1F, 0xE7, 0xFA, 0xFF, + 0x0F, 0x03, 0xFD, 0xE5, 0xE3, 0x0F, 0xF5, 0x08, 0xF6, 0xFF, + 0x02, 0x30, 0xE0, 0x21, 0xEC, 0x21, 0x3A, 0xF6, 0x1F, 0xF4, + 0x01, 0xCC, 0x0D, 0xD7, 0x1B, 0x24, 0x1F, 0x0F, 0x0D, 0xFB, + 0xFC, 0x16, 0x13, 0x1C, 0xE0, 0xEC, 0xED, 0xE9, 0x07, 0xE0, + 0xFC, 0xF1, 0xDB, 0x07, 0x23, 0xF9, 0x10, 0x08, 0xE4, 0xF7, + 0xF4, 0xEC, 0xCD, 0xE0, 0xF9, 0xCD, 0xF3, 0x13, 0x02, 0x05, + 0x0C, 0xF8, 0xFA, 0xFF, 0x14, 0xE3, 0x01, 0xEA, 0xFB, 0x04, + 0x2C, 0xF5, 0xF3, 0x10, 0x19, 0xE7, 0x03, 0xDC, 0x2A, 0xFB, + 0x06, 0x0B, 0x05, 0x3D, 0xE8, 0xD4, 0x2F, 0xFD, 0xDE, 0x14, + 0x19, 0xD5, 0xEE, 0xFA, 0x0D, 0x06, 0x0B, 0x41, 0x1F, 0xDA, + 0x0E, 0x1C, 0xF5, 0xEF, 0x36, 0x0A, 0x1E, 0x0F, 0x07, 0x0D, + 0x19, 0x03, 0xDA, 0xE2, 0x12, 0x1C, 0xEA, 0xF7, 0x13, 0xCE, + 0x27, 0x18, 0xD2, 0x04, 0xD5, 0xFB, 0xFD, 0xD7, 0xDF, 0xEB, + 0x1B, 0xFC, 0xFD, 0x16, 0xEB, 0x1B, 0xF1, 0xDD, 0x34, 0xD7, + 0x3D, 0x00, 0x24, 0x04, 0x19, 0xF5, 0x0E, 0x14, 0x1F, 0x06, + 0xE4, 0xEF, 0xCF, 0x17, 0xE2, 0x0D, 0x17, 0x06, 0xF7, 0x0A, + 0x21, 0xAA, 0xC5, 0xB8, 0x1B, 0x6C, 0xEB, 0x28, 0x70, 0x4A, + 0x9A, 0x80, 0x17, 0xDD, 0x39, 0xB2, 0xDA, 0x07, 0x9E, 0xC3, + 0xD2, 0x6C, 0xF1, 0x0F, 0x42, 0xB7, 0x48, 0xC4, 0x1A, 0x01, + 0xAD, 0x83, 0x05, 0x4D, 0x8A, 0x4D, 0x56, 0xBC, 0x10, 0x38, + 0x11, 0xD8, 0x6A, 0x34, 0x02, 0xF4, 0x8F, 0x86, 0x64, 0x70, + 0x92, 0xB7, 0xD5, 0xF5, 0xAD, 0x9B, 0x0A, 0x76, 0x8B, 0x42, + 0x39, 0xA0, 0x3B, 0x5F, 0xBA, 0x46, 0x27, 0xF3, 0x4C, 0xC7, + 0x7F, 0x78, 0xB5, 0xE3, 0xC2, 0x95, 0x67, 0x32, 0x3C, 0x28, + 0x88, 0x2A, 0xEE, 0x4F, 0x9E, 0xC2, 0xEC, 0xF5, 0xD7, 0xE2, + 0xA1, 0x4D, 0x9C, 0xB1, 0xC3, 0x64, 0x21, 0xD2, 0x19, 0xD8, + 0xA6, 0x33, 0x95, 0xC0, 0xD8, 0x07, 0x82, 0xC7, 0xB3, 0xC4, + 0x25, 0xCC, 0x24, 0xE8, 0xB7, 0xD2, 0xBA, 0x6F, 0x2B, 0x79, + 0x08, 0xF0, 0xF0, 0x47, 0x65, 0xEF, 0x46, 0x65, 0x46, 0xB9, + 0xD7, 0x0E, 0xC5, 0x52, 0x5C, 0x75, 0x5B, 0xDB, 0xA8, 0x39, + 0x99, 0x4A, 0xA8, 0x47, 0x08, 0xC9, 0xA8, 0x9F, 0x40, 0x1A, + 0x67, 0xFB, 0x46, 0x48, 0xB3, 0x82, 0x11, 0xF2, 0x66, 0xA2, + 0xF6, 0xBB, 0xCC, 0xC2, 0x08, 0xFA, 0xAF, 0x1F, 0x36, 0x10, + 0x9C, 0xF5, 0x5F, 0x6D, 0x54, 0x27, 0xB9, 0x80, 0x88, 0xF8, + 0x50, 0x5F, 0x90, 0x05, 0xC1, 0x94, 0xCA, 0xED, 0xAE, 0x59, + 0xE8, 0x76, 0x1A, 0x16, 0xDA, 0x88, 0xAA, 0x4D, 0xEA, 0xD5, + 0xB6, 0xD3, 0xA1, 0x13, 0x5C, 0xA2, 0x1A, 0x46, 0x47, 0xFC, + 0xB5, 0x4A, 0x47, 0x04, 0xD4, 0xEF, 0xBF, 0xBF, 0x61, 0xAC, + 0x91, 0x05, 0x59, 0xF6, 0x91, 0x3D, 0x98, 0x90, 0xEB, 0x1E, + 0x9A, 0x9D, 0x42, 0x9A, 0xD4, 0x10, 0x21, 0x61, 0x12, 0x66, + 0xE4, 0xDB, 0xC6, 0x06, 0x52, 0x77, 0x91, 0xA7, 0x01, 0x09, + 0x94, 0x92, 0x5D, 0xB5, 0x3C, 0x29, 0xA5, 0x4D, 0xEE, 0xBD, + 0xA6, 0xC8, 0xC7, 0x81, 0x8B, 0x93, 0x64, 0x6C, 0xD6, 0xA8, + 0xAC, 0x18, 0x3C, 0x5B, 0x48, 0x69, 0x77, 0xA9, 0x2E, 0x65, + 0xA2, 0xE6, 0x26, 0x73, 0xF7, 0x8A, 0x9E, 0x31, 0x56, 0xD6, + 0xE6, 0x2F, 0xCD, 0xDD, 0xBF, 0xF2, 0x31, 0xC6, 0x87, 0x2F, + 0xE6, 0x2C, 0x68, 0x4F, 0x79, 0xE4, 0xC2, 0x0A, 0x48, 0xFC, + 0x4D, 0xF4, 0xF8, 0x40, 0x85, 0x9C, 0xE1, 0x4C, 0x47, 0x4D, + 0x16, 0x88, 0xB5, 0xCA, 0x51, 0xBB, 0x6B, 0x12, 0x50, 0x37, + 0x6E, 0xBA, 0x06, 0x10, 0x0E, 0x5A, 0x9F, 0x9C, 0xB5, 0x0B, + 0x32, 0x81, 0x96, 0x1F, 0xC1, 0x24, 0xE8, 0x85, 0x6E, 0x3F, + 0xB9, 0xD8, 0xE4, 0x69, 0x30, 0x1A, 0xF3, 0x12, 0x98, 0x32, + 0xF2, 0xB8, 0x5F, 0xA1, 0xB4, 0x71, 0x0B, 0x19, 0x09, 0x22, + 0xD5, 0x84, 0x1A, 0x49, 0xE7, 0x10, 0x07, 0xDF, 0x68, 0x8D, + 0xFB, 0x02, 0xB0, 0x9E, 0xF4, 0x06, 0x36, 0x8C, 0x81, 0x70, + 0xD6, 0x5D, 0x31, 0x98, 0x5E, 0xC2, 0xF4, 0x5B, 0xDC, 0xA3, + 0x38, 0x7F, 0x82, 0x58, 0x48, 0x50, 0x51, 0x24, 0x2C, 0x80, + 0xE0, 0x1A, 0xAA, 0x8C, 0xDC, 0x4F, 0xD0, 0x21, 0x14, 0x6A, + 0xBD, 0x2C, 0x5D, 0x51, 0xFA, 0x94, 0x18, 0x89, 0x5C, 0x69, + 0xD9, 0xB5, 0x23, 0xCB, 0x00, 0x1C, 0x67, 0x27, 0x58, 0x62, + 0xE3, 0xB3, 0xD5, 0x6A, 0x57, 0xE8, 0x6C, 0x18, 0x60, 0xCA, + 0x20, 0x14, 0x3E, 0xA2, 0x76, 0xA6, 0xBC, 0xE9, 0x83, 0x3A, + 0x20, 0x2E, 0x61, 0x5E, 0xAB, 0x20, 0x1F, 0x0A, 0x32, 0x35, + 0x8E, 0x3B, 0x30, 0x4C, 0xEA, 0x74, 0xB8, 0x72, 0xC5, 0x95, + 0xD9, 0x4A, 0x36, 0xA0, 0x0D, 0xA1, 0x91, 0x64, 0x89, 0x21, + 0x73, 0xC8, 0x8D, 0x08, 0x0F, 0x12, 0xED, 0x85, 0x81, 0xAE, + 0xA1, 0xB8, 0x8B, 0xBF, 0x12, 0xDA, 0x30, 0xBB, 0x68, 0xA7, + 0xFA, 0xB7, 0xA8, 0x68, 0xC5, 0x97, 0xA2, 0xAD, 0x02, 0x01, + 0xE8, 0x11, 0x16, 0x51, 0xF9, 0x3A, 0x39, 0xE4, 0x56, 0x43, + 0x5D, 0xC9, 0xA7, 0x01, 0xB2, 0x14, 0x78, 0x85, 0x0B, 0x75, + 0x1D, 0x9A, 0x68, 0x0A, 0x9C, 0x77, 0x4A, 0xC0, 0xDD, 0xE4, + 0xB4, 0xDE, 0x46, 0x41, 0x8E, 0x00, 0x91, 0xF4, 0xC6, 0xDA, + 0xB9, 0xA1, 0x15, 0x64, 0xBC, 0x5A, 0x57, 0x82, 0xDA, 0xF3, + 0xB8, 0xEE, 0xDE, 0x69, 0x25, 0x30, 0x84, 0xE8, 0xFF, 0x5E, + 0xF2, 0x26, 0xF0, 0x41, 0x02, 0xE9, 0xAA, 0xA7, 0xA1, 0xA8, + 0x88, 0x6A, 0xC8, 0x6D, 0x06, 0x3E, 0x86, 0x6B, 0xA9, 0x39, + 0x28, 0x40, 0x55, 0xE4, 0xA9, 0x11, 0xDF, 0xE5, 0xB9, 0x98, + 0x2D, 0xF2, 0x36, 0x5E, 0xAC, 0x58, 0x54, 0x3A, 0x7C, 0xEA, + 0x77, 0x97, 0x00, 0x66, 0xD2, 0x9B, 0x53, 0x73, 0x4C, 0xC1, + 0x1F, 0xAC, 0xEE, 0x90, 0x6B, 0xC8, 0xE0, 0xBC, 0x9E, 0x7C, + 0xC1, 0x88, 0x1C, 0x90, 0x12, 0x55, 0xE5, 0x17, 0x14, 0xC0, + 0xBF, 0x2C, 0x31, 0xCC, 0x74, 0xEF, 0x50, 0xF3, 0xAA, 0xE4, + 0x91, 0x15, 0xE6, 0x68, 0x2A, 0x86, 0xE4, 0x39, 0x73, 0x11, + 0x93, 0x46, 0x41, 0x22, 0x4B, 0xDB, 0xA7, 0x84, 0x91, 0x6F, + 0x68, 0x8C, 0x05, 0x08, 0x69, 0xE3, 0x4F, 0x95, 0x5F, 0x3A, + 0x1A, 0xDA, 0x34, 0x4C, 0x44, 0x75, 0x1B, 0x5C, 0x09, 0xEB, + 0x2B, 0x6E, 0x9F, 0x18, 0x18, 0x2C, 0x3C, 0x87, 0x7C, 0xA8, + 0xEA, 0x7F, 0x4A, 0xB9, 0xB6, 0x6E, 0x67, 0x49, 0xCA, 0xA1, + 0x00, 0x77, 0xA6, 0x33, 0xE5, 0x2C, 0xC6, 0xED, 0x66, 0xF4, + 0x4E, 0xF4, 0x1F, 0xEB, 0xFD, 0x62, 0x5C, 0xAF, 0x10, 0x3D, + 0x8E, 0x2B, 0xAE, 0xF9, 0x46, 0xB6, 0xF6, 0x98, 0x35, 0x77, + 0xD0, 0x9C, 0x0A, 0xA9, 0x2C, 0xD7, 0x6F, 0x46, 0x42, 0x45, + 0x8B, 0xDF, 0xF7, 0x0A, 0x2C, 0xE6, 0x41, 0xC3, 0xEA, 0xAC, + 0x06, 0x30, 0xDA, 0xC9, 0xE7, 0x22, 0x29, 0x0B, 0x2C, 0x70, + 0x49, 0x5B, 0x05, 0x29, 0x48, 0x14, 0x32, 0xE6, 0x75, 0x6E, + 0x81, 0x35, 0xE4, 0xA0, 0xE2, 0x4C, 0x1E, 0x53, 0xB7, 0x36, + 0x19, 0xC1, 0xEF, 0x44, 0xE1, 0x2A, 0x49, 0xC8, 0x0B, 0xC0, + 0x43, 0xF6, 0x77, 0x54, 0xD6, 0x80, 0xE0, 0xE5, 0x23, 0x64, + 0x4A, 0xF0, 0x18, 0xBF, 0x91, 0x14, 0x71, 0x9A, 0x03, 0x77, + 0xF5, 0x52, 0x4E, 0xA0, 0xDC, 0xAB, 0x64, 0x7C, 0xD0, 0xE5, + 0x1D, 0x92, 0x4A, 0xDB, 0xE8, 0xD3, 0xF4, 0x01, 0xE0, 0xE6, + 0x1B, 0x77, 0x8D, 0x6B, 0x8F, 0xD2, 0x93, 0x0A, 0xE3, 0x5D, + 0x60, 0x1C, 0x19, 0xD5, 0xA8, 0x9B, 0xDE, 0x0F, 0x2C, 0xB2, + 0xF5, 0x2B, 0x3C, 0x1E, 0x50, 0x42, 0xB4, 0x54, 0xC9, 0x28, + 0xE4, 0x2F, 0x3D, 0xD0, 0x6B, 0x24, 0x13, 0x1B, 0xED, 0x85, + 0xA2, 0x0C, 0x95, 0x50, 0xD8, 0x5F, 0x73, 0x96, 0xA1, 0x64, + 0xEF, 0xA6, 0xE8, 0x65, 0x55, 0xF8, 0xA4, 0xF9, 0x54, 0x24, + 0x76, 0x05, 0xD7, 0xE5, 0x35, 0x98, 0xCD, 0x34, 0xE1, 0xF0, + 0x36, 0x27, 0x8C, 0x16, 0x1B, 0xB6, 0xE2, 0x73, 0xDA, 0x57, + 0xDD, 0x11, 0xE1, 0x15, 0x46, 0xD1, 0xC7, 0xA3, 0x2C, 0x9D, + 0xE2, 0xE5, 0xED, 0xAA, 0xB5, 0x70, 0xC5, 0xDD, 0x99, 0x77, + 0x0E, 0x50, 0x28, 0xF2, 0xBD, 0xF1, 0xEB, 0x16, 0xAA, 0xB4, + 0x99, 0xE8, 0x42, 0xAE, 0x81, 0x96, 0x99, 0x40, 0x0E, 0xF1, + 0x30, 0xA8, 0x5C, 0x65, 0x2C, 0x75, 0x21, 0xCA, 0xCC, 0x0E, + 0x95, 0x61, 0x04, 0x04, 0xD4, 0x43, 0x11, 0x7D, 0x8E, 0x21, + 0x84, 0x7A, 0x5B, 0xF7, 0x1D, 0xEA, 0xB6, 0xC8, 0x54, 0x02, + 0xE8, 0x95, 0x26, 0xC3, 0x51, 0xC2, 0x65, 0x14, 0xAB, 0xA9, + 0xBF, 0x43, 0x7E, 0x0E, 0x57, 0x68, 0xFC, 0x4D, 0xDA, 0x08, + 0xD4, 0x73, 0x38, 0x7C, 0x0A, 0xF4, 0x92, 0xA4, 0xD4, 0x6D, + 0x8D, 0xB8, 0xB7, 0xE8, 0xD2, 0x7D, 0x35, 0x4E, 0x44, 0xE2, + 0x84, 0xE0, 0xF0, 0x3D, 0xD0, 0x31, 0xB8, 0xED, 0xD4, 0x75, + 0x8C, 0x98, 0xED, 0x30, 0xBE, 0xD4, 0xDB, 0xA6, 0x02, 0x2C, + 0xEB, 0x9E, 0x6B, 0x83, 0xBE, 0x71, 0x25, 0x9A, 0x8C, 0xDC, + 0x5F, 0x86, 0x09, 0x33, 0x74, 0x32, 0x25, 0xD8, 0xA3, 0x29, + 0x21, 0x6A, 0xE6, 0x68, 0xDD, 0x82, 0x96, 0x87, 0x62, 0xE6, + 0x83, 0xFB, 0x85, 0xD9, 0x00, 0xC8, 0x32, 0x8B, 0xA8, 0x33, + 0x86, 0x2C, 0xE0, 0xDF, 0x1F, 0x76, 0x7D, 0x5C, 0xB1, 0x92, + 0xE3, 0x84, 0xDB, 0x73, 0xEC, 0x3D, 0x49, 0xEB, 0xD8, 0x62, + 0x4A, 0xEE, 0x2D, 0xA1, 0x13, 0xCA, 0x65, 0x7E, 0xBA, 0xAD, + 0x61, 0xEE, 0xA2, 0x8E, 0x23, 0x6E, 0xA7, 0x97, 0x75, 0x93, + 0x62, 0xBF, 0x40, 0x3E, 0x01, 0xE8, 0xE7, 0x40, 0x19, 0xEC, + 0x3F, 0xD2, 0xCE, 0x16, 0x5C, 0xB3, 0x08, 0x29, 0x48, 0xCE, + 0x42, 0x81, 0x59, 0x7A, 0x67, 0xB2, 0x03, 0xEB, 0xBC, 0x1E, + 0x45, 0x64, 0x8B, 0xED, 0xD0, 0xA5, 0x5C, 0x2D, 0xEA, 0xEA, + 0xB5, 0x2A, 0xF2, 0x39, 0x1A, 0x2C, 0xB4, 0x35, 0x4E, 0xC2, + 0xBB, 0x98, 0x66, 0x12, 0x8A, 0xC1, 0xE1, 0x26, 0xFE, 0x3C, + 0x48, 0x1E, 0x40, 0xE3, 0x58, 0x39, 0xFD, 0x33, 0x1B, 0xE9, + 0x91, 0x70, 0x60, 0xD0, 0x22, 0xD0, 0xD6, 0x7D, 0x20, 0x59, + 0x08, 0x84, 0x3B, 0x98, 0x99, 0xB5, 0x5C, 0x44, 0x19, 0xE8, + 0xA5, 0x99, 0x15, 0x61, 0x98, 0xE2, 0x4E, 0x62, 0x59, 0x97, + 0xF9, 0x61, 0x6B, 0xF0, 0x57, 0x89, 0x9F, 0xBD, 0x33, 0xBB, + 0xA9, 0x56, 0xB8, 0x5D, 0x3D, 0x6A, 0x10, 0x35, 0x41, 0xEE, + 0x40, 0xAC, 0xF2, 0xAA, 0x34, 0x6A, 0x09, 0xA0, 0x35, 0x83, + 0xD2, 0xAB, 0x24, 0xA1, 0x97, 0x70, 0xCE, 0xA1, 0xEE, 0x2F, + 0x0D, 0x5D, 0xC9, 0x3E, 0x8B, 0xF6, 0x25, 0xA9, 0xB5, 0xF8, + 0x2C, 0xE0, 0x69, 0x43, 0x08, 0x64, 0x19, 0xC5, 0x23, 0x20, + 0xEC, 0xD8, 0x04, 0x00, 0xA8, 0x86, 0x61, 0x00, 0x1F, 0x6E, + 0x5C, 0x9E, 0xDA, 0x61, 0x68, 0x87, 0x5F, 0xB1, 0x22, 0x49, + 0x7B, 0x17, 0x67, 0x7E, 0x51, 0x4A, 0xE1, 0x05, 0x1B, 0x31, + 0x39, 0xDD, 0x75, 0x42, 0x4C, 0xE1, 0x10, 0xBB, 0xB8, 0x08, + 0xA8, 0x0C, 0x90, 0xC3, 0x59, 0x90, 0xE2, 0x99, 0x83, 0x65, + 0xBC, 0x5D, 0xC4, 0x90, 0x87, 0x8B, 0xE4, 0xF3, 0x32, 0x39, + 0x9D, 0x46, 0xFF, 0x24, 0x60, 0x1F, 0x32, 0x49, 0xA9, 0x57, + 0x97, 0xF7, 0x8C, 0x59, 0x3E, 0x70, 0x09, 0x93, 0x4A, 0x0C, + 0xFC, 0x32, 0x51, 0x86, 0x41, 0x65, 0x04, 0x4D, 0xF7, 0x02, + 0xB2, 0x6A, 0xB1, 0xAA, 0x18, 0x6B, 0xA2, 0x05, 0xE9, 0xD7, + 0x59, 0xC2, 0x93, 0x51, 0x57, 0xC8, 0x42, 0x9A, 0x74, 0xBA, + 0x98, 0x51, 0x9E, 0xB9, 0xA7, 0x41, 0x81, 0x71, 0x54, 0x45, + 0x51, 0xBE, 0xC5, 0x72, 0x02, 0xEB, 0xA8, 0x97, 0x5B, 0x4E, + 0x25, 0xD0, 0x40, 0xD1, 0x45, 0x7D, 0x30, 0xBF, 0x44, 0xBE, + 0x1C, 0xE1, 0x4C, 0x9C, 0xDA, 0xA3, 0x54, 0xEC, 0xFF, 0x46, + 0x26, 0xE9, 0x97, 0x63, 0x82, 0x4F, 0xA6, 0x9A, 0xA0, 0xF3, + 0x89, 0x83, 0x8E, 0x49, 0xAE, 0x21, 0xF4, 0x5C, 0x6E, 0x0D, + 0x89, 0x08, 0xCA, 0x34, 0xCC, 0xC2, 0xC3, 0x47, 0x8C, 0xDC, + 0xC5, 0x9D, 0xA4, 0xAF, 0xA2, 0x0A, 0x75, 0x3A, 0x72, 0x8A, + 0x1D, 0xA0, 0x3A, 0xDA, 0x5B, 0x0F, 0x1A, 0xDC, 0x70, 0x21, + 0xC8, 0xE3, 0x3C, 0xD5, 0xCF, 0x48, 0x74, 0x49, 0xF9, 0x6E, + 0x8D, 0xD6, 0x9D, 0x8A, 0x9A, 0x32, 0x6B, 0xE0, 0x77, 0xA6, + 0x84, 0x54, 0xF5, 0xA3, 0x11, 0x55, 0xB7, 0xA0, 0xA8, 0xF3, + 0xBC, 0xED, 0xEC, 0x6F, 0xB8, 0xAF, 0xA3, 0xE4, 0xDC, 0x13, + 0xA4, 0x76, 0x63, 0x83, 0x92, 0xC4, 0xC6, 0x22, 0x20, 0x37, + 0x58, 0xA3, 0xAC, 0x63, 0x66, 0x88, 0x3B, 0xD8, 0xBA, 0xA4, + 0x06, 0x26, 0xBE, 0xA6, 0x23, 0x9E, 0xC0, 0xD1, 0x61, 0x5D, + 0xCF, 0x64, 0x34, 0x04, 0x4D, 0x05, 0x9C, 0xD2, 0x03, 0xE8, + 0xC8, 0x0B, 0x14, 0xBE, 0x47, 0x45, 0x1E, 0x1B, 0x04, 0x94, + 0xDA, 0xAD, 0x72, 0xCA, 0x1B, 0xE2, 0xB3, 0xC5, 0xA1, 0x69, + 0x45, 0x07, 0xED, 0x2E, 0xF9, 0x1A, 0xC3, 0x3C, 0xC7, 0xB5, + 0x1D, 0xD9, 0x85, 0x27, 0xB8, 0xD4, 0x91, 0x03, 0xD2, 0x35, + 0xF3, 0x5F, 0x5D, 0x3F, 0x3E, 0x56, 0x25, 0xBB, 0x37, 0x0C, + 0xDC, 0x48, 0x1D, 0xCF, 0x82, 0xFD, 0x24, 0xD0, 0xBF, 0xCA, + 0x69, 0x91, 0xC5, 0x8C, 0x7D, 0x7B, 0x78, 0x31, 0xBA, 0xC3, + 0x9F, 0x7C, 0x6E, 0x7D, 0x39, 0xF3, 0xEE, 0x46, 0x9C, 0x81, + 0xE5, 0xAA, 0xA8, 0xD7, 0x02, 0x17, 0x27, 0x94, 0xF8, 0xF1, + 0x54, 0x0A, 0xA2, 0x47, 0x3C, 0xE7, 0xA6, 0xA5, 0x00, 0x31, + 0x81, 0xA1, 0xE3, 0x86, 0xEF, 0x56, 0xE3, 0x36, 0x2C, 0x1F, + 0x86, 0xED, 0xD3, 0x6D, 0x05, 0xBA, 0x36, 0xF1, 0xF0, 0x2E, + 0x84, 0x9A, 0xFA, 0xA7, 0x09, 0x59, 0x14, 0x2B, 0x0A, 0xFC, + 0xC0, 0x16, 0x3E, 0xAA, 0x13, 0xAF, 0x25, 0x02, 0x4A, 0x97, + 0xD0, 0xAD, 0x7E, 0x2D, 0xC2, 0x4A, 0xFD, 0x1F, 0x2B, 0x4D, + 0x46, 0x60, 0x42, 0xB1, 0xAE, 0x12, 0x32, 0x5E, 0x23, 0x19, + 0x47, 0x4B, 0x23, 0x7C, 0x1A, 0xA2, 0xC6, 0x4F, 0x03, 0xBE, + 0x47, 0x95, 0x97, 0x86, 0xFF, 0x0E, 0xCC, 0x40, 0xB0, 0xCA, + 0x45, 0xE5, 0x14, 0x93, 0xA1, 0xD0, 0xC1, 0x37, 0xEE, 0x1E, + 0x13, 0x69, 0xB9, 0x8D, 0xE1, 0x86, 0xCC, 0xDD, 0x0D, 0xC2, + 0xED, 0xD3, 0x59, 0x13, 0x9D, 0xB5, 0xD0, 0x50, 0x68, 0x1A, + 0xA5, 0xA6 +}; +static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key); + +#endif /* HAVE_PQC && HAVE_FALCON */ + +#if defined (HAVE_PQC) && defined(HAVE_DILITHIUM) + +/* certs/dilithium/bench_dilithium_level2_key.der */ +static const unsigned char bench_dilithium_level2_key[] = +{ + 0x30, 0x82, 0x0F, 0x1A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, + 0x04, 0x04, 0x04, 0x82, 0x0F, 0x04, 0x04, 0x82, 0x0F, 0x00, + 0xA2, 0xBD, 0x74, 0xB9, 0x8E, 0x34, 0xF0, 0xEC, 0xF7, 0x40, + 0x22, 0x33, 0xE8, 0x50, 0x43, 0x66, 0xF0, 0x25, 0x41, 0x20, + 0xD9, 0x3F, 0x8A, 0xC6, 0xAD, 0x69, 0xC6, 0x9C, 0xD9, 0xE0, + 0x0D, 0xFF, 0x77, 0x85, 0xCD, 0x88, 0x58, 0x17, 0x6B, 0x85, + 0xD2, 0x5D, 0xF0, 0x41, 0xCE, 0x6D, 0x94, 0x7F, 0xF4, 0xDB, + 0xD3, 0x60, 0x52, 0x1A, 0x83, 0x42, 0xD8, 0x7C, 0x2D, 0xD9, + 0x55, 0x7B, 0xFB, 0xB8, 0x87, 0xAA, 0xDA, 0x75, 0x42, 0x86, + 0x3E, 0x5A, 0xE4, 0xD4, 0x7D, 0xC3, 0x38, 0xA2, 0xEE, 0x0D, + 0xF5, 0xAD, 0xDA, 0x12, 0x5B, 0xD6, 0x3A, 0x89, 0x87, 0xED, + 0x57, 0xD1, 0xA9, 0xC2, 0xB3, 0xC0, 0xDC, 0x90, 0x88, 0x0C, + 0x86, 0x48, 0xD2, 0xA6, 0x60, 0x1B, 0x22, 0x8C, 0x03, 0x34, + 0x69, 0x19, 0x96, 0x24, 0x04, 0xB3, 0x65, 0x10, 0x34, 0x31, + 0x09, 0x38, 0x31, 0x5C, 0x10, 0x8C, 0x02, 0x15, 0x66, 0xD0, + 0x48, 0x50, 0x53, 0x22, 0x41, 0xC4, 0x98, 0x41, 0xE2, 0x42, + 0x62, 0x42, 0x38, 0x45, 0xC2, 0xB8, 0x08, 0x20, 0x31, 0x21, + 0x13, 0x10, 0x88, 0x00, 0xB9, 0x24, 0x93, 0x06, 0x6D, 0x44, + 0x20, 0x64, 0x98, 0x84, 0x29, 0x91, 0x12, 0x6A, 0xC9, 0x14, + 0x10, 0x11, 0x40, 0x2A, 0x24, 0xC9, 0x85, 0xCC, 0x42, 0x2A, + 0x1C, 0x44, 0x28, 0xE0, 0xB4, 0x00, 0x20, 0x99, 0x11, 0x0B, + 0x09, 0x61, 0x24, 0x14, 0x10, 0x41, 0x94, 0x20, 0xC9, 0x46, + 0x64, 0x43, 0x02, 0x6E, 0x08, 0x39, 0x71, 0x81, 0x06, 0x2D, + 0x63, 0x14, 0x71, 0x62, 0xC0, 0x11, 0x20, 0xB2, 0x61, 0xD1, + 0x30, 0x24, 0x44, 0x06, 0x89, 0x04, 0x16, 0x88, 0x10, 0x33, + 0x48, 0x51, 0xB8, 0x00, 0x4A, 0x12, 0x68, 0x14, 0x04, 0x10, + 0xD8, 0x92, 0x8D, 0x22, 0x32, 0x61, 0x0C, 0x23, 0x91, 0x10, + 0x39, 0x24, 0x51, 0x80, 0x08, 0x0B, 0x30, 0x61, 0x00, 0x89, + 0x01, 0x98, 0x34, 0x05, 0x9A, 0xA2, 0x70, 0xC4, 0x46, 0x40, + 0x52, 0x38, 0x42, 0xC0, 0x92, 0x6D, 0xCC, 0x08, 0x22, 0xD4, + 0x42, 0x4A, 0x02, 0x23, 0x40, 0x40, 0x92, 0x25, 0x12, 0x36, + 0x65, 0x42, 0x06, 0x10, 0x02, 0x10, 0x10, 0x20, 0xA3, 0x41, + 0x0A, 0x15, 0x10, 0x20, 0x23, 0x80, 0x99, 0xB6, 0x0C, 0x11, + 0x26, 0x11, 0x9B, 0xC8, 0x44, 0x1C, 0xC9, 0x05, 0xA4, 0x38, + 0x11, 0x1B, 0xB0, 0x05, 0xDC, 0x22, 0x00, 0xC8, 0x22, 0x72, + 0xA3, 0x30, 0x2E, 0xC1, 0xA8, 0x41, 0x1C, 0xA6, 0x20, 0xE2, + 0xB0, 0x21, 0x9B, 0x10, 0x01, 0x61, 0x32, 0x46, 0xC1, 0x92, + 0x61, 0x1C, 0xA4, 0x85, 0x0A, 0xB7, 0x70, 0xE4, 0x26, 0x6C, + 0x58, 0xA4, 0x00, 0x19, 0x86, 0x4C, 0xDC, 0xA6, 0x40, 0xA1, + 0x32, 0x12, 0x04, 0x81, 0x90, 0x8C, 0x04, 0x05, 0x10, 0x30, + 0x26, 0x09, 0x31, 0x2C, 0x50, 0x88, 0x89, 0x82, 0x44, 0x62, + 0x10, 0x23, 0x8A, 0x04, 0x44, 0x22, 0x0A, 0x30, 0x4E, 0xA4, + 0x34, 0x32, 0x4C, 0x18, 0x8C, 0x21, 0x21, 0x41, 0x23, 0x13, + 0x72, 0x08, 0x84, 0x24, 0x1A, 0x04, 0x24, 0x14, 0x06, 0x02, + 0xC4, 0x40, 0x70, 0xCA, 0x00, 0x6E, 0xC1, 0xC6, 0x09, 0x83, + 0x42, 0x62, 0xA0, 0x30, 0x12, 0x1B, 0x14, 0x0C, 0x08, 0x03, + 0x22, 0xCA, 0x46, 0x65, 0x64, 0x46, 0x26, 0x10, 0x39, 0x20, + 0xCA, 0x80, 0x28, 0x62, 0x14, 0x6D, 0x10, 0x26, 0x11, 0x49, + 0xA2, 0x45, 0x53, 0x98, 0x0D, 0x64, 0x40, 0x05, 0x0C, 0x31, + 0x09, 0x13, 0x11, 0x60, 0xD8, 0x02, 0x50, 0x11, 0x41, 0x41, + 0x23, 0xC1, 0x4C, 0x22, 0xC6, 0x30, 0x99, 0x06, 0x08, 0xCA, + 0x40, 0x81, 0xCC, 0x32, 0x0E, 0x11, 0xC4, 0x20, 0xD9, 0x92, + 0x41, 0xC4, 0x20, 0x08, 0xE4, 0xA0, 0x00, 0xCB, 0x88, 0x21, + 0x03, 0x03, 0x90, 0x54, 0x00, 0x49, 0x14, 0x98, 0x04, 0xC8, + 0xC0, 0x31, 0x11, 0x31, 0x69, 0x04, 0x93, 0x90, 0x00, 0xB9, + 0x21, 0x22, 0x38, 0x48, 0x00, 0x34, 0x0C, 0x61, 0x98, 0x00, + 0x01, 0xB4, 0x69, 0x60, 0x26, 0x81, 0x1C, 0xA4, 0x10, 0x22, + 0xB6, 0x10, 0x21, 0xC6, 0x20, 0x4A, 0x22, 0x26, 0xD0, 0x92, + 0x41, 0xDA, 0x84, 0x69, 0x03, 0x42, 0x2A, 0x04, 0x09, 0x02, + 0xE1, 0x24, 0x42, 0xA2, 0x46, 0x28, 0x10, 0xB1, 0x08, 0x82, + 0x86, 0x84, 0xE0, 0x24, 0x51, 0x0A, 0xC9, 0x28, 0x59, 0x86, + 0x20, 0xDB, 0xB6, 0x40, 0x13, 0xC3, 0x40, 0x1C, 0xA9, 0x09, + 0x80, 0x34, 0x50, 0xDC, 0x84, 0x2C, 0x53, 0x24, 0x08, 0xC0, + 0xB4, 0x6D, 0x88, 0x26, 0x30, 0x82, 0xC8, 0x0D, 0x62, 0x22, + 0x28, 0x64, 0xA2, 0x09, 0x10, 0x25, 0x26, 0xDB, 0x34, 0x02, + 0x4A, 0x04, 0x11, 0x53, 0xB8, 0x28, 0x82, 0x34, 0x11, 0xC2, + 0x12, 0x25, 0x20, 0xB5, 0x40, 0x19, 0xA8, 0x31, 0x80, 0x22, + 0x66, 0x21, 0xB2, 0x10, 0x0B, 0x42, 0x2A, 0x61, 0x20, 0x50, + 0x40, 0x24, 0x4C, 0x99, 0x12, 0x48, 0x21, 0xB4, 0x11, 0xD1, + 0x44, 0x48, 0x00, 0x40, 0x0C, 0x58, 0x46, 0x68, 0x04, 0x12, + 0x12, 0x93, 0x22, 0x20, 0xC2, 0x32, 0x4C, 0x01, 0xB0, 0x88, + 0xE3, 0x20, 0x8E, 0x03, 0x00, 0x6C, 0x52, 0x14, 0x30, 0xD2, + 0x44, 0x88, 0x10, 0x44, 0x4A, 0x61, 0x86, 0x29, 0x14, 0x42, + 0x24, 0x24, 0x35, 0x2E, 0x11, 0xC4, 0x0D, 0x23, 0x24, 0x66, + 0x0A, 0x90, 0x71, 0xE0, 0xC2, 0x69, 0x48, 0x38, 0x91, 0x82, + 0xC8, 0x08, 0x1C, 0x93, 0x31, 0xD9, 0x06, 0x51, 0x8A, 0xA4, + 0x6C, 0x50, 0x34, 0x68, 0x5A, 0x18, 0x89, 0x4A, 0x96, 0x85, + 0x8A, 0x18, 0x44, 0x4A, 0x34, 0x40, 0x5B, 0x36, 0x80, 0xCC, + 0x20, 0x6E, 0x09, 0x19, 0x89, 0x02, 0x38, 0x6A, 0x24, 0xA3, + 0x69, 0x58, 0x32, 0x6D, 0x21, 0x01, 0x84, 0x88, 0x86, 0x28, + 0xA3, 0x22, 0x89, 0x93, 0xA6, 0x80, 0x00, 0x88, 0x81, 0xE1, + 0x48, 0x70, 0xA2, 0x34, 0x60, 0x18, 0x02, 0x04, 0x18, 0x29, + 0x01, 0x1B, 0x31, 0x51, 0xD4, 0xA4, 0x49, 0xCC, 0x08, 0x8C, + 0xDA, 0x36, 0x11, 0x01, 0x39, 0x26, 0x42, 0x92, 0x88, 0xC8, + 0x46, 0x52, 0x8C, 0xA4, 0x08, 0x14, 0x11, 0x52, 0xCA, 0x40, + 0x66, 0x8B, 0x32, 0x8E, 0x89, 0x44, 0x02, 0x9B, 0x42, 0x02, + 0x93, 0xA4, 0x01, 0x1A, 0x00, 0x50, 0x94, 0x44, 0x42, 0x08, + 0x09, 0x8C, 0xE2, 0xA8, 0x81, 0x98, 0x00, 0x48, 0x63, 0x02, + 0x85, 0x1B, 0x05, 0x2D, 0xC1, 0xBE, 0x5F, 0xA4, 0xAC, 0xB4, + 0xF0, 0xC7, 0x94, 0xBD, 0xEC, 0xFB, 0x09, 0xAF, 0x16, 0xF1, + 0x23, 0x58, 0xAB, 0x82, 0xFA, 0x74, 0xD1, 0x84, 0x51, 0xD0, + 0x58, 0x9B, 0xFA, 0xF4, 0x11, 0xC1, 0x17, 0x2F, 0xCE, 0xD1, + 0xCA, 0xC6, 0xCE, 0x1C, 0x8F, 0x8F, 0x1B, 0x43, 0xBF, 0xB9, + 0x43, 0x41, 0x02, 0x3E, 0x5D, 0xFA, 0x24, 0x88, 0x0E, 0xA5, + 0x36, 0xA9, 0x9B, 0x25, 0x43, 0xD6, 0xEE, 0xDE, 0xAE, 0x93, + 0x54, 0xC8, 0x6C, 0x55, 0xE9, 0x5C, 0xC8, 0xC1, 0xA5, 0xD7, + 0xFC, 0xDA, 0xAF, 0xF8, 0x40, 0x1F, 0x02, 0x5C, 0x8E, 0x48, + 0x51, 0x4B, 0x3F, 0xFD, 0x76, 0x9A, 0xD0, 0x87, 0xF4, 0xD0, + 0x68, 0x9C, 0x44, 0x3B, 0xB4, 0x4A, 0xAB, 0x34, 0x2A, 0xD4, + 0x0C, 0xA4, 0x7A, 0xBB, 0x98, 0x7F, 0x8D, 0xF6, 0xA7, 0x6A, + 0x42, 0x8C, 0x7A, 0xB4, 0x32, 0xC6, 0x8A, 0xD6, 0x5E, 0x06, + 0x50, 0xC0, 0xDD, 0x3E, 0xE2, 0x44, 0x5C, 0xB9, 0x83, 0xCF, + 0x92, 0x0C, 0x3C, 0xFB, 0x53, 0x0D, 0xF0, 0xD1, 0xED, 0x77, + 0xF3, 0x02, 0x9F, 0xA6, 0xC6, 0xFA, 0x30, 0xA5, 0xC7, 0x42, + 0x06, 0x1F, 0x38, 0xE5, 0xE1, 0x56, 0x01, 0x7A, 0xD1, 0xE1, + 0xC1, 0x20, 0x44, 0x37, 0xE6, 0x18, 0x8A, 0x7E, 0x70, 0xBA, + 0x6B, 0x1C, 0x99, 0x4E, 0xFB, 0xCA, 0xCF, 0x3D, 0x29, 0x26, + 0xF4, 0x12, 0x95, 0x74, 0x11, 0x23, 0x0E, 0x2E, 0x31, 0xCF, + 0x73, 0xE6, 0x99, 0xD0, 0x72, 0x23, 0x4A, 0x46, 0x07, 0xA1, + 0x03, 0x4C, 0x3A, 0x79, 0x72, 0x3B, 0xD1, 0x79, 0x5A, 0x66, + 0x29, 0xCD, 0x34, 0xB6, 0x6A, 0xA5, 0x6A, 0x4C, 0x71, 0xE5, + 0xB3, 0xA6, 0xAC, 0x4D, 0x13, 0xDC, 0x70, 0xE4, 0x0C, 0x6A, + 0x98, 0x48, 0x1C, 0xA0, 0x6C, 0xFC, 0xDD, 0x6A, 0x3F, 0x10, + 0x3B, 0xBD, 0xC9, 0xC8, 0xEA, 0x01, 0x86, 0x5B, 0x3B, 0x19, + 0x3E, 0x6F, 0xA9, 0x4A, 0xD4, 0x38, 0x1D, 0x9C, 0x2B, 0x19, + 0xAE, 0x47, 0x54, 0xE2, 0x4E, 0xB5, 0xDF, 0xA7, 0xBD, 0x6F, + 0x01, 0x8A, 0x10, 0x5B, 0x83, 0x17, 0xB3, 0x77, 0xE1, 0x9D, + 0xBF, 0x6B, 0x25, 0xBF, 0x90, 0xC4, 0x92, 0xE1, 0x5E, 0xE1, + 0xC3, 0x0C, 0xC5, 0x05, 0x24, 0x40, 0x61, 0xA1, 0x01, 0x4A, + 0x7B, 0xE4, 0x65, 0x73, 0x1F, 0x3C, 0xA2, 0xD8, 0x54, 0xA4, + 0x64, 0xA3, 0x06, 0xDA, 0x18, 0x9A, 0xD7, 0xE4, 0x90, 0x59, + 0xAF, 0xBC, 0x1A, 0x79, 0xC4, 0x08, 0xE9, 0x87, 0x95, 0x04, + 0x48, 0x18, 0xD2, 0x33, 0x15, 0x38, 0x9C, 0x00, 0x7B, 0x72, + 0x35, 0xC1, 0x03, 0x77, 0xF1, 0x0B, 0xEC, 0x38, 0x33, 0xB7, + 0xB4, 0xBC, 0xC4, 0xBD, 0xB3, 0xBB, 0x9C, 0x34, 0x0B, 0x28, + 0x03, 0x1D, 0x99, 0x7A, 0x12, 0x0C, 0x95, 0xFE, 0x0D, 0x53, + 0x79, 0xE7, 0xE6, 0x99, 0x3F, 0xA1, 0x31, 0x9E, 0xA9, 0xB8, + 0x9B, 0xB7, 0xC0, 0x3F, 0x9C, 0x18, 0x1B, 0xA2, 0x73, 0xBC, + 0x10, 0xDB, 0x1B, 0x09, 0xE7, 0x5E, 0x67, 0x8E, 0x69, 0x92, + 0xCF, 0x99, 0xC3, 0x97, 0x58, 0xE8, 0x9A, 0x40, 0x83, 0xF2, + 0x14, 0xA3, 0x25, 0xB5, 0x51, 0x30, 0xDA, 0x91, 0x87, 0x91, + 0x1E, 0xF2, 0x5E, 0x55, 0x49, 0x68, 0x5E, 0xC9, 0x21, 0x67, + 0x03, 0xBC, 0x21, 0xE4, 0xD1, 0xFC, 0x79, 0xC7, 0xDB, 0x44, + 0xB9, 0xAB, 0x1E, 0xB4, 0x65, 0x3D, 0x63, 0xCB, 0x64, 0x76, + 0xE4, 0x1B, 0x93, 0x91, 0xB0, 0xF3, 0x4F, 0xBA, 0xD3, 0x20, + 0x47, 0x37, 0x5A, 0xCA, 0x1B, 0xDB, 0xCA, 0xA1, 0xE7, 0xED, + 0x7D, 0x8D, 0x4E, 0x7C, 0x19, 0xB2, 0x73, 0x67, 0x55, 0x11, + 0xE4, 0xA1, 0x98, 0x44, 0x5F, 0x58, 0xF7, 0xAA, 0x09, 0xFD, + 0x09, 0x4A, 0x54, 0x68, 0x32, 0xD4, 0xCA, 0xE1, 0x96, 0xFD, + 0x27, 0x05, 0x88, 0x78, 0x7B, 0x83, 0x74, 0x78, 0x6F, 0x09, + 0xC7, 0x3C, 0x66, 0xA8, 0x17, 0x3A, 0xCF, 0xB3, 0x6E, 0x5A, + 0xD7, 0x16, 0xE5, 0x2E, 0x40, 0xD7, 0x30, 0x18, 0x47, 0x5F, + 0x95, 0x19, 0x4E, 0x0F, 0x69, 0xD3, 0x11, 0xDE, 0xBB, 0x55, + 0x1B, 0xD1, 0x13, 0x71, 0x3D, 0x45, 0x3E, 0xDC, 0x72, 0x4F, + 0x89, 0x34, 0x72, 0x96, 0x77, 0xBB, 0x42, 0x29, 0x4A, 0x88, + 0x44, 0xFB, 0x05, 0x57, 0x38, 0xA6, 0xAC, 0x3E, 0x03, 0xF6, + 0xE1, 0x9D, 0xE3, 0xE9, 0x5A, 0x1B, 0x64, 0xCE, 0xC8, 0x6E, + 0x1B, 0xE8, 0xE3, 0x78, 0xF8, 0xE9, 0xF1, 0x47, 0x09, 0x0E, + 0x66, 0x50, 0x7A, 0x10, 0x51, 0xE1, 0x60, 0x73, 0x78, 0x95, + 0x00, 0x2E, 0xB8, 0x05, 0x8C, 0x22, 0x72, 0xD9, 0x88, 0xC8, + 0x8D, 0x16, 0xEF, 0x18, 0x8F, 0xC6, 0x51, 0x1E, 0xC3, 0xBA, + 0x27, 0x57, 0xB4, 0xFE, 0x74, 0x0F, 0x54, 0x45, 0x5A, 0x0B, + 0xAC, 0x6C, 0xA7, 0x46, 0x95, 0xC7, 0x35, 0x3D, 0x38, 0xBE, + 0xC5, 0x4E, 0xE0, 0x83, 0xED, 0x68, 0x8D, 0x01, 0x31, 0x7D, + 0x90, 0xA7, 0x38, 0xEE, 0x57, 0x8E, 0xD2, 0xFB, 0x87, 0x08, + 0x7A, 0x44, 0x34, 0x0B, 0x99, 0x5E, 0x2F, 0xA8, 0x4E, 0xC0, + 0x80, 0xEF, 0x62, 0xFE, 0xFB, 0x3C, 0x73, 0xF1, 0x8C, 0x56, + 0x12, 0x08, 0x8C, 0xD3, 0x9F, 0xBA, 0x44, 0x90, 0xB7, 0xDB, + 0x9C, 0xD9, 0xB4, 0x91, 0xBA, 0xFF, 0x4A, 0xB0, 0x1C, 0x91, + 0x44, 0x34, 0x52, 0xBE, 0x0D, 0xBA, 0x72, 0x33, 0x5C, 0x36, + 0xB5, 0x5E, 0x91, 0xB7, 0xE9, 0xCE, 0xD0, 0x01, 0x61, 0x19, + 0xEE, 0x2D, 0x1F, 0xBE, 0x97, 0x7C, 0x8C, 0x30, 0x91, 0x8C, + 0xB1, 0x8A, 0x04, 0xCA, 0xB8, 0x33, 0xCB, 0xA9, 0x9A, 0x2C, + 0x1B, 0x25, 0xD2, 0xDB, 0x73, 0x95, 0x3F, 0x02, 0x67, 0xEB, + 0x2C, 0xEC, 0xCC, 0x92, 0xCD, 0x1E, 0x1F, 0xC2, 0xF2, 0xA7, + 0x23, 0xAD, 0x7C, 0xA5, 0x50, 0x44, 0x76, 0x7D, 0x74, 0x13, + 0x20, 0x21, 0xF2, 0x09, 0xD9, 0x70, 0x82, 0xB0, 0x30, 0xA3, + 0x8A, 0xC0, 0x9D, 0xD2, 0x16, 0x4F, 0x65, 0xDF, 0x42, 0x37, + 0xC2, 0x63, 0xD6, 0x6C, 0xA9, 0xD1, 0x95, 0x5D, 0x84, 0xD2, + 0xB5, 0xC7, 0x7A, 0x87, 0x9B, 0x9B, 0xAF, 0x21, 0x65, 0x64, + 0xF7, 0x0B, 0x21, 0xC7, 0xF6, 0xA5, 0x27, 0xEB, 0xAA, 0x8D, + 0xF2, 0x10, 0x60, 0xFB, 0xC9, 0xB3, 0xB0, 0x32, 0x7C, 0x9F, + 0xC1, 0xDE, 0xA8, 0x77, 0x6F, 0xCC, 0x35, 0x1F, 0xBD, 0x74, + 0x0E, 0xA9, 0x84, 0x3C, 0x05, 0x9D, 0xFF, 0xBC, 0x46, 0x9A, + 0x8E, 0x43, 0xB5, 0x8B, 0x1C, 0x24, 0xB5, 0xC3, 0xB0, 0xFE, + 0x14, 0xCC, 0x3C, 0xCF, 0xF2, 0x26, 0xCE, 0x0B, 0x3A, 0x5B, + 0x5C, 0x8E, 0x59, 0xBF, 0x0D, 0xDC, 0xA6, 0xCA, 0x78, 0xE5, + 0xD9, 0xC5, 0x46, 0x56, 0x38, 0x98, 0xC4, 0xAC, 0x43, 0x64, + 0xB1, 0x78, 0x0A, 0x81, 0x34, 0x7D, 0x3D, 0xC0, 0xF5, 0x25, + 0x14, 0x66, 0xA2, 0x2A, 0x81, 0x64, 0x82, 0x62, 0x86, 0xD0, + 0x65, 0xCB, 0x2A, 0x09, 0x01, 0xF5, 0x03, 0xEC, 0xB5, 0xD1, + 0xED, 0xC7, 0x60, 0x62, 0x3D, 0x38, 0x28, 0x9C, 0x32, 0xEE, + 0x9F, 0x45, 0x72, 0x71, 0xA9, 0x6D, 0x9A, 0x54, 0x83, 0xF9, + 0xE7, 0x37, 0xC7, 0xCC, 0x28, 0xC0, 0xC2, 0x24, 0x09, 0xC3, + 0x96, 0xF6, 0xED, 0x9B, 0x60, 0xF3, 0x24, 0x4C, 0xFC, 0xAB, + 0xD0, 0x38, 0x7A, 0x1C, 0x68, 0xED, 0x63, 0x83, 0x5A, 0x28, + 0x37, 0x70, 0x31, 0xBB, 0x9D, 0xC7, 0xAA, 0x3A, 0x5B, 0xAF, + 0x88, 0x82, 0xE2, 0x30, 0xCB, 0xF5, 0xC1, 0x63, 0x9C, 0x59, + 0x41, 0xD3, 0x24, 0x92, 0xB1, 0x71, 0xA4, 0x16, 0x26, 0x0B, + 0x9C, 0x96, 0x0B, 0xE9, 0x0B, 0x69, 0xFC, 0x1F, 0xD2, 0x99, + 0xC2, 0xB6, 0x7A, 0x24, 0x28, 0x5A, 0x3D, 0x88, 0x2C, 0xF0, + 0x76, 0xFC, 0x25, 0x04, 0xBE, 0xB6, 0x19, 0x94, 0xD1, 0xBA, + 0x1A, 0x58, 0x0E, 0x9A, 0xFB, 0x4C, 0x9D, 0x21, 0x34, 0x8D, + 0x45, 0xEC, 0x50, 0xC6, 0x94, 0x1B, 0x0B, 0x87, 0x36, 0x4E, + 0xE4, 0x96, 0xF6, 0x9A, 0x34, 0xEC, 0xD8, 0x65, 0x6A, 0x46, + 0xFA, 0xC5, 0x40, 0x35, 0xD0, 0x07, 0x74, 0x02, 0xA3, 0xCF, + 0x23, 0x60, 0x15, 0xAC, 0x54, 0x98, 0x59, 0xEF, 0x94, 0x17, + 0x0A, 0xEF, 0xBB, 0xC2, 0x7B, 0x3B, 0xEF, 0xF5, 0xD1, 0x9C, + 0xB7, 0xB1, 0xDF, 0x45, 0xF5, 0x57, 0xD1, 0x18, 0x05, 0x97, + 0x8F, 0x8C, 0x30, 0x8C, 0x11, 0xF4, 0x81, 0x4D, 0x75, 0x18, + 0x97, 0x9F, 0x30, 0x64, 0xE2, 0x5B, 0x18, 0x95, 0xAC, 0x4E, + 0xDC, 0x47, 0xB5, 0x45, 0xAA, 0xD4, 0x7E, 0xF4, 0x70, 0x46, + 0x34, 0xF3, 0xB3, 0x85, 0xC2, 0x46, 0x98, 0xB5, 0xB5, 0x33, + 0x52, 0xF4, 0x36, 0x39, 0xCA, 0x23, 0xF9, 0x66, 0xB9, 0xA4, + 0x63, 0xC6, 0x3D, 0x02, 0xE7, 0x8F, 0x95, 0xF3, 0x25, 0xFD, + 0x21, 0xD0, 0x62, 0xC2, 0xEE, 0xE2, 0x2F, 0x69, 0x55, 0x31, + 0x42, 0x78, 0x2D, 0x53, 0xDC, 0x7F, 0x0E, 0x93, 0xD5, 0x4D, + 0x21, 0x64, 0x8B, 0x9E, 0x2C, 0xBE, 0xBA, 0xD3, 0x39, 0x41, + 0xE3, 0x10, 0xE5, 0x07, 0xE4, 0x0E, 0x20, 0x38, 0x63, 0xF7, + 0x02, 0xF2, 0x17, 0x99, 0xEB, 0xC6, 0xE7, 0x5F, 0xBE, 0xAE, + 0x53, 0xD1, 0x12, 0xB2, 0x9A, 0x90, 0x25, 0x6A, 0xAA, 0xFD, + 0x5D, 0x69, 0x2F, 0x32, 0x33, 0x53, 0x57, 0x1B, 0xC4, 0x24, + 0xC0, 0xC5, 0x90, 0x04, 0x04, 0x67, 0xCA, 0x85, 0x1E, 0x94, + 0x31, 0x95, 0x78, 0x76, 0x5D, 0xCF, 0x15, 0xE6, 0x06, 0x6B, + 0x1A, 0x1D, 0x0E, 0xF6, 0x64, 0x91, 0x84, 0xAE, 0xE4, 0xF0, + 0x1F, 0x0A, 0x76, 0x1C, 0x74, 0xF3, 0xC1, 0x97, 0x80, 0x5B, + 0xD9, 0xC6, 0xB6, 0x2B, 0xA8, 0xD7, 0xD8, 0xD2, 0xB5, 0x8E, + 0x05, 0xB5, 0x16, 0x6A, 0xF7, 0xCB, 0xD2, 0xFE, 0xE0, 0xA7, + 0x3E, 0x1C, 0x3E, 0x84, 0xDC, 0x89, 0x33, 0xD7, 0x2F, 0x2A, + 0x40, 0x41, 0x18, 0xB8, 0x58, 0xB6, 0x54, 0xC6, 0xC9, 0xDF, + 0x24, 0x91, 0xCD, 0x62, 0xA0, 0x9D, 0x17, 0xCC, 0xA6, 0xCF, + 0xD9, 0x25, 0xA1, 0xBC, 0x63, 0x09, 0xFB, 0xD1, 0x65, 0x5C, + 0xFC, 0xB8, 0x3A, 0x3D, 0x50, 0xEC, 0x1A, 0x26, 0x37, 0xCB, + 0x9C, 0x29, 0x9E, 0x15, 0x06, 0xC9, 0x14, 0x45, 0x41, 0x5F, + 0x6C, 0x41, 0x46, 0xEA, 0xC6, 0xF8, 0x18, 0x01, 0x7D, 0xCD, + 0x30, 0xEE, 0x5D, 0xB5, 0xA0, 0x96, 0x19, 0x80, 0x96, 0xB1, + 0x03, 0x55, 0x86, 0x57, 0xBE, 0x19, 0x13, 0x46, 0x88, 0x00, + 0xCE, 0x5E, 0xD0, 0xBE, 0xEC, 0x13, 0x2B, 0x93, 0x3C, 0xE1, + 0xEC, 0xBD, 0x15, 0x6F, 0xA5, 0xF5, 0x20, 0x59, 0x3C, 0xDD, + 0xBD, 0xFD, 0xDF, 0x9D, 0x9F, 0x07, 0x73, 0x25, 0x93, 0x42, + 0x41, 0xCF, 0x4A, 0xE5, 0x8F, 0x04, 0xAC, 0x5F, 0x6A, 0x56, + 0x87, 0x49, 0xD5, 0x64, 0x00, 0x9D, 0xF4, 0xA5, 0x6B, 0xBE, + 0x8F, 0xC8, 0xE8, 0xBC, 0xC7, 0x1C, 0x99, 0xC0, 0x2F, 0xA1, + 0xDA, 0xDF, 0x6B, 0xE5, 0x62, 0x9D, 0xC9, 0x73, 0x5B, 0x2A, + 0x3E, 0xD7, 0x8A, 0xBE, 0x0A, 0x5F, 0x2B, 0x0B, 0x61, 0xEF, + 0x4A, 0x09, 0x15, 0x70, 0xE6, 0x5C, 0xA1, 0xB6, 0xDE, 0x54, + 0x71, 0x74, 0x55, 0x63, 0x77, 0x8F, 0xC9, 0xAF, 0x22, 0x9A, + 0xFE, 0x2C, 0x09, 0x62, 0x3E, 0xA1, 0xAA, 0x89, 0xB8, 0x6B, + 0x50, 0x84, 0x20, 0x66, 0x5D, 0x8F, 0x39, 0x7F, 0xC1, 0x2D, + 0xFA, 0x78, 0x8F, 0x8E, 0xD0, 0x39, 0x33, 0xD4, 0x9A, 0x40, + 0x56, 0xBC, 0x86, 0x22, 0x07, 0xEB, 0x22, 0xB8, 0x52, 0xC0, + 0x1A, 0xD2, 0x35, 0x1F, 0x56, 0x7E, 0xDA, 0x2B, 0xC1, 0x08, + 0xD2, 0x39, 0x28, 0x46, 0x63, 0x9A, 0xAD, 0x44, 0xB3, 0xEF, + 0x1C, 0x2A, 0xD6, 0x68, 0x67, 0xE4, 0x63, 0x73, 0x78, 0x29, + 0xA7, 0xA0, 0x70, 0x2E, 0xD9, 0xB4, 0x14, 0x4D, 0x04, 0xD3, + 0x2D, 0x8A, 0x70, 0x07, 0xAD, 0x8A, 0xC0, 0xA5, 0x1D, 0xE7, + 0x17, 0xD8, 0xBB, 0xAA, 0xB5, 0xF7, 0xC8, 0x8D, 0x29, 0x8E, + 0x49, 0x32, 0xA0, 0x40, 0x34, 0xBB, 0x2E, 0x10, 0x30, 0xDD, + 0xEA, 0x3E, 0xCC, 0xC1, 0xB9, 0xF2, 0x42, 0xCC, 0x4A, 0xF2, + 0xF4, 0x93, 0x2E, 0x3F, 0x0C, 0xE8, 0xE4, 0x96, 0x1F, 0x33, + 0x2D, 0x67, 0x4F, 0x8E, 0x1B, 0x01, 0xD6, 0xE2, 0xF2, 0xFD, + 0x5D, 0xCC, 0xFD, 0x18, 0x9C, 0xD6, 0x50, 0x1F, 0xE1, 0xC5, + 0x7C, 0xBE, 0x59, 0x95, 0x7D, 0x21, 0x25, 0x3E, 0xF3, 0xBC, + 0xCE, 0x31, 0x80, 0x79, 0x34, 0x0F, 0x86, 0x78, 0x18, 0xA6, + 0x36, 0x17, 0xD9, 0x70, 0xA7, 0x22, 0xA7, 0xE8, 0xA2, 0xBD, + 0x74, 0xB9, 0x8E, 0x34, 0xF0, 0xEC, 0xF7, 0x40, 0x22, 0x33, + 0xE8, 0x50, 0x43, 0x66, 0xF0, 0x25, 0x41, 0x20, 0xD9, 0x3F, + 0x8A, 0xC6, 0xAD, 0x69, 0xC6, 0x9C, 0xD9, 0xE0, 0x0D, 0xFF, + 0x93, 0x32, 0x5D, 0x57, 0x45, 0xCC, 0xA4, 0xF9, 0x32, 0xD4, + 0x5A, 0x49, 0x17, 0x1B, 0xFB, 0x2F, 0x91, 0xAA, 0x5B, 0xC5, + 0xC8, 0xC8, 0x2B, 0x20, 0x30, 0x1B, 0xB2, 0x01, 0xC3, 0xA7, + 0x8E, 0x6C, 0xB8, 0xF7, 0xB3, 0x95, 0x4A, 0x28, 0x82, 0xAA, + 0x0C, 0x4B, 0xDA, 0x26, 0x4A, 0x34, 0x7F, 0x17, 0x55, 0x4C, + 0x5D, 0x3C, 0x0B, 0x16, 0xA2, 0xEB, 0x33, 0xFB, 0x38, 0x63, + 0xF2, 0x15, 0x7D, 0xFA, 0x52, 0xA9, 0x58, 0xDD, 0x41, 0x58, + 0xA0, 0x13, 0xD2, 0x55, 0x22, 0xF9, 0xC2, 0xF8, 0x4E, 0x3F, + 0xAC, 0xDC, 0x11, 0x0A, 0xBB, 0x7C, 0xB1, 0x2B, 0xFB, 0x60, + 0xC5, 0x08, 0xB9, 0xB0, 0xED, 0xE8, 0xB9, 0x88, 0xBD, 0x07, + 0xDE, 0x53, 0xD0, 0x6B, 0xE5, 0x6E, 0xA0, 0x17, 0x8C, 0xCF, + 0x02, 0xF0, 0x64, 0xDE, 0xCE, 0x8C, 0x91, 0xED, 0xB4, 0x4F, + 0xB0, 0xEE, 0x12, 0x26, 0xC6, 0x55, 0xA0, 0x4D, 0xCC, 0xF3, + 0x1A, 0x86, 0x5A, 0x01, 0x53, 0x01, 0xAA, 0xED, 0x6D, 0x11, + 0xCD, 0x8A, 0x4A, 0xCA, 0x85, 0x35, 0x35, 0xFA, 0x22, 0x55, + 0xF3, 0xB8, 0xFA, 0x43, 0xD6, 0x9E, 0xB5, 0x0D, 0xD3, 0x85, + 0x59, 0xC9, 0xAF, 0xCD, 0xAB, 0xFA, 0xB6, 0x65, 0x20, 0xCC, + 0x11, 0xF1, 0xDE, 0x87, 0x6F, 0x58, 0xA1, 0x41, 0xF2, 0x80, + 0x75, 0xEA, 0x26, 0x72, 0x8C, 0xE9, 0x17, 0x1C, 0x2B, 0x4D, + 0xA4, 0x9C, 0xAA, 0x32, 0xAA, 0x2C, 0x84, 0xBA, 0x87, 0xAA, + 0x81, 0x66, 0x56, 0x76, 0x0F, 0x1C, 0x58, 0xFE, 0xD1, 0x7F, + 0x33, 0x59, 0xF1, 0xF0, 0x56, 0x50, 0x00, 0x4F, 0x96, 0xF7, + 0x1C, 0x11, 0x7C, 0x36, 0xD8, 0xAD, 0x3E, 0x82, 0x15, 0x68, + 0x40, 0x83, 0xFE, 0x62, 0x94, 0xD5, 0x2A, 0x43, 0x88, 0xD8, + 0x12, 0xE2, 0x37, 0x8A, 0x3E, 0x9E, 0x24, 0x8B, 0x70, 0x3C, + 0xBD, 0x97, 0x0B, 0x59, 0xAC, 0x4B, 0x88, 0x36, 0x2D, 0x2F, + 0xE9, 0x49, 0x14, 0xC0, 0x28, 0x7F, 0x0D, 0xE8, 0x93, 0x76, + 0x22, 0xF3, 0x08, 0x17, 0x34, 0x91, 0x39, 0xA6, 0x84, 0xCA, + 0xF1, 0xD2, 0x8A, 0x9D, 0xF1, 0xD4, 0xA4, 0x85, 0xA6, 0x1E, + 0xFB, 0x6B, 0x75, 0x07, 0x80, 0x84, 0x32, 0xF5, 0x51, 0xD6, + 0x42, 0xA8, 0x69, 0x96, 0xC3, 0xBD, 0xEF, 0x2F, 0xA4, 0x23, + 0x58, 0x07, 0xBC, 0xDE, 0x45, 0xD4, 0x1E, 0x67, 0xF1, 0x00, + 0x65, 0xB5, 0x03, 0xF3, 0x83, 0x9D, 0xE8, 0xDE, 0x63, 0x42, + 0x2B, 0xB6, 0xED, 0x7F, 0x63, 0xF6, 0xCF, 0x53, 0x1B, 0xBD, + 0x9D, 0x6C, 0x26, 0xBC, 0xC2, 0xC3, 0xAF, 0x86, 0x06, 0x5F, + 0x49, 0xBF, 0x7E, 0x76, 0xF5, 0x6C, 0x5B, 0x41, 0xF7, 0xAF, + 0x02, 0x1F, 0x35, 0x43, 0x0D, 0x64, 0x65, 0xFE, 0xD7, 0x9A, + 0x3F, 0x21, 0xD5, 0x74, 0x6E, 0x8A, 0xA8, 0xAF, 0x3B, 0xCE, + 0x85, 0xBB, 0xF7, 0x7B, 0xCA, 0xF7, 0x9D, 0x02, 0x52, 0x55, + 0xE9, 0x3E, 0x4A, 0x4B, 0x62, 0x85, 0x35, 0xFA, 0xBD, 0xEB, + 0x92, 0x25, 0x24, 0x01, 0xFF, 0xEE, 0xFB, 0x94, 0xF6, 0xE6, + 0x9F, 0xE3, 0x3D, 0x93, 0xCF, 0x69, 0xEB, 0x3D, 0x8F, 0x1F, + 0xBE, 0xAE, 0x85, 0x6F, 0x8F, 0x0B, 0x22, 0x57, 0x00, 0x3D, + 0x8E, 0xF4, 0x6B, 0x4D, 0x82, 0x76, 0x91, 0x25, 0x4B, 0x2C, + 0xF1, 0xBC, 0x64, 0x96, 0x54, 0x35, 0xFD, 0xBD, 0xFC, 0x71, + 0xF7, 0x48, 0x40, 0xEB, 0x4C, 0x1C, 0xC4, 0xAB, 0x4F, 0xC9, + 0xC7, 0xB0, 0x8C, 0xBF, 0x27, 0xE2, 0x18, 0xCA, 0x78, 0xAA, + 0xA0, 0x04, 0xAB, 0x6B, 0x6D, 0xBC, 0x89, 0xCB, 0x71, 0xA7, + 0xF8, 0x81, 0x0D, 0x4F, 0x2A, 0x9A, 0x37, 0x60, 0xA0, 0x6A, + 0x14, 0xE7, 0x30, 0x2E, 0x72, 0xF9, 0xE2, 0x39, 0x27, 0xD9, + 0xC6, 0xB2, 0x9E, 0xBC, 0x3D, 0xD6, 0x2D, 0xE4, 0xCD, 0xC2, + 0x40, 0x15, 0xC5, 0x7B, 0x8A, 0x06, 0x42, 0x46, 0xF2, 0x45, + 0x14, 0x83, 0x82, 0xAB, 0x30, 0x6C, 0x73, 0x92, 0x55, 0x51, + 0xE7, 0x8B, 0x3C, 0xD1, 0x2C, 0x8A, 0xC0, 0x16, 0x79, 0xC9, + 0xFD, 0x7C, 0x78, 0x1E, 0xE9, 0xDF, 0xF4, 0x08, 0xEF, 0x38, + 0xEC, 0xCB, 0x81, 0xF1, 0x87, 0x53, 0x8A, 0x0B, 0xF3, 0x56, + 0x0C, 0xBC, 0xEE, 0x03, 0xAE, 0xBC, 0xF8, 0x43, 0x3E, 0xA2, + 0xEA, 0x84, 0x37, 0x72, 0x8A, 0x80, 0x8D, 0x61, 0x1C, 0x79, + 0x3E, 0x4A, 0x5A, 0xC2, 0x73, 0xA0, 0x95, 0xDC, 0x46, 0x2B, + 0x5E, 0x4B, 0x89, 0xE3, 0x9F, 0xD7, 0x14, 0x61, 0x8B, 0x59, + 0xD1, 0x71, 0xB0, 0x04, 0xAA, 0x4B, 0x2A, 0xCA, 0xEF, 0x8D, + 0x3B, 0x4B, 0x52, 0x8F, 0x0B, 0x76, 0xB8, 0x38, 0xF8, 0xDD, + 0xD2, 0xE6, 0x46, 0x53, 0x1C, 0xD5, 0xC8, 0x1E, 0x85, 0x54, + 0x67, 0xC0, 0x77, 0x7E, 0x28, 0x2F, 0x91, 0xC5, 0xE5, 0x28, + 0x54, 0x37, 0xF6, 0x77, 0xEC, 0x6C, 0x36, 0x1D, 0x91, 0xA9, + 0x45, 0xCC, 0x85, 0x61, 0xAB, 0x14, 0xBE, 0x81, 0x6C, 0xFF, + 0x35, 0x8C, 0x13, 0x61, 0xE7, 0x66, 0x83, 0xFF, 0x67, 0x6C, + 0x80, 0x59, 0xD5, 0x6D, 0xAB, 0x5B, 0x81, 0x76, 0x39, 0x1B, + 0xBB, 0xD2, 0xFF, 0x1B, 0x7B, 0x66, 0xD6, 0x42, 0xD0, 0x86, + 0x62, 0x4A, 0xA1, 0x4F, 0x00, 0x41, 0x7E, 0x9C, 0xE5, 0xD6, + 0x82, 0x31, 0xA7, 0x34, 0x16, 0x20, 0x62, 0xFA, 0x1F, 0x6B, + 0x21, 0xBE, 0x62, 0x19, 0xE9, 0x56, 0x7A, 0x4C, 0xF0, 0x7B, + 0xB4, 0x2E, 0x4A, 0xA7, 0x20, 0xC3, 0x5F, 0x7F, 0x5A, 0xA2, + 0xAF, 0xF5, 0xC5, 0xFD, 0x1A, 0x7C, 0xB6, 0x06, 0xCA, 0xE3, + 0x74, 0x72, 0x4E, 0x77, 0xC9, 0xDD, 0x3B, 0x44, 0x16, 0x8C, + 0x45, 0x46, 0xC5, 0xE3, 0x81, 0x1E, 0x3C, 0x4D, 0xAC, 0x1A, + 0x7F, 0xAA, 0x6D, 0xFD, 0xE1, 0x45, 0x59, 0x11, 0x44, 0x48, + 0xB5, 0x09, 0xEF, 0x7E, 0xF2, 0x75, 0x0C, 0xBF, 0xC7, 0x17, + 0xB4, 0x9E, 0x10, 0xC0, 0x11, 0xDD, 0xB2, 0x59, 0xCF, 0x25, + 0x3B, 0xA8, 0x97, 0x56, 0x08, 0xE0, 0x65, 0x27, 0xC5, 0x29, + 0x34, 0xBD, 0x38, 0xB1, 0x39, 0xAA, 0x27, 0xFC, 0x96, 0xCB, + 0x9A, 0x2B, 0x92, 0x74, 0xDF, 0x0A, 0x52, 0xE4, 0x93, 0xA8, + 0x18, 0x15, 0x2C, 0x8C, 0x61, 0xD3, 0xBC, 0xD0, 0x9E, 0x9D, + 0x40, 0x1C, 0x69, 0x95, 0x0D, 0x52, 0x76, 0x3F, 0xD7, 0xD7, + 0xC1, 0x1C, 0x34, 0xE7, 0xD4, 0xD4, 0x17, 0x2D, 0xF0, 0x6A, + 0x1C, 0xE2, 0x53, 0x18, 0x60, 0xC6, 0xA1, 0xCD, 0x4F, 0xAA, + 0x16, 0xA0, 0xC3, 0x3B, 0xCE, 0x4D, 0x73, 0x0B, 0x63, 0x02, + 0x1C, 0xEE, 0x18, 0xBF, 0xF9, 0x33, 0x24, 0xD3, 0x02, 0x34, + 0xCC, 0xB9, 0xD7, 0xC2, 0x00, 0x7F, 0xB4, 0x08, 0x4B, 0xFC, + 0x1D, 0xDF, 0x42, 0x8C, 0x75, 0xEE, 0x13, 0x90, 0x37, 0x14, + 0x0D, 0xD2, 0xE0, 0x50, 0x90, 0x6A, 0xB9, 0xEF, 0x7F, 0x70, + 0x38, 0x2E, 0xCD, 0x39, 0x2E, 0x09, 0x51, 0xDF, 0x58, 0xBE, + 0x8E, 0x82, 0x91, 0xEB, 0xBC, 0xB4, 0x6B, 0x12, 0x40, 0x4E, + 0x44, 0xB8, 0x08, 0x97, 0x57, 0xF0, 0xFE, 0x61, 0xBD, 0x77, + 0xED, 0x46, 0xDA, 0xB7, 0xA4, 0xF5, 0x4F, 0xB2, 0xA6, 0xF1, + 0x47, 0x2D, 0x11, 0x26, 0x74, 0x55, 0x81, 0xFF, 0xFB, 0xEA, + 0x00, 0x03, 0x96, 0xD8, 0xE6, 0x6B, 0xEA, 0x3F, 0x0B, 0x0C, + 0xC0, 0xE4, 0x0A, 0x3D, 0x21, 0x3C, 0x99, 0x51, 0x91, 0x11, + 0xF0, 0x91, 0x68, 0xEE, 0xEE, 0xCD, 0x71, 0x42, 0xAD, 0xBA, + 0x34, 0x68, 0x9F, 0x67, 0xB1, 0xEE, 0x1C, 0x70, 0x7A, 0xFC, + 0x1E, 0x86, 0xF8, 0x96, 0x6C, 0x13, 0xD6, 0x36, 0x57, 0x5F, + 0x11, 0x2E, 0x1B, 0x97, 0xAB, 0x8B, 0x65, 0x3E, 0x8E, 0x91, + 0x69, 0x1C, 0x76, 0xAD, 0xB5, 0x8C, 0xE6, 0x02, 0x93, 0x16, + 0xA4, 0xF5, 0x14, 0x86, 0xB5, 0x16, 0x07, 0xF5, 0x0C, 0x01, + 0xE9, 0xDC, 0xEA, 0x86, 0x58, 0x98, 0xBA, 0x2C, 0x04, 0x0A, + 0x16, 0x8A, 0xF3, 0x10, 0x25, 0x48, 0x51, 0x21, 0x77, 0x69, + 0xF1, 0x22, 0xC3, 0xF4, 0x1D, 0xD5, 0x6D, 0x59, 0x1B, 0x44, + 0x88, 0xFC, 0xE5, 0x4B, 0xE1, 0xD6, 0xF4, 0x46, 0x4C, 0x9D, + 0x45, 0x93, 0xE1, 0xB5, 0x26, 0xDF, 0x48, 0x90, 0x13, 0xA6, + 0x65, 0x7E, 0x18, 0x6A, 0x79, 0x19, 0x81, 0x10, 0x08, 0x80, + 0xA4, 0x99, 0xD3, 0x98, 0x3C, 0x9E, 0x91, 0x31, 0xE9, 0x71, + 0xA0, 0x6A, 0xF9, 0x2F, 0x61, 0xA5, 0x72, 0x13, 0x6C, 0x4C, + 0xD2, 0xAF, 0x40, 0x8B, 0x0D, 0x3D, 0xE4, 0x24, 0x7B, 0x30, + 0x9C, 0xD0, 0x62, 0x42, 0x67, 0x54, 0xC6, 0x34, 0xF2, 0x55, + 0x70, 0x95, 0xAE, 0x16, 0x9F, 0xCC, 0x6F, 0xEA, 0x0B, 0x40, + 0x38, 0xAE, 0x74, 0x89, 0xCB, 0x64, 0x79, 0xF7, 0x08, 0x68, + 0x2C, 0x1E, 0xEE, 0x28, 0xEA, 0x77, 0xA2, 0xA3, 0x8E, 0xF4, + 0xEE, 0xFE, 0x62, 0x25, 0x98, 0xB1, 0xDE, 0x4B, 0x3A, 0x62, + 0xD9, 0x12, 0xD6, 0x09, 0x32, 0x6C, 0x80, 0x27, 0x21, 0x0A, + 0xFE, 0x4D, 0xBF, 0x29, 0x90, 0xCD, 0x6C, 0xE0, 0xAF, 0x06, + 0xB3, 0xC2, 0xDF, 0xB8, 0x50, 0x59, 0xD8, 0x0A, 0xB5, 0x98, + 0xC1, 0xA8, 0x80, 0xD7, 0x61, 0xFC, 0x59, 0xDB, 0xB1, 0x2A, + 0xA5, 0xD7, 0xFA, 0x9E, 0x93, 0x60, 0xD4, 0xB0, 0x6B, 0x44, + 0xB3, 0xC3, 0x3F, 0x9B, 0xEA, 0xD4, 0x8C, 0x08, 0x4B, 0x09, + 0x97, 0xC6, 0x2B, 0xC0, 0x8A, 0x92, 0x35, 0xCA, 0x6F, 0x93, + 0xD6, 0x71, 0x1E, 0xAB, 0x0F, 0x65, 0x42, 0xC2, 0x97, 0x77, + 0x10, 0x6E, 0xD4, 0xEE, 0x2A, 0xDF, 0x54, 0x2A, 0x5F, 0xB4, + 0xD4, 0x72, 0x18, 0x90, 0x42, 0x09, 0xAA, 0xC3, 0x31, 0x89 + +}; +static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key); + +/* certs/dilithium/bench_dilithium_level3_key.der */ +static const unsigned char bench_dilithium_level3_key[] = +{ + 0x30, 0x82, 0x17, 0x5A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, + 0x06, 0x05, 0x04, 0x82, 0x17, 0x44, 0x04, 0x82, 0x17, 0x40, + 0x2E, 0xFE, 0x07, 0xDF, 0x5E, 0xF9, 0x18, 0xB4, 0x0E, 0xBF, + 0x9C, 0x1C, 0xCA, 0x84, 0xBA, 0x62, 0xB9, 0xA2, 0x96, 0x76, + 0xB6, 0xB7, 0x77, 0x9C, 0xBE, 0x0C, 0xF8, 0xA5, 0xEF, 0x74, + 0xB1, 0xC2, 0x8D, 0x95, 0x6D, 0x38, 0x49, 0x01, 0xA8, 0x3D, + 0x63, 0x0B, 0xDF, 0x4B, 0x5D, 0xF4, 0xC4, 0x98, 0x27, 0x77, + 0x88, 0xA0, 0xA9, 0xF2, 0x38, 0x32, 0x62, 0x17, 0x11, 0xD6, + 0xBE, 0xA0, 0xFD, 0xEB, 0xBF, 0x4A, 0xF2, 0x6C, 0x44, 0x62, + 0x2D, 0x87, 0x3D, 0xAD, 0x0C, 0x47, 0x06, 0x00, 0x7E, 0xAF, + 0x52, 0xE7, 0xA1, 0x8E, 0x7A, 0xA7, 0x7D, 0x3C, 0xE5, 0xB2, + 0x59, 0xDA, 0x89, 0x76, 0xF7, 0xD4, 0x73, 0x16, 0x33, 0x67, + 0x88, 0x46, 0x51, 0x13, 0x12, 0x38, 0x64, 0x76, 0x73, 0x40, + 0x16, 0x55, 0x70, 0x06, 0x32, 0x84, 0x47, 0x25, 0x33, 0x44, + 0x70, 0x68, 0x36, 0x25, 0x62, 0x47, 0x76, 0x65, 0x73, 0x11, + 0x28, 0x00, 0x75, 0x33, 0x81, 0x13, 0x62, 0x51, 0x31, 0x33, + 0x11, 0x41, 0x51, 0x62, 0x55, 0x33, 0x07, 0x60, 0x14, 0x18, + 0x30, 0x58, 0x22, 0x67, 0x26, 0x86, 0x12, 0x78, 0x17, 0x47, + 0x30, 0x06, 0x05, 0x36, 0x37, 0x23, 0x08, 0x67, 0x05, 0x05, + 0x06, 0x85, 0x33, 0x83, 0x14, 0x63, 0x44, 0x35, 0x00, 0x04, + 0x56, 0x03, 0x23, 0x03, 0x33, 0x13, 0x02, 0x23, 0x25, 0x80, + 0x22, 0x00, 0x53, 0x73, 0x13, 0x70, 0x03, 0x84, 0x15, 0x50, + 0x14, 0x20, 0x06, 0x74, 0x03, 0x41, 0x26, 0x74, 0x63, 0x65, + 0x42, 0x03, 0x00, 0x72, 0x66, 0x44, 0x36, 0x88, 0x60, 0x85, + 0x76, 0x86, 0x17, 0x72, 0x16, 0x37, 0x23, 0x82, 0x15, 0x84, + 0x57, 0x14, 0x20, 0x72, 0x15, 0x55, 0x26, 0x42, 0x82, 0x66, + 0x40, 0x54, 0x03, 0x54, 0x62, 0x61, 0x83, 0x35, 0x20, 0x76, + 0x62, 0x14, 0x37, 0x35, 0x42, 0x04, 0x32, 0x72, 0x08, 0x35, + 0x42, 0x74, 0x51, 0x24, 0x54, 0x86, 0x36, 0x56, 0x11, 0x83, + 0x64, 0x44, 0x54, 0x78, 0x80, 0x50, 0x55, 0x72, 0x84, 0x16, + 0x48, 0x13, 0x04, 0x17, 0x06, 0x36, 0x25, 0x48, 0x21, 0x33, + 0x45, 0x71, 0x21, 0x54, 0x10, 0x26, 0x13, 0x72, 0x12, 0x30, + 0x03, 0x73, 0x48, 0x84, 0x16, 0x22, 0x11, 0x38, 0x26, 0x43, + 0x53, 0x36, 0x56, 0x12, 0x15, 0x70, 0x07, 0x57, 0x00, 0x65, + 0x72, 0x11, 0x73, 0x48, 0x01, 0x13, 0x31, 0x58, 0x82, 0x60, + 0x61, 0x17, 0x78, 0x44, 0x48, 0x15, 0x48, 0x26, 0x62, 0x43, + 0x72, 0x44, 0x62, 0x76, 0x40, 0x15, 0x63, 0x26, 0x10, 0x51, + 0x82, 0x21, 0x05, 0x82, 0x30, 0x56, 0x58, 0x62, 0x76, 0x48, + 0x67, 0x82, 0x86, 0x51, 0x32, 0x37, 0x78, 0x38, 0x13, 0x82, + 0x55, 0x22, 0x45, 0x22, 0x68, 0x66, 0x15, 0x30, 0x35, 0x77, + 0x04, 0x28, 0x45, 0x85, 0x72, 0x48, 0x30, 0x26, 0x06, 0x24, + 0x12, 0x75, 0x42, 0x53, 0x88, 0x14, 0x15, 0x07, 0x08, 0x86, + 0x05, 0x08, 0x01, 0x56, 0x77, 0x44, 0x38, 0x53, 0x22, 0x21, + 0x20, 0x56, 0x25, 0x15, 0x72, 0x68, 0x27, 0x03, 0x71, 0x25, + 0x64, 0x11, 0x44, 0x34, 0x77, 0x60, 0x68, 0x58, 0x44, 0x74, + 0x76, 0x63, 0x86, 0x16, 0x01, 0x40, 0x68, 0x51, 0x20, 0x12, + 0x36, 0x55, 0x01, 0x84, 0x61, 0x80, 0x46, 0x36, 0x28, 0x82, + 0x44, 0x66, 0x14, 0x80, 0x50, 0x32, 0x34, 0x46, 0x21, 0x34, + 0x63, 0x04, 0x22, 0x20, 0x17, 0x84, 0x88, 0x88, 0x47, 0x02, + 0x52, 0x60, 0x45, 0x35, 0x86, 0x72, 0x71, 0x43, 0x30, 0x58, + 0x24, 0x11, 0x11, 0x64, 0x45, 0x36, 0x25, 0x18, 0x82, 0x18, + 0x16, 0x80, 0x27, 0x76, 0x53, 0x08, 0x70, 0x87, 0x64, 0x43, + 0x68, 0x86, 0x07, 0x04, 0x34, 0x10, 0x68, 0x30, 0x21, 0x01, + 0x86, 0x66, 0x06, 0x50, 0x41, 0x72, 0x18, 0x00, 0x05, 0x40, + 0x36, 0x35, 0x60, 0x50, 0x82, 0x82, 0x24, 0x73, 0x31, 0x35, + 0x81, 0x35, 0x02, 0x50, 0x22, 0x76, 0x44, 0x52, 0x27, 0x43, + 0x82, 0x66, 0x51, 0x38, 0x86, 0x72, 0x18, 0x54, 0x20, 0x65, + 0x45, 0x26, 0x03, 0x42, 0x24, 0x25, 0x27, 0x36, 0x02, 0x04, + 0x38, 0x77, 0x18, 0x44, 0x17, 0x78, 0x46, 0x34, 0x68, 0x00, + 0x72, 0x57, 0x72, 0x67, 0x53, 0x82, 0x51, 0x06, 0x34, 0x56, + 0x71, 0x26, 0x73, 0x55, 0x58, 0x11, 0x44, 0x15, 0x26, 0x81, + 0x14, 0x88, 0x25, 0x45, 0x52, 0x84, 0x13, 0x60, 0x12, 0x26, + 0x12, 0x36, 0x11, 0x61, 0x30, 0x25, 0x32, 0x83, 0x00, 0x71, + 0x73, 0x04, 0x48, 0x40, 0x70, 0x21, 0x36, 0x54, 0x45, 0x33, + 0x43, 0x00, 0x76, 0x62, 0x63, 0x71, 0x15, 0x35, 0x27, 0x50, + 0x06, 0x16, 0x30, 0x45, 0x08, 0x12, 0x51, 0x68, 0x38, 0x21, + 0x71, 0x61, 0x61, 0x18, 0x35, 0x15, 0x25, 0x47, 0x14, 0x62, + 0x51, 0x14, 0x76, 0x12, 0x62, 0x60, 0x63, 0x16, 0x20, 0x68, + 0x62, 0x31, 0x56, 0x64, 0x05, 0x84, 0x56, 0x26, 0x40, 0x42, + 0x88, 0x05, 0x60, 0x84, 0x82, 0x10, 0x23, 0x87, 0x63, 0x33, + 0x60, 0x40, 0x58, 0x12, 0x83, 0x26, 0x03, 0x13, 0x85, 0x23, + 0x02, 0x73, 0x05, 0x27, 0x40, 0x02, 0x75, 0x85, 0x46, 0x51, + 0x83, 0x71, 0x37, 0x16, 0x05, 0x86, 0x35, 0x01, 0x45, 0x00, + 0x53, 0x68, 0x27, 0x11, 0x06, 0x08, 0x82, 0x60, 0x58, 0x28, + 0x50, 0x07, 0x32, 0x56, 0x26, 0x46, 0x78, 0x63, 0x71, 0x16, + 0x48, 0x46, 0x86, 0x41, 0x37, 0x75, 0x06, 0x01, 0x11, 0x46, + 0x45, 0x21, 0x03, 0x82, 0x42, 0x75, 0x83, 0x30, 0x66, 0x00, + 0x74, 0x74, 0x46, 0x05, 0x33, 0x82, 0x33, 0x07, 0x34, 0x53, + 0x07, 0x78, 0x53, 0x07, 0x41, 0x37, 0x78, 0x54, 0x06, 0x11, + 0x42, 0x47, 0x05, 0x02, 0x62, 0x34, 0x27, 0x17, 0x78, 0x70, + 0x70, 0x46, 0x00, 0x38, 0x75, 0x48, 0x74, 0x46, 0x83, 0x35, + 0x08, 0x46, 0x14, 0x12, 0x20, 0x68, 0x00, 0x73, 0x57, 0x81, + 0x84, 0x62, 0x43, 0x11, 0x28, 0x87, 0x13, 0x30, 0x06, 0x70, + 0x15, 0x46, 0x51, 0x14, 0x74, 0x13, 0x53, 0x26, 0x84, 0x78, + 0x86, 0x15, 0x84, 0x18, 0x70, 0x56, 0x41, 0x33, 0x61, 0x56, + 0x28, 0x11, 0x30, 0x73, 0x82, 0x00, 0x57, 0x68, 0x61, 0x44, + 0x04, 0x64, 0x78, 0x68, 0x14, 0x02, 0x83, 0x88, 0x86, 0x88, + 0x40, 0x16, 0x81, 0x20, 0x68, 0x72, 0x67, 0x05, 0x76, 0x06, + 0x54, 0x74, 0x35, 0x71, 0x02, 0x67, 0x45, 0x24, 0x73, 0x64, + 0x87, 0x31, 0x60, 0x37, 0x04, 0x11, 0x85, 0x63, 0x40, 0x71, + 0x38, 0x46, 0x65, 0x16, 0x10, 0x85, 0x06, 0x37, 0x25, 0x53, + 0x05, 0x58, 0x45, 0x87, 0x17, 0x47, 0x78, 0x10, 0x22, 0x26, + 0x24, 0x86, 0x44, 0x63, 0x45, 0x00, 0x14, 0x77, 0x60, 0x04, + 0x54, 0x45, 0x40, 0x32, 0x45, 0x03, 0x60, 0x87, 0x05, 0x02, + 0x18, 0x22, 0x20, 0x61, 0x07, 0x36, 0x72, 0x52, 0x53, 0x65, + 0x27, 0x26, 0x37, 0x54, 0x31, 0x34, 0x22, 0x54, 0x37, 0x25, + 0x83, 0x14, 0x74, 0x75, 0x17, 0x61, 0x48, 0x74, 0x24, 0x43, + 0x80, 0x81, 0x15, 0x06, 0x88, 0x23, 0x84, 0x55, 0x20, 0x11, + 0x87, 0x83, 0x64, 0x36, 0x48, 0x88, 0x32, 0x20, 0x28, 0x54, + 0x88, 0x85, 0x35, 0x61, 0x00, 0x21, 0x01, 0x31, 0x44, 0x13, + 0x71, 0x48, 0x23, 0x47, 0x31, 0x62, 0x40, 0x18, 0x21, 0x78, + 0x34, 0x12, 0x88, 0x10, 0x76, 0x46, 0x72, 0x37, 0x70, 0x84, + 0x15, 0x41, 0x84, 0x22, 0x20, 0x22, 0x27, 0x44, 0x81, 0x03, + 0x46, 0x48, 0x26, 0x16, 0x21, 0x15, 0x31, 0x85, 0x73, 0x74, + 0x73, 0x06, 0x55, 0x21, 0x12, 0x53, 0x13, 0x34, 0x01, 0x64, + 0x40, 0x83, 0x08, 0x57, 0x24, 0x04, 0x18, 0x33, 0x70, 0x18, + 0x17, 0x06, 0x14, 0x28, 0x12, 0x58, 0x00, 0x25, 0x57, 0x20, + 0x00, 0x76, 0x73, 0x45, 0x68, 0x16, 0x60, 0x22, 0x17, 0x22, + 0x37, 0x75, 0x53, 0x48, 0x40, 0x21, 0x64, 0x27, 0x52, 0x48, + 0x53, 0x61, 0x64, 0x87, 0x57, 0x61, 0x13, 0x75, 0x80, 0x08, + 0x63, 0x33, 0x60, 0x26, 0x10, 0x25, 0x61, 0x78, 0x47, 0x78, + 0x07, 0x16, 0x00, 0x52, 0x31, 0x30, 0x63, 0x66, 0x46, 0x80, + 0x07, 0x10, 0x45, 0x11, 0x13, 0x80, 0x25, 0x61, 0x25, 0x53, + 0x80, 0x71, 0x38, 0x31, 0x47, 0x55, 0x02, 0x25, 0x50, 0x87, + 0x57, 0x35, 0x74, 0x11, 0x46, 0x44, 0x53, 0x24, 0x60, 0x33, + 0x15, 0x12, 0x77, 0x20, 0x36, 0x24, 0x70, 0x04, 0x87, 0x05, + 0x71, 0x07, 0x77, 0x36, 0x47, 0x01, 0x73, 0x61, 0x32, 0x62, + 0x28, 0x81, 0x67, 0x17, 0x38, 0x45, 0x21, 0x03, 0x24, 0x72, + 0x82, 0x64, 0x84, 0x43, 0x07, 0x11, 0x20, 0x72, 0x71, 0x04, + 0x58, 0x36, 0x22, 0x21, 0x33, 0x67, 0x55, 0x48, 0x03, 0x68, + 0x32, 0x70, 0x04, 0x63, 0x11, 0x34, 0x27, 0x82, 0x42, 0x56, + 0x28, 0x74, 0x77, 0x72, 0x18, 0x27, 0x35, 0x87, 0x03, 0x18, + 0x40, 0x32, 0x78, 0x07, 0x14, 0x43, 0x73, 0x73, 0x84, 0x63, + 0x78, 0x68, 0x03, 0x22, 0x55, 0x30, 0x18, 0x88, 0x15, 0x86, + 0x18, 0x51, 0x12, 0x42, 0x13, 0x60, 0x22, 0x44, 0x61, 0x44, + 0x35, 0x73, 0x08, 0x85, 0x53, 0x02, 0x73, 0x83, 0x25, 0x85, + 0x64, 0x78, 0x16, 0x12, 0x13, 0x63, 0x48, 0x35, 0x02, 0x71, + 0x72, 0x58, 0x12, 0x10, 0x65, 0x42, 0x22, 0x54, 0x80, 0x60, + 0x57, 0x84, 0x72, 0x76, 0x67, 0x35, 0x25, 0x14, 0x73, 0x70, + 0x48, 0x03, 0x78, 0x07, 0x74, 0x48, 0x67, 0x48, 0x01, 0x62, + 0x78, 0x05, 0x37, 0x66, 0x42, 0x45, 0x33, 0x65, 0x08, 0x70, + 0x42, 0x15, 0x72, 0x53, 0x13, 0x20, 0x14, 0x38, 0x05, 0x53, + 0x00, 0x45, 0x25, 0x20, 0x80, 0x75, 0x01, 0x65, 0x80, 0x70, + 0x61, 0x50, 0x15, 0x10, 0x77, 0x23, 0x38, 0x31, 0x21, 0x51, + 0x78, 0x11, 0x88, 0x71, 0x18, 0x06, 0x45, 0x62, 0x47, 0x35, + 0x43, 0x00, 0x52, 0x34, 0x41, 0x75, 0x18, 0x13, 0x51, 0x35, + 0x72, 0x11, 0x78, 0x17, 0x30, 0x44, 0x83, 0x25, 0x64, 0x42, + 0x65, 0x23, 0x50, 0x32, 0x85, 0x30, 0x67, 0x10, 0x70, 0x01, + 0x16, 0x62, 0x36, 0x46, 0x18, 0x53, 0x53, 0x80, 0x13, 0x65, + 0x66, 0x53, 0x61, 0x55, 0x07, 0x71, 0x34, 0x56, 0x31, 0x67, + 0x64, 0x42, 0x64, 0x41, 0x22, 0x56, 0x44, 0x67, 0x25, 0x52, + 0x08, 0x17, 0x38, 0x45, 0x76, 0x83, 0x37, 0x15, 0x76, 0x31, + 0x83, 0x47, 0x30, 0x21, 0x55, 0x73, 0x37, 0x82, 0x11, 0x56, + 0x67, 0x27, 0x23, 0x44, 0x72, 0x82, 0x10, 0x80, 0x43, 0x11, + 0x16, 0x02, 0x21, 0x40, 0x42, 0x10, 0x12, 0x74, 0x58, 0x40, + 0x74, 0x00, 0x66, 0x02, 0x85, 0x76, 0x21, 0x17, 0x83, 0x78, + 0x80, 0x40, 0x46, 0x87, 0x66, 0x24, 0x35, 0x80, 0x31, 0x77, + 0x87, 0x10, 0x47, 0x02, 0x20, 0x65, 0x43, 0x73, 0x41, 0x61, + 0x72, 0x18, 0x21, 0x52, 0x32, 0x82, 0x08, 0x82, 0x00, 0x57, + 0x52, 0x41, 0x45, 0x10, 0x51, 0x41, 0x28, 0x37, 0x72, 0x45, + 0x77, 0x10, 0x56, 0x06, 0x54, 0x30, 0x03, 0x74, 0x13, 0x56, + 0x77, 0x54, 0x04, 0x86, 0x13, 0x77, 0x81, 0x77, 0x57, 0x15, + 0x76, 0x13, 0x51, 0x75, 0x4C, 0xD3, 0x8C, 0xF8, 0x0F, 0x87, + 0x37, 0xBC, 0x26, 0x1B, 0x7A, 0x1C, 0xDC, 0x05, 0xFD, 0x9B, + 0x97, 0x8C, 0x4D, 0xE5, 0x06, 0xFF, 0x57, 0x65, 0xDC, 0xFC, + 0xBF, 0x55, 0x20, 0x8F, 0xC9, 0xAB, 0x63, 0x4C, 0x37, 0x02, + 0xB5, 0x51, 0x79, 0x6B, 0xC2, 0x02, 0x74, 0xE5, 0x74, 0x72, + 0xC4, 0x3C, 0x8F, 0xD2, 0x79, 0xCB, 0x65, 0x3C, 0xBD, 0xA6, + 0xC5, 0x19, 0xDF, 0xFC, 0x24, 0xB9, 0x91, 0x81, 0x41, 0x4D, + 0xDF, 0x2E, 0x6A, 0xBD, 0x5A, 0xC4, 0x04, 0x03, 0x7F, 0x71, + 0x7D, 0x51, 0xDD, 0x2F, 0xAE, 0x4C, 0x9A, 0xF8, 0x98, 0x11, + 0xA0, 0xCE, 0xF7, 0xDE, 0xF5, 0xC6, 0x91, 0xD3, 0xDC, 0xE7, + 0xAA, 0xD0, 0x7D, 0xDF, 0x5F, 0xF2, 0x5B, 0x55, 0x9C, 0xD6, + 0x8D, 0xC9, 0x1E, 0xC7, 0x80, 0xD9, 0xC5, 0xFA, 0x15, 0xEB, + 0xCE, 0x6B, 0x99, 0x71, 0xBD, 0xED, 0x0C, 0x24, 0x1B, 0x97, + 0x52, 0xFA, 0x54, 0xF5, 0x72, 0x48, 0x97, 0x05, 0x8B, 0x04, + 0xE5, 0xAA, 0xE0, 0xDC, 0x98, 0x13, 0xD2, 0x27, 0xB0, 0x0B, + 0x49, 0x8B, 0xA0, 0xD1, 0x2C, 0x18, 0xA5, 0xFA, 0x2A, 0x80, + 0x4B, 0xF7, 0x4B, 0x8C, 0xE0, 0xA4, 0xCD, 0xD0, 0x75, 0xE9, + 0x4A, 0x75, 0x15, 0x1B, 0xB8, 0x51, 0xD8, 0x8D, 0x1E, 0xA4, + 0xD1, 0xCD, 0x0E, 0xEE, 0xD4, 0xAA, 0x55, 0x0C, 0x6A, 0xB3, + 0xC9, 0x51, 0x66, 0x72, 0x76, 0xF4, 0xF9, 0xA4, 0xC2, 0x56, + 0x9D, 0xF9, 0x7C, 0x4C, 0x91, 0x27, 0xAC, 0xB3, 0x3E, 0x6B, + 0x2D, 0x5B, 0x84, 0xF3, 0x68, 0xD7, 0x28, 0xAE, 0xB6, 0x75, + 0x41, 0x46, 0xF2, 0x50, 0xF4, 0x20, 0x04, 0x4E, 0xB3, 0x0D, + 0xC3, 0xAE, 0xA9, 0x87, 0x9E, 0xB2, 0x05, 0xAE, 0x33, 0x76, + 0x76, 0x1A, 0x7A, 0xAB, 0xFD, 0x55, 0x77, 0x64, 0xF0, 0x0A, + 0x7C, 0x4F, 0x75, 0xE7, 0xBC, 0x09, 0x2D, 0x99, 0x4B, 0x90, + 0x13, 0x42, 0x62, 0xBD, 0x70, 0x14, 0x39, 0x23, 0x3A, 0x8A, + 0x32, 0x30, 0xEA, 0x66, 0x24, 0x85, 0xAF, 0x0B, 0xD7, 0x72, + 0xC4, 0xFC, 0x89, 0xD9, 0xB6, 0x9A, 0x1D, 0xA4, 0x10, 0x50, + 0x69, 0x98, 0x8E, 0x00, 0xA1, 0xCF, 0x94, 0x6C, 0x1B, 0x79, + 0x3A, 0xB7, 0xD8, 0x86, 0x1C, 0xD1, 0x95, 0x72, 0x0A, 0x3A, + 0xDA, 0xEF, 0x26, 0x15, 0xA5, 0xE4, 0x67, 0xD6, 0x04, 0xC5, + 0x0A, 0xBA, 0x50, 0x21, 0x9C, 0xB7, 0x1A, 0xF1, 0x1F, 0x1D, + 0x90, 0x5A, 0x6E, 0x40, 0xF8, 0xC1, 0xAB, 0xBD, 0x88, 0xA7, + 0xB8, 0x25, 0xBD, 0xCB, 0x93, 0xFA, 0x79, 0xAE, 0xAF, 0x1A, + 0xBD, 0x7B, 0xC4, 0x9F, 0x89, 0x7C, 0xFF, 0xFB, 0x0E, 0x27, + 0x32, 0x20, 0x6D, 0x47, 0x6B, 0x0E, 0x0D, 0xA1, 0x6A, 0x55, + 0x7F, 0xFD, 0x73, 0x9B, 0xC5, 0x3F, 0xF8, 0x08, 0xAA, 0xFE, + 0x0F, 0x7E, 0xAD, 0xB8, 0x13, 0x50, 0x79, 0x8D, 0x58, 0xAF, + 0xB2, 0xC6, 0x66, 0x24, 0xA8, 0x19, 0xD6, 0x90, 0x81, 0x54, + 0x92, 0x7B, 0xAF, 0xA8, 0xB8, 0x3D, 0x27, 0xD0, 0xC0, 0x08, + 0xB6, 0x45, 0x3D, 0x24, 0x46, 0xA0, 0x04, 0x8A, 0x26, 0x95, + 0xCF, 0x3F, 0x3C, 0x31, 0x43, 0x5D, 0xCA, 0x7A, 0xED, 0xF7, + 0xD3, 0xB5, 0xA0, 0xEE, 0xDC, 0x97, 0x76, 0xB3, 0x2F, 0x89, + 0x18, 0x62, 0xAC, 0x4B, 0x8B, 0xFC, 0x06, 0x1E, 0x15, 0xE5, + 0x25, 0x72, 0x46, 0xB9, 0x02, 0xD9, 0x0C, 0x38, 0xCF, 0x82, + 0x13, 0x19, 0x6E, 0x18, 0x85, 0xC6, 0x76, 0xF9, 0x10, 0xF9, + 0xCD, 0x72, 0x05, 0xED, 0x5E, 0xAE, 0xBB, 0xD2, 0xAB, 0x64, + 0x13, 0x3E, 0x9F, 0x20, 0xCF, 0x8C, 0xC0, 0x37, 0x71, 0x38, + 0x22, 0x49, 0x38, 0x9C, 0x23, 0xCB, 0x0B, 0xC3, 0xE8, 0xE5, + 0xEB, 0x31, 0x61, 0x07, 0xFE, 0x2A, 0xAC, 0xDE, 0x90, 0x35, + 0x24, 0xEB, 0x6B, 0xB6, 0x34, 0x51, 0x9C, 0xE2, 0x7D, 0xD0, + 0x8B, 0x38, 0xDB, 0x81, 0x7B, 0x24, 0x7B, 0x69, 0x84, 0x1D, + 0x17, 0x9F, 0x64, 0x63, 0x6F, 0x3F, 0x43, 0xFC, 0xFE, 0x07, + 0x72, 0x66, 0x84, 0xE3, 0xCD, 0x4F, 0x25, 0x70, 0x81, 0x64, + 0x66, 0x2C, 0xA8, 0x35, 0x11, 0x1B, 0xF3, 0x03, 0x1B, 0x5B, + 0xDC, 0xFB, 0x7D, 0xAD, 0x14, 0x11, 0xC8, 0xB1, 0x0C, 0x7E, + 0x36, 0x79, 0x34, 0x79, 0x1A, 0x88, 0x8A, 0x8F, 0xF6, 0x66, + 0xB4, 0x95, 0xD4, 0xA1, 0x02, 0xF9, 0x1D, 0x26, 0x53, 0x7A, + 0x34, 0x00, 0x36, 0x0E, 0xE7, 0xFB, 0x7A, 0x60, 0xF9, 0xC3, + 0xCF, 0x30, 0xCB, 0xF0, 0x27, 0xB5, 0xD6, 0xCF, 0x15, 0x33, + 0x53, 0x88, 0x7C, 0x50, 0x07, 0xF4, 0x27, 0xE0, 0x40, 0x47, + 0xFE, 0x86, 0x0E, 0xFF, 0x07, 0x5F, 0x55, 0xB8, 0x3B, 0xAA, + 0xFB, 0xB0, 0x6B, 0x98, 0x47, 0x59, 0xB8, 0x33, 0xAA, 0x67, + 0x6B, 0x36, 0xEB, 0x76, 0x43, 0xAF, 0x31, 0x52, 0x62, 0x3D, + 0x7F, 0x64, 0x6A, 0xFC, 0x36, 0x92, 0x96, 0xF8, 0xD9, 0xE7, + 0x13, 0x77, 0x1D, 0xD0, 0xFB, 0x0D, 0x70, 0x29, 0x61, 0x52, + 0x82, 0xF4, 0xE4, 0xA7, 0x08, 0x47, 0x4C, 0x67, 0xEE, 0x36, + 0xD1, 0x1C, 0x18, 0x8B, 0xF1, 0x2D, 0xE2, 0x47, 0x16, 0x4D, + 0x1F, 0x05, 0xC6, 0x4E, 0xFB, 0x35, 0x51, 0x3A, 0x9E, 0xF9, + 0xE0, 0x1E, 0xC1, 0x64, 0x21, 0x0B, 0x8A, 0xF0, 0x1D, 0x32, + 0x78, 0x18, 0xF2, 0xB3, 0xB5, 0xBD, 0x66, 0x6B, 0xAD, 0x92, + 0x4F, 0x22, 0xDC, 0xB9, 0xCC, 0xF4, 0x98, 0x22, 0x99, 0xF6, + 0x3D, 0xC6, 0x8F, 0x28, 0x77, 0x60, 0x34, 0xD0, 0x73, 0xF5, + 0x4D, 0x9F, 0x6C, 0x5D, 0x94, 0xC2, 0x3D, 0x19, 0xCD, 0xC2, + 0x18, 0x41, 0x9B, 0x5F, 0x32, 0x2D, 0x5E, 0x3D, 0x92, 0xBE, + 0x26, 0x39, 0x85, 0x50, 0xE6, 0xE2, 0x49, 0x17, 0x19, 0xD3, + 0x57, 0xAF, 0x45, 0x85, 0x74, 0xF7, 0x16, 0x35, 0x0A, 0x94, + 0x54, 0x64, 0x45, 0xD5, 0x31, 0x51, 0x49, 0x8F, 0xA4, 0x4C, + 0x33, 0xBB, 0x62, 0x59, 0x6B, 0x08, 0xBD, 0x1C, 0xDD, 0x38, + 0x93, 0x22, 0x0B, 0xCF, 0x9B, 0x23, 0x87, 0x30, 0xA2, 0xA0, + 0x6D, 0x97, 0x2D, 0xD7, 0x2B, 0x16, 0x88, 0x72, 0x01, 0x9A, + 0x51, 0xBA, 0x56, 0xCE, 0xDC, 0xDD, 0xF9, 0x87, 0x41, 0xC8, + 0x44, 0xF1, 0xA2, 0x20, 0x9A, 0x11, 0x44, 0x13, 0xDF, 0x49, + 0x04, 0x85, 0x4C, 0x01, 0x46, 0x3E, 0xD6, 0xB8, 0xE2, 0xC2, + 0x2E, 0xED, 0xA4, 0x07, 0x29, 0x89, 0xA2, 0x46, 0x23, 0x98, + 0xA5, 0xEF, 0x59, 0x1A, 0xE7, 0x67, 0x64, 0x59, 0xF7, 0x2C, + 0x5B, 0x30, 0x29, 0x57, 0xE3, 0xDE, 0x5C, 0x84, 0x1B, 0x8F, + 0x3E, 0xB3, 0x5B, 0xF5, 0x0C, 0x6E, 0xB1, 0x4E, 0x2F, 0xB6, + 0xB6, 0x5B, 0x29, 0xCD, 0xBB, 0xB8, 0xC9, 0xF0, 0x39, 0xF9, + 0xB9, 0x11, 0x47, 0xEF, 0xF8, 0x90, 0xE0, 0x0F, 0x91, 0x70, + 0x97, 0xB4, 0xFC, 0xFD, 0xB5, 0x69, 0x8C, 0x61, 0x9A, 0x26, + 0xD2, 0xC9, 0x47, 0x67, 0xB7, 0xDB, 0x73, 0x11, 0xA3, 0xC1, + 0x3B, 0x4E, 0x5F, 0x60, 0xDA, 0x73, 0x39, 0x9B, 0xD4, 0x3D, + 0x24, 0xA6, 0x8A, 0xB5, 0x56, 0x5D, 0xBD, 0x27, 0xDE, 0x6C, + 0x67, 0xA1, 0x4A, 0x77, 0xB7, 0x44, 0x1D, 0x28, 0x44, 0xA0, + 0xA3, 0xF2, 0xEB, 0x3A, 0x9F, 0xE5, 0x5C, 0xF5, 0xE3, 0xFE, + 0xD0, 0xC3, 0xCA, 0x2A, 0x1A, 0x72, 0x86, 0xB3, 0x4E, 0x9D, + 0x25, 0x0B, 0x4C, 0xFF, 0x45, 0xB7, 0xDE, 0xE8, 0x8C, 0x0A, + 0x06, 0xED, 0x30, 0x26, 0x8F, 0xA1, 0xBF, 0x74, 0x22, 0x3D, + 0x50, 0x39, 0x17, 0xA9, 0x6B, 0x7C, 0xAC, 0xA0, 0x6A, 0xEA, + 0x14, 0x95, 0x5F, 0xAD, 0x3C, 0xB1, 0x4E, 0xE1, 0x30, 0x2F, + 0x4A, 0x77, 0x72, 0xC1, 0x1F, 0x4C, 0x91, 0x6B, 0xCF, 0x81, + 0x46, 0xAF, 0x2D, 0xEC, 0x59, 0x9E, 0x99, 0xD9, 0x60, 0x23, + 0x95, 0x08, 0x0D, 0xBB, 0xFD, 0xEC, 0x2A, 0xF7, 0x7B, 0x73, + 0x53, 0xF3, 0x88, 0xB7, 0xAF, 0x51, 0x69, 0xD5, 0x08, 0xFC, + 0xCC, 0x03, 0xD3, 0x61, 0x5C, 0xDD, 0x39, 0x56, 0x6B, 0xE4, + 0xEE, 0x1F, 0x0A, 0xD6, 0x1A, 0x84, 0x65, 0x45, 0x0C, 0x0A, + 0x34, 0xDE, 0x96, 0x24, 0xBB, 0x74, 0xF4, 0xB7, 0xE5, 0x2F, + 0xB5, 0x1F, 0x85, 0x9D, 0xD7, 0xEA, 0xB3, 0x33, 0xBE, 0xCF, + 0x19, 0x45, 0xCE, 0xF9, 0x13, 0xF5, 0xFD, 0x65, 0x5D, 0xBB, + 0xDB, 0x64, 0x94, 0xAC, 0xB8, 0x39, 0xAF, 0x9B, 0x56, 0xE4, + 0x5C, 0x95, 0x85, 0xFD, 0xB3, 0xF8, 0x3C, 0x98, 0xD3, 0x58, + 0xCE, 0xAB, 0x09, 0x0E, 0xA7, 0x42, 0x9B, 0x16, 0xA7, 0x63, + 0xEB, 0xB8, 0x7C, 0x01, 0xA2, 0xD4, 0x3C, 0x2B, 0xA7, 0xA3, + 0x52, 0x8C, 0x08, 0xA5, 0xA9, 0xAF, 0x63, 0x07, 0xDA, 0x45, + 0x86, 0x91, 0x64, 0xE6, 0x41, 0x75, 0x78, 0x46, 0x6F, 0xB9, + 0xB4, 0xEA, 0x6A, 0xDD, 0xC7, 0x1A, 0x1F, 0xC0, 0x8A, 0x00, + 0x81, 0x70, 0x74, 0x37, 0xC8, 0x84, 0x3F, 0xA8, 0xC9, 0xC1, + 0xC1, 0x60, 0x2B, 0x25, 0x9B, 0x66, 0x5F, 0x73, 0x15, 0x51, + 0xE2, 0xE4, 0x49, 0x5B, 0xEE, 0x20, 0xC8, 0x18, 0xE7, 0x65, + 0xED, 0x29, 0xEA, 0x96, 0x85, 0xB5, 0x63, 0xFB, 0xA6, 0x23, + 0x22, 0xB7, 0x4F, 0x6E, 0xE3, 0xF2, 0x9C, 0x01, 0x23, 0x7A, + 0xB9, 0x16, 0x2A, 0x93, 0xAF, 0x4F, 0xEA, 0x05, 0x15, 0x84, + 0x46, 0x32, 0x2F, 0x99, 0xB8, 0x78, 0x20, 0x78, 0x93, 0xC9, + 0x42, 0x6D, 0xBC, 0x70, 0xCE, 0x88, 0x6F, 0x12, 0x92, 0x3F, + 0xDE, 0xFB, 0xDE, 0x8E, 0xD3, 0x69, 0x09, 0x54, 0x7D, 0x0A, + 0xE1, 0x93, 0x3D, 0x10, 0x04, 0xDE, 0x66, 0x9D, 0x2D, 0xAD, + 0xA4, 0x53, 0x4C, 0xF6, 0xFC, 0x08, 0xE4, 0x58, 0x05, 0x09, + 0x78, 0x09, 0xE6, 0xF3, 0xEE, 0x83, 0xC2, 0xD0, 0xA9, 0x04, + 0xE6, 0xAC, 0x30, 0xD7, 0x34, 0x52, 0xEB, 0xCD, 0x1A, 0x7E, + 0xB9, 0xCF, 0x18, 0x68, 0x16, 0xB9, 0x9A, 0x18, 0xDA, 0xC8, + 0xE3, 0x1C, 0xF0, 0x9A, 0x2E, 0x64, 0x28, 0xBE, 0xA4, 0x9F, + 0xCB, 0xC0, 0x53, 0xE6, 0x2A, 0x88, 0xB5, 0xE7, 0xF3, 0x6F, + 0x46, 0x1C, 0xBA, 0xAD, 0x76, 0x17, 0x85, 0xAE, 0x95, 0x13, + 0x7B, 0xF9, 0xB8, 0xD3, 0x08, 0x6A, 0x38, 0x63, 0x67, 0xD8, + 0x8B, 0x51, 0x8F, 0x49, 0x44, 0xB4, 0x10, 0xB8, 0x74, 0x38, + 0xDD, 0x17, 0xEA, 0x52, 0x67, 0xB2, 0xCC, 0xC9, 0x77, 0xDD, + 0x44, 0x2E, 0xDF, 0x03, 0xC7, 0xF4, 0x87, 0xF4, 0xBC, 0x6F, + 0x94, 0x9F, 0x58, 0xDB, 0xE2, 0x09, 0xA1, 0x4C, 0xCA, 0x89, + 0x9D, 0x04, 0x5A, 0xAB, 0xDF, 0x8B, 0x82, 0x3F, 0x0E, 0xF2, + 0xE7, 0xBD, 0x9A, 0x16, 0x3A, 0xAF, 0x72, 0x18, 0xB9, 0x47, + 0xB3, 0xBC, 0xFE, 0x84, 0x43, 0x92, 0x98, 0xF4, 0x3A, 0x49, + 0x3A, 0x26, 0xB7, 0xF3, 0x37, 0x54, 0x06, 0xD8, 0x92, 0x09, + 0xE6, 0xFE, 0x9A, 0xDB, 0x68, 0x16, 0x6F, 0x5D, 0x5D, 0x8E, + 0xBB, 0xFC, 0xAC, 0x5A, 0x72, 0xFE, 0x0B, 0xEB, 0xDB, 0x90, + 0xA4, 0x6C, 0x37, 0x1A, 0x8B, 0x5A, 0xD8, 0xE9, 0xF6, 0x15, + 0xFC, 0x54, 0x1B, 0x95, 0xE3, 0xAE, 0x08, 0x46, 0xB5, 0xFB, + 0xC5, 0x66, 0xC5, 0x79, 0x17, 0x9D, 0x5C, 0x45, 0xE5, 0x4E, + 0xFF, 0xA2, 0x86, 0xD7, 0x4F, 0xD4, 0x1D, 0x17, 0xA3, 0x77, + 0x00, 0x54, 0x70, 0xDF, 0x12, 0xCA, 0xD6, 0x71, 0x05, 0x54, + 0xFA, 0x47, 0x96, 0x38, 0x2D, 0x4D, 0x70, 0x3E, 0x2E, 0x40, + 0xE7, 0x52, 0x32, 0x66, 0x4D, 0x92, 0x1B, 0x76, 0x66, 0xF1, + 0xD4, 0x38, 0x8B, 0x76, 0x47, 0xE1, 0x66, 0xDE, 0xA2, 0x06, + 0xD7, 0xA7, 0x96, 0x52, 0xED, 0xC9, 0xF3, 0xD6, 0x99, 0xDF, + 0x2F, 0x98, 0xC5, 0xBF, 0x16, 0x95, 0x80, 0x41, 0xE4, 0xEB, + 0x8B, 0x16, 0xEF, 0x6A, 0x76, 0x84, 0xE7, 0x5F, 0x6C, 0xBD, + 0x1D, 0x2A, 0x74, 0x08, 0x5B, 0x4E, 0xCA, 0xE1, 0xF5, 0xD0, + 0x42, 0x2C, 0x03, 0x9B, 0x80, 0xBD, 0x05, 0x5F, 0x87, 0xF0, + 0x84, 0x08, 0x96, 0xBE, 0xAC, 0xBF, 0xF1, 0x8F, 0x51, 0x69, + 0x9E, 0xC2, 0xE9, 0x96, 0x9D, 0x97, 0xCD, 0x56, 0x32, 0x29, + 0xC8, 0x53, 0xC2, 0x1A, 0x5A, 0xD3, 0xDA, 0x31, 0x94, 0x09, + 0x35, 0x08, 0x75, 0x27, 0x66, 0xC5, 0x10, 0x5F, 0xD1, 0x94, + 0x12, 0x03, 0x8A, 0x1B, 0x69, 0x81, 0xEB, 0xBE, 0xBC, 0x6B, + 0xE4, 0xB9, 0x84, 0x65, 0x7D, 0xE3, 0xFE, 0xFB, 0x45, 0x58, + 0x31, 0xF3, 0x66, 0x13, 0x64, 0xB2, 0xBD, 0xBC, 0xF6, 0xA5, + 0x07, 0x07, 0x8A, 0xC8, 0x43, 0xCA, 0x38, 0x94, 0x70, 0xC0, + 0x25, 0xDA, 0xC6, 0xD9, 0x74, 0x5A, 0x60, 0xE3, 0x9D, 0x74, + 0x6C, 0x72, 0xF5, 0xAF, 0xD3, 0xD7, 0xF5, 0xBD, 0x17, 0x02, + 0xE5, 0x17, 0xEC, 0xBD, 0xCB, 0x5D, 0x1A, 0x8F, 0x39, 0x31, + 0x7E, 0x4B, 0x1F, 0x1A, 0x87, 0xE2, 0x69, 0x65, 0x07, 0x42, + 0x6D, 0xD2, 0x2D, 0x04, 0x52, 0x51, 0xA7, 0xF2, 0x23, 0xC6, + 0x01, 0xD1, 0x47, 0x5F, 0x42, 0x44, 0x2A, 0x88, 0x5E, 0xBB, + 0x98, 0x5A, 0x34, 0xBB, 0x0E, 0x05, 0xA7, 0x1D, 0x7E, 0xFB, + 0x3E, 0x85, 0xD8, 0x74, 0x70, 0xE8, 0x71, 0xC2, 0x31, 0x80, + 0x37, 0xF9, 0x15, 0xA4, 0xC1, 0xFC, 0x9B, 0x68, 0x2B, 0x54, + 0x9B, 0x37, 0x9C, 0xE7, 0x62, 0x80, 0x20, 0x1E, 0x27, 0x78, + 0xBF, 0x11, 0xC4, 0x86, 0xAC, 0x7B, 0x34, 0x57, 0x76, 0x86, + 0x77, 0x15, 0x51, 0x7C, 0xDC, 0x32, 0xDF, 0x48, 0xB9, 0xC6, + 0x63, 0xC6, 0x9A, 0xDE, 0x5E, 0x9D, 0xAB, 0x4A, 0x92, 0xEE, + 0x0C, 0x10, 0x7E, 0xB5, 0x33, 0x17, 0xF6, 0x0C, 0x8D, 0x26, + 0x89, 0xCD, 0x2B, 0xB8, 0x49, 0x4A, 0x4D, 0x5D, 0x66, 0x38, + 0x86, 0x42, 0x37, 0xC5, 0x1B, 0xE7, 0x78, 0x90, 0x21, 0xAE, + 0x8F, 0xE7, 0x0C, 0x01, 0xB9, 0x31, 0x6A, 0x50, 0x1A, 0x2B, + 0xDA, 0xC2, 0x99, 0xCB, 0xEB, 0xF9, 0xAE, 0x91, 0x8B, 0xB7, + 0x08, 0x01, 0x1E, 0xCC, 0x9E, 0x20, 0x05, 0xEC, 0x45, 0x21, + 0xBE, 0xDE, 0xFE, 0x06, 0x7D, 0x92, 0x9C, 0xE7, 0x47, 0xD9, + 0x85, 0x63, 0xC3, 0xBB, 0x38, 0x15, 0x2D, 0x94, 0xCA, 0xAF, + 0xCF, 0xCA, 0x1D, 0x53, 0x1A, 0xBD, 0x23, 0xF1, 0x87, 0x99, + 0x24, 0xF3, 0x16, 0xE9, 0x7F, 0xBE, 0x00, 0x8A, 0x61, 0xA7, + 0x65, 0xF7, 0xA9, 0x53, 0x2A, 0x29, 0x20, 0x3E, 0x0B, 0xCF, + 0x12, 0x69, 0x22, 0x84, 0x27, 0x5D, 0x1C, 0xC8, 0x45, 0xA1, + 0xA5, 0x5A, 0xB0, 0xDB, 0x95, 0x5D, 0xF7, 0xCE, 0xAC, 0x98, + 0x44, 0x3B, 0xE1, 0x27, 0x9A, 0x93, 0x5D, 0x2B, 0x8A, 0x20, + 0xB1, 0x82, 0x2C, 0xDD, 0xB8, 0xCC, 0xFA, 0x77, 0x0F, 0xA7, + 0x80, 0x00, 0x87, 0x54, 0x1C, 0xCC, 0x0B, 0x1E, 0xF6, 0x52, + 0x89, 0x03, 0x65, 0x83, 0xF1, 0x97, 0x4E, 0x81, 0x99, 0xE1, + 0xDD, 0x73, 0x30, 0x31, 0xEC, 0xA7, 0xD5, 0x76, 0x28, 0xC3, + 0xCE, 0x29, 0x30, 0x7B, 0xB1, 0x27, 0x3F, 0xC4, 0x6D, 0x54, + 0xAF, 0xE2, 0x84, 0xEA, 0xF5, 0x91, 0xBD, 0xB9, 0x6C, 0x4E, + 0x98, 0x0F, 0xFB, 0xDE, 0x7C, 0x32, 0xF8, 0xED, 0xEF, 0xD0, + 0xE9, 0xA3, 0x57, 0xC0, 0x91, 0x06, 0x4C, 0x43, 0x3F, 0x32, + 0x21, 0xB5, 0xF2, 0x11, 0x5A, 0xDF, 0xFC, 0x7E, 0x91, 0x10, + 0xC0, 0x4D, 0xD4, 0x4E, 0xA8, 0x38, 0xD6, 0xE0, 0xB6, 0x27, + 0x38, 0x63, 0xF2, 0xD3, 0xFD, 0x68, 0x4C, 0xDD, 0x76, 0xA9, + 0x89, 0xCE, 0xBE, 0x7C, 0xAD, 0x45, 0x4C, 0x8C, 0x24, 0xCC, + 0x32, 0x66, 0x3A, 0x1A, 0x45, 0xDA, 0x47, 0x5C, 0x4C, 0xC6, + 0x8A, 0x9A, 0xC3, 0x99, 0xFB, 0x4C, 0x94, 0xE2, 0x20, 0xD7, + 0xE4, 0x37, 0x22, 0x99, 0x32, 0x6F, 0xFB, 0x1C, 0xE5, 0x9B, + 0xB5, 0xFC, 0xBD, 0xD2, 0xA1, 0xDD, 0x66, 0xD5, 0x47, 0x2F, + 0x6A, 0xAA, 0x50, 0xF5, 0xE8, 0x1A, 0xDC, 0x74, 0x50, 0x6A, + 0x92, 0x23, 0x93, 0xED, 0xB0, 0x58, 0x61, 0x7D, 0xB6, 0x5C, + 0x22, 0x7B, 0x54, 0x75, 0xF0, 0x69, 0xD4, 0x27, 0x0B, 0x70, + 0x3F, 0xBB, 0x76, 0x63, 0xB3, 0x1D, 0x7E, 0x33, 0x96, 0xD6, + 0x84, 0x2D, 0x28, 0x4F, 0x97, 0x65, 0xC9, 0x95, 0xCF, 0x30, + 0xBA, 0xEA, 0x08, 0xF5, 0xC6, 0x24, 0x45, 0x20, 0x85, 0x67, + 0x9F, 0x34, 0x37, 0x72, 0x44, 0x17, 0x98, 0x5F, 0xD0, 0xCE, + 0xA8, 0x6E, 0x0E, 0x50, 0x22, 0x14, 0xE1, 0x6B, 0xCB, 0xA5, + 0x12, 0x2A, 0x36, 0xF1, 0x6E, 0x81, 0x5C, 0x5A, 0x77, 0x4F, + 0xD7, 0xF9, 0xCE, 0x7A, 0xC9, 0x30, 0x2C, 0x1E, 0x7E, 0xFC, + 0x24, 0xCB, 0xE4, 0x53, 0xC3, 0x4A, 0x03, 0xED, 0xD5, 0x77, + 0xC6, 0x55, 0xEB, 0xA2, 0xB4, 0x92, 0x35, 0xE3, 0x20, 0xDA, + 0xD2, 0x58, 0xE2, 0xCC, 0xC4, 0x4E, 0xBB, 0xE3, 0x8F, 0x75, + 0xB1, 0xDB, 0x97, 0x15, 0x86, 0x43, 0xE5, 0xD4, 0x4F, 0x44, + 0x3F, 0x20, 0xE3, 0xB9, 0xA5, 0xFB, 0x3F, 0x36, 0xC9, 0x9C, + 0xEF, 0x8C, 0xD1, 0x46, 0x67, 0x16, 0xB6, 0xA6, 0x24, 0x8A, + 0xE9, 0xD7, 0x29, 0x4B, 0x5F, 0x7C, 0x06, 0xEF, 0xD7, 0xBB, + 0x88, 0xCB, 0x2C, 0xFB, 0x85, 0x19, 0x9F, 0x97, 0x74, 0xFE, + 0x76, 0x46, 0x44, 0x1E, 0xAD, 0xF3, 0x62, 0xD2, 0xAA, 0x24, + 0x37, 0xD0, 0x1E, 0xF3, 0xCB, 0x68, 0xE3, 0x17, 0xFF, 0x81, + 0x90, 0xA3, 0xD6, 0x28, 0xE6, 0xCE, 0x6D, 0x99, 0xF4, 0x2D, + 0xC6, 0xAE, 0x40, 0x52, 0x32, 0xE9, 0xC1, 0xC6, 0x79, 0x5C, + 0xF7, 0x69, 0x29, 0x0C, 0x75, 0x9F, 0x48, 0x57, 0x75, 0x1F, + 0x2F, 0x71, 0x9F, 0x24, 0x90, 0x14, 0xAE, 0xDC, 0x75, 0x2E, + 0x5E, 0xDD, 0x85, 0xE5, 0x6C, 0xC4, 0x72, 0x58, 0xF0, 0x35, + 0xDC, 0xFE, 0x03, 0xB7, 0x2F, 0xBD, 0xC3, 0x8A, 0xA3, 0x2C, + 0x62, 0xE0, 0xCD, 0x37, 0xFA, 0x9E, 0x11, 0xC0, 0x1D, 0xEF, + 0xB0, 0x58, 0x58, 0x12, 0xAF, 0x25, 0x6D, 0x75, 0x0D, 0x2F, + 0xBC, 0x89, 0xE9, 0x2E, 0x1E, 0x58, 0x64, 0x35, 0xA8, 0x90, + 0xC2, 0x61, 0x4D, 0xCE, 0x96, 0xC5, 0xF2, 0x37, 0xBD, 0xB8, + 0xDE, 0xB4, 0x0E, 0xEB, 0xDD, 0xED, 0xE6, 0x47, 0x24, 0xE6, + 0x36, 0xC9, 0x22, 0xD3, 0xE7, 0x1A, 0xEF, 0x9E, 0x16, 0x89, + 0xB9, 0x5C, 0xF4, 0x3B, 0x09, 0x7E, 0x9B, 0x87, 0x7F, 0xD6, + 0x84, 0x06, 0xCA, 0x0E, 0xA8, 0x54, 0x79, 0xCF, 0x02, 0xF6, + 0x1B, 0x57, 0x34, 0x9D, 0x97, 0x00, 0x05, 0x8B, 0x75, 0xA3, + 0x5C, 0x7C, 0xBA, 0xA7, 0x51, 0x85, 0xBC, 0xE6, 0xAC, 0xD9, + 0xD4, 0x31, 0xB3, 0x3A, 0xBD, 0x82, 0xC8, 0x60, 0x74, 0x46, + 0xA9, 0x2F, 0xC2, 0x29, 0x08, 0x59, 0x6B, 0x14, 0x19, 0x19, + 0x39, 0x7F, 0x8B, 0xA2, 0x2A, 0xFD, 0xE3, 0x09, 0x72, 0x50, + 0x74, 0x88, 0xEE, 0xC6, 0xED, 0x28, 0x37, 0xCD, 0xA9, 0xBA, + 0x2E, 0xFE, 0x07, 0xDF, 0x5E, 0xF9, 0x18, 0xB4, 0x0E, 0xBF, + 0x9C, 0x1C, 0xCA, 0x84, 0xBA, 0x62, 0xB9, 0xA2, 0x96, 0x76, + 0xB6, 0xB7, 0x77, 0x9C, 0xBE, 0x0C, 0xF8, 0xA5, 0xEF, 0x74, + 0xB1, 0xC2, 0x85, 0xCD, 0xD1, 0x25, 0xD5, 0xFC, 0xFB, 0x2C, + 0xC7, 0xD6, 0x2F, 0x30, 0x3F, 0x10, 0xEA, 0xA2, 0x99, 0xC4, + 0x22, 0x58, 0xB3, 0xC4, 0x46, 0x3C, 0x41, 0xE9, 0xE9, 0xA0, + 0x39, 0x6C, 0x09, 0x89, 0xE3, 0xAE, 0x4E, 0x35, 0xAB, 0x27, + 0x71, 0x43, 0xEB, 0xA7, 0xFA, 0x68, 0xA8, 0x42, 0x49, 0x3C, + 0x53, 0x70, 0x35, 0xCA, 0x14, 0xB7, 0x1D, 0xF8, 0x7E, 0x65, + 0x05, 0x33, 0xE3, 0x5A, 0x86, 0xCD, 0xA5, 0x18, 0x02, 0x24, + 0x23, 0xAD, 0x52, 0x6A, 0x47, 0x13, 0x14, 0x95, 0xD2, 0xF1, + 0xE1, 0x6F, 0x61, 0x70, 0x4F, 0xDC, 0x1A, 0x03, 0x0E, 0xD7, + 0x07, 0xBD, 0x84, 0x43, 0x65, 0x76, 0x9F, 0xFB, 0x1E, 0x89, + 0xEB, 0x92, 0x5E, 0xDE, 0x5B, 0xAA, 0x54, 0xEE, 0x0A, 0xF5, + 0x4A, 0x79, 0x46, 0xDA, 0xC1, 0xEC, 0x2F, 0xBC, 0xDD, 0xE5, + 0x61, 0xFA, 0xED, 0xB6, 0x97, 0x9C, 0x90, 0xD8, 0xF3, 0x2E, + 0x04, 0xCF, 0xB5, 0x89, 0x74, 0xC2, 0xD1, 0x70, 0xE0, 0x0F, + 0x53, 0x14, 0x09, 0x6A, 0x19, 0x5A, 0x65, 0xAC, 0xAA, 0x3C, + 0x25, 0x79, 0x43, 0x27, 0x47, 0x18, 0x19, 0x7A, 0x74, 0xD7, + 0x73, 0x43, 0xBD, 0x50, 0x1F, 0x68, 0xAF, 0xDF, 0x3E, 0x2A, + 0xC4, 0xDC, 0x6F, 0x85, 0x2A, 0xBC, 0x0F, 0x39, 0x4B, 0x97, + 0x6D, 0x2D, 0x87, 0x5F, 0x9A, 0x07, 0x82, 0xC7, 0x69, 0xB9, + 0xF2, 0xEF, 0xE3, 0x3C, 0x3C, 0x74, 0xB2, 0xFD, 0x81, 0x6F, + 0xC3, 0xAC, 0x93, 0x22, 0x49, 0xB5, 0x73, 0x5C, 0x58, 0x6E, + 0x5F, 0x7A, 0x6B, 0x91, 0x02, 0x25, 0x3B, 0xC8, 0x24, 0xD7, + 0xEF, 0xC8, 0x10, 0xD7, 0x54, 0xD4, 0xA7, 0xC1, 0x88, 0x77, + 0xDD, 0xCD, 0x3A, 0x92, 0xE5, 0x1D, 0xA1, 0x33, 0x10, 0xA4, + 0xF6, 0xB4, 0x43, 0xA4, 0xDB, 0x77, 0x4C, 0x91, 0x7C, 0xED, + 0xDD, 0xC7, 0xB9, 0x5A, 0xB4, 0x2A, 0x6C, 0x78, 0x54, 0xCA, + 0xBD, 0x16, 0x0C, 0x8C, 0x68, 0xE8, 0xBC, 0xDE, 0x65, 0x2F, + 0xAF, 0xEF, 0x09, 0xDC, 0x7C, 0x17, 0x7D, 0x05, 0xF7, 0xB1, + 0x8D, 0x09, 0x94, 0xDC, 0xF2, 0xAE, 0xF4, 0x21, 0x54, 0xF9, + 0x3E, 0xB0, 0x2A, 0x73, 0xFE, 0x9C, 0x51, 0xEB, 0x1E, 0x7B, + 0xFE, 0x65, 0xCB, 0x53, 0x80, 0x5B, 0xD2, 0x05, 0xA1, 0xE9, + 0xCB, 0x75, 0x60, 0x46, 0x08, 0x07, 0x83, 0x27, 0x4E, 0xD4, + 0xBF, 0x70, 0x83, 0xDE, 0xA9, 0xB4, 0x22, 0x55, 0xF1, 0x5F, + 0x91, 0x88, 0x4A, 0x43, 0xC1, 0xBF, 0x0A, 0xEF, 0xA7, 0xFF, + 0xE5, 0xA6, 0x50, 0xDD, 0xFD, 0x6E, 0x22, 0xFF, 0xC1, 0x55, + 0x82, 0x0B, 0x42, 0x86, 0x42, 0xA7, 0x91, 0xD3, 0x62, 0x69, + 0xB2, 0x8D, 0x11, 0xC5, 0xB8, 0x4F, 0xBF, 0x4D, 0xFE, 0x37, + 0x12, 0x1F, 0xBF, 0xDE, 0xA5, 0x86, 0xAD, 0xC7, 0x2C, 0x7F, + 0x27, 0x01, 0xB0, 0xA1, 0xED, 0x7D, 0xCE, 0x33, 0x68, 0x97, + 0x2E, 0xA4, 0xF4, 0xEE, 0xA4, 0x36, 0x67, 0xE3, 0xAB, 0x89, + 0xF8, 0xCE, 0xF7, 0x01, 0xB1, 0x83, 0xFB, 0x54, 0xAA, 0x69, + 0x05, 0x76, 0x24, 0xD9, 0x76, 0x9F, 0xA3, 0x9C, 0x52, 0x8C, + 0x2E, 0x27, 0xB9, 0xA3, 0x6E, 0xE2, 0xC0, 0x02, 0x09, 0xC6, + 0x18, 0xAD, 0x42, 0x88, 0x6B, 0x2F, 0x5D, 0xB4, 0xF7, 0xC6, + 0xB4, 0x18, 0xB7, 0x88, 0x0B, 0x81, 0x2C, 0x25, 0xCE, 0xC3, + 0x7E, 0x9E, 0xAE, 0xBB, 0x35, 0x3C, 0xEC, 0x78, 0x46, 0x8F, + 0x03, 0x16, 0x5E, 0x5B, 0x08, 0x63, 0xFB, 0xBC, 0x78, 0x75, + 0xAB, 0x07, 0x1A, 0xA7, 0x96, 0x41, 0xCD, 0xDC, 0x3B, 0x59, + 0xDB, 0x02, 0xBE, 0x42, 0x09, 0xF5, 0x87, 0x96, 0x5D, 0x63, + 0xC9, 0x8E, 0x06, 0xA2, 0xFF, 0xCE, 0xCD, 0xF3, 0xDE, 0x93, + 0x79, 0x63, 0x92, 0xD2, 0xB9, 0x1D, 0x76, 0x7E, 0x4F, 0x36, + 0x2A, 0x89, 0x7B, 0x93, 0xC1, 0x35, 0x0A, 0x83, 0x8B, 0xD6, + 0xF4, 0xEA, 0x2A, 0x72, 0xA9, 0xE7, 0x6A, 0x77, 0x43, 0x14, + 0x49, 0x5B, 0x01, 0xD9, 0xE7, 0x72, 0x15, 0xD9, 0x9C, 0xBE, + 0x87, 0x90, 0x2A, 0x7F, 0x68, 0x02, 0x1C, 0xB5, 0xA1, 0xC6, + 0x7B, 0x24, 0x49, 0xBF, 0x8E, 0x3D, 0xE0, 0xBA, 0x1C, 0x78, + 0x0A, 0x7C, 0x69, 0x82, 0xA1, 0x2F, 0xB6, 0x52, 0xC5, 0x25, + 0xD8, 0x9D, 0x4B, 0x38, 0xAA, 0xBA, 0xF7, 0x4C, 0xC4, 0xC2, + 0xAE, 0xED, 0x6C, 0x28, 0x1C, 0x76, 0xA9, 0x96, 0x08, 0xAB, + 0xC4, 0x15, 0xBC, 0x3E, 0xD7, 0xCC, 0xC4, 0xA2, 0xD4, 0x93, + 0xD1, 0x3A, 0xF4, 0x2F, 0x17, 0xDB, 0x1C, 0xBD, 0xCA, 0x0D, + 0x5C, 0xF9, 0x69, 0x32, 0xAF, 0xC5, 0x27, 0x37, 0xFC, 0x1B, + 0xBB, 0x8A, 0x5D, 0x41, 0xA9, 0xC7, 0xE7, 0xC5, 0x2E, 0x78, + 0xE3, 0x7A, 0x5A, 0x25, 0x49, 0x2A, 0x06, 0x3D, 0x15, 0x58, + 0x56, 0xFB, 0x66, 0xEC, 0x30, 0x7D, 0xF4, 0x02, 0xF3, 0x53, + 0x3D, 0x0D, 0xDD, 0xFE, 0xB5, 0x66, 0xB0, 0xD0, 0xAA, 0x0E, + 0x6A, 0x76, 0xA6, 0xAB, 0x87, 0x14, 0xFB, 0x47, 0xAC, 0x26, + 0x53, 0xA9, 0x2C, 0xF3, 0xD5, 0xA6, 0x4F, 0xF0, 0x3A, 0x7E, + 0x78, 0xC5, 0x69, 0x1F, 0xB7, 0xDC, 0xC4, 0xE8, 0xD7, 0x44, + 0x7B, 0xB2, 0xC4, 0x50, 0x68, 0xF4, 0x33, 0xFC, 0x65, 0x0D, + 0xDC, 0xCD, 0x71, 0xCB, 0x9C, 0x65, 0x3B, 0x72, 0xB7, 0x19, + 0x70, 0x45, 0xA7, 0x36, 0xA4, 0xCF, 0xE7, 0x6F, 0xC8, 0xF9, + 0x67, 0x52, 0x22, 0x8F, 0x8F, 0x64, 0x89, 0xD3, 0x3E, 0x50, + 0xCC, 0xBE, 0x2B, 0xF3, 0x0A, 0x22, 0x96, 0x33, 0x56, 0x30, + 0x27, 0x3F, 0x42, 0xDE, 0x69, 0xA3, 0x63, 0xDE, 0x41, 0x94, + 0x02, 0x97, 0x9D, 0x58, 0xF3, 0x27, 0xE3, 0xFE, 0x94, 0x10, + 0x20, 0x55, 0x52, 0xD2, 0x46, 0xFB, 0x5E, 0x8C, 0xDF, 0x71, + 0x9B, 0xBF, 0x33, 0x79, 0x7C, 0xF3, 0x78, 0xA3, 0x75, 0x84, + 0x6C, 0x13, 0xEF, 0xC0, 0x43, 0x82, 0xAC, 0xF0, 0x97, 0x7D, + 0x2A, 0xBC, 0xA3, 0xB7, 0xCD, 0x4C, 0x99, 0xB9, 0xB1, 0xE9, + 0x38, 0x5C, 0x97, 0xB3, 0xC0, 0x2C, 0xBD, 0x6F, 0xF7, 0x14, + 0x26, 0x3A, 0x27, 0x31, 0x52, 0x81, 0x04, 0x88, 0xE6, 0xD8, + 0x43, 0x21, 0x78, 0x87, 0x7C, 0x7E, 0x28, 0x26, 0x4F, 0x93, + 0x9D, 0x7B, 0x2D, 0x02, 0x6E, 0x91, 0x74, 0xD9, 0x2C, 0xF7, + 0x43, 0xD8, 0x66, 0x81, 0x91, 0x21, 0xA1, 0xEE, 0xBC, 0x78, + 0x71, 0x80, 0x78, 0x54, 0x16, 0x59, 0x37, 0xB8, 0x69, 0xD3, + 0x49, 0x40, 0xAB, 0x03, 0x47, 0x36, 0xFD, 0x5D, 0x60, 0x57, + 0x8F, 0xBE, 0xA8, 0xA0, 0x21, 0x38, 0x43, 0xA9, 0x5C, 0x9F, + 0xAD, 0xD8, 0xAE, 0x97, 0xA3, 0x0F, 0xFC, 0xE4, 0x4A, 0xCF, + 0x9F, 0xE9, 0x75, 0x3D, 0x60, 0x91, 0x55, 0x5C, 0x0A, 0xB9, + 0x18, 0xEF, 0xD4, 0x08, 0x58, 0x06, 0x64, 0xA1, 0x45, 0xA7, + 0x5D, 0x3F, 0x13, 0x87, 0x49, 0x76, 0x8B, 0x1B, 0x54, 0x9C, + 0x61, 0x05, 0xC6, 0x2C, 0xED, 0x24, 0x1B, 0x7F, 0x9E, 0x9B, + 0x17, 0xBB, 0x84, 0xD8, 0xE2, 0x55, 0x69, 0x0E, 0xCF, 0xB2, + 0xC3, 0x61, 0x35, 0x0D, 0x86, 0xD7, 0x81, 0x75, 0x43, 0x98, + 0x29, 0xDF, 0x19, 0x9C, 0xFB, 0xC0, 0xC0, 0x5A, 0x7E, 0xF7, + 0xC6, 0x86, 0xEF, 0x6E, 0xBA, 0x26, 0x1D, 0x07, 0xF9, 0xC0, + 0x1F, 0xC0, 0x8E, 0x41, 0x8F, 0x1A, 0xE3, 0x51, 0xE2, 0xD7, + 0xCA, 0x28, 0x7D, 0x7A, 0xA7, 0x57, 0xA3, 0x2D, 0x98, 0x56, + 0x32, 0x9D, 0xC0, 0xF8, 0x23, 0x1D, 0x2C, 0xF6, 0x64, 0x1E, + 0x70, 0x33, 0xD4, 0x8F, 0xF9, 0xB0, 0xF4, 0x57, 0x7F, 0xD1, + 0x9A, 0xD4, 0x1A, 0x7E, 0xB6, 0x07, 0xAA, 0x54, 0x19, 0x0D, + 0x5D, 0xB8, 0x26, 0x45, 0x1B, 0x38, 0x14, 0x20, 0xFB, 0xAA, + 0x09, 0x71, 0xAF, 0x96, 0xB1, 0x17, 0xF3, 0x45, 0xA3, 0xA6, + 0x90, 0x52, 0x3C, 0x3B, 0x43, 0x9A, 0x8D, 0xE3, 0xB1, 0xC5, + 0xE4, 0x32, 0x6C, 0xE0, 0x17, 0x98, 0x43, 0x34, 0x54, 0x10, + 0x17, 0x82, 0x27, 0xE8, 0x8F, 0x99, 0x88, 0x98, 0x26, 0x70, + 0x19, 0xD1, 0x2D, 0x23, 0x02, 0x5F, 0x44, 0x71, 0x2A, 0xF6, + 0x48, 0x83, 0x34, 0x3A, 0x37, 0x11, 0x9C, 0xA1, 0xCE, 0xF0, + 0xD7, 0x6E, 0xF7, 0x2B, 0xA3, 0xFC, 0x07, 0x40, 0x64, 0x1A, + 0xF1, 0xF6, 0xF8, 0x90, 0x21, 0x1C, 0x0E, 0x85, 0xAA, 0xC1, + 0xF7, 0x16, 0xF5, 0x4D, 0x27, 0x8E, 0x91, 0x4E, 0x84, 0x19, + 0xDB, 0x8C, 0xEA, 0x00, 0xEA, 0xA6, 0x86, 0x18, 0x2C, 0x8B, + 0x46, 0x5F, 0xED, 0x61, 0x38, 0x28, 0x31, 0x4A, 0x1A, 0x12, + 0x19, 0x6C, 0x2D, 0x43, 0x0E, 0xD0, 0xDD, 0x4B, 0xFA, 0xA0, + 0x39, 0xC2, 0x4B, 0x31, 0xD9, 0x56, 0xB4, 0x9E, 0xB5, 0xD1, + 0x79, 0xA3, 0x35, 0xC7, 0xAF, 0xFD, 0x0E, 0x11, 0xC7, 0x0F, + 0x55, 0x1D, 0xCA, 0x71, 0xD1, 0x37, 0x3B, 0xC2, 0x72, 0xA0, + 0xDB, 0xEE, 0xA0, 0xF2, 0x28, 0xF4, 0x77, 0x34, 0x7D, 0x9F, + 0xE8, 0x38, 0xD0, 0xF1, 0xEB, 0x51, 0x95, 0x93, 0x5D, 0x7B, + 0x4F, 0xE7, 0x1A, 0xD5, 0xA1, 0xF1, 0xF1, 0x85, 0xF7, 0x58, + 0x5C, 0x2C, 0x49, 0xAF, 0xDC, 0x93, 0xFE, 0x73, 0x0F, 0xC8, + 0xC8, 0x26, 0x1B, 0xDE, 0xD8, 0xA6, 0x8A, 0x44, 0xB4, 0x2B, + 0x67, 0xBD, 0x8E, 0xFF, 0xA5, 0x8C, 0x18, 0x95, 0xD3, 0x02, + 0x7F, 0x28, 0x93, 0xAE, 0x84, 0x1E, 0xB0, 0x5C, 0x70, 0x57, + 0x1C, 0xFF, 0x75, 0x95, 0xBF, 0xAD, 0x95, 0xF3, 0x3C, 0x19, + 0xA0, 0x7A, 0x0F, 0x62, 0x65, 0xF0, 0x0F, 0x18, 0x1E, 0x48, + 0xB3, 0x85, 0x5D, 0x11, 0x47, 0xC9, 0x95, 0x75, 0xBE, 0xFA, + 0x2D, 0x56, 0x35, 0xD0, 0x7A, 0x75, 0x68, 0xEA, 0x7D, 0x01, + 0x9E, 0xD5, 0x28, 0x9E, 0x80, 0x09, 0xE5, 0xE9, 0xF8, 0xD3, + 0x11, 0xA6, 0xC7, 0x5E, 0xD6, 0x38, 0x8B, 0x96, 0x7A, 0xFB, + 0xD8, 0x27, 0xD4, 0x47, 0x6B, 0x50, 0xAB, 0x21, 0x4E, 0xFB, + 0xC2, 0xA1, 0x8C, 0xB7, 0x50, 0xE2, 0xF7, 0xC3, 0x4C, 0x66, + 0x04, 0x28, 0x17, 0x5D, 0x6F, 0x48, 0x39, 0x9A, 0x0B, 0x4A, + 0xB0, 0x75, 0xDF, 0xA9, 0x6E, 0xE0, 0x72, 0x20, 0x68, 0xC5, + 0x9C, 0xDB, 0x41, 0xA4, 0xF9, 0xA4, 0xF5, 0x1D, 0xDD, 0x89, + 0x83, 0x11, 0xDD, 0x3A, 0xA4, 0x76, 0x38, 0x62, 0x75, 0x4C, + 0x5D, 0xC7, 0xF5, 0x99, 0x75, 0xFB, 0xB7, 0x87, 0xB8, 0x77, + 0x2B, 0x45, 0xEF, 0xC5, 0xE5, 0x10, 0xD9, 0x6B, 0x4C, 0x72, + 0x4B, 0x42, 0x13, 0x71, 0x3C, 0x9C, 0x2C, 0x2E, 0xFB, 0xA2, + 0x3A, 0xCD, 0x2B, 0x83, 0x12, 0xA7, 0xF3, 0xA5, 0xCE, 0x4B, + 0x77, 0x2B, 0xF5, 0x71, 0xA0, 0x1A, 0x40, 0x7F, 0xED, 0x97, + 0x4B, 0x0C, 0xA0, 0x55, 0x6B, 0x69, 0x73, 0x52, 0x47, 0x6A, + 0x20, 0xCB, 0xEE, 0xE0, 0xBE, 0x97, 0x8F, 0x05, 0xE0, 0x84, + 0x4A, 0x6E, 0x40, 0xCC, 0x02, 0x2C, 0xA8, 0x45, 0xD4, 0x6B, + 0xD4, 0xCD, 0x41, 0x29, 0xBE, 0x99, 0x3B, 0x51, 0x0F, 0x9C, + 0x70, 0x75, 0x83, 0x3D, 0x42, 0xCF, 0xA9, 0x02, 0xF3, 0x68, + 0x3C, 0x96, 0xE1, 0x36, 0x46, 0xB7, 0x86, 0x16, 0x03, 0x2C, + 0xBB, 0x71, 0x21, 0xBF, 0x13, 0x52, 0x03, 0x42, 0x31, 0xE3, + 0xA3, 0x26, 0xEE, 0xD7, 0x86, 0x78, 0xDA, 0x9E, 0x9A, 0x50, + 0xD1, 0x9C, 0x5B, 0xB7, 0xEB, 0xCF, 0x0A, 0x6D, 0x10, 0xA0, + 0xAB, 0x8C, 0x65, 0x4B, 0xFA, 0x9E, 0xAC, 0x0B, 0x66, 0x56, + 0xC7, 0x5D, 0x85, 0x88, 0x53, 0x1B, 0xC2, 0x37, 0xCC, 0x94, + 0x2E, 0xE1, 0xB1, 0xF7, 0xCC, 0x1F, 0x59, 0x24, 0xEC, 0x1A, + 0x27, 0xFA, 0x8D, 0xE5, 0x86, 0x9E, 0x3F, 0x21, 0xDA, 0x15, + 0xAE, 0xC7, 0x6C, 0xFB, 0x17, 0x0D, 0xF5, 0xCB, 0xE3, 0xB8, + 0x36, 0x95, 0x0F, 0xBD, 0x84, 0x19, 0x1D, 0xF5, 0x4F, 0x17, + 0xB8, 0x71, 0x9C, 0x0E, 0x3D, 0xD8, 0xFD, 0x9B, 0xD4, 0x0D, + 0x2D, 0x16, 0x5D, 0x75, 0xE7, 0x25, 0x94, 0x3D, 0xD3, 0x0C, + 0x07, 0x3D, 0x04, 0x46, 0xC8, 0x8F, 0x65, 0x06, 0xC7, 0x11, + 0xB2, 0xAB, 0x41, 0x5E, 0x96, 0x0C, 0x68, 0x76, 0x7D, 0x6D, + 0xB8, 0xB5, 0x27, 0x01, 0x2C, 0x00, 0xC2, 0xA0, 0x40, 0xB8, + 0xF7, 0xC6, 0x39, 0x56, 0xCF, 0x25, 0x56, 0xB3, 0x10, 0x04, + 0xE9, 0xC3, 0x85, 0x47, 0xE8, 0x6E, 0xC7, 0x89, 0xFE, 0x80, + 0x9A, 0x50, 0x9E, 0xBD, 0xF3, 0x2E, 0x5E, 0x96, 0x0A, 0xA8, + 0xB7, 0x6C, 0x5B, 0x9E, 0x32, 0x1E, 0x75, 0x68, 0x5E, 0x74, + 0x88, 0xFC, 0xC5, 0x3D, 0xB9, 0x21, 0x0A, 0xAD, 0x6D, 0xF6, + 0xBE, 0x2D, 0x9A, 0x8A, 0xA5, 0x2A, 0x40, 0x3C, 0xF6, 0x4C, + 0xFE, 0x18, 0xE3, 0x44, 0x7A, 0x5F, 0x31, 0x1A, 0xEE, 0x95, + 0x07, 0x96, 0xC1, 0x27, 0x7F, 0x64, 0x4E, 0xF0, 0x19, 0x2D, + 0x36, 0x33, 0x5D, 0x23, 0xC9, 0xC2, 0x36, 0x91, 0x22, 0xC9, + 0x58, 0x8C, 0xE4, 0xF1, 0x19, 0xD0, 0xBF, 0x51, 0xAA, 0x14, + 0x4C, 0x15, 0x4A, 0x93, 0xF3, 0x16, 0x6A, 0x21, 0xBE, 0xDE, + 0xA5, 0x4C, 0x84, 0xC5, 0x65, 0x06, 0xA7, 0x11, 0xDC, 0x00, + 0x5F, 0x0F, 0xF1, 0xDA, 0xA2, 0x11, 0xAB, 0x64, 0xE0, 0x1F, + 0x1A, 0x65, 0x32, 0xA7, 0x69, 0x65, 0xAF, 0x64, 0x95, 0x90, + 0xF1, 0xA5, 0xFA, 0x32, 0x4C, 0x59, 0x61, 0x87, 0x3D, 0x94, + 0x82, 0x7E, 0xE4, 0x04, 0x7B, 0x8A, 0xCD, 0x54, 0x00, 0x2A, + 0xC5, 0xC3, 0xB7, 0x2F, 0x8A, 0xA8, 0x19, 0x39, 0x93, 0x53, + 0x3E, 0xEB, 0xE7, 0x8F, 0xF7, 0xCF, 0xDA, 0x8A, 0x4E, 0xAB, + 0x91, 0x3D, 0xA3, 0x40, 0x55, 0x64, 0xE7, 0x48, 0x90, 0x03, + 0xE5, 0xE6, 0x03, 0xE8, 0x2A, 0x23, 0x78, 0x6F, 0xCA, 0xDE, + 0x7C, 0x6E, 0x56, 0x5B, 0xC8, 0x6D, 0x8C, 0x2F, 0xC8, 0x6C, + 0x7D, 0xD8, 0x60, 0x43, 0x8C, 0xF3, 0xE9, 0x9E, 0x70, 0x73, + 0xAC, 0x85, 0xB4, 0xA3, 0x29, 0x86, 0x88, 0x60, 0x6D, 0xDD, + 0x21, 0x07, 0x09, 0x8B, 0xFB, 0xA1, 0x67, 0xA5, 0xDA, 0x9D, + 0xCC, 0x2E, 0xE3, 0xBE, 0xAE, 0x06, 0x0E, 0x41, 0x4E, 0xBE, + 0x5F, 0xE4, 0x93, 0x81, 0xE8, 0x06, 0xAA, 0x2C, 0xC9, 0x1B, + 0x1C, 0x5A, 0x9E, 0x01, 0xEF, 0xFF, 0x82, 0x84, 0xD9, 0x2B, + 0x05, 0x20, 0x0D, 0xE1, 0x14, 0x6C, 0x0A, 0x85, 0x16, 0x2E, + 0x79, 0xA3, 0x64, 0xBF, 0xFC, 0x89, 0xB8, 0xFD, 0xB0, 0xC8, + 0x39, 0x9A, 0x83, 0x1B, 0x74, 0x41, 0x7C, 0xEA, 0xFD, 0x5F, + 0x83, 0x19 +}; +static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key); + +/* certs/dilithium/bench_dilithium_level5_key.der */ +static const unsigned char bench_dilithium_level5_key[] = +{ + 0x30, 0x82, 0x1D, 0x3A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, + 0x08, 0x07, 0x04, 0x82, 0x1D, 0x24, 0x04, 0x82, 0x1D, 0x20, + 0x0A, 0xDB, 0x85, 0x3A, 0x41, 0x2C, 0x30, 0x56, 0x65, 0x04, + 0x0A, 0x20, 0x31, 0x2A, 0xF3, 0x88, 0x4C, 0x38, 0x64, 0x86, + 0x14, 0x06, 0xF5, 0xF0, 0x7F, 0x63, 0xC1, 0x87, 0x24, 0x39, + 0xFB, 0xC0, 0x28, 0x0C, 0xBE, 0x81, 0xF7, 0xCD, 0x25, 0x8B, + 0x86, 0x42, 0xAD, 0x74, 0x54, 0xCB, 0xA4, 0xDA, 0xC7, 0x94, + 0x70, 0xA3, 0x41, 0xDA, 0x1F, 0xD8, 0x4F, 0x94, 0x5C, 0x0B, + 0xA5, 0x35, 0x60, 0xB2, 0x8C, 0x50, 0xED, 0x0B, 0xCB, 0x75, + 0x6F, 0x14, 0x64, 0x48, 0x86, 0x21, 0xBC, 0x4A, 0x4C, 0xC5, + 0x22, 0xBC, 0x2D, 0x28, 0x32, 0x39, 0x13, 0x57, 0xC9, 0xE5, + 0x74, 0xF4, 0xE6, 0x3A, 0xC2, 0xE2, 0x49, 0x24, 0x31, 0x88, + 0x82, 0x08, 0x03, 0x89, 0x6C, 0x8B, 0x84, 0x08, 0x81, 0xC2, + 0x08, 0xDB, 0x44, 0x60, 0xA0, 0xB2, 0x91, 0x88, 0x36, 0x28, + 0x12, 0x89, 0x89, 0x4B, 0xA4, 0x01, 0x62, 0x12, 0x4C, 0x08, + 0x02, 0x44, 0x19, 0x15, 0x64, 0x8B, 0x04, 0x65, 0xE4, 0x14, + 0x06, 0x08, 0xC7, 0x04, 0x5B, 0x28, 0x81, 0x89, 0xC2, 0x70, + 0xD0, 0xB4, 0x71, 0x4C, 0x24, 0x80, 0xA1, 0x28, 0x86, 0xD1, + 0x06, 0x25, 0x13, 0x03, 0x84, 0x8C, 0x18, 0x41, 0x49, 0x34, + 0x09, 0xCB, 0x22, 0x71, 0x0C, 0xA3, 0x90, 0x22, 0x94, 0x51, + 0x58, 0x02, 0x2D, 0x53, 0x30, 0x00, 0xC2, 0x06, 0x42, 0x48, + 0xC4, 0x70, 0x8A, 0x32, 0x89, 0x80, 0x16, 0x06, 0x90, 0x44, + 0x91, 0xCB, 0xC8, 0x71, 0xA2, 0xB6, 0x64, 0xD0, 0x26, 0x0A, + 0x21, 0x05, 0x88, 0x0C, 0xB0, 0x6C, 0x03, 0x49, 0x24, 0x80, + 0x02, 0x11, 0xD1, 0x36, 0x06, 0x84, 0x32, 0x11, 0x81, 0x44, + 0x91, 0x9B, 0xB0, 0x01, 0x91, 0x02, 0x25, 0x44, 0x92, 0x69, + 0x5A, 0x08, 0x6C, 0x90, 0x00, 0x0D, 0x09, 0x17, 0x64, 0x89, + 0xB2, 0x2D, 0x02, 0x06, 0x2C, 0xDC, 0x92, 0x45, 0xE1, 0x34, + 0x31, 0x11, 0x03, 0x2D, 0x00, 0x94, 0x29, 0xCA, 0x34, 0x89, + 0xA3, 0x40, 0x22, 0xC4, 0x30, 0x08, 0x02, 0x33, 0x6E, 0x1C, + 0x85, 0x10, 0xE4, 0x92, 0x30, 0xC4, 0x46, 0x84, 0xE0, 0x26, + 0x28, 0xC3, 0x10, 0x65, 0x51, 0x06, 0x4A, 0x03, 0xC1, 0x11, + 0x48, 0x32, 0x4E, 0x9A, 0xC4, 0x6C, 0x91, 0x38, 0x40, 0xC0, + 0x92, 0x64, 0xE3, 0xA4, 0x85, 0x22, 0x32, 0x52, 0x92, 0x08, + 0x20, 0x82, 0x22, 0x12, 0x49, 0x20, 0x6C, 0x91, 0x06, 0x01, + 0x1B, 0x30, 0x06, 0x12, 0xC3, 0x41, 0x4B, 0x40, 0x42, 0x0B, + 0xA7, 0x01, 0x60, 0x12, 0x89, 0x24, 0x98, 0x30, 0x99, 0xA6, + 0x64, 0x61, 0x26, 0x6A, 0x91, 0xB0, 0x11, 0x03, 0xC2, 0x2D, + 0x41, 0xC8, 0x6D, 0xD8, 0x38, 0x28, 0x4B, 0x98, 0x04, 0x98, + 0x18, 0x09, 0x18, 0xA6, 0x65, 0x81, 0x38, 0x69, 0x5B, 0xC4, + 0x6D, 0x98, 0x26, 0x0D, 0x62, 0xC6, 0x71, 0xC3, 0xC6, 0x4C, + 0xC2, 0x02, 0x46, 0x5B, 0x94, 0x65, 0x09, 0x29, 0x0E, 0xA2, + 0xA2, 0x41, 0xE4, 0x02, 0x69, 0xA3, 0x90, 0x4D, 0x8B, 0xA6, + 0x70, 0xA3, 0x40, 0x85, 0x5C, 0x36, 0x48, 0x22, 0xC5, 0x84, + 0x19, 0x91, 0x25, 0x00, 0xC2, 0x65, 0xC4, 0x46, 0x2E, 0xDC, + 0xB0, 0x51, 0x94, 0x28, 0x01, 0x9B, 0x22, 0x66, 0x01, 0xA8, + 0x90, 0x9A, 0xC4, 0x08, 0xD1, 0x22, 0x41, 0x42, 0x34, 0x62, + 0x60, 0x40, 0x92, 0x93, 0xC8, 0x45, 0xD8, 0x04, 0x20, 0x8A, + 0x30, 0x25, 0xE1, 0x14, 0x40, 0x11, 0x13, 0x00, 0x54, 0x22, + 0x62, 0x50, 0x10, 0x22, 0x03, 0xA9, 0x85, 0x9B, 0x42, 0x4D, + 0x50, 0xB2, 0x41, 0x10, 0x13, 0x48, 0x63, 0x38, 0x68, 0xA1, + 0xB0, 0x0D, 0x1B, 0x88, 0x84, 0x8A, 0x28, 0x51, 0xD4, 0x38, + 0x2A, 0x12, 0x43, 0x61, 0x80, 0x38, 0x32, 0x18, 0xC6, 0x29, + 0x22, 0xB5, 0x21, 0x02, 0x99, 0x28, 0xCC, 0x18, 0x85, 0x83, + 0xB4, 0x8C, 0x81, 0x24, 0x51, 0x10, 0x83, 0x68, 0x1C, 0x47, + 0x71, 0x8C, 0x40, 0x6C, 0x00, 0xB6, 0x0D, 0x88, 0x22, 0x90, + 0x0C, 0xC7, 0x49, 0xC0, 0x82, 0x89, 0xDA, 0x22, 0x4A, 0xC8, + 0x18, 0x08, 0xD1, 0x00, 0x2C, 0xDA, 0x30, 0x49, 0x49, 0xC8, + 0x91, 0x5A, 0x96, 0x64, 0x11, 0x96, 0x20, 0xD2, 0xC4, 0x60, + 0xE0, 0x46, 0x6A, 0x02, 0xB5, 0x21, 0x19, 0xB9, 0x81, 0x23, + 0x00, 0x22, 0x11, 0x37, 0x32, 0x19, 0xA4, 0x0D, 0x51, 0x96, + 0x89, 0x1B, 0x11, 0x11, 0xC3, 0x14, 0x88, 0x4C, 0x96, 0x0C, + 0x01, 0x13, 0x72, 0x83, 0x16, 0x12, 0x24, 0x38, 0x51, 0x40, + 0x34, 0x89, 0xD9, 0x26, 0x01, 0x54, 0x42, 0x8D, 0x00, 0xC1, + 0x85, 0x13, 0x14, 0x84, 0x82, 0x16, 0x25, 0x88, 0xB0, 0x51, + 0x11, 0x80, 0x30, 0x23, 0x25, 0x46, 0x04, 0x27, 0x66, 0x11, + 0x28, 0x30, 0xD4, 0x94, 0x84, 0x10, 0xA0, 0x8C, 0xC1, 0x36, + 0x0C, 0x14, 0x98, 0x28, 0x5B, 0x02, 0x90, 0xD9, 0x90, 0x31, + 0xD3, 0x28, 0x68, 0x23, 0x90, 0x80, 0x24, 0xC7, 0x84, 0xA1, + 0x00, 0x09, 0xC1, 0x36, 0x84, 0x58, 0xB6, 0x28, 0x4A, 0xB0, + 0x69, 0x08, 0x10, 0x51, 0x1C, 0xB6, 0x84, 0x83, 0x84, 0x81, + 0x03, 0x39, 0x90, 0x81, 0x42, 0x12, 0x13, 0xB4, 0x49, 0x0A, + 0x20, 0x09, 0x93, 0x22, 0x42, 0xD4, 0x26, 0x21, 0xA3, 0x32, + 0x89, 0x89, 0x84, 0x81, 0x0B, 0x02, 0x21, 0x64, 0x28, 0x90, + 0x89, 0xB2, 0x29, 0xE1, 0x36, 0x2C, 0x11, 0x30, 0x51, 0x21, + 0x83, 0x2C, 0x04, 0x36, 0x26, 0x61, 0x12, 0x8C, 0x19, 0x43, + 0x52, 0x89, 0x90, 0x88, 0x43, 0xB8, 0x71, 0x0C, 0x43, 0x09, + 0x84, 0x26, 0x6A, 0x50, 0x36, 0x20, 0x00, 0xC3, 0x68, 0x91, + 0x38, 0x0E, 0x12, 0x12, 0x52, 0x82, 0xC4, 0x4D, 0x64, 0x90, + 0x4D, 0x8C, 0x30, 0x22, 0x14, 0x26, 0x6E, 0x10, 0x46, 0x8E, + 0x58, 0x34, 0x46, 0x22, 0x97, 0x68, 0x02, 0x43, 0x61, 0x41, + 0x06, 0x01, 0x88, 0x42, 0x40, 0x08, 0x06, 0x6D, 0x80, 0x42, + 0x22, 0x84, 0x48, 0x89, 0xDB, 0x84, 0x90, 0xC0, 0x22, 0x71, + 0x43, 0x96, 0x45, 0x0A, 0xA3, 0x30, 0x12, 0x28, 0x44, 0x51, + 0x00, 0x52, 0x99, 0xA0, 0x8D, 0xC2, 0x28, 0x00, 0xC8, 0x18, + 0x6E, 0xA2, 0x40, 0x8E, 0x03, 0x47, 0x31, 0x61, 0x22, 0x41, + 0xD3, 0xB4, 0x01, 0x48, 0x14, 0x40, 0x4C, 0x06, 0x0C, 0x41, + 0x06, 0x2A, 0x5B, 0x90, 0x25, 0xCC, 0xC6, 0x41, 0xC3, 0x86, + 0x28, 0x99, 0x26, 0x50, 0x11, 0xC4, 0x8D, 0x8C, 0x30, 0x68, + 0x8C, 0x08, 0x0C, 0x50, 0x38, 0x86, 0xDC, 0x10, 0x92, 0xD4, + 0x18, 0x72, 0x02, 0xA8, 0x2C, 0x42, 0x82, 0x44, 0x53, 0x36, + 0x0E, 0x90, 0x32, 0x49, 0x84, 0x24, 0x09, 0x12, 0xA2, 0x41, + 0x82, 0x10, 0x4D, 0x01, 0xA0, 0x8C, 0x11, 0xB2, 0x80, 0x21, + 0x89, 0x69, 0x24, 0x21, 0x28, 0x02, 0x03, 0x6E, 0x49, 0x32, + 0x0C, 0x08, 0x88, 0x84, 0x91, 0x80, 0x10, 0x0C, 0x33, 0x12, + 0x43, 0x24, 0x8A, 0x82, 0x26, 0x10, 0x60, 0xC6, 0x60, 0x48, + 0xA2, 0x10, 0x12, 0x83, 0x24, 0x0B, 0x03, 0x40, 0xCA, 0x08, + 0x20, 0x99, 0x36, 0x86, 0x5B, 0x24, 0x41, 0x10, 0x87, 0x04, + 0x0C, 0x15, 0x04, 0x14, 0xB2, 0x68, 0x0B, 0x89, 0x29, 0x99, + 0x16, 0x8D, 0x00, 0x42, 0x00, 0x9B, 0x48, 0x44, 0x12, 0x45, + 0x6C, 0x0A, 0x25, 0x92, 0xC0, 0xC4, 0x00, 0x1A, 0xC8, 0x31, + 0x21, 0x26, 0x8A, 0x81, 0xA0, 0x2C, 0x11, 0x85, 0x65, 0x9A, + 0x08, 0x61, 0xD9, 0x22, 0x12, 0xCB, 0x36, 0x71, 0xA2, 0x08, + 0x0A, 0xE4, 0x06, 0x32, 0x19, 0x19, 0x4A, 0x1B, 0x34, 0x45, + 0x51, 0x06, 0x6E, 0x48, 0x02, 0x68, 0x13, 0xB7, 0x10, 0x44, + 0xC8, 0x85, 0x13, 0x81, 0x2C, 0xC4, 0x40, 0x45, 0x42, 0x98, + 0x21, 0x62, 0x18, 0x92, 0x9B, 0x44, 0x25, 0xA1, 0x06, 0x28, + 0x52, 0x82, 0x11, 0x44, 0x24, 0x32, 0x02, 0xC6, 0x80, 0x10, + 0x45, 0x4E, 0x22, 0x93, 0x0D, 0x44, 0x02, 0x68, 0x4A, 0x30, + 0x81, 0xC9, 0x94, 0x85, 0x08, 0x07, 0x08, 0x24, 0x39, 0x64, + 0xD2, 0x08, 0x22, 0xD0, 0xA0, 0x41, 0x81, 0x92, 0x91, 0x8C, + 0x24, 0x6A, 0xCA, 0x36, 0x32, 0x1C, 0x12, 0x45, 0x92, 0x94, + 0x80, 0x82, 0x86, 0x4C, 0xDA, 0xA2, 0x84, 0x98, 0x24, 0x49, + 0x0A, 0x13, 0x90, 0x1B, 0xC3, 0x01, 0x49, 0x28, 0x60, 0x08, + 0x21, 0x92, 0x0B, 0xB0, 0x20, 0x52, 0x90, 0x84, 0x8A, 0x32, + 0x11, 0x50, 0x28, 0x8C, 0x5B, 0x38, 0x2E, 0xDC, 0xB4, 0x08, + 0x12, 0x20, 0x84, 0xD1, 0x12, 0x22, 0x99, 0x08, 0x11, 0x19, + 0x95, 0x10, 0x80, 0x44, 0x6A, 0xE1, 0x12, 0x85, 0xCC, 0xB0, + 0x24, 0x23, 0x15, 0x4C, 0x63, 0x34, 0x68, 0x5C, 0xB6, 0x65, + 0x42, 0xC2, 0x4D, 0x20, 0x95, 0x84, 0x8A, 0x42, 0x00, 0x4C, + 0x24, 0x50, 0x98, 0x02, 0x6C, 0x21, 0x44, 0x84, 0x20, 0x85, + 0x21, 0x80, 0x48, 0x6C, 0x9C, 0x14, 0x86, 0x81, 0x86, 0x91, + 0x1C, 0x09, 0x04, 0xDC, 0xC6, 0x28, 0x09, 0x27, 0x30, 0x4B, + 0x02, 0x64, 0x44, 0x46, 0x30, 0x9C, 0xA2, 0x8C, 0x20, 0x11, + 0x68, 0x11, 0x24, 0x51, 0x0B, 0x02, 0x00, 0xD2, 0x82, 0x4D, + 0xC3, 0x80, 0x71, 0xE0, 0x48, 0x2C, 0x4A, 0x88, 0x50, 0xA0, + 0x20, 0x49, 0x4B, 0xB4, 0x31, 0x08, 0x12, 0x71, 0x90, 0xA2, + 0x89, 0xCA, 0x46, 0x85, 0x91, 0x96, 0x91, 0x8A, 0x30, 0x31, + 0x0B, 0xC2, 0x21, 0x61, 0x10, 0x49, 0x10, 0x99, 0x81, 0x53, + 0x36, 0x0C, 0x23, 0x81, 0x88, 0x62, 0x28, 0x0A, 0x12, 0x43, + 0x70, 0x02, 0xC7, 0x51, 0x14, 0x34, 0x88, 0x23, 0x84, 0x49, + 0x23, 0x86, 0x08, 0x0C, 0x28, 0x28, 0x94, 0xA0, 0x8D, 0x11, + 0x33, 0x60, 0xA3, 0x38, 0x6E, 0xC0, 0x42, 0x2E, 0x52, 0xB4, + 0x40, 0x0A, 0x25, 0x4D, 0x1C, 0x10, 0x2A, 0x9A, 0x96, 0x64, + 0x10, 0xC1, 0x60, 0x8C, 0x46, 0x60, 0x5A, 0x24, 0x89, 0x42, + 0x40, 0x86, 0xD0, 0x34, 0x89, 0x5C, 0x02, 0x02, 0x00, 0x34, + 0x21, 0x00, 0x24, 0x00, 0xA0, 0x20, 0x60, 0x03, 0xA6, 0x40, + 0xDC, 0x30, 0x80, 0x4B, 0xA8, 0x20, 0x0B, 0xA2, 0x24, 0xE2, + 0xB0, 0x89, 0xA2, 0xB2, 0x65, 0xD4, 0xA6, 0x68, 0x20, 0xA3, + 0x04, 0x4C, 0xC2, 0x11, 0x4A, 0x38, 0x24, 0x08, 0x17, 0x4D, + 0xE2, 0xA2, 0x00, 0x02, 0xC8, 0x00, 0x08, 0x00, 0x30, 0xA4, + 0xB6, 0x25, 0x5A, 0x30, 0x01, 0x40, 0x92, 0x4C, 0xC8, 0x44, + 0x92, 0x43, 0xC8, 0x60, 0xA3, 0x86, 0x84, 0x18, 0x04, 0x70, + 0x53, 0xB2, 0x40, 0x4C, 0x04, 0x84, 0x09, 0xC8, 0x48, 0x21, + 0x13, 0x31, 0x04, 0xA5, 0x0D, 0x90, 0x92, 0x88, 0xC1, 0x10, + 0x8D, 0xE0, 0x88, 0x28, 0x0B, 0x06, 0x84, 0x23, 0x22, 0x6C, + 0xDB, 0xB2, 0x05, 0xC8, 0x08, 0x6E, 0x93, 0x86, 0x4C, 0x0C, + 0x37, 0x86, 0xDA, 0x16, 0x51, 0x9B, 0x08, 0x32, 0x00, 0x91, + 0x45, 0xA4, 0x00, 0x2D, 0x14, 0x02, 0x0E, 0x60, 0x90, 0x4C, + 0x23, 0xB4, 0x09, 0x00, 0xA5, 0x81, 0x19, 0x21, 0x32, 0xC2, + 0x00, 0x02, 0x18, 0x10, 0x50, 0x08, 0xA2, 0x6D, 0x20, 0x31, + 0x6A, 0x90, 0x46, 0x90, 0x8B, 0x94, 0x30, 0x21, 0x44, 0x52, + 0x10, 0x19, 0x51, 0x94, 0xC0, 0x29, 0xC8, 0x20, 0x4E, 0x48, + 0xA6, 0x4C, 0x11, 0xC4, 0x64, 0xDC, 0x34, 0x10, 0x48, 0xC4, + 0x84, 0xCA, 0x46, 0x0C, 0x58, 0x12, 0x49, 0x0B, 0x16, 0x00, + 0x20, 0x42, 0x50, 0x04, 0x00, 0x46, 0xF8, 0x68, 0xB1, 0xA7, + 0x5E, 0xA7, 0xE6, 0xCE, 0xF5, 0x88, 0x8A, 0x5F, 0x79, 0xC9, + 0x3A, 0x5F, 0xF2, 0x7F, 0x5A, 0xED, 0xB4, 0xB4, 0x25, 0x44, + 0xD2, 0x7E, 0xED, 0xCE, 0x46, 0x40, 0xAC, 0xC2, 0x53, 0xD0, + 0xD3, 0xE7, 0xF6, 0x1C, 0xFA, 0x23, 0x4A, 0xB0, 0xEA, 0x32, + 0x91, 0xB7, 0xDA, 0x8B, 0x72, 0x35, 0xB7, 0x74, 0xD5, 0x9A, + 0x9B, 0x22, 0x3D, 0x49, 0x08, 0xBA, 0xD1, 0x7D, 0x9F, 0x64, + 0xD5, 0xAD, 0x7A, 0x37, 0xBD, 0x11, 0xD0, 0xA0, 0x7C, 0x53, + 0x05, 0x1A, 0x66, 0x6C, 0x5D, 0x42, 0x45, 0x55, 0x34, 0xC0, + 0x1F, 0xCA, 0xDB, 0x0D, 0x4F, 0x75, 0x95, 0x9F, 0x10, 0x9A, + 0x8D, 0x54, 0xCE, 0xC2, 0x5C, 0xF0, 0xCE, 0xBD, 0x39, 0x70, + 0xB0, 0x52, 0x2E, 0x4B, 0x11, 0x0D, 0x25, 0xD7, 0xE5, 0x4B, + 0xF1, 0xE3, 0x4F, 0xBE, 0xF2, 0x73, 0xA6, 0xDE, 0xB6, 0xC4, + 0x61, 0x71, 0xCC, 0x5C, 0xFE, 0x55, 0xF0, 0x50, 0xBA, 0x9C, + 0x18, 0x44, 0x13, 0xDD, 0xCB, 0x7A, 0xD2, 0xA2, 0xDC, 0xBF, + 0xF2, 0xC8, 0x84, 0xFF, 0x5B, 0xA7, 0xFA, 0x8D, 0x18, 0xF2, + 0x55, 0xD0, 0x3C, 0x4E, 0xB3, 0x77, 0x7C, 0x95, 0x91, 0x98, + 0x52, 0xF2, 0xB6, 0xCF, 0xFC, 0x45, 0xF4, 0x71, 0x62, 0x24, + 0xE2, 0x7B, 0xF7, 0x85, 0x08, 0x17, 0x6A, 0x62, 0xB4, 0xE9, + 0x08, 0x3E, 0xA1, 0xC6, 0x27, 0x8E, 0xB3, 0x26, 0xA5, 0x95, + 0x91, 0x84, 0xD0, 0xA0, 0xCD, 0xBF, 0x45, 0xD0, 0xE2, 0x26, + 0x65, 0x74, 0xD6, 0x49, 0x50, 0xF2, 0x6B, 0xAE, 0xF1, 0x8A, + 0x2A, 0x18, 0xDA, 0xF0, 0xAD, 0xE7, 0xF3, 0x0A, 0x0E, 0x33, + 0xA5, 0xCA, 0x11, 0x16, 0xCC, 0xD6, 0x81, 0x89, 0x83, 0x27, + 0x32, 0x97, 0x61, 0x48, 0x0D, 0x89, 0x3E, 0xB7, 0x7E, 0x02, + 0xC8, 0x96, 0x93, 0xFA, 0xD0, 0x1D, 0x76, 0xB4, 0xA4, 0x38, + 0x4C, 0xE3, 0xB4, 0x6F, 0xCE, 0x66, 0x90, 0x53, 0xDC, 0xCE, + 0xD6, 0x10, 0x16, 0x3E, 0xB8, 0xBD, 0xD9, 0x8C, 0xA9, 0x90, + 0x54, 0xAF, 0x86, 0x07, 0xB3, 0xC1, 0x82, 0xFB, 0x41, 0x61, + 0xB8, 0x6D, 0x8E, 0xA5, 0xA8, 0xEB, 0xE3, 0xC0, 0xCF, 0x51, + 0xAA, 0x94, 0x7A, 0x7F, 0x9C, 0x48, 0xA3, 0x40, 0x83, 0x33, + 0x22, 0x41, 0x61, 0x4C, 0xD4, 0x62, 0xD7, 0xC6, 0xC6, 0x5B, + 0xF3, 0x48, 0x42, 0xA7, 0x18, 0xD5, 0xAF, 0x05, 0xF6, 0x7A, + 0xF6, 0x6D, 0x82, 0xFF, 0x89, 0x68, 0x21, 0x13, 0x62, 0xA5, + 0x7E, 0xC9, 0x43, 0x03, 0x73, 0xF7, 0xD1, 0x01, 0x7D, 0xD9, + 0x13, 0x03, 0x9C, 0x99, 0x74, 0xD4, 0x92, 0x2E, 0xD1, 0xD3, + 0xCB, 0x53, 0x6C, 0xF9, 0xFE, 0xB4, 0x3D, 0x51, 0xF1, 0x63, + 0x42, 0x5B, 0xB2, 0x5D, 0x70, 0x03, 0xE5, 0x46, 0x5B, 0xC1, + 0xEB, 0x27, 0x11, 0x22, 0x15, 0x73, 0x6C, 0xF8, 0x51, 0x0A, + 0xFF, 0xD8, 0xFE, 0xB6, 0xE1, 0xBD, 0x42, 0xC0, 0x4C, 0xEB, + 0xCD, 0x1E, 0x3C, 0xD5, 0x7C, 0xEA, 0xC6, 0xD4, 0x34, 0xD2, + 0x8D, 0x99, 0xC4, 0x99, 0xA8, 0x8E, 0x9F, 0x60, 0xA8, 0xE8, + 0x7B, 0x1E, 0x7E, 0x50, 0x14, 0xAD, 0xFC, 0xDB, 0xA6, 0x00, + 0xE9, 0x00, 0x7A, 0x5A, 0xCD, 0x01, 0x26, 0xBB, 0x4E, 0x00, + 0x9E, 0xCC, 0xD3, 0x2D, 0x49, 0x1B, 0xB8, 0x60, 0x2C, 0x59, + 0x2A, 0x95, 0x8C, 0x92, 0x4D, 0x1A, 0x57, 0x3B, 0xEF, 0x6E, + 0xC4, 0x91, 0xE4, 0x99, 0x5E, 0xAE, 0x1B, 0xAF, 0x1E, 0x14, + 0x51, 0x38, 0x19, 0xBC, 0x33, 0x5C, 0x21, 0x4D, 0xAD, 0xA1, + 0x12, 0x17, 0xE6, 0xF5, 0x37, 0x98, 0xF6, 0xE6, 0x38, 0x4D, + 0x07, 0x80, 0x1D, 0xD8, 0x5E, 0xCC, 0x58, 0xDB, 0x7E, 0x3A, + 0x8F, 0x90, 0xDF, 0x9E, 0x80, 0xFB, 0xFC, 0x10, 0xEC, 0x7E, + 0x81, 0x53, 0x37, 0xC1, 0x66, 0xEE, 0xD7, 0x80, 0x0F, 0x0C, + 0xEB, 0xE8, 0x85, 0x2E, 0x37, 0x61, 0x8B, 0x9C, 0x63, 0xF6, + 0x27, 0x77, 0x16, 0x44, 0x61, 0x66, 0xC9, 0x79, 0x31, 0xDD, + 0xB4, 0x94, 0x9D, 0x8C, 0x8B, 0x1D, 0x28, 0xC2, 0x84, 0xC9, + 0x30, 0x71, 0xF4, 0x9E, 0xEF, 0x00, 0x2B, 0xA2, 0x9F, 0x38, + 0x65, 0xE6, 0xD1, 0x80, 0x26, 0x9B, 0xC4, 0xE8, 0x83, 0xCE, + 0x64, 0xD0, 0x8A, 0x9A, 0x1E, 0xEF, 0xA3, 0xB6, 0xD2, 0x0B, + 0x9C, 0x14, 0xF3, 0x08, 0xF1, 0x73, 0xD1, 0x34, 0xAE, 0x83, + 0xE7, 0x97, 0x5B, 0x97, 0x35, 0x0E, 0x35, 0xDC, 0x22, 0xD5, + 0xAA, 0xD1, 0xBC, 0xC7, 0x40, 0x20, 0xAD, 0x43, 0x36, 0x24, + 0x66, 0x7A, 0xB7, 0x1F, 0xF9, 0x1A, 0x1F, 0x37, 0xCE, 0xC2, + 0xFC, 0x98, 0xB1, 0x6A, 0x9A, 0x81, 0xD9, 0x4B, 0x53, 0x68, + 0xC5, 0xF3, 0xE6, 0x69, 0x76, 0xA6, 0x8B, 0x98, 0xFB, 0x84, + 0x2E, 0xD3, 0x4F, 0x77, 0xF9, 0x24, 0xF9, 0x13, 0x89, 0x8D, + 0xF6, 0x80, 0x2E, 0x0E, 0xA1, 0xCD, 0x90, 0x58, 0xCE, 0x63, + 0x36, 0x95, 0x8C, 0xF6, 0x68, 0xC3, 0x84, 0xF8, 0xB4, 0x5E, + 0x9E, 0x6C, 0x19, 0x32, 0x90, 0xA7, 0xD0, 0x2D, 0x47, 0x6B, + 0xCB, 0xAF, 0x85, 0x65, 0x92, 0x83, 0x11, 0x8E, 0xCC, 0x88, + 0xB1, 0x0B, 0xB8, 0x1E, 0x55, 0x4F, 0x18, 0x2A, 0xC4, 0x02, + 0xA8, 0x45, 0x6A, 0xCD, 0x75, 0x58, 0x6A, 0xAF, 0x83, 0x94, + 0x38, 0x1D, 0xA9, 0x09, 0x29, 0x1E, 0x0E, 0x43, 0xA9, 0x04, + 0x26, 0xF6, 0x1C, 0xC7, 0xCB, 0xC1, 0x10, 0xB9, 0x86, 0xC1, + 0xA2, 0xEC, 0x03, 0xDE, 0xF7, 0x53, 0x67, 0x2B, 0xDF, 0xEE, + 0xAF, 0xD2, 0xF2, 0xA8, 0xBD, 0xD9, 0x21, 0xCC, 0x8C, 0x72, + 0x02, 0x44, 0xF5, 0xA5, 0xED, 0x88, 0x5B, 0xAC, 0x5F, 0x5A, + 0x15, 0x81, 0xCC, 0x95, 0x15, 0x2E, 0x34, 0x72, 0x59, 0x6C, + 0x03, 0x36, 0x5E, 0x22, 0x7E, 0x3F, 0x65, 0xA6, 0x8C, 0x4F, + 0x89, 0xC1, 0xE7, 0x63, 0xB6, 0x1B, 0xE5, 0x41, 0xC7, 0xF8, + 0x96, 0xA4, 0x8F, 0x4F, 0x47, 0x59, 0x3E, 0x9D, 0x45, 0xCE, + 0xE4, 0x1B, 0xF1, 0x69, 0x0C, 0x39, 0x34, 0x16, 0x77, 0x6A, + 0xF5, 0xB5, 0x9E, 0x8B, 0x63, 0x86, 0x35, 0xFD, 0x4F, 0x2A, + 0x4B, 0x49, 0x21, 0x7C, 0xE3, 0xEA, 0x5C, 0xDE, 0x98, 0xE4, + 0x58, 0x32, 0x67, 0x98, 0xFC, 0x8F, 0xAB, 0x01, 0x0E, 0xA4, + 0x8B, 0x39, 0xA3, 0x55, 0x4C, 0x8E, 0x98, 0xBA, 0xCD, 0x3B, + 0xDB, 0x91, 0x8D, 0x94, 0x98, 0xBE, 0x37, 0x7B, 0xDB, 0x58, + 0xFC, 0xC1, 0x88, 0x7D, 0xD3, 0xBC, 0x8F, 0xB4, 0x7C, 0xB2, + 0xFE, 0x3E, 0x26, 0x36, 0x95, 0x7E, 0xDB, 0xD1, 0x38, 0x29, + 0xD9, 0xCF, 0x5D, 0x0E, 0xD1, 0xDF, 0x7F, 0xD1, 0x68, 0x04, + 0x70, 0x6F, 0x61, 0x39, 0x49, 0x44, 0xD2, 0x5C, 0x0C, 0xC3, + 0xD6, 0xF8, 0x1E, 0x96, 0x36, 0x43, 0x79, 0xB2, 0xE5, 0x1A, + 0xF1, 0x32, 0x03, 0xE1, 0x22, 0x45, 0x20, 0x1B, 0x36, 0x6A, + 0xB8, 0x62, 0xA5, 0xC5, 0x85, 0x8B, 0xED, 0x42, 0x69, 0xC6, + 0x30, 0x36, 0xA1, 0xF6, 0x22, 0x8D, 0x37, 0xD8, 0xE4, 0xBD, + 0x26, 0x8B, 0x89, 0xC2, 0xA9, 0x10, 0x82, 0xDD, 0x0C, 0x2D, + 0x04, 0x39, 0xB7, 0x59, 0x0B, 0x30, 0x2A, 0x6D, 0x84, 0x4A, + 0x74, 0xB9, 0x3F, 0xEA, 0xA5, 0x34, 0x76, 0xFA, 0xAD, 0x99, + 0xB0, 0xEF, 0xA0, 0xF1, 0x85, 0x3D, 0x00, 0x76, 0x00, 0xF8, + 0xFA, 0x1B, 0xAA, 0xB7, 0x5A, 0x62, 0x0E, 0xFD, 0xDC, 0x7A, + 0xCA, 0x18, 0x43, 0x32, 0x02, 0xB7, 0x20, 0x38, 0x0B, 0x50, + 0x4E, 0x57, 0xBF, 0x88, 0xBA, 0x09, 0xD3, 0x9D, 0x8B, 0x3A, + 0x88, 0x82, 0xD9, 0xC3, 0x60, 0x89, 0x10, 0xF5, 0x09, 0x61, + 0x72, 0x41, 0x83, 0xCB, 0x29, 0x38, 0xB3, 0x75, 0xD8, 0xBB, + 0x7E, 0x3F, 0x4A, 0x3C, 0x6B, 0xE5, 0xAE, 0xB7, 0x18, 0xC1, + 0x52, 0x3C, 0x8D, 0x8B, 0xF3, 0x8B, 0x84, 0x98, 0x3E, 0xE3, + 0x5F, 0x5B, 0x89, 0xB7, 0x07, 0x58, 0xD3, 0x7B, 0x84, 0x38, + 0x57, 0x3B, 0xF7, 0x59, 0x22, 0x6B, 0xA7, 0x31, 0x1D, 0xAF, + 0xBF, 0xFA, 0x15, 0x8B, 0xE0, 0x72, 0xFA, 0xCA, 0xB6, 0xC2, + 0xD6, 0x42, 0x43, 0x27, 0xF6, 0xAA, 0x3E, 0x5B, 0x07, 0x12, + 0x5C, 0xEF, 0xED, 0xCB, 0xDF, 0xAA, 0x5F, 0xF8, 0x77, 0xD0, + 0x8E, 0xC7, 0x03, 0x1E, 0x23, 0x5A, 0xF1, 0x3A, 0xA9, 0x10, + 0x6F, 0x05, 0x46, 0x04, 0x72, 0x63, 0xAC, 0xAE, 0x4B, 0x3D, + 0x1E, 0x2D, 0xC2, 0xE9, 0x38, 0x6A, 0xA9, 0x11, 0x1E, 0xE0, + 0xCA, 0x06, 0x7A, 0x5A, 0x45, 0xB2, 0x82, 0x0C, 0x10, 0xEB, + 0x0D, 0x10, 0x26, 0x74, 0xA5, 0x07, 0x1B, 0xBA, 0x61, 0xFD, + 0x8C, 0x73, 0xCB, 0x96, 0xFC, 0xF8, 0x98, 0x2D, 0x83, 0x12, + 0x0B, 0x6A, 0x9C, 0xA4, 0x70, 0x95, 0x4B, 0xD8, 0x11, 0x71, + 0x8F, 0x22, 0x89, 0xA2, 0x6A, 0x0A, 0xB0, 0x17, 0x93, 0x46, + 0x89, 0x60, 0x58, 0x2E, 0x1F, 0x3B, 0xE1, 0x6F, 0x49, 0x47, + 0xBC, 0x93, 0xD2, 0x14, 0x3D, 0xF2, 0x21, 0xA4, 0xFA, 0x1F, + 0x9D, 0x3F, 0x08, 0x40, 0x17, 0x77, 0x58, 0x7F, 0x65, 0xB4, + 0xFD, 0x01, 0x67, 0xF1, 0x62, 0x77, 0xD8, 0x6D, 0x46, 0x42, + 0x30, 0x52, 0x64, 0x4C, 0x76, 0x64, 0x7E, 0x09, 0xDD, 0x57, + 0x04, 0xB8, 0x4A, 0x7F, 0x8A, 0x68, 0xC3, 0x0D, 0xD9, 0xBE, + 0xF6, 0x61, 0x1C, 0x4D, 0x30, 0x80, 0x18, 0x83, 0xD6, 0x3F, + 0xB9, 0x58, 0x52, 0x20, 0xB9, 0x60, 0xEA, 0x22, 0xD0, 0xD0, + 0x61, 0x1A, 0x3B, 0x32, 0x69, 0x35, 0x8B, 0x22, 0x6E, 0x27, + 0x2E, 0xE2, 0x6D, 0xBA, 0xC7, 0x17, 0x02, 0xDA, 0x83, 0x22, + 0x5C, 0x31, 0x60, 0xD6, 0x78, 0x78, 0xBF, 0x0B, 0xEE, 0xD4, + 0x68, 0x32, 0xAE, 0x17, 0x80, 0x04, 0x7F, 0xD9, 0xA9, 0xA0, + 0xC9, 0xB7, 0x98, 0xEE, 0x9C, 0x8C, 0x61, 0x70, 0xBB, 0x2F, + 0x10, 0x39, 0x3E, 0xCC, 0x6E, 0xC8, 0x0A, 0x0F, 0xA2, 0x1E, + 0x31, 0x01, 0x75, 0x1E, 0x41, 0x9E, 0x63, 0x14, 0xC2, 0x3A, + 0xD9, 0x1A, 0x8B, 0x52, 0x0D, 0xFD, 0xDC, 0xE6, 0x23, 0x35, + 0xF1, 0x17, 0xE4, 0xA6, 0xDB, 0xAC, 0x3F, 0x67, 0x59, 0x02, + 0x8E, 0x20, 0x6F, 0x55, 0x69, 0xF8, 0x16, 0xFC, 0x33, 0x53, + 0xCA, 0xE8, 0x4E, 0x3F, 0xA4, 0x5C, 0xA6, 0xA4, 0x95, 0xCD, + 0xB7, 0x9D, 0x14, 0x79, 0xAE, 0x82, 0xF8, 0x2F, 0xE2, 0x13, + 0x0D, 0xDE, 0x75, 0x19, 0xA4, 0x0C, 0x32, 0x83, 0xD0, 0x14, + 0x35, 0xE7, 0x77, 0xD0, 0x18, 0x9C, 0xEF, 0xCC, 0xD5, 0xDA, + 0x39, 0x3B, 0xFF, 0x11, 0x39, 0x20, 0x3D, 0x5A, 0xB1, 0x16, + 0x2A, 0x57, 0x6B, 0x27, 0xC1, 0xB6, 0x69, 0xB5, 0x9B, 0x78, + 0x6F, 0x6B, 0x8A, 0xEF, 0x3F, 0x8F, 0xB8, 0x37, 0xBF, 0xCA, + 0x2D, 0x27, 0x25, 0x12, 0xC9, 0x81, 0x3A, 0x4C, 0x1A, 0x94, + 0xDF, 0x6D, 0x27, 0xF8, 0x85, 0x26, 0xA0, 0x88, 0x56, 0x7B, + 0x62, 0x5E, 0x84, 0xCF, 0x84, 0xAB, 0x81, 0xA3, 0xD4, 0xEB, + 0xE9, 0x85, 0x96, 0xED, 0x27, 0x42, 0xF6, 0x86, 0x28, 0xF1, + 0x8C, 0x69, 0x81, 0xD9, 0xAC, 0x1E, 0x9F, 0x12, 0xA4, 0x9E, + 0x78, 0xC5, 0x2E, 0x07, 0x66, 0xFF, 0x2F, 0xED, 0x93, 0xD2, + 0x62, 0x30, 0x30, 0x81, 0xE5, 0x76, 0x7A, 0x2A, 0x8E, 0xF3, + 0xC0, 0x21, 0x9C, 0xE8, 0xE3, 0x51, 0x4F, 0xDA, 0x96, 0xCF, + 0x6A, 0x0A, 0xC9, 0x90, 0x64, 0x93, 0x70, 0xE2, 0xAD, 0x6E, + 0x17, 0x06, 0x5E, 0xBD, 0x5C, 0x40, 0x4B, 0x43, 0x78, 0x1F, + 0x40, 0x55, 0x36, 0xBD, 0x2B, 0xD6, 0x92, 0x88, 0x02, 0xAA, + 0x3E, 0xDF, 0x3B, 0xC9, 0x90, 0x69, 0x28, 0xE6, 0xE1, 0x7D, + 0xBD, 0x2A, 0xC1, 0x6F, 0x70, 0x6D, 0xB8, 0x1A, 0xAD, 0x66, + 0x4F, 0x78, 0xF7, 0x00, 0x57, 0xED, 0xA8, 0xC3, 0x87, 0x8A, + 0x27, 0x2E, 0xFC, 0xC4, 0x37, 0xB9, 0xED, 0xAE, 0x06, 0x05, + 0x19, 0x60, 0x53, 0x85, 0x54, 0x83, 0x52, 0xEC, 0xBF, 0xA5, + 0x79, 0xFC, 0x18, 0xC3, 0xD8, 0x98, 0xC5, 0xD8, 0x81, 0x78, + 0x4F, 0xDA, 0x24, 0xAD, 0x6F, 0xF4, 0x78, 0x56, 0x79, 0x9F, + 0x5D, 0xE3, 0x6D, 0x35, 0x93, 0xEA, 0xA8, 0xB5, 0x44, 0x1A, + 0xDA, 0x87, 0xBD, 0x06, 0x4D, 0xFF, 0x35, 0x2A, 0x76, 0x51, + 0xD3, 0xC2, 0x73, 0x20, 0x93, 0x33, 0xC0, 0xEA, 0x88, 0xA0, + 0xCD, 0xE1, 0xEA, 0x79, 0x86, 0x32, 0xA7, 0xCE, 0xBA, 0x73, + 0xE9, 0x82, 0x32, 0x64, 0x88, 0x44, 0x66, 0x8A, 0x8C, 0xCB, + 0xF1, 0xDB, 0x42, 0x91, 0x3E, 0x78, 0x3A, 0x77, 0xEB, 0x4C, + 0xFD, 0xFE, 0x43, 0xD8, 0xEA, 0x9E, 0xED, 0x19, 0xAD, 0xA8, + 0x64, 0x1A, 0x12, 0xC3, 0x81, 0x75, 0xA0, 0x61, 0xAF, 0x4F, + 0x71, 0x25, 0x94, 0x76, 0x31, 0x9A, 0xF6, 0x14, 0x3F, 0x6D, + 0x36, 0xC0, 0x2F, 0x52, 0x3B, 0x4B, 0xCB, 0x2B, 0xCF, 0xB8, + 0x70, 0x19, 0x0D, 0x15, 0x1A, 0xF9, 0x48, 0xA8, 0x3A, 0x55, + 0xAF, 0x18, 0x66, 0x50, 0xC8, 0x32, 0x97, 0x43, 0x1E, 0x9F, + 0x8B, 0x66, 0xC1, 0x2E, 0x37, 0x69, 0xB8, 0x97, 0xF9, 0x6A, + 0x1E, 0x69, 0xBA, 0x5C, 0xEC, 0x6F, 0xFD, 0x99, 0x71, 0xB8, + 0xC4, 0x05, 0xB9, 0xB9, 0xE6, 0x4D, 0xA7, 0x01, 0x2D, 0xEB, + 0x26, 0x23, 0x40, 0x4D, 0x79, 0x1B, 0xE4, 0xD9, 0xAB, 0x9F, + 0xE9, 0x9B, 0x35, 0x78, 0xC0, 0x32, 0x8E, 0xF7, 0x5F, 0x7E, + 0xB5, 0x56, 0xD2, 0xA1, 0x35, 0x81, 0x72, 0xD2, 0x6A, 0x0A, + 0xC9, 0x6D, 0x0D, 0xDB, 0x2B, 0xA4, 0x02, 0x92, 0x76, 0x26, + 0xAF, 0x36, 0x27, 0x01, 0xDF, 0xA5, 0x5B, 0x09, 0x97, 0x06, + 0x5E, 0x80, 0xB0, 0x32, 0xFC, 0x1F, 0x72, 0x4E, 0x93, 0x2F, + 0x12, 0xF3, 0xA2, 0x60, 0x19, 0x74, 0x69, 0x03, 0x8B, 0x7D, + 0x6B, 0x2C, 0xE9, 0x54, 0x91, 0xF1, 0x3F, 0x2B, 0xF1, 0x65, + 0x71, 0x0B, 0x24, 0xEF, 0xCC, 0xB8, 0x79, 0x8E, 0x9B, 0x03, + 0xC1, 0xFF, 0xAC, 0xF0, 0x04, 0xEA, 0x92, 0xA3, 0x86, 0x64, + 0x6B, 0x63, 0x43, 0xA6, 0xC3, 0xCB, 0x43, 0xBE, 0xB0, 0xA9, + 0x11, 0x1B, 0x74, 0xC0, 0x87, 0x61, 0x5C, 0xDB, 0xF4, 0xA3, + 0x0E, 0xA6, 0x36, 0xEE, 0x41, 0x7F, 0xA8, 0xA6, 0xDF, 0x1B, + 0x05, 0xAE, 0x77, 0x90, 0x6A, 0xD4, 0x5B, 0x8E, 0x27, 0xE2, + 0xC0, 0x3E, 0x99, 0xAB, 0xFD, 0xFE, 0x6B, 0x71, 0xB4, 0x22, + 0x77, 0x7A, 0xB0, 0x43, 0x8B, 0x81, 0x33, 0x4D, 0x51, 0xD4, + 0xAB, 0xD9, 0xA0, 0x7C, 0xA7, 0x8A, 0x39, 0x92, 0x45, 0x39, + 0xAC, 0x54, 0x13, 0x6E, 0xA5, 0x22, 0x28, 0xC8, 0xAD, 0x3D, + 0xB1, 0xB2, 0xF3, 0x6B, 0xF6, 0x51, 0x17, 0xA3, 0x37, 0xE9, + 0xC9, 0x94, 0x54, 0xD7, 0x64, 0xC6, 0x04, 0xE7, 0xFA, 0x93, + 0xC1, 0xFA, 0xBA, 0xCA, 0x21, 0x1B, 0xF0, 0x6C, 0x99, 0x22, + 0x52, 0x53, 0xEF, 0xC2, 0xA2, 0x19, 0xB3, 0xCA, 0xF5, 0x30, + 0xC1, 0xD1, 0x24, 0x7F, 0x3A, 0x28, 0x8F, 0xAA, 0x70, 0xD2, + 0xBB, 0x7A, 0xF5, 0x8A, 0x23, 0x57, 0xE9, 0x79, 0x00, 0xF4, + 0x1C, 0x1D, 0xB1, 0x42, 0x0C, 0x53, 0x99, 0x7B, 0x99, 0x68, + 0x6E, 0x71, 0xD9, 0xD4, 0xE9, 0xC1, 0xA7, 0x5B, 0x05, 0xA7, + 0x6F, 0xF2, 0xE7, 0x11, 0x3B, 0x70, 0x5F, 0x11, 0x98, 0xBE, + 0xB5, 0xF8, 0x78, 0x5F, 0x5C, 0x19, 0xAC, 0x92, 0x4D, 0x18, + 0x0D, 0x7B, 0x6F, 0x8C, 0x90, 0xAB, 0x6B, 0x32, 0x3D, 0x51, + 0x11, 0xBC, 0x80, 0xC4, 0xCF, 0x4A, 0xF4, 0x7F, 0xCC, 0x68, + 0x92, 0x76, 0xF7, 0x9D, 0xF7, 0x07, 0x44, 0x8C, 0xB5, 0x4D, + 0x53, 0x7E, 0xE2, 0x58, 0x42, 0xB5, 0x8E, 0xB3, 0xC7, 0x0C, + 0x2F, 0xCA, 0x77, 0x2D, 0x56, 0x84, 0xCA, 0x98, 0x05, 0x09, + 0x43, 0xA9, 0x0E, 0x92, 0x4B, 0x57, 0x27, 0x46, 0x31, 0xF0, + 0xE3, 0xA4, 0x48, 0xD9, 0x42, 0x51, 0x32, 0xF0, 0x70, 0xA1, + 0x72, 0xA9, 0x2B, 0x1D, 0xB1, 0x2A, 0x09, 0x96, 0xAE, 0x3E, + 0x83, 0x41, 0x7B, 0x9B, 0x28, 0x6E, 0x85, 0xB7, 0xAD, 0x7F, + 0x10, 0xA3, 0x54, 0xBF, 0x24, 0xB6, 0xFB, 0x6D, 0xA5, 0x9F, + 0xE6, 0xBB, 0x33, 0x8A, 0x04, 0x83, 0x53, 0xFB, 0xB9, 0x79, + 0xF7, 0x76, 0xC9, 0x43, 0xC7, 0xE4, 0xB5, 0xE7, 0x19, 0x56, + 0x72, 0x55, 0xAC, 0x1D, 0xA8, 0xE4, 0xD8, 0x0C, 0x66, 0x15, + 0x7F, 0x17, 0x08, 0xB9, 0x33, 0x4B, 0x9C, 0x84, 0xDA, 0x49, + 0x9F, 0x1B, 0x42, 0x85, 0x0F, 0x4B, 0xC0, 0x70, 0x35, 0x23, + 0x34, 0xD9, 0x3C, 0x76, 0xF9, 0x22, 0x5C, 0x1A, 0xE9, 0x81, + 0xE5, 0x31, 0xA3, 0xF1, 0xB7, 0x7F, 0xE2, 0x75, 0x42, 0x27, + 0x82, 0xC7, 0xBA, 0x68, 0x20, 0x0E, 0xAC, 0xD0, 0x32, 0x28, + 0xB5, 0x99, 0x71, 0xBA, 0x48, 0x2C, 0x95, 0xA5, 0xC8, 0x65, + 0x2E, 0x19, 0x70, 0xAD, 0x12, 0x3A, 0xAD, 0x83, 0x87, 0x15, + 0xA7, 0xEA, 0x9D, 0x6E, 0x11, 0x94, 0x95, 0x23, 0x51, 0xDA, + 0x5F, 0x67, 0xBD, 0xDD, 0xA7, 0xF9, 0xF8, 0x76, 0xE4, 0x3C, + 0x83, 0x0A, 0xAB, 0xBE, 0x6A, 0xB0, 0xC5, 0xA8, 0xBE, 0xD9, + 0xDD, 0xBC, 0x4E, 0xA6, 0xCF, 0x91, 0xB3, 0x42, 0x30, 0x96, + 0x8E, 0x45, 0xC6, 0x1F, 0x55, 0x6B, 0x2C, 0x0A, 0xBC, 0x9F, + 0x69, 0x65, 0x98, 0x34, 0x95, 0x6A, 0x1E, 0x86, 0x78, 0x8B, + 0x26, 0x4F, 0x05, 0x76, 0x03, 0x22, 0xCB, 0x72, 0xF1, 0xD0, + 0x1A, 0x64, 0x19, 0xC7, 0x21, 0x5C, 0x51, 0xD0, 0x6C, 0x0B, + 0xDA, 0xB9, 0x67, 0x7A, 0x83, 0xC3, 0x1E, 0x16, 0x27, 0x4A, + 0x00, 0x5F, 0xBA, 0x0E, 0x45, 0x81, 0x6E, 0xE7, 0x5B, 0x5A, + 0x8F, 0x0D, 0x6D, 0x47, 0xB1, 0x30, 0xA7, 0x42, 0x1E, 0xA9, + 0x8A, 0x27, 0x4A, 0xB0, 0x60, 0x2F, 0xA9, 0x12, 0x42, 0xD6, + 0x7F, 0x10, 0x01, 0xF3, 0x59, 0xD2, 0x40, 0x11, 0x19, 0x92, + 0xFE, 0x80, 0x25, 0x1B, 0x60, 0xDC, 0x02, 0x7B, 0x10, 0x45, + 0x17, 0x66, 0x70, 0xB9, 0x64, 0x4A, 0xBA, 0xAD, 0xBF, 0x55, + 0x7C, 0xB3, 0xD8, 0x18, 0x6D, 0x16, 0x53, 0xED, 0x89, 0xE5, + 0xD2, 0x50, 0xFA, 0xA8, 0xFE, 0x74, 0x67, 0xC4, 0x35, 0x4C, + 0xC4, 0xBE, 0x52, 0x9A, 0x8E, 0xBB, 0xB6, 0xE0, 0xAF, 0x52, + 0x57, 0x3D, 0x99, 0x79, 0x10, 0xB8, 0xE6, 0xAB, 0x24, 0x9E, + 0x75, 0xC2, 0x2A, 0xFB, 0xDB, 0xF8, 0xE0, 0x02, 0xCB, 0x49, + 0x56, 0x52, 0x6B, 0x8C, 0xFA, 0x8E, 0xCF, 0xFA, 0x18, 0x50, + 0xDD, 0x98, 0x49, 0xEC, 0xA8, 0x08, 0x6C, 0x60, 0xC0, 0x68, + 0xBF, 0x7B, 0x49, 0xB4, 0xE6, 0x49, 0x59, 0x6E, 0x65, 0x0E, + 0x41, 0xEA, 0x64, 0xC8, 0xD3, 0x1A, 0x9F, 0x39, 0xAE, 0xEB, + 0x3C, 0x88, 0xFB, 0x40, 0xDC, 0xB8, 0x07, 0x82, 0x56, 0x01, + 0xAC, 0x04, 0x0B, 0x6B, 0x0B, 0x15, 0xAA, 0x4F, 0xD2, 0x04, + 0xF3, 0x65, 0xCD, 0xF7, 0x32, 0xB1, 0x95, 0xC4, 0x91, 0xB8, + 0x63, 0x02, 0x26, 0x47, 0x1D, 0x6E, 0x6D, 0xCF, 0x3D, 0x39, + 0x3D, 0xDC, 0x18, 0x33, 0xD8, 0xF5, 0x8C, 0xB0, 0x69, 0x53, + 0x48, 0x86, 0x14, 0x50, 0xA3, 0x65, 0xEE, 0x2C, 0x2F, 0x72, + 0xF7, 0x43, 0xE7, 0xEA, 0xA0, 0x3E, 0x3C, 0x30, 0x33, 0xD9, + 0x1D, 0x6E, 0x5D, 0xCB, 0xE1, 0xE0, 0x8D, 0x95, 0xD2, 0x58, + 0x8D, 0xD5, 0xB3, 0x1C, 0x22, 0x28, 0x6A, 0xBB, 0xB3, 0x09, + 0xB1, 0x91, 0x60, 0xE2, 0xC6, 0x48, 0x11, 0xF0, 0x49, 0xB6, + 0xE9, 0xEF, 0x4B, 0xC6, 0xDB, 0xB1, 0xBF, 0x6C, 0xB2, 0x92, + 0x5C, 0x65, 0x91, 0x67, 0x81, 0x9C, 0x71, 0x5A, 0x2C, 0xFE, + 0xC8, 0xF9, 0xF5, 0x96, 0x7D, 0x3E, 0xBB, 0x7F, 0xEF, 0xF7, + 0xBF, 0xF8, 0xAC, 0xCF, 0xA6, 0x6F, 0x28, 0x9C, 0x09, 0x65, + 0x8F, 0xF7, 0xDC, 0xEF, 0x3E, 0x4B, 0xCD, 0x6D, 0x97, 0xD3, + 0xCC, 0x9C, 0xF7, 0xF2, 0x4C, 0xE6, 0x64, 0x31, 0xE8, 0x1E, + 0xDE, 0x56, 0xAE, 0xA6, 0x04, 0xFB, 0xED, 0x2E, 0x3F, 0x23, + 0x7D, 0xBC, 0x6D, 0xCC, 0x4B, 0xD4, 0x9E, 0x06, 0x83, 0xE1, + 0x95, 0xAE, 0xC4, 0xAA, 0x6E, 0xFF, 0x9E, 0x1C, 0xB9, 0x07, + 0x60, 0x6D, 0xD5, 0x09, 0x06, 0x30, 0x0C, 0x3F, 0xB5, 0xE8, + 0x8B, 0x01, 0x94, 0x1B, 0x84, 0xE9, 0xB7, 0x37, 0x03, 0xA7, + 0xAF, 0x4B, 0x63, 0x3F, 0xD2, 0x57, 0xBB, 0xB8, 0xBF, 0xE2, + 0x53, 0x4F, 0xA1, 0x9E, 0xC7, 0x4C, 0xDA, 0x89, 0x25, 0x0E, + 0x7E, 0xC9, 0x44, 0x7F, 0x4C, 0x02, 0x7F, 0xA4, 0x08, 0xEC, + 0x7F, 0x44, 0xEA, 0xF7, 0xCF, 0x1B, 0x19, 0xFA, 0x6A, 0x0A, + 0x3E, 0xE1, 0xF4, 0x78, 0xDF, 0x93, 0xAB, 0x86, 0x9E, 0xE1, + 0x31, 0xBF, 0x70, 0x20, 0x8B, 0x87, 0xCE, 0xFC, 0x84, 0x03, + 0x8D, 0xF1, 0x25, 0xE6, 0x88, 0x30, 0x79, 0x63, 0xAF, 0x5C, + 0x3B, 0x84, 0xA9, 0xB8, 0x89, 0xB4, 0x23, 0x58, 0x78, 0xF9, + 0xAB, 0x76, 0x1B, 0x20, 0x56, 0xDB, 0x9E, 0xFE, 0x59, 0x29, + 0xB9, 0x8C, 0xD7, 0x4E, 0xA4, 0x5C, 0x7F, 0x40, 0xA8, 0xEB, + 0x0D, 0x90, 0xBA, 0x30, 0x68, 0x5E, 0x9C, 0x90, 0xBE, 0xD4, + 0x43, 0x4B, 0x67, 0x27, 0xE7, 0x7D, 0x06, 0xB8, 0xF0, 0x96, + 0xEF, 0xF4, 0x47, 0x5F, 0x8E, 0xCA, 0x46, 0x85, 0x3C, 0x94, + 0x9E, 0xDE, 0x09, 0x40, 0x45, 0xB3, 0x69, 0xF1, 0x8F, 0x90, + 0xF5, 0x5C, 0x22, 0x69, 0xBF, 0x5F, 0x11, 0x66, 0xD9, 0xDC, + 0x37, 0x6A, 0x2C, 0xAF, 0x72, 0x66, 0xC8, 0x28, 0xEA, 0x59, + 0x71, 0xB1, 0x7F, 0x10, 0xA5, 0xBC, 0x42, 0x99, 0xF6, 0xD6, + 0xB4, 0xC4, 0x18, 0x49, 0x72, 0x37, 0xF3, 0xCD, 0x01, 0xD6, + 0xAB, 0x2A, 0xFE, 0x1A, 0xBC, 0x52, 0x15, 0x38, 0x30, 0xF2, + 0x4F, 0xC0, 0xD3, 0x5B, 0x91, 0x5A, 0x55, 0xD1, 0x82, 0x5A, + 0x50, 0xE8, 0x16, 0x8C, 0x3D, 0xC8, 0x97, 0x3D, 0x2A, 0xA9, + 0xF3, 0xEA, 0x48, 0x57, 0x51, 0x29, 0xB0, 0x81, 0x4D, 0x6B, + 0x69, 0xFE, 0xF8, 0xA8, 0xE0, 0x5F, 0xF4, 0x98, 0xBE, 0x3D, + 0x39, 0xB6, 0x10, 0x3E, 0x70, 0x16, 0x60, 0x46, 0xA1, 0x74, + 0x5C, 0xF5, 0x53, 0x24, 0xF4, 0x56, 0x33, 0x97, 0x18, 0xB6, + 0x4A, 0x91, 0xE1, 0xF4, 0x36, 0x11, 0x80, 0xCF, 0xDE, 0xE3, + 0x7C, 0x8C, 0x27, 0xC9, 0x29, 0xA6, 0xCC, 0xA2, 0xE3, 0x61, + 0xED, 0x46, 0x10, 0x0D, 0x43, 0x1D, 0x63, 0xB2, 0x4B, 0xC0, + 0xFF, 0x79, 0x2D, 0x6D, 0xD1, 0x0E, 0xD4, 0x73, 0x24, 0xE2, + 0xFE, 0x07, 0x15, 0xC4, 0xB3, 0xFC, 0xDA, 0x14, 0x44, 0x81, + 0x89, 0xA9, 0x16, 0xEF, 0x8C, 0x60, 0xEE, 0x2D, 0xBC, 0x81, + 0xF1, 0xD8, 0xE1, 0x37, 0x5D, 0xC0, 0xD2, 0xA5, 0x8C, 0xF9, + 0xAF, 0xAA, 0xBE, 0xF6, 0x46, 0x65, 0xEB, 0x53, 0x97, 0x2F, + 0xDA, 0x28, 0x66, 0x29, 0x67, 0x1F, 0x1F, 0x0A, 0x61, 0x61, + 0x66, 0x61, 0xF2, 0xA7, 0x1F, 0x1C, 0x30, 0x1F, 0xDD, 0xDE, + 0xAB, 0xC7, 0x6C, 0x1C, 0xED, 0xC8, 0xDC, 0x09, 0xBA, 0xF9, + 0x93, 0x76, 0x4C, 0xCC, 0xAE, 0xF5, 0x2D, 0xA4, 0xAB, 0x3F, + 0xA0, 0x42, 0x4E, 0x8F, 0x28, 0x87, 0xE1, 0x64, 0xCA, 0xF4, + 0xB6, 0xAC, 0x39, 0x1E, 0x1C, 0xF2, 0x69, 0xFF, 0x30, 0x3B, + 0x2F, 0x5C, 0xB2, 0x82, 0xD8, 0x28, 0x2D, 0xA8, 0x2C, 0xDA, + 0x6D, 0x76, 0x38, 0xFC, 0x50, 0x6F, 0xA4, 0xB9, 0x52, 0x9F, + 0xD5, 0xFA, 0x94, 0xDC, 0x54, 0xED, 0xD9, 0x10, 0x6F, 0xDA, + 0x7E, 0x5E, 0x8A, 0xFB, 0xB3, 0x68, 0xD0, 0xD1, 0x25, 0x77, + 0x7E, 0x8B, 0x91, 0x68, 0x4E, 0xF4, 0x74, 0x99, 0x77, 0xB8, + 0x5C, 0xCE, 0xCC, 0x3D, 0x54, 0xA8, 0xD8, 0x4F, 0x01, 0x30, + 0x37, 0xB0, 0x82, 0x42, 0xB9, 0xB1, 0xBF, 0x83, 0xC8, 0xB6, + 0x40, 0x7F, 0xF2, 0xD8, 0x3C, 0xBD, 0x63, 0xCB, 0x23, 0x34, + 0xA4, 0xFB, 0x4C, 0xE0, 0x8B, 0x85, 0xA4, 0xA9, 0x7B, 0xA4, + 0x78, 0x86, 0xD4, 0xE9, 0x68, 0xA4, 0x40, 0x8D, 0xBC, 0x56, + 0x44, 0x8B, 0x24, 0x80, 0x6B, 0xC1, 0x84, 0xEC, 0xB3, 0x70, + 0x01, 0x0A, 0xFE, 0xED, 0x7D, 0xD9, 0x7E, 0xAB, 0x89, 0xDB, + 0xE3, 0x90, 0x5C, 0x6A, 0x75, 0x8E, 0x16, 0xF2, 0x0A, 0xFE, + 0x9E, 0x08, 0xC8, 0xB2, 0x35, 0x3C, 0xC3, 0x20, 0x29, 0xD4, + 0x8A, 0xA6, 0x58, 0x25, 0x43, 0x9B, 0x27, 0xAE, 0xBF, 0xC7, + 0x50, 0x82, 0x9F, 0x04, 0x88, 0x4C, 0xB0, 0x4E, 0x38, 0xA5, + 0x84, 0xC1, 0xBA, 0x6A, 0xA7, 0x16, 0x85, 0x76, 0xF5, 0x21, + 0x15, 0x3F, 0x00, 0x2C, 0x0A, 0xBD, 0x18, 0x66, 0x0C, 0xD1, + 0x46, 0x33, 0x1A, 0xF3, 0x85, 0x34, 0x68, 0x49, 0x05, 0x10, + 0x85, 0xF9, 0x61, 0xD6, 0xB6, 0x97, 0xFC, 0xAA, 0x2C, 0xBC, + 0xF1, 0x75, 0xF3, 0xFC, 0x57, 0x20, 0x54, 0xF2, 0x02, 0x5E, + 0xAB, 0xDD, 0x19, 0x31, 0xAB, 0x97, 0x5F, 0x11, 0x4F, 0xCE, + 0x4F, 0xB9, 0xBB, 0xA2, 0x01, 0x51, 0x48, 0x5A, 0x2C, 0x52, + 0xAD, 0x58, 0x00, 0x22, 0x41, 0x4D, 0x24, 0x68, 0x9F, 0xD9, + 0x13, 0x5C, 0x55, 0x0A, 0x62, 0xAD, 0x3E, 0x29, 0x86, 0x34, + 0x3B, 0x2D, 0x34, 0xBE, 0x0A, 0xDB, 0x85, 0x3A, 0x41, 0x2C, + 0x30, 0x56, 0x65, 0x04, 0x0A, 0x20, 0x31, 0x2A, 0xF3, 0x88, + 0x4C, 0x38, 0x64, 0x86, 0x14, 0x06, 0xF5, 0xF0, 0x7F, 0x63, + 0xC1, 0x87, 0x24, 0x39, 0xFB, 0xC0, 0xC2, 0x6B, 0x57, 0xB3, + 0xA9, 0x7C, 0x21, 0xD7, 0x17, 0xB5, 0x23, 0x89, 0x8B, 0x9A, + 0x53, 0xC6, 0x26, 0xD6, 0xC1, 0xD8, 0x3B, 0xD2, 0x30, 0x0B, + 0x30, 0x76, 0xB3, 0x21, 0x2B, 0xCF, 0x64, 0xB8, 0xCD, 0x8C, + 0xB9, 0x33, 0x73, 0xA5, 0x19, 0x5C, 0xBB, 0x4A, 0x6F, 0x9E, + 0xA7, 0x62, 0x61, 0x1C, 0x32, 0xBB, 0x3E, 0x1B, 0x8A, 0xAC, + 0xE5, 0xE1, 0xA9, 0xDD, 0x50, 0xFB, 0x3B, 0xCF, 0xB6, 0x49, + 0x7B, 0xED, 0x1A, 0x7E, 0x8E, 0x73, 0xAE, 0x8B, 0x31, 0x06, + 0x11, 0xC4, 0x84, 0x4C, 0xCA, 0x6D, 0x5A, 0x79, 0x50, 0x2E, + 0x66, 0x90, 0x0A, 0x13, 0x86, 0x15, 0x78, 0x06, 0xAD, 0x5D, + 0x8C, 0x5E, 0xC8, 0x73, 0xB0, 0x82, 0xFB, 0x03, 0xE6, 0x30, + 0xE7, 0x0B, 0x99, 0xF0, 0xD9, 0x8C, 0x2C, 0xFA, 0x34, 0xAB, + 0x8B, 0xDD, 0x06, 0x2F, 0x39, 0xE0, 0x53, 0x37, 0x61, 0x3D, + 0xC3, 0x77, 0x4C, 0x9F, 0x66, 0x95, 0x81, 0x94, 0x0A, 0xE5, + 0xCE, 0x59, 0xA1, 0x83, 0x5C, 0x77, 0xBD, 0xF5, 0xAD, 0xE2, + 0x9C, 0x10, 0x64, 0x22, 0xAD, 0x99, 0x02, 0x3F, 0x6A, 0xB2, + 0x96, 0x2C, 0xF3, 0x21, 0xEB, 0x5A, 0x7D, 0xFC, 0x02, 0x9B, + 0x53, 0x94, 0xB1, 0x88, 0x3E, 0x07, 0x78, 0x31, 0x8F, 0xDF, + 0xDA, 0xAF, 0xB7, 0x55, 0xC9, 0x30, 0x74, 0x61, 0xD1, 0x75, + 0x15, 0xF1, 0x29, 0xB0, 0x8B, 0xD9, 0x19, 0xB3, 0x2E, 0x8C, + 0x3C, 0x4C, 0xED, 0x22, 0x0B, 0x07, 0xEC, 0xA8, 0x2B, 0x26, + 0xBA, 0x2A, 0xE3, 0xEB, 0x91, 0x2C, 0xDF, 0x28, 0xFD, 0xE3, + 0x12, 0x6D, 0xA8, 0x8C, 0xA9, 0xA0, 0x18, 0xAE, 0x18, 0xC4, + 0x05, 0x53, 0xF6, 0xF7, 0x69, 0xEF, 0xBB, 0xF8, 0xFF, 0x55, + 0xD9, 0x4E, 0xA0, 0xC9, 0x58, 0x38, 0x67, 0x31, 0xE7, 0x5C, + 0x46, 0x41, 0x58, 0x26, 0x48, 0x8C, 0x82, 0x91, 0xE4, 0x46, + 0x91, 0xE0, 0xA4, 0x4F, 0xA5, 0xFD, 0x28, 0x14, 0xC8, 0x07, + 0x73, 0xB9, 0x20, 0x7D, 0x94, 0xAF, 0xDC, 0xBF, 0x4A, 0x55, + 0xA8, 0x82, 0xBF, 0x6D, 0x22, 0xD2, 0xFF, 0x18, 0x5E, 0xFB, + 0xC4, 0xDE, 0x8B, 0x12, 0x58, 0x1E, 0x05, 0x51, 0x4A, 0x31, + 0x54, 0x26, 0xA5, 0xFD, 0x36, 0xED, 0x14, 0x80, 0x4E, 0x3F, + 0xB2, 0x4F, 0x43, 0x70, 0xAF, 0x63, 0x77, 0x86, 0x68, 0xF4, + 0x35, 0xC2, 0x4E, 0x57, 0x43, 0x63, 0x06, 0x07, 0x21, 0xCE, + 0x61, 0xDD, 0x5D, 0x1D, 0xA3, 0xF7, 0x24, 0x72, 0xED, 0x73, + 0x6A, 0xA0, 0xE6, 0x9C, 0x1A, 0xA3, 0xCF, 0x98, 0x47, 0xC2, + 0xE1, 0x29, 0x22, 0x1B, 0x7C, 0x14, 0x0E, 0xE2, 0x6B, 0x58, + 0x54, 0xA7, 0x3E, 0x0F, 0x07, 0x1D, 0xAB, 0xFD, 0x1C, 0x1E, + 0xE0, 0x24, 0xCB, 0x2B, 0xC8, 0x7D, 0x90, 0x83, 0x8D, 0x46, + 0x43, 0xB4, 0x30, 0x39, 0x26, 0x29, 0xEE, 0xAF, 0x67, 0x61, + 0x4C, 0x16, 0xF1, 0xF4, 0x01, 0x55, 0x71, 0x30, 0x1B, 0x18, + 0xC2, 0xF3, 0x8A, 0x26, 0x52, 0x63, 0xD0, 0xEA, 0x66, 0x04, + 0xD7, 0xCC, 0x09, 0xF1, 0x66, 0x62, 0xD1, 0x29, 0xFD, 0xCE, + 0x0A, 0x85, 0xD5, 0x2C, 0x5B, 0x0D, 0xC3, 0x53, 0x8F, 0x45, + 0xA1, 0x95, 0xEE, 0xAF, 0xC3, 0xC5, 0xEE, 0xE6, 0xCE, 0x4A, + 0x33, 0xDB, 0x8B, 0x29, 0x79, 0xBC, 0xF7, 0xC5, 0x33, 0xCD, + 0xC1, 0x74, 0x25, 0x69, 0xEC, 0x75, 0xA4, 0x05, 0x1D, 0x6D, + 0x6E, 0xEC, 0x77, 0xDC, 0xF9, 0x08, 0xB1, 0xFA, 0x38, 0x7F, + 0x8E, 0xDF, 0x74, 0x10, 0x27, 0x19, 0x52, 0xAB, 0x6B, 0x08, + 0xEB, 0x51, 0x22, 0xE7, 0x79, 0xDA, 0x9F, 0xC0, 0xD2, 0x5E, + 0x5C, 0x2A, 0xC7, 0xF8, 0x6B, 0xB6, 0x63, 0x06, 0x49, 0xB4, + 0xDD, 0xEB, 0x20, 0x6F, 0x5A, 0x5E, 0x78, 0x79, 0xA5, 0xAF, + 0x35, 0x6D, 0x36, 0xBA, 0xA4, 0x38, 0x98, 0x38, 0xD9, 0x59, + 0x81, 0x16, 0x8C, 0xCE, 0x78, 0xCA, 0xD1, 0x86, 0x8B, 0x3A, + 0xD9, 0xA5, 0x5B, 0x7C, 0x53, 0x24, 0xB8, 0xD2, 0x2B, 0x09, + 0x73, 0x04, 0x87, 0x3E, 0x39, 0x64, 0x42, 0x5A, 0xE1, 0xC8, + 0x72, 0xD5, 0x00, 0x06, 0x06, 0x81, 0x91, 0x7A, 0x12, 0xA1, + 0x91, 0xEC, 0xBF, 0xD6, 0xBC, 0xFD, 0x82, 0xDA, 0xEE, 0x3A, + 0xB7, 0xF1, 0x54, 0xE3, 0xBD, 0xE5, 0xC0, 0x18, 0xE9, 0x5C, + 0x49, 0x0C, 0xFA, 0x64, 0x80, 0x98, 0x5C, 0x44, 0x9B, 0x4A, + 0x48, 0x3E, 0x0C, 0xBE, 0x5E, 0xBB, 0x68, 0xDA, 0x09, 0xD7, + 0x00, 0x51, 0x5B, 0x13, 0x96, 0xC2, 0x8A, 0xCE, 0xB0, 0x8F, + 0xDF, 0x84, 0x77, 0x70, 0x4B, 0x0F, 0x6E, 0xC7, 0x62, 0x47, + 0xFA, 0xA8, 0x35, 0x18, 0x43, 0x93, 0x4C, 0x83, 0x13, 0x45, + 0x74, 0x76, 0x19, 0xA7, 0x71, 0x98, 0x8C, 0x2E, 0xFC, 0xA9, + 0x83, 0x64, 0xD1, 0xA3, 0x95, 0x33, 0x31, 0xDB, 0xA8, 0xC3, + 0xB9, 0x72, 0x80, 0x58, 0xEC, 0xEB, 0xFC, 0xF3, 0x03, 0x44, + 0xDC, 0x11, 0x06, 0x3A, 0x95, 0x81, 0x28, 0xDB, 0xAB, 0x36, + 0xC4, 0x37, 0x0C, 0xD4, 0x6B, 0xAF, 0x04, 0xD0, 0x23, 0x3F, + 0xDD, 0x08, 0x88, 0x06, 0x23, 0x39, 0xCF, 0xB2, 0xCF, 0x13, + 0x27, 0xE1, 0x4E, 0x21, 0xDA, 0x81, 0x58, 0x29, 0x70, 0x2B, + 0x26, 0xB7, 0xA7, 0x69, 0xA1, 0x86, 0xBC, 0xD9, 0x88, 0xED, + 0x70, 0x61, 0x94, 0x2D, 0xCD, 0x47, 0x57, 0xD0, 0xBD, 0x07, + 0x05, 0x7E, 0xA5, 0x35, 0x29, 0x15, 0xFA, 0x62, 0x7E, 0xB7, + 0x2A, 0xEB, 0x4F, 0xC4, 0x0D, 0x6D, 0x2E, 0x6D, 0x8F, 0x53, + 0x7C, 0x0B, 0x62, 0x72, 0xA5, 0x01, 0x5D, 0xD9, 0x52, 0xAF, + 0x60, 0x22, 0x90, 0xD0, 0xE6, 0x37, 0x25, 0x57, 0x73, 0x66, + 0xD5, 0x96, 0x6A, 0x23, 0x75, 0x43, 0xF7, 0x6A, 0xC8, 0x3E, + 0xAC, 0x20, 0xC8, 0x8A, 0xE3, 0xD1, 0xB4, 0x07, 0x87, 0x8E, + 0x3A, 0xEB, 0x43, 0x10, 0x91, 0x7F, 0x17, 0x96, 0x4B, 0x7A, + 0x31, 0x2A, 0x84, 0xFC, 0xFE, 0xB1, 0x26, 0x67, 0xD6, 0xAD, + 0xB8, 0xB7, 0x3D, 0x3A, 0x2F, 0xEE, 0x94, 0x2F, 0x05, 0xF1, + 0xD8, 0x8E, 0xD4, 0x97, 0xAF, 0x36, 0xCE, 0x01, 0x18, 0x0B, + 0x68, 0x41, 0x26, 0xEB, 0x38, 0x2B, 0xF6, 0xD2, 0x8A, 0x5A, + 0x79, 0x02, 0xA1, 0xE4, 0x49, 0x48, 0xCF, 0x55, 0x2B, 0x74, + 0x16, 0x63, 0x27, 0x9D, 0x25, 0xAA, 0x7F, 0x8A, 0x5D, 0x96, + 0x68, 0xF3, 0x58, 0x7C, 0x10, 0xCF, 0x6A, 0xE3, 0xE2, 0x80, + 0x90, 0xD3, 0x39, 0xF5, 0x62, 0x01, 0x33, 0x5F, 0xC2, 0xFD, + 0xAD, 0xE6, 0x2A, 0xB2, 0x3D, 0x89, 0x99, 0x7B, 0x17, 0x35, + 0xE4, 0x5C, 0x62, 0x10, 0x69, 0x10, 0x93, 0x57, 0x92, 0x15, + 0x53, 0xEC, 0x82, 0x17, 0x00, 0xFC, 0x13, 0x49, 0x58, 0x79, + 0x90, 0x36, 0x0D, 0x50, 0xA5, 0xFE, 0xAE, 0xE1, 0xB3, 0xAF, + 0x40, 0x98, 0x3C, 0xB7, 0xAB, 0xC9, 0x0B, 0x2B, 0xE8, 0x31, + 0x71, 0x0D, 0x47, 0xE1, 0xE0, 0x3D, 0xCB, 0xB0, 0x3E, 0x44, + 0x00, 0x18, 0x66, 0xD5, 0x44, 0xEF, 0x58, 0x6A, 0xC3, 0x98, + 0x86, 0x19, 0xBA, 0xCE, 0x24, 0xF0, 0x9A, 0xED, 0x55, 0xA9, + 0x1F, 0x52, 0xB2, 0xBA, 0x1A, 0x2C, 0x71, 0x9F, 0xD7, 0xE6, + 0xA1, 0x01, 0x64, 0x8B, 0x22, 0x22, 0x23, 0xC8, 0x2A, 0xBA, + 0x13, 0x5A, 0xDD, 0xC4, 0x0C, 0x1A, 0x3C, 0x4F, 0x1E, 0x0B, + 0x5B, 0xB5, 0x45, 0xA3, 0xDD, 0x4D, 0xE9, 0x00, 0x06, 0x60, + 0x59, 0xFC, 0x48, 0xB2, 0x3E, 0x32, 0xBF, 0xF8, 0x74, 0x4E, + 0x65, 0x9F, 0x89, 0x8D, 0xE4, 0x0C, 0xC1, 0x89, 0xCF, 0x19, + 0xF0, 0xBC, 0x75, 0xDC, 0xE4, 0xEA, 0x23, 0x18, 0x23, 0xC2, + 0xD2, 0xA4, 0x96, 0xA6, 0xC2, 0x73, 0x41, 0x1E, 0xD8, 0x9D, + 0x02, 0x02, 0x35, 0x16, 0x61, 0x9B, 0x6F, 0xCC, 0x16, 0x80, + 0x2B, 0xA5, 0xE2, 0x9B, 0x63, 0x9B, 0x4E, 0x75, 0xBD, 0xBD, + 0xF3, 0x36, 0x16, 0x53, 0x6B, 0x34, 0x33, 0xF4, 0xBC, 0x05, + 0x79, 0x8A, 0x1F, 0x23, 0xD8, 0x36, 0xCC, 0xDB, 0x37, 0x5A, + 0x1E, 0xCE, 0x6D, 0x27, 0x7B, 0x6C, 0x66, 0x11, 0xE3, 0x96, + 0xAD, 0xC3, 0xF9, 0x57, 0xF9, 0xA7, 0x4C, 0x4F, 0x8E, 0x97, + 0x70, 0xB1, 0x70, 0xE9, 0x77, 0xF0, 0xC2, 0xD0, 0x79, 0x12, + 0x79, 0x3F, 0xDB, 0x71, 0x66, 0x48, 0xDB, 0x5A, 0xFC, 0xA7, + 0x8E, 0xE4, 0x1A, 0x93, 0xFE, 0x49, 0xF5, 0x7D, 0xEF, 0xC4, + 0x4B, 0xC1, 0x10, 0x2A, 0xD6, 0xF0, 0x5D, 0xC4, 0x80, 0x8B, + 0x9C, 0x2E, 0x44, 0xFB, 0x71, 0xD3, 0xA3, 0x80, 0xFB, 0x77, + 0x60, 0x16, 0xAD, 0x0B, 0xEC, 0x75, 0x9A, 0x58, 0x4B, 0x6E, + 0xD8, 0xFD, 0xE9, 0x41, 0x46, 0x85, 0x43, 0xFD, 0x82, 0x53, + 0x51, 0x65, 0xF8, 0xD0, 0x26, 0x2B, 0xF2, 0xF9, 0xE9, 0x26, + 0xD7, 0x15, 0x84, 0x31, 0x80, 0xAE, 0xFD, 0xA5, 0x30, 0x65, + 0xEE, 0x52, 0xCA, 0x3C, 0x76, 0x16, 0x91, 0x5A, 0x26, 0x49, + 0x1A, 0x28, 0xC7, 0x81, 0x10, 0x95, 0xB8, 0x96, 0x09, 0x50, + 0x6D, 0xB1, 0x64, 0xA2, 0x87, 0xCF, 0x38, 0x3C, 0x3C, 0x6E, + 0x0B, 0x96, 0x97, 0xFC, 0x81, 0xBD, 0x7D, 0xE7, 0xCC, 0xB6, + 0xF7, 0xE8, 0x15, 0x05, 0xAF, 0xDE, 0x1C, 0x68, 0xC0, 0xCF, + 0xF8, 0x68, 0x94, 0x90, 0x7B, 0x7D, 0x98, 0x57, 0xDC, 0x86, + 0x6D, 0x69, 0xD6, 0x98, 0x62, 0x0F, 0x38, 0x99, 0x93, 0x99, + 0x55, 0xD6, 0xA5, 0x8C, 0x94, 0x62, 0xCB, 0xD9, 0xE8, 0xA4, + 0x7C, 0xDF, 0x21, 0xF4, 0x36, 0x65, 0xCF, 0x3F, 0xE4, 0x10, + 0xA5, 0xB4, 0x71, 0x08, 0x65, 0x98, 0x59, 0x70, 0x19, 0x7E, + 0x27, 0x13, 0x71, 0x3F, 0xD2, 0x91, 0x20, 0xFF, 0x53, 0xDB, + 0xD2, 0xD4, 0x07, 0x3A, 0x49, 0x72, 0x05, 0x66, 0xED, 0x7D, + 0xBC, 0x61, 0x70, 0x7F, 0x64, 0x41, 0xDD, 0xB3, 0x1B, 0x03, + 0xB8, 0x20, 0xE1, 0x5D, 0x07, 0x39, 0xFC, 0xD2, 0x30, 0x72, + 0xE8, 0x0F, 0xA7, 0xA2, 0x71, 0xE8, 0x3D, 0xD9, 0x2B, 0x5B, + 0xB4, 0x97, 0x2B, 0xC3, 0x58, 0xE1, 0x2B, 0x0F, 0xAA, 0x8C, + 0x5A, 0x72, 0xC7, 0xBB, 0xB6, 0x59, 0x2B, 0x73, 0x39, 0x9A, + 0x20, 0xE5, 0x9A, 0x70, 0x30, 0x7B, 0x28, 0xBE, 0xD6, 0x6A, + 0x04, 0x18, 0x41, 0xEF, 0x18, 0xCD, 0xB5, 0x69, 0xB6, 0x00, + 0x50, 0xEE, 0xF9, 0x45, 0x2F, 0x86, 0xEE, 0x04, 0xBE, 0xF8, + 0x88, 0x9E, 0x0D, 0xAC, 0x1B, 0xA9, 0xD1, 0xC1, 0xA5, 0x3E, + 0xF6, 0xD9, 0x78, 0x99, 0x9D, 0x2E, 0x26, 0x6C, 0xCA, 0x7C, + 0x4C, 0xC7, 0xAF, 0xAB, 0xF0, 0xBB, 0x93, 0x32, 0x03, 0x22, + 0xAF, 0x27, 0x6A, 0x9F, 0x53, 0x77, 0xA9, 0x6C, 0x83, 0xA2, + 0x46, 0x15, 0x61, 0x6C, 0xB3, 0x08, 0x6F, 0x5B, 0x85, 0x73, + 0x8A, 0xCD, 0x8A, 0xB0, 0x70, 0xAC, 0xA5, 0x22, 0x18, 0x87, + 0x54, 0x91, 0x6B, 0x34, 0x7F, 0x0B, 0x4E, 0xCA, 0x44, 0xB3, + 0xBE, 0xB0, 0x77, 0x28, 0x85, 0x73, 0xDD, 0x29, 0x70, 0x53, + 0xD9, 0xA2, 0x4F, 0x12, 0xCB, 0x41, 0xFD, 0x99, 0x27, 0xC7, + 0xA9, 0xCF, 0xB7, 0x5B, 0xFB, 0xCC, 0x77, 0xBA, 0x12, 0xE1, + 0xD6, 0xF6, 0x7C, 0x22, 0xB4, 0xED, 0xB0, 0xA0, 0x71, 0x59, + 0xD2, 0xF3, 0x14, 0xB2, 0x7C, 0x4A, 0x0A, 0xD6, 0x43, 0x10, + 0xA0, 0xF6, 0xC0, 0x6F, 0xB4, 0x31, 0x8F, 0x7B, 0xF8, 0x5A, + 0xC9, 0x91, 0x0F, 0x7A, 0xE5, 0xDF, 0x29, 0x11, 0x66, 0xFF, + 0x4C, 0x73, 0xA6, 0xC7, 0xA0, 0xCC, 0x7B, 0x73, 0x79, 0x36, + 0x1D, 0x5E, 0x7C, 0xE2, 0xC9, 0xF7, 0x56, 0xC4, 0x88, 0x71, + 0xC1, 0x03, 0xEE, 0xE7, 0xE0, 0xEE, 0x12, 0xD7, 0x3D, 0x3A, + 0xB2, 0x91, 0x51, 0xE1, 0x18, 0xFE, 0x66, 0x22, 0x84, 0xA6, + 0xC3, 0xD2, 0x54, 0xE9, 0xE5, 0xF8, 0xDB, 0xF1, 0xF9, 0x6A, + 0x01, 0x61, 0xCF, 0x3D, 0xDA, 0x89, 0x5B, 0xED, 0x89, 0x10, + 0xBA, 0x18, 0xB8, 0xBA, 0x66, 0x38, 0x0D, 0x37, 0xEC, 0x1E, + 0xF7, 0x06, 0xD6, 0xC0, 0x84, 0x06, 0x2F, 0x43, 0xBD, 0x50, + 0xA0, 0x05, 0x9B, 0x50, 0xCD, 0xBB, 0xB7, 0x93, 0xF0, 0x70, + 0x50, 0xB7, 0x03, 0x0F, 0x27, 0x70, 0x47, 0x8E, 0xEB, 0x14, + 0xE0, 0x81, 0xBC, 0x7F, 0xA5, 0x60, 0xB0, 0x09, 0xCA, 0x38, + 0xCB, 0x59, 0x85, 0x49, 0xB3, 0xD4, 0x29, 0x50, 0xE1, 0x04, + 0xBD, 0x9F, 0x6C, 0xA5, 0x76, 0xCB, 0xE6, 0x79, 0xED, 0xDD, + 0xB8, 0x98, 0xA9, 0x94, 0xDD, 0xD3, 0x2E, 0xE0, 0xEA, 0xCD, + 0xD3, 0x34, 0xDA, 0x78, 0xBE, 0x7A, 0xC9, 0x8C, 0xD6, 0x12, + 0x5B, 0xD0, 0x36, 0x11, 0x79, 0x52, 0xCA, 0xA1, 0xCC, 0x3D, + 0x5B, 0x1F, 0x35, 0x80, 0xCC, 0x56, 0xDA, 0xC9, 0x88, 0xB7, + 0xD3, 0x28, 0x86, 0x6F, 0x4E, 0x20, 0x56, 0x56, 0x62, 0x12, + 0x79, 0xDA, 0x3F, 0x75, 0xEC, 0x89, 0xDC, 0x90, 0x44, 0xAE, + 0xB8, 0x0E, 0x34, 0x76, 0xF9, 0xAE, 0xDF, 0x2C, 0x28, 0x0F, + 0xCF, 0x28, 0x0B, 0x7B, 0x8A, 0xC4, 0x9B, 0x0B, 0x3C, 0x3E, + 0xC2, 0x70, 0x88, 0x71, 0xED, 0x3B, 0x3D, 0x61, 0x73, 0xDC, + 0x1B, 0x1A, 0x89, 0x16, 0xE2, 0x36, 0x50, 0x96, 0x38, 0x44, + 0xB1, 0xB6, 0x23, 0xB1, 0x83, 0x51, 0x43, 0x7C, 0x37, 0x9C, + 0x83, 0xDB, 0x63, 0x3E, 0x02, 0x42, 0xFA, 0xE9, 0x0B, 0x22, + 0xCB, 0xA5, 0x1F, 0x09, 0x03, 0x1C, 0xD0, 0xAD, 0xCB, 0xEE, + 0xB5, 0x3F, 0xFC, 0xCD, 0x80, 0x04, 0x63, 0x44, 0x4F, 0x3F, + 0x2B, 0x17, 0x66, 0xE0, 0xA7, 0x1E, 0xA2, 0xB5, 0xE3, 0xD3, + 0x23, 0x76, 0xF9, 0x75, 0x7C, 0x39, 0x5C, 0x6A, 0x64, 0xF8, + 0x61, 0xDE, 0x66, 0x3F, 0xCD, 0x4F, 0x06, 0xEF, 0x9C, 0xCA, + 0x43, 0xA9, 0x32, 0x30, 0xDC, 0xB8, 0xA2, 0xE0, 0xAA, 0xEB, + 0x4D, 0x30, 0x8D, 0x0C, 0xD1, 0x5E, 0x04, 0xEE, 0xED, 0x46, + 0x07, 0x9C, 0xF4, 0xD8, 0xD5, 0x78, 0x9A, 0x51, 0x93, 0xC6, + 0x95, 0x5C, 0x12, 0x48, 0x2B, 0x92, 0x7A, 0xE4, 0x57, 0x3D, + 0x37, 0xEC, 0xA0, 0x19, 0xEC, 0x0A, 0x45, 0x0B, 0xFE, 0x9F, + 0x5F, 0xA0, 0xB3, 0x05, 0xEE, 0xF9, 0x87, 0x76, 0x5C, 0xC1, + 0xAD, 0x92, 0x79, 0x50, 0xAC, 0x70, 0xB6, 0xE8, 0xBB, 0x7C, + 0xCA, 0xC2, 0x49, 0xAD, 0xB0, 0xDA, 0xD0, 0x28, 0x90, 0xC2, + 0xEE, 0x3D, 0x4C, 0xCD, 0xC8, 0x41, 0x89, 0x5C, 0x65, 0xB9, + 0x1C, 0xCA, 0x67, 0x7B, 0xEF, 0x0D, 0x7B, 0x69, 0x4B, 0x8E, + 0x51, 0x0D, 0xF7, 0x70, 0xB7, 0xB3, 0x4E, 0xC8, 0x87, 0x8D, + 0xD1, 0xDD, 0x20, 0x11, 0x3C, 0x34, 0xA3, 0x3B, 0x6F, 0xDD, + 0xF5, 0xB2, 0xB1, 0x21, 0x9A, 0xE0, 0x4A, 0xF0, 0xB9, 0xEB, + 0x64, 0xDB, 0xC6, 0xD6, 0x64, 0x8F, 0x1A, 0x2C, 0x40, 0x0A, + 0x24, 0xF4, 0x0C, 0x0F, 0x60, 0x04, 0xBA, 0x9D, 0x3A, 0xE7, + 0x05, 0x58, 0xB5, 0x29, 0xD4, 0xD3, 0x64, 0xED, 0xCE, 0x47, + 0x7B, 0xB0, 0x6E, 0xCC, 0x2F, 0x46, 0x3A, 0xFE, 0x11, 0xC6, + 0x6B, 0x91, 0x51, 0x6A, 0x17, 0xCD, 0x03, 0x35, 0x0E, 0x1C, + 0x0E, 0x8B, 0xDD, 0x46, 0x4F, 0x5D, 0x9A, 0x5C, 0xE1, 0x14, + 0x99, 0xE8, 0xF2, 0xA4, 0xED, 0xCF, 0x6F, 0xC6, 0xC1, 0x67, + 0x36, 0x49, 0x1F, 0x1E, 0x42, 0x92, 0x4D, 0x32, 0x05, 0x4E, + 0xA6, 0xD7, 0xC0, 0xEC, 0xB0, 0x3E, 0xFD, 0xA1, 0xA7, 0x08, + 0x6B, 0xE8, 0x7F, 0xCD, 0xF8, 0x3C, 0x53, 0x58, 0x4C, 0x97, + 0xE6, 0x8D, 0xFE, 0xA9, 0x49, 0x61, 0xD1, 0xF0, 0xA0, 0xC7, + 0xB4, 0x4F, 0xBE, 0xDD, 0x90, 0x92, 0x0B, 0xA0, 0x5E, 0x69, + 0xAC, 0xDA, 0x26, 0x99, 0xF8, 0xE3, 0x07, 0xB5, 0xB9, 0xB7, + 0x48, 0xC7, 0xA3, 0x64, 0x3E, 0xA0, 0xB6, 0xC1, 0xF8, 0x6E, + 0x23, 0xA3, 0x11, 0x52, 0xA8, 0x26, 0xBD, 0x1C, 0xAD, 0xEB, + 0xF7, 0xDF, 0xC6, 0x35, 0xB4, 0x92, 0xE5, 0xB0, 0x5B, 0x53, + 0x55, 0xAA, 0x6E, 0xAD, 0x36, 0x4B, 0xF0, 0xE5, 0x9E, 0x32, + 0xB6, 0xFF, 0x1C, 0x01, 0x35, 0x20, 0x5E, 0xAD, 0x3E, 0xA3, + 0x01, 0x5D, 0xA0, 0xC5, 0x1B, 0xC8, 0x69, 0xB8, 0xF2, 0x2B, + 0x2B, 0x69, 0xC4, 0x4E, 0xA3, 0xC6, 0x1C, 0xFE, 0xCC, 0x0C, + 0x79, 0x6E, 0xDD, 0xD4, 0x59, 0x93, 0x51, 0xA2, 0x41, 0x3A, + 0x7A, 0x7D, 0x19, 0x5C, 0x1A, 0x91, 0x3C, 0x68, 0x00, 0x42, + 0x58, 0x51, 0x26, 0x11, 0x1A, 0x1E, 0xDE, 0x3B, 0x64, 0x16, + 0xBC, 0xDC, 0x5A, 0xF7, 0x7E, 0x80, 0x04, 0x63, 0xED, 0xDB, + 0x68, 0x74, 0xC2, 0x6B, 0x36, 0x67, 0xFC, 0x81, 0xB3, 0x64, + 0xBC, 0xAC, 0xA4, 0x56, 0x55, 0x77, 0x86, 0x74, 0xE2, 0x68, + 0x02, 0xD5, 0x5A, 0x84, 0x8F, 0x0E, 0x7F, 0xA1, 0xE9, 0xA5, + 0x30, 0xEB, 0xB4, 0x3E, 0x31, 0x09, 0x7F, 0xE2, 0x21, 0x35, + 0x4F, 0xFA, 0x61, 0xD2, 0x42, 0xB5, 0xCC, 0x31, 0xDE, 0x9C, + 0xDD, 0x39, 0x71, 0x90, 0x69, 0x9C, 0xF3, 0x7B, 0x91, 0xB1, + 0x65, 0x44, 0x10, 0xEC, 0x5C, 0x31, 0xF5, 0xA5, 0x37, 0xFF, + 0x52, 0xDF, 0x21, 0x85, 0x8A, 0x08, 0x77, 0xD7, 0xEE, 0xCC, + 0xD8, 0x58, 0xEF, 0x5B, 0xDD, 0x12, 0xC0, 0x4E, 0xC2, 0x20, + 0xAD, 0x5E, 0x74, 0x37, 0xE0, 0x70, 0x1B, 0xBA, 0xA3, 0x84, + 0x39, 0x2C, 0x4F, 0x63, 0x77, 0x69, 0x6C, 0x60, 0x69, 0x00, + 0xF0, 0xCE, 0x19, 0x29, 0x62, 0xDA, 0x10, 0xD9, 0x15, 0x79, + 0xC5, 0x2B, 0xB0, 0xB3, 0x97, 0x8C, 0x98, 0x83, 0x9F, 0x25, + 0x3F, 0x56, 0x1F, 0x2C, 0x63, 0x77, 0xFA, 0xDB, 0x27, 0xDF, + 0x94, 0xAE, 0x08, 0x44, 0x75, 0x8A, 0xE8, 0x91, 0x72, 0xB0, + 0xD0, 0x93, 0xC5, 0x7B, 0xB1, 0xD0, 0xEB, 0xD8, 0xDD, 0x88, + 0x29, 0xF8, 0x36, 0xE7, 0x7C, 0xFD, 0x88, 0xFE, 0xA1, 0xEE, + 0x12, 0x9A, 0x0E, 0x84, 0x75, 0x15, 0xA8, 0xA0, 0xD7, 0xBC, + 0x72, 0x75, 0x7D, 0x4E, 0xDF, 0xEE, 0x30, 0x30, 0x23, 0x6D, + 0xCC, 0xE5, 0xD7, 0xFD, 0x11, 0xE0, 0x87, 0x65, 0xDE, 0xAA, + 0xF4, 0x2C, 0x64, 0x74, 0x1A, 0x0C, 0x7A, 0x0A, 0x5B, 0x85, + 0xF3, 0x35, 0xB8, 0x41, 0x27, 0x14, 0xFC, 0x2A, 0x8D, 0x28, + 0xD0, 0xA7, 0xDB, 0xB0, 0xD9, 0x5A, 0xA9, 0x0F, 0x0B, 0x2F, + 0xE0, 0x8E, 0x37, 0x82, 0x5E, 0x8E, 0x1E, 0x2F, 0xC2, 0xA6, + 0xF5, 0x89, 0x54, 0x77, 0x49, 0x49, 0xDC, 0xF4, 0x03, 0xF2, + 0x04, 0xD6, 0xC0, 0x43, 0xB1, 0x13, 0x2B, 0x0C, 0xC2, 0x14, + 0x93, 0x5A, 0x90, 0x20, 0x87, 0xA0, 0x4A, 0xB2, 0xD7, 0x25, + 0x81, 0x79, 0x3C, 0x9C, 0xF6, 0x92, 0xBB, 0x26, 0xB0, 0x25, + 0x93, 0x05, 0x60, 0xEC, 0x56, 0x3C, 0x92, 0x41, 0x63, 0x52, + 0x0F, 0x95, 0x06, 0x7D, 0xE8, 0x46, 0x90, 0x39, 0x69, 0xEA, + 0x6B, 0xA6, 0x64, 0x09, 0x7B, 0x2F, 0x34, 0xE0, 0x21, 0x29, + 0xDA, 0xE3, 0xCF, 0xFE, 0xA7, 0x8E, 0x14, 0x3A, 0xD7, 0x53, + 0x26, 0xD7, 0x82, 0x0E, 0x2A, 0x00, 0x43, 0xEB, 0x6A, 0x23, + 0x75, 0x28, 0xD0, 0x9B, 0x85, 0xE0, 0xFB, 0x14, 0x19, 0xF3, + 0x6A, 0x73, 0x6C, 0x97, 0x0E, 0x21, 0xFC, 0x0F, 0x26, 0xC5, + 0xCE, 0xB7, 0xC6, 0x59, 0xA2, 0xE6, 0x4C, 0xF4, 0xC7, 0xBB, + 0x9B, 0xA8, 0xFA, 0x12, 0xC7, 0xDA, 0x33, 0x26, 0x69, 0x83, + 0x49, 0xA8, 0x0A, 0x3E, 0xF0, 0xD4 +}; +static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key); + +/* certs/dilithium/bench_dilithium_aes_level2_key.der */ +static const unsigned char bench_dilithium_aes_level2_key[] = +{ + 0x30, 0x82, 0x0F, 0x1A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0B, + 0x04, 0x04, 0x04, 0x82, 0x0F, 0x04, 0x04, 0x82, 0x0F, 0x00, + 0xDF, 0x3D, 0x6F, 0x4F, 0x6C, 0x02, 0x60, 0x28, 0x0D, 0xD1, + 0x31, 0xF7, 0xA6, 0xAF, 0x05, 0x6E, 0xCE, 0x17, 0xBC, 0x6A, + 0x1B, 0xF7, 0xCB, 0x0D, 0x3F, 0x06, 0x8A, 0x01, 0x9A, 0xF2, + 0x40, 0xF9, 0x70, 0xD7, 0x18, 0x17, 0xDF, 0xD2, 0x8D, 0x9A, + 0xFF, 0xC9, 0x44, 0x27, 0xDF, 0xCD, 0xAA, 0x41, 0x15, 0xBB, + 0xDF, 0x53, 0x98, 0x20, 0xC1, 0x26, 0x28, 0xC0, 0x3B, 0x58, + 0xFF, 0xA0, 0x34, 0x8A, 0xA2, 0x36, 0x8E, 0x9A, 0xA1, 0x87, + 0x8B, 0x55, 0xBF, 0x04, 0xA8, 0x3D, 0xA6, 0x23, 0x22, 0xF9, + 0x26, 0xA4, 0xC1, 0xF0, 0xEF, 0x11, 0x3D, 0xAA, 0x49, 0x91, + 0xAA, 0xAB, 0x90, 0xAF, 0x6C, 0x42, 0x0A, 0x38, 0x48, 0x21, + 0x17, 0x4C, 0x01, 0x41, 0x0C, 0x09, 0x06, 0x51, 0xD4, 0x20, + 0x00, 0xCC, 0xB2, 0x84, 0x49, 0x18, 0x24, 0xE3, 0x30, 0x66, + 0xD9, 0x06, 0x70, 0xC8, 0xB2, 0x44, 0x24, 0x08, 0x11, 0x0B, + 0x90, 0x29, 0xE2, 0x86, 0x81, 0xE3, 0x28, 0x0E, 0xA2, 0x92, + 0x50, 0x0C, 0x31, 0x6D, 0x10, 0xA9, 0x4C, 0xA4, 0x48, 0x60, + 0x03, 0x36, 0x10, 0x64, 0x80, 0x91, 0x43, 0xA8, 0x68, 0x60, + 0x42, 0x20, 0x19, 0x44, 0x80, 0x51, 0x82, 0x64, 0x18, 0x87, + 0x09, 0x51, 0x84, 0x29, 0x40, 0x34, 0x31, 0x91, 0x42, 0x8D, + 0x09, 0xB4, 0x6C, 0xD3, 0xC6, 0x68, 0x58, 0x00, 0x12, 0x82, + 0x44, 0x4C, 0x21, 0x29, 0x6C, 0x44, 0x12, 0x65, 0x14, 0x22, + 0x48, 0x24, 0x46, 0x2D, 0xC3, 0x02, 0x08, 0x43, 0xC4, 0x61, + 0x52, 0x04, 0x8D, 0x92, 0x44, 0x45, 0x91, 0x20, 0x50, 0x01, + 0x41, 0x84, 0x5A, 0xA0, 0x0C, 0x09, 0xC1, 0x05, 0xD2, 0x28, + 0x86, 0x22, 0x09, 0x84, 0x04, 0xA6, 0x29, 0x9C, 0x12, 0x2A, + 0x61, 0x16, 0x90, 0xC4, 0x22, 0x82, 0x80, 0x92, 0x65, 0x5B, + 0x00, 0x82, 0x40, 0xB0, 0x40, 0x04, 0xA6, 0x25, 0x1A, 0x36, + 0x09, 0xD3, 0x92, 0x10, 0x62, 0xA6, 0x10, 0xA1, 0x32, 0x51, + 0x11, 0x14, 0x20, 0x1C, 0xB4, 0x65, 0x94, 0x38, 0x06, 0x49, + 0x20, 0x01, 0x1A, 0x27, 0x0C, 0xD2, 0x84, 0x31, 0x02, 0x49, + 0x28, 0x1B, 0x44, 0x45, 0x0C, 0x01, 0x60, 0x5C, 0x00, 0x2E, + 0x23, 0x31, 0x41, 0x8B, 0x14, 0x4A, 0xC0, 0x48, 0x45, 0x04, + 0xC0, 0x4C, 0x40, 0x02, 0x92, 0x94, 0x48, 0x48, 0x5A, 0x36, + 0x91, 0x1C, 0xA2, 0x21, 0x8B, 0x42, 0x82, 0x09, 0x01, 0x46, + 0x11, 0x85, 0x6D, 0x1C, 0x35, 0x62, 0xC9, 0x34, 0x45, 0xC1, + 0x42, 0x6C, 0x40, 0x28, 0x6E, 0x1A, 0x27, 0x4C, 0x19, 0x09, + 0x6D, 0x92, 0xB8, 0x41, 0x04, 0x31, 0x4D, 0xC4, 0x20, 0x4A, + 0x8C, 0x84, 0x6D, 0xD1, 0x32, 0x02, 0xE1, 0x82, 0x21, 0x41, + 0x34, 0x44, 0xC3, 0x14, 0x49, 0xD9, 0x22, 0x8D, 0x63, 0x32, + 0x48, 0x99, 0xB8, 0x0C, 0x03, 0x21, 0x69, 0xCC, 0x30, 0x40, + 0xA4, 0x32, 0x4D, 0xD8, 0xB8, 0x09, 0x00, 0x17, 0x45, 0x02, + 0xC0, 0x68, 0xCA, 0xA4, 0x91, 0x02, 0x99, 0x8D, 0x9B, 0x46, + 0x24, 0x42, 0x28, 0x8C, 0x90, 0x94, 0x61, 0x1C, 0xC3, 0x0C, + 0x00, 0x37, 0x89, 0x1C, 0x99, 0x8D, 0x83, 0xB6, 0x64, 0x01, + 0xC1, 0x88, 0xC0, 0x30, 0x44, 0x9C, 0x82, 0x48, 0x82, 0x22, + 0x29, 0x9C, 0x96, 0x30, 0x4C, 0x10, 0x50, 0x24, 0x07, 0x6E, + 0x98, 0x46, 0x8A, 0xC4, 0x38, 0x89, 0x60, 0x90, 0x11, 0x24, + 0x46, 0x00, 0x58, 0x80, 0x69, 0x11, 0x33, 0x85, 0x43, 0xB2, + 0x90, 0xD1, 0x20, 0x4C, 0x44, 0xA6, 0x28, 0xA1, 0x44, 0x45, + 0x01, 0xB7, 0x85, 0x9B, 0x22, 0x6C, 0x11, 0x22, 0x04, 0x13, + 0x13, 0x05, 0x01, 0x22, 0x88, 0x4C, 0x30, 0x80, 0x00, 0xC8, + 0x20, 0x51, 0xC2, 0x28, 0x10, 0x04, 0x71, 0x00, 0x14, 0x0A, + 0x89, 0x94, 0x05, 0x4A, 0x28, 0x6E, 0x88, 0x24, 0x52, 0x03, + 0x22, 0x69, 0xDC, 0x16, 0x71, 0x0C, 0x25, 0x6D, 0x10, 0x07, + 0x10, 0xCB, 0x12, 0x85, 0x53, 0x32, 0x2C, 0x0B, 0x94, 0x40, + 0x54, 0x88, 0x11, 0x99, 0x42, 0x69, 0x40, 0x00, 0x65, 0xA2, + 0x12, 0x0A, 0x22, 0xC4, 0x88, 0x99, 0x32, 0x31, 0x0C, 0xA5, + 0x91, 0x11, 0xC5, 0x49, 0x1A, 0x37, 0x31, 0x0A, 0x11, 0x88, + 0xD1, 0x28, 0x0C, 0x09, 0x30, 0x49, 0x13, 0x04, 0x02, 0x01, + 0x91, 0x0C, 0x0A, 0x15, 0x25, 0xC8, 0xC6, 0x28, 0x24, 0x46, + 0x86, 0x82, 0x02, 0x42, 0x98, 0x00, 0x69, 0x11, 0x16, 0x32, + 0xE4, 0x24, 0x31, 0x04, 0x88, 0x31, 0xE2, 0x30, 0x61, 0x0B, + 0x01, 0x6D, 0x43, 0xA2, 0x00, 0x19, 0x42, 0x60, 0x12, 0xA0, + 0x61, 0x8C, 0x08, 0x31, 0x12, 0xA3, 0x90, 0x1A, 0x12, 0x8C, + 0x1A, 0xA5, 0x85, 0x0B, 0x34, 0x45, 0x03, 0x39, 0x51, 0x1B, + 0x14, 0x44, 0x99, 0x24, 0x10, 0x5B, 0xB8, 0x4D, 0x48, 0x96, + 0x84, 0x8C, 0x94, 0x84, 0x63, 0x28, 0x21, 0x53, 0x80, 0x80, + 0x23, 0x23, 0x86, 0xD3, 0x90, 0x31, 0xDB, 0x00, 0x28, 0x18, + 0x09, 0x48, 0x01, 0xA1, 0x91, 0x8C, 0x38, 0x09, 0xE0, 0xB8, + 0x20, 0xD0, 0x30, 0x22, 0x61, 0xB6, 0x71, 0xD3, 0xC8, 0x05, + 0x00, 0x80, 0x09, 0x9C, 0x28, 0x8D, 0x83, 0x00, 0x2A, 0x92, + 0x00, 0x41, 0x90, 0x12, 0x12, 0x40, 0x18, 0x46, 0x19, 0x03, + 0x8A, 0x19, 0x23, 0x66, 0x08, 0x09, 0x32, 0xD9, 0x46, 0x69, + 0xE0, 0x26, 0x2C, 0x04, 0x80, 0x85, 0x04, 0x94, 0x29, 0x1B, + 0x44, 0x01, 0x92, 0x34, 0x45, 0xD0, 0xC6, 0x50, 0x02, 0x46, + 0x45, 0x24, 0x22, 0x90, 0x5B, 0x34, 0x50, 0x23, 0x22, 0x24, + 0x18, 0x36, 0x0D, 0x1B, 0x04, 0x68, 0xD9, 0xB8, 0x11, 0x49, + 0xC0, 0x89, 0x19, 0xA5, 0x84, 0x00, 0x99, 0x0D, 0x22, 0xA6, + 0x88, 0x82, 0x90, 0x6C, 0x42, 0x80, 0x2D, 0xC0, 0x88, 0x40, + 0x93, 0x84, 0x51, 0x9C, 0x46, 0x40, 0xDA, 0x04, 0x32, 0xD9, + 0x02, 0x84, 0x02, 0x44, 0x2E, 0x08, 0xB5, 0x81, 0x20, 0xA6, + 0x71, 0xD0, 0x26, 0x0A, 0x23, 0xC7, 0x70, 0x41, 0x42, 0x41, + 0x0B, 0x43, 0x4C, 0x20, 0xC9, 0x30, 0x5A, 0x22, 0x8C, 0x14, + 0xC5, 0x20, 0xA3, 0x30, 0x66, 0xE4, 0x10, 0x85, 0xC3, 0xB2, + 0x91, 0xA1, 0xA6, 0x05, 0x98, 0xA2, 0x80, 0x00, 0x81, 0x29, + 0x24, 0x47, 0x32, 0x10, 0x26, 0x2E, 0xCC, 0xA0, 0x0D, 0x22, + 0x80, 0x51, 0xCB, 0x46, 0x4A, 0x91, 0x04, 0x85, 0xD0, 0x90, + 0x88, 0x94, 0xC6, 0x11, 0x86, 0x3F, 0xAE, 0xE7, 0xA7, 0xD2, + 0xAB, 0x91, 0x16, 0x25, 0x66, 0x80, 0x76, 0x84, 0x42, 0x9E, + 0xE2, 0xDB, 0x76, 0xE3, 0xE7, 0xF8, 0xB8, 0x6E, 0x21, 0x0E, + 0x36, 0x8D, 0xB7, 0xE4, 0xAD, 0x3C, 0xC0, 0xDD, 0xC2, 0xDB, + 0xC7, 0x78, 0xFA, 0x83, 0x8B, 0x46, 0xAF, 0xD7, 0x2C, 0xF9, + 0xC1, 0x55, 0xFA, 0x94, 0x80, 0x27, 0x33, 0xEF, 0x4B, 0x4E, + 0x2E, 0x3E, 0x8A, 0xDE, 0x83, 0x00, 0xDB, 0x61, 0x4A, 0x0D, + 0x8D, 0x6B, 0xEC, 0x73, 0xDE, 0x2F, 0xA1, 0xBC, 0xC5, 0x00, + 0xB9, 0xDF, 0x91, 0x0A, 0x3A, 0xD6, 0x2F, 0x9E, 0xE3, 0xED, + 0x7D, 0x9B, 0xEB, 0x9A, 0x70, 0xD0, 0x28, 0x0A, 0x7F, 0xDC, + 0x36, 0x38, 0x51, 0x0F, 0xDD, 0xD5, 0x3B, 0xFD, 0x0C, 0xA2, + 0x1A, 0xF0, 0x77, 0x92, 0x7F, 0x47, 0x92, 0x1C, 0x09, 0xDE, + 0x8B, 0xAD, 0x09, 0x82, 0x6F, 0x40, 0xC1, 0xDA, 0xE8, 0x01, + 0x19, 0x75, 0xC1, 0xE3, 0x74, 0xA4, 0x6E, 0x23, 0xEF, 0xBA, + 0xD0, 0x19, 0x4B, 0xDF, 0xB7, 0x15, 0x3C, 0x91, 0x59, 0x17, + 0xCD, 0x63, 0x44, 0x68, 0xDC, 0xBB, 0xBF, 0x6D, 0x81, 0xC5, + 0x05, 0x27, 0x94, 0x5C, 0x3E, 0xB1, 0x02, 0x07, 0x61, 0xE7, + 0x26, 0x70, 0xB6, 0x9A, 0x0B, 0x1F, 0x3F, 0x7D, 0x60, 0xE9, + 0xED, 0xDC, 0xB5, 0xCD, 0x63, 0x0E, 0x96, 0xB2, 0x65, 0x76, + 0x29, 0x10, 0xF3, 0x5D, 0xC2, 0x1D, 0xC6, 0x18, 0xE7, 0x07, + 0x3A, 0xE2, 0x19, 0xEC, 0xE5, 0xE7, 0x1A, 0xB6, 0xE1, 0xAE, + 0x38, 0xE6, 0xDB, 0xB8, 0x81, 0x42, 0x8E, 0x24, 0x2A, 0xF6, + 0xE7, 0x28, 0xBB, 0x3B, 0xF9, 0x3F, 0x0B, 0x8D, 0x4D, 0xE5, + 0x62, 0xC3, 0x82, 0x70, 0xD2, 0x67, 0x0C, 0x44, 0xFA, 0x9C, + 0x86, 0xF0, 0x72, 0x5E, 0x9F, 0xED, 0x42, 0x4E, 0xE8, 0xD8, + 0xAE, 0xB6, 0x45, 0xC8, 0xEA, 0x4A, 0xD8, 0xD7, 0x38, 0xDC, + 0xB6, 0x8D, 0x81, 0xF7, 0x2B, 0x2E, 0xF6, 0x5E, 0x03, 0xF3, + 0x45, 0x91, 0x9B, 0x5E, 0x5C, 0xF2, 0xDA, 0x86, 0x55, 0xB0, + 0x92, 0xC0, 0x88, 0x09, 0x00, 0x4F, 0xE2, 0x01, 0x0B, 0x3C, + 0xDC, 0x3C, 0x67, 0x38, 0xF0, 0x26, 0x01, 0x49, 0x35, 0x14, + 0x23, 0x52, 0x1D, 0x2D, 0x1E, 0x10, 0x72, 0x7D, 0x57, 0xB6, + 0x47, 0x08, 0xBA, 0x1E, 0x92, 0x0F, 0x94, 0x23, 0x18, 0x02, + 0x0F, 0x6E, 0x80, 0xEA, 0x12, 0xB4, 0xBC, 0x4E, 0x89, 0xA7, + 0x4C, 0x77, 0x63, 0x2E, 0x28, 0xB4, 0x11, 0xF1, 0x20, 0xD4, + 0xF1, 0xAE, 0x52, 0x09, 0x56, 0x65, 0xDB, 0xD2, 0xAA, 0xFF, + 0x2F, 0xCA, 0x23, 0x9A, 0xD1, 0x98, 0x91, 0x50, 0x4C, 0x79, + 0xDA, 0x56, 0x56, 0x4D, 0x04, 0x54, 0xAB, 0x74, 0x97, 0xDE, + 0xA2, 0xF2, 0xDF, 0xD0, 0x30, 0x13, 0x86, 0x9B, 0x0F, 0xC7, + 0xFE, 0xFF, 0x48, 0x7A, 0x8E, 0x33, 0x8C, 0x59, 0xBB, 0x07, + 0x16, 0x7D, 0x99, 0x4E, 0xA9, 0x88, 0x1A, 0xA1, 0xE1, 0x87, + 0x70, 0xFD, 0x13, 0xC7, 0xBB, 0x0D, 0xBD, 0x74, 0xAC, 0x93, + 0xDF, 0x84, 0x01, 0xA0, 0x8D, 0xB1, 0x0D, 0x9B, 0x0F, 0xE9, + 0x2A, 0xC3, 0x9F, 0xC8, 0x1E, 0xA6, 0xE5, 0x7A, 0x56, 0xCE, + 0xA2, 0xA8, 0x34, 0xCC, 0x55, 0x00, 0x89, 0x63, 0xA1, 0xE3, + 0x2C, 0x35, 0xE0, 0x36, 0x9D, 0x5A, 0x58, 0xFD, 0xF5, 0x9A, + 0x9B, 0x26, 0xF8, 0x8F, 0x97, 0x90, 0xAC, 0x91, 0xCD, 0x57, + 0x86, 0x28, 0x3B, 0x96, 0x3F, 0xED, 0xD6, 0x33, 0x41, 0x36, + 0x77, 0xC9, 0xD6, 0x7C, 0x86, 0x8C, 0x4C, 0xA9, 0xC1, 0xFC, + 0x9B, 0x3D, 0x9C, 0xAE, 0x61, 0x12, 0x44, 0x8A, 0x0F, 0x09, + 0x0F, 0x7E, 0x6E, 0xB2, 0x0C, 0x2B, 0x6F, 0xE8, 0xB6, 0xD0, + 0x8B, 0xF5, 0x6D, 0x75, 0xE3, 0x31, 0x7A, 0x67, 0x47, 0x78, + 0xEE, 0xA4, 0x95, 0x39, 0x7C, 0xF4, 0x37, 0x3A, 0xBC, 0xB7, + 0xC3, 0xAC, 0x45, 0x99, 0x84, 0xE2, 0xB4, 0xF4, 0xB0, 0x92, + 0xA4, 0x60, 0x1B, 0xCA, 0x77, 0x0F, 0xB3, 0x17, 0x58, 0x4F, + 0x40, 0x6D, 0xAB, 0x23, 0x1B, 0x22, 0x07, 0x7E, 0x23, 0xF5, + 0x8C, 0xB7, 0xAF, 0x01, 0xE1, 0x0E, 0x57, 0x5E, 0x9D, 0x37, + 0xDF, 0xDF, 0xF7, 0xC5, 0x72, 0xC5, 0x7A, 0xEA, 0x53, 0xD1, + 0x7C, 0x8D, 0x80, 0x90, 0x3D, 0x29, 0x72, 0x61, 0x93, 0x8F, + 0x0C, 0x54, 0xF9, 0x2E, 0x46, 0x48, 0x21, 0xF2, 0xB7, 0x97, + 0x50, 0xAD, 0x55, 0xD1, 0x1D, 0x5F, 0xFC, 0x5D, 0x76, 0x50, + 0x9E, 0x40, 0x1D, 0xF6, 0x82, 0xFE, 0x7A, 0xDA, 0xB8, 0x5C, + 0xCA, 0x1D, 0x53, 0xEB, 0xAE, 0x98, 0x60, 0x25, 0x5E, 0x59, + 0x39, 0x86, 0xE8, 0xCA, 0x8D, 0x28, 0x89, 0x45, 0x83, 0xD1, + 0xC7, 0x66, 0x7A, 0x2E, 0x30, 0x9A, 0x76, 0xD6, 0x21, 0xB5, + 0x33, 0x43, 0x9F, 0xAF, 0xBF, 0x9E, 0xAE, 0xE7, 0xD6, 0xAA, + 0x13, 0x70, 0x35, 0x5F, 0x36, 0xF3, 0xAE, 0x4F, 0xD5, 0xB5, + 0xEE, 0x39, 0x1E, 0x40, 0x4B, 0x2C, 0xE2, 0xDC, 0x0B, 0x91, + 0xED, 0x61, 0xB8, 0x47, 0xD2, 0x3A, 0xAF, 0x9D, 0x29, 0x65, + 0xA6, 0x35, 0xD2, 0xB0, 0x3B, 0x44, 0x6B, 0x21, 0x6C, 0x24, + 0x6D, 0x4A, 0x2C, 0xA6, 0xF5, 0x5C, 0xC7, 0x32, 0x83, 0x84, + 0x96, 0xBB, 0x54, 0xDD, 0x5B, 0x44, 0x78, 0x90, 0x90, 0xB0, + 0x75, 0x2B, 0x1A, 0x7B, 0xDD, 0xC8, 0x7D, 0x72, 0xBA, 0xAC, + 0xAD, 0x38, 0x3D, 0xBA, 0x46, 0x38, 0x06, 0x9C, 0xF3, 0xA8, + 0x6C, 0x36, 0x98, 0x0B, 0xB8, 0xDC, 0xE9, 0x22, 0x77, 0x53, + 0x03, 0xD6, 0xA6, 0xBF, 0x18, 0x0E, 0x60, 0x19, 0xA7, 0x16, + 0x5F, 0x9A, 0x04, 0x3D, 0x01, 0xDD, 0x06, 0xCD, 0xD7, 0xA3, + 0xD6, 0x0D, 0x5D, 0x49, 0xB1, 0x85, 0xEA, 0xEC, 0xF5, 0xA2, + 0x97, 0x82, 0x98, 0xCB, 0x8E, 0xFA, 0xF5, 0xFB, 0x59, 0x16, + 0x1B, 0x51, 0x43, 0xFA, 0xD5, 0x46, 0xA7, 0x07, 0x21, 0x92, + 0xBB, 0x56, 0x67, 0xD8, 0xF3, 0x9E, 0x94, 0x18, 0x00, 0x9E, + 0xFA, 0x36, 0x1C, 0x1B, 0x24, 0x37, 0x48, 0x07, 0x91, 0xF7, + 0xD1, 0x4C, 0x53, 0x11, 0xBE, 0x15, 0x5D, 0x77, 0x1E, 0x86, + 0xE9, 0xF4, 0xBD, 0x69, 0x63, 0x75, 0x3E, 0x41, 0x6B, 0xC0, + 0x99, 0xD2, 0xC4, 0x2F, 0x5E, 0xAC, 0x64, 0xB7, 0xB2, 0xA9, + 0xEB, 0x88, 0x32, 0xD6, 0x93, 0x39, 0xCD, 0xBD, 0x16, 0x3D, + 0x27, 0xCA, 0xD3, 0xF6, 0x5B, 0x41, 0x23, 0xAC, 0xC5, 0x4C, + 0x3F, 0x72, 0x6A, 0xF7, 0x08, 0x31, 0x6B, 0x61, 0x21, 0x47, + 0xA1, 0x67, 0x54, 0xCE, 0x17, 0x01, 0x07, 0x7F, 0x41, 0xA1, + 0x7A, 0xC2, 0x73, 0xFD, 0x08, 0xE1, 0xF9, 0x9E, 0xBB, 0xE2, + 0x91, 0x0C, 0x21, 0x1D, 0x93, 0x82, 0x9F, 0x5D, 0xE2, 0x10, + 0x9B, 0x8F, 0x4D, 0xEC, 0x22, 0x76, 0x29, 0xE5, 0xF1, 0x0C, + 0x15, 0x62, 0x50, 0x1B, 0xB7, 0x6F, 0x6C, 0xDB, 0xE2, 0xDD, + 0x7F, 0x15, 0xD6, 0xFE, 0x7E, 0x22, 0x31, 0x7B, 0x53, 0x8D, + 0xC7, 0xB6, 0x30, 0xBB, 0xDD, 0x07, 0x7B, 0x18, 0x97, 0x43, + 0x5E, 0x3D, 0xDE, 0xC7, 0xAB, 0xAD, 0x04, 0x4B, 0x26, 0xF0, + 0xD3, 0xB6, 0xC5, 0xE2, 0x65, 0x9A, 0xCA, 0xF1, 0xD7, 0xBD, + 0x25, 0xFF, 0x25, 0x58, 0x42, 0xD2, 0x42, 0xDD, 0x3A, 0x95, + 0xE1, 0xF5, 0xAA, 0xE1, 0xDF, 0x52, 0x8D, 0x7B, 0xAA, 0x91, + 0x4B, 0xB3, 0xF1, 0x4F, 0x02, 0xDC, 0xA2, 0xEF, 0x98, 0xCD, + 0xDE, 0xFF, 0x8F, 0xAD, 0x77, 0xB5, 0x9C, 0x66, 0x22, 0x4F, + 0x38, 0xE5, 0xC8, 0x9F, 0x4C, 0xA9, 0xC1, 0xFB, 0x1F, 0xBB, + 0xCA, 0x21, 0xD7, 0xF5, 0xCC, 0xDD, 0x65, 0x84, 0x11, 0x85, + 0x4D, 0xFB, 0xF3, 0x6A, 0x7E, 0x0C, 0xE9, 0x1C, 0x18, 0xD1, + 0x19, 0x7C, 0x4B, 0x0A, 0xC3, 0x7A, 0x4D, 0x9C, 0x82, 0x02, + 0xF9, 0xF2, 0x4B, 0xF7, 0xA2, 0xED, 0x46, 0x1A, 0x9F, 0x21, + 0x18, 0x19, 0x97, 0x4A, 0x3D, 0xD8, 0x02, 0xE1, 0x25, 0xF4, + 0xDA, 0x8F, 0x71, 0x0B, 0xD4, 0x8F, 0x65, 0x72, 0x44, 0x2F, + 0x00, 0x6F, 0x25, 0xD0, 0x91, 0x26, 0x0F, 0xC0, 0x3E, 0xFF, + 0xC7, 0x83, 0x6F, 0x44, 0xDE, 0x91, 0xC8, 0xFC, 0x9A, 0xE5, + 0x25, 0xF5, 0x6E, 0x24, 0xAB, 0x60, 0x3A, 0x93, 0x34, 0xFB, + 0x69, 0x4E, 0xFA, 0x33, 0x64, 0x34, 0x20, 0x86, 0x75, 0x91, + 0xEF, 0xAE, 0xDC, 0xD2, 0xCD, 0xB7, 0x75, 0x5D, 0xCF, 0x53, + 0xF1, 0xB7, 0x25, 0x58, 0x01, 0x51, 0x41, 0xA8, 0xFA, 0xE7, + 0x85, 0x93, 0x3F, 0x63, 0x65, 0x59, 0x4D, 0x2C, 0x36, 0xB5, + 0x68, 0x80, 0xD9, 0x0A, 0xFF, 0x24, 0xF4, 0xE6, 0x92, 0xAA, + 0xF1, 0xDE, 0x9D, 0x8A, 0x1C, 0x95, 0xB5, 0x2C, 0x4A, 0x65, + 0xFF, 0x36, 0x80, 0xCD, 0xB9, 0x66, 0xAB, 0x5C, 0x38, 0xA7, + 0x4A, 0xD4, 0xDC, 0x19, 0x05, 0x7E, 0xC5, 0x89, 0xAF, 0x62, + 0x3A, 0xF7, 0xBA, 0x37, 0x6A, 0x20, 0x56, 0xBB, 0x93, 0x36, + 0xAF, 0x72, 0x9F, 0xC2, 0x27, 0x95, 0xE0, 0x9D, 0xB3, 0x44, + 0xC5, 0xA7, 0xF9, 0xE6, 0x55, 0x65, 0xD6, 0xFA, 0x3E, 0xB5, + 0x1E, 0xF0, 0x1D, 0x14, 0x8D, 0xF2, 0x35, 0xF7, 0x01, 0xA0, + 0x8B, 0x6F, 0xED, 0x20, 0xC2, 0x10, 0x36, 0x4F, 0x24, 0x75, + 0x3A, 0xA6, 0x3F, 0x88, 0x06, 0x0F, 0x26, 0x6E, 0x06, 0x5C, + 0xC3, 0x59, 0x74, 0x05, 0x85, 0xC2, 0x5D, 0xB0, 0x91, 0x25, + 0x15, 0x13, 0xEE, 0x32, 0x2F, 0x86, 0x5D, 0x4F, 0x93, 0x50, + 0x80, 0x1F, 0x16, 0x8D, 0x35, 0xCC, 0x9F, 0xB5, 0xAB, 0xD3, + 0x84, 0x56, 0xEF, 0x26, 0x56, 0x25, 0x9B, 0x6C, 0xAF, 0x62, + 0xDE, 0xC2, 0x97, 0xF5, 0x51, 0x52, 0x97, 0x0A, 0x06, 0x90, + 0xF8, 0xB7, 0xCE, 0x38, 0xD8, 0xE2, 0xBC, 0x4E, 0x36, 0x67, + 0x50, 0xF9, 0xE7, 0x48, 0x84, 0x9B, 0x73, 0x98, 0x0C, 0xC4, + 0xF8, 0xC8, 0x87, 0x9B, 0x04, 0xBC, 0x5F, 0x3E, 0x32, 0x00, + 0x4E, 0x89, 0xF8, 0xCA, 0xFA, 0x88, 0x69, 0x63, 0xD6, 0x51, + 0x62, 0x89, 0x5C, 0x83, 0x5B, 0xC0, 0x6C, 0xD1, 0x84, 0x77, + 0x94, 0x9A, 0x91, 0xFE, 0x53, 0x4A, 0x53, 0x13, 0x4A, 0xF9, + 0x8F, 0xB9, 0x84, 0x9A, 0xC8, 0xB6, 0x40, 0xEC, 0xA4, 0x22, + 0xCE, 0x57, 0x52, 0x2B, 0x4F, 0x11, 0x79, 0x7C, 0x42, 0xE8, + 0x37, 0x42, 0x84, 0xE6, 0x07, 0x94, 0xFA, 0x32, 0x14, 0x3E, + 0x2C, 0x7B, 0x6D, 0xE4, 0xAC, 0x10, 0xBF, 0xF3, 0x57, 0x8A, + 0x8E, 0x42, 0xBF, 0xEB, 0x17, 0x3B, 0xAC, 0x15, 0xA4, 0xAC, + 0x8F, 0x0E, 0xDA, 0x83, 0xF2, 0x73, 0x39, 0x37, 0x11, 0x9B, + 0x51, 0x96, 0x02, 0xA5, 0x11, 0xD3, 0xF6, 0xB6, 0x06, 0x72, + 0xEB, 0xED, 0x8E, 0x28, 0x4E, 0x55, 0x37, 0xF0, 0x71, 0xF9, + 0xAB, 0x26, 0x75, 0x00, 0x50, 0x78, 0x5A, 0x90, 0xCD, 0xCB, + 0xE2, 0x42, 0x9C, 0xE4, 0xD3, 0x65, 0x48, 0x45, 0x14, 0xDD, + 0xB2, 0x4A, 0x83, 0x64, 0x94, 0x6E, 0x96, 0x0B, 0xB1, 0x57, + 0xFE, 0xBE, 0x51, 0x5C, 0x33, 0x77, 0x7C, 0x5D, 0xBF, 0xF3, + 0xD1, 0x27, 0x25, 0x8A, 0x4B, 0x92, 0x8E, 0x53, 0x63, 0x68, + 0xB8, 0xA1, 0x62, 0xAD, 0x7B, 0x86, 0x12, 0xF9, 0x24, 0xFD, + 0x8F, 0x61, 0xEC, 0xE9, 0x5B, 0x5F, 0xA3, 0xA7, 0x2C, 0xC2, + 0xFB, 0x0C, 0x25, 0x17, 0x8E, 0x82, 0x2B, 0x1B, 0xDA, 0x58, + 0xEF, 0xB8, 0x6E, 0x64, 0xC3, 0x8D, 0xC7, 0x82, 0x26, 0x72, + 0xED, 0xDC, 0x97, 0x89, 0xF2, 0xD4, 0x40, 0x7C, 0xA5, 0x1B, + 0x04, 0x24, 0xFC, 0x2C, 0x36, 0x57, 0xA7, 0xB8, 0x1A, 0xA2, + 0x28, 0xB3, 0x16, 0x56, 0x77, 0xF7, 0xA3, 0x50, 0x62, 0x5E, + 0xFE, 0x72, 0x74, 0xB3, 0x76, 0xD9, 0xF4, 0xD5, 0xCA, 0x7E, + 0x14, 0x80, 0x98, 0xB9, 0x50, 0xA8, 0x22, 0xB5, 0x5B, 0xD6, + 0xB3, 0x1D, 0x8B, 0xFC, 0xA5, 0xD0, 0x0F, 0x65, 0x33, 0x3B, + 0x21, 0x55, 0x19, 0x40, 0x2E, 0x9C, 0xCB, 0xB5, 0xE0, 0x0B, + 0x68, 0x63, 0x95, 0x2F, 0x97, 0xCC, 0xB0, 0x5C, 0xF3, 0xA4, + 0x5C, 0x05, 0x21, 0x55, 0x3F, 0xBF, 0x5F, 0xE6, 0xF1, 0x4D, + 0x75, 0xAA, 0x69, 0xE0, 0x98, 0x0F, 0x39, 0x95, 0x33, 0x99, + 0xCF, 0xEA, 0x53, 0x45, 0x9C, 0x08, 0xCF, 0x7F, 0x58, 0x27, + 0x64, 0x71, 0x64, 0x20, 0x42, 0xBD, 0xA2, 0x07, 0x5C, 0xA6, + 0xEB, 0x4C, 0x65, 0x69, 0x4F, 0x16, 0x46, 0x58, 0x80, 0xD3, + 0xC3, 0x75, 0x91, 0x1F, 0x55, 0xD7, 0xF2, 0x87, 0xB3, 0x17, + 0x82, 0xC8, 0x12, 0x59, 0x56, 0x1B, 0x9C, 0x3C, 0xDF, 0x3D, + 0x6F, 0x4F, 0x6C, 0x02, 0x60, 0x28, 0x0D, 0xD1, 0x31, 0xF7, + 0xA6, 0xAF, 0x05, 0x6E, 0xCE, 0x17, 0xBC, 0x6A, 0x1B, 0xF7, + 0xCB, 0x0D, 0x3F, 0x06, 0x8A, 0x01, 0x9A, 0xF2, 0x40, 0xF9, + 0x0D, 0x01, 0x8E, 0xCC, 0x24, 0x0C, 0xEC, 0x50, 0x44, 0xD5, + 0x2F, 0xD5, 0x51, 0x10, 0xF5, 0x20, 0x3D, 0x87, 0x5A, 0x39, + 0xEE, 0x55, 0x2B, 0x9C, 0x34, 0xD8, 0xDF, 0xF6, 0x12, 0xA7, + 0xE0, 0xBC, 0xB2, 0x3D, 0x5D, 0x42, 0x1B, 0x2F, 0x9C, 0x96, + 0xAD, 0x1F, 0x2F, 0x89, 0x8B, 0x26, 0x80, 0xF8, 0xA4, 0x07, + 0xF9, 0x2E, 0xD4, 0xDE, 0xF5, 0x5A, 0x4D, 0xF0, 0x98, 0x7C, + 0x78, 0xF1, 0x15, 0xBA, 0x16, 0xC7, 0x97, 0x37, 0xF5, 0x6B, + 0x6A, 0x21, 0x66, 0x61, 0xD1, 0x0C, 0x9E, 0x6C, 0x31, 0x4E, + 0x20, 0xCB, 0x93, 0x90, 0xD5, 0x3C, 0x2F, 0xCE, 0xF6, 0xEE, + 0x9E, 0x8F, 0x10, 0xB9, 0xFD, 0x45, 0x32, 0x2D, 0x78, 0x8E, + 0x1C, 0x19, 0xC5, 0x07, 0xD9, 0xE4, 0xC0, 0x07, 0xB3, 0x2F, + 0xB6, 0x1E, 0xCE, 0x27, 0x0F, 0xF5, 0x97, 0x46, 0x95, 0xE4, + 0xC0, 0xE9, 0x42, 0x4A, 0xF9, 0xED, 0x3D, 0xD5, 0x37, 0x1A, + 0x2B, 0x63, 0x2A, 0xBA, 0x22, 0xD4, 0xC5, 0x67, 0x4B, 0x77, + 0xB8, 0xD2, 0xEA, 0xE3, 0x42, 0xDE, 0x54, 0x3B, 0xE2, 0x42, + 0xA4, 0x96, 0xDF, 0xAD, 0xEB, 0x34, 0xB5, 0xDA, 0x7E, 0xEF, + 0xC9, 0xBF, 0xA2, 0x11, 0x01, 0xC2, 0xF2, 0x0C, 0x5D, 0x6C, + 0xA8, 0x9A, 0x2F, 0xA9, 0x9A, 0x47, 0x17, 0x9D, 0xF8, 0x34, + 0x01, 0xC0, 0x8F, 0xBA, 0xE2, 0xC9, 0xA5, 0xA3, 0x02, 0x6C, + 0x18, 0x01, 0x4B, 0xEA, 0x44, 0xD4, 0x88, 0x9C, 0x36, 0x32, + 0x55, 0xA2, 0x7E, 0xBF, 0x74, 0x0C, 0xEC, 0x8C, 0x16, 0x4F, + 0x2E, 0xFB, 0xC2, 0xA9, 0xB6, 0x0E, 0xE6, 0x26, 0x59, 0x40, + 0x21, 0xB2, 0x97, 0x4C, 0x99, 0xA8, 0xE4, 0xAE, 0xED, 0x66, + 0x4C, 0x22, 0xAD, 0xD3, 0x62, 0x5A, 0x51, 0x23, 0x2F, 0x3C, + 0x1D, 0x3A, 0xF5, 0x92, 0x00, 0x7B, 0x42, 0xFA, 0xC1, 0x49, + 0x37, 0x42, 0xB7, 0x64, 0x8E, 0x1F, 0x5F, 0xA9, 0xB2, 0x03, + 0xFA, 0xDA, 0xAC, 0x48, 0x3F, 0xF3, 0x80, 0xE0, 0xE1, 0x3D, + 0x07, 0x99, 0x31, 0x9E, 0x7D, 0x2C, 0x9B, 0x19, 0x6F, 0x81, + 0x0D, 0x1F, 0x95, 0x04, 0x44, 0x47, 0x80, 0xE0, 0xD6, 0x7C, + 0x96, 0xF8, 0x6B, 0x1A, 0x2B, 0xAC, 0xC7, 0x6B, 0x6E, 0x12, + 0xF8, 0x15, 0xA2, 0xB7, 0xFF, 0x2C, 0x94, 0x2E, 0xEF, 0xB0, + 0xF9, 0xF7, 0x3F, 0x41, 0xF5, 0x8B, 0x17, 0x22, 0x58, 0x72, + 0x00, 0xD1, 0xB8, 0x44, 0x5A, 0x75, 0xDC, 0x5D, 0xF5, 0x5F, + 0x7F, 0x4C, 0xD6, 0xFD, 0x6E, 0xE5, 0xBD, 0x80, 0xD6, 0x5C, + 0x59, 0x5F, 0x0E, 0x6A, 0xAA, 0x4A, 0x57, 0x40, 0x63, 0xB6, + 0xBD, 0x4F, 0xDF, 0xD8, 0x40, 0x07, 0x17, 0x8D, 0x85, 0x79, + 0xD2, 0x2F, 0x64, 0xC0, 0xC9, 0xA3, 0x73, 0x2F, 0xB2, 0xA9, + 0x23, 0x78, 0xE3, 0xB9, 0x21, 0x85, 0x91, 0x34, 0x45, 0xCF, + 0x0A, 0x1C, 0x55, 0x52, 0xF8, 0x5D, 0x2C, 0x42, 0x19, 0x10, + 0xDB, 0x4E, 0x1E, 0x33, 0x5C, 0xED, 0x8F, 0xD7, 0x94, 0x6A, + 0x43, 0x6A, 0xD2, 0xBF, 0x54, 0xB8, 0x8C, 0xFA, 0x6A, 0xEB, + 0xD0, 0x12, 0x65, 0xA4, 0x2F, 0x14, 0x51, 0xAC, 0xE4, 0x83, + 0x0F, 0xDC, 0x39, 0xB0, 0xCD, 0x31, 0xC4, 0x61, 0xEB, 0xE7, + 0x26, 0x9A, 0x4C, 0xCE, 0x49, 0x99, 0xD0, 0xBB, 0x90, 0x8A, + 0x30, 0xDF, 0x24, 0xA9, 0x50, 0x0B, 0xAA, 0xC8, 0xEB, 0x7D, + 0xD9, 0x72, 0xF8, 0x93, 0xCF, 0x76, 0x6A, 0x6F, 0x38, 0xCC, + 0x50, 0x88, 0x45, 0x2E, 0x78, 0xAD, 0xD4, 0xEC, 0xC1, 0xB8, + 0xBE, 0x7C, 0x4B, 0x79, 0xA1, 0xA1, 0xA8, 0x25, 0xD9, 0x72, + 0x20, 0x2D, 0x22, 0x20, 0x5E, 0x80, 0x92, 0x88, 0x08, 0x27, + 0xE5, 0xB4, 0xF4, 0xAA, 0xCC, 0xB0, 0x42, 0x67, 0x61, 0xD6, + 0x80, 0x31, 0x4A, 0xA8, 0xFF, 0xE4, 0xBA, 0x49, 0x7A, 0xF9, + 0x85, 0xD3, 0xE4, 0x96, 0xB6, 0x42, 0x87, 0x23, 0xF6, 0x81, + 0xBD, 0x1F, 0xB0, 0xC9, 0x02, 0xC2, 0x61, 0x9D, 0xA0, 0xCE, + 0xF6, 0x28, 0xF5, 0xA8, 0x3E, 0x97, 0xBB, 0xB9, 0xE5, 0x0D, + 0x2B, 0x8E, 0x32, 0x6A, 0x18, 0x06, 0xA5, 0xC4, 0xCF, 0xC0, + 0xF7, 0xB8, 0x12, 0x76, 0x91, 0xDE, 0xD1, 0xD6, 0xA8, 0x3A, + 0xF8, 0xEC, 0xCB, 0xD0, 0x26, 0x76, 0x31, 0xE3, 0xC9, 0x0A, + 0xC5, 0xB3, 0xEF, 0x00, 0x10, 0xEA, 0xED, 0x1D, 0x95, 0x30, + 0x6F, 0x0B, 0xA5, 0x44, 0xD9, 0xF1, 0x1E, 0x65, 0xE6, 0x0F, + 0xD1, 0x85, 0xC7, 0x77, 0xE2, 0x30, 0x21, 0x1A, 0x94, 0x26, + 0xF8, 0x4A, 0x54, 0x57, 0x48, 0x88, 0x03, 0x25, 0xF1, 0x67, + 0x21, 0x8E, 0xA9, 0xFD, 0x2F, 0x4F, 0x49, 0x06, 0xC5, 0x83, + 0x44, 0xC4, 0xC7, 0x33, 0x59, 0x59, 0x83, 0x59, 0x70, 0xA9, + 0x2C, 0xF6, 0xE9, 0x02, 0xA5, 0xF8, 0x07, 0xAF, 0x7C, 0xFD, + 0xCA, 0x6A, 0x53, 0x3B, 0xBF, 0x80, 0x15, 0x0C, 0xE8, 0xB7, + 0x15, 0xF9, 0xC3, 0x5A, 0x32, 0xF4, 0x26, 0x78, 0x03, 0xE7, + 0x7C, 0x1A, 0x0D, 0x52, 0x4A, 0x2B, 0x1F, 0xDE, 0x90, 0x30, + 0x2C, 0x4A, 0x48, 0x94, 0x4E, 0xB9, 0x74, 0x85, 0x00, 0x37, + 0xD9, 0xAF, 0xCE, 0x91, 0xC3, 0xEC, 0xC8, 0xDA, 0x64, 0x54, + 0xAE, 0x44, 0x34, 0x4E, 0xAA, 0x22, 0x29, 0xEE, 0xD5, 0x2B, + 0xAC, 0x40, 0x7F, 0x2E, 0x05, 0x98, 0x31, 0x85, 0xD1, 0x9E, + 0x3E, 0xE8, 0xDB, 0xFC, 0x18, 0x5C, 0x29, 0x61, 0x18, 0x9A, + 0x68, 0x56, 0x0E, 0x66, 0x78, 0x1B, 0x0A, 0x85, 0x7F, 0xD2, + 0x70, 0xD8, 0x67, 0xFC, 0x57, 0xB6, 0x60, 0x75, 0x8A, 0xF3, + 0xAE, 0x91, 0x4E, 0xEC, 0xC9, 0x14, 0x22, 0x3E, 0x8C, 0x08, + 0x84, 0x1B, 0x58, 0x3C, 0x95, 0x03, 0x7D, 0x33, 0x1A, 0x31, + 0x01, 0x26, 0xC8, 0x4B, 0x9D, 0x4D, 0x2A, 0x53, 0xAE, 0xB8, + 0xA3, 0xCF, 0x8C, 0x4F, 0xE6, 0x5C, 0x9A, 0x1A, 0xFD, 0xBC, + 0xE0, 0x03, 0x45, 0xB0, 0x96, 0xE7, 0xC5, 0x3B, 0xA3, 0x09, + 0x93, 0x08, 0x13, 0x6B, 0xF0, 0x68, 0x12, 0x13, 0x10, 0xE6, + 0x9B, 0xAF, 0x5D, 0x68, 0xEE, 0x31, 0x09, 0xD8, 0xC9, 0x5E, + 0xC8, 0xE3, 0x85, 0x0B, 0xE7, 0x1A, 0x3A, 0x2B, 0xFE, 0x80, + 0xAF, 0x13, 0x13, 0xED, 0xB3, 0xA4, 0xE7, 0x23, 0xE7, 0xA9, + 0x8E, 0xA3, 0x9E, 0xC5, 0x73, 0x1A, 0x47, 0x4E, 0x0A, 0xFB, + 0xDD, 0x17, 0x19, 0x9E, 0xCB, 0x29, 0x6D, 0x2D, 0x94, 0xB2, + 0xF8, 0x3E, 0x1B, 0x5F, 0x5C, 0xB1, 0x6E, 0x0A, 0x6B, 0x7B, + 0xEE, 0x9F, 0x35, 0x2C, 0xD8, 0x81, 0xDF, 0x25, 0xFA, 0x9B, + 0xCD, 0x28, 0xA6, 0x7D, 0x08, 0x3D, 0x54, 0xF3, 0x67, 0x30, + 0x36, 0xD2, 0xEE, 0x22, 0x13, 0xB9, 0xB2, 0x71, 0x07, 0xBF, + 0xB3, 0x81, 0x25, 0xB7, 0xFA, 0xDA, 0xEE, 0xCF, 0x04, 0xA9, + 0xC0, 0xF0, 0xC1, 0xC2, 0xFE, 0x77, 0x19, 0xA6, 0x3B, 0xCC, + 0x7C, 0xE1, 0x9A, 0x99, 0xDA, 0x11, 0xEF, 0x7B, 0x9D, 0x89, + 0xE0, 0x9F, 0x22, 0x8E, 0x93, 0x6D, 0x86, 0x60, 0x7E, 0x61, + 0xD4, 0xD9, 0xC9, 0x6B, 0x74, 0x6E, 0x17, 0xDC, 0x7A, 0xB5, + 0xF3, 0xFF, 0xD2, 0xDB, 0xFC, 0xCD, 0x34, 0x05, 0x96, 0xDE, + 0x62, 0xDF, 0x60, 0x8F, 0xBA, 0x29, 0x7C, 0xE2, 0x5A, 0xDB, + 0x21, 0x39, 0x3D, 0x27, 0x6B, 0x7B, 0x9E, 0xFC, 0x3F, 0x78, + 0xAA, 0xFA, 0xE7, 0x07, 0x64, 0xAB, 0xA0, 0x20, 0x72, 0x31, + 0xE5, 0x25, 0x53, 0x65, 0x91, 0x8A, 0x33, 0x4E, 0x0B, 0x84, + 0x30, 0xB4, 0x15, 0xD3, 0x28, 0x4D, 0xB5, 0x28, 0xF5, 0x20, + 0xF0, 0x4C, 0x8B, 0x7A, 0xC4, 0x74, 0x64, 0x54, 0xF0, 0x52, + 0x6D, 0x45, 0xF1, 0x79, 0xD4, 0xBB, 0xE0, 0xB6, 0xA7, 0x2C, + 0x38, 0x1A, 0x7B, 0xF3, 0x17, 0x6B, 0x53, 0x73, 0x3F, 0xC3, + 0x22, 0x55, 0x34, 0x92, 0x5D, 0xB5, 0x80, 0x5F, 0x37, 0xB8, + 0xAF, 0x2C, 0x12, 0xA1, 0xA1, 0x29, 0x1A, 0xDC, 0x31, 0xA5, + 0xA3, 0xE6, 0xED, 0xD9, 0x4C, 0x34, 0x53, 0x01, 0x79, 0xDE, + 0xF1, 0x48, 0x31, 0x80, 0x5D, 0x0D, 0x4C, 0x62, 0x70, 0xC1, + 0x3C, 0xB1, 0x0E, 0x4D, 0x72, 0x45, 0x25, 0x33, 0x0B, 0x38, + 0xB2, 0x3E, 0x95, 0xC0, 0xA8, 0x42, 0x51, 0xD9, 0x35, 0x75, + 0xFE, 0x10, 0x4A, 0x48, 0x11, 0x82, 0xE8, 0x87, 0x04, 0x6B, + 0x06, 0x60, 0xA8, 0x0E, 0xAC, 0x8B, 0xFA, 0x40, 0xB1, 0x63, + 0x63, 0x91, 0x17, 0x2A, 0x4F, 0x2A, 0xD8, 0x6C, 0x43, 0xAF, + 0xDC, 0xE2, 0x72, 0x76, 0xBE, 0x46, 0xCB, 0x12, 0xA4, 0x73, + 0x03, 0xAB, 0x11, 0x9E, 0x0D, 0x41, 0x27, 0x8C, 0x18, 0xEF, + 0xE6, 0xC2, 0xB3, 0x09, 0xF0, 0x36, 0xA6, 0xE4, 0xFF, 0xE5, + 0x91, 0xD8, 0xD7, 0xF5, 0x1E, 0x6D, 0x34, 0x19, 0xF1, 0xAF, + 0x9B, 0x9A, 0xF8, 0x10, 0x92, 0x11, 0x85, 0xEA, 0x38, 0xF6, + 0x89, 0x40, 0x6D, 0xB0, 0x84, 0xEB, 0xBA, 0xAD, 0xB1, 0x55, + 0xB0, 0x73, 0x52, 0xF6, 0xB8, 0xD2, 0xCF, 0xED, 0x6B, 0xF5, + 0xFA, 0x01, 0x2A, 0x8E, 0xC7, 0x06, 0x77, 0xEB, 0xF3, 0x84, + 0xFD, 0x9B, 0x17, 0x54, 0x31, 0x73, 0xFE, 0xC3, 0x71, 0xF8, + 0x41, 0xFF, 0xA4, 0xD3, 0x7D, 0xB2, 0xBD, 0xBA, 0xD6, 0xE9, + 0x1E, 0x8F, 0x5B, 0x8D, 0x3A, 0x3C, 0x0C, 0xB4, 0xFE, 0x9B, + 0x49, 0x69, 0x8C, 0x3D, 0xA7, 0xF5, 0x79, 0x46, 0xE9, 0x5E, + 0xE1, 0x07, 0x52, 0xB7, 0x24, 0x51, 0x6C, 0x59, 0x74, 0x2C, + 0xEC, 0x7C, 0x88, 0x41, 0x2E, 0x45, 0x91, 0x23, 0xA4, 0x81, + 0xC9, 0x37, 0xC0, 0xDE, 0xC0, 0x09, 0x5A, 0x00, 0xFD, 0x2D, + 0x97, 0x71, 0x6A, 0xAF, 0x6E, 0x5D, 0x03, 0x67, 0xAA, 0xFD + +}; +static const int sizeof_bench_dilithium_aes_level2_key = sizeof(bench_dilithium_aes_level2_key); + +/* certs/dilithium/bench_dilithium_aes_level3_key.der */ +static const unsigned char bench_dilithium_aes_level3_key[] = +{ + 0x30, 0x82, 0x17, 0x5A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0B, + 0x06, 0x05, 0x04, 0x82, 0x17, 0x44, 0x04, 0x82, 0x17, 0x40, + 0x62, 0x93, 0x71, 0x4C, 0xCD, 0x7A, 0xD1, 0x75, 0xD1, 0xBB, + 0x2A, 0xC9, 0x54, 0xBF, 0xDA, 0xF1, 0x70, 0xE9, 0xEF, 0x8D, + 0x08, 0x66, 0xE9, 0xD6, 0xE3, 0x6F, 0x4B, 0x99, 0xEB, 0x44, + 0x51, 0x12, 0x64, 0x80, 0x0D, 0x29, 0x4B, 0x24, 0x6B, 0x6A, + 0xAC, 0xD9, 0x87, 0x9A, 0x2D, 0x49, 0xF6, 0xCC, 0x69, 0xC0, + 0xAE, 0xD9, 0xB2, 0xE1, 0xF5, 0xB8, 0xC1, 0x98, 0x77, 0x73, + 0x1F, 0x1E, 0xE6, 0x11, 0x0A, 0x1F, 0x51, 0xDF, 0xD1, 0x4A, + 0x32, 0x8D, 0xC2, 0x36, 0xA6, 0xAF, 0x6F, 0x01, 0x57, 0xA3, + 0x56, 0x17, 0x5F, 0x5E, 0xDC, 0x39, 0xD8, 0xC8, 0xB7, 0xE1, + 0x1B, 0x2F, 0x51, 0xC6, 0xAF, 0xC4, 0x65, 0x53, 0x34, 0x21, + 0x81, 0x28, 0x44, 0x82, 0x23, 0x80, 0x21, 0x17, 0x08, 0x42, + 0x88, 0x48, 0x17, 0x22, 0x31, 0x01, 0x42, 0x36, 0x83, 0x76, + 0x00, 0x45, 0x40, 0x23, 0x54, 0x85, 0x74, 0x11, 0x22, 0x85, + 0x31, 0x38, 0x81, 0x26, 0x38, 0x55, 0x15, 0x51, 0x42, 0x44, + 0x53, 0x81, 0x81, 0x47, 0x76, 0x70, 0x84, 0x15, 0x78, 0x70, + 0x34, 0x34, 0x02, 0x54, 0x65, 0x07, 0x35, 0x66, 0x51, 0x10, + 0x84, 0x03, 0x45, 0x33, 0x02, 0x51, 0x55, 0x20, 0x37, 0x76, + 0x00, 0x24, 0x58, 0x33, 0x24, 0x18, 0x67, 0x77, 0x31, 0x83, + 0x45, 0x17, 0x55, 0x12, 0x64, 0x07, 0x31, 0x08, 0x42, 0x56, + 0x45, 0x80, 0x32, 0x28, 0x61, 0x04, 0x83, 0x17, 0x10, 0x58, + 0x00, 0x18, 0x80, 0x85, 0x24, 0x15, 0x73, 0x38, 0x67, 0x84, + 0x68, 0x64, 0x85, 0x21, 0x32, 0x18, 0x41, 0x22, 0x34, 0x10, + 0x76, 0x05, 0x84, 0x47, 0x86, 0x26, 0x50, 0x86, 0x76, 0x72, + 0x25, 0x01, 0x36, 0x36, 0x67, 0x57, 0x42, 0x62, 0x10, 0x77, + 0x15, 0x66, 0x52, 0x20, 0x81, 0x86, 0x28, 0x42, 0x52, 0x73, + 0x44, 0x22, 0x04, 0x34, 0x15, 0x68, 0x65, 0x52, 0x30, 0x83, + 0x60, 0x20, 0x00, 0x57, 0x56, 0x28, 0x14, 0x16, 0x51, 0x87, + 0x57, 0x72, 0x01, 0x31, 0x31, 0x41, 0x58, 0x85, 0x80, 0x51, + 0x72, 0x27, 0x86, 0x11, 0x80, 0x76, 0x13, 0x66, 0x50, 0x18, + 0x75, 0x21, 0x06, 0x83, 0x20, 0x54, 0x44, 0x64, 0x44, 0x38, + 0x50, 0x56, 0x12, 0x78, 0x80, 0x71, 0x66, 0x20, 0x28, 0x83, + 0x50, 0x02, 0x46, 0x51, 0x86, 0x43, 0x55, 0x73, 0x38, 0x06, + 0x70, 0x06, 0x63, 0x43, 0x70, 0x81, 0x68, 0x21, 0x27, 0x14, + 0x75, 0x68, 0x68, 0x34, 0x03, 0x71, 0x34, 0x02, 0x28, 0x44, + 0x48, 0x46, 0x27, 0x16, 0x73, 0x60, 0x86, 0x86, 0x18, 0x80, + 0x05, 0x71, 0x88, 0x22, 0x13, 0x78, 0x50, 0x01, 0x60, 0x11, + 0x60, 0x77, 0x14, 0x66, 0x67, 0x66, 0x55, 0x56, 0x33, 0x53, + 0x28, 0x25, 0x54, 0x52, 0x31, 0x23, 0x56, 0x24, 0x44, 0x55, + 0x48, 0x67, 0x37, 0x64, 0x82, 0x02, 0x65, 0x88, 0x63, 0x41, + 0x83, 0x34, 0x30, 0x54, 0x63, 0x80, 0x07, 0x60, 0x81, 0x05, + 0x70, 0x83, 0x14, 0x60, 0x74, 0x04, 0x82, 0x38, 0x28, 0x24, + 0x84, 0x20, 0x68, 0x78, 0x81, 0x53, 0x71, 0x34, 0x81, 0x62, + 0x07, 0x63, 0x22, 0x45, 0x81, 0x74, 0x75, 0x03, 0x27, 0x26, + 0x50, 0x34, 0x47, 0x36, 0x86, 0x38, 0x17, 0x13, 0x10, 0x06, + 0x68, 0x43, 0x62, 0x33, 0x32, 0x53, 0x44, 0x48, 0x46, 0x08, + 0x87, 0x40, 0x27, 0x17, 0x68, 0x52, 0x38, 0x11, 0x57, 0x58, + 0x70, 0x83, 0x32, 0x70, 0x60, 0x45, 0x67, 0x64, 0x88, 0x73, + 0x01, 0x40, 0x71, 0x60, 0x60, 0x20, 0x13, 0x71, 0x23, 0x75, + 0x14, 0x32, 0x78, 0x60, 0x55, 0x84, 0x63, 0x11, 0x47, 0x82, + 0x64, 0x68, 0x48, 0x63, 0x04, 0x14, 0x64, 0x85, 0x64, 0x58, + 0x10, 0x62, 0x70, 0x07, 0x02, 0x88, 0x57, 0x67, 0x42, 0x35, + 0x30, 0x02, 0x56, 0x17, 0x41, 0x57, 0x54, 0x77, 0x06, 0x43, + 0x71, 0x48, 0x64, 0x34, 0x18, 0x42, 0x08, 0x12, 0x47, 0x70, + 0x78, 0x24, 0x85, 0x34, 0x68, 0x30, 0x02, 0x01, 0x24, 0x01, + 0x53, 0x17, 0x67, 0x58, 0x72, 0x68, 0x53, 0x61, 0x63, 0x30, + 0x36, 0x87, 0x60, 0x77, 0x35, 0x14, 0x31, 0x17, 0x47, 0x60, + 0x25, 0x47, 0x64, 0x06, 0x77, 0x13, 0x63, 0x48, 0x43, 0x85, + 0x40, 0x88, 0x62, 0x01, 0x07, 0x83, 0x03, 0x21, 0x86, 0x34, + 0x48, 0x44, 0x71, 0x72, 0x85, 0x77, 0x64, 0x82, 0x78, 0x66, + 0x73, 0x28, 0x30, 0x71, 0x74, 0x76, 0x21, 0x12, 0x26, 0x24, + 0x72, 0x24, 0x66, 0x58, 0x27, 0x66, 0x71, 0x20, 0x26, 0x30, + 0x07, 0x60, 0x26, 0x62, 0x05, 0x21, 0x83, 0x77, 0x61, 0x60, + 0x24, 0x55, 0x64, 0x73, 0x00, 0x52, 0x35, 0x21, 0x27, 0x01, + 0x78, 0x78, 0x45, 0x38, 0x87, 0x23, 0x51, 0x88, 0x31, 0x62, + 0x36, 0x20, 0x10, 0x67, 0x23, 0x53, 0x38, 0x18, 0x76, 0x71, + 0x40, 0x68, 0x08, 0x86, 0x80, 0x46, 0x25, 0x27, 0x84, 0x76, + 0x81, 0x00, 0x20, 0x06, 0x50, 0x85, 0x15, 0x32, 0x27, 0x77, + 0x30, 0x77, 0x21, 0x52, 0x05, 0x76, 0x24, 0x51, 0x18, 0x06, + 0x50, 0x26, 0x52, 0x86, 0x30, 0x27, 0x31, 0x11, 0x12, 0x31, + 0x34, 0x75, 0x48, 0x62, 0x45, 0x64, 0x08, 0x26, 0x23, 0x48, + 0x66, 0x41, 0x78, 0x26, 0x26, 0x40, 0x36, 0x44, 0x36, 0x34, + 0x00, 0x61, 0x34, 0x67, 0x31, 0x03, 0x11, 0x24, 0x32, 0x80, + 0x06, 0x44, 0x34, 0x48, 0x42, 0x27, 0x52, 0x48, 0x76, 0x04, + 0x83, 0x07, 0x36, 0x86, 0x40, 0x84, 0x72, 0x56, 0x50, 0x37, + 0x23, 0x51, 0x52, 0x64, 0x20, 0x16, 0x05, 0x17, 0x57, 0x26, + 0x22, 0x58, 0x32, 0x65, 0x47, 0x35, 0x51, 0x32, 0x04, 0x74, + 0x37, 0x00, 0x11, 0x01, 0x66, 0x17, 0x12, 0x14, 0x81, 0x02, + 0x07, 0x53, 0x72, 0x48, 0x43, 0x73, 0x20, 0x60, 0x70, 0x73, + 0x47, 0x56, 0x07, 0x76, 0x36, 0x66, 0x72, 0x40, 0x83, 0x66, + 0x07, 0x11, 0x13, 0x16, 0x40, 0x45, 0x53, 0x58, 0x75, 0x21, + 0x83, 0x15, 0x36, 0x67, 0x65, 0x83, 0x32, 0x82, 0x54, 0x41, + 0x71, 0x61, 0x60, 0x74, 0x30, 0x16, 0x35, 0x81, 0x33, 0x35, + 0x16, 0x06, 0x13, 0x37, 0x36, 0x24, 0x57, 0x54, 0x43, 0x44, + 0x85, 0x74, 0x38, 0x11, 0x27, 0x23, 0x33, 0x41, 0x70, 0x36, + 0x52, 0x87, 0x42, 0x23, 0x31, 0x08, 0x01, 0x50, 0x17, 0x80, + 0x64, 0x46, 0x06, 0x50, 0x23, 0x20, 0x88, 0x85, 0x05, 0x24, + 0x68, 0x44, 0x36, 0x32, 0x20, 0x84, 0x55, 0x07, 0x23, 0x70, + 0x52, 0x14, 0x61, 0x17, 0x20, 0x03, 0x25, 0x58, 0x74, 0x24, + 0x71, 0x48, 0x20, 0x51, 0x25, 0x24, 0x53, 0x28, 0x15, 0x37, + 0x57, 0x00, 0x76, 0x05, 0x13, 0x52, 0x82, 0x43, 0x64, 0x10, + 0x51, 0x15, 0x37, 0x57, 0x41, 0x50, 0x64, 0x60, 0x08, 0x60, + 0x83, 0x83, 0x27, 0x22, 0x77, 0x54, 0x88, 0x26, 0x12, 0x10, + 0x00, 0x27, 0x65, 0x86, 0x04, 0x67, 0x82, 0x65, 0x42, 0x30, + 0x50, 0x10, 0x15, 0x35, 0x03, 0x12, 0x50, 0x00, 0x63, 0x50, + 0x53, 0x65, 0x21, 0x48, 0x03, 0x52, 0x36, 0x78, 0x06, 0x01, + 0x20, 0x80, 0x01, 0x52, 0x68, 0x26, 0x80, 0x67, 0x06, 0x08, + 0x11, 0x80, 0x80, 0x74, 0x68, 0x75, 0x13, 0x00, 0x80, 0x12, + 0x28, 0x28, 0x02, 0x53, 0x06, 0x04, 0x54, 0x70, 0x46, 0x00, + 0x62, 0x82, 0x44, 0x71, 0x45, 0x67, 0x82, 0x37, 0x17, 0x58, + 0x32, 0x04, 0x17, 0x34, 0x52, 0x08, 0x83, 0x25, 0x32, 0x23, + 0x46, 0x61, 0x37, 0x53, 0x12, 0x35, 0x14, 0x35, 0x82, 0x17, + 0x76, 0x82, 0x74, 0x51, 0x32, 0x85, 0x71, 0x01, 0x62, 0x28, + 0x28, 0x22, 0x23, 0x27, 0x54, 0x00, 0x86, 0x16, 0x88, 0x27, + 0x62, 0x38, 0x87, 0x67, 0x84, 0x74, 0x45, 0x45, 0x33, 0x06, + 0x21, 0x67, 0x81, 0x63, 0x07, 0x87, 0x55, 0x43, 0x08, 0x32, + 0x36, 0x66, 0x48, 0x00, 0x48, 0x75, 0x14, 0x14, 0x68, 0x43, + 0x57, 0x10, 0x46, 0x15, 0x87, 0x84, 0x15, 0x87, 0x18, 0x34, + 0x24, 0x10, 0x41, 0x77, 0x87, 0x01, 0x64, 0x33, 0x10, 0x83, + 0x10, 0x15, 0x43, 0x40, 0x00, 0x26, 0x72, 0x76, 0x01, 0x12, + 0x68, 0x33, 0x05, 0x42, 0x14, 0x70, 0x75, 0x65, 0x64, 0x03, + 0x03, 0x31, 0x66, 0x38, 0x14, 0x20, 0x42, 0x74, 0x02, 0x40, + 0x84, 0x64, 0x65, 0x45, 0x00, 0x41, 0x86, 0x66, 0x27, 0x06, + 0x56, 0x02, 0x17, 0x41, 0x76, 0x45, 0x66, 0x85, 0x25, 0x43, + 0x28, 0x21, 0x01, 0x62, 0x70, 0x50, 0x75, 0x00, 0x24, 0x21, + 0x65, 0x70, 0x54, 0x16, 0x33, 0x62, 0x14, 0x28, 0x64, 0x86, + 0x24, 0x70, 0x36, 0x46, 0x50, 0x60, 0x11, 0x32, 0x46, 0x86, + 0x07, 0x23, 0x70, 0x53, 0x01, 0x43, 0x80, 0x84, 0x41, 0x61, + 0x34, 0x10, 0x24, 0x57, 0x06, 0x51, 0x60, 0x22, 0x66, 0x88, + 0x25, 0x74, 0x72, 0x74, 0x64, 0x44, 0x27, 0x03, 0x10, 0x23, + 0x20, 0x16, 0x22, 0x35, 0x28, 0x32, 0x10, 0x73, 0x22, 0x26, + 0x31, 0x20, 0x57, 0x65, 0x71, 0x58, 0x14, 0x14, 0x08, 0x87, + 0x85, 0x80, 0x45, 0x83, 0x77, 0x55, 0x20, 0x34, 0x86, 0x72, + 0x10, 0x76, 0x76, 0x01, 0x16, 0x33, 0x40, 0x83, 0x32, 0x86, + 0x04, 0x03, 0x12, 0x78, 0x46, 0x10, 0x88, 0x10, 0x33, 0x76, + 0x83, 0x14, 0x01, 0x37, 0x62, 0x78, 0x43, 0x21, 0x27, 0x22, + 0x16, 0x22, 0x55, 0x00, 0x11, 0x74, 0x81, 0x28, 0x60, 0x78, + 0x74, 0x80, 0x81, 0x80, 0x63, 0x05, 0x51, 0x35, 0x34, 0x70, + 0x61, 0x02, 0x77, 0x47, 0x40, 0x47, 0x40, 0x87, 0x75, 0x06, + 0x26, 0x46, 0x53, 0x36, 0x14, 0x66, 0x10, 0x20, 0x43, 0x52, + 0x47, 0x08, 0x55, 0x26, 0x65, 0x53, 0x28, 0x41, 0x43, 0x11, + 0x61, 0x27, 0x16, 0x46, 0x31, 0x08, 0x71, 0x26, 0x27, 0x15, + 0x05, 0x06, 0x66, 0x57, 0x41, 0x31, 0x37, 0x03, 0x15, 0x68, + 0x08, 0x88, 0x63, 0x34, 0x01, 0x61, 0x01, 0x11, 0x58, 0x66, + 0x14, 0x22, 0x44, 0x40, 0x02, 0x66, 0x35, 0x37, 0x54, 0x44, + 0x67, 0x44, 0x08, 0x43, 0x70, 0x20, 0x45, 0x70, 0x38, 0x04, + 0x65, 0x61, 0x57, 0x32, 0x15, 0x12, 0x83, 0x31, 0x58, 0x46, + 0x28, 0x08, 0x86, 0x55, 0x12, 0x16, 0x21, 0x70, 0x50, 0x88, + 0x07, 0x34, 0x32, 0x61, 0x18, 0x50, 0x86, 0x03, 0x58, 0x41, + 0x43, 0x40, 0x76, 0x63, 0x37, 0x43, 0x71, 0x18, 0x23, 0x25, + 0x06, 0x71, 0x62, 0x47, 0x16, 0x12, 0x77, 0x84, 0x01, 0x70, + 0x85, 0x41, 0x07, 0x42, 0x80, 0x71, 0x26, 0x05, 0x85, 0x73, + 0x14, 0x38, 0x66, 0x31, 0x25, 0x67, 0x82, 0x07, 0x22, 0x73, + 0x23, 0x34, 0x61, 0x65, 0x45, 0x46, 0x74, 0x64, 0x34, 0x57, + 0x47, 0x72, 0x75, 0x34, 0x76, 0x11, 0x31, 0x61, 0x77, 0x57, + 0x68, 0x42, 0x18, 0x18, 0x37, 0x80, 0x06, 0x77, 0x71, 0x30, + 0x85, 0x42, 0x67, 0x56, 0x42, 0x70, 0x32, 0x53, 0x55, 0x48, + 0x40, 0x32, 0x37, 0x21, 0x35, 0x15, 0x45, 0x27, 0x85, 0x36, + 0x61, 0x73, 0x21, 0x26, 0x81, 0x83, 0x64, 0x84, 0x75, 0x75, + 0x54, 0x68, 0x84, 0x54, 0x75, 0x17, 0x10, 0x35, 0x13, 0x37, + 0x55, 0x11, 0x62, 0x44, 0x38, 0x38, 0x70, 0x45, 0x84, 0x73, + 0x78, 0x75, 0x22, 0x42, 0x34, 0x0C, 0x86, 0xF0, 0x92, 0x29, + 0xBC, 0x51, 0xBB, 0x69, 0x5E, 0x8A, 0x57, 0x55, 0x1E, 0xE8, + 0x00, 0xF7, 0x97, 0xC7, 0xF5, 0x35, 0xEA, 0xDC, 0x86, 0xD5, + 0x95, 0x70, 0x09, 0x28, 0x44, 0x93, 0x8B, 0xE1, 0xE2, 0xCE, + 0xA6, 0x37, 0xAC, 0x68, 0x94, 0x2E, 0xC5, 0xD3, 0xC9, 0x6D, + 0xAA, 0xF0, 0x46, 0x12, 0xC6, 0xA2, 0xC9, 0x84, 0xD1, 0xB2, + 0x80, 0x32, 0xC5, 0xBD, 0x41, 0x6D, 0x7C, 0xF8, 0x9C, 0xCA, + 0x1F, 0xE6, 0x25, 0xBA, 0xDD, 0x18, 0x3F, 0xAE, 0xC3, 0x12, + 0x39, 0xA6, 0xF5, 0xF1, 0xA0, 0x5A, 0xF7, 0x67, 0x4F, 0x5C, + 0xF1, 0x72, 0x60, 0x7D, 0xB5, 0xC1, 0x63, 0x9E, 0x4F, 0x96, + 0x93, 0x6F, 0x56, 0xD3, 0xE1, 0x98, 0xED, 0xA0, 0x3A, 0x5D, + 0x85, 0x3C, 0x65, 0x57, 0x12, 0x28, 0x17, 0x54, 0x4D, 0x50, + 0x1B, 0x3C, 0x93, 0x81, 0x05, 0x53, 0x79, 0xFD, 0x1C, 0xC0, + 0x55, 0x1E, 0xC2, 0xC3, 0x5B, 0xE8, 0x10, 0xF3, 0x4D, 0x89, + 0x1C, 0x0A, 0xC9, 0xF9, 0x4E, 0x3D, 0x30, 0xF1, 0x52, 0xC3, + 0xE7, 0xE1, 0xF6, 0x59, 0xEC, 0xCF, 0xF6, 0x87, 0xA6, 0xAD, + 0xAD, 0x0A, 0x8A, 0x35, 0x84, 0xCB, 0x53, 0x7F, 0x4C, 0x5D, + 0xD2, 0xAD, 0xB4, 0xBE, 0x28, 0xC6, 0xCC, 0x35, 0xA8, 0x48, + 0x0A, 0xEA, 0xE9, 0x85, 0x89, 0xE6, 0xC1, 0xA2, 0x7E, 0x72, + 0x0F, 0xAF, 0xDC, 0xEA, 0x54, 0x4C, 0xF8, 0xA0, 0xB4, 0x4F, + 0x82, 0x6B, 0xEF, 0x7E, 0xC5, 0xFF, 0x82, 0x9D, 0xE7, 0x6D, + 0x7A, 0x64, 0x3E, 0xF8, 0x9F, 0x67, 0x34, 0x3D, 0x72, 0xC4, + 0x6B, 0x5B, 0xE8, 0xE9, 0xBF, 0x7E, 0x3C, 0xC8, 0xB6, 0xF5, + 0xCA, 0x0D, 0x9A, 0x2E, 0x76, 0xDE, 0xC6, 0x34, 0xCA, 0xEC, + 0xBC, 0x07, 0x0D, 0x5A, 0x0C, 0xD3, 0x3C, 0xCE, 0xB0, 0x31, + 0x20, 0xD4, 0x7C, 0x4C, 0x49, 0x52, 0xBA, 0xD2, 0x3C, 0x25, + 0x36, 0xF1, 0x8A, 0x7F, 0x51, 0x0B, 0x3C, 0xAA, 0xE4, 0xD0, + 0xA8, 0x07, 0x6B, 0x7E, 0x2C, 0xE0, 0xF0, 0x4B, 0xDE, 0x00, + 0xD8, 0xD0, 0xD0, 0xA0, 0x2A, 0x2C, 0x5A, 0xB5, 0x84, 0x9A, + 0x8A, 0x7C, 0x40, 0x41, 0x0B, 0xF3, 0x78, 0x33, 0xBC, 0xC9, + 0x84, 0xCE, 0x0B, 0xA3, 0x2E, 0x53, 0x43, 0xA5, 0x04, 0x2E, + 0xD4, 0xA0, 0x88, 0x9B, 0x7C, 0xA1, 0xDD, 0xF4, 0xE9, 0x64, + 0xCB, 0x13, 0x72, 0x0F, 0xE6, 0x9D, 0x52, 0xDD, 0x17, 0xC3, + 0x80, 0xEE, 0xD0, 0xB2, 0xD3, 0x34, 0xDF, 0xEC, 0xDE, 0x52, + 0x5A, 0xFE, 0x0A, 0x1F, 0x51, 0x14, 0x92, 0x56, 0xEC, 0xA4, + 0x89, 0x8C, 0x4C, 0x0F, 0xAB, 0xB3, 0x67, 0x65, 0x24, 0xAF, + 0x68, 0x68, 0x01, 0xBD, 0xF7, 0x51, 0x6F, 0x58, 0x59, 0x47, + 0x04, 0xE1, 0x12, 0xD1, 0x51, 0x42, 0x98, 0x88, 0xFA, 0xFF, + 0x2D, 0xE3, 0xB8, 0xB1, 0xAE, 0xE3, 0x82, 0xDC, 0xB2, 0x3A, + 0x4F, 0x2F, 0xBC, 0x99, 0xCD, 0x47, 0xD9, 0xF0, 0x81, 0xAB, + 0xCE, 0x61, 0x0A, 0x03, 0xC2, 0xF4, 0x7A, 0x09, 0x2F, 0xD3, + 0x2C, 0xE2, 0x3E, 0xBE, 0xFA, 0xB7, 0x0C, 0xA7, 0x3D, 0xF3, + 0x1C, 0x46, 0x4C, 0xDC, 0x87, 0xCF, 0x11, 0x47, 0xB2, 0xDE, + 0x2E, 0x05, 0x2F, 0x9C, 0x40, 0x87, 0x67, 0xF6, 0xE1, 0x49, + 0x89, 0x9B, 0x3C, 0x52, 0x86, 0x4D, 0x6C, 0xC8, 0x45, 0x90, + 0xC9, 0x30, 0x09, 0x79, 0xB7, 0x5D, 0xFA, 0x74, 0x4C, 0x9D, + 0x3C, 0x8B, 0x3C, 0x90, 0xD0, 0x96, 0x59, 0xBD, 0x3E, 0x61, + 0xD5, 0xC6, 0xCF, 0x05, 0xD7, 0xD3, 0x0F, 0x8A, 0x6E, 0x79, + 0xBA, 0x85, 0x9C, 0x53, 0x83, 0x28, 0xDC, 0x2C, 0x06, 0xE3, + 0x10, 0x4B, 0xD9, 0xED, 0x4C, 0xEA, 0x28, 0x9C, 0x3B, 0xF9, + 0xB1, 0x6B, 0x91, 0xEA, 0xF5, 0x1B, 0x14, 0x6E, 0x6E, 0xBF, + 0xBC, 0xF4, 0x61, 0x5D, 0x0A, 0x9A, 0xC4, 0x29, 0xC7, 0x50, + 0x91, 0x6D, 0x6C, 0x5F, 0x5D, 0xB0, 0xBB, 0x5C, 0x2B, 0x40, + 0xFF, 0x75, 0x73, 0xE3, 0xB6, 0x52, 0x78, 0x32, 0x33, 0x91, + 0x00, 0x3B, 0xF1, 0x11, 0xA6, 0xBF, 0x9A, 0x1A, 0xD2, 0x0E, + 0xE2, 0xBB, 0xDF, 0x4F, 0x55, 0x7E, 0x45, 0x4A, 0x1E, 0x45, + 0x22, 0x42, 0xCA, 0x87, 0x63, 0x9E, 0x82, 0xB7, 0x67, 0xE8, + 0x2A, 0xDE, 0x3A, 0x2E, 0x61, 0xF1, 0x56, 0xA4, 0x63, 0x9F, + 0x32, 0xD8, 0xD0, 0xA4, 0xFB, 0xAE, 0xCF, 0x6C, 0xEC, 0x66, + 0x4D, 0xA7, 0xA4, 0xE1, 0x8C, 0x39, 0xFF, 0x2E, 0xA3, 0xDB, + 0x01, 0x67, 0xA4, 0x80, 0x03, 0x73, 0xA7, 0x9C, 0x6B, 0x51, + 0x57, 0x35, 0x0D, 0x1A, 0x44, 0xCD, 0x80, 0x06, 0xA5, 0x2F, + 0xA0, 0xF3, 0x65, 0x7A, 0xCB, 0x34, 0x58, 0xD3, 0xCF, 0xF7, + 0x28, 0xBC, 0xB9, 0x1C, 0xE2, 0x22, 0x6C, 0x1E, 0xE5, 0x0D, + 0x73, 0x1F, 0x8C, 0xA6, 0xF2, 0x94, 0x9B, 0xE5, 0xDA, 0xE3, + 0x9B, 0x1A, 0xE1, 0x5E, 0x9D, 0xE3, 0x6F, 0x0F, 0x29, 0x57, + 0xE4, 0x12, 0x32, 0xC1, 0x5C, 0xD3, 0xE8, 0xDE, 0xC1, 0x44, + 0x40, 0x9B, 0x59, 0x4F, 0xDD, 0x7E, 0xA4, 0x32, 0x8E, 0xE0, + 0x0D, 0xDC, 0x3F, 0x67, 0x7A, 0xA7, 0x52, 0x67, 0xF1, 0xA1, + 0xF5, 0x8C, 0xEF, 0xB5, 0xFC, 0x9E, 0x48, 0x39, 0xAC, 0xEF, + 0xE6, 0x7A, 0x58, 0xFB, 0xEF, 0x2B, 0xBE, 0x80, 0x09, 0x85, + 0x53, 0x5E, 0x9D, 0x9B, 0x07, 0x18, 0xE8, 0x44, 0x5A, 0xE3, + 0xDD, 0xE5, 0x17, 0xE7, 0x8C, 0x9A, 0x55, 0x51, 0x14, 0xD9, + 0x1C, 0x2D, 0x41, 0x00, 0xBC, 0x1F, 0x78, 0x85, 0x44, 0x38, + 0xC7, 0x59, 0x71, 0x69, 0x81, 0x2D, 0x7A, 0x27, 0x3B, 0xC2, + 0x65, 0x00, 0xAC, 0x47, 0x0D, 0x81, 0xF7, 0x81, 0x50, 0x97, + 0x69, 0x98, 0xE7, 0x55, 0x2E, 0x77, 0xA4, 0x43, 0x7B, 0xF0, + 0x27, 0xCC, 0xB5, 0xC9, 0x9E, 0xEB, 0x8E, 0x7F, 0xE0, 0x7F, + 0xE7, 0x0A, 0x3B, 0xDF, 0x40, 0x3D, 0x5F, 0x43, 0xA4, 0x20, + 0x11, 0x06, 0x8C, 0xC9, 0x8D, 0xCA, 0xAD, 0xDD, 0xED, 0xD4, + 0x0F, 0xCA, 0xA2, 0xA5, 0x04, 0x8B, 0x59, 0x13, 0xBE, 0xE9, + 0xC2, 0x38, 0x23, 0x26, 0x64, 0x29, 0x08, 0xF6, 0xC2, 0xD0, + 0x92, 0x02, 0x6B, 0x45, 0x05, 0x53, 0xF0, 0xC6, 0xC6, 0x6C, + 0xB7, 0xDE, 0x94, 0xDE, 0x74, 0x5F, 0x24, 0x43, 0x85, 0x94, + 0x6F, 0x5B, 0xFC, 0xD8, 0x12, 0xC6, 0xF7, 0xA8, 0xF0, 0x15, + 0x4B, 0x05, 0x08, 0xD0, 0x49, 0xD0, 0xB5, 0xEB, 0x39, 0x67, + 0xCC, 0xD0, 0x28, 0xD7, 0xF3, 0x13, 0xC7, 0xDA, 0x93, 0xEE, + 0x93, 0x33, 0xAB, 0x7C, 0x7F, 0x92, 0xBD, 0x23, 0xC1, 0x35, + 0x3B, 0x59, 0xEE, 0x55, 0xE7, 0x25, 0xAC, 0x79, 0x61, 0xEF, + 0xE7, 0x19, 0xEF, 0x26, 0xDF, 0x67, 0x04, 0xD0, 0x57, 0xBF, + 0x8A, 0x34, 0x66, 0x8A, 0xD0, 0xFF, 0x04, 0x76, 0xF4, 0x52, + 0x4F, 0xC1, 0xA0, 0xE5, 0x18, 0x13, 0x14, 0x9B, 0xC7, 0x93, + 0x14, 0xAA, 0xCE, 0x12, 0x1A, 0x28, 0x04, 0x4A, 0xC4, 0xC6, + 0x32, 0x13, 0x38, 0xDA, 0x7D, 0x2A, 0x03, 0x00, 0x12, 0xB9, + 0x76, 0x33, 0x44, 0xFF, 0xEC, 0xC8, 0x7D, 0xFF, 0x01, 0x35, + 0xCF, 0xD0, 0x13, 0xEA, 0x7B, 0x54, 0x53, 0x44, 0x76, 0x8B, + 0xCB, 0x7E, 0xF1, 0xF5, 0x78, 0xEB, 0xEC, 0xE3, 0x11, 0xD8, + 0x29, 0xBB, 0x86, 0x1D, 0x98, 0xFB, 0xE6, 0x5E, 0x6E, 0xC2, + 0x29, 0xD6, 0x42, 0x8E, 0xE5, 0x8B, 0x1F, 0x11, 0x7E, 0x31, + 0x86, 0x4C, 0x21, 0x3E, 0x15, 0xD8, 0xE9, 0x3B, 0x32, 0x3D, + 0x1E, 0x59, 0xC5, 0x90, 0xF9, 0xFE, 0x8A, 0xF1, 0xCF, 0x51, + 0x26, 0x6A, 0xBD, 0xEB, 0xDC, 0x61, 0x4F, 0x39, 0x82, 0x17, + 0xB6, 0x48, 0x36, 0x01, 0xD7, 0xFE, 0x84, 0x28, 0x7A, 0x4E, + 0xC7, 0x85, 0x5A, 0x67, 0xDF, 0xAC, 0xD2, 0xC3, 0xFD, 0x43, + 0x5A, 0x5E, 0xFB, 0x27, 0x94, 0x86, 0x39, 0x57, 0xC1, 0xC3, + 0xB8, 0xB9, 0x6C, 0x42, 0x76, 0xCC, 0xF7, 0x92, 0xCC, 0xB4, + 0x66, 0xD7, 0x96, 0x36, 0xE6, 0x00, 0xCA, 0xE9, 0x1D, 0xDF, + 0xBB, 0x50, 0xF5, 0xCF, 0x19, 0xCF, 0x5D, 0x51, 0x79, 0xE2, + 0xE5, 0x97, 0xEC, 0xB0, 0x31, 0xC6, 0xE7, 0x85, 0xB2, 0x5F, + 0x2D, 0xB2, 0x19, 0x41, 0x9A, 0x2F, 0xB3, 0x77, 0xB9, 0x55, + 0xFE, 0x58, 0x66, 0xE9, 0x36, 0x28, 0x07, 0x02, 0xEC, 0xAA, + 0xD7, 0xC6, 0x7F, 0x86, 0x22, 0xF6, 0x4A, 0x99, 0x42, 0xD8, + 0x4E, 0xFC, 0x39, 0x18, 0xCE, 0x97, 0xF2, 0xE7, 0xCE, 0x58, + 0xB2, 0x4B, 0x4C, 0x84, 0x74, 0x60, 0xC1, 0xF8, 0x6C, 0xDD, + 0x81, 0x4D, 0x42, 0x8D, 0x3C, 0x90, 0x25, 0x3D, 0xF8, 0xCE, + 0x86, 0xEA, 0x44, 0x54, 0xE1, 0xB0, 0x62, 0x37, 0x6C, 0xE0, + 0x9B, 0xFC, 0x55, 0x7D, 0x71, 0x9E, 0x94, 0x82, 0xD4, 0x62, + 0x6B, 0x8A, 0x1C, 0xA4, 0xF1, 0x1E, 0x07, 0x3D, 0xF8, 0xB8, + 0x57, 0xAF, 0x40, 0x35, 0xDF, 0x8B, 0x37, 0x24, 0xDC, 0x67, + 0x35, 0x5B, 0x65, 0x66, 0x2C, 0x0D, 0x41, 0x40, 0x8A, 0xB1, + 0xE2, 0xFA, 0x8D, 0x3D, 0x23, 0xA6, 0x15, 0xDF, 0x5C, 0x88, + 0xA2, 0x40, 0xE0, 0x7C, 0xF1, 0x33, 0x39, 0x9B, 0xC7, 0x7E, + 0xD5, 0xC1, 0xA8, 0x21, 0x6B, 0xB4, 0x9C, 0x9E, 0xE1, 0x7A, + 0xAE, 0xDC, 0x30, 0x40, 0x54, 0x66, 0xA0, 0x60, 0xA0, 0x73, + 0xF9, 0x7D, 0xA1, 0xCC, 0x51, 0x33, 0x2C, 0x2E, 0x16, 0xA2, + 0x87, 0x98, 0x70, 0x43, 0xCF, 0x40, 0x09, 0x0D, 0xC2, 0x6E, + 0x20, 0xEF, 0xED, 0xE3, 0xDE, 0xF3, 0x35, 0x01, 0xB3, 0x21, + 0xC0, 0x37, 0x44, 0xB9, 0xE8, 0xDB, 0x4A, 0xD1, 0x7E, 0x7E, + 0x9F, 0x3D, 0xFE, 0x3A, 0xEF, 0x86, 0xD5, 0x4C, 0x4A, 0x03, + 0x6C, 0xFE, 0x0F, 0x76, 0x7B, 0xB2, 0xE5, 0x99, 0xAE, 0x34, + 0x34, 0xF9, 0x47, 0x97, 0x0F, 0x59, 0x24, 0xCD, 0xB1, 0x74, + 0x8D, 0xC8, 0x8A, 0x5D, 0x0A, 0xD6, 0x78, 0xA4, 0x9D, 0x10, + 0x87, 0xA7, 0xD4, 0x2B, 0x19, 0xA4, 0x45, 0x1F, 0xE9, 0x5D, + 0x6D, 0x14, 0x4D, 0xA0, 0x5E, 0x01, 0x64, 0xEE, 0x12, 0x89, + 0xD0, 0x77, 0xCC, 0x88, 0x5B, 0x00, 0x77, 0xE1, 0x09, 0xE6, + 0x32, 0x6A, 0xDF, 0x14, 0xE3, 0x2F, 0xF7, 0x14, 0x2A, 0x89, + 0x54, 0x4B, 0x07, 0xD9, 0x04, 0x3A, 0xFE, 0x22, 0xF2, 0x81, + 0x19, 0x92, 0x69, 0x70, 0xF7, 0x29, 0x2B, 0x5C, 0x74, 0x99, + 0x20, 0xF9, 0xEE, 0x69, 0x1C, 0xA5, 0x7E, 0x44, 0xBC, 0xEC, + 0x88, 0xBB, 0x0D, 0xC8, 0xAD, 0xE5, 0x47, 0x82, 0x9D, 0x9E, + 0xCF, 0xAD, 0x3B, 0x7F, 0xDD, 0xE8, 0x4C, 0x79, 0xDB, 0x1A, + 0xA5, 0x39, 0x76, 0x6F, 0x99, 0x6B, 0x32, 0x24, 0xAC, 0x39, + 0xEA, 0x98, 0x81, 0xA7, 0x9F, 0xD0, 0x10, 0x4C, 0xA7, 0xA5, + 0x39, 0x1D, 0x30, 0x05, 0xFA, 0xB7, 0xF7, 0x0A, 0x0D, 0xBA, + 0x8C, 0xA0, 0x90, 0xB1, 0x4A, 0x75, 0x17, 0x2C, 0x87, 0xBA, + 0x27, 0x41, 0x7F, 0xA5, 0xCF, 0x0B, 0xA4, 0x3B, 0x5F, 0xB6, + 0xCC, 0x6F, 0x0A, 0x0A, 0x25, 0x04, 0x67, 0xF5, 0x92, 0x7F, + 0xD2, 0xF6, 0x6A, 0xAF, 0xB2, 0x43, 0x93, 0xCB, 0x92, 0x7D, + 0xA6, 0xB4, 0x52, 0xBF, 0x76, 0x5A, 0xC2, 0xFB, 0xC1, 0x12, + 0xEB, 0x94, 0xC2, 0x49, 0x4C, 0x9C, 0x0B, 0x93, 0x0E, 0x68, + 0x83, 0x78, 0xA3, 0x72, 0xFE, 0xE9, 0x00, 0x65, 0x57, 0x55, + 0x07, 0xFA, 0xB8, 0xCF, 0x8E, 0xCF, 0x8E, 0xCF, 0x44, 0x01, + 0x4D, 0xDF, 0x66, 0x7E, 0x64, 0xE1, 0x1B, 0x19, 0x5C, 0x12, + 0xDD, 0x8E, 0x23, 0x68, 0x2B, 0xF0, 0xD3, 0xF5, 0x7A, 0x91, + 0x47, 0x5C, 0xE3, 0xF0, 0x85, 0x41, 0xD8, 0x9A, 0xFF, 0x24, + 0x26, 0x21, 0x6B, 0xA1, 0x6E, 0x62, 0x12, 0xFD, 0xD3, 0xD8, + 0x36, 0x5B, 0xCC, 0xB0, 0x59, 0x4F, 0x0C, 0x5A, 0xD6, 0x5B, + 0x11, 0xA6, 0x65, 0xB1, 0x3F, 0x0A, 0x96, 0xD2, 0x31, 0x00, + 0x9D, 0xD5, 0x73, 0x86, 0xE8, 0x82, 0x11, 0xFB, 0x71, 0x4B, + 0x92, 0xA1, 0x3E, 0x39, 0x6C, 0x42, 0x51, 0x2F, 0x69, 0x69, + 0x56, 0xC2, 0xED, 0xE3, 0x2E, 0x9F, 0xFD, 0x88, 0xC6, 0xA9, + 0xAC, 0xDC, 0xB9, 0xA6, 0x36, 0x57, 0xBD, 0x15, 0xF0, 0xE1, + 0x36, 0xEE, 0x90, 0xB0, 0xBD, 0x27, 0xED, 0xCB, 0x29, 0xBB, + 0x0C, 0x83, 0xB0, 0x18, 0x42, 0x36, 0x18, 0x98, 0x28, 0x0F, + 0xFC, 0xB0, 0x2A, 0xD5, 0x72, 0x10, 0x5A, 0x1A, 0x58, 0xE5, + 0x95, 0xA7, 0x86, 0x19, 0xAC, 0x92, 0xAD, 0x21, 0x53, 0x67, + 0x2E, 0x66, 0x59, 0xB0, 0x03, 0xF4, 0xE1, 0x29, 0x79, 0x0A, + 0xAA, 0x9D, 0x2D, 0x61, 0xC2, 0xE7, 0x36, 0x2D, 0x8B, 0x22, + 0x3E, 0x3D, 0x9F, 0xD8, 0xE3, 0x34, 0xD9, 0x47, 0x3C, 0x2E, + 0x9A, 0x97, 0x4F, 0x9F, 0x8E, 0x9A, 0xEA, 0x18, 0x2A, 0x8C, + 0xD5, 0x0D, 0x1A, 0xA1, 0x27, 0xBB, 0x95, 0xF2, 0xDF, 0xA5, + 0xB2, 0x7F, 0xFD, 0x8D, 0xC4, 0xB1, 0xA7, 0xFD, 0xA5, 0x82, + 0x78, 0x04, 0xFA, 0x92, 0xD1, 0x54, 0x0A, 0x40, 0x0D, 0x59, + 0x36, 0xC3, 0x16, 0x1D, 0xE7, 0xF8, 0x88, 0xBF, 0xE6, 0x74, + 0xD8, 0x26, 0xFC, 0x77, 0x4D, 0x3D, 0x68, 0xD6, 0x37, 0x0C, + 0x0F, 0x5A, 0xC5, 0x47, 0x02, 0x90, 0x7A, 0x5A, 0x96, 0x79, + 0x69, 0x30, 0x4F, 0xD5, 0xAA, 0x60, 0x3D, 0xE7, 0x5D, 0x09, + 0x41, 0x54, 0x06, 0xC2, 0xCA, 0xD5, 0xB8, 0xFB, 0x12, 0x15, + 0x22, 0x0E, 0x49, 0x8C, 0xD9, 0xB4, 0x3C, 0x36, 0x7C, 0xCB, + 0x3C, 0xFA, 0x97, 0xF4, 0x1C, 0xCF, 0x49, 0x81, 0x96, 0xF3, + 0x5E, 0xC8, 0x43, 0xB9, 0x28, 0xD6, 0xE9, 0x3D, 0x9E, 0xB3, + 0x4C, 0xE5, 0x87, 0x23, 0xDD, 0xC9, 0x93, 0x69, 0x3E, 0x5F, + 0x3B, 0xB6, 0xA8, 0x11, 0x3F, 0x70, 0x10, 0x3E, 0x13, 0xCF, + 0x69, 0x89, 0xAB, 0x58, 0xB0, 0x68, 0x74, 0x68, 0x4A, 0x61, + 0x0A, 0x6E, 0xFE, 0xF0, 0xDA, 0xA1, 0x11, 0x67, 0xC1, 0x90, + 0xAB, 0xE7, 0x23, 0x69, 0x73, 0xD2, 0xF0, 0xD8, 0x6F, 0x09, + 0x22, 0x35, 0xA3, 0xBA, 0x3A, 0x80, 0x6B, 0x45, 0x90, 0x2F, + 0x17, 0x68, 0xF6, 0x0D, 0x52, 0x32, 0x51, 0x67, 0xDE, 0x70, + 0x88, 0x7B, 0x33, 0xF9, 0x2C, 0xE0, 0xE1, 0x0C, 0x56, 0x26, + 0xE6, 0x86, 0xD9, 0x80, 0x6E, 0xD0, 0x86, 0xF1, 0xC9, 0x1A, + 0x08, 0x94, 0x1E, 0x01, 0x72, 0x51, 0x04, 0x73, 0x47, 0xAE, + 0x6C, 0xFC, 0x16, 0x48, 0x73, 0x30, 0xCF, 0xC6, 0xBD, 0x6E, + 0x26, 0xF6, 0x9F, 0xAE, 0xF3, 0x3D, 0x39, 0x12, 0xF3, 0x39, + 0x00, 0x87, 0x10, 0x30, 0x83, 0xDC, 0x75, 0x38, 0x2B, 0x83, + 0x43, 0xAB, 0xC0, 0x56, 0x08, 0x6F, 0x54, 0x9E, 0xCD, 0x78, + 0x05, 0x86, 0x38, 0xFC, 0x95, 0x18, 0x76, 0xC0, 0x19, 0x5A, + 0xCA, 0xAF, 0xEB, 0x1E, 0x07, 0x1A, 0x35, 0x12, 0x63, 0xF8, + 0x3F, 0xC8, 0x7F, 0xCE, 0x0A, 0x13, 0xBD, 0x9A, 0x6D, 0x03, + 0x77, 0xE3, 0xB9, 0x04, 0x84, 0xCD, 0x37, 0x95, 0x39, 0x25, + 0xA8, 0x73, 0x06, 0x1F, 0x99, 0x15, 0xBA, 0xA8, 0xFA, 0x97, + 0x8B, 0x44, 0x69, 0x01, 0xB2, 0xE5, 0xD1, 0x0B, 0xD6, 0x09, + 0x37, 0x3D, 0x2E, 0x06, 0x51, 0xEC, 0x62, 0x4B, 0x34, 0x50, + 0x80, 0xB6, 0xA4, 0xA6, 0x16, 0x3B, 0x2A, 0xE7, 0x97, 0x1D, + 0xA9, 0x8D, 0xE1, 0x11, 0xCB, 0x7C, 0xD4, 0xF0, 0x85, 0x61, + 0x80, 0xC9, 0x6C, 0x4C, 0x9F, 0x85, 0x6F, 0xA7, 0xA5, 0x23, + 0x5D, 0x7B, 0xB5, 0x47, 0xA2, 0xCA, 0xDC, 0x5D, 0x0B, 0x62, + 0xBA, 0x61, 0x0E, 0xD4, 0xE2, 0xD6, 0x96, 0xDF, 0xE7, 0x5C, + 0x7F, 0xED, 0x4B, 0x9A, 0x7F, 0xDB, 0x7A, 0x6F, 0x4F, 0x4C, + 0x88, 0x94, 0x26, 0x86, 0xA9, 0x58, 0x09, 0xB0, 0xB3, 0x49, + 0x40, 0xD2, 0xF4, 0x35, 0xDB, 0x90, 0x32, 0x5D, 0xCB, 0x9D, + 0xE5, 0x03, 0x8D, 0x97, 0x13, 0x8C, 0x2C, 0xEF, 0x16, 0x5B, + 0x47, 0x3E, 0xDD, 0x9D, 0x00, 0x45, 0x9D, 0x43, 0xB1, 0xC0, + 0x65, 0x36, 0x87, 0xE2, 0x72, 0x84, 0x70, 0xE4, 0x40, 0x2E, + 0xD3, 0x47, 0x19, 0xCD, 0x13, 0x57, 0x4D, 0x1F, 0xD6, 0x64, + 0x38, 0x5A, 0x14, 0xFA, 0xCE, 0xF0, 0x9E, 0x23, 0xF6, 0xA7, + 0x3E, 0x24, 0xBD, 0x03, 0xD4, 0x94, 0xFD, 0x9F, 0x91, 0x6F, + 0x04, 0x99, 0x57, 0xBA, 0x04, 0x6B, 0x7D, 0xFA, 0xB8, 0x69, + 0xC0, 0xCF, 0x95, 0x42, 0x29, 0xD7, 0x2A, 0x6D, 0x63, 0xC4, + 0x45, 0x14, 0x7B, 0xE9, 0x5E, 0x0B, 0x55, 0x54, 0x9C, 0x8D, + 0x7C, 0x65, 0x62, 0x33, 0xD2, 0x3B, 0xC6, 0xD1, 0xD3, 0xEB, + 0xBA, 0xA8, 0xE3, 0xEA, 0xBB, 0x73, 0xAF, 0x52, 0xFE, 0xB9, + 0x91, 0xD2, 0x34, 0xEA, 0xE9, 0x87, 0x62, 0x90, 0xA0, 0x7C, + 0x96, 0x73, 0x59, 0x0D, 0x7C, 0x25, 0x68, 0x34, 0xAF, 0x4B, + 0xCF, 0xE4, 0x78, 0xC0, 0xFF, 0x26, 0x6A, 0x42, 0xE0, 0xF4, + 0xEC, 0x1E, 0xA5, 0x05, 0xEE, 0xED, 0x4E, 0x68, 0xA4, 0x0B, + 0x3C, 0xF6, 0x7A, 0x41, 0x53, 0xE6, 0xCA, 0x1B, 0x1F, 0x8B, + 0xE4, 0xEA, 0xD2, 0x66, 0x40, 0xEF, 0x83, 0x74, 0xB3, 0x0C, + 0x6E, 0x66, 0x00, 0xF3, 0xE6, 0x94, 0xC3, 0x0B, 0x60, 0xFB, + 0x15, 0x7F, 0x39, 0x85, 0x60, 0x5F, 0xBF, 0xA8, 0x94, 0x45, + 0x86, 0x3F, 0xD4, 0x54, 0xC5, 0xA3, 0xE9, 0x51, 0x18, 0x51, + 0x40, 0x64, 0xFD, 0xEB, 0x9B, 0x11, 0x33, 0x8C, 0xDD, 0x9B, + 0xC8, 0xB2, 0xD7, 0x44, 0x2C, 0x56, 0xB0, 0x81, 0xEA, 0x0C, + 0x0B, 0x9F, 0xF7, 0x1D, 0x9C, 0x27, 0xD6, 0x76, 0x80, 0x01, + 0x68, 0xC2, 0xA8, 0x69, 0x80, 0x5E, 0xE8, 0x93, 0x32, 0xA0, + 0xB1, 0x43, 0x35, 0xE6, 0x73, 0x9E, 0x69, 0x60, 0xC8, 0x31, + 0x69, 0xE0, 0xAF, 0xFD, 0xD2, 0xE9, 0x25, 0x9E, 0x3D, 0xDA, + 0x66, 0xE6, 0xD7, 0x8E, 0xDB, 0x68, 0x04, 0xB0, 0xFE, 0x04, + 0xF8, 0x72, 0x01, 0x0B, 0xE1, 0x66, 0xC4, 0xA0, 0xE4, 0xF7, + 0xF3, 0x6E, 0x91, 0x60, 0xAD, 0x53, 0xE7, 0x9D, 0xBC, 0x6A, + 0xDF, 0x47, 0x8D, 0x25, 0x9F, 0xB3, 0x60, 0x6C, 0x87, 0x5C, + 0x60, 0x00, 0x98, 0xE3, 0x4A, 0x96, 0xA5, 0xAF, 0x1F, 0x96, + 0x0B, 0x96, 0x4F, 0xC6, 0x54, 0x1F, 0x48, 0x67, 0xC7, 0xA4, + 0x6E, 0xC0, 0x82, 0x8C, 0x43, 0x0D, 0x8D, 0x10, 0x84, 0x48, + 0xEA, 0x46, 0xF2, 0x15, 0x85, 0x70, 0x5A, 0x8F, 0x76, 0xD7, + 0x37, 0x82, 0xE4, 0x07, 0x09, 0x4D, 0xB7, 0xCF, 0xA3, 0xAA, + 0xE8, 0xD7, 0x3C, 0x8B, 0xE4, 0x86, 0xD4, 0xA9, 0xC9, 0x30, + 0x9A, 0xCE, 0xE4, 0x7B, 0x0C, 0x17, 0xC6, 0x2E, 0x4E, 0x4A, + 0x7C, 0x4E, 0xB3, 0xAD, 0xE3, 0x93, 0x8A, 0x31, 0x11, 0x2D, + 0x43, 0xBE, 0x02, 0x8D, 0x5C, 0xEA, 0x7D, 0x9A, 0x08, 0xAB, + 0x3D, 0x70, 0x84, 0x4F, 0x8F, 0xB0, 0x77, 0x02, 0x99, 0x85, + 0x62, 0x93, 0x71, 0x4C, 0xCD, 0x7A, 0xD1, 0x75, 0xD1, 0xBB, + 0x2A, 0xC9, 0x54, 0xBF, 0xDA, 0xF1, 0x70, 0xE9, 0xEF, 0x8D, + 0x08, 0x66, 0xE9, 0xD6, 0xE3, 0x6F, 0x4B, 0x99, 0xEB, 0x44, + 0x51, 0x12, 0xEE, 0x21, 0x34, 0xE1, 0xD1, 0x3A, 0x4D, 0x17, + 0xEF, 0xE7, 0x7F, 0x48, 0xD7, 0x35, 0x45, 0x05, 0xF0, 0x0E, + 0xFF, 0x32, 0xB5, 0x20, 0xF5, 0x19, 0xCF, 0x5A, 0x0E, 0xD8, + 0x2C, 0x85, 0x42, 0xF2, 0x60, 0xD0, 0xA1, 0x49, 0xD6, 0xEE, + 0x14, 0x3B, 0x2F, 0xCD, 0x0B, 0x2D, 0x8F, 0x11, 0x68, 0xF2, + 0x97, 0x22, 0xFF, 0x88, 0x76, 0x48, 0xF8, 0x3A, 0x10, 0x0F, + 0x66, 0x26, 0x73, 0x60, 0x68, 0x91, 0xEE, 0x54, 0xE2, 0xC8, + 0x04, 0xFB, 0xCD, 0x3E, 0xEB, 0x07, 0x84, 0xA1, 0x7A, 0x93, + 0x1B, 0x4A, 0xD7, 0xB6, 0xB2, 0x0E, 0xE4, 0x79, 0x1C, 0xB0, + 0x77, 0x1D, 0x86, 0x1D, 0x99, 0x9A, 0x40, 0x6F, 0x3E, 0x30, + 0xCD, 0xA1, 0xC2, 0x74, 0x55, 0x56, 0x1E, 0xE2, 0x05, 0x04, + 0x10, 0xDB, 0x88, 0xF6, 0xE3, 0x2E, 0x58, 0xF3, 0x35, 0x6E, + 0x05, 0x6B, 0xA9, 0x4F, 0x42, 0x9E, 0x8D, 0xA8, 0x99, 0x7F, + 0x15, 0x63, 0x41, 0x27, 0x81, 0xE7, 0x73, 0xDE, 0x1F, 0x0B, + 0x9B, 0xFE, 0xDF, 0x5E, 0xC7, 0x06, 0x8E, 0x33, 0x20, 0x19, + 0xA3, 0xFB, 0x9B, 0xD9, 0xA0, 0xBE, 0x5F, 0x44, 0x45, 0x1A, + 0x9C, 0x11, 0xAA, 0x6A, 0x8F, 0xA0, 0x20, 0x02, 0xCC, 0xBC, + 0xC9, 0xD9, 0x09, 0x46, 0x00, 0xF3, 0x50, 0xDC, 0x21, 0xEF, + 0xBB, 0x35, 0x18, 0xD7, 0x2A, 0x3A, 0x0F, 0x0D, 0x7D, 0x5F, + 0x1B, 0x57, 0xB0, 0x34, 0xFB, 0x55, 0xBD, 0xE9, 0x72, 0xBD, + 0x46, 0xBF, 0x90, 0x0D, 0xB0, 0xEE, 0x7D, 0x57, 0xB6, 0x4D, + 0x82, 0xB0, 0xD8, 0x27, 0xCC, 0xFC, 0xEB, 0xE9, 0x3C, 0x7B, + 0x98, 0xF3, 0x95, 0x15, 0xA6, 0xBE, 0x64, 0x77, 0x7D, 0x50, + 0xC0, 0x68, 0x09, 0x7D, 0x8F, 0x18, 0xEE, 0xB6, 0x76, 0xFF, + 0x0E, 0x87, 0xE3, 0xAE, 0x59, 0xD2, 0x27, 0xBA, 0x0A, 0xC2, + 0x96, 0x96, 0x5C, 0x2B, 0x93, 0x30, 0x36, 0x36, 0x7F, 0x70, + 0x82, 0xB3, 0x5C, 0x2C, 0x42, 0xD5, 0xFE, 0xDB, 0xC5, 0x58, + 0xA0, 0x71, 0xAB, 0x17, 0x06, 0x10, 0x0F, 0x49, 0x19, 0x42, + 0x65, 0x29, 0x22, 0xC4, 0x69, 0x58, 0xA8, 0xE1, 0xA9, 0xB3, + 0x51, 0xBA, 0x9B, 0xAD, 0x03, 0xE8, 0xCB, 0x34, 0xFF, 0x24, + 0x47, 0x9A, 0x1E, 0x0F, 0xFC, 0x1F, 0xE7, 0xDE, 0x68, 0x33, + 0xA4, 0x54, 0xBE, 0xF0, 0x7D, 0x16, 0x3C, 0x27, 0x79, 0x1F, + 0x24, 0x24, 0xEF, 0x41, 0xB8, 0xA7, 0x25, 0xC3, 0xE8, 0x93, + 0xF5, 0x9F, 0xC3, 0x3B, 0x08, 0xDE, 0xF0, 0x54, 0xF5, 0xE7, + 0x79, 0x71, 0x1F, 0x89, 0x7A, 0xA9, 0xB0, 0x47, 0xCA, 0x53, + 0x3C, 0xD2, 0xA8, 0xB7, 0x5C, 0xF5, 0xDD, 0xD4, 0x07, 0x6E, + 0xA5, 0xAB, 0x66, 0x91, 0x5B, 0x44, 0x91, 0xA7, 0x1F, 0x05, + 0xB1, 0x3D, 0x79, 0xEC, 0x9D, 0x12, 0x14, 0xF7, 0xEC, 0x46, + 0xEA, 0x51, 0x2A, 0xC8, 0xBD, 0x3C, 0xCB, 0xAE, 0x1D, 0x07, + 0x6D, 0xE2, 0x85, 0xB0, 0xC4, 0xAB, 0x42, 0x52, 0xD4, 0x1C, + 0x89, 0x1D, 0xDE, 0x5A, 0x5A, 0x20, 0x21, 0x19, 0x8C, 0xF8, + 0xD2, 0xF1, 0x25, 0x88, 0x79, 0xAF, 0x8F, 0x8E, 0xF0, 0xC5, + 0x35, 0x05, 0x15, 0x88, 0x04, 0x5C, 0x2F, 0xB3, 0xD2, 0x07, + 0x2F, 0x1B, 0x5D, 0x68, 0x71, 0x91, 0x94, 0x8C, 0xCE, 0x11, + 0x30, 0xA6, 0x48, 0x21, 0x2E, 0xE8, 0x52, 0xBE, 0xD0, 0xB3, + 0x8E, 0x4C, 0x16, 0xEB, 0x04, 0x6C, 0x45, 0x92, 0x08, 0xD4, + 0x45, 0x97, 0x60, 0xC6, 0xC5, 0x07, 0x4D, 0x3D, 0xAA, 0x90, + 0xD7, 0xE8, 0xBF, 0xA1, 0x17, 0xDC, 0xBF, 0x5E, 0x18, 0x44, + 0xE5, 0x97, 0xBB, 0x33, 0x23, 0x87, 0x71, 0x05, 0x83, 0x17, + 0x00, 0x69, 0x9E, 0x8B, 0x59, 0x3A, 0x30, 0x1F, 0x8B, 0x11, + 0xBC, 0xB8, 0xF2, 0x1A, 0x3E, 0x5F, 0xDB, 0x02, 0xE8, 0x05, + 0x73, 0xF9, 0x58, 0xE9, 0x8E, 0xB8, 0x62, 0xF4, 0x63, 0x70, + 0x7E, 0x46, 0xED, 0x51, 0xAB, 0x92, 0x66, 0x81, 0x06, 0xAC, + 0xC9, 0x3F, 0xCC, 0xB1, 0xF9, 0x38, 0x7C, 0xCB, 0x75, 0x85, + 0x65, 0x1D, 0x2B, 0x09, 0xF0, 0xB8, 0x10, 0x4B, 0xA7, 0xF1, + 0x2D, 0x99, 0xFB, 0xC5, 0xEA, 0xEA, 0xCE, 0x25, 0x5A, 0xFA, + 0x97, 0xF1, 0x1E, 0x70, 0x23, 0xB9, 0xA6, 0x79, 0x98, 0xEC, + 0x0D, 0xCE, 0x96, 0x0C, 0xB0, 0xF5, 0x50, 0x21, 0xB9, 0xF7, + 0x88, 0xAB, 0x40, 0x7E, 0xE8, 0x4A, 0xA4, 0x2C, 0x02, 0xED, + 0x83, 0xAB, 0x68, 0xDA, 0x21, 0x4D, 0x1C, 0x2A, 0xEB, 0xF9, + 0xD5, 0x5F, 0xB1, 0xDC, 0xFA, 0x75, 0xA3, 0x7D, 0xC6, 0x84, + 0x80, 0x73, 0xE8, 0xCE, 0x64, 0x11, 0xDE, 0x1B, 0x75, 0x9F, + 0xDD, 0xFB, 0xFE, 0x82, 0xA2, 0xE0, 0x45, 0xA3, 0xD4, 0x2C, + 0x46, 0xD0, 0xC6, 0x45, 0x5F, 0x1B, 0xD6, 0x93, 0x20, 0xAE, + 0xA4, 0x62, 0xDE, 0xB4, 0x24, 0xAD, 0x73, 0xD9, 0x46, 0x8D, + 0x4B, 0x6D, 0xF9, 0x49, 0xA9, 0xB5, 0x43, 0xDA, 0x34, 0xDD, + 0x72, 0x68, 0xB4, 0x82, 0x1B, 0x54, 0xA9, 0xC6, 0x0E, 0xB4, + 0x25, 0x0C, 0xDC, 0x97, 0x5F, 0xAB, 0x20, 0xFB, 0x4D, 0x33, + 0x15, 0xD1, 0xC3, 0x15, 0x27, 0xC4, 0x3A, 0x06, 0xE3, 0x72, + 0xD4, 0xF8, 0xFD, 0xB3, 0xE8, 0x04, 0x59, 0xBC, 0xAB, 0xA3, + 0x43, 0xBE, 0x60, 0x34, 0x09, 0x53, 0x78, 0x64, 0x9C, 0x8C, + 0x72, 0xE4, 0x74, 0x62, 0x83, 0x2D, 0xB1, 0xA9, 0x67, 0xEC, + 0x80, 0x92, 0x43, 0x94, 0x2E, 0x4B, 0xCE, 0x40, 0x16, 0xA5, + 0xD4, 0x1C, 0xE9, 0x5B, 0xF6, 0x47, 0x70, 0x55, 0x7B, 0x16, + 0xF1, 0x96, 0x29, 0x4F, 0x77, 0x83, 0x39, 0x80, 0x46, 0xD0, + 0x67, 0x96, 0x32, 0x22, 0xBC, 0x8A, 0x9E, 0x3B, 0xC3, 0xC1, + 0xD6, 0x8D, 0x0B, 0x35, 0xE3, 0x61, 0x27, 0x54, 0xEA, 0x6C, + 0x9B, 0x75, 0x8C, 0x58, 0x2A, 0x90, 0x9E, 0x28, 0xBC, 0xD8, + 0xAE, 0xBD, 0xDD, 0xA0, 0x7A, 0xE4, 0x2A, 0x11, 0xFE, 0xAA, + 0x7C, 0x64, 0x53, 0x69, 0x7B, 0xC9, 0xBB, 0xBB, 0xF3, 0x0A, + 0xE9, 0xAD, 0x44, 0x14, 0xD0, 0x2D, 0x82, 0x20, 0x3C, 0x82, + 0xBB, 0x03, 0x54, 0x54, 0x97, 0xEF, 0x86, 0xD3, 0xC8, 0xEB, + 0x37, 0x7D, 0x3A, 0xF4, 0x2E, 0xDE, 0x5F, 0x80, 0xB1, 0xBE, + 0xCC, 0x27, 0xA8, 0xD5, 0x0C, 0xB6, 0x69, 0xEF, 0xAC, 0x6A, + 0x50, 0x19, 0x68, 0xCA, 0xB2, 0x9F, 0x8E, 0x1E, 0x2B, 0x64, + 0x94, 0xA2, 0x8A, 0x32, 0x82, 0x4B, 0x6B, 0x4A, 0xB8, 0xF3, + 0x7D, 0xF0, 0xAC, 0xF0, 0x33, 0xFC, 0x2A, 0x3A, 0x93, 0x2B, + 0xF0, 0xE7, 0xB2, 0x73, 0x75, 0xB8, 0x89, 0xD9, 0x25, 0xA5, + 0xD1, 0x8C, 0x8E, 0x57, 0x49, 0x86, 0x58, 0x36, 0x76, 0xAA, + 0xE7, 0x4C, 0x76, 0x08, 0x7F, 0xFC, 0x9E, 0xF2, 0xC5, 0xB5, + 0xF3, 0xFD, 0xF2, 0xB3, 0x3B, 0x76, 0x29, 0xDB, 0x9B, 0x3B, + 0xA1, 0x09, 0xA9, 0x38, 0x5E, 0xE8, 0xC4, 0x9F, 0x88, 0x53, + 0x2E, 0xFB, 0x52, 0xBB, 0x3B, 0x2B, 0xE1, 0xE1, 0x28, 0x26, + 0x88, 0x14, 0x09, 0xF1, 0xCC, 0x98, 0xD9, 0xA4, 0x0C, 0xA0, + 0x54, 0xD0, 0xB7, 0x3C, 0x8C, 0xE9, 0x4F, 0x64, 0xCB, 0xBE, + 0xA5, 0x06, 0xAE, 0x27, 0xF0, 0x37, 0xB2, 0x60, 0x27, 0x9A, + 0x93, 0x67, 0xB2, 0x39, 0x54, 0x95, 0xA8, 0x6E, 0x93, 0x6C, + 0x09, 0x6C, 0xFF, 0xA1, 0xC2, 0x99, 0x66, 0x0A, 0x01, 0x2A, + 0x8C, 0x2D, 0x9C, 0x23, 0x0B, 0x19, 0x4E, 0xA1, 0x3E, 0x43, + 0x42, 0x1A, 0x72, 0x11, 0xAC, 0x92, 0x56, 0x32, 0xD4, 0xFE, + 0x5A, 0x0E, 0xDF, 0xEB, 0x7B, 0x1F, 0x61, 0x9B, 0xDA, 0x3C, + 0x2E, 0xAE, 0xFF, 0x12, 0x11, 0x3E, 0xB2, 0xC3, 0xAE, 0xD1, + 0xD9, 0xB2, 0xE8, 0xD5, 0x9E, 0x85, 0xA4, 0xF1, 0x49, 0x06, + 0x16, 0x73, 0xCA, 0x65, 0x3A, 0x2D, 0x51, 0x38, 0xBA, 0x37, + 0xF3, 0xCF, 0xDC, 0xDF, 0x40, 0xF5, 0x5D, 0x39, 0x74, 0x60, + 0x15, 0xF5, 0xDC, 0x73, 0xE2, 0x48, 0xF2, 0x2A, 0x2C, 0x4F, + 0x26, 0xD2, 0x61, 0x5B, 0x31, 0xA0, 0xF4, 0xEA, 0x80, 0xAE, + 0xB2, 0x57, 0x81, 0x64, 0xD1, 0xFB, 0xE9, 0xA0, 0x3B, 0xB7, + 0xDE, 0x17, 0x42, 0x7B, 0xCD, 0xDE, 0xE4, 0xA3, 0x45, 0x5E, + 0x88, 0x29, 0x85, 0x26, 0xB7, 0xD6, 0xA4, 0xE9, 0x73, 0x9E, + 0x1D, 0x73, 0x92, 0xF4, 0xFF, 0x66, 0xA8, 0xB9, 0x1D, 0x25, + 0x1B, 0x12, 0xB2, 0x9E, 0x6E, 0xE1, 0xA8, 0xB5, 0x73, 0x64, + 0x0B, 0x8D, 0xDC, 0xE3, 0x2C, 0x60, 0x32, 0x82, 0x4E, 0x9C, + 0x47, 0x0B, 0x5E, 0x92, 0xF0, 0x21, 0x62, 0x50, 0x8E, 0x1A, + 0xE4, 0x2B, 0x4B, 0x6F, 0xB5, 0xDA, 0xAB, 0xAB, 0x4A, 0xBE, + 0xB6, 0x6F, 0x09, 0x3A, 0xF4, 0x67, 0x75, 0x07, 0xB1, 0xB1, + 0xAA, 0xAD, 0x16, 0x3F, 0x5B, 0xD1, 0xA3, 0x9F, 0xF5, 0x7F, + 0xA8, 0xEA, 0xC8, 0x8D, 0x5A, 0xA9, 0xF3, 0x7B, 0xE8, 0x83, + 0xDB, 0xB0, 0xA7, 0xFD, 0x2C, 0xA1, 0xD6, 0x39, 0xDE, 0x65, + 0x2C, 0xE3, 0x4F, 0xA5, 0x0E, 0x2D, 0x47, 0xA0, 0x32, 0x8A, + 0x1F, 0x55, 0x3B, 0x92, 0x3D, 0x4A, 0x84, 0x67, 0xE2, 0x5A, + 0x10, 0x80, 0x1B, 0xA2, 0xFE, 0x4B, 0x8F, 0x73, 0xB5, 0xA5, + 0x6B, 0xFA, 0x5B, 0x86, 0x95, 0xB8, 0x89, 0x9B, 0x8E, 0xBF, + 0x39, 0xAF, 0x4F, 0x2B, 0x1A, 0xC6, 0x4E, 0xAC, 0xD6, 0xDA, + 0x34, 0xDA, 0x6B, 0xD6, 0x1A, 0x49, 0x99, 0xD0, 0x87, 0x4F, + 0x1A, 0x51, 0xA0, 0x46, 0x89, 0x0E, 0x0B, 0x81, 0x4C, 0x63, + 0xE2, 0xCA, 0x7C, 0xED, 0x81, 0x53, 0x11, 0x11, 0x5F, 0x8D, + 0xFD, 0xDD, 0x08, 0xEE, 0x6B, 0x8E, 0xF0, 0x8B, 0x39, 0x59, + 0x24, 0x13, 0xA4, 0x23, 0xF2, 0xFE, 0xDC, 0x0C, 0xEE, 0xDF, + 0xD7, 0xAA, 0x9D, 0x4E, 0x54, 0x1A, 0x27, 0xA3, 0xE5, 0x20, + 0xDE, 0x55, 0x37, 0xE2, 0xBF, 0x8E, 0x2F, 0xB9, 0x9C, 0x98, + 0xFE, 0x8F, 0x8D, 0xBD, 0x09, 0x91, 0x2D, 0xBF, 0x1E, 0x0B, + 0x26, 0x90, 0xDE, 0xE2, 0xB1, 0x5E, 0x81, 0x0A, 0x07, 0x5F, + 0xF1, 0x54, 0xFC, 0x31, 0xB0, 0x94, 0x2A, 0x13, 0x93, 0xA3, + 0x00, 0xEA, 0x43, 0xBE, 0xD7, 0x26, 0x15, 0x8A, 0x15, 0xA3, + 0x46, 0x84, 0xD5, 0x6A, 0x24, 0x9D, 0x8D, 0x1A, 0x07, 0xB2, + 0x87, 0x99, 0x6F, 0xFD, 0xF6, 0x1D, 0xD7, 0x88, 0xF2, 0x94, + 0xAA, 0xD1, 0x73, 0x7F, 0x69, 0x2F, 0x0A, 0x2A, 0x66, 0xDC, + 0x56, 0x1D, 0xFA, 0xF6, 0xC3, 0x47, 0xDF, 0x7A, 0x77, 0x0E, + 0xF2, 0x22, 0xA8, 0xDD, 0xE5, 0x6D, 0x04, 0xDA, 0x06, 0x1C, + 0xDB, 0x15, 0x07, 0xF9, 0x04, 0xD4, 0x56, 0xFF, 0x3E, 0x63, + 0x98, 0x08, 0xEB, 0xF3, 0x63, 0xC1, 0x29, 0x8E, 0xA5, 0xC7, + 0x40, 0x39, 0xD1, 0xE6, 0xFA, 0xA9, 0xF5, 0x0F, 0x63, 0x6D, + 0x85, 0x35, 0xC9, 0x0C, 0x9A, 0xA3, 0x02, 0xC3, 0x4A, 0x70, + 0x11, 0x5C, 0x9B, 0x9A, 0x7F, 0x81, 0xE2, 0x44, 0x91, 0x4E, + 0x7A, 0x6A, 0x14, 0x15, 0x2C, 0xCB, 0xC9, 0x1C, 0x69, 0x91, + 0x8C, 0x41, 0xE0, 0xBB, 0x85, 0xC8, 0x6E, 0xCC, 0x4A, 0x75, + 0x3B, 0xBB, 0x33, 0x1B, 0x6A, 0x2B, 0x95, 0xF9, 0x5E, 0x03, + 0xF2, 0x25, 0xD5, 0xD9, 0xFB, 0x9D, 0x38, 0x14, 0x1A, 0x31, + 0xB9, 0xE7, 0xE6, 0x9B, 0x4B, 0x0D, 0xE9, 0x7C, 0x59, 0x12, + 0xD2, 0x6B, 0x98, 0x0C, 0x41, 0x07, 0xDB, 0xC1, 0xA9, 0x95, + 0x53, 0xAE, 0xAD, 0xBB, 0x92, 0x36, 0xC1, 0x93, 0xF6, 0xBB, + 0x43, 0xFD, 0x16, 0xAC, 0x63, 0x27, 0x27, 0xC5, 0xF0, 0xC6, + 0x4E, 0x56, 0xE6, 0x39, 0x75, 0xC8, 0xF5, 0xDE, 0x79, 0xCE, + 0x11, 0x0F, 0x6F, 0x45, 0x70, 0xAB, 0xB4, 0x45, 0x75, 0x14, + 0xD7, 0x91, 0xD5, 0x97, 0x3F, 0xC0, 0xB9, 0x19, 0x25, 0xE6, + 0x35, 0x72, 0xB9, 0xB5, 0x8A, 0xFD, 0x24, 0x73, 0x9F, 0x1B, + 0x73, 0xE7, 0x6E, 0xE0, 0x3E, 0x9F, 0x55, 0x55, 0x29, 0x5C, + 0x6F, 0xDB, 0x6B, 0x95, 0x0C, 0x60, 0xB7, 0x52, 0xC4, 0x7E, + 0x8F, 0xDD, 0x0E, 0x8F, 0x5D, 0x7B, 0xEE, 0x17, 0x3E, 0xA1, + 0x1D, 0x84, 0xA5, 0xD8, 0x16, 0x61, 0x75, 0x88, 0xDA, 0xF3, + 0x27, 0x45, 0x0B, 0xB8, 0xDA, 0x8E, 0x96, 0xFC, 0x27, 0xFC, + 0xAA, 0x35, 0x6B, 0xAD, 0x0B, 0x0F, 0x0E, 0x8B, 0x92, 0x99, + 0x2F, 0xBF, 0x6F, 0x53, 0xC4, 0x2C, 0x84, 0x23, 0x57, 0xED, + 0xA9, 0x32, 0xCE, 0x06, 0x16, 0x4B, 0xEE, 0xF6, 0x1E, 0xA2, + 0x31, 0x39, 0x49, 0xCC, 0x65, 0xBC, 0x70, 0x6D, 0xBE, 0x69, + 0x0D, 0x24, 0x25, 0xBB, 0x63, 0x09, 0xCC, 0x11, 0x0B, 0x49, + 0x5F, 0xD5, 0xFB, 0x93, 0xF7, 0x48, 0x04, 0x09, 0xE0, 0x5D, + 0x4F, 0x7A, 0x20, 0x6C, 0x42, 0x29, 0x5C, 0x21, 0x83, 0x06, + 0x88, 0xB5, 0xEF, 0x4C, 0xAC, 0x00, 0x01, 0xC6, 0xA4, 0x48, + 0x24, 0xFC, 0x77, 0xFE, 0xEE, 0xBF, 0xF0, 0x4E, 0x0C, 0xC5, + 0x6B, 0x89, 0x57, 0xC7, 0xB9, 0xF5, 0x61, 0x27, 0x24, 0x09, + 0xDA, 0x45, 0x00, 0x0B, 0x10, 0xB8, 0x7D, 0xF3, 0xE9, 0x56, + 0x59, 0x62, 0x65, 0x8C, 0x5E, 0x03, 0xB4, 0xB1, 0x85, 0x20, + 0x60, 0x25, 0x1D, 0xA7, 0xF4, 0x28, 0xF6, 0xB0, 0x32, 0x7B, + 0xEB, 0x76, 0x85, 0x7B, 0xD4, 0xE2, 0x15, 0x1C, 0xCB, 0xF2, + 0x31, 0xBA, 0x00, 0xBB, 0xD0, 0x90, 0x16, 0xB6, 0x48, 0x1F, + 0x2F, 0x4F, 0xE4, 0x1C, 0x1D, 0xD7, 0x09, 0xB6, 0x54, 0x70, + 0x2D, 0x7F, 0x68, 0xB9, 0x87, 0xE7, 0xCB, 0xD4, 0xD5, 0xE6, + 0xB4, 0xFD, 0x0C, 0x68, 0x5C, 0x96, 0xF4, 0x06, 0x64, 0x3B, + 0x74, 0x6B, 0xD1, 0xAC, 0xB5, 0x41, 0xEE, 0xBD, 0x55, 0x07, + 0xBF, 0x29, 0x51, 0x2B, 0xC5, 0x4A, 0xCF, 0x2A, 0xF1, 0xEE, + 0x5A, 0x64, 0x2F, 0x0B, 0x80, 0x7E, 0xF4, 0x50, 0x14, 0x28, + 0xF4, 0x39, 0x04, 0xB5, 0xC7, 0xCF, 0x53, 0xEA, 0x6C, 0xBD, + 0x76, 0x6C, 0x67, 0x6E, 0x3E, 0x9F, 0xEF, 0x60, 0xD0, 0xF6, + 0x73, 0x90, 0xDD, 0x1E, 0xE9, 0x75, 0x8B, 0x34, 0x6A, 0xB2, + 0xCC, 0xD1, 0x0B, 0x51, 0x6E, 0x44, 0x55, 0x55, 0x22, 0xBB, + 0x3F, 0xD1, 0x9F, 0xF4, 0x1E, 0xB5, 0xD6, 0x89, 0x3C, 0xDB, + 0xB7, 0x07, 0x83, 0x5C, 0x63, 0x45, 0x78, 0x4B, 0xFA, 0x1E, + 0x7D, 0x3D, 0x44, 0x91, 0xD3, 0xDD, 0x57, 0x07, 0xD9, 0x0F, + 0x58, 0xC3, 0x20, 0x5E, 0xF0, 0x42, 0x05, 0x61, 0xE5, 0x03, + 0xB3, 0xB8, 0x1B, 0xBB, 0x05, 0xC2, 0x1B, 0x7A, 0x7E, 0x8B, + 0xC9, 0x06 +}; +static const int sizeof_bench_dilithium_aes_level3_key = sizeof(bench_dilithium_aes_level3_key); + +/* certs/dilithium/bench_dilithium_aes_level5_key.der */ +static const unsigned char bench_dilithium_aes_level5_key[] = +{ + 0x30, 0x82, 0x1D, 0x3A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0B, + 0x08, 0x07, 0x04, 0x82, 0x1D, 0x24, 0x04, 0x82, 0x1D, 0x20, + 0x90, 0xBC, 0x63, 0x0F, 0xD4, 0xC2, 0x6D, 0x49, 0x01, 0xCD, + 0x1F, 0x92, 0xEC, 0xEE, 0xDB, 0x3B, 0x19, 0x0C, 0xFA, 0x4D, + 0x6C, 0x57, 0x16, 0xE0, 0x6E, 0x48, 0xB5, 0x5D, 0xB3, 0xE5, + 0xEA, 0xE6, 0xCA, 0x23, 0xD3, 0xE6, 0xE9, 0xEA, 0x3B, 0x1B, + 0x0C, 0x80, 0xD9, 0xFD, 0x2E, 0x9C, 0xD9, 0x1C, 0x44, 0x56, + 0xDD, 0xCC, 0x7C, 0x9F, 0x98, 0x1C, 0xEC, 0x7A, 0x3D, 0xB4, + 0x66, 0xCE, 0x91, 0x9F, 0x1E, 0x34, 0x96, 0xFB, 0xC6, 0x1D, + 0x3D, 0x93, 0x4A, 0x05, 0x43, 0xF8, 0xD7, 0x95, 0x10, 0x21, + 0x6C, 0xD4, 0x6F, 0xA6, 0x7B, 0x69, 0x3A, 0x1B, 0x9F, 0x0C, + 0x26, 0x84, 0x34, 0x39, 0xE6, 0xB5, 0x19, 0x83, 0x10, 0x92, + 0x30, 0x85, 0x19, 0x38, 0x31, 0x81, 0xB2, 0x51, 0x09, 0xB1, + 0x11, 0x19, 0xA6, 0x30, 0x9B, 0x80, 0x2D, 0x63, 0x26, 0x29, + 0x18, 0x93, 0x65, 0x84, 0x48, 0x72, 0x8C, 0x38, 0x81, 0xA3, + 0x18, 0x04, 0x19, 0x84, 0x20, 0x49, 0x40, 0x68, 0xA2, 0x82, + 0x80, 0x08, 0x19, 0x84, 0x4C, 0xC6, 0x90, 0x89, 0xA4, 0x80, + 0xC8, 0xA2, 0x85, 0xD2, 0x40, 0x04, 0x50, 0xA6, 0x81, 0x50, + 0xB4, 0x00, 0x18, 0x46, 0x30, 0x24, 0xC5, 0x80, 0x00, 0x93, + 0x84, 0x54, 0x22, 0x89, 0x21, 0x00, 0x88, 0xC8, 0x06, 0x64, + 0x8B, 0x20, 0x69, 0x9A, 0xB8, 0x6D, 0x58, 0x30, 0x02, 0x53, + 0x28, 0x6A, 0x20, 0xC9, 0x0C, 0x03, 0xC5, 0x60, 0x20, 0xA5, + 0x24, 0x5A, 0xC4, 0x29, 0x44, 0x38, 0x89, 0xD2, 0xB6, 0x11, + 0x24, 0x44, 0x6E, 0x12, 0x23, 0x2C, 0x99, 0x40, 0x26, 0x94, + 0x36, 0x20, 0xA2, 0x94, 0x6D, 0x49, 0x06, 0x2A, 0x52, 0x28, + 0x90, 0x09, 0x24, 0x25, 0x91, 0x20, 0x92, 0x49, 0x84, 0x0D, + 0x24, 0x83, 0x84, 0x61, 0xA4, 0x6C, 0x59, 0x32, 0x81, 0x21, + 0x34, 0x46, 0x09, 0x07, 0x05, 0xC0, 0x84, 0x8C, 0x62, 0x16, + 0x4D, 0x11, 0x90, 0x68, 0x11, 0xC8, 0x04, 0x40, 0x24, 0x41, + 0xC4, 0x14, 0x08, 0xCA, 0x38, 0x8A, 0x12, 0xB0, 0x25, 0x04, + 0xB5, 0x05, 0x22, 0x00, 0x2A, 0x48, 0x12, 0x2C, 0x1A, 0x29, + 0x20, 0xC8, 0x46, 0x4C, 0x22, 0x31, 0x60, 0xA3, 0x22, 0x6E, + 0x43, 0x12, 0x4C, 0x9B, 0xA8, 0x10, 0xD0, 0x32, 0x29, 0xE1, + 0x34, 0x82, 0x13, 0xA5, 0x31, 0x08, 0x45, 0x71, 0x01, 0x21, + 0x68, 0x12, 0xC4, 0x21, 0x0C, 0x82, 0x51, 0x40, 0x26, 0x11, + 0xDA, 0xA6, 0x09, 0x52, 0x92, 0x44, 0xC9, 0xB4, 0x51, 0x00, + 0x28, 0x8E, 0x24, 0x26, 0x42, 0xCB, 0xC4, 0x81, 0x09, 0x48, + 0x65, 0x23, 0xB9, 0x85, 0x01, 0xB2, 0x71, 0xC2, 0xC0, 0x2D, + 0x42, 0x06, 0x0D, 0x14, 0x93, 0x8C, 0x8B, 0xC0, 0x48, 0x60, + 0x82, 0x50, 0x18, 0x39, 0x50, 0x64, 0x12, 0x08, 0x11, 0x15, + 0x45, 0x02, 0x04, 0x8A, 0x0A, 0x21, 0x0D, 0x22, 0x35, 0x04, + 0xD0, 0x02, 0x41, 0x40, 0x14, 0x26, 0xCA, 0x20, 0x49, 0xA1, + 0xB0, 0x21, 0x18, 0x22, 0x64, 0xE0, 0x38, 0x11, 0x20, 0x87, + 0x8D, 0x50, 0x20, 0x6D, 0x11, 0x27, 0x42, 0x5C, 0x04, 0x41, + 0x09, 0x97, 0x88, 0xDA, 0x06, 0x91, 0x8A, 0x94, 0x0D, 0x9A, + 0x36, 0x42, 0xDC, 0x94, 0x2C, 0xCA, 0x32, 0x44, 0x52, 0x00, + 0x26, 0x02, 0x33, 0x92, 0xDA, 0x40, 0x30, 0x4A, 0xB0, 0x64, + 0xCC, 0xB2, 0x91, 0x24, 0x19, 0x08, 0x0A, 0x17, 0x88, 0xD8, + 0xB6, 0x01, 0xE4, 0x82, 0x09, 0xE4, 0xB0, 0x49, 0x12, 0x01, + 0x84, 0x09, 0xA0, 0x0D, 0xC8, 0x86, 0x8D, 0x0C, 0xA6, 0x31, + 0x1C, 0x07, 0x68, 0x43, 0x18, 0x04, 0xD8, 0x88, 0x69, 0x02, + 0x44, 0x41, 0x19, 0x23, 0x48, 0xA1, 0x18, 0x4D, 0xE0, 0xA4, + 0x68, 0x63, 0x38, 0x2A, 0x88, 0x18, 0x25, 0xE3, 0x90, 0x6D, + 0xD1, 0xB8, 0x04, 0x09, 0x44, 0x50, 0x14, 0xB4, 0x70, 0x0B, + 0x47, 0x8C, 0x1C, 0xC8, 0x6C, 0x43, 0xC0, 0x6C, 0xD0, 0x14, + 0x02, 0x22, 0xC2, 0x70, 0x04, 0x38, 0x49, 0x14, 0x33, 0x2C, + 0xCB, 0x16, 0x71, 0x1C, 0x05, 0x2C, 0x0A, 0x33, 0x81, 0xC0, + 0x90, 0x89, 0xA1, 0x38, 0x11, 0x1B, 0x36, 0x09, 0x62, 0x08, + 0x62, 0x24, 0xC1, 0x44, 0xCB, 0xC6, 0x01, 0xD4, 0x06, 0x31, + 0x44, 0x36, 0x2C, 0x54, 0xA0, 0x89, 0x1A, 0x80, 0x51, 0x0B, + 0x34, 0x91, 0x0B, 0xB1, 0x45, 0xA4, 0x24, 0x92, 0xA1, 0xC0, + 0x01, 0x09, 0xB2, 0x89, 0x8B, 0x40, 0x48, 0x09, 0xB0, 0x2C, + 0x1A, 0x33, 0x48, 0xA4, 0x04, 0x06, 0xD8, 0x00, 0x08, 0xA2, + 0xA2, 0x61, 0x04, 0x04, 0x64, 0x9A, 0xB2, 0x11, 0x11, 0x21, + 0x4E, 0x63, 0xC2, 0x20, 0x22, 0x31, 0x8E, 0xA2, 0xB2, 0x69, + 0x10, 0x10, 0x88, 0x88, 0x42, 0x4E, 0x41, 0xA2, 0x0D, 0x99, + 0x32, 0x44, 0x8C, 0xA6, 0x4D, 0x00, 0x16, 0x69, 0x13, 0x90, + 0x8C, 0xD4, 0x16, 0x51, 0x08, 0x29, 0x70, 0x83, 0x88, 0x68, + 0x90, 0x44, 0x28, 0x84, 0x10, 0x05, 0x1C, 0xA8, 0x01, 0x11, + 0xA6, 0x0D, 0x90, 0x06, 0x30, 0x4C, 0x44, 0x31, 0x14, 0x03, + 0x00, 0x54, 0xB2, 0x08, 0x5B, 0x20, 0x01, 0x10, 0x40, 0x0E, + 0x14, 0x86, 0x85, 0x60, 0x24, 0x71, 0xC3, 0xC0, 0x85, 0xE0, + 0x42, 0x0D, 0xE0, 0x46, 0x80, 0x5A, 0xC6, 0x45, 0x59, 0x98, + 0x28, 0xA4, 0x30, 0x8A, 0xDB, 0x06, 0x88, 0x43, 0x16, 0x04, + 0x1A, 0xA1, 0x31, 0xA2, 0x08, 0x02, 0x5A, 0x22, 0x41, 0x4A, + 0x42, 0x89, 0xA2, 0x82, 0x09, 0x90, 0xC2, 0x09, 0x03, 0x31, + 0x8A, 0xC4, 0xC8, 0x44, 0x21, 0xC5, 0x6C, 0x01, 0xB9, 0x10, + 0x09, 0x41, 0x29, 0x64, 0x30, 0x30, 0x44, 0x02, 0x65, 0x82, + 0x24, 0x68, 0xC2, 0x28, 0x0C, 0x0B, 0x90, 0x45, 0x11, 0xC2, + 0x70, 0x53, 0x86, 0x44, 0x10, 0x91, 0x81, 0x10, 0x21, 0x2E, + 0x99, 0x44, 0x04, 0xE0, 0xB0, 0x88, 0x18, 0x28, 0x4E, 0x64, + 0x22, 0x4D, 0x0B, 0x30, 0x71, 0xC2, 0x96, 0x80, 0x80, 0x08, + 0x89, 0x03, 0x46, 0x2C, 0x53, 0x96, 0x28, 0x10, 0x24, 0x89, + 0x09, 0x03, 0x2E, 0xC2, 0x04, 0x0C, 0x4B, 0xB6, 0x41, 0x89, + 0x84, 0x31, 0x0C, 0x08, 0x2C, 0xA4, 0x36, 0x04, 0x08, 0x85, + 0x05, 0x04, 0xC8, 0x2C, 0x03, 0xB8, 0x29, 0x0A, 0xB0, 0x45, + 0x93, 0x80, 0x20, 0x94, 0xC6, 0x30, 0x8A, 0x22, 0x09, 0xA2, + 0xC6, 0x60, 0x4A, 0x08, 0x8A, 0xC3, 0x42, 0x4C, 0x4B, 0x38, + 0x40, 0x02, 0xC3, 0x68, 0x0A, 0x09, 0x4E, 0x18, 0xC8, 0x44, + 0x12, 0x14, 0x6D, 0x53, 0x44, 0x25, 0x09, 0x27, 0x12, 0x11, + 0xB4, 0x91, 0xD2, 0x30, 0x8C, 0x0C, 0x10, 0x8C, 0x99, 0x38, + 0x05, 0x1A, 0xC8, 0x41, 0xA2, 0x10, 0x31, 0x0A, 0x33, 0x6C, + 0x9C, 0x42, 0x60, 0xA0, 0x38, 0x6D, 0x5A, 0x90, 0x89, 0x91, + 0x08, 0x46, 0x52, 0x10, 0x6C, 0x23, 0x02, 0x48, 0x0C, 0x36, + 0x4A, 0x59, 0x92, 0x41, 0x24, 0xA4, 0x21, 0x1B, 0x13, 0x62, + 0x02, 0xB1, 0x80, 0xC0, 0x86, 0x84, 0xC2, 0x28, 0x00, 0x4A, + 0x48, 0x0A, 0x61, 0x34, 0x62, 0x5A, 0xA6, 0x45, 0x08, 0x47, + 0x08, 0x21, 0x00, 0x6C, 0x20, 0x24, 0x90, 0xA1, 0x34, 0x91, + 0x09, 0x15, 0x28, 0x0A, 0x42, 0x6E, 0x21, 0x29, 0x49, 0x0B, + 0x24, 0x84, 0x1C, 0x86, 0x69, 0x59, 0x16, 0x10, 0x04, 0x12, + 0x70, 0xCB, 0x90, 0x08, 0x18, 0x24, 0x64, 0x02, 0x13, 0x8D, + 0x23, 0x38, 0x61, 0x1B, 0x34, 0x61, 0x0C, 0x80, 0x68, 0xCC, + 0xB8, 0x11, 0xC8, 0x24, 0x92, 0xC0, 0x88, 0x81, 0xC9, 0x48, + 0x6E, 0x09, 0x32, 0x2D, 0xA1, 0x08, 0x81, 0x0B, 0x30, 0x02, + 0x19, 0xA8, 0x84, 0xD2, 0x84, 0x11, 0x50, 0x86, 0x09, 0x04, + 0xA0, 0x20, 0x81, 0xA2, 0x41, 0x93, 0x24, 0x49, 0x03, 0x07, + 0x41, 0xC8, 0xA8, 0x60, 0x0A, 0x11, 0x61, 0x64, 0x08, 0x81, + 0x1B, 0x36, 0x62, 0xD4, 0x00, 0x4E, 0x44, 0xC6, 0x10, 0xDB, + 0x20, 0x4A, 0xA0, 0xB4, 0x29, 0x84, 0x00, 0x6E, 0x20, 0x47, + 0x4E, 0x23, 0x45, 0x51, 0xE2, 0xB6, 0x45, 0x18, 0xB5, 0x09, + 0x51, 0xC6, 0x2D, 0x99, 0x92, 0x89, 0x0A, 0x84, 0x51, 0x94, + 0x32, 0x24, 0x42, 0x24, 0x29, 0xD3, 0x94, 0x01, 0xC2, 0x80, + 0x24, 0xA2, 0x92, 0x6D, 0x09, 0x46, 0x11, 0x83, 0x12, 0x0D, + 0x03, 0x39, 0x84, 0xA1, 0xA2, 0x04, 0xC0, 0x24, 0x0D, 0x48, + 0x98, 0x30, 0x88, 0x10, 0x20, 0x9B, 0xA6, 0x21, 0x82, 0x46, + 0x6D, 0x0A, 0x96, 0x01, 0xA0, 0x14, 0x46, 0xE4, 0x08, 0x42, + 0x08, 0x43, 0x8D, 0x0A, 0x12, 0x0D, 0x13, 0x37, 0x20, 0x22, + 0x49, 0x21, 0x9C, 0x10, 0x66, 0xC0, 0x20, 0x31, 0x11, 0xB3, + 0x81, 0x1C, 0x29, 0x09, 0x03, 0xB0, 0x08, 0x5C, 0x18, 0x82, + 0x5C, 0xC2, 0x90, 0xD9, 0x44, 0x8C, 0xE2, 0x18, 0x85, 0x9A, + 0x08, 0x29, 0x21, 0x25, 0x48, 0x90, 0x10, 0x8D, 0x19, 0x17, + 0x60, 0x24, 0x39, 0x28, 0x19, 0x81, 0x45, 0x49, 0x32, 0x2D, + 0xCC, 0xB6, 0x81, 0x03, 0x81, 0x25, 0x99, 0x08, 0x11, 0x0C, + 0xA2, 0x81, 0x41, 0x18, 0x29, 0x91, 0x38, 0x12, 0x09, 0xB6, + 0x71, 0x02, 0x26, 0x81, 0x82, 0x48, 0x85, 0x19, 0x44, 0x6C, + 0x02, 0xC0, 0x49, 0x18, 0xA4, 0x65, 0x1B, 0x14, 0x6E, 0xA1, + 0x42, 0x11, 0x12, 0x30, 0x25, 0x61, 0xA6, 0x4C, 0xDC, 0x10, + 0x04, 0x88, 0x04, 0x30, 0x93, 0xB8, 0x2D, 0x23, 0x26, 0x52, + 0x14, 0xB3, 0x00, 0xCA, 0x32, 0x44, 0x52, 0x14, 0x90, 0xE4, + 0x26, 0x85, 0x24, 0xB7, 0x70, 0xDB, 0x28, 0x72, 0xE4, 0x96, + 0x25, 0x99, 0x00, 0x65, 0x23, 0x29, 0x2C, 0xA1, 0x98, 0x08, + 0x62, 0x16, 0x32, 0x09, 0x29, 0x52, 0x24, 0x19, 0x2A, 0x4A, + 0x90, 0x89, 0x1C, 0x88, 0x65, 0x98, 0x16, 0x52, 0x0C, 0x95, + 0x11, 0x11, 0x32, 0x4D, 0xD2, 0x86, 0x31, 0x92, 0x10, 0x6D, + 0x82, 0xC0, 0x04, 0xE3, 0x14, 0x0A, 0x04, 0x24, 0x61, 0x0C, + 0x93, 0x44, 0xC1, 0xC4, 0x2D, 0x4C, 0x16, 0x0A, 0x1A, 0x44, + 0x0A, 0x5A, 0x42, 0x46, 0x10, 0xC8, 0x8C, 0x5B, 0xC4, 0x4D, + 0xE2, 0xB4, 0x71, 0x61, 0xA8, 0x10, 0xC2, 0x02, 0x4E, 0xC4, + 0x08, 0x4E, 0x52, 0x94, 0x70, 0x20, 0x19, 0x84, 0xA4, 0x18, + 0x71, 0xC9, 0x10, 0x52, 0x9B, 0x40, 0x21, 0x4C, 0x80, 0x28, + 0x40, 0x44, 0x89, 0x20, 0x25, 0x11, 0x13, 0x91, 0x29, 0x1A, + 0x84, 0x10, 0x49, 0x14, 0x6E, 0x03, 0x27, 0x2D, 0x4C, 0x12, + 0x42, 0x04, 0x03, 0x04, 0x1C, 0x43, 0x72, 0x44, 0x16, 0x82, + 0x1B, 0x12, 0x46, 0x90, 0x94, 0x05, 0x93, 0xB8, 0x10, 0x64, + 0x00, 0x22, 0x83, 0x38, 0x69, 0x0B, 0x43, 0x52, 0x0C, 0xA9, + 0x6D, 0x19, 0xB3, 0x09, 0xD2, 0x32, 0x25, 0x9B, 0x46, 0x21, + 0x5B, 0xA8, 0x89, 0xE3, 0xC8, 0x65, 0x12, 0xA0, 0x28, 0x9A, + 0x18, 0x30, 0x54, 0xA8, 0x69, 0x88, 0x32, 0x10, 0x23, 0xB3, + 0x21, 0x22, 0x92, 0x48, 0x92, 0x38, 0x12, 0x9B, 0x24, 0x86, + 0xCB, 0x18, 0x02, 0x08, 0x25, 0x71, 0x9C, 0xC6, 0x69, 0x08, + 0x30, 0x11, 0x42, 0x36, 0x62, 0xCB, 0x30, 0x0C, 0x02, 0x12, + 0x90, 0xE1, 0x40, 0x8A, 0x90, 0x10, 0x42, 0x19, 0x83, 0x48, + 0xD4, 0x48, 0x32, 0xD9, 0x04, 0x46, 0x00, 0x05, 0x52, 0x1C, + 0x16, 0x92, 0x13, 0x23, 0x22, 0x08, 0xB6, 0x05, 0x1B, 0xC3, + 0x41, 0x18, 0x98, 0x50, 0xDC, 0x96, 0x00, 0xE4, 0x32, 0x2A, + 0x8B, 0x10, 0x25, 0x40, 0x14, 0x8A, 0xEC, 0x96, 0x58, 0x14, + 0xF8, 0xEE, 0xD7, 0x19, 0x19, 0x51, 0x76, 0xA9, 0xAD, 0xB7, + 0x18, 0x12, 0x37, 0x3C, 0xC2, 0xC8, 0x07, 0x57, 0x8B, 0xBE, + 0x1C, 0x27, 0x62, 0xE4, 0x68, 0xF6, 0x88, 0x23, 0xD2, 0x89, + 0xC0, 0x02, 0x09, 0xBE, 0x8D, 0x64, 0x93, 0x7B, 0xB3, 0x04, + 0xD4, 0x5C, 0x3C, 0xAE, 0xF1, 0xC5, 0x67, 0x34, 0x52, 0x34, + 0x1E, 0xEB, 0x72, 0x02, 0x09, 0x27, 0x5B, 0x39, 0xD0, 0x67, + 0xEE, 0x1E, 0x02, 0xC3, 0x7F, 0x98, 0x9A, 0xA8, 0x66, 0x7D, + 0x2B, 0x5B, 0xA7, 0x89, 0x74, 0xC7, 0xB6, 0x98, 0xC9, 0xFE, + 0x9B, 0x18, 0xCA, 0x8F, 0x21, 0xCB, 0x32, 0x01, 0x55, 0xD1, + 0x99, 0x53, 0x91, 0x31, 0x8E, 0x92, 0xFD, 0xD1, 0xCC, 0x25, + 0xDF, 0xCC, 0x68, 0x29, 0x2B, 0x91, 0x74, 0x18, 0x2F, 0x54, + 0xBC, 0x70, 0xD4, 0x06, 0xDA, 0xC2, 0x00, 0xA6, 0x6D, 0xE1, + 0x01, 0xDE, 0xD3, 0x55, 0x4A, 0x28, 0x21, 0x40, 0x72, 0x59, + 0x1A, 0x94, 0x10, 0xCD, 0xF4, 0xBB, 0x63, 0x2C, 0x01, 0xEA, + 0xCF, 0x42, 0x53, 0x54, 0x7C, 0xF4, 0x06, 0xE0, 0x89, 0x88, + 0xC4, 0x60, 0x9A, 0xDB, 0x72, 0x50, 0x81, 0x8C, 0x02, 0x57, + 0x7D, 0x14, 0x6E, 0x39, 0x64, 0x38, 0xF7, 0xB0, 0xB2, 0x4C, + 0x80, 0x70, 0x3A, 0x91, 0xDB, 0x31, 0xA5, 0x2A, 0x17, 0x02, + 0xC9, 0x2D, 0x41, 0x73, 0x22, 0x6C, 0x4F, 0xAA, 0xF3, 0x32, + 0x4B, 0xF3, 0x34, 0x2E, 0xB1, 0x0F, 0x86, 0x5F, 0xE1, 0x3D, + 0x2F, 0x42, 0x61, 0x6D, 0x75, 0x07, 0xB2, 0xDB, 0x4B, 0x0E, + 0x28, 0x41, 0x66, 0x15, 0xFE, 0xD9, 0x79, 0x7F, 0x2F, 0xEE, + 0xD2, 0xDC, 0xE5, 0x53, 0x32, 0x8E, 0x81, 0xA7, 0x06, 0x99, + 0xDC, 0x20, 0xEB, 0xCD, 0xD5, 0xDE, 0xCB, 0x39, 0x48, 0xA4, + 0xB6, 0x66, 0x47, 0xD5, 0xD5, 0x46, 0xE6, 0x5D, 0xEA, 0xFF, + 0xC1, 0x1E, 0xE7, 0xAB, 0x99, 0xAD, 0xE1, 0xD9, 0x47, 0x71, + 0x3A, 0x6D, 0xC6, 0x66, 0xCC, 0x7E, 0x5C, 0x9D, 0x25, 0xB0, + 0x2C, 0x3A, 0x72, 0x16, 0xE2, 0x67, 0x2F, 0xB2, 0xC5, 0x37, + 0x3C, 0xBF, 0xDF, 0xC7, 0xE9, 0x48, 0xB6, 0x2C, 0x3B, 0x2B, + 0x89, 0x76, 0xCB, 0x33, 0xCC, 0xCF, 0xF0, 0xE6, 0x32, 0x06, + 0xE7, 0x3C, 0x6A, 0xDF, 0x24, 0x50, 0x6E, 0xEA, 0xEF, 0x31, + 0xF7, 0x2C, 0xC3, 0xFA, 0x94, 0xBF, 0x4D, 0xF7, 0x1D, 0x03, + 0xEB, 0x70, 0x14, 0x0D, 0x25, 0x87, 0x95, 0x1D, 0x8C, 0x61, + 0x21, 0xC7, 0x05, 0x21, 0x2E, 0x2B, 0x6F, 0x9E, 0x87, 0x0D, + 0xF3, 0x0C, 0x62, 0x27, 0x65, 0x74, 0x6E, 0xEB, 0x1C, 0x07, + 0xDE, 0x62, 0x9B, 0xBA, 0x4F, 0xF0, 0x46, 0xD6, 0x6A, 0x18, + 0x03, 0x4B, 0x24, 0xEB, 0x07, 0x78, 0xD0, 0x81, 0x3D, 0x00, + 0xD6, 0xCB, 0x16, 0x60, 0x77, 0x91, 0xCC, 0xEE, 0xA5, 0x32, + 0x02, 0x7C, 0x36, 0xE4, 0x60, 0xDC, 0xED, 0xBC, 0x47, 0x48, + 0x59, 0xA5, 0x28, 0x02, 0x57, 0x75, 0xCE, 0xA0, 0x83, 0x45, + 0x9A, 0xBD, 0xB9, 0x48, 0xFB, 0x0F, 0x45, 0xD9, 0x95, 0xE8, + 0x2B, 0xFF, 0xAD, 0x32, 0xEF, 0x9D, 0x1D, 0x54, 0x4E, 0xCE, + 0xA1, 0x2D, 0x0A, 0x41, 0xCB, 0xD1, 0x08, 0xB9, 0x45, 0x17, + 0x97, 0xC1, 0x5C, 0x0D, 0x21, 0x5E, 0x27, 0xB8, 0x19, 0xB5, + 0x1E, 0x89, 0x80, 0xE3, 0xBA, 0x0B, 0x66, 0xCE, 0xEF, 0x5B, + 0x35, 0x38, 0xC2, 0xFB, 0x6E, 0xD9, 0x23, 0x18, 0xE1, 0x45, + 0x98, 0x64, 0x60, 0xF1, 0xD0, 0xE1, 0xAA, 0x50, 0xD3, 0xB1, + 0x8E, 0xEB, 0x08, 0x34, 0xC5, 0x99, 0x3F, 0xB4, 0x7F, 0x5A, + 0xE2, 0x80, 0xF6, 0x22, 0x06, 0x1F, 0xB7, 0x3D, 0x58, 0xE6, + 0xF6, 0x82, 0x3C, 0x15, 0x34, 0x2E, 0xC0, 0xE3, 0x80, 0x54, + 0xB3, 0x55, 0xE8, 0x37, 0xC5, 0x1D, 0x3A, 0x36, 0x26, 0x05, + 0x24, 0xFB, 0x65, 0xDE, 0x95, 0x63, 0xF0, 0xC3, 0xFA, 0x43, + 0x1D, 0xCE, 0x7B, 0x21, 0x0E, 0x52, 0x6F, 0xA7, 0x27, 0xBD, + 0x3E, 0x7A, 0xE7, 0x59, 0xD0, 0xC3, 0xFB, 0x4C, 0x56, 0xCB, + 0x2A, 0x20, 0x7F, 0xCC, 0x94, 0xFE, 0xC0, 0x58, 0xD0, 0xFC, + 0x99, 0xB9, 0x97, 0x1A, 0x37, 0xF0, 0xB1, 0x83, 0xF3, 0x52, + 0x1E, 0x50, 0x2C, 0x74, 0x67, 0xFF, 0x62, 0x83, 0xB0, 0x79, + 0xE4, 0xF3, 0x92, 0x45, 0xFA, 0x94, 0x73, 0xC4, 0x24, 0xD8, + 0xDE, 0x88, 0x8C, 0x85, 0xE2, 0xA7, 0x84, 0xD9, 0xB4, 0x58, + 0x02, 0xFF, 0x64, 0xDE, 0x2A, 0x9D, 0x41, 0xEB, 0xE7, 0xEE, + 0x2B, 0x0A, 0x4D, 0x8E, 0xDC, 0x39, 0x56, 0xE2, 0x00, 0xF0, + 0x9D, 0xE1, 0x4F, 0x33, 0xD1, 0x6C, 0xF9, 0xF5, 0x89, 0x45, + 0x78, 0xA4, 0x15, 0x86, 0xFD, 0x70, 0x7A, 0xEC, 0xA5, 0xDB, + 0x6B, 0x7A, 0x28, 0x2D, 0x81, 0x63, 0xD2, 0x04, 0xF6, 0xC6, + 0x95, 0x14, 0xD0, 0x6B, 0x22, 0x7C, 0x87, 0x63, 0x13, 0x93, + 0x43, 0x04, 0xB7, 0x85, 0x4C, 0x9F, 0xF3, 0xE1, 0x96, 0x23, + 0x0E, 0xC9, 0x9E, 0x2C, 0x86, 0xF0, 0x9A, 0xC1, 0xF9, 0x65, + 0x69, 0x40, 0x6D, 0x6E, 0x7C, 0xA1, 0x68, 0x72, 0x44, 0xEF, + 0x46, 0x7F, 0xFB, 0x18, 0x40, 0x17, 0xFC, 0x0B, 0x30, 0xEF, + 0x13, 0xFF, 0xAE, 0x92, 0x97, 0x52, 0xEB, 0x9F, 0xEE, 0x88, + 0x51, 0xDC, 0x8C, 0x93, 0xAD, 0xB8, 0x5E, 0x8A, 0xF8, 0x4A, + 0x57, 0x2C, 0xAD, 0x23, 0xA4, 0x06, 0x26, 0x80, 0x2F, 0xF7, + 0x4D, 0x7C, 0xE0, 0xF2, 0xE7, 0x0E, 0x60, 0xBE, 0x96, 0xE9, + 0x89, 0xCF, 0x73, 0x62, 0x40, 0xB5, 0x12, 0x8C, 0x5D, 0x91, + 0x29, 0x7E, 0x30, 0x91, 0x7E, 0xA5, 0x91, 0xF5, 0x5B, 0xA0, + 0x94, 0x96, 0x0C, 0x6A, 0x2A, 0x01, 0x87, 0x44, 0x05, 0xE4, + 0xFB, 0x81, 0x19, 0x3A, 0x96, 0x8B, 0xE8, 0x80, 0xF3, 0xA4, + 0x45, 0xD7, 0xF9, 0x29, 0x3F, 0xBB, 0x9F, 0x34, 0x35, 0x64, + 0xA9, 0x9A, 0xD4, 0x8D, 0xFE, 0xF8, 0xC1, 0x13, 0xF7, 0xDE, + 0x98, 0x9B, 0x31, 0xB4, 0x8F, 0x57, 0xBB, 0x93, 0x1B, 0xC2, + 0x64, 0x33, 0x8D, 0x97, 0x8C, 0x57, 0xB3, 0x23, 0x70, 0x72, + 0x14, 0xC2, 0x45, 0x7F, 0xF7, 0x16, 0xB2, 0xD5, 0x7D, 0xA2, + 0xB7, 0xAD, 0xC9, 0x86, 0x92, 0xD7, 0xF9, 0x2E, 0x20, 0x35, + 0x64, 0xC7, 0x74, 0x64, 0xFF, 0xC2, 0x85, 0x84, 0xBC, 0xBF, + 0xB0, 0x96, 0xC2, 0x37, 0x66, 0x56, 0x21, 0x8E, 0xDC, 0x0F, + 0x98, 0xEC, 0x9F, 0x78, 0xB2, 0x71, 0xA5, 0x88, 0xEE, 0xFD, + 0x03, 0xA8, 0xBA, 0xF6, 0x39, 0x77, 0xA0, 0x69, 0x99, 0x34, + 0x9B, 0x32, 0x3C, 0x69, 0x88, 0xBF, 0xB5, 0xB5, 0x50, 0x4D, + 0xB2, 0xA1, 0xE6, 0xDD, 0x1E, 0xA4, 0xA8, 0xF1, 0xA6, 0x9B, + 0xAF, 0x6A, 0xAE, 0x72, 0x92, 0x73, 0x33, 0x39, 0xDD, 0xC6, + 0xCE, 0xA0, 0x72, 0xFA, 0x66, 0x75, 0x3D, 0x9B, 0xA0, 0x04, + 0x88, 0x37, 0x2A, 0x88, 0x36, 0xE5, 0x43, 0x96, 0x68, 0x41, + 0x6D, 0x3B, 0x0E, 0xB8, 0xE9, 0x51, 0x92, 0x28, 0x72, 0x7D, + 0xC4, 0x27, 0x95, 0x7F, 0xBF, 0x66, 0x7B, 0x47, 0x77, 0xB7, + 0xA4, 0x75, 0x02, 0x43, 0x0B, 0x34, 0x2B, 0x2D, 0x6E, 0xD5, + 0xCD, 0x1C, 0x78, 0x56, 0x0B, 0x15, 0x4E, 0x80, 0xF2, 0x4D, + 0xB2, 0x1F, 0xAC, 0x82, 0x3B, 0xE7, 0x09, 0xC8, 0x41, 0x22, + 0xDD, 0xEA, 0xB1, 0xA8, 0x6B, 0xE8, 0x21, 0x12, 0x09, 0x19, + 0x19, 0xA2, 0x04, 0xDB, 0xFA, 0x59, 0x87, 0x85, 0x10, 0x44, + 0x1B, 0xE6, 0xA8, 0xD9, 0x33, 0x27, 0xF7, 0x05, 0x0D, 0x2D, + 0x98, 0xE2, 0x2A, 0x96, 0xD6, 0xEB, 0x32, 0x9D, 0x75, 0x8A, + 0xC5, 0x78, 0x30, 0x49, 0x19, 0x94, 0x7C, 0x33, 0xC4, 0xEF, + 0xA9, 0xA3, 0xD1, 0xB4, 0xF4, 0xB7, 0x6D, 0x13, 0x1E, 0x7D, + 0xE3, 0x60, 0x7C, 0x9F, 0x10, 0x93, 0x8C, 0xE4, 0x52, 0x07, + 0x58, 0x03, 0x57, 0xA1, 0x6A, 0x94, 0x66, 0xD3, 0xEC, 0xF0, + 0x14, 0x96, 0xBE, 0x2F, 0xA5, 0xB1, 0xA9, 0xEE, 0xC8, 0x25, + 0x39, 0xA5, 0xA0, 0x82, 0xFC, 0x40, 0xA5, 0x7D, 0x87, 0x48, + 0xD1, 0x1C, 0x88, 0xA5, 0x34, 0x29, 0xC9, 0x73, 0xC6, 0x5A, + 0xDC, 0x89, 0xDF, 0xCB, 0x0F, 0x67, 0xA8, 0x72, 0xB4, 0xF2, + 0x99, 0xDE, 0x9E, 0xBE, 0x1B, 0x76, 0xAB, 0x23, 0x9C, 0x5E, + 0xE3, 0xEC, 0xD9, 0x34, 0x70, 0x63, 0x32, 0x03, 0x74, 0xCB, + 0x1C, 0x76, 0x0D, 0x5B, 0xEB, 0xDD, 0x7E, 0xF5, 0x78, 0x9F, + 0xE6, 0xC8, 0x9F, 0x63, 0x47, 0x05, 0xAD, 0xD0, 0x21, 0xA8, + 0x44, 0xAA, 0x70, 0x93, 0xD3, 0xCE, 0x21, 0x79, 0xE9, 0x5B, + 0x2F, 0x07, 0x32, 0xE5, 0x42, 0xF9, 0xE8, 0x61, 0x33, 0x39, + 0xFA, 0x13, 0x03, 0x0C, 0x44, 0x80, 0x1D, 0x70, 0x70, 0xFE, + 0xF8, 0x3A, 0x46, 0x18, 0x15, 0x68, 0x01, 0xA7, 0x90, 0xDB, + 0x8E, 0xDF, 0xB9, 0x1B, 0x06, 0xE0, 0xD4, 0x2D, 0x68, 0x9B, + 0x72, 0xEA, 0xA9, 0xEA, 0x74, 0x67, 0x18, 0x62, 0x8E, 0x2D, + 0x21, 0x0D, 0x6F, 0xED, 0xA2, 0x64, 0x0C, 0x4F, 0x9D, 0xA3, + 0xD4, 0x3F, 0x28, 0xF5, 0xDA, 0x41, 0x80, 0xB0, 0x71, 0x5C, + 0xDE, 0xF3, 0xA4, 0xC1, 0x55, 0x46, 0x57, 0x9E, 0x6B, 0xA3, + 0xD1, 0x40, 0xED, 0x29, 0x37, 0x00, 0xB5, 0xF2, 0x88, 0x0A, + 0x85, 0xDE, 0x2B, 0x64, 0xBC, 0x07, 0x21, 0x43, 0xDF, 0x36, + 0xAA, 0xFD, 0x7B, 0x65, 0x2D, 0x1A, 0xA5, 0xB7, 0x06, 0xEE, + 0x18, 0xC6, 0x26, 0xB9, 0x47, 0x24, 0x21, 0xB1, 0x67, 0x6F, + 0xC8, 0x51, 0xA6, 0x6D, 0x8F, 0xF4, 0x4B, 0xCA, 0x26, 0x9D, + 0xA7, 0xED, 0xAF, 0x0B, 0x8A, 0x02, 0x1F, 0xDA, 0x93, 0x12, + 0xFE, 0x25, 0x02, 0xFE, 0x23, 0x06, 0x4F, 0x22, 0x2D, 0x61, + 0x52, 0xD6, 0xFC, 0x1E, 0x36, 0x50, 0x43, 0x30, 0x45, 0x31, + 0x38, 0x7D, 0xCF, 0xA4, 0xBF, 0xB2, 0xA7, 0xCA, 0x5D, 0x80, + 0xBB, 0xD3, 0xD0, 0x47, 0x14, 0xC3, 0x87, 0xA8, 0x7D, 0x0F, + 0x0D, 0x16, 0xCD, 0x4D, 0x54, 0xB5, 0x1F, 0x04, 0x2D, 0xC1, + 0x5E, 0x20, 0x5C, 0x8F, 0x52, 0x3F, 0x9A, 0x17, 0xE1, 0x9E, + 0x5E, 0xBB, 0x64, 0x5B, 0x2C, 0x80, 0x7D, 0x80, 0x3A, 0xE1, + 0x0D, 0xE1, 0x83, 0xEB, 0x70, 0xF2, 0xE0, 0x12, 0x94, 0x48, + 0xDF, 0x44, 0xFF, 0x5B, 0x1B, 0x27, 0xEE, 0x94, 0x01, 0x38, + 0xE2, 0x91, 0x8A, 0x5D, 0x1C, 0xEA, 0xC9, 0x5A, 0x42, 0xF8, + 0x62, 0x41, 0x8E, 0xCB, 0x86, 0x4D, 0x81, 0x10, 0xCD, 0x4B, + 0x0F, 0x2E, 0xBE, 0x80, 0x1B, 0xA6, 0x17, 0xB6, 0x13, 0xE6, + 0x85, 0xA6, 0x3D, 0x95, 0xE2, 0xFC, 0x69, 0xD8, 0x90, 0xFA, + 0x8B, 0x51, 0xE5, 0x56, 0xCA, 0x7A, 0xA4, 0x92, 0x83, 0x43, + 0xA1, 0x3D, 0xA4, 0xC5, 0xD6, 0x56, 0xAC, 0x6A, 0xEE, 0x37, + 0x73, 0x63, 0x71, 0xF1, 0x76, 0xBD, 0x70, 0x20, 0x0C, 0xE4, + 0xD7, 0xC9, 0x44, 0x47, 0x7E, 0xA6, 0x8B, 0xD3, 0x7F, 0x64, + 0x9F, 0xF0, 0x7F, 0x25, 0xAF, 0xF3, 0x0C, 0x9B, 0x03, 0x05, + 0x91, 0x9A, 0xCE, 0x7E, 0xA7, 0x26, 0x0F, 0x52, 0xA8, 0xDA, + 0xBE, 0x2D, 0x80, 0x31, 0xE7, 0x6D, 0x3C, 0xAE, 0xEF, 0xC6, + 0x64, 0x44, 0x84, 0x6B, 0xF1, 0xE0, 0x4B, 0x75, 0xF2, 0x76, + 0x6F, 0x58, 0x03, 0x45, 0xAC, 0x47, 0xBD, 0x66, 0xA3, 0x31, + 0x29, 0x87, 0xF7, 0xD2, 0x88, 0x63, 0xA3, 0x2B, 0x16, 0x1A, + 0xC2, 0x71, 0xEE, 0x9A, 0x09, 0x40, 0x3E, 0xC9, 0x5F, 0x49, + 0xFE, 0x18, 0xF0, 0x4E, 0x2C, 0x64, 0xEB, 0x11, 0xFB, 0x28, + 0xA1, 0xAD, 0xCE, 0x36, 0x6A, 0xC7, 0x38, 0xDD, 0x48, 0x34, + 0xC0, 0x69, 0x49, 0x25, 0x12, 0xDF, 0x6C, 0x46, 0x97, 0xF0, + 0xB5, 0x55, 0x97, 0x36, 0x66, 0x40, 0x4C, 0x4D, 0x36, 0xC4, + 0xD5, 0xFB, 0x3A, 0x22, 0x35, 0xCB, 0xDC, 0xA4, 0x50, 0xF6, + 0xBD, 0x40, 0x20, 0xB8, 0x24, 0xA3, 0xBA, 0x42, 0x27, 0x29, + 0x16, 0xB8, 0x41, 0xAD, 0xE0, 0x14, 0x01, 0x9A, 0x1C, 0x44, + 0xEE, 0x1C, 0xC1, 0x59, 0xEE, 0x0D, 0x13, 0xC4, 0x27, 0x4D, + 0x18, 0x7E, 0x28, 0x03, 0xAB, 0xF9, 0xEC, 0xFC, 0x9B, 0x00, + 0xAC, 0xFF, 0xA6, 0x0B, 0xB1, 0x15, 0x4B, 0xC8, 0x89, 0xF9, + 0x56, 0xA5, 0xB2, 0x8D, 0x24, 0x93, 0xB8, 0xA0, 0x51, 0xE2, + 0xF9, 0xE7, 0xEF, 0xBD, 0x67, 0x06, 0x15, 0x85, 0xB4, 0xB3, + 0xD3, 0x0A, 0x1F, 0xBA, 0xCD, 0x53, 0xB8, 0xB8, 0xD0, 0xE1, + 0x00, 0x2E, 0x3C, 0xC0, 0xD7, 0xFA, 0xB2, 0xAB, 0x40, 0xA2, + 0xFE, 0x63, 0x92, 0x5F, 0x97, 0xBF, 0x6F, 0xD6, 0xEA, 0x18, + 0x69, 0xE4, 0x2D, 0xE0, 0x50, 0x34, 0x74, 0x00, 0xE8, 0xB5, + 0xD1, 0xBC, 0x67, 0x0E, 0xAA, 0xCC, 0x0C, 0x6A, 0xCF, 0x02, + 0x4D, 0x86, 0x7D, 0x76, 0xE8, 0xD6, 0x60, 0xF0, 0xD3, 0x4F, + 0x37, 0x85, 0xAF, 0x3B, 0x68, 0xEB, 0xE6, 0x0F, 0x47, 0xA3, + 0xEA, 0xAE, 0xDE, 0xFA, 0xF8, 0x88, 0xFF, 0x90, 0xA8, 0x5C, + 0x33, 0x6F, 0x69, 0x90, 0x44, 0x84, 0x13, 0x1B, 0xE9, 0x69, + 0x5E, 0x37, 0x32, 0xFD, 0xD0, 0x13, 0xD8, 0xEA, 0x91, 0x42, + 0x24, 0x7E, 0xF1, 0x5A, 0xFD, 0xB7, 0xEB, 0x45, 0xBB, 0x1C, + 0xAA, 0xAA, 0xD1, 0x0B, 0xE0, 0xDB, 0x6D, 0xFF, 0xE5, 0xC0, + 0xF9, 0x63, 0x12, 0x8B, 0x1B, 0x66, 0x3B, 0x5E, 0x73, 0xC5, + 0x90, 0x67, 0xC8, 0xAE, 0x13, 0xAE, 0xBE, 0xBE, 0x37, 0x6F, + 0x12, 0xBE, 0x0F, 0x3E, 0x1B, 0xB7, 0x69, 0xD0, 0x29, 0x20, + 0xFD, 0x3D, 0x6D, 0x2F, 0x4D, 0xCF, 0xB9, 0x8F, 0x30, 0x4C, + 0x4F, 0x7E, 0x72, 0x83, 0x59, 0xB8, 0xD3, 0xF4, 0x01, 0x78, + 0x3E, 0x1B, 0xF7, 0xF9, 0x41, 0xCC, 0xAD, 0xC0, 0x5C, 0x9B, + 0x9A, 0xDE, 0xDD, 0xDF, 0x36, 0x07, 0xA0, 0x77, 0x16, 0x3F, + 0x6F, 0xC9, 0x44, 0x21, 0xAE, 0xA0, 0xD7, 0x84, 0x97, 0x26, + 0xCB, 0x7F, 0x84, 0xF1, 0x01, 0x18, 0xC0, 0x7C, 0xA1, 0x54, + 0x34, 0x91, 0xBE, 0xA7, 0x52, 0xC9, 0x8E, 0x23, 0xCE, 0x4D, + 0xE2, 0xF1, 0x72, 0xDD, 0x95, 0x43, 0xD4, 0x66, 0xBF, 0x1A, + 0xBF, 0x44, 0x68, 0xD0, 0xFC, 0xAE, 0xD9, 0x16, 0x12, 0x51, + 0x34, 0x86, 0x85, 0xB8, 0x0D, 0xF9, 0x68, 0x1C, 0x75, 0x3A, + 0x9B, 0x12, 0x27, 0xF8, 0x66, 0xF2, 0x1C, 0x89, 0xA8, 0xC0, + 0xC7, 0x91, 0x16, 0xD3, 0xDD, 0x52, 0xFB, 0xF8, 0x73, 0xA4, + 0xDE, 0x0F, 0xB1, 0x1F, 0x8E, 0xF8, 0x09, 0x28, 0x59, 0xD1, + 0x11, 0xD2, 0x22, 0xA1, 0x1E, 0x83, 0x82, 0x7A, 0xCA, 0xBE, + 0x56, 0xF2, 0x77, 0x4A, 0xFE, 0x2C, 0xD6, 0x37, 0x9E, 0x94, + 0x48, 0xF0, 0x19, 0x82, 0x88, 0x96, 0x7C, 0xDB, 0x9B, 0x42, + 0xC5, 0xD9, 0xC5, 0xBC, 0x80, 0x09, 0x49, 0xAA, 0xA4, 0x1F, + 0xB1, 0x1C, 0x52, 0xEE, 0x20, 0x58, 0xB3, 0x1F, 0x48, 0xF1, + 0xBD, 0x8F, 0x52, 0xCE, 0x65, 0x2F, 0xC2, 0x1C, 0x64, 0x39, + 0xE9, 0xDB, 0xF2, 0x4C, 0xEA, 0xED, 0x6C, 0x67, 0x6D, 0x3C, + 0x94, 0x79, 0x00, 0xA7, 0x05, 0x8F, 0x66, 0x0F, 0xE4, 0x5D, + 0xEB, 0x23, 0xFF, 0xCC, 0xFE, 0x98, 0x8B, 0xA4, 0x4F, 0x2A, + 0x2D, 0xC2, 0x8F, 0xB6, 0x2B, 0xAB, 0x06, 0xC0, 0x5B, 0xD5, + 0x24, 0x1F, 0x20, 0xE1, 0xCC, 0x12, 0x86, 0xD8, 0x94, 0xFC, + 0x2D, 0xDF, 0x42, 0xF8, 0x70, 0x53, 0xF2, 0xD5, 0x8F, 0x66, + 0xD3, 0x8B, 0x2C, 0xA7, 0x85, 0xAA, 0x74, 0x44, 0x14, 0x32, + 0x87, 0x9A, 0x8E, 0x92, 0x05, 0x31, 0x2F, 0xE0, 0x49, 0xFC, + 0xBC, 0x04, 0x1C, 0x57, 0x25, 0x8D, 0x56, 0x54, 0x0D, 0xA7, + 0x6D, 0xAD, 0x1E, 0x5A, 0x68, 0x48, 0x9D, 0xAD, 0xE0, 0x52, + 0xF5, 0xC0, 0x76, 0x9C, 0x5A, 0xAC, 0x17, 0xD6, 0x37, 0x16, + 0x89, 0xE6, 0x97, 0x75, 0x0E, 0x88, 0x3C, 0x53, 0xFC, 0x73, + 0x16, 0x14, 0xCA, 0x62, 0x07, 0x84, 0x95, 0xA6, 0x21, 0x20, + 0xDA, 0xAA, 0xC2, 0x26, 0x72, 0xEA, 0x6B, 0x5E, 0xE1, 0x17, + 0x01, 0xB6, 0x46, 0xA6, 0x55, 0x36, 0xFB, 0x25, 0xFD, 0xF0, + 0x37, 0xC6, 0xC6, 0x30, 0x29, 0xC7, 0x19, 0xEA, 0x32, 0xE1, + 0xFB, 0x92, 0x31, 0x87, 0x6D, 0xC7, 0x94, 0xC6, 0xB2, 0x89, + 0x20, 0xC4, 0x2F, 0x6C, 0x14, 0xB8, 0xAB, 0x1A, 0x3A, 0xD0, + 0x1F, 0x59, 0x55, 0x76, 0x70, 0x44, 0xC8, 0x5F, 0x33, 0x9F, + 0xA3, 0xE3, 0x2D, 0xF1, 0x0C, 0xCA, 0x33, 0xB9, 0xC3, 0xFD, + 0x66, 0xE8, 0xD9, 0x9A, 0xE9, 0x4A, 0xCD, 0xB9, 0x09, 0x04, + 0xDB, 0x6B, 0x39, 0x71, 0xA3, 0x04, 0x68, 0xE3, 0x20, 0xDD, + 0x3C, 0x59, 0xF8, 0x36, 0xD2, 0x5C, 0xE4, 0x8F, 0x5D, 0xBF, + 0x39, 0xDC, 0xB6, 0x23, 0x01, 0x0C, 0xDF, 0x2D, 0x83, 0xAE, + 0x2C, 0x27, 0xCE, 0xAE, 0x2A, 0x9D, 0x40, 0xC2, 0x55, 0x58, + 0x48, 0x3C, 0x9B, 0x5D, 0x9F, 0xC6, 0xA6, 0x54, 0x29, 0x5E, + 0x36, 0xAC, 0xDC, 0xDA, 0xED, 0x8C, 0x1D, 0x73, 0x7B, 0x62, + 0x7F, 0x8F, 0xF6, 0xCC, 0x8A, 0xF2, 0x9B, 0x43, 0x8E, 0x6C, + 0x46, 0xF2, 0x9B, 0x59, 0x38, 0xD4, 0x57, 0x0A, 0x83, 0x6C, + 0x9A, 0x78, 0x72, 0x31, 0x42, 0x53, 0x6A, 0x91, 0xE1, 0xE2, + 0xAF, 0x77, 0xE0, 0x86, 0x0C, 0x37, 0x12, 0xD7, 0xEC, 0x10, + 0x5C, 0x05, 0x29, 0x1A, 0x27, 0x0E, 0x48, 0x25, 0xF7, 0x5F, + 0x57, 0x50, 0x15, 0x4F, 0x41, 0x8B, 0xAB, 0x25, 0x0F, 0xDE, + 0x5F, 0x12, 0x64, 0xA3, 0xF0, 0x35, 0x38, 0x7C, 0xD8, 0xD8, + 0xC1, 0x88, 0x9A, 0x34, 0xB6, 0xAF, 0xA9, 0x22, 0x87, 0x62, + 0x1C, 0xE8, 0xF2, 0xD3, 0x25, 0x50, 0x92, 0x91, 0xFF, 0x32, + 0x07, 0xF7, 0xC5, 0x7B, 0xB4, 0x69, 0xB7, 0x00, 0x36, 0x8A, + 0x12, 0x7E, 0x4B, 0x35, 0xC2, 0x39, 0x9E, 0x90, 0x77, 0xBC, + 0x50, 0x33, 0x46, 0x02, 0x12, 0x09, 0xF2, 0xEC, 0x4C, 0x3D, + 0xBF, 0x7A, 0xBB, 0x7D, 0x99, 0x1A, 0x70, 0x55, 0x24, 0x34, + 0x68, 0xD2, 0xD6, 0x27, 0xEA, 0xED, 0x87, 0x3A, 0x04, 0xDF, + 0xC5, 0xE6, 0x4E, 0x88, 0xFE, 0x8B, 0xED, 0xE0, 0x4C, 0xFF, + 0x6E, 0x97, 0x42, 0x3C, 0x0F, 0x60, 0x1F, 0xDC, 0x62, 0x69, + 0xB2, 0xBC, 0xB4, 0x18, 0x3C, 0x6D, 0x69, 0x8B, 0xD8, 0xA5, + 0x15, 0x2F, 0xA4, 0xD8, 0x1C, 0x62, 0x3F, 0x9A, 0x8B, 0x15, + 0x22, 0xAE, 0x37, 0xB6, 0xB8, 0x4D, 0xC4, 0xA5, 0x65, 0x65, + 0x6D, 0x22, 0x59, 0x61, 0xE1, 0x08, 0xD5, 0xE2, 0x86, 0xB8, + 0xBA, 0xD5, 0x68, 0x53, 0xEE, 0x62, 0xD7, 0xF9, 0x46, 0x8C, + 0x51, 0x01, 0xC5, 0x55, 0x22, 0xE5, 0xFE, 0xA0, 0xAA, 0x6A, + 0x4D, 0xCA, 0xC3, 0x20, 0x64, 0x12, 0xDB, 0x6F, 0x63, 0xAE, + 0xDC, 0xF6, 0x8C, 0xEA, 0x24, 0x43, 0xCD, 0x61, 0x74, 0xDF, + 0x61, 0x19, 0x56, 0x8A, 0x55, 0x1C, 0x16, 0x67, 0x15, 0x68, + 0x78, 0xE3, 0x51, 0x63, 0x4F, 0x97, 0x9A, 0xC0, 0xE5, 0xC2, + 0xD4, 0xD3, 0x8C, 0xA0, 0x80, 0x3B, 0xFE, 0x07, 0x14, 0xAF, + 0x1C, 0x16, 0x0B, 0x2C, 0x52, 0x87, 0xFB, 0x8E, 0x91, 0xB4, + 0x30, 0x00, 0x22, 0xD1, 0x4D, 0xAE, 0x8A, 0x1F, 0x19, 0x3E, + 0xD8, 0x75, 0x83, 0x85, 0x84, 0x3E, 0xEA, 0xC5, 0x87, 0xB9, + 0x70, 0x53, 0x25, 0xB2, 0xAB, 0xD0, 0x9C, 0x17, 0x5E, 0xA0, + 0x3C, 0xB0, 0x95, 0x5C, 0xDF, 0x86, 0x02, 0x82, 0xEA, 0x7B, + 0xB2, 0xF1, 0x9B, 0x56, 0xAE, 0x47, 0xA0, 0xB6, 0x65, 0x96, + 0xF0, 0x40, 0x6D, 0x60, 0xE7, 0x57, 0xC7, 0xE4, 0x1B, 0x63, + 0x91, 0x0F, 0x1B, 0xA8, 0x1D, 0x05, 0xDA, 0x43, 0x7C, 0x94, + 0x9A, 0x02, 0x4D, 0xA4, 0x70, 0xFC, 0x6E, 0xFE, 0x5D, 0xA0, + 0x55, 0x5D, 0xE9, 0x90, 0x07, 0x6B, 0x58, 0x9A, 0xA2, 0x5C, + 0x79, 0xE3, 0x27, 0x90, 0x8C, 0x97, 0x2D, 0xAB, 0x9E, 0x6E, + 0x54, 0x66, 0x51, 0xAD, 0x76, 0x7D, 0x83, 0xDD, 0x26, 0x5B, + 0x68, 0x7D, 0x94, 0x7E, 0x34, 0xEC, 0x25, 0x8E, 0x91, 0x4D, + 0xB9, 0x38, 0xD2, 0xFE, 0xDD, 0x03, 0x92, 0xA3, 0x88, 0x5B, + 0xBD, 0xE4, 0xDB, 0xE4, 0x32, 0x8A, 0x30, 0xAA, 0x72, 0x83, + 0x3F, 0xBC, 0x9A, 0xC4, 0x47, 0x42, 0xD4, 0x1E, 0x4D, 0x4D, + 0xA1, 0x4D, 0x10, 0x61, 0x7D, 0x69, 0x65, 0xEC, 0x3E, 0xBE, + 0x57, 0x54, 0x5E, 0x97, 0x28, 0x1E, 0xAE, 0xFA, 0x33, 0x4F, + 0xD0, 0x55, 0x42, 0x1A, 0xA7, 0x02, 0xC1, 0xCC, 0x25, 0x45, + 0x5A, 0x95, 0x7A, 0x29, 0x95, 0x27, 0x1B, 0xF2, 0xE2, 0x6F, + 0x45, 0xDA, 0x48, 0x6E, 0x39, 0x26, 0xF7, 0xDD, 0x2A, 0x83, + 0x23, 0xDD, 0xA7, 0xEC, 0x3E, 0xC0, 0x27, 0xC0, 0xCF, 0x38, + 0xDD, 0x61, 0x71, 0xCC, 0xE0, 0xB6, 0x80, 0x84, 0x2E, 0x7C, + 0x82, 0x7F, 0x21, 0x17, 0xB4, 0xDC, 0x35, 0xC8, 0xAA, 0x23, + 0x58, 0xD0, 0x1E, 0x6B, 0xD0, 0xAB, 0x82, 0xCF, 0x49, 0xCB, + 0x91, 0x95, 0x64, 0x32, 0xA7, 0x2F, 0x1D, 0x3B, 0x00, 0x33, + 0xEA, 0x2A, 0x9E, 0x7B, 0x27, 0xB7, 0x0E, 0x8F, 0x5C, 0x61, + 0x03, 0x0F, 0xF7, 0x7F, 0xE8, 0xA9, 0x23, 0x10, 0x54, 0x47, + 0xCC, 0x8B, 0x08, 0x65, 0x0A, 0x9D, 0x23, 0x86, 0xD1, 0xB1, + 0xB4, 0x08, 0x0A, 0x9E, 0xBD, 0xC1, 0xAC, 0xF6, 0xDF, 0x59, + 0xDA, 0x81, 0xCC, 0x81, 0xF9, 0xF9, 0x51, 0x81, 0x0F, 0x2B, + 0x6D, 0x8D, 0x6B, 0x1D, 0x29, 0xD8, 0x3E, 0xFE, 0x2D, 0xBA, + 0x4F, 0xA5, 0xD6, 0x7B, 0x4B, 0x3F, 0x0E, 0x34, 0x80, 0x17, + 0x78, 0x13, 0xB7, 0xCF, 0x81, 0x1F, 0xE9, 0x12, 0xA1, 0x8F, + 0x84, 0xB8, 0x78, 0x82, 0xFC, 0xCC, 0xAB, 0xDF, 0x0C, 0x48, + 0xAC, 0x9A, 0x92, 0x6B, 0xA8, 0xEA, 0x20, 0x34, 0x81, 0x5E, + 0x6A, 0x83, 0x73, 0xA5, 0x0B, 0xAF, 0xCF, 0x53, 0x42, 0x2E, + 0xDC, 0x75, 0x37, 0x32, 0xCB, 0x52, 0x7B, 0x0E, 0xCA, 0x16, + 0x32, 0x81, 0x4F, 0xE7, 0x04, 0x13, 0xEB, 0x7A, 0xBA, 0xF0, + 0xDF, 0x1D, 0x61, 0x4B, 0x5F, 0x52, 0x08, 0x52, 0x2D, 0x87, + 0x7C, 0x1A, 0x5B, 0x6F, 0x04, 0x16, 0xE3, 0x8D, 0xE0, 0x63, + 0x0B, 0xBE, 0xC6, 0x16, 0xF0, 0x47, 0x03, 0x8A, 0xD6, 0x8D, + 0xC2, 0xA8, 0xFB, 0xA8, 0x34, 0x52, 0xB4, 0xBF, 0xFF, 0x48, + 0x82, 0xC3, 0x22, 0x03, 0xE5, 0xD0, 0x34, 0x4C, 0x6A, 0x8B, + 0x09, 0xB2, 0x37, 0x5B, 0x09, 0xAB, 0xE2, 0x25, 0xD0, 0xAE, + 0x67, 0x05, 0x37, 0xA1, 0x1C, 0x5E, 0x99, 0xAA, 0xD9, 0xE2, + 0x45, 0x53, 0x3E, 0x97, 0xBB, 0x27, 0x3C, 0x6B, 0x00, 0x1F, + 0x4D, 0xCE, 0x8C, 0x8B, 0xF1, 0xF3, 0x05, 0x57, 0xC0, 0x63, + 0x41, 0xC5, 0xFA, 0x14, 0x9D, 0xB8, 0xA0, 0x75, 0x96, 0xB3, + 0x72, 0xCF, 0x56, 0x28, 0x29, 0x05, 0xB0, 0x4C, 0xB6, 0x78, + 0xEA, 0x36, 0x6A, 0x12, 0x5B, 0xFF, 0x59, 0x2E, 0xBD, 0xDF, + 0xDA, 0x41, 0x75, 0xC5, 0xFA, 0x87, 0x3F, 0x2F, 0x96, 0x0C, + 0x18, 0xCC, 0x8B, 0x72, 0xE7, 0x29, 0xF5, 0xB8, 0x56, 0xE8, + 0x92, 0x10, 0xB0, 0xCE, 0x3D, 0x40, 0x10, 0x40, 0x13, 0x9B, + 0xAC, 0x63, 0xD9, 0x31, 0xB1, 0xF1, 0x4C, 0xFA, 0x51, 0x19, + 0x62, 0xE5, 0x2E, 0x7A, 0x3F, 0x9A, 0xF0, 0x85, 0x83, 0x04, + 0xC0, 0x07, 0xB8, 0x04, 0x1A, 0xAD, 0x53, 0x2A, 0xB7, 0xDD, + 0xD8, 0x86, 0x0D, 0x1F, 0x24, 0x8A, 0xE9, 0xDC, 0x1F, 0x46, + 0xDE, 0x1E, 0xDD, 0x4E, 0xD3, 0xF3, 0x92, 0x43, 0xBF, 0x98, + 0xC8, 0x57, 0xC0, 0xB7, 0xC4, 0xD7, 0xE7, 0xA8, 0x78, 0x53, + 0x93, 0x42, 0x4C, 0x9A, 0x71, 0x82, 0x20, 0x3C, 0x32, 0xB5, + 0x30, 0x51, 0x54, 0x5D, 0x45, 0x81, 0x1B, 0x61, 0x6E, 0x7B, + 0xCC, 0x2C, 0x44, 0x87, 0x6F, 0x2E, 0xFC, 0x9D, 0x79, 0x63, + 0x20, 0xCA, 0x0E, 0xB3, 0x36, 0x9E, 0xDB, 0x31, 0xA3, 0xD0, + 0xD9, 0x01, 0x56, 0xEC, 0xCF, 0x09, 0xBC, 0xAE, 0x4B, 0x2C, + 0xE6, 0x61, 0xFA, 0x9F, 0xDD, 0x39, 0x4A, 0x01, 0xFF, 0xBA, + 0x60, 0x2B, 0x07, 0x38, 0x64, 0x36, 0x33, 0xDB, 0xEA, 0x3E, + 0xC3, 0xC0, 0x93, 0xBD, 0x63, 0xC8, 0xC9, 0x47, 0x33, 0xB6, + 0x21, 0x10, 0x21, 0x4E, 0xD6, 0xCB, 0xEA, 0x23, 0x48, 0x14, + 0x30, 0x21, 0x0E, 0x7D, 0xDD, 0x63, 0xD7, 0xAA, 0xAB, 0xDE, + 0x8B, 0x6E, 0x7A, 0x25, 0x19, 0x89, 0x2A, 0xF4, 0x65, 0x52, + 0x42, 0xBD, 0xB4, 0xBB, 0x00, 0x4C, 0x48, 0x1B, 0x3F, 0xC5, + 0x58, 0xEE, 0xE8, 0xEB, 0x49, 0x74, 0x0A, 0xD8, 0x34, 0x5F, + 0xFF, 0xF7, 0x66, 0x9C, 0xF6, 0x9D, 0xA2, 0x56, 0x68, 0x73, + 0x14, 0x6B, 0x58, 0xE9, 0x5E, 0xC7, 0x75, 0x2D, 0xB3, 0x01, + 0x19, 0xAA, 0xCF, 0x4A, 0xE9, 0xB1, 0x5E, 0x33, 0xC4, 0x68, + 0xE2, 0xA3, 0xF5, 0x14, 0x7F, 0xBB, 0xC5, 0x82, 0x1D, 0xA6, + 0x7D, 0x94, 0x9E, 0x0B, 0x1E, 0xDE, 0xAE, 0x3A, 0x5F, 0x52, + 0xF9, 0x39, 0xFD, 0x70, 0x98, 0x35, 0x7B, 0x80, 0x4E, 0xA9, + 0xCA, 0xDF, 0xB1, 0xF3, 0x41, 0xE6, 0x88, 0x9A, 0x25, 0x59, + 0xF2, 0x1B, 0xE8, 0x57, 0x90, 0xBC, 0x63, 0x0F, 0xD4, 0xC2, + 0x6D, 0x49, 0x01, 0xCD, 0x1F, 0x92, 0xEC, 0xEE, 0xDB, 0x3B, + 0x19, 0x0C, 0xFA, 0x4D, 0x6C, 0x57, 0x16, 0xE0, 0x6E, 0x48, + 0xB5, 0x5D, 0xB3, 0xE5, 0xEA, 0xE6, 0xCC, 0x48, 0xD2, 0xF0, + 0x3A, 0x83, 0x63, 0x75, 0x01, 0x15, 0x9D, 0x41, 0xD5, 0x0B, + 0x99, 0x17, 0x9A, 0x0B, 0xEF, 0xBC, 0xE8, 0x6C, 0x29, 0xEF, + 0xE9, 0x2E, 0x97, 0x67, 0xA3, 0x8F, 0xEB, 0xD6, 0x57, 0xBF, + 0x8B, 0xB5, 0x2E, 0x4A, 0xAE, 0x23, 0x43, 0x1A, 0x46, 0x3C, + 0x9A, 0x48, 0x9C, 0x70, 0x89, 0x84, 0x4A, 0x42, 0x61, 0xAE, + 0x96, 0x1F, 0x7F, 0x00, 0xBF, 0x6C, 0x85, 0x3C, 0x41, 0x40, + 0xB3, 0x15, 0xE8, 0xC2, 0x05, 0x3E, 0x58, 0x0B, 0x1B, 0xEC, + 0x9F, 0x4F, 0x1E, 0x73, 0xD0, 0x8B, 0x9E, 0x45, 0x8A, 0x27, + 0xA2, 0x41, 0xF0, 0x18, 0xA5, 0x7A, 0x24, 0x64, 0x07, 0xA9, + 0xC0, 0x79, 0x2B, 0x02, 0x2D, 0xF0, 0xEC, 0x1E, 0xBD, 0xB0, + 0x1B, 0x16, 0x9C, 0x12, 0xBE, 0x7D, 0x58, 0xB2, 0x43, 0x1D, + 0xE6, 0x57, 0xBC, 0x8D, 0xC3, 0xD6, 0x78, 0xDC, 0xBB, 0xFD, + 0xE8, 0x4B, 0xC3, 0x05, 0x57, 0xA9, 0xC1, 0xEB, 0x2A, 0x6A, + 0xD3, 0xBC, 0x73, 0xFB, 0x1C, 0xE9, 0xE1, 0xC5, 0xBB, 0x89, + 0x15, 0xF0, 0xE1, 0x22, 0x11, 0x67, 0xC4, 0xF7, 0xD8, 0xD2, + 0x8A, 0xFB, 0x52, 0x25, 0xD2, 0x7B, 0x7C, 0x53, 0x29, 0x74, + 0xF4, 0x41, 0xB1, 0x50, 0x3B, 0x0F, 0x64, 0xFC, 0x1A, 0xEC, + 0x80, 0xCA, 0x2C, 0xF0, 0xE0, 0x37, 0x10, 0xA2, 0x83, 0x7E, + 0xE3, 0x46, 0x17, 0xB3, 0x56, 0x1C, 0x0A, 0x97, 0x65, 0xAC, + 0x23, 0x8D, 0xD8, 0x53, 0x3D, 0x0E, 0xA9, 0x7C, 0xC9, 0x04, + 0x7A, 0xE3, 0x1A, 0x3F, 0x73, 0x0D, 0x44, 0x4A, 0xA3, 0x65, + 0xC4, 0xF4, 0x6A, 0x78, 0x29, 0x3C, 0x7F, 0x4B, 0x05, 0xFF, + 0x29, 0x5B, 0x99, 0x89, 0x4F, 0xD5, 0x9A, 0x50, 0x1F, 0x52, + 0xB4, 0xB5, 0x2A, 0x1E, 0x6C, 0x7E, 0xEC, 0x5D, 0xDF, 0x15, + 0xDD, 0x96, 0x90, 0xF0, 0xD2, 0x5A, 0xA0, 0xB2, 0x0B, 0x05, + 0x50, 0x64, 0x41, 0xBB, 0x4B, 0xC9, 0x19, 0xD9, 0x10, 0xB7, + 0x18, 0x42, 0x57, 0x5B, 0x98, 0x87, 0x0E, 0x9B, 0x48, 0x33, + 0xD9, 0x5B, 0xEA, 0xA6, 0x77, 0x72, 0xEA, 0x1A, 0x9E, 0x54, + 0xBC, 0xF4, 0xED, 0x67, 0xAF, 0x58, 0x59, 0x97, 0xCD, 0x28, + 0xA3, 0xD3, 0x83, 0x8C, 0x0B, 0xFE, 0x76, 0x5B, 0xC6, 0x41, + 0xB3, 0x4B, 0x02, 0xB8, 0x89, 0x2E, 0x48, 0x2C, 0x6D, 0x4D, + 0x68, 0xA0, 0x50, 0x1A, 0x7D, 0x8A, 0x5D, 0x60, 0x24, 0xAC, + 0x69, 0x74, 0x3F, 0x76, 0x1B, 0xDA, 0x78, 0xE1, 0xEC, 0x1F, + 0x70, 0xAF, 0x6C, 0xFA, 0x9E, 0xF0, 0x4E, 0x32, 0x14, 0xBA, + 0x10, 0x38, 0xB5, 0xB8, 0xDA, 0x92, 0x03, 0xE6, 0xF6, 0x81, + 0x16, 0x78, 0x39, 0x5E, 0x2F, 0x79, 0x15, 0xAE, 0xE1, 0xA4, + 0x13, 0x02, 0x5E, 0x1D, 0x2D, 0x19, 0xE6, 0x07, 0x80, 0x80, + 0xAA, 0xB7, 0x1A, 0x7A, 0xF4, 0x2A, 0xDF, 0x9E, 0x7E, 0xAF, + 0x13, 0x07, 0xCC, 0x32, 0xA4, 0x0F, 0x77, 0xDF, 0x5D, 0xF1, + 0xD5, 0x3A, 0x6C, 0x06, 0xEE, 0x18, 0x84, 0x3E, 0xB1, 0x97, + 0x1F, 0x93, 0x1B, 0xF3, 0x8E, 0xC9, 0x01, 0x74, 0xC0, 0x97, + 0xE6, 0xFE, 0xFB, 0xF2, 0x90, 0xA1, 0x93, 0xA0, 0x06, 0xFE, + 0x1D, 0x40, 0x15, 0xFB, 0xE2, 0x68, 0xA0, 0xE2, 0xF9, 0x99, + 0xC3, 0xA9, 0xD7, 0xD9, 0x81, 0x98, 0x91, 0xE2, 0x6A, 0x13, + 0x81, 0xED, 0x1F, 0xFF, 0x63, 0x9B, 0x61, 0x9F, 0x44, 0xEC, + 0x66, 0x32, 0x1B, 0xCD, 0xE4, 0xD6, 0xD7, 0x2C, 0x28, 0xC1, + 0x2B, 0x16, 0xDD, 0x7D, 0x90, 0xFD, 0x8B, 0x7A, 0x1E, 0x06, + 0xD7, 0xEC, 0xBF, 0x4A, 0x24, 0x76, 0xD2, 0x46, 0xE0, 0x35, + 0x50, 0xCB, 0xD1, 0x2B, 0xA4, 0xC6, 0xFE, 0x72, 0xEC, 0x74, + 0xA3, 0x6D, 0x95, 0xA5, 0x3E, 0x38, 0x28, 0xD3, 0x6B, 0xCF, + 0x02, 0xF7, 0xF4, 0x8C, 0xBB, 0x8B, 0xB4, 0x19, 0x1E, 0x84, + 0xDC, 0xDD, 0x19, 0x31, 0x43, 0x07, 0x7F, 0xDE, 0x15, 0xE2, + 0xE9, 0x94, 0x27, 0x4F, 0x70, 0x81, 0x0D, 0x15, 0xAE, 0x24, + 0x02, 0x55, 0x25, 0xBE, 0x30, 0xEA, 0x69, 0xFA, 0x10, 0x05, + 0x54, 0xD0, 0x2F, 0x2C, 0xAF, 0x98, 0x56, 0x3B, 0x0F, 0xCB, + 0x4C, 0xED, 0xCE, 0x4E, 0x90, 0xA1, 0x18, 0xE0, 0x08, 0x71, + 0xA0, 0xF5, 0x5C, 0x87, 0xE6, 0x3F, 0x0A, 0x66, 0xC5, 0xB7, + 0x48, 0x58, 0x11, 0xF7, 0x2C, 0xF1, 0x78, 0xCC, 0x93, 0x92, + 0x6C, 0x39, 0x11, 0xFB, 0x68, 0xF9, 0x3C, 0x94, 0x43, 0x62, + 0xE4, 0x28, 0xD7, 0x4C, 0x73, 0x69, 0x78, 0x8F, 0x56, 0xEE, + 0x57, 0xD7, 0xDE, 0x00, 0x56, 0xB1, 0x1C, 0x50, 0x9C, 0x6C, + 0x10, 0xE8, 0x56, 0x2D, 0xD4, 0x64, 0x75, 0x29, 0xDF, 0xDB, + 0xC9, 0x50, 0x17, 0xC7, 0x2A, 0xA8, 0x3C, 0x79, 0x43, 0x73, + 0xE6, 0x23, 0x82, 0xEC, 0x56, 0x80, 0xA0, 0x9C, 0x25, 0x1F, + 0x3F, 0x2A, 0x67, 0x44, 0xC8, 0x93, 0x7F, 0x13, 0x62, 0x0C, + 0x2A, 0x6D, 0x4F, 0x8F, 0x02, 0x05, 0x7D, 0x0D, 0x0E, 0x71, + 0xC6, 0xF5, 0xB9, 0xB3, 0x92, 0x4C, 0xFC, 0x04, 0xE7, 0xB9, + 0xD6, 0x76, 0x88, 0xAB, 0xA3, 0x2F, 0xD1, 0x04, 0x96, 0x04, + 0xC1, 0xDB, 0x16, 0x04, 0x50, 0x4D, 0x65, 0x9D, 0x87, 0x0E, + 0x68, 0x3B, 0x28, 0x74, 0xDD, 0x88, 0x58, 0xBF, 0x22, 0xD3, + 0xD5, 0xD2, 0xEB, 0x2E, 0x78, 0xEC, 0xB3, 0xB6, 0x37, 0x53, + 0xC0, 0x29, 0x32, 0xE8, 0x7F, 0x0C, 0x56, 0x56, 0x12, 0x18, + 0x1E, 0x04, 0x90, 0x56, 0xAA, 0x32, 0x7B, 0xA2, 0xE0, 0x7D, + 0x20, 0x6E, 0x4D, 0x22, 0x66, 0x0F, 0xEE, 0xC3, 0x05, 0xD0, + 0x64, 0x25, 0xAE, 0x4D, 0x86, 0x3E, 0xC0, 0xC0, 0xC1, 0x35, + 0x5D, 0xD1, 0x5D, 0xD3, 0x9A, 0xC2, 0x83, 0x56, 0x35, 0x18, + 0x25, 0xE5, 0xCD, 0x39, 0x07, 0xA2, 0x11, 0x84, 0x51, 0xC5, + 0xF9, 0xB1, 0x12, 0xEC, 0x65, 0x0B, 0x1D, 0xBE, 0x76, 0x26, + 0x19, 0xA1, 0xA0, 0xF9, 0x7A, 0x82, 0x4E, 0xE6, 0x71, 0x43, + 0x60, 0x04, 0x10, 0xB5, 0x42, 0x75, 0xE1, 0x79, 0xF8, 0xD8, + 0x96, 0x0D, 0x91, 0xD8, 0x9C, 0x9E, 0x6B, 0xE6, 0xBA, 0x9C, + 0x3D, 0xE7, 0x51, 0xAC, 0xFB, 0xC4, 0x28, 0x80, 0x23, 0xCC, + 0xA4, 0xBE, 0x49, 0x33, 0xE5, 0x40, 0xDE, 0x72, 0xC0, 0x6B, + 0x32, 0xDE, 0x64, 0x99, 0x10, 0xB0, 0x39, 0x6F, 0x37, 0x5A, + 0xEB, 0xE8, 0xB6, 0x12, 0xEE, 0x03, 0xEF, 0x96, 0xE0, 0x4E, + 0x09, 0x83, 0xAF, 0xFA, 0x18, 0x94, 0x6E, 0x3C, 0x41, 0xDF, + 0x64, 0xF6, 0x92, 0xF8, 0x36, 0x2B, 0x77, 0xC7, 0x3E, 0x31, + 0x8A, 0x3B, 0x63, 0xE3, 0xBC, 0x4F, 0x3B, 0xBF, 0x7E, 0x35, + 0xFD, 0x87, 0x78, 0x55, 0xA8, 0x12, 0xC1, 0xAA, 0x79, 0x69, + 0xEC, 0xEC, 0x59, 0x41, 0x43, 0xA5, 0x2F, 0x88, 0x33, 0x83, + 0xF2, 0x11, 0x68, 0x6C, 0x96, 0xD3, 0x39, 0x20, 0x92, 0x3E, + 0xFF, 0x8F, 0xD6, 0xC1, 0x70, 0xA1, 0x78, 0x02, 0xCA, 0x7E, + 0xC3, 0x34, 0xB6, 0x04, 0x12, 0x8A, 0xB7, 0x53, 0x11, 0xB3, + 0x12, 0xAD, 0xA2, 0xBE, 0xDE, 0xE8, 0x3A, 0xED, 0xB1, 0x37, + 0xDB, 0x50, 0xE8, 0xCD, 0xCE, 0x9E, 0x6F, 0x2E, 0x05, 0xC6, + 0xFC, 0x98, 0xAE, 0xD7, 0xCF, 0x67, 0xF6, 0x4B, 0x74, 0x92, + 0xC2, 0xEF, 0x47, 0x09, 0xD1, 0x0C, 0xBC, 0x3C, 0x9D, 0xAC, + 0x19, 0xC1, 0x31, 0x48, 0x08, 0xFA, 0x34, 0xD5, 0x17, 0xDB, + 0xF2, 0x52, 0xF3, 0x65, 0x6A, 0xA3, 0xE8, 0x1F, 0xDD, 0x1F, + 0x9B, 0x7A, 0x9A, 0xC6, 0x4C, 0x48, 0x43, 0x2D, 0xC5, 0x91, + 0x89, 0xFF, 0x15, 0xB3, 0xD8, 0x65, 0xDA, 0xB1, 0xFE, 0xB5, + 0x65, 0xC9, 0xDD, 0xCA, 0xD3, 0x5B, 0x5C, 0xEC, 0xDA, 0x68, + 0x6B, 0xBB, 0xAF, 0x10, 0x8A, 0x9D, 0xF6, 0x0A, 0xDC, 0xCA, + 0xC8, 0xD4, 0xF0, 0xB9, 0x60, 0xBA, 0x58, 0x4C, 0x2A, 0x0B, + 0xD0, 0xC9, 0xDC, 0x58, 0x12, 0xD2, 0x8C, 0xC4, 0x7C, 0x05, + 0xC0, 0xFE, 0x59, 0x77, 0x64, 0x67, 0x62, 0x83, 0x4E, 0x72, + 0x04, 0x44, 0x76, 0x46, 0x0D, 0x3D, 0x56, 0xFB, 0xE3, 0x25, + 0xB8, 0x20, 0x14, 0x96, 0xD5, 0xF1, 0x36, 0x76, 0x5D, 0x8D, + 0xE6, 0xF7, 0xE7, 0x36, 0x32, 0x30, 0x30, 0x63, 0x84, 0x3A, + 0x7D, 0x00, 0x3A, 0x65, 0x1E, 0xB3, 0xD5, 0x50, 0xF1, 0x5D, + 0x2B, 0xC9, 0x48, 0x82, 0x9D, 0x0E, 0xC7, 0x53, 0xB1, 0xDD, + 0x51, 0xF3, 0x56, 0x29, 0x72, 0xE0, 0xFD, 0xA0, 0xAF, 0xB1, + 0x62, 0xF6, 0xA1, 0x24, 0x22, 0x99, 0x18, 0x64, 0xEF, 0x34, + 0x41, 0x2A, 0xFA, 0xC7, 0x6C, 0xF6, 0x5D, 0x72, 0x06, 0x12, + 0x83, 0xB2, 0x14, 0xEF, 0x5D, 0x25, 0x11, 0x48, 0xE1, 0xD5, + 0x01, 0xE8, 0xA5, 0x99, 0x62, 0x2C, 0xF4, 0xDD, 0x78, 0x9D, + 0x64, 0xF2, 0x3F, 0x41, 0x1C, 0xB0, 0x87, 0x0C, 0x19, 0x04, + 0x6D, 0x16, 0x72, 0x2F, 0x7B, 0x6D, 0xFE, 0xF3, 0x0C, 0x77, + 0x04, 0xCD, 0xEB, 0xE4, 0xC8, 0x0A, 0xC1, 0x9E, 0x41, 0x1E, + 0xAC, 0xF2, 0x5B, 0xED, 0xD1, 0xE5, 0x72, 0x8F, 0x0E, 0xBF, + 0x59, 0xA8, 0x1D, 0x1C, 0x1E, 0xED, 0xB7, 0xD2, 0xA6, 0x8B, + 0x23, 0x7F, 0x40, 0x39, 0xD6, 0xD8, 0xEE, 0x50, 0x0F, 0xC3, + 0x1B, 0x03, 0xAA, 0x0A, 0xA4, 0xFF, 0xB6, 0xC5, 0xB3, 0x97, + 0x4C, 0xB6, 0xA8, 0x01, 0x0D, 0xDC, 0x2B, 0xEE, 0x6C, 0x29, + 0xF9, 0x59, 0x06, 0x5F, 0xCC, 0xE3, 0x28, 0xED, 0xEB, 0xB2, + 0x9F, 0x7F, 0x43, 0xBB, 0x02, 0x5F, 0xC4, 0xC8, 0x48, 0xC8, + 0xF8, 0x2B, 0xB7, 0xCD, 0xC4, 0x64, 0x4B, 0xEF, 0xC9, 0x9C, + 0xEB, 0xC5, 0x41, 0xDF, 0xB4, 0xC3, 0x5D, 0x95, 0xCE, 0x1E, + 0xC7, 0x5C, 0xB2, 0x4D, 0x81, 0x25, 0xDD, 0x19, 0xF3, 0x39, + 0xE8, 0x1B, 0x0E, 0x4F, 0x71, 0xF5, 0xE5, 0x99, 0x90, 0x32, + 0x77, 0xA9, 0x73, 0x3E, 0x58, 0x9B, 0x41, 0x1B, 0x77, 0x06, + 0x92, 0xDF, 0x1A, 0x96, 0x93, 0x02, 0xFF, 0xE7, 0xDF, 0xD3, + 0x09, 0x9A, 0xB7, 0x12, 0xB7, 0xE0, 0xF1, 0x73, 0x47, 0x6A, + 0x48, 0x06, 0x42, 0x41, 0x93, 0x4C, 0x57, 0x61, 0xFF, 0x90, + 0xA3, 0x18, 0xCE, 0xBE, 0x35, 0x6B, 0x78, 0x05, 0x01, 0x5F, + 0x2F, 0x0F, 0xA8, 0x05, 0xB1, 0x6B, 0x22, 0x7E, 0xC9, 0x5E, + 0x4F, 0xB6, 0xEE, 0x4E, 0xEC, 0xF6, 0xF0, 0x9F, 0x74, 0x8B, + 0xE4, 0xFF, 0x5C, 0x69, 0xCB, 0xD2, 0x8F, 0x2D, 0x4B, 0x06, + 0x6C, 0x64, 0x76, 0xAE, 0x03, 0x12, 0xCB, 0x98, 0xD2, 0xBF, + 0x1E, 0xAB, 0x76, 0x24, 0x95, 0xD7, 0xB1, 0x62, 0x63, 0xBC, + 0x21, 0xC6, 0x16, 0xEA, 0x81, 0x2A, 0x01, 0xFC, 0x2E, 0x43, + 0x18, 0x62, 0xFD, 0xFB, 0x06, 0xF2, 0x17, 0xF1, 0xD5, 0x91, + 0x9A, 0x0E, 0x75, 0xFF, 0x53, 0x61, 0xE9, 0x8C, 0x51, 0x99, + 0x9B, 0x32, 0x5B, 0x2A, 0x56, 0x3E, 0xB1, 0x7D, 0x26, 0x1D, + 0x47, 0xFC, 0x05, 0x5A, 0x79, 0xC6, 0xEF, 0x62, 0x58, 0xA4, + 0xEF, 0xBB, 0xB8, 0xF7, 0x84, 0xEE, 0xA3, 0x12, 0x83, 0x28, + 0xA0, 0xD1, 0x9D, 0x1A, 0x8B, 0xD1, 0x56, 0x2A, 0xAA, 0x41, + 0xFD, 0xF2, 0x4F, 0xD9, 0x68, 0xF1, 0xB9, 0xEB, 0xB0, 0xEC, + 0xAF, 0x99, 0xDE, 0xE4, 0xDD, 0x26, 0xD2, 0xBA, 0x54, 0x29, + 0x6E, 0x31, 0xE4, 0x91, 0x40, 0x8B, 0x39, 0xC8, 0xDF, 0x8C, + 0x6F, 0xDF, 0xA6, 0x2D, 0xAE, 0x13, 0x5E, 0xF3, 0xD7, 0x62, + 0xC9, 0xE7, 0xC6, 0x51, 0xCA, 0x8E, 0xB2, 0xB3, 0x0B, 0x0C, + 0xA8, 0xC5, 0x95, 0x95, 0xFF, 0x72, 0x3C, 0xC7, 0x6E, 0xAA, + 0x44, 0x41, 0x82, 0xB6, 0x84, 0x78, 0xC7, 0x47, 0xC6, 0x18, + 0x31, 0x95, 0x08, 0x4D, 0xCE, 0x83, 0x80, 0x5B, 0x12, 0xF5, + 0xCB, 0x83, 0xD7, 0x60, 0x02, 0xFF, 0x22, 0xCD, 0x59, 0xB0, + 0xA8, 0x61, 0xDE, 0x50, 0x53, 0x9C, 0xF8, 0xF4, 0x12, 0xEB, + 0x33, 0x98, 0xCA, 0xC1, 0x63, 0x1D, 0x39, 0xA5, 0xC8, 0x89, + 0x39, 0x0A, 0x43, 0xFE, 0x67, 0x71, 0xC7, 0x91, 0x5B, 0xFA, + 0xA4, 0x76, 0x6C, 0x02, 0xF0, 0x23, 0xEB, 0x01, 0x43, 0xF5, + 0xDC, 0xD7, 0x3A, 0x2E, 0x54, 0xB4, 0xF6, 0xF3, 0x03, 0xE4, + 0x60, 0x62, 0x2B, 0xE4, 0x53, 0x5C, 0x6E, 0x17, 0x07, 0x0D, + 0x67, 0x18, 0x6B, 0xCD, 0x7D, 0xF9, 0x98, 0x0F, 0xAC, 0x17, + 0x9E, 0xD2, 0xB7, 0xE6, 0xE5, 0x89, 0xBD, 0xFF, 0x74, 0x06, + 0x0E, 0xE7, 0x52, 0x7F, 0x1C, 0xBA, 0x21, 0x14, 0xFB, 0xE7, + 0x86, 0x11, 0x53, 0x80, 0xC0, 0xCF, 0xD8, 0x4B, 0x13, 0x0F, + 0xF8, 0xC7, 0x12, 0xC2, 0x9D, 0x85, 0x2E, 0x58, 0xF1, 0x81, + 0xD6, 0x61, 0x64, 0x40, 0x20, 0xA2, 0x0A, 0xC4, 0x49, 0x6A, + 0x60, 0xE0, 0x47, 0x75, 0x02, 0x71, 0xEC, 0x54, 0x5E, 0x26, + 0x3E, 0x5A, 0xEA, 0x09, 0x25, 0x03, 0xDC, 0xBF, 0x9C, 0xFE, + 0xFA, 0x19, 0xFB, 0x90, 0x91, 0x93, 0x21, 0x13, 0x96, 0x4C, + 0x80, 0xAF, 0x48, 0x5B, 0xDD, 0x0D, 0xC5, 0x02, 0x1F, 0x77, + 0x3D, 0x49, 0xBF, 0xAD, 0xFE, 0x90, 0x59, 0x93, 0xEB, 0x17, + 0xDA, 0x42, 0x18, 0x65, 0xFE, 0x9D, 0x7E, 0x11, 0xFF, 0x5A, + 0x2C, 0xCA, 0x48, 0x32, 0x50, 0xFA, 0xC4, 0xFF, 0x43, 0xC5, + 0xE3, 0x66, 0x97, 0x88, 0x8A, 0x2A, 0x7F, 0x90, 0x4C, 0xDA, + 0x61, 0x79, 0xBF, 0xB1, 0xF5, 0x94, 0xF0, 0x46, 0x70, 0xB6, + 0x62, 0x4C, 0xC1, 0x1B, 0x32, 0x6E, 0x76, 0x63, 0xB2, 0x22, + 0x5C, 0x22, 0xC1, 0x20, 0x6C, 0xD4, 0xF0, 0x22, 0x02, 0xA0, + 0xCF, 0xE4, 0x17, 0x42, 0xCD, 0x2E, 0xF2, 0x38, 0xF9, 0xB4, + 0x6B, 0x50, 0xE9, 0x38, 0x20, 0x59, 0x8F, 0x67, 0xE5, 0x4F, + 0x03, 0xDC, 0xE3, 0x9F, 0x24, 0xA8, 0xAD, 0x5B, 0xF4, 0xC4, + 0x07, 0x5D, 0x0D, 0x65, 0x6A, 0xA5, 0xA8, 0x05, 0xB5, 0xAE, + 0xCB, 0xF4, 0xCB, 0xDF, 0xC9, 0x76, 0x54, 0xAC, 0x07, 0x23, + 0x28, 0x5C, 0x60, 0x58, 0x60, 0xB5, 0xBE, 0xBD, 0xAC, 0xEA, + 0x65, 0x69, 0x4F, 0x9B, 0x61, 0x9A, 0xDF, 0x25, 0x89, 0x16, + 0x4A, 0x25, 0x6E, 0xA6, 0xA5, 0x00, 0x0F, 0xAD, 0xA7, 0x73, + 0xD4, 0x02, 0x2D, 0x1D, 0x6C, 0x03, 0x8E, 0x5F, 0x09, 0x62, + 0xA8, 0x35, 0xA4, 0x4B, 0xB7, 0xDB, 0xC7, 0x31, 0x7C, 0xD9, + 0x1F, 0xBD, 0xE8, 0x9D, 0x05, 0x7D, 0xEC, 0xBD, 0x0A, 0x90, + 0x87, 0x99, 0xB0, 0x61, 0x04, 0x5D, 0xA3, 0x33, 0xF8, 0xFA, + 0x55, 0xBD, 0x5B, 0x90, 0xFE, 0x89, 0x83, 0x47, 0x96, 0xCF, + 0xCC, 0x0D, 0x80, 0x49, 0x1E, 0x9B, 0xF9, 0xEA, 0x13, 0x2C, + 0x13, 0xEA, 0xF0, 0xA5, 0x31, 0x0F, 0xE8, 0xB0, 0xF6, 0xA1, + 0x83, 0xC5, 0x1A, 0x02, 0x7A, 0x8B, 0x7A, 0x8C, 0x3A, 0x45, + 0x12, 0x30, 0x07, 0x71, 0x67, 0x47, 0xA7, 0x10, 0x6E, 0x18, + 0xE8, 0x8B, 0x7D, 0x86, 0xFF, 0x11, 0x6A, 0x3D, 0xAF, 0x9E, + 0x78, 0xC0, 0x71, 0x85, 0x22, 0x89, 0x73, 0x73, 0x5E, 0x8C, + 0x75, 0x29, 0xEE, 0x1F, 0x83, 0x1F, 0xF3, 0x7F, 0x90, 0xEC, + 0x0B, 0x12, 0x7D, 0x38, 0x86, 0xA7, 0x8D, 0xEA, 0xA3, 0xD8, + 0xFD, 0xD9, 0xED, 0x83, 0x92, 0xE6, 0xBE, 0x31, 0x40, 0xDC, + 0xEF, 0x9A, 0x06, 0x29, 0xF5, 0xA0, 0xF2, 0x14, 0x9F, 0x90, + 0xB5, 0x8F, 0x48, 0x4A, 0x25, 0x19, 0xB8, 0xA6, 0x17, 0xEF, + 0xC9, 0xDE, 0x48, 0x49, 0xD8, 0xEA, 0x15, 0xEE, 0x6C, 0xAB, + 0x10, 0xCE, 0x7F, 0xFC, 0x00, 0x54, 0x89, 0x1F, 0x8F, 0x1E, + 0x73, 0x14, 0x86, 0x10, 0x16, 0xB6, 0x38, 0xAC, 0x4B, 0x36, + 0x83, 0xCE, 0x65, 0xE2, 0xC3, 0x99, 0xEF, 0x26, 0x2B, 0xC0, + 0x09, 0x35, 0xF3, 0xCA, 0x99, 0x3B, 0x4D, 0x9D, 0xC4, 0x08, + 0x7A, 0x7B, 0x0D, 0xDD, 0x05, 0x1B, 0x42, 0x8B, 0x41, 0x0E, + 0x9B, 0x51, 0x08, 0x04, 0x1E, 0x1C, 0x76, 0x32, 0x6C, 0xA0, + 0x29, 0x52, 0xFB, 0x73, 0xB0, 0x6E, 0xE8, 0x0E, 0x40, 0x1E, + 0xCE, 0x0A, 0x8E, 0xF9, 0xE0, 0xC9, 0x18, 0xDC, 0x28, 0xCF, + 0xC5, 0x71, 0x9B, 0xCE, 0x3B, 0xA0, 0x22, 0x59, 0xBB, 0x3F, + 0x68, 0x97, 0xAA, 0x89, 0xD1, 0x8F, 0xC8, 0x8D, 0x63, 0xE3, + 0x1F, 0x0F, 0xD7, 0xFB, 0x07, 0x82, 0x2D, 0x44, 0x79, 0x6A, + 0x85, 0x15, 0xD9, 0xE1, 0x8E, 0xBB, 0x57, 0xF1, 0xFA, 0x80, + 0x8D, 0xB8, 0x71, 0xA3, 0x74, 0x60, 0x03, 0xFB, 0x5F, 0x5E, + 0x51, 0x88, 0x37, 0x41, 0x9A, 0x83, 0x6D, 0x84, 0xE5, 0x9A, + 0x8B, 0x34, 0xCA, 0x65, 0x7D, 0x27, 0xAF, 0x32, 0x4D, 0x00, + 0x3D, 0xC3, 0x40, 0x98, 0xCF, 0xB2, 0xDE, 0xE1, 0x71, 0x69, + 0xB5, 0xAB, 0xE6, 0xC3, 0x8D, 0x6C, 0xDE, 0x95, 0x5E, 0x16, + 0x12, 0x16, 0x19, 0xFA, 0x89, 0x6D, 0xD6, 0xAB, 0x90, 0xFC, + 0x15, 0x9B, 0xD3, 0x8D, 0x78, 0x8D, 0xBD, 0x7A, 0x0C, 0xF2, + 0xB9, 0xE7, 0x34, 0xDE, 0x63, 0x72, 0x0B, 0x33, 0xE1, 0xBC, + 0xF7, 0x43, 0xB2, 0xDA, 0x74, 0x1E, 0x7A, 0x4D, 0xF4, 0xEE, + 0xB4, 0xA1, 0x7E, 0x34, 0x12, 0xC7, 0xC7, 0x04, 0xA7, 0x60, + 0x83, 0xD1, 0x0A, 0xC0, 0xB9, 0xCA, 0x53, 0xFE, 0x0F, 0xF0, + 0xAF, 0xA3, 0x59, 0xED, 0x62, 0x21, 0x88, 0xCD, 0xD3, 0x3C, + 0xA4, 0x11, 0xFF, 0x28, 0xAD, 0xDA, 0xB1, 0xEA, 0x58, 0xFF, + 0xA9, 0x05, 0x88, 0xAA, 0x30, 0x77, 0xB5, 0x91, 0x9C, 0xD1, + 0x80, 0xC1, 0x88, 0x0D, 0xAA, 0x1E, 0x7A, 0xA7, 0x06, 0xDA, + 0xFB, 0xE2, 0x0A, 0x71, 0xE2, 0x24, 0xDF, 0xA9, 0xD7, 0x4F, + 0xD8, 0x2D, 0xAE, 0x81, 0x74, 0xB1, 0xDA, 0x13, 0x74, 0xB4, + 0x39, 0xCF, 0x16, 0xCE, 0x4C, 0xF5, 0xA4, 0x9C, 0x35, 0x32, + 0x80, 0x69, 0x9B, 0x3A, 0xC9, 0x27, 0x54, 0xA1, 0x5F, 0x98, + 0x79, 0xBE, 0x6A, 0x42, 0x8E, 0x04, 0xCE, 0x68, 0xDD, 0x05, + 0x82, 0xA4, 0xE4, 0x19, 0xEA, 0x3F, 0x27, 0xD8, 0x01, 0x0F, + 0x0B, 0x3D, 0x52, 0xFF, 0x7F, 0xC6, 0xD1, 0xED, 0x98, 0x38, + 0xFF, 0xC5, 0xA8, 0xBE, 0x47, 0x79, 0x45, 0x4B, 0x5D, 0x4A, + 0xA6, 0x7E, 0xCF, 0xA8, 0x7E, 0x24, 0xC9, 0x45, 0x6F, 0xAF, + 0x75, 0xB2, 0x95, 0x7F, 0x36, 0xB9, 0xA5, 0xAA, 0x36, 0x71, + 0x84, 0x01, 0xED, 0x65, 0x83, 0x8A, 0x70, 0x9F, 0xAB, 0xF7, + 0xBF, 0x8B, 0x99, 0x6F, 0xCF, 0xC3, 0x8B, 0xC5, 0x54, 0x74, + 0xE0, 0x01, 0x38, 0x0D, 0xF6, 0x1C, 0x54, 0x37, 0x3B, 0x1D, + 0xDE, 0xCA, 0x5B, 0x0D, 0xF7, 0x8E, 0xA7, 0x9C, 0xB9, 0xF7, + 0xD6, 0x91, 0x33, 0xB2, 0xCB, 0xB4, 0x0F, 0x71, 0xF8, 0x20, + 0xFA, 0xCD, 0x57, 0x7A, 0xA4, 0xE0, 0x8A, 0xC2, 0x6C, 0x3F, + 0xB9, 0xBF, 0x22, 0x77, 0xC3, 0x7B, 0xFB, 0x89, 0x17, 0x3F, + 0x61, 0xBC, 0xBF, 0xA1, 0x4C, 0xFC, 0x05, 0x21, 0xC1, 0x72, + 0x40, 0x1C, 0x88, 0xEC, 0xE9, 0x21, 0xA3, 0xCF, 0x4E, 0x17, + 0xFB, 0x85, 0x57, 0xCE, 0x85, 0x46, 0x5F, 0xD3, 0xE4, 0x3D, + 0x91, 0xC6, 0x86, 0x6B, 0x76, 0x44, 0xB4, 0xD2, 0x13, 0x6D, + 0xAA, 0xC2, 0x42, 0xE5, 0xD6, 0xEA, 0xE3, 0xD6, 0x5B, 0xF9, + 0x8F, 0xA6, 0x23, 0xA6, 0x82, 0xCC, 0x1D, 0xF6, 0xAF, 0x2F, + 0x06, 0x75, 0x7D, 0x9A, 0x26, 0x0E, 0x80, 0x42, 0xC4, 0xAB, + 0xF5, 0xFB, 0x46, 0x83, 0xBF, 0x35 +}; +static const int sizeof_bench_dilithium_aes_level5_key = sizeof(bench_dilithium_aes_level5_key); + +#endif /* HAVE_PQC && HAVE_DILITHIUM */ + +#if defined(HAVE_PQC) && defined(HAVE_SPHINCS) + +/* certs/sphincs/bench_sphincs_fast_level1_key.der */ +static const unsigned char bench_sphincs_fast_level1_key[] = +{ + 0x30, 0x71, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, 0x2B, + 0xCE, 0x0F, 0x06, 0x07, 0x04, 0x04, 0x62, 0x04, 0x60, 0x59, + 0xE0, 0xD4, 0x1F, 0x22, 0x74, 0xBD, 0xAC, 0x46, 0x01, 0xE4, + 0x8C, 0x89, 0xB7, 0x39, 0x20, 0x9F, 0x6F, 0x96, 0xC4, 0xE7, + 0x78, 0x0F, 0xA1, 0x7D, 0xEC, 0xE8, 0xD5, 0xC3, 0xDD, 0x45, + 0x13, 0x56, 0xCF, 0xEA, 0x68, 0x70, 0x2A, 0xFF, 0xDA, 0x9A, + 0xA3, 0x2B, 0xEC, 0x4D, 0xBF, 0x7D, 0x09, 0xC0, 0xCC, 0xF4, + 0x2F, 0xF2, 0xAC, 0x74, 0xDF, 0x0E, 0x20, 0x9D, 0xC2, 0x9E, + 0xD1, 0xB4, 0x12, 0x56, 0xCF, 0xEA, 0x68, 0x70, 0x2A, 0xFF, + 0xDA, 0x9A, 0xA3, 0x2B, 0xEC, 0x4D, 0xBF, 0x7D, 0x09, 0xC0, + 0xCC, 0xF4, 0x2F, 0xF2, 0xAC, 0x74, 0xDF, 0x0E, 0x20, 0x9D, + 0xC2, 0x9E, 0xD1, 0xB4, 0x12 +}; +static const int sizeof_bench_sphincs_fast_level1_key = sizeof(bench_sphincs_fast_level1_key); + +/* certs/sphincs/bench_sphincs_fast_level3_key.der */ +static const unsigned char bench_sphincs_fast_level3_key[] = +{ + 0x30, 0x81, 0xA3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, + 0x2B, 0xCE, 0x0F, 0x06, 0x08, 0x03, 0x04, 0x81, 0x93, 0x04, + 0x81, 0x90, 0x00, 0x8E, 0xB0, 0x75, 0x2E, 0xC5, 0x61, 0x66, + 0xEE, 0x01, 0xEE, 0x97, 0x13, 0xD7, 0x65, 0x69, 0xEA, 0x5C, + 0x23, 0xAA, 0x6E, 0x86, 0x04, 0xE9, 0x2A, 0xEC, 0x8C, 0xA3, + 0xB7, 0x28, 0xEB, 0xDF, 0x0E, 0x77, 0x07, 0x59, 0x3F, 0xB6, + 0x10, 0xB3, 0xCC, 0xE1, 0x09, 0x64, 0xC4, 0x42, 0x37, 0x71, + 0xDC, 0xB4, 0x20, 0x2D, 0x03, 0x00, 0x6C, 0x4C, 0x3F, 0xE3, + 0x80, 0x28, 0xEC, 0x90, 0xF9, 0xDB, 0x50, 0xFC, 0x0A, 0x58, + 0xC2, 0x81, 0xE2, 0x17, 0x06, 0x7A, 0x58, 0xBB, 0x21, 0x90, + 0xC8, 0xE6, 0x64, 0x8B, 0xF4, 0x68, 0x70, 0x1D, 0xE2, 0xAB, + 0x8F, 0x50, 0x4D, 0xEE, 0x29, 0xD7, 0x15, 0x5E, 0xDC, 0xB4, + 0x20, 0x2D, 0x03, 0x00, 0x6C, 0x4C, 0x3F, 0xE3, 0x80, 0x28, + 0xEC, 0x90, 0xF9, 0xDB, 0x50, 0xFC, 0x0A, 0x58, 0xC2, 0x81, + 0xE2, 0x17, 0x06, 0x7A, 0x58, 0xBB, 0x21, 0x90, 0xC8, 0xE6, + 0x64, 0x8B, 0xF4, 0x68, 0x70, 0x1D, 0xE2, 0xAB, 0x8F, 0x50, + 0x4D, 0xEE, 0x29, 0xD7, 0x15, 0x5E +}; +static const int sizeof_bench_sphincs_fast_level3_key = sizeof(bench_sphincs_fast_level3_key); + +/* certs/sphincs/bench_sphincs_fast_level5_key.der */ +static const unsigned char bench_sphincs_fast_level5_key[] = +{ + 0x30, 0x81, 0xD3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, + 0x2B, 0xCE, 0x0F, 0x06, 0x09, 0x03, 0x04, 0x81, 0xC3, 0x04, + 0x81, 0xC0, 0x91, 0x8B, 0xB7, 0x1A, 0x08, 0x61, 0x50, 0x70, + 0x26, 0x71, 0xCD, 0x36, 0x10, 0xE2, 0xB8, 0x95, 0x0D, 0xA7, + 0x57, 0xC7, 0x18, 0xFF, 0x55, 0xA4, 0x16, 0x9D, 0x3C, 0xF8, + 0xA3, 0x48, 0xB0, 0x9B, 0xFD, 0x22, 0xBE, 0x20, 0x3D, 0x88, + 0x96, 0x0B, 0xF1, 0x6D, 0x05, 0x8A, 0x1B, 0x71, 0xCE, 0xCD, + 0x31, 0x01, 0xEA, 0xAC, 0x62, 0x61, 0x1F, 0x4A, 0xC1, 0x62, + 0x05, 0x36, 0xBB, 0x7F, 0xEF, 0x5B, 0x42, 0x8B, 0xC6, 0xCD, + 0xEF, 0xCE, 0xE1, 0x00, 0x39, 0x4F, 0x01, 0xBC, 0x03, 0x94, + 0x00, 0xA8, 0x7F, 0x22, 0xB9, 0x9F, 0x79, 0x51, 0x25, 0x61, + 0x1B, 0x43, 0x47, 0x52, 0xD0, 0x39, 0x2B, 0x93, 0xC5, 0xD4, + 0x2A, 0xE1, 0xEF, 0x0B, 0x01, 0x36, 0xC3, 0x54, 0xC8, 0xDE, + 0xF4, 0xA2, 0x6F, 0x4C, 0x4B, 0xEC, 0x5D, 0x9D, 0xEE, 0xC9, + 0xFA, 0xBE, 0xFA, 0x5F, 0xC4, 0x89, 0xC1, 0xFC, 0xEB, 0xA8, + 0x42, 0x8B, 0xC6, 0xCD, 0xEF, 0xCE, 0xE1, 0x00, 0x39, 0x4F, + 0x01, 0xBC, 0x03, 0x94, 0x00, 0xA8, 0x7F, 0x22, 0xB9, 0x9F, + 0x79, 0x51, 0x25, 0x61, 0x1B, 0x43, 0x47, 0x52, 0xD0, 0x39, + 0x2B, 0x93, 0xC5, 0xD4, 0x2A, 0xE1, 0xEF, 0x0B, 0x01, 0x36, + 0xC3, 0x54, 0xC8, 0xDE, 0xF4, 0xA2, 0x6F, 0x4C, 0x4B, 0xEC, + 0x5D, 0x9D, 0xEE, 0xC9, 0xFA, 0xBE, 0xFA, 0x5F, 0xC4, 0x89, + 0xC1, 0xFC, 0xEB, 0xA8 +}; +static const int sizeof_bench_sphincs_fast_level5_key = sizeof(bench_sphincs_fast_level5_key); + +/* certs/sphincs/bench_sphincs_small_level1_key.der */ +static const unsigned char bench_sphincs_small_level1_key[] = +{ + 0x30, 0x71, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, 0x2B, + 0xCE, 0x0F, 0x06, 0x07, 0x0A, 0x04, 0x62, 0x04, 0x60, 0x44, + 0x7A, 0xCF, 0xB9, 0x03, 0xF2, 0xB2, 0x41, 0xBC, 0x1A, 0xE6, + 0x75, 0x29, 0x04, 0xDA, 0x6C, 0x6E, 0x08, 0x17, 0x1E, 0x46, + 0x75, 0xE8, 0x32, 0x23, 0xCD, 0x11, 0xC8, 0x88, 0xF7, 0x00, + 0x11, 0x4C, 0xBD, 0x14, 0x62, 0xC2, 0x4B, 0x83, 0x36, 0xDE, + 0x61, 0x78, 0x7F, 0x09, 0x16, 0x97, 0x98, 0x3D, 0x52, 0x70, + 0x7F, 0xED, 0x86, 0xDB, 0x75, 0x42, 0x52, 0xF3, 0xB1, 0xAE, + 0x70, 0x7F, 0xD3, 0x4C, 0xBD, 0x14, 0x62, 0xC2, 0x4B, 0x83, + 0x36, 0xDE, 0x61, 0x78, 0x7F, 0x09, 0x16, 0x97, 0x98, 0x3D, + 0x52, 0x70, 0x7F, 0xED, 0x86, 0xDB, 0x75, 0x42, 0x52, 0xF3, + 0xB1, 0xAE, 0x70, 0x7F, 0xD3 +}; +static const int sizeof_bench_sphincs_small_level1_key = sizeof(bench_sphincs_small_level1_key); + +/* certs/sphincs/bench_sphincs_small_level3_key.der */ +static const unsigned char bench_sphincs_small_level3_key[] = +{ + 0x30, 0x81, 0xA3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, + 0x2B, 0xCE, 0x0F, 0x06, 0x08, 0x07, 0x04, 0x81, 0x93, 0x04, + 0x81, 0x90, 0x7E, 0x80, 0x20, 0x6C, 0x20, 0xAE, 0x7D, 0xAB, + 0xC1, 0x4E, 0x15, 0x51, 0x0C, 0xDD, 0x96, 0xAC, 0xFB, 0xD2, + 0x5B, 0xF1, 0xEB, 0x51, 0xDC, 0xC3, 0xB3, 0x92, 0x33, 0xC2, + 0x54, 0x59, 0x4F, 0xB2, 0x33, 0x7C, 0x10, 0xC6, 0xA3, 0x49, + 0x8D, 0x07, 0x52, 0xB2, 0xA1, 0x14, 0x0C, 0x54, 0x21, 0xD4, + 0xB1, 0xCC, 0xBD, 0xB1, 0x20, 0xAC, 0xF1, 0xBD, 0xF5, 0x60, + 0x2F, 0x07, 0x98, 0x57, 0x4E, 0x31, 0x6F, 0x42, 0x84, 0xCE, + 0x71, 0x72, 0x74, 0x20, 0xDF, 0x38, 0x39, 0xFB, 0xD3, 0xEE, + 0xAD, 0xFB, 0xB6, 0x2B, 0x60, 0x61, 0x85, 0xF1, 0x2A, 0x59, + 0x00, 0xA5, 0xCA, 0xC8, 0xE3, 0x3F, 0x96, 0xE9, 0xB1, 0xCC, + 0xBD, 0xB1, 0x20, 0xAC, 0xF1, 0xBD, 0xF5, 0x60, 0x2F, 0x07, + 0x98, 0x57, 0x4E, 0x31, 0x6F, 0x42, 0x84, 0xCE, 0x71, 0x72, + 0x74, 0x20, 0xDF, 0x38, 0x39, 0xFB, 0xD3, 0xEE, 0xAD, 0xFB, + 0xB6, 0x2B, 0x60, 0x61, 0x85, 0xF1, 0x2A, 0x59, 0x00, 0xA5, + 0xCA, 0xC8, 0xE3, 0x3F, 0x96, 0xE9 +}; +static const int sizeof_bench_sphincs_small_level3_key = sizeof(bench_sphincs_small_level3_key); + +/* certs/sphincs/bench_sphincs_small_level5_key.der */ +static const unsigned char bench_sphincs_small_level5_key[] = +{ + 0x30, 0x81, 0xD3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, + 0x2B, 0xCE, 0x0F, 0x06, 0x09, 0x07, 0x04, 0x81, 0xC3, 0x04, + 0x81, 0xC0, 0x5E, 0xEA, 0x46, 0x6D, 0xE5, 0xA1, 0x70, 0x07, + 0xF0, 0x5C, 0x59, 0xD5, 0xD7, 0x37, 0x06, 0xC7, 0xD6, 0x1C, + 0xEA, 0x06, 0x15, 0x6E, 0xB3, 0x07, 0x71, 0x34, 0xE8, 0xD4, + 0x13, 0x65, 0x58, 0xAE, 0xAC, 0xE9, 0x32, 0x26, 0x76, 0xCD, + 0x2C, 0x3D, 0x11, 0xF7, 0xAB, 0x8A, 0x84, 0x4F, 0x56, 0x6F, + 0x2F, 0x63, 0x82, 0x1A, 0x37, 0xAA, 0xAA, 0x49, 0x50, 0xC8, + 0xA5, 0x92, 0x6E, 0x3F, 0xD6, 0x67, 0xEA, 0x5C, 0x18, 0x8A, + 0x99, 0xD2, 0xB6, 0xE3, 0xD7, 0x68, 0x9E, 0x65, 0x21, 0xDD, + 0xE3, 0x44, 0x8B, 0x32, 0x30, 0x31, 0xA8, 0xF2, 0xBB, 0xED, + 0xC0, 0x3E, 0x1A, 0x7B, 0x36, 0xD8, 0xAD, 0x2A, 0xA4, 0x81, + 0xAC, 0xD3, 0x08, 0xAC, 0x54, 0x2A, 0xAC, 0xAA, 0x1B, 0x64, + 0x58, 0x7B, 0x94, 0xE0, 0x16, 0x36, 0xC9, 0x92, 0x09, 0x6A, + 0x8C, 0x4D, 0xE3, 0xAB, 0x0F, 0x1C, 0xE8, 0x77, 0x1F, 0xE5, + 0xEA, 0x5C, 0x18, 0x8A, 0x99, 0xD2, 0xB6, 0xE3, 0xD7, 0x68, + 0x9E, 0x65, 0x21, 0xDD, 0xE3, 0x44, 0x8B, 0x32, 0x30, 0x31, + 0xA8, 0xF2, 0xBB, 0xED, 0xC0, 0x3E, 0x1A, 0x7B, 0x36, 0xD8, + 0xAD, 0x2A, 0xA4, 0x81, 0xAC, 0xD3, 0x08, 0xAC, 0x54, 0x2A, + 0xAC, 0xAA, 0x1B, 0x64, 0x58, 0x7B, 0x94, 0xE0, 0x16, 0x36, + 0xC9, 0x92, 0x09, 0x6A, 0x8C, 0x4D, 0xE3, 0xAB, 0x0F, 0x1C, + 0xE8, 0x77, 0x1F, 0xE5 +}; +static const int sizeof_bench_sphincs_small_level5_key = sizeof(bench_sphincs_small_level5_key); + +#endif /* HAVE_PQC && HAVE_SPHINCS */ + #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) /* ./certs/ecc-client-key.der, ECC */ @@ -3372,91 +7693,93 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); /* ./certs/client-ecc-cert.der, ECC */ static const unsigned char cliecc_cert_der_256[] = { - 0x30, 0x82, 0x03, 0x49, 0x30, 0x82, 0x02, 0xEE, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x4A, 0x4F, 0xE5, - 0x56, 0x97, 0xCA, 0xC3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, - 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, - 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x30, 0x82, 0x03, 0x5E, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0xE6, 0x5A, 0x21, 0xE0, + 0xC4, 0x3F, 0x67, 0x06, 0x9B, 0x21, 0x43, 0x3E, 0x76, 0xCA, + 0xF0, 0x3F, 0x68, 0x5B, 0x53, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, + 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, + 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, + 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, + 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, + 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, + 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, + 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, + 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, + 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, + 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, + 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, + 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, + 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, + 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, + 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, + 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, + 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, + 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, + 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, + 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, + 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, + 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, + 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x33, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, - 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, - 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, - 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, - 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, - 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, - 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, - 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, - 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, - 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, - 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, 0x01, - 0x33, 0x30, 0x82, 0x01, 0x2F, 0x30, 0x1D, 0x06, 0x03, 0x55, - 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, - 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, - 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7, - 0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, - 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, - 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, - 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, - 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, - 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, - 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, - 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, - 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, - 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE7, 0x4A, 0x4F, 0xE5, 0x56, - 0x97, 0xCA, 0xC3, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, - 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, - 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, - 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, - 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, - 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, - 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, - 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, - 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE3, 0xBB, - 0xCA, 0x0E, 0x31, 0x2D, 0x39, 0x1D, 0x94, 0x25, 0x81, 0x90, - 0xD5, 0x11, 0xF9, 0x09, 0x6D, 0x58, 0x16, 0x23, 0xBE, 0x9F, - 0xA9, 0x18, 0x64, 0x83, 0x3C, 0x25, 0x03, 0x58, 0x58, 0x39, - 0x02, 0x21, 0x00, 0xA4, 0xAA, 0xB3, 0xF0, 0x09, 0xC9, 0x0C, - 0x2F, 0xF7, 0xB1, 0xD4, 0x8E, 0x9F, 0xA6, 0xB6, 0xAB, 0x1A, - 0xC7, 0x37, 0xED, 0x70, 0x4D, 0x34, 0x04, 0xA0, 0x9B, 0x3D, - 0x84, 0x86, 0x10, 0xA0, 0xF0 + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x59, 0xE6, 0x5A, 0x21, 0xE0, + 0xC4, 0x3F, 0x67, 0x06, 0x9B, 0x21, 0x43, 0x3E, 0x76, 0xCA, + 0xF0, 0x3F, 0x68, 0x5B, 0x53, 0x30, 0x0C, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, + 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, + 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, + 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x70, + 0xF8, 0x0E, 0x6E, 0x91, 0xC9, 0x09, 0x77, 0x25, 0x8C, 0xBA, + 0x99, 0x6D, 0x54, 0x2D, 0xA8, 0x52, 0x87, 0x17, 0x51, 0x24, + 0x8B, 0x13, 0x92, 0x89, 0x7D, 0xC9, 0xBA, 0xB4, 0x43, 0x2E, + 0x48, 0x02, 0x21, 0x00, 0xAB, 0x41, 0x13, 0x3A, 0xD5, 0xEB, + 0x68, 0x66, 0x36, 0x56, 0x7C, 0x75, 0x5D, 0x37, 0xE3, 0xF6, + 0x27, 0x7F, 0x54, 0xD5, 0x42, 0x80, 0x29, 0xDB, 0xE5, 0x9B, + 0x16, 0x8A, 0xD3, 0xC2, 0xAD, 0xD6 }; static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); @@ -3498,100 +7821,103 @@ static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); /* ./certs/server-ecc-comp.der, ECC */ static const unsigned char serv_ecc_comp_der_256[] = { - 0x30, 0x82, 0x03, 0x61, 0x30, 0x82, 0x03, 0x07, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE5, 0xB6, 0x66, 0xE0, - 0x08, 0x96, 0xC5, 0x95, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, - 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, - 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, - 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, - 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, 0x33, - 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, - 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, - 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, - 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, - 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, - 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, - 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, - 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, 0x07, - 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, - 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, - 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, - 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, - 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x46, 0x30, 0x82, 0x01, - 0x42, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, - 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, - 0x5A, 0x18, 0x30, 0x81, 0xD5, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xCD, 0x30, 0x81, 0xCA, 0x80, 0x14, 0x8C, 0x38, - 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, 0xAC, - 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, 0x81, - 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, - 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, - 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, - 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, - 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xE5, 0xB6, 0x66, 0xE0, 0x08, 0x96, 0xC5, 0x95, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, - 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, - 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, - 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, - 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, - 0x02, 0x21, 0x00, 0xAE, 0x80, 0xD7, 0xF5, 0x4D, 0x76, 0x79, - 0x5C, 0x01, 0x14, 0x8B, 0xFD, 0x80, 0x79, 0xFB, 0x9B, 0xFE, - 0x8F, 0x0D, 0x9C, 0xC3, 0x7C, 0xE6, 0x80, 0x4C, 0xA6, 0x54, - 0x16, 0x3F, 0xED, 0x1D, 0x5E, 0x02, 0x20, 0x09, 0x61, 0x2D, - 0x84, 0xE9, 0x04, 0x4F, 0x79, 0x0E, 0xE7, 0xF0, 0xCC, 0x52, - 0xD3, 0x2F, 0xE0, 0x89, 0xCF, 0xBE, 0x9B, 0x9F, 0x86, 0x23, - 0x2F, 0xE4, 0xCB, 0x43, 0x16, 0xBB, 0x09, 0x8D, 0x87 + 0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x03, 0x1D, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x04, 0xD0, 0xEE, 0xF8, 0x6F, + 0x67, 0x42, 0xA9, 0x6F, 0x3F, 0xD2, 0x7D, 0x6E, 0x7B, 0xCE, + 0x29, 0xCE, 0x14, 0xD2, 0x1B, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, + 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, + 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, + 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, + 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, 0x34, + 0x39, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, + 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, + 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, + 0x00, 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, + 0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, + 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, + 0x2C, 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x51, 0x30, 0x82, + 0x01, 0x4D, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, + 0xDF, 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, + 0xA6, 0x5A, 0x18, 0x30, 0x81, 0xE0, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xD8, 0x30, 0x81, 0xD5, 0x80, 0x14, 0x8C, + 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, + 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, + 0x81, 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, + 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, + 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x04, 0xD0, 0xEE, 0xF8, 0x6F, 0x67, 0x42, 0xA9, 0x6F, 0x3F, + 0xD2, 0x7D, 0x6E, 0x7B, 0xCE, 0x29, 0xCE, 0x14, 0xD2, 0x1B, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, + 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, + 0x30, 0x45, 0x02, 0x21, 0x00, 0x8D, 0x97, 0x8F, 0xD4, 0x70, + 0xBF, 0x10, 0x7A, 0x3F, 0xF4, 0x35, 0xBB, 0x8E, 0x6D, 0x39, + 0x5B, 0xA1, 0x02, 0xEE, 0x32, 0xDA, 0x02, 0x91, 0x57, 0x02, + 0x0B, 0x43, 0x08, 0x3E, 0x61, 0xDA, 0xF1, 0x02, 0x20, 0x73, + 0x55, 0x17, 0x84, 0x06, 0x34, 0x0E, 0x9B, 0xCD, 0x55, 0xC4, + 0x6D, 0x3B, 0x26, 0xA3, 0xED, 0x3A, 0x8B, 0xBA, 0x22, 0xE3, + 0xDC, 0x35, 0xFB, 0x8C, 0x0F, 0xB7, 0xBA, 0x6C, 0x63, 0x9D, + 0xE1 }; static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); /* ./certs/server-ecc-rsa.der, ECC */ static const unsigned char serv_ecc_rsa_der_256[] = { - 0x30, 0x82, 0x04, 0x1F, 0x30, 0x82, 0x03, 0x07, 0xA0, 0x03, + 0x30, 0x82, 0x04, 0x2A, 0x30, 0x82, 0x03, 0x12, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -3609,10 +7935,10 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, - 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, - 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, - 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, + 0x31, 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, + 0x0D, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, + 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -3637,12 +7963,12 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, - 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x82, 0x01, 0x3A, 0x30, - 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x82, 0x01, 0x45, 0x30, + 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, - 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, + 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xD4, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, 0xC9, 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, @@ -3660,43 +7986,45 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, - 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, - 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, - 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, - 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, - 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x4B, 0xCD, 0xC5, 0x8F, 0xFC, 0xBB, 0xC3, - 0x36, 0xC5, 0xD4, 0x4D, 0x71, 0x04, 0x13, 0x53, 0xA0, 0x3C, - 0xA3, 0x4E, 0x2A, 0xDD, 0x0D, 0xD3, 0xA7, 0x62, 0x31, 0x0D, - 0xC6, 0x32, 0x07, 0x31, 0xD4, 0x6B, 0x0F, 0x8B, 0x55, 0xA2, - 0x2F, 0x2C, 0xB3, 0xAE, 0x46, 0x91, 0x8A, 0x09, 0xBE, 0x7E, - 0xFF, 0xE2, 0x67, 0x46, 0xF2, 0x7E, 0xD4, 0x6F, 0xBE, 0x5D, - 0x57, 0x42, 0xFD, 0x3A, 0x56, 0xB0, 0xE8, 0x0E, 0x4D, 0x12, - 0xFD, 0xF5, 0x00, 0xCA, 0x6F, 0xBD, 0x88, 0x0C, 0x04, 0x47, - 0x1A, 0xEC, 0x5D, 0x96, 0x3F, 0xB6, 0xA5, 0x8B, 0x9D, 0x47, - 0xA6, 0x4F, 0x82, 0x07, 0x33, 0x9D, 0x11, 0x0A, 0x3D, 0x38, - 0x1D, 0x21, 0x4F, 0xD4, 0x1E, 0x1D, 0xA6, 0xD7, 0x6B, 0x72, - 0x1C, 0x51, 0xE1, 0x7A, 0x7A, 0x6C, 0x76, 0x2C, 0x98, 0x14, - 0x48, 0xFD, 0xF1, 0xD1, 0x7C, 0x53, 0x86, 0xED, 0x8C, 0x5F, - 0x4F, 0x0F, 0x27, 0x5D, 0x45, 0xBE, 0xED, 0x26, 0x90, 0xD2, - 0x51, 0x04, 0x4D, 0x06, 0x5B, 0x64, 0x1C, 0x5E, 0x31, 0x63, - 0xCC, 0xD4, 0xD5, 0x0B, 0x28, 0xCC, 0xE2, 0x29, 0x40, 0x75, - 0x87, 0x21, 0x64, 0x8E, 0x8B, 0x87, 0xEF, 0x90, 0xBB, 0x46, - 0x91, 0x91, 0xF9, 0x63, 0xF8, 0xB0, 0xA7, 0x5E, 0x8D, 0xE8, - 0x20, 0xC6, 0xB7, 0x5A, 0xD9, 0x0E, 0x35, 0xFB, 0xBA, 0xD1, - 0x09, 0xD1, 0x98, 0xA6, 0x61, 0x25, 0xE2, 0x0D, 0x97, 0xC4, - 0x1B, 0x0F, 0xBC, 0xB6, 0xEC, 0xE7, 0x96, 0x80, 0xB8, 0xE5, - 0x55, 0x03, 0x1E, 0x7F, 0xB5, 0xFD, 0x40, 0x06, 0xCC, 0xAA, - 0x7B, 0xF0, 0xB3, 0x81, 0x2E, 0xE1, 0x4E, 0x3A, 0x52, 0xE3, - 0xF3, 0xC4, 0xD3, 0x8C, 0x78, 0x49, 0x00, 0x3A, 0x57, 0xDF, - 0x0E, 0xAA, 0x2F, 0x14, 0x52, 0x3F, 0xC8, 0xFA, 0x82, 0xB9, - 0xBF, 0x27, 0xF8, 0x9C, 0x42, 0xB7, 0x44, 0x36, 0x68 + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2C, + 0x80, 0xCE, 0xDB, 0x47, 0x9D, 0x07, 0x66, 0x92, 0x3D, 0x68, + 0xD7, 0xCA, 0xAC, 0x90, 0x4F, 0xCA, 0x69, 0x41, 0x4B, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, + 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, + 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x44, 0xDA, 0x4D, 0xA2, 0xD3, 0x96, + 0x51, 0x31, 0x35, 0x74, 0x21, 0xD5, 0x27, 0x0D, 0xAB, 0x72, + 0xEB, 0xD8, 0x24, 0x11, 0x3C, 0x52, 0x07, 0x01, 0x51, 0xE8, + 0x26, 0x11, 0x39, 0xDA, 0xAC, 0x57, 0xCA, 0xE3, 0x8D, 0x8C, + 0x91, 0x16, 0x28, 0xE3, 0x7B, 0xFE, 0x58, 0x76, 0x0A, 0x3E, + 0x9D, 0xAC, 0xF3, 0xCE, 0x9F, 0x5A, 0xFF, 0x07, 0xC9, 0xA1, + 0x27, 0x9A, 0x9A, 0x5C, 0xDB, 0x82, 0xBA, 0x0E, 0xD0, 0x80, + 0xBC, 0xCF, 0xB1, 0x34, 0x6A, 0x26, 0xAF, 0x15, 0x7A, 0x21, + 0xF6, 0xA9, 0x48, 0x3C, 0xC6, 0x02, 0xD0, 0x4E, 0x32, 0xAC, + 0x75, 0x17, 0x60, 0x19, 0x45, 0x12, 0x37, 0x5D, 0x75, 0x65, + 0x84, 0xCA, 0xE8, 0x40, 0x73, 0xF5, 0x1C, 0x71, 0x82, 0xAE, + 0xE2, 0x3A, 0x1C, 0xD7, 0x4C, 0x59, 0xF2, 0x83, 0x16, 0x1F, + 0x77, 0x02, 0x91, 0xCC, 0x9C, 0xAA, 0xC9, 0xE7, 0x72, 0x6B, + 0xFF, 0x40, 0x7E, 0xDA, 0x35, 0x65, 0x47, 0xBD, 0x55, 0x90, + 0xC8, 0xC8, 0x21, 0xB2, 0xFB, 0x89, 0xD4, 0xD4, 0xCC, 0x39, + 0x02, 0x54, 0x20, 0x83, 0x17, 0x46, 0xEB, 0x5F, 0x60, 0x58, + 0x35, 0x4E, 0xCA, 0x24, 0x8D, 0x0B, 0x77, 0x10, 0xB0, 0x4A, + 0x2A, 0x51, 0xA9, 0xD0, 0x74, 0x27, 0x35, 0x61, 0x76, 0x0F, + 0x94, 0x2C, 0x0B, 0x10, 0x1D, 0xB8, 0x4A, 0x3E, 0x38, 0x95, + 0x17, 0x0A, 0x0A, 0x7E, 0xC6, 0x35, 0xC3, 0x68, 0x89, 0xC0, + 0x82, 0x8B, 0x61, 0xB8, 0xE6, 0x2F, 0xF9, 0xC8, 0x58, 0x96, + 0xC7, 0x1F, 0xEB, 0x1D, 0x2F, 0x09, 0x34, 0x5F, 0xBF, 0x76, + 0xAF, 0x00, 0x6C, 0x33, 0x80, 0x10, 0x5B, 0xA0, 0xD2, 0x76, + 0x6F, 0xE2, 0x4C, 0x96, 0xB6, 0x2D, 0xDC, 0xC0, 0x21, 0x43, + 0x6E, 0xF3, 0x58, 0x2A, 0x4B, 0xA6, 0xEF, 0x15, 0xB5, 0xCA, + 0x00, 0x28, 0x1A, 0xC6, 0xE0, 0x31, 0xF0, 0x5D, 0x99, 0x70 + }; static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); @@ -3721,10 +8049,10 @@ static const unsigned char serv_ecc_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, - 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, - 0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, - 0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, + 0x31, 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, + 0x0D, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, + 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, @@ -3763,14 +8091,14 @@ static const unsigned char serv_ecc_der_256[] = 0x03, 0x01, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, - 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, - 0x61, 0x6F, 0xE8, 0xB9, 0xAD, 0xCC, 0xC9, 0x1A, 0x81, 0x17, - 0x02, 0x64, 0x07, 0xC3, 0x18, 0x44, 0x01, 0x81, 0x76, 0x18, - 0x9D, 0x6D, 0x3D, 0x7D, 0xCB, 0xC1, 0x5A, 0x76, 0x4A, 0xAD, - 0x71, 0x55, 0x02, 0x21, 0x00, 0xCD, 0x22, 0x35, 0x04, 0x19, - 0xC2, 0x23, 0x21, 0x02, 0x88, 0x4B, 0x51, 0xDA, 0xDB, 0x51, - 0xAB, 0x54, 0x8C, 0xCB, 0x38, 0xAC, 0x8E, 0xBB, 0xEE, 0x18, - 0x07, 0xBF, 0x88, 0x36, 0x88, 0xFF, 0xD5 + 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, + 0x00, 0xCF, 0x3A, 0x17, 0x97, 0xD4, 0xBE, 0x7C, 0x50, 0xE1, + 0xBE, 0x1B, 0x53, 0x95, 0x7B, 0xA3, 0xB8, 0xC6, 0x73, 0xC4, + 0x34, 0xE0, 0x73, 0x5A, 0xDB, 0x3E, 0xCB, 0x3A, 0xB6, 0xA8, + 0xF1, 0xCD, 0xBF, 0x02, 0x20, 0x2B, 0xE6, 0xF9, 0x65, 0xB2, + 0xAB, 0x0F, 0xBB, 0x2B, 0x36, 0x5C, 0xCC, 0x2E, 0x19, 0xA9, + 0x59, 0x1C, 0x6F, 0x6F, 0xCE, 0x9B, 0x7A, 0xE6, 0x5B, 0x65, + 0x31, 0x33, 0x80, 0x05, 0xCB, 0x7C, 0x96 }; static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256); @@ -3796,72 +8124,73 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256); /* ./certs/ca-ecc-cert.der, ECC */ static const unsigned char ca_ecc_cert_der_256[] = { - 0x30, 0x82, 0x02, 0x8A, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x83, 0x47, 0x7C, 0x81, - 0xD6, 0x0D, 0x1C, 0x4E, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, - 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, - 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, - 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, - 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x33, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, - 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, - 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, - 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, - 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, 0x8E, - 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, 0x9E, - 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, 0x2A, - 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, 0x83, - 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, 0x43, - 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, 0xCB, - 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, 0x30, - 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18, - 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3, - 0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, - 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, - 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, 0x55, - 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, - 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, - 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, - 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xC5, 0x83, - 0xFF, 0x1E, 0x51, 0xF7, 0xA1, 0xE9, 0xF1, 0x42, 0xC4, 0xBE, - 0xED, 0x38, 0xBD, 0x38, 0x32, 0x8F, 0xAE, 0x3F, 0xC7, 0x6D, - 0x11, 0x90, 0xE9, 0x99, 0xAB, 0x61, 0xA2, 0xDB, 0xA7, 0x4B, - 0x02, 0x20, 0x28, 0x40, 0xD9, 0xBA, 0x45, 0xCC, 0xA6, 0xEA, - 0xFA, 0x3F, 0x3E, 0x71, 0x44, 0x8E, 0x02, 0x03, 0x2F, 0x41, - 0x0B, 0x56, 0x78, 0x2D, 0xA6, 0xE8, 0x5E, 0xF6, 0xFF, 0xDA, - 0x62, 0x8C, 0xF9, 0xDF + 0x30, 0x82, 0x02, 0x96, 0x30, 0x82, 0x02, 0x3B, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x65, 0x67, 0x42, 0x4C, 0x06, + 0xE7, 0xE4, 0xC3, 0x68, 0x01, 0xA9, 0x94, 0xA9, 0x07, 0xE6, + 0xFE, 0xBD, 0x2C, 0xD6, 0x3D, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, + 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, + 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, + 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, + 0x8E, 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, + 0x9E, 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, + 0x2A, 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, + 0x83, 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, + 0x43, 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, + 0xCB, 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, + 0x30, 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, + 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, + 0xF3, 0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, + 0xF0, 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, + 0xCF, 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, + 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, + 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xB0, + 0x12, 0x16, 0x03, 0x26, 0x79, 0xD4, 0x6B, 0x94, 0xD9, 0x7E, + 0xCA, 0xE1, 0x2D, 0x24, 0x64, 0xEF, 0x11, 0x6E, 0xF2, 0x12, + 0x81, 0xE4, 0xCE, 0x1D, 0x77, 0x7D, 0xCA, 0x5C, 0x47, 0x50, + 0x62, 0x02, 0x21, 0x00, 0x80, 0xBF, 0x46, 0x3C, 0x5D, 0xD8, + 0xE5, 0xAB, 0x47, 0xCE, 0xA2, 0x19, 0xBD, 0x21, 0xDE, 0x85, + 0x6F, 0xAB, 0xC9, 0x8F, 0x01, 0xF3, 0xAB, 0x1B, 0xB9, 0xE1, + 0x53, 0xD6, 0x24, 0x77, 0xA6, 0x4D }; static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256); @@ -3891,78 +8220,79 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384); /* ./certs/ca-ecc384-cert.der, ECC */ static const unsigned char ca_ecc_cert_der_384[] = { - 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xA8, 0x60, 0xFD, 0x75, - 0x07, 0x98, 0x55, 0x6A, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, - 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, - 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, - 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, - 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, - 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32, - 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, - 0x33, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, - 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, - 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, - 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, - 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, 0x10, - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, - 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, - 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, 0xD7, - 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, 0x03, - 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, 0xA2, - 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, 0x9C, - 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, 0x3C, - 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, 0xDE, - 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, 0x66, - 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, 0x83, - 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, 0x35, - 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0, 0xA3, 0x63, 0x30, 0x61, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, - 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, 0xD4, 0x72, 0xBB, - 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, 0x80, 0x12, 0x53, - 0x52, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, - 0xD4, 0x72, 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, - 0x80, 0x12, 0x53, 0x52, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, - 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, - 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, - 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03, - 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x47, 0xA2, 0x36, 0x33, - 0xF4, 0x27, 0xBD, 0xD0, 0x5C, 0xE6, 0x8D, 0x3E, 0x31, 0xA9, - 0x4E, 0x51, 0x57, 0xA9, 0x93, 0x28, 0x72, 0x0A, 0x72, 0xAB, - 0x6E, 0xF9, 0x56, 0xC0, 0xF5, 0x70, 0x02, 0x9F, 0x9C, 0xB2, - 0x4A, 0x9C, 0x3E, 0x9F, 0xFB, 0xC5, 0x64, 0x26, 0x7A, 0x88, - 0xDC, 0x4A, 0x2A, 0x25, 0x02, 0x31, 0x00, 0x88, 0xF8, 0xE2, - 0xD5, 0x20, 0x82, 0xF2, 0xDE, 0x7B, 0xCB, 0x13, 0xAC, 0xCD, - 0xFF, 0xE8, 0x1E, 0x4E, 0x84, 0x3D, 0x9C, 0xAF, 0x5D, 0xF9, - 0x01, 0xE7, 0x4F, 0xD4, 0x03, 0x09, 0x84, 0x3D, 0x7B, 0x2B, - 0x83, 0xE2, 0xAE, 0x08, 0x68, 0x2E, 0x5B, 0x85, 0x6F, 0x43, - 0xF5, 0x41, 0xE0, 0xC7, 0xC9 + 0x30, 0x82, 0x02, 0xD1, 0x30, 0x82, 0x02, 0x58, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x0A, 0xF8, 0xC7, 0xEE, 0x86, + 0x55, 0x2F, 0x18, 0x21, 0xBF, 0x88, 0x49, 0x50, 0x03, 0x5A, + 0xFC, 0x2D, 0x93, 0x31, 0x0A, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, + 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, + 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, + 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, + 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, + 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, + 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, + 0x04, 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, + 0xD7, 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, + 0x03, 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, + 0xA2, 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, + 0x9C, 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, + 0x3C, 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, + 0xDE, 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, + 0x66, 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, + 0x83, 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, + 0x35, 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0, 0xA3, 0x63, 0x30, + 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, 0xD4, 0x72, + 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, 0x80, 0x12, + 0x53, 0x52, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, + 0x18, 0xD4, 0x72, 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, + 0x92, 0x80, 0x12, 0x53, 0x52, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, + 0x03, 0x67, 0x00, 0x30, 0x64, 0x02, 0x30, 0x03, 0x31, 0x8C, + 0xD3, 0x04, 0xF5, 0xB2, 0xBF, 0xBD, 0xA2, 0x27, 0x6A, 0xFF, + 0xDD, 0x7F, 0xBD, 0x88, 0xD5, 0x3E, 0x09, 0x9A, 0xCF, 0xDA, + 0x79, 0x95, 0x6B, 0x32, 0x6F, 0xFA, 0x98, 0xD8, 0x48, 0x8B, + 0x99, 0x91, 0xFE, 0x39, 0x9E, 0x7B, 0x35, 0x2C, 0x78, 0x32, + 0xBA, 0xA3, 0x0B, 0x65, 0x1C, 0x02, 0x30, 0x3E, 0x6A, 0x10, + 0x8C, 0x57, 0x47, 0x85, 0x73, 0x3C, 0xEB, 0x2A, 0x02, 0xB2, + 0x27, 0x62, 0x1F, 0x44, 0x52, 0x2B, 0xB1, 0x34, 0x3F, 0x9C, + 0x78, 0x70, 0x0A, 0x59, 0x01, 0x3E, 0xAD, 0xC0, 0x08, 0xBC, + 0xD5, 0xD1, 0xA6, 0xC0, 0xDD, 0x2C, 0x8B, 0x2A, 0x8B, 0xF4, + 0x04, 0xAD, 0xD3, 0x01, 0xE6 }; static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384); @@ -3995,9 +8325,9 @@ static const unsigned char dh_g[] = /* ./certs/ed25519/server-ed25519.der, ED25519 */ static const unsigned char server_ed25519_cert[] = { - 0x30, 0x82, 0x02, 0x75, 0x30, 0x82, 0x02, 0x27, 0xA0, 0x03, + 0x30, 0x82, 0x02, 0xA7, 0x30, 0x82, 0x02, 0x59, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x05, 0x06, 0x03, - 0x2B, 0x65, 0x70, 0x30, 0x81, 0x9B, 0x31, 0x0B, 0x30, 0x09, + 0x2B, 0x65, 0x70, 0x30, 0x81, 0xB4, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -4013,26 +8343,31 @@ static const unsigned char server_ed25519_cert[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x33, 0x31, - 0x30, 0x30, 0x36, 0x34, 0x39, 0x30, 0x33, 0x5A, 0x17, 0x0D, - 0x32, 0x33, 0x31, 0x32, 0x30, 0x35, 0x30, 0x36, 0x34, 0x39, - 0x30, 0x33, 0x5A, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, - 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, - 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66, - 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, - 0x39, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0B, - 0x0C, 0x0E, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x65, - 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, 0x06, + 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, + 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D, + 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31, 0x37, + 0x34, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x39, 0x31, + 0x31, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, + 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x0F, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x65, + 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x17, 0x30, 0x15, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0E, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x2D, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, + 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, + 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x23, 0xAA, 0x4D, 0x60, 0x50, 0xE0, 0x13, 0xD3, 0x3A, 0xED, 0xAB, 0xF6, 0xA9, 0xCC, 0x4A, 0xFE, 0xD7, 0x4D, 0x2F, 0xD2, 0x5B, 0x1A, 0x10, @@ -4051,14 +8386,14 @@ static const unsigned char server_ed25519_cert[] = 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, - 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xF3, - 0xC2, 0xEF, 0x8B, 0x55, 0x65, 0x4F, 0xBC, 0xE3, 0xDF, 0xFC, - 0xD8, 0xA1, 0xAD, 0x8E, 0x43, 0x07, 0x73, 0xC8, 0x58, 0xC3, - 0x46, 0x0A, 0xC1, 0xF1, 0x4D, 0x3F, 0xFB, 0x3D, 0x78, 0xE6, - 0x76, 0x58, 0x26, 0xCE, 0xD7, 0x59, 0x55, 0xEC, 0xC5, 0xB5, - 0xB4, 0x05, 0xED, 0xF9, 0xD4, 0x97, 0x69, 0x66, 0xD6, 0x2C, - 0x1B, 0x43, 0x5A, 0x51, 0x5C, 0xBE, 0x10, 0x28, 0x95, 0xC4, - 0x96, 0xAF, 0x00 + 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x36, + 0x3F, 0x8D, 0x2F, 0x28, 0xBD, 0x51, 0x83, 0xB8, 0xD8, 0x9C, + 0x09, 0x64, 0xC4, 0x77, 0xFD, 0xCD, 0xC6, 0xC3, 0x86, 0xB0, + 0x8D, 0x81, 0xE3, 0xE9, 0xCE, 0x7A, 0x2A, 0x32, 0x15, 0xE9, + 0xF9, 0x6A, 0x75, 0x1A, 0xA0, 0x5E, 0x71, 0x62, 0x72, 0xDE, + 0x46, 0x11, 0xA8, 0x9D, 0xDB, 0x80, 0x6B, 0x73, 0x38, 0x61, + 0x0C, 0xF3, 0x24, 0x11, 0x45, 0xC9, 0xA1, 0xD3, 0xD2, 0x3B, + 0x05, 0xD5, 0x05 }; static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); @@ -4076,7 +8411,7 @@ static const int sizeof_server_ed25519_key = sizeof(server_ed25519_key); /* ./certs/ed25519/ca-ed25519.der, ED25519 */ static const unsigned char ca_ed25519_cert[] = { - 0x30, 0x82, 0x02, 0x4C, 0x30, 0x82, 0x01, 0xFE, 0xA0, 0x03, + 0x30, 0x82, 0x02, 0x65, 0x30, 0x82, 0x02, 0x17, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, @@ -4094,10 +8429,10 @@ static const unsigned char ca_ed25519_cert[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, - 0x33, 0x31, 0x30, 0x30, 0x36, 0x34, 0x39, 0x30, 0x33, 0x5A, - 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x30, 0x35, 0x30, 0x36, - 0x34, 0x39, 0x30, 0x33, 0x5A, 0x30, 0x81, 0x9B, 0x31, 0x0B, + 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, + 0x32, 0x31, 0x36, 0x32, 0x31, 0x31, 0x37, 0x34, 0x39, 0x5A, + 0x17, 0x0D, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, + 0x31, 0x37, 0x34, 0x39, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, @@ -4113,40 +8448,42 @@ static const unsigned char ca_ed25519_cert[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, - 0x65, 0x70, 0x03, 0x21, 0x00, 0x42, 0x3B, 0x7A, 0xF9, 0x82, - 0xCF, 0xF9, 0xDF, 0x19, 0xDD, 0xF3, 0xF0, 0x32, 0x29, 0x6D, - 0xFA, 0xFD, 0x76, 0x4F, 0x68, 0xC2, 0xC2, 0xE0, 0x6C, 0x47, - 0xAE, 0xC2, 0x55, 0x68, 0xAC, 0x0D, 0x4D, 0xA3, 0x63, 0x30, - 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x74, 0xD5, 0x38, 0x19, 0x5E, 0x83, 0xB9, 0x03, - 0xF8, 0x01, 0x8A, 0x35, 0x35, 0xBB, 0x89, 0x4C, 0x49, 0xB4, - 0x23, 0xE9, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0xFA, 0xBA, 0x5B, 0x76, 0x1D, - 0xF1, 0x1D, 0x1D, 0x4D, 0x74, 0x48, 0xD8, 0x98, 0x3B, 0x56, - 0xEF, 0xB3, 0x14, 0xF3, 0xDE, 0x30, 0x0F, 0x06, 0x03, 0x55, - 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, - 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x05, - 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xDA, 0xFE, - 0x58, 0x53, 0x89, 0x43, 0x85, 0x98, 0x35, 0xDC, 0x13, 0x1C, - 0xA3, 0xF1, 0x1F, 0x8D, 0x26, 0xBE, 0xB6, 0xA2, 0xFC, 0xB7, - 0xFE, 0x9C, 0xB9, 0x35, 0x69, 0x31, 0x7E, 0xD4, 0xB9, 0x11, - 0x45, 0x16, 0xA2, 0x29, 0x35, 0xA9, 0x74, 0xA7, 0x97, 0xDA, - 0x7E, 0x71, 0x4F, 0xB1, 0x72, 0x5D, 0x75, 0x17, 0xAC, 0xE3, - 0xF6, 0xB8, 0xCE, 0x1E, 0xE4, 0x8A, 0x95, 0xBA, 0xCD, 0x1D, - 0xCE, 0x0D + 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, + 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, + 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x2A, + 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, + 0x42, 0x3B, 0x7A, 0xF9, 0x82, 0xCF, 0xF9, 0xDF, 0x19, 0xDD, + 0xF3, 0xF0, 0x32, 0x29, 0x6D, 0xFA, 0xFD, 0x76, 0x4F, 0x68, + 0xC2, 0xC2, 0xE0, 0x6C, 0x47, 0xAE, 0xC2, 0x55, 0x68, 0xAC, + 0x0D, 0x4D, 0xA3, 0x63, 0x30, 0x61, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x74, 0xD5, 0x38, + 0x19, 0x5E, 0x83, 0xB9, 0x03, 0xF8, 0x01, 0x8A, 0x35, 0x35, + 0xBB, 0x89, 0x4C, 0x49, 0xB4, 0x23, 0xE9, 0x30, 0x1F, 0x06, + 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, + 0xFA, 0xBA, 0x5B, 0x76, 0x1D, 0xF1, 0x1D, 0x1D, 0x4D, 0x74, + 0x48, 0xD8, 0x98, 0x3B, 0x56, 0xEF, 0xB3, 0x14, 0xF3, 0xDE, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, + 0x02, 0x01, 0x86, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, + 0x03, 0x41, 0x00, 0x40, 0x01, 0x0F, 0x0B, 0x8D, 0xD6, 0xAA, + 0xDC, 0x2C, 0xB3, 0x40, 0x22, 0xE7, 0x78, 0xEF, 0x1C, 0x8B, + 0x08, 0x27, 0xEE, 0xD9, 0xD7, 0xB6, 0x91, 0xB3, 0x2D, 0x3D, + 0xAC, 0xB9, 0x50, 0xFB, 0x2F, 0xB5, 0x25, 0x63, 0x5A, 0x1A, + 0x3D, 0x3E, 0xCD, 0x81, 0xA1, 0xA9, 0xE7, 0xD5, 0xA1, 0x4A, + 0x19, 0xB8, 0x4C, 0xB0, 0x1D, 0x3C, 0x8A, 0xE3, 0x47, 0xC0, + 0xF6, 0x41, 0x95, 0xE6, 0x59, 0x23, 0x08 }; static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); /* ./certs/ed25519/client-ed25519.der, ED25519 */ static const unsigned char client_ed25519_cert[] = { - 0x30, 0x82, 0x03, 0x54, 0x30, 0x82, 0x03, 0x06, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x40, 0x66, 0xC6, 0x11, 0xBC, - 0x00, 0xF8, 0x51, 0xF9, 0xE4, 0x4B, 0xBB, 0x0B, 0xAD, 0xC1, - 0x09, 0x38, 0xB0, 0x4A, 0xE4, 0x30, 0x05, 0x06, 0x03, 0x2B, - 0x65, 0x70, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x82, 0x03, 0x9F, 0x30, 0x82, 0x03, 0x51, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x69, 0xAC, 0xB8, 0xB4, 0xF7, + 0xE4, 0x11, 0xCB, 0xC5, 0x63, 0xB2, 0xCC, 0x2A, 0xA8, 0xE2, + 0x0F, 0x55, 0xEE, 0x86, 0x86, 0x30, 0x05, 0x06, 0x03, 0x2B, + 0x65, 0x70, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -4162,39 +8499,44 @@ static const unsigned char client_ed25519_cert[] = 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, - 0x30, 0x33, 0x31, 0x30, 0x30, 0x36, 0x34, 0x39, 0x30, 0x33, - 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x30, 0x35, 0x30, - 0x36, 0x34, 0x39, 0x30, 0x33, 0x5A, 0x30, 0x81, 0x9F, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x77, - 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x65, 0x64, 0x32, - 0x35, 0x35, 0x31, 0x39, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x0E, 0x43, 0x6C, 0x69, 0x65, 0x6E, - 0x74, 0x2D, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, - 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, - 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, + 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, + 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, 0x32, + 0x31, 0x31, 0x37, 0x35, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x35, + 0x30, 0x39, 0x31, 0x31, 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, + 0x5A, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x0F, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, + 0x4C, 0x5F, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, + 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0E, + 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x2D, 0x65, 0x64, 0x32, + 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, + 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, + 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0xE6, 0x57, 0x5B, 0x13, 0x1B, 0xC7, 0x51, 0x14, 0x6B, 0xED, 0x3B, 0xF5, 0xD1, 0xFA, 0xAB, 0x9E, 0x6C, 0xB6, 0xEB, 0x02, 0x09, 0xA3, 0x99, 0xF5, 0x6E, 0xBF, 0x9D, 0x3C, 0xFE, 0x54, - 0x39, 0xE6, 0xA3, 0x82, 0x01, 0x50, 0x30, 0x82, 0x01, 0x4C, + 0x39, 0xE6, 0xA3, 0x82, 0x01, 0x69, 0x30, 0x82, 0x01, 0x65, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xFE, 0x41, 0x5E, 0x3E, 0x81, 0xE2, 0x2E, 0x46, 0xB3, 0x3E, 0x47, 0x89, 0x90, 0xD4, 0xC2, 0xB4, 0x8E, 0x11, 0xD6, - 0x8A, 0x30, 0x81, 0xDF, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x81, 0xD7, 0x30, 0x81, 0xD4, 0x80, 0x14, 0xFE, 0x41, 0x5E, + 0x8A, 0x30, 0x81, 0xF8, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x81, 0xF0, 0x30, 0x81, 0xED, 0x80, 0x14, 0xFE, 0x41, 0x5E, 0x3E, 0x81, 0xE2, 0x2E, 0x46, 0xB3, 0x3E, 0x47, 0x89, 0x90, - 0xD4, 0xC2, 0xB4, 0x8E, 0x11, 0xD6, 0x8A, 0xA1, 0x81, 0xA5, - 0xA4, 0x81, 0xA2, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, + 0xD4, 0xC2, 0xB4, 0x8E, 0x11, 0xD6, 0x8A, 0xA1, 0x81, 0xBE, + 0xA4, 0x81, 0xBB, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -4210,24 +8552,27 @@ static const unsigned char client_ed25519_cert[] = 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x40, 0x66, 0xC6, - 0x11, 0xBC, 0x00, 0xF8, 0x51, 0xF9, 0xE4, 0x4B, 0xBB, 0x0B, - 0xAD, 0xC1, 0x09, 0x38, 0xB0, 0x4A, 0xE4, 0x30, 0x0C, 0x06, - 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, - 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, - 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, - 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, - 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, - 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, - 0x41, 0x00, 0xE0, 0x87, 0xE2, 0xCE, 0xD3, 0x87, 0x77, 0x9D, - 0xF7, 0x44, 0xC0, 0x73, 0x00, 0xFF, 0x07, 0x6D, 0x2E, 0x90, - 0x90, 0x5C, 0xBF, 0x30, 0x46, 0x9C, 0x75, 0xA9, 0x48, 0x50, - 0x8A, 0xDA, 0x09, 0x0F, 0xA8, 0xA8, 0x04, 0xB4, 0x33, 0xC8, - 0xF4, 0x28, 0x61, 0x9E, 0xC2, 0xA5, 0x19, 0xB7, 0x70, 0x1E, - 0x69, 0xCD, 0x49, 0x5C, 0x9A, 0xF3, 0x81, 0xE0, 0xDE, 0x38, - 0xB3, 0x37, 0xFF, 0x33, 0xBB, 0x07 + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, + 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, + 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x82, 0x14, 0x69, 0xAC, 0xB8, 0xB4, 0xF7, 0xE4, 0x11, 0xCB, + 0xC5, 0x63, 0xB2, 0xCC, 0x2A, 0xA8, 0xE2, 0x0F, 0x55, 0xEE, + 0x86, 0x86, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x05, 0x06, + 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x2E, 0x4A, 0xB8, + 0x2A, 0xF0, 0x75, 0xEE, 0x31, 0x6A, 0x51, 0x0A, 0x6A, 0x54, + 0x5B, 0x45, 0x6E, 0xAC, 0x03, 0xA8, 0xA9, 0x9A, 0xD4, 0xD6, + 0x38, 0x02, 0xEB, 0x76, 0xB6, 0xA7, 0x66, 0x86, 0xEA, 0xE9, + 0xF3, 0x6F, 0x31, 0x4E, 0xE4, 0x50, 0xD1, 0x75, 0xFE, 0x88, + 0x3F, 0x23, 0x9D, 0x76, 0xD9, 0x9C, 0x07, 0x14, 0x13, 0x16, + 0x30, 0xC3, 0x40, 0x51, 0x06, 0xDA, 0xA5, 0x39, 0x5F, 0x0A, + 0x09 }; static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert); diff --git a/source/libs/libwolfssl/crl.h b/source/libs/libwolfssl/crl.h index 9b3ec3f6..656fdd6a 100644 --- a/source/libs/libwolfssl/crl.h +++ b/source/libs/libwolfssl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,12 +34,14 @@ extern "C" { #endif -WOLFSSL_LOCAL int InitCRL(WOLFSSL_CRL*, WOLFSSL_CERT_MANAGER*); -WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL*, int dynamic); +WOLFSSL_LOCAL int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm); +WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL* crl, int dynamic); -WOLFSSL_LOCAL int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int mon); -WOLFSSL_LOCAL int BufferLoadCRL(WOLFSSL_CRL*, const byte*, long, int, int); -WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL*, DecodedCert*); +WOLFSSL_LOCAL int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, + int monitor); +WOLFSSL_LOCAL int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, + int type, int verify); +WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert); #ifdef __cplusplus diff --git a/source/libs/libwolfssl/error-ssl.h b/source/libs/libwolfssl/error-ssl.h index f2e58094..563876c1 100644 --- a/source/libs/libwolfssl/error-ssl.h +++ b/source/libs/libwolfssl/error-ssl.h @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,7 +52,6 @@ enum wolfSSL_ErrorCodes { RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */ NO_DH_PARAMS = -319, /* server missing DH params */ BUILD_MSG_ERROR = -320, /* build message failure */ - BAD_HELLO = -321, /* client hello malformed */ DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ WANT_READ = -323, /* want read, call again */ @@ -76,10 +75,6 @@ enum wolfSSL_ErrorCodes { ZERO_RETURN = -343, /* peer sent close notify */ SIDE_ERROR = -344, /* wrong client/server type */ NO_PEER_CERT = -345, /* peer didn't send key */ - NTRU_KEY_ERROR = -346, /* NTRU key error */ - NTRU_DRBG_ERROR = -347, /* NTRU drbg error */ - NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */ - NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */ ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */ ECC_CURVE_ERROR = -351, /* Bad ECC Curve */ ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */ @@ -113,6 +108,7 @@ enum wolfSSL_ErrorCodes { UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */ UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */ KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */ + KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */ EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */ SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */ @@ -171,9 +167,22 @@ enum wolfSSL_ErrorCodes { NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */ APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */ TOO_MUCH_EARLY_DATA = -442, /* Too much Early data */ - SOCKET_FILTERED_E = -443, /* Session stopped by network filter */ + HTTP_RECV_ERR = -444, /* HTTP Receive error */ + HTTP_HEADER_ERR = -445, /* HTTP Header error */ + HTTP_PROTO_ERR = -446, /* HTTP Protocol error */ + HTTP_STATUS_ERR = -447, /* HTTP Status error */ + HTTP_VERSION_ERR = -448, /* HTTP Version error */ + HTTP_APPSTR_ERR = -449, /* HTTP Application string error */ + UNSUPPORTED_PROTO_VERSION = -450, /* bad/unsupported protocol version*/ + FALCON_KEY_SIZE_E = -451, /* Wrong key size for Falcon. */ + QUIC_TP_MISSING_E = -452, /* QUIC transport parameter missing */ + DILITHIUM_KEY_SIZE_E = -453, /* Wrong key size for Dilithium. */ + DTLS_CID_ERROR = -454, /* Wrong or missing CID */ + DTLS_TOO_MANY_FRAGMENTS_E = -455, /* Received too many fragments */ + QUIC_WRONG_ENC_LEVEL = -456, /* QUIC data received on wrong encryption level */ + DUPLICATE_TLS_EXT_E = -457, /* Duplicate TLS extension in msg. */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* begin negotiation parameter errors */ diff --git a/source/libs/libwolfssl/internal.h b/source/libs/libwolfssl/internal.h index 2510ed66..9842dfb2 100644 --- a/source/libs/libwolfssl/internal.h +++ b/source/libs/libwolfssl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,7 +24,6 @@ #ifndef WOLFSSL_INT_H #define WOLFSSL_INT_H - #include #include #ifdef HAVE_CRL @@ -34,12 +33,6 @@ #ifndef NO_DES3 #include #endif -#ifndef NO_HC128 - #include -#endif -#ifndef NO_RABBIT - #include -#endif #ifdef HAVE_CHACHA #include #endif @@ -81,6 +74,9 @@ #ifdef HAVE_OCSP #include #endif +#ifdef WOLFSSL_QUIC + #include +#endif #ifdef WOLFSSL_SHA384 #include #endif @@ -93,9 +89,6 @@ #ifdef WOLFSSL_RIPEMD #include #endif -#ifdef HAVE_IDEA - #include -#endif #ifndef NO_RSA #include #endif @@ -117,6 +110,13 @@ #ifdef HAVE_CURVE448 #include #endif +#ifdef HAVE_PQC + #include + #include +#endif +#ifdef HAVE_HKDF + #include +#endif #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ @@ -198,11 +198,12 @@ #endif #elif defined(WOLFSSL_TELIT_M2MB) /* do nothing */ +#elif defined(WOLFSSL_EMBOS) + /* do nothing */ #else #ifndef SINGLE_THREADED #if defined(WOLFSSL_LINUXKM) - #define WOLFSSL_KTHREADS - #include + /* setup is in linuxkm/linuxkm_wc_port.h */ #elif defined(WOLFSSL_USER_MUTEX) /* do nothing */ #else @@ -219,8 +220,8 @@ #endif #endif -#ifndef CHAR_BIT - /* Needed for DTLS without big math */ +#if !defined(CHAR_BIT) || (defined(OPENSSL_EXTRA) && !defined(INT_MAX)) + /* Needed for DTLS without big math and INT_MAX */ #include #endif @@ -256,6 +257,13 @@ #define WC_MD5_DIGEST_SIZE 16 #endif +#ifdef WOLFSSL_IOTSAFE + #include +#endif + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) + #include +#endif #ifdef __cplusplus extern "C" { @@ -285,11 +293,6 @@ #error "You are trying to build max strength with requirements disabled." #endif -/* Have QSH : Quantum-safe Handshake */ -#if defined(HAVE_QSH) - #define BUILD_TLS_QSH -#endif - #ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_MAX_STRENGTH @@ -309,10 +312,6 @@ #define BUILD_SSL_RSA_WITH_RC4_128_MD5 #endif #endif - #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \ - && defined(WOLFSSL_STATIC_RSA) - #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - #endif #endif #if !defined(NO_RSA) && !defined(NO_DES3) @@ -320,16 +319,6 @@ #if defined(WOLFSSL_STATIC_RSA) #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA #endif - #if !defined(NO_TLS) && defined(HAVE_NTRU) \ - && defined(WOLFSSL_STATIC_RSA) - #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - #endif - #endif - #endif - - #if !defined(NO_RSA) && defined(HAVE_IDEA) - #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) - #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA #endif #endif #endif /* !WOLFSSL_AEAD_ONLY */ @@ -344,14 +333,6 @@ #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA #endif #endif - #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) - #ifdef WOLFSSL_AES_128 - #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - #endif - #ifdef WOLFSSL_AES_256 - #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - #endif - #endif #endif #if defined(WOLFSSL_STATIC_RSA) #if !defined (NO_SHA256) && defined(HAVE_AES_CBC) @@ -474,23 +455,6 @@ #endif #endif -#if defined(WOLFSSL_STATIC_RSA) - #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) - #ifndef NO_MD5 - #define BUILD_TLS_RSA_WITH_HC_128_MD5 - #endif - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_HC_128_SHA - #endif - #endif - - #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_RABBIT_SHA - #endif - #endif -#endif - #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ !defined(NO_RSA) @@ -711,6 +675,10 @@ defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #endif + #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ + defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) + #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 + #endif #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) #if !defined(NO_OLD_POLY1305) @@ -865,7 +833,7 @@ (defined(NO_DH) || !defined(HAVE_ANON)) && \ defined(NO_RSA) && !defined(HAVE_ECC) && \ !defined(HAVE_ED25519) && !defined(HAVE_ED448) - #error "No cipher suites avaialble with this build" + #error "No cipher suites available with this build" #endif #ifdef WOLFSSL_MULTICAST @@ -927,15 +895,6 @@ #define NO_CHAPOL_AEAD #endif -#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_MD5) - #define BUILD_HC128 -#endif - -#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) - #define BUILD_RABBIT -#endif - #ifdef NO_DES3 #define DES_BLOCK_SIZE 8 #else @@ -976,10 +935,6 @@ #define HAVE_PFS #endif -#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) - #define BUILD_IDEA -#endif - /* actual cipher values, 2nd byte */ enum { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, @@ -1000,7 +955,6 @@ enum { SSL_RSA_WITH_RC4_128_SHA = 0x05, SSL_RSA_WITH_RC4_128_MD5 = 0x04, SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, - SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, @@ -1033,22 +987,8 @@ enum { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, - /* wolfSSL extension - eSTREAM */ - TLS_RSA_WITH_HC_128_MD5 = 0xFB, - TLS_RSA_WITH_HC_128_SHA = 0xFC, - TLS_RSA_WITH_RABBIT_SHA = 0xFD, WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ - /* wolfSSL extension - NTRU */ - TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, - TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ - TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, - - /* wolfSSL extension - NTRU , Quantum-safe Handshake - first byte is 0xD0 (QSH_BYTE) */ - TLS_QSH = 0x01, - /* SHA256 */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, @@ -1122,6 +1062,9 @@ enum { TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, + /* ECDHE_PSK RFC8442, first byte is 0xD0 (EDHE_PSK_BYTE) */ + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0x01, + /* TLS v1.3 cipher suites */ TLS_AES_128_GCM_SHA256 = 0x01, TLS_AES_256_GCM_SHA384 = 0x02, @@ -1129,7 +1072,7 @@ enum { TLS_AES_128_CCM_SHA256 = 0x04, TLS_AES_128_CCM_8_SHA256 = 0x05, - /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */ + /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */ TLS_SHA256_SHA256 = 0xB4, TLS_SHA384_SHA384 = 0xB5, @@ -1168,6 +1111,13 @@ enum { #define WOLFSSL_MAX_MTU 1400 #endif /* WOLFSSL_MAX_MTU */ +#ifndef WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER + #define WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER 500 +#endif /* WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER */ + +#ifndef WOLFSSL_DTLS_FRAG_POOL_SZ + #define WOLFSSL_DTLS_FRAG_POOL_SZ 10 +#endif /* set minimum DH key size allowed */ #ifndef WOLFSSL_MIN_DHKEY_BITS @@ -1187,9 +1137,13 @@ enum { /* set maximum DH key size allowed */ #ifndef WOLFSSL_MAX_DHKEY_BITS #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) - #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2) + #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2) + #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \ + defined(SP_INT_BITS) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define WOLFSSL_MAX_DHKEY_BITS (((SP_INT_BITS + 7) / 8) * 8) #else - #define WOLFSSL_MAX_DHKEY_BITS 4096 + #define WOLFSSL_MAX_DHKEY_BITS 4096 #endif #endif #if (WOLFSSL_MAX_DHKEY_BITS % 8) @@ -1203,7 +1157,7 @@ enum { #ifndef MAX_PSK_ID_LEN /* max psk identity/hint supported */ #if defined(WOLFSSL_TLS13) - /* OpenSSL has a 1472 byte sessiont ticket */ + /* OpenSSL has a 1472 byte session ticket */ #define MAX_PSK_ID_LEN 1536 #else #define MAX_PSK_ID_LEN 128 @@ -1215,30 +1169,187 @@ enum { #define MAX_EARLY_DATA_SZ 4096 #endif -#ifndef WOLFSSL_MAX_RSA_BITS - #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) - #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) - #else - #define WOLFSSL_MAX_RSA_BITS 4096 +#ifndef NO_RSA + #ifndef WOLFSSL_MAX_RSA_BITS + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define WOLFSSL_MAX_RSA_BITS (((SP_INT_BITS + 7) / 8) * 8) + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define WOLFSSL_MAX_RSA_BITS 4096 + #endif + #endif + #if (WOLFSSL_MAX_RSA_BITS % 8) + #error RSA maximum bit size must be multiple of 8 #endif #endif -#if (WOLFSSL_MAX_RSA_BITS % 8) - #error RSA maximum bit size must be multiple of 8 + + +#if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) + /* MySQL wants to be able to use 8192-bit numbers. */ + #if defined(USE_FAST_MATH) && defined(FP_MAX_BITS) + /* Use the FP size up to 8192-bit and down to a min of 1024-bit. */ + #if FP_MAX_BITS >= 16384 + #define ENCRYPT_BASE_BITS 8192 + #elif defined(HAVE_ECC) + #if FP_MAX_BITS > 2224 + #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) + #else + /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */ + #define ENCRYPT_BASE_BITS 1112 + #endif + #else + #if FP_MAX_BITS > 2048 + #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) + #else + #define ENCRYPT_BASE_BITS 1024 + #endif + #endif + + /* Check MySQL size requirements met. */ + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192 + #error "MySQL needs FP_MAX_BITS at least at 16384" + #endif + + #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \ + WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS + #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS" + #endif + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */ + #if SP_INT_BITS >= 8192 + #define ENCRYPT_BASE_BITS 8192 + #elif defined(HAVE_ECC) + #if SP_INT_BITS > 1112 + #define ENCRYPT_BASE_BITS SP_INT_BITS + #else + /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */ + #define ENCRYPT_BASE_BITS 1112 + #endif + #else + #if SP_INT_BITS > 1024 + #define ENCRYPT_BASE_BITS SP_INT_BITS + #else + #define ENCRYPT_BASE_BITS 1024 + #endif + #endif + + /* Check MySQL size requirements met. */ + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192 + #error "MySQL needs SP_INT_BITS at least at 8192" + #endif + + #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \ + WOLFSSL_MAX_RSA_BITS > SP_INT_BITS + #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS" + #endif + #else + /* Integer/heap maths - support 4096-bit. */ + #define ENCRYPT_BASE_BITS 4096 + #endif +#else + /* No secret from public key operation but PSK key plus length used. */ + #define ENCRYPT_BASE_BITS ((MAX_PSK_ID_LEN + 2) * 8) #endif +#ifdef WOLFSSL_DTLS_CID +#ifndef DTLS_CID_MAX_SIZE +/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt + * the record. Increasing the CID max size does increase also this buffer, + * impacting on per-session runtime memory footprint. */ +#define DTLS_CID_MAX_SIZE 2 +#endif +#else +#undef DTLS_CID_MAX_SIZE +#define DTLS_CID_MAX_SIZE 0 +#endif /* WOLFSSL_DTLS_CID */ + +#if DTLS_CID_MAX_SIZE > 255 +#error "Max size for DTLS CID is 255 bytes" +#endif + +#ifndef MAX_TICKET_AGE_DIFF +/* maximum ticket age difference in seconds, 10 seconds */ +#define MAX_TICKET_AGE_DIFF 10 +#endif +#ifndef TLS13_MAX_TICKET_AGE +/* max ticket age in seconds, 7 days */ +#define TLS13_MAX_TICKET_AGE (7*24*60*60) +#endif + + +/* Limit is 2^24.5 + * https://www.rfc-editor.org/rfc/rfc8446#section-5.5 + * Without the fraction is 23726566 (0x016A09E6) */ +#define AEAD_AES_LIMIT w64From32(0x016A, 0x09E6) +/* Limit is 2^23 + * https://www.rfc-editor.org/rfc/rfc9147.html#name-integrity-limits */ +#define DTLS_AEAD_AES_CCM_LIMIT w64From32(0, 1 << 22) + +/* Limit is 2^36 + * https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits */ +#define DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT w64From32(1 << 3, 0) +#define DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT w64From32(1 << 2, 0) +/* Limit is 2^7 + * https://www.rfc-editor.org/rfc/rfc9147.html#name-limits-for-aead_aes_128_ccm */ +#define DTLS_AEAD_AES_CCM_8_FAIL_LIMIT w64From32(0, 1 << 6) +#define DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT w64From32(0, 1 << 5) +/* Limit is 2^23.5. + * https://www.rfc-editor.org/rfc/rfc9147.html#name-integrity-limits + * Without the fraction is 11863283 (0x00B504F3) + * Half of this value is 5931641 (0x005A8279) */ +#define DTLS_AEAD_AES_CCM_FAIL_LIMIT w64From32(0x00B5, 0x04F3) +#define DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT w64From32(0x005A, 0x8279) + +#if defined(WOLFSSL_TLS13) || !defined(NO_PSK) + +#define TLS13_TICKET_NONCE_MAX_SZ 255 + +#if (defined(HAVE_FIPS) && \ + !(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) && \ + defined(TLS13_TICKET_NONCE_STATIC_SZ) +#error "TLS13_TICKET_NONCE_STATIC_SZ is not supported in this FIPS version" +#endif + +#ifndef TLS13_TICKET_NONCE_STATIC_SZ +#define TLS13_TICKET_NONCE_STATIC_SZ 8 +#endif + +#if TLS13_TICKET_NONCE_STATIC_SZ > TLS13_TICKET_NONCE_MAX_SZ +#error "Max size for ticket nonce is 255 bytes" +#endif + +#endif /* WOLFSSL_TLS13 || !NO_PSK */ + +#ifdef WOLFSSL_TLS13 +/* The length of the certificate verification label - client and server. */ +#define CERT_VFY_LABEL_SZ 34 +/* The number of prefix bytes for signature data. */ +#define SIGNING_DATA_PREFIX_SZ 64 +/* Maximum length of the signature data. */ +#define MAX_SIG_DATA_SZ (SIGNING_DATA_PREFIX_SZ + \ + CERT_VFY_LABEL_SZ + \ + WC_MAX_DIGEST_SIZE) +#endif /* WOLFSSL_TLS13 */ + enum Misc { - CIPHER_BYTE = 0x00, /* Default ciphers */ - ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ - QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ - CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ - TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ + CIPHER_BYTE = 0x00, /* Default ciphers */ + ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ + TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ + ECDHE_PSK_BYTE = 0xD0, /* RFC 8442 */ SEND_CERT = 1, SEND_BLANK_CERT = 2, DTLS_MAJOR = 0xfe, /* DTLS major version number */ DTLS_MINOR = 0xff, /* DTLS minor version number */ + DTLS_BOGUS_MINOR = 0xfe, /* DTLS 0xfe was skipped, see RFC6347 Sec. 1 */ DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ + DTLSv1_3_MINOR = 0xfc, /* DTLS minor version number */ SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ SSLv3_MINOR = 0, /* TLSv1 minor version number */ TLSv1_MINOR = 1, /* TLSv1 minor version number */ @@ -1254,18 +1365,25 @@ enum Misc { HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, /* pre RSA and all master */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) -#if !defined(NO_PSK) && defined(USE_FAST_MATH) - ENCRYPT_LEN = (FP_MAX_BITS / 2 / 8) + MAX_PSK_ID_LEN + 2, +#if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_32BIT_MILLI_TIME) + TIMESTAMP_LEN = 4, /* timestamp size in ticket */ #else - ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ + TIMESTAMP_LEN = 8, /* timestamp size in ticket */ #endif +#ifdef WOLFSSL_TLS13 + AGEADD_LEN = 4, /* ageAdd size in ticket */ + NAMEDGROUP_LEN = 2, /* namedGroup size in ticket */ +#ifdef WOLFSSL_EARLY_DATA + MAXEARLYDATASZ_LEN = 4, /* maxEarlyDataSz size in ticket */ +#endif +#endif +#ifdef HAVE_PQC + ENCRYPT_LEN = 4600, /* allow 4600 byte buffer for dilithium. */ #else #ifndef NO_PSK - ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */ + ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2, #else - ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ + ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8), #endif #endif SIZEOF_SENDER = 4, /* clnt or srvr */ @@ -1301,14 +1419,16 @@ enum Misc { EXT_ID_SZ = 2, /* always use 2 bytes */ MAX_DH_SIZE = MAX_DHKEY_SZ+1, /* Max size plus possible leading 0 */ - NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */ MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */ SESSION_HINT_SZ = 4, /* session timeout hint */ SESSION_ADD_SZ = 4, /* session age add */ TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ - MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */ +#if defined(WOLFSSL_TLS13) || !defined(NO_PSK) + MAX_TICKET_NONCE_STATIC_SZ = TLS13_TICKET_NONCE_STATIC_SZ, + /* maximum ticket nonce static size */ +#endif /* WOLFSSL_TLS13 || !NO_PSK */ MAX_LIFETIME = 604800, /* maximum ticket lifetime */ RAN_LEN = 32, /* random length */ @@ -1342,40 +1462,56 @@ enum Misc { DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ + DTLS_UNIFIED_HEADER_MIN_SZ = 2, + /* flags + seq_number(2) + length(2) + CID */ + DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE, + DTLS_RECORD_HEADER_MAX_SZ = 13, DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ DTLS_RECORD_EXTRA = 8, /* diff from normal */ DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ - DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ + DTLS_POOL_SZ = 20, /* allowed number of list items in TX and + * RX pool */ + DTLS_FRAG_POOL_SZ = WOLFSSL_DTLS_FRAG_POOL_SZ, + /* allowed number of fragments per msg */ DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ - DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ + TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ DTLS_EXPORT_OPT_SZ = 61, /* amount of bytes used from Options */ - DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ + TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), /* max amount of bytes used from Keys */ DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2), /* min amount of bytes used from Keys */ - DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ - DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ - DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ - DTLS_MTU_ADDITIONAL_READ_BUFFER = 100, /* Additional bytes to read so that - * we can work with a peer that has - * a slightly different MTU than us. */ + WOLFSSL_EXPORT_TLS = 1, + WOLFSSL_EXPORT_DTLS = 0, +#ifndef WOLFSSL_EXPORT_SPC_SZ + WOLFSSL_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ +#endif + WOLFSSL_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ + WOLFSSL_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ + + /* older export versions supported */ + WOLFSSL_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ + + MAX_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ + DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER, + /* Additional bytes to read so that + * we can work with a peer that has + * a slightly different MTU than us. */ MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ - MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN), + MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * WOLFSSL_EXPORT_LEN), /* max size of buffer for exporting state */ FINISHED_LABEL_SZ = 15, /* TLS finished label size */ TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ + TLS_FINISHED_SZ_MAX = WC_MAX_DIGEST_SIZE, + /* longest message digest size is SHA512, 64 */ EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ MAX_LABEL_SZ = 34, /* Maximum length of a label */ - MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + - OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + - OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ @@ -1445,16 +1581,10 @@ enum Misc { HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */ - HC_128_KEY_SIZE = 16, /* 128 bits */ - HC_128_IV_SIZE = 16, /* also 128 bits */ - - RABBIT_KEY_SIZE = 16, /* 128 bits */ - RABBIT_IV_SIZE = 8, /* 64 bits for iv */ - EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ #ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */ - ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ + ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ #endif MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ @@ -1465,10 +1595,34 @@ enum Misc { ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ ED448_SA_MINOR = 8, /* Least significant byte for ED448 */ + PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algs */ + + /* These values for falcon and dilithium match what OQS has defined in their OpenSSL fork. */ + FALCON_LEVEL1_SA_MAJOR = 0xFE, + FALCON_LEVEL1_SA_MINOR = 0x0B, + FALCON_LEVEL5_SA_MAJOR = 0xFE, + FALCON_LEVEL5_SA_MINOR = 0x0E, + + DILITHIUM_LEVEL2_SA_MAJOR = 0xFE, + DILITHIUM_LEVEL2_SA_MINOR = 0xA0, + DILITHIUM_LEVEL3_SA_MAJOR = 0xFE, + DILITHIUM_LEVEL3_SA_MINOR = 0xA3, + DILITHIUM_LEVEL5_SA_MAJOR = 0xFE, + DILITHIUM_LEVEL5_SA_MINOR = 0xA5, + + DILITHIUM_AES_LEVEL2_SA_MAJOR = 0xFE, + DILITHIUM_AES_LEVEL2_SA_MINOR = 0xA7, + DILITHIUM_AES_LEVEL3_SA_MAJOR = 0xFE, + DILITHIUM_AES_LEVEL3_SA_MINOR = 0xAA, + DILITHIUM_AES_LEVEL5_SA_MAJOR = 0xFE, + DILITHIUM_AES_LEVEL5_SA_MINOR = 0xAC, + MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ -#ifndef NO_RSA +#if defined(HAVE_PQC) + MAX_CERT_VERIFY_SZ = 6000, /* For Dilithium */ +#elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */ #elif defined(HAVE_ECC) MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ @@ -1486,26 +1640,24 @@ enum Misc { DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ - NULL_TERM_LEN = 1, /* length of null '\0' termination character */ - MAX_PSK_KEY_LEN = 64, /* max psk key supported */ - MIN_PSK_ID_LEN = 6, /* min length of identities */ - MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ - MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ + NULL_TERM_LEN = 1, /* length of null '\0' termination character */ + MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + MIN_PSK_ID_LEN = 6, /* min length of identities */ + MIN_PSK_BINDERS_LEN = 33, /* min length of binders */ #ifndef MAX_WOLFSSL_FILE_SIZE - MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */ + MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4, /* 4 mb file size alloc limit */ #endif -#ifdef WOLFSSL_HAPROXY +#if defined(HAVE_PQC) + MAX_X509_SIZE = 8*1024, /* max static x509 buffer size; dilithium is big */ +#elif defined(WOLFSSL_HAPROXY) MAX_X509_SIZE = 3072, /* max static x509 buffer size */ #else MAX_X509_SIZE = 2048, /* max static x509 buffer size */ #endif CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ - MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ - MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ - MAX_NTRU_BITS = 256, /* max symmetric bit strength */ NO_SNIFF = 0, /* not sniffing */ SNIFF = 1, /* currently sniffing */ @@ -1523,6 +1675,15 @@ enum Misc { READ_PROTO = 0 /* reading a protocol message */ }; +#define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \ + (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) +#ifdef HAVE_PQC +#define WOLFSSL_NAMED_GROUP_IS_PQC(group) \ + (WOLFSSL_PQC_MIN <= (group) && (group) <= WOLFSSL_PQC_MAX) +#else +#define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0) +#endif /* HAVE_PQC */ + /* minimum Downgrade Minor version */ #ifndef WOLFSSL_MIN_DOWNGRADE #ifndef NO_OLD_TLS @@ -1532,6 +1693,11 @@ enum Misc { #endif #endif +/* minimum DTLS Downgrade Minor version */ +#ifndef WOLFSSL_MIN_DTLS_DOWNGRADE +#define WOLFSSL_MIN_DTLS_DOWNGRADE DTLS_MINOR; +#endif + /* Set max implicit IV size for AEAD cipher suites */ #define AEAD_MAX_IMP_SZ 12 @@ -1546,7 +1712,14 @@ enum Misc { /* number of items in the signature algo list */ #ifndef WOLFSSL_MAX_SIGALGO - #define WOLFSSL_MAX_SIGALGO 36 +#ifdef HAVE_PQC + /* If we are building with post-quantum algorithms, we likely want to + * inter-op with OQS's OpenSSL and they send a lot more sigalgs. + */ + #define WOLFSSL_MAX_SIGALGO 128 +#else + #define WOLFSSL_MAX_SIGALGO 38 +#endif #endif @@ -1568,6 +1741,15 @@ enum Misc { #endif #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) +#ifdef HAVE_PQC +#ifndef MIN_FALCONKEY_SZ + #define MIN_FALCONKEY_SZ 897 +#endif +#ifndef MIN_DILITHIUMKEY_SZ + #define MIN_DILITHIUMKEY_SZ 1312 +#endif +#endif + /* set minimum RSA key size allowed */ #ifndef WOLFSSL_MIN_RSA_BITS #ifdef WOLFSSL_MAX_STRENGTH @@ -1599,8 +1781,8 @@ enum Misc { /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ #ifndef MAX_CERTIFICATE_SZ #define MAX_CERTIFICATE_SZ \ - CERT_HEADER_SZ + \ - (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH + (CERT_HEADER_SZ + \ + (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH) #endif /* max size of a handshake message, currently set to the certificate */ @@ -1608,15 +1790,19 @@ enum Misc { #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ #endif -#ifndef SESSION_TICKET_LEN - #define SESSION_TICKET_LEN 256 +#ifndef PREALLOC_SESSION_TICKET_LEN + #define PREALLOC_SESSION_TICKET_LEN 512 +#endif + +#ifndef PREALLOC_SESSION_TICKET_NONCE_LEN + #define PREALLOC_SESSION_TICKET_NONCE_LEN 32 #endif #ifndef SESSION_TICKET_HINT_DEFAULT #define SESSION_TICKET_HINT_DEFAULT 300 #endif -#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) +#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) /* Check chosen encryption is available. */ #if !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) && \ defined(WOLFSSL_TICKET_ENC_CHACHA20_POLY1305) @@ -1636,16 +1822,14 @@ enum Misc { #endif #endif +#define MAX_ENCRYPT_SZ ENCRYPT_LEN -/* don't use extra 3/4k stack space unless need to */ -#ifdef HAVE_NTRU - #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ -#else - #define MAX_ENCRYPT_SZ ENCRYPT_LEN -#endif +#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) do { \ + typedef char _args_test_[sizeof((x)) >= sizeof((y)) ? 1 : -1]; \ + (void)sizeof(_args_test_); \ +} while(0) - -/* states */ +/* states. Adding state before HANDSHAKE_DONE will break session importing */ enum states { NULL_STATE = 0, @@ -1657,16 +1841,21 @@ enum states { SERVER_CERT_VERIFY_COMPLETE, SERVER_KEYEXCHANGE_COMPLETE, SERVER_HELLODONE_COMPLETE, - SERVER_CHANGECIPHERSPEC_COMPLETE, + SERVER_CHANGECIPHERSPEC_COMPLETE, SERVER_FINISHED_COMPLETE, CLIENT_HELLO_RETRY, CLIENT_HELLO_COMPLETE, CLIENT_KEYEXCHANGE_COMPLETE, - CLIENT_CHANGECIPHERSPEC_COMPLETE, + CLIENT_CHANGECIPHERSPEC_COMPLETE, CLIENT_FINISHED_COMPLETE, - HANDSHAKE_DONE + HANDSHAKE_DONE, + +#ifdef WOLFSSL_DTLS13 + SERVER_FINISHED_ACKED, +#endif /* WOLFSSL_DTLS13 */ + }; /* SSL Version */ @@ -1686,17 +1875,23 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); - #ifdef WOLFSSL_SESSION_EXPORT - WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, const byte* buf, - word32 sz); - WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, - word32 sz); +#ifdef WOLFSSL_DTLS13 + WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_3(void); +#endif /* WOLFSSL_DTLS13 */ + +#endif +#ifdef WOLFSSL_SESSION_EXPORT +WOLFSSL_LOCAL int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, + word32* sz, int type); +WOLFSSL_LOCAL int wolfSSL_session_import_internal(WOLFSSL* ssl, const byte* buf, + word32 sz, int type); +#ifdef WOLFSSL_DTLS WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, byte* buf, word32 sz); WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, const byte* buf, word32 sz); WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); - #endif +#endif #endif struct WOLFSSL_BY_DIR_HASH { @@ -1727,9 +1922,14 @@ typedef WOLFSSL_BUFFER_INFO buffer; typedef struct Suites Suites; +/* Declare opaque struct for API to use */ +#ifndef WOLFSSL_CLIENT_SESSION_DEFINED + typedef struct ClientSession ClientSession; + #define WOLFSSL_CLIENT_SESSION_DEFINED +#endif /* defaults to client */ -WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); +WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv); WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); @@ -1741,40 +1941,48 @@ WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz, int sniff); #endif -WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); +WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, + int sniff); /* TLS v1.3 needs these */ WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites); #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL byte SuiteMac(byte* suite); #endif -WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, - word32); +WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 helloSz); #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz); #endif -WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, - word32); +WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 helloSz); WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz); -#ifdef WOLF_CRYPTO_CB -WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* buffer, word32 length, +#if defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_CHECK_PRIVATE_KEY) +WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType, int label, int id, void* heap, int devId); #endif WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); -#ifdef HAVE_PK_CALLBACKS +#ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); #ifndef NO_ASN WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); #endif #endif +WOLFSSL_LOCAL int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz, + int check); +WOLFSSL_LOCAL int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, + int sigAlgo, int hashAlgo); +#ifdef WOLFSSL_ASYNC_IO +WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); +#endif WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); -WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); +WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); #ifndef NO_CERTS WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN); @@ -1791,6 +1999,14 @@ WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); #endif #endif + +#ifdef HAVE_ALPN +WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl); +#endif + +WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, + word16 sz); /* needed by sniffer */ + #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, const byte* aad, word16 aadSz); @@ -1803,8 +2019,12 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz, byte* extMsgType); WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl); + +WOLFSSL_LOCAL int Tls13DeriveKey(WOLFSSL *ssl, byte *output, int outputLen, + const byte *secret, const byte *label, word32 labelLen, int hashAlgo, + int includeMsgs, int side); #endif -int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, int pLen, int content); @@ -1836,14 +2056,22 @@ enum { #endif -/* give user option to use 16K static buffers */ -#if defined(LARGE_STATIC_BUFFERS) - #define RECORD_SIZE MAX_RECORD_SIZE +/* determine maximum record size */ +#ifdef RECORD_SIZE + /* user supplied value */ + #if RECORD_SIZE < 128 || RECORD_SIZE > MAX_RECORD_SIZE + #error Invalid record size + #endif #else - #ifdef WOLFSSL_DTLS - #define RECORD_SIZE MAX_MTU + /* give user option to use 16K static buffers */ + #if defined(LARGE_STATIC_BUFFERS) + #define RECORD_SIZE MAX_RECORD_SIZE #else - #define RECORD_SIZE 128 + #ifdef WOLFSSL_DTLS + #define RECORD_SIZE MAX_MTU + #else + #define RECORD_SIZE 128 + #endif #endif #endif @@ -1866,9 +2094,15 @@ enum { The length (in bytes) of the following TLSPlaintext.fragment. The length should not exceed 2^14. */ -#if defined(LARGE_STATIC_BUFFERS) - #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ - MTU_EXTRA + MAX_MSG_EXTRA +#ifdef STATIC_BUFFER_LEN + /* user supplied option */ + #if STATIC_BUFFER_LEN < 5 || STATIC_BUFFER_LEN > (RECORD_HEADER_SZ + \ + RECORD_SIZE + COMP_EXTRA + MTU_EXTRA + MAX_MSG_EXTRA)) + #error Invalid static buffer length + #endif +#elif defined(LARGE_STATIC_BUFFERS) + #define STATIC_BUFFER_LEN (RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ + MTU_EXTRA + MAX_MSG_EXTRA) #else /* don't fragment memory from the record header */ #define STATIC_BUFFER_LEN RECORD_HEADER_SZ @@ -1898,15 +2132,23 @@ struct Suites { #endif }; - WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, - int haveRSAsig, int haveAnon, + int haveRSAsig, int haveFalconSig, + int haveDilithiumSig, int haveAnon, int tls1_2, int keySz); -WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16, - word16, word16, word16, word16, word16, word16, int); +WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, + word16 haveRSA, word16 havePSK, word16 haveDH, + word16 haveECDSAsig, word16 haveECC, + word16 haveStaticRSA, word16 haveStaticECC, + word16 haveFalconSig, word16 haveDilithiumSig, + word16 haveAnon, word16 haveNull, int side); + WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); -WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); -WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites*, const char* list); +WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, + const char* list); +WOLFSSL_LOCAL int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, + const byte* list, const int listSz); +WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites* suites, const char* list); #ifndef PSK_TYPES_DEFINED typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, @@ -1928,7 +2170,7 @@ WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites*, const char* list); #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ !defined(WOLFSSL_DTLS_EXPORT_TYPES) typedef int (*wc_dtls_export)(WOLFSSL* ssl, - unsigned char* exportBuffer, unsigned int sz, void* userCtx); + #define WOLFSSL_DTLS_EXPORT_TYPES #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ @@ -1987,7 +2229,13 @@ typedef struct CRL_Entry CRL_Entry; #ifdef NO_ASN typedef struct RevokedCert RevokedCert; #endif - +#ifdef CRL_STATIC_REVOKED_LIST + #ifndef CRL_MAX_REVOKED_CERTS + #define CRL_MAX_REVOKED_CERTS 4 + #elif CRL_MAX_REVOKED_CERTS > 22000 + #error CRL_MAX_REVOKED_CERTS too big, max is 22000 + #endif +#endif /* Complete CRL */ struct CRL_Entry { CRL_Entry* next; /* next entry */ @@ -1998,8 +2246,17 @@ struct CRL_Entry { byte nextDate[MAX_DATE_SIZE]; /* next update date */ byte lastDateFormat; /* last date format */ byte nextDateFormat; /* next date format */ - RevokedCert* certs; /* revoked cert list */ - int totalCerts; /* number on list */ +#if defined(OPENSSL_EXTRA) + WOLFSSL_ASN1_TIME lastDateAsn1; /* last date updated */ + WOLFSSL_ASN1_TIME nextDateAsn1; /* next update date */ +#endif +#ifdef CRL_STATIC_REVOKED_LIST + RevokedCert certs[CRL_MAX_REVOKED_CERTS]; +#else + RevokedCert* certs; /* revoked cert list */ +#endif + int totalCerts; /* number on list */ + int version; /* version of certficate */ int verified; byte* toBeSigned; word32 tbsSz; @@ -2009,6 +2266,10 @@ struct CRL_Entry { #if !defined(NO_SKID) && !defined(NO_ASN) byte extAuthKeyIdSet; byte extAuthKeyId[KEYID_SIZE]; +#endif + int crlNumber; /* CRL number extension */ +#if defined(OPENSSL_EXTRA) + WOLFSSL_X509_NAME* issuer; /* X509_NAME type issuer */ #endif }; @@ -2029,6 +2290,7 @@ struct CRL_Monitor { /* wolfSSL CRL controller */ struct WOLFSSL_CRL { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ + CRL_Entry* currentEntry; /* Current CRL entry being processed */ CRL_Entry* crlList; /* our CRL list */ #ifdef HAVE_CRL_IO CbCrlIO crlIOCb; @@ -2102,20 +2364,31 @@ struct WOLFSSL_CERT_MANAGER { #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum allowed ECC key size */ #endif -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */ /* CTX has ownership and free this */ /* with CTX free. */ #endif +#ifndef SINGLE_THREADED wolfSSL_Mutex refMutex; /* reference count mutex */ +#endif int refCount; /* reference count */ +#ifdef HAVE_PQC + short minFalconKeySz; /* minimum allowed Falcon key size */ + short minDilithiumKeySz; /* minimum allowed Dilithium key size */ +#endif + }; -WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); -WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); -WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); -WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); -WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); +WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, + const char* fname); +WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, + const char* fname); +WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, + int sz, int* used); +WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, + const void* mem, int sz); +WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, long sz, int format, int err_val); @@ -2155,6 +2428,7 @@ WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, /* wolfSSL Sock Addr */ struct WOLFSSL_SOCKADDR { unsigned int sz; /* sockaddr size */ + unsigned int bufSz; /* size of allocated buffer */ void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ }; @@ -2162,6 +2436,11 @@ typedef struct WOLFSSL_DTLS_CTX { WOLFSSL_SOCKADDR peer; int rfd; int wfd; + byte userSet:1; + byte connected:1; /* When set indicates rfd and wfd sockets are + * connected (connect() and bind() both called). + * This means that sendto and recvfrom do not need to + * specify and store the peer address. */ } WOLFSSL_DTLS_CTX; @@ -2203,6 +2482,11 @@ typedef struct Keys { byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; #endif +#ifdef WOLFSSL_DTLS13 + byte client_sn_key[MAX_SYM_KEY_SIZE]; + byte server_sn_key[MAX_SYM_KEY_SIZE]; +#endif /* WOLFSSL_DTLS13 */ + word32 peer_sequence_number_hi; word32 peer_sequence_number_lo; word32 sequence_number_hi; @@ -2212,6 +2496,12 @@ typedef struct Keys { word16 curEpoch; /* Received epoch in current record */ word16 curSeq_hi; /* Received sequence in current record */ word32 curSeq_lo; + +#ifdef WOLFSSL_DTLS13 + w64wrapper curEpoch64; /* Received epoch in current record */ + w64wrapper curSeq; +#endif /* WOLFSSL_DTLS13 */ + #ifdef WOLFSSL_MULTICAST byte curPeerId; /* Received peer group ID in current record */ #endif @@ -2242,6 +2532,11 @@ typedef struct Keys { tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret; #endif +#ifdef WOLFSSL_RENESAS_SCEPROTECT + + sce_hmac_sha_wrapped_key_t sce_client_write_MAC_secret; + sce_hmac_sha_wrapped_key_t sce_server_write_MAC_secret; +#endif } Keys; @@ -2261,6 +2556,9 @@ typedef enum { TLSX_EC_POINT_FORMATS = 0x000b, #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ +#endif +#ifdef WOLFSSL_SRTP + TLSX_USE_SRTP = 0x000e, /* 14 */ #endif TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ @@ -2268,7 +2566,6 @@ typedef enum { TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ #endif TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */ - TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ TLSX_SESSION_TICKET = 0x0023, #ifdef WOLFSSL_TLS13 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -2291,8 +2588,17 @@ typedef enum { TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, #endif TLSX_KEY_SHARE = 0x0033, + #if defined(WOLFSSL_DTLS_CID) + TLSX_CONNECTION_ID = 0x0036, + #endif /* defined(WOLFSSL_DTLS_CID) */ + #ifdef WOLFSSL_QUIC + TLSX_KEY_QUIC_TP_PARAMS = 0x0039, /* RFC 9001, ch. 8.2 */ + #endif +#endif + TLSX_RENEGOTIATION_INFO = 0xff01, +#ifdef WOLFSSL_QUIC + TLSX_KEY_QUIC_TP_PARAMS_DRAFT = 0xffa5, /* from draft-ietf-quic-tls-27 */ #endif - TLSX_RENEGOTIATION_INFO = 0xff01 } TLSX_Type; typedef struct TLSX { @@ -2328,6 +2634,8 @@ WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, int* found); WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, Suites *suites); +WOLFSSL_LOCAL int TLSX_Push(TLSX** list, TLSX_Type type, + const void* data, void* heap); #elif defined(HAVE_SNI) \ || defined(HAVE_MAX_FRAGMENT) \ @@ -2337,7 +2645,6 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ || defined(HAVE_SUPPORTED_CURVES) \ || defined(HAVE_ALPN) \ - || defined(HAVE_QSH) \ || defined(HAVE_SESSION_TICKET) \ || defined(HAVE_SECURE_RENEGOTIATION) \ || defined(HAVE_SERVER_RENEGOTIATION_INFO) @@ -2368,8 +2675,8 @@ WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options); -WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, - byte type, byte* sni, word32* inOutSz); +WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* clientHello, + word32 helloSz, byte type, byte* sni, word32* inOutSz); #endif #endif /* HAVE_SNI */ @@ -2404,7 +2711,7 @@ WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options, void* heap); -WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); +WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, byte option); #endif /* HAVE_ALPN */ @@ -2468,11 +2775,18 @@ WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, void* heap); #endif WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, - byte index); + byte idx); WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); #endif +#if defined(WOLFSSL_PUBLIC_ASN) && defined(HAVE_PK_CALLBACKS) +/* Internal callback guarded by WOLFSSL_PUBLIC_ASN because of DecodedCert. */ +typedef int (*CallbackProcessPeerCert)(WOLFSSL* ssl, DecodedCert* p_cert); +WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, + CallbackProcessPeerCert cb); +#endif /* DecodedCert && HAVE_PK_CALLBACKS */ + /** Supported Elliptic Curves - RFC 4492 (session 4) */ #ifdef HAVE_SUPPORTED_CURVES @@ -2536,8 +2850,51 @@ WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); #endif /* HAVE_SECURE_RENEGOTIATION */ -/** Session Ticket - RFC 5077 (session 3.2) */ #ifdef HAVE_SESSION_TICKET +/* Our ticket format. All members need to be a byte or array of byte to + * avoid alignment issues */ +typedef struct InternalTicket { + ProtocolVersion pv; /* version when ticket created */ + byte suite[SUITE_LEN]; /* cipher suite when created */ + byte msecret[SECRET_LEN]; /* master secret */ + byte timestamp[TIMESTAMP_LEN]; /* born on */ + byte haveEMS; /* have extended master secret */ +#ifdef WOLFSSL_TLS13 + byte ageAdd[AGEADD_LEN]; /* Obfuscation of age */ + byte namedGroup[NAMEDGROUP_LEN]; /* Named group used */ + byte ticketNonceLen; + byte ticketNonce[MAX_TICKET_NONCE_STATIC_SZ]; +#ifdef WOLFSSL_EARLY_DATA + byte maxEarlyDataSz[MAXEARLYDATASZ_LEN]; /* Max size of + * early data */ +#endif +#endif +#ifdef WOLFSSL_TICKET_HAVE_ID + byte id[ID_LEN]; +#endif +} InternalTicket; + +#ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ +#define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32 +#endif + +#define WOLFSSL_TICKET_ENC_SZ \ + (sizeof(InternalTicket) + WOLFSSL_TICKET_EXTRA_PADDING_SZ) + +/* RFC 5077 defines this for session tickets. All members need to be a byte or + * array of byte to avoid alignment issues */ +typedef struct ExternalTicket { + byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ + byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ + byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ + byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; + /* encrypted internal ticket */ + byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac - 32 */ +} ExternalTicket; + +/* Cast to int to reduce amount of casts in code */ +#define SESSION_TICKET_LEN ((int)sizeof(ExternalTicket)) +#define WOLFSSL_TICKET_FIXED_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_ENC_SZ) typedef struct SessionTicket { word32 lifetime; @@ -2549,7 +2906,7 @@ typedef struct SessionTicket { word16 size; } SessionTicket; -#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) +#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) /* Data passed to default SessionTicket enc/dec callback. */ typedef struct TicketEncCbCtx { @@ -2569,7 +2926,7 @@ typedef struct TicketEncCbCtx { WOLFSSL_CTX* ctx; } TicketEncCbCtx; -#endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !WOLFSSL_NO_SERVER */ +#endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !NO_WOLFSSL_SERVER */ WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap); @@ -2579,48 +2936,10 @@ WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); #endif /* HAVE_SESSION_TICKET */ -/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */ -#ifdef HAVE_QSH - -typedef struct QSHScheme { - struct QSHScheme* next; /* List Behavior */ - byte* PK; - word16 name; /* QSHScheme Names */ - word16 PKLen; -} QSHScheme; - -typedef struct QSHkey { - struct QSHKey* next; - word16 name; - buffer pub; - buffer pri; -} QSHKey; - -typedef struct QSHSecret { - QSHScheme* list; - buffer* SerSi; - buffer* CliSi; -} QSHSecret; - -/* used in key exchange during handshake */ -WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, - word16 length, byte isServer); -WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output); -WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); - -/* used by api for setting a specific QSH scheme */ -WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, - byte* pKey, word16 pKeySz, void* heap); - -/* used when parsing in QSHCipher structs */ -WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, - byte* out, word16* szOut); -#ifndef NO_WOLFSSL_SERVER -WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) +int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl); #endif -#endif /* HAVE_QSH */ - #ifdef WOLFSSL_TLS13 /* Cookie extension information - cookie data. */ typedef struct Cookie { @@ -2636,15 +2955,15 @@ WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, /* The KeyShare extension information - entry in a linked list. */ typedef struct KeyShareEntry { - word16 group; /* NamedGroup */ - byte* ke; /* Key exchange data */ - word32 keLen; /* Key exchange data length */ - void* key; /* Key struct */ - word32 keyLen; /* Key size (bytes) */ - byte* pubKey; /* Public key */ - word32 pubKeyLen; /* Public key length */ -#ifndef NO_DH - byte* privKey; /* Private key - DH only */ + word16 group; /* NamedGroup */ + byte* ke; /* Key exchange data */ + word32 keLen; /* Key exchange data length */ + void* key; /* Key struct */ + word32 keyLen; /* Key size (bytes) */ + byte* pubKey; /* Public key */ + word32 pubKeyLen; /* Public key length */ +#if !defined(NO_DH) || defined(HAVE_PQC) + byte* privKey; /* Private key - DH ond PQ KEMs only */ #endif #ifdef WOLFSSL_ASYNC_CRYPT int lastRet; @@ -2660,13 +2979,6 @@ WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -/* Ticket nonce - for deriving PSK. - * Length allowed to be: 1..255. Only support 4 bytes. - */ -typedef struct TicketNonce { - byte len; - byte data[MAX_TICKET_NONCE_SZ]; -} TicketNonce; /* The PreSharedKey extension information - entry in a linked list. */ typedef struct PreSharedKey { @@ -2708,7 +3020,7 @@ enum PskKeyExchangeMode { WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); #ifdef WOLFSSL_EARLY_DATA -WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max); +WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max, int is_response); #endif #endif /* HAVE_SESSION_TICKET || !NO_PSK */ @@ -2740,6 +3052,17 @@ enum KeyUpdateRequest { }; #endif /* WOLFSSL_TLS13 */ +#ifdef WOLFSSL_DTLS_CID +WOLFSSL_LOCAL void TLSX_ConnectionID_Free(byte* ext, void* heap); +WOLFSSL_LOCAL word16 TLSX_ConnectionID_Write(byte* ext, byte* output); +WOLFSSL_LOCAL word16 TLSX_ConnectionID_GetSize(byte* ext); +WOLFSSL_LOCAL int TLSX_ConnectionID_Use(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, + word16 length, byte isRequest); +WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl); +WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input, + word16 inputSize); +#endif /* WOLFSSL_DTLS_CID */ #ifdef OPENSSL_EXTRA enum SetCBIO { @@ -2758,15 +3081,14 @@ typedef struct { #ifdef HAVE_ECC DerBuffer* ecKey; #endif - /* bits */ -#ifndef NO_DH - byte weOwnDH:1; +#ifdef HAVE_CURVE25519 + DerBuffer* x25519Key; #endif -#ifdef HAVE_ECC - byte weOwnEC:1; +#ifdef HAVE_CURVE448 + DerBuffer* x448Key; #endif } StaticKeyExchangeInfo_t; -#endif +#endif /* WOLFSSL_STATIC_EPHEMERAL */ /* wolfSSL context type */ @@ -2789,10 +3111,11 @@ struct WOLFSSL_CTX { #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif - #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) + #ifdef OPENSSL_EXTRA WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; client_cert_cb CBClientCert; /* client certificate callback */ + CertSetupCallback certSetupCb; + void* certSetupCbArg; #endif #ifdef WOLFSSL_TLS13 int certChainCnt; @@ -2823,15 +3146,18 @@ struct WOLFSSL_CTX { byte sessionCacheFlushOff:1; #ifdef HAVE_EXT_CACHE byte internalCacheOff:1; + byte internalCacheLookupOff:1; #endif byte sendVerify:2; /* for client side (can not be single bit) */ byte haveRSA:1; /* RSA available */ byte haveECC:1; /* ECC available */ byte haveDH:1; /* server DH parms set by user */ - byte haveNTRU:1; /* server private NTRU key loaded */ byte haveECDSAsig:1; /* server cert signed w/ ECDSA */ + byte haveFalconSig:1; /* server cert signed w/ Falcon */ + byte haveDilithiumSig:1;/* server cert signed w/ Dilithium */ byte haveStaticECC:1; /* static server ECC private key */ byte partialWrite:1; /* only one msg per write call */ + byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */ byte quietShutdown:1; /* don't send close notify */ byte groupMessages:1; /* group handshake messages before sending */ byte minDowngrade; /* minimum downgrade version */ @@ -2841,12 +3167,17 @@ struct WOLFSSL_CTX { byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */ #endif #ifdef WOLFSSL_TLS13 + #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) + unsigned int maxTicketTls13; /* maximum number of tickets to send */ + #endif byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */ byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ #endif byte mutualAuth:1; /* Mutual authentication required */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) byte postHandshakeAuth:1; /* Post-handshake auth supported. */ + byte verifyPostHandshake:1; /* Only send client cert req post + * handshake, not also during */ #endif #ifndef NO_DH #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ @@ -2854,24 +3185,34 @@ struct WOLFSSL_CTX { byte dhKeyTested:1; /* Set when key has been tested. */ #endif #endif -#ifdef HAVE_SECURE_RENEGOTIATION +#if defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO) byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */ #endif #ifdef HAVE_ENCRYPT_THEN_MAC byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ #endif #ifdef WOLFSSL_STATIC_MEMORY - byte onHeap:1; /* whether the ctx/method is put on heap hint */ + byte onHeapHint:1; /* whether the ctx/method is put on heap hint */ #endif -#ifdef WOLFSSL_MULTICAST +#if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) + byte staticKELockInit:1; +#endif +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) + byte dtlsSctp:1; /* DTLS-over-SCTP mode */ +#endif + word16 minProto:1; /* sets min to min available */ + word16 maxProto:1; /* sets max to max available */ + +#ifdef WOLFSSL_SRTP + word16 dtlsSrtpProfiles; /* DTLS-with-SRTP mode + * (list of selected profiles - up to 16) */ +#endif +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) byte haveMcast; /* multicast requested */ byte mcastID; /* multicast group ID */ #endif -#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) - byte dtlsSctp; /* DTLS-over-SCTP mode */ -#endif -#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ - defined(WOLFSSL_DTLS) +#if defined(WOLFSSL_DTLS) && \ + (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) word16 dtlsMtuSz; /* DTLS MTU size */ #endif #ifndef NO_DH @@ -2883,6 +3224,10 @@ struct WOLFSSL_CTX { #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ +#endif +#ifdef HAVE_PQC + short minFalconKeySz; /* minimum Falcon key size */ + short minDilithiumKeySz;/* minimum Dilithium key size */ #endif unsigned long mask; /* store SSL_OP_ flags */ #ifdef OPENSSL_EXTRA @@ -2905,19 +3250,27 @@ struct WOLFSSL_CTX { CallbackIOSend CBIOSend; #ifdef WOLFSSL_DTLS CallbackGenCookie CBIOCookie; /* gen cookie callback */ +#endif /* WOLFSSL_DTLS */ #ifdef WOLFSSL_SESSION_EXPORT +#ifdef WOLFSSL_DTLS wc_dtls_export dtls_export; /* export function for DTLS session */ +#endif CallbackGetPeer CBGetPeer; CallbackSetPeer CBSetPeer; #endif -#endif /* WOLFSSL_DTLS */ VerifyCallback verifyCallback; /* cert verification callback */ + void* verifyCbCtx; /* cert verify callback user ctx*/ #ifdef OPENSSL_ALL CertVerifyCallback verifyCertCb; void* verifyCertCbArg; #endif /* OPENSSL_ALL */ +#ifdef OPENSSL_EXTRA + SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ + void* protoMsgCtx; /* user set context with msg callback */ +#endif word32 timeout; /* session timeout */ -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \ + defined(HAVE_ED448) word32 ecdhCurveOID; /* curve Ecc_Sum */ #endif #ifdef HAVE_ECC @@ -2949,19 +3302,22 @@ struct WOLFSSL_CTX { byte haveAnon; /* User wants to allow Anon suites */ #endif /* HAVE_ANON */ #ifdef WOLFSSL_ENCRYPTED_KEYS - pem_password_cb* passwd_cb; - void* passwd_userdata; + wc_pem_password_cb* passwd_cb; + void* passwd_userdata; #endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) +#ifdef WOLFSSL_LOCAL_X509_STORE WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ +#endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) byte readAhead; void* userPRFArg; /* passed to prf callback */ #endif #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) +#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || defined(WOLFSSL_QUIC)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif @@ -3018,9 +3374,13 @@ struct WOLFSSL_CTX { #ifdef HAVE_ECC CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */ CallbackEccSign EccSignCb; /* User EccSign Callback handler */ + void* EccSignCtx; /* Ecc Sign Callback Context */ CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ #endif /* HAVE_ECC */ + #ifdef HAVE_HKDF + CallbackHKDFExtract HkdfExtractCb; /* User hkdf Extract Callback handler */ + #endif #ifdef HAVE_ED25519 /* User Ed25519Sign Callback handler */ CallbackEd25519Sign Ed25519SignCb; @@ -3046,20 +3406,55 @@ struct WOLFSSL_CTX { CallbackX448SharedSecret X448SharedSecretCb; #endif #ifndef NO_DH - CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ + /* User DH KeyGen Callback handler*/ + CallbackDhGenerateKeyPair DhGenerateKeyPairCb; + /* User DH Agree Callback handler */ + CallbackDhAgree DhAgreeCb; #endif #ifndef NO_RSA - CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */ - CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */ - CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */ + /* User RsaSign Callback handler (priv key) */ + CallbackRsaSign RsaSignCb; + /* User RsaVerify Callback handler (pub key) */ + CallbackRsaVerify RsaVerifyCb; + /* User VerifyRsaSign Callback handler (priv key) */ + CallbackRsaVerify RsaSignCheckCb; #ifdef WC_RSA_PSS - CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */ - CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */ - CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */ + /* User RsaSign (priv key) */ + CallbackRsaPssSign RsaPssSignCb; + /* User RsaVerify (pub key) */ + CallbackRsaPssVerify RsaPssVerifyCb; + /* User VerifyRsaSign (priv key) */ + CallbackRsaPssVerify RsaPssSignCheckCb; #endif CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ #endif /* NO_RSA */ + + /* User generate pre-master handler */ + CallbackGenPreMaster GenPreMasterCb; + /* User generate master secret handler */ + CallbackGenMasterSecret GenMasterCb; + /* User generate session key handler */ + CallbackGenSessionKey GenSessionKeyCb; + /* User setting encrypt keys handler */ + CallbackEncryptKeys EncryptKeysCb; + /* User Tls finished handler */ + CallbackTlsFinished TlsFinishedCb; +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) + /* User Verify mac handler */ + CallbackVerifyMac VerifyMacCb; +#endif +#if defined(WOLFSSL_PUBLIC_ASN) + /* User handler to process a certificate */ + CallbackProcessPeerCert ProcessPeerCertCb; +#endif + /* User handler to process the server's key exchange public key */ + CallbackProcessServerSigKex ProcessServerSigKexCb; + /* User handler to process the TLS record */ + CallbackPerformTlsRecordProcessing PerformTlsRecordProcessingCb; + /* User handler to do HKDF expansions */ + CallbackHKDFExpandLabel HKDFExpandLabelCb; + #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_WOLF_EVENT WOLF_EVENT_QUEUE event_queue; @@ -3067,7 +3462,9 @@ struct WOLFSSL_CTX { #ifdef HAVE_EXT_CACHE WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, const unsigned char*, int, int*); int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); - void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); +#endif +#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) + Rem_Sess_Cb rem_sess_cb; #endif #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) Srp* srp; /* TLS Secure Remote Password Protocol*/ @@ -3078,17 +3475,28 @@ struct WOLFSSL_CTX { #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ #ifdef WOLFSSL_STATIC_EPHEMERAL StaticKeyExchangeInfo_t staticKE; + #ifndef SINGLE_THREADED + wolfSSL_Mutex staticKELock; + #endif +#endif +#ifdef WOLFSSL_QUIC + struct { + const WOLFSSL_QUIC_METHOD *method; + } quic; #endif }; WOLFSSL_LOCAL -int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); +int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap); WOLFSSL_LOCAL -void FreeSSL_Ctx(WOLFSSL_CTX*); +void FreeSSL_Ctx(WOLFSSL_CTX* ctx); WOLFSSL_LOCAL -void SSL_CtxResourceFree(WOLFSSL_CTX*); +void SSL_CtxResourceFree(WOLFSSL_CTX* ctx); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS + #ifndef HAVE_EX_DATA + #error "HAVE_EX_DATA_CLEANUP_HOOKS requires HAVE_EX_DATA to be defined" + #endif void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data); #endif @@ -3107,7 +3515,7 @@ int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); WOLFSSL_LOCAL - int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); + int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert); #endif #endif @@ -3141,28 +3549,36 @@ enum KeyExchangeAlgorithm { psk_kea, dhe_psk_kea, ecdhe_psk_kea, - ntru_kea, ecc_diffie_hellman_kea, ecc_static_diffie_hellman_kea /* for verify suite only */ }; /* Supported Authentication Schemes */ enum SignatureAlgorithm { - anonymous_sa_algo = 0, - rsa_sa_algo = 1, - dsa_sa_algo = 2, - ecc_dsa_sa_algo = 3, - rsa_pss_sa_algo = 8, - ed25519_sa_algo = 9, - rsa_pss_pss_algo = 10, - ed448_sa_algo = 11 + anonymous_sa_algo = 0, + rsa_sa_algo = 1, + dsa_sa_algo = 2, + ecc_dsa_sa_algo = 3, + rsa_pss_sa_algo = 8, + ed25519_sa_algo = 9, + rsa_pss_pss_algo = 10, + ed448_sa_algo = 11, + falcon_level1_sa_algo = 12, + falcon_level5_sa_algo = 13, + dilithium_level2_sa_algo = 14, + dilithium_level3_sa_algo = 15, + dilithium_level5_sa_algo = 16, + dilithium_aes_level2_sa_algo = 17, + dilithium_aes_level3_sa_algo = 18, + dilithium_aes_level5_sa_algo = 19, + invalid_sa_algo = 255 }; #define PSS_RSAE_TO_PSS_PSS(macAlgo) \ - (macAlgo + (pss_sha256 - sha256_mac)) + ((macAlgo) + (pss_sha256 - sha256_mac)) #define PSS_PSS_HASH_TO_MAC(macAlgo) \ - (macAlgo - (pss_sha256 - sha256_mac)) + ((macAlgo) - (pss_sha256 - sha256_mac)) enum SigAlgRsaPss { pss_sha256 = 0x09, @@ -3171,7 +3587,7 @@ enum SigAlgRsaPss { }; -/* Supprted ECC Curve Types */ +/* Supported ECC Curve Types */ enum EccCurves { named_curve = 3 }; @@ -3188,7 +3604,9 @@ enum ClientCertificateType { fortezza_kea_cert = 20, ecdsa_sign = 64, rsa_fixed_ecdh = 65, - ecdsa_fixed_ecdh = 66 + ecdsa_fixed_ecdh = 66, + falcon_sign = 67, + dilithium_sign = 68, }; @@ -3212,6 +3630,13 @@ enum CipherSrc { }; #endif +#ifdef WOLFSSL_CIPHER_TEXT_CHECK + #ifndef WOLFSSL_CIPHER_CHECK_SZ + /* 64-bits to confirm encrypt operation worked */ + #define WOLFSSL_CIPHER_CHECK_SZ 8 + #endif +#endif + /* cipher for now */ typedef struct Ciphers { #ifdef BUILD_ARC4 @@ -3236,17 +3661,11 @@ typedef struct Ciphers { #ifdef HAVE_CHACHA ChaCha* chacha; #endif -#ifdef HAVE_HC128 - HC128* hc128; -#endif -#ifdef BUILD_RABBIT - Rabbit* rabbit; -#endif -#ifdef HAVE_IDEA - Idea* idea; -#endif #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) Hmac* hmac; +#endif +#ifdef WOLFSSL_CIPHER_TEXT_CHECK + word32 sanityCheck[WOLFSSL_CIPHER_CHECK_SZ/sizeof(word32)]; #endif byte state; byte setup; /* have we set it up flag for detection */ @@ -3256,6 +3675,16 @@ typedef struct Ciphers { #endif } Ciphers; +#ifdef WOLFSSL_DTLS13 +typedef struct RecordNumberCiphers { +#if defined(BUILD_AES) || defined(BUILD_AESGCM) + Aes *aes; +#endif /* BUILD_AES || BUILD_AESGCM */ +#ifdef HAVE_CHACHA + ChaCha *chacha; +#endif +} RecordNumberCiphers; +#endif /* WOLFSSL_DTLS13 */ #ifdef HAVE_ONE_TIME_AUTH /* Ciphers for one time authentication such as poly1305 */ @@ -3321,85 +3750,195 @@ struct WOLFSSL_X509_CHAIN { x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ }; +typedef enum WOLFSSL_SESSION_TYPE { + WOLFSSL_SESSION_TYPE_UNKNOWN, + WOLFSSL_SESSION_TYPE_SSL, /* in ssl->session */ + WOLFSSL_SESSION_TYPE_CACHE, /* pointer to internal cache */ + WOLFSSL_SESSION_TYPE_HEAP /* allocated from heap SESSION_new */ +} WOLFSSL_SESSION_TYPE; + +#ifdef WOLFSSL_QUIC +typedef struct QuicRecord QuicRecord; +typedef struct QuicRecord { + struct QuicRecord *next; + uint8_t *data; + word32 capacity; + word32 len; + word32 start; + word32 end; + WOLFSSL_ENCRYPTION_LEVEL level; + word32 rec_hdr_remain; +} QuicEncData; + +typedef struct QuicTransportParam QuicTransportParam; +struct QuicTransportParam { + const uint8_t *data; + word16 len; +}; + +WOLFSSL_LOCAL const QuicTransportParam *QuicTransportParam_new(const uint8_t *data, size_t len, void *heap); +WOLFSSL_LOCAL const QuicTransportParam *QuicTransportParam_dup(const QuicTransportParam *tp, void *heap); +WOLFSSL_LOCAL void QuicTransportParam_free(const QuicTransportParam *tp, void *heap); +WOLFSSL_LOCAL int TLSX_QuicTP_Use(WOLFSSL* ssl, TLSX_Type ext_type, int is_response); +WOLFSSL_LOCAL int wolfSSL_quic_add_transport_extensions(WOLFSSL *ssl, int msg_type); + +#define QTP_FREE QuicTransportParam_free + +#endif /* WOLFSSL_QUIC */ + +/** Session Ticket - RFC 5077 (session 3.2) */ +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +/* Ticket nonce - for deriving PSK. + Length allowed to be: 1..255. Only support + * TLS13_TICKET_NONCE_STATIC_SZ length bytes. + */ +typedef struct TicketNonce { + byte len; +#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + byte *data; + byte dataStatic[MAX_TICKET_NONCE_STATIC_SZ]; +#else + byte data[MAX_TICKET_NONCE_STATIC_SZ]; +#endif /* WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */ +} TicketNonce; + +#endif /* wolfSSL session type */ struct WOLFSSL_SESSION { - word32 bornOn; /* create time in seconds */ - word32 timeout; /* timeout in seconds */ - byte sessionID[ID_LEN]; /* id for protocol */ - byte sessionIDSz; - byte masterSecret[SECRET_LEN]; /* stored secret */ - word16 haveEMS; /* ext master secret flag */ -#ifdef SESSION_CERTS -#ifdef OPENSSL_EXTRA - WOLFSSL_X509* peer; /* peer cert */ + /* WARNING Do not add fields here. They will be ignored in + * wolfSSL_DupSession. */ + WOLFSSL_SESSION_TYPE type; +#ifndef NO_SESSION_CACHE + int cacheRow; /* row in session cache */ #endif - WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ - #ifdef WOLFSSL_ALT_CERT_CHAINS - WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ - #endif + int refCount; /* reference count */ +#ifndef SINGLE_THREADED + wolfSSL_Mutex refMutex; /* ref count mutex */ +#endif + byte altSessionID[ID_LEN]; + byte haveAltSessionID:1; +#ifdef HAVE_EX_DATA + byte ownExData:1; + Rem_Sess_Cb rem_sess_cb; +#endif + void* heap; + /* WARNING The above fields (up to and including the heap) are not copied + * in wolfSSL_DupSession. Place new fields after the heap + * member */ + + byte side; /* Either WOLFSSL_CLIENT_END or + WOLFSSL_SERVER_END */ + + word32 bornOn; /* create time in seconds */ + word32 timeout; /* timeout in seconds */ + + byte sessionID[ID_LEN]; /* id for protocol or bogus + * ID for TLS 1.3 */ + byte sessionIDSz; + + byte masterSecret[SECRET_LEN]; /* stored secret */ + word16 haveEMS; /* ext master secret flag */ +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + WOLFSSL_X509* peer; /* peer cert */ #endif #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ defined(HAVE_SESSION_TICKET)) - ProtocolVersion version; /* which version was used */ + ProtocolVersion version; /* which version was used */ #endif #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) - byte cipherSuite0; /* first byte, normally 0 */ - byte cipherSuite; /* 2nd byte, actual suite */ + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* 2nd byte, actual suite */ #endif #ifndef NO_CLIENT_CACHE - word16 idLen; /* serverID length */ - byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ + word16 idLen; /* serverID length */ + byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ #endif #ifdef OPENSSL_EXTRA - byte sessionCtxSz; /* sessionCtx length */ - byte sessionCtx[ID_LEN]; /* app specific context id */ - wolfSSL_Mutex refMutex; /* ref count mutex */ - int refCount; /* reference count */ -#endif + byte sessionCtxSz; /* sessionCtx length */ + byte sessionCtx[ID_LEN]; /* app specific context id */ +#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - byte peerVerifyRet; /* cert verify error */ + byte peerVerifyRet; /* cert verify error */ #endif #ifdef WOLFSSL_TLS13 word16 namedGroup; #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - #ifdef WOLFSSL_TLS13 - word32 ticketSeen; /* Time ticket seen (ms) */ - word32 ticketAdd; /* Added by client */ - TicketNonce ticketNonce; /* Nonce used to derive PSK */ - #endif - #ifdef WOLFSSL_EARLY_DATA +#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_32BIT_MILLI_TIME + word32 ticketSeen; /* Time ticket seen (ms) */ +#else + sword64 ticketSeen; /* Time ticket seen (ms) */ +#endif + word32 ticketAdd; /* Added by client */ + TicketNonce ticketNonce; /* Nonce used to derive PSK */ +#endif +#ifdef WOLFSSL_EARLY_DATA word32 maxEarlyDataSz; - #endif +#endif #endif #ifdef HAVE_SESSION_TICKET + byte staticTicket[SESSION_TICKET_LEN]; byte* ticket; word16 ticketLen; - byte staticTicket[SESSION_TICKET_LEN]; - byte isDynamic; + word16 ticketLenAlloc; /* is dynamic */ #endif -#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA) - byte isAlloced; + +#ifdef SESSION_CERTS + WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ + #ifdef WOLFSSL_ALT_CERT_CHAINS + WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ + #endif #endif #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif - byte side; /* Either WOLFSSL_CLIENT_END or - WOLFSSL_SERVER_END */ }; +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) +WOLFSSL_LOCAL int SessionTicketNoncePopulate(WOLFSSL_SESSION *session, + const byte* nonce, byte len); +#endif /* WOLFSSL_TLS13 && */ + +WOLFSSL_LOCAL int wolfSSL_RAND_Init(void); + +WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_NewSession(void* heap); +WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession( + WOLFSSL* ssl, byte* masterSecret, byte restoreSessionCerts); +WOLFSSL_LOCAL void AddSession(WOLFSSL* ssl); +/* use wolfSSL_API visibility to be able to test in tests/api.c */ +WOLFSSL_API int AddSessionToCache(WOLFSSL_CTX* ssl, + WOLFSSL_SESSION* addSession, const byte* id, byte idSz, int* sessionIndex, + int side, word16 useTicket, ClientSession** clientCacheEntry); +#ifndef NO_CLIENT_CACHE +WOLFSSL_LOCAL ClientSession* AddSessionToClientCache(int side, int row, int idx, + byte* serverID, word16 idLen, const byte* sessionID, + word16 useTicket); +#endif +WOLFSSL_LOCAL +WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session); +WOLFSSL_LOCAL void TlsSessionCacheUnlockRow(word32 row); +WOLFSSL_LOCAL int TlsSessionCacheGetAndLock(const byte *id, + WOLFSSL_SESSION **sess, word32 *lockedRow); +/* WOLFSSL_API to test it in tests/api.c */ +WOLFSSL_API int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output); +WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session); +WOLFSSL_LOCAL void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, + WOLFSSL_SESSION* session); +WOLFSSL_LOCAL int wolfSSL_DupSession(const WOLFSSL_SESSION* input, + WOLFSSL_SESSION* output, int avoidSysCalls); -WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); -WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); -WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*, int); typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); #ifndef NO_CLIENT_CACHE - WOLFSSL_LOCAL - WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); + WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSessionClient( + WOLFSSL* ssl, const byte* id, int len); #endif /* client connect state for nonblocking restart */ @@ -3414,7 +3953,12 @@ enum ConnectState { FIRST_REPLY_THIRD, FIRST_REPLY_FOURTH, FINISHED_DONE, - SECOND_REPLY_DONE + SECOND_REPLY_DONE, + +#ifdef WOLFSSL_DTLS13 + WAIT_FINISHED_ACK +#endif /* WOLFSSL_DTLS13 */ + }; @@ -3426,7 +3970,6 @@ enum AcceptState { ACCEPT_HELLO_RETRY_REQUEST_DONE, ACCEPT_FIRST_REPLY_DONE, SERVER_HELLO_SENT, - SERVER_EXTENSIONS_SENT, CERT_SENT, CERT_VERIFY_SENT, CERT_STATUS_SENT, @@ -3564,8 +4107,14 @@ typedef struct Options { #endif void* psk_ctx; #endif /* NO_PSK */ -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) unsigned long mask; /* store SSL_OP_ flags */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) + word16 minProto:1; /* sets min to min available */ + word16 maxProto:1; /* sets max to max available */ +#endif +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) + unsigned int maxTicketTls13; /* maximum number of tickets to send */ + unsigned int ticketsSent; /* keep track of the total sent */ #endif /* on/off or small bit flags, optimize layout */ @@ -3577,6 +4126,7 @@ typedef struct Options { word16 sessionCacheFlushOff:1; #ifdef HAVE_EXT_CACHE word16 internalCacheOff:1; + word16 internalCacheLookupOff:1; #endif word16 side:2; /* client, server or neither end */ word16 verifyPeer:1; @@ -3585,6 +4135,7 @@ typedef struct Options { word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ word16 downgrade:1; /* allow downgrade of versions */ word16 resuming:1; + word16 isPSK:1; word16 haveSessionId:1; /* server may not send */ word16 tls:1; /* using TLS ? */ word16 tls1_1:1; /* using TLSv1.1+ ? */ @@ -3598,16 +4149,15 @@ typedef struct Options { word16 haveRSA:1; /* RSA available */ word16 haveECC:1; /* ECC available */ word16 haveDH:1; /* server DH parms set by user */ - word16 haveNTRU:1; /* server NTRU private key loaded */ - word16 haveQSH:1; /* have QSH ability */ word16 haveECDSAsig:1; /* server ECDSA signed cert */ word16 haveStaticECC:1; /* static server ECC private key */ + word16 haveFalconSig:1; /* server Falcon signed cert */ + word16 haveDilithiumSig:1; /* server Dilithium signed cert */ word16 havePeerCert:1; /* do we have peer's cert */ word16 havePeerVerify:1; /* and peer's cert verify */ word16 usingPSK_cipher:1; /* are using psk as cipher */ word16 usingAnon_cipher:1; /* are we using an anon cipher */ word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ - word16 sendAlertState:1; /* nonblocking resume */ word16 partialWrite:1; /* only one msg per write call */ word16 quietShutdown:1; /* don't send close notify */ word16 certOnly:1; /* stop once we get cert */ @@ -3630,22 +4180,32 @@ typedef struct Options { #endif #endif #ifdef WOLFSSL_DTLS +#ifdef HAVE_SECURE_RENEGOTIATION + word16 dtlsDoSCR:1; /* Enough packets were dropped. We + * need to re-key. */ +#endif word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ word16 dtlsHsRetain:1; /* DTLS retaining HS data */ word16 haveMcast:1; /* using multicast ? */ #ifdef WOLFSSL_SCTP word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ #endif -#endif +#endif /* WOLFSSL_DTLS */ #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ #endif word16 keepResources:1; /* Keep resources after handshake */ word16 useClientOrder:1; /* Use client's cipher order */ - word16 mutualAuth:1; /* Mutual authentication is rquired */ + word16 mutualAuth:1; /* Mutual authentication is required */ + word16 peerAuthGood:1; /* Any required peer auth done */ +#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) + word16 pskNegotiated:1; /* Session Ticket/PSK negotiated. */ +#endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) word16 postHandshakeAuth:1;/* Client send post_handshake_auth * extension */ + word16 verifyPostHandshake:1; /* Only send client cert req post + * handshake, not also during */ #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) word16 sendCookie:1; /* Server creates a Cookie in HRR */ @@ -3677,6 +4237,19 @@ typedef struct Options { word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ #endif +#ifdef WOLFSSL_ASYNC_CRYPT + word16 buildArgsSet:1; /* buildArgs are set and need to + * be free'd */ +#endif + word16 buildingMsg:1; /* If set then we need to re-enter the + * handshake logic. */ +#ifdef WOLFSSL_DTLS13 + word16 dtls13SendMoreAcks:1; /* Send more acks during the + * handshake process */ +#endif +#ifdef WOLFSSL_TLS13 + word16 tls13MiddleBoxCompat:1; /* TLSv1.3 middlebox compatibility */ +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ @@ -3706,6 +4279,10 @@ typedef struct Options { #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif +#if defined(HAVE_PQC) + short minFalconKeySz; /* minimum Falcon key size */ + short minDilithiumKeySz;/* minimum Dilithium key size */ +#endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte verifyDepth; /* maximum verification depth */ #endif @@ -3716,6 +4293,9 @@ typedef struct Options { #ifdef WOLFSSL_TLS13 byte oldMinor; /* client preferred version < TLS 1.3 */ #endif +#ifdef WOLFSSL_DTLS_CID + byte useDtlsCID:1; +#endif /* WOLFSSL_DTLS_CID */ } Options; typedef struct Arrays { @@ -3745,6 +4325,9 @@ typedef struct Arrays { !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE]; #endif +#if defined(WOLFSSL_RENESAS_SCEPROTECT) + byte sce_masterSecret[SCE_TLS_MASTERSECRET_SIZE]; +#endif #ifdef WOLFSSL_DTLS byte cookie[MAX_COOKIE_LEN]; byte cookieSz; @@ -3753,34 +4336,50 @@ typedef struct Arrays { } Arrays; #ifndef ASN_NAME_MAX -#define ASN_NAME_MAX 256 + #ifndef NO_ASN + /* use value from asn.h */ + #define ASN_NAME_MAX WC_ASN_NAME_MAX + #else + /* calculate for WOLFSSL_X509 */ + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_EXT) + #define ASN_NAME_MAX 330 + #else + #define ASN_NAME_MAX 256 + #endif + #endif #endif #ifndef MAX_DATE_SZ #define MAX_DATE_SZ 32 #endif -#define STACK_TYPE_X509 0 -#define STACK_TYPE_GEN_NAME 1 -#define STACK_TYPE_BIO 2 -#define STACK_TYPE_OBJ 3 -#define STACK_TYPE_STRING 4 -#define STACK_TYPE_CIPHER 5 -#define STACK_TYPE_ACCESS_DESCRIPTION 6 -#define STACK_TYPE_X509_EXT 7 -#define STACK_TYPE_NULL 8 -#define STACK_TYPE_X509_NAME 9 -#define STACK_TYPE_CONF_VALUE 10 -#define STACK_TYPE_X509_INFO 11 -#define STACK_TYPE_BY_DIR_entry 12 -#define STACK_TYPE_BY_DIR_hash 13 -#define STACK_TYPE_X509_OBJ 14 +typedef enum { + STACK_TYPE_X509 = 0, + STACK_TYPE_GEN_NAME = 1, + STACK_TYPE_BIO = 2, + STACK_TYPE_OBJ = 3, + STACK_TYPE_STRING = 4, + STACK_TYPE_CIPHER = 5, + STACK_TYPE_ACCESS_DESCRIPTION = 6, + STACK_TYPE_X509_EXT = 7, + STACK_TYPE_NULL = 8, + STACK_TYPE_X509_NAME = 9, + STACK_TYPE_CONF_VALUE = 10, + STACK_TYPE_X509_INFO = 11, + STACK_TYPE_BY_DIR_entry = 12, + STACK_TYPE_BY_DIR_hash = 13, + STACK_TYPE_X509_OBJ = 14, + STACK_TYPE_DIST_POINT = 15, + STACK_TYPE_X509_CRL = 16, + STACK_TYPE_X509_NAME_ENTRY = 17, + STACK_TYPE_X509_REQ_ATTR = 18, +} WOLF_STACK_TYPE; struct WOLFSSL_STACK { unsigned long num; /* number of nodes in stack * (safety measure for freeing and shortcut for count) */ #if defined(OPENSSL_ALL) - wolf_sk_compare_cb comp; wolf_sk_hash_cb hash_fn; unsigned long hash; #endif @@ -3788,6 +4387,7 @@ struct WOLFSSL_STACK { union { WOLFSSL_X509* x509; WOLFSSL_X509_NAME* name; + WOLFSSL_X509_NAME_ENTRY* name_entry; WOLFSSL_X509_INFO* info; WOLFSSL_BIO* bio; WOLFSSL_ASN1_OBJECT* obj; @@ -3803,10 +4403,12 @@ struct WOLFSSL_STACK { WOLFSSL_BY_DIR_entry* dir_entry; WOLFSSL_BY_DIR_HASH* dir_hash; WOLFSSL_X509_OBJECT* x509_obj; + WOLFSSL_DIST_POINT* dp; + WOLFSSL_X509_CRL* crl; } data; void* heap; /* memory heap hint */ WOLFSSL_STACK* next; - byte type; /* Identifies type of stack. */ + WOLF_STACK_TYPE type; /* Identifies type of stack. */ }; struct WOLFSSL_X509_NAME { @@ -3816,6 +4418,7 @@ struct WOLFSSL_X509_NAME { char staticName[ASN_NAME_MAX]; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_ASN) + DecodedName fullName; int entrySz; /* number of entries */ WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ WOLFSSL_X509* x509; /* x509 that struct belongs to */ @@ -3823,6 +4426,8 @@ struct WOLFSSL_X509_NAME { #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) byte raw[ASN_NAME_MAX]; int rawLen; + + WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries; #endif void* heap; }; @@ -3846,12 +4451,13 @@ struct WOLFSSL_X509 { int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; #endif /* WOLFSSL_SEP */ -#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \ +#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined (OPENSSL_EXTRA)) && \ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) byte certPolicySet; byte certPolicyCrit; #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ @@ -3867,9 +4473,10 @@ struct WOLFSSL_X509 { buffer pubKey; int pubKeyOID; DNS_entry* altNamesNext; /* hint for retrieval */ -#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + defined(HAVE_PQC) word32 pkCurveOID; -#endif /* HAVE_ECC */ +#endif /* HAVE_ECC || HAVE_PQC */ #ifndef NO_CERTS DerBuffer* derCert; /* may need */ #endif @@ -3881,30 +4488,46 @@ struct WOLFSSL_X509 { int certPoliciesNb; #endif /* WOLFSSL_CERT_EXT */ #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) +#ifndef SINGLE_THREADED wolfSSL_Mutex refMutex; /* ref count mutex */ +#endif int refCount; /* reference count */ #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif - byte* authKeyId; + byte* authKeyId; /* Points into authKeyIdSrc */ + byte* authKeyIdSrc; byte* subjKeyId; byte* extKeyUsageSrc; - const byte* CRLInfo; +#ifdef OPENSSL_ALL + byte* subjAltNameSrc; +#endif + byte* rawCRLInfo; + byte* CRLInfo; byte* authInfo; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) byte* authInfoCaIssuer; int authInfoCaIssuerSz; #endif word32 pathLength; word16 keyUsage; + int rawCRLInfoSz; int CRLInfoSz; int authInfoSz; word32 authKeyIdSz; + word32 authKeyIdSrcSz; word32 subjKeyIdSz; + byte extKeyUsage; word32 extKeyUsageSz; word32 extKeyUsageCount; +#ifndef IGNORE_NETSCAPE_CERT_TYPE + byte nsCertType; +#endif +#ifdef OPENSSL_ALL + word32 subjAltNameSz; +#endif byte CRLdistSet:1; byte CRLdistCrit:1; @@ -3930,20 +4553,25 @@ struct WOLFSSL_X509 { #endif byte serial[EXTERNAL_SERIAL_SIZE]; char subjectCN[ASN_NAME_MAX]; /* common name short cut */ -#ifdef WOLFSSL_CERT_REQ -#ifdef OPENSSL_ALL - WOLFSSL_X509_ATTRIBUTE* challengePwAttr; +#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + /* stack of CSR attributes */ + WOLF_STACK_OF(WOLFSSL_X509_ATRIBUTE)* reqAttributes; #endif + #if defined(WOLFSSL_CERT_REQ) char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ -#endif + char contentType[CTC_NAME_SIZE]; + #endif +#endif /* WOLFSSL_CERT_REQ || WOLFSSL_CERT_GEN */ WOLFSSL_X509_NAME issuer; WOLFSSL_X509_NAME subject; #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_X509_ALGOR algor; WOLFSSL_X509_PUBKEY key; #endif -#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \ - defined(SESSION_CERTS) +#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \ + defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) byte notBeforeData[CTC_DATE_SIZE]; byte notAfterData[CTC_DATE_SIZE]; #endif @@ -3968,24 +4596,40 @@ typedef struct DtlsRecordLayerHeader { byte length[2]; } DtlsRecordLayerHeader; - -typedef struct DtlsFrag { - word32 begin; - word32 end; - struct DtlsFrag* next; -} DtlsFrag; - +typedef struct DtlsFragBucket { + /* m stands for meta */ + union { + struct { + struct DtlsFragBucket* next; + word32 offset; + word32 sz; + } m; + /* Make sure we have at least DTLS_HANDSHAKE_HEADER_SZ bytes before the + * buf so that we can reconstruct the header in the allocated + * DtlsFragBucket buffer. */ + byte padding[DTLS_HANDSHAKE_HEADER_SZ]; + } m; +/* Ignore "nonstandard extension used : zero-sized array in struct/union" + * MSVC warning */ +#ifdef _MSC_VER +#pragma warning(disable: 4200) +#endif + byte buf[]; +} DtlsFragBucket; typedef struct DtlsMsg { struct DtlsMsg* next; - byte* buf; - byte* msg; - DtlsFrag* fragList; - word32 fragSz; /* Length of fragments received */ + byte* raw; + byte* fullMsg; /* for TX fullMsg == raw. For RX this points to + * the start of the message after headers. */ + DtlsFragBucket* fragBucketList; + word32 bytesReceived; word16 epoch; /* Epoch that this message belongs to */ word32 seq; /* Handshake sequence number */ word32 sz; /* Length of whole message */ byte type; + byte fragBucketListCount; + byte ready:1; } DtlsMsg; @@ -4005,7 +4649,7 @@ typedef struct DtlsMsg { typedef struct MsgsReceived { word16 got_hello_request:1; word16 got_client_hello:2; - word16 got_server_hello:2; + word16 got_server_hello:1; word16 got_hello_verify_request:1; word16 got_session_ticket:1; word16 got_end_of_early_data:1; @@ -4063,18 +4707,20 @@ typedef struct BuildMsgArgs { word16 size; word32 ivSz; /* TLSv1.1 IV */ byte* iv; + ALIGN16 byte staticIvBuffer[MAX_IV_SZ]; } BuildMsgArgs; #endif -#ifdef WOLFSSL_ASYNC_CRYPT +#ifdef WOLFSSL_ASYNC_IO #define MAX_ASYNC_ARGS 18 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); struct WOLFSSL_ASYNC { - WC_ASYNC_DEV* dev; +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_NO_TLS12) + BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ +#endif FreeArgsCb freeArgs; /* function pointer to cleanup args */ word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ - BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ }; #endif @@ -4113,6 +4759,102 @@ typedef enum EarlyDataState { } EarlyDataState; #endif +#ifdef WOLFSSL_DTLS13 + +/* size of the mask used to encrypt/decrypt Record Number */ +#define DTLS13_RN_MASK_SIZE 16 + +typedef struct Dtls13UnifiedHdrInfo { + word16 recordLength; + byte seqLo; + byte seqHi; + byte seqHiPresent:1; + byte epochBits; +} Dtls13UnifiedHdrInfo; + +enum { + DTLS13_EPOCH_EARLYDATA = 1, + DTLS13_EPOCH_HANDSHAKE = 2, + DTLS13_EPOCH_TRAFFIC0 = 3 +}; + +typedef struct Dtls13Epoch { + w64wrapper epochNumber; + + w64wrapper nextSeqNumber; + w64wrapper nextPeerSeqNumber; + +#ifndef WOLFSSL_TLS13_IGNORE_AEAD_LIMITS + w64wrapper dropCount; /* Amount of records that failed decryption */ +#endif + + word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; + + /* key material for the epoch */ + byte client_write_key[MAX_SYM_KEY_SIZE]; + byte server_write_key[MAX_SYM_KEY_SIZE]; + byte client_write_IV[MAX_WRITE_IV_SZ]; + byte server_write_IV[MAX_WRITE_IV_SZ]; + + byte aead_exp_IV[AEAD_MAX_EXP_SZ]; + byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; + byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; + + byte client_sn_key[MAX_SYM_KEY_SIZE]; + byte server_sn_key[MAX_SYM_KEY_SIZE]; + + byte isValid; + byte side; +} Dtls13Epoch; + +#ifndef DTLS13_EPOCH_SIZE +#define DTLS13_EPOCH_SIZE 4 +#endif + +#ifndef DTLS13_RETRANS_RN_SIZE +#define DTLS13_RETRANS_RN_SIZE 3 +#endif + +enum Dtls13RtxFsmState { + DTLS13_RTX_FSM_PREPARING = 0, + DTLS13_RTX_FSM_SENDING, + DTLS13_RTX_FSM_WAITING, + DTLS13_RTX_FSM_FINISHED +}; + +typedef struct Dtls13RtxRecord { + struct Dtls13RtxRecord *next; + word16 length; + byte *data; + w64wrapper epoch; + w64wrapper seq[DTLS13_RETRANS_RN_SIZE]; + byte rnIdx; + byte handshakeType; +} Dtls13RtxRecord; + +typedef struct Dtls13RecordNumber { + struct Dtls13RecordNumber *next; + w64wrapper epoch; + w64wrapper seq; +} Dtls13RecordNumber; + +typedef struct Dtls13Rtx { + enum Dtls13RtxFsmState state; + Dtls13RtxRecord *rtxRecords; + Dtls13RtxRecord **rtxRecordTailPtr; + Dtls13RecordNumber *seenRecords; + word32 lastRtx; + byte triggeredRtxs; + byte sendAcks:1; + byte retransmit:1; +} Dtls13Rtx; + +#endif /* WOLFSSL_DTLS13 */ + +#ifdef WOLFSSL_DTLS_CID +typedef struct CIDInfo CIDInfo; +#endif /* WOLFSSL_DTLS_CID */ + /* wolfSSL ssl type */ struct WOLFSSL { WOLFSSL_CTX* ctx; @@ -4148,14 +4890,22 @@ struct WOLFSSL { #ifdef WOLFSSL_STATIC_MEMORY WOLFSSL_HEAP_HINT heap_hint; #endif +#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) + ClientHelloGoodCb chGoodCb; /* notify user we parsed a verified + * ClientHello */ + void* chGoodCtx; /* user ClientHello cb context */ +#endif #ifndef NO_HANDSHAKE_DONE_CB HandShakeDoneCb hsDoneCb; /* notify user handshake done */ void* hsDoneCtx; /* user handshake cb context */ #endif +#ifdef WOLFSSL_ASYNC_IO #ifdef WOLFSSL_ASYNC_CRYPT - struct WOLFSSL_ASYNC async; -#elif defined(WOLFSSL_NONBLOCK_OCSP) - void* nonblockarg; /* dynamic arg for handling non-block resume */ + WC_ASYNC_DEV* asyncDev; +#endif + /* Message building context should be stored here for functions that expect + * to encounter encryption blocking or fragment the message. */ + struct WOLFSSL_ASYNC* async; #endif void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ word32 hsType; /* Type of Handshake key (hsKey) */ @@ -4166,11 +4916,12 @@ struct WOLFSSL { Ciphers encrypt; Ciphers decrypt; Buffers buffers; - WOLFSSL_SESSION session; -#ifdef HAVE_EXT_CACHE - WOLFSSL_SESSION* extSession; + WOLFSSL_SESSION* session; +#ifndef NO_CLIENT_CACHE + ClientSession* clientSession; #endif WOLFSSL_ALERT_HISTORY alert_history; + WOLFSSL_ALERT pendingAlert; int error; int rfd; /* read file descriptor */ int wfd; /* write file descriptor */ @@ -4195,6 +4946,7 @@ struct WOLFSSL { WOLFSSL_BIO* biowr; /* socket bio write to free/close */ byte sessionCtx[ID_LEN]; /* app session context ID */ WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ + word32 disabledCurves; /* curves disabled by user */ #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) unsigned long peerVerifyRet; @@ -4208,23 +4960,12 @@ struct WOLFSSL { #endif /* OPENSSL_EXTRA */ #ifndef NO_RSA RsaKey* peerRsaKey; -#ifdef WOLFSSL_RENESAS_TSIP_TLS - byte *peerTsipEncRsaKeyIndex; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) + void* RenesasUserCtx; + byte* peerSceTsipEncRsaKeyIndex; #endif byte peerRsaKeyPresent; #endif -#ifdef HAVE_QSH - QSHKey* QSH_Key; - QSHKey* peerQSHKey; - QSHSecret* QSH_secret; - byte isQSH; /* is the handshake a QSH? */ - byte sendQSHKeys; /* flag for if the client should sen - public keys */ - byte peerQSHKeyPresent; - byte minRequest; - byte maxRequest; - byte user_set_QSHSchemes; -#endif #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) word16 namedGroup; #endif @@ -4238,15 +4979,11 @@ struct WOLFSSL { byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to * offer */ #endif -#ifdef HAVE_NTRU - word16 peerNtruKeyLen; - byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; - byte peerNtruKeyPresent; -#endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) int eccVerifyRes; #endif -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \ + defined(HAVE_ED448) || defined(HAVE_CURVE448) word32 ecdhCurveOID; /* curve Ecc_Sum */ ecc_key* eccTempKey; /* private ECDHE key */ byte eccTempKeyPresent; /* also holds type */ @@ -4258,7 +4995,8 @@ struct WOLFSSL { word16 eccTempKeySz; /* in octets 20 - 66 */ byte peerEccDsaKeyPresent; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) word32 pkCurveOID; /* curve Ecc_Sum */ #endif #ifdef HAVE_ED25519 @@ -4277,6 +5015,12 @@ struct WOLFSSL { curve448_key* peerX448Key; byte peerX448KeyPresent; #endif +#ifdef HAVE_PQC + falcon_key* peerFalconKey; + byte peerFalconKeyPresent; + dilithium_key* peerDilithiumKey; + byte peerDilithiumKeyPresent; +#endif #ifdef HAVE_LIBZ z_stream c_stream; /* compression stream */ z_stream d_stream; /* decompression stream */ @@ -4309,6 +5053,42 @@ struct WOLFSSL { word32 macDropCount; word32 replayDropCount; #endif /* WOLFSSL_DTLS_DROP_STATS */ +#ifdef WOLFSSL_SRTP + word16 dtlsSrtpProfiles; /* DTLS-with-SRTP profiles list + * (selected profiles - up to 16) */ + word16 dtlsSrtpId; /* DTLS-with-SRTP profile ID selected */ +#endif +#ifdef WOLFSSL_DTLS13 + RecordNumberCiphers dtlsRecordNumberEncrypt; + RecordNumberCiphers dtlsRecordNumberDecrypt; + Dtls13Epoch dtls13Epochs[DTLS13_EPOCH_SIZE]; + Dtls13Epoch *dtls13EncryptEpoch; + Dtls13Epoch *dtls13DecryptEpoch; + w64wrapper dtls13Epoch; + w64wrapper dtls13PeerEpoch; + w64wrapper dtls13InvalidateBefore; + byte dtls13CurRL[DTLS_RECVD_RL_HEADER_MAX_SZ]; + word16 dtls13CurRlLength; + + /* used to store the message if it needs to be fragmented */ + buffer dtls13FragmentsBuffer; + byte dtls13SendingFragments:1; + byte dtls13SendingAckOrRtx:1; + byte dtls13FastTimeout:1; + byte dtls13WaitKeyUpdateAck:1; + byte dtls13DoKeyUpdate:1; + word32 dtls13MessageLength; + word32 dtls13FragOffset; + byte dtls13FragHandshakeType; + Dtls13Rtx dtls13Rtx; + byte *dtls13ClientHello; + word16 dtls13ClientHelloSz; + +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_DTLS_CID + CIDInfo *dtlsCidInfo; +#endif /* WOLFSSL_DTLS_CID */ + #endif /* WOLFSSL_DTLS */ #ifdef WOLFSSL_CALLBACKS TimeoutInfo timeoutInfo; /* info saved during handshake */ @@ -4329,7 +5109,12 @@ struct WOLFSSL { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) CertReqCtx* certReqCtx; #endif +#ifdef WOLFSSL_LOCAL_X509_STORE + WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ +#endif #ifdef KEEP_PEER_CERT + /* TODO put this on the heap so we can properly use the + * reference counter and not have to duplicate it. */ WOLFSSL_X509 peerCert; /* X509 peer cert */ #endif #ifdef KEEP_OUR_CERT @@ -4338,7 +5123,7 @@ struct WOLFSSL { flag found in buffers.weOwnCert) */ #endif byte keepCert; /* keep certificate after handshake */ -#if defined(HAVE_EX_DATA) || defined(FORTRESS) +#ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */ #endif int devId; /* async device id to use */ @@ -4365,8 +5150,11 @@ struct WOLFSSL { SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ #endif /* user turned on */ #ifdef HAVE_ALPN - char* alpn_client_list; /* keep the client's list */ - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + byte *alpn_peer_requested; /* the ALPN bytes requested by peer, sequence + * of length byte + chars */ + word16 alpn_peer_requested_length; /* number of bytes total */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_QUIC) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif @@ -4416,6 +5204,9 @@ struct WOLFSSL { void* EccVerifyCtx; /* Ecc Verify Callback Context */ void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ #endif /* HAVE_ECC */ + #ifdef HAVE_HKDF + void* HkdfExtractCtx; /* Hkdf extract callback context */ + #endif #ifdef HAVE_ED25519 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ @@ -4445,6 +5236,12 @@ struct WOLFSSL { void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ #endif /* NO_RSA */ + void* GenPreMasterCtx; /* Generate Premaster Callback Context */ + void* GenMasterCtx; /* Generate Master Callback Context */ + void* GenSessionKeyCtx; /* Generate Session Key Callback Context */ + void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ + void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ + void* VerifyMacCtx; /* Verify mac Callback Context */ #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_SECRET_CALLBACK SessionSecretCb sessionSecretCb; @@ -4474,27 +5271,98 @@ struct WOLFSSL { #if defined(OPENSSL_EXTRA) WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ +#ifdef KEEP_OUR_CERT + WOLFSSL_STACK* ourCertChain; /* Used in wolfSSL_add1_chain_cert */ +#endif #endif #ifdef WOLFSSL_STATIC_EPHEMERAL StaticKeyExchangeInfo_t staticKE; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_MAXQ10XX_TLS + maxq_ssl_t maxq_ctx; +#endif +#ifdef WOLFSSL_HAVE_TLS_UNIQUE /* Added in libest port: allow applications to get the 'tls-unique' Channel * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is * used in the EST protocol to bind an enrollment to a TLS session through * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4 * and https://tools.ietf.org/html/rfc7030#section-3.5). */ - byte clientFinished[TLS_FINISHED_SZ]; - byte serverFinished[TLS_FINISHED_SZ]; + byte clientFinished[TLS_FINISHED_SZ_MAX]; + byte serverFinished[TLS_FINISHED_SZ_MAX]; + byte clientFinished_len; + byte serverFinished_len; #endif +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; +#endif +#if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) + IOTSAFE iotsafe; +#endif +#ifdef WOLFSSL_LWIP_NATIVE + WOLFSSL_LWIP_NATIVE_STATE lwipCtx; /* LwIP native socket IO Context */ +#endif +#ifdef WOLFSSL_QUIC + struct { + const WOLFSSL_QUIC_METHOD* method; + WOLFSSL_ENCRYPTION_LEVEL enc_level_read; + WOLFSSL_ENCRYPTION_LEVEL enc_level_read_next; + WOLFSSL_ENCRYPTION_LEVEL enc_level_latest_recvd; + WOLFSSL_ENCRYPTION_LEVEL enc_level_write; + WOLFSSL_ENCRYPTION_LEVEL enc_level_write_next; + int transport_version; + const QuicTransportParam* transport_local; + const QuicTransportParam* transport_peer; + const QuicTransportParam* transport_peer_draft; + QuicRecord* input_head; /* we own, data for handshake */ + QuicRecord* input_tail; /* points to last element for append */ + QuicRecord* scratch; /* we own, record construction */ + enum wolfssl_encryption_level_t output_rec_level; + /* encryption level of current output record */ + word32 output_rec_remain; /* how many bytes of output TLS record + * content have not been handled yet by quic */ + } quic; +#endif /* WOLFSSL_QUIC */ }; +/* + * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error + * to the error queue on file end. This should not be left + * for the caller to find so we clear the last error. + */ +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE) +#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \ + (err) = wolfSSL_ERR_peek_last_error(); \ + if (ERR_GET_LIB(err) == ERR_LIB_PEM && \ + ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { \ + wc_RemoveErrorNode(-1); \ + } +#else +#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)(err); +#endif + +/* + * The SSL object may have its own certificate store. The below macros simplify + * logic for choosing which WOLFSSL_CERT_MANAGER and WOLFSSL_X509_STORE to use. + * Always use SSL specific objects when available and revert to CTX otherwise. + */ +#ifdef WOLFSSL_LOCAL_X509_STORE +#define SSL_CM(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt->cm : (ssl)->ctx->cm) +#define SSL_STORE(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt : \ + ((ssl)->ctx->x509_store_pt ? (ssl)->ctx->x509_store_pt : \ + &(ssl)->ctx->x509_store)) +#else +#define SSL_CM(ssl) (ssl)->ctx->cm +#endif + +#define SSL_CA_NAMES(ssl) ((ssl)->ca_names != NULL ? (ssl)->ca_names : \ + (ssl)->ctx->ca_names) WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); -WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap); -WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ +WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); +WOLFSSL_LOCAL int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); +WOLFSSL_LOCAL int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); +WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap); +WOLFSSL_API void SSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ #ifndef NO_CERTS @@ -4512,24 +5380,18 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) - WOLFSSL_LOCAL - void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); - WOLFSSL_LOCAL - void FinishHandShakeInfo(HandShakeInfo*); - WOLFSSL_LOCAL - void AddPacketName(WOLFSSL* ssl, const char* name); + WOLFSSL_LOCAL void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl); + WOLFSSL_LOCAL void FinishHandShakeInfo(HandShakeInfo* info); + WOLFSSL_LOCAL void AddPacketName(WOLFSSL* ssl, const char* name); - WOLFSSL_LOCAL - void InitTimeoutInfo(TimeoutInfo*); - WOLFSSL_LOCAL - void FreeTimeoutInfo(TimeoutInfo*, void*); - WOLFSSL_LOCAL - void AddPacketInfo(WOLFSSL* ssl, const char* name, int type, - const byte* data, int sz, int write, void* heap); - WOLFSSL_LOCAL - void AddLateName(const char*, TimeoutInfo*); - WOLFSSL_LOCAL - void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); + WOLFSSL_LOCAL void InitTimeoutInfo(TimeoutInfo* info); + WOLFSSL_LOCAL void FreeTimeoutInfo(TimeoutInfo* info, void* heap); + WOLFSSL_LOCAL int AddPacketInfo(WOLFSSL* ssl, const char* name, int type, + const byte* data, int sz, int written, int lateRL, + void* heap); + WOLFSSL_LOCAL void AddLateName(const char* name, TimeoutInfo* info); + WOLFSSL_LOCAL void AddLateRecordHeader(const RecordLayerHeader* rl, + TimeoutInfo* info); #endif @@ -4539,7 +5401,10 @@ enum ContentType { change_cipher_spec = 20, alert = 21, handshake = 22, - application_data = 23 + application_data = 23, +#ifdef WOLFSSL_DTLS13 + ack = 26, +#endif /* WOLFSSL_DTLS13 */ }; @@ -4592,60 +5457,74 @@ enum ProvisionSide { }; -static const byte client[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */ -static const byte server[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */ +static const byte kTlsClientStr[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */ +static const byte kTlsServerStr[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */ -static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; -static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; +static const byte kTlsClientFinStr[FINISHED_LABEL_SZ + 1] = "client finished"; +static const byte kTlsServerFinStr[FINISHED_LABEL_SZ + 1] = "server finished"; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) typedef struct { int name_len; const char *name; int nid; } WOLF_EC_NIST_NAME; extern const WOLF_EC_NIST_NAME kNistCurves[]; -/* This is the longest and shortest curve name in the kNistCurves list */ +/* This is the longest and shortest curve name in the kNistCurves list. Note we + * also have quantum-safe group names as well. */ #define kNistCurves_MIN_NAME_LEN 5 +#ifdef HAVE_PQC +#define kNistCurves_MAX_NAME_LEN 32 +#else #define kNistCurves_MAX_NAME_LEN 7 #endif +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ /* internal functions */ -WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); -WOLFSSL_LOCAL int SendTicket(WOLFSSL*); -WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); -WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); +WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL* ssl); +WOLFSSL_LOCAL int SendTicket(WOLFSSL* ssl); +#ifdef HAVE_SESSION_TICKET +WOLFSSL_LOCAL int DoDecryptTicket(WOLFSSL* ssl, const byte* input, word32 len, + InternalTicket **it); +#endif /* HAVE_SESSION_TICKET */ +WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); +WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz); #ifdef WOLFSSL_TLS13 -WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); +WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType); #endif -WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); -WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); +WOLFSSL_LOCAL int SendCertificate(WOLFSSL* ssl); +WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL* ssl); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) -WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*); +WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, + buffer* response); #endif #if defined(HAVE_SECURE_RENEGOTIATION) && \ - defined(HAVE_SERVER_RENEGOTIATION_INFO) -WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*); + !defined(NO_WOLFSSL_SERVER) +WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl); #endif -WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); -WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); -WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); -WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); -WOLFSSL_LOCAL int SendFinished(WOLFSSL*); -WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); -WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); +WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl); +WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl); +WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl); +WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek); +WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl); +WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl); +WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type); +WOLFSSL_LOCAL int ProcessReply(WOLFSSL* ssl); +WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr); -WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); -WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); +WOLFSSL_LOCAL const char* AlertTypeToString(int type); + +WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl); +WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl); -WOLFSSL_LOCAL int AddSession(WOLFSSL*); WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); -WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); +WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv); +WOLFSSL_LOCAL int IsEncryptionOn(WOLFSSL* ssl, int isSend); WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); @@ -4654,14 +5533,25 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); -WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); -WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); +WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length); +WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment); -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) +WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl); +WOLFSSL_LOCAL int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe); +#endif + +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_ECC) WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); #endif +#if defined(OPENSSL_EXTRA) +WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(WOLFSSL* ssl, word16 named_curve); +#else +#define wolfSSL_curve_is_disabled(ssl, c) ((void)(ssl), (void)(c), 0) +#endif + WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng); @@ -4721,8 +5611,7 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, #define WC_MATCH_SKID 0 #define WC_MATCH_NAME 1 - WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, - int type); + WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert); WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert); #endif @@ -4739,47 +5628,75 @@ WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); - +#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) +WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret); +#endif #ifndef NO_TLS - WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); + WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL* ssl); #ifndef WOLFSSL_AEAD_ONLY WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder); #endif #endif +WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); + #ifndef NO_WOLFSSL_CLIENT - WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); + WOLFSSL_LOCAL int SendClientHello(WOLFSSL* ssl); + WOLFSSL_LOCAL int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 size); #ifdef WOLFSSL_TLS13 - WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*); + WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL* ssl); #endif - WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); - WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); + WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL* ssl); + WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL* ssl); #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER - WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); - WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); + WOLFSSL_LOCAL int SendServerHello(WOLFSSL* ssl); + WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl); #endif /* NO_WOLFSSL_SERVER */ #ifdef WOLFSSL_DTLS - WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); - WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); - WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap); + WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap); + /* Use WOLFSSL_API to enable src/api.c testing */ + WOLFSSL_API void DtlsMsgListDelete(DtlsMsg* head, void* heap); WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl); - WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte, - word32, word32, void*); - WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32); - WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32, - byte, word32, word32, void*); - WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); + WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, + const byte* data, byte type, + word32 fragOffset, word32 fragSz, void* heap, + word32 totalLen); + /* Use WOLFSSL_API to enable src/api.c testing */ + WOLFSSL_API DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq); - WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType); - WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); - WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); - WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head); - WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); - WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); + /* Use WOLFSSL_API to enable src/api.c testing */ + WOLFSSL_API void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq, + const byte* data, word32 dataSz, byte type, + word32 fragOffset, word32 fragSz, + void* heap); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item); + + WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, + word32 dataSz, enum HandShakeType type); + WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL* ssl); + WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, + word32 fragOffset); + WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* item); + WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL* ssl); + WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket); + WOLFSSL_LOCAL void DtlsMsgDestroyFragBucket(DtlsFragBucket* fragBucket, void* heap); + WOLFSSL_LOCAL int GetDtlsHandShakeHeader(WOLFSSL *ssl, const byte *input, + word32 *inOutIdx, byte *type, word32 *size, word32 *fragOffset, + word32 *fragSz, word32 totalSz); + WOLFSSL_LOCAL int DtlsMsgDrain(WOLFSSL *ssl); + WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL* ssl, + const byte* cookie, byte cookieSz); + +#if !defined(NO_WOLFSSL_SERVER) + WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, + word32* inOutIdx, word32 helloSz, byte *process); +#endif /* !defined(NO_WOLFSSL_SERVER) */ #endif /* WOLFSSL_DTLS */ #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) @@ -4789,22 +5706,30 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); #endif WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl); + WOLFSSL_LOCAL int IsDtlsNotSctpMode(WOLFSSL* ssl); WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) +#ifdef WOLFSSL_32BIT_MILLI_TIME WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); +#else + WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void); +#endif WOLFSSL_LOCAL int FindSuiteMac(WOLFSSL* ssl, byte* suite); #endif WOLFSSL_LOCAL word32 LowResTimer(void); #ifndef NO_CERTS - WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*); + WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, + void* heap); WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); - WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); - WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); - WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); + WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag, + void* heap); + WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509); + WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509* x509, + DecodedCert* dCert); #endif #ifndef MAX_CIPHER_NAME @@ -4834,20 +5759,23 @@ typedef struct CipherSuiteInfo { WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); -WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* used in wolfSSL_sk_CIPHER_description */ #define MAX_SEGMENTS 5 #define MAX_SEGMENT_SZ 20 -WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*); -WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor); +WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher); +WOLFSSL_LOCAL const char* GetCipherSegment(const WOLFSSL_CIPHER* cipher, + char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherProtocol(byte minor); WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); WOLFSSL_LOCAL int SetCipherBits(const char* enc); +WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]); #endif -WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, @@ -4860,7 +5788,7 @@ enum encrypt_side { ENCRYPT_AND_DECRYPT_SIDE }; -WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); +WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); /* Set*Internal and Set*External functions */ WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); @@ -4909,8 +5837,10 @@ WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, int sizeOnly, int asyncOkay, int epochOrder); #ifdef WOLFSSL_TLS13 -int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, +/* Use WOLFSSL_API to use this function in tests/api.c */ +WOLFSSL_API int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); +WOLFSSL_LOCAL int Tls13UpdateKeys(WOLFSSL* ssl); #endif WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); @@ -4925,7 +5855,7 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store, +WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int Type); #endif #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) @@ -4959,6 +5889,136 @@ WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_ent WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, WOLFSSL_BY_DIR_entry* in); #endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_LOCAL int oid2nid(word32 oid, int grp); +WOLFSSL_LOCAL word32 nid2oid(int nid, int grp); +#endif + +#ifdef WOLFSSL_DTLS +WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo, + word16* next_hi, word32* next_lo, word32 *window); +WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl); +#endif + +#ifdef WOLFSSL_DTLS13 + +/* Use WOLFSSL_API to use this function in tests/api.c */ +WOLFSSL_API struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl, + w64wrapper epochNumber); +WOLFSSL_LOCAL void Dtls13SetOlderEpochSide(WOLFSSL* ssl, w64wrapper epochNumber, + int side); +WOLFSSL_LOCAL int Dtls13NewEpoch(WOLFSSL* ssl, w64wrapper epochNumber, + int side); +WOLFSSL_LOCAL int Dtls13SetEpochKeys(WOLFSSL* ssl, w64wrapper epochNumber, + enum encrypt_side side); +WOLFSSL_LOCAL int Dtls13GetSeq(WOLFSSL* ssl, int order, word32* seq, + byte increment); +WOLFSSL_LOCAL int Dtls13DoScheduledWork(WOLFSSL* ssl); +WOLFSSL_LOCAL int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision); +WOLFSSL_LOCAL int Dtls13SetRecordNumberKeys(WOLFSSL* ssl, + enum encrypt_side side); + +WOLFSSL_LOCAL int Dtls13AddHeaders(byte* output, word32 length, + enum HandShakeType hs_type, WOLFSSL* ssl); +WOLFSSL_LOCAL word16 Dtls13GetHeadersLength(WOLFSSL *ssl, + enum HandShakeType type); +WOLFSSL_LOCAL word16 Dtls13GetRlHeaderLength(WOLFSSL *ssl, byte is_encrypted); +WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out, + word16 length); +WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out, + enum ContentType content_type, word16 length); +WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, + word16 recordLength); +WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags); +WOLFSSL_LOCAL int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, + word16* size); +WOLFSSL_LOCAL int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input, + word16 input_size, Dtls13UnifiedHdrInfo* hdrInfo); +WOLFSSL_LOCAL int Dtls13HandshakeSend(WOLFSSL* ssl, byte* output, + word16 output_size, word16 length, enum HandShakeType handshake_type, + int hash_output); +WOLFSSL_LOCAL int Dtls13RecordRecvd(WOLFSSL* ssl); +WOLFSSL_LOCAL int Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, + word32* inOutIdx, word32 totalSz); +WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, + enum HandShakeType msg_type, word32 length); +#define EE_MASK (0x3) +WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl); +WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, + word32* processedSize); +WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, + w64wrapper* epoch); +WOLFSSL_LOCAL int Dtls13ReconstructSeqNumber(WOLFSSL* ssl, + Dtls13UnifiedHdrInfo* hdrInfo, w64wrapper* out); +WOLFSSL_LOCAL int SendDtls13Ack(WOLFSSL* ssl); +WOLFSSL_LOCAL int Dtls13RtxProcessingCertificate(WOLFSSL* ssl, byte* input, + word32 inputSize); +WOLFSSL_LOCAL int Dtls13HashHandshake(WOLFSSL* ssl, const byte* output, + word16 length); +WOLFSSL_LOCAL void Dtls13FreeFsmResources(WOLFSSL* ssl); +WOLFSSL_LOCAL int Dtls13RtxTimeout(WOLFSSL* ssl); +WOLFSSL_LOCAL int Dtls13ProcessBufferedMessages(WOLFSSL* ssl); +WOLFSSL_LOCAL int Dtls13CheckAEADFailLimit(WOLFSSL* ssl); +#endif /* WOLFSSL_DTLS13 */ + +#ifdef WOLFSSL_STATIC_EPHEMERAL +WOLFSSL_LOCAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr); +#endif + +#ifndef NO_CERTS +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_LOCAL int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, + const WOLFSSL_ASN1_STRING* asn_in); +#endif +#ifdef OPENSSL_EXTRA +WOLFSSL_LOCAL int GetX509Error(int e); +#endif +#endif + +#if defined(HAVE_EX_DATA) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ + defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index); +#endif + +#if !defined(WC_NO_RNG) && (defined(OPENSSL_EXTRA) || \ + (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA))) +WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void); +#endif + +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) +WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, + unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz); +#endif +#endif + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) +WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, + int publicKey, void* heap); +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) +WOLFSSL_LOCAL int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s); +#endif + +#ifdef WOLFSSL_QUIC +#define WOLFSSL_IS_QUIC(s) (((s) != NULL) && ((s)->quic.method != NULL)) +WOLFSSL_LOCAL int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz); +WOLFSSL_LOCAL int wolfSSL_quic_send(WOLFSSL* ssl); +WOLFSSL_LOCAL void wolfSSL_quic_clear(WOLFSSL* ssl); +WOLFSSL_LOCAL void wolfSSL_quic_free(WOLFSSL* ssl); +WOLFSSL_LOCAL int wolfSSL_quic_forward_secrets(WOLFSSL *ssl, + int ktype, int side); +WOLFSSL_LOCAL int wolfSSL_quic_keys_active(WOLFSSL* ssl, enum encrypt_side side); + +#else +#define WOLFSSL_IS_QUIC(s) 0 +#endif /* WOLFSSL_QUIC (else) */ #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/libwolfssl.a b/source/libs/libwolfssl/libwolfssl.a index 2aac649d..d6fa0f21 100644 Binary files a/source/libs/libwolfssl/libwolfssl.a and b/source/libs/libwolfssl/libwolfssl.a differ diff --git a/source/libs/libwolfssl/ocsp.h b/source/libs/libwolfssl/ocsp.h index 8a8dcc53..a984ee05 100644 --- a/source/libs/libwolfssl/ocsp.h +++ b/source/libs/libwolfssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,13 +50,13 @@ typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ; typedef struct OcspRequest WOLFSSL_OCSP_REQUEST; #endif -WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); -WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); +WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm); +WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic); -WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, - WOLFSSL_BUFFER_INFO* responseBuffer); -WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*, - WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl); +WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, + WOLFSSL_BUFFER_INFO* responseBuffer); +WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert, + WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl); WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer); WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, @@ -103,14 +103,21 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data); WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, WOLFSSL_OCSP_CERTID *cid); -WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*); +WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup( + WOLFSSL_OCSP_CERTID* id); #ifndef NO_BIO WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req); #endif -WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **); -WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single); +WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, + unsigned char** data); +WOLFSSL_API +WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, + const unsigned char** derIn, + int length); +WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id( + const WOLFSSL_OCSP_SINGLERESP *single); WOLFSSL_API int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b); WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, int *reason, @@ -118,7 +125,8 @@ WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, WOLFSSL_ASN1_TIME **thisupd, WOLFSSL_ASN1_TIME **nextupd); WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); -WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx); +WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0( + WOLFSSL_OCSP_BASICRESP *bs, int idx); #endif #ifdef OPENSSL_EXTRA @@ -128,9 +136,9 @@ WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, WOLFSSL_OCSP_BASICRESP* bs); WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s); -WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING**, - WOLFSSL_ASN1_OBJECT**, WOLFSSL_ASN1_STRING**, - WOLFSSL_ASN1_INTEGER**, WOLFSSL_OCSP_CERTID*); +WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, + WOLFSSL_ASN1_OBJECT **pmd, WOLFSSL_ASN1_STRING **keyHash, + WOLFSSL_ASN1_INTEGER **serial, WOLFSSL_OCSP_CERTID *cid); WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, int sz); diff --git a/source/libs/libwolfssl/openssl/aes.h b/source/libs/libwolfssl/openssl/aes.h index afd6fcec..736a8898 100644 --- a/source/libs/libwolfssl/openssl/aes.h +++ b/source/libs/libwolfssl/openssl/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,25 +46,24 @@ typedef struct WOLFSSL_AES_KEY { } WOLFSSL_AES_KEY; typedef WOLFSSL_AES_KEY AES_KEY; -WOLFSSL_API int wolfSSL_AES_set_encrypt_key - (const unsigned char *, const int bits, AES_KEY *); -WOLFSSL_API int wolfSSL_AES_set_decrypt_key - (const unsigned char *, const int bits, AES_KEY *); -WOLFSSL_API void wolfSSL_AES_cbc_encrypt - (const unsigned char *in, unsigned char* out, size_t len, - AES_KEY *key, unsigned char* iv, const int enc); -WOLFSSL_API void wolfSSL_AES_ecb_encrypt - (const unsigned char *in, unsigned char* out, - AES_KEY *key, const int enc); -WOLFSSL_API void wolfSSL_AES_cfb128_encrypt - (const unsigned char *in, unsigned char* out, size_t len, - AES_KEY *key, unsigned char* iv, int* num, const int enc); -WOLFSSL_API int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen); -WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen); +WOLFSSL_API int wolfSSL_AES_set_encrypt_key( + const unsigned char *key, const int bits, AES_KEY *aes); +WOLFSSL_API int wolfSSL_AES_set_decrypt_key( + const unsigned char *key, const int bits, AES_KEY *aes); +WOLFSSL_API void wolfSSL_AES_cbc_encrypt( + const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, + unsigned char* iv, const int enc); +WOLFSSL_API void wolfSSL_AES_ecb_encrypt( + const unsigned char *in, unsigned char* out, AES_KEY *key, const int enc); +WOLFSSL_API void wolfSSL_AES_cfb128_encrypt( + const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, + unsigned char* iv, int* num, const int enc); +WOLFSSL_API int wolfSSL_AES_wrap_key( + AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen); +WOLFSSL_API int wolfSSL_AES_unwrap_key( + AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen); #define AES_cbc_encrypt wolfSSL_AES_cbc_encrypt #define AES_ecb_encrypt wolfSSL_AES_ecb_encrypt @@ -75,14 +74,14 @@ WOLFSSL_API int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv, #define AES_unwrap_key wolfSSL_AES_unwrap_key #ifdef WOLFSSL_AES_DIRECT -WOLFSSL_API void wolfSSL_AES_encrypt - (const unsigned char* input, unsigned char* output, AES_KEY *); -WOLFSSL_API void wolfSSL_AES_decrypt - (const unsigned char* input, unsigned char* output, AES_KEY *); +WOLFSSL_API void wolfSSL_AES_encrypt( + const unsigned char* input, unsigned char* output, AES_KEY *key); +WOLFSSL_API void wolfSSL_AES_decrypt( + const unsigned char* input, unsigned char* output, AES_KEY *key); #define AES_encrypt wolfSSL_AES_encrypt #define AES_decrypt wolfSSL_AES_decrypt -#endif /* HAVE_AES_DIRECT */ +#endif /* WOLFSSL_AES_DIRECT */ #ifndef AES_ENCRYPT #define AES_ENCRYPT AES_ENCRYPTION diff --git a/source/libs/libwolfssl/openssl/asn1.h b/source/libs/libwolfssl/openssl/asn1.h index 14efe494..ac57aad3 100644 --- a/source/libs/libwolfssl/openssl/asn1.h +++ b/source/libs/libwolfssl/openssl/asn1.h @@ -1,6 +1,6 @@ /* asn1.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,15 +26,16 @@ #include -#define ASN1_STRING_new wolfSSL_ASN1_STRING_new -#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new -#define ASN1_STRING_type wolfSSL_ASN1_STRING_type -#define ASN1_STRING_set wolfSSL_ASN1_STRING_set -#define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new +#define ASN1_STRING_type wolfSSL_ASN1_STRING_type +#define ASN1_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free -#define ASN1_get_object wolfSSL_ASN1_get_object -#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT -#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT +#define ASN1_get_object wolfSSL_ASN1_get_object +#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT +#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define V_ASN1_INTEGER 0x02 #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ @@ -68,9 +69,11 @@ #define ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print #define ASN1_TIME_check wolfSSL_ASN1_TIME_check #define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff +#define ASN1_TIME_compare wolfSSL_ASN1_TIME_compare #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define V_ASN1_EOC 0 +#define V_ASN1_NULL 5 #define V_ASN1_OBJECT 6 #define V_ASN1_UTF8STRING 12 #define V_ASN1_SEQUENCE 16 @@ -92,9 +95,20 @@ #define ASN1_STRING_FLAG_MSTRING 0x040 #define ASN1_STRING_FLAG_EMBED 0x080 +/* X.509 PKI size limits from RFC2459 (appendix A) */ +/* internally our limit is CTC_NAME_SIZE (64) - overriden with WC_CTC_NAME_SIZE */ +#define ub_name CTC_NAME_SIZE /* 32768 */ +#define ub_common_name CTC_NAME_SIZE /* 64 */ +#define ub_locality_name CTC_NAME_SIZE /* 128 */ +#define ub_state_name CTC_NAME_SIZE /* 128 */ +#define ub_organization_name CTC_NAME_SIZE /* 64 */ +#define ub_organization_unit_name CTC_NAME_SIZE /* 64 */ +#define ub_title CTC_NAME_SIZE /* 64 */ +#define ub_email_address CTC_NAME_SIZE /* 128 */ + WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( - const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*); + const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai); WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value); @@ -129,11 +143,10 @@ typedef enum { } WOLFSSL_ASN1_TYPES; #define ASN1_SEQUENCE(type) \ - static type __##type##_dummy_struct;\ static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] #define ASN1_SIMPLE(type, member, member_type) \ - { (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \ + { OFFSETOF(type, member), \ WOLFSSL_##member_type##_ASN1 } #define ASN1_SEQUENCE_END(type) \ @@ -151,6 +164,7 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest, const WOLFSSL_ASN1_ITEM *tpl); /* Need function declaration otherwise compiler complains */ +/* // NOLINTBEGIN(readability-named-parameter) */ #define IMPLEMENT_ASN1_FUNCTIONS(type) \ type *type##_new(void); \ type *type##_new(void){ \ @@ -165,6 +179,7 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest, { \ return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\ } +/* // NOLINTEND(readability-named-parameter) */ #endif /* OPENSSL_ALL */ diff --git a/source/libs/libwolfssl/openssl/asn1t.h b/source/libs/libwolfssl/openssl/asn1t.h index feafbf09..abbc6aca 100644 --- a/source/libs/libwolfssl/openssl/asn1t.h +++ b/source/libs/libwolfssl/openssl/asn1t.h @@ -1,6 +1,6 @@ /* asn1t.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/bio.h b/source/libs/libwolfssl/openssl/bio.h index 7f9b049a..30119840 100644 --- a/source/libs/libwolfssl/openssl/bio.h +++ b/source/libs/libwolfssl/openssl/bio.h @@ -1,6 +1,6 @@ /* bio.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,13 +25,12 @@ #ifndef WOLFSSL_BIO_H_ #define WOLFSSL_BIO_H_ -#include - #ifdef __cplusplus extern "C" { #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL #define BIO_FLAGS_READ WOLFSSL_BIO_FLAG_READ @@ -58,11 +57,13 @@ #define BIO_s_file wolfSSL_BIO_s_file #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_s_accept wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd #define BIO_set_close wolfSSL_BIO_set_close #define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request #define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size #define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair +#define BIO_up_ref wolfSSL_BIO_up_ref #define BIO_new_fd wolfSSL_BIO_new_fd #define BIO_set_fp wolfSSL_BIO_set_fp @@ -109,6 +110,8 @@ #define BIO_get_shutdown wolfSSL_BIO_get_shutdown #define BIO_set_shutdown wolfSSL_BIO_set_shutdown +#define BIO_get_fd wolfSSL_BIO_get_fd + #define BIO_clear_flags wolfSSL_BIO_clear_flags #define BIO_set_ex_data wolfSSL_BIO_set_ex_data #define BIO_get_ex_data wolfSSL_BIO_get_ex_data @@ -138,6 +141,8 @@ #define BIO_CTRL_RESET 1 #define BIO_CTRL_EOF 2 #define BIO_CTRL_INFO 3 +#define BIO_CTRL_SET 4 +#define BIO_CTRL_GET 5 #define BIO_CTRL_PUSH 6 #define BIO_CTRL_POP 7 #define BIO_CTRL_GET_CLOSE 8 @@ -165,11 +170,11 @@ #define BIO_FP_WRITE 0x04 +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus } /* extern "C" */ #endif - #endif /* WOLFSSL_BIO_H_ */ - diff --git a/source/libs/libwolfssl/openssl/bn.h b/source/libs/libwolfssl/openssl/bn.h index 474001d8..31762631 100644 --- a/source/libs/libwolfssl/openssl/bn.h +++ b/source/libs/libwolfssl/openssl/bn.h @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,95 +47,140 @@ typedef struct WOLFSSL_BIGNUM { #endif } WOLFSSL_BIGNUM; - -#define BN_ULONG WOLFSSL_BN_ULONG #define WOLFSSL_BN_ULONG unsigned long +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define BN_ULONG WOLFSSL_BN_ULONG +#endif -typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; +#ifndef WOLFSSL_MAX_BN_BITS + #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define WOLFSSL_MAX_BN_BITS SP_INT_BITS + #elif defined(USE_FAST_MATH) + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define WOLFSSL_MAX_BN_BITS (FP_MAX_BITS / 2) + #else + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* Integer maths is dynamic but we only go up to 8192 bits. */ + #define WOLFSSL_MAX_BN_BITS 8192 + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define WOLFSSL_MAX_BN_BITS 4096 + #endif + #endif +#endif + +typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void); -WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*); -WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*); +WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx); +WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void); #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT) -WOLFSSL_API void wolfSSL_BN_init(WOLFSSL_BIGNUM *); +WOLFSSL_API void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn); #endif -WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*); -WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*); -WOLFSSL_API void wolfSSL_BN_clear(WOLFSSL_BIGNUM*); +WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn); +WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn); +WOLFSSL_API void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn); -WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, - const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, - const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*); +WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a, + const WOLFSSL_BIGNUM* b); +WOLFSSL_API int wolfSSL_BN_mul(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, + WOLFSSL_BIGNUM *b, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API int wolfSSL_BN_div(WOLFSSL_BIGNUM* dv, WOLFSSL_BIGNUM* rem, + const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* d, + WOLFSSL_BN_CTX* ctx); +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) +WOLFSSL_API int wolfSSL_BN_gcd(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a, + WOLFSSL_BIGNUM* b, WOLFSSL_BN_CTX* ctx); +#endif +WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a, + const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c); WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, - const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, - const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void); -WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn); -WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); +WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_one(WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn); +WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); -WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b); -WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*); -WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len, - WOLFSSL_BIGNUM* ret); +WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, + WOLFSSL_BIGNUM* ret); -WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n); +WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n); -WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top, - int bottom); -WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom); -WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n); -WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str); +WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, + int bottom); +WOLFSSL_API int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range); +WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom); +WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n); +WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str); -WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*); -WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*, - const WOLFSSL_BIGNUM*); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, + const WOLFSSL_BIGNUM* bn); -WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str); -WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str); +WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn); -WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); -WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); -WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int); -WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int); -WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); -WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn, + int n); +WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n); +WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n); +WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM* bn); -WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, - WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM* r, WOLFSSL_BIGNUM* a, + WOLFSSL_BIGNUM* b); WOLFSSL_API int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); -WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, - WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*); -WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, - WOLFSSL_BN_ULONG); -#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); +WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM* bn); +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA)) +WOLFSSL_API int wolfSSL_BN_generate_prime_ex( + WOLFSSL_BIGNUM* prime, int bits, int safe, const WOLFSSL_BIGNUM* add, + const WOLFSSL_BIGNUM* rem, WOLFSSL_BN_GENCB* cb); +WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks, + WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb); +WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, + WOLFSSL_BN_ULONG w); #endif -WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn); +#endif +WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, + int n); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx); -WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, - const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse( + WOLFSSL_BIGNUM *r, + WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *n, + WOLFSSL_BN_CTX *ctx); -typedef WOLFSSL_BIGNUM BIGNUM; -typedef WOLFSSL_BN_CTX BN_CTX; + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +typedef WOLFSSL_BIGNUM BIGNUM; +typedef WOLFSSL_BN_CTX BN_CTX; typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_CTX_new wolfSSL_BN_CTX_new @@ -151,11 +196,13 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_num_bytes wolfSSL_BN_num_bytes #define BN_num_bits wolfSSL_BN_num_bits -#define BN_is_zero wolfSSL_BN_is_zero -#define BN_is_one wolfSSL_BN_is_one -#define BN_is_odd wolfSSL_BN_is_odd +#define BN_zero wolfSSL_BN_zero +#define BN_one wolfSSL_BN_one +#define BN_is_zero wolfSSL_BN_is_zero +#define BN_is_one wolfSSL_BN_is_one +#define BN_is_odd wolfSSL_BN_is_odd #define BN_is_negative wolfSSL_BN_is_negative -#define BN_is_word wolfSSL_BN_is_word +#define BN_is_word wolfSSL_BN_is_word #define BN_cmp wolfSSL_BN_cmp @@ -166,12 +213,16 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_mod_exp wolfSSL_BN_mod_exp #define BN_mod_mul wolfSSL_BN_mod_mul #define BN_sub wolfSSL_BN_sub +#define BN_mul wolfSSL_BN_mul +#define BN_div wolfSSL_BN_div +#define BN_gcd wolfSSL_BN_gcd #define BN_value_one wolfSSL_BN_value_one #define BN_mask_bits wolfSSL_mask_bits #define BN_pseudo_rand wolfSSL_BN_pseudo_rand #define BN_rand wolfSSL_BN_rand +#define BN_rand_range wolfSSL_BN_rand_range #define BN_is_bit_set wolfSSL_BN_is_bit_set #define BN_hex2bn wolfSSL_BN_hex2bn @@ -187,16 +238,18 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_lshift wolfSSL_BN_lshift #define BN_add_word wolfSSL_BN_add_word +#define BN_sub_word wolfSSL_BN_sub_word #define BN_add wolfSSL_BN_add #define BN_mod_add wolfSSL_BN_mod_add #define BN_set_word wolfSSL_BN_set_word #define BN_set_bit wolfSSL_BN_set_bit #define BN_clear_bit wolfSSL_BN_clear_bit - +#define BN_generate_prime_ex wolfSSL_BN_generate_prime_ex #define BN_is_prime_ex wolfSSL_BN_is_prime_ex #define BN_print_fp wolfSSL_BN_print_fp #define BN_rshift wolfSSL_BN_rshift +#define BN_rshift1(r, a) wolfSSL_BN_rshift((r), (a), 1) #define BN_mod_word wolfSSL_BN_mod_word #define BN_CTX_get wolfSSL_BN_CTX_get @@ -217,6 +270,10 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_get_rfc3526_prime_8192 wolfSSL_DH_8192_prime #endif +#define BN_prime_checks 0 + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/openssl/buffer.h b/source/libs/libwolfssl/openssl/buffer.h index f090d19f..2bd662c1 100644 --- a/source/libs/libwolfssl/openssl/buffer.h +++ b/source/libs/libwolfssl/openssl/buffer.h @@ -1,6 +1,6 @@ /* buffer.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,9 +33,10 @@ WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void); WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len); +WOLFSSL_API int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len, + char zeroFill); +WOLFSSL_API int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len); WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf); -WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize); -WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize); #define BUF_MEM_new wolfSSL_BUF_MEM_new @@ -43,8 +44,8 @@ WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize); #define BUF_MEM_free wolfSSL_BUF_MEM_free #define BUF_strdup strdup -#define BUF_strlcpy wolfSSL_strlcpy -#define BUF_strlcat wolfSSL_strlcat +#define BUF_strlcpy wc_strlcpy +#define BUF_strlcat wc_strlcat #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/openssl/camellia.h b/source/libs/libwolfssl/openssl/camellia.h new file mode 100644 index 00000000..ba2a28bb --- /dev/null +++ b/source/libs/libwolfssl/openssl/camellia.h @@ -0,0 +1,27 @@ +/* camellia.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_CAMELLIA_H_ +#define WOLFSSL_CAMELLIA_H_ + +#include + +#endif /* WOLFSSL_CAMELLIA_H_ */ diff --git a/source/libs/libwolfssl/openssl/cmac.h b/source/libs/libwolfssl/openssl/cmac.h new file mode 100644 index 00000000..70d24950 --- /dev/null +++ b/source/libs/libwolfssl/openssl/cmac.h @@ -0,0 +1,61 @@ +/* cmac.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_CMAC_H_ +#define WOLFSSL_CMAC_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct WOLFSSL_CMAC_CTX { + void* internal; /* internal Cmac object */ + WOLFSSL_EVP_CIPHER_CTX* cctx; +} WOLFSSL_CMAC_CTX; + +typedef WOLFSSL_CMAC_CTX CMAC_CTX; + +WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void); +WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx); +WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx( + WOLFSSL_CMAC_CTX* ctx); +WOLFSSL_API int wolfSSL_CMAC_Init( + WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen, + const WOLFSSL_EVP_CIPHER* cipher, WOLFSSL_ENGINE* engine); +WOLFSSL_API int wolfSSL_CMAC_Update( + WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len); +WOLFSSL_API int wolfSSL_CMAC_Final( + WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len); + +#define CMAC_CTX_new wolfSSL_CMAC_CTX_new +#define CMAC_CTX_free wolfSSL_CMAC_CTX_free +#define CMAC_CTX_get0_cipher_ctx wolfSSL_CMAC_CTX_get0_cipher_ctx +#define CMAC_Init wolfSSL_CMAC_Init +#define CMAC_Update wolfSSL_CMAC_Update +#define CMAC_Final wolfSSL_CMAC_Final + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_CMAC_H_ */ diff --git a/source/libs/libwolfssl/openssl/compat_types.h b/source/libs/libwolfssl/openssl/compat_types.h new file mode 100644 index 00000000..81761ddf --- /dev/null +++ b/source/libs/libwolfssl/openssl/compat_types.h @@ -0,0 +1,66 @@ +/* compat_types.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + * Move types that cause cyclical dependency errors here. + */ + +#ifndef WOLFSSL_OPENSSL_COMPAT_TYPES_H_ +#define WOLFSSL_OPENSSL_COMPAT_TYPES_H_ + +#include +#include +#include + +#ifndef NO_HMAC +typedef struct WOLFSSL_HMAC_CTX { + Hmac hmac; + int type; + word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; +} WOLFSSL_HMAC_CTX; +#endif + +typedef char WOLFSSL_EVP_MD; +typedef char WOLFSSL_EVP_CIPHER; +typedef int WOLFSSL_ENGINE; + +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; +typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; +typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; +typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX; +typedef struct WOLFSSL_ASN1_PCTX WOLFSSL_ASN1_PCTX; + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +typedef WOLFSSL_EVP_MD EVP_MD; +typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; +typedef WOLFSSL_EVP_CIPHER EVP_CIPHER; +typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; +typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; +typedef WOLFSSL_EVP_PKEY EVP_PKEY; +typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; + +typedef WOLFSSL_ENGINE ENGINE; +typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#endif /* !WOLFSSL_OPENSSL_COMPAT_TYPES_H_ */ diff --git a/source/libs/libwolfssl/openssl/conf.h b/source/libs/libwolfssl/openssl/conf.h index 246fccca..fb4cdee2 100644 --- a/source/libs/libwolfssl/openssl/conf.h +++ b/source/libs/libwolfssl/openssl/conf.h @@ -1,6 +1,6 @@ /* conf.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/crypto.h b/source/libs/libwolfssl/openssl/crypto.h index 9b804b43..055acf84 100644 --- a/source/libs/libwolfssl/openssl/crypto.h +++ b/source/libs/libwolfssl/openssl/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,12 +47,19 @@ typedef void (CRYPTO_free_func)(void* parent, void* ptr, CRYPTO_EX_DATA* ad, int #include "prefix_crypto.h" #endif +#ifdef __cplusplus + extern "C" { +#endif + WOLFSSL_API const char* wolfSSLeay_version(int type); WOLFSSL_API unsigned long wolfSSLeay(void); WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API void wolfSSL_OPENSSL_free(void* p); +#endif + #ifdef OPENSSL_EXTRA -WOLFSSL_API void wolfSSL_OPENSSL_free(void*); WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c); WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len); @@ -60,6 +67,25 @@ WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings); #endif +/* class index for wolfSSL_CRYPTO_get_ex_new_index */ +#define CRYPTO_EX_INDEX_SSL WOLF_CRYPTO_EX_INDEX_SSL +#define CRYPTO_EX_INDEX_SSL_CTX WOLF_CRYPTO_EX_INDEX_SSL_CTX +#define CRYPTO_EX_INDEX_SSL_SESSION WOLF_CRYPTO_EX_INDEX_SSL_SESSION +#define CRYPTO_EX_INDEX_X509 WOLF_CRYPTO_EX_INDEX_X509 +#define CRYPTO_EX_INDEX_X509_STORE WOLF_CRYPTO_EX_INDEX_X509_STORE +#define CRYPTO_EX_INDEX_X509_STORE_CTX WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX +#define CRYPTO_EX_INDEX_DH WOLF_CRYPTO_EX_INDEX_DH +#define CRYPTO_EX_INDEX_DSA WOLF_CRYPTO_EX_INDEX_DSA +#define CRYPTO_EX_INDEX_EC_KEY WOLF_CRYPTO_EX_INDEX_EC_KEY +#define CRYPTO_EX_INDEX_RSA WOLF_CRYPTO_EX_INDEX_RSA +#define CRYPTO_EX_INDEX_ENGINE WOLF_CRYPTO_EX_INDEX_ENGINE +#define CRYPTO_EX_INDEX_UI WOLF_CRYPTO_EX_INDEX_UI +#define CRYPTO_EX_INDEX_BIO WOLF_CRYPTO_EX_INDEX_BIO +#define CRYPTO_EX_INDEX_APP WOLF_CRYPTO_EX_INDEX_APP +#define CRYPTO_EX_INDEX_UI_METHOD WOLF_CRYPTO_EX_INDEX_UI_METHOD +#define CRYPTO_EX_INDEX_DRBG WOLF_CRYPTO_EX_INDEX_DRBG +#define CRYPTO_EX_INDEX__COUNT WOLF_CRYPTO_EX_INDEX__COUNT + #define crypto_threadid_st WOLFSSL_CRYPTO_THREADID #define CRYPTO_THREADID WOLFSSL_CRYPTO_THREADID @@ -126,4 +152,8 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */ +#ifdef __cplusplus + } /* extern "C" */ +#endif + #endif /* header */ diff --git a/source/libs/libwolfssl/openssl/des.h b/source/libs/libwolfssl/openssl/des.h index a6bf3d7f..79b70961 100644 --- a/source/libs/libwolfssl/openssl/des.h +++ b/source/libs/libwolfssl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,8 +62,8 @@ WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key); WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key); -WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*, - WOLFSSL_DES_key_schedule*); +WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes, + WOLFSSL_DES_key_schedule* key); WOLFSSL_API int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key, WOLFSSL_DES_key_schedule* schedule); WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input, @@ -81,10 +81,10 @@ WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec, int enc); -WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*); -WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*, - WOLFSSL_DES_key_schedule*, int); -WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock*); +WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes); +WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, + WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc); +WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes); typedef WOLFSSL_DES_cblock DES_cblock; diff --git a/source/libs/libwolfssl/openssl/dh.h b/source/libs/libwolfssl/openssl/dh.h index a18e78c1..9de3d44f 100644 --- a/source/libs/libwolfssl/openssl/dh.h +++ b/source/libs/libwolfssl/openssl/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,45 +33,56 @@ #endif #ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */ -typedef struct WOLFSSL_DH WOLFSSL_DH; -#define WOLFSSL_DH_TYPE_DEFINED + typedef struct WOLFSSL_DH WOLFSSL_DH; + #define WOLFSSL_DH_TYPE_DEFINED #endif -typedef WOLFSSL_DH DH; - struct WOLFSSL_DH { WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; WOLFSSL_BIGNUM* q; - WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */ - WOLFSSL_BIGNUM* priv_key; /* openssh deference x */ + WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */ + WOLFSSL_BIGNUM* priv_key; /* openssh deference x */ void* internal; /* our DH */ char inSet; /* internal set from external ? */ char exSet; /* external set from internal ? */ /*added for lighttpd openssl compatibility, go back and add a getter in * lighttpd src code. */ - int length; + int length; + wolfSSL_Ref ref; /* Reference count information. */ }; WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, const unsigned char **pp, long length); WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); -WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); +WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new_by_nid(int nid); +WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH* dh); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh); +WOLFSSL_API int wolfSSL_DH_up_ref(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); -WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); -WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh); +WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub, - WOLFSSL_DH*); -WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz); -WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, - WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); - -#define DH_new wolfSSL_DH_new -#define DH_free wolfSSL_DH_free + WOLFSSL_DH* dh); +WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, + int derSz); +WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len); +WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, + WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g); + +WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void); + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +typedef WOLFSSL_DH DH; + +#define DH_new wolfSSL_DH_new +#define DH_free wolfSSL_DH_free +#define DH_up_ref wolfSSL_DH_up_ref +#define DH_new_by_nid wolfSSL_DH_new_by_nid #define d2i_DHparams wolfSSL_d2i_DHparams #define i2d_DHparams wolfSSL_i2d_DHparams @@ -80,11 +91,12 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, #define DH_size wolfSSL_DH_size #define DH_generate_key wolfSSL_DH_generate_key #define DH_compute_key wolfSSL_DH_compute_key +#define DH_set_length wolfSSL_DH_set_length #define DH_set0_pqg wolfSSL_DH_set0_pqg #define DH_get0_pqg wolfSSL_DH_get0_pqg #define DH_get0_key wolfSSL_DH_get0_key #define DH_set0_key wolfSSL_DH_set0_key -#define DH_bits(x) (BN_num_bits(x->p)) +#define DH_bits(x) (BN_num_bits((x)->p)) #define DH_GENERATOR_2 2 #define DH_CHECK_P_NOT_PRIME 0x01 @@ -106,13 +118,20 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, #define get_rfc3526_prime_6144 wolfSSL_DH_6144_prime #define get_rfc3526_prime_8192 wolfSSL_DH_8192_prime -#ifdef __cplusplus - } /* extern "C" */ -#endif +#define DH_get_2048_256 wolfSSL_DH_get_2048_256 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) #define DH_generate_parameters wolfSSL_DH_generate_parameters #define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex #endif /* OPENSSL_ALL || HAVE_STUNNEL */ +#define DH_GENERATOR_2 2 +#define DH_GENERATOR_5 5 + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + #endif /* WOLFSSL_DH_H_ */ diff --git a/source/libs/libwolfssl/openssl/dsa.h b/source/libs/libwolfssl/openssl/dsa.h index e34943aa..4582113f 100644 --- a/source/libs/libwolfssl/openssl/dsa.h +++ b/source/libs/libwolfssl/openssl/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,8 +41,6 @@ typedef struct WOLFSSL_DSA WOLFSSL_DSA; #define WOLFSSL_DSA_TYPE_DEFINED #endif -typedef WOLFSSL_DSA DSA; - struct WOLFSSL_DSA { WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* q; @@ -56,15 +54,18 @@ struct WOLFSSL_DSA { WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void); -WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*); +WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA* dsa); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +WOLFSSL_API int wolfSSL_DSA_print_fp(XFILE fp, WOLFSSL_DSA* dsa, int indent); +#endif /* !NO_FILESYSTEM && NO_STDIO_FILESYSTEM */ -WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*); +WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa); typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg); WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed, int seedLen, int* counterRet, unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg); -WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits, +WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, unsigned char* seed, int seedLen, int* counterRet, unsigned long* hRet, void* cb); @@ -79,17 +80,17 @@ WOLFSSL_API int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key, WOLFSSL_BIGNUM *priv_key); -WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz); +WOLFSSL_API int wolfSSL_DSA_LoadDer( + WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz); -WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*, - int sz, int opt); +WOLFSSL_API int wolfSSL_DSA_LoadDer_ex( + WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz, int opt); -WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, - unsigned char* sigRet, WOLFSSL_DSA* dsa); +WOLFSSL_API int wolfSSL_DSA_do_sign( + const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa); -WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, - unsigned char* sig, - WOLFSSL_DSA* dsa, int *dsacheck); +WOLFSSL_API int wolfSSL_DSA_do_verify( + const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck); WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d); @@ -109,11 +110,21 @@ WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa); +WOLFSSL_API int wolfSSL_i2d_DSAparams( + const WOLFSSL_DSA* dsa, unsigned char** out); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams( + WOLFSSL_DSA** dsa, const unsigned char** der, long derLen); + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +typedef WOLFSSL_DSA DSA; + #define WOLFSSL_DSA_LOAD_PRIVATE 1 #define WOLFSSL_DSA_LOAD_PUBLIC 2 #define DSA_new wolfSSL_DSA_new #define DSA_free wolfSSL_DSA_free +#define DSA_print_fp wolfSSL_DSA_print_fp #define DSA_LoadDer wolfSSL_DSA_LoadDer #define DSA_generate_key wolfSSL_DSA_generate_key @@ -132,12 +143,15 @@ WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest #define d2i_DSA_SIG wolfSSL_d2i_DSA_SIG #define DSA_do_sign wolfSSL_DSA_do_sign_ex #define DSA_do_verify wolfSSL_DSA_do_verify_ex - +#define i2d_DSAparams wolfSSL_i2d_DSAparams +#define d2i_DSAparams wolfSSL_d2i_DSAparams #define DSA_SIG WOLFSSL_DSA_SIG +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus - } /* extern "C" */ + } /* extern "C" */ #endif #endif /* header */ diff --git a/source/libs/libwolfssl/openssl/ec.h b/source/libs/libwolfssl/openssl/ec.h index 77019dcc..73b6614a 100644 --- a/source/libs/libwolfssl/openssl/ec.h +++ b/source/libs/libwolfssl/openssl/ec.h @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,6 +32,7 @@ extern "C" { #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Map OpenSSL NID value */ enum { POINT_CONVERSION_COMPRESSED = 2, @@ -45,7 +46,7 @@ enum { NID_X9_62_prime192v3 = 411, NID_X9_62_prime239v1 = 412, NID_X9_62_prime239v2 = 413, - NID_X9_62_prime239v3 = 414, + NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */ NID_X9_62_prime256v1 = 415, NID_secp112r1 = 704, NID_secp112r2 = 705, @@ -76,24 +77,21 @@ enum { NID_ED25519 = ED25519k, #endif - OPENSSL_EC_NAMED_CURVE = 0x001 + OPENSSL_EC_EXPLICIT_CURVE = 0x000, + OPENSSL_EC_NAMED_CURVE = 0x001, }; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */ -typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; -typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; -typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; -typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE; -/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */ -typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD; -#define WOLFSSL_EC_TYPE_DEFINED -#endif + typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; + typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; + typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; + typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE; + /* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */ + typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD; -typedef WOLFSSL_EC_KEY EC_KEY; -typedef WOLFSSL_EC_GROUP EC_GROUP; -typedef WOLFSSL_EC_GROUP EC_METHOD; -typedef WOLFSSL_EC_POINT EC_POINT; -typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; + #define WOLFSSL_EC_TYPE_DEFINED +#endif struct WOLFSSL_EC_POINT { WOLFSSL_BIGNUM *X; @@ -117,6 +115,7 @@ struct WOLFSSL_EC_KEY { WOLFSSL_BIGNUM *priv_key; void* internal; /* our ECC Key */ + void* heap; char form; /* Either POINT_CONVERSION_UNCOMPRESSED or * POINT_CONVERSION_COMPRESSED */ word16 pkcs8HeaderSz; @@ -124,6 +123,11 @@ struct WOLFSSL_EC_KEY { /* option bits */ byte inSet:1; /* internal set from external ? */ byte exSet:1; /* external set from internal ? */ + +#ifndef SINGLE_THREADED + wolfSSL_Mutex refMutex; /* ref count mutex */ +#endif + int refCount; /* reference count */ }; struct WOLFSSL_EC_BUILTIN_CURVE { @@ -134,11 +138,15 @@ struct WOLFSSL_EC_BUILTIN_CURVE { #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 #define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 +typedef int point_conversion_form_t; + WOLFSSL_API size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src); +WOLFSSL_API +int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key); WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, @@ -169,6 +177,8 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out); WOLFSSL_API void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form); WOLFSSL_API +point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key); +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p, char form, @@ -200,6 +210,8 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid); WOLFSSL_API const char* wolfSSL_EC_curve_nid2nist(int nid); WOLFSSL_API int wolfSSL_EC_curve_nist2nid(const char* name); WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId); +WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void); WOLFSSL_API int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group); @@ -211,10 +223,18 @@ WOLFSSL_API int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub); WOLFSSL_API int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +WOLFSSL_API int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, + int indent); +#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key); WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz, unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key); +WOLFSSL_API int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, + int digestSz, const unsigned char *sig, + int sigSz, WOLFSSL_EC_KEY *key); + WOLFSSL_API void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag); WOLFSSL_API @@ -287,12 +307,21 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, WOLFSSL_BN_CTX* ctx); #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +typedef WOLFSSL_EC_KEY EC_KEY; +typedef WOLFSSL_EC_GROUP EC_GROUP; +typedef WOLFSSL_EC_GROUP EC_METHOD; +typedef WOLFSSL_EC_POINT EC_POINT; +typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; + #ifndef HAVE_ECC #define OPENSSL_NO_EC #endif #define EC_KEY_new wolfSSL_EC_KEY_new #define EC_KEY_free wolfSSL_EC_KEY_free +#define EC_KEY_up_ref wolfSSL_EC_KEY_up_ref #define EC_KEY_dup wolfSSL_EC_KEY_dup #define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key #define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group @@ -304,9 +333,11 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag #define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key #define EC_KEY_check_key wolfSSL_EC_KEY_check_key +#define EC_KEY_print_fp wolfSSL_EC_KEY_print_fp #define ECDSA_size wolfSSL_ECDSA_size #define ECDSA_sign wolfSSL_ECDSA_sign +#define ECDSA_verify wolfSSL_ECDSA_verify #define EC_GROUP_free wolfSSL_EC_GROUP_free #define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag @@ -328,8 +359,12 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_POINT_free wolfSSL_EC_POINT_free #define EC_POINT_get_affine_coordinates_GFp \ wolfSSL_EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_get_affine_coordinates \ + wolfSSL_EC_POINT_get_affine_coordinates_GFp #define EC_POINT_set_affine_coordinates_GFp \ wolfSSL_EC_POINT_set_affine_coordinates_GFp +#define EC_POINT_set_affine_coordinates \ + wolfSSL_EC_POINT_set_affine_coordinates_GFp #define EC_POINT_add wolfSSL_EC_POINT_add #define EC_POINT_mul wolfSSL_EC_POINT_mul #define EC_POINT_invert wolfSSL_EC_POINT_invert @@ -352,6 +387,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define d2i_ECPrivateKey wolfSSL_d2i_ECPrivateKey #define i2d_ECPrivateKey wolfSSL_i2d_ECPrivateKey #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form +#define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form #ifndef HAVE_SELFTEST #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex @@ -363,6 +399,8 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_curve_nid2nist wolfSSL_EC_curve_nid2nist #define EC_curve_nist2nid wolfSSL_EC_curve_nist2nid +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/openssl/ec25519.h b/source/libs/libwolfssl/openssl/ec25519.h index f9cf3c9f..977b0386 100644 --- a/source/libs/libwolfssl/openssl/ec25519.h +++ b/source/libs/libwolfssl/openssl/ec25519.h @@ -1,6 +1,6 @@ /* ec25519.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/ec448.h b/source/libs/libwolfssl/openssl/ec448.h index 3f0b1b7b..6d6fe661 100644 --- a/source/libs/libwolfssl/openssl/ec448.h +++ b/source/libs/libwolfssl/openssl/ec448.h @@ -1,6 +1,6 @@ /* ec448.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/ecdh.h b/source/libs/libwolfssl/openssl/ecdh.h index b40f99c7..e227d2ff 100644 --- a/source/libs/libwolfssl/openssl/ecdh.h +++ b/source/libs/libwolfssl/openssl/ecdh.h @@ -1,6 +1,6 @@ /* ecdh.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/ecdsa.h b/source/libs/libwolfssl/openssl/ecdsa.h index a1383940..2ae1d041 100644 --- a/source/libs/libwolfssl/openssl/ecdsa.h +++ b/source/libs/libwolfssl/openssl/ecdsa.h @@ -1,6 +1,6 @@ /* ecdsa.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,6 +46,10 @@ struct WOLFSSL_ECDSA_SIG { WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig); WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void); +WOLFSSL_API void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig, + const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s); +WOLFSSL_API int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r, + WOLFSSL_BIGNUM* s); WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dgst_len, WOLFSSL_EC_KEY *eckey); @@ -62,6 +66,8 @@ WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, #define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free #define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new +#define ECDSA_SIG_get0 wolfSSL_ECDSA_SIG_get0 +#define ECDSA_SIG_set0 wolfSSL_ECDSA_SIG_set0 #define ECDSA_do_sign wolfSSL_ECDSA_do_sign #define ECDSA_do_verify wolfSSL_ECDSA_do_verify #define d2i_ECDSA_SIG wolfSSL_d2i_ECDSA_SIG diff --git a/source/libs/libwolfssl/openssl/ed25519.h b/source/libs/libwolfssl/openssl/ed25519.h index 50683d4b..d7fca0e8 100644 --- a/source/libs/libwolfssl/openssl/ed25519.h +++ b/source/libs/libwolfssl/openssl/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/ed448.h b/source/libs/libwolfssl/openssl/ed448.h index 4ff184fb..3d55f458 100644 --- a/source/libs/libwolfssl/openssl/ed448.h +++ b/source/libs/libwolfssl/openssl/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/err.h b/source/libs/libwolfssl/openssl/err.h index 9debeeee..e9353de6 100644 --- a/source/libs/libwolfssl/openssl/err.h +++ b/source/libs/libwolfssl/openssl/err.h @@ -1,6 +1,6 @@ /* err.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,7 +24,9 @@ #include +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* err.h for openssl */ +#define ERR_load_ERR_strings wolfSSL_ERR_load_ERR_strings #define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings #define ERR_load_CRYPTO_strings wolfSSL_ERR_load_crypto_strings #define ERR_peek_last_error wolfSSL_ERR_peek_last_error @@ -35,9 +37,13 @@ #define ERR_R_DISABLED NOT_COMPILED_IN #define ERR_R_PASSED_INVALID_ARGUMENT BAD_FUNC_ARG #define RSA_R_UNKNOWN_PADDING_TYPE RSA_PAD_E +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE WC_KEY_SIZE_E #define EC_R_BUFFER_TOO_SMALL BUFFER_E +#define ERR_TXT_MALLOCED 1 + /* SSL function codes */ +#define RSA_F_RSA_PADDING_ADD_SSLV23 0 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 1 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2 #define SSL_F_SSL_USE_PRIVATEKEY 3 @@ -51,5 +57,7 @@ #define SSLerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) #define ECerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #endif /* WOLFSSL_OPENSSL_ERR_ */ diff --git a/source/libs/libwolfssl/openssl/evp.h b/source/libs/libwolfssl/openssl/evp.h index 4c29c3c2..c04a6cac 100644 --- a/source/libs/libwolfssl/openssl/evp.h +++ b/source/libs/libwolfssl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,14 +49,13 @@ #include #include #include +#include #include #include #include +#include #include -#ifdef HAVE_IDEA - #include -#endif #include #if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE) @@ -68,31 +67,24 @@ #endif -typedef char WOLFSSL_EVP_CIPHER; -#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ -typedef char WOLFSSL_EVP_MD; -typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; -typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; -#define WOLFSSL_EVP_TYPE_DEFINED -#endif - -typedef WOLFSSL_EVP_PKEY EVP_PKEY; -typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; - #ifndef NO_MD4 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void); #endif #ifndef NO_MD5 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); #endif -WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *); +WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *prompt); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void); -WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_sha512_224(void); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_sha512_256(void); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_ripemd160(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void); @@ -103,7 +95,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); #endif @@ -142,9 +134,16 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void); -WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void); +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20_poly1305(void); +#endif +#ifdef HAVE_CHACHA +/* ChaCha IV + counter is set as one IV in EVP */ +#define WOLFSSL_EVP_CHACHA_IV_BYTES (CHACHA_IV_BYTES + sizeof(word32)) +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20(void); +#endif typedef union { @@ -154,11 +153,15 @@ typedef union { #ifndef NO_MD5 WOLFSSL_MD5_CTX md5; #endif - WOLFSSL_SHA_CTX sha; + #ifndef NO_SHA + WOLFSSL_SHA_CTX sha; + #endif #ifdef WOLFSSL_SHA224 WOLFSSL_SHA224_CTX sha224; #endif - WOLFSSL_SHA256_CTX sha256; + #ifndef NO_SHA256 + WOLFSSL_SHA256_CTX sha256; + #endif #ifdef WOLFSSL_SHA384 WOLFSSL_SHA384_CTX sha384; #endif @@ -180,8 +183,6 @@ typedef union { #endif } WOLFSSL_Hasher; -typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; -typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX; struct WOLFSSL_EVP_MD_CTX { union { @@ -210,14 +211,146 @@ typedef union { Des3 des3; #endif Arc4 arc4; -#ifdef HAVE_IDEA - Idea idea; -#endif #ifdef WOLFSSL_QT int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr); #endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + ChaChaPoly_Aead chachaPoly; +#endif +#ifdef HAVE_CHACHA + ChaCha chacha; +#endif } WOLFSSL_Cipher; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +#define NID_aes_128_cbc 419 +#define NID_aes_192_cbc 423 +#define NID_aes_256_cbc 427 +#define NID_aes_128_ccm 896 +#define NID_aes_256_ccm 902 +#define NID_aes_128_gcm 895 +#define NID_aes_192_gcm 898 +#define NID_aes_256_gcm 901 +#define NID_aes_128_ctr 904 +#define NID_aes_192_ctr 905 +#define NID_aes_256_ctr 906 +#define NID_aes_128_ecb 418 +#define NID_aes_192_ecb 422 +#define NID_aes_256_ecb 426 +#define NID_des_cbc 31 +#define NID_des_ecb 29 +#define NID_des_ede3_cbc 44 +#define NID_des_ede3_ecb 33 +#define NID_aes_128_cfb1 650 +#define NID_aes_192_cfb1 651 +#define NID_aes_256_cfb1 652 +#define NID_aes_128_cfb8 653 +#define NID_aes_192_cfb8 654 +#define NID_aes_256_cfb8 655 +#define NID_aes_128_cfb128 421 +#define NID_aes_192_cfb128 425 +#define NID_aes_256_cfb128 429 +#define NID_aes_128_ofb 420 +#define NID_aes_192_ofb 424 +#define NID_aes_256_ofb 428 +#define NID_aes_128_xts 913 +#define NID_aes_256_xts 914 +#define NID_camellia_128_cbc 751 +#define NID_camellia_256_cbc 753 +#define NID_chacha20_poly1305 1018 +#define NID_chacha20 1019 +#define NID_md5WithRSA 104 +#define NID_md2WithRSAEncryption 9 +#define NID_md5WithRSAEncryption 99 +#define NID_dsaWithSHA1 113 +#define NID_dsaWithSHA1_2 70 +#define NID_sha1WithRSA 115 +#define NID_sha1WithRSAEncryption 65 +#define NID_sha224WithRSAEncryption 671 +#define NID_sha256WithRSAEncryption 668 +#define NID_sha384WithRSAEncryption 669 +#define NID_sha512WithRSAEncryption 670 +#define NID_RSA_SHA3_224 1116 +#define NID_RSA_SHA3_256 1117 +#define NID_RSA_SHA3_384 1118 +#define NID_RSA_SHA3_512 1119 +#define NID_ecdsa_with_SHA1 416 +#define NID_ecdsa_with_SHA224 793 +#define NID_ecdsa_with_SHA256 794 +#define NID_ecdsa_with_SHA384 795 +#define NID_ecdsa_with_SHA512 796 +#define NID_ecdsa_with_SHA3_224 1112 +#define NID_ecdsa_with_SHA3_256 1113 +#define NID_ecdsa_with_SHA3_384 1114 +#define NID_ecdsa_with_SHA3_512 1115 +#define NID_dsa_with_SHA224 802 +#define NID_dsa_with_SHA256 803 +#define NID_sha3_224 1096 +#define NID_sha3_256 1097 +#define NID_sha3_384 1098 +#define NID_sha3_512 1099 +#define NID_blake2b512 1056 +#define NID_blake2s256 1057 +#define NID_shake128 1100 +#define NID_shake256 1101 +#define NID_sha1 64 +#define NID_sha224 675 +#define NID_md2 77 +#define NID_md4 257 +#define NID_md5 40 +#define NID_hmac 855 +#define NID_hmacWithSHA1 163 +#define NID_hmacWithSHA224 798 +#define NID_hmacWithSHA256 799 +#define NID_hmacWithSHA384 800 +#define NID_hmacWithSHA512 801 +#define NID_hkdf 1036 +#define NID_cmac 894 +#define NID_dhKeyAgreement 28 +#define NID_ffdhe2048 1126 +#define NID_ffdhe3072 1127 +#define NID_ffdhe4096 1128 +#define NID_rc4 5 +#define NID_bf_cbc 91 +#define NID_bf_ecb 92 +#define NID_bf_cfb64 93 +#define NID_bf_ofb64 94 +#define NID_cast5_cbc 108 +#define NID_cast5_ecb 109 +#define NID_cast5_cfb64 110 +#define NID_cast5_ofb64 111 +/* key exchange */ +#define NID_kx_rsa 1037 +#define NID_kx_ecdhe 1038 +#define NID_kx_dhe 1039 +#define NID_kx_ecdhe_psk 1040 +#define NID_kx_dhe_psk 1041 +#define NID_kx_rsa_psk 1042 +#define NID_kx_psk 1043 +#define NID_kx_srp 1044 +#define NID_kx_gost 1045 +#define NID_kx_any 1063 +/* server authentication */ +#define NID_auth_rsa 1046 +#define NID_auth_ecdsa 1047 +#define NID_auth_psk 1048 +#define NID_auth_dss 1049 +#define NID_auth_srp 1052 +#define NID_auth_null 1054 +#define NID_auth_any 1055 + +#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC +#define NID_rsaEncryption EVP_PKEY_RSA +#define NID_dsa EVP_PKEY_DSA + +#define EVP_PKEY_OP_SIGN (1 << 3) +#define EVP_PKEY_OP_VERIFY (1 << 5) +#define EVP_PKEY_OP_ENCRYPT (1 << 6) +#define EVP_PKEY_OP_DECRYPT (1 << 7) +#define EVP_PKEY_OP_DERIVE (1 << 8) + +#define EVP_PKEY_PRINT_INDENT_MAX 128 enum { AES_128_CBC_TYPE = 1, @@ -238,21 +371,15 @@ enum { EVP_PKEY_RSA = 16, EVP_PKEY_DSA = 17, EVP_PKEY_EC = 18, -#ifdef HAVE_IDEA - IDEA_CBC_TYPE = 19, -#endif AES_128_GCM_TYPE = 21, AES_192_GCM_TYPE = 22, AES_256_GCM_TYPE = 23, - NID_sha1 = 64, - NID_sha224 = 65, - NID_md2 = 77, - NID_md4 = 257, - NID_md5 = 4, - NID_hmac = 855, - NID_dhKeyAgreement= 28, EVP_PKEY_DH = NID_dhKeyAgreement, EVP_PKEY_HMAC = NID_hmac, + EVP_PKEY_CMAC = NID_cmac, + EVP_PKEY_HKDF = NID_hkdf, + EVP_PKEY_FALCON = 300, /* Randomly picked value. */ + EVP_PKEY_DILITHIUM= 301, /* Randomly picked value. */ AES_128_CFB1_TYPE = 24, AES_192_CFB1_TYPE = 25, AES_256_CFB1_TYPE = 26, @@ -266,73 +393,13 @@ enum { AES_192_OFB_TYPE = 34, AES_256_OFB_TYPE = 35, AES_128_XTS_TYPE = 36, - AES_256_XTS_TYPE = 37 + AES_256_XTS_TYPE = 37, + CHACHA20_POLY1305_TYPE = 38, + CHACHA20_TYPE = 39 }; -enum { - NID_md5WithRSA = 104, - NID_md5WithRSAEncryption = 8, - NID_dsaWithSHA1 = 113, - NID_dsaWithSHA1_2 = 70, - NID_sha1WithRSA = 115, - NID_sha1WithRSAEncryption = 65, - NID_sha224WithRSAEncryption = 671, - NID_sha256WithRSAEncryption = 668, - NID_sha384WithRSAEncryption = 669, - NID_sha512WithRSAEncryption = 670, - NID_ecdsa_with_SHA1 = 416, - NID_ecdsa_with_SHA224 = 793, - NID_ecdsa_with_SHA256 = 794, - NID_ecdsa_with_SHA384 = 795, - NID_ecdsa_with_SHA512 = 796, - NID_dsa_with_SHA224 = 802, - NID_dsa_with_SHA256 = 803, - NID_sha3_224 = 1096, - NID_sha3_256 = 1097, - NID_sha3_384 = 1098, - NID_sha3_512 = 1099, - NID_blake2b512 = 1056, - NID_blake2s256 = 1057, -}; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -enum { - NID_aes_128_cbc = 419, - NID_aes_192_cbc = 423, - NID_aes_256_cbc = 427, - NID_aes_128_gcm = 895, - NID_aes_192_gcm = 898, - NID_aes_256_gcm = 901, - NID_aes_128_ctr = 904, - NID_aes_192_ctr = 905, - NID_aes_256_ctr = 906, - NID_aes_128_ecb = 418, - NID_aes_192_ecb = 422, - NID_aes_256_ecb = 426, - NID_des_cbc = 31, - NID_des_ecb = 29, - NID_des_ede3_cbc= 44, - NID_des_ede3_ecb= 33, - NID_idea_cbc = 34, - NID_aes_128_cfb1= 650, - NID_aes_192_cfb1= 651, - NID_aes_256_cfb1= 652, - NID_aes_128_cfb8= 653, - NID_aes_192_cfb8= 654, - NID_aes_256_cfb8= 655, - NID_aes_128_cfb128 = 421, - NID_aes_192_cfb128 = 425, - NID_aes_256_cfb128 = 429, - NID_aes_128_ofb = 420, - NID_aes_192_ofb = 424, - NID_aes_256_ofb = 428, - NID_aes_128_xts = 913, - NID_aes_256_xts = 914 -}; - -#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC -#define NID_dhKeyAgreement EVP_PKEY_DH -#define NID_rsaEncryption EVP_PKEY_RSA -#define NID_dsa EVP_PKEY_DSA #define WOLFSSL_EVP_BUF_SIZE 16 struct WOLFSSL_EVP_CIPHER_CTX { @@ -341,33 +408,45 @@ struct WOLFSSL_EVP_CIPHER_CTX { unsigned long flags; unsigned char enc; /* if encrypt side, then true */ unsigned char cipherType; -#ifndef NO_AES +#if !defined(NO_AES) /* working iv pointer into cipher */ ALIGN16 unsigned char iv[AES_BLOCK_SIZE]; +#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + ALIGN16 unsigned char iv[CHACHA20_POLY1305_AEAD_IV_SIZE]; #elif !defined(NO_DES3) - /* working iv pointer into cipher */ ALIGN16 unsigned char iv[DES_BLOCK_SIZE]; -#elif defined(HAVE_IDEA) - /* working iv pointer into cipher */ - ALIGN16 unsigned char iv[IDEA_BLOCK_SIZE]; #endif WOLFSSL_Cipher cipher; ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE]; int bufUsed; ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE]; int lastUsed; -#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA) || \ - defined(HAVE_AESGCM) || defined (WOLFSSL_AES_XTS) +#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_AESGCM) || \ + defined (WOLFSSL_AES_XTS) || (defined(HAVE_CHACHA) || \ + defined(HAVE_POLY1305)) #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV int ivSz; #ifdef HAVE_AESGCM byte* gcmBuffer; int gcmBufferLen; - ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; - int authTagSz; byte* gcmAuthIn; int gcmAuthInSz; #endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + byte* key; /* used in partial Init()s */ +#endif +#if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +#ifdef HAVE_AESGCM + ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; +#else + ALIGN16 unsigned char authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; +#endif + int authTagSz; +#endif +#ifdef HAVE_AESGCM + byte gcmIvGenEnable:1; + byte gcmIncIv:1; +#endif #endif }; @@ -377,12 +456,17 @@ struct WOLFSSL_EVP_PKEY_CTX { int op; /* operation */ int padding; int nbits; +#ifdef HAVE_ECC + int curveNID; +#endif +#ifndef NO_RSA + const WOLFSSL_EVP_MD* md; +#endif }; -typedef struct WOLFSSL_ASN1_PCTX { int dummy; -} WOLFSSL_ASN1_PCTX; +}; #if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE) #define BASE64_ENCODE_BLOCK_SIZE 48 @@ -406,6 +490,10 @@ WOLFSSL_API int wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, unsigned char*out, int *outl, const unsigned char*in, int inl); WOLFSSL_API void wolfSSL_EVP_EncodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx, unsigned char*out, int *outl); +WOLFSSL_API int wolfSSL_EVP_EncodeBlock(unsigned char *out, + const unsigned char *in, int inLen); +WOLFSSL_API int wolfSSL_EVP_DecodeBlock(unsigned char *out, + const unsigned char *in, int inLen); #endif /* WOLFSSL_BASE64_ENCODE */ #if defined(WOLFSSL_BASE64_DECODE) @@ -419,21 +507,11 @@ WOLFSSL_API int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx, WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void); -typedef int WOLFSSL_ENGINE ; -typedef WOLFSSL_ENGINE ENGINE; -typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; - -#define EVP_PKEY_OP_SIGN (1 << 3) -#define EVP_PKEY_OP_ENCRYPT (1 << 6) -#define EVP_PKEY_OP_DECRYPT (1 << 7) -#define EVP_PKEY_OP_DERIVE (1 << 8) - -#define EVP_PKEY_PRINT_INDENT_MAX 128 - WOLFSSL_API void wolfSSL_EVP_init(void); -WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); -WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md); -WOLFSSL_API int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type); +WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type); +WOLFSSL_API int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type); +WOLFSSL_API int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type); WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void); WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx); @@ -451,52 +529,33 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type); -WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type, - WOLFSSL_ENGINE *impl); WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz); WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); - -WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, - WOLFSSL_EVP_PKEY_CTX **pctx, - const WOLFSSL_EVP_MD *type, - WOLFSSL_ENGINE *e, - WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, unsigned int cnt); WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); - -WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, - WOLFSSL_EVP_PKEY_CTX **pctx, - const WOLFSSL_EVP_MD *type, - WOLFSSL_ENGINE *e, - WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, size_t cnt); WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen); -WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, - unsigned int* outSz, const WOLFSSL_EVP_MD* evp, - WOLFSSL_ENGINE* eng); - -WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*, - const WOLFSSL_EVP_MD*, const unsigned char*, - const unsigned char*, int, int, unsigned char*, - unsigned char*); +WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, + const WOLFSSL_EVP_MD* md, const byte* salt, + const byte* data, int sz, int count, byte* key, byte* iv); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, \ int type, int arg, void *ptr); -WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*); -WOLFSSL_API int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length( + const WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher); WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c); @@ -505,30 +564,6 @@ WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const unsigned char* key, const unsigned char* iv, int enc); -WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - const unsigned char* key, - const unsigned char* iv, - int enc); -WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - const unsigned char* key, - const unsigned char* iv); -WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - const unsigned char* key, - const unsigned char* iv); -WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - const unsigned char* key, - const unsigned char* iv); -WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - const unsigned char* key, - const unsigned char* iv); WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); @@ -550,6 +585,7 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_nid(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, int keylen); @@ -557,24 +593,26 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ct int ivLen); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, int ivLen); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, + int ivLen); WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, unsigned char* dst, unsigned char* src, unsigned int len); -WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int); -WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int id); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id); WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key); -WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key); -WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key); -WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey); -WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey); -WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); -WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key); @@ -585,13 +623,21 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, - const unsigned char* key, int keylen); WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey, size_t* len); WOLFSSL_API int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); +WOLFSSL_API int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbslen); +WOLFSSL_API int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx, + int nid); +WOLFSSL_API int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx, + WOLFSSL_EVP_PKEY** pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx, + int flag); WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY **ppkey); @@ -601,9 +647,9 @@ WOLFSSL_API void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx); #else WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx); #endif -WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e); WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding); -WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx, + const WOLFSSL_EVP_MD* md); WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits); WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx); @@ -623,7 +669,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap); -WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); +WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from); WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); @@ -632,12 +678,12 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8); +WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey); + WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); -WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type, - WOLFSSL_ENGINE *impl); WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len); WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, const unsigned char* sig, unsigned int sig_len, WOLFSSL_EVP_PKEY *pkey); @@ -664,6 +710,7 @@ WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_flags(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); @@ -685,22 +732,37 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const WOLFSSL_EVP_MD *digest, int keylen, unsigned char *out); +#if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \ + !defined(NO_SHA) +WOLFSSL_API int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + word64 N, word64 r, word64 p, + word64 maxmem, unsigned char *key, size_t keylen); +#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */ + WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, int* pHash, int* pHashSz); -#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER -#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE -#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE -#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE -#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE -#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE -#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE -#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE -#define EVP_CIPH_XTS_MODE WOLFSSL_EVP_CIPH_XTS_MODE +WOLFSSL_API void wolfSSL_EVP_MD_do_all(void (*fn) (const WOLFSSL_EVP_MD *md, + const char* from, const char* to, + void* xx), void* args); -#define EVP_CIPH_FLAG_AEAD_CIPHER WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER +#ifdef HAVE_HKDF +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_hkdf_md(WOLFSSL_EVP_PKEY_CTX* ctx, + const WOLFSSL_EVP_MD* md); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, + const byte* salt, + int saltSz); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, + const byte* key, int keySz); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx, + const byte* info, + int infoSz); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, + int mode); +#endif -#define WOLFSSL_EVP_CIPH_MODE 0x0007 +#define WOLFSSL_EVP_CIPH_MODE 0x0007 #define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 #define WOLFSSL_EVP_CIPH_ECB_MODE 0x1 #define WOLFSSL_EVP_CIPH_CBC_MODE 0x2 @@ -712,16 +774,79 @@ WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, #define WOLFSSL_EVP_CIPH_XTS_MODE 0x10 #define WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER 0x20 #define WOLFSSL_EVP_CIPH_NO_PADDING 0x100 -#define EVP_CIPH_VARIABLE_LENGTH 0x200 +#define WOLFSSL_EVP_CIPH_VARIABLE_LENGTH 0x200 #define WOLFSSL_EVP_CIPH_TYPE_INIT 0xff -/* end OpenSSH compat */ -typedef WOLFSSL_EVP_MD EVP_MD; -typedef WOLFSSL_EVP_CIPHER EVP_CIPHER; -typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; -typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; -typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +/* EVP ENGINE API's */ +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e, + const unsigned char* key, int keylen); + +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, + const unsigned char* priv, size_t len, + const WOLFSSL_EVP_CIPHER* cipher); + +WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type, + WOLFSSL_ENGINE *impl); + +WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, + WOLFSSL_EVP_PKEY_CTX **pctx, + const WOLFSSL_EVP_MD *type, + WOLFSSL_ENGINE *e, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, + WOLFSSL_EVP_PKEY_CTX **pctx, + const WOLFSSL_EVP_MD *type, + WOLFSSL_ENGINE *e, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, + unsigned int* outSz, const WOLFSSL_EVP_MD* evp, + WOLFSSL_ENGINE* eng); +WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + const unsigned char* key, + const unsigned char* iv, + int enc); +WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e); +WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e); +WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type, + WOLFSSL_ENGINE *impl); + +#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER +#define EVP_CIPH_VARIABLE_LENGTH WOLFSSL_EVP_CIPH_VARIABLE_LENGTH +#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE +#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE +#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE +#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE +#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE +#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE +#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE +#define EVP_CIPH_XTS_MODE WOLFSSL_EVP_CIPH_XTS_MODE + +#define EVP_CIPH_FLAG_AEAD_CIPHER WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER #ifndef NO_MD4 #define EVP_md4 wolfSSL_EVP_md4 @@ -736,7 +861,11 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_sha256 wolfSSL_EVP_sha256 #define EVP_sha384 wolfSSL_EVP_sha384 #define EVP_sha512 wolfSSL_EVP_sha512 +#define EVP_sha512_224 wolfSSL_EVP_sha512_224 +#define EVP_sha512_256 wolfSSL_EVP_sha512_256 #define EVP_ripemd160 wolfSSL_EVP_ripemd160 +#define EVP_shake128 wolfSSL_EVP_shake128 +#define EVP_shake256 wolfSSL_EVP_shake256 #define EVP_set_pw_prompt wolfSSL_EVP_set_pw_prompt #define EVP_sha3_224 wolfSSL_EVP_sha3_224 @@ -744,41 +873,46 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_sha3_384 wolfSSL_EVP_sha3_384 #define EVP_sha3_512 wolfSSL_EVP_sha3_512 -#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc -#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc -#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc -#define EVP_aes_128_cfb1 wolfSSL_EVP_aes_128_cfb1 -#define EVP_aes_192_cfb1 wolfSSL_EVP_aes_192_cfb1 -#define EVP_aes_256_cfb1 wolfSSL_EVP_aes_256_cfb1 -#define EVP_aes_128_cfb8 wolfSSL_EVP_aes_128_cfb8 -#define EVP_aes_192_cfb8 wolfSSL_EVP_aes_192_cfb8 -#define EVP_aes_256_cfb8 wolfSSL_EVP_aes_256_cfb8 -#define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128 -#define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128 -#define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128 -#define EVP_aes_128_ofb wolfSSL_EVP_aes_128_ofb -#define EVP_aes_192_ofb wolfSSL_EVP_aes_192_ofb -#define EVP_aes_256_ofb wolfSSL_EVP_aes_256_ofb -#define EVP_aes_128_xts wolfSSL_EVP_aes_128_xts -#define EVP_aes_256_xts wolfSSL_EVP_aes_256_xts -#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm -#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm -#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm -#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb -#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb -#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb -#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr -#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr -#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr -#define EVP_des_cbc wolfSSL_EVP_des_cbc -#define EVP_des_ecb wolfSSL_EVP_des_ecb -#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc -#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb -#define EVP_rc4 wolfSSL_EVP_rc4 -#define EVP_idea_cbc wolfSSL_EVP_idea_cbc -#define EVP_enc_null wolfSSL_EVP_enc_null +#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc +#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc +#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc +#define EVP_aes_128_cfb1 wolfSSL_EVP_aes_128_cfb1 +#define EVP_aes_192_cfb1 wolfSSL_EVP_aes_192_cfb1 +#define EVP_aes_256_cfb1 wolfSSL_EVP_aes_256_cfb1 +#define EVP_aes_128_cfb8 wolfSSL_EVP_aes_128_cfb8 +#define EVP_aes_192_cfb8 wolfSSL_EVP_aes_192_cfb8 +#define EVP_aes_256_cfb8 wolfSSL_EVP_aes_256_cfb8 +#define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128 +#define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128 +#define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128 +#define EVP_aes_128_cfb wolfSSL_EVP_aes_128_cfb128 +#define EVP_aes_192_cfb wolfSSL_EVP_aes_192_cfb128 +#define EVP_aes_256_cfb wolfSSL_EVP_aes_256_cfb128 +#define EVP_aes_128_ofb wolfSSL_EVP_aes_128_ofb +#define EVP_aes_192_ofb wolfSSL_EVP_aes_192_ofb +#define EVP_aes_256_ofb wolfSSL_EVP_aes_256_ofb +#define EVP_aes_128_xts wolfSSL_EVP_aes_128_xts +#define EVP_aes_256_xts wolfSSL_EVP_aes_256_xts +#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm +#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm +#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm +#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb +#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb +#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb +#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr +#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr +#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr +#define EVP_des_cbc wolfSSL_EVP_des_cbc +#define EVP_des_ecb wolfSSL_EVP_des_ecb +#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc +#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb +#define EVP_rc4 wolfSSL_EVP_rc4 +#define EVP_chacha20 wolfSSL_EVP_chacha20 +#define EVP_chacha20_poly1305 wolfSSL_EVP_chacha20_poly1305 +#define EVP_enc_null wolfSSL_EVP_enc_null #define EVP_MD_size wolfSSL_EVP_MD_size +#define EVP_MD_pkey_type wolfSSL_EVP_MD_pkey_type #define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new #define EVP_MD_CTX_create wolfSSL_EVP_MD_CTX_new #define EVP_MD_CTX_free wolfSSL_EVP_MD_CTX_free @@ -816,8 +950,10 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_CIPHER_CTX_init wolfSSL_EVP_CIPHER_CTX_init #define EVP_CIPHER_CTX_cleanup wolfSSL_EVP_CIPHER_CTX_cleanup #define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length +#define EVP_CIPHER_CTX_nid wolfSSL_EVP_CIPHER_CTX_nid #define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_set_iv_length wolfSSL_EVP_CIPHER_CTX_set_iv_length #define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode #define EVP_CIPHER_CTX_cipher wolfSSL_EVP_CIPHER_CTX_cipher @@ -848,8 +984,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid #define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid -#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname -#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname +#define EVP_MD_nid wolfSSL_EVP_MD_type #define EVP_PKEY_assign wolfSSL_EVP_PKEY_assign #define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA @@ -869,16 +1004,24 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_PKEY_get0_EC_KEY wolfSSL_EVP_PKEY_get0_EC_KEY #define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac #define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key +#define EVP_PKEY_new_CMAC_key wolfSSL_EVP_PKEY_new_CMAC_key #define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy #define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex #define EVP_PKEY_sign_init wolfSSL_EVP_PKEY_sign_init #define EVP_PKEY_sign wolfSSL_EVP_PKEY_sign +#define EVP_PKEY_verify_init wolfSSL_EVP_PKEY_verify_init +#define EVP_PKEY_verify wolfSSL_EVP_PKEY_verify +#define EVP_PKEY_paramgen_init wolfSSL_EVP_PKEY_paramgen_init +#define EVP_PKEY_CTX_set_ec_param_enc wolfSSL_EVP_PKEY_CTX_set_ec_param_enc +#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid +#define EVP_PKEY_paramgen wolfSSL_EVP_PKEY_paramgen #define EVP_PKEY_keygen wolfSSL_EVP_PKEY_keygen #define EVP_PKEY_keygen_init wolfSSL_EVP_PKEY_keygen_init #define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits #define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free #define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new #define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding +#define EVP_PKEY_CTX_set_signature_md wolfSSL_EVP_PKEY_CTX_set_signature_md #define EVP_PKEY_CTX_new_id wolfSSL_EVP_PKEY_CTX_new_id #define EVP_PKEY_CTX_set_rsa_keygen_bits wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits #define EVP_PKEY_derive_init wolfSSL_EVP_PKEY_derive_init @@ -900,6 +1043,8 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid #define EVP_PKEY_id wolfSSL_EVP_PKEY_id #define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str +#define EVP_PKCS82PKEY wolfSSL_EVP_PKCS82PKEY +#define EVP_PKEY2PKCS8 wolfSSL_EVP_PKEY2PKCS8 #define EVP_SignFinal wolfSSL_EVP_SignFinal #define EVP_SignInit wolfSSL_EVP_SignInit #define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex @@ -917,6 +1062,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags #define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv +#define EVP_CIPHER_CTX_get_iv wolfSSL_EVP_CIPHER_CTX_get_iv #define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_cipher wolfSSL_EVP_add_cipher #define EVP_cleanup wolfSSL_EVP_cleanup @@ -941,6 +1087,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1 #define PKCS5_PBKDF2_HMAC wolfSSL_PKCS5_PBKDF2_HMAC +#define EVP_PBE_scrypt wolfSSL_EVP_PBE_scrypt /* OpenSSL compat. ctrl values */ #define EVP_CTRL_INIT 0x0 @@ -1007,6 +1154,8 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_EncodeInit wolfSSL_EVP_EncodeInit #define EVP_EncodeUpdate wolfSSL_EVP_EncodeUpdate #define EVP_EncodeFinal wolfSSL_EVP_EncodeFinal +#define EVP_EncodeBlock wolfSSL_EVP_EncodeBlock +#define EVP_DecodeBlock wolfSSL_EVP_DecodeBlock #endif /* WOLFSSL_BASE64_ENCODE */ #if defined(WOLFSSL_BASE64_DECODE) #define EVP_DecodeInit wolfSSL_EVP_DecodeInit @@ -1016,9 +1165,20 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_blake2b512 wolfSSL_EVP_blake2b512 #define EVP_blake2s256 wolfSSL_EVP_blake2s256 +#define EVP_MD_do_all wolfSSL_EVP_MD_do_all + +#ifdef HAVE_HKDF +#define EVP_PKEY_CTX_set_hkdf_md wolfSSL_EVP_PKEY_CTX_set_hkdf_md +#define EVP_PKEY_CTX_set1_hkdf_salt wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt +#define EVP_PKEY_CTX_set1_hkdf_key wolfSSL_EVP_PKEY_CTX_set1_hkdf_key +#define EVP_PKEY_CTX_add1_hkdf_info wolfSSL_EVP_PKEY_CTX_add1_hkdf_info +#define EVP_PKEY_CTX_hkdf_mode wolfSSL_EVP_PKEY_CTX_hkdf_mode +#endif WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/openssl/hmac.h b/source/libs/libwolfssl/openssl/hmac.h index a139343e..20453d8e 100644 --- a/source/libs/libwolfssl/openssl/hmac.h +++ b/source/libs/libwolfssl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,7 +21,7 @@ -/* hmac.h defines mini hamc openssl compatibility layer +/* hmac.h defines mini hmac openssl compatibility layer * */ @@ -35,16 +35,7 @@ #include "prefix_hmac.h" #endif -#include - -typedef struct WOLFSSL_HMAC_CTX { - Hmac hmac; - int type; - word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ - word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; -} WOLFSSL_HMAC_CTX; - -#include +#include #include #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/port/nrf51.h b/source/libs/libwolfssl/openssl/kdf.h similarity index 65% rename from source/libs/libwolfssl/wolfcrypt/port/nrf51.h rename to source/libs/libwolfssl/openssl/kdf.h index 88996740..d80c9851 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/nrf51.h +++ b/source/libs/libwolfssl/openssl/kdf.h @@ -1,6 +1,6 @@ -/* nrf51.h +/* kdf.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,26 +19,19 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifndef WOLFSSL_NRF51_PORT_H -#define WOLFSSL_NRF51_PORT_H +#ifndef WOLFSSL_KDF_H_ +#define WOLFSSL_KDF_H_ #ifdef __cplusplus -extern "C" { + extern "C" { #endif -#include - -/* Public Functions */ -int nrf51_random_generate(byte* output, word32 sz); - -int nrf51_aes_set_key(const byte* key); -int nrf51_aes_encrypt(const byte* in, const byte* key, word32 rounds, byte* out); - -double current_time(int reset); +#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 #ifdef __cplusplus -} + } /* extern "C" */ #endif -#endif /* WOLFSSL_NRF51_PORT_H */ +#endif /* WOLFSSL_KDF_H_ */ diff --git a/source/libs/libwolfssl/openssl/lhash.h b/source/libs/libwolfssl/openssl/lhash.h index cbf62991..e878c5e6 100644 --- a/source/libs/libwolfssl/openssl/lhash.h +++ b/source/libs/libwolfssl/openssl/lhash.h @@ -1,6 +1,6 @@ /* lhash.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/md4.h b/source/libs/libwolfssl/openssl/md4.h index 52aaa082..d65d6943 100644 --- a/source/libs/libwolfssl/openssl/md4.h +++ b/source/libs/libwolfssl/openssl/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,9 +41,10 @@ typedef struct WOLFSSL_MD4_CTX { } WOLFSSL_MD4_CTX; -WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*); -WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long); -WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*); +WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4); +WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data, + unsigned long len); +WOLFSSL_API void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4); typedef WOLFSSL_MD4_CTX MD4_CTX; diff --git a/source/libs/libwolfssl/openssl/md5.h b/source/libs/libwolfssl/openssl/md5.h index 086fa800..fe951a38 100644 --- a/source/libs/libwolfssl/openssl/md5.h +++ b/source/libs/libwolfssl/openssl/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,10 +49,14 @@ typedef struct WOLFSSL_MD5_CTX { #endif } WOLFSSL_MD5_CTX; -WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*); -WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long); -WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*); -WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*); +WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5); +WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_MD5_Final(unsigned char* output, WOLFSSL_MD5_CTX* md5); +WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char* data); + +WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char* data, size_t len, + unsigned char* hash); typedef WOLFSSL_MD5_CTX MD5_CTX; @@ -67,11 +71,29 @@ typedef WOLFSSL_MD5_CTX MD5_CTX; #define MD5Final wolfSSL_MD5_Final #endif -#ifndef MD5 -#define MD5(d, n, md) wc_Md5Hash((d), (n), (md)) +/* "MD5" has some conflicts + * If not FIPS and NO_OLD_SHA_NAMES defined + * If FIPS V2 or higher and NO_OLD_MD5_NAME defined + * If FIPS V2 and NO_OLD_WC_NAMES defined + * If FIPS v1 not allowed + */ +#if (defined(NO_OLD_MD5_NAME) && !defined(HAVE_FIPS)) || \ + (defined(NO_OLD_MD5_NAME) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2) || \ + (defined(NO_OLD_WC_NAMES) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2) + + #define MD5 wolfSSL_MD5 #endif -#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE +/* FIPS v1 uses old MD5_DIGEST_SIZE naming */ +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) && \ + defined(OPENSSL_EXTRA) + #define MD5_DIGEST_LENGTH WC_MD5_DIGEST_SIZE +#else + #define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/openssl/obj_mac.h b/source/libs/libwolfssl/openssl/obj_mac.h index 0544d6b1..e3466c97 100644 --- a/source/libs/libwolfssl/openssl/obj_mac.h +++ b/source/libs/libwolfssl/openssl/obj_mac.h @@ -1,6 +1,6 @@ /* obj_mac.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/objects.h b/source/libs/libwolfssl/openssl/objects.h index eedf5ecf..a3b8faab 100644 --- a/source/libs/libwolfssl/openssl/objects.h +++ b/source/libs/libwolfssl/openssl/objects.h @@ -1,6 +1,6 @@ /* objects.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,7 +24,6 @@ #define WOLFSSL_OBJECTS_H_ #include -//#include #ifndef OPENSSL_EXTRA_SSL_GUARD #define OPENSSL_EXTRA_SSL_GUARD #include @@ -34,19 +33,33 @@ extern "C" { #endif -#define OBJ_nid2sn wolfSSL_OBJ_nid2sn -#define OBJ_obj2nid wolfSSL_OBJ_obj2nid -#define OBJ_sn2nid wolfSSL_OBJ_sn2nid -#define OBJ_nid2ln wolfSSL_OBJ_nid2ln -#define OBJ_ln2nid wolfSSL_OBJ_ln2nid -#define OBJ_txt2nid wolfSSL_OBJ_txt2nid -#define OBJ_txt2obj wolfSSL_OBJ_txt2obj -#define OBJ_nid2obj wolfSSL_OBJ_nid2obj -#define OBJ_obj2txt wolfSSL_OBJ_obj2txt -#define OBJ_cleanup wolfSSL_OBJ_cleanup -#define OBJ_cmp wolfSSL_OBJ_cmp -#define OBJ_create wolfSSL_OBJ_create +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +#define OBJ_NAME_TYPE_UNDEF WOLFSSL_OBJ_NAME_TYPE_UNDEF +#define OBJ_NAME_TYPE_MD_METH WOLFSSL_OBJ_NAME_TYPE_MD_METH +#define OBJ_NAME_TYPE_CIPHER_METH WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH +#define OBJ_NAME_TYPE_PKEY_METH WOLFSSL_OBJ_NAME_TYPE_PKEY_METH +#define OBJ_NAME_TYPE_COMP_METH WOLFSSL_OBJ_NAME_TYPE_COMP_METH +#define OBJ_NAME_TYPE_NUM WOLFSSL_OBJ_NAME_TYPE_NUM +#define OBJ_NAME_ALIAS WOLFSSL_OBJ_NAME_ALIAS + +#define OBJ_nid2sn wolfSSL_OBJ_nid2sn +#define OBJ_obj2nid wolfSSL_OBJ_obj2nid +#define OBJ_sn2nid wolfSSL_OBJ_sn2nid +#define OBJ_length wolfSSL_OBJ_length +#define OBJ_get0_data wolfSSL_OBJ_get0_data +#define OBJ_nid2ln wolfSSL_OBJ_nid2ln +#define OBJ_ln2nid wolfSSL_OBJ_ln2nid +#define OBJ_txt2nid wolfSSL_OBJ_txt2nid +#define OBJ_txt2obj wolfSSL_OBJ_txt2obj +#define OBJ_nid2obj wolfSSL_OBJ_nid2obj +#define OBJ_obj2txt wolfSSL_OBJ_obj2txt +#define OBJ_cleanup wolfSSL_OBJ_cleanup +#define OBJ_cmp wolfSSL_OBJ_cmp +#define OBJ_create wolfSSL_OBJ_create #define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free +#define OBJ_NAME_do_all wolfSSL_OBJ_NAME_do_all +#define i2t_ASN1_OBJECT wolfSSL_i2t_ASN1_OBJECT /* not required for wolfSSL */ #define OPENSSL_load_builtin_modules() @@ -55,6 +68,8 @@ #define NID_ad_OCSP 178 #define NID_ad_ca_issuers 179 +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/openssl/ocsp.h b/source/libs/libwolfssl/openssl/ocsp.h index e0f97c16..f59a0187 100644 --- a/source/libs/libwolfssl/openssl/ocsp.h +++ b/source/libs/libwolfssl/openssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,7 +34,7 @@ #define OCSP_CERTID WOLFSSL_OCSP_CERTID #define OCSP_ONEREQ WOLFSSL_OCSP_ONEREQ -#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_NOSTATUS (-1) #define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 @@ -78,6 +78,7 @@ #define i2d_OCSP_REQUEST_bio wolfSSL_i2d_OCSP_REQUEST_bio #define i2d_OCSP_CERTID wolfSSL_i2d_OCSP_CERTID +#define d2i_OCSP_CERTID wolfSSL_d2i_OCSP_CERTID #define OCSP_SINGLERESP_get0_id wolfSSL_OCSP_SINGLERESP_get0_id #define OCSP_id_cmp wolfSSL_OCSP_id_cmp #define OCSP_single_get0_status wolfSSL_OCSP_single_get0_status diff --git a/source/libs/libwolfssl/openssl/opensslv.h b/source/libs/libwolfssl/openssl/opensslv.h index fb2fc0b8..0733db64 100644 --- a/source/libs/libwolfssl/openssl/opensslv.h +++ b/source/libs/libwolfssl/openssl/opensslv.h @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,20 +24,25 @@ #ifndef WOLFSSL_OPENSSLV_H_ #define WOLFSSL_OPENSSLV_H_ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* api version compatibility */ -#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\ +#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x009070dfL) ||\ + defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ - defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) + defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) /* valid version */ -#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || defined(WOLFSSL_BIND) +#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ + defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) /* For Apache httpd, Use 1.1.0 compatibility */ - #define OPENSSL_VERSION_NUMBER 0x10100000L -#elif defined(WOLFSSL_QT) + #define OPENSSL_VERSION_NUMBER 0x10100003L +#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) + /* For Qt and Python 3.8.5 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10101000L -#elif defined(WOLFSSL_HAPROXY) +#elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG) #define OPENSSL_VERSION_NUMBER 0x1010000fL -#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ +#elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN) /* version number can be increased for Lighty after compatibility for ECDH is added */ @@ -46,7 +51,9 @@ #define OPENSSL_VERSION_NUMBER 0x0090810fL #endif -#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING +#define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING #define OPENSSL_VERSION 0 +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #endif /* header */ diff --git a/source/libs/libwolfssl/openssl/ossl_typ.h b/source/libs/libwolfssl/openssl/ossl_typ.h index a6117356..826ee21e 100644 --- a/source/libs/libwolfssl/openssl/ossl_typ.h +++ b/source/libs/libwolfssl/openssl/ossl_typ.h @@ -1,6 +1,6 @@ /* ossl_typ.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/pem.h b/source/libs/libwolfssl/openssl/pem.h index 50cfc276..553d31f8 100644 --- a/source/libs/libwolfssl/openssl/pem.h +++ b/source/libs/libwolfssl/openssl/pem.h @@ -1,6 +1,6 @@ /* pem.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,14 +42,12 @@ /* RSA */ WOLFSSL_API int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, - const EVP_CIPHER* cipher, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb* cb, void* arg); + wc_pem_password_cb* cb, void* arg); WOLFSSL_API WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_RSA**, - pem_password_cb* cb, - void* arg); + WOLFSSL_RSA** rsa, wc_pem_password_cb* cb, void* pass); WOLFSSL_API int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa); @@ -57,64 +55,77 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa); WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA** rsa, - pem_password_cb* cb, void *u); + wc_pem_password_cb* cb, void *u); WOLFSSL_API WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, WOLFSSL_EC_GROUP** group, - pem_password_cb* cb, + wc_pem_password_cb* cb, void* pass); WOLFSSL_API -int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, +int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, unsigned char **pem, int *plen); #if !defined(NO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa, - const EVP_CIPHER *enc, + const WOLFSSL_EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *cb, void *u); + wc_pem_password_cb *cb, void *u); + +WOLFSSL_API +WOLFSSL_RSA* wolfSSL_PEM_read_RSAPrivateKey(XFILE fp, WOLFSSL_RSA** rsa, + wc_pem_password_cb* cb, void* pass); + WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA **x, - pem_password_cb *cb, void *u); + wc_pem_password_cb *cb, void *u); WOLFSSL_API -int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA *x); +int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* key); WOLFSSL_API int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA *x); + +WOLFSSL_API +WOLFSSL_RSA *wolfSSL_PEM_read_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA** rsa, + wc_pem_password_cb* cb, void *pass); #endif /* NO_FILESYSTEM */ /* DSA */ WOLFSSL_API int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, - const EVP_CIPHER* cipher, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb* cb, void* arg); + wc_pem_password_cb* cb, void* arg); WOLFSSL_API WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA** dsa, - pem_password_cb* cb,void *pass); + wc_pem_password_cb* cb, + void *pass); WOLFSSL_API -WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa, - pem_password_cb* cb, void *pass); +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_DSA** dsa, + wc_pem_password_cb* cb, + void *pass); WOLFSSL_API int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa); WOLFSSL_API int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, - const EVP_CIPHER* cipher, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, unsigned char **pem, int *plen); #if !defined(NO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa, - const EVP_CIPHER *enc, + const WOLFSSL_EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *cb, void *u); + wc_pem_password_cb *cb, void *u); WOLFSSL_API int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x); #endif /* NO_FILESYSTEM */ @@ -122,52 +133,54 @@ int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x); /* ECC */ WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, - const EVP_CIPHER* cipher, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb* cb, void* arg); + wc_pem_password_cb* cb, void* arg); WOLFSSL_API WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY** ec, - pem_password_cb* cb, + wc_pem_password_cb* cb, void *pass); WOLFSSL_API int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec); WOLFSSL_API int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, - const EVP_CIPHER* cipher, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, unsigned char **pem, int *plen); #if !defined(NO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *key, - const EVP_CIPHER *enc, + const WOLFSSL_EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *cb, void *u); + wc_pem_password_cb *cb, void *u); WOLFSSL_API -int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *key); +int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key); WOLFSSL_API WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY** ec, - pem_password_cb* cb, void *pass); + wc_pem_password_cb* cb, + void *pass); #endif /* NO_FILESYSTEM */ /* EVP_KEY */ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY**, - pem_password_cb* cb, - void* arg); + WOLFSSL_EVP_PKEY** key, + wc_pem_password_cb* cb, + void* pass); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY **key, - pem_password_cb *cb, void *pass); + wc_pem_password_cb *cb, + void *pass); WOLFSSL_API int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb* cb, void* arg); + wc_pem_password_cb* cb, void* arg); WOLFSSL_API int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); @@ -190,14 +203,14 @@ int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, #if !defined(NO_FILESYSTEM) WOLFSSL_API -WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, - pem_password_cb *cb, void *u); +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **x, + wc_pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, - pem_password_cb *cb, void *u); + wc_pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x, - pem_password_cb *cb, void *u); + wc_pem_password_cb *cb, void *u); WOLFSSL_API int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509 *x); @@ -215,17 +228,21 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_write_X509 wolfSSL_PEM_write_X509 #define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey #define PEM_write_bio_PKCS8PrivateKey wolfSSL_PEM_write_bio_PKCS8PrivateKey +#define PEM_write_PKCS8PrivateKey wolfSSL_PEM_write_PKCS8PrivateKey /* DH */ #define PEM_write_DHparams wolfSSL_PEM_write_DHparams /* RSA */ #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey #define PEM_read_bio_RSAPrivateKey wolfSSL_PEM_read_bio_RSAPrivateKey +#define PEM_read_RSAPrivateKey wolfSSL_PEM_read_RSAPrivateKey #define PEM_write_bio_RSA_PUBKEY wolfSSL_PEM_write_bio_RSA_PUBKEY #define PEM_read_bio_RSA_PUBKEY wolfSSL_PEM_read_bio_RSA_PUBKEY +#define PEM_read_bio_RSAPublicKey wolfSSL_PEM_read_bio_RSA_PUBKEY #define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters #define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey #define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY +#define PEM_read_RSA_PUBKEY wolfSSL_PEM_read_RSA_PUBKEY #define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey #define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey /* DSA */ @@ -252,7 +269,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY #ifdef __cplusplus - } /* extern "C" */ + } /* extern "C" */ #endif #endif /* WOLFSSL_PEM_H_ */ diff --git a/source/libs/libwolfssl/openssl/pkcs12.h b/source/libs/libwolfssl/openssl/pkcs12.h index 5eee8706..d0cdb15f 100644 --- a/source/libs/libwolfssl/openssl/pkcs12.h +++ b/source/libs/libwolfssl/openssl/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/pkcs7.h b/source/libs/libwolfssl/openssl/pkcs7.h index 1ea4330c..869eaae1 100644 --- a/source/libs/libwolfssl/openssl/pkcs7.h +++ b/source/libs/libwolfssl/openssl/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,14 +34,21 @@ #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) +#define PKCS7_TEXT 0x1 +#define PKCS7_NOCERTS 0x2 +#define PKCS7_DETACHED 0x40 +#define PKCS7_BINARY 0x80 #define PKCS7_NOINTERN 0x0010 #define PKCS7_NOVERIFY 0x0020 +#define PKCS7_STREAM 0x1000 +#define PKCS7_PARTIAL 0x4000 typedef struct WOLFSSL_PKCS7 { PKCS7 pkcs7; unsigned char* data; int len; + int type; /* from PKCS7_TYPES, for PKCS7_final() */ WOLFSSL_STACK* certs; } WOLFSSL_PKCS7; @@ -56,8 +63,12 @@ WOLFSSL_LOCAL PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len, byte* content, word32 contentSz); WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7); +WOLFSSL_API int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out); +WOLFSSL_API PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, + WOLFSSL_EVP_PKEY* pkey, WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags); WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); +WOLFSSL_API int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags); WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_BIO* out); WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7); @@ -66,6 +77,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); #if defined(HAVE_SMIME) WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont); +WOLFSSL_API int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, + WOLFSSL_BIO* in, int flags); #endif /* HAVE_SMIME */ @@ -76,11 +89,15 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont #define d2i_PKCS7 wolfSSL_d2i_PKCS7 #define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio #define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio +#define i2d_PKCS7 wolfSSL_i2d_PKCS7 +#define PKCS7_sign wolfSSL_PKCS7_sign #define PKCS7_verify wolfSSL_PKCS7_verify +#define PKCS7_final wolfSSL_PKCS7_final #define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers #define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7 #if defined(HAVE_SMIME) #define SMIME_read_PKCS7 wolfSSL_SMIME_read_PKCS7 +#define SMIME_write_PKCS7 wolfSSL_SMIME_write_PKCS7 #endif /* HAVE_SMIME */ #endif /* OPENSSL_ALL && HAVE_PKCS7 */ diff --git a/source/libs/libwolfssl/openssl/rand.h b/source/libs/libwolfssl/openssl/rand.h index c4dca87d..26ef723b 100644 --- a/source/libs/libwolfssl/openssl/rand.h +++ b/source/libs/libwolfssl/openssl/rand.h @@ -1,6 +1,6 @@ /* rand.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/rc4.h b/source/libs/libwolfssl/openssl/rc4.h index 91ac416a..ead056c7 100644 --- a/source/libs/libwolfssl/openssl/rc4.h +++ b/source/libs/libwolfssl/openssl/rc4.h @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/ripemd.h b/source/libs/libwolfssl/openssl/ripemd.h index 73ae5ae5..90e44572 100644 --- a/source/libs/libwolfssl/openssl/ripemd.h +++ b/source/libs/libwolfssl/openssl/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,7 +50,7 @@ typedef WOLFSSL_RIPEMD_CTX RIPEMD_CTX; #ifdef __cplusplus - } /* extern "C" */ + } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/openssl/rsa.h b/source/libs/libwolfssl/openssl/rsa.h index af3f2ddf..340020c0 100644 --- a/source/libs/libwolfssl/openssl/rsa.h +++ b/source/libs/libwolfssl/openssl/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,6 +33,7 @@ extern "C" { #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Padding types */ #define RSA_PKCS1_PADDING 0 #define RSA_PKCS1_OAEP_PADDING 1 @@ -50,92 +51,103 @@ #define RSA_FLAG_NO_CONSTTIME (1 << 8) /* Salt length same as digest length */ -#define RSA_PSS_SALTLEN_DIGEST -1 +#define RSA_PSS_SALTLEN_DIGEST (-1) /* Old max salt length */ -#define RSA_PSS_SALTLEN_MAX_SIGN -2 +#define RSA_PSS_SALTLEN_MAX_SIGN (-2) /* Max salt length */ -#define RSA_PSS_SALTLEN_MAX -3 +#define RSA_PSS_SALTLEN_MAX (-3) +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ typedef struct WOLFSSL_RSA_METHOD { + /* Flags of RSA key implementation. */ int flags; + /* Name of RSA key implementation. */ char *name; + /* RSA method dynamically allocated. */ + word16 dynamic:1; } WOLFSSL_RSA_METHOD; #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ #define WOLFSSL_RSA_TYPE_DEFINED +/* RSA key compatable with OpenSSL. */ typedef struct WOLFSSL_RSA { -#ifdef WC_RSA_BLINDING - WC_RNG* rng; /* for PrivateDecrypt blinding */ -#endif - WOLFSSL_BIGNUM* n; - WOLFSSL_BIGNUM* e; - WOLFSSL_BIGNUM* d; - WOLFSSL_BIGNUM* p; - WOLFSSL_BIGNUM* q; - WOLFSSL_BIGNUM* dmp1; /* dP */ - WOLFSSL_BIGNUM* dmq1; /* dQ */ - WOLFSSL_BIGNUM* iqmp; /* u */ - void* heap; - void* internal; /* our RSA */ + WOLFSSL_BIGNUM* n; /* Modulus. */ + WOLFSSL_BIGNUM* e; /* Public exponent. */ + WOLFSSL_BIGNUM* d; /* Private exponent. */ + WOLFSSL_BIGNUM* p; /* First prime. */ + WOLFSSL_BIGNUM* q; /* Second prime. */ + WOLFSSL_BIGNUM* dmp1; /* dP = d mod (p - 1) */ + WOLFSSL_BIGNUM* dmq1; /* dQ = d mod (q - 1) */ + WOLFSSL_BIGNUM* iqmp; /* u = (1 / q) mod p */ + void* heap; /* Heap used for memory allocations. */ + void* internal; /* wolfCrypt RSA key. */ #if defined(OPENSSL_EXTRA) - WOLFSSL_RSA_METHOD* meth; + const WOLFSSL_RSA_METHOD* meth; /* RSA method. */ #endif -#if defined(HAVE_EX_DATA) +#ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */ #endif -#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) - wolfSSL_Mutex refMutex; /* ref count mutex */ - int refCount; /* reference count */ -#endif - word16 pkcs8HeaderSz; + wolfSSL_Ref ref; /* Reference count information. */ + word16 pkcs8HeaderSz; /* Size of PKCS#8 header from decode. */ + int flags; /* Flags of implementation. */ /* bits */ - byte inSet:1; /* internal set from external ? */ - byte exSet:1; /* external set from internal ? */ - byte ownRng:1; /* flag for if the rng should be free'd */ + byte inSet:1; /* Internal set from external. */ + byte exSet:1; /* External set from internal. */ + byte ownRng:1; /* Rng needs to be free'd. */ } WOLFSSL_RSA; #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) typedef WOLFSSL_RSA RSA; typedef WOLFSSL_RSA_METHOD RSA_METHOD; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void); -WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*); +WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA* rsa); -WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*, - void* cb); +WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, + WOLFSSL_BIGNUM* bn, void* cb); -WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*); +WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn); +WOLFSSL_API int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, - unsigned char* to, WOLFSSL_RSA*, int padding); + unsigned char* to, WOLFSSL_RSA* rsa, + int padding); WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, - unsigned char* to, WOLFSSL_RSA*, int padding); + unsigned char* to, WOLFSSL_RSA* rsa, + int padding); WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, const unsigned char* in, unsigned char* out, WOLFSSL_RSA* rsa, int padding); -WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*); -WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa); +WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA*); + unsigned int* sigLen, WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA*, int); + unsigned int* sigLen, WOLFSSL_RSA* rsa, + int flag); WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA*, int, int); + unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, + int padding); WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, - unsigned int sigLen, WOLFSSL_RSA*); + unsigned int sigLen, WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA* rsa, int padding); WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, - unsigned char* to, WOLFSSL_RSA*, int padding); -WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); -WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz); -WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt); + unsigned char* to, WOLFSSL_RSA* rsa, int padding); +WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa); +WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, + const unsigned char* derBuf, int derSz); +WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, + const unsigned char* derBuf, int derSz, int opt); WOLFSSL_API WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags); WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth); @@ -174,6 +186,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( wolfSSL_ex_data_cleanup_routine_t cleanup_routine); #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L @@ -184,6 +197,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex #define RSA_blinding_on wolfSSL_RSA_blinding_on +#define RSA_check_key wolfSSL_RSA_check_key #define RSA_public_encrypt wolfSSL_RSA_public_encrypt #define RSA_private_decrypt wolfSSL_RSA_private_decrypt #define RSA_private_encrypt wolfSSL_RSA_private_encrypt @@ -224,6 +238,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #define RSA_F4 WOLFSSL_RSA_F4 +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/openssl/sha.h b/source/libs/libwolfssl/openssl/sha.h index 172e07dc..8d518055 100644 --- a/source/libs/libwolfssl/openssl/sha.h +++ b/source/libs/libwolfssl/openssl/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,7 +36,7 @@ extern "C" { #endif - +#ifndef NO_SHA typedef struct WOLFSSL_SHA_CTX { /* big enough to hold wolfcrypt Sha, but check on init */ #if defined(STM32_HASH) @@ -44,27 +44,32 @@ typedef struct WOLFSSL_SHA_CTX { #else void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; #endif + #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) + void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; + #endif #ifdef WOLF_CRYPTO_CB void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; #endif } WOLFSSL_SHA_CTX; -WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*); -WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long); -WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*); -WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*, - const unsigned char *data); +WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha); +WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha); +WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha, + const unsigned char* data); /* SHA1 points to above, shouldn't use SHA0 ever */ -WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*); -WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long); -WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*); -WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*, +WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha); +WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha); +WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char *data); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) enum { SHA_DIGEST_LENGTH = 20 }; - typedef WOLFSSL_SHA_CTX SHA_CTX; #define SHA_Init wolfSSL_SHA_Init @@ -75,7 +80,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) - /* SHA is only available in non-fips mode or fips version > 2 mode + /* SHA is only available in non-fips mode or fips version > 2 mode * because of SHA enum in FIPS build. */ #define SHA wolfSSL_SHA1 #endif @@ -85,6 +90,16 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #define SHA1_Final wolfSSL_SHA1_Final #define SHA1_Transform wolfSSL_SHA1_Transform +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !NO_SHA */ + +/* adder for HW crypto */ +#ifdef STM32_HASH +#define CTX_SHA2_HW_ADDER 34 +#else +#define CTX_SHA2_HW_ADDER 0 +#endif + #ifdef WOLFSSL_SHA224 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 @@ -92,19 +107,19 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; * to Sha224, is expected to also be 16 byte aligned addresses. */ typedef struct WOLFSSL_SHA224_CTX { /* big enough to hold wolfcrypt Sha224, but check on init */ - ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; + ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE) / + sizeof(void*)]; } WOLFSSL_SHA224_CTX; -WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*); -WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*); - +WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha); +WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) enum { SHA224_DIGEST_LENGTH = 28 }; - typedef WOLFSSL_SHA224_CTX SHA224_CTX; #define SHA224_Init wolfSSL_SHA224_Init @@ -113,33 +128,34 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX; #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) - /* SHA224 is only available in non-fips mode or fips version > 2 mode + /* SHA224 is only available in non-fips mode or fips version > 2 mode * because of SHA224 enum in FIPS build. */ #define SHA224 wolfSSL_SHA224 #endif - +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* WOLFSSL_SHA224 */ - +#ifndef NO_SHA256 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 * struct are 16 byte aligned. Any dereference to those elements after casting * to Sha256, is expected to also be 16 byte aligned addresses. */ typedef struct WOLFSSL_SHA256_CTX { /* big enough to hold wolfcrypt Sha256, but check on init */ - ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; + ALIGN16 void* holder[(274 + CTX_SHA2_HW_ADDER + WC_ASYNC_DEV_SIZE) / + sizeof(void*)]; } WOLFSSL_SHA256_CTX; -WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*); -WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*); -WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*, +WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256); +WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha); +WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, const unsigned char *data); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) enum { SHA256_DIGEST_LENGTH = 32 }; - typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init @@ -147,30 +163,40 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Final wolfSSL_SHA256_Final #define SHA256_Transform wolfSSL_SHA256_Transform -#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS - * build. */ +/* "SHA256" has some conflicts + * If not FIPS and NO_OLD_SHA_NAMES defined + * If FIPS V3 or higher and NO_OLD_SHA_NAMES defined + * If FIPS V2 and NO_OLD_SHA256_NAMES defined + * If FIPS v1 not allowed + * If HAVE_SELFTEST not allowed + */ +#if !defined(HAVE_SELFTEST) && \ + (defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)) || \ + (defined(NO_OLD_SHA_NAMES) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) || \ + (defined(NO_OLD_SHA256_NAMES) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2) + #define SHA256 wolfSSL_SHA256 #endif - +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 - typedef struct WOLFSSL_SHA384_CTX { /* big enough to hold wolfCrypt Sha384, but check on init */ void* holder[(268 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; } WOLFSSL_SHA384_CTX; -WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*); -WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*); - +WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha); +WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) enum { SHA384_DIGEST_LENGTH = 48 }; - typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init @@ -181,26 +207,27 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; * build. */ #define SHA384 wolfSSL_SHA384 #endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - typedef struct WOLFSSL_SHA512_CTX { /* big enough to hold wolfCrypt Sha384, but check on init */ void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; } WOLFSSL_SHA512_CTX; -WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*); -WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*); -WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*, - const unsigned char*); +WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha); +WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, + const void* input, unsigned long sz); +WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha); +WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512, + const unsigned char* data); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) enum { SHA512_DIGEST_LENGTH = 64 }; - typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init @@ -212,6 +239,56 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; * build. */ #define SHA512 wolfSSL_SHA512 #endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if !defined(WOLFSSL_NOSHA512_224) +typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX; +typedef WOLFSSL_SHA512_224_CTX SHA512_224_CTX; + +WOLFSSL_API int wolfSSL_SHA512_224_Init(WOLFSSL_SHA512_CTX* sha); +WOLFSSL_API int wolfSSL_SHA512_224_Update(WOLFSSL_SHA512_224_CTX* sha, + const void* input, unsigned long sz); +WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output, + WOLFSSL_SHA512_224_CTX* sha); +WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512, + const unsigned char* data); + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define SHA512_224_Init wolfSSL_SHA512_224_Init +#define SHA512_224_Update wolfSSL_SHA512_224_Update +#define SHA512_224_Final wolfSSL_SHA512_224_Final +#define SHA512_224_Transform wolfSSL_SHA512_224_Transform + +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + #define SHA512_224 wolfSSL_SHA512_224 +#endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !WOLFSSL_NOSHA512_224 */ + +#if !defined(WOLFSSL_NOSHA512_256) +typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_256_CTX; +typedef WOLFSSL_SHA512_256_CTX SHA512_256_CTX; + +WOLFSSL_API int wolfSSL_SHA512_256_Init(WOLFSSL_SHA512_CTX* sha); +WOLFSSL_API int wolfSSL_SHA512_256_Update(WOLFSSL_SHA512_256_CTX* sha, + const void* input, unsigned long sz); +WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* sha); +WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512, + const unsigned char* data); + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define SHA512_256_Init wolfSSL_SHA512_256_Init +#define SHA512_256_Update wolfSSL_SHA512_256_Update +#define SHA512_256_Final wolfSSL_SHA512_256_Final +#define SHA512_256_Transform wolfSSL_SHA512_256_Transform + +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + #define SHA512_256 wolfSSL_SHA512_256 +#endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !WOLFSSL_NOSHA512_256 */ + + #endif /* WOLFSSL_SHA512 */ diff --git a/source/libs/libwolfssl/openssl/sha3.h b/source/libs/libwolfssl/openssl/sha3.h index e906eefa..e2e57bb4 100644 --- a/source/libs/libwolfssl/openssl/sha3.h +++ b/source/libs/libwolfssl/openssl/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,7 +36,6 @@ extern "C" { #endif - /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha3 * struct are 16 byte aligned. Any dereference to those elements after casting * to Sha3 is expected to also be 16 byte aligned addresses. */ @@ -48,10 +47,11 @@ struct WOLFSSL_SHA3_CTX { #ifndef WOLFSSL_NOSHA3_224 typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_224_CTX; -WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX*); -WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char*, WOLFSSL_SHA3_224_CTX*); +WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha); +WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX* sha, const void* input, + unsigned long sz); +WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char* output, + WOLFSSL_SHA3_224_CTX* sha); enum { SHA3_224_DIGEST_LENGTH = 28 @@ -72,10 +72,11 @@ typedef WOLFSSL_SHA3_224_CTX SHA3_224_CTX; typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_256_CTX; -WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX*); -WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char*, WOLFSSL_SHA3_256_CTX*); +WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha); +WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX* sha, + const void* input, unsigned long sz); +WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char* output, + WOLFSSL_SHA3_256_CTX* sha); enum { SHA3_256_DIGEST_LENGTH = 32 @@ -95,10 +96,11 @@ typedef WOLFSSL_SHA3_256_CTX SHA3_256_CTX; typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_384_CTX; -WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX*); -WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char*, WOLFSSL_SHA3_384_CTX*); +WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha); +WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX* sha, + const void* input, unsigned long sz); +WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char* output, + WOLFSSL_SHA3_384_CTX* sha); enum { SHA3_384_DIGEST_LENGTH = 48 @@ -118,10 +120,11 @@ typedef WOLFSSL_SHA3_384_CTX SHA3_384_CTX; typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_512_CTX; -WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX*); -WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX*, const void*, - unsigned long); -WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char*, WOLFSSL_SHA3_512_CTX*); +WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha); +WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX* sha, + const void* input, unsigned long sz); +WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char* output, + WOLFSSL_SHA3_512_CTX* sha); enum { SHA3_512_DIGEST_LENGTH = 64 diff --git a/source/libs/libwolfssl/openssl/srp.h b/source/libs/libwolfssl/openssl/srp.h index 42bef8a1..c9d1aa8b 100644 --- a/source/libs/libwolfssl/openssl/srp.h +++ b/source/libs/libwolfssl/openssl/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/openssl/ssl.h b/source/libs/libwolfssl/openssl/ssl.h index 5e406004..ed81cc85 100644 --- a/source/libs/libwolfssl/openssl/ssl.h +++ b/source/libs/libwolfssl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,7 +36,9 @@ #endif /* OPENSSL_EXTRA_SSL_GUARD */ #include +#ifndef WOLFCRYPT_ONLY #include +#endif #include #ifdef OPENSSL_EXTRA #include @@ -69,9 +71,7 @@ #undef ASN1_INTEGER #endif -#ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings); -#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) typedef WOLFSSL SSL; typedef WOLFSSL_SESSION SSL_SESSION; @@ -111,6 +111,9 @@ typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; typedef WOLFSSL_BUF_MEM BUF_MEM; typedef WOLFSSL_GENERAL_NAMES GENERAL_NAMES; typedef WOLFSSL_GENERAL_NAME GENERAL_NAME; +typedef WOLFSSL_OBJ_NAME OBJ_NAME; +typedef WOLFSSL_DIST_POINT_NAME DIST_POINT_NAME; +typedef WOLFSSL_DIST_POINT DIST_POINT; #define X509_L_FILE_LOAD WOLFSSL_X509_L_FILE_LOAD #define X509_L_ADD_DIR WOLFSSL_X509_L_ADD_DIR @@ -146,7 +149,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new #define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup #define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free -#define CRYPTO_EX_DATA WOLFSSL_CRYPTO_EX_DATA +#ifdef HAVE_EX_DATA + #define CRYPTO_EX_DATA WOLFSSL_CRYPTO_EX_DATA +#endif #define CRYPTO_set_mem_functions wolfSSL_CRYPTO_set_mem_functions @@ -196,6 +201,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate wolfSSL_use_certificate #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio +#define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY +#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free @@ -205,6 +212,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define i2d_PUBKEY wolfSSL_i2d_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio +#define d2i_PublicKey wolfSSL_d2i_PublicKey #define d2i_PrivateKey wolfSSL_d2i_PrivateKey #define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey #define SSL_use_PrivateKey wolfSSL_use_PrivateKey @@ -235,7 +243,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define TLSv1_3_client_method wolfTLSv1_3_client_method #define TLS_method wolfSSLv23_method -#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 +#define X509_FILETYPE_PEM WOLFSSL_FILETYPE_PEM +#define X509_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1 +#define X509_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT #define X509_F_X509_CHECK_PRIVATE_KEY 128 @@ -258,6 +268,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #else #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations #endif + #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file @@ -277,6 +288,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_connect wolfSSL_connect #define SSL_clear wolfSSL_clear #define SSL_state wolfSSL_state +#define SSL_read_early_data(ssl, d, dLen, len) wolfSSL_read_early_data(ssl, d, (int)(dLen), (int *)(len)) +#define SSL_write_early_data(ssl, d, dLen, len) wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len)) #define SSL_write wolfSSL_write #define SSL_read wolfSSL_read @@ -285,7 +298,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CTX_free wolfSSL_CTX_free #define SSL_free wolfSSL_free #define SSL_shutdown wolfSSL_shutdown -#define SSL_set_timeout wolfSSL_set_timeout +#define SSL_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown #define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown @@ -294,17 +307,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_get_session(x) wolfSSL_get_session((WOLFSSL*) (x)) #define SSL_SESSION_get0_peer wolfSSL_SESSION_get0_peer #define SSL_flush_sessions wolfSSL_flush_sessions -/* assume unlimited temporarily */ -#define SSL_CTX_get_session_cache_mode(ctx) 0 +#define SSL_CTX_get_session_cache_mode(ctx) \ + wolfSSL_CTX_get_session_cache_mode((ctx)) #define SSL_CTX_set_verify wolfSSL_CTX_set_verify #define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback +#define SSL_CTX_set_cert_cb wolfSSL_CTX_set_cert_cb #define SSL_set_verify wolfSSL_set_verify #define SSL_set_verify_result wolfSSL_set_verify_result #define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake #define SSL_set_post_handshake_auth wolfSSL_set_post_handshake_auth #define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth -#define SSL_pending wolfSSL_pending +#define SSL_pending(x) wolfSSL_pending((WOLFSSL*)(x)) +#define SSL_has_pending wolfSSL_has_pending #define SSL_load_error_strings wolfSSL_load_error_strings #define SSL_library_init wolfSSL_library_init #define OPENSSL_cleanup (void)wolfSSL_Cleanup @@ -317,7 +332,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; /* wolfSSL does not support security levels */ #define SSL_CTX_set_security_level wolfSSL_CTX_set_security_level #define SSL_CTX_get_security_level wolfSSL_CTX_get_security_level -/* wolfSSL does not support exporting keying material */ #define SSL_export_keying_material wolfSSL_export_keying_material #define SSL_CTX_set1_sigalgs_list wolfSSL_CTX_set1_sigalgs_list @@ -340,6 +354,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_set_session_id_context wolfSSL_set_session_id_context #define SSL_set_connect_state wolfSSL_set_connect_state #define SSL_set_accept_state wolfSSL_set_accept_state +#define SSL_SESSION_new wolfSSL_SESSION_new #define SSL_session_reused wolfSSL_session_reused #define SSL_SESSION_up_ref wolfSSL_SESSION_up_ref #define SSL_SESSION_dup wolfSSL_SESSION_dup @@ -358,6 +373,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CIPHER_get_id wolfSSL_CIPHER_get_id #define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_name #define SSL_CIPHER_standard_name wolfSSL_CIPHER_get_name +#define SSL_CIPHER_get_auth_nid wolfSSL_CIPHER_get_auth_nid +#define SSL_CIPHER_get_cipher_nid wolfSSL_CIPHER_get_cipher_nid +#define SSL_CIPHER_get_digest_nid wolfSSL_CIPHER_get_digest_nid +#define SSL_CIPHER_get_kx_nid wolfSSL_CIPHER_get_kx_nid +#define SSL_CIPHER_is_aead wolfSSL_CIPHER_is_aead #define SSL_get_cipher_by_value wolfSSL_get_cipher_by_value #define SSL_get1_session wolfSSL_get1_session @@ -366,6 +386,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_get_keys wolfSSL_get_keys #define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length +#define SSL_SESSION_get_max_early_data wolfSSL_SESSION_get_max_early_data #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) #define SSL_MODE_RELEASE_BUFFERS 0x00000010U @@ -378,7 +399,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data #define X509_EXTENSION_new wolfSSL_X509_EXTENSION_new #define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free - #define X509_gmtime_adj wolfSSL_X509_gmtime_adj #endif #define DSA_dup_DH wolfSSL_DSA_dup_DH @@ -397,14 +417,16 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define d2i_X509 wolfSSL_d2i_X509 #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ +#define PEM_read_X509_REQ wolfSSL_PEM_read_X509_REQ #define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define PEM_read_X509 wolfSSL_PEM_read_X509 -#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 #define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX #define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio +#define PEM_X509_INFO_read wolfSSL_PEM_X509_INFO_read #define i2d_PrivateKey wolfSSL_i2d_PrivateKey +#define i2d_PublicKey wolfSSL_i2d_PublicKey #define i2d_X509_REQ wolfSSL_i2d_X509_REQ #define d2i_X509_REQ wolfSSL_d2i_X509_REQ @@ -429,6 +451,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_load_certificate_file wolfSSL_X509_load_certificate_file #define X509_digest wolfSSL_X509_digest #define X509_pubkey_digest wolfSSL_X509_pubkey_digest +#define X509_get_extension_flags wolfSSL_X509_get_extension_flags +#define X509_get_key_usage wolfSSL_X509_get_key_usage +#define X509_get_extended_key_usage wolfSSL_X509_get_extended_key_usage #define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i #define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d @@ -440,7 +465,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_get_issuer_name wolfSSL_X509_get_issuer_name #define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash #define X509_subject_name_hash wolfSSL_X509_subject_name_hash -#define X509_get_subject_name wolfSSL_X509_get_subject_name +#define X509_get_subject_name(x) wolfSSL_X509_get_subject_name((WOLFSSL_X509*)(x)) #define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey @@ -473,6 +498,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_REQ_print wolfSSL_X509_print #define X509_print_ex wolfSSL_X509_print_ex #define X509_print_fp wolfSSL_X509_print_fp +#define X509_CRL_print wolfSSL_X509_CRL_print #define X509_REQ_print_fp wolfSSL_X509_print_fp #define X509_signature_print wolfSSL_X509_signature_print #define X509_get0_signature wolfSSL_X509_get0_signature @@ -494,9 +520,10 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data +#define X509_EXTENSION_dup wolfSSL_X509_EXTENSION_dup #define sk_X509_new wolfSSL_sk_X509_new -#define sk_X509_new_null wolfSSL_sk_X509_new +#define sk_X509_new_null wolfSSL_sk_X509_new_null #define sk_X509_num wolfSSL_sk_X509_num #define sk_X509_value wolfSSL_sk_X509_value #define sk_X509_shift wolfSSL_sk_X509_shift @@ -507,8 +534,16 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define sk_X509_free wolfSSL_sk_X509_free #define X509_chain_up_ref wolfSSL_X509_chain_up_ref +#define sk_X509_CRL_new wolfSSL_sk_X509_CRL_new +#define sk_X509_CRL_pop_free wolfSSL_sk_X509_CRL_pop_free +#define sk_X509_CRL_free wolfSSL_sk_X509_CRL_free +#define sk_X509_CRL_push wolfSSL_sk_X509_CRL_push +#define sk_X509_CRL_value wolfSSL_sk_X509_CRL_value +#define sk_X509_CRL_num wolfSSL_sk_X509_CRL_num + #define sk_X509_OBJECT_new wolfSSL_sk_X509_OBJECT_new #define sk_X509_OBJECT_free wolfSSL_sk_X509_OBJECT_free +#define sk_X509_OBJECT_pop_free wolfSSL_sk_X509_OBJECT_pop_free #define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num #define sk_X509_EXTENSION_value wolfSSL_sk_X509_EXTENSION_value @@ -533,6 +568,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_NAME_new wolfSSL_X509_NAME_new #define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_dup wolfSSL_X509_NAME_dup +#define X509_NAME_get_sz wolfSSL_X509_NAME_get_sz #define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID #define X509_NAME_get_index_by_OBJ wolfSSL_X509_NAME_get_index_by_OBJ #define X509_NAME_cmp wolfSSL_X509_NAME_cmp @@ -554,6 +590,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_cmp_time wolfSSL_X509_cmp_time #define X509_time_adj wolfSSL_X509_time_adj #define X509_time_adj_ex wolfSSL_X509_time_adj_ex +#define X509_gmtime_adj wolfSSL_X509_gmtime_adj #define sk_ACCESS_DESCRIPTION_num wolfSSL_sk_ACCESS_DESCRIPTION_num #define sk_ACCESS_DESCRIPTION_value wolfSSL_sk_ACCESS_DESCRIPTION_value @@ -572,17 +609,25 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count -#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object #define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object +#define sk_X509_NAME_ENTRY_new wolfSSL_sk_X509_NAME_ENTRY_new +#define sk_X509_NAME_ENTRY_push wolfSSL_sk_X509_NAME_ENTRY_push +#define sk_X509_NAME_ENTRY_num wolfSSL_sk_X509_NAME_ENTRY_num +#define sk_X509_NAME_ENTRY_value wolfSSL_sk_X509_NAME_ENTRY_value +#define sk_X509_NAME_ENTRY_free wolfSSL_sk_X509_NAME_ENTRY_free + #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME -#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT +#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS +#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS #define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT #define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE @@ -638,8 +683,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_VERIFY_PARAM_get_flags wolfSSL_X509_VERIFY_PARAM_get_flags #define X509_VERIFY_PARAM_clear_flags wolfSSL_X509_VERIFY_PARAM_clear_flags #define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags +#define SSL_set1_host wolfSSL_set1_host #define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host #define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc +#define X509_VERIFY_PARAM_set1_ip wolfSSL_X509_VERIFY_PARAM_set1_ip #define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1 #define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations @@ -655,9 +702,14 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_CRL_free wolfSSL_X509_CRL_free #define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate +#define X509_CRL_get0_lastUpdate wolfSSL_X509_CRL_get_lastUpdate #define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define X509_CRL_get0_nextUpdate wolfSSL_X509_CRL_get_nextUpdate #define X509_CRL_verify wolfSSL_X509_CRL_verify #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED +#define X509_CRL_get_issuer wolfSSL_X509_CRL_get_issuer_name +#define X509_CRL_get_signature_nid wolfSSL_X509_CRL_get_signature_nid +#define X509_CRL_get_version wolfSSL_X509_CRL_version #define X509_load_crl_file wolfSSL_X509_load_crl_file #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY @@ -682,6 +734,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509 #define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL +#define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number +#define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date + #define X509_check_purpose(...) 0 #define OCSP_parse_url wolfSSL_OCSP_parse_url @@ -713,11 +768,18 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_f_ssl wolfSSL_BIO_f_ssl #define BIO_new_socket wolfSSL_BIO_new_socket #define BIO_new_connect wolfSSL_BIO_new_connect +#define BIO_new_accept wolfSSL_BIO_new_accept #define BIO_set_conn_port wolfSSL_BIO_set_conn_port #define BIO_do_connect wolfSSL_BIO_do_connect +#define BIO_do_accept wolfSSL_BIO_do_accept #define BIO_do_handshake wolfSSL_BIO_do_handshake +#define BIO_ssl_shutdown wolfSSL_BIO_ssl_shutdown #define SSL_set_bio wolfSSL_set_bio +#define BIO_method_type wolfSSL_BIO_method_type #define BIO_set_ssl wolfSSL_BIO_set_ssl +#define BIO_get_ssl wolfSSL_BIO_get_ssl +#define BIO_new_ssl_connect wolfSSL_BIO_new_ssl_connect +#define BIO_set_conn_hostname wolfSSL_BIO_set_conn_hostname #define BIO_eof wolfSSL_BIO_eof #define BIO_set_ss wolfSSL_BIO_set_ss @@ -768,6 +830,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string +#define ASN1_TIME_to_tm wolfSSL_ASN1_TIME_to_tm #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free @@ -782,13 +845,17 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get #define ASN1_INTEGER_set wolfSSL_ASN1_INTEGER_set #define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN +#define d2i_ASN1_INTEGER wolfSSL_d2i_ASN1_INTEGER +#define i2d_ASN1_INTEGER wolfSSL_i2d_ASN1_INTEGER #define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT #define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT #define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_OCTET_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_STRING_free wolfSSL_ASN1_STRING_free #define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp +#define ASN1_OCTET_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_STRING_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data #define ASN1_STRING_length wolfSSL_ASN1_STRING_length @@ -801,7 +868,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_STRING_set_default_mask_asc(...) 1 #endif +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING +#define ASN1_OCTET_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_OCTET_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING @@ -809,7 +879,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_IA5STRING WOLFSSL_ASN1_STRING -#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define SSL_load_client_CA_file wolfSSL_load_client_CA_file @@ -818,8 +887,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list #define SSL_CTX_set_client_cert_cb wolfSSL_CTX_set_client_cert_cb #define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store +#define SSL_set0_verify_cert_store wolfSSL_set0_verify_cert_store +#define SSL_set1_verify_cert_store wolfSSL_set1_verify_cert_store #define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x)) #define SSL_get_client_CA_list wolfSSL_get_client_CA_list +#define SSL_set_client_CA_list wolfSSL_set_client_CA_list #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx #define SSL_get_ex_data wolfSSL_get_ex_data @@ -827,7 +899,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb #define SSL_CTX_set_timeout(ctx, to) \ - wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) + wolfSSL_CTX_set_timeout(ctx, (unsigned int)(to)) #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback #define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos @@ -843,6 +915,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define RSA_generate_key wolfSSL_RSA_generate_key #define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback #define RSA_print wolfSSL_RSA_print +#define RSA_print_fp wolfSSL_RSA_print_fp #define RSA_bits wolfSSL_RSA_bits #define RSA_up_ref wolfSSL_RSA_up_ref #define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS @@ -948,11 +1021,16 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_check_private_key wolfSSL_check_private_key #define SSL_CTX_set_mode wolfSSL_CTX_set_mode +#define SSL_CTX_clear_mode wolfSSL_CTX_clear_mode #define SSL_CTX_get_mode wolfSSL_CTX_get_mode #define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead #define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths +#define X509_get_default_cert_file_env wolfSSL_X509_get_default_cert_file_env +#define X509_get_default_cert_file wolfSSL_X509_get_default_cert_file +#define X509_get_default_cert_dir_env wolfSSL_X509_get_default_cert_dir_env +#define X509_get_default_cert_dir wolfSSL_X509_get_default_cert_dir #define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context #define SSL_get_peer_certificate wolfSSL_get_peer_certificate @@ -988,6 +1066,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION #define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define SSL_SESSION_has_ticket wolfSSL_SESSION_has_ticket +#define SSL_SESSION_get_ticket_lifetime_hint \ + wolfSSL_SESSION_get_ticket_lifetime_hint #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_time wolfSSL_SESSION_get_time @@ -1019,12 +1100,24 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration +/* DTLS SRTP */ +#ifdef WOLFSSL_SRTP +typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; +#endif +#define SSL_CTX_set_tlsext_use_srtp wolfSSL_CTX_set_tlsext_use_srtp +#define SSL_set_tlsext_use_srtp wolfSSL_set_tlsext_use_srtp +#define SSL_get_selected_srtp_profile wolfSSL_get_selected_srtp_profile +#define SSL_get_srtp_profiles wolfSSL_get_srtp_profiles + #ifndef NO_WOLFSSL_STUB -#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)ssl; (void)cb; }) +#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)(ssl); (void)(cb); }) #endif #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_add0_chain_cert wolfSSL_CTX_add0_chain_cert #define SSL_CTX_add1_chain_cert wolfSSL_CTX_add1_chain_cert +#define SSL_add0_chain_cert wolfSSL_add0_chain_cert +#define SSL_add1_chain_cert wolfSSL_add1_chain_cert #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth @@ -1039,6 +1132,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DHparams_dup wolfSSL_DH_dup #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_read_DHparams wolfSSL_PEM_read_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) @@ -1062,7 +1156,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #include #define SSL_CTRL_CHAIN 88 -#define ERR_LIB_SSL 20 #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 #define SSL_CTRL_MODE 33 @@ -1090,6 +1183,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define TLSEXT_STATUSTYPE_ocsp 1 +#define TLSEXT_max_fragment_length_512 WOLFSSL_MFL_2_9 +#define TLSEXT_max_fragment_length_1024 WOLFSSL_MFL_2_10 +#define TLSEXT_max_fragment_length_2048 WOLFSSL_MFL_2_11 +#define TLSEXT_max_fragment_length_4096 WOLFSSL_MFL_2_12 + #define SSL_set_options wolfSSL_set_options #define SSL_get_options wolfSSL_get_options #define SSL_clear_options wolfSSL_clear_options @@ -1102,6 +1200,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type +#define SSL_get_tlsext_status_type wolfSSL_get_tlsext_status_type #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts #define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids #define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids @@ -1109,13 +1208,18 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp #define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp #define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_max_fragment_length wolfSSL_set_tlsext_max_fragment_length #define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_get_read_ahead wolfSSL_get_read_ahead +#define SSL_set_read_ahead wolfSSL_set_read_ahead #define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead #define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead #define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg +#define SSL_CTX_set_tlsext_max_fragment_length \ + wolfSSL_CTX_set_tlsext_max_fragment_length #define SSL_get_server_random wolfSSL_get_server_random #define SSL_get_server_tmp_key wolfSSL_get_server_tmp_key @@ -1124,6 +1228,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_set_min_proto_version wolfSSL_set_min_proto_version #define SSL_set_max_proto_version wolfSSL_set_max_proto_version #define SSL_CTX_get_min_proto_version wolfSSL_CTX_get_min_proto_version +#define SSL_CTX_get_max_proto_version wolfSSL_CTX_get_max_proto_version #define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts @@ -1131,6 +1236,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_tlsext_ticket_keys wolfSSL_CTX_set_tlsext_ticket_keys #define SSL_CTX_get_tlsext_status_cb wolfSSL_CTX_get_tlsext_status_cb #define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb +#define SSL_CTX_set_num_tickets wolfSSL_CTX_set_num_tickets +#define SSL_CTX_get_num_tickets wolfSSL_CTX_get_num_tickets #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 @@ -1139,6 +1246,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTRL_SET_SESS_CACHE_MODE 44 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 651 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 @@ -1150,6 +1258,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY #define SSL_CTRL_SET_MIN_PROTO_VERSION 123 #define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +#define SSL_CTRL_GET_MIN_PROTO_VERSION 125 +#define SSL_CTRL_GET_MAX_PROTO_VERSION 126 #define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS #define SSL_CTRL_EXTRA_CHAIN_CERT 14 @@ -1171,35 +1281,33 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ -#define SSL2_VERSION 0x0002 -#define SSL3_VERSION 0x0300 -#define TLS1_VERSION 0x0301 -#define TLS1_1_VERSION 0x0302 -#define TLS1_2_VERSION 0x0303 -#define TLS1_3_VERSION 0x0304 -#define DTLS1_VERSION 0xFEFF -#define DTLS1_2_VERSION 0xFEFD +/* Used as message callback types */ +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 #define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L #define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L -#define CRYPTO_EX_INDEX_SSL 0 #define TLS_ANY_VERSION 0x10000 #define DTLS1_2_VERSION 0xFEFD #define DTLS_MAX_VERSION DTLS1_2_VERSION /* apache and lighty use SSL_CONF_FLAG_FILE to enable conf support */ -#if !defined(WOLFSSL_APACHE_HTTPD) && !defined(HAVE_LIGHTY) #define SSL_CONF_FLAG_CMDLINE WOLFSSL_CONF_FLAG_CMDLINE #define SSL_CONF_FLAG_FILE WOLFSSL_CONF_FLAG_FILE #define SSL_CONF_FLAG_CERTIFICATE WOLFSSL_CONF_FLAG_CERTIFICATE +#define SSL_CONF_FLAG_SERVER WOLFSSL_CONF_FLAG_SERVER +#define SSL_CONF_FLAG_CLIENT WOLFSSL_CONF_FLAG_CLIENT +#define SSL_CONF_FLAG_SHOW_ERRORS WOLFSSL_CONF_FLAG_SHOW_ERRORS +#define SSL_CONF_TYPE_UNKNOWN WOLFSSL_CONF_TYPE_UNKNOWN #define SSL_CONF_TYPE_STRING WOLFSSL_CONF_TYPE_STRING #define SSL_CONF_TYPE_FILE WOLFSSL_CONF_TYPE_FILE -#endif +#define SSL_CONF_TYPE_DIR WOLFSSL_CONF_TYPE_DIR -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ - || defined(OPENSSL_ALL) -#include +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) #define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000) #define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) @@ -1209,6 +1317,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_AD_UNRECOGNIZED_NAME unrecognized_name #define SSL_AD_NO_RENEGOTIATION no_renegotiation #define SSL_AD_INTERNAL_ERROR 80 +#define SSL_AD_NO_APPLICATION_PROTOCOL no_application_protocol +#define SSL_AD_MISSING_EXTENSION missing_extension #define ASN1_STRFLGS_ESC_MSB 4 @@ -1228,8 +1338,21 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define GENERAL_NAME_new wolfSSL_GENERAL_NAME_new #define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free +#define GENERAL_NAME_dup wolfSSL_GENERAL_NAME_dup +#define GENERAL_NAME_print wolfSSL_GENERAL_NAME_print #define sk_GENERAL_NAME_push wolfSSL_sk_GENERAL_NAME_push #define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value + +#define DIST_POINT_new wolfSSL_DIST_POINT_new +#define DIST_POINT_free wolfSSL_DIST_POINT_free +#define DIST_POINTS_free wolfSSL_DIST_POINTS_free +#define CRL_DIST_POINTS_free(cdp) wolfSSL_sk_DIST_POINT_pop_free((cdp), NULL) +#define sk_DIST_POINT_push wolfSSL_sk_DIST_POINT_push +#define sk_DIST_POINT_value wolfSSL_sk_DIST_POINT_value +#define sk_DIST_POINT_num wolfSSL_sk_DIST_POINT_num +#define sk_DIST_POINT_pop_free wolfSSL_sk_DIST_POINT_pop_free +#define sk_DIST_POINT_free wolfSSL_sk_DIST_POINT_free + #define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data #define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data #define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index @@ -1242,10 +1365,35 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define GENERAL_NAMES_free wolfSSL_GENERAL_NAMES_free #define AUTHORITY_INFO_ACCESS_free wolfSSL_AUTHORITY_INFO_ACCESS_free +#define AUTHORITY_INFO_ACCESS_pop_free wolfSSL_AUTHORITY_INFO_ACCESS_pop_free #define sk_ACCESS_DESCRIPTION_pop_free wolfSSL_sk_ACCESS_DESCRIPTION_pop_free #define sk_ACCESS_DESCRIPTION_free wolfSSL_sk_ACCESS_DESCRIPTION_free #define ACCESS_DESCRIPTION_free wolfSSL_ACCESS_DESCRIPTION_free +/* Alert types, matched to AlertDescription enum in wolfssl/ssl.h */ +#define SSL_AD_CLOSE_NOTIFY close_notify +#define SSL_AD_UNEXPECTED_MESSAGE unexpected_message +#define SSL_AD_BAD_RECORD_MAC bad_record_mac +#define SSL_AD_RECORD_OVERFLOW record_overflow +#define SSL_AD_DECOMPRESSION_FAILURE decompression_failure +#define SSL_AD_HANDSHAKE_FAILURE handshake_failure +#define SSL_AD_UNSUPPORTED_CERTIFICATE unsupported_certificate +#define SSL_AD_CERTIFICATE_REVOKED certificate_revoked +#define SSL_AD_CERTIFICATE_EXPIRED certificate_expired +#define SSL_AD_CERTIFICATE_UNKNOWN certificate_unknown +#define SSL_AD_ILLEGAL_PARAMETER illegal_parameter +#define SSL_AD_UNKNOWN_CA unknown_ca +#define SSL_AD_ACCESS_DENIED access_denied +#define SSL_AD_DECODE_ERROR decode_error +#define SSL_AD_DECRYPT_ERROR decrypt_error +#ifdef WOLFSSL_MYSQL_COMPATIBLE + #define SSL_AD_PROTOCOL_VERSION wc_protocol_version +#else + #define SSL_AD_PROTOCOL_VERSION protocol_version +#endif +#define SSL_AD_INSUFFICIENT_SECURITY insufficient_security +#define SSL_AD_USER_CANCELLED user_canceled + #define SSL3_AL_FATAL 2 #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_WARNING warning_return @@ -1266,6 +1414,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_add_server_custom_ext(...) 0 +#define SSL_get0_verified_chain wolfSSL_get0_verified_chain +#define X509_chain_up_ref wolfSSL_X509_chain_up_ref + #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ #ifndef NO_WOLFSSL_STUB @@ -1283,12 +1434,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_clear_extra_chain_certs wolfSSL_CTX_clear_extra_chain_certs +#define SSL_certs_clear wolfSSL_certs_clear /* Nginx uses this to determine if reached end of certs in file. * PEM_read_bio_X509 is called and the return error is lost. * The error that needs to be detected is: SSL_NO_PEM_HEADER. */ -#define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL) +#define ERR_GET_FUNC(l) (int)((((unsigned long)(l)) >> 12L) & 0xfffL) #define PEM_F_PEM_DEF_CALLBACK 100 @@ -1297,15 +1449,24 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2) #define PEM_R_BAD_PASSWORD_READ (-MIN_CODE_E + 3) #define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4) +#define ASN1_R_HEADER_TOO_LONG (-MIN_CODE_E + 5) +#define ERR_LIB_RSA 4 +#define ERR_LIB_EC 16 +#define ERR_LIB_SSL 20 +#define ERR_LIB_PKCS12 35 #define ERR_LIB_PEM 9 #define ERR_LIB_X509 10 #define ERR_LIB_EVP 11 #define ERR_LIB_ASN1 12 +#define ERR_LIB_DIGEST 13 +#define ERR_LIB_CIPHER 14 +#define ERR_LIB_USER 15 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ - defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_WPAS_SMALL) #include @@ -1339,14 +1500,21 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_R_HTTP_REQUEST PARSE_ERROR #define SSL_R_UNSUPPORTED_PROTOCOL VERSION_ERROR #define SSL_R_CERTIFICATE_VERIFY_FAILED VERIFY_CERT_ERROR +#define SSL_R_CERT_CB_ERROR CLIENT_CERT_CB_ERROR +#define SSL_R_NULL_SSL_METHOD_PASSED BAD_FUNC_ARG #ifdef HAVE_SESSION_TICKET -#define SSL_OP_NO_TICKET SSL_OP_NO_TICKET #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif -#define OPENSSL_config wolfSSL_OPENSSL_config +/* Some openssl consumers try to detect these options with ifdef, defining + * here since we use an enum internally instead */ +#define SSL_OP_SINGLE_DH_USE WOLFSSL_OP_SINGLE_DH_USE +#define SSL_OP_SINGLE_ECDH_USE WOLFSSL_OP_SINGLE_ECDH_USE +#define SSL_OP_CIPHER_SERVER_PREFERENCE WOLFSSL_OP_CIPHER_SERVER_PREFERENCE + +#define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup #define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse #define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout @@ -1361,6 +1529,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb #define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb #define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs +#define SSL_CTX_get0_chain_certs wolfSSL_CTX_get0_chain_certs +#define SSL_get0_chain_certs wolfSSL_get0_chain_certs #define sk_OPENSSL_STRING_num wolfSSL_sk_WOLFSSL_STRING_num #define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value #define sk_OPENSSL_PSTRING_num wolfSSL_sk_WOLFSSL_STRING_num @@ -1400,12 +1570,25 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define NID_pkcs9_emailAddress 48 #define OBJ_pkcs9_emailAddress 1L,2L,840L,113539L,1L,9L,1L +#define LN_basic_constraints "X509v3 Basic Constraints" +#define LN_key_usage "X509v3 Key Usage" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define LN_ext_key_usage "X509v3 Extended Key Usage" + #define SSL_get_rbio wolfSSL_SSL_get_rbio #define SSL_get_wbio wolfSSL_SSL_get_wbio #define SSL_do_handshake wolfSSL_SSL_do_handshake #if defined(WOLFSSL_EARLY_DATA) +#define SSL_EARLY_DATA_NOT_SENT WOLFSSL_EARLY_DATA_NOT_SENT +#define SSL_EARLY_DATA_REJECTED WOLFSSL_EARLY_DATA_REJECTED +#define SSL_EARLY_DATA_ACCEPTED WOLFSSL_EARLY_DATA_ACCEPTED + #define SSL_get_early_data_status wolfSSL_get_early_data_status +#define SSL_set_max_early_data wolfSSL_set_max_early_data +#define SSL_get_max_early_data wolfSSL_get_max_early_data +#define SSL_CTX_set_max_early_data wolfSSL_CTX_set_max_early_data +#define SSL_CTX_get_max_early_data wolfSSL_CTX_get_max_early_data #endif #endif /* OPENSSL_EXTRA */ @@ -1420,6 +1603,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) +#define X509_LU_NONE WOLFSSL_X509_LU_NONE +#define X509_LU_X509 WOLFSSL_X509_LU_X509 +#define X509_LU_CRL WOLFSSL_X509_LU_CRL + #define X509_STORE_get0_objects wolfSSL_X509_STORE_get0_objects #define sk_X509_OBJECT_num wolfSSL_sk_X509_OBJECT_num #define sk_X509_OBJECT_value wolfSSL_sk_X509_OBJECT_value @@ -1435,8 +1622,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #ifndef NO_WOLFSSL_STUB #define OBJ_create_objects(...) +#define sk_SSL_COMP_free(...) #endif +#define OBJ_dup wolfSSL_ASN1_OBJECT_dup + #define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback #define SSL_SESSION_is_resumable wolfSSL_SESSION_is_resumable typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; @@ -1447,9 +1637,74 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; #define SSL_CONF_CTX_set_flags wolfSSL_CONF_CTX_set_flags #define SSL_CONF_CTX_finish wolfSSL_CONF_CTX_finish #define SSL_CONF_cmd wolfSSL_CONF_cmd +#define SSL_CONF_cmd_value_type wolfSSL_CONF_cmd_value_type + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + + +#ifdef WOLFSSL_QUIC + +#include + +/* Used by Chromium/QUIC - according to quictls/openssl fork */ +#define X25519_PRIVATE_KEY_LEN 32 +#define X25519_PUBLIC_VALUE_LEN 32 + +/* TLSv1.3 cipher ids as defined in RFC 8446, returned by + * SSL_CIPHER_get_id(cipher) + * used by QUIC implementations, such as HAProxy + */ +#define TLS1_3_CK_AES_128_GCM_SHA256 0x1301 +#define TLS1_3_CK_AES_256_GCM_SHA384 0x1302 +#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303 +#define TLS1_3_CK_AES_128_CCM_SHA256 0x1304 +#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x1305 + +#define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION QUIC_TP_MISSING_E +#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED QUIC_WRONG_ENC_LEVEL + +#define ssl_quic_method_st wolfssl_quic_method_t +typedef WOLFSSL_QUIC_METHOD SSL_QUIC_METHOD; + +#define ssl_encryption_level_t wolfssl_encryption_level_t +typedef WOLFSSL_ENCRYPTION_LEVEL OSSL_ENCRYPTION_LEVEL; +#define ssl_encryption_initial wolfssl_encryption_initial +#define ssl_encryption_early_data wolfssl_encryption_early_data +#define ssl_encryption_handshake wolfssl_encryption_handshake +#define ssl_encryption_application wolfssl_encryption_application + +#define SSL_CTX_set_quic_method wolfSSL_CTX_set_quic_method +#define SSL_set_quic_method wolfSSL_set_quic_method + +#define SSL_set_quic_transport_params wolfSSL_set_quic_transport_params +#define SSL_get_peer_quic_transport_params wolfSSL_get_peer_quic_transport_params + +#define SSL_quic_max_handshake_flight_len wolfSSL_quic_max_handshake_flight_len +#define SSL_quic_read_level wolfSSL_quic_read_level +#define SSL_quic_write_level wolfSSL_quic_write_level +#define SSL_provide_quic_data wolfSSL_provide_quic_data +#define SSL_process_quic_post_handshake wolfSSL_process_quic_post_handshake + +#define SSL_is_quic wolfSSL_is_quic + +#define SSL_set_quic_transport_version wolfSSL_set_quic_transport_version +#define SSL_get_quic_transport_version wolfSSL_get_quic_transport_version +#define SSL_get_peer_quic_transport_version wolfSSL_get_peer_quic_transport_version + +#define SSL_set_quic_early_data_enabled wolfSSL_set_quic_early_data_enabled + +/* BoringSSL API - according to quictls/openssl fork */ +#define SSL_set_quic_use_legacy_codepoint wolfSSL_set_quic_use_legacy_codepoint + +/* TODO: we do not have this in our QUIC api and HAProxy does not use it +int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); +*/ + +#endif /* WOLFSSL_QUIC */ + #ifdef __cplusplus } /* extern "C" */ #endif -#endif /* wolfSSL_openssl_h__ */ +#endif /* !WOLFSSL_OPENSSL_H_ */ diff --git a/source/libs/libwolfssl/openssl/stack.h b/source/libs/libwolfssl/openssl/stack.h index 8040574f..6b03994a 100644 --- a/source/libs/libwolfssl/openssl/stack.h +++ b/source/libs/libwolfssl/openssl/stack.h @@ -1,6 +1,6 @@ /* stack.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,8 +30,8 @@ typedef void (*wolfSSL_sk_freefunc)(void *); -WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc); -WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *); +WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc f); +WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *sk); WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data); WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *)); WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void); diff --git a/source/libs/libwolfssl/openssl/tls1.h b/source/libs/libwolfssl/openssl/tls1.h index 51923f69..849b08a3 100644 --- a/source/libs/libwolfssl/openssl/tls1.h +++ b/source/libs/libwolfssl/openssl/tls1.h @@ -1,6 +1,6 @@ /* tls1.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,4 +43,10 @@ #define TLS_MAX_VERSION TLS1_3_VERSION #endif +#ifdef WOLFSSL_QUIC +/* from rfc9001 */ +#define TLSEXT_TYPE_quic_transport_parameters_draft 0xffa5 +#define TLSEXT_TYPE_quic_transport_parameters 0x0039 +#endif + #endif /* WOLFSSL_OPENSSL_TLS1_H_ */ diff --git a/source/libs/libwolfssl/openssl/x509.h b/source/libs/libwolfssl/openssl/x509.h index 5b151453..0d59bdd1 100644 --- a/source/libs/libwolfssl/openssl/x509.h +++ b/source/libs/libwolfssl/openssl/x509.h @@ -1,5 +1,29 @@ +/* x509.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + /* x509.h for openssl */ +#ifndef WOLFSSL_OPENSSL_509_H_ +#define WOLFSSL_OPENSSL_509_H_ + #include #include #include @@ -7,6 +31,8 @@ #include #include +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + /* wolfSSL_X509_print_ex flags */ #define X509_FLAG_COMPAT (0UL) #define X509_FLAG_NO_HEADER (1UL << 0) @@ -42,3 +68,11 @@ #define XN_FLAG_FN_ALIGN (1 << 25) #define XN_FLAG_MULTILINE 0xFFFF + +#define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical +#define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object +#define X509_EXTENSION_set_data wolfSSL_X509_EXTENSION_set_data + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#endif /* WOLFSSL_OPENSSL_509_H_ */ diff --git a/source/libs/libwolfssl/openssl/x509_vfy.h b/source/libs/libwolfssl/openssl/x509_vfy.h index 6642dd54..2040bbef 100644 --- a/source/libs/libwolfssl/openssl/x509_vfy.h +++ b/source/libs/libwolfssl/openssl/x509_vfy.h @@ -1,6 +1,6 @@ /* x509_vfy.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,11 +32,12 @@ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose); + WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, + unsigned long flags); #endif -#ifdef WOLFSSL_QT - #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose -#endif +#define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose +#define X509_STORE_CTX_set_flags wolfSSL_X509_STORE_CTX_set_flags #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/openssl/x509v3.h b/source/libs/libwolfssl/openssl/x509v3.h index 803777cf..3cae809f 100644 --- a/source/libs/libwolfssl/openssl/x509v3.h +++ b/source/libs/libwolfssl/openssl/x509v3.h @@ -1,6 +1,6 @@ /* x509v3.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,15 +31,42 @@ extern "C" { #endif +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 + +#define KU_DIGITAL_SIGNATURE KEYUSE_DIGITAL_SIG +#define KU_NON_REPUDIATION KEYUSE_CONTENT_COMMIT +#define KU_KEY_ENCIPHERMENT KEYUSE_KEY_ENCIPHER +#define KU_DATA_ENCIPHERMENT KEYUSE_DATA_ENCIPHER +#define KU_KEY_AGREEMENT KEYUSE_KEY_AGREE +#define KU_KEY_CERT_SIGN KEYUSE_KEY_CERT_SIGN +#define KU_CRL_SIGN KEYUSE_CRL_SIGN +#define KU_ENCIPHER_ONLY KEYUSE_ENCIPHER_ONLY +#define KU_DECIPHER_ONLY KEYUSE_DECIPHER_ONLY + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 + #define X509_PURPOSE_SSL_CLIENT 0 #define X509_PURPOSE_SSL_SERVER 1 -#define NS_SSL_CLIENT 0 -#define NS_SSL_SERVER 1 +#define NS_SSL_CLIENT WC_NS_SSL_CLIENT +#define NS_SSL_SERVER WC_NS_SSL_SERVER /* Forward reference */ +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x0090801fL typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +#else +typedef void *(*X509V3_EXT_D2I)(void *, unsigned char **, long); +#endif typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( struct WOLFSSL_v3_ext_method *method, @@ -94,8 +121,13 @@ WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void); WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc); WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void); WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id); +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( WOLFSSL_X509_EXTENSION* ex); +#else +WOLFSSL_API WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( + WOLFSSL_X509_EXTENSION* ex); +#endif WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, const WOLFSSL_ASN1_STRING *s); @@ -103,6 +135,7 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free @@ -116,11 +149,13 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_ #define X509V3_parse_list(...) NULL #endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING +#define a2i_IPADDRESS wolfSSL_a2i_IPADDRESS #define X509V3_EXT_print wolfSSL_X509V3_EXT_print #define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid #define X509V3_set_ctx wolfSSL_X509V3_set_ctx #ifndef NO_WOLFSSL_STUB #define X509V3_set_nconf(...) +#define X509V3_EXT_cleanup(...) #endif #define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) #define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb diff --git a/source/libs/libwolfssl/quic.h b/source/libs/libwolfssl/quic.h new file mode 100644 index 00000000..08b26ff4 --- /dev/null +++ b/source/libs/libwolfssl/quic.h @@ -0,0 +1,297 @@ +/* quic.h + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* wolfSSL QUIC API */ + +#ifndef WOLFSSL_QUIC_H +#define WOLFSSL_QUIC_H + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_QUIC + +/* QUIC operates on three encryption levels which determine + * which keys/algos are used for de-/encryption. These are + * kept separately for incoming and outgoing data and. + * Due to the nature of UDP, more than one might be in use + * at the same time due to resends or out-of-order arrivals. + */ +typedef enum wolfssl_encryption_level_t { + wolfssl_encryption_initial = 0, + wolfssl_encryption_early_data, + wolfssl_encryption_handshake, + wolfssl_encryption_application +} WOLFSSL_ENCRYPTION_LEVEL; + + +/* All QUIC related callbacks to the application. + */ +typedef struct wolfssl_quic_method_t WOLFSSL_QUIC_METHOD; + +struct wolfssl_quic_method_t { + /** + * Provide secrets to the QUIC stack when they becaome available in the SSL + * instance during handshake processing. read/write secrets have the same + * length. A call may only provide one, passing NULL as the other. + */ + int (*set_encryption_secrets)(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t* read_secret, + const uint8_t* write_secret, + size_t secret_len); + /** + * Provide handshake packets to the QUIC stack to send to the peer. The + * QUIC stack will wrap these and take care of re-transmissions. + */ + int (*add_handshake_data)(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t* data, size_t len); + /** + * Flush any buffered packets during handshake. + */ + int (*flush_flight)(WOLFSSL* ssl); + /** + * Send a TLS alert that happend during handshake. In QUIC, such alerts + * lead to connection shutdown. + */ + int (*send_alert)(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level, + uint8_t alert); +}; + + +/** + * Mark the given SSL context for QUIC protocol handling. Meaning all + * SSL instances derived from it will inherit this. Provides all callbacks + * to the QUIC application the SSL stack needs. + */ +WOLFSSL_API +int wolfSSL_CTX_set_quic_method(WOLFSSL_CTX* ctx, + const WOLFSSL_QUIC_METHOD* quic_method); +/** + * Mark extactly this SSL instance for QUIC protocol handling. + * Provides all callbacks to the QUIC application the SSL stack needs. + */ +WOLFSSL_API +int wolfSSL_set_quic_method(WOLFSSL* ssl, + const WOLFSSL_QUIC_METHOD* quic_method); + +/** + * Check if QUIC handling has been installed on the given SSL instance. + */ +WOLFSSL_API int wolfSSL_is_quic(WOLFSSL* ssl); + +/** + * Return the current encryption level of the SSL instance for READs. + */ +WOLFSSL_API +WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level(const WOLFSSL* ssl); + +/** + * Return the current encryption level of the SSL instance for WRITEs. + */ +WOLFSSL_API +WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(const WOLFSSL* ssl); + + +/** + * Configure the QUIC transport version to use. On `use_legacy` != 0, + * selects TLSX_KEY_QUIC_TP_PARAMS_DRAFT, otherwise TLSX_KEY_QUIC_TP_PARAMS. + * This method is part of the BoringSSL API and replicated here for app + * portability (as in quictls/openssl). + */ +WOLFSSL_API +void wolfSSL_set_quic_use_legacy_codepoint(WOLFSSL* ssl, int use_legacy); + +/** + * Set the TLS extension for the transport parameter version to announce + * to the peer. Known values are TLSX_KEY_QUIC_TP_PARAMS (V1) and + * TLSX_KEY_QUIC_TP_PARAMS_DRAFT. + * Setting it to 0 will announce both V1 and draft versions to a server. + * Servers will, on 0, select the latest version seen from the client. + * Default is 0. + */ +WOLFSSL_API +void wolfSSL_set_quic_transport_version(WOLFSSL* ssl, int version); + +/** + * Get the configured transport version. + */ +WOLFSSL_API int wolfSSL_get_quic_transport_version(const WOLFSSL* ssl); + +/** + * Set the raw QUIC transport parameter that will be sent in the TLS extension + * to the peer, using the configured transport version(s). + */ +WOLFSSL_API int wolfSSL_set_quic_transport_params(WOLFSSL* ssl, + const uint8_t* params, + size_t params_len); +/** + * Get the raw QUIC transport parameter as retrieved via TLS Extension + * from the peer. If the peer announced several versions, + * return the latest one. + * If the extension has not arrived yet, initializes out parameter to + * NULL, resp. 0. + */ +WOLFSSL_API +void wolfSSL_get_peer_quic_transport_params(const WOLFSSL* ssl, + const uint8_t* *out_params, + size_t* out_params_len); + +/** + * Get the QUIC version negotiated with the peer during the handshake. + */ +WOLFSSL_API int wolfSSL_get_peer_quic_transport_version(const WOLFSSL* ssl); + +#ifdef WOLFSSL_EARLY_DATA +WOLFSSL_API void wolfSSL_set_quic_early_data_enabled(WOLFSSL* ssl, int enabled); +#endif + +/** + * Advisory amount of the maximum data a QUIC protocol handler should have + * in flight. This varies during handshake processing, for example certficate + * exchange will increase the limit. + */ +WOLFSSL_API +size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL* ssl, + WOLFSSL_ENCRYPTION_LEVEL level); + + +/** + * The QUIC protocol handler provides peer TLS records to the SSL instance + * during handshake to progress it. The SSL instance will use the registered + * callbacks to send packets to the peer. + * Encryption level is provided to indicate how to decrypt the data. Data may + * be added for levels not yet reached by the SSL instance. However, data + * may only be added in ever increasing levels and levels may only increase + * at TLS record boundaries. Any violation will make this function fail. + */ +WOLFSSL_API +int wolfSSL_provide_quic_data(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t* data, size_t len); + +WOLFSSL_API +int wolfSSL_quic_do_handshake(WOLFSSL* ssl); + +/** + * Process any CRYPTO data added post-handshake. + */ +WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL* ssl); + +/** + * Process any pending input and flush all output. Can be invoked + * during and/or after handshake processing. + */ +WOLFSSL_API int wolfSSL_quic_read_write(WOLFSSL* ssl); + +/** + * Get the AEAD cipher that is currently selected in the SSL instance. + * Will return NULL if none has been selected so far. This is used by the + * QUIC stack to encrypt/decrypt packets after the handshake. + */ +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl); + +/** + * Use to classify the AEAD cipher for key reuse limits. + */ +WOLFSSL_API int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER* aead_cipher); +WOLFSSL_API int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER* aead_cipher); +WOLFSSL_API +int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER* aead_cipher); + +/** + * Get the 'tag' length used by the AEAD cipher. Encryption buffer lengths + * are plaintext length plus this tag length. + */ +WOLFSSL_API +size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher); + +/** + * The message digest currently selected in the SSL instance. + */ +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_quic_get_md(WOLFSSL* ssl); + +/** + * The QUIC header protection cipher matching the AEAD cipher currently + * selected in the SSL instance. + */ +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_hp(WOLFSSL* ssl); + +/** + * Create and initialize a cipher context for use in en- or decryption. + */ +WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* +wolfSSL_quic_crypt_new(const WOLFSSL_EVP_CIPHER* cipher, + const uint8_t* key, const uint8_t* iv, int encrypt); + +/** + * Use a previously created cipher context to encrypt the given plain text. + */ +WOLFSSL_API +int wolfSSL_quic_aead_encrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* aead_ctx, + const uint8_t* plain, size_t plainlen, + const uint8_t* iv, const uint8_t* aad, + size_t aadlen); +/** + * Use a previously created cipher context to decrypt the given encoded text. + */ +WOLFSSL_API +int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx, + const uint8_t* enc, size_t enclen, + const uint8_t* iv, const uint8_t* aad, + size_t aadlen); + +/** + * Extract a pseudo-random key, using the given message digest, a secret + * and a salt. The key size is the size of the digest. + */ +WOLFSSL_API +int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md, + const uint8_t* secret, size_t secretlen, + const uint8_t* salt, size_t saltlen); +/** + * Expand a pseudo-random key (secret) into a new key, using the mesasge + * digest and the info bytes. + */ +WOLFSSL_API +int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen, + const WOLFSSL_EVP_MD* md, + const uint8_t* secret, size_t secretlen, + const uint8_t* info, size_t infolen); + +/** + * Extract and extpand secret, salt and info into a new key. + */ +WOLFSSL_API +int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen, + const WOLFSSL_EVP_MD* md, + const uint8_t* secret, size_t secretlen, + const uint8_t* salt, size_t saltlen, + const uint8_t* info, size_t infolen); + +#endif /* WOLFSSL_QUIC */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_QUIC_H */ diff --git a/source/libs/libwolfssl/sniffer.h b/source/libs/libwolfssl/sniffer.h index beb3601a..afb0ab6b 100644 --- a/source/libs/libwolfssl/sniffer.h +++ b/source/libs/libwolfssl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,11 @@ #include #include +#ifdef HAVE_WOLF_EVENT + #include +#endif + + #ifdef _WIN32 #ifdef SSL_SNIFFER_EXPORTS #define SSL_SNIFFER_API __declspec(dllexport) @@ -42,6 +47,22 @@ extern "C" { #endif + +typedef struct IpAddrInfo { + int version; + union { + word32 ip4; + byte ip6[16]; + }; +} IpAddrInfo; + +typedef struct SnifferStreamInfo { + IpAddrInfo src; /* server address in network byte order */ + IpAddrInfo dst; /* client address in network byte order */ + word16 dstPort; /* server port */ + word16 srcPort; /* client port */ +} SnifferStreamInfo; + /* @param typeK: (formerly keyType) was shadowing a global declaration in * wolfssl/wolfcrypt/asn.h line 175 */ @@ -52,8 +73,8 @@ SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port, WOLFSSL_API SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port, - const char* keyBuf, int keySz, - int typeK, const char* password, + const char* keyBuf, int keySz, + int typeK, const char* password, char* error); @@ -66,31 +87,31 @@ SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, WOLFSSL_API SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name, const char* address, int port, - const char* keyBuf, int keySz, - int typeK, const char* password, + const char* keyBuf, int keySz, + int typeK, const char* password, char* error); -WOLFSSL_API -SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port, - const char* keyFile, int typeKey, +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port, + const char* keyFile, int typeKey, const char* password, char* error); -WOLFSSL_API -SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port, - const char* keyBuf, int keySz, int typeKey, +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port, + const char* keyBuf, int keySz, int typeKey, const char* password, char* error); -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_SetNamedEphemeralKey(const char* name, const char* address, int port, const char* keyFile, int typeKey, const char* password, char* error); -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_SetNamedEphemeralKeyBuffer(const char* name, const char* address, int port, - const char* keyBuf, int keySz, int typeKey, + const char* keyBuf, int keySz, int typeKey, const char* password, char* error); WOLFSSL_API @@ -119,9 +140,15 @@ SSL_SNIFFER_API int ssl_GetSessionStats(unsigned int* active, unsigned int* reassemblyMemory, char* error); -WOLFSSL_API void ssl_InitSniffer(void); +WOLFSSL_API +SSL_SNIFFER_API void ssl_InitSniffer(void); +WOLFSSL_API +SSL_SNIFFER_API void ssl_InitSniffer_ex(int devId); +WOLFSSL_API +SSL_SNIFFER_API void ssl_InitSniffer_ex2(int threadNum); -WOLFSSL_API void ssl_FreeSniffer(void); +WOLFSSL_API +SSL_SNIFFER_API void ssl_FreeSniffer(void); /* ssl_SetPrivateKey typeKs */ @@ -167,47 +194,46 @@ SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx); typedef struct SSLStats { - unsigned long int sslStandardConns; - unsigned long int sslClientAuthConns; - unsigned long int sslResumedConns; - unsigned long int sslEphemeralMisses; - unsigned long int sslResumeMisses; - unsigned long int sslCiphersUnsupported; - unsigned long int sslKeysUnmatched; - unsigned long int sslKeyFails; - unsigned long int sslDecodeFails; - unsigned long int sslAlerts; - unsigned long int sslDecryptedBytes; - unsigned long int sslEncryptedBytes; - unsigned long int sslEncryptedPackets; - unsigned long int sslDecryptedPackets; - unsigned long int sslKeyMatches; - unsigned long int sslEncryptedConns; - unsigned long int sslResumptionInserts; + unsigned long int sslStandardConns; /* server_hello count not including resumed sessions */ + unsigned long int sslClientAuthConns; /* client's who have presented certificates (mutual authentication) */ + unsigned long int sslResumedConns; /* resumed connections */ + unsigned long int sslEphemeralMisses; /* TLS v1.2 and older PFS / ephemeral connections missed (not able to decrypt) */ + unsigned long int sslResumeMisses; /* Resumption sessions not found */ + unsigned long int sslCiphersUnsupported; /* No cipher suite match found when compared to supported */ + unsigned long int sslKeysUnmatched; /* Key callback failures (not found). Applies to WOLFSSL_SNIFFER_WATCH only */ + unsigned long int sslKeyFails; /* Failures loading or using keys */ + unsigned long int sslDecodeFails; /* Dropped packets (not application_data or match protocol version) */ + unsigned long int sslAlerts; /* Number of decoded alert messages */ + unsigned long int sslDecryptedBytes; /* Number of decrypted bytes */ + unsigned long int sslEncryptedBytes; /* Number of encrypted bytes */ + unsigned long int sslEncryptedPackets; /* Number of encrypted packets */ + unsigned long int sslDecryptedPackets; /* Number of decrypted packets */ + unsigned long int sslKeyMatches; /* Key callback successes (failures tracked in sslKeysUnmatched). Applies to WOLFSSL_SNIFFER_WATCH only. */ + unsigned long int sslEncryptedConns; /* Number of created sniffer sessions */ + unsigned long int sslResumptionInserts; /* Number of sessions reused with resumption */ } SSLStats; - WOLFSSL_API SSL_SNIFFER_API int ssl_ResetStatistics(void); - WOLFSSL_API SSL_SNIFFER_API int ssl_ReadStatistics(SSLStats* stats); - WOLFSSL_API SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats); + +#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_TLS13) +/* macro indicating support for key callback */ +#undef WOLFSSL_SNIFFER_KEY_CALLBACK +#define WOLFSSL_SNIFFER_KEY_CALLBACK + typedef int (*SSLKeyCb)(void* vSniffer, int namedGroup, const unsigned char* srvPub, unsigned int srvPubSz, const unsigned char* cliPub, unsigned int cliPubSz, DerBuffer* privKey, void* cbCtx, char* error); -#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(WOLFSSL_TLS13) -/* macro indicating support for key callback */ -#undef WOLFSSL_SNIFFER_KEY_CALLBACK -#define WOLFSSL_SNIFFER_KEY_CALLBACK -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_SetKeyCallback(SSLKeyCb cb, void* cbCtx); #endif @@ -270,6 +296,24 @@ SSL_SNIFFER_API int ssl_DecodePacketWithChainSessionInfoStoreData( char* error); #endif +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacket_GetStream(SnifferStreamInfo* info, + const byte* packet, int length, char* error); + +#ifdef WOLFSSL_ASYNC_CRYPT + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketAsync(void* packet, unsigned int packetSz, + int isChain, unsigned char** data, char* error, SSLInfo* sslInfo, + void* userCtx); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_PollSniffer(WOLF_EVENT** events, int maxEvents, + WOLF_EVENT_FLAG flags, int* eventCount); + +#endif /* WOLFSSL_ASYNC_CRYPT */ + + #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/sniffer_error.h b/source/libs/libwolfssl/sniffer_error.h index a0788f9b..37c55f37 100644 --- a/source/libs/libwolfssl/sniffer_error.h +++ b/source/libs/libwolfssl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -138,6 +138,10 @@ #define CHAIN_INPUT_STR 93 #define GOT_ENC_EXT_STR 94 #define GOT_HELLO_RETRY_REQ_STR 95 + +#define SNIFFER_KEY_SETUP_STR 96 +#define UNSUPPORTED_TLS_VER_STR 97 +#define KEY_MISMATCH_STR 98 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/source/libs/libwolfssl/ssl.h b/source/libs/libwolfssl/ssl.h index dc90ffc6..85953dd3 100644 --- a/source/libs/libwolfssl/ssl.h +++ b/source/libs/libwolfssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,10 +32,14 @@ /* for users not using preprocessor flags*/ #include #include -#include #include -#include +#include +#include #include +#include + +/* For the types */ +#include #ifdef HAVE_WOLF_EVENT #include @@ -76,19 +80,18 @@ #include #include #include - #endif - - /* make sure old names are disabled */ - #ifndef NO_OLD_SSL_NAMES - #define NO_OLD_SSL_NAMES - #endif - #ifndef NO_OLD_WC_NAMES - #define NO_OLD_WC_NAMES + #include #endif #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #include - #include + #include + #ifndef WOLFCRYPT_ONLY + #include + #endif + #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + #include + #endif /* We need the old SSL names */ #ifdef NO_OLD_SSL_NAMES @@ -103,6 +106,13 @@ extern "C" { #endif + +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) +#ifndef WOLFSSL_LOCAL_X509_STORE +#define WOLFSSL_LOCAL_X509_STORE +#endif +#endif + /* LHASH is implemented as a stack */ typedef struct WOLFSSL_STACK WOLFSSL_LHASH; #ifndef WOLF_LHASH_OF @@ -197,6 +207,7 @@ typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; +typedef struct WOLFSSL_OBJ_NAME WOLFSSL_OBJ_NAME; typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; @@ -212,11 +223,17 @@ typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME; typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID; typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION; +typedef struct WOLFSSL_DIST_POINT_NAME WOLFSSL_DIST_POINT_NAME; +typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT; typedef struct WOLFSSL_CONF_CTX WOLFSSL_CONF_CTX; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +struct WOLFSSL_OBJ_NAME { + int type; +}; + struct WOLFSSL_AUTHORITY_KEYID { WOLFSSL_ASN1_STRING *keyid; WOLFSSL_ASN1_OBJECT *issuer; @@ -237,6 +254,7 @@ struct WOLFSSL_ASN1_STRING { char strData[CTC_NAME_SIZE]; int length; int type; /* type of string i.e. CTC_UTF8 */ + int nid; char* data; long flags; unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ @@ -274,6 +292,22 @@ struct WOLFSSL_GENERAL_NAME { } d; /* dereference */ }; +struct WOLFSSL_DIST_POINT_NAME { + int type; + + /* name 'name.fullname' needs to remain the same, in some ports the elements + * of the structure are accessed directly */ + union { + WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* fullname; + } name; +}; + +struct WOLFSSL_DIST_POINT { + /* name 'distpoint' needs to remain the same, in some ports the elements of + * the structure are accessed directly */ + WOLFSSL_DIST_POINT_NAME* distpoint; +}; + struct WOLFSSL_ACCESS_DESCRIPTION { WOLFSSL_ASN1_OBJECT* method; WOLFSSL_GENERAL_NAME* location; @@ -292,7 +326,8 @@ struct WOLFSSL_ASN1_OBJECT { int grp; /* type of OID, i.e. oidCertPolicyType */ int nid; unsigned int objSz; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_APACHE_HTTPD) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ + defined(WOLFSSL_APACHE_HTTPD) int ca; WOLFSSL_ASN1_INTEGER *pathlen; #endif @@ -303,7 +338,7 @@ struct WOLFSSL_ASN1_OBJECT { WOLFSSL_GENERAL_NAME* gn; #endif - struct d { /* derefrenced */ + struct d { /* dereferenced */ WOLFSSL_ASN1_STRING* dNSName; WOLFSSL_ASN1_STRING ia5_internal; WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */ @@ -348,10 +383,12 @@ struct WOLFSSL_EVP_PKEY { int save_type; /* openssh dereference */ int pkey_sz; int references; /*number of times free should be called for complete free*/ +#ifndef SINGLE_THREADED wolfSSL_Mutex refMutex; /* ref count mutex */ +#endif union { - char* ptr; /* der format of key / or raw for NTRU */ + char* ptr; /* der format of key */ } pkey; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #ifndef NO_RSA @@ -367,6 +404,19 @@ struct WOLFSSL_EVP_PKEY { WOLFSSL_DH* dh; #endif WC_RNG rng; + #ifdef HAVE_HKDF + const WOLFSSL_EVP_MD* hkdfMd; + byte* hkdfSalt; + word32 hkdfSaltSz; + byte* hkdfKey; + word32 hkdfKeySz; + byte* hkdfInfo; + word32 hkdfInfoSz; + int hkdfMode; + #endif + #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + WOLFSSL_CMAC_CTX* cmacCtx; + #endif #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_ECC int pkey_curve; @@ -379,13 +429,6 @@ struct WOLFSSL_EVP_PKEY { byte ownDsa:1; /* if struct owns DSA and should free it */ byte ownRsa:1; /* if struct owns RSA and should free it */ }; -typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; -#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ -typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; -typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; -typedef char WOLFSSL_EVP_MD; -#define WOLFSSL_EVP_TYPE_DEFINED -#endif struct WOLFSSL_X509_PKEY { WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */ @@ -421,8 +464,8 @@ struct WOLFSSL_X509_PUBKEY { int pubKeyOID; }; - enum BIO_TYPE { + WOLFSSL_BIO_UNDEF = 0, WOLFSSL_BIO_BUFFER = 1, WOLFSSL_BIO_SOCKET = 2, WOLFSSL_BIO_SSL = 3, @@ -499,7 +542,7 @@ struct WOLFSSL_BIO { void* heap; /* user heap hint */ void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ void* usrCtx; /* user set pointer */ - const char* ip; /* IP address for wolfIO_TcpConnect */ + char* ip; /* IP address for wolfIO_TcpConnect */ word16 port; /* Port for wolfIO_TcpConnect */ char* infoArg; /* BIO callback argument */ wolf_bio_info_cb infoCb; /* BIO callback */ @@ -516,6 +559,12 @@ struct WOLFSSL_BIO { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + #ifndef SINGLE_THREADED + wolfSSL_Mutex refMutex; /* ref count mutex */ + #endif + int refCount; /* reference count */ +#endif }; typedef struct WOLFSSL_COMP_METHOD { @@ -547,7 +596,8 @@ struct WOLFSSL_X509_STORE { int cache; /* stunnel dereference */ WOLFSSL_CERT_MANAGER* cm; WOLFSSL_X509_LOOKUP lookup; -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL) int isDynamic; WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ #endif @@ -560,19 +610,19 @@ struct WOLFSSL_X509_STORE { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL) +#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL) WOLFSSL_X509_CRL *crl; /* points to cm->crl */ #endif +#ifndef SINGLE_THREADED + wolfSSL_Mutex refMutex; /* reference count mutex */ +#endif + int refCount; /* reference count */ }; -#define WOLFSSL_NO_WILDCARDS 0x4 - -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME) - #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ - #define WOLFSSL_IP4_ADDR_LEN 4 - #define WOLFSSL_IP6_ADDR_LEN 16 -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 +#define WOLFSSL_NO_WILDCARDS 0x2 +#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 @@ -585,6 +635,10 @@ struct WOLFSSL_X509_STORE { #define WOLFSSL_VPARAM_LOCKED 0x8 #define WOLFSSL_VPARAM_ONCE 0x10 +#ifndef WOLFSSL_MAX_IPSTR + #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ +#endif + struct WOLFSSL_X509_VERIFY_PARAM { time_t check_time; unsigned int inherit_flags; @@ -643,7 +697,7 @@ struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ #endif char* domain; /* subject CN domain name */ -#if defined(HAVE_EX_DATA) || defined(FORTRESS) +#ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */ #endif #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA) @@ -697,6 +751,7 @@ enum AlertDescription { certificate_unknown = 46, illegal_parameter = 47, unknown_ca = 48, + access_denied = 49, decode_error = 50, decrypt_error = 51, #ifdef WOLFSSL_MYSQL_COMPATIBLE @@ -705,7 +760,10 @@ enum AlertDescription { #else protocol_version = 70, #endif + insufficient_security = 71, + internal_error = 80, inappropriate_fallback = 86, + user_canceled = 90, no_renegotiation = 100, missing_extension = 109, unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */ @@ -716,8 +774,14 @@ enum AlertDescription { no_application_protocol = 120 }; +#ifdef WOLFSSL_MYSQL_COMPATIBLE +#define wolfssl_alert_protocol_version wc_protocol_version +#else +#define wolfssl_alert_protocol_version protocol_version +#endif enum AlertLevel { + alert_none = 0, /* Used to indicate no alert level is set */ alert_warning = 1, alert_fatal = 2 }; @@ -730,7 +794,7 @@ enum SNICbReturn { /* WS_RETURN_CODE macro * Some OpenSSL APIs specify "0" as the return value when an error occurs. - * However, some corresponding wolfSSL APIs return negative values. Such + * However, some corresponding wolfSSL APIs return negative values. Such * functions should use this macro to fill this gap. Users who want them * to return the same return value as OpenSSL can define * WOLFSSL_ERR_CODE_OPENSSL. @@ -746,7 +810,7 @@ enum SNICbReturn { */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) #define WS_RETURN_CODE(item1,item2) \ - ((item1 < 0) ? item2 : item1) + (((item1) < 0) ? (int)(item2) : (int)(item1)) #else #define WS_RETURN_CODE(item1,item2) (item1) #endif @@ -754,7 +818,11 @@ enum SNICbReturn { /* Maximum master key length (SECRET_LEN) */ #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 /* Maximum number of groups that can be set */ +#ifdef HAVE_PQC +#define WOLFSSL_MAX_GROUP_COUNT 36 +#else #define WOLFSSL_MAX_GROUP_COUNT 10 +#endif #if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13) enum Tls13Secret { @@ -768,85 +836,172 @@ enum Tls13Secret { }; #endif +#ifndef WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS +#define WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS 10 +#endif typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); -/* CTX Method EX Constructor Functions */ -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); +/* CTX Method Constructor Functions */ + +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void); +#endif +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); +#endif + +#ifndef NO_OLD_TLS + +#ifdef OPENSSL_EXTRA +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); +#endif +#endif /* OPENSSL_EXTRA */ + +#ifdef WOLFSSL_ALLOW_SSLV3 + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); +#endif +#endif /* WOLFSSL_ALLOW_SSLV3 */ + +#ifdef WOLFSSL_ALLOW_TLSV10 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); +#endif +#endif /* WOLFSSL_ALLOW_TLSV10 */ + + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); +#endif + +#endif /* NO_OLD_TLS */ + +#ifndef WOLFSSL_NO_TLS12 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); +#endif +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); -#endif - -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); - -#ifdef WOLFSSL_DTLS - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); -#endif - -/* CTX Method Constructor Functions */ -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); -#ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); - WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); #endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); +#endif +#endif /* WOLFSSL_TLS13 */ #ifdef WOLFSSL_DTLS + + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void); #endif +#ifndef NO_OLD_TLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); +#endif +#endif /* !NO_OLD_TLS */ + +#ifndef WOLFSSL_NO_TLS12 + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); +#endif +#endif /* !WOLFSSL_NO_TLS12 */ + +#ifdef WOLFSSL_DTLS13 +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void); +#endif + WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); +#endif /* WOLFSSL_DTLS13 */ + +#endif /* WOLFSSL_DTLS */ + #ifdef HAVE_POLY1305 - WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int); + WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL* ssl, int value); #endif #ifdef WOLFSSL_SESSION_EXPORT +WOLFSSL_API int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, + unsigned int sz); +WOLFSSL_API int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf, + unsigned int* sz); + #ifdef WOLFSSL_DTLS #ifndef WOLFSSL_DTLS_EXPORT_TYPES @@ -885,10 +1040,10 @@ WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, - const char*, int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, - const char*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file( + WOLFSSL_CTX* ctx, const char* file, int format); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file( + WOLFSSL_CTX* ctx, const char* file, int format); #endif @@ -916,87 +1071,95 @@ WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) -WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, - const char*, unsigned int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, - const char*, const char*); +WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex( + WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( + WOLFSSL_CTX* ctx, const char* file, const char* path); +#ifndef _WIN32 +WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); +#endif /* !_WIN32 */ +WOLFSSL_API int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx); #ifdef WOLFSSL_TRUST_PEER_CERT -WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); +WOLFSSL_API int wolfSSL_CTX_trust_peer_cert( + WOLFSSL_CTX* ctx, const char* file, int type); +WOLFSSL_API int wolfSSL_trust_peer_cert( + WOLFSSL* ssl, const char* file, int type); #endif WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file( - WOLFSSL_CTX*, const char*); -WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, - const char *file, int format); -WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); + WOLFSSL_CTX* ctx, const char* file); +WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format( + WOLFSSL_CTX* ctx, const char* file, int format); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file( + WOLFSSL_CTX* ctx,const char* file, int format); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, - int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, - int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, - const char*); -WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, - const char *file, int format); -WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file( + WOLFSSL* ssl, const char* file, int format); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file( + WOLFSSL* ssl, const char* file, int format); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_chain_file( + WOLFSSL* ssl, const char* file); +WOLFSSL_API int wolfSSL_use_certificate_chain_file_format( + WOLFSSL* ssl, const char* file, int format); +WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file( + WOLFSSL* ssl, const char* file, int format); #ifdef WOLFSSL_DER_LOAD - WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*, - const char*, int); + WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations( + WOLFSSL_CTX* ctx, const char* file, int format); #endif - -#ifdef HAVE_NTRU - WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*); - /* load NTRU private key blob */ -#endif - #endif /* !NO_FILESYSTEM && !NO_CERTS */ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method); +WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx); #ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff); WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx, const char* list); WOLFSSL_API int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list); #endif -WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx); WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm); -WOLFSSL_API int wolfSSL_is_server(WOLFSSL*); -WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); -WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int); -WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int); +WOLFSSL_API int wolfSSL_is_server(WOLFSSL* ssl); +WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd(WOLFSSL* ssl, int fd); +#ifdef WOLFSSL_DTLS +WOLFSSL_API int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd); +#endif +WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL* ssl, int fd); +WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL* ssl, int fd); WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); -WOLFSSL_API int wolfSSL_get_ciphers(char*, int); -WOLFSSL_API int wolfSSL_get_ciphers_iana(char*, int); +WOLFSSL_API int wolfSSL_get_ciphers(char* buf, int len); +WOLFSSL_API int wolfSSL_get_ciphers_iana(char* buf, int len); WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); -WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, - const unsigned char); +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite( + unsigned char cipherSuite0, unsigned char cipherSuite); WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite( - const unsigned char, const unsigned char); + unsigned char cipherSuite0, unsigned char cipherSuite); WOLFSSL_API int wolfSSL_get_cipher_suite_from_name(const char* name, - byte* cipherSuite0, byte* cipherSuite, int* flags); + unsigned char* cipherSuite0, unsigned char* cipherSuite, int *flags); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); +WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL* ssl); /* please see note at top of README if you get an error from connect */ -WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); -WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_write( + WOLFSSL* ssl, const void* data, int sz); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL* ssl, void* data, int sz); +WOLFSSL_API int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req); WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); #ifdef WOLFSSL_TLS13 WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, unsigned int secretSz); +WOLFSSL_API int wolfSSL_disable_hrr_cookie(WOLFSSL * ssl); WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx); @@ -1021,8 +1184,8 @@ WOLFSSL_API int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups, WOLFSSL_API int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count); #endif -WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*); -WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); +WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL* ssl); #ifdef WOLFSSL_EARLY_DATA @@ -1033,35 +1196,40 @@ WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx, unsigned int sz); WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz); +WOLFSSL_API int wolfSSL_CTX_get_max_early_data(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_get_max_early_data(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz); WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz); WOLFSSL_API int wolfSSL_get_early_data_status(const WOLFSSL* ssl); +#ifdef OPENSSL_EXTRA +WOLFSSL_API unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s); +#endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_EARLY_DATA */ #endif /* WOLFSSL_TLS13 */ -WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); -WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); -WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags); -WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX* ctx); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags); +WOLFSSL_API int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags); -WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int); -WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); +WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode); +WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL* ssl, int ret); +WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); -WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); -WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); -WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session); +WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm); +WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int len, int newSession); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) -WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, - WOLFSSL_BIO**, size_t); +WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1, + WOLFSSL_BIO** bio2_p, size_t writebuf2); WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, @@ -1071,11 +1239,11 @@ WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen); -WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**); -WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*, - int, const unsigned char*); -WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_RSA** out); +WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX* ctx, + int derSz, const unsigned char* der); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** pkey); #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ #ifdef SESSION_INDEX @@ -1090,28 +1258,42 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session); #endif /* SESSION_INDEX && SESSION_CERTS */ typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); -typedef void (CallbackInfoState)(const WOLFSSL*, int, int); +typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int); /* class index for wolfSSL_CRYPTO_get_ex_new_index */ -#define CRYPTO_EX_INDEX_SSL 0 -#define CRYPTO_EX_INDEX_SSL_CTX 1 -#define CRYPTO_EX_INDEX_SSL_SESSION 2 -#define CRYPTO_EX_INDEX_X509 3 -#define CRYPTO_EX_INDEX_X509_STORE 4 -#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -#define CRYPTO_EX_INDEX_DH 6 -#define CRYPTO_EX_INDEX_DSA 7 -#define CRYPTO_EX_INDEX_EC_KEY 8 -#define CRYPTO_EX_INDEX_RSA 9 -#define CRYPTO_EX_INDEX_ENGINE 10 -#define CRYPTO_EX_INDEX_UI 11 -#define CRYPTO_EX_INDEX_BIO 12 -#define CRYPTO_EX_INDEX_APP 13 -#define CRYPTO_EX_INDEX_UI_METHOD 14 -#define CRYPTO_EX_INDEX_DRBG 15 -#define CRYPTO_EX_INDEX__COUNT 16 +#define WOLF_CRYPTO_EX_INDEX_SSL 0 +#define WOLF_CRYPTO_EX_INDEX_SSL_CTX 1 +#define WOLF_CRYPTO_EX_INDEX_SSL_SESSION 2 +#define WOLF_CRYPTO_EX_INDEX_X509 3 +#define WOLF_CRYPTO_EX_INDEX_X509_STORE 4 +#define WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX 5 +#define WOLF_CRYPTO_EX_INDEX_DH 6 +#define WOLF_CRYPTO_EX_INDEX_DSA 7 +#define WOLF_CRYPTO_EX_INDEX_EC_KEY 8 +#define WOLF_CRYPTO_EX_INDEX_RSA 9 +#define WOLF_CRYPTO_EX_INDEX_ENGINE 10 +#define WOLF_CRYPTO_EX_INDEX_UI 11 +#define WOLF_CRYPTO_EX_INDEX_BIO 12 +#define WOLF_CRYPTO_EX_INDEX_APP 13 +#define WOLF_CRYPTO_EX_INDEX_UI_METHOD 14 +#define WOLF_CRYPTO_EX_INDEX_DRBG 15 +#define WOLF_CRYPTO_EX_INDEX__COUNT 16 + +#ifdef HAVE_EX_DATA +/* Helper macro to log that input arguments should not be used */ +#define WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(a1, a2, a3, a4, a5) \ + (void)(a1); \ + (void)(a2); \ + (void)(a3); \ + (void)(a4); \ + (void)(a5); \ + do { \ + if ((a3) != NULL || (a4) != NULL || (a5) != NULL) { \ + WOLFSSL_MSG("get_ex_new_index API does not support " \ + "new, dup, or free callbacks"); \ + } \ + } while(0) -#if defined(HAVE_EX_DATA) || defined(FORTRESS) typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr, WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out, @@ -1125,7 +1307,7 @@ WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg, #endif -WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback verify_callback); #ifdef OPENSSL_ALL @@ -1134,54 +1316,60 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, CertVerifyCallback cb, void* arg); #endif -WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); -WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long); +WOLFSSL_API void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback); +WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL* ssl, long v); #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) -WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*); -WOLFSSL_API int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int); -WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val); +WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val); #endif -WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); +WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_has_pending(const WOLFSSL* ssl); WOLFSSL_API void wolfSSL_load_error_strings(void); WOLFSSL_API int wolfSSL_library_init(void); -WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, - long); +WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, + long mode); #ifdef HAVE_SECRET_CALLBACK typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz, void* ctx); -WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, +WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb, void*); #ifdef WOLFSSL_TLS13 typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret, int secretSz, void* ctx); -WOLFSSL_API int wolfSSL_set_tls13_secret_cb(WOLFSSL*, Tls13SecretCb, void*); +WOLFSSL_API int wolfSSL_set_tls13_secret_cb(WOLFSSL* ssl, Tls13SecretCb, void*); #endif #endif /* HAVE_SECRET_CALLBACK */ /* session cache persistence */ -WOLFSSL_API int wolfSSL_save_session_cache(const char*); -WOLFSSL_API int wolfSSL_restore_session_cache(const char*); -WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int); -WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int); +WOLFSSL_API int wolfSSL_save_session_cache(const char* fname); +WOLFSSL_API int wolfSSL_restore_session_cache(const char* fname); +WOLFSSL_API int wolfSSL_memsave_session_cache(void* mem, int sz); +WOLFSSL_API int wolfSSL_memrestore_session_cache(const void* mem, int sz); WOLFSSL_API int wolfSSL_get_session_cache_memsize(void); /* certificate cache persistence, uses ctx since certs are per ctx */ -WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*); -WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*); -WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*); -WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int); -WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname); +WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname); +WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used); +WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz); +WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx); /* only supports full name from cipher_name[] delimited by : */ -WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); -WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); +WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list); +WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list); + +/* supports 2 byte code from cipher_name[] */ +WOLFSSL_API int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list, const int listSz); +WOLFSSL_API int wolfSSL_set_cipher_list_bytes(WOLFSSL* ssl, const byte* list, const int listSz); #ifdef HAVE_KEYING_MATERIAL /* Keying Material Exporter for TLS */ @@ -1224,61 +1412,99 @@ WOLFSSL_API int wolfSSL_set_ConnectFilter( #endif /* WOLFSSL_WOLFSENTRY_HOOKS */ /* Nonblocking DTLS helper functions */ -WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock); +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl); #define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock #define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_dtls13_use_quick_timeout(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_dtls13_set_send_more_acks(WOLFSSL* ssl, int value); WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, WOLFSSL_TIMEVAL* timeleft); WOLFSSL_API void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, word32 duration_ms); WOLFSSL_API int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); -WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); +WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout); +WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout); WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_dtls_retransmit(WOLFSSL*); +WOLFSSL_API int wolfSSL_dtls_retransmit(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); -WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); +WOLFSSL_API void* wolfSSL_dtls_create_peer(int port, char* ip); +WOLFSSL_API int wolfSSL_dtls_free_peer(void* addr); -WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*); -WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*); -WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short); -WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short); +WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); +WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); -WOLFSSL_API int wolfSSL_dtls_get_drop_stats(WOLFSSL*, +WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short); + +#ifdef WOLFSSL_SRTP + +/* SRTP Profile ID's from RFC 5764 and RFC 7714 */ +/* For WebRTC support for profile SRTP_AES128_CM_SHA1_80 is required per + * draft-ietf-rtcweb-security-arch) */ +#define SRTP_AES128_CM_SHA1_80 0x0001 +#define SRTP_AES128_CM_SHA1_32 0x0002 +#define SRTP_AES128_F8_SHA1_80 0x0003 /* not supported */ +#define SRTP_AES128_F8_SHA1_32 0x0004 /* not supported */ +#define SRTP_NULL_SHA1_80 0x0005 +#define SRTP_NULL_SHA1_32 0x0006 +#define SRTP_AEAD_AES_128_GCM 0x0007 +#define SRTP_AEAD_AES_256_GCM 0x0008 + +typedef struct WOLFSSL_SRTP_PROTECTION_PROFILE { + const char* name; + unsigned long id; + int kdfBits; +} WOLFSSL_SRTP_PROTECTION_PROFILE; + +/* Compatibility API's for SRTP */ +WOLFSSL_API int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char*); +WOLFSSL_API int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char*); +WOLFSSL_API const WOLFSSL_SRTP_PROTECTION_PROFILE* + wolfSSL_get_selected_srtp_profile(WOLFSSL* ssl); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_SRTP_PROTECTION_PROFILE)* + wolfSSL_get_srtp_profiles(WOLFSSL* ssl); + +/* Non standard API for getting the SRTP session keys using KDF */ +WOLFSSL_API int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl, + unsigned char*, size_t*); +#endif /* WOLFSSL_SRTP */ + +WOLFSSL_API int wolfSSL_dtls_get_drop_stats(WOLFSSL* ssl, unsigned int*, unsigned int*); -WOLFSSL_API int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned short); -WOLFSSL_API int wolfSSL_set_secret(WOLFSSL*, unsigned short, - const unsigned char*, unsigned int, - const unsigned char*, const unsigned char*, - const unsigned char*); -WOLFSSL_API int wolfSSL_mcast_read(WOLFSSL*, unsigned short*, void*, int); -WOLFSSL_API int wolfSSL_mcast_peer_add(WOLFSSL*, unsigned short, int); -WOLFSSL_API int wolfSSL_mcast_peer_known(WOLFSSL*, unsigned short); +WOLFSSL_API int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, unsigned short id); +WOLFSSL_API int wolfSSL_set_secret(WOLFSSL* ssl, unsigned short epoch, + const unsigned char* preMasterSecret, unsigned int preMasterSz, + const unsigned char* clientRandom, const unsigned char* serverRandom, + const unsigned char* suite); +WOLFSSL_API int wolfSSL_mcast_read(WOLFSSL* ssl, unsigned short* id, void* data, int sz); +WOLFSSL_API int wolfSSL_mcast_peer_add(WOLFSSL* ssl, unsigned short peerId, int sub); +WOLFSSL_API int wolfSSL_mcast_peer_known(WOLFSSL* ssl, unsigned short peerId); WOLFSSL_API int wolfSSL_mcast_get_max_peers(void); typedef int (*CallbackMcastHighwater)(unsigned short peerId, unsigned int maxSeq, unsigned int curSeq, void* ctx); -WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*, - unsigned int, - unsigned int, - unsigned int, - CallbackMcastHighwater); -WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*); +WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX* ctx, + unsigned int maxSeq, + unsigned int first, + unsigned int second, + CallbackMcastHighwater cb); +WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx); WOLFSSL_API int wolfSSL_ERR_GET_LIB(unsigned long err); WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); -WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); +WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long errNumber,char* data); WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long sz); -WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long); -WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long); -WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long); +WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long e); +WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e); +WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e); /* extras */ @@ -1290,25 +1516,40 @@ WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); -#if defined(HAVE_OCSP) -#include "wolfssl/ocsp.h" +#if defined(HAVE_OCSP) || defined(HAVE_CRL) #include "wolfssl/wolfcrypt/asn.h" #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push( WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk, - WOLFSSL_ACCESS_DESCRIPTION* access); -#endif /* defined(OPENSSL_ALL) || defined(WOLFSSL_QT) */ + WOLFSSL_ACCESS_DESCRIPTION* a); +#endif /* defined(OPENSSL_ALL) || OPENSSL_EXTRA || defined(WOLFSSL_QT) */ typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES; +typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS; WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509); -WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); -WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); +WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509)* sk); +WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk); + +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void); +WOLFSSL_API void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, + void (*f) (WOLFSSL_X509_CRL*)); +WOLFSSL_API void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk); +WOLFSSL_API int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, + WOLFSSL_X509_CRL* crl); +WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value( + WOLF_STACK_OF(WOLFSSL_X509)* sk, int i); +WOLFSSL_API int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk); + WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void); WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn); +WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup( + WOLFSSL_GENERAL_NAME* gn); +WOLFSSL_API int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, + int typ); WOLFSSL_API WOLFSSL_GENERAL_NAMES* wolfSSL_GENERAL_NAMES_dup( WOLFSSL_GENERAL_NAMES* gns); WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk, @@ -1320,15 +1561,33 @@ WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, void (*f) (WOLFSSL_GENERAL_NAME*)); WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name); +WOLFSSL_API int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, + WOLFSSL_GENERAL_NAME* name); + +WOLFSSL_API WOLFSSL_DIST_POINT* wolfSSL_DIST_POINT_new(void); +WOLFSSL_API void wolfSSL_DIST_POINT_free(WOLFSSL_DIST_POINT* dp); +WOLFSSL_API int wolfSSL_sk_DIST_POINT_push(WOLFSSL_DIST_POINTS* sk, + WOLFSSL_DIST_POINT* dp); +WOLFSSL_API WOLFSSL_DIST_POINT* wolfSSL_sk_DIST_POINT_value( + WOLFSSL_STACK* sk, int i); +WOLFSSL_API int wolfSSL_sk_DIST_POINT_num(WOLFSSL_STACK* sk); +WOLFSSL_API void wolfSSL_sk_DIST_POINT_pop_free(WOLFSSL_STACK* sk, + void (*f) (WOLFSSL_DIST_POINT*)); +WOLFSSL_API void wolfSSL_sk_DIST_POINT_free(WOLFSSL_STACK* sk); +WOLFSSL_API void wolfSSL_DIST_POINTS_free(WOLFSSL_DIST_POINTS* dp); + WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_free( WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk); +WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_pop_free( + WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk, + void (*f) (WOLFSSL_ACCESS_DESCRIPTION*)); WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value( WOLFSSL_STACK* sk, int idx); WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk, void (*f) (WOLFSSL_ACCESS_DESCRIPTION*)); -WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access); +WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a); WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, void (*f) (WOLFSSL_X509_EXTENSION*)); @@ -1350,7 +1609,7 @@ WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); -WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); +WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup( WOLFSSL* ssl, @@ -1358,38 +1617,46 @@ WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup( void* data, wolfSSL_ex_data_cleanup_routine_t cleanup_routine); #endif -WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); -WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int); -WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, - unsigned int); -WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); -WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); -WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); +WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd); +WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd); +WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt); +WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, + unsigned int len); +WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_session_reused(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); -WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, +WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, + WOLFSSL_SESSION* session); +WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); +WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL* ssl); -WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*); +WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); -WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); -WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl); +WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len); WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); -WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); -WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); +WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session); +WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); - /* what's ref count */ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x); #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); @@ -1401,28 +1668,25 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl); -WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); -WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); -WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); - +#ifndef NO_BIO #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(const WOLFSSL_BIO_METHOD*); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(const WOLFSSL_BIO_METHOD* method); #else WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*); #endif -WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*); -WOLFSSL_API void wolfSSL_BIO_vfree(WOLFSSL_BIO*); -WOLFSSL_API void wolfSSL_BIO_free_all(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO* bio); +WOLFSSL_API void wolfSSL_BIO_vfree(WOLFSSL_BIO* bio); +WOLFSSL_API void wolfSSL_BIO_free_all(WOLFSSL_BIO* bio); WOLFSSL_API int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz); WOLFSSL_API int wolfSSL_BIO_puts(WOLFSSL_BIO* bio, const char* buf); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_find_type(WOLFSSL_BIO* bio, int type); -WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int); -WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int); -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append); -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*); -WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*); -WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len); +WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* bio); +WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO* bio); +WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO* bio); WOLFSSL_API void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio, wolf_bio_info_cb callback_func); WOLFSSL_API wolf_bio_info_cb wolfSSL_BIO_get_callback(WOLFSSL_BIO *bio); @@ -1434,15 +1698,16 @@ WOLFSSL_API int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); -WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size); +WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); -WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO* b); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void); -WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int); +WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags); WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags); +WOLFSSL_API int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd); WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS WOLFSSL_API int wolfSSL_BIO_set_ex_data_with_cleanup( @@ -1452,35 +1717,37 @@ WOLFSSL_API int wolfSSL_BIO_set_ex_data_with_cleanup( wolfSSL_ex_data_cleanup_routine_t cleanup_routine); #endif WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx); -WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long); +WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on); WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p); -WOLFSSL_API void wolfSSL_BIO_set_init(WOLFSSL_BIO*, int); -WOLFSSL_API void wolfSSL_BIO_set_data(WOLFSSL_BIO*, void*); -WOLFSSL_API void* wolfSSL_BIO_get_data(WOLFSSL_BIO*); -WOLFSSL_API void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO*, int); -WOLFSSL_API int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO*); -WOLFSSL_API void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*); +WOLFSSL_API void wolfSSL_BIO_set_init(WOLFSSL_BIO* bio, int init); +WOLFSSL_API void wolfSSL_BIO_set_data(WOLFSSL_BIO* bio, void* ptr); +WOLFSSL_API void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio); +WOLFSSL_API void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO* bio, int shut); +WOLFSSL_API int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO* bio); +WOLFSSL_API void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO* bio); WOLFSSL_API int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio); -WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int, const char*); -WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD*); -WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_write_cb); -WOLFSSL_API int wolfSSL_BIO_meth_set_read(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_read_cb); -WOLFSSL_API int wolfSSL_BIO_meth_set_puts(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_puts_cb); -WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_gets_cb); -WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ctrl_get_cb); -WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb); -WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int type, const char* name); +WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD* biom); +WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_write_cb biom_write); +WOLFSSL_API int wolfSSL_BIO_meth_set_read(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_read_cb biom_read); +WOLFSSL_API int wolfSSL_BIO_meth_set_puts(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_puts_cb biom_puts); +WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_gets_cb biom_gets); +WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_ctrl_get_cb biom_ctrl); +WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_create_cb biom_create); +WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD* biom, wolfSSL_BIO_meth_destroy_cb biom_destroy); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len); -WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); +WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int flag); +WOLFSSL_API long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl); #ifndef NO_FILESYSTEM WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); #endif WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag); -WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b); #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); @@ -1491,16 +1758,22 @@ WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); +WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); +WOLFSSL_API long wolfSSL_BIO_set_conn_hostname(WOLFSSL_BIO* b, char* name); WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port); WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b); +WOLFSSL_API int wolfSSL_BIO_do_accept(WOLFSSL_BIO *b); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b); +WOLFSSL_API void wolfSSL_BIO_ssl_shutdown(WOLFSSL_BIO* b); WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size); WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); +WOLFSSL_API int wolfSSL_BIO_up_ref(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); @@ -1513,20 +1786,21 @@ WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio); +#endif WOLFSSL_API void wolfSSL_RAND_screen(void); -WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); -WOLFSSL_API int wolfSSL_RAND_write_file(const char*); -WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); -WOLFSSL_API int wolfSSL_RAND_egd(const char*); -WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); +WOLFSSL_API const char* wolfSSL_RAND_file_name(char* fname, unsigned long len); +WOLFSSL_API int wolfSSL_RAND_write_file(const char* fname); +WOLFSSL_API int wolfSSL_RAND_load_file(const char* fname, long len); +WOLFSSL_API int wolfSSL_RAND_egd(const char* nm); +WOLFSSL_API int wolfSSL_RAND_seed(const void* seed, int len); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); -WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); +WOLFSSL_API void wolfSSL_RAND_add(const void* add, int len, double entropy); WOLFSSL_API int wolfSSL_RAND_poll(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); -WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*); +WOLFSSL_API int wolfSSL_COMP_add_compression_method(int method, void* data); WOLFSSL_API unsigned long wolfSSL_thread_id(void); WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); @@ -1541,9 +1815,9 @@ WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f) WOLFSSL_API int wolfSSL_num_locks(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( - WOLFSSL_X509_STORE_CTX*); -WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*); -WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*); + WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); @@ -1551,13 +1825,19 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, unsigned char** out); -WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, +WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out); WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name, unsigned char **in, long length); #ifndef NO_RSA +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +WOLFSSL_API int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent); +#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ +#ifndef NO_BIO WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset); -#endif +#endif /* !NO_BIO */ +#endif /* !NO_RSA */ + WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); #ifndef NO_FILESYSTEM @@ -1568,38 +1848,40 @@ WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig, const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); -WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, - char*, int); -WOLFSSL_API unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, + char* in, int sz); +WOLFSSL_API unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name); #if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) -WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int); +WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz); #endif WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( - WOLFSSL_X509*); + WOLFSSL_X509* cert); WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509); WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( - WOLFSSL_X509*); + WOLFSSL_X509* cert); WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509); -WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); -WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); -WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*); -WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*); -WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid); +WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid); +WOLFSSL_API int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit); +WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509); +WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509); +WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509); WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( - WOLFSSL_X509*, unsigned char*, int*); + WOLFSSL_X509* x509, unsigned char* dst, int* dstLen); WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( - WOLFSSL_X509*, unsigned char*, int*); + WOLFSSL_X509* x509, unsigned char* dst, int* dstLen); WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); #endif -WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*, - WOLFSSL_X509_NAME*); -WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*, - WOLFSSL_X509_NAME*); -WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); +WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509* cert, + WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509* cert, + WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509* cert, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t); WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, @@ -1614,12 +1896,13 @@ WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx); -WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name); WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( - WOLFSSL_X509_NAME*, int, char*, int); + WOLFSSL_X509_NAME* name, int nid, char* buf, int len); WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( - WOLFSSL_X509_NAME*, int, int); -WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); + WOLFSSL_X509_NAME* name, int nid, int pos); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY* in); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1); @@ -1630,34 +1913,35 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLF WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int dataSz); -WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*); +WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn); WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data( - const WOLFSSL_ASN1_STRING*); -WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*); -WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst, + const WOLFSSL_ASN1_STRING* asn); +WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn); +WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst, const WOLFSSL_ASN1_STRING* src); -WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*); -WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long); -WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*); -WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509*, unsigned char*, - int*); +WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long err); +WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz); +WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509, unsigned char* buf, + int* bufSz); WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509); -WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long); -WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*, - long); +WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup,const char* dir,long type); +WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, const char* file, + long type); WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void); WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void); WOLFSSL_API int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); -WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*, - WOLFSSL_X509_LOOKUP_METHOD*); +WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, + WOLFSSL_X509_LOOKUP_METHOD* m); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void); -WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*); +WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store); +WOLFSSL_API int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store); WOLFSSL_API int wolfSSL_X509_STORE_add_cert( - WOLFSSL_X509_STORE*, WOLFSSL_X509*); + WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain( @@ -1666,43 +1950,52 @@ WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx( WOLFSSL_X509_STORE_CTX *ctx); WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag); -WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); -WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*, - int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*); +WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store); +WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, + int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj); WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); -WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*, - WOLFSSL_X509_STORE*, WOLFSSL_X509*, WOLF_STACK_OF(WOLFSSL_X509)*); -WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*); -WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, + WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)*); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); -WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* pkey); +WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj); WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); +WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey, + const unsigned char ** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); +#ifdef WOLF_PRIVATE_KEY_ID +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, + WOLFSSL_EVP_PKEY** out, void* heap, int devId); +#endif WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der); -#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY* key, + unsigned char** der); +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) WOLFSSL_API int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx); -#endif /* OPENSSL_EXTRA */ -WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); +#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */ +WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t *cmpTime); @@ -1710,8 +2003,10 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTi int offset_day, long offset_sec, time_t *in_tm); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime, long offset_sec, time_t *in_tm); -WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); -WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*, +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME* s, + long adj); +WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, unsigned long flags, time_t t); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void); @@ -1723,59 +2018,78 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM unsigned long flags); WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set_hostflags( WOLFSSL_X509_VERIFY_PARAM* param, unsigned int flags); +WOLFSSL_API int wolfSSL_set1_host(WOLFSSL* ssl, const char * name); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam, const char* name, unsigned int nameSz); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc( WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip( + WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); -WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, +WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); #endif -WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); +WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl); WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( - WOLFSSL_X509_REVOKED*,int); -WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*); -WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*); + WOLFSSL_X509_REVOKED* revoked,int value); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509); +WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in); WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void); WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup( const WOLFSSL_ASN1_INTEGER* src); WOLFSSL_API int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER( + WOLFSSL_ASN1_INTEGER** a, + const unsigned char** in, + long inSz); +WOLFSSL_API int wolfSSL_i2d_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER* a, + unsigned char** out); -WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); +WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime); WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len); -WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*, - const WOLFSSL_ASN1_INTEGER*); -WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); +#ifndef NO_ASN_TIME +WOLFSSL_API int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm); +#endif +WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, + const WOLFSSL_ASN1_INTEGER* b); +WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t, - int, long); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* s, time_t t, + int offset_day, long offset_sec); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void); WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t); #endif -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( - const WOLFSSL_CTX *s); + const WOLFSSL_CTX *ctx); /* deprecated function name */ #define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list -WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, +WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(WOLFSSL_X509_NAME)*); +WOLFSSL_API void wolfSSL_set_client_CA_list(WOLFSSL* ssl, WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( const WOLFSSL* ssl); typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509, WOLFSSL_EVP_PKEY **pkey); -WOLFSSL_API void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb); +WOLFSSL_API void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb); + +typedef int (*CertSetupCallback)(WOLFSSL* ssl, void*); +WOLFSSL_API void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx, + CertSetupCallback cb, void *arg); +WOLFSSL_LOCAL int CertSetupCbWrapper(WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data( WOLFSSL_X509_STORE_CTX* ctx, int idx); @@ -1806,70 +2120,72 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert( - WOLFSSL_X509_STORE_CTX*); + WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error( WOLFSSL_X509_STORE_CTX* ctx, int er); void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth); -WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int); +WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx); -WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, +WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, void* userdata); -WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, - pem_password_cb*); -WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, + wc_pem_password_cb* cb); +WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx); WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); -WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, - void (*)(const WOLFSSL* ssl, int type, int val)); +WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, + void (*f)(const WOLFSSL* ssl, int type, int val)); WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); WOLFSSL_API int wolfSSL_GET_REASON(int); -WOLFSSL_API const char* wolfSSL_alert_type_string_long(int); -WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int); -WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); +WOLFSSL_API const char* wolfSSL_alert_type_string_long(int alertID); +WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int alertID); +WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL* ssl); -WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, - void(*)(int, int, void*), void*); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e, + void(*f)(int, int, void*), void* data); WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); -WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, - const unsigned char**, long); -WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA** r, + const unsigned char** derBuf, long derSz); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, unsigned char **pp); WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp); -WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, - WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx, + WOLFSSL_RSA *(*f)(WOLFSSL *, int, int)); -WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); +WOLFSSL_API int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key); -WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx); -WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); -WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); -WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); +WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz); +WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx); -WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); -WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); -WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); +WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_get_read_ahead(const WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_set_read_ahead(WOLFSSL* ssl, int v); +WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg); WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( - WOLFSSL_CTX*, void* arg); -WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); -WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); + WOLFSSL_CTX* ctx, void* arg); +WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password); +WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username); WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength); WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl); @@ -1884,12 +2200,16 @@ WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); +WOLFSSL_API long wolfSSL_get_tlsext_status_type(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); - +WOLFSSL_API int wolfSSL_set_tlsext_max_fragment_length + (WOLFSSL *s, unsigned char mode); +WOLFSSL_API int wolfSSL_CTX_set_tlsext_max_fragment_length + (WOLFSSL_CTX *c, unsigned char mode); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); @@ -1909,65 +2229,96 @@ enum { /* Separated out from other enums because of size */ enum { - SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, - SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002, - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004, - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008, - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010, - SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020, - SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040, - SSL_OP_TLS_D5_BUG = 0x00000080, - SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, - SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, - SSL_OP_EPHEMERAL_RSA = 0x00000800, + WOLFSSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, + WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002, + WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004, + WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008, + WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010, + WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020, + WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040, + WOLFSSL_OP_TLS_D5_BUG = 0x00000080, + WOLFSSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, + WOLFSSL_OP_TLS_ROLLBACK_BUG = 0x00000200, + WOLFSSL_OP_EPHEMERAL_RSA = 0x00000800, WOLFSSL_OP_NO_SSLv3 = 0x00001000, WOLFSSL_OP_NO_TLSv1 = 0x00002000, - SSL_OP_PKCS1_CHECK_1 = 0x00004000, - SSL_OP_PKCS1_CHECK_2 = 0x00008000, - SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, - SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, - SSL_OP_SINGLE_DH_USE = 0x00040000, - SSL_OP_NO_TICKET = 0x00080000, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, - SSL_OP_NO_QUERY_MTU = 0x00200000, - SSL_OP_COOKIE_EXCHANGE = 0x00400000, - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, - SSL_OP_SINGLE_ECDH_USE = 0x01000000, - SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, + WOLFSSL_OP_PKCS1_CHECK_1 = 0x00004000, + WOLFSSL_OP_PKCS1_CHECK_2 = 0x00008000, + WOLFSSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, + WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, + WOLFSSL_OP_SINGLE_DH_USE = 0x00040000, + WOLFSSL_OP_NO_TICKET = 0x00080000, + WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, + WOLFSSL_OP_NO_QUERY_MTU = 0x00200000, + WOLFSSL_OP_COOKIE_EXCHANGE = 0x00400000, + WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, + WOLFSSL_OP_SINGLE_ECDH_USE = 0x01000000, + WOLFSSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, WOLFSSL_OP_NO_TLSv1_1 = 0x04000000, WOLFSSL_OP_NO_TLSv1_2 = 0x08000000, - SSL_OP_NO_COMPRESSION = 0x10000000, + WOLFSSL_OP_NO_COMPRESSION = 0x10000000, WOLFSSL_OP_NO_TLSv1_3 = 0x20000000, WOLFSSL_OP_NO_SSLv2 = 0x40000000, - SSL_OP_ALL = - (SSL_OP_MICROSOFT_SESS_ID_BUG - | SSL_OP_NETSCAPE_CHALLENGE_BUG - | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG - | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER - | SSL_OP_MSIE_SSLV2_RSA_PADDING - | SSL_OP_SSLEAY_080_CLIENT_DH_BUG - | SSL_OP_TLS_D5_BUG - | SSL_OP_TLS_BLOCK_PADDING_BUG - | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS - | SSL_OP_TLS_ROLLBACK_BUG), + WOLFSSL_OP_ALL = + (WOLFSSL_OP_MICROSOFT_SESS_ID_BUG + | WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG + | WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + | WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + | WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + | WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING + | WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG + | WOLFSSL_OP_TLS_D5_BUG + | WOLFSSL_OP_TLS_BLOCK_PADDING_BUG + | WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | WOLFSSL_OP_TLS_ROLLBACK_BUG), }; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ defined(HAVE_WEBSERVER) /* for compatibility these must be macros */ -#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 -#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 -#define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1 -#define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1 -#define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2 -#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) /* apache uses this to determine if TLS 1.3 is enabled */ + +#define SSL_OP_MICROSOFT_SESS_ID_BUG WOLFSSL_OP_MICROSOFT_SESS_ID_BUG +#define SSL_OP_NETSCAPE_CHALLENGE_BUG WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER +#define SSL_OP_MSIE_SSLV2_RSA_PADDING WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG +#define SSL_OP_TLS_D5_BUG WOLFSSL_OP_TLS_D5_BUG +#define SSL_OP_TLS_BLOCK_PADDING_BUG WOLFSSL_OP_TLS_BLOCK_PADDING_BUG +#define SSL_OP_TLS_ROLLBACK_BUG WOLFSSL_OP_TLS_ROLLBACK_BUG +#define SSL_OP_EPHEMERAL_RSA WOLFSSL_OP_EPHEMERAL_RSA +#define SSL_OP_PKCS1_CHECK_1 WOLFSSL_OP_PKCS1_CHECK_1 +#define SSL_OP_PKCS1_CHECK_2 WOLFSSL_OP_PKCS1_CHECK_2 +#define SSL_OP_NETSCAPE_CA_DN_BUG WOLFSSL_OP_NETSCAPE_CA_DN_BUG +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS +#define SSL_OP_NO_QUERY_MTU WOLFSSL_OP_NO_QUERY_MTU +#define SSL_OP_COOKIE_EXCHANGE WOLFSSL_OP_COOKIE_EXCHANGE +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \ + WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +#define SSL_OP_ALL WOLFSSL_OP_ALL + +#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 +#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 +#define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1 +#define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1 +#define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2 +#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION + +/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */ +#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) #define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3 #endif +#ifdef HAVE_SESSION_TICKET +#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET +#endif + #define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) + #define SSL_NOTHING 1 #define SSL_WRITING 2 #define SSL_READING 3 @@ -1995,7 +2346,6 @@ enum { OCSP_BASICRESP = 16, #endif - ASN1_GENERALIZEDTIME = 4, SSL_MAX_SSL_SESSION_ID_LENGTH = 32, SSL_ST_CONNECT = 0x1000, @@ -2019,67 +2369,72 @@ enum { SSL_CB_MODE_WRITE = 2, SSL_MODE_ENABLE_PARTIAL_WRITE = 2, - SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to block with blocking io - * and auto retry */ + SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE} + * to the user. This is set by default with + * OPENSSL_COMPATIBLE_DEFAULTS. The macro + * WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to + * limit the possibility of an infinite retry loop + */ SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ - BIO_CLOSE = 1, - BIO_NOCLOSE = 0, + /* Not all of these are actually used in wolfSSL. Some are included to + * satisfy OpenSSL compatibility consumers to prevent compilation errors. */ + X509_V_OK = 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2, + X509_V_ERR_UNABLE_TO_GET_CRL = 3, + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = 4, + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = 5, + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY = 6, + X509_V_ERR_CERT_SIGNATURE_FAILURE = 7, + X509_V_ERR_CRL_SIGNATURE_FAILURE = 8, + X509_V_ERR_CERT_NOT_YET_VALID = 9, + X509_V_ERR_CERT_HAS_EXPIRED = 10, + X509_V_ERR_CRL_NOT_YET_VALID = 11, + X509_V_ERR_CRL_HAS_EXPIRED = 12, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14, + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD = 15, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 16, + X509_V_ERR_OUT_OF_MEM = 17, + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18, + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 19, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 22, + X509_V_ERR_CERT_REVOKED = 23, + X509_V_ERR_INVALID_CA = 24, + X509_V_ERR_PATH_LENGTH_EXCEEDED = 25, + X509_V_ERR_INVALID_PURPOSE = 26, + X509_V_ERR_CERT_UNTRUSTED = 27, + X509_V_ERR_CERT_REJECTED = 28, + X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, + X509_V_ERR_AKID_SKID_MISMATCH = 30, + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH = 31, + X509_V_ERR_KEYUSAGE_NO_CERTSIGN = 32, + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER = 33, + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION = 34, + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN = 35, + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION = 36, + X509_V_ERR_INVALID_NON_CA = 37, + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED = 38, + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = 39, + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED = 40, + X509_V_ERR_INVALID_EXTENSION = 41, + X509_V_ERR_INVALID_POLICY_EXTENSION = 42, + X509_V_ERR_NO_EXPLICIT_POLICY = 43, + X509_V_ERR_DIFFERENT_CRL_SCOPE = 44, + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = 45, + X509_V_ERR_UNNESTED_RESOURCE = 46, + X509_V_ERR_PERMITTED_VIOLATION = 47, + X509_V_ERR_EXCLUDED_VIOLATION = 48, + X509_V_ERR_SUBTREE_MINMAX = 49, + X509_V_ERR_APPLICATION_VERIFICATION = 50, + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = 51, + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = 52, + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 53, + X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 54, - X509_FILETYPE_PEM = 8, - X509_LU_NONE = WOLFSSL_X509_LU_NONE, - X509_LU_X509 = WOLFSSL_X509_LU_X509, - X509_LU_CRL = WOLFSSL_X509_LU_CRL, - - X509_V_OK = 0, - X509_V_ERR_CRL_SIGNATURE_FAILURE = 8, - X509_V_ERR_CERT_HAS_EXPIRED = 10, - X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, - X509_V_ERR_CRL_HAS_EXPIRED = 15, - X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, - X509_V_ERR_CERT_NOT_YET_VALID = 19, - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, - X509_V_ERR_CERT_REVOKED = 23, - X509_V_ERR_CERT_REJECTED = 24, - /* Required for Nginx */ - X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 25, - X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 26, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 27, - X509_V_ERR_CERT_UNTRUSTED = 28, - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 29, - X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 30, - /* additional X509_V_ERR_* enums not used in wolfSSL */ - X509_V_ERR_UNABLE_TO_GET_CRL, - X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, - X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, - X509_V_ERR_CERT_SIGNATURE_FAILURE, - X509_V_ERR_CRL_NOT_YET_VALID, - X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, - X509_V_ERR_OUT_OF_MEM, - X509_V_ERR_INVALID_CA, - X509_V_ERR_PATH_LENGTH_EXCEEDED, - X509_V_ERR_INVALID_PURPOSE, - X509_V_ERR_AKID_SKID_MISMATCH, - X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, - X509_V_ERR_KEYUSAGE_NO_CERTSIGN, - X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, - X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, - X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, - X509_V_ERR_INVALID_NON_CA, - X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, - X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, - X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, - X509_V_ERR_INVALID_EXTENSION, - X509_V_ERR_INVALID_POLICY_EXTENSION, - X509_V_ERR_NO_EXPLICIT_POLICY, - X509_V_ERR_UNNESTED_RESOURCE, - X509_V_ERR_APPLICATION_VERIFICATION, - - X509_R_CERT_ALREADY_IN_HASH_TABLE, + X509_R_CERT_ALREADY_IN_HASH_TABLE = 101, CRYPTO_LOCK = 1, CRYPTO_NUM_LOCKS = 10, @@ -2098,7 +2453,7 @@ enum { #else #include #endif -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE fp, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str, @@ -2127,12 +2482,12 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); #define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1 #define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM #define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT - #define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW #define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE + #define SSL_VERIFY_POST_HANDSHAKE WOLFSSL_VERIFY_POST_HANDSHAKE #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF @@ -2169,7 +2524,20 @@ enum { /* ssl Constants */ WOLFSSL_ERROR_NONE = 0, /* for most functions */ WOLFSSL_FAILURE = 0, /* for some functions */ WOLFSSL_SUCCESS = 1, - WOLFSSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */ + +/* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown when the other end + * of the connection has yet to send its close notify alert as part of the + * bidirectional shutdown. To complete the shutdown, either keep calling + * wolfSSL_shutdown until it returns WOLFSSL_SUCCESS or call wolfSSL_read until + * it returns <= 0 AND SSL_get_error returns SSL_ERROR_ZERO_RETURN. See OpenSSL + * docs for more: https://www.openssl.org/docs/man1.1.1/man3/SSL_shutdown.html + */ +#ifdef WOLFSSL_ERROR_CODE_OPENSSL +/* SSL_shutdown returns 0 when not done, per OpenSSL documentation. */ + WOLFSSL_SHUTDOWN_NOT_DONE = 0, +#else + WOLFSSL_SHUTDOWN_NOT_DONE = 2, +#endif WOLFSSL_ALPN_NOT_FOUND = -9, WOLFSSL_BAD_CERTTYPE = -8, @@ -2181,16 +2549,16 @@ enum { /* ssl Constants */ WOLFSSL_UNKNOWN = -2, WOLFSSL_FATAL_ERROR = -1, - WOLFSSL_FILETYPE_ASN1 = 2, - WOLFSSL_FILETYPE_PEM = 1, - WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */ - WOLFSSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ + WOLFSSL_FILETYPE_ASN1 = CTC_FILETYPE_ASN1, + WOLFSSL_FILETYPE_PEM = CTC_FILETYPE_PEM, + WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */ WOLFSSL_VERIFY_NONE = 0, WOLFSSL_VERIFY_PEER = 1 << 0, WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 1 << 1, WOLFSSL_VERIFY_CLIENT_ONCE = 1 << 2, - WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 1 << 3, + WOLFSSL_VERIFY_POST_HANDSHAKE = 1 << 3, + WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 1 << 4, WOLFSSL_VERIFY_DEFAULT = 1 << 9, WOLFSSL_SESS_CACHE_OFF = 0x0000, @@ -2224,60 +2592,60 @@ enum { /* ssl Constants */ }; #ifndef NO_PSK - typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, + typedef unsigned int (*wc_psk_client_callback)(WOLFSSL* ssl, const char*, char*, unsigned int, unsigned char*, unsigned int); - WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*, - wc_psk_client_callback); - WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, - wc_psk_client_callback); + WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx, + wc_psk_client_callback cb); + WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL* ssl, + wc_psk_client_callback cb); #ifdef OPENSSL_EXTRA - typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, + typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md, const unsigned char **id, size_t* idlen, WOLFSSL_SESSION **sess); - WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, + WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, wc_psk_use_session_cb_func cb); #endif #ifdef WOLFSSL_TLS13 - typedef unsigned int (*wc_psk_client_cs_callback)(WOLFSSL*, const char*, + typedef unsigned int (*wc_psk_client_cs_callback)(WOLFSSL* ssl, const char*, char*, unsigned int, unsigned char*, unsigned int, const char*); - WOLFSSL_API void wolfSSL_CTX_set_psk_client_cs_callback(WOLFSSL_CTX*, - wc_psk_client_cs_callback); - WOLFSSL_API void wolfSSL_set_psk_client_cs_callback(WOLFSSL*, - wc_psk_client_cs_callback); + WOLFSSL_API void wolfSSL_CTX_set_psk_client_cs_callback(WOLFSSL_CTX* ctx, + wc_psk_client_cs_callback cb); + WOLFSSL_API void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl, + wc_psk_client_cs_callback cb); - typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, + typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL* ssl, const char*, char*, unsigned int, unsigned char*, unsigned int, const char**); - WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*, - wc_psk_client_tls13_callback); - WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*, - wc_psk_client_tls13_callback); + WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX* ctx, + wc_psk_client_tls13_callback cb); + WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl, + wc_psk_client_tls13_callback cb); #endif - WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*); - WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*); + WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl); + WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl); - WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*); - WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*); + WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint); + WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint); - typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, + typedef unsigned int (*wc_psk_server_callback)(WOLFSSL* ssl, const char*, unsigned char*, unsigned int); - WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*, - wc_psk_server_callback); - WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*, - wc_psk_server_callback); + WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx, + wc_psk_server_callback cb); + WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL* ssl, + wc_psk_server_callback cb); #ifdef WOLFSSL_TLS13 - typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, + typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL* ssl, const char*, unsigned char*, unsigned int, const char**); - WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*, - wc_psk_server_tls13_callback); - WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*, - wc_psk_server_tls13_callback); + WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX* ctx, + wc_psk_server_tls13_callback cb); + WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl, + wc_psk_server_tls13_callback cb); #endif - WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*); - WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*); + WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl); + WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx); - WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*); - WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*); + WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX* ctx); + WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx); #define PSK_TYPES_DEFINED @@ -2289,7 +2657,7 @@ enum { /* ssl Constants */ #ifdef HAVE_ANON - WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx); #endif /* HAVE_ANON */ @@ -2309,9 +2677,9 @@ enum { WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err, const char* file, int line); -WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char**, int*); -WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*, - const char**, int *); +WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line); +WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, + const char** data, int* flags); WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void); WOLFSSL_API void wolfSSL_ERR_clear_error(void); @@ -2320,58 +2688,62 @@ WOLFSSL_API void wolfSSL_ERR_clear_error(void); WOLFSSL_API int wolfSSL_RAND_status(void); WOLFSSL_API int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num); WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); -WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); +WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt); WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); -WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); +WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt); #if !defined(NO_CHECK_PRIVATE_KEY) - WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx); #endif -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_ERR_free_strings(void); -WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); +WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long id); WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void); WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode); +WOLFSSL_API long wolfSSL_CTX_clear_mode(WOLFSSL_CTX* ctx, long mode); WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); -WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, - const unsigned char*, unsigned int); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); +WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_file_env(void); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_file(void); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_dir_env(void); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_dir(void); +WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, + const unsigned char* sid_ctx, unsigned int sid_ctx_len); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); #ifdef OPENSSL_EXTRA -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl); #endif #ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_want(WOLFSSL*); +WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl); #endif -WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); -WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); +WOLFSSL_API int wolfSSL_want_read(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_want_write(WOLFSSL* ssl); -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA) #include /* var_arg */ WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args); -#endif -WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...); -WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char*, int); -WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, - const WOLFSSL_ASN1_UTCTIME*); -WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, - const WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...); +WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char* buf, int length); +WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, + const WOLFSSL_ASN1_UTCTIME* a); +WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, + const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime); WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); -WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME*); -WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, - const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to); +WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a); +WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_TIME* from, + const WOLFSSL_ASN1_TIME* to); +WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, + const WOLFSSL_ASN1_TIME *b); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); @@ -2380,7 +2752,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *s WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk); WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i); -#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL) +#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx); @@ -2396,8 +2768,8 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int #endif /* stunnel 4.28 needs */ -WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); -WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*); +WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx); +WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup( WOLFSSL_CTX* ctx, @@ -2405,20 +2777,23 @@ WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup( void* data, wolfSSL_ex_data_cleanup_routine_t cleanup_routine); #endif -WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*, - WOLFSSL_SESSION*(*f)(WOLFSSL*, const unsigned char*, int, int*)); -WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*, - int (*f)(WOLFSSL*, WOLFSSL_SESSION*)); -WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*, - void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*)); +WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, + WOLFSSL_SESSION*(*f)(WOLFSSL* ssl, const unsigned char*, int, int*)); +WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx, + int (*f)(WOLFSSL* ssl, WOLFSSL_SESSION*)); +WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, + void (*f)(WOLFSSL_CTX* ctx, WOLFSSL_SESSION*)); -WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**, - const unsigned char**, long); +WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess,unsigned char** p); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, + const unsigned char** p, long i); -WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); -WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); -WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); +WOLFSSL_API int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* session); +WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint( + const WOLFSSL_SESSION* sess); +WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* session); +WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* session); +WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, void* c); /* extra ends */ @@ -2428,7 +2803,7 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); /* call before SSL_connect, if verifying will add name check to date check and signature check */ -WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL*, const char*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); /* need to call once to load library (session cache) */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); @@ -2450,8 +2825,8 @@ WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl); /* turn on wolfSSL data compression */ WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to); WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx, void (*cb)(const WOLFSSL* ssl, WOLFSSL_TIMEVAL* out_clock)); @@ -2465,32 +2840,32 @@ WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl); /* peer chain count */ WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain); /* index cert length */ -WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx); +WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx); /* index cert */ -WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); +WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx); /* index cert in X509 */ -WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); +WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx); /* free X509 */ #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) -WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509* x509); /* get index cert in PEM */ -WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, +WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, unsigned char* buf, int inLen, int* outLen); WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID( const WOLFSSL_SESSION* s); -WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); -WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); -WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); -WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*); -WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509*); -WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,unsigned char* in,int* inOutSz); +WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509* x509); +WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz); +WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz); +WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509); +WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509* x509); -WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); +WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char* fname); -WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509*, const char*, word32, int); -WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int); +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert); +WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509* x509, const char* name, word32 nameSz, int type); +WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509* x509, const char* name, int type); WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); @@ -2503,12 +2878,33 @@ WOLFSSL_API WOLFSSL_X509* WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **crl); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); #endif +#if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl); +WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid( + const WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, + unsigned char* buf, int* bufSz); +WOLFSSL_API int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio, + WOLFSSL_X509_CRL* crl); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name( + WOLFSSL_X509_CRL *crl); +WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, + byte* in, int* inOutSz); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); +#endif + +WOLFSSL_API +const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const + WOLFSSL_X509_REVOKED *rev); +WOLFSSL_API +const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const + WOLFSSL_X509_REVOKED *rev); #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM @@ -2527,11 +2923,11 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( #ifdef WOLFSSL_SEP WOLFSSL_API unsigned char* - wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*); + wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz); WOLFSSL_API unsigned char* - wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*); + wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz); WOLFSSL_API unsigned char* - wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*); + wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz); #endif /* connect enough to get peer cert */ @@ -2563,55 +2959,55 @@ WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void); #ifndef NO_DH /* server Diffie-Hellman parameters */ -WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz, +WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, const unsigned char* g, int gSz); -WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz, +WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* b, long sz, int format); -WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL* ssl, int enable); #ifndef NO_FILESYSTEM - WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format); + WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* f, int format); #endif /* server ctx Diffie-Hellman parameters */ -WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p, +WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, const unsigned char* g, int gSz); -WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b, +WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* b, long sz, int format); #ifndef NO_FILESYSTEM - WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f, + WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* f, int format); #endif -WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, word16); -WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, word16); -WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, word16); -WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, word16); -WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); +WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits); +WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits); +WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits); +WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits); +WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl); #endif /* NO_DH */ #ifndef NO_RSA -WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short); -WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short); +WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz); +WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz); #endif /* NO_RSA */ #ifdef HAVE_ECC -WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short); -WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short); +WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz); +WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz); #endif /* NO_RSA */ -WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, word16); -WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, word16); +WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz); +WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz); /* keyblock size in bytes or -1 */ /* need to call wolfSSL_KeepArrays before handshake to save keys */ -WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*); -WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen, +WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_get_keys(WOLFSSL* ssl,unsigned char** ms, unsigned int* msLen, unsigned char** sr, unsigned int* srLen, unsigned char** cr, unsigned int* crLen); /* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ -WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, +WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len, const char* label); @@ -2624,7 +3020,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \ - !defined(WOLFSSL_ZEPHYR) + !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) #include #endif /* allow writev style writing */ @@ -2636,53 +3032,57 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, #ifndef NO_CERTS /* SSL_CTX versions */ - WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx); #ifdef WOLFSSL_TRUST_PEER_CERT - WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); - WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*, - const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx); +#ifdef WOLFSSL_LOCAL_X509_STORE + WOLFSSL_API int wolfSSL_Unload_trust_peers(WOLFSSL* ssl); #endif - WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX*, - const unsigned char*, long, int, - int, word32); - WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*, - const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*, - const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*, - const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, - const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*, - const unsigned char*, long, - int, long); - WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX*, - const unsigned char*, long, - int); - WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX*, const char*, - int); - WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*, - const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*, - const unsigned char*, long); + WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, + long sz, int format); +#endif + WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format, + int userChain, word32 flags); + WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, + const unsigned char* id, long sz, + int devId, long keySz); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, + const unsigned char* id, long sz, + int devId); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label, + int devId); + WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, long sz); /* SSL versions */ - WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*, - long, int); + WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in, + long sz, int format); WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, int derSz); - WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, - long, int); - WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*, - long, int, long); - WOLFSSL_API int wolfSSL_use_PrivateKey_Id(WOLFSSL*, const unsigned char*, - long, int); - WOLFSSL_API int wolfSSL_use_PrivateKey_Label(WOLFSSL*, const char*, int); - WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, - const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, - const unsigned char*, long); - WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); + WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, + long sz, int format); + WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id, + long sz, int devId, long keySz); + WOLFSSL_API int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, + long sz, int devId); + WOLFSSL_API int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId); + WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, + const unsigned char* in, long sz); + WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl); #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ defined(KEEP_OUR_CERT) @@ -2691,8 +3091,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, #endif #endif -WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); -WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*); +WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL* ssl); #ifdef HAVE_FUZZER @@ -2711,7 +3111,7 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt #endif -WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, const byte*, word32); +WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, const byte* secret, word32 secretSz); /* I/O Callback default errors */ @@ -2733,19 +3133,23 @@ enum { WOLFSSL_TLSV1_1 = 2, WOLFSSL_TLSV1_2 = 3, WOLFSSL_TLSV1_3 = 4, + WOLFSSL_DTLSV1 = 5, + WOLFSSL_DTLSV1_2 = 6, + WOLFSSL_DTLSV1_3 = 7, + WOLFSSL_USER_CA = 1, /* user added as trusted */ WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ }; -WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX*, int); -WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); +WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); -WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz); +WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); @@ -2772,7 +3176,7 @@ typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut, const unsigned char* macIn, unsigned int macInSz, int macContent, int macVerify, unsigned char* encOut, const unsigned char* encIn, unsigned int encSz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt); +WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb); WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl); @@ -2780,15 +3184,15 @@ typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int content, int verify, unsigned int* padSz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*, - CallbackDecryptVerify); +WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx, + CallbackDecryptVerify cb); WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl); typedef int (*CallbackEncryptMac)(WOLFSSL* ssl, unsigned char* macOut, int content, int macVerify, unsigned char* encOut, const unsigned char* encIn, unsigned int encSz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX*, CallbackEncryptMac); +WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptMac cb); WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl); @@ -2796,29 +3200,33 @@ typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int content, int verify, unsigned int* padSz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX*, - CallbackVerifyDecrypt); +WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX* ctx, + CallbackVerifyDecrypt cb); WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl); -WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int); -WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL*, int, int); -WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); -WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); -WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); -WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*); -WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*); -WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*, - word32, int, int); +WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify); +WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL* ssl, int verify, int epochOrder); +WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL* ssl); +WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL* ssl); +WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL* ssl); +WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetSide(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL* ssl); +#ifdef WORD64_AVAILABLE +WOLFSSL_API int wolfSSL_GetPeerSequenceNumber(WOLFSSL* ssl, word64* seq); +WOLFSSL_API int wolfSSL_GetSequenceNumber(WOLFSSL* ssl, word64* seq); +#endif +WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, + byte* inner, word32 sz, int content, int verify); /* Atomic User Needs */ enum { @@ -2831,24 +3239,20 @@ enum { WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ }; -/* for GetBulkCipher and internal use */ +/* for GetBulkCipher and internal use + * using explicit values to assist with serialization of a TLS session */ enum BulkCipherAlgorithm { - wolfssl_cipher_null, - wolfssl_rc4, - wolfssl_rc2, - wolfssl_des, - wolfssl_triple_des, /* leading 3 (3des) not valid identifier */ - wolfssl_des40, -#ifdef HAVE_IDEA - wolfssl_idea, -#endif - wolfssl_aes, - wolfssl_aes_gcm, - wolfssl_aes_ccm, - wolfssl_chacha, - wolfssl_camellia, - wolfssl_hc128, /* wolfSSL extensions */ - wolfssl_rabbit + wolfssl_cipher_null = 0, + wolfssl_rc4 = 1, + wolfssl_rc2 = 2, + wolfssl_des = 3, + wolfssl_triple_des = 4, + wolfssl_des40 = 5, + wolfssl_aes = 6, + wolfssl_aes_gcm = 7, + wolfssl_aes_ccm = 8, + wolfssl_chacha = 9, + wolfssl_camellia = 10 }; @@ -2868,7 +3272,7 @@ struct ecc_key; typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key, unsigned int keySz, int ecc_curve, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen); +WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb); WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl); @@ -2877,17 +3281,19 @@ typedef int (*CallbackEccSign)(WOLFSSL* ssl, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, - CallbackEccSign); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, + CallbackEccSign cb); WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx); +WOLFSSL_API void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx); typedef int (*CallbackEccVerify)(WOLFSSL* ssl, const unsigned char* sig, unsigned int sigSz, const unsigned char* hash, unsigned int hashSz, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify); +WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb); WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); @@ -2895,21 +3301,36 @@ typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey, unsigned char* pubKeyDer, word32* pubKeySz, unsigned char* out, word32* outlen, int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ -WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret); +WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, CallbackEccSharedSecret cb); WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl); #endif +#ifdef HAVE_HKDF +#include +typedef int (*CallbackHKDFExtract)(byte* prk, const byte* salt, word32 saltLen, + byte* ikm, word32 ikmLen, int digest, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetHKDFExtractCb(WOLFSSL_CTX* ctx, CallbackHKDFExtract cb); +WOLFSSL_API void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_SetHKDFExtractCtx(WOLFSSL* ssl, void *ctx); +#endif + #ifndef NO_DH /* Public DH Key Callback support */ struct DhKey; +typedef int (*CallbackDhGenerateKeyPair)(DhKey* key, WC_RNG* rng, + byte* priv, word32* privSz, + byte* pub, word32* pubSz); typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz, const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz, unsigned char* out, word32* outlen, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree); -WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void wolfSSL_CTX_SetDhGenerateKeyPair(WOLFSSL_CTX* ctx, + CallbackDhGenerateKeyPair cb); +WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, + CallbackDhAgree cb); +WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl); #endif /* !NO_DH */ @@ -2920,8 +3341,8 @@ typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl, unsigned char* out, unsigned int* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX*, - CallbackEd25519Sign); +WOLFSSL_API void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, + CallbackEd25519Sign cb); WOLFSSL_API void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl); @@ -2930,8 +3351,8 @@ typedef int (*CallbackEd25519Verify)(WOLFSSL* ssl, const unsigned char* msg, unsigned int msgSz, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*, - CallbackEd25519Verify); +WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, + CallbackEd25519Verify cb); WOLFSSL_API void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl); #endif @@ -2941,7 +3362,7 @@ struct curve25519_key; typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen); +WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, CallbackX25519KeyGen cb); WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl); @@ -2951,8 +3372,8 @@ typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl, unsigned char* out, unsigned int* outlen, int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ -WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*, - CallbackX25519SharedSecret); +WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx, + CallbackX25519SharedSecret cb); WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl); #endif @@ -2964,8 +3385,8 @@ typedef int (*CallbackEd448Sign)(WOLFSSL* ssl, unsigned char* out, unsigned int* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX*, - CallbackEd448Sign); +WOLFSSL_API void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, + CallbackEd448Sign cb); WOLFSSL_API void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl); @@ -2974,8 +3395,8 @@ typedef int (*CallbackEd448Verify)(WOLFSSL* ssl, const unsigned char* msg, unsigned int msgSz, const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX*, - CallbackEd448Verify); +WOLFSSL_API void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, + CallbackEd448Verify cb); WOLFSSL_API void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl); #endif @@ -2985,7 +3406,7 @@ struct curve448_key; typedef int (*CallbackX448KeyGen)(WOLFSSL* ssl, struct curve448_key* key, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX*, CallbackX448KeyGen); +WOLFSSL_API void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx, CallbackX448KeyGen cb); WOLFSSL_API void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl); @@ -2995,8 +3416,8 @@ typedef int (*CallbackX448SharedSecret)(WOLFSSL* ssl, unsigned char* out, unsigned int* outlen, int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ -WOLFSSL_API void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX*, - CallbackX448SharedSecret); +WOLFSSL_API void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx, + CallbackX448SharedSecret cb); WOLFSSL_API void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl); #endif @@ -3007,7 +3428,7 @@ typedef int (*CallbackRsaSign)(WOLFSSL* ssl, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign); +WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb); WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl); @@ -3016,8 +3437,8 @@ typedef int (*CallbackRsaVerify)(WOLFSSL* ssl, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); -WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb); +WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb); WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); @@ -3028,7 +3449,7 @@ typedef int (*CallbackRsaPssSign)(WOLFSSL* ssl, int hash, int mgf, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX*, CallbackRsaPssSign); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb); WOLFSSL_API void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl); @@ -3038,10 +3459,10 @@ typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl, int hash, int mgf, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*, - CallbackRsaPssVerify); -WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*, - CallbackRsaPssVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, + CallbackRsaPssVerify cb); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, + CallbackRsaPssVerify cb); WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl); #endif @@ -3052,7 +3473,7 @@ typedef int (*CallbackRsaEnc)(WOLFSSL* ssl, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc); +WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb); WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl); @@ -3062,66 +3483,135 @@ typedef int (*CallbackRsaDec)(WOLFSSL* ssl, unsigned char** out, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec); +WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb); WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); #endif + +/* Protocol Callback */ +typedef int (*CallbackGenMasterSecret)(WOLFSSL* ssl, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx, + CallbackGenMasterSecret cb); +WOLFSSL_API void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl); + +typedef int (*CallbackGenPreMaster)(WOLFSSL* ssl, byte *premaster, + word32 preSz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx, + CallbackGenPreMaster cb); +WOLFSSL_API void wolfSSL_SetGenPreMasterCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl); + +typedef int (*CallbackGenSessionKey)(WOLFSSL* ssl, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, + CallbackGenSessionKey cb); +WOLFSSL_API void wolfSSL_SetGenSessionKeyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetGenSessionKeyCtx(WOLFSSL* ssl); + +typedef int (*CallbackEncryptKeys)(WOLFSSL* ssl, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEncryptKeysCb(WOLFSSL_CTX* ctx, + CallbackEncryptKeys cb); +WOLFSSL_API void wolfSSL_SetEncryptKeysCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEncryptKeysCtx(WOLFSSL* ssl); + +typedef int (*CallbackTlsFinished)(WOLFSSL* ssl, + const byte *side, + const byte *handshake_hash, word32 hashSz, + byte *hashes, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetTlsFinishedCb(WOLFSSL_CTX* ctx, CallbackTlsFinished cb); +WOLFSSL_API void wolfSSL_SetTlsFinishedCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetTlsFinishedCtx(WOLFSSL* ssl); + +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) +typedef int (*CallbackVerifyMac)(WOLFSSL *ssl, const byte* message, + word32 messageSz, word32 macSz, word32 content, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetVerifyMacCb(WOLFSSL_CTX* ctx, CallbackVerifyMac cb); +WOLFSSL_API void wolfSSL_SetVerifyMacCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetVerifyMacCtx(WOLFSSL* ssl); +#endif + +typedef int (*CallbackHKDFExpandLabel)(byte* okm, word32 okmLen, + const byte* prk, word32 prkLen, + const byte* protocol, word32 protocolLen, + const byte* label, word32 labelLen, + const byte* info, word32 infoLen, + int digest, int side); +WOLFSSL_API void wolfSSL_CTX_SetHKDFExpandLabelCb(WOLFSSL_CTX* ctx, + CallbackHKDFExpandLabel cb); + +typedef int (*CallbackProcessServerSigKex)(WOLFSSL* ssl, byte p_sig_algo, + const byte* p_sig, word32 p_sig_len, + const byte* p_rand, word32 p_rand_len, + const byte* p_server_params, word32 p_server_params_len); +WOLFSSL_API void wolfSSL_CTX_SetProcessServerSigKexCb(WOLFSSL_CTX* ctx, + CallbackProcessServerSigKex cb); + +typedef int (*CallbackPerformTlsRecordProcessing)(WOLFSSL* ssl, int is_encrypt, + byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, + CallbackPerformTlsRecordProcessing cb); + #endif /* HAVE_PK_CALLBACKS */ #ifndef NO_CERTS - WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); + WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb); - WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*); + WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx); WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap); WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); - WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); - WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER*); + WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm); - WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f, + WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f, const char* d); - WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*, + WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm, const unsigned char* in, long sz, int format); WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm); #ifdef WOLFSSL_TRUST_PEER_CERT WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm); #endif - WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f, + WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* f, int format); WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff, long sz, int format); - WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*, - unsigned char*, int sz); - WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*, + WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, + unsigned char* der, int sz); + WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options); - WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); + WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc); - WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, - const char*, int, int); - WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*, - const unsigned char*, long sz, int); - WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*, - CbMissingCRL); - WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *); + WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, + const char* path, int type, int monitor); + WOLFSSL_API int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm, + const char* file, int type); + WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm, + const unsigned char* buff, long sz, int type); + WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, + CbMissingCRL cb); + WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm); #ifdef HAVE_CRL_IO - WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*, - CbCrlIO); + WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, + CbCrlIO cb); #endif #if defined(HAVE_OCSP) - WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *, + WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER* cm, byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest); #endif - WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*, - unsigned char*, int sz); - WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*, + WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, + unsigned char* der, int sz); + WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options); - WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); - WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*, - const char*); - WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*, - CbOCSPIO, CbOCSPRespFree, void*); + WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm, + const char* url); + WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm, + CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx); WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( WOLFSSL_CERT_MANAGER* cm); @@ -3135,55 +3625,57 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( - WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); + WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name); #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); - WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); - WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*, - const unsigned char*, long sz, int); - WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL); + WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor); + WOLFSSL_API int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type); + WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, + const unsigned char* buff, long sz, int type); + WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb); #ifdef HAVE_CRL_IO WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb); #endif - WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options); - WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*); - WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*); - WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*); - WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*); - WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*); + WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options); + WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL* ssl); + WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url); + WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx); + WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl); + WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options); WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx); - WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int); - WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*, - const unsigned char*, long sz, int); - WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL); + WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor); + WOLFSSL_API int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* path, int type); + WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, + const unsigned char* buff, long sz, int type); + WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); #ifdef HAVE_CRL_IO - WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO); + WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb); #endif - WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options); - WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); - WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); - WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, - CbOCSPIO, CbOCSPRespFree, void*); - WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); - WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*); - WOLFSSL_API int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX*); - WOLFSSL_API int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options); + WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx); + WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url); + WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, + CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx); + WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx); + WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx); + WOLFSSL_API int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx); + WOLFSSL_API int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx); #endif /* !NO_CERTS */ #ifdef SINGLE_THREADED - WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx); #endif /* end of handshake frees temporary arrays, if user needs for get_keys or psk hints, call KeepArrays before handshake and then FreeArrays when done if don't want to wait for object free */ -WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*); -WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*); +WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl); @@ -3194,11 +3686,11 @@ WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl); /* async additions */ #define wolfSSL_UseAsync wolfSSL_SetDevId #define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId -WOLFSSL_ABI WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL* ssl, int devId); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId); /* helpers to get device id and heap */ -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX*, WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl); /* TLS Extensions */ @@ -3211,10 +3703,10 @@ enum { WOLFSSL_SNI_HOST_NAME = 0 }; -WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL*, unsigned char, - const void*, unsigned short); -WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX*, unsigned char, - const void*, unsigned short); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, + const void* data, unsigned short size); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type, + const void* data, unsigned short size); #ifndef NO_WOLFSSL_SERVER @@ -3287,7 +3779,9 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_QUIC) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -3388,6 +3882,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, /* Named Groups */ enum { + WOLFSSL_NAMED_GROUP_INVALID = 0, #if 0 /* Not Supported */ WOLFSSL_ECC_SECT163K1 = 1, WOLFSSL_ECC_SECT163R1 = 2, @@ -3427,6 +3922,38 @@ enum { WOLFSSL_FFDHE_4096 = 258, WOLFSSL_FFDHE_6144 = 259, WOLFSSL_FFDHE_8192 = 260, + +#ifdef HAVE_PQC + /* These group numbers were taken from OQS's openssl fork, see: + * https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/ + * oqs-template/oqs-kem-info.md. + * + * The levels in the group name refer to the claimed NIST level of each + * parameter set. The associated parameter set name is listed as a comment + * beside the group number. Please see the NIST PQC Competition's submitted + * papers for more details. + * + * LEVEL1 means that an attack on that parameter set would reqire the same + * or more resources as a key search on AES 128. LEVEL3 would reqire the + * same or more resources as a key search on AES 192. LEVEL5 would require + * the same or more resources as a key search on AES 256. None of the + * algorithms have LEVEL2 and LEVEL4 because none of these submissions + * included them. */ + + WOLFSSL_PQC_MIN = 570, + WOLFSSL_PQC_SIMPLE_MIN = 570, + WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ + WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */ + WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ + WOLFSSL_PQC_SIMPLE_MAX = 573, + + WOLFSSL_PQC_HYBRID_MIN = 12052, + WOLFSSL_P256_KYBER_LEVEL1 = 12090, + WOLFSSL_P384_KYBER_LEVEL3 = 12092, + WOLFSSL_P521_KYBER_LEVEL5 = 12093, + WOLFSSL_PQC_HYBRID_MAX = 12093, + WOLFSSL_PQC_MAX = 12093, +#endif }; enum { @@ -3450,7 +3977,7 @@ WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl); /* Secure Renegotiation */ -#ifdef HAVE_SECURE_RENEGOTIATION +#if defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO) WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx); @@ -3478,7 +4005,7 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); /* Session Ticket */ #ifdef HAVE_SESSION_TICKET -#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) +#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ !defined(WOLFSSL_TICKET_ENC_AES256_GCM) @@ -3497,12 +4024,15 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); #ifndef NO_WOLFSSL_CLIENT WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx); -WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, word32*); -WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, word32); -typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*); -WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, - CallbackSessionTicket, void*); +WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, unsigned char* buf, word32* bufSz); +WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const unsigned char* buf, word32 bufSz); +typedef int (*CallbackSessionTicket)(WOLFSSL* ssl, const unsigned char*, int, void*); +WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl, + CallbackSessionTicket cb, void* ctx); #endif /* NO_WOLFSSL_CLIENT */ +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_API int wolfSSL_send_SessionTicket(WOLFSSL* ssl); +#endif /* !NO_WOLFSSL_SERVER */ #define WOLFSSL_TICKET_NAME_SZ 16 @@ -3521,45 +4051,23 @@ enum TicketEncRet { WOLFSSL_API int wolfSSL_CTX_NoTicketTLSv12(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_NoTicketTLSv12(WOLFSSL* ssl); -typedef int (*SessionTicketEncCb)(WOLFSSL*, +typedef int (*SessionTicketEncCb)(WOLFSSL* ssl, unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ], unsigned char mac[WOLFSSL_TICKET_MAC_SZ], int enc, unsigned char*, int, int*, void*); WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, - SessionTicketEncCb); -WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); -WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); + SessionTicketEncCb cb); +WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint); +WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx); WOLFSSL_API void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx); +WOLFSSL_API size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t mxTickets); #endif /* NO_WOLFSSL_SERVER */ #endif /* HAVE_SESSION_TICKET */ -#ifdef HAVE_QSH -/* Quantum-safe Crypto Schemes */ -enum { - WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */ - WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */ - WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */ - WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */ - WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */ - WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */ -}; - - -/* test if the connection is using a QSH secure connection return 1 if so */ -WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name); -#ifndef NO_WOLFSSL_CLIENT - /* user control over sending client public key in hello - when flag = 1 will send keys if flag is 0 or function is not called - then will not send keys in the hello extension */ - WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag); -#endif - -#endif /* QSH */ - /* TLS Extended Master Secret Extension */ WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx); @@ -3569,9 +4077,16 @@ WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx); #define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */ +#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) +/* notify user we parsed a verified ClientHello is done. This only has an effect + * on the server end. */ +typedef int (*ClientHelloGoodCb)(WOLFSSL* ssl, void*); +WOLFSSL_API int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx); +#endif + /* notify user the handshake is done */ -typedef int (*HandShakeDoneCb)(WOLFSSL*, void*); -WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*); +typedef int (*HandShakeDoneCb)(WOLFSSL* ssl, void*); +WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx); WOLFSSL_API int wolfSSL_PrintSessionStats(void); @@ -3605,10 +4120,10 @@ typedef int (*TimeoutCallBack)(TimeoutInfo*); /* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack for diagnostics */ -WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, - WOLFSSL_TIMEVAL); -WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, - WOLFSSL_TIMEVAL); +WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, + TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout); +WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, + TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout); #endif /* WOLFSSL_CALLBACKS */ @@ -3664,6 +4179,9 @@ WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n); WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_get_type(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); +WOLFSSL_API size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o); +WOLFSSL_API const unsigned char* wolfSSL_OBJ_get0_data( + const WOLFSSL_ASN1_OBJECT* o); WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); @@ -3674,13 +4192,26 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name) WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n); WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj); -WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name); +WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, + const WOLFSSL_ASN1_OBJECT *a, int no_name); WOLFSSL_API void wolfSSL_OBJ_cleanup(void); WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln); #ifdef HAVE_ECC WOLFSSL_LOCAL int NIDToEccEnum(int n); #endif + +#define WOLFSSL_OBJ_NAME_TYPE_UNDEF 0x00 +#define WOLFSSL_OBJ_NAME_TYPE_MD_METH 0x01 +#define WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH 0x02 +#define WOLFSSL_OBJ_NAME_TYPE_PKEY_METH 0x03 +#define WOLFSSL_OBJ_NAME_TYPE_COMP_METH 0x04 +#define WOLFSSL_OBJ_NAME_TYPE_NUM 0x05 +#define WOLFSSL_OBJ_NAME_ALIAS 0x8000 + +WOLFSSL_API void wolfSSL_OBJ_NAME_do_all(int type, + void (*fn) (const WOLFSSL_OBJ_NAME* , void *arg), + void* arg); /* end of object functions */ WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); @@ -3688,6 +4219,8 @@ WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)); WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); +WOLFSSL_API void wolfSSL_certs_clear(WOLFSSL* ssl); + #ifndef NO_CERTS WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, @@ -3708,9 +4241,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry( WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*); -WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); #endif /* !NO_CERTS */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -3727,6 +4259,9 @@ WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) #ifndef NO_CERTS +WOLFSSL_API unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509); +WOLFSSL_API unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509* x509); +WOLFSSL_API unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); @@ -3756,7 +4291,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx, unsigned char* der, long derSz); -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b); WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x); WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X509 *x); @@ -3766,6 +4301,8 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup( + WOLFSSL_X509_EXTENSION* src); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk, WOLFSSL_X509_EXTENSION* ext); WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk); @@ -3774,7 +4311,11 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void); #endif WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext); +WOLFSSL_API int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext, + const WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext); +WOLFSSL_API int wolfSSL_X509_EXTENSION_set_data(WOLFSSL_X509_EXTENSION* ext, + WOLFSSL_ASN1_STRING* data); #endif /* !NO_CERTS */ WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); @@ -3790,8 +4331,8 @@ WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509** x509); -WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s); #endif +WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s); WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); #ifdef WOLFSSL_CERT_REQ @@ -3801,8 +4342,14 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain( + const WOLFSSL *ssl); WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); +WOLFSSL_API int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl, + WOLFSSL_X509_STORE* str); +WOLFSSL_API int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, + WOLFSSL_X509_STORE* str); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ @@ -3819,35 +4366,48 @@ WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_supports_pending(const WOLFSSL_BIO *bio); WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); -WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**); +WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey); -WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int); -WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int); -WOLFSSL_API int wolfSSL_set_min_proto_version(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_set_max_proto_version(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version); +WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version); +WOLFSSL_API int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version); +WOLFSSL_API int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version); +WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx); -WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); -WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u); #ifdef WOLFSSL_CERT_REQ -WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x, + wc_pem_password_cb* cb, void* u); +#endif #endif WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, - WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); + WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX - (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); + (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( + XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, + pem_password_cb* cb, void* u); +#endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, - pem_password_cb* cb, void* u); + wc_pem_password_cb* cb, void* u); #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, - WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); + WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u); #endif WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header, EncryptedInfo* cipher); WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, - pem_password_cb* callback, void* ctx); + wc_pem_password_cb* callback, void* ctx); #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ /*lighttp compatibility */ @@ -3884,20 +4444,23 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); -WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX*, WOLFSSL_X509*); -WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); +WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x); +WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); /* These are to be merged shortly */ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); -WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); -WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); +WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); @@ -3929,11 +4492,15 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c); || defined(OPENSSL_EXTRA) #define X509_BUFFER_SZ 8192 -WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); +WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh); WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, - WOLFSSL_DH **x, pem_password_cb *cb, void *u); + WOLFSSL_DH **x, wc_pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH **x, + wc_pem_password_cb *cb, void *u); +#endif WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, - WOLFSSL_DSA **x, pem_password_cb *cb, void *u); + WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u); WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); @@ -3958,21 +4525,25 @@ WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, int nid, int type, const unsigned char *bytes, int len); -WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, - int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req, const char *attrname, int type, const unsigned char *bytes, int len); -WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( - const WOLFSSL_X509 *req, int loc); -WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void); -WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr); -WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type( - WOLFSSL_X509_ATTRIBUTE *attr, int idx); WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md); #endif +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \ + defined(WOLFSSL_CERT_REQ) +WOLFSSL_API int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req); +WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( + const WOLFSSL_X509 *req, int loc); +WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, + int nid, int lastpos); +WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void); +WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr); +WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type( + WOLFSSL_X509_ATTRIBUTE *attr, int idx); +#endif #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) @@ -3980,9 +4551,9 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, #include WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions( - wolfSSL_Malloc_cb m, - wolfSSL_Realloc_cb r, - wolfSSL_Free_cb f); + wolfSSL_OSSL_Malloc_cb m, + wolfSSL_OSSL_Realloc_cb r, + wolfSSL_OSSL_Free_cb f); WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); @@ -4002,11 +4573,11 @@ WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, void (*callback) (int, int, void *), void *cb_arg); -WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int, +WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator, void (*callback) (int, int, void *)); +WOLFSSL_API int wolfSSL_ERR_load_ERR_strings(void); WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); - WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); WOLFSSL_API int wolfSSL_FIPS_mode(void); @@ -4017,55 +4588,69 @@ WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); -WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void); +#define WOLF_SK_COMPARE_CB(type, arg) \ + int (*(arg)) (const type* const* a, const type* const* b) +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new( + WOLF_SK_COMPARE_CB(WOLFSSL_X509, cb)); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new_null(void); WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_OBJECT_new(void); WOLFSSL_API void wolfSSL_sk_X509_OBJECT_free(WOLFSSL_STACK* s); +WOLFSSL_API void wolfSSL_sk_X509_OBJECT_pop_free(WOLFSSL_STACK* s, + void (*f) (WOLFSSL_X509_OBJECT*)); WOLFSSL_API int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj); WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void); WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_INFO_new_null(void); -WOLFSSL_API int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO)*); +WOLFSSL_API int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk); WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value( - const WOLF_STACK_OF(WOLFSSL_X509_INFO)*, int); + const WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, int i); WOLFSSL_API int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)*, - WOLFSSL_X509_INFO*); + WOLFSSL_X509_INFO* in); WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*, void (*f) (WOLFSSL_X509_INFO*)); WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); -typedef int (*wolf_sk_compare_cb)(const void* a, - const void* b); typedef unsigned long (*wolf_sk_hash_cb) (const void *v); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new( - wolf_sk_compare_cb); + WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb)); WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*, - WOLFSSL_X509_NAME*); -WOLFSSL_API int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, - WOLFSSL_X509_NAME*); + WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, + WOLFSSL_X509_NAME* name); WOLFSSL_API int wolfSSL_sk_X509_NAME_set_cmp_func( - WOLF_STACK_OF(WOLFSSL_X509_NAME)*, wolf_sk_compare_cb); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, int); -WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*); + WOLF_STACK_OF(WOLFSSL_X509_NAME)*, WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb)); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int i); +WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)*, void (*f) (WOLFSSL_X509_NAME*)); WOLFSSL_API void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME) *); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* + wolfSSL_sk_X509_NAME_ENTRY_new(WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME_ENTRY, cb)); +WOLFSSL_API int wolfSSL_sk_X509_NAME_ENTRY_push(WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk, + WOLFSSL_X509_NAME_ENTRY* name_entry); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* + wolfSSL_sk_X509_NAME_ENTRY_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk, int i); +WOLFSSL_API int wolfSSL_sk_X509_NAME_ENTRY_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk); +WOLFSSL_API void wolfSSL_sk_X509_NAME_ENTRY_free(WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk); + + WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s); -WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, - unsigned long); +WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio,WOLFSSL_X509_NAME* name,int indent, + unsigned long flags); #ifndef NO_FILESYSTEM -WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int, - unsigned long); +WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE fp,WOLFSSL_X509_NAME* name,int indent, + unsigned long flags); #endif -WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc); +WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(WOLF_SK_COMPARE_CB(WOLFSSL_CONF_VALUE, compFunc)); WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk); WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk); WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value( @@ -4076,35 +4661,33 @@ WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); -WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*); +WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* str); WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( - const WOLFSSL_X509*); + const WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit( - const WOLFSSL_ASN1_BIT_STRING*, int); + const WOLFSSL_ASN1_BIT_STRING* str, int i); WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit( - WOLFSSL_ASN1_BIT_STRING*, int, int); + WOLFSSL_ASN1_BIT_STRING* str, int pos, int val); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +WOLFSSL_API int wolfSSL_version(WOLFSSL* ssl); + #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) -WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); +WOLFSSL_API int wolfSSL_get_state(const WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_version(WOLFSSL*); - -WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); - -WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int); +WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int i); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*); -WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int); +WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int i); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_EX_DATA) +WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx); -WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); +WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup( WOLFSSL_SESSION* session, @@ -4117,25 +4700,23 @@ WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup( #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) -WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, - CRYPTO_free_func*); +WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long idx,void* data,void* cb1,void* cb2, + CRYPTO_free_func* cb3); -WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); +WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id( + const WOLFSSL_SESSION* sess, unsigned int* idLen); -WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, - unsigned int*); +WOLFSSL_API int wolfSSL_SESSION_print(WOLFSSL_BIO* bp, const WOLFSSL_SESSION* session); -WOLFSSL_API int wolfSSL_SESSION_print(WOLFSSL_BIO*, const WOLFSSL_SESSION*); +WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name); -WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *); +WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL* ssl, unsigned char type); -WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char); +WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl,WOLFSSL_CTX* ctx); -WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); +WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx); -WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); - -WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); +WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ @@ -4143,18 +4724,18 @@ WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); /* SNI received callback type */ typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); -WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, - CallbackSniRecv); -WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, - CallbackSniRecv); +WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, + CallbackSniRecv cb); +WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, + CallbackSniRecv cb); -WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); +WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg); #endif #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) -WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); +WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void* pid); /* support for deprecated old name */ #define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state @@ -4163,7 +4744,8 @@ WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp); #endif -WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); +WOLFSSL_API int wolfSSL_THREADID_set_callback( + void (*threadid_func)(WOLFSSL_CRYPTO_THREADID*)); WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); WOLFSSL_API void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id); @@ -4171,9 +4753,9 @@ WOLFSSL_API unsigned long wolfSSL_THREADID_hash( const WOLFSSL_CRYPTO_THREADID* id); WOLFSSL_API WOLFSSL_X509_LOOKUP_TYPE wolfSSL_X509_OBJECT_get_type( - const WOLFSSL_X509_OBJECT*); + const WOLFSSL_X509_OBJECT* obj); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* - wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *); + wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE* store); WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i); WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_new(void); @@ -4213,6 +4795,8 @@ WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int WOLF_EVENT_FLAG flags, int* eventCount); #endif /* WOLFSSL_ASYNC_CRYPT */ +typedef void (*Rem_Sess_Cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); + #ifdef OPENSSL_EXTRA typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, const void *buf, size_t len, WOLFSSL *ssl, void *arg); @@ -4283,7 +4867,7 @@ WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup( - X509 *x509, + WOLFSSL_X509 *x509, int idx, void *data, wolfSSL_ex_data_cleanup_routine_t cleanup_routine); @@ -4291,7 +4875,7 @@ WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup( #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); @@ -4302,18 +4886,22 @@ WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx); WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh); -WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *, +WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION *c); WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s); WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s); WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s); -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L -WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL*); -#else -WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL*); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, + const OPENSSL_INIT_SETTINGS *settings); #endif -WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*); +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L +WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl); +#else +WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL* ssl); +#endif +WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl); #ifndef NO_SESSION_CACHE WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s); @@ -4325,17 +4913,22 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, #ifdef HAVE_SESSION_TICKET typedef int (*ticketCompatCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv, WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc); -WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, ticketCompatCb); +WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX* ctx, ticketCompatCb cb); #endif #if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain); -typedef int(*tlsextStatusCb)(WOLFSSL*, void*); +typedef int(*tlsextStatusCb)(WOLFSSL* ssl, void*); WOLFSSL_API int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb); WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb); +WOLFSSL_API int wolfSSL_CTX_get0_chain_certs(WOLFSSL_CTX *ctx, + WOLF_STACK_OF(WOLFSSL_X509) **sk); +WOLFSSL_API int wolfSSL_get0_chain_certs(WOLFSSL *ssl, + WOLF_STACK_OF(WOLFSSL_X509) **sk); + WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x); @@ -4346,6 +4939,7 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void); +WOLFSSL_API void wolfSSL_WOLFSSL_STRING_free(WOLFSSL_STRING s); WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk); WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); @@ -4408,13 +5002,13 @@ WOLFSSL_API int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); -WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count); -WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count); +#endif #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void); @@ -4430,7 +5024,7 @@ WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509 WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, WOLFSSL_X509_ALGOR **pa, WOLFSSL_X509_PUBKEY *pub); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key); WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key); -WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **der, long length); @@ -4464,25 +5058,36 @@ WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store); WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); +#ifndef WOLFCRYPT_ONLY WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, - int passwdSz, pem_password_cb* cb, void* ctx); + int passwdSz, wc_pem_password_cb* cb, void* ctx); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey( + XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, + char* passwd, int passwdSz, wc_pem_password_cb* cb, void* ctx); +#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); + WOLFSSL_EVP_PKEY** pkey, wc_pem_password_cb* cb, void* u); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); - +#endif /* !WOLFCRYPT_ONLY */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef WOLFSSL_HAVE_TLS_UNIQUE +WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count); +WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count); +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ + #ifdef HAVE_PK_CALLBACKS WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx); #endif #ifdef HAVE_ENCRYPT_THEN_MAC -WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int); -WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int); +WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX* ctx, int set); +WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int set); #endif /* This feature is used to set a fixed ephemeral key and is for testing only */ @@ -4494,14 +5099,16 @@ WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format); /* returns pointer to loaded key as ASN.1/DER */ -WOLFSSL_API int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, +WOLFSSL_API int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, const unsigned char** key, unsigned int* keySz); -WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, +WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const unsigned char** key, unsigned int* keySz); #endif #if defined(OPENSSL_EXTRA) +#ifndef WOLFCRYPT_ONLY WOLFSSL_API int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx); +#endif WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level); WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx); @@ -4518,19 +5125,51 @@ WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx); #define WOLFSSL_CONF_FLAG_CMDLINE 0x1 #define WOLFSSL_CONF_FLAG_FILE 0x2 +#define WOLFSSL_CONF_FLAG_CLIENT 0x4 +#define WOLFSSL_CONF_FLAG_SERVER 0x8 +#define WOLFSSL_CONF_FLAG_SHOW_ERRORS 0x10 #define WOLFSSL_CONF_FLAG_CERTIFICATE 0x20 +#define WOLFSSL_CONF_TYPE_UNKNOWN 0x0 #define WOLFSSL_CONF_TYPE_STRING 0x1 #define WOLFSSL_CONF_TYPE_FILE 0x2 +#define WOLFSSL_CONF_TYPE_DIR 0x3 WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value); +WOLFSSL_API int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd); #endif /* OPENSSL_EXTRA */ -#if defined(HAVE_EX_DATA) || defined(FORTRESS) || defined(WOLFSSL_WPAS_SMALL) +#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func); -#endif /* HAVE_EX_DATA || FORTRESS */ +#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ + +#if defined(WOLFSSL_DTLS_CID) +WOLFSSL_API int wolfSSL_dtls_cid_use(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, + unsigned int size); +WOLFSSL_API int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl, + unsigned int* size); +WOLFSSL_API int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer, + unsigned int bufferSz); +WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, + unsigned int* size); +WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, + unsigned int bufferSz); +#endif /* defined(WOLFSSL_DTLS_CID) */ + +/* */ +#define SSL2_VERSION 0x0002 +#define SSL3_VERSION 0x0300 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 +#define TLS1_3_VERSION 0x0304 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/version.h b/source/libs/libwolfssl/version.h index 471f5636..4c4df7b5 100644 --- a/source/libs/libwolfssl/version.h +++ b/source/libs/libwolfssl/version.h @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "4.8.1" -#define LIBWOLFSSL_VERSION_HEX 0x04008001 +#define LIBWOLFSSL_VERSION_STRING "5.5.4" +#define LIBWOLFSSL_VERSION_HEX 0x05005004 #ifdef __cplusplus } diff --git a/source/libs/libwolfssl/wolfcrypt/aes.h b/source/libs/libwolfssl/wolfcrypt/aes.h index ed0a0dce..bb64276c 100644 --- a/source/libs/libwolfssl/wolfcrypt/aes.h +++ b/source/libs/libwolfssl/wolfcrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,7 +67,24 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif #ifdef WOLFSSL_XILINX_CRYPT -#include "xsecure_aes.h" +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL +#include +#include +#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0 +#else /* versal */ +#include +#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP +#endif /* !versal */ +#endif /* WOLFSSL_XILINX_CRYPT */ + +#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX_AES) +#if !defined(WOLFSSL_XILINX_AES_KEY_SRC) +#define WOLFSSL_XILINX_AES_KEY_SRC 0 +#endif /* !defined(WOLFSSL_XILINX_AES_KEY_SRC) */ +#endif /* all Xilinx crypto */ + +#ifdef WOLFSSL_SE050 + #include #endif #if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) @@ -75,6 +92,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#if defined(WOLFSSL_KCAPI_AES) +#include +#endif + #if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC) #include #endif @@ -88,13 +109,21 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) +#include +#endif + #if defined(WOLFSSL_CRYPTOCELL) #include #endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) - #include + #include +#endif + +#ifdef WOLFSSL_MAXQ10XX_CRYPTO + #include #endif #ifdef __cplusplus @@ -131,7 +160,7 @@ enum { KEYWRAP_BLOCK_SIZE = 8, GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */ - GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ + GCM_NONCE_MID_SZ = 12, /* The default nonce size for AES-GCM. */ GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */ CCM_NONCE_MIN_SZ = 7, CCM_NONCE_MAX_SZ = 13, @@ -147,7 +176,7 @@ enum { AES_XTS_MODE = 3, #endif -#ifdef HAVE_PKCS11 +#ifdef WOLF_PRIVATE_KEY_ID AES_MAX_ID_LEN = 32, AES_MAX_LABEL_LEN = 32, #endif @@ -174,6 +203,13 @@ struct Aes { word32 aadLen; /* additional authenticated data len */ #endif +#ifdef WOLFSSL_SE050 + sss_symmetric_t aes_ctx; /* used as the function context */ + int ctxInitDone; + word32 keyId; + byte keyIdSet; + byte useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */ +#endif #ifdef GCM_TABLE /* key-based fast multiplication table. */ ALIGN16 byte M0[256][AES_BLOCK_SIZE]; @@ -188,6 +224,9 @@ struct Aes { word32 y0; #endif #endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_CAAM + int blackKey; /* black key / hsm key id */ +#endif #ifdef WOLFSSL_AESNI byte use_aesni; #endif /* WOLFSSL_AESNI */ @@ -195,7 +234,7 @@ struct Aes { int devId; void* devCtx; #endif -#ifdef HAVE_PKCS11 +#ifdef WOLF_PRIVATE_KEY_ID byte id[AES_MAX_ID_LEN]; int idLen; char label[AES_MAX_LABEL_LEN]; @@ -209,9 +248,16 @@ struct Aes { word32 left; /* unused bytes left from last call */ #endif #ifdef WOLFSSL_XILINX_CRYPT +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL + wc_Xsecure xSec; + XSecure_AesKeySize xKeySize; + int aadStyle; + byte keyInit[WOLFSSL_XSECURE_AES_KEY_SIZE] ALIGN64; +#else XSecure_Aes xilAes; XCsuDma dma; - word32 key_init[8]; + word32 keyInit[8]; +#endif word32 kup; #endif #if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) @@ -224,9 +270,14 @@ struct Aes { GCM_NONCE_MID_SZ)]; #endif #endif +#if defined(WOLFSSL_KCAPI_AES) + struct kcapi_handle* handle; + int init; +#endif #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ - (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \ + defined(WOLFSSL_KCAPI_AES) word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ #ifdef HAVE_CAVIUM_OCTEON_SYNC int keySet; @@ -243,11 +294,23 @@ struct Aes { defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) TSIP_AES_CTX ctx; #endif +#if defined(WOLFSSL_RENESAS_SCEPROTECT) + SCE_AES_CTX ctx; +#endif #if defined(WOLFSSL_IMXRT_DCP) dcp_handle_t handle; #endif #if defined(WOLFSSL_SILABS_SE_ACCEL) silabs_aes_t ctx; +#endif +#ifdef WOLFSSL_MAXQ10XX_CRYPTO + maxq_aes_t maxq_ctx; +#endif +#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) + psa_key_id_t key_id; + psa_cipher_operation_t psa_ctx; + int ctx_initialized; + int key_need_importing; #endif void* heap; /* memory hint to use */ #ifdef WOLFSSL_AESGCM_STREAM @@ -351,10 +414,27 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, #endif /* AES-DIRECT */ #if defined(WOLFSSL_AES_DIRECT) +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in); - WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv, int dir); +#elif defined(BUILDING_WOLFSSL) + WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEncryptDirect(Aes* aes, byte* out, + const byte* in); + WOLFSSL_API WARN_UNUSED_RESULT int wc_AesDecryptDirect(Aes* aes, byte* out, + const byte* in); + WOLFSSL_API WARN_UNUSED_RESULT int wc_AesSetKeyDirect(Aes* aes, + const byte* key, + word32 len, + const byte* iv, int dir); +#else + WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); + WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in); + WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir); +#endif #endif #ifdef HAVE_AESGCM @@ -488,7 +568,7 @@ WOLFSSL_API int wc_AesXtsFree(XtsAes* aes); WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize); WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId); -#ifdef HAVE_PKCS11 +#ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, int devId); WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, @@ -496,6 +576,17 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, #endif WOLFSSL_API void wc_AesFree(Aes* aes); +#ifdef WOLFSSL_AES_SIV +WOLFSSL_API +int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc, + word32 assocSz, const byte* nonce, word32 nonceSz, + const byte* in, word32 inSz, byte* siv, byte* out); +WOLFSSL_API +int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc, + word32 assocSz, const byte* nonce, word32 nonceSz, + const byte* in, word32 inSz, byte* siv, byte* out); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/arc4.h b/source/libs/libwolfssl/wolfcrypt/arc4.h index cfc625f3..fbc32e10 100644 --- a/source/libs/libwolfssl/wolfcrypt/arc4.h +++ b/source/libs/libwolfssl/wolfcrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,9 +37,9 @@ #endif enum { - ARC4_ENC_TYPE = 4, /* cipher unique type */ + ARC4_ENC_TYPE = 4, /* cipher unique type */ ARC4_STATE_SIZE = 256, - RC4_KEY_SIZE = 16, /* always 128bit */ + RC4_KEY_SIZE = 16, /* always 128bit */ }; /* ARC4 encryption and decryption */ @@ -53,11 +53,12 @@ typedef struct Arc4 { void* heap; } Arc4; -WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32); -WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32); +WOLFSSL_API int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, + word32 length); +WOLFSSL_API int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length); -WOLFSSL_API int wc_Arc4Init(Arc4*, void*, int); -WOLFSSL_API void wc_Arc4Free(Arc4*); +WOLFSSL_API int wc_Arc4Init(Arc4* arc4, void* heap, int devId); +WOLFSSL_API void wc_Arc4Free(Arc4* arc4); #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/asn.h b/source/libs/libwolfssl/wolfcrypt/asn.h index d87d8682..02179eb0 100644 --- a/source/libs/libwolfssl/wolfcrypt/asn.h +++ b/source/libs/libwolfssl/wolfcrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,7 +47,7 @@ that can be serialized and deserialized in a cross-platform way. /* fips declare of RsaPrivateKeyDecode @wc_fips */ #if defined(HAVE_FIPS) && !defined(NO_RSA) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #include #endif @@ -100,17 +100,14 @@ enum ASN_Tags { ASN_SEQUENCE = 0x10, ASN_SET = 0x11, ASN_PRINTABLE_STRING = 0x13, + ASN_T61STRING = 0x14, ASN_IA5_STRING = 0x16, ASN_UTC_TIME = 0x17, - ASN_OTHER_TYPE = 0x00, - ASN_RFC822_TYPE = 0x01, - ASN_DNS_TYPE = 0x02, - ASN_DIR_TYPE = 0x04, - ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ - ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */ ASN_GENERALIZED_TIME = 0x18, - CRL_EXTENSIONS = 0xa0, - ASN_EXTENSIONS = 0xa3, + ASN_UNIVERSALSTRING = 0x1c, + ASN_BMPSTRING = 0x1e, + ASN_TYPE_MASK = 0x1f, + ASN_LONG_LENGTH = 0x80, ASN_INDEF_LENGTH = 0x80, @@ -118,12 +115,551 @@ enum ASN_Tags { ASN_CONSTRUCTED = 0x20, ASN_APPLICATION = 0x40, ASN_CONTEXT_SPECIFIC = 0x80, + ASN_PRIVATE = 0xC0, + + CRL_EXTENSIONS = 0xa0, + ASN_EXTENSIONS = 0xa3, + + /* GeneralName types */ + ASN_OTHER_TYPE = 0x00, + ASN_RFC822_TYPE = 0x01, + ASN_DNS_TYPE = 0x02, + ASN_DIR_TYPE = 0x04, + ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ + ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */ + + /* PKCS #7 types */ + ASN_ENC_CONTENT = 0x00, + ASN_OTHERNAME_VALUE = 0x00, + + /* AuthorityKeyIdentifier fields */ + ASN_AUTHKEYID_KEYID = 0x00, + ASN_AUTHKEYID_ISSUER = 0x01, + ASN_AUTHKEYID_SERIAL = 0x02, + + /* GeneralSubtree fields */ + ASN_SUBTREE_MIN = 0x00, + ASN_SUBTREE_MAX = 0x01, + + /* x509 Cert Fields */ + ASN_X509_CERT_VERSION = 0x00, + + /* x509 Cert Extension Fields */ + ASN_AKID_KEYID = 0x00, + + /* ECC Key Fields */ + ASN_ECC_PARAMS = 0x00, + ASN_ECC_PUBKEY = 0x01, + + /* OneAsymmetricKey Fields */ + ASN_ASYMKEY_ATTRS = 0x00, + ASN_ASYMKEY_PUBKEY = 0x01, }; -#define ASN_UTC_TIME_SIZE 14 -#define ASN_GENERALIZED_TIME_SIZE 16 +/* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified + * one needs to update the logic in asn.c function GetAsnTimeString() + * which depends on the size 14 and/or 16 to determine which format to + * place in the "buf" (output) + */ +#define ASN_UTC_TIME_SIZE 14 /* Read note above before modifying */ +#define ASN_GENERALIZED_TIME_SIZE 16 /* Read note above before modifying */ #define ASN_GENERALIZED_TIME_MAX 68 +#ifdef WOLFSSL_ASN_TEMPLATE +/* Different data types that can be stored in ASNGetData/ASNSetData. */ +enum ASNItem_DataType { + /* Default for tag type. */ + ASN_DATA_TYPE_NONE = 0, + /* 8-bit integer value. */ + ASN_DATA_TYPE_WORD8 = 1, + /* 16-bit integer value. */ + ASN_DATA_TYPE_WORD16 = 2, + /* 32-bit integer value. */ + ASN_DATA_TYPE_WORD32 = 4, + /* Buffer with data and length. */ + ASN_DATA_TYPE_BUFFER = 5, + /* An expected/required buffer with data and length. */ + ASN_DATA_TYPE_EXP_BUFFER = 6, + /* Replace the item with buffer (data and length). */ + ASN_DATA_TYPE_REPLACE_BUFFER = 7, + /* Big number as an mp_int. */ + ASN_DATA_TYPE_MP = 8, + /* Big number as a positive or negative mp_int. */ + ASN_DATA_TYPE_MP_POS_NEG = 9, + /* ASN.1 CHOICE. A 0 terminated list of tags that are valid. */ + ASN_DATA_TYPE_CHOICE = 10, +}; + +/* A template entry describing an ASN.1 item. */ +typedef struct ASNItem { + /* Depth of ASN.1 item - how many constructed ASN.1 items above. */ + byte depth; + /* BER/DER tag to expect. */ + byte tag; + /* Whether the ASN.1 item is constructed. */ + byte constructed:1; + /* Whether to parse the header only or skip data. If + * ASNSetData.data.buffer.data is supplied then this option gets + * overwritten and the child nodes get ignored. */ + byte headerOnly:1; + /* Whether ASN.1 item is optional. + * - 0 means not optional + * - 1 means is optional + * - 2+ means one of these at the same level with same value must appear. + */ + byte optional; +} ASNItem; + +/* Dynamic data for setting (encoding) an ASN.1 item. */ +typedef struct ASNSetData { + /* Reverse offset into buffer of ASN.1 item - calculated in SizeASN_Items(). + * SetASN_Items() subtracts from total length to get usable value. + */ + word32 offset; + /* Length of data in ASN.1 item - calculated in SizeASN_Items(). */ + word32 length; + /* Different data type representation. */ + union { + /* 8-bit integer value. */ + byte u8; + /* 16-bit integer value. */ + word16 u16; + /* 32-bit integer value. */ + word32 u32; + /* Big number as an mp_int. */ + mp_int* mp; + /* Buffer as data pointer and length. */ + struct { + /* Data to write out. */ + const byte* data; + /* Length of data to write out. */ + word32 length; + } buffer; + } data; + /* Type of data stored in data field - enum ASNItem_DataType. */ + byte dataType; + /* Don't write this ASN.1 item out. + * Optional items are dependent on the data being encoded. + */ + byte noOut; +} ASNSetData; + +/* Dynamic data for getting (decoding) an ASN.1 item. */ +typedef struct ASNGetData { + /* Offset into buffer where encoding starts. */ + word32 offset; + /* Total length of data in ASN.1 item. + * BIT_STRING and INTEGER lengths include leading byte. */ + word32 length; + union { + /* Pointer to 8-bit integer. */ + byte* u8; + /* Pointer to 16-bit integer. */ + word16* u16; + /* Pointer to 32-bit integer. */ + word32* u32; + /* Pointer to mp_int for big number. */ + mp_int* mp; + /* List of possible tags. Useful for CHOICE ASN.1 items. */ + const byte* choice; + /* Buffer to copy into. */ + struct { + /* Buffer to hold ASN.1 data. */ + byte* data; + /* Maximum length of buffer. */ + word32* length; + } buffer; + /* Refernce to ASN.1 item's data. */ + struct { + /* Pointer reference into input buffer. */ + const byte* data; + /* Length of data. */ + word32 length; + } ref; + /* Data of an OBJECT_ID. */ + struct { + /* OID data reference into input buffer. */ + const byte* data; + /* Length of OID data. */ + word32 length; + /* Type of OID expected. */ + word32 type; + /* OID sum - 32-bit id. */ + word32 sum; + } oid; + } data; + /* Type of data stored in data field - enum ASNItem_DataType. */ + byte dataType; + /* Tag found in BER/DER item. */ + byte tag; +} ASNGetData; + +WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data, + int count, int* encSz); +WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, + byte* output); +WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, + int complete, const byte* input, word32* inOutIdx, word32 maxIdx); + +#ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK +WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num); +WOLFSSL_LOCAL void GetASN_Int16Bit(ASNGetData *dataASN, word16* num); +WOLFSSL_LOCAL void GetASN_Int32Bit(ASNGetData *dataASN, word32* num); +WOLFSSL_LOCAL void GetASN_Buffer(ASNGetData *dataASN, byte* data, + word32* length); +WOLFSSL_LOCAL void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data, + word32 length); +WOLFSSL_LOCAL void GetASN_MP(ASNGetData *dataASN, mp_int* num); +WOLFSSL_LOCAL void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num); +WOLFSSL_LOCAL void GetASN_Choice(ASNGetData *dataASN, const byte* options); +WOLFSSL_LOCAL void GetASN_Boolean(ASNGetData *dataASN, byte* num); +WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType); +WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data, + word32* length); +WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data, + word32* length); +WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data, + word32* length); +WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val); +WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num); +WOLFSSL_LOCAL void SetASN_Int16Bit(ASNSetData *dataASN, word16 num); +WOLFSSL_LOCAL void SetASN_Buffer(ASNSetData *dataASN, const byte* data, + word32 length); +WOLFSSL_LOCAL void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data, + word32 length); +WOLFSSL_LOCAL void SetASN_MP(ASNSetData *dataASN, mp_int* num); +WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); +#else +/* Setup ASN data item to get an 8-bit number. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Pointer to an 8-bit variable. + */ +#define GetASN_Int8Bit(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_WORD8; \ + (dataASN)->data.u8 = num; \ + } while (0) + +/* Setup ASN data item to get a 16-bit number. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Pointer to a 16-bit variable. + */ +#define GetASN_Int16Bit(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_WORD16; \ + (dataASN)->data.u16 = num; \ + } while (0) + +/* Setup ASN data item to get a 32-bit number. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Pointer to a 32-bit variable. + */ +#define GetASN_Int32Bit(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_WORD32; \ + (dataASN)->data.u32 = num; \ + } while (0) + +/* Setup ASN data item to get data into a buffer of a specific length. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] d Buffer to hold data. + * @param [in] l Length of buffer in bytes. + */ +#define GetASN_Buffer(dataASN, d, l) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_BUFFER; \ + (dataASN)->data.buffer.data = d; \ + (dataASN)->data.buffer.length = l; \ + } while (0) + +/* Setup ASN data item to check parsed data against expected buffer. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] d Buffer containing expected data. + * @param [in] l Length of buffer in bytes. + */ +#define GetASN_ExpBuffer(dataASN, d, l) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_EXP_BUFFER; \ + (dataASN)->data.ref.data = d; \ + (dataASN)->data.ref.length = l; \ + } while (0) + +/* Setup ASN data item to get a number into an mp_int. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Multi-precision number object. + */ +#define GetASN_MP(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_MP; \ + (dataASN)->data.mp = num; \ + } while (0) + +/* Setup ASN data item to get a positive or negative number into an mp_int. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Multi-precision number object. + */ +#define GetASN_MP_PosNeg(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG; \ + (dataASN)->data.mp = num; \ + } while (0) + +/* Setup ASN data item to be a choice of tags. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] choice 0 terminated list of tags that are valid. + */ +#define GetASN_Choice(dataASN, options) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_CHOICE; \ + (dataASN)->data.choice = options; \ + } while (0) + +/* Setup ASN data item to get a boolean value. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Pointer to an 8-bit variable. + */ +#define GetASN_Boolean(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_NONE; \ + (dataASN)->data.u8 = num; \ + } while (0) + +/* Setup ASN data item to be a an OID of a specific type. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] oidType Type of OID to expect. + */ +#define GetASN_OID(dataASN, oidType) \ + (dataASN)->data.oid.type = oidType + +/* Get the data and length from an ASN data item. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [out] d Pointer to data of item. + * @param [out] l Length of buffer in bytes. + */ +#define GetASN_GetConstRef(dataASN, d, l) \ + do { \ + *(d) = (dataASN)->data.ref.data; \ + *(l) = (dataASN)->data.ref.length; \ + } while (0) + +/* Get the data and length from an ASN data item. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [out] d Pointer to data of item. + * @param [out] l Length of buffer in bytes. + */ +#define GetASN_GetRef(dataASN, d, l) \ + do { \ + *(d) = (byte*)(dataASN)->data.ref.data; \ + *(l) = (dataASN)->data.ref.length; \ + } while (0) + +/* Get the data and length from an ASN data item that is an OID. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [out] d Pointer to . + * @param [out] l Length of buffer in bytes. + */ +#define GetASN_OIDData(dataASN, d, l) \ + do { \ + *(d) = (byte*)(dataASN)->data.oid.data; \ + *(l) = (dataASN)->data.oid.length; \ + } while (0) + +/* Setup an ASN data item to set a boolean. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] val Boolean value. + */ +#define SetASN_Boolean(dataASN, val) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_NONE; \ + (dataASN)->data.u8 = val; \ + } while (0) + +/* Setup an ASN data item to set an 8-bit number. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num 8-bit number to set. + */ +#define SetASN_Int8Bit(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_WORD8; \ + (dataASN)->data.u8 = num; \ + } while (0) + +/* Setup an ASN data item to set a 16-bit number. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num 16-bit number to set. + */ +#define SetASN_Int16Bit(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_WORD16; \ + (dataASN)->data.u16 = num; \ + } while (0) + +/* Setup an ASN data item to set the data in a buffer. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] d Buffer containing data to set. + * @param [in] l Length of data in buffer in bytes. + */ +#define SetASN_Buffer(dataASN, d, l) \ + do { \ + (dataASN)->data.buffer.data = d; \ + (dataASN)->data.buffer.length = l; \ + } while (0) + +/* Setup an ASN data item to set the DER encode data in a buffer. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] d Buffer containing BER encoded data to set. + * @param [in] l Length of data in buffer in bytes. + */ +#define SetASN_ReplaceBuffer(dataASN, d, l) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_REPLACE_BUFFER; \ + (dataASN)->data.buffer.data = d; \ + (dataASN)->data.buffer.length = l; \ + } while (0) + +/* Setup an ASN data item to set an muli-precision number. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] num Multi-precision number. + */ +#define SetASN_MP(dataASN, num) \ + do { \ + (dataASN)->dataType = ASN_DATA_TYPE_MP; \ + (dataASN)->data.mp = num; \ + } while (0) + +/* Setup an ASN data item to set an OID based on id and type. + * + * oid and oidType pair are unique. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] oid OID identifier. + * @param [in] oidType Type of OID. + */ +#define SetASN_OID(dataASN, oid, oidType) \ + (dataASN)->data.buffer.data = OidFromId(oid, oidType, \ + &(dataASN)->data.buffer.length) +#endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */ + + +/* Get address at the start of the BER item. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] in Input buffer. + * @return Address at start of BER item. + */ +#define GetASNItem_Addr(dataASN, in) \ + ((in) + (dataASN).offset) + +/* Get length of a BER item - including tag and length. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] in Input buffer. + * @return Length of a BER item. + */ +#define GetASNItem_Length(dataASN, in) \ + ((dataASN).length + (word32)((dataASN).data.buffer.data - (in)) - \ + (dataASN).offset) + +/* Get the index of a BER item's data. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] in Input buffer. + * @return Index of a BER item's data. + */ +#define GetASNItem_DataIdx(dataASN, in) \ + (word32)((dataASN).data.ref.data - (in)) + +/* Get the end index of a BER item - index of the start of the next item. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] in Input buffer. + * @return End index of a BER item. + */ +#define GetASNItem_EndIdx(dataASN, in) \ + ((word32)((dataASN).data.ref.data - (in)) + \ + (dataASN).data.ref.length) + +/* For a BIT_STRING, get the unused bits byte. + * + * @param [in] dataASN Dynamic ASN data item. + * @return Unused bits byte in BIT_STRING. + */ +#define GetASNItem_UnusedBits(dataASN) \ + (*((dataASN).data.ref.data - 1)) + +/* Set the data items at indices start to end inclusive to not be encoded. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] start First item not to be encoded. + * @param [in] end Last item not to be encoded. + */ +#define SetASNItem_NoOut(dataASN, start, end) \ + do { \ + int ii; \ + for (ii = (start); ii <= (end); ii++) { \ + (dataASN)[ii].noOut = 1; \ + } \ + } \ + while (0) + +/* Set the data items below node to not be encoded. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] node Node who's children should not be encoded. + * @param [in] dataASNLen Number of items in dataASN. + */ +#define SetASNItem_NoOutBelow(dataASN, asn, node, dataASNLen) \ + do { \ + int ii; \ + for (ii = (node) + 1; ii < (int)(dataASNLen); ii++) { \ + if ((asn)[ii].depth <= (asn)[node].depth) \ + break; \ + (dataASN)[ii].noOut = 1; \ + } \ + } \ + while (0) + +/* Set the node and all nodes below to not be encoded. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] node Node which should not be encoded. Child nodes will + * also not be encoded. + * @param [in] dataASNLen Number of items in dataASN. + */ +#define SetASNItem_NoOutNode(dataASN, asn, node, dataASNLen) \ + do { \ + int ii; \ + (dataASN)[node].noOut = 1; \ + for (ii = (node) + 1; ii < (int)(dataASNLen); ii++) { \ + if ((asn)[ii].depth <= (asn)[node].depth) \ + break; \ + (dataASN)[ii].noOut = 1; \ + } \ + } \ + while (0) + +#endif /* WOLFSSL_ASN_TEMPLATE */ + + enum DN_Tags { ASN_DN_NULL = 0x00, ASN_COMMON_NAME = 0x03, /* CN */ @@ -132,14 +668,24 @@ enum DN_Tags { ASN_COUNTRY_NAME = 0x06, /* C */ ASN_LOCALITY_NAME = 0x07, /* L */ ASN_STATE_NAME = 0x08, /* ST */ + ASN_STREET_ADDR = 0x09, /* street */ ASN_ORG_NAME = 0x0a, /* O */ ASN_ORGUNIT_NAME = 0x0b, /* OU */ ASN_BUS_CAT = 0x0f, /* businessCategory */ - ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */ + ASN_POSTAL_CODE = 0x11, /* postalCode */ + ASN_USER_ID = 0x12, /* UserID */ +#ifdef WOLFSSL_CERT_NAME_ALL + ASN_NAME = 0x2a, /* name */ + ASN_GIVEN_NAME = 0x29, /* GN */ + ASN_INITIALS = 0x2b, /* initials */ + ASN_DNQUALIFIER = 0x2e, /* dnQualifier */ +#endif /* WOLFSSL_CERT_NAME_ALL */ + + ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */ + ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */ /* pilot attribute types * OID values of 0.9.2342.19200300.100.1.* */ - ASN_USER_ID = 0x01, /* UID */ ASN_FAVOURITE_DRINK = 0x05, /* favouriteDrink */ ASN_DOMAIN_COMPONENT = 0x19 /* DC */ }; @@ -163,6 +709,12 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_COMMON_NAME "/CN=" #define WOLFSSL_LN_COMMON_NAME "/commonName=" #define WOLFSSL_SUR_NAME "/SN=" +#ifdef WOLFSSL_CERT_NAME_ALL + #define WOLFSSL_NAME "/N=" + #define WOLFSSL_INITIALS "/initials=" + #define WOLFSSL_GIVEN_NAME "/GN=" + #define WOLFSSL_DNQUALIFIER "/dnQualifier=" +#endif /* WOLFSSL_CERT_NAME_ALL */ #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" #define WOLFSSL_COUNTRY_NAME "/C=" #define WOLFSSL_LN_COUNTRY_NAME "/countryName=" @@ -170,6 +722,9 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_LN_LOCALITY_NAME "/localityName=" #define WOLFSSL_STATE_NAME "/ST=" #define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName=" +#define WOLFSSL_STREET_ADDR_NAME "/street=" +#define WOLFSSL_LN_STREET_ADDR_NAME "/streetAddress=" +#define WOLFSSL_POSTAL_NAME "/postalCode=" #define WOLFSSL_ORG_NAME "/O=" #define WOLFSSL_LN_ORG_NAME "/organizationName=" #define WOLFSSL_ORGUNIT_NAME "/OU=" @@ -200,64 +755,72 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* NIDs */ -enum -{ - NID_undef = 0, - NID_netscape_cert_type = NID_undef, - NID_des = 66, - NID_des3 = 67, - NID_sha256 = 672, - NID_sha384 = 673, - NID_sha512 = 674, - NID_pkcs9_challengePassword = 54, - NID_hw_name_oid = 73, - NID_id_pkix_OCSP_basic = 74, - NID_any_policy = 75, - NID_anyExtendedKeyUsage = 76, - NID_givenName = 99, - NID_initials = 101, - NID_title = 106, - NID_description = 107, - NID_basic_constraints = 133, - NID_key_usage = 129, /* 2.5.29.15 */ - NID_ext_key_usage = 151, /* 2.5.29.37 */ - NID_subject_key_identifier = 128, - NID_authority_key_identifier = 149, - NID_private_key_usage_period = 130, /* 2.5.29.16 */ - NID_subject_alt_name = 131, - NID_issuer_alt_name = 132, - NID_info_access = 69, - NID_sinfo_access = 79, /* id-pe 11 */ - NID_name_constraints = 144, /* 2.5.29.30 */ - NID_crl_distribution_points = 145, /* 2.5.29.31 */ - NID_certificate_policies = 146, - NID_policy_mappings = 147, - NID_policy_constraints = 150, - NID_inhibit_any_policy = 168, /* 2.5.29.54 */ - NID_tlsfeature = 1020, /* id-pe 24 */ - NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */ - NID_buildingName = 1494, +#define NID_undef 0 +#define NID_netscape_cert_type NID_undef +#define NID_des 66 +#define NID_des3 67 +#define NID_sha256 672 +#define NID_sha384 673 +#define NID_sha512 674 +#define NID_sha512_224 1094 +#define NID_sha512_256 1095 +#define NID_pkcs7_signed 22 +#define NID_pkcs7_enveloped 23 +#define NID_pkcs7_signedAndEnveloped 24 +#define NID_pkcs9_unstructuredName 49 +#define NID_pkcs9_contentType 50 /* 1.2.840.113549.1.9.3 */ +#define NID_pkcs9_challengePassword 54 +#define NID_hw_name_oid 73 +#define NID_id_pkix_OCSP_basic 74 +#define NID_any_policy 75 +#define NID_anyExtendedKeyUsage 76 +#define NID_givenName 99 /* 2.5.4.42 */ +#define NID_initials 101 /* 2.5.4.43 */ +#define NID_title 106 +#define NID_description 107 +#define NID_basic_constraints 133 +#define NID_key_usage 129 /* 2.5.29.15 */ +#define NID_ext_key_usage 151 /* 2.5.29.37 */ +#define NID_subject_key_identifier 128 +#define NID_authority_key_identifier 149 +#define NID_private_key_usage_period 130 /* 2.5.29.16 */ +#define NID_subject_alt_name 131 +#define NID_issuer_alt_name 132 +#define NID_info_access 69 +#define NID_sinfo_access 79 /* id-pe 11 */ +#define NID_name_constraints 144 /* 2.5.29.30 */ +#define NID_crl_distribution_points 145 /* 2.5.29.31 */ +#define NID_certificate_policies 146 +#define NID_policy_mappings 147 +#define NID_policy_constraints 150 +#define NID_inhibit_any_policy 168 /* 2.5.29.54 */ +#define NID_tlsfeature 1020 /* id-pe 24 */ +#define NID_buildingName 1494 +#define NID_dnQualifier 174 /* 2.5.4.46 */ +#define NID_commonName 14 /* CN Changed to not conflict + * with PBE_SHA1_DES3 */ +#define NID_name 173 /* N , OID = 2.5.4.41 */ +#define NID_surname 0x04 /* SN */ +#define NID_serialNumber 0x05 /* serialNumber */ +#define NID_countryName 0x06 /* C */ +#define NID_localityName 0x07 /* L */ +#define NID_stateOrProvinceName 0x08 /* ST */ +#define NID_streetAddress ASN_STREET_ADDR /* street */ +#define NID_organizationName 0x0a /* O */ +#define NID_organizationalUnitName 0x0b /* OU */ +#define NID_jurisdictionCountryName 0xc +#define NID_jurisdictionStateOrProvinceName 0xd +#define NID_businessCategory ASN_BUS_CAT +#define NID_domainComponent ASN_DOMAIN_COMPONENT +#define NID_postalCode ASN_POSTAL_CODE /* postalCode */ +#define NID_favouriteDrink 462 +#define NID_userId 458 +#define NID_emailAddress 0x30 /* emailAddress */ +#define NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */ +#define NID_ms_upn 265 /* 1.3.6.1.4.1.311.20.2.3 */ - NID_surname = 0x04, /* SN */ - NID_serialNumber = 0x05, /* serialNumber */ - NID_countryName = 0x06, /* C */ - NID_localityName = 0x07, /* L */ - NID_stateOrProvinceName = 0x08, /* ST */ - NID_organizationName = 0x0a, /* O */ - NID_organizationalUnitName = 0x0b, /* OU */ - NID_jurisdictionCountryName = 0xc, - NID_jurisdictionStateOrProvinceName = 0xd, - NID_businessCategory = ASN_BUS_CAT, - NID_domainComponent = ASN_DOMAIN_COMPONENT, - NID_favouriteDrink = 462, - NID_userId = 458, - NID_emailAddress = 0x30, /* emailAddress */ - NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ - NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */ - - NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */ -}; +#define NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ #endif /* OPENSSL_EXTRA */ enum ECC_TYPES @@ -280,6 +843,8 @@ enum ECC_TYPES /* certificate info masks */ ASN_PIV_CERT_INFO_COMPRESSED = 0x03, ASN_PIV_CERT_INFO_ISX509 = 0x04, + /* GZIP is 0x01 */ + ASN_PIV_CERT_INFO_GZIP = 0x01, }; #endif /* WOLFSSL_CERT_PIV */ @@ -290,13 +855,13 @@ enum ECC_TYPES #define ASN_JOI_ST 0x2 #ifndef WC_ASN_NAME_MAX - #ifdef OPENSSL_EXTRA - #define WC_ASN_NAME_MAX 300 + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_EXT) + #define WC_ASN_NAME_MAX 330 #else #define WC_ASN_NAME_MAX 256 #endif #endif -#define ASN_NAME_MAX WC_ASN_NAME_MAX enum Misc_ASN { MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ @@ -304,13 +869,21 @@ enum Misc_ASN { ASN_BOOL_SIZE = 2, /* including type */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ -#ifdef NO_SHA +#if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256)) KEYID_SIZE = WC_SHA256_DIGEST_SIZE, #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, #endif +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) RSA_INTS = 8, /* RSA ints in private key */ +#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY) + RSA_INTS = 5, /* RSA ints in private key */ +#else + RSA_INTS = 2, /* RSA ints in private key */ +#endif DSA_PARAM_INTS = 3, /* DSA paramater ints */ + RSA_PUB_INTS = 2, /* RSA ints in public key */ + DSA_PUB_INTS = 4, /* DSA ints in public key */ DSA_INTS = 5, /* DSA ints in private key */ MIN_DATE_SIZE = 12, MAX_DATE_SIZE = 32, @@ -331,6 +904,7 @@ enum Misc_ASN { MAX_SIG_SZ = 256, MAX_ALGO_SZ = 20, MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */ + MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ @@ -341,9 +915,12 @@ enum Misc_ASN { MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ MAX_DSA_INT_SZ = 389, /* DSA raw sz 3072 for bits + tag + len(4) */ - MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ - MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ - MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ + MAX_DSA_PUBKEY_SZ = (DSA_PUB_INTS * MAX_DSA_INT_SZ) + (2 * MAX_SEQ_SZ) + + 2 + MAX_LENGTH_SZ, /* Maximum size of a DSA public + key taken from wc_SetDsaPublicKey. */ + MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ + + MAX_VERSION_SZ, /* Maximum size of a DSA Private + key taken from DsaKeyIntsToDer. */ MAX_RSA_E_SZ = 16, /* Max RSA public e size */ MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ @@ -356,8 +933,9 @@ enum Misc_ASN { #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ /* Max encoded cert req attributes length */ - MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + - MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ + MAX_ATTRIB_SZ = MAX_SEQ_SZ * 4 + (11 + MAX_SEQ_SZ) * 3 + + MAX_PRSTR_SZ * 2 + CTC_NAME_SIZE * 2, + /* 11 is the OID size */ #endif #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, @@ -367,7 +945,8 @@ enum Misc_ASN { /* Max total extensions, id + len + others */ #endif #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) + defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_OID_DECODING) || defined(HAVE_OID_ENCODING) MAX_OID_SZ = 32, /* Max DER length of OID*/ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif @@ -378,6 +957,10 @@ enum Misc_ASN { CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + (6 * (SEQ + OID))) */ +#ifndef IGNORE_NETSCAPE_CERT_TYPE + MAX_NSCERTTYPE_SZ = MAX_SEQ_SZ + 17, /* SEQ + OID + OCTET STR + + * NS BIT STR */ +#endif MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif @@ -385,9 +968,7 @@ enum Misc_ASN { OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ - EIGHTK_BUF = 8192, /* Tmp buffer size */ - MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, - /* use bigger NTRU size */ + MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, #ifdef WOLFSSL_ENCRYPTED_KEYS HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ #else @@ -411,11 +992,17 @@ enum Misc_ASN { PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ + + COUNTRY_CODE_LEN = 2, /* RFC 3739 */ }; #ifndef WC_MAX_NAME_ENTRIES /* entries added to x509 name struct */ - #define WC_MAX_NAME_ENTRIES 13 + #ifdef OPENSSL_EXTRA + #define WC_MAX_NAME_ENTRIES 16 + #else + #define WC_MAX_NAME_ENTRIES 14 + #endif #endif #define MAX_NAME_ENTRIES WC_MAX_NAME_ENTRIES @@ -442,6 +1029,9 @@ enum Oid_Types { oidTlsExtType = 18, oidCrlExtType = 19, oidCsrAttrType = 20, +#ifdef WOLFSSL_SUBJ_DIR_ATTR + oidSubjDirAttrType = 21, +#endif oidIgnoreType }; @@ -454,13 +1044,16 @@ enum Hash_Sum { SHA256h = 414, SHA384h = 415, SHA512h = 416, + SHA512_224h = 418, + SHA512_256h = 419, SHA3_224h = 420, SHA3_256h = 421, SHA3_384h = 422, - SHA3_512h = 423 + SHA3_512h = 423, + SHAKE128h = 424, + SHAKE256h = 425 }; - #if !defined(NO_DES3) || !defined(NO_AES) enum Block_Sum { #ifdef WOLFSSL_AES_128 @@ -487,13 +1080,30 @@ enum Block_Sum { enum Key_Sum { - DSAk = 515, - RSAk = 645, - NTRUk = 274, - ECDSAk = 518, - ED25519k = 256, - ED448k = 257, - DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ + DSAk = 515, + RSAk = 645, + RSAPSSk = 654, + RSAESOAEPk = 651, /* 1.2.840.113549.1.1.7 */ + ECDSAk = 518, + ED25519k = 256, /* 1.3.101.112 */ + X25519k = 254, /* 1.3.101.110 */ + ED448k = 257, /* 1.3.101.113 */ + X448k = 255, /* 1.3.101.111 */ + DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ + FALCON_LEVEL1k = 268, /* 1.3.9999.3.1 */ + FALCON_LEVEL5k = 271, /* 1.3.9999.3.4 */ + DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */ + DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */ + DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */ + DILITHIUM_AES_LEVEL2k = 217,/* 1.3.6.1.4.1.2.267.11.4.4 */ + DILITHIUM_AES_LEVEL3k = 221,/* 1.3.6.1.4.1.2.267.11.6.5 + 1 (See GetOID() in asn.c) */ + DILITHIUM_AES_LEVEL5k = 224,/* 1.3.6.1.4.1.2.267.11.8.7 */ + SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */ + SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */ + SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */ + SPHINCS_SMALL_LEVEL1k = 287, /* 1 3 9999 6 7 10 */ + SPHINCS_SMALL_LEVEL3k = 285, /* 1 3 9999 6 8 7 */ + SPHINCS_SMALL_LEVEL5k = 286, /* 1 3 9999 6 9 7 */ }; #if !defined(NO_AES) || defined(HAVE_PKCS7) @@ -524,7 +1134,8 @@ enum Key_Agree { enum KDF_Sum { - PBKDF2_OID = 660 + PBKDF2_OID = 660, + MGF1_OID = 652, }; @@ -548,23 +1159,36 @@ enum Extensions_Sum { AUTH_KEY_OID = 149, /* 2.5.29.35 */ SUBJ_KEY_OID = 128, /* 2.5.29.14 */ CERT_POLICY_OID = 146, /* 2.5.29.32 */ + CRL_NUMBER_OID = 134, /* 2.5.29.20 */ KEY_USAGE_OID = 129, /* 2.5.29.15 */ INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ NAME_CONS_OID = 144, /* 2.5.29.30 */ PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ - SUBJECT_INFO_ACCESS = 79, /* 1.3.6.1.5.5.7.1.11 */ + SUBJ_INFO_ACC_OID = 79, /* 1.3.6.1.5.5.7.1.11 */ POLICY_MAP_OID = 147, /* 2.5.29.33 */ POLICY_CONST_OID = 150, /* 2.5.29.36 */ ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */ TLS_FEATURE_OID = 92, /* 1.3.6.1.5.5.7.1.24 */ NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */ - OCSP_NOCHECK_OID = 121 /* 1.3.6.1.5.5.7.48.1.5 + OCSP_NOCHECK_OID = 121, /* 1.3.6.1.5.5.7.48.1.5 id-pkix-ocsp-nocheck */ + SUBJ_DIR_ATTR_OID = 123, /* 2.5.29.9 */ + + AKEY_PACKAGE_OID = 1048, /* 2.16.840.1.101.2.1.2.78.5 + RFC 5958 - Asymmetric Key Packages */ + FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */ + UPN_OID = 265 /* 1.3.6.1.4.1.311.20.2.3 UPN */ }; enum CertificatePolicy_Sum { - CP_ANY_OID = 146 /* id-ce 32 0 */ + CP_ANY_OID = 146, /* id-ce 32 0 */ +#ifdef WOLFSSL_FPKI + CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ + CP_FPKI_PIV_AUTH_OID = 453, /* 2.16.840.1.101.3.2.1.3.40 */ + CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ + CP_FPKI_PIVI_AUTH_OID = 458 /* 2.16.840.1.101.3.2.1.3.45 */ +#endif /* WOLFSSL_FPKI */ }; enum SepHardwareName_Sum { @@ -572,10 +1196,15 @@ enum SepHardwareName_Sum { }; enum AuthInfo_Sum { - AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ - AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ + AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1, id-ad-ocsp */ + AIA_CA_ISSUER_OID = 117, /* 1.3.6.1.5.5.7.48.2, id-ad-caIssuers */ + #ifdef WOLFSSL_SUBJ_INFO_ACC + AIA_CA_REPO_OID = 120 /* 1.3.6.1.5.5.7.48.5, id-ad-caRepository */ + #endif /* WOLFSSL_SUBJ_INFO_ACC */ }; +#define ID_PKIX(num) (67+(num)) /* 1.3.6.1.5.5.7.num, id-pkix num */ +#define ID_KP(num) (ID_PKIX(3)+(num)) /* 1.3.6.1.5.5.7.3.num, id-kp num */ enum ExtKeyUsage_Sum { /* From RFC 5280 */ EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ @@ -583,9 +1212,27 @@ enum ExtKeyUsage_Sum { /* From RFC 5280 */ EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */ EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */ EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */ - EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */ + EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */ + + /* From RFC 6187: X.509v3 Certificates for Secure Shell Authenticaiton */ + EKU_SSH_CLIENT_AUTH_OID = ID_KP(21), /* id-kp-secureShellClient */ + EKU_SSH_MSCL_OID = 264, + /* 1.3.6.1.4.1.311.20.2.2, MS Smart Card Logon */ + EKU_SSH_KP_CLIENT_AUTH_OID = 64 + /* 1.3.6.1.5.2.3.4, id-pkinit-KPClientAuth*/ }; +#ifdef WOLFSSL_SUBJ_DIR_ATTR +#define ID_PDA(num) (ID_PKIX(9)+(num)) /* 1.3.6.1.5.5.7.9.num, id-pda num */ +enum SubjDirAttr_Sum { /* From RFC 3739, section 3.3.2 */ + SDA_DOB_OID = ID_PDA(1), /* id-pda-dateOfBirth */ + SDA_POB_OID = ID_PDA(2), /* id-pda-placeOfBirth */ + SDA_GENDER_OID = ID_PDA(3), /* id-pda-gender */ + SDA_COC_OID = ID_PDA(4), /* id-pda-countryOfCitizenship */ + SDA_COR_OID = ID_PDA(5) /* id-pda-countryOfResidence */ +}; +#endif /* WOLFSSL_SUBJ_DIR_ATTR */ + #ifdef HAVE_LIBZ enum CompressAlg_Sum { ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */ @@ -611,9 +1258,17 @@ enum KeyIdType { #ifdef WOLFSSL_CERT_REQ enum CsrAttrType { + UNSTRUCTURED_NAME_OID = 654, + PKCS9_CONTENT_TYPE_OID = 655, CHALLENGE_PASSWORD_OID = 659, SERIAL_NUMBER_OID = 94, EXTENSION_REQUEST_OID = 666, + USER_ID_OID = 865, + DNQUALIFIER_OID = 135, + INITIALS_OID = 132, + SURNAME_OID = 93, + NAME_OID = 130, + GIVEN_NAME_OID = 131, }; #endif @@ -637,6 +1292,29 @@ enum CsrAttrType { #define EXTKEYUSE_CLIENT_AUTH 0x04 #define EXTKEYUSE_SERVER_AUTH 0x02 #define EXTKEYUSE_ANY 0x01 +#ifdef WOLFSSL_WOLFSSH + #define EXTKEYUSE_SSH_CLIENT_AUTH 0x01 + #define EXTKEYUSE_SSH_MSCL 0x02 + #define EXTKEYUSE_SSH_KP_CLIENT_AUTH 0x04 +#endif /* WOLFSSL_WOLFSSH */ + +#define WC_NS_SSL_CLIENT 0x80 +#define WC_NS_SSL_SERVER 0x40 +#define WC_NS_SMIME 0x20 +#define WC_NS_OBJSIGN 0x10 +#define WC_NS_SSL_CA 0x04 +#define WC_NS_SMIME_CA 0x02 +#define WC_NS_OBJSIGN_CA 0x01 + + +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME) + #ifndef WOLFSSL_MAX_IPSTR + #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ + #endif + #define WOLFSSL_IP4_ADDR_LEN 4 + #define WOLFSSL_IP6_ADDR_LEN 16 +#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ typedef struct DNS_entry DNS_entry; @@ -645,8 +1323,18 @@ struct DNS_entry { int type; /* i.e. ASN_DNS_TYPE */ int len; /* actual DNS len */ char* name; /* actual DNS name */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + char* ipString; /* human readable form of IP address */ +#endif +#ifdef WOLFSSL_FPKI + int oidSum; /* provide oid sum for verification */ +#endif }; +#ifdef WOLFSSL_FPKI + /* RFC4122 i.e urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6 */ + #define DEFAULT_UUID_SZ 45 +#endif typedef struct Base_entry Base_entry; @@ -684,6 +1372,22 @@ enum SignatureState { #endif #endif /* HAVE_PK_CALLBACKS */ +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(HAVE_PK_CALLBACKS) +typedef struct tagCertAttribute { + byte verifyByTSIP_SCE; + word32 certBegin; + word32 pubkey_n_start; + word32 pubkey_n_len; + word32 pubkey_e_start; + word32 pubkey_e_len; + int curve_id; + const byte* cert; + word32 certSz; + const byte* keyIndex; + } CertAttribute; +#endif + struct SignatureCtx { void* heap; byte* digest; @@ -712,6 +1416,11 @@ struct SignatureCtx { #endif #ifdef HAVE_ED448 struct ed448_key* ed448; + #endif + #ifdef HAVE_PQC + struct falcon_key* falcon; + struct dilithium_key* dilithium; + struct sphincs_key* sphincs; #endif void* ptr; } key; @@ -736,13 +1445,14 @@ struct SignatureCtx { #endif #endif /* HAVE_PK_CALLBACKS */ #ifndef NO_RSA -#ifdef WOLFSSL_RENESAS_TSIP_TLS - byte verifyByTSIP; - word32 certBegin; - word32 pubkey_n_start; - word32 pubkey_n_len; - word32 pubkey_e_start; - word32 pubkey_e_len; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) ||\ + defined(HAVE_PK_CALLBACKS) + CertAttribute CertAtt; +#endif +#ifdef WC_RSA_PSS + enum wc_HashType hash; + int mgf; + int saltLen; #endif #endif }; @@ -764,6 +1474,65 @@ struct CertSignCtx { int state; /* enum CertSignState */ }; +#define DOMAIN_COMPONENT_MAX 10 + +struct DecodedName { + char* fullName; + int fullNameLen; + int entryCount; + int cnIdx; + int cnLen; + int cnNid; + int snIdx; + int snLen; + int snNid; + int cIdx; + int cLen; + int cNid; + int lIdx; + int lLen; + int lNid; + int stIdx; + int stLen; + int stNid; + int oIdx; + int oLen; + int oNid; + int ouIdx; + int ouLen; +#ifdef WOLFSSL_CERT_EXT + int bcIdx; + int bcLen; + int jcIdx; + int jcLen; + int jsIdx; + int jsLen; +#endif + int ouNid; + int emailIdx; + int emailLen; + int emailNid; + int uidIdx; + int uidLen; + int uidNid; + int serialIdx; + int serialLen; + int serialNid; + int dcIdx[DOMAIN_COMPONENT_MAX]; + int dcLen[DOMAIN_COMPONENT_MAX]; + int dcNum; + int dcMode; +}; + +/* ASN Encoded Name field */ +typedef struct EncodedName { + int nameLen; /* actual string value length */ + int totalLen; /* total encoded length */ + int type; /* type of name */ + int used; /* are we actually using this one */ + byte encoded[CTC_NAME_SIZE * 2]; /* encoding */ +} EncodedName; + #ifndef WOLFSSL_MAX_PATH_LEN /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines * (k) max_path_length: this integer is initialized to "n", is @@ -779,6 +1548,7 @@ struct CertSignCtx { #define WOLFSSL_MAX_PATH_LEN 127 #endif +typedef struct DecodedName DecodedName; typedef struct DecodedCert DecodedCert; typedef struct Signer Signer; #ifdef WOLFSSL_TRUST_PEER_CERT @@ -787,6 +1557,11 @@ typedef struct TrustedPeerCert TrustedPeerCert; typedef struct SignatureCtx SignatureCtx; typedef struct CertSignCtx CertSignCtx; +#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ + && defined(HAVE_OID_DECODING) +typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, + const unsigned char* der, word32 derSz); +#endif struct DecodedCert { const byte* publicKey; @@ -797,6 +1572,10 @@ struct DecodedCert { word32 sigLength; /* length of signature */ word32 signatureOID; /* sum of algorithm object id */ word32 keyOID; /* sum of key algo object id */ +#ifdef WC_RSA_PSS + word32 sigParamsIndex; /* start of signature parameters */ + word32 sigParamsLength; /* length of signature parameters */ +#endif int version; /* cert version, 1 or 3 */ DNS_entry* altNames; /* alt names list of dns entries */ #ifndef IGNORE_NAME_CONSTRAINTS @@ -809,14 +1588,14 @@ struct DecodedCert { byte issuerHash[KEYID_SIZE]; /* hash of all Names */ #ifdef HAVE_OCSP byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */ - byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ + byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ #endif /* HAVE_OCSP */ const byte* signature; /* not owned, points into raw cert */ char* subjectCN; /* CommonName */ int subjectCNLen; /* CommonName Length */ char subjectCNEnc; /* CommonName Encoding */ - char issuer[ASN_NAME_MAX]; /* full name including common name */ - char subject[ASN_NAME_MAX]; /* full name including common name */ + char issuer[WC_ASN_NAME_MAX]; /* full name including common name */ + char subject[WC_ASN_NAME_MAX];/* full name including common name */ int verify; /* Default to yes, but could be off */ const byte* source; /* byte buffer holder cert, NOT owner */ word32 srcIdx; /* current offset into buffer */ @@ -833,6 +1612,10 @@ struct DecodedCert { const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */ int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */ #endif + const byte* extCrlInfoRaw; /* Entire CRL Distribution Points + * Extension. This is useful when + * re-generating the DER. */ + int extCrlInfoRawSz; /* length of the extension */ const byte* extCrlInfo; /* CRL Distribution Points */ int extCrlInfoSz; /* length of the URI */ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ @@ -844,16 +1627,42 @@ struct DecodedCert { byte policyConstSkip; /* Policy Constraints skip certs value */ word16 extKeyUsage; /* Key usage bitfield */ byte extExtKeyUsage; /* Extended Key usage bitfield */ +#ifdef WOLFSSL_WOLFSSH + byte extExtKeyUsageSsh; /* Extended Key Usage bitfield for SSH */ +#endif /* WOLFSSL_WOLFSSH */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) const byte* extExtKeyUsageSrc; word32 extExtKeyUsageSz; word32 extExtKeyUsageCount; +#ifdef WOLFSSL_AKID_NAME + const byte* extRawAuthKeyIdSrc; + word32 extRawAuthKeyIdSz; +#endif const byte* extAuthKeyIdSrc; word32 extAuthKeyIdSz; const byte* extSubjKeyIdSrc; word32 extSubjKeyIdSz; #endif +#ifdef OPENSSL_ALL + const byte* extSubjAltNameSrc; + word32 extSubjAltNameSz; +#endif +#ifdef WOLFSSL_SUBJ_DIR_ATTR + char countryOfCitizenship[COUNTRY_CODE_LEN+1]; /* ISO 3166 Country Code */ + #ifdef OPENSSL_ALL + const byte* extSubjDirAttrSrc; + word32 extSubjDirAttrSz; + #endif +#endif /* WOLFSSL_SUBJ_DIR_ATTR */ +#ifdef WOLFSSL_SUBJ_INFO_ACC + const byte* extSubjInfoAccCaRepo; + word32 extSubjInfoAccCaRepoSz; + #ifdef OPENSSL_ALL + const byte* extSubjInfoAccSrc; + word32 extSubjInfoAccSz; + #endif +#endif /* WOLFSSL_SUBJ_INFO_ACC */ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) word32 pkCurveOID; /* Public Key's curve OID */ @@ -870,11 +1679,30 @@ struct DecodedCert { const byte* subjectRaw; /* pointer to subject inside source */ int subjectRawLen; #endif +#if !defined(IGNORE_NAME_CONSTRAINTS) || \ + defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + char* subjectEmail; + int subjectEmailLen; +#endif #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) /* easy access to subject info for other sign */ char* subjectSN; int subjectSNLen; char subjectSNEnc; + #ifdef WOLFSSL_CERT_NAME_ALL + char* subjectN; + int subjectNLen; + char subjectNEnc; + char* subjectI; + int subjectILen; + char subjectIEnc; + char* subjectGN; + int subjectGNLen; + char subjectGNEnc; + char* subjectDNQ; + int subjectDNQLen; + char subjectDNQEnc; + #endif /*WOLFSSL_CERT_NAME_ALL */ char* subjectC; int subjectCLen; char subjectCEnc; @@ -893,7 +1721,12 @@ struct DecodedCert { char* subjectSND; int subjectSNDLen; char subjectSNDEnc; -#ifdef WOLFSSL_CERT_EXT + char* subjectUID; + int subjectUIDLen; + char subjectUIDEnc; + char* subjectStreet; + int subjectStreetLen; + char subjectStreetEnc; char* subjectBC; int subjectBCLen; char subjectBCEnc; @@ -903,10 +1736,38 @@ struct DecodedCert { char* subjectJS; int subjectJSLen; char subjectJSEnc; -#endif - char* subjectEmail; - int subjectEmailLen; -#endif /* WOLFSSL_CERT_GEN */ + char* subjectPC; + int subjectPCLen; + char subjectPCEnc; +#if defined(WOLFSSL_HAVE_ISSUER_NAMES) + char* issuerCN; + int issuerCNLen; + char issuerCNEnc; + char* issuerSN; + int issuerSNLen; + char issuerSNEnc; + char* issuerC; + int issuerCLen; + char issuerCEnc; + char* issuerL; + int issuerLLen; + char issuerLEnc; + char* issuerST; + int issuerSTLen; + char issuerSTEnc; + char* issuerO; + int issuerOLen; + char issuerOEnc; + char* issuerOU; + int issuerOULen; + char issuerOUEnc; + char* issuerSND; + int issuerSNDLen; + char issuerSNDEnc; + char* issuerEmail; + int issuerEmailLen; +#endif /* WOLFSSL_HAVE_ISSUER_NAMES */ +#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ void* issuerName; @@ -923,22 +1784,40 @@ struct DecodedCert { #ifdef WOLFSSL_CERT_EXT char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; int extCertPoliciesNb; -#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ +#endif /* WOLFSSL_CERT_EXT */ +#ifndef IGNORE_NETSCAPE_CERT_TYPE + byte nsCertType; +#endif #ifdef WOLFSSL_CERT_REQ /* CSR attributes */ - char* cPwd; /* challengePassword */ + char* contentType; /* Content Type */ + int contentTypeLen; + char* cPwd; /* Challenge Password */ int cPwdLen; char* sNum; /* Serial Number */ int sNumLen; + char* dnQualifier; + int dnQualifierLen; + char* initials; + int initialsLen; + char* surname; + int surnameLen; + char* givenName; + int givenNameLen; + char* unstructuredName; + int unstructuredNameLen; #endif /* WOLFSSL_CERT_REQ */ Signer* ca; #ifndef NO_CERTS SignatureCtx sigCtx; #endif -#ifdef WOLFSSL_RENESAS_TSIP - byte* tsip_encRsaKeyIdx; +#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) + byte* sce_tsip_encRsaKeyIdx; +#endif +#ifdef WOLFSSL_MAXQ10XX_TLS + word32 publicKeyIndex; /* offset to start of public key */ #endif int badDate; @@ -971,37 +1850,36 @@ struct DecodedCert { #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicySet : 1; #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte extCRLdistCrit : 1; byte extAuthInfoCrit : 1; byte extBasicConstCrit : 1; byte extPolicyConstCrit : 1; byte extSubjAltNameCrit : 1; byte extAuthKeyIdCrit : 1; - #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintCrit : 1; - #endif +#ifndef IGNORE_NAME_CONSTRAINTS + byte extNameConstraintCrit : 1; +#endif byte extSubjKeyIdCrit : 1; byte extKeyUsageCrit : 1; byte extExtKeyUsageCrit : 1; -#endif /* OPENSSL_EXTRA */ +#ifdef WOLFSSL_SUBJ_DIR_ATTR + byte extSubjDirAttrSet : 1; +#endif +#ifdef WOLFSSL_SUBJ_INFO_ACC + byte extSubjInfoAccSet : 1; +#endif #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicyCrit : 1; #endif #ifdef WOLFSSL_CERT_REQ byte isCSR : 1; /* Do we intend on parsing a CSR? */ #endif +#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ + && defined(HAVE_OID_DECODING) + wc_UnknownExtCallback unknownExtCallback; +#endif }; -/* ASN Encoded Name field */ -typedef struct EncodedName { - int nameLen; /* actual string value length */ - int totalLen; /* total encoded length */ - int type; /* type of name */ - int used; /* are we actually using this one */ - byte encoded[CTC_NAME_SIZE * 2]; /* encoding */ -} EncodedName; - #ifdef NO_SHA #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE #else @@ -1037,7 +1915,7 @@ struct Signer { #ifdef WOLFSSL_SIGNER_DER_CERT DerBuffer* derCert; #endif -#ifdef WOLFSSL_RENESAS_TSIP_TLS +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) word32 cm_idx; #endif Signer* next; @@ -1057,7 +1935,7 @@ struct TrustedPeerCert { /* sha hash of names in certificate */ #ifndef NO_SKID byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; - /* sha hash of names in certificate */ + /* sha hash of SKID in certificate */ #endif word32 sigLen; byte* sig; @@ -1068,7 +1946,7 @@ struct TrustedPeerCert { /* for testing or custom openssl wrappers */ #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_PUBLIC_ASN) #define WOLFSSL_ASN_API WOLFSSL_API #else #define WOLFSSL_ASN_API WOLFSSL_LOCAL @@ -1116,38 +1994,58 @@ WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz); -WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*); +WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap); +WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap); #ifndef IGNORE_NAME_CONSTRAINTS - WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); + WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry* names, void* heap); #endif /* IGNORE_NAME_CONSTRAINTS */ -WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*); -WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); -WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); +WOLFSSL_ASN_API void InitDecodedCert(DecodedCert* cert, const byte* source, + word32 inSz, void* heap); +WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert); +WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify, + void* cm); -WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz, - const byte *in, word32 inSz); +#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ + && defined(HAVE_OID_DECODING) +WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert, + wc_UnknownExtCallback cb); +#endif + +WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in, + word32 inSz); WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap); WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, + void* heap, const byte* pubKey, + word32 pubKeySz, int pubKeyOID); +#endif + #ifdef WOLFSSL_CERT_REQ -WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, - const byte* pubKey, word32 pubKeySz, int pubKeyOID); +WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, + void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); #endif /* WOLFSSL_CERT_REQ */ -WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, +WOLFSSL_ASN_API int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, int sigAlgoType); -WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); -WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); +WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify, + void* cm); +WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify); +#ifdef WOLFSSL_ASN_TEMPLATE +WOLFSSL_LOCAL int DecodeCert(DecodedCert* cert, int verify, int* criticalExt); +#endif WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate); WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); -WOLFSSL_LOCAL Signer* MakeSigner(void*); -WOLFSSL_LOCAL void FreeSigner(Signer*, void*); -WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); +WOLFSSL_LOCAL Signer* MakeSigner(void* heap); +WOLFSSL_LOCAL void FreeSigner(Signer* signer, void* heap); +WOLFSSL_LOCAL void FreeSignerTable(Signer** table, int rows, void* heap); #ifdef WOLFSSL_TRUST_PEER_CERT -WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); -WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); +WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert* tp, void* heap); +WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, + void* heap); #endif /* WOLFSSL_TRUST_PEER_CERT */ WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); @@ -1157,8 +2055,8 @@ WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 length); WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 length, word32* algId); -WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int, - word32* algId); +WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password, + int passwordSz, word32* algId); WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); @@ -1178,7 +2076,9 @@ typedef struct tm wolfssl_tm; defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif -#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7) +#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)) +WOLFSSL_LOCAL int GetFormattedTime(void* currTime, byte* buf, word32 len); WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len); #endif WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, @@ -1187,12 +2087,9 @@ WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType); WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); -WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr, - char nameType, byte type); -WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, - char nameType, byte type); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN +WOLFSSL_LOCAL int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap); WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx); WOLFSSL_LOCAL byte GetCertNameId(int idx); @@ -1222,7 +2119,8 @@ WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version, word32 maxIdx); WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, - word32 maxIdx); + word32 maxIdx); + #ifdef HAVE_OID_ENCODING WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); @@ -1240,6 +2138,15 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, word32 inputSz); + +WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output); +WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output); +WOLFSSL_LOCAL word32 SetASNOctetString(word32 len, byte* output); +WOLFSSL_LOCAL word32 SetASNImplicit(byte tag,byte number, word32 len, + byte* output); +WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output); +WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output); + WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); @@ -1252,27 +2159,43 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, word32 outputSz, int maxSnSz); -WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, +#ifndef WOLFSSL_ASN_TEMPLATE +WOLFSSL_LOCAL int wc_GetSerialNumber(const byte* input, word32* inOutIdx, byte* serial, int* serialSz, word32 maxIdx); +#endif WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, - int maxIdx); + int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der); WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); -WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); +#ifdef WOLFSSL_DH_EXTRA +WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, + DhKey* key, word32 inSz); +#endif +WOLFSSL_LOCAL int FlattenAltNames(byte* output, word32 outputSz, + const DNS_entry* names); + +WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr, + char nameType, byte type); +WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, + char nameType, byte type); #if defined(HAVE_ECC) || !defined(NO_DSA) /* ASN sig helpers */ WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s); - WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, + WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, const byte* s, word32 sLen); - WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, + WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen); WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s); #endif +#ifndef NO_DSA +WOLFSSL_LOCAL int StoreDSAParams(byte*, word32*, const mp_int*, const mp_int*, + const mp_int*); +#endif #if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_API int EccEnumToNID(int n); #endif @@ -1280,6 +2203,11 @@ WOLFSSL_API int EccEnumToNID(int n); WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); +WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, + byte* output, word32 outLen, int keyType, int withHeader); +WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, + byte* pubKey, word32* pubKeyLen, int keyType); + #ifndef NO_CERTS WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, @@ -1296,31 +2224,34 @@ WOLFSSL_LOCAL void FreeDer(DerBuffer** der); #ifdef HAVE_SMIME WOLFSSL_LOCAL int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** hdrs); WOLFSSL_LOCAL int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end); -WOLFSSL_LOCAL int wc_MIME_create_header(char* name, char* body, MimeHdr** hdr); -WOLFSSL_LOCAL int wc_MIME_create_parameter(char* attribute, char* value, MimeParam** param); WOLFSSL_LOCAL MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* hdr); WOLFSSL_LOCAL MimeParam* wc_MIME_find_param_attr(const char* attribute, MimeParam* param); -WOLFSSL_LOCAL char* wc_MIME_canonicalize(const char* line); +WOLFSSL_LOCAL char* wc_MIME_single_canonicalize(const char* line, word32* len); WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head); #endif /* HAVE_SMIME */ #ifdef WOLFSSL_CERT_GEN enum cert_enums { -#ifdef WOLFSSL_CERT_EXT - NAME_ENTRIES = 10, -#else - NAME_ENTRIES = 9, -#endif - JOINT_LEN = 2, - EMAIL_JOINT_LEN = 9, - PILOT_JOINT_LEN = 10, - RSA_KEY = 10, - NTRU_KEY = 11, - ECC_KEY = 12, - ED25519_KEY = 13, - ED448_KEY = 14, - DSA_KEY = 15 + RSA_KEY = 10, + ECC_KEY = 12, + ED25519_KEY = 13, + ED448_KEY = 14, + DSA_KEY = 15, + FALCON_LEVEL1_KEY = 16, + FALCON_LEVEL5_KEY = 17, + DILITHIUM_LEVEL2_KEY = 18, + DILITHIUM_LEVEL3_KEY = 19, + DILITHIUM_LEVEL5_KEY = 20, + DILITHIUM_AES_LEVEL2_KEY = 21, + DILITHIUM_AES_LEVEL3_KEY = 22, + DILITHIUM_AES_LEVEL5_KEY = 23, + SPHINCS_FAST_LEVEL1_KEY = 24, + SPHINCS_FAST_LEVEL3_KEY = 25, + SPHINCS_FAST_LEVEL5_KEY = 26, + SPHINCS_SMALL_LEVEL1_KEY = 27, + SPHINCS_SMALL_LEVEL3_KEY = 28, + SPHINCS_SMALL_LEVEL5_KEY = 29, }; #endif /* WOLFSSL_CERT_GEN */ @@ -1338,7 +2269,7 @@ enum Ocsp_Response_Status { OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ OCSP_TRY_LATER = 3, /* Try again later */ OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ - OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ + OCSP_UNAUTHORIZED = 6 /* Request unauthorized */ }; @@ -1381,7 +2312,8 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; @@ -1414,7 +2346,7 @@ struct OcspEntry word32 ownStatus:1; /* do we need to free the status * response list */ word32 isDynamic:1; /* was dynamically allocated */ - + word32 used:1; /* entry used */ }; /* TODO: Long-term, it would be helpful if we made this struct and other OCSP @@ -1471,17 +2403,22 @@ struct OcspRequest { void* ssl; }; -WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*); -WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*); -WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); +WOLFSSL_LOCAL void InitOcspResponse(OcspResponse* resp, OcspEntry* single, + CertStatus* status, byte* source, word32 inSz, void* heap); +WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse* resp); +WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, + int noVerify); -WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); -WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); -WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); -WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32); +WOLFSSL_LOCAL int InitOcspRequest(OcspRequest* req, DecodedCert* cert, + byte useNonce, void* heap); +WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest* req); +WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest* req, byte* output, + word32 size); +WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, + word32 size); -WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); +WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp); #endif /* HAVE_OCSP */ @@ -1496,6 +2433,8 @@ struct RevokedCert { byte serialNumber[EXTERNAL_SERIAL_SIZE]; int serialSz; RevokedCert* next; + byte revDate[MAX_DATE_SIZE]; + byte revDateFormat; }; typedef struct DecodedCRL DecodedCRL; @@ -1513,22 +2452,29 @@ struct DecodedCRL { byte lastDateFormat; /* format of last date */ byte nextDateFormat; /* format of next date */ RevokedCert* certs; /* revoked cert list */ +#if defined(OPENSSL_EXTRA) + byte* issuer; /* full name including common name */ + word32 issuerSz; /* length of the issuer */ +#endif int totalCerts; /* number on list */ + int version; /* version of cert */ void* heap; #ifndef NO_SKID byte extAuthKeyIdSet; byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */ #endif + int crlNumber; /* CRL number extension */ }; -WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap); +WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap); WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned, word32 tbsSz, const byte* signature, word32 sigSz, word32 signatureOID, Signer *ca, void* heap); -WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); -WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); +WOLFSSL_LOCAL int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, + const byte* buff, word32 sz, int verify, void* cm); +WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); #endif /* HAVE_CRL */ @@ -1541,10 +2487,33 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); #endif /* !NO_ASN */ +#if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \ + || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \ + || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \ + || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ + || (defined(HAVE_PQC) && defined(HAVE_FALCON)) \ + || (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \ + || (defined(HAVE_PQC) && defined(HAVE_SPHINCS))) +WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx, + word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey, + word32* pubKeyLen, int keyType); +#endif + +#ifdef WC_ENABLE_ASYM_KEY_EXPORT +WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, + const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen, + int keyType); +#endif + + #if !defined(NO_ASN) || !defined(NO_PWDBASED) -#ifndef MAX_KEY_SIZE - #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */ +#ifndef PKCS_MAX_KEY_SIZE + #define PKCS_MAX_KEY_SIZE 64 /* MAX PKCS Key length */ +#endif +#if !defined(WOLFSSL_GAME_BUILD) && !defined(MAX_KEY_SIZE) + /* for backwards compatibility */ + #define MAX_KEY_SIZE PKCS_MAX_KEY_SIZE #endif #ifndef MAX_UNICODE_SZ #define MAX_UNICODE_SZ 256 @@ -1561,7 +2530,13 @@ enum PBESTypes { PBE_SHA1_RC4_128_SUM = 657, PBE_SHA1_DES3_SUM = 659, - PBES2 = 13 /* algo ID */ + PBE_MD5_DES_SUM = 651, + PBE_SHA1_DES_SUM = 658, + PBES2_SUM = 661, + + PBES2 = 13, /* algo ID */ + PBES1_MD5_DES = 3, + PBES1_SHA1_DES = 10, }; enum PKCSTypes { @@ -1569,6 +2544,9 @@ enum PKCSTypes { PKCS12v1 = 12, /* PKCS #12 */ PKCS5 = 5, /* PKCS oid tag */ PKCS8v0 = 0, /* default PKCS#8 version */ + PKCS8v1 = 1, /* PKCS#8 version including public key */ + PKCS1v0 = 0, /* default PKCS#1 version */ + PKCS1v1 = 1, /* Multi-prime version */ }; #endif /* !NO_ASN || !NO_PWDBASED */ diff --git a/source/libs/libwolfssl/wolfcrypt/asn_public.h b/source/libs/libwolfssl/wolfcrypt/asn_public.h index ac192ebe..8faae33e 100644 --- a/source/libs/libwolfssl/wolfcrypt/asn_public.h +++ b/source/libs/libwolfssl/wolfcrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,6 +33,7 @@ This library defines the interface APIs for X509 certificates. #include #include +#include #ifdef __cplusplus extern "C" { @@ -47,22 +48,38 @@ This library defines the interface APIs for X509 certificates. typedef struct ed25519_key ed25519_key; #define WC_ED25519KEY_TYPE_DEFINED #endif +#ifndef WC_CURVE25519KEY_TYPE_DEFINED + typedef struct curve25519_key curve25519_key; + #define WC_CURVE25519KEY_TYPE_DEFINED +#endif #ifndef WC_ED448KEY_TYPE_DEFINED typedef struct ed448_key ed448_key; #define WC_ED448KEY_TYPE_DEFINED #endif +#ifndef WC_CURVE448KEY_TYPE_DEFINED + typedef struct curve448_key curve448_key; + #define WC_CURVE448KEY_TYPE_DEFINED +#endif #ifndef WC_RSAKEY_TYPE_DEFINED typedef struct RsaKey RsaKey; #define WC_RSAKEY_TYPE_DEFINED #endif -#ifndef WC_RNG_TYPE_DEFINED - typedef struct WC_RNG WC_RNG; - #define WC_RNG_TYPE_DEFINED -#endif #ifndef WC_DH_TYPE_DEFINED typedef struct DhKey DhKey; #define WC_DH_TYPE_DEFINED #endif +#ifndef WC_FALCONKEY_TYPE_DEFINED + typedef struct falcon_key falcon_key; + #define WC_FALCONKEY_TYPE_DEFINED +#endif +#ifndef WC_DILITHIUMKEY_TYPE_DEFINED + typedef struct dilithium_key dilithium_key; + #define WC_DILITHIUMKEY_TYPE_DEFINED +#endif +#ifndef WC_SPHINCSKEY_TYPE_DEFINED + typedef struct sphincs_key sphincs_key; + #define WC_SPHINCSKEY_TYPE_DEFINED +#endif enum Ecc_Sum { ECC_SECP112R1_OID = 182, @@ -125,6 +142,22 @@ enum CertType { PKCS8_ENC_PRIVATEKEY_TYPE, DETECT_CERT_TYPE, DH_PRIVATEKEY_TYPE, + X942_PARAM_TYPE, + FALCON_LEVEL1_TYPE, + FALCON_LEVEL5_TYPE, + DILITHIUM_LEVEL2_TYPE, + DILITHIUM_LEVEL3_TYPE, + DILITHIUM_LEVEL5_TYPE, + DILITHIUM_AES_LEVEL2_TYPE, + DILITHIUM_AES_LEVEL3_TYPE, + DILITHIUM_AES_LEVEL5_TYPE, + SPHINCS_FAST_LEVEL1_TYPE, + SPHINCS_FAST_LEVEL3_TYPE, + SPHINCS_FAST_LEVEL5_TYPE, + SPHINCS_SMALL_LEVEL1_TYPE, + SPHINCS_SMALL_LEVEL3_TYPE, + SPHINCS_SMALL_LEVEL5_TYPE, + }; @@ -155,8 +188,27 @@ enum Ctc_SigType { CTC_SHA3_384wRSA = 429, CTC_SHA3_512wRSA = 430, + CTC_RSASSAPSS = 654, + CTC_ED25519 = 256, - CTC_ED448 = 257 + CTC_ED448 = 257, + + CTC_FALCON_LEVEL1 = 268, + CTC_FALCON_LEVEL5 = 271, + + CTC_DILITHIUM_LEVEL2 = 213, + CTC_DILITHIUM_LEVEL3 = 216, + CTC_DILITHIUM_LEVEL5 = 220, + CTC_DILITHIUM_AES_LEVEL2 = 217, + CTC_DILITHIUM_AES_LEVEL3 = 221, + CTC_DILITHIUM_AES_LEVEL5 = 224, + + CTC_SPHINCS_FAST_LEVEL1 = 281, + CTC_SPHINCS_FAST_LEVEL3 = 283, + CTC_SPHINCS_FAST_LEVEL5 = 282, + CTC_SPHINCS_SMALL_LEVEL1 = 287, + CTC_SPHINCS_SMALL_LEVEL3 = 285, + CTC_SPHINCS_SMALL_LEVEL5 = 286, }; enum Ctc_Encoding { @@ -170,6 +222,11 @@ enum Ctc_Encoding { #ifndef WC_CTC_MAX_ALT_SIZE #define WC_CTC_MAX_ALT_SIZE 16384 #endif +#ifdef WOLFSSL_CERT_EXT + #ifndef WC_CTC_MAX_CRLINFO_SZ + #define WC_CTC_MAX_CRLINFO_SZ 200 + #endif +#endif enum Ctc_Misc { CTC_COUNTRY_SIZE = 2, @@ -178,13 +235,19 @@ enum Ctc_Misc { CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ CTC_SERIAL_SIZE = 20, CTC_GEN_SERIAL_SZ = 16, + CTC_FILETYPE_ASN1 = 2, + CTC_FILETYPE_PEM = 1, + CTC_FILETYPE_DEFAULT = 2, #ifdef WOLFSSL_CERT_EXT /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum * We support only hash */ CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ - CTC_MAX_CERTPOL_SZ = 64, - CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ + CTC_MAX_CERTPOL_SZ = 200, /* RFC 5280 Section 4.2.1.4 */ + CTC_MAX_CERTPOL_NB = 2, /* Max number of Certificate Policy */ + CTC_MAX_CRLINFO_SZ = WC_CTC_MAX_CRLINFO_SZ, /* Arbitrary size that should be + * enough for at least two + * distribution points. */ #endif /* WOLFSSL_CERT_EXT */ }; @@ -205,21 +268,35 @@ typedef struct WOLFSSL_ASN1_TIME { enum { IV_SZ = 32, /* max iv sz */ +#ifdef OPENSSL_ALL + NAME_SZ = 160, /* larger max one line, allows for longer + encryption password support */ +#else NAME_SZ = 80, /* max one line */ +#endif PEM_PASS_READ = 0, PEM_PASS_WRITE = 1, }; - -typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata); +typedef int (wc_pem_password_cb)(char* passwd, int sz, int rw, void* userdata); +#ifndef OPENSSL_COEXIST +/* In the past, wc_pem_password_cb was called pem_password_cb, which is the same + * name as an identical typedef in OpenSSL. We don't want to break existing code + * that uses the name pem_password_cb, so we define it here as a macro alias for + * wc_pem_password_cb. In cases where a user needs to use both OpenSSL and + * wolfSSL headers in the same code, they should define OPENSSL_COEXIST to + * avoid errors stemming from the typedef being declared twice. */ +#define pem_password_cb wc_pem_password_cb +#endif typedef struct EncryptedInfo { - pem_password_cb* passwd_cb; - void* passwd_userdata; - long consumed; /* tracks PEM bytes consumed */ +#ifdef WOLFSSL_ENCRYPTED_KEYS + wc_pem_password_cb* passwd_cb; + void* passwd_userdata; + int cipherType; word32 keySz; word32 ivSz; /* salt or encrypted IV size */ @@ -228,6 +305,7 @@ typedef struct EncryptedInfo { byte iv[IV_SZ]; /* salt or encrypted IV */ word16 set:1; /* if encryption set */ +#endif } EncryptedInfo; @@ -262,8 +340,7 @@ typedef struct WOLFSSL_ASN1_INTEGER { #endif #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ -#ifdef WOLFSSL_CERT_GEN - +#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef WOLFSSL_MULTI_ATTRIB #ifndef CTC_MAX_ATTRIB #define CTC_MAX_ATTRIB 4 @@ -277,17 +354,49 @@ typedef struct NameAttrib { char value[CTC_NAME_SIZE]; /* name */ } NameAttrib; #endif /* WOLFSSL_MULTI_ATTRIB */ +#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef WOLFSSL_CERT_GEN +#ifdef WOLFSSL_CUSTOM_OID +typedef struct CertOidField { + byte* oid; + byte* val; + int oidSz; + int valSz; + char enc; +} CertOidField; +typedef struct CertExtension { + const char* oid; + byte crit; + const byte* val; + int valSz; +} CertExtension; +#endif +#endif /* WOLFSSL_CERT_GEN */ + +#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) typedef struct CertName { char country[CTC_NAME_SIZE]; char countryEnc; char state[CTC_NAME_SIZE]; char stateEnc; + char street[CTC_NAME_SIZE]; + char streetEnc; char locality[CTC_NAME_SIZE]; char localityEnc; char sur[CTC_NAME_SIZE]; char surEnc; +#ifdef WOLFSSL_CERT_NAME_ALL + char givenName[CTC_NAME_SIZE]; + char givenNameEnc; + char initials[CTC_NAME_SIZE]; + char initialsEnc; + char dnQualifier[CTC_NAME_SIZE]; + char dnQualifierEnc; + char dnName[CTC_NAME_SIZE]; + char dnNameEnc; +#endif /* WOLFSSL_CERT_NAME_ALL */ char org[CTC_NAME_SIZE]; char orgEnc; char unit[CTC_NAME_SIZE]; @@ -296,6 +405,10 @@ typedef struct CertName { char commonNameEnc; char serialDev[CTC_NAME_SIZE]; char serialDevEnc; + char userId[CTC_NAME_SIZE]; + char userIdEnc; + char postalCode[CTC_NAME_SIZE]; + char postalCodeEnc; #ifdef WOLFSSL_CERT_EXT char busCat[CTC_NAME_SIZE]; char busCatEnc; @@ -308,8 +421,17 @@ typedef struct CertName { #ifdef WOLFSSL_MULTI_ATTRIB NameAttrib name[CTC_MAX_ATTRIB]; #endif +#ifdef WOLFSSL_CUSTOM_OID + CertOidField custom; +#endif } CertName; +#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL*/ +#ifdef WOLFSSL_CERT_GEN + +#ifndef NUM_CUSTOM_EXT +#define NUM_CUSTOM_EXT 16 +#endif /* for user to fill for certificate generation */ typedef struct Cert { @@ -322,24 +444,40 @@ typedef struct Cert { int selfSigned; /* self signed flag */ CertName subject; /* subject info */ int isCA; /* is this going to be a CA */ + byte pathLen; /* max depth of valid certification + * paths that include this cert */ /* internal use only */ int bodySz; /* pre sign total size */ int keyType; /* public key type of subject */ #ifdef WOLFSSL_ALT_NAMES byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ int altNamesSz; /* altNames size in bytes */ +#endif byte beforeDate[CTC_DATE_SIZE]; /* before date copy */ int beforeDateSz; /* size of copy */ byte afterDate[CTC_DATE_SIZE]; /* after date copy */ int afterDateSz; /* size of copy */ -#endif #ifdef WOLFSSL_CERT_EXT byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ int skidSz; /* SKID size in bytes */ - byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ + byte akid[CTC_MAX_AKID_SIZE +#ifdef WOLFSSL_AKID_NAME + + sizeof(CertName) + CTC_SERIAL_SIZE +#endif + ]; /* Authority Key + * Identifier */ int akidSz; /* AKID size in bytes */ +#ifdef WOLFSSL_AKID_NAME + byte rawAkid; /* Set to true if akid is a + * AuthorityKeyIdentifier object. + * Set to false if akid is just a + * KeyIdentifier object. */ +#endif word16 keyUsage; /* Key Usage */ byte extKeyUsage; /* Extended Key Usage */ +#ifndef IGNORE_NETSCAPE_CERT_TYPE + byte nsCertType; /* Netscape Certificate Type */ +#endif #ifdef WOLFSSL_EKU_OID /* Extended Key Usage OIDs */ byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ]; @@ -347,6 +485,8 @@ typedef struct Cert { #endif char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; word16 certPoliciesNb; /* Number of Cert Policy */ + byte crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution points */ + int crlInfoSz; #endif #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_CERT_REQ) @@ -355,11 +495,25 @@ typedef struct Cert { #endif #ifdef WOLFSSL_CERT_REQ char challengePw[CTC_NAME_SIZE]; + char unstructuredName[CTC_NAME_SIZE]; int challengePwPrintableString; /* encode as PrintableString */ #endif - void* decodedCert; /* internal DecodedCert allocated from heap */ - byte* der; /* Pointer to buffer of current DecodedCert cache */ - void* heap; /* heap hint */ +#ifdef WOLFSSL_CUSTOM_OID + /* user oid and value to go in req extensions */ + CertOidField extCustom; + + /* Extensions to go into X.509 certificates */ + CertExtension customCertExt[NUM_CUSTOM_EXT]; + int customCertExtCount; +#endif + void* decodedCert; /* internal DecodedCert allocated from heap */ + byte* der; /* Pointer to buffer of current DecodedCert cache */ + void* heap; /* heap hint */ + byte basicConstSet:1; /* Indicator for when Basic Constaint is set */ + byte pathLenSet:1; /* Indicator for when path length is set */ +#ifdef WOLFSSL_ALT_NAMES + byte altNamesCrit:1; /* Indicator of criticality of SAN extension */ +#endif } Cert; @@ -374,38 +528,48 @@ typedef struct Cert { isCA = 0 (false) keyType = RSA_KEY (default) */ -WOLFSSL_API int wc_InitCert(Cert*); +WOLFSSL_ABI WOLFSSL_API int wc_InitCert(Cert* cert); +WOLFSSL_ABI WOLFSSL_API Cert* wc_CertNew(void* heap); +WOLFSSL_ABI WOLFSSL_API void wc_CertFree(Cert* cert); +WOLFSSL_API int wc_InitCert_ex(Cert* cert, void* heap, int devId); WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, - int keyType, void* key, WC_RNG* rng); -WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - ecc_key*, WC_RNG*); + int keyType, void* key, WC_RNG* rng); +WOLFSSL_ABI +WOLFSSL_API int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); #ifdef WOLFSSL_CERT_REQ - WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, - int, void*); - WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, - RsaKey*, ecc_key*); + WOLFSSL_API int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, + int keyType, void* key); + WOLFSSL_ABI + WOLFSSL_API int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, + RsaKey* rsaKey, ecc_key* eccKey); #endif -WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, - word32 buffSz, int keyType, void* key, - WC_RNG* rng); -WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, - word32 derSz, RsaKey*, ecc_key*, WC_RNG*); -WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - WC_RNG*); -WOLFSSL_API int wc_SetIssuer(Cert*, const char*); -WOLFSSL_API int wc_SetSubject(Cert*, const char*); +WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf, + word32 buffSz, int keyType, void* key, + WC_RNG* rng); +WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); +WOLFSSL_ABI +WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, + RsaKey* key, WC_RNG* rng); +WOLFSSL_ABI WOLFSSL_API int wc_SetIssuer(Cert* cert, const char* issuerFile); +WOLFSSL_ABI WOLFSSL_API int wc_SetSubject(Cert* cert, const char* subjectFile); #ifdef WOLFSSL_ALT_NAMES - WOLFSSL_API int wc_SetAltNames(Cert*, const char*); + WOLFSSL_ABI WOLFSSL_API int wc_SetAltNames(Cert* cert, const char* file); #endif #ifdef WOLFSSL_CERT_GEN_CACHE -WOLFSSL_API void wc_SetCert_Free(Cert* cert); +WOLFSSL_ABI WOLFSSL_API void wc_SetCert_Free(Cert* cert); #endif -WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); -WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); -WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); -WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); +WOLFSSL_ABI +WOLFSSL_API int wc_SetIssuerBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetSubjectBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI +WOLFSSL_API int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz); #ifndef NO_ASN_TIME WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, @@ -424,15 +588,12 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey); WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); -WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); +WOLFSSL_ABI WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); +WOLFSSL_ABI WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_ABI WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); -#ifdef HAVE_NTRU -WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, - word16 ntruKeySz); -#endif - /* Set the KeyUsage. * Value is a string separated tokens with ','. Accepted tokens are : * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, @@ -456,21 +617,21 @@ WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value); WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz, byte idx, void* heap); #endif /* WOLFSSL_EKU_OID */ + +#if defined(WOLFSSL_ASN_TEMPLATE) && defined(WOLFSSL_CUSTOM_OID) && \ + defined(HAVE_OID_ENCODING) +WOLFSSL_API int wc_SetCustomExtension(Cert *cert, int critical, const char *oid, + const byte *der, word32 derSz); +#endif + #endif /* WOLFSSL_CERT_EXT */ - - #ifdef HAVE_NTRU - WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, - const byte* ntruKey, word16 keySz, - WC_RNG*); - #endif - #endif /* WOLFSSL_CERT_GEN */ WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, byte* format, int* length); #ifndef NO_ASN_TIME WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length, - byte format, struct tm* time); + byte format, struct tm* timearg); #endif #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) @@ -487,30 +648,33 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type, DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat); - WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int, - unsigned char*, int, const char*); - WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int, - unsigned char*, int, int); + WOLFSSL_API int wc_KeyPemToDer(const unsigned char* pem, int pemSz, + unsigned char* buff, int buffSz, const char* pass); + WOLFSSL_API int wc_CertPemToDer(const unsigned char* pem, int pemSz, + unsigned char* buff, int buffSz, int type); #endif /* WOLFSSL_PEM_TO_DER */ #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) - #ifndef NO_FILESYSTEM + #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER) WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName, unsigned char* derBuf, int derSz); + WOLFSSL_API int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der); #endif - WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int, - unsigned char*, int); + WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz, + unsigned char* buff, int buffSz); #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ #ifdef WOLFSSL_CERT_GEN - #ifndef NO_FILESYSTEM + #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER) WOLFSSL_API int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz); + WOLFSSL_API int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der); #endif #endif /* WOLFSSL_CERT_GEN */ #ifdef WOLFSSL_DER_TO_PEM + WOLFSSL_ABI WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz, int type); WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, @@ -521,15 +685,30 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #if !defined(HAVE_USER_RSA) WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz); + /* For FIPS v1/v2 and selftest this is in rsa.h */ + #if (!defined(HAVE_SELFTEST) || \ + (defined(HAVE_SELFTEST) && defined(WOLFSSL_CERT_GEN) && \ + !defined(WOLFSSL_KEY_GEN))) && \ + (!defined(HAVE_FIPS) || \ + !defined(HAVE_FIPS_VERSION) || \ + ((HAVE_FIPS_VERSION > 2) && \ + (! ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR == 0))))) + WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen); + #endif #endif WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header); + WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, + int with_header); #endif #ifndef NO_DSA /* DSA parameter DER helper functions */ - WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, - DsaKey*, word32); - WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen); + WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, DsaKey* key, + word32 inSz); + WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, + word32* inLen); #endif #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) @@ -541,73 +720,114 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); #ifdef HAVE_ECC /* private key helpers */ - WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, - ecc_key*, word32); - WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); + WOLFSSL_ABI + WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, + ecc_key* key, word32 inSz); + WOLFSSL_ABI + WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen); - WOLFSSL_API int wc_EccKeyDerSize(ecc_key*, int pub); + WOLFSSL_API int wc_EccKeyDerSize(ecc_key* key, int pub); WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen); WOLFSSL_API int wc_EccKeyToPKCS8(ecc_key* key, byte* output, word32* outLen); /* public key helper */ - WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, - ecc_key*, word32); - WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, + WOLFSSL_ABI + WOLFSSL_API int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, + ecc_key* key, word32 inSz); + WOLFSSL_ABI WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve); - WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve); + WOLFSSL_API int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output, + word32 inLen, int with_AlgCurve, + int comp); + WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve); +#endif + +/* RFC 5958 (Asymmetric Key Packages) */ +#if !defined(WC_ENABLE_ASYM_KEY_EXPORT) && \ + ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \ + (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \ + (defined(HAVE_PQC) && (defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))) + #define WC_ENABLE_ASYM_KEY_EXPORT +#endif + +#if !defined(WC_ENABLE_ASYM_KEY_IMPORT) && \ + ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \ + (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \ + (defined(HAVE_PQC))) + #define WC_ENABLE_ASYM_KEY_IMPORT #endif #ifdef HAVE_ED25519 - /* private key helpers */ #ifdef HAVE_ED25519_KEY_IMPORT - WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, - ed25519_key*, word32); +WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx, + ed25519_key* key, word32 inSz); +WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx, + ed25519_key* key, word32 inSz); #endif - #ifdef HAVE_ED25519_KEY_EXPORT - WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, - word32 inLen); - WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, - word32 inLen); +WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key* key, byte* output, + word32 inLen, int withAlg); #endif +#endif /* HAVE_ED25519 */ - /* public key helper */ - WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, - ed25519_key*, word32); - #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) && \ - defined(HAVE_ED25519_KEY_EXPORT) - - WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output, - word32 inLen, int with_AlgCurve); - #endif +#ifdef HAVE_CURVE25519 +#ifdef HAVE_CURVE25519_KEY_IMPORT +WOLFSSL_API int wc_Curve25519PrivateKeyDecode( + const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz); +WOLFSSL_API int wc_Curve25519PublicKeyDecode( + const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz); #endif +#ifdef HAVE_CURVE25519_KEY_EXPORT +WOLFSSL_API int wc_Curve25519PrivateKeyToDer( + curve25519_key* key, byte* output, word32 inLen); +WOLFSSL_API int wc_Curve25519PublicKeyToDer( + curve25519_key* key, byte* output, word32 inLen, int withAlg); +#endif +#endif /* HAVE_CURVE25519 */ #ifdef HAVE_ED448 - /* private key helpers */ #ifdef HAVE_ED448_KEY_IMPORT - WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*, - ed448_key*, word32); +WOLFSSL_API int wc_Ed448PrivateKeyDecode( + const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz); +WOLFSSL_API int wc_Ed448PublicKeyDecode( + const byte* input, word32* inOutIdx, ed448_key* key, word32 inSz); #endif - #ifdef HAVE_ED448_KEY_EXPORT - WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output, - word32 inLen); - WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, - word32 inLen); +WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output, word32 inLen); +WOLFSSL_API int wc_Ed448PrivateKeyToDer( + ed448_key* key, byte* output, word32 inLen); +WOLFSSL_API int wc_Ed448PublicKeyToDer( + ed448_key* key, byte* output, word32 inLen, int withAlg); #endif +#endif /* HAVE_ED448 */ - /* public key helper */ - WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*, - ed448_key*, word32); - #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) && \ - defined(HAVE_ED448_KEY_EXPORT) - WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte* output, - word32 inLen, int with_AlgCurve); - #endif +#ifdef HAVE_CURVE448 +#ifdef HAVE_CURVE448_KEY_IMPORT +WOLFSSL_API int wc_Curve448PrivateKeyDecode(const byte* input, word32* inOutIdx, + curve448_key* key, word32 inSz); +WOLFSSL_API int wc_Curve448PublicKeyDecode(const byte* input, word32* inOutIdx, + curve448_key* key, word32 inSz); #endif +#ifdef HAVE_CURVE448_KEY_EXPORT +WOLFSSL_API int wc_Curve448PrivateKeyToDer(curve448_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output, + word32 inLen, int withAlg); +#endif +#endif /* HAVE_CURVE448 */ + /* DER encode signature */ WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, @@ -619,11 +839,16 @@ WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input, WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); -WOLFSSL_API int wc_EncryptPKCS8Key(byte*, word32, byte*, word32*, const char*, - int, int, int, int, byte*, word32, int, WC_RNG*, void*); -WOLFSSL_API int wc_DecryptPKCS8Key(byte*, word32, const char*, int); -WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte*, word32, byte*, word32*, - const char*, int, int, int, int, byte*, word32, int, WC_RNG*, void*); +WOLFSSL_API int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, + const char* password, int passwordSz, int vPKCS, int pbeOid, + int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, + void* heap); +WOLFSSL_API int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password, + int passwordSz); +WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, int passwordSz, int vPKCS, + int pbeOid, int encAlgId, byte* salt, word32 saltSz, int itt, + WC_RNG* rng, void* heap); #ifndef NO_ASN_TIME /* Time */ @@ -634,6 +859,10 @@ WOLFSSL_API int wc_CreateEncryptedPKCS8Key(byte*, word32, byte*, word32*, rc = wc_GetTime(&lTime, (word32)sizeof(lTime)); */ WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); + +typedef time_t (*wc_time_cb)(time_t* t); +WOLFSSL_API int wc_SetTimeCb(wc_time_cb f); +WOLFSSL_API time_t wc_Time(time_t* t); #endif #ifdef WOLFSSL_ENCRYPTED_KEYS @@ -663,7 +892,24 @@ typedef struct _wc_CertPIV { WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); #endif /* WOLFSSL_CERT_PIV */ +/* Forward declaration needed, as DecodedCert is defined in asn.h.*/ +struct DecodedCert; +WOLFSSL_API void wc_InitDecodedCert( + struct DecodedCert* cert, const byte* source, word32 inSz, void* heap); +WOLFSSL_API void wc_FreeDecodedCert(struct DecodedCert* cert); +WOLFSSL_API int wc_ParseCert( + struct DecodedCert* cert, int type, int verify, void* cm); + +WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert, + byte* derKey, word32* derKeySz); + +#ifdef WOLFSSL_FPKI +WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert, + byte* uuid, word32* uuidSz); +WOLFSSL_API int wc_GetFASCNFromCert(struct DecodedCert* cert, + byte* fascn, word32* fascnSz); +#endif /* WOLFSSL_FPKI */ #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/blake2-impl.h b/source/libs/libwolfssl/wolfcrypt/blake2-impl.h index 72d2a510..cfb6c4bf 100644 --- a/source/libs/libwolfssl/wolfcrypt/blake2-impl.h +++ b/source/libs/libwolfssl/wolfcrypt/blake2-impl.h @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/blake2-int.h b/source/libs/libwolfssl/wolfcrypt/blake2-int.h index a995e260..03c6fc52 100644 --- a/source/libs/libwolfssl/wolfcrypt/blake2-int.h +++ b/source/libs/libwolfssl/wolfcrypt/blake2-int.h @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -73,11 +73,11 @@ byte node_depth; /* 15 */ byte inner_length; /* 16 */ /* byte reserved[0]; */ - byte salt[BLAKE2B_SALTBYTES]; /* 24 */ + byte salt[BLAKE2S_SALTBYTES]; /* 24 */ byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */ } blake2s_param; - typedef struct ALIGN32 __blake2s_state + typedef struct __blake2s_state { word32 h[8]; word32 t[2]; @@ -102,7 +102,7 @@ byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */ } blake2b_param; - typedef struct ALIGN64 __blake2b_state + typedef struct __blake2b_state { word64 h[8]; word64 t[2]; @@ -130,36 +130,36 @@ #pragma pack(pop) /* Streaming API */ - int blake2s_init( blake2s_state *S, const byte outlen ); - int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2s_init( blake2s_state *S, byte outlen ); + int blake2s_init_key( blake2s_state *S, byte outlen, const void *key, byte keylen ); int blake2s_init_param( blake2s_state *S, const blake2s_param *P ); int blake2s_update( blake2s_state *S, const byte *in, word32 inlen ); int blake2s_final( blake2s_state *S, byte *out, byte outlen ); - int blake2b_init( blake2b_state *S, const byte outlen ); - int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2b_init( blake2b_state *S, byte outlen ); + int blake2b_init_key( blake2b_state *S, byte outlen, const void *key, byte keylen ); int blake2b_init_param( blake2b_state *S, const blake2b_param *P ); int blake2b_update( blake2b_state *S, const byte *in, word64 inlen ); int blake2b_final( blake2b_state *S, byte *out, byte outlen ); - int blake2sp_init( blake2sp_state *S, const byte outlen ); - int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2sp_init( blake2sp_state *S, byte outlen ); + int blake2sp_init_key( blake2sp_state *S, byte outlen, const void *key, byte keylen ); int blake2sp_update( blake2sp_state *S, const byte *in, word32 inlen ); int blake2sp_final( blake2sp_state *S, byte *out, byte outlen ); - int blake2bp_init( blake2bp_state *S, const byte outlen ); - int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2bp_init( blake2bp_state *S, byte outlen ); + int blake2bp_init_key( blake2bp_state *S, byte outlen, const void *key, byte keylen ); int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen ); int blake2bp_final( blake2bp_state *S, byte *out, byte outlen ); /* Simple API */ - int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen ); - int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + int blake2s( byte *out, const void *in, const void *key, byte outlen, word32 inlen, byte keylen ); + int blake2b( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen ); - int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen ); - int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + int blake2sp( byte *out, const void *in, const void *key, byte outlen, word32 inlen, byte keylen ); + int blake2bp( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen ); - static WC_INLINE int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ) + static WC_INLINE int blake2( byte *out, const void *in, const void *key, byte outlen, word64 inlen, byte keylen ) { return blake2b( out, in, key, outlen, inlen, keylen ); } diff --git a/source/libs/libwolfssl/wolfcrypt/blake2.h b/source/libs/libwolfssl/wolfcrypt/blake2.h index f937acc9..900126cc 100644 --- a/source/libs/libwolfssl/wolfcrypt/blake2.h +++ b/source/libs/libwolfssl/wolfcrypt/blake2.h @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -75,17 +75,19 @@ typedef struct Blake2s { #ifdef HAVE_BLAKE2B -WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32); -WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b*, word32, const byte *, word32); -WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32); -WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32); +WOLFSSL_API int wc_InitBlake2b(Blake2b* b2b, word32 digestSz); +WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, + const byte *key, word32 keylen); +WOLFSSL_API int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz); +WOLFSSL_API int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz); #endif #ifdef HAVE_BLAKE2S -WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32); -WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s*, word32, const byte *, word32); -WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32); -WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32); +WOLFSSL_API int wc_InitBlake2s(Blake2s* b2s, word32 digestSz); +WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz, + const byte *key, word32 keylen); +WOLFSSL_API int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz); +WOLFSSL_API int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/camellia.h b/source/libs/libwolfssl/wolfcrypt/camellia.h index 9b0c6cbe..e5153c8c 100644 --- a/source/libs/libwolfssl/wolfcrypt/camellia.h +++ b/source/libs/libwolfssl/wolfcrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/chacha.h b/source/libs/libwolfssl/wolfcrypt/chacha.h index b01feba2..db8cdc78 100644 --- a/source/libs/libwolfssl/wolfcrypt/chacha.h +++ b/source/libs/libwolfssl/wolfcrypt/chacha.h @@ -1,6 +1,6 @@ /* chacha.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,7 +71,7 @@ Block counter is located at index 12. #endif enum { - CHACHA_ENC_TYPE = WC_CIPHER_CHACHA, /* cipher unique type */ + CHACHA_ENC_TYPE = WC_CIPHER_CHACHA, /* cipher unique type */ CHACHA_MAX_KEY_SZ = 32, }; @@ -102,8 +102,8 @@ WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); #ifdef HAVE_XCHACHA WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz, - const byte *nonce, word32 nonceSz, - word32 counter); + const byte *nonce, word32 nonceSz, + word32 counter); #endif #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h b/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h index 42a50eec..e270b899 100644 --- a/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h +++ b/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h @@ -1,6 +1,6 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -86,21 +86,21 @@ typedef struct ChaChaPoly_Aead { * concatenating a constant value. */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inPlaintext, const word32 inPlaintextLen, + const byte* inAAD, word32 inAADLen, + const byte* inPlaintext, word32 inPlaintextLen, byte* outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inCiphertext, const word32 inCiphertextLen, + const byte* inAAD, word32 inAADLen, + const byte* inCiphertext, word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte* outPlaintext); @@ -134,18 +134,18 @@ WOLFSSL_API int wc_XChaCha20Poly1305_Init( int isEncrypt); WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt( - byte *dst, const size_t dst_space, - const byte *src, const size_t src_len, - const byte *ad, const size_t ad_len, - const byte *nonce, const size_t nonce_len, - const byte *key, const size_t key_len); + byte *dst, size_t dst_space, + const byte *src, size_t src_len, + const byte *ad, size_t ad_len, + const byte *nonce, size_t nonce_len, + const byte *key, size_t key_len); WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt( - byte *dst, const size_t dst_space, - const byte *src, const size_t src_len, - const byte *ad, const size_t ad_len, - const byte *nonce, const size_t nonce_len, - const byte *key, const size_t key_len); + byte *dst, size_t dst_space, + const byte *src, size_t src_len, + const byte *ad, size_t ad_len, + const byte *nonce, size_t nonce_len, + const byte *key, size_t key_len); #endif /* HAVE_XCHACHA */ diff --git a/source/libs/libwolfssl/wolfcrypt/cmac.h b/source/libs/libwolfssl/wolfcrypt/cmac.h index 6fd46ffc..cdeb8642 100644 --- a/source/libs/libwolfssl/wolfcrypt/cmac.h +++ b/source/libs/libwolfssl/wolfcrypt/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -56,13 +56,21 @@ struct Cmac { #ifdef WOLF_CRYPTO_CB int devId; void* devCtx; - #ifdef WOLFSSL_QNX_CAAM + #ifdef WOLFSSL_CAAM byte ctx[32]; /* hold state for save and return */ word32 blackKey; word32 keylen; byte initialized; #endif #endif +#if defined(WOLFSSL_HASH_KEEP) + byte* msg; + word32 used; + word32 len; +#endif +#ifdef WOLFSSL_SE050 + byte useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */ +#endif }; @@ -103,6 +111,14 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, const byte* in, word32 inSz, const byte* key, word32 keySz); +WOLFSSL_LOCAL +void ShiftAndXorRb(byte* out, byte* in); + +#ifdef WOLFSSL_HASH_KEEP +WOLFSSL_API +int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/coding.h b/source/libs/libwolfssl/wolfcrypt/coding.h index a5c2ba14..d2d095a7 100644 --- a/source/libs/libwolfssl/wolfcrypt/coding.h +++ b/source/libs/libwolfssl/wolfcrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/compress.h b/source/libs/libwolfssl/wolfcrypt/compress.h index 8f3eb737..40871522 100644 --- a/source/libs/libwolfssl/wolfcrypt/compress.h +++ b/source/libs/libwolfssl/wolfcrypt/compress.h @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/cpuid.h b/source/libs/libwolfssl/wolfcrypt/cpuid.h index 4eadb638..2e98fe94 100644 --- a/source/libs/libwolfssl/wolfcrypt/cpuid.h +++ b/source/libs/libwolfssl/wolfcrypt/cpuid.h @@ -1,6 +1,6 @@ /* cpuid.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,6 +35,11 @@ #if (defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \ defined(WOLFSSL_AESNI) || defined(WOLFSSL_SP_X86_64_ASM)) && \ !defined(WOLFSSL_NO_ASM) + #define HAVE_CPUID + #define HAVE_CPUID_INTEL +#endif + +#ifdef HAVE_CPUID_INTEL #define CPUID_AVX1 0x0001 #define CPUID_AVX2 0x0002 @@ -44,6 +49,7 @@ #define CPUID_AESNI 0x0020 #define CPUID_ADX 0x0040 /* ADCX, ADOX */ #define CPUID_MOVBE 0x0080 /* Move and byte swap */ + #define CPUID_BMI1 0x0100 /* ANDN */ #define IS_INTEL_AVX1(f) ((f) & CPUID_AVX1) #define IS_INTEL_AVX2(f) ((f) & CPUID_AVX2) @@ -53,7 +59,11 @@ #define IS_INTEL_AESNI(f) ((f) & CPUID_AESNI) #define IS_INTEL_ADX(f) ((f) & CPUID_ADX) #define IS_INTEL_MOVBE(f) ((f) & CPUID_MOVBE) + #define IS_INTEL_BMI1(f) ((f) & CPUID_BMI1) +#endif + +#ifdef HAVE_CPUID void cpuid_set_flags(void); word32 cpuid_get_flags(void); diff --git a/source/libs/libwolfssl/wolfcrypt/cryptocb.h b/source/libs/libwolfssl/wolfcrypt/cryptocb.h index 249f2c11..40c20272 100644 --- a/source/libs/libwolfssl/wolfcrypt/cryptocb.h +++ b/source/libs/libwolfssl/wolfcrypt/cryptocb.h @@ -1,6 +1,6 @@ /* cryptocb.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -75,10 +75,15 @@ /* Crypto Information Structure for callbacks */ typedef struct wc_CryptoInfo { int algo_type; /* enum wc_AlgoType */ +#if HAVE_ANONYMOUS_INLINE_AGGREGATES + union { +#endif #if !defined(NO_RSA) || defined(HAVE_ECC) struct { int type; /* enum wc_PkType */ +#if HAVE_ANONYMOUS_INLINE_AGGREGATES union { +#endif #ifndef NO_RSA struct { const byte* in; @@ -182,14 +187,18 @@ typedef struct wc_CryptoInfo { byte contextLen; } ed25519verify; #endif +#if HAVE_ANONYMOUS_INLINE_AGGREGATES }; +#endif } pk; #endif /* !NO_RSA || HAVE_ECC */ #if !defined(NO_AES) || !defined(NO_DES3) struct { int type; /* enum wc_CipherType */ int enc; +#if HAVE_ANONYMOUS_INLINE_AGGREGATES union { +#endif #ifdef HAVE_AESGCM struct { Aes* aes; @@ -216,7 +225,33 @@ typedef struct wc_CryptoInfo { word32 authInSz; } aesgcm_dec; #endif /* HAVE_AESGCM */ - #ifdef HAVE_AES_CBC + #ifdef HAVE_AESCCM + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + const byte* nonce; + word32 nonceSz; + byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; + } aesccm_enc; + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + const byte* nonce; + word32 nonceSz; + const byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; + } aesccm_dec; + #endif /* HAVE_AESCCM */ + #if defined(HAVE_AES_CBC) struct { Aes* aes; byte* out; @@ -224,6 +259,22 @@ typedef struct wc_CryptoInfo { word32 sz; } aescbc; #endif /* HAVE_AES_CBC */ + #if defined(WOLFSSL_AES_COUNTER) + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + } aesctr; + #endif /* WOLFSSL_AES_COUNTER */ + #if defined(HAVE_AES_ECB) + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + } aesecb; + #endif /* HAVE_AES_ECB */ #ifndef NO_DES3 struct { Des3* des; @@ -232,7 +283,9 @@ typedef struct wc_CryptoInfo { word32 sz; } des3; #endif +#if HAVE_ANONYMOUS_INLINE_AGGREGATES }; +#endif } cipher; #endif /* !NO_AES || !NO_DES3 */ #if !defined(NO_SHA) || !defined(NO_SHA256) || \ @@ -242,10 +295,15 @@ typedef struct wc_CryptoInfo { const byte* in; word32 inSz; byte* digest; +#if HAVE_ANONYMOUS_INLINE_AGGREGATES union { +#endif #ifndef NO_SHA wc_Sha* sha1; #endif + #ifdef WOLFSSL_SHA224 + wc_Sha224* sha224; + #endif #ifndef NO_SHA256 wc_Sha256* sha256; #endif @@ -255,7 +313,9 @@ typedef struct wc_CryptoInfo { #ifdef WOLFSSL_SHA512 wc_Sha512* sha512; #endif +#if HAVE_ANONYMOUS_INLINE_AGGREGATES }; +#endif } hash; #endif /* !NO_SHA || !NO_SHA256 */ #ifndef NO_HMAC @@ -292,6 +352,9 @@ typedef struct wc_CryptoInfo { int type; } cmac; #endif +#if HAVE_ANONYMOUS_INLINE_AGGREGATES + }; +#endif } wc_CryptoInfo; @@ -301,6 +364,11 @@ WOLFSSL_LOCAL void wc_CryptoCb_Init(void); WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx); WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId); +WOLFSSL_API int wc_CryptoCb_DefaultDevID(void); + +#ifdef DEBUG_CRYPTOCB +WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info); +#endif /* old function names */ #define wc_CryptoDev_RegisterDevice wc_CryptoCb_RegisterDevice @@ -367,12 +435,35 @@ WOLFSSL_LOCAL int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); #endif /* HAVE_AESGCM */ +#ifdef HAVE_AESCCM +WOLFSSL_LOCAL int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* HAVE_AESCCM */ #ifdef HAVE_AES_CBC WOLFSSL_LOCAL int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); WOLFSSL_LOCAL int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); #endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +WOLFSSL_LOCAL int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_ECB +WOLFSSL_LOCAL int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* HAVE_AES_ECB */ #endif /* !NO_AES */ #ifndef NO_DES3 diff --git a/source/libs/libwolfssl/wolfcrypt/curve25519.h b/source/libs/libwolfssl/wolfcrypt/curve25519.h index 2193f23a..8d3c9d4f 100644 --- a/source/libs/libwolfssl/wolfcrypt/curve25519.h +++ b/source/libs/libwolfssl/wolfcrypt/curve25519.h @@ -1,6 +1,6 @@ /* curve25519.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,6 +43,7 @@ #endif #define CURVE25519_KEYSIZE 32 +#define CURVE25519_PUB_KEY_SIZE 32 #ifdef WOLFSSL_NAMES_STATIC typedef char curve25519_str[12]; @@ -59,22 +60,28 @@ typedef struct { /* ECC point, the internal structure is Little endian * the mathematical functions used the endianness */ -typedef struct { +typedef struct ECPoint { byte point[CURVE25519_KEYSIZE]; - #ifdef FREESCALE_LTC_ECC - byte pointY[CURVE25519_KEYSIZE]; - #endif +#ifdef FREESCALE_LTC_ECC + byte pointY[CURVE25519_KEYSIZE]; +#endif + byte pointSz; } ECPoint; +#ifndef WC_CURVE25519KEY_TYPE_DEFINED + typedef struct curve25519_key curve25519_key; + #define WC_CURVE25519KEY_TYPE_DEFINED +#endif + /* A CURVE25519 Key */ -typedef struct curve25519_key { +struct curve25519_key { int idx; /* Index into the ecc_sets[] for the parameters of this curve if -1, this key is using user supplied curve in dp */ const curve25519_set_type* dp; /* domain parameters, either points to curves (idx >= 0) or user supplied */ - ECPoint p; /* public key */ - ECPoint k; /* private key */ + ECPoint p; /* public point for key */ + byte k[CURVE25519_KEYSIZE]; /* private scaler for key */ #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; @@ -82,7 +89,16 @@ typedef struct curve25519_key { #if defined(WOLF_CRYPTO_CB) int devId; #endif -} curve25519_key; + +#ifdef WOLFSSL_SE050 + word32 keyId; + byte keyIdSet; +#endif + + /* bit fields */ + byte pubSet:1; + byte privSet:1; +}; enum { EC25519_LITTLE_ENDIAN=0, @@ -179,4 +195,3 @@ int wc_curve25519_size(curve25519_key* key); #endif /* HAVE_CURVE25519 */ #endif /* WOLF_CRYPT_CURVE25519_H */ - diff --git a/source/libs/libwolfssl/wolfcrypt/curve448.h b/source/libs/libwolfssl/wolfcrypt/curve448.h index 55e1ae1b..c4558d78 100644 --- a/source/libs/libwolfssl/wolfcrypt/curve448.h +++ b/source/libs/libwolfssl/wolfcrypt/curve448.h @@ -1,6 +1,6 @@ /* curve448.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,16 +43,24 @@ #define CURVE448_KEY_SIZE 56 #define CURVE448_PUB_KEY_SIZE 56 +#ifndef WC_CURVE448KEY_TYPE_DEFINED + typedef struct curve448_key curve448_key; + #define WC_CURVE448KEY_TYPE_DEFINED +#endif /* A CURVE448 Key */ -typedef struct curve448_key { +struct curve448_key { byte p[CURVE448_PUB_KEY_SIZE]; /* public key */ byte k[CURVE448_KEY_SIZE]; /* private key */ #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif -} curve448_key; + + /* bit fields */ + byte pubSet:1; + byte privSet:1; +}; enum { EC448_LITTLE_ENDIAN = 0, @@ -62,6 +70,10 @@ enum { WOLFSSL_API int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key); +WOLFSSL_API +int wc_curve448_make_pub(int public_size, byte* pub, int private_size, + const byte* priv); + WOLFSSL_API int wc_curve448_shared_secret(curve448_key* private_key, curve448_key* public_key, diff --git a/source/libs/libwolfssl/wolfcrypt/des3.h b/source/libs/libwolfssl/wolfcrypt/des3.h index 438e72cf..029ae001 100644 --- a/source/libs/libwolfssl/wolfcrypt/des3.h +++ b/source/libs/libwolfssl/wolfcrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,15 +30,15 @@ #ifndef NO_DES3 -#if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2 || HAVE_FIPS_VERSION == 3) #include #endif /* HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) -/* included for fips @wc_fips */ -#include + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + /* included for fips @wc_fips */ + #include #endif #ifdef __cplusplus @@ -54,13 +54,18 @@ enum { /* avoid redefinition of structs */ -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + HAVE_FIPS_VERSION >= 2) #ifdef WOLFSSL_ASYNC_CRYPT #include #endif +#ifdef WOLFSSL_SE050 + /* SE050 SDK also defines DES_BLOCK_SIZE */ + #undef DES_BLOCK_SIZE +#endif + enum { DES_ENC_TYPE = WC_CIPHER_DES, /* cipher unique type */ DES3_ENC_TYPE = WC_CIPHER_DES3, /* cipher unique type */ @@ -79,6 +84,9 @@ enum { #if defined(STM32_CRYPTO) + +#include + enum { DES_CBC = 0, DES_ECB = 1 @@ -117,7 +125,7 @@ struct Des3 { typedef struct Des3 Des3; #define WC_DES3_TYPE_DEFINED #endif -#endif /* HAVE_FIPS */ +#endif /* HAVE_FIPS && HAVE_FIPS_VERSION >= 2 */ WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key, @@ -146,8 +154,8 @@ WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out, /* These are only required when using either: static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */ -WOLFSSL_API int wc_Des3Init(Des3*, void*, int); -WOLFSSL_API void wc_Des3Free(Des3*); +WOLFSSL_API int wc_Des3Init(Des3* des3, void* heap, int devId); +WOLFSSL_API void wc_Des3Free(Des3* des3); #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/dh.h b/source/libs/libwolfssl/wolfcrypt/dh.h index d41f125b..631e16ba 100644 --- a/source/libs/libwolfssl/wolfcrypt/dh.h +++ b/source/libs/libwolfssl/wolfcrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,6 +38,10 @@ #include #include +#ifdef WOLFSSL_KCAPI_DH + #include +#endif + #ifdef __cplusplus extern "C" { #endif @@ -67,6 +71,10 @@ struct DhKey { void* heap; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; +#endif + int trustedGroup; +#ifdef WOLFSSL_KCAPI_DH + struct kcapi_handle* handle; #endif }; @@ -75,6 +83,44 @@ struct DhKey { #define WC_DH_TYPE_DEFINED #endif +enum { + WC_FFDHE_2048 = 256, + WC_FFDHE_3072 = 257, + WC_FFDHE_4096 = 258, + WC_FFDHE_6144 = 259, + WC_FFDHE_8192 = 260, +}; + +/* DH Private Key size up to 8192 bit */ +#ifndef WC_DH_PRIV_MAX_SZ +#define WC_DH_PRIV_MAX_SZ 52 +#endif + +#ifndef DH_MAX_SIZE + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define DH_MAX_SIZE (FP_MAX_BITS / 2) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192 + #error "MySQL needs FP_MAX_BITS at least at 16384" + #endif + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define DH_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192 + #error "MySQL needs SP_INT_BITS at least at 8192" + #endif + #else + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* Integer maths is dynamic but we only go up to 8192 bits. */ + #define DH_MAX_SIZE 8192 + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define DH_MAX_SIZE 4096 + #endif + #endif +#endif + +#ifdef HAVE_PUBLIC_FFDHE #ifdef HAVE_FFDHE_2048 WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void); #endif @@ -90,6 +136,7 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void); #ifdef HAVE_FFDHE_8192 WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void); #endif +#endif WOLFSSL_API int wc_InitDhKey(DhKey* key); WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); @@ -102,19 +149,27 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, word32 pubSz); WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, - word32); /* wc_DhKeyDecode is in asn.c */ + word32 inSz); /* wc_DhKeyDecode is in asn.c */ WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz); WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz); +WOLFSSL_API int wc_DhSetNamedKey(DhKey* key, int name); +WOLFSSL_API int wc_DhGetNamedKeyParamSize(int name, + word32* p, word32* g, word32* q); +WOLFSSL_API word32 wc_DhGetNamedKeyMinSize(int name); +WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ, + const byte* p, word32 pSz, + const byte* g, word32 gSz, + const byte* q, word32 qSz); +WOLFSSL_API int wc_DhCopyNamedKey(int name, + byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz); #ifdef WOLFSSL_DH_EXTRA -WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, - DhKey* key, word32 inSz); WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz); -WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, +WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, byte* pub, word32* pPubSz); WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/dilithium.h b/source/libs/libwolfssl/wolfcrypt/dilithium.h new file mode 100644 index 00000000..811e3012 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/dilithium.h @@ -0,0 +1,155 @@ +/* dilithium.h + * + * Copyright (C) 2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/dilithium.h +*/ + +/* Interfaces for Dilithium NIST Level 1 (Dilithium512) and Dilithium NIST Level 5 + * (Dilithium1024). */ + +#ifndef WOLF_CRYPT_DILITHIUM_H +#define WOLF_CRYPT_DILITHIUM_H + +#include + +#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM) + +#ifdef HAVE_LIBOQS +#include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* Macros Definitions */ + +#ifdef HAVE_LIBOQS +#define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_dilithium_2_length_secret_key +#define DILITHIUM_LEVEL2_SIG_SIZE OQS_SIG_dilithium_2_length_signature +#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_dilithium_2_length_public_key +#define DILITHIUM_LEVEL2_PRV_KEY_SIZE (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE) + +#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_dilithium_3_length_secret_key +#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_dilithium_3_length_signature +#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_dilithium_3_length_public_key +#define DILITHIUM_LEVEL3_PRV_KEY_SIZE (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE) + +#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_dilithium_5_length_secret_key +#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_dilithium_5_length_signature +#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_dilithium_5_length_public_key +#define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE) +#endif + +#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE +#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE +#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE +#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE + +#define SHAKE_VARIANT 1 +#define AES_VARIANT 2 + +/* Structs */ + +struct dilithium_key { + bool pubKeySet; + bool prvKeySet; + byte level; /* 2,3 or 5 */ + byte sym; /* SHAKE_VARIANT or AES_VARIANT */ + byte p[DILITHIUM_MAX_PUB_KEY_SIZE]; + byte k[DILITHIUM_MAX_PRV_KEY_SIZE]; +}; + +#ifndef WC_DILITHIUMKEY_TYPE_DEFINED + typedef struct dilithium_key dilithium_key; + #define WC_DILITHIUMKEY_TYPE_DEFINED +#endif + +/* Functions */ + +WOLFSSL_API +int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, + dilithium_key* key); +WOLFSSL_API +int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* res, dilithium_key* key); + +WOLFSSL_API +int wc_dilithium_init(dilithium_key* key); +WOLFSSL_API +int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym); +WOLFSSL_API +int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte *sym); +WOLFSSL_API +void wc_dilithium_free(dilithium_key* key); + +WOLFSSL_API +int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key); +WOLFSSL_API +int wc_dilithium_import_private_only(const byte* priv, word32 privSz, + dilithium_key* key); +WOLFSSL_API +int wc_dilithium_import_private_key(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + dilithium_key* key); + +WOLFSSL_API +int wc_dilithium_export_public(dilithium_key*, byte* out, word32* outLen); +WOLFSSL_API +int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); + +WOLFSSL_API +int wc_dilithium_check_key(dilithium_key* key); + +WOLFSSL_API +int wc_dilithium_size(dilithium_key* key); +WOLFSSL_API +int wc_dilithium_priv_size(dilithium_key* key); +WOLFSSL_API +int wc_dilithium_pub_size(dilithium_key* key); +WOLFSSL_API +int wc_dilithium_sig_size(dilithium_key* key); + +WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input, + word32* inOutIdx, + dilithium_key* key, word32 inSz); +WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input, + word32* inOutIdx, + dilithium_key* key, word32 inSz); +WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, + word32 inLen, int withAlg); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_PQC && HAVE_DILITHIUM */ +#endif /* WOLF_CRYPT_DILITHIUM_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/dsa.h b/source/libs/libwolfssl/wolfcrypt/dsa.h index 0d3532ac..5030140b 100644 --- a/source/libs/libwolfssl/wolfcrypt/dsa.h +++ b/source/libs/libwolfssl/wolfcrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -84,9 +84,9 @@ WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer); WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, - DsaKey*, word32); + DsaKey* key, word32 inSz); WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, - DsaKey*, word32); + DsaKey* key, word32 inSz); WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); WOLFSSL_API int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header); diff --git a/source/libs/libwolfssl/wolfcrypt/ecc.h b/source/libs/libwolfssl/wolfcrypt/ecc.h index a969d5cc..ccbd5832 100644 --- a/source/libs/libwolfssl/wolfcrypt/ecc.h +++ b/source/libs/libwolfssl/wolfcrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,6 +62,18 @@ #include #endif +#if defined(WOLFSSL_KCAPI_ECC) + #include +#endif + +#ifdef WOLFSSL_SE050 + #include +#endif + +#if defined(WOLFSSL_XILINX_CRYPT_VERSAL) + #include +#endif + #ifdef WOLFSSL_HAVE_SP_ECC #include #endif @@ -164,8 +176,13 @@ enum { CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE, #endif ECC_MAX_CRYPTO_HW_SIZE = CRYPTOCELL_KEY_SIZE, +#elif defined(WOLFSSL_SE050) + ECC_MAX_CRYPTO_HW_SIZE = 66, +#elif defined(WOLFSSL_XILINX_CRYPT_VERSAL) + ECC_MAX_CRYPTO_HW_SIZE = MAX_ECC_BYTES, #endif + /* point compression type */ ECC_POINT_COMP_EVEN = 0x02, ECC_POINT_COMP_ODD = 0x03, @@ -174,12 +191,16 @@ enum { /* Shamir's dual add constants */ SHAMIR_PRECOMP_SZ = 16, -#ifdef WOLF_CRYPTO_CB +#ifdef WOLF_PRIVATE_KEY_ID ECC_MAX_ID_LEN = 32, ECC_MAX_LABEL_LEN = 32, #endif }; +#endif /* HAVE_ECC */ + +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448) || defined(WOLFCRYPT_HAVE_SAKKE) /* Curve Types */ typedef enum ecc_curve_id { ECC_CURVE_INVALID = -1, @@ -227,7 +248,6 @@ typedef enum ecc_curve_id { #ifdef HAVE_CURVE448 ECC_X448, #endif - #ifdef WOLFCRYPT_HAVE_SAKKE ECC_SAKKE_1, #endif @@ -237,6 +257,9 @@ typedef enum ecc_curve_id { #endif ECC_CURVE_MAX } ecc_curve_id; +#endif + +#ifdef HAVE_ECC #ifdef HAVE_OID_ENCODING typedef word16 ecc_oid_t; @@ -275,7 +298,7 @@ typedef struct ecc_set_type { } ecc_set_type; #else #define MAX_ECC_NAME 16 -#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1) +#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 2) /* The values are stored as text strings. */ typedef struct ecc_set_type { @@ -311,18 +334,19 @@ typedef struct ecc_set_type { * mp_ints for the components of the point. With ALT_ECC_SIZE, the components * of the point are pointers that are set to each of a three item array of * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the - * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and - * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well, - * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and - * fp_copy() use the size parameter. An int needs to be initialized before - * using it instead of just fp_zeroing it, the init will call zero. The - * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but + * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and + * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well, + * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and + * fp_copy() use the size parameter. An int needs to be initialized before + * using it instead of just fp_zeroing it, the init will call zero. The + * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but * can be set to change the number of bits used in the alternate FP_INT. * * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH. */ -#ifndef USE_FAST_MATH +#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH_ALL) && \ + !defined(WOLFSSL_SP_MATH) #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE #endif #ifdef WOLFSSL_NO_MALLOC @@ -341,6 +365,9 @@ typedef struct ecc_set_type { #endif /* verify alignment */ +#if CHAR_BIT == 0 + #error CHAR_BIT must be nonzero +#endif #if FP_MAX_BITS_ECC % CHAR_BIT #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT #endif @@ -377,7 +404,7 @@ typedef struct { mp_int* z; /* The z coordinate */ alt_fp_int xyz[3]; #endif -#ifdef WOLFSSL_SMALL_STACK_CACHE +#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif } ecc_point; @@ -385,9 +412,7 @@ typedef struct { /* ECC Flags */ enum { WC_ECC_FLAG_NONE = 0x00, -#ifdef HAVE_ECC_CDH WC_ECC_FLAG_COFACTOR = 0x01, -#endif WC_ECC_FLAG_DEC_SIGN = 0x02, }; @@ -421,11 +446,15 @@ struct ecc_key { ecc_point pubkey; /* public key */ mp_int k; /* private key */ -#ifdef WOLFSSL_QNX_CAAM +#ifdef WOLFSSL_CAAM word32 blackKey; /* address of key encrypted and in secure memory */ word32 securePubKey; /* address of public key in secure memory */ int partNum; /* partition number*/ #endif +#ifdef WOLFSSL_SE050 + word32 keyId; + byte keyIdSet; +#endif #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; @@ -442,7 +471,18 @@ struct ecc_key { */ byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE]; #endif - +#ifdef WOLFSSL_MAXQ10XX_CRYPTO + maxq_ecc_t maxq_ctx; +#endif +#ifdef WOLFSSL_KCAPI_ECC + struct kcapi_handle* handle; + byte pubkey_raw[MAX_ECC_BYTES * 2]; +#endif +#if defined(WOLFSSL_XILINX_CRYPT_VERSAL) + wc_Xsecure xSec; + byte keyRaw[3 * ECC_MAX_CRYPTO_HW_SIZE] ALIGN32; + byte* privKey; +#endif #ifdef WOLFSSL_ASYNC_CRYPT mp_int* r; /* sign/verify temps */ mp_int* s; @@ -455,7 +495,7 @@ struct ecc_key { CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ #endif #endif /* WOLFSSL_ASYNC_CRYPT */ -#ifdef WOLF_CRYPTO_CB +#ifdef WOLF_PRIVATE_KEY_ID byte id[ECC_MAX_ID_LEN]; int idLen; char label[ECC_MAX_LABEL_LEN]; @@ -466,14 +506,21 @@ struct ecc_key { #endif #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \ - defined(WOLFSSL_ECDSA_DETERMINISTIC_K) - mp_int *sign_k; + defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) +#ifndef WOLFSSL_NO_MALLOC + mp_int* sign_k; +#else + mp_int sign_k[1]; + byte sign_k_set:1; #endif -#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) +#endif +#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) byte deterministic:1; #endif -#ifdef WOLFSSL_SMALL_STACK_CACHE +#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) mp_int* t1; mp_int* t2; #ifdef ALT_ECC_SIZE @@ -495,8 +542,8 @@ struct ecc_key { }; -WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*); -WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*); +WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void* heap); +WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key); /* ECC predefined curve sets */ @@ -516,21 +563,19 @@ ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB, ecc_point* C, mp_int* a, mp_int* modulus, void* heap); -ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit); -ECC_API int ecc_map_ex(ecc_point*, mp_int*, mp_digit, int ct); +ECC_API int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp); +ECC_API int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct); ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp); ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp); -WOLFSSL_LOCAL -int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R, - mp_int* a, mp_int* modulus, mp_digit mp, int* infinity); -WOLFSSL_LOCAL -int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a, - mp_int* modulus, mp_digit mp); +ECC_API int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, + ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp, int* infinity); +ECC_API int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a, + mp_int* modulus, mp_digit mp); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); WOLFSSL_ABI WOLFSSL_API int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id); @@ -541,7 +586,7 @@ WOLFSSL_API int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); WOLFSSL_API int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_check_key(ecc_key* key); WOLFSSL_API int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); @@ -549,12 +594,10 @@ WOLFSSL_API int wc_ecc_get_generator(ecc_point* ecp, int curve_idx); #ifdef HAVE_ECC_DHE -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen); -WOLFSSL_LOCAL -int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point, - byte* out, word32 *outlen); + WOLFSSL_API int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen); @@ -575,7 +618,8 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, WOLFSSL_API int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s); -#ifdef WOLFSSL_ECDSA_DETERMINISTIC_K +#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) WOLFSSL_API int wc_ecc_set_deterministic(ecc_key* key, byte flag); WOLFSSL_API @@ -590,19 +634,19 @@ int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key); #endif /* HAVE_ECC_SIGN */ #ifdef HAVE_ECC_VERIFY -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, - word32 hashlen, int* stat, ecc_key* key); + word32 hashlen, int* res, ecc_key* key); WOLFSSL_API int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, - word32 hashlen, int* stat, ecc_key* key); + word32 hashlen, int* res, ecc_key* key); #endif /* HAVE_ECC_VERIFY */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_init(ecc_key* key); WOLFSSL_ABI WOLFSSL_API int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); -#ifdef WOLF_CRYPTO_CB +#ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, int devId); @@ -617,14 +661,12 @@ WOLFSSL_ABI WOLFSSL_API int wc_ecc_free(ecc_key* key); WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API void wc_ecc_fp_free(void); WOLFSSL_LOCAL void wc_ecc_fp_init(void); -#ifdef ECC_TIMING_RESISTANT WOLFSSL_API int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); -#endif WOLFSSL_API int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); @@ -681,10 +723,10 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx); WOLFSSL_API int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map); -WOLFSSL_LOCAL +ECC_API int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map, void* heap); -WOLFSSL_LOCAL +ECC_API int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, mp_int* order, WC_RNG* rng, int map, void* heap); @@ -693,10 +735,11 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #ifdef HAVE_ECC_KEY_EXPORT /* ASN key helpers */ -WOLFSSL_API -int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen); -WOLFSSL_API -int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed); +WOLFSSL_ABI WOLFSSL_API +int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen); +WOLFSSL_ABI WOLFSSL_API +int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, + int compressed); /* extended functionality with compressed option */ #endif /* HAVE_ECC_KEY_EXPORT */ @@ -706,13 +749,13 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); WOLFSSL_API int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, int curve_id); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key); WOLFSSL_API int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key, int curve_id); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); WOLFSSL_API int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, @@ -720,7 +763,7 @@ int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, WOLFSSL_API int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, const char* d, const char* curveName); WOLFSSL_API @@ -736,7 +779,7 @@ WOLFSSL_API int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, byte* qy, word32* qyLen, byte* d, word32* dLen, int encType); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); WOLFSSL_API int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, @@ -770,11 +813,11 @@ int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx, #endif /* HAVE_ECC_KEY_IMPORT */ /* size helper */ -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_size(ecc_key* key); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_sig_size_calc(int sz); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_sig_size(const ecc_key* key); WOLFSSL_API @@ -790,7 +833,9 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz); enum ecEncAlgo { ecAES_128_CBC = 1, /* default */ - ecAES_256_CBC = 2 + ecAES_256_CBC = 2, + ecAES_128_CTR = 3, + ecAES_256_CTR = 4 }; enum ecKdfAlgo { @@ -818,31 +863,43 @@ enum ecFlags { REQ_RESP_SERVER = 2 }; +#ifndef WOLFSSL_ECIES_GEN_IV_SIZE +#define WOLFSSL_ECIES_GEN_IV_SIZE 12 +#endif + typedef struct ecEncCtx ecEncCtx; -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); WOLFSSL_API ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap); -WOLFSSL_API -void wc_ecc_ctx_free(ecEncCtx*); -WOLFSSL_API -int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */ +WOLFSSL_ABI WOLFSSL_API +void wc_ecc_ctx_free(ecEncCtx* ctx); +WOLFSSL_ABI WOLFSSL_API +int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng); /* reset for use again w/o alloc/free */ WOLFSSL_API -const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); +int wc_ecc_ctx_set_algo(ecEncCtx* ctx, byte encAlgo, byte kdfAlgo, + byte macAlgo); WOLFSSL_API -int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt); +const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx); WOLFSSL_API -int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz); +int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); +WOLFSSL_API +int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); +WOLFSSL_API +int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, - word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); + word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); WOLFSSL_API +int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, + word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx, int compressed); +WOLFSSL_ABI WOLFSSL_API int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, - word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); + word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); #endif /* HAVE_ECC_ENCRYPT */ @@ -868,6 +925,13 @@ int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashL mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); #endif +#ifdef WOLFSSL_SE050 +WOLFSSL_API +int wc_ecc_use_key_id(ecc_key* key, word32 keyId, word32 flags); +WOLFSSL_API +int wc_ecc_get_key_id(ecc_key* key, word32* keyId); +#endif + #ifdef WC_ECC_NONBLOCK WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/ed25519.h b/source/libs/libwolfssl/wolfcrypt/ed25519.h index 6a41e6fd..41c19792 100644 --- a/source/libs/libwolfssl/wolfcrypt/ed25519.h +++ b/source/libs/libwolfssl/wolfcrypt/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -77,6 +77,12 @@ enum { #define WC_ED25519KEY_TYPE_DEFINED #endif +/* ED25519 Flags */ +enum { + WC_ED25519_FLAG_NONE = 0x00, + WC_ED25519_FLAG_DEC_SIGN = 0x01, +}; + /* An ED25519 Key */ struct ed25519_key { byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */ @@ -86,6 +92,12 @@ struct ed25519_key { byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif +#ifdef WOLFSSL_SE050 + word32 keyId; + word32 flags; + byte keyIdSet; +#endif + word16 privKeySet:1; word16 pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; @@ -130,18 +142,18 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, #ifdef HAVE_ED25519_VERIFY WOLFSSL_API int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* stat, ed25519_key* key); + word32 msgLen, int* res, ed25519_key* key); WOLFSSL_API int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* stat, ed25519_key* key, + word32 msgLen, int* res, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, - word32 hashLen, int* stat, ed25519_key* key, + word32 hashLen, int* res, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* stat, ed25519_key* key, + word32 msgLen, int* res, ed25519_key* key, const byte* context, byte contextLen); WOLFSSL_API int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, @@ -171,16 +183,22 @@ void wc_ed25519_free(ed25519_key* key); WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); WOLFSSL_API +int wc_ed25519_import_public_ex(const byte* in, word32 inLen, ed25519_key* key, + int trusted); +WOLFSSL_API int wc_ed25519_import_private_only(const byte* priv, word32 privSz, ed25519_key* key); WOLFSSL_API int wc_ed25519_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ed25519_key* key); +WOLFSSL_API +int wc_ed25519_import_private_key_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ed25519_key* key, int trusted); #endif /* HAVE_ED25519_KEY_IMPORT */ #ifdef HAVE_ED25519_KEY_EXPORT WOLFSSL_API -int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen); +int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen); WOLFSSL_API int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen); WOLFSSL_API diff --git a/source/libs/libwolfssl/wolfcrypt/ed448.h b/source/libs/libwolfssl/wolfcrypt/ed448.h index 37602bf1..17312556 100644 --- a/source/libs/libwolfssl/wolfcrypt/ed448.h +++ b/source/libs/libwolfssl/wolfcrypt/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -86,6 +86,7 @@ struct ed448_key { byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif + word16 privKeySet:1; word16 pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; @@ -137,19 +138,19 @@ int wc_ed448_verify_msg_update(const byte* msgSegment, word32 msgSegmentLen, ed448_key* key); WOLFSSL_API int wc_ed448_verify_msg_final(const byte* sig, word32 sigLen, - int* stat, ed448_key* key); + int* res, ed448_key* key); #endif /* WOLFSSL_ED448_STREAMING_VERIFY */ WOLFSSL_API int wc_ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* stat, ed448_key* key, + word32 msgLen, int* res, ed448_key* key, const byte* context, byte contextLen); WOLFSSL_API int wc_ed448ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, - word32 hashLen, int* stat, ed448_key* key, + word32 hashLen, int* res, ed448_key* key, const byte* context, byte contextLen); WOLFSSL_API int wc_ed448ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, - word32 msgLen, int* stat, ed448_key* key, + word32 msgLen, int* res, ed448_key* key, const byte* context, byte contextLen); #endif /* HAVE_ED448_VERIFY */ WOLFSSL_API @@ -163,16 +164,22 @@ void wc_ed448_free(ed448_key* key); WOLFSSL_API int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key); WOLFSSL_API +int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key, + int trusted); +WOLFSSL_API int wc_ed448_import_private_only(const byte* priv, word32 privSz, ed448_key* key); WOLFSSL_API int wc_ed448_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ed448_key* key); +WOLFSSL_API +int wc_ed448_import_private_key_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ed448_key* key, int trusted); #endif /* HAVE_ED448_KEY_IMPORT */ #ifdef HAVE_ED448_KEY_EXPORT WOLFSSL_API -int wc_ed448_export_public(ed448_key*, byte* out, word32* outLen); +int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen); WOLFSSL_API int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen); WOLFSSL_API diff --git a/source/libs/libwolfssl/wolfcrypt/error-crypt.h b/source/libs/libwolfssl/wolfcrypt/error-crypt.h index 48af52ca..f746c733 100644 --- a/source/libs/libwolfssl/wolfcrypt/error-crypt.h +++ b/source/libs/libwolfssl/wolfcrypt/error-crypt.h @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,7 +24,7 @@ */ /* DESCRIPTION -This library defines error codes and contians routines for setting and examining +This library defines error codes and contains routines for setting and examining the error status. */ @@ -35,7 +35,7 @@ the error status. #if defined(HAVE_FIPS) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) - #include + #include #endif /* HAVE_FIPS V1 */ #ifdef __cplusplus @@ -103,7 +103,6 @@ enum { ASN_SIG_HASH_E = -156, /* ASN sig error, unsupported hash type */ ASN_SIG_KEY_E = -157, /* ASN sig error, unsupported key type */ ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */ - ASN_NTRU_KEY_E = -159, /* ASN ntru key decode error, invalid input */ ASN_CRIT_EXT_E = -160, /* ASN unsupported critical extension */ ASN_ALT_NAME_E = -161, /* ASN alternate name error */ ASN_NO_PEM_HEADER = -162, /* ASN no PEM header found */ @@ -117,6 +116,7 @@ enum { NO_PASSWORD = -176, /* no password provided by user */ ALT_NAME_E = -177, /* alt name size problem, too big */ BAD_OCSP_RESPONDER = -178, /* missing key usage extensions */ + CRL_CERT_DATE_ERR = -179, /* CRL date error */ AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */ AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */ @@ -238,8 +238,26 @@ enum { MISSING_IV = -277, /* IV was not set */ MISSING_KEY = -278, /* Key was not set */ BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */ + ECDSA_KAT_FIPS_E = -280, /* ECDSA KAT failure */ + RSA_PAT_FIPS_E = -281, /* RSA Pairwise failure */ + KDF_TLS12_KAT_FIPS_E = -282, /* TLS12 KDF KAT failure */ + KDF_TLS13_KAT_FIPS_E = -283, /* TLS13 KDF KAT failure */ + KDF_SSH_KAT_FIPS_E = -284, /* SSH KDF KAT failure */ + DHE_PCT_E = -285, /* DHE Pairwise Consistency Test failure */ + ECC_PCT_E = -286, /* ECDHE Pairwise Consistency Test failure */ + FIPS_PRIVATE_KEY_LOCKED_E = -287, /* Cannot export private key. */ + PROTOCOLCB_UNAVAILABLE = -288, /* Protocol callback unavailable */ + AES_SIV_AUTH_E = -289, /* AES-SIV authentication failed */ + NO_VALID_DEVID = -290, /* no valid device ID */ - WC_LAST_E = -279, /* Update this to indicate last error */ + IO_FAILED_E = -291, /* Input/output failure */ + SYSLIB_FAILED_E = -292, /* System/library call failed */ + USE_HW_PSK = -293, /* Callback return to indicate HW has PSK */ + + ENTROPY_RT_E = -294, /* Entropy Repetition Test failed */ + ENTROPY_APT_E = -295, /* Entropy Adaptive Proportion Test failed */ + + WC_LAST_E = -295, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes @@ -255,7 +273,7 @@ enum { #else WOLFSSL_API void wc_ErrorString(int err, char* buff); -WOLFSSL_API const char* wc_GetErrorString(int error); +WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/falcon.h b/source/libs/libwolfssl/wolfcrypt/falcon.h new file mode 100644 index 00000000..39ebb2f5 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/falcon.h @@ -0,0 +1,144 @@ +/* falcon.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/falcon.h +*/ + +/* Interfaces for Falcon NIST Level 1 (Falcon512) and Falcon NIST Level 5 + * (Falcon1024). */ + +#ifndef WOLF_CRYPT_FALCON_H +#define WOLF_CRYPT_FALCON_H + +#include + +#if defined(HAVE_PQC) && defined(HAVE_FALCON) + +#ifdef HAVE_LIBOQS +#include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* Macros Definitions */ + +#ifdef HAVE_LIBOQS +#define FALCON_LEVEL1_KEY_SIZE OQS_SIG_falcon_512_length_secret_key +#define FALCON_LEVEL1_SIG_SIZE OQS_SIG_falcon_512_length_signature +#define FALCON_LEVEL1_PUB_KEY_SIZE OQS_SIG_falcon_512_length_public_key +#define FALCON_LEVEL1_PRV_KEY_SIZE (FALCON_LEVEL1_PUB_KEY_SIZE+FALCON_LEVEL1_KEY_SIZE) + +#define FALCON_LEVEL5_KEY_SIZE OQS_SIG_falcon_1024_length_secret_key +#define FALCON_LEVEL5_SIG_SIZE OQS_SIG_falcon_1024_length_signature +#define FALCON_LEVEL5_PUB_KEY_SIZE OQS_SIG_falcon_1024_length_public_key +#define FALCON_LEVEL5_PRV_KEY_SIZE (FALCON_LEVEL5_PUB_KEY_SIZE+FALCON_LEVEL5_KEY_SIZE) +#endif + +#define FALCON_MAX_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE +#define FALCON_MAX_SIG_SIZE FALCON_LEVEL5_SIG_SIZE +#define FALCON_MAX_PUB_KEY_SIZE FALCON_LEVEL5_PUB_KEY_SIZE +#define FALCON_MAX_PRV_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE + +/* Structs */ + +struct falcon_key { + bool pubKeySet; + bool prvKeySet; + byte level; + byte p[FALCON_MAX_PUB_KEY_SIZE]; + byte k[FALCON_MAX_PRV_KEY_SIZE]; +}; + +#ifndef WC_FALCONKEY_TYPE_DEFINED + typedef struct falcon_key falcon_key; + #define WC_FALCONKEY_TYPE_DEFINED +#endif + +/* Functions */ + +WOLFSSL_API +int wc_falcon_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, + falcon_key* key); +WOLFSSL_API +int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* res, falcon_key* key); + +WOLFSSL_API +int wc_falcon_init(falcon_key* key); +WOLFSSL_API +int wc_falcon_set_level(falcon_key* key, byte level); +WOLFSSL_API +int wc_falcon_get_level(falcon_key* key, byte* level); +WOLFSSL_API +void wc_falcon_free(falcon_key* key); + +WOLFSSL_API +int wc_falcon_import_public(const byte* in, word32 inLen, falcon_key* key); +WOLFSSL_API +int wc_falcon_import_private_only(const byte* priv, word32 privSz, + falcon_key* key); +WOLFSSL_API +int wc_falcon_import_private_key(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + falcon_key* key); + +WOLFSSL_API +int wc_falcon_export_public(falcon_key*, byte* out, word32* outLen); +WOLFSSL_API +int wc_falcon_export_private_only(falcon_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_falcon_export_private(falcon_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_falcon_export_key(falcon_key* key, byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); + +WOLFSSL_API +int wc_falcon_check_key(falcon_key* key); + +WOLFSSL_API +int wc_falcon_size(falcon_key* key); +WOLFSSL_API +int wc_falcon_priv_size(falcon_key* key); +WOLFSSL_API +int wc_falcon_pub_size(falcon_key* key); +WOLFSSL_API +int wc_falcon_sig_size(falcon_key* key); + +WOLFSSL_API int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx, + falcon_key* key, word32 inSz); +WOLFSSL_API int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx, + falcon_key* key, word32 inSz); +WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Falcon_PrivateKeyToDer(falcon_key* key, byte* output, + word32 inLen); +WOLFSSL_API int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output, + word32 inLen, int withAlg); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_PQC && HAVE_FALCON */ +#endif /* WOLF_CRYPT_FALCON_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/fe_448.h b/source/libs/libwolfssl/wolfcrypt/fe_448.h index 4664ce4b..1a3912c8 100644 --- a/source/libs/libwolfssl/wolfcrypt/fe_448.h +++ b/source/libs/libwolfssl/wolfcrypt/fe_448.h @@ -1,6 +1,6 @@ /* fe448_448.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -68,25 +68,25 @@ WOLFSSL_LOCAL void fe448_reduce(fe448*); #else #define fe448_reduce(a) #endif -WOLFSSL_LOCAL void fe448_neg(fe448*,const fe448*); -WOLFSSL_LOCAL void fe448_add(fe448*, const fe448*, const fe448*); -WOLFSSL_LOCAL void fe448_sub(fe448*, const fe448*, const fe448*); -WOLFSSL_LOCAL void fe448_mul(fe448*,const fe448*,const fe448*); -WOLFSSL_LOCAL void fe448_sqr(fe448*, const fe448*); -WOLFSSL_LOCAL void fe448_mul39081(fe448*, const fe448*); -WOLFSSL_LOCAL void fe448_invert(fe448*, const fe448*); +WOLFSSL_LOCAL void fe448_neg(fe448* r, const fe448* a); +WOLFSSL_LOCAL void fe448_add(fe448* r, const fe448* a, const fe448* b); +WOLFSSL_LOCAL void fe448_sub(fe448* r, const fe448* a, const fe448* b); +WOLFSSL_LOCAL void fe448_mul(fe448* r, const fe448* a, const fe448* b); +WOLFSSL_LOCAL void fe448_sqr(fe448* r, const fe448* a); +WOLFSSL_LOCAL void fe448_mul39081(fe448* r, const fe448* a); +WOLFSSL_LOCAL void fe448_invert(fe448* r, const fe448* a); -WOLFSSL_LOCAL void fe448_0(fe448*); -WOLFSSL_LOCAL void fe448_1(fe448*); -WOLFSSL_LOCAL void fe448_copy(fe448*, const fe448*); -WOLFSSL_LOCAL int fe448_isnonzero(const fe448*); -WOLFSSL_LOCAL int fe448_isnegative(const fe448*); +WOLFSSL_LOCAL void fe448_0(fe448* a); +WOLFSSL_LOCAL void fe448_1(fe448* a); +WOLFSSL_LOCAL void fe448_copy(fe448* d, const fe448* a); +WOLFSSL_LOCAL int fe448_isnonzero(const fe448* a); +WOLFSSL_LOCAL int fe448_isnegative(const fe448* a); -WOLFSSL_LOCAL void fe448_from_bytes(fe448*,const unsigned char *); -WOLFSSL_LOCAL void fe448_to_bytes(unsigned char *, const fe448*); +WOLFSSL_LOCAL void fe448_from_bytes(fe448* r, const unsigned char* b); +WOLFSSL_LOCAL void fe448_to_bytes(unsigned char* b, const fe448* a); -WOLFSSL_LOCAL void fe448_cmov(fe448*,const fe448*, int); -WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448*,const fe448*); +WOLFSSL_LOCAL void fe448_cmov(fe448* a, const fe448* b, int c); +WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448* r, const fe448* a); #else @@ -94,21 +94,21 @@ WOLFSSL_LOCAL void fe448_init(void); WOLFSSL_LOCAL int curve448(byte* r, const byte* n, const byte* a); #define fe448_reduce(a) -WOLFSSL_LOCAL void fe448_neg(word8*,const word8*); -WOLFSSL_LOCAL void fe448_add(word8*, const word8*, const word8*); -WOLFSSL_LOCAL void fe448_sub(word8*, const word8*, const word8*); -WOLFSSL_LOCAL void fe448_mul(word8*,const word8*,const word8*); -WOLFSSL_LOCAL void fe448_sqr(word8*, const word8*); -WOLFSSL_LOCAL void fe448_mul39081(word8*, const word8*); -WOLFSSL_LOCAL void fe448_invert(word8*, const word8*); -WOLFSSL_LOCAL void fe448_copy(word8*, const word8*); -WOLFSSL_LOCAL int fe448_isnonzero(const word8*); +WOLFSSL_LOCAL void fe448_neg(word8* r, const word8* a); +WOLFSSL_LOCAL void fe448_add(word8* r, const word8* a, const word8* b); +WOLFSSL_LOCAL void fe448_sub(word8* r, const word8* a, const word8* b); +WOLFSSL_LOCAL void fe448_mul(word8* r, const word8* a, const word8* b); +WOLFSSL_LOCAL void fe448_sqr(word8* r, const word8* a); +WOLFSSL_LOCAL void fe448_mul39081(word8* r, const word8* a); +WOLFSSL_LOCAL void fe448_invert(word8* r, const word8* a); WOLFSSL_LOCAL void fe448_norm(byte *a); +WOLFSSL_LOCAL void fe448_copy(word8* d, const word8* a); +WOLFSSL_LOCAL int fe448_isnonzero(const word8* a); -WOLFSSL_LOCAL void fe448_cmov(word8*,const word8*, int); -WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8*,const word8*); +WOLFSSL_LOCAL void fe448_cmov(word8* a, const word8* b, int c); +WOLFSSL_LOCAL void fe448_pow_2_446_222_1(word8* r, const word8* a); #endif /* !CURVE448_SMALL || !ED448_SMALL */ diff --git a/source/libs/libwolfssl/wolfcrypt/fe_operations.h b/source/libs/libwolfssl/wolfcrypt/fe_operations.h index 1f287a0e..9fbb646f 100644 --- a/source/libs/libwolfssl/wolfcrypt/fe_operations.h +++ b/source/libs/libwolfssl/wolfcrypt/fe_operations.h @@ -1,6 +1,6 @@ /* fe_operations.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -91,29 +91,29 @@ WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); typedef sword32 fe[10]; #endif -WOLFSSL_LOCAL void fe_copy(fe, const fe); -WOLFSSL_LOCAL void fe_add(fe, const fe, const fe); -WOLFSSL_LOCAL void fe_neg(fe,const fe); -WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe); -WOLFSSL_LOCAL void fe_invert(fe, const fe); -WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe); +WOLFSSL_LOCAL void fe_copy(fe h,const fe f); +WOLFSSL_LOCAL void fe_add(fe h,const fe f,const fe g); +WOLFSSL_LOCAL void fe_neg(fe h,const fe f); +WOLFSSL_LOCAL void fe_sub(fe h,const fe f,const fe g); +WOLFSSL_LOCAL void fe_invert(fe out,const fe z); +WOLFSSL_LOCAL void fe_mul(fe h,const fe f,const fe g); /* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10 work. */ -WOLFSSL_LOCAL void fe_0(fe); -WOLFSSL_LOCAL void fe_1(fe); -WOLFSSL_LOCAL int fe_isnonzero(const fe); -WOLFSSL_LOCAL int fe_isnegative(const fe); -WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe); -WOLFSSL_LOCAL void fe_sq(fe, const fe); -WOLFSSL_LOCAL void fe_sq2(fe,const fe); -WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *); -WOLFSSL_LOCAL void fe_cswap(fe, fe, int); -WOLFSSL_LOCAL void fe_mul121666(fe,fe); -WOLFSSL_LOCAL void fe_cmov(fe,const fe, int); -WOLFSSL_LOCAL void fe_pow22523(fe,const fe); +WOLFSSL_LOCAL void fe_0(fe h); +WOLFSSL_LOCAL void fe_1(fe h); +WOLFSSL_LOCAL int fe_isnonzero(const fe f); +WOLFSSL_LOCAL int fe_isnegative(const fe f); +WOLFSSL_LOCAL void fe_tobytes(unsigned char *s,const fe h); +WOLFSSL_LOCAL void fe_sq(fe h,const fe f); +WOLFSSL_LOCAL void fe_sq2(fe h,const fe f); +WOLFSSL_LOCAL void fe_frombytes(fe h,const unsigned char *s); +WOLFSSL_LOCAL void fe_cswap(fe f, fe g, int b); +WOLFSSL_LOCAL void fe_mul121666(fe h,fe f); +WOLFSSL_LOCAL void fe_cmov(fe f, const fe g, int b); +WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z); /* 64 type needed for SHA512 */ WOLFSSL_LOCAL word64 load_3(const unsigned char *in); @@ -164,7 +164,7 @@ WOLFSSL_LOCAL void fe_inv__distinct(byte *r, const byte *x); * undefined behavior. */ WOLFSSL_LOCAL void fe_select(byte *dst, const byte *zero, const byte *one, - byte condition); + byte condition); /* Multiply a point by a small constant. The two pointers are not * required to be distinct. @@ -188,11 +188,11 @@ WOLFSSL_LOCAL void fe_sqrt(byte *r, const byte *x); * undefined behavior. */ WOLFSSL_LOCAL void fprime_select(byte *dst, const byte *zero, const byte *one, - byte condition); + byte condition); WOLFSSL_LOCAL void fprime_add(byte *r, const byte *a, const byte *modulus); WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus); WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b, - const byte *modulus); + const byte *modulus); WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a); #endif /* CURVE25519_SMALL || ED25519_SMALL */ diff --git a/source/libs/libwolfssl/wolfcrypt/fips_test.h b/source/libs/libwolfssl/wolfcrypt/fips_test.h index b488817c..becb9a26 100644 --- a/source/libs/libwolfssl/wolfcrypt/fips_test.h +++ b/source/libs/libwolfssl/wolfcrypt/fips_test.h @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,8 +31,57 @@ extern "C" { #endif -/* Known Answer Test string inputs are hex, internal */ -WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int); +/* Added for FIPS v5.3 or later */ +#if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3) + /* Determine FIPS in core hash type and size */ + #ifndef NO_SHA256 + #define FIPS_IN_CORE_DIGEST_SIZE 32 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA256 + #define FIPS_IN_CORE_KEY_SZ 32 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ + #elif defined(WOLFSSL_SHA384) + #define FIPS_IN_CORE_DIGEST_SIZE 48 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA384 + #define FIPS_IN_CORE_KEY_SZ 48 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ + #else + #error No FIPS hash (SHA2-256 or SHA2-384) + #endif +#endif /* FIPS v5.3 or later */ + + +enum FipsCastId { + FIPS_CAST_AES_CBC, + FIPS_CAST_AES_GCM, + FIPS_CAST_HMAC_SHA1, + FIPS_CAST_HMAC_SHA2_256, + FIPS_CAST_HMAC_SHA2_512, + FIPS_CAST_HMAC_SHA3_256, + FIPS_CAST_DRBG, + FIPS_CAST_RSA_SIGN_PKCS1v15, + FIPS_CAST_ECC_CDH, + FIPS_CAST_ECC_PRIMITIVE_Z, + FIPS_CAST_DH_PRIMITIVE_Z, + FIPS_CAST_ECDSA, + FIPS_CAST_KDF_TLS12, + FIPS_CAST_KDF_TLS13, + FIPS_CAST_KDF_SSH, + FIPS_CAST_COUNT +}; + +enum FipsCastStateId { + FIPS_CAST_STATE_INIT, + FIPS_CAST_STATE_PROCESSING, + FIPS_CAST_STATE_SUCCESS, + FIPS_CAST_STATE_FAILURE +}; + +enum FipsModeId { + FIPS_MODE_INIT, + FIPS_MODE_NORMAL, + FIPS_MODE_DEGRADED, + FIPS_MODE_FAILED +}; /* FIPS failure callback */ @@ -47,9 +96,15 @@ WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void); #ifdef HAVE_FORCE_FIPS_FAILURE /* Public function to force failure mode for operational testing */ - WOLFSSL_API int wolfCrypt_SetStatus_fips(int); + WOLFSSL_API int wolfCrypt_SetStatus_fips(int status); #endif +WOLFSSL_LOCAL int DoPOST(char* base16_hash, int base16_hashSz); +WOLFSSL_LOCAL int DoCAST(int type); +WOLFSSL_LOCAL int DoKnownAnswerTests(char* base16_hash, int base16_hashSz); /* FIPSv1 and FIPSv2 */ + +WOLFSSL_API int wc_RunCast_fips(int type); +WOLFSSL_API int wc_GetCastStatus_fips(int type); #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/ge_448.h b/source/libs/libwolfssl/wolfcrypt/ge_448.h index 585ec541..a919b2ee 100644 --- a/source/libs/libwolfssl/wolfcrypt/ge_448.h +++ b/source/libs/libwolfssl/wolfcrypt/ge_448.h @@ -1,6 +1,6 @@ /* ge_448.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,18 +59,15 @@ typedef struct { } ge448_p2; -WOLFSSL_LOCAL int ge448_compress_key(byte*, const byte*, const byte*); -WOLFSSL_LOCAL int ge448_from_bytes_negate_vartime(ge448_p2 *, - const unsigned char *); +WOLFSSL_LOCAL int ge448_compress_key(byte* out, const byte* xIn, const byte* yIn); +WOLFSSL_LOCAL int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b); -WOLFSSL_LOCAL int ge448_double_scalarmult_vartime(ge448_p2 *, - const unsigned char *, - const ge448_p2 *, - const unsigned char *); -WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2 *, const unsigned char *); -WOLFSSL_LOCAL void sc448_reduce(byte*); -WOLFSSL_LOCAL void sc448_muladd(byte*, const byte*, const byte*, const byte*); -WOLFSSL_LOCAL void ge448_to_bytes(unsigned char *, const ge448_p2 *); +WOLFSSL_LOCAL int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a, + const ge448_p2 *A, const byte *b); +WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2* h, const byte* a); +WOLFSSL_LOCAL void sc448_reduce(byte* b); +WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d); +WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h); #ifndef ED448_SMALL diff --git a/source/libs/libwolfssl/wolfcrypt/ge_operations.h b/source/libs/libwolfssl/wolfcrypt/ge_operations.h index 9026c529..f5272209 100644 --- a/source/libs/libwolfssl/wolfcrypt/ge_operations.h +++ b/source/libs/libwolfssl/wolfcrypt/ge_operations.h @@ -1,6 +1,6 @@ /* ge_operations.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -73,16 +73,16 @@ typedef struct { WOLFSSL_LOCAL int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz); -WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); +WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s); -WOLFSSL_LOCAL int ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *, - const ge_p3 *,const unsigned char *); -WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *); +WOLFSSL_LOCAL int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, + const ge_p3 *A, const unsigned char *b); +WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *h,const unsigned char *a); WOLFSSL_LOCAL void sc_reduce(byte* s); WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c); -WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *); -WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *); +WOLFSSL_LOCAL void ge_tobytes(unsigned char *s,const ge_p2 *h); +WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *s,const ge_p3 *h); #ifndef ED25519_SMALL diff --git a/source/libs/libwolfssl/wolfcrypt/hash.h b/source/libs/libwolfssl/wolfcrypt/hash.h index fb13fa9c..f10e1106 100644 --- a/source/libs/libwolfssl/wolfcrypt/hash.h +++ b/source/libs/libwolfssl/wolfcrypt/hash.h @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -170,7 +170,7 @@ WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags); WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, @@ -184,66 +184,53 @@ WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash); #ifndef NO_SHA #include -WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); +WOLFSSL_API int wc_ShaHash(const byte* data, word32 len, byte* hash); #endif #ifdef WOLFSSL_SHA224 #include -WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte* hash); #endif /* defined(WOLFSSL_SHA224) */ #ifndef NO_SHA256 #include -WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte* hash); #endif #ifdef WOLFSSL_SHA384 #include -WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha384Hash(const byte* data, word32 len, byte* hash); #endif /* defined(WOLFSSL_SHA384) */ #ifdef WOLFSSL_SHA512 #include -WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha512Hash(const byte* data, word32 len, byte* hash); +WOLFSSL_API int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash); +WOLFSSL_API int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash); #endif /* WOLFSSL_SHA512 */ #ifdef WOLFSSL_SHA3 #include -WOLFSSL_API int wc_Sha3_224Hash(const byte*, word32, byte*); -WOLFSSL_API int wc_Sha3_256Hash(const byte*, word32, byte*); -WOLFSSL_API int wc_Sha3_384Hash(const byte*, word32, byte*); -WOLFSSL_API int wc_Sha3_512Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash); +WOLFSSL_API int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash); +WOLFSSL_API int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash); +WOLFSSL_API int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash); +#ifdef WOLFSSL_SHAKE128 +WOLFSSL_API int wc_Shake128Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); +#endif #ifdef WOLFSSL_SHAKE256 -WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32); +WOLFSSL_API int wc_Shake256Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); #endif #endif /* WOLFSSL_SHA3 */ #endif /* !NO_HASH_WRAPPER */ -enum max_prf { -#ifdef HAVE_FFDHE_8192 - MAX_PRF_HALF = 516, /* Maximum half secret len */ -#elif defined(HAVE_FFDHE_6144) - MAX_PRF_HALF = 388, /* Maximum half secret len */ -#else - MAX_PRF_HALF = 260, /* Maximum half secret len */ +#if defined(WOLFSSL_HASH_KEEP) +WOLFSSL_LOCAL int _wc_Hash_Grow(byte** msg, word32* used, word32* len, + const byte* in, int inSz, void* heap); #endif - MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ - MAX_PRF_DIG = 224 /* Maximum digest len */ -}; - -#ifdef WOLFSSL_HAVE_PRF -WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret, - word32 secLen, const byte* seed, word32 seedLen, int hash, - void* heap, int devId); -WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, - word32 secLen, const byte* label, word32 labLen, - const byte* seed, word32 seedLen, void* heap, int devId); -WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, - word32 secLen, const byte* label, word32 labLen, - const byte* seed, word32 seedLen, int useAtLeastSha256, - int hash_type, void* heap, int devId); -#endif /* WOLFSSL_HAVE_PRF */ #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/hc128.h b/source/libs/libwolfssl/wolfcrypt/hc128.h deleted file mode 100644 index 00b04000..00000000 --- a/source/libs/libwolfssl/wolfcrypt/hc128.h +++ /dev/null @@ -1,67 +0,0 @@ -/* hc128.h - * - * Copyright (C) 2006-2021 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! - \file wolfssl/wolfcrypt/hc128.h -*/ - - -#ifndef WOLF_CRYPT_HC128_H -#define WOLF_CRYPT_HC128_H - -#include - -#ifndef NO_HC128 - -#ifdef __cplusplus - extern "C" { -#endif - -enum { - HC128_ENC_TYPE = WC_CIPHER_HC128, /* cipher unique type */ -}; - -/* HC-128 stream cipher */ -typedef struct HC128 { - word32 T[1024]; /* P[i] = T[i]; Q[i] = T[1024 + i ]; */ - word32 X[16]; - word32 Y[16]; - word32 counter1024; /* counter1024 = i mod 1024 at the ith step */ - word32 key[8]; - word32 iv[8]; -#ifdef XSTREAM_ALIGN - void* heap; /* heap hint, currently XMALLOC only used with aligning */ -#endif -} HC128; - - -WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32); -WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv); - -WOLFSSL_LOCAL int wc_Hc128_SetHeap(HC128* ctx, void* heap); - -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* HAVE_HC128 */ -#endif /* WOLF_CRYPT_HC128_H */ - diff --git a/source/libs/libwolfssl/wolfcrypt/hmac.h b/source/libs/libwolfssl/wolfcrypt/hmac.h index 76e0c510..29978df1 100644 --- a/source/libs/libwolfssl/wolfcrypt/hmac.h +++ b/source/libs/libwolfssl/wolfcrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,15 +23,15 @@ \file wolfssl/wolfcrypt/hmac.h */ -#ifndef NO_HMAC - #ifndef WOLF_CRYPT_HMAC_H #define WOLF_CRYPT_HMAC_H #include +#ifndef NO_HMAC + #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) /* for fips @wc_fips */ #include #define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE @@ -39,8 +39,8 @@ #if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - #include + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include #endif #ifdef __cplusplus @@ -55,6 +55,10 @@ #include #endif +#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_HMAC) + #include +#endif + #ifndef NO_OLD_WC_NAMES #define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE #endif @@ -80,6 +84,12 @@ enum { #endif #ifndef WOLFSSL_SHA512 WC_SHA512 = WC_HASH_TYPE_SHA512, + #ifndef WOLFSSL_NOSHA512_224 + WC_SHA512_224 = WC_HASH_TYPE_SHA512_224, + #endif + #ifndef WOLFSSL_NOSHA512_256 + WC_SHA512_256 = WC_HASH_TYPE_SHA512_256, + #endif #endif #ifndef WOLFSSL_SHA384 WC_SHA384 = WC_HASH_TYPE_SHA384, @@ -93,7 +103,7 @@ enum { WC_SHA3_384 = WC_HASH_TYPE_SHA3_384, WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, #endif -#ifdef HAVE_PKCS11 +#ifdef WOLF_PRIVATE_KEY_ID HMAC_MAX_ID_LEN = 32, HMAC_MAX_LABEL_LEN = 32, #endif @@ -109,7 +119,7 @@ enum { #endif -/* hash union */ +/* hmac hash union */ typedef union { #ifndef NO_MD5 wc_Md5 md5; @@ -132,26 +142,32 @@ typedef union { #ifdef WOLFSSL_SHA3 wc_Sha3 sha3; #endif -} wc_Hmac_Hash; +} wc_HmacHash; /* Hmac digest */ struct Hmac { - wc_Hmac_Hash hash; + wc_HmacHash hash; word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)]; void* heap; /* heap hint */ byte macType; /* md5 sha or sha256 */ byte innerHashKeyed; /* keyed flag */ +#ifdef WOLFSSL_KCAPI_HMAC + struct kcapi_handle* handle; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_DEVCRYPTO_HMAC) + WC_CRYPTODEV ctx; +#endif #ifdef WOLF_CRYPTO_CB int devId; void* devCtx; const byte* keyRaw; #endif -#ifdef HAVE_PKCS11 +#ifdef WOLF_PRIVATE_KEY_ID byte id[HMAC_MAX_ID_LEN]; int idLen; char label[HMAC_MAX_LABEL_LEN]; @@ -171,19 +187,25 @@ struct Hmac { #endif /* HAVE_FIPS */ /* does init */ -WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); -WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32); -WOLFSSL_API int wc_HmacFinal(Hmac*, byte*); +WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz); +WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz); +WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* out); +#ifdef WOLFSSL_KCAPI_HMAC +WOLFSSL_API int wc_HmacSetKey_Software(Hmac* hmac, int type, const byte* key, + word32 keySz); +WOLFSSL_API int wc_HmacUpdate_Software(Hmac* hmac, const byte* in, word32 sz); +WOLFSSL_API int wc_HmacFinal_Software(Hmac* hmac, byte* out); +#endif WOLFSSL_API int wc_HmacSizeByType(int type); WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId); -#ifdef HAVE_PKCS11 +#ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap, int devId); WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap, int devId); #endif -WOLFSSL_API void wc_HmacFree(Hmac*); +WOLFSSL_API void wc_HmacFree(Hmac* hmac); WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); @@ -195,7 +217,7 @@ WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, const byte* inKey, word32 inKeySz, byte* out); WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, const byte* info, word32 infoSz, - byte* out, word32 outSz); + byte* out, word32 outSz); WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, const byte* salt, word32 saltSz, @@ -208,7 +230,5 @@ WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, } /* extern "C" */ #endif -#endif /* WOLF_CRYPT_HMAC_H */ - #endif /* NO_HMAC */ - +#endif /* WOLF_CRYPT_HMAC_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/idea.h b/source/libs/libwolfssl/wolfcrypt/idea.h deleted file mode 100644 index 44b8c4a3..00000000 --- a/source/libs/libwolfssl/wolfcrypt/idea.h +++ /dev/null @@ -1,70 +0,0 @@ -/* idea.h - * - * Copyright (C) 2006-2021 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! - \file wolfssl/wolfcrypt/idea.h -*/ - -#ifndef WOLF_CRYPT_IDEA_H -#define WOLF_CRYPT_IDEA_H - -#include - -#ifdef HAVE_IDEA - -#ifdef __cplusplus - extern "C" { -#endif - -enum { - IDEA_MODULO = 0x10001, /* 2^16+1 */ - IDEA_2EXP16 = 0x10000, /* 2^16 */ - IDEA_MASK = 0xFFFF, /* 16 bits set to one */ - IDEA_ROUNDS = 8, /* number of rounds for IDEA */ - IDEA_SK_NUM = (6*IDEA_ROUNDS + 4), /* number of subkeys */ - IDEA_KEY_SIZE = 16, /* size of key in bytes */ - IDEA_BLOCK_SIZE = 8, /* size of IDEA blocks in bytes */ - IDEA_IV_SIZE = 8, /* size of IDEA IV in bytes */ - IDEA_ENCRYPTION = 0, - IDEA_DECRYPTION = 1 -}; - -/* IDEA encryption and decryption */ -typedef struct Idea { - word32 reg[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ - word32 tmp[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ - word16 skey[IDEA_SK_NUM]; /* 832 bits expanded key */ -} Idea; - -WOLFSSL_API int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz, - const byte *iv, int dir); -WOLFSSL_API int wc_IdeaSetIV(Idea *idea, const byte* iv); -WOLFSSL_API int wc_IdeaCipher(Idea *idea, byte* out, const byte* in); -WOLFSSL_API int wc_IdeaCbcEncrypt(Idea *idea, byte* out, - const byte* in, word32 len); -WOLFSSL_API int wc_IdeaCbcDecrypt(Idea *idea, byte* out, - const byte* in, word32 len); -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* HAVE_IDEA */ -#endif /* WOLF_CRYPT_IDEA_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/integer.h b/source/libs/libwolfssl/wolfcrypt/integer.h index bc2a97fc..8f6cfdc5 100644 --- a/source/libs/libwolfssl/wolfcrypt/integer.h +++ b/source/libs/libwolfssl/wolfcrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -151,7 +151,7 @@ extern "C" { #define MP_DIGIT_MAX MP_MASK /* equalities */ -#define MP_LT -1 /* less than */ +#define MP_LT (-1) /* less than */ #define MP_EQ 0 /* equal to */ #define MP_GT 1 /* greater than */ @@ -159,9 +159,9 @@ extern "C" { #define MP_NEG 1 /* negative */ #define MP_OKAY 0 /* ok result */ -#define MP_MEM -2 /* out of mem */ -#define MP_VAL -3 /* invalid input */ -#define MP_NOT_INF -4 /* point not at infinity */ +#define MP_MEM (-2) /* out of mem */ +#define MP_VAL (-3) /* invalid input */ +#define MP_NOT_INF (-4) /* point not at infinity */ #define MP_RANGE MP_NOT_INF #define MP_YES 1 /* yes response */ @@ -235,7 +235,7 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO) #define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) #define mp_isword(a, w) \ - ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \ + ((((a)->used == 1) && ((a)->dp[0] == (w))) || (((w) == 0) && ((a)->used == 0)) \ ? MP_YES : MP_NO) /* number of primes */ @@ -254,7 +254,7 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); #endif #define mp_prime_random(a, t, size, bbs, cb, dat) \ - mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat) + mp_prime_random_ex(a, t, ((size) * 8) + 1, ((bbs)==1)?LTM_PRIME_BBS:0, cb, dat) #define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len)) #define mp_mag_size(mp) mp_unsigned_bin_size(mp) @@ -302,7 +302,7 @@ MP_API int mp_grow (mp_int * a, int size); MP_API int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d); MP_API void mp_zero (mp_int * a); MP_API void mp_clamp (mp_int * a); -MP_API void mp_exch (mp_int * a, mp_int * b); +MP_API int mp_exch (mp_int * a, mp_int * b); MP_API int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m); MP_API void mp_rshd (mp_int * a, int b); MP_API void mp_rshb (mp_int * a, int b); @@ -330,7 +330,7 @@ MP_API int mp_reduce_is_2k_l(mp_int *a); MP_API int mp_reduce_is_2k(mp_int *a); MP_API int mp_dr_is_modulus(mp_int *a); MP_API int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, - int); + int redmode); MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y); #define mp_exptmod_nct(G,X,P,Y) mp_exptmod_fast(G,X,P,Y,0) MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho); @@ -393,12 +393,12 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size); #if defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) MP_API int mp_prime_is_prime (mp_int * a, int t, int *result); - MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG*); + MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG* rng); #endif /* WOLFSSL_KEY_GEN NO_RSA NO_DSA NO_DH */ #ifdef WOLFSSL_KEY_GEN MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c); - MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); + MP_API int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap); #endif MP_API int mp_cnt_lsb(mp_int *a); diff --git a/source/libs/libwolfssl/wolfcrypt/kdf.h b/source/libs/libwolfssl/wolfcrypt/kdf.h new file mode 100644 index 00000000..f74c0d48 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/kdf.h @@ -0,0 +1,115 @@ +/* kdf.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/kdf.h +*/ + +#ifndef NO_KDF + +#ifndef WOLF_CRYPT_KDF_H +#define WOLF_CRYPT_KDF_H + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) + #include +#endif + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +enum max_prf { +#ifdef HAVE_FFDHE_8192 + MAX_PRF_HALF = 516, /* Maximum half secret len */ +#elif defined(HAVE_FFDHE_6144) + MAX_PRF_HALF = 388, /* Maximum half secret len */ +#else + MAX_PRF_HALF = 260, /* Maximum half secret len */ +#endif + MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ + MAX_PRF_DIG = 224 /* Maximum digest len */ +}; + + +#ifdef WOLFSSL_HAVE_PRF +WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret, + word32 secLen, const byte* seed, word32 seedLen, int hash, + void* heap, int devId); +WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, + word32 secLen, const byte* label, word32 labLen, + const byte* seed, word32 seedLen, void* heap, int devId); +WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, + word32 secLen, const byte* label, word32 labLen, + const byte* seed, word32 seedLen, int useAtLeastSha256, + int hash_type, void* heap, int devId); +#endif /* WOLFSSL_HAVE_PRF */ + +#ifdef HAVE_HKDF + +enum { +/* + MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + + OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + + OPAQUE8_LEN + WC_MAX_DIGEST_SIZE +*/ + MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE +}; + +WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen, + byte* ikm, int ikmLen, int digest); + +WOLFSSL_API int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen, + const byte* prk, word32 prkLen, + const byte* protocol, word32 protocolLen, + const byte* label, word32 labelLen, + const byte* info, word32 infoLen, + int digest); +#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) +WOLFSSL_API int wc_Tls13_HKDF_Expand_Label_Alloc(byte* okm, word32 okmLen, + const byte* prk, word32 prkLen, const byte* protocol, word32 protocolLen, + const byte* label, word32 labelLen, const byte* info, word32 infoLen, + int digest, void* heap); +#endif /* !defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3) */ + +#endif /* HAVE_HKDF */ + +#ifdef WOLFSSL_WOLFSSH + +WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId, + byte* key, word32 keySz, + const byte* k, word32 kSz, + const byte* h, word32 hSz, + const byte* sessionId, word32 sessionIdSz); + +#endif /* WOLFSSL_WOLFSSH */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_KDF_H */ + +#endif /* NO_KDF */ + diff --git a/source/libs/libwolfssl/wolfcrypt/logging.h b/source/libs/libwolfssl/wolfcrypt/logging.h index 450b0c12..22657b21 100644 --- a/source/libs/libwolfssl/wolfcrypt/logging.h +++ b/source/libs/libwolfssl/wolfcrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -105,19 +105,29 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API const char *wolfSSL_global_cflags(void); #endif + +#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && \ + !defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE) +#define WOLFSSL_HAVE_ERROR_QUEUE +#endif + #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_LOCAL int wc_LoggingInit(void); WOLFSSL_LOCAL int wc_LoggingCleanup(void); WOLFSSL_LOCAL int wc_AddErrorNode(int error, int line, char* buf, char* file); - WOLFSSL_LOCAL int wc_PeekErrorNode(int index, const char **file, + WOLFSSL_LOCAL int wc_PeekErrorNode(int idx, const char **file, const char **reason, int *line); - WOLFSSL_LOCAL void wc_RemoveErrorNode(int index); + WOLFSSL_LOCAL void wc_RemoveErrorNode(int idx); WOLFSSL_LOCAL void wc_ClearErrorNodes(void); WOLFSSL_LOCAL int wc_PullErrorNode(const char **file, const char **reason, int *line); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); + WOLFSSL_LOCAL unsigned long wc_PeekErrorNodeLineData( + const char **file, int *line, const char **data, int *flags, + int (*ignore_err)(int err)); + WOLFSSL_LOCAL unsigned long wc_GetErrorNodeErr(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str, @@ -156,7 +166,12 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #define WOLFSSL_STUB(m) \ WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void); - +#if !defined(_WIN32) && defined(XVSNPRINTF) + WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...); + #define HAVE_WOLFSSL_MSG_EX +#else + #define WOLFSSL_MSG_EX(...) +#endif WOLFSSL_API void WOLFSSL_MSG(const char* msg); WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); @@ -167,29 +182,36 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #define WOLFSSL_STUB(m) #define WOLFSSL_IS_DEBUG_ON() 0 - #define WOLFSSL_MSG(m) - #define WOLFSSL_BUFFER(b, l) + #define WOLFSSL_MSG_EX(...) do{} while(0) + #define WOLFSSL_MSG(m) do{} while(0) + #define WOLFSSL_BUFFER(b, l) do{} while(0) #endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */ #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) - #if (!defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && !defined(_WIN32))\ - || defined(DEBUG_WOLFSSL_VERBOSE) + #ifdef WOLFSSL_HAVE_ERROR_QUEUE WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, const char* file, void* ctx); #define WOLFSSL_ERROR(x) \ WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL) #else WOLFSSL_API void WOLFSSL_ERROR(int err); - #endif - WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg); + #endif /* WOLFSSL_HAVE_ERROR_QUEUE */ + WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg); #else #define WOLFSSL_ERROR(e) #define WOLFSSL_ERROR_MSG(m) -#endif +#endif /* DEBUG_WOLFSSL | OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA */ + +#ifdef WOLFSSL_VERBOSE_ERRORS +#define WOLFSSL_ERROR_VERBOSE(e) WOLFSSL_ERROR(e) +#else +#define WOLFSSL_ERROR_VERBOSE(e) (void)(e) +#endif /* WOLFSSL_VERBOSE_ERRORS */ #ifdef HAVE_STACK_SIZE_VERBOSE extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack; diff --git a/source/libs/libwolfssl/wolfcrypt/md2.h b/source/libs/libwolfssl/wolfcrypt/md2.h index d44b686c..9e3d2279 100644 --- a/source/libs/libwolfssl/wolfcrypt/md2.h +++ b/source/libs/libwolfssl/wolfcrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,10 +54,10 @@ typedef struct Md2 { } Md2; -WOLFSSL_API void wc_InitMd2(Md2*); -WOLFSSL_API void wc_Md2Update(Md2*, const byte*, word32); -WOLFSSL_API void wc_Md2Final(Md2*, byte*); -WOLFSSL_API int wc_Md2Hash(const byte*, word32, byte*); +WOLFSSL_API void wc_InitMd2(Md2* md2); +WOLFSSL_API void wc_Md2Update(Md2* md2, const byte* data, word32 len); +WOLFSSL_API void wc_Md2Final(Md2* md2, byte* hash); +WOLFSSL_API int wc_Md2Hash(const byte* data, word32 len, byte* hash); #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/md4.h b/source/libs/libwolfssl/wolfcrypt/md4.h index 2e37fdcb..ac31df75 100644 --- a/source/libs/libwolfssl/wolfcrypt/md4.h +++ b/source/libs/libwolfssl/wolfcrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -53,9 +53,9 @@ typedef struct Md4 { } Md4; -WOLFSSL_API void wc_InitMd4(Md4*); -WOLFSSL_API void wc_Md4Update(Md4*, const byte*, word32); -WOLFSSL_API void wc_Md4Final(Md4*, byte*); +WOLFSSL_API void wc_InitMd4(Md4* md4); +WOLFSSL_API void wc_Md4Update(Md4* md4, const byte* data, word32 len); +WOLFSSL_API void wc_Md4Final(Md4* md4, byte* hash); #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/md5.h b/source/libs/libwolfssl/wolfcrypt/md5.h index 99a75ccc..136dbd3a 100644 --- a/source/libs/libwolfssl/wolfcrypt/md5.h +++ b/source/libs/libwolfssl/wolfcrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,7 +42,7 @@ extern "C" { #endif -#if !defined(NO_OLD_MD5_NAME) +#ifndef NO_OLD_MD5_NAME #define MD5 WC_MD5 #endif @@ -100,30 +100,30 @@ typedef struct wc_Md5 { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif } wc_Md5; #endif /* WOLFSSL_TI_HASH */ -WOLFSSL_API int wc_InitMd5(wc_Md5*); -WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int); -WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32); -WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*); -WOLFSSL_API void wc_Md5Free(wc_Md5*); +WOLFSSL_API int wc_InitMd5(wc_Md5* md5); +WOLFSSL_API int wc_InitMd5_ex(wc_Md5* md5, void* heap, int devId); +WOLFSSL_API int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len); +WOLFSSL_API int wc_Md5Final(wc_Md5* md5, byte* hash); +WOLFSSL_API void wc_Md5Free(wc_Md5* md5); #ifdef OPENSSL_EXTRA -WOLFSSL_API int wc_Md5Transform(wc_Md5*, const byte*); +WOLFSSL_API int wc_Md5Transform(wc_Md5* md5, const byte* data); #endif -WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*); -WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*); +WOLFSSL_API int wc_Md5GetHash(wc_Md5* md5, byte* hash); +WOLFSSL_API int wc_Md5Copy(wc_Md5* src, wc_Md5* dst); #ifdef WOLFSSL_PIC32MZ_HASH WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Md5SetFlags(wc_Md5* md5, word32 flags); WOLFSSL_API int wc_Md5GetFlags(wc_Md5* md5, word32* flags); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/mem_track.h b/source/libs/libwolfssl/wolfcrypt/mem_track.h index 362ef396..7715eb6b 100644 --- a/source/libs/libwolfssl/wolfcrypt/mem_track.h +++ b/source/libs/libwolfssl/wolfcrypt/mem_track.h @@ -1,6 +1,6 @@ /* mem_track.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* Memory and stack use tracking */ + +#ifndef WOLFSSL_MEM_TRACK_H +#define WOLFSSL_MEM_TRACK_H + +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) /* The memory tracker overrides the wolfSSL memory callback system and uses a * static to track the total, peak and currently allocated bytes. @@ -54,370 +60,762 @@ * Free: 0x7fa14a500010 -> 120 at wc_FreeRng:606 */ +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/wolfcrypt/logging.h" -#ifndef WOLFSSL_MEM_TRACK_H -#define WOLFSSL_MEM_TRACK_H - -#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) - - #include "wolfssl/wolfcrypt/logging.h" - - #if defined(WOLFSSL_TRACK_MEMORY) - #define DO_MEM_STATS - #if defined(__linux__) || defined(__MACH__) - #define DO_MEM_LIST - #endif - #endif - - - typedef struct memoryStats { - long totalAllocs; /* number of allocations */ - long totalDeallocs; /* number of deallocations */ - long totalBytes; /* total number of bytes allocated */ - long peakBytes; /* concurrent max bytes */ - long currentBytes; /* total current bytes in use */ -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE - long peakAllocsTripOdometer; /* peak number of concurrent allocations, - * subject to reset by - * wolfCrypt_heap_peak_checkpoint() - */ - long peakBytesTripOdometer; /* peak concurrent bytes, subject to reset - * by wolfCrypt_heap_peak_checkpoint() - */ -#endif - } memoryStats; - - typedef struct memHint { - size_t thisSize; /* size of this memory */ - - #ifdef DO_MEM_LIST - struct memHint* next; - struct memHint* prev; - #ifdef WOLFSSL_DEBUG_MEMORY - const char* func; - unsigned int line; - #endif - #endif - void* thisMemory; /* actual memory for user */ - } memHint; - - typedef struct memoryTrack { - union { - memHint hint; - byte alignit[sizeof(memHint) + ((16-1) & ~(16-1))]; /* make sure we have strong alignment */ - } u; - } memoryTrack; - -#ifdef DO_MEM_LIST - /* track allocations and report at end */ - typedef struct memoryList { - memHint* head; - memHint* tail; - word32 count; - } memoryList; +#if defined(WOLFSSL_TRACK_MEMORY) || defined(HAVE_STACK_SIZE) || \ + defined(HAVE_STACK_SIZE_VERBOSE) +#include #endif #if defined(WOLFSSL_TRACK_MEMORY) - static memoryStats ourMemStats; - - #ifdef DO_MEM_LIST - #include - static memoryList ourMemList; - static pthread_mutex_t memLock = PTHREAD_MUTEX_INITIALIZER; + #define DO_MEM_STATS + #if defined(__linux__) || defined(__MACH__) + #define DO_MEM_LIST #endif #endif - /* if defined to not using inline then declare function prototypes */ - #ifdef NO_INLINE - #define WC_STATIC - #ifdef WOLFSSL_DEBUG_MEMORY - WOLFSSL_LOCAL void* TrackMalloc(size_t sz, const char* func, unsigned int line); - WOLFSSL_LOCAL void TrackFree(void* ptr, const char* func, unsigned int line); - WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line); - #else - WOLFSSL_LOCAL void* TrackMalloc(size_t sz); - WOLFSSL_LOCAL void TrackFree(void* ptr); - WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz); - #endif - WOLFSSL_LOCAL int InitMemoryTracker(void); - WOLFSSL_LOCAL void ShowMemoryTracker(void); - #else - #define WC_STATIC static - #endif - -#ifdef WOLFSSL_DEBUG_MEMORY - WC_STATIC WC_INLINE void* TrackMalloc(size_t sz, const char* func, unsigned int line) -#else - WC_STATIC WC_INLINE void* TrackMalloc(size_t sz) +typedef struct memoryStats { + long totalAllocs; /* number of allocations */ + long totalDeallocs; /* number of deallocations */ + long totalBytes; /* total number of bytes allocated */ + long peakBytes; /* concurrent max bytes */ + long currentBytes; /* total current bytes in use */ +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + long peakAllocsTripOdometer; /* peak number of concurrent allocations, + * subject to reset by + * wolfCrypt_heap_peak_checkpoint() + */ + long peakBytesTripOdometer; /* peak concurrent bytes, subject to reset + * by wolfCrypt_heap_peak_checkpoint() + */ #endif - { - memoryTrack* mt; - memHint* header; +} memoryStats; - if (sz == 0) - return NULL; - - mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); - if (mt == NULL) - return NULL; - - header = &mt->u.hint; - header->thisSize = sz; - header->thisMemory = (byte*)mt + sizeof(memoryTrack); +typedef struct memHint { + size_t thisSize; /* size of this memory */ +#ifdef DO_MEM_LIST + struct memHint* next; + struct memHint* prev; #ifdef WOLFSSL_DEBUG_MEMORY - #ifdef WOLFSSL_DEBUG_MEMORY_PRINT - printf("Alloc: %p -> %u at %s:%d\n", header->thisMemory, (word32)sz, func, line); + const char* func; + unsigned int line; + #endif +#endif + void* thisMemory; /* actual memory for user */ +} memHint; + +typedef struct memoryTrack { + union { + memHint hint; + byte alignit[sizeof(memHint) + ((16-1) & ~(16-1))]; /* make sure we have strong alignment */ + } u; +} memoryTrack; + +#ifdef DO_MEM_LIST +/* track allocations and report at end */ +typedef struct memoryList { + memHint* head; + memHint* tail; + word32 count; +} memoryList; +#endif + +#if defined(WOLFSSL_TRACK_MEMORY) +static memoryStats ourMemStats; + +#ifdef DO_MEM_LIST + #include + static memoryList ourMemList; + static pthread_mutex_t memLock = PTHREAD_MUTEX_INITIALIZER; +#endif +#endif + + +/* if defined to not using inline then declare function prototypes */ +#ifdef NO_INLINE + #define WC_STATIC + #ifdef WOLFSSL_DEBUG_MEMORY + WOLFSSL_LOCAL void* TrackMalloc(size_t sz, const char* func, unsigned int line); + WOLFSSL_LOCAL void TrackFree(void* ptr, const char* func, unsigned int line); + WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line); #else - (void)func; - (void)line; + WOLFSSL_LOCAL void* TrackMalloc(size_t sz); + WOLFSSL_LOCAL void TrackFree(void* ptr); + WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz); #endif - #endif - - #ifdef DO_MEM_STATS - ourMemStats.totalAllocs++; - ourMemStats.totalBytes += sz; - ourMemStats.currentBytes += sz; - #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE - if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - ourMemStats.totalDeallocs) - ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.totalDeallocs; - if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) { - ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes; - #endif - if (ourMemStats.currentBytes > ourMemStats.peakBytes) - ourMemStats.peakBytes = ourMemStats.currentBytes; - #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE - } - #endif - #endif - #ifdef DO_MEM_LIST - if (pthread_mutex_lock(&memLock) == 0) { - #ifdef WOLFSSL_DEBUG_MEMORY - header->func = func; - header->line = line; - #endif - - /* Setup event */ - header->next = NULL; - if (ourMemList.tail == NULL) { - ourMemList.head = header; - header->prev = NULL; - } - else { - ourMemList.tail->next = header; - header->prev = ourMemList.tail; - } - ourMemList.tail = header; /* add to the end either way */ - ourMemList.count++; - - pthread_mutex_unlock(&memLock); - } - #endif - - return header->thisMemory; - } - + WOLFSSL_LOCAL int InitMemoryTracker(void); + WOLFSSL_LOCAL void ShowMemoryTracker(void); +#else + #define WC_STATIC static +#endif #ifdef WOLFSSL_DEBUG_MEMORY - WC_STATIC WC_INLINE void TrackFree(void* ptr, const char* func, unsigned int line) +WC_STATIC WC_INLINE void* TrackMalloc(size_t sz, const char* func, unsigned int line) #else - WC_STATIC WC_INLINE void TrackFree(void* ptr) +WC_STATIC WC_INLINE void* TrackMalloc(size_t sz) #endif - { - memoryTrack* mt; - memHint* header; - size_t sz; +{ + memoryTrack* mt; + memHint* header; - if (ptr == NULL) { - return; - } + if (sz == 0) + return NULL; - mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); - header = &mt->u.hint; - sz = header->thisSize; +#ifdef FREERTOS + mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz); +#else + mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); +#endif + if (mt == NULL) + return NULL; - #ifdef DO_MEM_LIST - if (pthread_mutex_lock(&memLock) == 0) - { - #endif - - #ifdef DO_MEM_STATS - ourMemStats.currentBytes -= header->thisSize; - ourMemStats.totalDeallocs++; - #endif - - #ifdef DO_MEM_LIST - if (header == ourMemList.head && header == ourMemList.tail) { - ourMemList.head = NULL; - ourMemList.tail = NULL; - } - else if (header == ourMemList.head) { - ourMemList.head = header->next; - ourMemList.head->prev = NULL; - } - else if (header == ourMemList.tail) { - ourMemList.tail = header->prev; - ourMemList.tail->next = NULL; - } - else { - memHint* next = header->next; - memHint* prev = header->prev; - if (next) - next->prev = prev; - if (prev) - prev->next = next; - } - ourMemList.count--; - - pthread_mutex_unlock(&memLock); - } - #endif + header = &mt->u.hint; + header->thisSize = sz; + header->thisMemory = (byte*)mt + sizeof(memoryTrack); #ifdef WOLFSSL_DEBUG_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY_PRINT - printf("Free: %p -> %u at %s:%d\n", ptr, (word32)sz, func, line); + fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", header->thisMemory, (word32)sz, func, line); #else - (void)func; - (void)line; + (void)func; + (void)line; #endif #endif - (void)sz; - free(mt); +#ifdef DO_MEM_STATS + ourMemStats.totalAllocs++; + ourMemStats.totalBytes += sz; + ourMemStats.currentBytes += sz; + #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - ourMemStats.totalDeallocs) + ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.totalDeallocs; + if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) { + ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes; + #endif + if (ourMemStats.currentBytes > ourMemStats.peakBytes) + ourMemStats.peakBytes = ourMemStats.currentBytes; + #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE } + #endif +#endif +#ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) { + #ifdef WOLFSSL_DEBUG_MEMORY + header->func = func; + header->line = line; + #endif + + /* Setup event */ + header->next = NULL; + if (ourMemList.tail == NULL) { + ourMemList.head = header; + header->prev = NULL; + } + else { + ourMemList.tail->next = header; + header->prev = ourMemList.tail; + } + ourMemList.tail = header; /* add to the end either way */ + ourMemList.count++; + + pthread_mutex_unlock(&memLock); + } +#endif + + return header->thisMemory; +} #ifdef WOLFSSL_DEBUG_MEMORY - WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line) +WC_STATIC WC_INLINE void TrackFree(void* ptr, const char* func, unsigned int line) #else - WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz) +WC_STATIC WC_INLINE void TrackFree(void* ptr) #endif - { - #ifdef WOLFSSL_DEBUG_MEMORY - void* ret = TrackMalloc(sz, func, line); - #else - void* ret = TrackMalloc(sz); - #endif +{ + memoryTrack* mt; + memHint* header; + size_t sz; - if (ptr) { - /* if realloc is bigger, don't overread old ptr */ - memoryTrack* mt; - memHint* header; - - mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); - header = &mt->u.hint; - - if (header->thisSize < sz) - sz = header->thisSize; - } - - if (ret && ptr) - XMEMCPY(ret, ptr, sz); - - if (ret) { - #ifdef WOLFSSL_DEBUG_MEMORY - TrackFree(ptr, func, line); - #else - TrackFree(ptr); - #endif - } - - return ret; + if (ptr == NULL) { + return; } + mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); + header = &mt->u.hint; + sz = header->thisSize; + +#ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) + { +#endif + +#ifdef DO_MEM_STATS + ourMemStats.currentBytes -= header->thisSize; + ourMemStats.totalDeallocs++; +#endif + +#ifdef DO_MEM_LIST + if (header == ourMemList.head && header == ourMemList.tail) { + ourMemList.head = NULL; + ourMemList.tail = NULL; + } + else if (header == ourMemList.head) { + ourMemList.head = header->next; + ourMemList.head->prev = NULL; + } + else if (header == ourMemList.tail) { + ourMemList.tail = header->prev; + ourMemList.tail->next = NULL; + } + else { + memHint* next = header->next; + memHint* prev = header->prev; + if (next) + next->prev = prev; + if (prev) + prev->next = next; + } + ourMemList.count--; + + pthread_mutex_unlock(&memLock); + } +#endif + +#ifdef WOLFSSL_DEBUG_MEMORY +#ifdef WOLFSSL_DEBUG_MEMORY_PRINT + fprintf(stderr, "Free: %p -> %u at %s:%d\n", ptr, (word32)sz, func, line); +#else + (void)func; + (void)line; +#endif +#endif + (void)sz; + +#ifdef FREERTOS + vPortFree(mt); +#else + free(mt); +#endif +} + + +#ifdef WOLFSSL_DEBUG_MEMORY +WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line) +#else +WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz) +#endif +{ +#ifdef WOLFSSL_DEBUG_MEMORY + void* ret = TrackMalloc(sz, func, line); +#else + void* ret = TrackMalloc(sz); +#endif + + if (ptr) { + /* if realloc is bigger, don't overread old ptr */ + memoryTrack* mt; + memHint* header; + + mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); + header = &mt->u.hint; + + if (header->thisSize < sz) + sz = header->thisSize; + } + + if (ret && ptr) + XMEMCPY(ret, ptr, sz); + + if (ret) { + #ifdef WOLFSSL_DEBUG_MEMORY + TrackFree(ptr, func, line); + #else + TrackFree(ptr); + #endif + } + + return ret; +} + #ifdef WOLFSSL_TRACK_MEMORY - static wolfSSL_Malloc_cb mfDefault = NULL; - static wolfSSL_Free_cb ffDefault = NULL; - static wolfSSL_Realloc_cb rfDefault = NULL; +static wolfSSL_Malloc_cb mfDefault = NULL; +static wolfSSL_Free_cb ffDefault = NULL; +static wolfSSL_Realloc_cb rfDefault = NULL; - WC_STATIC WC_INLINE int InitMemoryTracker(void) - { - int ret; - - ret = wolfSSL_GetAllocators(&mfDefault, &ffDefault, &rfDefault); - if (ret < 0) { - printf("wolfSSL GetAllocators failed to get the defaults\n"); - } - ret = wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc); - if (ret < 0) { - printf("wolfSSL SetAllocators failed for track memory\n"); - return ret; - } - - #ifdef DO_MEM_LIST - if (pthread_mutex_lock(&memLock) == 0) - { - #endif - - #ifdef DO_MEM_STATS - ourMemStats.totalAllocs = 0; - ourMemStats.totalDeallocs = 0; - ourMemStats.totalBytes = 0; - ourMemStats.peakBytes = 0; - ourMemStats.currentBytes = 0; -#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE - ourMemStats.peakAllocsTripOdometer = 0; - ourMemStats.peakBytesTripOdometer = 0; -#endif - #endif - - #ifdef DO_MEM_LIST - XMEMSET(&ourMemList, 0, sizeof(ourMemList)); - - pthread_mutex_unlock(&memLock); - } - #endif +WC_STATIC WC_INLINE int InitMemoryTracker(void) +{ + int ret; + ret = wolfSSL_GetAllocators(&mfDefault, &ffDefault, &rfDefault); + if (ret < 0) { + fprintf(stderr, "wolfSSL GetAllocators failed to get the defaults\n"); + } + ret = wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc); + if (ret < 0) { + fprintf(stderr, "wolfSSL SetAllocators failed for track memory\n"); return ret; } - WC_STATIC WC_INLINE void ShowMemoryTracker(void) +#ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) { - #ifdef DO_MEM_LIST - if (pthread_mutex_lock(&memLock) == 0) - { - #endif +#endif - #ifdef DO_MEM_STATS - printf("total Allocs = %9ld\n", ourMemStats.totalAllocs); - printf("total Deallocs = %9ld\n", ourMemStats.totalDeallocs); - printf("total Bytes = %9ld\n", ourMemStats.totalBytes); - printf("peak Bytes = %9ld\n", ourMemStats.peakBytes); - printf("current Bytes = %9ld\n", ourMemStats.currentBytes); - #endif +#ifdef DO_MEM_STATS + ourMemStats.totalAllocs = 0; + ourMemStats.totalDeallocs = 0; + ourMemStats.totalBytes = 0; + ourMemStats.peakBytes = 0; + ourMemStats.currentBytes = 0; +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + ourMemStats.peakAllocsTripOdometer = 0; + ourMemStats.peakBytesTripOdometer = 0; +#endif +#endif - #ifdef DO_MEM_LIST - if (ourMemList.count > 0) { - /* print list of allocations */ - memHint* header; - for (header = ourMemList.head; header != NULL; header = header->next) { - printf("Leak: Ptr %p, Size %u" - #ifdef WOLFSSL_DEBUG_MEMORY - ", Func %s, Line %d" - #endif - "\n", - (byte*)header + sizeof(memHint), (unsigned int)header->thisSize - #ifdef WOLFSSL_DEBUG_MEMORY - , header->func, header->line - #endif - ); - } - } +#ifdef DO_MEM_LIST + XMEMSET(&ourMemList, 0, sizeof(ourMemList)); - pthread_mutex_unlock(&memLock); - } - #endif - } - - WC_STATIC WC_INLINE int CleanupMemoryTracker(void) - { - /* restore default allocators */ - return wolfSSL_SetAllocators(mfDefault, ffDefault, rfDefault); + pthread_mutex_unlock(&memLock); } #endif -#endif /* USE_WOLFSSL_MEMORY */ + return ret; +} + +WC_STATIC WC_INLINE void ShowMemoryTracker(void) +{ +#ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) + { +#endif + +#ifdef DO_MEM_STATS + fprintf(stderr, "total Allocs = %9ld\n", ourMemStats.totalAllocs); + fprintf(stderr, "total Deallocs = %9ld\n", ourMemStats.totalDeallocs); + fprintf(stderr, "total Bytes = %9ld\n", ourMemStats.totalBytes); + fprintf(stderr, "peak Bytes = %9ld\n", ourMemStats.peakBytes); + fprintf(stderr, "current Bytes = %9ld\n", ourMemStats.currentBytes); +#endif + +#ifdef DO_MEM_LIST + if (ourMemList.count > 0) { + /* print list of allocations */ + memHint* header; + for (header = ourMemList.head; header != NULL; header = header->next) { + fprintf(stderr, "Leak: Ptr %p, Size %u" + #ifdef WOLFSSL_DEBUG_MEMORY + ", Func %s, Line %d" + #endif + "\n", + (byte*)header + sizeof(memHint), (unsigned int)header->thisSize + #ifdef WOLFSSL_DEBUG_MEMORY + , header->func, header->line + #endif + ); + } + } + + pthread_mutex_unlock(&memLock); + } +#endif +} + +WC_STATIC WC_INLINE int CleanupMemoryTracker(void) +{ + /* restore default allocators */ + return wolfSSL_SetAllocators(mfDefault, ffDefault, rfDefault); +} +#endif /* WOLFSSL_TRACK_MEMORY */ + +#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_STATIC_MEMORY */ + + +#ifdef HAVE_STACK_SIZE + +#include +#include +#include +#include +#include + +#include +#include +#include + +typedef void* (*thread_func)(void* args); +#define STACK_CHECK_VAL 0x01 + +struct stack_size_debug_context { + unsigned char *myStack; + size_t stackSize; +#ifdef HAVE_STACK_SIZE_VERBOSE + size_t *stackSizeHWM_ptr; + thread_func fn; + void *args; +#endif +}; + +struct func_args; /* forward declaration */ + +#ifdef HAVE_STACK_SIZE_VERBOSE + +/* per-subtest stack high water mark tracking. + * + * enable with + * + * ./configure --enable-stacksize=verbose [...] + */ + +static void* debug_stack_size_verbose_shim( + struct stack_size_debug_context *shim_args) +{ + StackSizeCheck_myStack = shim_args->myStack; + StackSizeCheck_stackSize = shim_args->stackSize; + StackSizeCheck_stackSizeHWM_ptr = shim_args->stackSizeHWM_ptr; + return shim_args->fn(shim_args->args); +} + +static WC_INLINE int StackSizeSetOffset(const char *funcname, void *p) +{ + if (StackSizeCheck_myStack == NULL) + return -BAD_FUNC_ARG; + + StackSizeCheck_stackOffsetPointer = p; + + printf("setting stack relative offset reference mark in %s to +%lu\n", + funcname, (unsigned long)((char*)(StackSizeCheck_myStack + + StackSizeCheck_stackSize) - (char *)p)); + + return 0; +} + +static WC_INLINE ssize_t StackSizeHWM(void) +{ + size_t i; + ssize_t used; + + if (StackSizeCheck_myStack == NULL) + return -BAD_FUNC_ARG; + + for (i = 0; i < StackSizeCheck_stackSize; i++) { + if (StackSizeCheck_myStack[i] != STACK_CHECK_VAL) { + break; + } + } + + used = StackSizeCheck_stackSize - i; + if ((ssize_t)*StackSizeCheck_stackSizeHWM_ptr < used) + *StackSizeCheck_stackSizeHWM_ptr = used; + + return used; +} + +static WC_INLINE ssize_t StackSizeHWM_OffsetCorrected(void) +{ + ssize_t used = StackSizeHWM(); + if (used < 0) + return used; + if (StackSizeCheck_stackOffsetPointer) { + used -= (ssize_t)(((char *)StackSizeCheck_myStack + + StackSizeCheck_stackSize) - + (char *)StackSizeCheck_stackOffsetPointer); + } + return used; +} + +static +#ifdef __GNUC__ +__attribute__((unused)) __attribute__((noinline)) +#endif +int StackSizeHWMReset(void) +{ + volatile ssize_t i; + + if (StackSizeCheck_myStack == NULL) + return -BAD_FUNC_ARG; + + for (i = (ssize_t)((char *)&i - (char *)StackSizeCheck_myStack) - + (ssize_t)sizeof(i) - 1; i >= 0; --i) { + StackSizeCheck_myStack[i] = STACK_CHECK_VAL; + } + + return 0; +} + +#define STACK_SIZE_CHECKPOINT(...) ({ \ + ssize_t HWM = StackSizeHWM_OffsetCorrected(); \ + __VA_ARGS__; \ + printf(" relative stack peak usage = %ld bytes\n", (long int)HWM); \ + StackSizeHWMReset(); \ + }) + +#define STACK_SIZE_CHECKPOINT_MSG(msg) ({ \ + ssize_t HWM = StackSizeHWM_OffsetCorrected(); \ + fprintf(stderr, "%ld\t%s\n", (long int)HWM, msg); \ + StackSizeHWMReset(); \ + }) + +#define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) ({ \ + ssize_t HWM = StackSizeHWM_OffsetCorrected(); \ + int _ret; \ + __VA_ARGS__; \ + printf(" relative stack peak usage = %ld bytes\n", (long int)HWM); \ + _ret = StackSizeHWMReset(); \ + if ((max >= 0) && (HWM > (ssize_t)(max))) { \ + fprintf(stderr, \ + " relative stack usage at %s L%d exceeds designated max %ld bytes.\n", \ + __FILE__, __LINE__, (long int)(max)); \ + _ret = -1; \ + } \ + _ret; \ + }) + + +#if defined(__GNUC__) || defined(__clang__) +#define STACK_SIZE_INIT() \ + (void)StackSizeSetOffset(__FUNCTION__, __builtin_frame_address(0)) +#endif + +#endif /* HAVE_STACK_SIZE_VERBOSE */ + +static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf) +{ + size_t i; + int ret; + void* status; + unsigned char* myStack = NULL; + size_t stackSize = 1024*1024*2; + pthread_attr_t myAttr; + pthread_t threadId; +#ifdef HAVE_STACK_SIZE_VERBOSE + struct stack_size_debug_context shim_args; +#endif + +#ifdef PTHREAD_STACK_MIN + if (stackSize < PTHREAD_STACK_MIN) + stackSize = PTHREAD_STACK_MIN; +#endif + + ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); + if (ret != 0 || myStack == NULL) { + fprintf(stderr, "posix_memalign failed\n"); + return -1; + } + + XMEMSET(myStack, STACK_CHECK_VAL, stackSize); + + ret = pthread_attr_init(&myAttr); + if (ret != 0) { + fprintf(stderr, "attr_init failed\n"); + return ret; + } + + ret = pthread_attr_setstack(&myAttr, myStack, stackSize); + if (ret != 0) { + fprintf(stderr, "attr_setstackaddr failed\n"); + return ret; + } + +#ifdef HAVE_STACK_SIZE_VERBOSE + StackSizeCheck_stackSizeHWM = 0; + shim_args.myStack = myStack; + shim_args.stackSize = stackSize; + shim_args.stackSizeHWM_ptr = &StackSizeCheck_stackSizeHWM; + shim_args.fn = tf; + shim_args.args = args; + ret = pthread_create(&threadId, &myAttr, + (thread_func)debug_stack_size_verbose_shim, (void *)&shim_args); +#else + ret = pthread_create(&threadId, &myAttr, tf, args); +#endif + if (ret != 0) { + printf("ret = %d\n", ret); + perror("pthread_create failed"); + exit(EXIT_FAILURE); + } + + ret = pthread_join(threadId, &status); + if (ret != 0) { + fprintf(stderr, "pthread_join failed\n"); + return ret; + } + + for (i = 0; i < stackSize; i++) { + if (myStack[i] != STACK_CHECK_VAL) { + break; + } + } + + free(myStack); +#ifdef HAVE_STACK_SIZE_VERBOSE + printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i) + ? (unsigned long)StackSizeCheck_stackSizeHWM + : (unsigned long)(stackSize - i)); + StackSizeCheck_myStack = NULL; + StackSizeCheck_stackOffsetPointer = NULL; +#else + { + size_t used = stackSize - i; + printf("stack used = %lu\n", (unsigned long)used); + } +#endif + + return (int)((size_t)status); +} + +static WC_INLINE int StackSizeCheck_launch(struct func_args* args, + thread_func tf, pthread_t *threadId, void **stack_context) +{ + int ret; + unsigned char* myStack = NULL; + size_t stackSize = 1024*1024*2; + pthread_attr_t myAttr; + struct stack_size_debug_context* shim_args; + +#ifdef PTHREAD_STACK_MIN + if (stackSize < PTHREAD_STACK_MIN) + stackSize = PTHREAD_STACK_MIN; +#endif + + shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args); + if (shim_args == NULL) { + perror("malloc"); + return -1; + } + + ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); + if (ret != 0 || myStack == NULL) { + fprintf(stderr, "posix_memalign failed\n"); + free(shim_args); + return -1; + } + + XMEMSET(myStack, STACK_CHECK_VAL, stackSize); + + ret = pthread_attr_init(&myAttr); + if (ret != 0) { + fprintf(stderr, "attr_init failed\n"); + free(shim_args); + free(myStack); + return ret; + } + + ret = pthread_attr_setstack(&myAttr, myStack, stackSize); + if (ret != 0) { + fprintf(stderr, "attr_setstackaddr failed\n"); + } + + shim_args->myStack = myStack; + shim_args->stackSize = stackSize; +#ifdef HAVE_STACK_SIZE_VERBOSE + shim_args->stackSizeHWM_ptr = &StackSizeCheck_stackSizeHWM; + shim_args->fn = tf; + shim_args->args = args; + ret = pthread_create(threadId, &myAttr, + (thread_func)debug_stack_size_verbose_shim, (void *)shim_args); +#else + ret = pthread_create(threadId, &myAttr, tf, args); +#endif + if (ret != 0) { + fprintf(stderr,"pthread_create failed: %s",strerror(ret)); + exit(EXIT_FAILURE); + } + + *stack_context = (void *)shim_args; + + return 0; +} + +static WC_INLINE int StackSizeCheck_reap(pthread_t threadId, void *stack_context) +{ + struct stack_size_debug_context *shim_args = + (struct stack_size_debug_context *)stack_context; + size_t i; + void *status; + int ret = pthread_join(threadId, &status); + if (ret != 0) { + fprintf(stderr, "pthread_join failed\n"); + return ret; + } + + for (i = 0; i < shim_args->stackSize; i++) { + if (shim_args->myStack[i] != STACK_CHECK_VAL) { + break; + } + } + + free(shim_args->myStack); +#ifdef HAVE_STACK_SIZE_VERBOSE + printf("stack used = %lu\n", + *shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i) + ? (unsigned long)*shim_args->stackSizeHWM_ptr + : (unsigned long)(shim_args->stackSize - i)); +#else + { + size_t used = shim_args->stackSize - i; + printf("stack used = %lu\n", (unsigned long)used); + } +#endif + free(shim_args); + + return (int)((size_t)status); +} + + +#endif /* HAVE_STACK_SIZE */ + + +#ifdef STACK_TRAP + +/* good settings + ./configure --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME \ + -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP" + +*/ + +#ifdef HAVE_STACK_SIZE + /* client only for now, setrlimit will fail if pthread_create() called */ + /* STACK_SIZE does pthread_create() on client */ + #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail" +#endif /* HAVE_STACK_SIZE */ + +static WC_INLINE void StackTrap(void) +{ + struct rlimit rl; + if (getrlimit(RLIMIT_STACK, &rl) != 0) { + fprintf(stderr, "getrlimit failed\n"); + } + printf("rlim_cur = %llu\n", rl.rlim_cur); + rl.rlim_cur = 1024*21; /* adjust trap size here */ + if (setrlimit(RLIMIT_STACK, &rl) != 0) { + fprintf(stderr, "setrlimit failed\n"); + } +} + +#else /* STACK_TRAP */ + +static WC_INLINE void StackTrap(void) +{ +} + +#endif /* STACK_TRAP */ + +/* Stubs when not used */ +#ifndef STACK_SIZE_CHECKPOINT +#define STACK_SIZE_CHECKPOINT(...) (__VA_ARGS__) +#endif +#ifndef STACK_SIZE_CHECKPOINT_MSG +#define STACK_SIZE_CHECKPOINT_MSG(msg) +#endif +#ifndef STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK +#define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) (__VA_ARGS__, 0) +#endif +#ifndef STACK_SIZE_INIT +#define STACK_SIZE_INIT() +#endif #endif /* WOLFSSL_MEM_TRACK_H */ - diff --git a/source/libs/libwolfssl/wolfcrypt/memory.h b/source/libs/libwolfssl/wolfcrypt/memory.h index 14b575de..1706f36f 100644 --- a/source/libs/libwolfssl/wolfcrypt/memory.h +++ b/source/libs/libwolfssl/wolfcrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,7 +32,10 @@ #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM) #include #endif + +#ifndef WOLF_CRYPT_TYPES_H #include +#endif #ifdef __cplusplus extern "C" { @@ -42,6 +45,12 @@ WOLFSSL_API void wolfSSL_SetMemFailCount(int memFailCount); #endif +#ifdef OPENSSL_EXTRA + typedef void *(*wolfSSL_OSSL_Malloc_cb)(size_t, const char *, int); + typedef void (*wolfSSL_OSSL_Free_cb)(void *, const char *, int); + typedef void *(*wolfSSL_OSSL_Realloc_cb)(void *, size_t, const char *, int); +#endif /* OPENSSL_EXTRA */ + #ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type, const char* func, unsigned int line); @@ -80,12 +89,12 @@ #endif /* WOLFSSL_STATIC_MEMORY */ /* Public get/set functions */ -WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb, - wolfSSL_Free_cb, - wolfSSL_Realloc_cb); -WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, - wolfSSL_Free_cb*, - wolfSSL_Realloc_cb*); +WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, + wolfSSL_Free_cb ff, + wolfSSL_Realloc_cb rf); +WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, + wolfSSL_Free_cb* ff, + wolfSSL_Realloc_cb* rf); #ifdef WOLFSSL_STATIC_MEMORY #define WOLFSSL_STATIC_TIMEOUT 1 @@ -229,6 +238,14 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, __cyg_profile_func_exit(void *func, void *caller); #endif /* WOLFSSL_STACK_LOG */ +#ifdef WOLFSSL_CHECK_MEM_ZERO +WOLFSSL_LOCAL void wc_MemZero_Init(void); +WOLFSSL_LOCAL void wc_MemZero_Free(void); +WOLFSSL_LOCAL void wc_MemZero_Add(const char* name, const void* addr, + size_t len); +WOLFSSL_LOCAL void wc_MemZero_Check(void* addr, size_t len); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/misc.h b/source/libs/libwolfssl/wolfcrypt/misc.h index b359650f..d9aff2bd 100644 --- a/source/libs/libwolfssl/wolfcrypt/misc.h +++ b/source/libs/libwolfssl/wolfcrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,7 +66,7 @@ WOLFSSL_LOCAL void xorbuf(void*, const void*, word32); WOLFSSL_LOCAL -void ForceZero(const void*, word32); +void ForceZero(void*, word32); WOLFSSL_LOCAL int ConstantCompare(const byte*, const byte*, int); @@ -107,6 +107,9 @@ void ato24(const byte* c, word32* u24); void ato32(const byte* c, word32* u32); word32 btoi(byte b); +WOLFSSL_LOCAL signed char HexCharToByte(char ch); +WOLFSSL_LOCAL char ByteToHex(byte in); +WOLFSSL_LOCAL int ByteToHexStr(byte in, char* out); WOLFSSL_LOCAL byte ctMaskGT(int a, int b); WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); @@ -123,6 +126,27 @@ WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b); WOLFSSL_LOCAL byte ctSetLTE(int a, int b); +WOLFSSL_LOCAL void ctMaskCopy(byte mask, byte* dst, byte* src, word16 size); +WOLFSSL_LOCAL word32 MakeWordFromHash(const byte* hashID); +WOLFSSL_LOCAL word32 HashObject(const byte* o, word32 len, int* error); + +WOLFSSL_LOCAL void w64Increment(w64wrapper *n); +WOLFSSL_LOCAL void w64Decrement(w64wrapper *n); +WOLFSSL_LOCAL byte w64Equal(w64wrapper a, w64wrapper b); +WOLFSSL_LOCAL word32 w64GetLow32(w64wrapper n); +WOLFSSL_LOCAL word32 w64GetHigh32(w64wrapper n); +WOLFSSL_LOCAL void w64SetLow32(w64wrapper *n, word32 low); +WOLFSSL_LOCAL w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap); +WOLFSSL_LOCAL w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap); +WOLFSSL_LOCAL byte w64GT(w64wrapper a, w64wrapper b); +WOLFSSL_LOCAL byte w64IsZero(w64wrapper a); +WOLFSSL_LOCAL void c64toa(const w64wrapper *a, byte *out); +WOLFSSL_LOCAL void ato64(const byte *in, w64wrapper *w64); +WOLFSSL_LOCAL w64wrapper w64From32(word32 hi, word32 lo); +WOLFSSL_LOCAL byte w64GTE(w64wrapper a, w64wrapper b); +WOLFSSL_LOCAL byte w64LT(w64wrapper a, w64wrapper b); +WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b); +WOLFSSL_LOCAL void w64Zero(w64wrapper *a); #endif /* NO_INLINE */ diff --git a/source/libs/libwolfssl/wolfcrypt/mpi_class.h b/source/libs/libwolfssl/wolfcrypt/mpi_class.h index e04acc26..4e8eac21 100644 --- a/source/libs/libwolfssl/wolfcrypt/mpi_class.h +++ b/source/libs/libwolfssl/wolfcrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/mpi_superclass.h b/source/libs/libwolfssl/wolfcrypt/mpi_superclass.h index 91ebad82..963b77b5 100644 --- a/source/libs/libwolfssl/wolfcrypt/mpi_superclass.h +++ b/source/libs/libwolfssl/wolfcrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/pkcs11.h b/source/libs/libwolfssl/wolfcrypt/pkcs11.h index 09e2e684..cff0fddb 100644 --- a/source/libs/libwolfssl/wolfcrypt/pkcs11.h +++ b/source/libs/libwolfssl/wolfcrypt/pkcs11.h @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -346,6 +346,10 @@ typedef CK_FUNCTION_LIST_PTR* CK_FUNCTION_LIST_PTR_PTR; typedef CK_RV (*CK_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); +#ifdef HAVE_PKCS11_STATIC +CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); +#endif + struct CK_FUNCTION_LIST { CK_VERSION version; @@ -364,7 +368,7 @@ struct CK_FUNCTION_LIST { CK_MECHANISM_INFO_PTR pInfo); CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel); - CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, + CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen); CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, diff --git a/source/libs/libwolfssl/wolfcrypt/pkcs12.h b/source/libs/libwolfssl/wolfcrypt/pkcs12.h index 9d92f5ef..d18685cf 100644 --- a/source/libs/libwolfssl/wolfcrypt/pkcs12.h +++ b/source/libs/libwolfssl/wolfcrypt/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,6 +49,9 @@ enum { WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void); WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12); WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API int wc_d2i_PKCS12_fp(const char* file, WC_PKCS12** pkcs12); +#endif WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz); WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, diff --git a/source/libs/libwolfssl/wolfcrypt/pkcs7.h b/source/libs/libwolfssl/wolfcrypt/pkcs7.h index cbb66b30..22fa379a 100644 --- a/source/libs/libwolfssl/wolfcrypt/pkcs7.h +++ b/source/libs/libwolfssl/wolfcrypt/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -156,7 +156,7 @@ enum Pkcs7_Misc { MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE, #endif MAX_RECIP_SZ = MAX_VERSION_SZ + - MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + + MAX_SEQ_SZ + WC_ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, }; @@ -241,7 +241,9 @@ struct PKCS7 { byte* der; /* DER encoded version of message */ word32 derSz; #endif - byte* cert[MAX_PKCS7_CERTS]; + byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */ + byte* verifyCert; /* cert from array used for verify */ + word32 verifyCertSz; /* Encrypted-data Content Type */ byte* encryptionKey; /* block cipher encryption key */ @@ -331,6 +333,7 @@ struct PKCS7 { /* used by DecodeEnvelopedData with multiple encrypted contents */ byte* cachedEncryptedContent; word32 cachedEncryptedContentSz; + word16 contentCRLF:1; /* have content line endings been converted to CRLF */ /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; diff --git a/source/libs/libwolfssl/wolfcrypt/poly1305.h b/source/libs/libwolfssl/wolfcrypt/poly1305.h index 9c71b790..ba08a34a 100644 --- a/source/libs/libwolfssl/wolfcrypt/poly1305.h +++ b/source/libs/libwolfssl/wolfcrypt/poly1305.h @@ -1,6 +1,6 @@ /* poly1305.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,7 +48,7 @@ #define WC_HAS_GCC_4_4_64BIT #endif -#ifdef USE_INTEL_SPEEDUP +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) #elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) || \ defined(WC_HAS_GCC_4_4_64BIT)) #define POLY130564 @@ -67,7 +67,7 @@ enum { /* Poly1305 state */ typedef struct Poly1305 { -#ifdef USE_INTEL_SPEEDUP +#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) word64 r[3]; word64 h[3]; word64 pad[2]; @@ -84,8 +84,8 @@ typedef struct Poly1305 { #else #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ALIGN128 word32 r[5]; - ALIGN128 word32 r_2[5]; // r^2 - ALIGN128 word32 r_4[5]; // r^4 + ALIGN128 word32 r_2[5]; /* r^2 */ + ALIGN128 word32 r_4[5]; /* r^4 */ ALIGN128 word32 h[5]; word32 pad[4]; word64 leftover; @@ -110,7 +110,7 @@ typedef struct Poly1305 { WOLFSSL_API int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key, word32 kySz); -WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte*, word32); +WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes); WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag); /* AEAD Functions */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/source/libs/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index e3d2cc64..d5ca0862 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/source/libs/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1,6 +1,6 @@ /* esp32-crypt.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,31 +22,42 @@ #define __ESP32_CRYPT_H__ +#include "wolfssl/wolfcrypt/settings.h" + #include "esp_idf_version.h" #include "esp_types.h" #include "esp_log.h" #ifdef WOLFSSL_ESP32WROOM32_CRYPT_DEBUG -#undef LOG_LOCAL_LEVEL -#define LOG_LOCAL_LEVEL ESP_LOG_DEBUG + #undef LOG_LOCAL_LEVEL + #define LOG_LOCAL_LEVEL ESP_LOG_DEBUG #else -#undef LOG_LOCAL_LEVEL -#define LOG_LOCAL_LEVEL ESP_LOG_ERROR + #undef LOG_LOCAL_LEVEL + #define LOG_LOCAL_LEVEL ESP_LOG_DEBUG #endif #include #include "soc/dport_reg.h" #include "soc/hwcrypto_reg.h" -#include "soc/cpu.h" -#include "driver/periph_ctrl.h" -#if ESP_IDF_VERSION_MAJOR >= 4 -#include + +#if ESP_IDF_VERSION_MAJOR < 5 + #include "soc/cpu.h" +#endif + +#if ESP_IDF_VERSION_MAJOR >= 5 + #include "esp_private/periph_ctrl.h" #else -#include + #include "driver/periph_ctrl.h" +#endif + +#if ESP_IDF_VERSION_MAJOR >= 4 + #include +#else + #include #endif #ifdef __cplusplus -extern "C" { + extern "C" { #endif int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex); @@ -55,31 +66,31 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); #ifndef NO_AES -#if ESP_IDF_VERSION_MAJOR >= 4 -#include "esp32/rom/aes.h" -#else -#include "rom/aes.h" -#endif + #if ESP_IDF_VERSION_MAJOR >= 4 + #include "esp32/rom/aes.h" + #else + #include "rom/aes.h" + #endif -typedef enum tagES32_AES_PROCESS { - ESP32_AES_LOCKHW = 1, - ESP32_AES_UPDATEKEY_ENCRYPT = 2, - ESP32_AES_UPDATEKEY_DECRYPT = 3, - ESP32_AES_UNLOCKHW = 4 -} ESP32_AESPROCESS; + typedef enum tagES32_AES_PROCESS { + ESP32_AES_LOCKHW = 1, + ESP32_AES_UPDATEKEY_ENCRYPT = 2, + ESP32_AES_UPDATEKEY_DECRYPT = 3, + ESP32_AES_UNLOCKHW = 4 + } ESP32_AESPROCESS; -struct Aes; -int wc_esp32AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); -int wc_esp32AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); -int wc_esp32AesEncrypt(struct Aes *aes, const byte* in, byte* out); -int wc_esp32AesDecrypt(struct Aes *aes, const byte* in, byte* out); + struct Aes; /* see aes.h */ + int wc_esp32AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); + int wc_esp32AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); + int wc_esp32AesEncrypt(struct Aes *aes, const byte* in, byte* out); + int wc_esp32AesDecrypt(struct Aes *aes, const byte* in, byte* out); #endif #ifdef WOLFSSL_ESP32WROOM32_CRYPT_DEBUG -void wc_esp32TimerStart(); -uint64_t wc_esp32elapsedTime(); + void wc_esp32TimerStart(); + uint64_t wc_esp32elapsedTime(); #endif /* WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */ @@ -87,66 +98,107 @@ uint64_t wc_esp32elapsedTime(); defined(WOLFSSL_SHA512)) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) -/* RAW hash function APIs are not implemented with esp32 hardware acceleration*/ -#define WOLFSSL_NO_HASH_RAW -#define SHA_CTX ETS_SHAContext -#if ESP_IDF_VERSION_MAJOR >= 4 -#include "esp32/rom/sha.h" -#else -#include "rom/sha.h" -#endif -#undef SHA_CTX + /* RAW hash function APIs are not implemented with esp32 hardware acceleration*/ + #define WOLFSSL_NO_HASH_RAW + #define SHA_CTX ETS_SHAContext -typedef enum { - ESP32_SHA_INIT = 0, - ESP32_SHA_HW = 1, - ESP32_SHA_SW = 2, -} ESP32_DOSHA; + #if ESP_IDF_VERSION_MAJOR >= 4 + #include "esp32/rom/sha.h" + #else + #include "rom/sha.h" + #endif -typedef struct { - byte isfirstblock; - /* 0 , 1 hard, 2 soft */ - byte mode; - /* sha_type */ - enum SHA_TYPE sha_type; -} WC_ESP32SHA; + #undef SHA_CTX -int esp_sha_try_hw_lock(WC_ESP32SHA* ctx); -void esp_sha_hw_unlock( void ); + typedef enum { + ESP32_SHA_INIT = 0, + ESP32_SHA_HW = 1, + ESP32_SHA_SW = 2, + ESP32_SHA_FAIL_NEED_UNROLL = -1 + } ESP32_MODE; -struct wc_Sha; -int esp_sha_digest_process(struct wc_Sha* sha, byte bockprocess); -int esp_sha_process(struct wc_Sha* sha, const byte* data); + typedef struct { + byte isfirstblock; -#ifndef NO_SHA256 - struct wc_Sha256; - int esp_sha256_digest_process(struct wc_Sha256* sha, byte bockprocess); - int esp_sha256_process(struct wc_Sha256* sha, const byte* data); -#endif + ESP32_MODE mode; /* typically 0 init, 1 HW, 2 SW */ -#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) - struct wc_Sha512; - int esp_sha512_process(struct wc_Sha512* sha); - int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc); -#endif + /* we'll keep track of our own locks. + * actual enable/disable only occurs for ref_counts[periph] == 0 */ + int lockDepth; /* see ref_counts[periph] in periph_ctrl.c */ + + enum SHA_TYPE sha_type; + } WC_ESP32SHA; + + int esp_sha_try_hw_lock(WC_ESP32SHA* ctx); + int esp_sha_hw_unlock(WC_ESP32SHA* ctx); + + struct wc_Sha; + int esp_sha_digest_process(struct wc_Sha* sha, byte blockprocess); + int esp_sha_process(struct wc_Sha* sha, const byte* data); + + #ifndef NO_SHA256 + struct wc_Sha256; + int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess); + int esp_sha256_process(struct wc_Sha256* sha, const byte* data); + int esp32_Transform_Sha256_demo(struct wc_Sha256* sha256, const byte* data); + + + #endif + + /* TODO do we really call esp_sha512_process for WOLFSSL_SHA384 ? */ + #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + struct wc_Sha512; + int esp_sha512_process(struct wc_Sha512* sha); + int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc); + #endif #endif /* NO_SHA && */ + #if !defined(NO_RSA) || defined(HAVE_ECC) -#ifndef ESP_RSA_TIMEOUT - #define ESP_RSA_TIMEOUT 0xFFFFF -#endif + #if !defined(ESP_RSA_TIMEOUT_CNT) + #define ESP_RSA_TIMEOUT_CNT 0x249F00 + #endif -struct fp_int; -int esp_mp_mul(struct fp_int* X, struct fp_int* Y, struct fp_int* Z); -int esp_mp_exptmod(struct fp_int* G, struct fp_int* X, word32 Xbits, struct fp_int* P, - struct fp_int* Y); -int esp_mp_mulmod(struct fp_int* X, struct fp_int* Y, struct fp_int* M, - struct fp_int* Z); + /* operands can be up to 4096 bits long. + * here we store the bits in wolfSSL fp_int struct. + * see wolfCrypt tfm.h + */ + struct fp_int; + + + /* + * The parameter names in the Espressif implementation are arbitrary. + * + * The wolfSSL names come from DH: Y=G^x mod M (see wolfcrypt/tfm.h) + * + * G=base, X is the private exponent, Y is the public value w + **/ + + /* Z = (X ^ Y) mod M : Espressif generic notation */ + /* Y = (G ^ X) mod P : wolfSSL DH reference notation */ + int esp_mp_exptmod(struct fp_int* X, /* G */ + struct fp_int* Y, /* X */ + word32 Xbits, /* Ys typically = fp_count_bits (X) */ + struct fp_int* M, /* P */ + struct fp_int* Z); /* Y */ + + /* Z = X * Y */ + int esp_mp_mul(struct fp_int* X, + struct fp_int* Y, + struct fp_int* Z); + + + /* Z = X * Y (mod M) */ + int esp_mp_mulmod(struct fp_int* X, + struct fp_int* Y, + struct fp_int* M, + struct fp_int* Z); #endif /* NO_RSA || HAVE_ECC*/ +/* end c++ wrapper */ #ifdef __cplusplus } #endif diff --git a/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h b/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h new file mode 100644 index 00000000..70145748 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h @@ -0,0 +1,224 @@ +/* renesas-sce-crypt.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef __RENESAS_SCE_CRYPT_H__ +#define __RENESAS_SCE_CRYPT_H__ + +#include "r_sce.h" +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SCE_SESSIONKEY_NONCE_SIZE 8 +#define WOLFSSL_SCE_ILLEGAL_CIPHERSUITE -1 + +#define MAX_SCE_CBINDEX 5 + +typedef struct tagUser_SCEPKCbInfo { + /* unique number for each session */ + int devId; + + /* out from R_SCE_TLS_ServerKeyExchangeVerify */ + uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ]; + /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */ + sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key; + uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE]; + + uint32_t sce_masterSecret[SCE_TLS_MASTERSECRET_SIZE/4]; + uint8_t sce_clientRandom[SCE_TLS_CLIENTRANDOM_SZ]; + uint8_t sce_serverRandom[SCE_TLS_SERVERRANDOM_SZ]; + uint8_t sce_cipher; + + /* installed key handling */ + sce_aes_wrapped_key_t sce_wrapped_key_aes256; + uint8_t aes256_installedkey_set:1; + sce_aes_wrapped_key_t sce_wrapped_key_aes128; + uint8_t aes128_installedkey_set:1; + + /* flag whether encrypted ec key is set */ + uint8_t pk_key_set:1; + uint8_t session_key_set:1; + +} User_SCEPKCbInfo; + +typedef struct tagSCE_PKCbInfo { + User_SCEPKCbInfo *user_PKCbInfo[MAX_SCE_CBINDEX]; + uint32_t num_session; +} SCE_PKCbInfo; + +typedef struct +{ + uint8_t *encrypted_provisioning_key; + uint8_t *iv; + uint8_t *encrypted_user_tls_key; + uint32_t encrypted_user_tls_key_type; + sce_tls_ca_certification_public_wrapped_key_t user_rsa2048_tls_wrappedkey; +} sce_key_data; + +struct WOLFSSL; +struct WOLFSSL_CTX; +struct ecc_key; + +WOLFSSL_LOCAL int wc_sce_Open(); +WOLFSSL_LOCAL void wc_sce_Close(); +WOLFSSL_LOCAL int wc_sce_hw_lock(); +WOLFSSL_LOCAL void wc_sce_hw_unlock( void ); +WOLFSSL_LOCAL int wc_sce_usable(const struct WOLFSSL *ssl, + uint8_t session_key_generated); + +typedef struct { + sce_aes_wrapped_key_t sce_wrapped_key; + word32 keySize; + byte setup; +} SCE_AES_CTX; + +struct Aes; +WOLFSSL_LOCAL int wc_sce_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +WOLFSSL_LOCAL int wc_sce_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); + +WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz, + byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + void* ctx); + +WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + void* ctx); + +#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH) + +typedef enum { + SCE_SHA256 = 1, +} SCE_SHA_TYPE; + +typedef struct { + byte* msg; + void* heap; + word32 used; + word32 len; + word32 sha_type; +#if defined(WOLF_CRYPTO_CB) + word32 flags; + int devId; +#endif +} wolfssl_SCE_Hash; + +/* RAW hash function APIs are not implemented with SCE */ +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW + +typedef wolfssl_SCE_Hash wc_Sha256; + +#endif /* NO_SHA */ + + +WOLFSSL_LOCAL int wc_sce_tls_RootCertVerify( + const uint8_t* cert, uint32_t cert_len, + uint32_t key_n_start, uint32_t key_n_len, + uint32_t key_e_start, uint32_t key_e_len, + uint32_t cm_row); + +WOLFSSL_LOCAL int wc_sce_tls_CertVerify( + const uint8_t* cert, uint32_t certSz, + const uint8_t* signature, uint32_t sigSz, + uint32_t key_n_start, uint32_t key_n_len, + uint32_t key_e_start, uint32_t key_e_len, + uint8_t* sce_encRsaKeyIdx); + + +WOLFSSL_LOCAL int wc_sce_generatePremasterSecret( + uint8_t* premaster, + uint32_t preSz); + +WOLFSSL_LOCAL int wc_sce_generateEncryptPreMasterSecret( + struct WOLFSSL* ssl, + uint8_t* out, + uint32_t* outSz); + +WOLFSSL_LOCAL int wc_sce_Sha256GenerateHmac( + const struct WOLFSSL *ssl, + const uint8_t* myInner, + uint32_t innerSz, + const uint8_t* in, + uint32_t sz, + uint8_t* digest); + +WOLFSSL_LOCAL int wc_sce_Sha256VerifyHmac( + const struct WOLFSSL *ssl, + const uint8_t* message, + uint32_t messageSz, + uint32_t macSz, + uint32_t content); + +WOLFSSL_LOCAL int wc_sce_storeKeyCtx( + struct WOLFSSL* ssl, + User_SCEPKCbInfo* info); + +WOLFSSL_LOCAL int wc_sce_generateVerifyData( + const uint8_t* ms, /* master secret */ + const uint8_t* side, + const uint8_t* handshake_hash, + uint8_t* hashes /* out */); + +WOLFSSL_LOCAL int wc_sce_generateSessionKey( + struct WOLFSSL* ssl, + User_SCEPKCbInfo* cbInfo, + int devId); + +WOLFSSL_LOCAL int wc_sce_generateMasterSecret( + uint8_t cipherSuiteFirst, + uint8_t cipherSuite, + const uint8_t *pr, /* pre-master */ + const uint8_t *cr, /* client random */ + const uint8_t *sr, /* server random */ + uint8_t *ms); + +WOLFSSL_LOCAL int wc_SCE_RsaVerify(struct WOLFSSL* ssl, byte* sig, uint32_t sigSz, + uint8_t** out, const byte* key, uint32_t keySz, void* ctx); +WOLFSSL_LOCAL int wc_SCE_EccVerify(struct WOLFSSL* ssl, const uint8_t* sig, uint32_t sigSz, + const uint8_t* hash, uint32_t hashSz, const uint8_t* key, uint32_t keySz, + int* result, void* ctx); +/* Callback for EccShareSecret */ +WOLFSSL_LOCAL int SCE_EccSharedSecret(struct WOLFSSL* ssl, struct ecc_key* otherKey, + uint8_t* pubKeyDer, unsigned int* pubKeySz, + uint8_t* out, unsigned int* outlen, int side, void* ctx); + +/* user API */ +WOLFSSL_API void wc_sce_inform_user_keys( + uint8_t* encrypted_provisioning_key, + uint8_t* iv, + uint8_t* encrypted_user_tls_key, + uint32_t encrypted_user_tls_key_type); + +WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx); +WOLFSSL_API int wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); +WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign); + +#endif /* __RENESAS_SCE_CRYPT_H__ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index d2214647..93e5286f 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -1,6 +1,6 @@ /* renesas-tsip-crypt.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,15 +21,16 @@ #ifndef __RENESAS_TSIP_CRYPT_H__ #define __RENESAS_TSIP_CRYPT_H__ +#if !defined(WOLFCRYPT_ONLY) + #if defined(WOLFSSL_RENESAS_TSIP_IAREWRX) #include "r_bsp/mcu/all/r_rx_compiler.h" #include "r_bsp/platform.h" -#else - #include "platform.h" + #include "r_tsip_rx_if.h" #endif -#include "r_tsip_rx_if.h" #include +#include #ifdef __cplusplus extern "C" { @@ -37,6 +38,9 @@ extern "C" { #define TSIP_SESSIONKEY_NONCE_SIZE 8 +#define tsip_Sha256HmacVerify tsip_ShaXHmacVerify /* for backward compat */ +#define sce_tsip_checkCA tsip_checkCA + typedef enum { WOLFSSL_TSIP_NOERROR = 0, WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff, @@ -53,30 +57,341 @@ typedef enum { } wolfssl_TSIP_KEY_IV; enum { - l_TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, - l_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, - l_TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, - l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, + l_TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, + l_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, + l_TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, + l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, + l_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, + l_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, + l_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, + l_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, + l_TLS_AES_128_GCM_SHA256 = 0x01, + l_TLS_AES_128_CCM_SHA256 = 0x04, }; -#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) +enum { + ENCRYPTED_ECDHE_PUBKEY_SZ = 96, + ECCP256_PUBKEY_SZ = 64, + TSIP_TLS_CLIENTRANDOM_SZ = 32, + TSIP_TLS_SERVERRANDOM_SZ = 32, + TSIP_TLS_VERIFY_DATA_WD_SZ = 8, + TSIP_TLS_MAX_SIGDATA_SZ = 130, + TSIP_TEMP_WORK_SIZE = 128, +}; + +struct WOLFSSL; +struct KeyShareEntry; + +/* MsgBag stands for message bag and acts as a buffer for holding plain text + * handshake messages exchanged between client and server. + * MsgBag was introduced as a workaround for the TSIP's limitation that TSIP + * can not process multiple hash algorithms at the same time. If the + * limitation is resolved in a future TSIP, MsgBag should be removed. + * The contents in this MsgBag is used for transcript hashing. The hash value + * is used for the key derivation and Finished-message. + * The capacity of the MsgBag is defined as MSGBAG_SIZE and the actual + * size is 8KB. The size should be large enough to hold all the handshake + * messages including the server and client certificate messages. + */ +#define MSGBAG_SIZE (1024 * 8) +#define MAX_MSGBAG_MESSAGES 10 +typedef struct MsgBag +{ + int msgIdx; + int buffIdx; + byte msgTypes[MAX_MSGBAG_MESSAGES]; + byte buff[MSGBAG_SIZE]; +} MsgBag; + + +/* + * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format. + */ +typedef struct TsipUserCtx { + /* unique number for each session */ + int devId; + + /* 0:working as a TLS client, 1: as a server */ + byte side; + + /* public key index for verification of RootCA cert */ + uint32_t user_key_id; + + /* WOLFSSL object associated with */ + struct WOLFSSL* ssl; + struct WOLFSSL_CTX* ctx; + + /* HEAP_HINT */ + void* heap; + +#if (WOLFSSL_RENESAS_TSIP_VER >= 115) + /* TLSv1.3 handshake related members, mainly keys */ + + /* handle is used as work area for Tls13 handshake */ + tsip_tls13_handle_t handle13; + + /* RSA-2048bit private key-index for client authentication */ + tsip_rsa2048_private_key_index_t RsaPrivateKeyIdx; + + /* ECC P256 private key-index for client authentication */ + tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx; + + /* ECDHE private key index for Tls13 handshake */ + tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx; + + /* ECDHE pre-master secret */ + tsip_tls13_ephemeral_shared_secret_key_index_t sharedSecret13Idx; + + /* Handshake secret for Tls13 handshake */ + tsip_tls13_ephemeral_handshake_secret_key_index_t handshakeSecret13Idx; + + /* the key to decrypt server-finished message */ + tsip_tls13_ephemeral_server_finished_key_index_t serverFinished13Idx; + + /* key for Sha256-Hmac to gen "Client Finished" */ + tsip_hmac_sha_key_index_t clientFinished13Idx; + + /* AES decryption key for handshake */ + tsip_aes_key_index_t serverWriteKey13Idx; + + /* AES encryption key for handshake */ + tsip_aes_key_index_t clientWriteKey13Idx; + + /* Handshake verified data used for master secret */ + word32 verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ]; + + /* master secret for TLS1.3 */ + tsip_tls13_ephemeral_master_secret_key_index_t masterSecret13Idx; + + /* server app traffic secret */ + tsip_tls13_ephemeral_app_secret_key_index_t serverAppTraffic13Secret; + + /* client app traffic secret */ + tsip_tls13_ephemeral_app_secret_key_index_t clientAppTraffic13Secret; + + /* server write key */ + tsip_aes_key_index_t serverAppWriteKey13Idx; + + /* client write key */ + tsip_aes_key_index_t clientAppWriteKey13Idx; + + /* hash handle for transcript hash of handshake messages */ + tsip_hmac_sha_handle_t hmacFinished13Handle; + + /* storage for handshake messages */ + MsgBag messageBag; + + /* signature data area for TLS1.3 CertificateVerify message */ + byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ]; + + /* peer's Rsa 2046 bit public key index for CertificateVerify message */ + tsip_rsa2048_public_key_index_t serverRsa2048PubKey13Idx; + + /* peer's Ecc P256 public key index for CertificateVerify message */ + tsip_ecc_public_key_index_t serverEccP256PubKey13Idx; + +#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */ + +#if (WOLFSSL_RENESAS_TSIP_VER >=109) + /* out from R_SCE_TLS_ServerKeyExchangeVerify */ + uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ]; + + /* ephemeral ECDH pubkey index + * got from R_TSIP_GenerateTlsP256EccKeyIndex. + * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key. + */ + tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key; + + /* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit) + * got from R_TSIP_GenerateTlsP256EccKeyIndex. + * Should be sent to peer(server) in Client Key Exchange msg. + */ + uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ]; +#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */ + + /* info to generate session key */ + uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4]; + uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ]; + uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ]; + + /* installed key handling */ + tsip_aes_key_index_t user_aes256_key_index; + uint8_t user_aes256_key_set:1; + tsip_aes_key_index_t user_aes128_key_index; + uint8_t user_aes128_key_set:1; + + /* TSIP defined cipher suite number */ + uint32_t tsip_cipher; + + /* flags */ + uint8_t ClientRsaPrivKey_set:1; + uint8_t ClientEccPrivKey_set:1; + uint8_t HmacInitialized:1; + uint8_t RootCAverified:1; + uint8_t EcdsaPrivKey_set:1; + uint8_t Dhe_key_set:1; + uint8_t SharedSecret_set:1; + uint8_t EarlySecret_set:1; + uint8_t HandshakeSecret_set:1; + uint8_t HandshakeClientTrafficKey_set:1; + uint8_t HandshakeServerTrafficKey_set:1; + uint8_t HandshakeVerifiedData_set:1; + uint8_t MasterSecret_set:1; + uint8_t ServerTrafficSecret_set:1; + uint8_t ClientTrafficSecret_set:1; + uint8_t ServerWriteTrafficKey_set:1; + uint8_t ClientWriteTrafficKey_set:1; + uint8_t session_key_set:1; + + +} TsipUserCtx; + +typedef TsipUserCtx RenesasUserCtx; +typedef TsipUserCtx user_PKCbInfo; typedef struct { - uint8_t *encrypted_provisioning_key; - uint8_t *iv; - uint8_t *encrypted_user_tls_key; - uint32_t encrypted_user_tls_key_type; + TsipUserCtx* userCtx; +} TsipPKCbInfo; + + +#if (WOLFSSL_RENESAS_TSIP_VER >=109) + +typedef struct +{ + uint8_t * encrypted_provisioning_key; + uint8_t * iv; + uint8_t * encrypted_user_tls_key; + uint32_t encrypted_user_tls_key_type; + uint8_t * encrypted_user_private_key; + uint32_t encrypted_user_private_key_type; + tsip_ecc_private_key_index_t client_private_key_index; tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; } tsip_key_data; -void tsip_inform_user_keys_ex( - byte* provisioning_key, /* key got from DLM server */ - byte* iv, /* iv used for public key */ - byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/ - word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */ +#else +typedef struct +{ + uint8_t* encrypted_session_key; + uint8_t* iv; + uint8_t* encrypted_user_tls_key; + tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; +} tsip_key_data; -int tsip_generateMasterSecretEx( +#endif + +struct Aes; +struct WOLFSSL; +struct WOLFSSL_CTX; +struct wc_CryptoInfo; +/*----------------------------------------------------*/ +/* APIs */ +/*----------------------------------------------------*/ + +WOLFSSL_API void tsip_inform_cert_sign(const byte *sign); + +WOLFSSL_API void tsip_set_callbacks(struct WOLFSSL_CTX* ctx); + +WOLFSSL_API int tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); + +WOLFSSL_API int tsip_set_clientPrivateKeyEnc(const byte* key, int keyType); + +#if (WOLFSSL_RENESAS_TSIP_VER >=109) + +#define wc_tsip_inform_user_keys_ex tsip_inform_user_keys_ex +WOLFSSL_API void tsip_inform_user_keys_ex( + byte* provisioning_key, /* key got from DLM server */ + byte* iv, /* iv used for public key */ + byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/ + word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */ + +#else + +WOLFSSL_API void tsip_inform_user_keys( + byte* encrypted_session_key, + byte* iv, + byte* encrypted_user_tls_key); + +#endif + + +/*----------------------------------------------------*/ +/* internal use functions */ +/*----------------------------------------------------*/ +#if (WOLFSSL_RENESAS_TSIP_VER >=115) +#ifdef WOLF_CRYPTO_CB + +struct wc_CryptoInfo; + +WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl); + +WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data, + int sz); + +WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash, + int* sz); + +WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac); + +WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl, + struct KeyShareEntry* kse); + +WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl, + struct KeyShareEntry* kse); + +WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl); + +WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl); + +WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl, + int keyType, int side); + +WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl); + +WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeTrafficKeys(struct WOLFSSL* ssl); + +WOLFSSL_LOCAL int tsip_Tls13HandleFinished(struct WOLFSSL* ssl, + const byte* input, + word32* inOutIdx, + word32 size, + word32 totalSz); + +WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl, + byte* output, int outSz, + const byte* input, int inSz, + int type, + int hashOutput); + +WOLFSSL_LOCAL int tsip_Tls13SendFinished(struct WOLFSSL* ssl, + byte* output, + int outSz, + const byte* input, + int hashOutput); + +WOLFSSL_LOCAL int tsip_Tls13VerifyHandshake(struct WOLFSSL* ssl, + const byte* input, byte* hash, + word32* pHashSz); + +WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl, + byte* output, const byte* input, word16 sz); + +WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(struct WOLFSSL* ssl, + byte* output, const byte* input, word16 sz); + +WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, + const byte* input, word32* inOutIdx, + word32 totalSz); + +WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl); + +#endif /* WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_RENESAS_TSIP_VER >=115 */ + + +#if (WOLFSSL_RENESAS_TSIP_VER >=109) +WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, + void* ctx); +WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx( byte cipherSuiteFirst, byte cipherSuite, const byte* pr, /* pre-master */ @@ -84,133 +399,150 @@ int tsip_generateMasterSecretEx( const byte* sr, /* server random */ byte* ms); +#else -#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106) +WOLFSSL_LOCAL int wc_tsip_generateMasterSecret( + const byte *pre, + const byte *cr, + const byte *sr, + byte *ms); -typedef struct -{ - uint8_t *encrypted_session_key; - uint8_t *iv; - uint8_t *encrypted_user_tls_key; - tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; -} tsip_key_data; +#endif /* WOLFSSL_RENESAS_TSIP_VER */ -void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv, - byte *encrypted_user_tls_key); -int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr, - byte *ms); -#endif -struct WOLFSSL; +WOLFSSL_LOCAL int wc_tsip_storeKeyCtx( + WOLFSSL *ssl, + TsipUserCtx *userCtx); -int tsip_Open(); +WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret( + WOLFSSL* ssl, + byte* out, + word32* outSz); -void tsip_Close(); +WOLFSSL_LOCAL int wc_tsip_EccSharedSecret( + WOLFSSL* ssl, + struct ecc_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx); -int tsip_hw_lock(); +WOLFSSL_LOCAL int wc_tsip_RsaVerify( + WOLFSSL* ssl, + byte* sig, + word32 sigSz, + byte** out, + const byte* key, + word32 keySz, + void* ctx); -void tsip_hw_unlock( void ); +WOLFSSL_LOCAL int wc_tsip_EccVerify( + WOLFSSL* ssl, + const byte* sig, word32 sigSz, + const byte* hash, word32 hashSz, + const byte* key, word32 keySz, + int* result, void* ctx); -int tsip_usable(const struct WOLFSSL *ssl); +WOLFSSL_LOCAL int wc_tsip_generateVerifyData( + const uint8_t* masterSecret, + const uint8_t* side, + const uint8_t* handshake_hash, + uint8_t* hashes); -void tsip_inform_sflash_signedcacert( - const byte* ps_flash, - const byte* psigned_ca_cert, - word32 len); -void tsip_inform_cert_sign(const byte *sign); +WOLFSSL_LOCAL int wc_tsip_AesCbcEncrypt( + Aes* aes, + byte* out, + const byte* in, + word32 sz); -byte tsip_rootCAverified(); - -byte tsip_checkCA(word32 cmIdx); - -int tsip_tls_RootCertVerify( - const byte* cert, word32 cert_len, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - word32 cm_row); - -int tsip_tls_CertVerify( - const byte* cert, word32 certSz, - const byte* signature, word32 sigSz, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - byte* tsip_encRsaKeyIdx); - -void tsip_inform_key_position( - const word32 key_n_start, - const word32 key_n_len, - const word32 key_e_start, - const word32 key_e_len); - -int tsip_generatePremasterSecret( - byte* premaster, - word32 preSz); - -int tsip_generateEncryptPreMasterSecret( - struct WOLFSSL* ssl, - byte* out, - word32* outSz); - -int tsip_generateSeesionKey(struct WOLFSSL *ssl); - -int tsip_Sha256Hmac( - const struct WOLFSSL *ssl, - const byte* myInner, - word32 innerSz, - const byte* in, - word32 sz, - byte* digest, - word32 verify); - -int tsip_Sha1Hmac( - const struct WOLFSSL *ssl, - const byte* myInner, - word32 innerSz, - const byte* in, - word32 sz, - byte* digest, - word32 verify); +WOLFSSL_LOCAL int wc_tsip_AesCbcDecrypt( + Aes* aes, + byte* out, + const byte* in, + word32 sz); + +WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt( + Aes* aes, byte* out, + const byte* in, word32 sz, + byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + void* ctx); -#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ - !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt( + Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz, + void* ctx); -typedef enum { - TSIP_SHA1 = 0, - TSIP_SHA256 = 1, -} TSIP_SHA_TYPE; +WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify( + const WOLFSSL *ssl, + const byte* message, + word32 messageSz, + word32 macSz, + word32 content); -typedef struct { - byte* msg; - void* heap; - word32 used; - word32 len; - word32 sha_type; -} wolfssl_TSIP_Hash; +WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate( + const WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest); -/* RAW hash function APIs are not implemented with TSIP */ -#define WOLFSSL_NO_HASH_RAW +WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate( + const WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest); -typedef wolfssl_TSIP_Hash wc_Sha; +WOLFSSL_LOCAL int tsip_Open(); + +WOLFSSL_LOCAL void tsip_Close(); + +WOLFSSL_LOCAL int tsip_hw_lock(); + +WOLFSSL_LOCAL void tsip_hw_unlock( void ); + +WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl, + uint8_t session_key_generated); + +WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert( + const byte* ps_flash, + const byte* psigned_ca_cert, + word32 len); + +WOLFSSL_LOCAL byte tsip_rootCAverified(); + +WOLFSSL_LOCAL byte tsip_checkCA(word32 cmIdx); + +WOLFSSL_LOCAL int wc_tsip_tls_RootCertVerify( + const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + word32 cm_row); + +WOLFSSL_LOCAL int wc_tsip_tls_CertVerify( + const uint8_t* cert, uint32_t certSz, + const uint8_t* signature, uint32_t sigSz, + uint32_t key_n_start, uint32_t key_n_len, + uint32_t key_e_start, uint32_t key_e_len, + uint8_t* tsip_encRsaKeyIdx); + +WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret( + byte* premaster, + word32 preSz); + +WOLFSSL_LOCAL int wc_tsip_generateSessionKey( + WOLFSSL* ssl, + TsipUserCtx* ctx, + int devId); -#if !defined(NO_SHA256) - typedef wolfssl_TSIP_Hash wc_Sha256; -#endif -#endif /* NO_SHA */ -#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) - typedef struct { - tsip_aes_key_index_t tsip_keyIdx; - word32 keySize; - } TSIP_AES_CTX; - - struct Aes; - int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, - word32 sz); - int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, - word32 sz); - -#endif /* WOLFSSL_RENESAS_TSIP_TLS_AES */ #if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG) byte *ret2err(word32 ret); @@ -221,4 +553,5 @@ byte *ret2err(word32 ret); } #endif +#endif /* !WOLFCRYPT_ONLY */ #endif /* __RENESAS_TSIP_CRYPT_H__ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h new file mode 100644 index 00000000..e4c3c8ed --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h @@ -0,0 +1,77 @@ + +/* renesas_tsip_types.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef __RENESAS_TSIP_TYPES_H__ +#define __RENESAS_TSIP_TYPES_H__ + + +#include + +#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) +typedef enum { + TSIP_SHA1 = 0, + TSIP_SHA256 = 1, +} TSIP_SHA_TYPE; + +typedef enum { + TSIP_RSA2048, + TSIP_RSA4096, + TSIP_ECCP256, +} TSIP_KEY_TYPE; + +typedef struct { + byte* msg; + void* heap; + word32 used; + word32 len; + word32 sha_type; +#if defined(WOLF_CRYPTO_CB) + word32 flags; + int devId; +#endif +} wolfssl_TSIP_Hash; + +/* RAW hash function APIs are not implemented with TSIP */ +#define WOLFSSL_NO_HASH_RAW + +typedef wolfssl_TSIP_Hash wc_Sha; + +#if !defined(NO_SHA256) +typedef wolfssl_TSIP_Hash wc_Sha256; +#endif + +#endif /* NO_SHA */ + + +#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) +#include "r_tsip_rx_if.h" + +typedef struct { + tsip_aes_key_index_t tsip_keyIdx; + word32 keySize; + byte setup; +} TSIP_AES_CTX; + +#endif + +#endif /* __RENESAS_TSIP_TYPES_H__ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/source/libs/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h index 41a382a6..a90efa05 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h +++ b/source/libs/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h @@ -1,6 +1,6 @@ /* afalg_hash.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/source/libs/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h index 87bff31f..60a6bff3 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h +++ b/source/libs/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h @@ -1,6 +1,6 @@ /* wc_afalg.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h b/source/libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h index 387ecff1..315c3510 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h +++ b/source/libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h @@ -1,6 +1,6 @@ /* cryptoCell.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h b/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h index 950e9192..8009dd77 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h +++ b/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h @@ -1,6 +1,6 @@ /* atmel.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/caam_driver.h b/source/libs/libwolfssl/wolfcrypt/port/caam/caam_driver.h index 8ab6cc34..35ec59d2 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/caam_driver.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/caam_driver.h @@ -1,6 +1,6 @@ /* caam_driver.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,6 +31,14 @@ #define CAAM_PAGE 0xf0100000 #endif +#ifdef WOLFSSL_CAAM_PRINT + #include + #define WOLFSSL_MSG(in) printf("%s\n", (in)) + void DEBUG_PRINT_ARRAY(void* a, int aSz, char* str); +#else + #define WOLFSSL_MSG(in) + #define DEBUG_PRINT_ARRAY(a,aSz,str) +#endif #define CAAM_PAGE_MAX 6 @@ -41,6 +49,15 @@ #define CAAM_JOBRING_SIZE 1 #endif +/* black key stored in secure memory location */ +#define CAAM_BLACK_KEY_SM 1 + +/* black key encrypted with AES-CCM (has MAC) */ +#define CAAM_BLACK_KEY_CCM 2 + +/* black key encrypted with AES-ECB (no MAC) */ +#define CAAM_BLACK_KEY_ECB 3 + /****************************************************************************** Basic Descriptors ****************************************************************************/ @@ -82,6 +99,7 @@ #define CAAM_ALG_INITF 0x0000000C #define CAAM_ALG_UPDATE 0x00000000 #define CAAM_ALG_FINAL 0x00000008 +#define CAAM_ALG_IVC 0x00000002 /* AES 10h */ #define CAAM_AESCTR 0x00100000 @@ -91,6 +109,7 @@ #define CAAM_AESOFB 0x00100400 #define CAAM_CMAC 0x00100600 #define CAAM_AESCCM 0x00100800 +#define CAAM_AESGCM 0x00100900 /* HASH 40h */ #define CAAM_MD5 0x00400000 @@ -130,8 +149,8 @@ /* key encryption bit */ #define CAAM_PKHA_ECC 0x00000002 -#define CAAM_PKHA_ENC_PRI_AESCBC 0x00000004 -#define CAAM_PKHA_ENC_PRI_AESCCM (0x00000010 | CAAM_PKHA_ENC_PRI_AESCBC) +#define CAAM_PKHA_ENC_PRI_AESECB 0x00000004 +#define CAAM_PKHA_ENC_PRI_AESCCM (0x00000010 | CAAM_PKHA_ENC_PRI_AESECB) #define CAAM_PKHA_NO_TIMING_RESISTANCE 0x40000000 #define CAAM_LOAD_BLACK_KEY 0x500000 @@ -154,12 +173,16 @@ #define CAAM_ENTROPY 0x00500001 #define FIFOL_TYPE_MSG 0x00100000 +#define FIFOL_TYPE_IV 0x00200000 +#define FIFOL_TYPE_IVC 0x00380000 #define FIFOL_TYPE_AAD 0x00300000 #define FIFOL_TYPE_FC1 0x00010000 #define FIFOL_TYPE_LC1 0x00020000 #define FIFOL_TYPE_LC2 0x00040000 #define FIFOS_TYPE_MSG 0x00300000 +#define FIFOS_TYPE_RNG 0x00340000 +#define FIFOS_EXT 0x00400000 /* continue bit set if more output is expected */ #define CAAM_FIFOS_CONT 0x00800000 @@ -212,44 +235,40 @@ #define CAAM_ENTVAL 0x00000400 /* checking RTMCTL for entropy ready */ /* Input Job Ring Registers */ -#define CAAM_IRBAR0 0x1004 - //0x1004 -#define CAAM_IRSR0 0x100C -#define CAAM_IRJAR0 0x101C +#define CAAM_IRBAR0 0x0004 +#define CAAM_IRSR0 0x000C +#define CAAM_IRJAR0 0x001C -#define CAAM_IRBAR2 0x3000 +#define CAAM_IRBAR2 0x3004 #define CAAM_IRSR2 0x300C #define CAAM_IRJAR2 0x301C -#define CAAM_IRSAR_JR2 0x3014 - - +#define CAAM_IRSAR_JR 0x0014 /* Output Job Ring Registers */ -#define CAAM_ORBAR0 0x1024 - //0x1024 -#define CAAM_ORSR0 0x102C -#define CAAM_ORJAR0 0x103C +#define CAAM_ORBAR 0x0024 +#define CAAM_ORSR0 0x002C +#define CAAM_ORJAR 0x003C +#define CAAM_ORJRR 0x0034 - -#define CAAM_ORBAR2 0x3024 - //0x1024 -#define CAAM_ORSR2 0x302C -#define CAAM_ORJAR2 0x303C - -#define JRCFGR_JR0_LS 0x1054 +#define JRCFGR_JR 0x0054 +#define JRCR_JR 0x006C /* Status Registers */ #define CAAM_STATUS 0x0FD4 -#define CAAM_VERSION_MS 0x0FE8 -#define CAAM_VERSION_LS 0x0FEC -#define CAMM_SUPPORT_MS 0x0FF0 -#define CAMM_SUPPORT_LS 0x0FF4 +#define CAAM_CHA_VERSION_MS 0x0FE8 +#define CAAM_CHA_VERSION_LS 0x0FEC +#define CAMM_CHA_SUPPORT_MS 0x0FF0 +#define CAMM_CHA_SUPPORT_LS 0x0FF4 +#define CAAM_VERSION_MS 0x0FF8 +#define CAAM_VERSION_LS 0x0FFC +#define CAAM_CHA_CCBVID 0x0FE4 -#define CAAM_SM_CMD 0x1BE4 -#define CAAM_SM_SMPO 0x1FBC -#define CAAM_SM_SMVID_MS 0x1FD8 -#define CAAM_SM_SMVID_LS 0x1FDC -#define CAAM_SM_STATUS 0x1BEC +#define CAAM_SM_CMD 0x0BE4 +#define CAAM_SM_SMPO 0x0FBC +#define CAAM_SMAPR 0x0A04 +#define CAAM_SM_SMVID_MS 0x0FD8 +#define CAAM_SM_SMVID_LS 0x0FDC +#define CAAM_SM_STATUS 0x0BEC #define CAAM_SM_CSP 0x00008000 #define CAAM_SM_SMAP_LOCK 0x00002000 #define CAAM_SM_SMAG_LOCK 0x00001000 @@ -257,6 +276,9 @@ #define CAAM_C1DSR_LS 0x8014 #define CAAM_C1MR 0x8004 +#define CAAM_RSTA 0x0004 +#define CAAM_DRR 0x0124 +#define CAAM_CRNR_LS 0x0FA4 /* output FIFO is 16 entries deep and each entry has a two 4 byte registers */ @@ -281,22 +303,23 @@ #define CAAM_DODAR 0x8808 /* address of current descriptor */ #define CAAM_DODESB 0x8A00 /* 64 registers that hold the current descriptor buffer */ - -#define JRINTR_JR0 0x104C -#define JRINTR_JR1 0x204C -#define JRINTR_JR2 0x304C +#define JRINTR_JR 0x004C #define CAAM_SINGLE_STEP_MODE 0x40000000 #define CAAM_STEP 0x80000000 /* Port layer for CAAM driver, functions defined in caam_.c */ -unsigned int CAAM_READ(unsigned int reg); -void CAAM_WRITE(unsigned int reg, unsigned int in); -int CAAM_SET_BASEADDR(void); -void CAAM_UNSET_BASEADDR(void); -unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz); -void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy); -void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz, +unsigned int CAAM_READ(CAAM_ADDRESS reg); +void CAAM_WRITE(CAAM_ADDRESS reg, unsigned int in); +int CAAM_SET_BASEADDR(CAAM_ADDRESS* baseAddr); +void CAAM_UNSET_BASEADDR(CAAM_ADDRESS baseAddr); +void CAAM_UNSET_JOBRING_ADDR(CAAM_ADDRESS base, CAAM_ADDRESS ringInPhy, + void* ringInVir); +int CAAM_SET_JOBRING_ADDR(CAAM_ADDRESS* base, CAAM_ADDRESS* ringInPhy, + void** ringInVir); +CAAM_ADDRESS CAAM_ADR_TO_PHYSICAL(void* in, int inSz); +void* CAAM_ADR_MAP(CAAM_ADDRESS in, int inSz, unsigned char copy); +void CAAM_ADR_UNMAP(void* vaddr, CAAM_ADDRESS out, int outSz, unsigned char copy); int CAAM_ADR_SYNC(void* vaddr, int sz); CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int length); @@ -319,7 +342,7 @@ int CleanupCAAM(void); typedef struct DESCSTRUCT DESCSTRUCT; int caamKeyCover(DESCSTRUCT *desc, int sz, unsigned int args[4]); -int caamTRNG(unsigned char *out, int outSz); +int caamEntropy(unsigned char *out, int outSz); int caamECDSA_ECDH(DESCSTRUCT *desc, int sz, unsigned int args[4]); int caamECDSASign(DESCSTRUCT *desc, int sz, unsigned int args[4]); int caamECDSAVerify(DESCSTRUCT *desc, CAAM_BUFFER *buf, int sz, @@ -327,12 +350,14 @@ int caamECDSAVerify(DESCSTRUCT *desc, CAAM_BUFFER *buf, int sz, int caamECDSAMake(DESCSTRUCT *desc, CAAM_BUFFER *buf, unsigned int args[4]); +int caamAes(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4]); +int caamAead(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4]); int caamAesCmac(DESCSTRUCT *desc, int sz, unsigned int args[4]); int caamBlob(DESCSTRUCT *desc); CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag); int caamFreePart(unsigned int part); -int caamFindUnusuedPartition(void); +int caamFindUnusedPartition(void); diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/caam_qnx.h b/source/libs/libwolfssl/wolfcrypt/port/caam/caam_qnx.h index 3a915093..416c1c1c 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/caam_qnx.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/caam_qnx.h @@ -1,6 +1,6 @@ /* caam_qnx.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,15 +25,12 @@ #ifndef CAAM_QNX_H #define CAAM_QNX_H -#ifdef WOLFSSL_CAAM_PRINT -#include -#define WOLFSSL_MSG(in) printf("%s\n", (in)) -#else -#define WOLFSSL_MSG(in) -#endif - #include -#include +#ifdef __aarch64__ + #include +#else + #include +#endif #include #include #include @@ -47,7 +44,7 @@ #define Error int #define Value int #define Boolean int -#define CAAM_ADDRESS unsigned int +#define CAAM_ADDRESS uintptr_t #define Success 1 #define Failure 0 #define INTERRUPT_Panic() @@ -55,6 +52,7 @@ #define CAAM_WAITING -2 #define NoActivityReady -1 #define MemoryOperationNotPerformed -1 +#define CAAM_ARGS_E -3 #ifndef WOLFSSL_CAAM_BUFFER #define WOLFSSL_CAAM_BUFFER @@ -68,8 +66,15 @@ /* check kernel and yield to same priority threads waiting */ #define CAAM_CPU_CHILL() sched_yield() -/* IMX6UL */ -#define CAAM_BASE 0x02140000 -#define CAAM_PAGE 0x00100000 +#ifdef __aarch64__ + /* if on an AArch64 system make assumption that it is an i.MX8 QXP */ + /* use block of memory set aside for job ring 2 */ + #define CAAM_BASE 0x31400000 + #define CAAM_PAGE 0x31800000 +#else + /* IMX6UL */ + #define CAAM_BASE 0x02140000 + #define CAAM_PAGE 0x00100000 +#endif #endif /* CAAM_QNX_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam.h index c306edea..c759e3ef 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam.h @@ -1,6 +1,6 @@ /* wolfcaam.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,12 +28,28 @@ /* include for porting layer */ #ifdef WOLFSSL_QNX_CAAM #include +#elif defined(WOLFSSL_SECO_CAAM) + #include #endif #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \ - defined(WOLFSSL_QNX_CAAM) + defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SECO_CAAM) +/* unique devId for CAAM use on crypto callbacks */ +#ifndef WOLFSSL_CAAM_DEVID + #define WOLFSSL_CAAM_DEVID 7 +#endif + +/* black key stored in secure memory location */ +#define CAAM_BLACK_KEY_SM 1 + +/* black key encrypted with AES-CCM (has MAC) */ +#define CAAM_BLACK_KEY_CCM 2 + +/* black key encrypted with AES-ECB (no MAC) */ +#define CAAM_BLACK_KEY_ECB 3 + #if defined(__INTEGRITY) || defined(INTEGRITY) #include typedef Buffer CAAM_BUFFER; @@ -49,7 +65,7 @@ WOLFSSL_LOCAL void wc_caamWriteRegister(word32 reg, word32 value); WOLFSSL_LOCAL int wc_caamAddAndWait(CAAM_BUFFER* buf, int sz, word32 arg[4], word32 type); -WOLFSSL_LOCAL int caamFindUnusuedPartition(void); +WOLFSSL_LOCAL int caamFindUnusedPartition(void); WOLFSSL_LOCAL CAAM_ADDRESS caamGetPartition(int part, int sz); WOLFSSL_LOCAL int caamFreePart(int partNum); WOLFSSL_LOCAL int caamWriteToPartition(CAAM_ADDRESS addr, const unsigned char* in, int inSz); @@ -76,7 +92,7 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, #define WC_CAAM_BLACK_KEYMOD_SZ 16 #define WC_CAAM_MAX_ENTROPY 44 -#ifndef WOLFSSL_QNX_CAAM +#if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SECO_CAAM) WOLFSSL_API int wc_caamSetResource(IODevice ioDev); #ifndef WC_CAAM_READ #define WC_CAAM_READ(reg) wc_caamReadRegister((reg)) @@ -94,6 +110,7 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, #define CAAM_AESOFB 0x00100400 #define CAAM_CMAC 0x00100600 #define CAAM_AESCCM 0x00100800 +#define CAAM_AESGCM 0x00100900 #define CAAM_MD5 0x00400000 #define CAAM_SHA 0x00410000 diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_aes.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_aes.h new file mode 100644 index 00000000..301d49a1 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_aes.h @@ -0,0 +1,64 @@ +/* wolfcaam_aes.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include + +#ifndef WOLFCAAM_AES_H +#define WOLFCAAM_AES_H + +#if !defined(NO_AES) && defined(WOLFSSL_CAAM) + +#include + +WOLFSSL_LOCAL int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, + word32 sz, const byte* nonce, word32 nonceSz, byte* authTag, + word32 authTagSz, const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, + word32 sz, const byte* nonce, word32 nonceSz, const byte* authTag, + word32 authTagSz, const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CAAM_AesGcmEncrypt(Aes* aes, const byte* in, byte* out, + word32 sz, const byte* nonce, word32 nonceSz, byte* authTag, + word32 authTagSz, const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CAAM_AesGcmDecrypt(Aes* aes, const byte* in, byte* out, + word32 sz, const byte* nonce, word32 nonceSz, const byte* authTag, + word32 authTagSz, const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, + word32 sz); + +WOLFSSL_LOCAL int wc_CAAM_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, + word32 sz); + +WOLFSSL_LOCAL int wc_CAAM_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, + word32 sz); + +WOLFSSL_LOCAL int wc_CAAM_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, + word32 sz); + +WOLFSSL_LOCAL int wc_CAAM_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, + word32 sz); +#endif /* WOLFSSL_CAAM && !NO_AES */ +#endif /* WOLFCAAM_AES_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h index bfc3afe8..b463c609 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h @@ -1,6 +1,6 @@ /* wolfcaam_cmac.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,7 +25,7 @@ #ifndef WOLFCAAM_CMAC_H #define WOLFCAAM_CMAC_H -#if defined(WOLFSSL_CMAC) && defined(WOLFSSL_QNX_CAAM) +#if defined(WOLFSSL_CMAC) && defined(WOLFSSL_CAAM) #include diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h index bbfd0818..01d83da4 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h @@ -1,6 +1,6 @@ /* wolfcaam_ecdsa.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,18 +24,18 @@ #ifndef WOLFCAAM_ECDSA_H #define WOLFCAAM_ECDSA_H -#if defined(HAVE_ECC) && defined(WOLFSSL_QNX_CAAM) +#if defined(HAVE_ECC) && defined(WOLFSSL_CAAM) #include WOLFSSL_LOCAL int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, - word32* outlen, WC_RNG *rng, ecc_key *key); + word32* outlen, WC_RNG *rng, ecc_key *key, int devId); WOLFSSL_LOCAL int wc_CAAM_EccVerify(const byte* sig, word32 siglen, - const byte* hash, word32 hashlen, int* res, ecc_key* key); + const byte* hash, word32 hashlen, int* res, ecc_key* key, int devId); WOLFSSL_LOCAL int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, - byte* out, word32* outlen); + byte* out, word32* outlen, int devId); WOLFSSL_LOCAL int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, - int curveId); + int curveId, int devId); WOLFSSL_LOCAL int wc_CAAM_EccCheckPrivKey(ecc_key* key, const byte* pubKey, word32 pubKeySz); #endif /* HAVE_ECC && WOLFSSL_QNX_CAAM */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_hash.h new file mode 100644 index 00000000..b913a9ee --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_hash.h @@ -0,0 +1,58 @@ +/* wolfcaam_hash.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifndef WOLFCAAM_HASH_H +#define WOLFCAAM_HASH_H + +#include + +#ifndef NO_SHA +WOLFSSL_LOCAL int wc_CAAM_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, + byte* digest); +#endif +#ifdef WOLFSSL_SHA224 +WOLFSSL_LOCAL int wc_CAAM_Sha224Hash(wc_Sha224* sha224, const byte* in, + word32 inSz, byte* digest); +#endif +WOLFSSL_LOCAL int wc_CAAM_Sha256Hash(wc_Sha256* sha256, const byte* in, + word32 inSz, byte* digest); +#if defined(WOLFSSL_SHA384) +WOLFSSL_LOCAL int wc_CAAM_Sha384Hash(wc_Sha384* sha384, const byte* in, + word32 inSz, byte* digest); +#endif +#if defined(WOLFSSL_SHA512) +WOLFSSL_LOCAL int wc_CAAM_Sha512Hash(wc_Sha512* sha512, const byte* in, + word32 inSz, byte* digest); +#endif + +#if !defined(NO_HMAC) +#ifndef WC_HMAC_TYPE_DEFINED + typedef struct Hmac Hmac; + #define WC_HMAC_TYPE_DEFINED +#endif +WOLFSSL_LOCAL int wc_CAAM_Hmac(Hmac* hmac, int macType, const byte* msg, + int msgSz, byte* digest); +#endif + +#endif + diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h index 20f88b66..980eacab 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h @@ -1,6 +1,6 @@ /* wolfcaam_qnx.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,7 +41,7 @@ #define NoActivityReady -1 #define MemoryOperationNotPerformed -1 -#define CAAM_ADDRESS unsigned int +#define CAAM_ADDRESS uintptr_t #ifndef WOLFSSL_CAAM_BUFFER #define WOLFSSL_CAAM_BUFFER typedef struct CAAM_BUFFER { @@ -65,6 +65,7 @@ #include #include +#include #include #define ResourceNotAvailable -3 diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h new file mode 100644 index 00000000..da8e1844 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h @@ -0,0 +1,40 @@ +/* wolfcaam_rsa.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifndef WOLFCAAM_RSA_H +#define WOLFCAAM_RSA_H + +#if !defined(NO_RSA) && defined(WOLFSSL_CAAM) + +#include + +WOLFSSL_LOCAL int wc_CAAM_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); +#ifdef WOLFSSL_KEY_GEN +WOLFSSL_LOCAL int wc_CAAM_MakeRsaKey(RsaKey* key, int size, long e, + WC_RNG* rng); +#endif + +#endif /* !NO_RSA && WOLFSSL_CAAM */ +#endif /* WOLFCAAM_RSA_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_seco.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_seco.h new file mode 100644 index 00000000..a9632948 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_seco.h @@ -0,0 +1,138 @@ +/* wolfcaam_seco.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* This file is for interacting with the driver code */ +#ifndef WOLFCAAM_SECO_H +#define WOLFCAAM_SECO_H + +#include + +#ifdef WOLFSSL_SECO_CAAM + +/* unique devId for SECO use on crypto callbacks */ +#ifndef WOLFSSL_SECO_DEVID + #define WOLFSSL_SECO_DEVID 8 +#endif + +#define Error int +#define Value int +#define Boolean int +#define Success 1 +#define Failure 0 +#define INTERRUPT_Panic() +#define MemoryMapMayNotBeEmpty -1 +#define CAAM_WAITING -2 +#define NoActivityReady -1 +#define MemoryOperationNotPerformed -1 + +#include +#define CAAM_ADDRESS intptr_t +#ifndef WOLFSSL_CAAM_BUFFER +#define WOLFSSL_CAAM_BUFFER + typedef struct CAAM_BUFFER { + int BufferType; + CAAM_ADDRESS TheAddress; + int Length; + } CAAM_BUFFER; +#endif + + +#define DataBuffer 0 +#define LastBuffer 0 +#define Success 1 + +#include +#include +#include +#include +#include +#include +#include + +#define ResourceNotAvailable -3 +#define CAAM_WAITING -2 + +/* key stays after key store is closed */ +#define CAAM_KEY_PERSISTENT 0 + +/* key is deleted when key store is closed */ +#define CAAM_KEY_TRANSIENT 1 + +/* key is used as a key encryption key */ +#define CAAM_KEY_KEK 2 + +/* list of key types available */ +#define CAAM_KEYTYPE_ECDSA_P256 0 +#define CAAM_KEYTYPE_ECDSA_P384 1 +#define CAAM_KEYTYPE_ECDSA_P521 2 +#define CAAM_KEYTYPE_AES128 3 +#define CAAM_KEYTYPE_AES192 4 +#define CAAM_KEYTYPE_AES256 5 +#define CAAM_KEYTYPE_HMAC224 6 +#define CAAM_KEYTYPE_HMAC256 7 +#define CAAM_KEYTYPE_HMAC384 8 +#define CAAM_KEYTYPE_HMAC512 9 + +/* flags for key management */ +#define CAAM_UPDATE_KEY 1 +#define CAAM_GENERATE_KEY 2 +#define CAAM_DELETE_KEY 4 + +/* flags for key store open */ +#define CAAM_KEYSTORE_CREATE 1 +#define CAAM_KEYSTORE_UPDATE 0 + +#define MAX_GROUP 1023 + +WOLFSSL_LOCAL int SynchronousSendRequest(int type, unsigned int args[4], + CAAM_BUFFER *buf, int sz); +WOLFSSL_LOCAL int wc_SECOInitInterface(void); +WOLFSSL_LOCAL void wc_SECOFreeInterface(void); + +WOLFSSL_API int wc_SECO_OpenHSM(word32 keyId, word32 nonce, word16 maxUpdates, + byte flag); +WOLFSSL_API int wc_SECO_CloseHSM(void); + +WOLFSSL_API int wc_SECO_GenerateKey(int flags, int group, byte* out, int outSz, + int keyType, int keyInfo, unsigned int* keyIdOut); +WOLFSSL_API int wc_SECO_DeleteKey(unsigned int keyId, int group, int keyTypeIn); + +#if defined(WOLFSSL_CMAC) +WOLFSSL_API void wc_SECO_CMACSetKeyID(Cmac* cmac, int keyId); +WOLFSSL_API int wc_SECO_CMACGetKeyID(Cmac* cmac); +#endif + +WOLFSSL_API void wc_SECO_AesSetKeyID(Aes* aes, int keyId); +WOLFSSL_API int wc_SECO_AesGetKeyID(Aes* aes); + +WOLFSSL_LOCAL int wc_SECO_ExportKEK(byte* out, byte outSz, byte isCommon); +WOLFSSL_API word32 wc_SECO_WrapKey(word32 keyID, byte* in, word32 inSz, + byte* iv, word32 ivSz, int keyType, int keyInfo, int group); + +#define CAAM_SEND_REQUEST(type, sz, arg, buf) \ + SynchronousSendRequest((type), (arg), (buf), (sz)) +#define CAAM_INIT_INTERFACE wc_SECOInitInterface +#define CAAM_FREE_INTERFACE wc_SECOFreeInterface +#endif + +#endif /* WOLFCAAM_SECO_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index 88c3c9c3..b1d40560 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -1,6 +1,6 @@ /* wolfcaam_sha.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h new file mode 100644 index 00000000..5f6bccce --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h @@ -0,0 +1,38 @@ +/* wolfcaam_x25519.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifndef WOLFCAAM_X25519_H +#define WOLFCAAM_X25519_H + +#if defined(HAVE_CURVE25519) && defined(WOLFSSL_CAAM) + +#include + +WOLFSSL_LOCAL int wc_CAAM_MakeCurve25519Key(curve25519_key* key, int keySize, + WC_RNG* rng); +WOLFSSL_LOCAL int wc_CAAM_Curve25519(byte* out, word32* outlen, + curve25519_key* k, curve25519_key* pubKey, int endian); + +#endif /* !NO_RSA && WOLFSSL_CAAM */ +#endif /* WOLFCAAM_X25519_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h b/source/libs/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h index 6a0d7604..be65adcb 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h +++ b/source/libs/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h @@ -1,6 +1,6 @@ /* cavium_octeon_sync.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/source/libs/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h index d3e4a09e..0ed28da0 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h +++ b/source/libs/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h @@ -1,6 +1,6 @@ /* psoc6_crypto.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/source/libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h index 0181784d..263baccb 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h +++ b/source/libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h @@ -1,6 +1,6 @@ /* wc_devcrypto.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,6 +32,10 @@ #include #include +#ifdef DEBUG_DEVCRYPTO +#include +#endif + typedef struct WC_CRYPTODEV { int cfd; struct session_op sess; @@ -40,13 +44,67 @@ typedef struct WC_CRYPTODEV { WOLFSSL_LOCAL int wc_DevCryptoCreate(WC_CRYPTODEV* ctx, int type, byte* key, word32 keySz); WOLFSSL_LOCAL void wc_DevCryptoFree(WC_CRYPTODEV* ctx); WOLFSSL_LOCAL void wc_SetupCrypt(struct crypt_op* crt, WC_CRYPTODEV* dev, - byte* src, int srcSz, byte* dst, byte* dig, int flag); + byte* src, int srcSz, byte* dst, byte* dig, int flag, int op); WOLFSSL_LOCAL void wc_SetupCryptSym(struct crypt_op* crt, WC_CRYPTODEV* dev, byte* src, word32 srcSz, byte* dst, byte* iv, int flag); WOLFSSL_LOCAL void wc_SetupCryptAead(struct crypt_auth_op* crt, WC_CRYPTODEV* dev, byte* src, word32 srcSz, byte* dst, byte* iv, word32 ivSz, int flag, byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz); +WOLFSSL_LOCAL int wc_DevCryptoInit(void); +WOLFSSL_LOCAL void wc_DevCryptoCleanup(void); + +/* currently local API */ +#if defined(WOLFSSL_DEVCRYPTO_HMAC) +#ifndef WC_HMAC_TYPE_DEFINED + typedef struct Hmac Hmac; + #define WC_HMAC_TYPE_DEFINED +#endif +WOLFSSL_LOCAL int wc_DevCrypto_HmacSetKey(Hmac* hmac, int t, const byte* key, + word32 keySz); +WOLFSSL_LOCAL int wc_DevCrypto_HmacUpdate(Hmac* hmac, const byte* input, + word32 inputSz); +WOLFSSL_LOCAL int wc_DevCrypto_HmacFinal(Hmac* hmac, byte* out); +WOLFSSL_LOCAL int wc_DevCrypto_HmacInit(Hmac* hmac, void* heap, int devId); +WOLFSSL_LOCAL void wc_DevCrypto_HmacFree(Hmac* hmac); +#endif /* WOLFSSL_DEVCRYPTO_HMAC */ + +#if defined(WOLFSSL_DEVCRYPTO_RSA) +#ifndef WC_RSAKEY_TYPE_DEFINED + typedef struct RsaKey RsaKey; + #define WC_RSAKEY_TYPE_DEFINED +#endif +#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ + typedef struct OS_Seed OS_Seed; + typedef struct WC_RNG WC_RNG; + #ifdef WC_RNG_SEED_CB + typedef int (*wc_RngSeed_Cb)(OS_Seed* os, byte* seed, word32 sz); + #endif + #define WC_RNG_TYPE_DEFINED +#endif +WOLFSSL_LOCAL int wc_DevCrypto_RsaEncrypt(const byte* in, word32 inlen, byte* out, + word32* outlen, RsaKey *key, int type); +WOLFSSL_LOCAL int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen, + byte* out, word32 outlen, RsaKey* key, int type); +WOLFSSL_LOCAL int wc_DevCrypto_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); +WOLFSSL_LOCAL void wc_DevCrypto_RsaFree(RsaKey* key); +#endif /* WOLFSSL_DEVCRYPTO_RSA */ + +#if defined(WOLFSSL_DEVCRYPTO_CURVE25519) +WOLFSSL_LOCAL int wc_DevCryptoCurve25519(byte* out, word32 outSz, const byte* k, + word32 kSz, const byte* a, word32 aSz, int endian); +#endif + +#if defined(WOLFSSL_DEVCRYPTO_ECDSA) +int wc_DevCryptoEccKeyGen(int curveId, int enc, byte* pri, word32 priSz, byte* pub, word32 pubSz); +int wc_DevCryptoEccEcdh(int curveId, int enc, byte* pri, word32 priSz, + byte* pub, word32 pubSz, byte* out, word32 outSz); +int wc_DevCryptoEccSign(int curveId, int enc, byte* pri, word32 priSz, + const byte* hash, word32 hashSz, byte* r, word32 rSz, byte* s, word32 sSz); +int wc_DevCryptoEccVerify(int curveId, byte* pub, word32 pubSz, + const byte* hash, word32 hashSz, byte* r, word32 rSz, byte* s, word32 sSz); +#endif + #endif /* WOLFSSL_DEVCRYPTO */ #endif /* WOLFSSL_DEVCRYPTO_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h b/source/libs/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h index f140f618..383a72ba 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h +++ b/source/libs/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h @@ -1,6 +1,6 @@ /* quickassist_sync.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/iotsafe/iotsafe.h b/source/libs/libwolfssl/wolfcrypt/port/iotsafe/iotsafe.h new file mode 100644 index 00000000..e3d5e54b --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/iotsafe/iotsafe.h @@ -0,0 +1,202 @@ +/* iotsafe.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* IoT-safe module for communication with IoT-safe applet on SIM card */ + +#ifndef WOLFSSL_IOTSAFE_H +#define WOLFSSL_IOTSAFE_H + +#include + +#ifdef WOLFSSL_IOTSAFE +#include + +WOLFSSL_API int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx); + +WOLFSSL_API int wolfSSL_iotsafe_on(WOLFSSL *ssl, byte privkey_id, + byte ecdh_keypair_slot, byte peer_pubkey_slot, byte peer_cert_slot); + +WOLFSSL_API int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id, + byte *ecdh_keypair_slot, byte *peer_pubkey_slot, byte *peer_cert_slot, word16 id_size); + + +typedef int (*wolfSSL_IOTSafe_CSIM_write_cb)(const char*, int); +typedef int (*wolfSSL_IOTSafe_CSIM_read_cb)(char *, int); + +WOLFSSL_API void wolfIoTSafe_SetCSIM_read_cb(wolfSSL_IOTSafe_CSIM_read_cb rf); +WOLFSSL_API void wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf); + +WOLFSSL_API int wolfIoTSafe_GetRandom(unsigned char* out, word32 sz); +WOLFSSL_API int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz); +WOLFSSL_API int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, unsigned long sz); + +#ifdef HAVE_ECC +#include +#define IOTSAFE_ECC_KTYPE ECC_SECP256R1 +#define IOTSAFE_ECC_KSIZE 32 +WOLFSSL_API int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id); +WOLFSSL_API int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id); +WOLFSSL_API int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id); +WOLFSSL_API int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id); +WOLFSSL_API int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id); +WOLFSSL_API int wc_iotsafe_ecc_gen_k(byte key_id); + +WOLFSSL_API int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size); +WOLFSSL_API int wc_iotsafe_ecc_export_public_ex(ecc_key *key, byte *key_id, word16 id_size); +WOLFSSL_API int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size); +WOLFSSL_API int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size); +WOLFSSL_API int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size); +WOLFSSL_API int wc_iotsafe_ecc_gen_k_ex(byte *key_id, word16 id_size); +#endif + + +#ifdef HAVE_IOTSAFE_HWRNG + #ifndef HAVE_HASHDRBG + #define CUSTOM_RAND_GENERATE_BLOCK wolfIoTSafe_GetRandom + #else + #define CUSTOM_RAND_GENERATE_SEED wolfIoTSafe_GetRandom + #endif +#endif + +#ifndef IOTSAFE_ID_SIZE +# define IOTSAFE_ID_SIZE 1 +#endif + +struct wc_IOTSAFE { + int enabled; + +#if (IOTSAFE_ID_SIZE == 1) + byte privkey_id; + byte ecdh_keypair_slot; + byte peer_pubkey_slot; + byte peer_cert_slot; +#elif (IOTSAFE_ID_SIZE == 2) + word16 privkey_id; + word16 ecdh_keypair_slot; + word16 peer_pubkey_slot; + word16 peer_cert_slot; +#else +#error "IOTSAFE: ID_SIZE not supported" +#endif +}; +typedef struct wc_IOTSAFE IOTSAFE; + +/* Default IOT-Safe Class */ +#define IOTSAFE_CLASS 0x81 + +/* Command codes */ +#define IOTSAFE_INS_PUT_PUBLIC_INIT 0x24 +#define IOTSAFE_INS_PUT_PUBLIC_UPDATE 0xD8 +#define IOTSAFE_INS_SIGN_INIT 0x2A +#define IOTSAFE_INS_SIGN_UPDATE 0x2B +#define IOTSAFE_INS_VERIFY_INIT 0x2C +#define IOTSAFE_INS_VERIFY_UPDATE 0x2D +#define IOTSAFE_INS_COMPUTE_DH 0x46 +#define IOTSAFE_INS_GETRANDOM 0x84 +#define IOTSAFE_INS_READ_FILE 0xB0 +#define IOTSAFE_INS_GEN_KEYPAIR 0xB9 +#define IOTSAFE_INS_GETRESPONSE 0xC0 +#define IOTSAFE_INS_GETDATA 0xCB +#define IOTSAFE_INS_READ_KEY 0xCD +#define IOTSAFE_INS_HKDF_EXTRACT 0x4A + +/* Tags */ +#define IOTSAFE_TAG_ECC_KEY_FIELD 0x34 +#define IOTSAFE_TAG_ECC_KEY_FIELD_SZ 0x45 +#define IOTSAFE_TAG_ECC_KEY_TYPE 0x49 +#define IOTSAFE_TAG_ECC_KEY_TYPE_SZ 0x43 +#define IOTSAFE_TAG_ECC_KEY_XY 0x86 +#define IOTSAFE_TAG_ECC_KEY_XY_SZ 0x41 +#define IOTSAFE_TAG_ECC_KEY_XY_HDR_BYTE 0x04 + +#define IOTSAFE_TAG_HASH_FIELD 0x9E +#define IOTSAFE_TAG_SIGNATURE_FIELD 0x33 +#define IOTSAFE_TAG_FILE_ID 0x83 +#define IOTSAFE_TAG_PRIVKEY_ID 0x84 +#define IOTSAFE_TAG_PUBKEY_ID 0x85 +#define IOTSAFE_TAG_HASH_ALGO 0x91 +#define IOTSAFE_TAG_SIGN_ALGO 0x92 +#define IOTSAFE_TAG_MODE_OF_OPERATION 0xA1 +#define IOTSAFE_TAG_SECRET 0xD1 +#define IOTSAFE_TAG_SALT 0xD5 + +/* Flags - data */ +#define IOTSAFE_GETDATA_FILE 0xC3 +#define IOTSAFE_DATA_LAST 0x80 +#define IOTSAFE_CMDSIZE_MAX 512 + +/* IoT-safe tables of constants */ + +/* 2.5.1 Algorithms for hash */ +#define IOTSAFE_HASH_SHA256 0x0001 +#define IOTSAFE_HASH_SHA384 0x0002 +#define IOTSAFE_HASH_SHA512 0x0004 + +/* 2.5.2 Algorithms for signature */ +#define IOTSAFE_SIGN_RSA_PKCS15 0x01 +#define IOTSAFE_SIGN_RSA_PSS 0x02 +#define IOTSAFE_SIGN_ECDSA 0x04 + +/* 2.5.3 Algorithms for key agreement */ +#define IOTSAFE_KA_ECKA 0x01 + +/* 2.5.4 Algorithms for key derivation */ +#define IOTSAFE_KD_PRF_SHA256 0x01 +#define IOTSAFE_KD_HKDF 0x02 + +/* 2.5.14 Mode of Operation for signature commands */ +#define IOTSAFE_MOO_HASH_FULLTEXT 0x01 +#define IOTSAFE_MOO_HASH_LASTBLOCK 0x02 +#define IOTSAFE_MOO_SIGN_ONLY 0x03 + + +/* IoT-safe Public key format */ +#define IOTSAFE_TAG_PKEY_ID 0x85 +#define IOTSAFE_TAG_PKEY_ACCESS 0x60 + #define IOTSAFE_ACCESS_READ (1 << 0) + #define IOTSAFE_ACCESS_UPDATE (1 << 1) + +#define IOTSAFE_TAG_PKEY_OBJSTATE 0x4A /* 1 == active */ + +#define IOTSAFE_TAG_PKEY_TYPE 0x4B + #define IOTSAFE_KEYTYPE_RSA2048 0x03 + #define IOTSAFE_KEYTYPE_SECP256R1_PERSISTENT 0x13 + #define IOTSAFE_KEYTYPE_SECP256R1_VOLATILE 0x14 + #define IOTSAFE_KEYTYPE_BRAINPOOL_PERSISTENT 0x23 + #define IOTSAFE_KEYTYPE_BRAINPOOL_VOLATILE 0x24 + #define IOTSAFE_KEYTYPE_HMAC_CAPABLE 0xA0 + +#define IOTSAFE_TAG_PKEY_USAGE 0x4E + #define IOTSAFE_KEYUSAGE_GENERAL 0x01 + #define IOTSAFE_KEYUSAGE_CERT_VERIFY_TLS12 0x02 + #define IOTSAFE_KEYUSAGE_CERT_VERIFY_TLS13 0x03 + +#define IOTSAFE_TAG_PKEY_CRYPTO 0x61 + #define IOTSAFE_CRYPTO_SIGN_VERIFY (1 << 0) + #define IOTSAFE_CRYPTO_KEYGEN (1 << 1) + #define IOTSAFE_CRYPTO_KEYAGREE (1 << 2) + #define IOTSAFE_CRYPTO_KDF (1 << 3) + #define IOTSAFE_CRYPTO_ALL (0x0F) + +#define IOTSAFE_TAG_PKEY_SKA 0x6F + #define IOTSAFE_SKA_ECKA (1 << 0) +#endif /* WOLFSSL_IOTSAFE */ +#endif /* WOLFSSL_IOTSAFE_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_dh.h b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_dh.h new file mode 100644 index 00000000..3ebd9193 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_dh.h @@ -0,0 +1,41 @@ +/* kcapi_dh.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_KCAPI_DH_H +#define WOLF_CRYPT_KCAPI_DH_H + +#include +#include +#include + +#ifndef WC_DH_TYPE_DEFINED + typedef struct DhKey DhKey; + #define WC_DH_TYPE_DEFINED +#endif + +void KcapiDh_Free(DhKey* key); +int KcapiDh_MakeKey(DhKey* key, byte* pub, word32* pubSz); +int KcapiDh_SharedSecret(DhKey* private_key, const byte* pub, word32 pubSz, + byte* out, word32* outlen); + +#endif /* WOLF_CRYPT_KCAPI_DH_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h new file mode 100644 index 00000000..8b67d135 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h @@ -0,0 +1,51 @@ +/* kcapi_ecc.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_KCAPI_ECC_H +#define WOLF_CRYPT_KCAPI_ECC_H + +#define KCAPI_PARAM_SZ 2 + + +#include +#include +#include + + +#ifndef WC_ECCKEY_TYPE_DEFINED + typedef struct ecc_key ecc_key; + #define WC_ECCKEY_TYPE_DEFINED +#endif + +WOLFSSL_LOCAL void KcapiEcc_Free(ecc_key* key); +WOLFSSL_LOCAL int KcapiEcc_MakeKey(ecc_key* key, int keysize, int curve_id); +WOLFSSL_LOCAL int KcapiEcc_LoadKey(ecc_key* key, byte* pubkey_raw, + word32* pubkey_sz, int release_handle); +WOLFSSL_LOCAL int KcapiEcc_SharedSecret(ecc_key* private_key, + ecc_key* public_key, byte* out, word32* outlen); +WOLFSSL_LOCAL int KcapiEcc_Sign(ecc_key* key, const byte* hash, word32 hashLen, + byte* sig, word32 sigLen); +WOLFSSL_LOCAL int KcapiEcc_Verify(ecc_key* key, const byte* hash, word32 hashLen, + byte* sig, word32 sigLen); + +#endif /* WOLF_CRYPT_KCAPI_ECC_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_hash.h b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_hash.h new file mode 100644 index 00000000..042269a4 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_hash.h @@ -0,0 +1,59 @@ +/* kcapi_hash.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_KCAPI_HASH_H +#define WOLF_CRYPT_KCAPI_HASH_H + +#include +#include + +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW + +typedef struct wolfssl_KCAPI_Hash { + void* heap; + struct kcapi_handle* handle; + char type[10]; +#if defined(WOLFSSL_KCAPI_HASH_KEEP) + byte* msg; + word32 used; + word32 len; +#endif +} wolfssl_KCAPI_Hash; + +#ifndef WC_SHA512_TYPE_DEFINED + typedef struct wc_Sha512 wc_Sha512; + typedef struct wc_Sha512 wc_Sha512_224; + typedef struct wc_Sha512 wc_Sha512_256; + +#define WC_SHA512_TYPE_DEFINED +#endif + +WOLFSSL_LOCAL int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, + enum wc_HashType type); +WOLFSSL_LOCAL int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash, + enum wc_HashType type); + +WOLFSSL_LOCAL void KcapiHashFree(wolfssl_KCAPI_Hash* hash); + +#endif /* WOLF_CRYPT_KCAPI_HASH_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h new file mode 100644 index 00000000..b075982e --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h @@ -0,0 +1,42 @@ +/* kcapi_rsa.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_KCAPI_RSA_H +#define WOLF_CRYPT_KCAPI_RSA_H + +#include +#include +#include + +#ifndef WC_RSAKEY_TYPE_DEFINED + typedef struct RsaKey RsaKey; + #define WC_RSAKEY_TYPE_DEFINED +#endif + +void KcapiRsa_Free(RsaKey* key); +int KcapiRsa_Decrypt(RsaKey* key, const byte* in, word32 inLen, byte* out, + word32* outLen); +int KcapiRsa_Encrypt(RsaKey* key, const byte* in, word32 inLen, byte* out, + word32* outLen); + +#endif /* WOLF_CRYPT_KCAPI_RSA_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/kcapi/wc_kcapi.h b/source/libs/libwolfssl/wolfcrypt/port/kcapi/wc_kcapi.h new file mode 100644 index 00000000..ef36068a --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/kcapi/wc_kcapi.h @@ -0,0 +1,31 @@ +/* wc_kcapi.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_KCAPI_H +#define WOLFSSL_KCAPI_H + +#include + +#include + +#endif /* WOLFSSL_KCAPI_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/port/maxim/maxq10xx.h b/source/libs/libwolfssl/wolfcrypt/port/maxim/maxq10xx.h new file mode 100644 index 00000000..59436bbb --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/maxim/maxq10xx.h @@ -0,0 +1,115 @@ +/* maxq10xx.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_MAXQ10XX_H_ +#define _WOLFPORT_MAXQ10XX_H_ + +#if defined(WOLFSSL_MAXQ1065) || defined(WOLFSSL_MAXQ108X) + +#include + +#ifdef WOLF_CRYPTO_CB + #ifdef WOLFSSL_MAXQ1065 + #define MAXQ_AESGCM + #define MAXQ_SHA256 + #define MAXQ_RNG + #define MAXQ_ECC + #endif /* WOLFSSL_MAXQ1065 */ + + #ifdef WOLFSSL_MAXQ108X + #define MAXQ_AESGCM + #define MAXQ_SHA256 + #define MAXQ_RNG + #define MAXQ_ECC + #define ENABLE_RSA + #endif /* WOLFSSL_MAXQ108X */ +#endif /* WOLF_CRYPTO_CB */ + +struct WOLFSSL_CTX; +typedef struct WOLFSSL WOLFSSL; +typedef struct DecodedCert DecodedCert; +typedef struct DerBuffer DerBuffer; +typedef struct wc_CryptoInfo wc_CryptoInfo; +typedef struct Aes Aes; +typedef struct wc_Sha256 wc_Sha256; +typedef struct ecc_key ecc_key; +typedef struct ProtocolVersion ProtocolVersion; + +typedef struct { + int use_hw_keys; + DerBuffer* device_cert; +} maxq_ssl_t; + +typedef struct { + int key_obj_id; + int key_pending; + unsigned char key[32]; +} maxq_aes_t; + +typedef struct { + int hash_running; + int soft_hash; +} maxq_sha256_t; + +typedef struct { + int key_obj_id; + int key_pending; + int hw_ecc; + int hw_storage; + unsigned char ecc_key[32 * 3]; +} maxq_ecc_t; + +#ifdef __cplusplus + extern "C" { +#endif + +WOLFSSL_LOCAL int maxq10xx_port_init(void); + +#ifdef WOLF_CRYPTO_CB +WOLFSSL_LOCAL int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, + void* ctx); +#endif /* WOLF_CRYPTO_CB */ + +#ifdef WOLFSSL_MAXQ10XX_CRYPTO +WOLFSSL_LOCAL int wc_MAXQ10XX_AesSetKey(Aes* aes, const byte* userKey, + word32 keylen); +WOLFSSL_LOCAL void wc_MAXQ10XX_AesFree(Aes* aes); +WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Copy(wc_Sha256* sha256); +WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Free(wc_Sha256* sha256); +WOLFSSL_LOCAL int wc_MAXQ10XX_EccSetKey(ecc_key* key, word32 keysize); +WOLFSSL_LOCAL void wc_MAXQ10XX_EccFree(ecc_key* key); +#endif /* WOLFSSL_MAXQ10XX_CRYPTO */ + +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_LOCAL void maxq10xx_SetupPkCallbacks(struct WOLFSSL_CTX* ctx, + ProtocolVersion *pv); +#endif /* HAVE_PK_CALLBACKS */ + +#if defined(WOLFSSL_MAXQ10XX_TLS) +WOLFSSL_LOCAL int wolfSSL_maxq10xx_load_certificate(WOLFSSL *ssl); +#endif /* WOLFSSL_MAXQ10XX_TLS */ + +#ifdef __cplusplus + } +#endif + +#endif /* WOLFSSL_MAXQ1065 || WOLFSSL_MAXQ108X */ +#endif /* _WOLFPORT_MAXQ10XX_H_ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/nxp/dcp_port.h b/source/libs/libwolfssl/wolfcrypt/port/nxp/dcp_port.h index fb400ff9..fe7e8a43 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/nxp/dcp_port.h +++ b/source/libs/libwolfssl/wolfcrypt/port/nxp/dcp_port.h @@ -1,6 +1,6 @@ /* dcp_port.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h b/source/libs/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h index 0c3e484a..e9e24d82 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/source/libs/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -1,6 +1,6 @@ /* ksdk_port.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/nxp/se050_port.h b/source/libs/libwolfssl/wolfcrypt/port/nxp/se050_port.h new file mode 100644 index 00000000..1c07ce1b --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/nxp/se050_port.h @@ -0,0 +1,228 @@ +/* se050_port.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _SE050_PORT_H_ +#define _SE050_PORT_H_ + +#include +#include + +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wundef" +#pragma GCC diagnostic ignored "-Wredundant-decls" +#endif + +#include "fsl_sss_se05x_types.h" +#include "fsl_sss_se05x_apis.h" +#include "se05x_APDU.h" + +#if (SSS_HAVE_SSS > 1) +#include "fsl_sss_api.h" +#endif + +#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + /* NXP SE050 - Disable SHA512 224/256 support */ + #ifndef WOLFSSL_NOSHA512_224 + #define WOLFSSL_NOSHA512_224 + #endif + #ifndef WOLFSSL_NOSHA512_256 + #define WOLFSSL_NOSHA512_256 + #endif +#endif + +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif + + +/* Default key ID's */ +#ifndef SE050_KEYSTOREID_AES +#define SE050_KEYSTOREID_AES 55 +#endif +#ifndef SE050_KEYSTOREID_ED25519 +#define SE050_KEYSTOREID_ED25519 58 +#endif +#ifndef SE050_KEYSTOREID_CURVE25519 +#define SE050_KEYSTOREID_CURVE25519 59 +#endif +#ifndef SE050_KEYSTOREID_ECC +#define SE050_KEYSTOREID_ECC 60 +#endif +#ifndef SE050_KEYSTOREID_RSA +#define SE050_KEYSTOREID_RSA 61 +#endif +#ifndef SE050_KEYSTOREID_GENERIC +#define SE050_KEYSTOREID_GENERIC 62 +#endif + +/* old public API was renamed to add wc_ */ +#define se050_ecc_insert_private_key wc_se050_ecc_insert_private_key + +enum { + SSS_BLOCK_SIZE = 512, + SSS_MAX_ECC_BITS = 521 +}; + +enum SE050KeyType { + SE050_ANY_KEY, + SE050_AES_KEY, + SE050_ECC_KEY, + SE050_RSA_KEY, + SE050_ED25519_KEY, + SE050_CURVE25519_KEY +}; + + +#ifdef WOLFSSL_SE050_HASH +typedef struct { + void* heap; + byte* msg; + word32 used; + word32 len; +} SE050_HASH_Context; +#endif + +/* Public Functions */ +WOLFSSL_API int wc_se050_set_config(sss_session_t *pSession, + sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore); +#ifdef WOLFSSL_SE050_INIT +WOLFSSL_API int wc_se050_init(const char* portName); +#endif +WOLFSSL_API int wc_se050_erase_object(word32 keyId); + +WOLFSSL_API int wc_se050_ecc_insert_public_key(word32 keyId, + const byte* eccDer, word32 eccDerSize); +WOLFSSL_API int wc_se050_ecc_insert_private_key(word32 keyId, + const byte* eccDer, word32 eccDerSize); + +WOLFSSL_API int wc_se050_rsa_insert_public_key(word32 keyId, + const byte* rsaDer, word32 rsaDerSize); +WOLFSSL_API int wc_se050_rsa_insert_private_key(word32 keyId, + const byte* rsaDer, word32 rsaDerSize); + +WOLFSSL_API int wc_se050_insert_binary_object(word32 keyId, + const byte* object, word32 objectSz); +WOLFSSL_API int wc_se050_get_binary_object(word32 keyId, + byte* out, word32* outSz); + +/* Private Functions */ +WOLFSSL_LOCAL word32 se050_allocate_key(int keyType); +#if !defined(WC_NO_RNG) && !defined(WOLFSSL_SE050_NO_TRNG) +WOLFSSL_LOCAL int se050_get_random_number(uint32_t count, uint8_t* rand_out); +#endif + +#ifdef WOLFSSL_SE050_HASH +WOLFSSL_LOCAL int se050_hash_init(SE050_HASH_Context* se050Ctx, void* heap); +WOLFSSL_LOCAL int se050_hash_update(SE050_HASH_Context* se050Ctx, + const byte* data, word32 len); +WOLFSSL_LOCAL int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, + size_t digestLen, sss_algorithm_t algo); +WOLFSSL_LOCAL int se050_hash_copy(SE050_HASH_Context* src, + SE050_HASH_Context* dst); +WOLFSSL_LOCAL void se050_hash_free(SE050_HASH_Context* se050Ctx); +#endif + +#if defined(WOLFSSL_SE050_CRYPT) && !defined(NO_AES) +struct Aes; +WOLFSSL_LOCAL int se050_aes_free_key_store_object(struct Aes* aes); +WOLFSSL_LOCAL int se050_aes_set_key(struct Aes* aes, const byte* key, + word32 len, const byte* iv, int dir); +WOLFSSL_LOCAL int se050_aes_crypt(struct Aes* aes, const byte* in, byte* out, + word32 sz, int dir, sss_algorithm_t algorithm); +WOLFSSL_LOCAL void se050_aes_free(struct Aes* aes); +#endif + +struct WC_RNG; +#ifdef HAVE_ECC +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + struct sp_int; + #define MATH_INT_T struct sp_int + typedef struct sp_int mp_int; +#elif defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int + typedef struct fp_int mp_int; +#else + struct mp_int; + #define MATH_INT_T struct mp_int +#endif +struct ecc_key; + +WOLFSSL_LOCAL int se050_ecc_use_key_id(struct ecc_key* key, word32 keyId); +WOLFSSL_LOCAL int se050_ecc_get_key_id(struct ecc_key* key, word32* keyId); +WOLFSSL_LOCAL int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, + mp_int* r, mp_int* s, byte* out, word32 *outLen, struct ecc_key* key); + +WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen, + mp_int* r, mp_int* s, struct ecc_key* key, int* res); + +WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id, + int keySize); +WOLFSSL_LOCAL int se050_ecc_shared_secret(struct ecc_key* private_key, + struct ecc_key* public_key, byte* out, word32* outlen); +WOLFSSL_LOCAL void se050_ecc_free_key(struct ecc_key* key); +#endif /* HAVE_ECC */ + +#ifndef NO_RSA +struct RsaKey; +WOLFSSL_LOCAL int se050_rsa_use_key_id(struct RsaKey* key, word32 keyId); +WOLFSSL_LOCAL int se050_rsa_get_key_id(struct RsaKey* key, word32* keyId); +WOLFSSL_LOCAL int se050_rsa_create_key(struct RsaKey* key, int size, long e); +WOLFSSL_LOCAL void se050_rsa_free_key(struct RsaKey* key); +WOLFSSL_LOCAL int se050_rsa_sign(const byte* in, word32 inLen, byte* out, + word32 outLen, struct RsaKey* key, int rsa_type, byte pad_value, + int pad_type, enum wc_HashType hash, int mgf, byte* label, word32 labelSz, + int keySz); +WOLFSSL_LOCAL int se050_rsa_verify(const byte* in, word32 inLen, byte* out, + word32 outLen, struct RsaKey* key, int rsa_type, byte pad_value, + int pad_type, enum wc_HashType hash, int mgf, byte* label, word32 labelSz); +WOLFSSL_LOCAL int se050_rsa_public_encrypt(const byte* in, word32 inLen, + byte* out, word32 outLen, struct RsaKey* key, int rsa_type, byte pad_value, + int pad_type, enum wc_HashType hash, int mgf, byte* label, + word32 labelSz, int keySz); +WOLFSSL_LOCAL int se050_rsa_private_decrypt(const byte* in, word32 inLen, + byte* out, word32 outLen, struct RsaKey* key, int rsa_type, byte pad_value, + int pad_type, enum wc_HashType hash, int mgf, byte* label, word32 labelSz); +#endif + +#ifdef HAVE_ED25519 +struct ed25519_key; +WOLFSSL_LOCAL int se050_ed25519_create_key(struct ed25519_key* key); +WOLFSSL_LOCAL void se050_ed25519_free_key(struct ed25519_key* key); +WOLFSSL_LOCAL int se050_ed25519_sign_msg(const byte* in, word32 inLen, + byte* out, word32 *outLen, struct ed25519_key* key); +WOLFSSL_LOCAL int se050_ed25519_verify_msg(const byte* signature, + word32 signatureLen, const byte* msg, word32 msgLen, + struct ed25519_key* key, int* res); +#endif /* HAVE_ED25519 */ + +#ifdef HAVE_CURVE25519 +struct curve25519_key; +struct ECPoint; +WOLFSSL_LOCAL int se050_curve25519_create_key(struct curve25519_key* key, + int keySize); +WOLFSSL_LOCAL int se050_curve25519_shared_secret( + struct curve25519_key* private_key, struct curve25519_key* public_key, + struct ECPoint* out); +WOLFSSL_LOCAL void se050_curve25519_free_key(struct curve25519_key* key); +#endif /* HAVE_CURVE25519 */ +#endif /* _SE050_PORT_H_ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/source/libs/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index b5edceeb..c92709fa 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/source/libs/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -1,6 +1,6 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h index 63388697..616ecb80 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h @@ -1,6 +1,6 @@ /* silabs_aes.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h index 99389a8a..a65516ee 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h @@ -1,6 +1,6 @@ /* silabs_ecc.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h index 8c2a4f25..b60ce81d 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h @@ -1,6 +1,6 @@ /* silabs_hash.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h index aa01797b..6f9aeb16 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h @@ -1,6 +1,6 @@ /* silabs_random.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/st/stm32.h b/source/libs/libwolfssl/wolfcrypt/port/st/stm32.h index 0944472f..334375e7 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/st/stm32.h +++ b/source/libs/libwolfssl/wolfcrypt/port/st/stm32.h @@ -1,6 +1,6 @@ /* stm32.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -60,6 +60,14 @@ /* STM32 register size in bytes */ #define STM32_HASH_REG_SIZE 4 +#if defined(WOLFSSL_STM32F4) || defined(WOLFSSL_STM32F7) || \ + defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5) || \ + defined(WOLFSSL_STM32WB) +#define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */ +#else +#define STM32_HASH_FIFO_SIZE 1 +#endif /* STM32 Hash Context */ typedef struct { @@ -70,19 +78,20 @@ typedef struct { uint32_t HASH_CSR[HASH_CR_SIZE]; /* Hash state / buffers */ - word32 buffer[STM32_HASH_REG_SIZE / sizeof(word32)]; /* partial word buffer */ + word32 buffer[STM32_HASH_FIFO_SIZE]; /* partial word buffer */ word32 buffLen; /* partial word remain */ word32 loLen; /* total update bytes (only lsb 6-bits is used for nbr valid bytes in last word) */ + int fifoBytes; /* number of currently filled FIFO bytes */ } STM32_HASH_Context; /* API's */ void wc_Stm32_Hash_Init(STM32_HASH_Context* stmCtx); int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, - const byte* data, int len); + const byte* data, word32 len, word32 blockSize); int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, - byte* hash, int digestSize); + byte* hash, word32 digestSize); #endif /* STM32_HASH */ @@ -92,7 +101,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #ifndef NO_AES #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \ - defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7)) + defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \ + defined(WOLFSSL_STM32U5)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif @@ -102,8 +112,9 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #define CRYP AES1 #define STM32_HAL_V2 #endif - #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) - #ifdef WOLFSSL_STM32L4 + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32U5) + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5) #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ #endif #define CRYP AES @@ -114,7 +125,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ #if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \ - (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7)) + (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5)) #define STM32_HAL_V2 #endif @@ -140,7 +152,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_CRYPTO */ #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) struct sp_int; #define MATH_INT_T struct sp_int #elif defined(USE_FAST_MATH) diff --git a/source/libs/libwolfssl/wolfcrypt/port/st/stsafe.h b/source/libs/libwolfssl/wolfcrypt/port/st/stsafe.h index 0809fcd3..f15b4328 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/st/stsafe.h +++ b/source/libs/libwolfssl/wolfcrypt/port/st/stsafe.h @@ -1,6 +1,6 @@ /* stsafe.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/ti/ti-ccm.h b/source/libs/libwolfssl/wolfcrypt/port/ti/ti-ccm.h index f14add29..ecdf1d39 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/ti/ti-ccm.h +++ b/source/libs/libwolfssl/wolfcrypt/port/ti/ti-ccm.h @@ -1,6 +1,6 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/ti/ti-hash.h b/source/libs/libwolfssl/wolfcrypt/port/ti/ti-hash.h index 93210186..ae5d7568 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/source/libs/libwolfssl/wolfcrypt/port/ti/ti-hash.h @@ -1,6 +1,6 @@ /* port/ti/ti-hash.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h index edaa4fa4..f3d142e4 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h +++ b/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h @@ -1,6 +1,6 @@ /* xil-sha3.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,8 +23,12 @@ #ifndef WOLF_XIL_CRYPT_SHA3_H #define WOLF_XIL_CRYPT_SHA3_H -#ifdef WOLFSSL_SHA3 -#include "xsecure_sha.h" +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_XILINX_CRYPT) +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL +#include +#else +#include +#endif #ifdef __cplusplus extern "C" { @@ -32,14 +36,18 @@ /* Sha3 digest */ typedef struct Sha3 { +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL + wc_Xsecure xSec; +#else XSecure_Sha3 hw; XCsuDma dma; +#endif } wc_Sha3; #ifdef __cplusplus } /* extern "C" */ #endif -#endif /* WOLFSSL_SHA3 */ +#endif /* WOLFSSL_SHA3 && WOLFSSL_XILINX_CRYPT */ #endif /* WOLF_XIL_CRYPT_SHA3_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h b/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h new file mode 100644 index 00000000..f0a98e44 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h @@ -0,0 +1,101 @@ +/* xil-versal-glue.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_XIL_CRYPT_VERSAL_GLUE_H +#define WOLF_XIL_CRYPT_VERSAL_GLUE_H + +#include + +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define XIL_CAST_U64(v) ((u64)(UINTPTR)(v)) + +#ifdef XSECURE_CACHE_DISABLE +#define WOLFSSL_XIL_DCACHE_INVALIDATE_RANGE(p, l) do{}while(0) +#define WOLFSSL_XIL_DCACHE_FLUSH_RANGE(p, l) do{}while(0) +#else +#define WOLFSSL_XIL_DCACHE_INVALIDATE_RANGE(p, l) \ + do{ Xil_DCacheInvalidateRange((p), (l)); }while(0) +#define WOLFSSL_XIL_DCACHE_FLUSH_RANGE(p, l) \ + do{ Xil_DCacheFlushRange((p), (l)); }while(0) +#endif + +#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY) \ + && !defined(WOLFSSL_XIL_MSG_NO_SLEEP) +#include +#define WOLFSSL_XIL_SLEEP(n) do{ sleep(n); }while(0) +#else +#define WOLFSSL_XIL_SLEEP(n) do{}while(0) +#endif + +/* Provide our own message macro since the Versal PLM maybe + * prints an error message to the same console. + * In order to not mix those outputs up, sleep a little while + * before printing our message. + * This behavior can be disabled by defining `WOLFSSL_XIL_MSG_NO_SLEEP` + */ +#define WOLFSSL_XIL_MSG(msg) do { \ + WOLFSSL_XIL_SLEEP(1); \ + WOLFSSL_MSG(msg); \ +} while(0) +#define WOLFSSL_XIL_ERROR(msg, err) do { \ + WOLFSSL_XIL_MSG(msg); \ + WOLFSSL_MSG_EX("Xilinx API returned 0x%08x: %s", (err), \ + wc_XsecureErrorToString(err)); \ +} while(0) + + + +#define WOLFSSL_XSECURE_QWORD_SIZE 16u +#define WOLFSSL_XSECURE_AES_KEY_SIZE 32u +#define WOLFSSL_XSECURE_AES_IV_SIZE 12u +#define WOLFSSL_XSECURE_RSA_KEY_SIZE 512u + +enum { + WOLFSSL_XSECURE_ECC_NIST_P384 = 4, + WOLFSSL_XSECURE_ECC_NIST_P521 = 5, + WOLFSSL_XSECURE_ECC_NUM +}; + +typedef struct Xsecure { + ALIGN64 u8 mem[XSECURE_SHARED_MEM_SIZE]; + XMailbox mb; + XSecure_ClientInstance cinst; +} wc_Xsecure; + +WOLFSSL_LOCAL int wc_InitXsecure(wc_Xsecure* xsec); +WOLFSSL_LOCAL const char *wc_XsecureErrorToString(int err); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_XILINX_CRYPT_VERSAL */ +#endif /* WOLF_XIL_CRYPT_VERSAL_GLUE_H */ + diff --git a/source/libs/libwolfssl/wolfcrypt/pwdbased.h b/source/libs/libwolfssl/wolfcrypt/pwdbased.h index 3705e672..f36d224e 100644 --- a/source/libs/libwolfssl/wolfcrypt/pwdbased.h +++ b/source/libs/libwolfssl/wolfcrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,8 +40,8 @@ * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types */ WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, - const byte* passwd, int passwdLen, - const byte* salt, int saltLen, int iterations, + const byte* passwd, int passwdLen, + const byte* salt, int saltLen, int iterations, int hashType, void* heap); WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, diff --git a/source/libs/libwolfssl/wolfcrypt/rabbit.h b/source/libs/libwolfssl/wolfcrypt/rabbit.h deleted file mode 100644 index 757945b0..00000000 --- a/source/libs/libwolfssl/wolfcrypt/rabbit.h +++ /dev/null @@ -1,73 +0,0 @@ -/* rabbit.h - * - * Copyright (C) 2006-2021 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! - \file wolfssl/wolfcrypt/rabbit.h -*/ - - -#ifndef WOLF_CRYPT_RABBIT_H -#define WOLF_CRYPT_RABBIT_H - -#include - -#ifndef NO_RABBIT - -#ifdef __cplusplus - extern "C" { -#endif - - -enum { - RABBIT_ENC_TYPE = 5 /* cipher unique type */ -}; - - -/* Rabbit Context */ -typedef struct RabbitCtx { - word32 x[8]; - word32 c[8]; - word32 carry; -} RabbitCtx; - - -/* Rabbit stream cipher */ -typedef struct Rabbit { - RabbitCtx masterCtx; - RabbitCtx workCtx; -#ifdef XSTREAM_ALIGN - void* heap; /* heap hint, currently XMALLOC only used with aligning */ -#endif -} Rabbit; - - -WOLFSSL_API int wc_RabbitProcess(Rabbit*, byte*, const byte*, word32); -WOLFSSL_API int wc_RabbitSetKey(Rabbit*, const byte* key, const byte* iv); - -WOLFSSL_LOCAL int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap); - -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* NO_RABBIT */ -#endif /* WOLF_CRYPT_RABBIT_H */ - diff --git a/source/libs/libwolfssl/wolfcrypt/random.h b/source/libs/libwolfssl/wolfcrypt/random.h index f6dcdf3e..8af7824b 100644 --- a/source/libs/libwolfssl/wolfcrypt/random.h +++ b/source/libs/libwolfssl/wolfcrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -99,6 +99,11 @@ * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc * extern int myRngFunc(byte* output, word32 sz); */ + #if defined(CUSTOM_RAND_GENERATE_BLOCK) && defined(WOLFSSL_KCAPI) + #undef CUSTOM_RAND_GENERATE_BLOCK + #define CUSTOM_RAND_GENERATE_BLOCK wc_hwrng_generate_block + WOLFSSL_LOCAL int wc_hwrng_generate_block(byte *output, word32 sz); + #endif #elif defined(HAVE_HASHDRBG) #ifdef NO_SHA256 #error "Hash DRBG requires SHA-256." @@ -130,9 +135,17 @@ #endif #endif +#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ + typedef struct OS_Seed OS_Seed; + typedef struct WC_RNG WC_RNG; + #ifdef WC_RNG_SEED_CB + typedef int (*wc_RngSeed_Cb)(OS_Seed* os, byte* seed, word32 sz); + #endif + #define WC_RNG_TYPE_DEFINED +#endif /* OS specific seeder */ -typedef struct OS_Seed { +struct OS_Seed { #if defined(USE_WINDOWS_API) ProviderHandle handle; #else @@ -141,13 +154,7 @@ typedef struct OS_Seed { #if defined(WOLF_CRYPTO_CB) int devId; #endif -} OS_Seed; - - -#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ - typedef struct WC_RNG WC_RNG; - #define WC_RNG_TYPE_DEFINED -#endif +}; #ifdef HAVE_HASHDRBG struct DRBG_internal { @@ -155,8 +162,8 @@ struct DRBG_internal { word32 lastBlock; byte V[DRBG_SEED_LEN]; byte C[DRBG_SEED_LEN]; -#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) void* heap; +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) int devId; #endif byte matchCount; @@ -168,7 +175,7 @@ struct DRBG_internal { /* RNG context */ struct WC_RNG { - OS_Seed seed; + struct OS_Seed seed; void* heap; #ifdef HAVE_HASHDRBG /* Hash-based Deterministic Random Bit Generator */ @@ -194,9 +201,7 @@ struct WC_RNG { #define RNG WC_RNG #endif - -WOLFSSL_LOCAL -int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); +WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #ifdef HAVE_WNR @@ -206,19 +211,19 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #endif /* HAVE_WNR */ -WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte*, word32, void*); -WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG*); +WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap); +WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG* rng); #ifndef WC_NO_RNG -WOLFSSL_API int wc_InitRng(WC_RNG*); +WOLFSSL_ABI WOLFSSL_API int wc_InitRng(WC_RNG* rng); WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz); WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, void* heap, int devId); -WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); -WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); -WOLFSSL_API int wc_FreeRng(WC_RNG*); +WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz); +WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG* rng, byte* b); +WOLFSSL_API int wc_FreeRng(WC_RNG* rng); #else #include #define wc_InitRng(rng) NOT_COMPILED_IN @@ -235,7 +240,9 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*); #define wc_FreeRng(rng) (void)NOT_COMPILED_IN #endif - +#ifdef WC_RNG_SEED_CB + WOLFSSL_API int wc_SetSeed_Cb(wc_RngSeed_Cb cb); +#endif #ifdef HAVE_HASHDRBG WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy, @@ -253,6 +260,19 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*); void* heap, int devId); #endif /* HAVE_HASHDRBG */ +#ifdef HAVE_ENTROPY_MEMUSE +/* Maximum entropy bits that can be produced. */ +#define MAX_ENTROPY_BITS 256 + +/* For generating data for assessment. */ +WOLFSSL_API int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt); +WOLFSSL_API int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len); +WOLFSSL_API int wc_Entropy_OnDemandTest(void); + +WOLFSSL_LOCAL int Entropy_Init(void); +WOLFSSL_LOCAL void Entropy_Final(void); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/ripemd.h b/source/libs/libwolfssl/wolfcrypt/ripemd.h index 170e5085..f7e2d821 100644 --- a/source/libs/libwolfssl/wolfcrypt/ripemd.h +++ b/source/libs/libwolfssl/wolfcrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,9 +54,9 @@ typedef struct RipeMd { } RipeMd; -WOLFSSL_API int wc_InitRipeMd(RipeMd*); -WOLFSSL_API int wc_RipeMdUpdate(RipeMd*, const byte*, word32); -WOLFSSL_API int wc_RipeMdFinal(RipeMd*, byte*); +WOLFSSL_API int wc_InitRipeMd(RipeMd* ripemd); +WOLFSSL_API int wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len); +WOLFSSL_API int wc_RipeMdFinal(RipeMd* ripemd, byte* hash); #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/rsa.h b/source/libs/libwolfssl/wolfcrypt/rsa.h index 8dad0f26..cbc7dcbe 100644 --- a/source/libs/libwolfssl/wolfcrypt/rsa.h +++ b/source/libs/libwolfssl/wolfcrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,7 +64,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #else #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) /* for fips @wc_fips */ #include #if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN) @@ -75,7 +75,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #include #endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */ #if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) #include #endif @@ -83,13 +83,25 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #include #ifdef WOLFSSL_XILINX_CRYPT -#include "xsecure_rsa.h" +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL +#include +#else +#include +#endif #endif #if defined(WOLFSSL_CRYPTOCELL) #include #endif +#if defined(WOLFSSL_KCAPI_RSA) + #include +#endif + +#if defined(WOLFSSL_DEVCRYPTO_RSA) + #include +#endif + #ifdef __cplusplus extern "C" { #endif @@ -99,7 +111,27 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif #ifndef RSA_MAX_SIZE -#define RSA_MAX_SIZE 4096 + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define RSA_MAX_SIZE (FP_MAX_BITS / 2) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && RSA_MAX_SIZE < 8192 + #error "MySQL needs FP_MAX_BITS at least at 16384" + #endif + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define RSA_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && RSA_MAX_SIZE < 8192 + #error "MySQL needs SP_INT_BITS at least at 8192" + #endif + #else + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* Integer maths is dynamic but we only go up to 8192 bits. */ + #define RSA_MAX_SIZE 8192 + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define RSA_MAX_SIZE 4096 + #endif + #endif #endif /* avoid redefinition of structs */ @@ -144,7 +176,7 @@ enum { RSA_PSS_SALT_LEN_DISCOVER = -2, #endif -#ifdef WOLF_CRYPTO_CB +#ifdef WOLF_PRIVATE_KEY_ID RSA_MAX_ID_LEN = 32, RSA_MAX_LABEL_LEN = 32, #endif @@ -174,6 +206,10 @@ struct RsaKey { #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif +#ifdef WOLFSSL_SE050 + word32 keyId; + byte keyIdSet; +#endif #ifdef WOLF_CRYPTO_CB int devId; #endif @@ -186,15 +222,24 @@ struct RsaKey { #ifdef WOLFSSL_XILINX_CRYPT word32 pubExp; /* to keep values in scope they are here in struct */ byte* mod; +#if defined(WOLFSSL_XILINX_CRYPT_VERSAL) + int mSz; + wc_Xsecure xSec; +#else XSecure_Rsa xRsa; #endif -#ifdef WOLF_CRYPTO_CB +#endif +#if defined(WOLFSSL_KCAPI_RSA) + struct kcapi_handle* handle; +#endif +#ifdef WOLF_PRIVATE_KEY_ID byte id[RSA_MAX_ID_LEN]; int idLen; char label[RSA_MAX_LABEL_LEN]; int labelLen; #endif -#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) +#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ + !defined(WOLFSSL_NO_MALLOC) byte dataIsAlloc; #endif #ifdef WC_RSA_NONBLOCK @@ -207,6 +252,12 @@ struct RsaKey { #if defined(WOLFSSL_CRYPTOCELL) rsa_context_t ctx; #endif +#if defined(WOLFSSL_CAAM) + word32 blackKey; +#endif +#if defined(WOLFSSL_DEVCRYPTO_RSA) + WC_CRYPTODEV ctx; +#endif }; #ifndef WC_RSAKEY_TYPE_DEFINED @@ -214,12 +265,12 @@ struct RsaKey { #define WC_RSAKEY_TYPE_DEFINED #endif -#endif /*HAVE_FIPS */ +#endif /* HAVE_FIPS */ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); -#ifdef WOLF_CRYPTO_CB +#ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); WOLFSSL_API int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, @@ -229,6 +280,10 @@ WOLFSSL_API int wc_CheckRsaKey(RsaKey* key); #ifdef WOLFSSL_XILINX_CRYPT WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); #endif /* WOLFSSL_XILINX_CRYPT */ +#ifdef WOLFSSL_SE050 +WOLFSSL_API int wc_RsaUseKeyId(RsaKey* key, word32 keyId, word32 flags); +WOLFSSL_API int wc_RsaGetKeyId(RsaKey* key, word32* keyId); +#endif /* WOLFSSL_SE050 */ WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); @@ -276,6 +331,10 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits); +WOLFSSL_API int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inLen, + byte* sig, word32 sigSz, + enum wc_HashType hashType, + int saltLen, int bits, void* heap); WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out, const byte* digest, word32 digentLen, enum wc_HashType hash, int mgf, @@ -289,16 +348,17 @@ WOLFSSL_API int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, WOLFSSL_API int wc_RsaEncryptSize(const RsaKey* key); #if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) /* to avoid asn duplicate symbols @wc_fips */ WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, - RsaKey*, word32); + RsaKey* key, word32 inSz); WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, - RsaKey*, word32); + RsaKey* key, word32 inSz); WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, word32 eSz, RsaKey* key); -#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) - WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050) + WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen); #endif #ifdef WC_RSA_BLINDING @@ -317,12 +377,14 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, */ /* Mask Generation Function Identifiers */ -#define WC_MGF1NONE 0 -#define WC_MGF1SHA1 26 -#define WC_MGF1SHA224 4 -#define WC_MGF1SHA256 1 -#define WC_MGF1SHA384 2 -#define WC_MGF1SHA512 3 +#define WC_MGF1NONE 0 +#define WC_MGF1SHA1 26 +#define WC_MGF1SHA224 4 +#define WC_MGF1SHA256 1 +#define WC_MGF1SHA384 2 +#define WC_MGF1SHA512 3 +#define WC_MGF1SHA512_224 5 +#define WC_MGF1SHA512_256 6 /* Padding types */ #define WC_RSA_PKCSV15_PAD 0 @@ -332,13 +394,13 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng, int type, - enum wc_HashType hash, int mgf, byte* label, word32 lableSz); + enum wc_HashType hash, int mgf, byte* label, word32 labelSz); WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int type, - enum wc_HashType hash, int mgf, byte* label, word32 lableSz); + enum wc_HashType hash, int mgf, byte* label, word32 labelSz); WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, - int mgf, byte* label, word32 lableSz); + int mgf, byte* label, word32 labelSz); #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); @@ -346,8 +408,8 @@ WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, #endif /* HAVE_FIPS */ -WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, - word32*); +WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, + byte* n, word32* nSz); WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz, @@ -355,8 +417,6 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* p, word32* pSz, byte* q, word32* qSz); -WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); - #ifdef WOLFSSL_KEY_GEN WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz, diff --git a/source/libs/libwolfssl/wolfcrypt/selftest.h b/source/libs/libwolfssl/wolfcrypt/selftest.h index da97d0d4..9fbf42dd 100644 --- a/source/libs/libwolfssl/wolfcrypt/selftest.h +++ b/source/libs/libwolfssl/wolfcrypt/selftest.h @@ -1,6 +1,6 @@ /* selftest.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/settings.h b/source/libs/libwolfssl/wolfcrypt/settings.h index 5e88cd4a..5bef5254 100644 --- a/source/libs/libwolfssl/wolfcrypt/settings.h +++ b/source/libs/libwolfssl/wolfcrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,27 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * ************************************************************************ + * + * ******************************** NOTICE ******************************** + * + * ************************************************************************ + * + * This method of uncommenting a line in settings.h is outdated. + * + * Please use user_settings.h / WOLFSSL_USER_SETTINGS + * + * or + * + * ./configure CFLAGS="-DFLAG" + * + * For more information see: + * + * https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/ + * + */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ @@ -194,6 +215,11 @@ /* Uncomment next line if building for using Apache mynewt */ /* #define WOLFSSL_APACHE_MYNEWT */ +/* For Espressif chips see example user_settings.h + * + * https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/user_settings.h + */ + /* Uncomment next line if building for using ESP-IDF */ /* #define WOLFSSL_ESPIDF */ @@ -212,6 +238,12 @@ /* Uncomment next line if using RENESAS RX64N */ /* #define WOLFSSL_RENESAS_RX65N */ +/* Uncomment next line if using RENESAS SCE Protected Mode */ +/* #define WOLFSSL_RENESAS_SCEPROTECT */ + +/* Uncomment next line if using RENESAS RA6M4 */ +/* #define WOLFSSL_RENESAS_RA6M4 */ + /* Uncomment next line if using Solaris OS*/ /* #define WOLFSSL_SOLARIS */ @@ -224,6 +256,13 @@ /* Uncomment next line if building for Dolphin Emulator */ /* #define DOLPHIN_EMULATOR */ +/* Uncomment next line if using MAXQ1065 */ +/* #define WOLFSSL_MAXQ1065 */ + +/* Uncomment next line if using MAXQ108x */ +/* #define WOLFSSL_MAXQ108X */ + + #include #ifdef WOLFSSL_USER_SETTINGS @@ -233,9 +272,26 @@ #include "wolfSSL.I-CUBE-wolfSSL_conf.h" #endif +#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) (((major) * 256) + (minor)) +#if !defined(HAVE_FIPS) + #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(0,0) +#elif !defined(HAVE_FIPS_VERSION) + #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(1,0) +#elif !defined(HAVE_FIPS_VERSION_MINOR) + #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(HAVE_FIPS_VERSION,0) +#else + #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(HAVE_FIPS_VERSION,HAVE_FIPS_VERSION_MINOR) +#endif + +#define FIPS_VERSION_LT(major,minor) (WOLFSSL_FIPS_VERSION_CODE < WOLFSSL_MAKE_FIPS_VERSION(major,minor)) +#define FIPS_VERSION_LE(major,minor) (WOLFSSL_FIPS_VERSION_CODE <= WOLFSSL_MAKE_FIPS_VERSION(major,minor)) +#define FIPS_VERSION_EQ(major,minor) (WOLFSSL_FIPS_VERSION_CODE == WOLFSSL_MAKE_FIPS_VERSION(major,minor)) +#define FIPS_VERSION_GE(major,minor) (WOLFSSL_FIPS_VERSION_CODE >= WOLFSSL_MAKE_FIPS_VERSION(major,minor)) +#define FIPS_VERSION_GT(major,minor) (WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION(major,minor)) + /* make sure old RNG name is used with CTaoCrypt FIPS */ #ifdef HAVE_FIPS - #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2) + #if FIPS_VERSION_LT(2,0) #define WC_RNG RNG #else #ifndef WOLFSSL_STM32L4 @@ -298,6 +354,9 @@ #endif #endif /* WOLFSSL_ESPIDF */ +#if defined(WOLFCRYPT_ONLY) + #undef WOLFSSL_RENESAS_TSIP +#endif /* WOLFCRYPT_ONLY */ #if defined(WOLFSSL_RENESAS_TSIP) #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64 #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */ @@ -307,18 +366,38 @@ #define WOLFSSL_RENESAS_TSIP_TLS #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT #endif -#endif +#endif /* WOLFSSL_RENESAS_TSIP */ -#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) +#if defined(WOLFSSL_RENESAS_SCEPROTECT) + #define SCE_TLS_MASTERSECRET_SIZE 80 /* 20 words */ + #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64 + #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in bytes */ + #define SCE_TLS_CLIENTRANDOM_SZ 36 /* in bytes */ + #define SCE_TLS_SERVERRANDOM_SZ 36 /* in bytes */ + #define SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ 96 /* in bytes */ + + #define WOLFSSL_RENESAS_SCEPROTECT_ECC + #if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC) + #define HAVE_PK_CALLBACKS + /* #define DEBUG_PK_CB */ + #endif +#endif +#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) ||\ + defined(WOLFSSL_RENESAS_RA6M4) /* settings in user_settings.h */ #endif -#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */ +#if defined(WOLFSSL_LWIP_NATIVE) || \ + defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */ + #undef WOLFSSL_USER_IO + #define WOLFSSL_USER_IO + + #if defined(HAVE_LWIP_NATIVE) #define WOLFSSL_LWIP #define NO_WRITEV #define SINGLE_THREADED - #define WOLFSSL_USER_IO #define NO_FILESYSTEM + #endif #endif #if defined(WOLFSSL_CONTIKI) @@ -329,11 +408,13 @@ #define SINGLE_THREADED #define WOLFSSL_USER_IO #define NO_FILESYSTEM - #define CUSTOM_RAND_TYPE uint16_t - #define CUSTOM_RAND_GENERATE random_rand + #ifndef CUSTOM_RAND_GENERATE + #define CUSTOM_RAND_TYPE uint16_t + #define CUSTOM_RAND_GENERATE random_rand + #endif static inline word32 LowResTimer(void) { - return clock_seconds(); + return clock_seconds(); } #endif @@ -419,7 +500,6 @@ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ /* WOLFSSL_DH_CONST */ #define NO_DSA - #define NO_HC128 #define HAVE_ECC #define NO_SESSION_CACHE #define WOLFSSL_CMSIS_RTOS @@ -459,7 +539,9 @@ #include "pico_stack.h" #include "pico_constants.h" #include "pico_protocol.h" - #define CUSTOM_RAND_GENERATE pico_rand + #ifndef CUSTOM_RAND_GENERATE + #define CUSTOM_RAND_GENERATE pico_rand + #endif #endif #ifdef WOLFSSL_PICOTCP_DEMO @@ -490,8 +572,6 @@ /* #define WOLFSSL_PTHREADS */ #define WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MAX - #define USE_FAST_MATH - #define TFM_TIMING_RESISTANT #define NO_MAIN_DRIVER #define NO_DEV_RANDOM #define NO_WRITEV @@ -584,7 +664,6 @@ #define USE_CERT_BUFFERS_2048 /* use when NO_FILESYSTEM */ #define NO_MAIN_DRIVER #define NO_RC4 - #define SINGLE_THREADED /* Not ported at this time */ #endif #ifdef WOLFSSL_RIOT_OS @@ -723,7 +802,7 @@ extern void uITRON4_free(void *p) ; #include "FreeRTOS.h" #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ - !defined(WOLFSSL_STATIC_MEMORY) + !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY) #define XMALLOC(s, h, type) pvPortMalloc((s)) #define XFREE(p, h, type) vPortFree((p)) /* FreeRTOS pvPortRealloc() implementation can be found here: @@ -756,9 +835,6 @@ extern void uITRON4_free(void *p) ; #ifndef NO_DSA #define NO_DSA #endif - #ifndef NO_HC128 - #define NO_HC128 - #endif #ifndef SINGLE_THREADED #include "semphr.h" @@ -781,16 +857,35 @@ extern void uITRON4_free(void *p) ; #define NO_MAIN_DRIVER #endif +#ifdef WOLFSSL_TI_CRYPT + #define NO_GCM_ENCRYPT_EXTRA + #define NO_PUBLIC_GCM_SET_IV + #define NO_PUBLIC_CCM_SET_NONCE +#endif + #ifdef WOLFSSL_TIRTOS #define SIZEOF_LONG_LONG 8 #define NO_WRITEV #define NO_WOLFSSL_DIR - #define USE_FAST_MATH + + /* Use SP_MATH by default, unless + * specified in user_settings. + */ + #ifndef USE_FAST_MATH + #define USE_SP_MATH + #define SP_MATH_ALL + #define WOLFSSL_HAVE_SP_ECC + #define SP_WORD_SIZE 32 + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_4096 + #endif #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT #define WC_RSA_BLINDING #define NO_DEV_RANDOM #define NO_FILESYSTEM + #define NO_SIG_WRAPPER + #define NO_MAIN_DRIVER #define USE_CERT_BUFFERS_2048 #define NO_ERROR_STRINGS /* Uncomment this setting if your toolchain does not offer time.h header */ @@ -800,21 +895,13 @@ extern void uITRON4_free(void *p) ; #define USE_WOLF_STRTOK /* use with HAVE_ALPN */ #define HAVE_TLS_EXTENSIONS #define HAVE_AESGCM - #ifdef WOLFSSL_TI_CRYPT - #define NO_GCM_ENCRYPT_EXTRA - #define NO_PUBLIC_GCM_SET_IV - #define NO_PUBLIC_CCM_SET_NONCE - #endif #define HAVE_SUPPORTED_CURVES - #define ALT_ECC_SIZE - #ifdef __IAR_SYSTEMS_ICC__ #pragma diag_suppress=Pa089 #elif !defined(__GNUC__) /* Suppress the sslpro warning */ #pragma diag_suppress=11 #endif - #include #endif @@ -873,9 +960,6 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_GAME_BUILD #define SIZEOF_LONG_LONG 8 - #if defined(__PPU) || defined(__XENON) - #define BIG_ENDIAN_ORDER - #endif #endif #ifdef WOLFSSL_LSR @@ -888,10 +972,8 @@ extern void uITRON4_free(void *p) ; /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ /* WOLFSSL_DH_CONST */ #define NO_DSA - #define NO_HC128 #define NO_DEV_RANDOM #define NO_WOLFSSL_DIR - #define NO_RABBIT #ifndef NO_FILESYSTEM #define LSR_FS #include "inc/hw_types.h" @@ -1027,7 +1109,7 @@ extern void uITRON4_free(void *p) ; #define XFREE(p, h, type) vPortFree((p)) #endif - //#define USER_TICKS + /* #define USER_TICKS */ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ /* WOLFSSL_DH_CONST */ #define WOLFSSL_LWIP @@ -1061,8 +1143,6 @@ extern void uITRON4_free(void *p) ; #define NO_WRITEV #undef NO_DEV_RANDOM #define NO_DEV_RANDOM - #undef NO_RABBIT - #define NO_RABBIT #undef NO_WOLFSSL_DIR #define NO_WOLFSSL_DIR #undef NO_RC4 @@ -1245,11 +1325,45 @@ extern void uITRON4_free(void *p) ; #define GCM_TABLE #endif +#if defined(WOLFSSL_MAXQ1065) || defined(WOLFSSL_MAXQ108X) + + #define MAXQ10XX_MODULE_INIT + + #define HAVE_PK_CALLBACKS + #define WOLFSSL_STATIC_PSK + /* Server side support to be added at a later date. */ + #define NO_WOLFSSL_SERVER + /* Need WOLFSSL_PUBLIC_ASN to use ProcessPeerCert callback. */ + #define WOLFSSL_PUBLIC_ASN + + #ifdef HAVE_PTHREAD + #define WOLFSSL_CRYPT_HW_MUTEX 1 + #define MAXQ10XX_MUTEX + #endif + + #define WOLFSSL_MAXQ10XX_CRYPTO + #define WOLFSSL_MAXQ10XX_TLS + + + #if defined(WOLFSSL_MAXQ1065) + #define MAXQ_DEVICE_ID 1065 + #elif defined(WOLFSSL_MAXQ108X) + #define MAXQ_DEVICE_ID 1080 + #else + #error "There is only support for MAXQ1065 or MAXQ1080" + #endif + + #if defined(WOLFSSL_TICKET_NONCE_MALLOC) + #error "WOLFSSL_TICKET_NONCE_MALLOC disables the HKDF expand callbacks." + #endif + +#endif /* WOLFSSL_MAXQ1065 || WOLFSSL_MAXQ108X */ + #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \ - defined(WOLFSSL_STM32G0) + defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1257,8 +1371,6 @@ extern void uITRON4_free(void *p) ; #endif #define NO_DEV_RANDOM #define NO_WOLFSSL_DIR - #undef NO_RABBIT - #define NO_RABBIT #ifndef NO_STM32_RNG #undef STM32_RNG #define STM32_RNG @@ -1271,7 +1383,7 @@ extern void uITRON4_free(void *p) ; #define STM32_CRYPTO #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ - defined(WOLFSSL_STM32WB) + defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32U5) #define NO_AES_192 /* hardware does not support 192-bit */ #endif #endif @@ -1304,6 +1416,8 @@ extern void uITRON4_free(void *p) ; #include "stm32wbxx_hal.h" #elif defined(WOLFSSL_STM32G0) #include "stm32g0xx_hal.h" + #elif defined(WOLFSSL_STM32U5) + #include "stm32u5xx_hal.h" #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -1353,9 +1467,9 @@ extern void uITRON4_free(void *p) ; #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || - WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || - WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || + WOLFSSL_STM32H7 || WOLFSSL_STM32G0 || WOLFSSL_STM32U5 */ #ifdef WOLFSSL_DEOS #include #include @@ -1428,7 +1542,9 @@ extern void uITRON4_free(void *p) ; #define HAVE_HASHDRBG #define HAVE_ECC - #define ALT_ECC_SIZE + #if !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_NO_MALLOC) + #define ALT_ECC_SIZE + #endif #define TFM_ECC192 #define TFM_ECC224 #define TFM_ECC256 @@ -1448,6 +1564,8 @@ extern void uITRON4_free(void *p) ; #define CUSTOM_RAND_GENERATE Math_Rand #endif #define STRING_USER + #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2)) + #define XSTRCMP(s1,s2) strcmp((s1),(s2)) #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr))) #define XSTRNCPY(pstr_dest, pstr_src, len_max) \ ((CPU_CHAR *)Str_Copy_N((CPU_CHAR *)(pstr_dest), \ @@ -1564,8 +1682,10 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_XILINX) + #if !defined(WOLFSSL_XILINX_CRYPT_VERSAL) + #define NO_DEV_RANDOM + #endif #define NO_WOLFSSL_DIR - #define NO_DEV_RANDOM #define HAVE_AESGCM #endif @@ -1588,6 +1708,19 @@ extern void uITRON4_free(void *p) ; #endif #endif /*(WOLFSSL_XILINX_CRYPT)*/ +#ifdef WOLFSSL_KCAPI_AES + #define WOLFSSL_AES_GCM_FIXED_IV_AAD +#endif +#ifdef WOLFSSL_KCAPI_ECC + #undef ECC_USER_CURVES + #define ECC_USER_CURVES + #undef NO_ECC256 + #undef HAVE_ECC384 + #define HAVE_ECC384 + #undef HAVE_ECC521 + #define HAVE_ECC521 +#endif + #if defined(WOLFSSL_APACHE_MYNEWT) #include "os/os_malloc.h" #if !defined(WOLFSSL_LWIP) @@ -1665,7 +1798,7 @@ extern void uITRON4_free(void *p) ; #undef HAVE_AES_ECB #define HAVE_AES_ECB - //@TODO used for now until plugging in caam aes use with qnx + /* @TODO used for now until plugging in caam aes use with qnx */ #undef WOLFSSL_AES_DIRECT #define WOLFSSL_AES_DIRECT #endif @@ -1683,6 +1816,15 @@ extern void uITRON4_free(void *p) ; #define USE_WOLFSSL_MEMORY #endif +#ifdef WOLFSSL_EMBOS + #include "RTOS.h" + #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ + !defined(WOLFSSL_STATIC_MEMORY) + #define XMALLOC(s, h, type) OS_HEAP_malloc((s)) + #define XFREE(p, h, type) OS_HEAP_free((p)) + #define XREALLOC(p, n, h, t) OS_HEAP_realloc(((p), (n)) + #endif +#endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) #undef KEEP_PEER_CERT @@ -1786,21 +1928,79 @@ extern void uITRON4_free(void *p) ; #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ #endif + + +/* --------------------------------------------------------------------------- + * Math Library Selection (in order of preference) + * --------------------------------------------------------------------------- + */ +#if !defined(HAVE_FIPS_VERSION) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)) + #if defined(WOLFSSL_SP_MATH_ALL) + /* 1) SP Math: wolfSSL proprietary math implementation (sp_int.c). + * Constant time: Always + * Enable: WOLFSSL_SP_MATH_ALL + */ + #elif defined(WOLFSSL_SP_MATH) + /* 2) SP Math with restricted key sizes: wolfSSL proprietary math + * implementation (sp_*.c). + * Constant time: Always + * Enable: WOLFSSL_SP_MATH + */ + #elif defined(USE_FAST_MATH) + /* 3) Tom's Fast Math: Stack based (tfm.c) + * Constant time: Only with TFM_TIMING_RESISTANT + * Enable: USE_FAST_MATH + */ + #elif defined(USE_INTEGER_HEAP_MATH) + /* 4) Integer Heap Math: Heap based (integer.c) + * Constant time: Not supported + * Enable: USE_INTEGER_HEAP_MATH + */ + #else + /* default is SP Math. */ + #define WOLFSSL_SP_MATH_ALL + #endif +#else + /* FIPS 140-2 or older */ + /* Default to fast math (tfm.c), but allow heap math (integer.c) */ + #if !defined(USE_INTEGER_HEAP_MATH) + #undef USE_FAST_MATH + #define USE_FAST_MATH + #ifndef FP_MAX_BITS + #define FP_MAX_BITS 8192 + #endif + #endif +#endif +/*----------------------------------------------------------------------------*/ + + + + /* user can specify what curves they want with ECC_USER_CURVES otherwise * all curves are on by default for now */ #ifndef ECC_USER_CURVES - #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_ALL_CURVES) + #ifdef WOLFSSL_SP_MATH + /* for single precision math only make sure the enabled key sizes are + * included in the ECC curve table */ + #if defined(WOLFSSL_SP_384) && !defined(HAVE_ECC384) + #define HAVE_ECC384 + #endif + #if defined(WOLFSSL_SP_521) && !defined(HAVE_ECC521) + #define HAVE_ECC521 + #endif + #elif !defined(HAVE_ALL_CURVES) #define HAVE_ALL_CURVES #endif #endif /* The minimum allowed ECC key size */ -/* Note: 224-bits is equivelant to 2048-bit RSA */ +/* Note: 224-bits is equivalent to 2048-bit RSA */ #ifndef ECC_MIN_KEY_SZ #ifdef WOLFSSL_MIN_ECC_BITS #define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS #else - #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2 + #if FIPS_VERSION_GE(2,0) /* FIPSv2 and ready (for now) includes 192-bit support */ #define ECC_MIN_KEY_SZ 192 #else @@ -1944,8 +2144,9 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_AES_256 #define WOLFSSL_AES_256 #endif - #if !defined(WOLFSSL_AES_128) && defined(HAVE_ECC_ENCRYPT) - #warning HAVE_ECC_ENCRYPT uses AES 128 bit keys + #if !defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AES_256) && \ + defined(HAVE_ECC_ENCRYPT) + #warning HAVE_ECC_ENCRYPT uses AES 128/256 bit keys #endif #ifndef NO_AES_DECRYPT @@ -1972,11 +2173,18 @@ extern void uITRON4_free(void *p) ; #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \ (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \ - !defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \ - !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128)) + !defined(HAVE_CAMELLIA) & !defined(HAVE_NULL_CIPHER)) #define WOLFSSL_AEAD_ONLY #endif +#if !defined(HAVE_PUBLIC_FFDHE) && !defined(NO_DH) && \ + !defined(WOLFSSL_NO_PUBLIC_FFDHE) && \ + (defined(HAVE_SELFTEST) || FIPS_VERSION_LE(2,0)) + /* This should only be enabled for FIPS v2 or older. It enables use of the + * older wc_Dh_ffdhe####_Get() API's */ + #define HAVE_PUBLIC_FFDHE +#endif + #if !defined(NO_DH) && !defined(HAVE_FFDHE) #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \ defined(HAVE_FFDHE_4096) || defined(HAVE_FFDHE_6144) || \ @@ -1985,25 +2193,26 @@ extern void uITRON4_free(void *p) ; #endif #endif #if defined(HAVE_FFDHE_8192) - #define MIN_FFDHE_FP_MAX_BITS 16384 + #define MIN_FFDHE_BITS 8192 #elif defined(HAVE_FFDHE_6144) - #define MIN_FFDHE_FP_MAX_BITS 12288 + #define MIN_FFDHE_BITS 6144 #elif defined(HAVE_FFDHE_4096) - #define MIN_FFDHE_FP_MAX_BITS 8192 + #define MIN_FFDHE_BITS 4096 #elif defined(HAVE_FFDHE_3072) - #define MIN_FFDHE_FP_MAX_BITS 6144 + #define MIN_FFDHE_BITS 3072 #elif defined(HAVE_FFDHE_2048) - #define MIN_FFDHE_FP_MAX_BITS 4096 + #define MIN_FFDHE_BITS 2048 #else - #define MIN_FFDHE_FP_MAX_BITS 0 + #define MIN_FFDHE_BITS 0 #endif +#define MIN_FFDHE_FP_MAX_BITS (MIN_FFDHE_BITS * 2) #if defined(HAVE_FFDHE) && defined(FP_MAX_BITS) #if MIN_FFDHE_FP_MAX_BITS > FP_MAX_BITS #error "FFDHE parameters are too large for FP_MAX_BIT as set" #endif #endif #if defined(HAVE_FFDHE) && defined(SP_INT_BITS) - #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2 + #if MIN_FFDHE_BITS > SP_INT_BITS #error "FFDHE parameters are too large for SP_INT_BIT as set" #endif #endif @@ -2012,16 +2221,18 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD) #if defined(USE_FAST_MATH) && !defined(FP_MAX_BITS) #if MIN_FFDHE_FP_MAX_BITS <= 8192 - #define FP_MAX_BITS 8192 + #define FP_MAX_BITS 8192 #else - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS #endif #endif #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS) - #if MIN_FFDHE_FP_MAX_BITS <= 8192 - #define SP_INT_BITS 4096 + #ifdef WOLFSSL_MYSQL_COMPATIBLE + #define SP_INT_BITS 8192 + #elif MIN_FFDHE_BITS <= 4096 + #define SP_INT_BITS 4096 #else - #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2 + #define SP_INT_BITS MIN_FFDHE_BITS #endif #endif #endif @@ -2084,21 +2295,21 @@ extern void uITRON4_free(void *p) ; /* Asynchronous Crypto */ #ifdef WOLFSSL_ASYNC_CRYPT + #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ + !defined(WOLFSSL_ASYNC_CRYPT_SW) + #error No async backend defined with WOLFSSL_ASYNC_CRYPT! + #endif + /* Make sure wolf events are enabled */ #undef HAVE_WOLF_EVENT #define HAVE_WOLF_EVENT - #ifdef WOLFSSL_ASYNC_CRYPT_TEST + #ifdef WOLFSSL_ASYNC_CRYPT_SW #define WC_ASYNC_DEV_SIZE 168 #else #define WC_ASYNC_DEV_SIZE 336 #endif - #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ - !defined(WOLFSSL_ASYNC_CRYPT_TEST) - #error No async hardware defined with WOLFSSL_ASYNC_CRYPT! - #endif - /* Enable ECC_CACHE_CURVE for ASYNC */ #if !defined(ECC_CACHE_CURVE) #define ECC_CACHE_CURVE @@ -2120,9 +2331,9 @@ extern void uITRON4_free(void *p) ; #if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY) #error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY #endif - #if !defined(WOLFSSL_SP_NO_MALLOC) && \ - !defined(USE_FAST_MATH) && !defined(NO_BIG_INT) - #error The static memory option is only supported for fast math or SP with no malloc + #if !defined(WOLFSSL_SP_MATH_ALL) && !defined(USE_FAST_MATH) && \ + !defined(WOLFSSL_SP_MATH) && !defined(NO_BIG_INT) + #error The static memory option is only supported for fast math or SP Math #endif #ifdef WOLFSSL_SMALL_STACK #error static memory does not support small stack please undefine @@ -2152,12 +2363,13 @@ extern void uITRON4_free(void *p) ; #define HAVE_PKCS12 #endif -#ifndef NO_PKCS8 +#if !defined(NO_PKCS8) || defined(HAVE_PKCS12) #undef HAVE_PKCS8 #define HAVE_PKCS8 #endif -#if !defined(NO_PBKDF1) || defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8) || defined(HAVE_PKCS12) +#if !defined(NO_PBKDF1) || defined(WOLFSSL_ENCRYPTED_KEYS) || \ + defined(HAVE_PKCS8) || defined(HAVE_PKCS12) #undef HAVE_PBKDF1 #define HAVE_PBKDF1 #endif @@ -2180,6 +2392,10 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_LINUXKM + #ifdef HAVE_CONFIG_H + #include + #undef HAVE_CONFIG_H + #endif #ifndef NO_DEV_RANDOM #define NO_DEV_RANDOM #endif @@ -2204,9 +2420,6 @@ extern void uITRON4_free(void *p) ; #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_SP_DIV_WORD_HALF - #define WOLFSSL_SP_DIV_WORD_HALF - #endif #ifndef WOLFSSL_OLD_PRIME_CHECK #define WOLFSSL_OLD_PRIME_CHECK #endif @@ -2237,11 +2450,9 @@ extern void uITRON4_free(void *p) ; #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(HAVE_LIGHTY) - #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(HAVE_LIGHTY)) && !defined(NO_TLS) #define OPENSSL_NO_ENGINE - #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT #ifndef OPENSSL_EXTRA #define OPENSSL_EXTRA #endif @@ -2267,7 +2478,6 @@ extern void uITRON4_free(void *p) ; #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif - /* both CURVE and ED small math should be enabled */ #ifdef CURVED25519_SMALL #define CURVE25519_SMALL @@ -2300,14 +2510,24 @@ extern void uITRON4_free(void *p) ; #endif #endif +#ifdef OPENSSL_COEXIST + /* make sure old names are disabled */ + #ifndef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + #endif + #ifndef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + #endif +#endif + #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) /* added to have compatibility with SHA256() */ #if !defined(NO_OLD_SHA_NAMES) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + FIPS_VERSION_GT(2,0)) #define NO_OLD_SHA_NAMES #endif #if !defined(NO_OLD_MD5_NAME) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + FIPS_VERSION_GT(2,0)) #define NO_OLD_MD5_NAME #endif #endif @@ -2347,6 +2567,16 @@ extern void uITRON4_free(void *p) ; #define KEEP_PEER_CERT #endif +/* + * Keeps the "Finished" messages after a TLS handshake for use as the so-called + * "tls-unique" channel binding. See comment in internal.h around clientFinished + * and serverFinished for more information. + */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) + #undef WOLFSSL_HAVE_TLS_UNIQUE + #define WOLFSSL_HAVE_TLS_UNIQUE +#endif + /* RAW hash function APIs are not implemented */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH) #undef WOLFSSL_NO_HASH_RAW @@ -2364,13 +2594,14 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NO_WORD64_OPS #endif -#if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_TLS12) +#if !defined(WOLFCRYPT_ONLY) && \ + (!defined(WOLFSSL_NO_TLS12) || defined(HAVE_KEYING_MATERIAL)) #undef WOLFSSL_HAVE_PRF #define WOLFSSL_HAVE_PRF #endif #if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_CAMELLIA) && \ - !defined(WOLFSSL_HAVE_PRF) && defined(NO_PWDBASED) && !defined(HAVE_IDEA) + !defined(WOLFSSL_HAVE_PRF) && defined(NO_PWDBASED) #undef WOLFSSL_NO_XOR_OPS #define WOLFSSL_NO_XOR_OPS #endif @@ -2396,8 +2627,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \ !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \ - (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ - defined(WOLFSSL_RSA_PUBLIC_ONLY) + !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) \ + && !defined(USE_FAST_MATH) #undef WOLFSSL_NO_FORCE_ZERO #define WOLFSSL_NO_FORCE_ZERO #endif @@ -2416,6 +2647,9 @@ extern void uITRON4_free(void *p) ; #endif #if defined(HAVE_EX_DATA) || defined(FORTRESS) + #if defined(FORTRESS) && !defined(HAVE_EX_DATA) + #define HAVE_EX_DATA + #endif #ifndef MAX_EX_DATA #define MAX_EX_DATA 5 /* allow for five items of ex_data */ #endif @@ -2425,6 +2659,11 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SMALL_STACK #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_STATIC) && \ + !defined(NO_WOLFSSL_SMALL_STACK_STATIC) +#define WOLFSSL_SMALL_STACK_STATIC +#endif + #ifdef WOLFSSL_SMALL_STACK_STATIC #undef WOLFSSL_SMALL_STACK_STATIC #define WOLFSSL_SMALL_STACK_STATIC static @@ -2445,15 +2684,21 @@ extern void uITRON4_free(void *p) ; #endif /* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */ -#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION) +#if FIPS_VERSION_EQ(1,0) #undef WC_RSA_PSS #undef WOLFSSL_TLS13 #endif +/* FIPS v2 does not support WOLFSSL_PSS_LONG_SALT */ +#if FIPS_VERSION_EQ(2,0) + #ifdef WOLFSSL_PSS_LONG_SALT + #undef WOLFSSL_PSS_LONG_SALT + #endif +#endif + /* For FIPSv2 make sure the ECDSA encoding allows extra bytes * but make sure users consider enabling it */ -#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#if !defined(NO_STRICT_ECDSA_LEN) && FIPS_VERSION_GE(2,0) /* ECDSA length checks off by default for CAVP testing * consider enabling strict checks in production */ #define NO_STRICT_ECDSA_LEN @@ -2474,11 +2719,22 @@ extern void uITRON4_free(void *p) ; #endif /* DH Extra is not supported on FIPS v1 or v2 (is missing DhKey .pub/.priv) */ -#if defined(WOLFSSL_DH_EXTRA) && defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || HAVE_FIPS_VERSION <= 2) +#if defined(WOLFSSL_DH_EXTRA) && defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) #undef WOLFSSL_DH_EXTRA #endif +/* wc_Sha512.devId isn't available before FIPS 5.1 */ +#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,1) + #define NO_SHA2_CRYPTO_CB +#endif + +/* Enable HAVE_ONE_TIME_AUTH by default for use with TLS cipher suites + * when poly1305 is enabled + */ +#if defined(HAVE_POLY1305) && !defined(HAVE_ONE_TIME_AUTH) + #define HAVE_ONE_TIME_AUTH +#endif + /* Check for insecure build combination: * secure renegotiation [enabled] * extended master secret [disabled] @@ -2494,12 +2750,137 @@ extern void uITRON4_free(void *p) ; #endif /* Note: "--enable-renegotiation-indication" ("HAVE_RENEGOTIATION_INDICATION") - * only sends the secure renegotiation extension, but is not actually supported. - * This was added because some TLS peers required it even if not used, so we call + * only sends the secure renegotiation extension, but is not actually supported. + * This was added because some TLS peers required it even if not used, so we call * this "(FAKE Secure Renegotiation)" */ #endif +/* if secure renegotiation is enabled, make sure server info is enabled */ +#if !defined(HAVE_RENEGOTIATION_INDICATION) && \ + !defined(HAVE_SERVER_RENEGOTIATION_INFO) && \ + defined(HAVE_SECURE_RENEGOTIATION) && \ + !defined(NO_WOLFSSL_SERVER) + #define HAVE_SERVER_RENEGOTIATION_INFO +#endif + +/* Crypto callbacks should enable hash flag support */ +#if defined(WOLF_CRYPTO_CB) && !defined(WOLFSSL_HASH_FLAGS) + /* FIPS v1 and v2 do not support hash flags, so do not allow it with + * crypto callbacks */ + #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) + #define WOLFSSL_HASH_FLAGS + #endif +#endif + +#ifdef WOLFSSL_HAVE_KYBER +#define HAVE_PQC +#endif + +/* Enable Post-Quantum Cryptography if we have liboqs from the OpenQuantumSafe + * group */ +#ifdef HAVE_LIBOQS +#define HAVE_PQC +#define HAVE_FALCON +#define HAVE_DILITHIUM +#define HAVE_SPHINCS +#define WOLFSSL_HAVE_KYBER +#define WOLFSSL_KYBER512 +#define WOLFSSL_KYBER768 +#define WOLFSSL_KYBER1024 +#endif + +#ifdef HAVE_PQM4 +#define HAVE_PQC +#define HAVE_KYBER +#define WOLFSSL_KYBER512 +#endif + +#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \ + !defined(WOLFSSL_HAVE_KYBER) +#error Please do not define HAVE_PQC yourself. +#endif + +#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_PQM4) +#error Please do not define both HAVE_LIBOQS and HAVE_PQM4. +#endif + +/* SRTP requires DTLS */ +#if defined(WOLFSSL_SRTP) && !defined(WOLFSSL_DTLS) + #error The SRTP extension requires DTLS +#endif + +/* Are we using an external private key store like: + * PKCS11 / HSM / crypto callback / PK callback */ +#if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \ + (defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \ + defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI)) + /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and + * wolfSSL_CTX_use_PrivateKey_Label */ + #define WOLF_PRIVATE_KEY_ID +#endif + +/* With titan cache size there is too many sessions to fit with the default + * multiplier of 8 */ +#if defined(TITAN_SESSION_CACHE) && !defined(NO_SESSION_CACHE_REF) + #define NO_SESSION_CACHE_REF +#endif + +/* (D)TLS v1.3 requires 64-bit number wrappers */ +#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) + #undef WOLFSSL_W64_WRAPPER + #define WOLFSSL_W64_WRAPPER +#endif + +/* DTLS v1.3 requires AES ECB if using AES */ +#if defined(WOLFSSL_DTLS13) && !defined(NO_AES) && \ + !defined(WOLFSSL_AES_DIRECT) +#define WOLFSSL_AES_DIRECT +#endif + +#if defined(WOLFSSL_DTLS13) && (!defined(WOLFSSL_DTLS) || \ + !defined(WOLFSSL_TLS13)) +#error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS" +#endif + +#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_DTLS13) +#error "ConnectionID is supported for DTLSv1.3 only" +#endif + +/* RSA Key Checking is disabled by default unless WOLFSSL_RSA_KEY_CHECK is + * defined or FIPS v2 3389, FIPS v5 or later. + * Not allowed for: + * RSA public only, CAVP selftest, fast RSA, user RSA, QAT or CryptoCell */ +#if (defined(WOLFSSL_RSA_KEY_CHECK) || (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0))) && \ + !defined(WOLFSSL_NO_RSA_KEY_CHECK) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \ + !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_CRYPTOCELL) && \ + !defined(HAVE_SELFTEST) + + #undef WOLFSSL_RSA_KEY_CHECK + #define WOLFSSL_RSA_KEY_CHECK +#endif + +/* SHAKE - Not allowed in FIPS */ +#if defined(WOLFSSL_SHA3) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + #ifndef WOLFSSL_NO_SHAKE128 + #undef WOLFSSL_SHAKE128 + #define WOLFSSL_SHAKE128 + #endif + #ifndef WOLFSSL_NO_SHAKE256 + #undef WOLFSSL_SHAKE256 + #define WOLFSSL_SHAKE256 + #endif +#else + #undef WOLFSSL_NO_SHAKE128 + #define WOLFSSL_NO_SHAKE128 + #undef WOLFSSL_NO_SHAKE256 + #define WOLFSSL_NO_SHAKE256 +#endif + + + /* --------------------------------------------------------------------------- * Depricated Algorithm Handling @@ -2513,6 +2894,33 @@ extern void uITRON4_free(void *p) ; #define NO_RC4 #endif +#if !defined(WOLFSSL_NO_ASYNC_IO) || defined(WOLFSSL_ASYNC_CRYPT) || \ + defined(WOLFSSL_NONBLOCK_OCSP) + /* Enable asynchronous support in TLS functions to support one or more of + * the following: + * - re-entry after a network blocking return + * - re-entry after OCSP blocking return + * - asynchronous cryptography */ + #undef WOLFSSL_ASYNC_IO + #define WOLFSSL_ASYNC_IO +#endif + +#ifdef WOLFSSL_SYS_CA_CERTS + #ifdef NO_FILESYSTEM + /* Turning off WOLFSSL_SYS_CA_CERTS b/c NO_FILESYSTEM is defined */ + #undef WOLFSSL_SYS_CA_CERTS + #endif + + #ifdef NO_CERTS + /* Turning off WOLFSSL_SYS_CA_CERTS b/c NO_CERTS is defined */ + #undef WOLFSSL_SYS_CA_CERTS + #endif + + #if defined(__APPLE__) && !defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) + /* Turning off WOLFSSL_SYS_CA_CERTS b/c no Security/SecTrustSettings.h header */ + #undef WOLFSSL_SYS_CA_CERTS + #endif +#endif /* WOLFSSL_SYS_CA_CERTS */ #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/sha.h b/source/libs/libwolfssl/wolfcrypt/sha.h index 0df25749..cc9583ff 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha.h +++ b/source/libs/libwolfssl/wolfcrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,7 +37,7 @@ #endif /* HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #define wc_Sha Sha #define WC_SHA SHA #define WC_SHA_BLOCK_SIZE SHA_BLOCK_SIZE @@ -53,7 +53,7 @@ #endif #ifdef WOLFSSL_IMXRT_DCP - #include "fsl_dcp.h" + #include "fsl_dcp.h" #endif #ifdef __cplusplus @@ -107,13 +107,25 @@ enum { #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) - #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" + #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" #else +#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + #include "wolfssl/wolfcrypt/port/nxp/se050_port.h" +#endif + +#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) +#include +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW +#endif + /* Sha digest */ struct wc_Sha { #ifdef FREESCALE_LTC_SHA ltc_hash_ctx_t ctx; +#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + SE050_HASH_Context se050Ctx; #elif defined(STM32_HASH) STM32_HASH_Context stmCtx; #elif defined(WOLFSSL_SILABS_SE_ACCEL) @@ -121,6 +133,8 @@ struct wc_Sha { #elif defined(WOLFSSL_IMXRT_DCP) dcp_handle_t handle; dcp_hash_ctx_t ctx; +#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) + psa_hash_operation_t psa_ctx; #else word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ @@ -142,12 +156,17 @@ struct wc_Sha { int devId; void* devCtx; /* generic crypto callback context */ #endif + #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) + byte* msg; + word32 used; + word32 len; + #endif #endif #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) WC_ESP32SHA ctx; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif }; @@ -162,24 +181,24 @@ struct wc_Sha { #endif /* HAVE_FIPS */ -WOLFSSL_API int wc_InitSha(wc_Sha*); +WOLFSSL_API int wc_InitSha(wc_Sha* sha); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); -WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); -WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); -WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); -WOLFSSL_API void wc_ShaFree(wc_Sha*); +WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha* sha, byte* hash); +WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, byte* hash); +WOLFSSL_API void wc_ShaFree(wc_Sha* sha); -WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*); -WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*); +WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, byte* hash); +WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst); #if defined(OPENSSL_EXTRA) -WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*); +WOLFSSL_API int wc_ShaTransform(wc_Sha* sha, const unsigned char* data); #endif #ifdef WOLFSSL_PIC32MZ_HASH WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_ShaSetFlags(wc_Sha* sha, word32 flags); WOLFSSL_API int wc_ShaGetFlags(wc_Sha* sha, word32* flags); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/sha256.h b/source/libs/libwolfssl/wolfcrypt/sha256.h index 080a6480..cbd15b6f 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha256.h +++ b/source/libs/libwolfssl/wolfcrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,7 +38,7 @@ #endif /* HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #define wc_Sha256 Sha256 #define WC_SHA256 SHA256 #define WC_SHA256_BLOCK_SIZE SHA256_BLOCK_SIZE @@ -62,7 +62,7 @@ #endif #ifdef WOLFSSL_IMXRT_DCP - #include "fsl_dcp.h" + #include "fsl_dcp.h" #endif #if defined(WOLFSSL_PSOC6_CRYPTO) @@ -101,6 +101,15 @@ #if defined(WOLFSSL_SILABS_SE_ACCEL) #include #endif +#if defined(WOLFSSL_KCAPI_HASH) + #include "wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h" +#endif + +#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) +#include +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW +#endif #if defined(_MSC_VER) #define SHA256_NOINLINE __declspec(noinline) @@ -138,13 +147,26 @@ enum { #include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h" #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) - #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" + #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" +#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \ + !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH) + #include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h" #else +#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + #include "wolfssl/wolfcrypt/port/nxp/se050_port.h" +#endif + +#ifdef WOLFSSL_MAXQ10XX_CRYPTO + #include +#endif + /* wc_Sha256 digest */ struct wc_Sha256 { #ifdef FREESCALE_LTC_SHA ltc_hash_ctx_t ctx; +#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + SE050_HASH_Context se050Ctx; #elif defined(STM32_HASH_SHA2) STM32_HASH_Context stmCtx; #elif defined(WOLFSSL_SILABS_SE_ACCEL) @@ -156,6 +178,8 @@ struct wc_Sha256 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha256_buffers_t sha_buffers; +#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) + psa_hash_operation_t psa_ctx; #else /* alignment on digest and buffer speeds up ARMv8 crypto operations */ ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; @@ -176,6 +200,8 @@ struct wc_Sha256 { #endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */ #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; +#endif +#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) byte* msg; word32 used; word32 len; @@ -184,14 +210,20 @@ struct wc_Sha256 { !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) WC_ESP32SHA ctx; #endif +#ifdef WOLFSSL_MAXQ10XX_CRYPTO + maxq_sha256_t maxq_ctx; +#endif #ifdef WOLFSSL_CRYPTOCELL CRYS_HASHUserContext_t ctx; #endif +#ifdef WOLFSSL_KCAPI_HASH + wolfssl_KCAPI_Hash kcapi; +#endif #ifdef WOLF_CRYPTO_CB int devId; void* devCtx; /* generic crypto callback context */ #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif }; @@ -205,23 +237,26 @@ struct wc_Sha256 { #endif /* HAVE_FIPS */ -WOLFSSL_API int wc_InitSha256(wc_Sha256*); -WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); -WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); -WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); -WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); -WOLFSSL_API void wc_Sha256Free(wc_Sha256*); +WOLFSSL_API int wc_InitSha256(wc_Sha256* sha); +WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId); +WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash); +WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, byte* hash); +WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256); #if defined(OPENSSL_EXTRA) -WOLFSSL_API int wc_Sha256Transform(wc_Sha256*, const byte*); +WOLFSSL_API int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data); #endif -WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*); +#if defined(WOLFSSL_HASH_KEEP) +WOLFSSL_API int wc_Sha256_Grow(wc_Sha256* sha256, const byte* in, int inSz); +#endif +WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash); WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst); #ifdef WOLFSSL_PIC32MZ_HASH -WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32); +WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256* sha256, word32 len); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags); WOLFSSL_API int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags); #endif @@ -257,16 +292,19 @@ enum { #endif #endif /* HAVE_FIPS */ -WOLFSSL_API int wc_InitSha224(wc_Sha224*); -WOLFSSL_API int wc_InitSha224_ex(wc_Sha224*, void*, int); -WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32); -WOLFSSL_API int wc_Sha224Final(wc_Sha224*, byte*); -WOLFSSL_API void wc_Sha224Free(wc_Sha224*); +WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224); +WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId); +WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len); +WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, byte* hash); +WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224); -WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*); +#if defined(WOLFSSL_HASH_KEEP) +WOLFSSL_API int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz); +#endif +WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash); WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags); WOLFSSL_API int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/sha3.h b/source/libs/libwolfssl/wolfcrypt/sha3.h index b75351fa..30b16366 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha3.h +++ b/source/libs/libwolfssl/wolfcrypt/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,6 +42,9 @@ /* in bytes */ enum { + /* SHAKE-128 */ + WC_SHA3_128_COUNT = 21, + WC_SHA3_224 = WC_HASH_TYPE_SHA3_224, WC_SHA3_224_DIGEST_SIZE = 28, WC_SHA3_224_COUNT = 18, @@ -58,10 +61,18 @@ enum { WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_COUNT = 9, + #ifdef WOLFSSL_SHAKE128 + WC_SHAKE128 = WC_HASH_TYPE_SHAKE128, + #endif + #ifdef WOLFSSL_SHAKE256 + WC_SHAKE256 = WC_HASH_TYPE_SHAKE256, + #endif + #if !defined(HAVE_SELFTEST) || \ defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2) /* These values are used for HMAC, not SHA-3 directly. * They come from from FIPS PUB 202. */ + WC_SHA3_128_BLOCK_SIZE = 168, WC_SHA3_224_BLOCK_SIZE = 144, WC_SHA3_256_BLOCK_SIZE = 136, WC_SHA3_384_BLOCK_SIZE = 104, @@ -79,6 +90,12 @@ enum { #define SHA3_512 WC_SHA3_512 #define SHA3_512_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE #define Sha3 wc_Sha3 + #ifdef WOLFSSL_SHAKE128 + #define SHAKE128 WC_SHAKE128 + #endif + #ifdef WOLFSSL_SHAKE256 + #define SHAKE256 WC_SHAKE256 + #endif #endif @@ -103,7 +120,7 @@ struct wc_Sha3 { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif }; @@ -115,48 +132,78 @@ struct wc_Sha3 { #endif +#if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) typedef wc_Sha3 wc_Shake; +#endif - -WOLFSSL_API int wc_InitSha3_224(wc_Sha3*, void*, int); -WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3*, const byte*, word32); -WOLFSSL_API int wc_Sha3_224_Final(wc_Sha3*, byte*); -WOLFSSL_API void wc_Sha3_224_Free(wc_Sha3*); -WOLFSSL_API int wc_Sha3_224_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId); +WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3* sha3, const byte* data, word32 len); +WOLFSSL_API int wc_Sha3_224_Final(wc_Sha3* sha3, byte* hash); +WOLFSSL_API void wc_Sha3_224_Free(wc_Sha3* sha3); +WOLFSSL_API int wc_Sha3_224_GetHash(wc_Sha3* sha3, byte* hash); WOLFSSL_API int wc_Sha3_224_Copy(wc_Sha3* src, wc_Sha3* dst); -WOLFSSL_API int wc_InitSha3_256(wc_Sha3*, void*, int); -WOLFSSL_API int wc_Sha3_256_Update(wc_Sha3*, const byte*, word32); -WOLFSSL_API int wc_Sha3_256_Final(wc_Sha3*, byte*); -WOLFSSL_API void wc_Sha3_256_Free(wc_Sha3*); -WOLFSSL_API int wc_Sha3_256_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_InitSha3_256(wc_Sha3* sha3, void* heap, int devId); +WOLFSSL_API int wc_Sha3_256_Update(wc_Sha3* sha3, const byte* data, word32 len); +WOLFSSL_API int wc_Sha3_256_Final(wc_Sha3* sha3, byte* hash); +WOLFSSL_API void wc_Sha3_256_Free(wc_Sha3* sha3); +WOLFSSL_API int wc_Sha3_256_GetHash(wc_Sha3* sha3, byte* hash); WOLFSSL_API int wc_Sha3_256_Copy(wc_Sha3* src, wc_Sha3* dst); -WOLFSSL_API int wc_InitSha3_384(wc_Sha3*, void*, int); -WOLFSSL_API int wc_Sha3_384_Update(wc_Sha3*, const byte*, word32); -WOLFSSL_API int wc_Sha3_384_Final(wc_Sha3*, byte*); -WOLFSSL_API void wc_Sha3_384_Free(wc_Sha3*); -WOLFSSL_API int wc_Sha3_384_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_InitSha3_384(wc_Sha3* sha3, void* heap, int devId); +WOLFSSL_API int wc_Sha3_384_Update(wc_Sha3* sha3, const byte* data, word32 len); +WOLFSSL_API int wc_Sha3_384_Final(wc_Sha3* sha3, byte* hash); +WOLFSSL_API void wc_Sha3_384_Free(wc_Sha3* sha3); +WOLFSSL_API int wc_Sha3_384_GetHash(wc_Sha3* sha3, byte* hash); WOLFSSL_API int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst); -WOLFSSL_API int wc_InitSha3_512(wc_Sha3*, void*, int); -WOLFSSL_API int wc_Sha3_512_Update(wc_Sha3*, const byte*, word32); -WOLFSSL_API int wc_Sha3_512_Final(wc_Sha3*, byte*); -WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3*); -WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_InitSha3_512(wc_Sha3* sha3, void* heap, int devId); +WOLFSSL_API int wc_Sha3_512_Update(wc_Sha3* sha3, const byte* data, word32 len); +WOLFSSL_API int wc_Sha3_512_Final(wc_Sha3* sha3, byte* hash); +WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3* sha3); +WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3* sha3, byte* hash); WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst); -WOLFSSL_API int wc_InitShake256(wc_Shake*, void*, int); -WOLFSSL_API int wc_Shake256_Update(wc_Shake*, const byte*, word32); -WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32); -WOLFSSL_API void wc_Shake256_Free(wc_Shake*); -WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); +#ifdef WOLFSSL_SHAKE128 +WOLFSSL_API int wc_InitShake128(wc_Shake* shake, void* heap, int devId); +WOLFSSL_API int wc_Shake128_Update(wc_Shake* shake, const byte* data, word32 len); +WOLFSSL_API int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen); +WOLFSSL_API int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, + word32 len); +WOLFSSL_API int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, + word32 blockCnt); +WOLFSSL_API void wc_Shake128_Free(wc_Shake* shake); +WOLFSSL_API int wc_Shake128_Copy(wc_Shake* src, wc_Sha3* dst); +#endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_SHAKE256 +WOLFSSL_API int wc_InitShake256(wc_Shake* shake, void* heap, int devId); +WOLFSSL_API int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len); +WOLFSSL_API int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen); +WOLFSSL_API int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, + word32 len); +WOLFSSL_API int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, + word32 blockCnt); +WOLFSSL_API void wc_Shake256_Free(wc_Shake* shake); +WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); +#endif + +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags); WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags); #endif +#ifdef USE_INTEL_SPEEDUP +WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n, + word64 c); +WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); +WOLFSSL_LOCAL void sha3_block_avx2(word64* s); +WOLFSSL_LOCAL void BlockSha3(word64 *s); +#endif +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_CRYPTO_SHA3) +WOLFSSL_LOCAL void BlockSha3(word64 *s); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/sha512.h b/source/libs/libwolfssl/wolfcrypt/sha512.h index 9547390a..74aeafc1 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha512.h +++ b/source/libs/libwolfssl/wolfcrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,13 +38,15 @@ #endif /* HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #ifdef WOLFSSL_SHA512 #define wc_Sha512 Sha512 #define WC_SHA512 SHA512 #define WC_SHA512_BLOCK_SIZE SHA512_BLOCK_SIZE #define WC_SHA512_DIGEST_SIZE SHA512_DIGEST_SIZE #define WC_SHA512_PAD_SIZE SHA512_PAD_SIZE + #define wc_Sha512_224 Sha512_224 + #define wc_Sha512_256 Sha512_256 #endif /* WOLFSSL_SHA512 */ #ifdef WOLFSSL_SHA384 #define wc_Sha384 Sha384 @@ -58,7 +60,7 @@ #if defined(WOLFSSL_SHA384) #define CYASSL_SHA384 #endif - /* for fips @wc_fips */ + /* for fips @wc_fips */ #include #endif @@ -85,6 +87,9 @@ #include "cy_crypto_common.h" #include "cy_crypto_core.h" #endif +#if defined(WOLFSSL_KCAPI_HASH) + #include +#endif #if defined(_MSC_VER) #define SHA512_NOINLINE __declspec(noinline) @@ -113,16 +118,33 @@ enum { #ifdef WOLFSSL_SHA512 WC_SHA512 = WC_HASH_TYPE_SHA512, + #ifndef WOLFSSL_NOSHA512_224 + WC_SHA512_224 = WC_HASH_TYPE_SHA512_224, + #endif + #ifndef WOLFSSL_NOSHA512_256 + WC_SHA512_256 = WC_HASH_TYPE_SHA512_256, + #endif #endif WC_SHA512_BLOCK_SIZE = 128, WC_SHA512_DIGEST_SIZE = 64, - WC_SHA512_PAD_SIZE = 112 + WC_SHA512_PAD_SIZE = 112, + + WC_SHA512_224_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, + WC_SHA512_224_DIGEST_SIZE = 28, + WC_SHA512_224_PAD_SIZE = WC_SHA512_PAD_SIZE, + + WC_SHA512_256_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, + WC_SHA512_256_DIGEST_SIZE = 32, + WC_SHA512_256_PAD_SIZE = WC_SHA512_PAD_SIZE, }; #if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM) #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" #else +#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + #include "wolfssl/wolfcrypt/port/nxp/se050_port.h" +#endif /* wc_Sha512 digest */ struct wc_Sha512 { #ifdef WOLFSSL_PSOC6_CRYPTO @@ -152,43 +174,56 @@ struct wc_Sha512 { #if defined(WOLFSSL_SILABS_SE_ACCEL) wc_silabs_sha_t silabsCtx; #endif +#ifdef WOLFSSL_KCAPI_HASH + wolfssl_KCAPI_Hash kcapi; +#endif +#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) + SE050_HASH_Context se050Ctx; +#endif +#if defined(WOLFSSL_HASH_KEEP) + byte* msg; + word32 used; + word32 len; +#endif #ifdef WOLF_CRYPTO_CB int devId; void* devCtx; /* generic crypto callback context */ #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif #endif /* WOLFSSL_PSOC6_CRYPTO */ }; + #ifndef WC_SHA512_TYPE_DEFINED typedef struct wc_Sha512 wc_Sha512; - #define WC_SHA512_TYPE_DEFINED -#endif + typedef struct wc_Sha512 wc_Sha512_224; + typedef struct wc_Sha512 wc_Sha512_256; + +#define WC_SHA512_TYPE_DEFINED #endif +#endif /* WOLFSSL_IMX6_CAAM && !WOLFSSL_QNX_CAAM */ #endif /* HAVE_FIPS */ -#ifdef WOLFSSL_ARMASM -WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, - word32 len); -#endif - #ifdef WOLFSSL_SHA512 -WOLFSSL_API int wc_InitSha512(wc_Sha512*); -WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); -WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); -WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*); -WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*); -WOLFSSL_API void wc_Sha512Free(wc_Sha512*); +WOLFSSL_API int wc_InitSha512(wc_Sha512* sha); +WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId); +WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len); +WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash); +WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, byte* hash); +WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha); -WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*); +WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash); WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#if defined(WOLFSSL_HASH_KEEP) + WOLFSSL_API int wc_Sha512_Grow(wc_Sha512* sha512, const byte* in, int inSz); +#endif +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags); WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags); #endif @@ -196,6 +231,49 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #if defined(OPENSSL_EXTRA) WOLFSSL_API int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data); #endif + +#if !defined(WOLFSSL_NOSHA512_224) +WOLFSSL_API int wc_InitSha512_224(wc_Sha512* sha); +WOLFSSL_API int wc_InitSha512_224_ex(wc_Sha512* sha, void* heap, int devId); +WOLFSSL_API int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len); +WOLFSSL_API int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash); +WOLFSSL_API int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash); +WOLFSSL_API void wc_Sha512_224Free(wc_Sha512* sha); +WOLFSSL_API int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash); +WOLFSSL_API int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst); +#ifdef WOLFSSL_HASH_FLAGS + WOLFSSL_API int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags); + WOLFSSL_API int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags); +#endif + +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wc_Sha512_224Transform(wc_Sha512* sha, + const unsigned char* data); +#endif +#endif /* !WOLFSSL_NOSHA512_224 */ + +#if !defined(WOLFSSL_NOSHA512_256) +WOLFSSL_API int wc_InitSha512_256(wc_Sha512* sha); +WOLFSSL_API int wc_InitSha512_256_ex(wc_Sha512* sha, void* heap, int devId); +WOLFSSL_API int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len); +WOLFSSL_API int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash); +WOLFSSL_API int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash); +WOLFSSL_API void wc_Sha512_256Free(wc_Sha512* sha); +WOLFSSL_API int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash); +WOLFSSL_API int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst); +#ifdef WOLFSSL_HASH_FLAGS + WOLFSSL_API int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags); + WOLFSSL_API int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags); +#endif + +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wc_Sha512_256Transform(wc_Sha512* sha, + const unsigned char* data); +#endif +#endif /* !WOLFSSL_NOSHA512_256 */ + + + #endif /* WOLFSSL_SHA512 */ #if defined(WOLFSSL_SHA384) @@ -230,17 +308,20 @@ enum { #endif #endif /* HAVE_FIPS */ -WOLFSSL_API int wc_InitSha384(wc_Sha384*); -WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int); -WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32); -WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*); -WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*); -WOLFSSL_API void wc_Sha384Free(wc_Sha384*); +WOLFSSL_API int wc_InitSha384(wc_Sha384* sha); +WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId); +WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len); +WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash); +WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, byte* hash); +WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha); -WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*); +WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash); WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#if defined(WOLFSSL_HASH_KEEP) + WOLFSSL_API int wc_Sha384_Grow(wc_Sha384* sha384, const byte* in, int inSz); +#endif +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags); WOLFSSL_API int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/signature.h b/source/libs/libwolfssl/wolfcrypt/signature.h index 39748070..7dd5c1ea 100644 --- a/source/libs/libwolfssl/wolfcrypt/signature.h +++ b/source/libs/libwolfssl/wolfcrypt/signature.h @@ -1,6 +1,6 @@ /* signature.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/sp.h b/source/libs/libwolfssl/wolfcrypt/sp.h index 052871c5..e59fcc83 100644 --- a/source/libs/libwolfssl/wolfcrypt/sp.h +++ b/source/libs/libwolfssl/wolfcrypt/sp.h @@ -1,6 +1,6 @@ /* sp.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,7 +49,7 @@ #define SP_NOINLINE __declspec(noinline) #elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) #define SP_NOINLINE _Pragma("inline = never") -#elif defined(__GNUC__) || defined(__KEIL__) +#elif defined(__GNUC__) || defined(__KEIL__) || defined(__DCC__) #define SP_NOINLINE __attribute__((noinline)) #else #define SP_NOINLINE @@ -222,92 +222,148 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym); #else -int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* rm, - int map, void* heap); -int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, +WOLFSSL_LOCAL int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, + ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); -int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* rm, int map, - void* heap); -int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, - int inMont, ecc_point* rm, int map, void* heap); - -int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); -int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, - word32* outlen, void* heap); -int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, - const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap); -int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, - int* res, void* heap); -int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY); -int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, - const mp_int* privm, void* heap); -int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, - mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ); -int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, - mp_int* rX, mp_int* rY, mp_int* rZ); -int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ); -int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym); - -int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* rm, +WOLFSSL_LOCAL int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* rm, int map, void* heap); -int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, +WOLFSSL_LOCAL int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); -int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* rm, int map, - void* heap); -int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, - int inMont, ecc_point* rm, int map, void* heap); -int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); -int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, - word32* outlen, void* heap); -int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, +WOLFSSL_LOCAL int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, + void* heap); +WOLFSSL_LOCAL int sp_ecc_secret_gen_256(const mp_int* priv, + const ecc_point* pub, byte* out, word32* outlen, void* heap); +WOLFSSL_LOCAL int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap); -int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, - int* res, void* heap); -int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY); -int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, +WOLFSSL_LOCAL int sp_ecc_verify_256(const byte* hash, word32 hashLen, + const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, + const mp_int* sm, int* res, void* heap); +WOLFSSL_LOCAL int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY); +WOLFSSL_LOCAL int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap); -int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, +WOLFSSL_LOCAL int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ); -int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, +WOLFSSL_LOCAL int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ); -int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ); -int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym); +WOLFSSL_LOCAL int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ); +WOLFSSL_LOCAL int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym); -int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* rm, +WOLFSSL_LOCAL int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, + ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, + const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* rm, int map, void* heap); -int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* rm, int map, - void* heap); -int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, - int inMont, ecc_point* rm, int map, void* heap); -int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, - void* heap); -int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, - ecc_point* r, int map, void* heap); -int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res); -int sp_Pairing_1024(const ecc_point* p, const ecc_point* q, mp_int* res); -int sp_Pairing_gen_precomp_1024(const ecc_point* p, byte* table, word32* len); -int sp_Pairing_precomp_1024(const ecc_point* p, const ecc_point* q, mp_int* res, - const byte* table, word32 len); -int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY); -int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, +WOLFSSL_LOCAL int sp_ecc_mulmod_base_add_384(const mp_int* km, + const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); + +WOLFSSL_LOCAL int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); +WOLFSSL_LOCAL int sp_ecc_secret_gen_384(const mp_int* priv, + const ecc_point* pub, byte* out, word32* outlen, void* heap); +WOLFSSL_LOCAL int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, + const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap); +WOLFSSL_LOCAL int sp_ecc_verify_384(const byte* hash, word32 hashLen, + const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, + const mp_int* sm, int* res, void* heap); +WOLFSSL_LOCAL int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY); +WOLFSSL_LOCAL int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, + const mp_int* privm, void* heap); +WOLFSSL_LOCAL int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ); +WOLFSSL_LOCAL int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* rX, mp_int* rY, mp_int* rZ); +WOLFSSL_LOCAL int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ); +WOLFSSL_LOCAL int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym); + +WOLFSSL_LOCAL int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, + ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, + const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* rm, + int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_base_add_521(const mp_int* km, + const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); + +WOLFSSL_LOCAL int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); +WOLFSSL_LOCAL int sp_ecc_secret_gen_521(const mp_int* priv, + const ecc_point* pub, byte* out, word32* outlen, void* heap); +WOLFSSL_LOCAL int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, + const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap); +WOLFSSL_LOCAL int sp_ecc_verify_521(const byte* hash, word32 hashLen, + const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, + const mp_int* sm, int* res, void* heap); +WOLFSSL_LOCAL int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY); +WOLFSSL_LOCAL int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, + const mp_int* privm, void* heap); +WOLFSSL_LOCAL int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ); +WOLFSSL_LOCAL int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* rX, mp_int* rY, mp_int* rZ); +WOLFSSL_LOCAL int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ); +WOLFSSL_LOCAL int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym); + +WOLFSSL_LOCAL int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, + ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* rm, + int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_base_add_1024(const mp_int* km, + const ecc_point* am, int inMont, ecc_point* rm, int map, void* heap); +WOLFSSL_LOCAL int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, + word32* len, void* heap); +WOLFSSL_LOCAL int sp_ecc_mulmod_table_1024(const mp_int* km, + const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap); +WOLFSSL_LOCAL int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, + mp_int* res); +WOLFSSL_LOCAL int sp_Pairing_1024(const ecc_point* p, const ecc_point* q, + mp_int* res); +WOLFSSL_LOCAL int sp_Pairing_gen_precomp_1024(const ecc_point* p, byte* table, + word32* len); +WOLFSSL_LOCAL int sp_Pairing_precomp_1024(const ecc_point* p, + const ecc_point* q, mp_int* res, const byte* table, word32 len); +WOLFSSL_LOCAL int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY); +WOLFSSL_LOCAL int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap); #endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM[32|64]_ASM */ #ifdef WOLFSSL_SP_NONBLOCK -int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, - WC_RNG* rng, mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap); -int sp_ecc_verify_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, - const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, - const mp_int* sm, int* res, void* heap); -int sp_ecc_sign_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, - WC_RNG* rng, mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap); -int sp_ecc_verify_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, - const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, - const mp_int* sm, int* res, void* heap); +WOLFSSL_LOCAL int sp_ecc_make_key_256_nb(sp_ecc_ctx_t* sp_ctx, WC_RNG* rng, + mp_int* priv, ecc_point* pub, void* heap); +WOLFSSL_LOCAL int sp_ecc_secret_gen_256_nb(sp_ecc_ctx_t* sp_ctx, + const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, + void* heap); +WOLFSSL_LOCAL int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, + word32 hashLen, WC_RNG* rng, mp_int* priv, mp_int* rm, mp_int* sm, + mp_int* km, void* heap); +WOLFSSL_LOCAL int sp_ecc_verify_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, + word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, + const mp_int* r, const mp_int* sm, int* res, void* heap); + +WOLFSSL_LOCAL int sp_ecc_make_key_384_nb(sp_ecc_ctx_t* sp_ctx, WC_RNG* rng, + mp_int* priv, ecc_point* pub, void* heap); +WOLFSSL_LOCAL int sp_ecc_secret_gen_384_nb(sp_ecc_ctx_t* sp_ctx, + const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, + void* heap); +WOLFSSL_LOCAL int sp_ecc_sign_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, + word32 hashLen, WC_RNG* rng, mp_int* priv, mp_int* rm, mp_int* sm, + mp_int* km, void* heap); +WOLFSSL_LOCAL int sp_ecc_verify_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, + word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, + const mp_int* r, const mp_int* sm, int* res, void* heap); + +WOLFSSL_LOCAL int sp_ecc_make_key_521_nb(sp_ecc_ctx_t* sp_ctx, WC_RNG* rng, + mp_int* priv, ecc_point* pub, void* heap); +WOLFSSL_LOCAL int sp_ecc_secret_gen_521_nb(sp_ecc_ctx_t* sp_ctx, + const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, + void* heap); +WOLFSSL_LOCAL int sp_ecc_sign_521_nb(sp_ecc_ctx_t* ctx, const byte* hash, + word32 hashLen, WC_RNG* rng, mp_int* priv, mp_int* rm, mp_int* sm, + mp_int* km, void* heap); +WOLFSSL_LOCAL int sp_ecc_verify_521_nb(sp_ecc_ctx_t* ctx, const byte* hash, + word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, + const mp_int* r, const mp_int* sm, int* res, void* heap); #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* WOLFSSL_HAVE_SP_ECC */ diff --git a/source/libs/libwolfssl/wolfcrypt/sp_int.h b/source/libs/libwolfssl/wolfcrypt/sp_int.h index 92672621..bc688ab1 100644 --- a/source/libs/libwolfssl/wolfcrypt/sp_int.h +++ b/source/libs/libwolfssl/wolfcrypt/sp_int.h @@ -1,6 +1,6 @@ /* sp_int.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,12 +30,18 @@ This library provides single precision (SP) integer math functions. #ifndef WOLFSSL_LINUXKM #include #endif -#include +#include +#include #ifdef __cplusplus extern "C" { #endif +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(WOLFSSL_SP_INT_NEGATIVE) + #define WOLFSSL_SP_INT_NEGATIVE +#endif + /* Find smallest type for smallest bits. */ #if UCHAR_MAX == 255 #define SP_UCHAR_BITS 8 @@ -90,7 +96,9 @@ extern "C" { #error "Size of unsigned int not detected" #endif -#if ULONG_MAX == 18446744073709551615UL +#if !defined(NO_64BIT) && ULONG_MAX == 18446744073709551615ULL && \ + 4294967295UL != 18446744073709551615ULL /* verify pre-processor supports + * 64-bit ULL types */ #define SP_ULONG_BITS 64 typedef unsigned long sp_uint64; @@ -138,6 +146,11 @@ extern "C" { #else #error "Size of unsigned long long not detected" #endif +#elif (SP_ULONG_BITS == 32) && !defined(NO_64BIT) + /* Speculatively use long long as the 64-bit type as we don't have one + * otherwise. */ + typedef unsigned long long sp_uint64; + typedef long long sp_int64; #else #define SP_ULLONG_BITS 0 #endif @@ -205,7 +218,9 @@ extern "C" { * with compiler. */ #ifndef SP_WORD_SIZE - #if defined(NO_64BIT) || !defined(HAVE___UINT128_T) + #ifdef NO_64BIT + #define SP_WORD_SIZE 16 + #elif !defined(HAVE___UINT128_T) #define SP_WORD_SIZE 32 #else #define SP_WORD_SIZE 64 @@ -237,30 +252,31 @@ extern "C" { #endif #if SP_WORD_SIZE == 8 - typedef sp_uint8 sp_int_digit; - typedef sp_int8 sp_sint_digit; - typedef sp_uint16 sp_int_word; - typedef sp_int16 sp_int_sword; + typedef sp_uint8 sp_int_digit; + typedef sp_int8 sp_int_sdigit; + typedef sp_uint16 sp_int_word; + typedef sp_int16 sp_int_sword; #define SP_MASK 0xffU #elif SP_WORD_SIZE == 16 - typedef sp_uint16 sp_int_digit; - typedef sp_int16 sp_sint_digit; - typedef sp_uint32 sp_int_word; - typedef sp_int32 sp_int_sword; + typedef sp_uint16 sp_int_digit; + typedef sp_int16 sp_int_sdigit; + typedef sp_uint32 sp_int_word; + typedef sp_int32 sp_int_sword; #define SP_MASK 0xffffU #elif SP_WORD_SIZE == 32 - typedef sp_uint32 sp_int_digit; - typedef sp_int32 sp_sint_digit; - typedef sp_uint64 sp_int_word; - typedef sp_int64 sp_int_sword; + typedef sp_uint32 sp_int_digit; + typedef sp_int32 sp_int_sdigit; + typedef sp_uint64 sp_int_word; + typedef sp_int64 sp_int_sword; #define SP_MASK 0xffffffffU #elif SP_WORD_SIZE == 64 - typedef sp_uint64 sp_int_digit; - typedef sp_int64 sp_sint_digit; -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + typedef sp_uint64 sp_int_digit; + typedef sp_int64 sp_int_sdigit; +#if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + !defined(_WIN64) && defined(WOLFSSL_UINT128_T_DEFINED) typedef sp_uint128 sp_int_word; typedef sp_int128 sp_int_sword; #endif @@ -337,7 +353,9 @@ extern "C" { #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK) /* Non-blocking ECC operation context. */ typedef struct sp_ecc_ctx { - #ifdef WOLFSSL_SP_384 + #ifdef WOLFSSL_SP_521 + byte data[66*80]; /* stack data */ + #elif defined(WOLFSSL_SP_384) byte data[48*80]; /* stack data */ #else byte data[32*80]; /* stack data */ @@ -348,67 +366,76 @@ typedef struct sp_ecc_ctx { #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) #include -#ifdef SP_INT_BITS - /* Calculate number of digits to have in an sp_int based maximum size of - * numbers in bits that will be used. - * Double the size to hold multiplication result. - * Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). - */ - #define SP_INT_DIGITS \ - ((((SP_INT_BITS + (SP_WORD_SIZE - 1)) * 2 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) +#ifndef SP_INT_BITS + #ifdef SP_INT_DIGITS + #define SP_INT_BITS (((SP_INT_DIGITS - 1) * SP_WORD_SIZE) / 2) + #else + /* Calculate number of bits to have in an sp_int based on features + * compiled in. + */ + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* MySQL wants to be able to use 8192-bit numbers. */ + #define SP_INT_BITS 8192 + #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) && \ + !defined(WOLFSSL_HAVE_SP_ECC) + /* Not using SP - must be SP math all. */ + #if !defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA) + /* Support max size FFHDE parameters compiled in. */ + #if !defined(NO_DH) && defined(HAVE_FFDHE_8192) + #define SP_INT_BITS 8192 + #elif !defined(NO_DH) && defined(HAVE_FFDHE_6144) + #define SP_INT_BITS 6144 + #elif !defined(NO_DH) && defined(HAVE_FFDHE_4096) + #define SP_INT_BITS 4096 + #else + /* Default to max 3072 for general RSA and DH. */ + #define SP_INT_BITS 3072 + #endif + #elif defined(WOLFCRYPT_HAVE_SAKKE) + #define SP_INT_BITS 1024 + #elif defined(HAVE_ECC) + /* P521 is the largest supported ECC algorithm curve. */ + #define SP_INT_BITS 521 + #elif !defined(NO_PWDBASED) && defined(HAVE_PKCS12) + /* wc_PKCS12_PBKDF_ex() */ + #define SP_INT_BITS (64 * 8) + #else + #define SP_INT_BITS 128 + #endif + #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) + /* Not use SP_RSA or DH but are using SP ECC. */ + #if defined(WOLFCRYPT_HAVE_SAKKE) + #define SP_INT_BITS 1024 + #elif defined(WOLFSSL_SP_521) || defined(WOLFSSL_SP_MATH_ALL) + /* P521 is the largest supported ECC algorithm curve. */ + #define SP_INT_BITS 521 + #elif defined(WOLFSSL_SP_384) + /* No generic support - largest curve P384. */ + #define SP_INT_BITS 384 + #else + /* No generic support - largest curve P256. */ + #define SP_INT_BITS 256 + #endif + /* SP RSA and DH supported so base on max size of RSA/DH in SP. */ + #elif defined(WOLFSSL_SP_4096) + #define SP_INT_BITS 4096 + #elif !defined(WOLFSSL_SP_NO_3072) || defined(WOLFSSL_SP_MATH_ALL) + #define SP_INT_BITS 3072 + #else + #define SP_INT_BITS 2048 + #endif + #endif #endif #ifndef SP_INT_DIGITS - /* Calculate number of digits to have in an sp_int based on features - * compiled in. + /* Calculate number of digits to have in an sp_int based on maximum size of + * numbers in bits that will be used. + * Double the size to hold multiplication result. + * Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), + * sp_sqr(), sp_sqrmod() and sp_mont_red(). */ - #if !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) && \ - !defined(WOLFSSL_HAVE_SP_ECC) - #if !defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA) - #define SP_INT_DIGITS (((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(WOLFCRYPT_HAVE_SAKKE) - #define SP_INT_DIGITS \ - (((2 * (1024 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(HAVE_ECC) - #define SP_INT_DIGITS \ - (((2 * ( 521 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) - #define SP_INT_DIGITS ((( 512 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS ((( 256 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) - #if defined(WOLFCRYPT_HAVE_SAKKE) - #define SP_INT_DIGITS \ - (((2 * (1024 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(WOLFSSL_SP_MATH_ALL) - #define SP_INT_DIGITS \ - (((2 * ( 521 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(WOLFSSL_SP_384) - #define SP_INT_DIGITS ((( 768 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS ((( 512 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif defined(WOLFSSL_SP_4096) - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS (((8192 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS (((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif !defined(WOLFSSL_SP_NO_3072) - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS (((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS (((3072 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #else - #if defined(WOLFSSL_HAVE_SP_DH) || \ - (defined(WOLFSSL_HAVE_SP_RSA) && defined(WOLFSSL_KEY_GEN)) - #define SP_INT_DIGITS (((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS (((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #endif + #define SP_INT_DIGITS \ + (((SP_INT_BITS + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1) #endif #ifndef SP_INT_MAX_BITS @@ -426,7 +453,7 @@ typedef struct sp_ecc_ctx { #define SP_INT_WORD_MAX ((1 << (SP_WORD_SIZE * 2)) - 1) #if SP_MUL_SQR_MAX_PARTIAL > SP_INT_WORD_MAX - /* The sum of the partials in the multiplicaiton/square can exceed the + /* The sum of the partials in the multiplication/square can exceed the * size of a word. This will overflow the word and loose data. * Use an implementation that handles carry after every add and uses an * extra temporary word for overflowing high word. @@ -634,16 +661,16 @@ typedef struct sp_ecc_ctx { #define sp_clamp(a) \ do { \ int ii; \ - for (ii = a->used - 1; ii >= 0 && a->dp[ii] == 0; ii--) { \ + for (ii = (a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ } \ - a->used = ii + 1; \ + (a)->used = ii + 1; \ } while (0) /* Check the compiled and linked math implementation are the same. * Use the number of bits in a digit as indication of how code was compiled. * * @return 1 when the number of bits are the same. - * @return 0 when the number of bits are differnt. + * @return 0 when the number of bits are different. */ #define CheckFastMathSettings() (SP_WORD_SIZE == CheckRunTimeFastMath()) @@ -659,12 +686,12 @@ typedef struct sp_ecc_ctx { (sp_int*)(((byte*)(t)) + MP_INT_SIZEOF(cnt)) /** - * A reuslt of NO. + * A result of NO. * e.g. Is prime? NO. */ #define MP_NO 0 /** - * A reuslt of YES. + * A result of YES. * e.g. Is prime? YES. */ #define MP_YES 1 @@ -686,24 +713,29 @@ typedef struct sp_ecc_ctx { /** Result of comparison is they are equal. */ #define MP_EQ 0 /** Result of comparison is that the first number is less than second. */ -#define MP_LT -1 +#define MP_LT (-1) /* ERROR VALUES */ /** Error value on success. */ #define MP_OKAY 0 /** Error value when dynamic memory allocation fails. */ -#define MP_MEM -2 +#define MP_MEM (-2) /** Error value when value passed is not able to be used. */ -#define MP_VAL -3 +#define MP_VAL (-3) /** Error value when non-blocking operation is returning after partial * completion. */ -#define FP_WOULDBLOCK -4 +#define FP_WOULDBLOCK (-4) /* Unused error. Defined for backward compatability. */ -#define MP_NOT_INF -5 +#define MP_NOT_INF (-5) /* Unused error. Defined for backward compatability. */ #define MP_RANGE MP_NOT_INF +#ifdef USE_FAST_MATH +/* For old FIPS, need FP_MEM defined for old implementation. */ +#define FP_MEM (-2) +#endif + /* Number of bits in each word/digit. */ #define DIGIT_BIT SP_WORD_SIZE /* Mask of all used bits in word/digit. */ @@ -751,9 +783,22 @@ typedef struct sp_int { sp_int_digit dp[SP_INT_DIGITS]; } sp_int; -/* Mulit-precision integer type is SP integer type. */ +typedef struct sp_int_minimal { + int used; + int size; +#ifdef WOLFSSL_SP_INT_NEGATIVE + int sign; +#endif +#ifdef HAVE_WOLF_BIGINT + struct WC_BIGINT raw; +#endif + /** First digit of number. */ + sp_int_digit dp[1]; +} sp_int_minimal; + +/* Multi-precision integer type is SP integer type. */ typedef sp_int mp_int; -/* Mulit-precision integer digit type is SP integer digit type. +/* Multi-precision integer digit type is SP integer digit type. * Type is unsigned. */ typedef sp_int_digit mp_digit; @@ -776,135 +821,158 @@ MP_API int sp_grow(sp_int* a, int l); MP_API void sp_zero(sp_int* a); MP_API void sp_clear(sp_int* a); MP_API void sp_forcezero(sp_int* a); -MP_API int sp_init_copy (sp_int* r, sp_int* a); +MP_API int sp_init_copy (sp_int* r, const sp_int* a); MP_API int sp_copy(const sp_int* a, sp_int* r); MP_API int sp_exch(sp_int* a, sp_int* b); -MP_API int sp_cond_swap_ct(mp_int * a, mp_int * b, int c, int m); +MP_API int sp_cond_swap_ct(sp_int* a, sp_int* b, int cnt, int swap); #ifdef WOLFSSL_SP_INT_NEGATIVE -MP_API int sp_abs(sp_int* a, sp_int* b); +MP_API int sp_abs(const sp_int* a, sp_int* r); #endif #ifdef WOLFSSL_SP_MATH_ALL -MP_API int sp_cmp_mag(sp_int* a, sp_int* b); +MP_API int sp_cmp_mag(const sp_int* a, const sp_int* b); #endif -MP_API int sp_cmp(sp_int* a, sp_int* b); +MP_API int sp_cmp(const sp_int* a, const sp_int* b); -MP_API int sp_is_bit_set(sp_int* a, unsigned int b); +MP_API int sp_is_bit_set(const sp_int* a, unsigned int b); MP_API int sp_count_bits(const sp_int* a); #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY) -MP_API int sp_cnt_lsb(sp_int* a); +MP_API int sp_cnt_lsb(const sp_int* a); #endif -MP_API int sp_leading_bit(sp_int* a); +MP_API int sp_leading_bit(const sp_int* a); MP_API int sp_set_bit(sp_int* a, int i); MP_API int sp_2expt(sp_int* a, int e); MP_API int sp_set(sp_int* a, sp_int_digit d); MP_API int sp_set_int(sp_int* a, unsigned long n); -MP_API int sp_cmp_d(sp_int* a, sp_int_digit d); -MP_API int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r); -MP_API int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r); -MP_API int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_cmp_d(const sp_int* a, sp_int_digit d); +MP_API int sp_add_d(const sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r); #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) -MP_API int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem); + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WC_MP_TO_RADIX) +MP_API int sp_div_d(const sp_int* a, sp_int_digit d, sp_int* r, + sp_int_digit* rem); #endif #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && \ - defined(HAVE_COMP_KEY)) -MP_API int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r); + defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) +MP_API int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r); #endif #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -MP_API int sp_div_2_mod_ct (sp_int* a, sp_int* b, sp_int* c); -MP_API int sp_div_2(sp_int* a, sp_int* r); +MP_API int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r); +MP_API int sp_div_2(const sp_int* a, sp_int* r); #endif -MP_API int sp_add(sp_int* a, sp_int* b, sp_int* r); -MP_API int sp_sub(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_add(const sp_int* a, const sp_int* b, sp_int* r); +MP_API int sp_sub(const sp_int* a, const sp_int* b, sp_int* r); #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ (!defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_CUSTOM_CURVES)) || \ defined(WOLFCRYPT_HAVE_ECCSI) || defined(WOLFCRYPT_HAVE_SAKKE) -MP_API int sp_addmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); +MP_API int sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m, + sp_int* r); #endif -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) -MP_API int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); +#if defined(WOLFSSL_SP_MATH_ALL) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \ + defined(HAVE_ECC)) +MP_API int sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, + sp_int* r); #endif #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -MP_API int sp_submod_ct (sp_int* a, sp_int* b, sp_int* c, sp_int* d); -MP_API int sp_addmod_ct (sp_int* a, sp_int* b, sp_int* c, sp_int* d); +MP_API int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, + sp_int* r); +MP_API int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, + sp_int* r); #endif MP_API int sp_lshd(sp_int* a, int s); +#ifdef WOLFSSL_SP_MATH_ALL MP_API void sp_rshd(sp_int* a, int c); -MP_API void sp_rshb(sp_int* a, int n, sp_int* r); - -#ifdef WOLFSSL_SP_MATH_ALL -MP_API int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem); #endif -MP_API int sp_mod(sp_int* a, sp_int* m, sp_int* r); +MP_API int sp_rshb(const sp_int* a, int n, sp_int* r); -MP_API int sp_mul(sp_int* a, sp_int* b, sp_int* r); -MP_API int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +MP_API int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem); +#endif +MP_API int sp_mod(const sp_int* a, const sp_int* m, sp_int* r); -MP_API int sp_invmod(sp_int* a, sp_int* m, sp_int* r); +MP_API int sp_mul(const sp_int* a, const sp_int* b, sp_int* r); +MP_API int sp_mulmod(const sp_int* a, const sp_int* b, const sp_int* m, + sp_int* r); + +MP_API int sp_invmod(const sp_int* a, const sp_int* m, sp_int* r); #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -MP_API int sp_invmod_mont_ct(sp_int* a, sp_int* m, sp_int* r, sp_int_digit mp); +MP_API int sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, + sp_int_digit mp); #endif -MP_API int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, - sp_int* r); -MP_API int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r); +MP_API int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, + const sp_int* m, sp_int* r); +MP_API int sp_exptmod(const sp_int* b, const sp_int* e, const sp_int* m, + sp_int* r); #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) -MP_API int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r); +MP_API int sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, + sp_int* r); #endif -#ifdef WOLFSSL_SP_MATH_ALL -MP_API int sp_div_2d(sp_int* a, int e, sp_int* r, sp_int* rem); -MP_API int sp_mod_2d(sp_int* a, int e, sp_int* r); -MP_API int sp_mul_2d(sp_int* a, int e, sp_int* r); +#if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_ALL) +MP_API int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem); +MP_API int sp_mod_2d(const sp_int* a, int e, sp_int* r); +MP_API int sp_mul_2d(const sp_int* a, int e, sp_int* r); #endif -MP_API int sp_sqr(sp_int* a, sp_int* r); -MP_API int sp_sqrmod(sp_int* a, sp_int* m, sp_int* r); +MP_API int sp_sqr(const sp_int* a, sp_int* r); +MP_API int sp_sqrmod(const sp_int* a, const sp_int* m, sp_int* r); -MP_API int sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp); -MP_API int sp_mont_setup(sp_int* m, sp_int_digit* rho); -MP_API int sp_mont_norm(sp_int* norm, sp_int* m); +MP_API int sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp); +MP_API int sp_mont_setup(const sp_int* m, sp_int_digit* rho); +MP_API int sp_mont_norm(sp_int* norm, const sp_int* m); MP_API int sp_unsigned_bin_size(const sp_int* a); MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz); -MP_API int sp_to_unsigned_bin(sp_int* a, byte* out); -MP_API int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz); +MP_API int sp_to_unsigned_bin(const sp_int* a, byte* out); +MP_API int sp_to_unsigned_bin_len(const sp_int* a, byte* out, int outSz); #ifdef WOLFSSL_SP_MATH_ALL -MP_API int sp_to_unsigned_bin_at_pos(int o, sp_int* a, unsigned char* out); +MP_API int sp_to_unsigned_bin_at_pos(int o, const sp_int* a, + unsigned char* out); #endif MP_API int sp_read_radix(sp_int* a, const char* in, int radix); -MP_API int sp_tohex(sp_int* a, char* str); -MP_API int sp_todecimal(mp_int* a, char* str); +MP_API int sp_tohex(const sp_int* a, char* str); +MP_API int sp_todecimal(const sp_int* a, char* str); #if defined(WOLFSSL_SP_MATH_ALL) || defined(WC_MP_TO_RADIX) -MP_API int sp_toradix(mp_int* a, char* str, int radix); -MP_API int sp_radix_size(mp_int* a, int radix, int* size); +MP_API int sp_toradix(const sp_int* a, char* str, int radix); +MP_API int sp_radix_size(const sp_int* a, int radix, int* size); #endif MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); -MP_API int sp_prime_is_prime(mp_int* a, int t, int* result); -MP_API int sp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); +MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result); +MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result, + WC_RNG* rng); #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) -MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r); #endif -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) -MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r); +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + (!defined(WC_RSA_BLINDING) || defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) +MP_API int sp_lcm(const sp_int* a, const sp_int* b, sp_int* r); #endif WOLFSSL_API word32 CheckRunTimeFastMath(void); +#ifdef WOLFSSL_CHECK_MEM_ZERO +WOLFSSL_LOCAL void sp_memzero_add(const char* name, sp_int* sp); +WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp); +#endif + /* Map mp functions to SP math versions. */ /* Different name or signature. */ #define mp_mul_2(a, r) sp_mul_2d(a, 1, r) #define mp_div_3(a, r, rem) sp_div_d(a, 3, r, rem) #define mp_rshb(A,x) sp_rshb(A,x,A) -#define mp_is_bit_set(a,b) sp_is_bit_set(a,(unsigned int)b) +#define mp_is_bit_set(a,b) sp_is_bit_set(a,(unsigned int)(b)) #define mp_montgomery_reduce sp_mont_red #define mp_montgomery_setup sp_mont_setup #define mp_montgomery_calc_normalization sp_mont_norm @@ -989,6 +1057,9 @@ WOLFSSL_API word32 CheckRunTimeFastMath(void); #define mp_gcd sp_gcd #define mp_lcm sp_lcm +#define mp_memzero_add sp_memzero_add +#define mp_memzero_check sp_memzero_check + #ifdef WOLFSSL_DEBUG_MATH #define mp_dump(d, a, v) sp_print(a, d) #endif diff --git a/source/libs/libwolfssl/wolfcrypt/srp.h b/source/libs/libwolfssl/wolfcrypt/srp.h index d5b9d181..c60b3a55 100644 --- a/source/libs/libwolfssl/wolfcrypt/srp.h +++ b/source/libs/libwolfssl/wolfcrypt/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -137,6 +137,8 @@ typedef struct Srp { * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h */ WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side); +WOLFSSL_API int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side, + void* heap, int devId); /** * Releases the Srp struct resources after usage. diff --git a/source/libs/libwolfssl/wolfcrypt/tfm.h b/source/libs/libwolfssl/wolfcrypt/tfm.h index 1f080762..a53d5f71 100644 --- a/source/libs/libwolfssl/wolfcrypt/tfm.h +++ b/source/libs/libwolfssl/wolfcrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -221,22 +221,27 @@ typedef unsigned int fp_digit; #define SIZEOF_FP_DIGIT 2 typedef unsigned long fp_word; + typedef signed long fp_sword; #elif defined(FP_64BIT) /* for GCC only on supported platforms */ typedef unsigned long long fp_digit; /* 64bit, 128 uses mode(TI) below */ #define SIZEOF_FP_DIGIT 8 - typedef unsigned long fp_word __attribute__ ((mode(TI))); + typedef unsigned long fp_word __attribute__ ((mode(TI))); + typedef signed long fp_sword __attribute__ ((mode(TI))); #else #ifndef NO_TFM_64BIT #if defined(_MSC_VER) || defined(__BORLANDC__) typedef unsigned __int64 ulong64; + typedef signed __int64 long64; #else typedef unsigned long long ulong64; + typedef signed long long long64; #endif typedef unsigned int fp_digit; #define SIZEOF_FP_DIGIT 4 typedef ulong64 fp_word; + typedef long64 fp_sword; #define FP_32BIT #else /* some procs like coldfire prefer not to place multiply into 64bit type @@ -244,6 +249,7 @@ typedef unsigned short fp_digit; #define SIZEOF_FP_DIGIT 2 typedef unsigned int fp_word; + typedef signed int fp_sword; #endif #endif @@ -271,6 +277,9 @@ #define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT)) /* will this lib work? */ +#if CHAR_BIT == 0 + #error CHAR_BIT must be nonzero +#endif #if (CHAR_BIT & 7) #error CHAR_BIT must be a multiple of eight. #endif @@ -294,13 +303,13 @@ /* return codes */ #define FP_OKAY 0 -#define FP_VAL -1 -#define FP_MEM -2 -#define FP_NOT_INF -3 -#define FP_WOULDBLOCK -4 +#define FP_VAL (-1) +#define FP_MEM (-2) +#define FP_NOT_INF (-3) +#define FP_WOULDBLOCK (-4) /* equalities */ -#define FP_LT -1 /* less than */ +#define FP_LT (-1) /* less than */ #define FP_EQ 0 /* equal to */ #define FP_GT 1 /* greater than */ @@ -420,7 +429,8 @@ typedef fp_int mp_int; /* initialize [or zero] an fp int */ void fp_init(fp_int *a); MP_API void fp_zero(fp_int *a); -MP_API void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */ +MP_API void fp_clear(fp_int *a); +/* uses ForceZero to clear sensitive memory */ MP_API void fp_forcezero (fp_int * a); MP_API void fp_free(fp_int* a); @@ -435,8 +445,8 @@ MP_API void fp_free(fp_int* a); (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO) #define fp_isneg(a) (((a)->sign != FP_ZPOS) ? FP_YES : FP_NO) #define fp_isword(a, w) \ - (((((a)->used == 1) && ((a)->dp[0] == w)) || \ - ((w == 0) && ((a)->used == 0))) ? FP_YES : FP_NO) + (((((a)->used == 1) && ((a)->dp[0] == (w))) || \ + (((w) == 0) && ((a)->used == 0))) ? FP_YES : FP_NO) /* set to a small digit */ void fp_set(fp_int *a, fp_digit b); @@ -464,7 +474,7 @@ void fp_init_copy(fp_int *a, fp_int *b); void fp_rshd(fp_int *a, int x); /* right shift x bits */ -void fp_rshb(fp_int *a, int x); +void fp_rshb(fp_int *c, int x); /* left shift x digits */ int fp_lshd(fp_int *a, int x); @@ -480,8 +490,8 @@ void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d); void fp_mod_2d(fp_int *a, int b, fp_int *c); int fp_mul_2d(fp_int *a, int b, fp_int *c); void fp_2expt (fp_int *a, int b); -int fp_mul_2(fp_int *a, fp_int *c); -void fp_div_2(fp_int *a, fp_int *c); +int fp_mul_2(fp_int *a, fp_int *b); +void fp_div_2(fp_int *a, fp_int *b); /* c = a / 2 (mod b) - constant time (a < b and positive) */ int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c); @@ -561,7 +571,7 @@ int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp); /*int fp_lcm(fp_int *a, fp_int *b, fp_int *c);*/ /* setups the montgomery reduction */ -int fp_montgomery_setup(fp_int *a, fp_digit *mp); +int fp_montgomery_setup(fp_int *a, fp_digit *rho); /* computes a = B**n mod b without division or multiplication useful for * normalizing numbers in a Montgomery system. @@ -573,9 +583,9 @@ int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); int fp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct); /* d = a**b (mod c) */ -int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); -int fp_exptmod_ex(fp_int *a, fp_int *b, int minDigits, fp_int *c, fp_int *d); -int fp_exptmod_nct(fp_int *a, fp_int *b, fp_int *c, fp_int *d); +int fp_exptmod(fp_int *G, fp_int *X, fp_int *P, fp_int *Y); +int fp_exptmod_ex(fp_int *G, fp_int *X, int minDigits, fp_int *P, fp_int *Y); +int fp_exptmod_nct(fp_int *G, fp_int *X, fp_int *P, fp_int *Y); #ifdef WC_RSA_NONBLOCK @@ -668,7 +678,6 @@ int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b); /* VARIOUS LOW LEVEL STUFFS */ int s_fp_add(fp_int *a, fp_int *b, fp_int *c); void s_fp_sub(fp_int *a, fp_int *b, fp_int *c); -void fp_reverse(unsigned char *s, int len); int fp_mul_comba(fp_int *a, fp_int *b, fp_int *c); @@ -833,7 +842,7 @@ MP_API int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); #ifdef WOLFSSL_KEY_GEN MP_API int mp_gcd(fp_int *a, fp_int *b, fp_int *c); MP_API int mp_lcm(fp_int *a, fp_int *b, fp_int *c); -MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); +MP_API int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap); MP_API int mp_exch(mp_int *a, mp_int *b); #endif /* WOLFSSL_KEY_GEN */ MP_API int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m); @@ -846,6 +855,11 @@ MP_API int mp_abs(mp_int* a, mp_int* b); WOLFSSL_API word32 CheckRunTimeFastMath(void); +#ifdef WOLFSSL_CHECK_MEM_ZERO +void mp_memzero_add(const char* name, mp_int* a); +void mp_memzero_check(mp_int* a); +#endif + /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math FP_SIZE must match, return 1 if a match otherwise 0 */ #define CheckFastMathSettings() (FP_SIZE == CheckRunTimeFastMath()) diff --git a/source/libs/libwolfssl/wolfcrypt/types.h b/source/libs/libwolfssl/wolfcrypt/types.h index 667bd76d..7e3aa3f3 100644 --- a/source/libs/libwolfssl/wolfcrypt/types.h +++ b/source/libs/libwolfssl/wolfcrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,15 +39,12 @@ decouple library dependencies with standard string, memory and so on. #endif - #define WOLFSSL_ABI - /* Tag for all the APIs that are a part of the fixed ABI. */ - /* * This struct is used multiple time by other structs and - * needs to be defined somwhere that all structs can import - * (with minimal depencencies). + * needs to be defined somewhere that all structs can import + * (with minimal dependencies). */ - #if defined(HAVE_EX_DATA) || defined(FORTRESS) + #ifdef HAVE_EX_DATA #ifdef HAVE_EX_DATA_CLEANUP_HOOKS typedef void (*wolfSSL_ex_data_cleanup_routine_t)(void *data); #endif @@ -95,10 +92,29 @@ decouple library dependencies with standard string, memory and so on. typedef const char* const wcchar; #endif + #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES + /* if a version is available, pivot on the version, otherwise guess it's + * allowed, subject to override. + */ + #if !defined(__STDC__) \ + || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \ + || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \ + || (defined(__cplusplus) && (__cplusplus >= 201103L)) + #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 + #else + #define HAVE_ANONYMOUS_INLINE_AGGREGATES 0 + #endif + #endif + + /* helpers for stringifying the expanded value of a macro argument rather + * than its literal text: + */ + #define _WC_STRINGIFY_L2(str) #str + #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str) /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ #if defined(_MSC_VER) || defined(HAVE_LIMITS_H) - /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, + /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, * otherwise causes issues with CTC_SETTINGS */ #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG) #include @@ -117,7 +133,10 @@ decouple library dependencies with standard string, memory and so on. defined(_ARCH_PPC64) || defined(__mips64) || \ defined(__x86_64__) || defined(__s390x__ ) || \ ((defined(sun) || defined(__sun)) && \ - (defined(LP64) || defined(_LP64)))) + (defined(LP64) || defined(_LP64))) || \ + (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \ + defined(__aarch64__) || \ + (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))) /* long should be 64bit */ #define SIZEOF_LONG 8 #elif defined(__i386__) || defined(__CORTEX_M3__) @@ -157,9 +176,14 @@ decouple library dependencies with standard string, memory and so on. #if defined(WORD64_AVAILABLE) && !defined(WC_16BIT_CPU) /* These platforms have 64-bit CPU registers. */ #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ - defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ + (defined(__mips64) && \ + ((defined(_ABI64) && (_MIPS_SIM == _ABI64)) || \ + (defined(_ABIO64) && (_MIPS_SIM == _ABIO64)))) || \ + defined(__x86_64__) || defined(_M_X64)) || \ defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \ - (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) + (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) || \ + defined(__aarch64__) || \ + (defined(__DCC__) && (defined(__LP64) || defined(__LP64__))) #define WC_64BIT_CPU #elif (defined(sun) || defined(__sun)) && \ (defined(LP64) || defined(_LP64)) @@ -189,17 +213,25 @@ decouple library dependencies with standard string, memory and so on. #elif defined(WC_16BIT_CPU) #undef WORD64_AVAILABLE typedef word16 wolfssl_word; - #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as - mp_digit, no 64 bit type so make mp_digit 16 bit */ + #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ + * mp_digit, no 64 bit type so make mp_digit 16 bit */ #else #undef WORD64_AVAILABLE typedef word32 wolfssl_word; - #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as - mp_digit, no 64 bit type so make mp_digit 16 bit */ + #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ + * mp_digit, no 64 bit type so make mp_digit 16 bit */ #endif -#ifdef WC_PTR_TYPE /* Allow user suppied type */ +typedef struct w64wrapper { +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_W64_WRAPPER_TEST) + word64 n; +#else + word32 n[2]; +#endif /* WORD64_AVAILABLE && WOLFSSL_W64_WRAPPER_TEST */ +} w64wrapper; + +#ifdef WC_PTR_TYPE /* Allow user supplied type */ typedef WC_PTR_TYPE wc_ptr_t; #elif defined(HAVE_UINTPTR_T) #include @@ -216,6 +248,7 @@ decouple library dependencies with standard string, memory and so on. }; #define WOLFSSL_MAX_16BIT 0xffffU + #define WOLFSSL_MAX_32BIT 0xffffffffU /* use inlining if compiler allows */ #ifndef WC_INLINE @@ -240,6 +273,12 @@ decouple library dependencies with standard string, memory and so on. #endif #elif defined(__CCRX__) #define WC_INLINE inline + #elif defined(__DCC__) + #ifndef __cplusplus + #define WC_INLINE __inline__ + #else + #define WC_INLINE inline + #endif #else #define WC_INLINE #endif @@ -292,12 +331,13 @@ decouple library dependencies with standard string, memory and so on. #ifndef FALL_THROUGH /* GCC 7 has new switch() fall-through detection */ #if defined(__GNUC__) - #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) - #if defined(WOLFSSL_LINUXKM) && defined(fallthrough) - #define FALL_THROUGH fallthrough - #else - #define FALL_THROUGH ; __attribute__ ((fallthrough)) - #endif + #if defined(fallthrough) + #define FALL_THROUGH fallthrough + #elif ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) + #define FALL_THROUGH ; __attribute__ ((fallthrough)) + #elif defined(__clang__) && defined(__clang_major__) && \ + (__clang_major__ >= 12) + #define FALL_THROUGH ; __attribute__ ((fallthrough)) #endif #endif #endif /* FALL_THROUGH */ @@ -307,6 +347,24 @@ decouple library dependencies with standard string, memory and so on. #define FALL_THROUGH #endif + #ifndef WARN_UNUSED_RESULT + #if defined(WOLFSSL_LINUXKM) && defined(__must_check) + #define WARN_UNUSED_RESULT __must_check + #elif defined(__GNUC__) && (__GNUC__ >= 4) + #define WARN_UNUSED_RESULT __attribute__((warn_unused_result)) + #else + #define WARN_UNUSED_RESULT + #endif + #endif /* WARN_UNUSED_RESULT */ + + #ifndef WC_MAYBE_UNUSED + #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) + #define WC_MAYBE_UNUSED __attribute__((unused)) + #else + #define WC_MAYBE_UNUSED + #endif + #endif /* WC_MAYBE_UNUSED */ + /* Micrium will use Visual Studio for compilation but not the Win32 API */ #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ !defined(FREERTOS_TCP) && !defined(EBSNET) && \ @@ -377,7 +435,11 @@ decouple library dependencies with standard string, memory and so on. /* Telit M2MB SDK requires use m2mb_os API's, not std malloc/free */ /* Use of malloc/free will cause CPU reboot */ #define XMALLOC(s, h, t) ((void)h, (void)t, m2mb_os_malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) m2mb_os_free((xp));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) m2mb_os_free(xp) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) #elif defined(NO_WOLFSSL_MEMORY) @@ -386,7 +448,7 @@ decouple library dependencies with standard string, memory and so on. #ifdef WOLFSSL_MALLOC_CHECK #include static inline void* malloc_check(size_t sz) { - printf("wolfSSL_malloc failed"); + fprintf(stderr, "wolfSSL_malloc failed"); return NULL; }; #define XMALLOC(s, h, t) malloc_check((s)) @@ -401,40 +463,60 @@ decouple library dependencies with standard string, memory and so on. /* just use plain C stdlib stuff if desired */ #include #define XMALLOC(s, h, t) malloc((size_t)(s)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) free(xp) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) free(xp);} + #endif #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n)) #endif #elif defined(WOLFSSL_LINUXKM) - /* the requisite linux/slab.h is included in wc_port.h, with incompatible warnings masked out. */ - #define XMALLOC(s, h, t) ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);}) - #define XFREE(p, h, t) ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);}) - #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);}) + + /* definitions are in linuxkm/linuxkm_wc_port.h */ #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4) /* default C runtime, can install different routines at runtime via cbs */ - #include + #ifndef WOLFSSL_MEMORY_H + #include + #endif #ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ - #elif !defined(FREERTOS) && !defined(FREERTOS_TCP) + #elif (!defined(FREERTOS) && !defined(FREERTOS_TCP)) || defined(WOLFSSL_TRACK_MEMORY) #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} + #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, __func__, __LINE__) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) #else - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(p) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ @@ -442,69 +524,83 @@ decouple library dependencies with standard string, memory and so on. /* declare/free variable handling for async and smallstack */ #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK) - #define DECLARE_VAR_IS_HEAP_ALLOC - #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT) - #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + #define WC_DECLARE_VAR_IS_HEAP_ALLOC + #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT) + #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ VAR_TYPE* VAR_NAME[VAR_ITEMS]; \ - int idx##VAR_NAME, inner_idx_##VAR_NAME; \ - for (idx##VAR_NAME=0; idx##VAR_NAME #else #include #endif - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) #define XSTRLEN(s1) strlen((s1)) #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) @@ -542,10 +644,44 @@ decouple library dependencies with standard string, memory and so on. #define XSTRSEP(s1,d) strsep((s1),(d)) #endif - #ifndef XSTRNCASECMP - #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ + #ifndef XSTRCASECMP + #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) + /* XC32 supports str[n]casecmp in version >= 1.0. */ + #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2)) + #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ defined(WOLFSSL_ZEPHYR) - /* XC32 does not support strncasecmp, so use case sensitive one */ + /* XC32 version < 1.0 does not support strcasecmp, so use + * case sensitive one. + */ + #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) + #define XSTRCASECMP(s1,s2) _stricmp((s1),(s2)) + #else + #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \ + !defined(WOLFSSL_SGX) + #include + #endif + #if defined(WOLFSSL_DEOS) + #define XSTRCASECMP(s1,s2) stricmp((s1),(s2)) + #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) + #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + #elif defined(WOLF_C89) + #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) + #else + #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2)) + #endif + #endif + #endif /* !XSTRCASECMP */ + + #ifndef XSTRNCASECMP + #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) + /* XC32 supports str[n]casecmp in version >= 1.0. */ + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ + defined(WOLFSSL_ZEPHYR) + /* XC32 version < 1.0 does not support strncasecmp, so use case + * sensitive one. + */ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) @@ -556,7 +692,9 @@ decouple library dependencies with standard string, memory and so on. #endif #if defined(WOLFSSL_DEOS) #define XSTRNCASECMP(s1,s2,n) strnicmp((s1),(s2),(n)) - #elif defined(WOLFSSL_CMSIS_RTOSv2) + #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) + #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) + #elif defined(WOLF_C89) #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) #else #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) @@ -568,8 +706,9 @@ decouple library dependencies with standard string, memory and so on. debugging is turned on */ #ifndef USE_WINDOWS_API #ifndef XSNPRINTF - #if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \ - defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM) + #if defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_EXT) || defined(HAVE_PKCS7)) /* case where stdio is not included else where but is needed for snprintf */ #include @@ -581,7 +720,7 @@ decouple library dependencies with standard string, memory and so on. /* In cases when truncation is expected the caller needs*/ /* to check the return value from the function so that */ /* compiler doesn't complain. */ - /* xtensa-esp32-elf v8.2.0 warns trancation at */ + /* xtensa-esp32-elf v8.2.0 warns truncation at */ /* GetAsnTimeString() */ static WC_INLINE int _xsnprintf_(char *s, size_t n, const char *format, ...) @@ -602,6 +741,8 @@ decouple library dependencies with standard string, memory and so on. return ret; } #define XSNPRINTF _xsnprintf_ + #elif defined(WOLF_C89) + #define XSPRINTF sprintf #else #define XSNPRINTF snprintf #endif @@ -642,8 +783,8 @@ decouple library dependencies with standard string, memory and so on. #endif /* _MSC_VER */ #endif /* USE_WINDOWS_API */ - #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \ - || defined(HAVE_ALPN) + #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) @@ -656,7 +797,7 @@ decouple library dependencies with standard string, memory and so on. #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_OCSP) || \ defined(HAVE_CRL_IO) || defined(HAVE_HTTP_CLIENT) || \ - !defined(NO_CRYPT_BENCHMARK) + !defined(NO_CRYPT_BENCHMARK) || defined(OPENSSL_EXTRA) #ifndef XATOI /* if custom XATOI is not already defined */ #include @@ -672,24 +813,32 @@ decouple library dependencies with standard string, memory and so on. WOLFSSL_API char* wc_strsep(char **stringp, const char *delim); #endif - #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - !defined(NO_STDIO_FILESYSTEM) + #ifdef USE_WOLF_STRLCPY + WOLFSSL_API size_t wc_strlcpy(char *dst, const char *src, size_t dstSize); + #define XSTRLCPY(s1,s2,n) wc_strlcpy((s1),(s2),(n)) + #endif + #ifdef USE_WOLF_STRLCAT + WOLFSSL_API size_t wc_strlcat(char *dst, const char *src, size_t dstSize); + #define XSTRLCAT(s1,s2,n) wc_strlcat((s1),(s2),(n)) + #endif + + #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV #include #define XGETENV getenv #endif - #endif /* OPENSSL_EXTRA */ + #endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ - #ifndef CTYPE_USER - #ifndef WOLFSSL_LINUXKM - #include - #endif - #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ - defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \ - defined(OPENSSL_EXTRA) + #ifndef CTYPE_USER + #ifndef WOLFSSL_LINUXKM + #include + #endif + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ + defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \ + defined(OPENSSL_EXTRA) #define XTOUPPER(c) toupper((c)) #endif - #ifdef OPENSSL_ALL + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #define XISALNUM(c) isalnum((c)) #define XISASCII(c) isascii((c)) #define XISSPACE(c) isspace((c)) @@ -698,6 +847,14 @@ decouple library dependencies with standard string, memory and so on. #define XTOLOWER(c) tolower((c)) #endif + #ifndef OFFSETOF + #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4)) + #define OFFSETOF(type, field) __builtin_offsetof(type, field) + #else + #define OFFSETOF(type, field) ((size_t)&(((type *)0)->field)) + #endif + #endif + /* memory allocation types for user hints */ enum { @@ -786,7 +943,6 @@ decouple library dependencies with standard string, memory and so on. DYNAMIC_TYPE_SEED = 83, DYNAMIC_TYPE_SYMMETRIC_KEY= 84, DYNAMIC_TYPE_ECC_BUFFER = 85, - DYNAMIC_TYPE_QSH = 86, DYNAMIC_TYPE_SALT = 87, DYNAMIC_TYPE_HASH_TMP = 88, DYNAMIC_TYPE_BLOB = 89, @@ -795,12 +951,17 @@ decouple library dependencies with standard string, memory and so on. DYNAMIC_TYPE_ED448 = 92, DYNAMIC_TYPE_AES = 93, DYNAMIC_TYPE_CMAC = 94, + DYNAMIC_TYPE_FALCON = 95, + DYNAMIC_TYPE_SESSION = 96, + DYNAMIC_TYPE_DILITHIUM = 97, + DYNAMIC_TYPE_SPHINCS = 98, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, + DYNAMIC_TYPE_SNIFFER_KEY = 1006, }; /* max error buffer string size */ @@ -830,8 +991,9 @@ decouple library dependencies with standard string, memory and so on. /* hash types */ enum wc_HashType { - #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) && \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)) + #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ + ((! defined(HAVE_FIPS_VERSION)) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))) /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types. * Values here are based on old selftest hmac.h enum, with additions. * These values are fixed for backwards FIPS compatibility */ @@ -851,8 +1013,13 @@ decouple library dependencies with standard string, memory and so on. WC_HASH_TYPE_SHA3_512 = 13, WC_HASH_TYPE_BLAKE2B = 14, WC_HASH_TYPE_BLAKE2S = 19, - WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S + #ifndef WOLFSSL_NOSHA512_224 + #define WOLFSSL_NOSHA512_224 + #endif + #ifndef WOLFSSL_NOSHA512_256 + #define WOLFSSL_NOSHA512_256 + #endif #else WC_HASH_TYPE_NONE = 0, WC_HASH_TYPE_MD2 = 1, @@ -870,8 +1037,28 @@ decouple library dependencies with standard string, memory and so on. WC_HASH_TYPE_SHA3_512 = 13, WC_HASH_TYPE_BLAKE2B = 14, WC_HASH_TYPE_BLAKE2S = 15, + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S + #ifndef WOLFSSL_NOSHA512_224 + WC_HASH_TYPE_SHA512_224 = 16, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 + #endif + #ifndef WOLFSSL_NOSHA512_256 + WC_HASH_TYPE_SHA512_256 = 17, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 + #endif + #ifdef WOLFSSL_SHAKE128 + WC_HASH_TYPE_SHAKE128 = 18, + #endif + #ifdef WOLFSSL_SHAKE256 + WC_HASH_TYPE_SHAKE256 = 19, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 + #endif + WC_HASH_TYPE_MAX = _WC_HASH_TYPE_MAX + #undef _WC_HASH_TYPE_MAX - WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S #endif /* HAVE_SELFTEST */ }; @@ -884,13 +1071,13 @@ decouple library dependencies with standard string, memory and so on. WC_CIPHER_AES_CTR = 4, WC_CIPHER_AES_XTS = 5, WC_CIPHER_AES_CFB = 6, + WC_CIPHER_AES_CCM = 12, + WC_CIPHER_AES_ECB = 13, WC_CIPHER_DES3 = 7, WC_CIPHER_DES = 8, WC_CIPHER_CHACHA = 9, - WC_CIPHER_HC128 = 10, - WC_CIPHER_IDEA = 11, - WC_CIPHER_MAX = WC_CIPHER_HC128 + WC_CIPHER_MAX = WC_CIPHER_AES_CCM }; /* PK=public key (asymmetric) based algorithms */ @@ -948,13 +1135,13 @@ decouple library dependencies with standard string, memory and so on. #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) /* invalid device id */ - #define INVALID_DEVID -2 - + #define INVALID_DEVID (-2) /* AESNI requires alignment and ARMASM gains some performance from it * Xilinx RSA operations require alignment */ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ - defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) + defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) || \ + defined(WOLFSSL_XILINX) #ifndef WOLFSSL_USE_ALIGN #define WOLFSSL_USE_ALIGN #endif @@ -962,7 +1149,8 @@ decouple library dependencies with standard string, memory and so on. #ifdef WOLFSSL_USE_ALIGN #if !defined(ALIGN16) - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \ + defined(__llvm__) #define ALIGN16 __attribute__ ( (aligned (16))) #elif defined(_MSC_VER) /* disable align warning, we want alignment ! */ @@ -974,7 +1162,8 @@ decouple library dependencies with standard string, memory and so on. #endif /* !ALIGN16 */ #if !defined (ALIGN32) - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \ + defined(__llvm__) #define ALIGN32 __attribute__ ( (aligned (32))) #elif defined(_MSC_VER) /* disable align warning, we want alignment ! */ @@ -986,7 +1175,8 @@ decouple library dependencies with standard string, memory and so on. #endif /* !ALIGN32 */ #if !defined(ALIGN64) - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \ + defined(__llvm__) #define ALIGN64 __attribute__ ( (aligned (64))) #elif defined(_MSC_VER) /* disable align warning, we want alignment ! */ @@ -997,7 +1187,8 @@ decouple library dependencies with standard string, memory and so on. #endif #endif /* !ALIGN64 */ - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \ + defined(__llvm__) #define ALIGN128 __attribute__ ( (aligned (128))) #elif defined(_MSC_VER) /* disable align warning, we want alignment ! */ @@ -1007,7 +1198,8 @@ decouple library dependencies with standard string, memory and so on. #define ALIGN128 #endif - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \ + defined(__llvm__) #define ALIGN256 __attribute__ ( (aligned (256))) #elif defined(_MSC_VER) /* disable align warning, we want alignment ! */ @@ -1051,9 +1243,56 @@ decouple library dependencies with standard string, memory and so on. #define FALSE 0 #endif + #ifdef SINGLE_THREADED + #if defined(WC_32BIT_CPU) + typedef void* THREAD_RETURN; + #else + typedef unsigned int THREAD_RETURN; + #endif + typedef void* THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \ + defined(FREESCALE_MQX) + typedef unsigned int THREAD_RETURN; + typedef int THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(WOLFSSL_NUCLEUS) + typedef unsigned int THREAD_RETURN; + typedef intptr_t THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(WOLFSSL_TIRTOS) + typedef void THREAD_RETURN; + typedef Task_Handle THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(WOLFSSL_ZEPHYR) + typedef void THREAD_RETURN; + typedef struct k_thread THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(NETOS) + typedef UINT THREAD_RETURN; + typedef TX_THREAD THREAD_TYPE; + #define WOLFSSL_THREAD + #define INFINITE TX_WAIT_FOREVER + #define WAIT_OBJECT_0 TX_NO_WAIT + #elif defined(WOLFSSL_LINUXKM) + typedef unsigned int THREAD_RETURN; + typedef size_t THREAD_TYPE; + #define WOLFSSL_THREAD + #elif (defined(_POSIX_THREADS) || defined(HAVE_PTHREAD)) && \ + !defined(__MINGW32__) + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define WOLFSSL_THREAD + #define INFINITE (-1) + #define WAIT_OBJECT_0 0L + #else + typedef unsigned int THREAD_RETURN; + typedef size_t THREAD_TYPE; + #define WOLFSSL_THREAD __stdcall + #endif #if defined(HAVE_STACK_SIZE) - #define EXIT_TEST(ret) return (void*)((size_t)(ret)) + #define EXIT_TEST(ret) return (THREAD_RETURN)((size_t)(ret)) #else #define EXIT_TEST(ret) return ret #endif @@ -1090,13 +1329,135 @@ decouple library dependencies with standard string, memory and so on. #endif #if defined(__GNUC__) && __GNUC__ > 5 - #define PRAGMA_GCC_IGNORE(str) _Pragma(str); - #define PRAGMA_GCC_POP _Pragma("GCC diagnostic pop"); + #define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push") + #define PRAGMA_GCC(str) _Pragma(str) + #define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop") #else - #define PRAGMA_GCC_IGNORE(str) - #define PRAGMA_GCC_POP + #define PRAGMA_GCC_DIAG_PUSH + #define PRAGMA_GCC(str) + #define PRAGMA_GCC_DIAG_POP #endif + #ifdef __clang__ + #define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push") + #define PRAGMA_CLANG(str) _Pragma(str) + #define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop") + #else + #define PRAGMA_CLANG_DIAG_PUSH + #define PRAGMA_CLANG(str) + #define PRAGMA_CLANG_DIAG_POP + #endif + + #ifdef DEBUG_VECTOR_REGISTER_ACCESS + WOLFSSL_API extern THREAD_LS_T int wc_svr_count; + WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file; + WOLFSSL_API extern THREAD_LS_T int wc_svr_last_line; + + #ifdef DEBUG_VECTOR_REGISTERS_ABORT_ON_FAIL + #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE abort(); + #elif defined(DEBUG_VECTOR_REGISTERS_EXIT_ON_FAIL) + #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE exit(1); + #else + #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE + #endif + + #define SAVE_VECTOR_REGISTERS(...) { \ + ++wc_svr_count; \ + if (wc_svr_count > 5) { \ + fprintf(stderr, \ + "%s @ L%d : incr : wc_svr_count %d (last op %s L%d)\n", \ + __FILE__, \ + __LINE__, \ + wc_svr_count, \ + wc_svr_last_file, \ + wc_svr_last_line); \ + DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \ + } \ + wc_svr_last_file = __FILE__; \ + wc_svr_last_line = __LINE__; \ + } + #define ASSERT_SAVED_VECTOR_REGISTERS(fail_clause) { \ + if (wc_svr_count <= 0) { \ + fprintf(stderr, \ + "ASSERT_SAVED_VECTOR_REGISTERS : %s @ L%d : wc_svr_count %d (last op %s L%d)\n", \ + __FILE__, \ + __LINE__, \ + wc_svr_count, \ + wc_svr_last_file, \ + wc_svr_last_line); \ + DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \ + { fail_clause } \ + } \ + } + #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) { \ + if (wc_svr_count != 0) { \ + fprintf(stderr, \ + "ASSERT_RESTORED_VECTOR_REGISTERS : %s @ L%d : wc_svr_count %d (last op %s L%d)\n", \ + __FILE__, \ + __LINE__, \ + wc_svr_count, \ + wc_svr_last_file, \ + wc_svr_last_line); \ + DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \ + { fail_clause } \ + } \ + } + #define RESTORE_VECTOR_REGISTERS(...) { \ + --wc_svr_count; \ + if ((wc_svr_count > 4) || (wc_svr_count < 0)) { \ + fprintf(stderr, \ + "%s @ L%d : decr : wc_svr_count %d (last op %s L%d)\n", \ + __FILE__, \ + __LINE__, \ + wc_svr_count, \ + wc_svr_last_file, \ + wc_svr_last_line); \ + DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \ + } \ + wc_svr_last_file = __FILE__; \ + wc_svr_last_line = __LINE__; \ + } + #else + #ifdef _MSC_VER + /* disable buggy MSC warning around while(0), + *"warning C4127: conditional expression is constant" + */ + #pragma warning(disable: 4127) + #endif + #ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS(...) do{}while(0) + #endif + #ifndef ASSERT_SAVED_VECTOR_REGISTERS + #define ASSERT_SAVED_VECTOR_REGISTERS(...) do{}while(0) + #endif + #ifndef ASSERT_RESTORED_VECTOR_REGISTERS + #define ASSERT_RESTORED_VECTOR_REGISTERS(...) do{}while(0) + #endif + #ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() do{}while(0) + #endif + #endif + + + #if FIPS_VERSION_GE(5,1) + #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y)) + #define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL) + #define PRIVATE_KEY_UNLOCK() WC_SPKRE_F(1,WC_KEYTYPE_ALL) + #else + #define PRIVATE_KEY_LOCK() do{}while(0) + #define PRIVATE_KEY_UNLOCK() do{}while(0) + #endif + + + #ifdef _MSC_VER + /* disable buggy MSC warning (incompatible with clang-tidy + * readability-avoid-const-params-in-decls) + * "warning C4028: formal parameter x different from declaration" + */ + #pragma warning(disable: 4028) + #endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/visibility.h b/source/libs/libwolfssl/wolfcrypt/visibility.h index 46a31a44..7db963a5 100644 --- a/source/libs/libwolfssl/wolfcrypt/visibility.h +++ b/source/libs/libwolfssl/wolfcrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,7 +33,7 @@ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #include #define WOLFSSL_API CYASSL_API - #define WOLFSSL_LOCAL CYASSL_LOCAL + #define WOLFSSL_LOCAL CYASSL_LOCAL #else /* WOLFSSL_API is used for the public API symbols. @@ -77,5 +77,11 @@ #endif /* BUILDING_WOLFSSL */ #endif /* HAVE_FIPS */ -#endif /* WOLF_CRYPT_VISIBILITY_H */ +/* WOLFSSL_ABI is used for public API symbols that must not change + * their signature. This tag is used for all APIs that are a + * part of the fixed ABI. + */ +#define WOLFSSL_ABI + +#endif /* WOLF_CRYPT_VISIBILITY_H */ diff --git a/source/libs/libwolfssl/wolfcrypt/wc_encrypt.h b/source/libs/libwolfssl/wolfcrypt/wc_encrypt.h index 71487fba..f6355242 100644 --- a/source/libs/libwolfssl/wolfcrypt/wc_encrypt.h +++ b/source/libs/libwolfssl/wolfcrypt/wc_encrypt.h @@ -1,6 +1,6 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,7 +64,7 @@ (HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \ (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))) /* In FIPS cert 3389 and CAVP selftest v1 build, these enums are - * not in aes.h. Define them here outside the fips boundary. + * not in aes.h. Define them here outside the fips boundary. */ #ifndef GCM_NONCE_MID_SZ /* The usual default nonce size for AES-GCM. */ @@ -113,7 +113,7 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, #endif /* WOLFSSL_ENCRYPTED_KEYS */ #ifndef NO_PWDBASED - WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz, + WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz, byte* salt, int saltSz, int iterations, int id, byte* input, int length, int version, byte* cbcIv, int enc, int shaOid); #endif diff --git a/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h b/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h index 65bf50a6..79d7adbb 100644 --- a/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h +++ b/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h @@ -1,6 +1,6 @@ /* wc_pkcs11.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,7 +39,9 @@ typedef struct Pkcs11Dev { +#ifndef HAVE_PKCS11_STATIC void* dlHandle; /* Handle to library */ +#endif CK_FUNCTION_LIST* func; /* Array of functions */ void* heap; } Pkcs11Dev; @@ -50,6 +52,7 @@ typedef struct Pkcs11Token { CK_SESSION_HANDLE handle; /* Handle to active session */ CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */ CK_ULONG userPinSz; /* Size of user's PIN in bytes */ + byte userPinLogin:1; /* Login with User's PIN */ } Pkcs11Token; typedef struct Pkcs11Session { @@ -69,11 +72,21 @@ enum Pkcs11KeyType { WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap); +WOLFSSL_API int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, + void* heap, CK_RV* rvp); WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev); WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId, const char* tokenName, const unsigned char *userPin, int userPinSz); +WOLFSSL_API int wc_Pkcs11Token_Init_NoLogin(Pkcs11Token* token, Pkcs11Dev* dev, + int slotId, const char* tokenName); +WOLFSSL_API int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev, + const char* tokenName, int tokenSz, + const unsigned char* userPin, int userPinSz); +WOLFSSL_API int wc_Pkcs11Token_InitName_NoLogin(Pkcs11Token* token, + Pkcs11Dev* dev, const char* tokenName, int tokenSz); + WOLFSSL_API void wc_Pkcs11Token_Final(Pkcs11Token* token); WOLFSSL_API int wc_Pkcs11Token_Open(Pkcs11Token* token, int readWrite); WOLFSSL_API void wc_Pkcs11Token_Close(Pkcs11Token* token); diff --git a/source/libs/libwolfssl/wolfcrypt/wc_port.h b/source/libs/libwolfssl/wolfcrypt/wc_port.h index 996b99f5..c24ca382 100644 --- a/source/libs/libwolfssl/wolfcrypt/wc_port.h +++ b/source/libs/libwolfssl/wolfcrypt/wc_port.h @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,162 +55,7 @@ #endif #ifdef WOLFSSL_LINUXKM - #ifdef HAVE_CONFIG_H - #ifndef PACKAGE_NAME - #error wc_port.h included before config.h - #endif - /* config.h is autogenerated without gating, and is subject to repeat - * inclusions, so gate it out here to keep autodetection masking - * intact: - */ - #undef HAVE_CONFIG_H - #endif - - #ifdef BUILDING_WOLFSSL - - _Pragma("GCC diagnostic push"); - - /* we include all the needed kernel headers with these masked out. else - * there are profuse warnings. - */ - _Pragma("GCC diagnostic ignored \"-Wunused-parameter\""); - _Pragma("GCC diagnostic ignored \"-Wpointer-arith\""); - _Pragma("GCC diagnostic ignored \"-Wshadow\""); - _Pragma("GCC diagnostic ignored \"-Wnested-externs\""); - _Pragma("GCC diagnostic ignored \"-Wredundant-decls\""); - _Pragma("GCC diagnostic ignored \"-Wsign-compare\""); - _Pragma("GCC diagnostic ignored \"-Wpointer-sign\""); - _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\""); - _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\""); - _Pragma("GCC diagnostic ignored \"-Wtype-limits\""); - - /* suppress inclusion of stdint-gcc.h to avoid conflicts with Linux native include/linux/types.h: */ - #define _GCC_STDINT_H - - #include - #include - #include - #include - #include - #include - #include - #ifndef SINGLE_THREADED - #include - #endif - #include - #include - #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #include - #else - #include - #endif - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin() - #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end() - #endif - #elif defined(WOLFSSL_ARMASM) - #include - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); }) - #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); }) - #endif - #else - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS() ({}) - #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() ({}) - #endif - #endif - - _Pragma("GCC diagnostic pop"); - - /* Linux headers define these using C expressions, but we need - * them to be evaluable by the preprocessor, for use in sp_int.h. - */ - _Static_assert(sizeof(ULONG_MAX) == 8, "WOLFSSL_LINUXKM supported only on targets with 64 bit long words."); - #undef UCHAR_MAX - #define UCHAR_MAX 255 - #undef USHRT_MAX - #define USHRT_MAX 65535 - #undef UINT_MAX - #define UINT_MAX 4294967295U - #undef ULONG_MAX - #define ULONG_MAX 18446744073709551615UL - #undef ULLONG_MAX - #define ULLONG_MAX ULONG_MAX - #undef INT_MAX - #define INT_MAX 2147483647 - #undef LONG_MAX - #define LONG_MAX 9223372036854775807L - #undef LLONG_MAX - #define LLONG_MAX LONG_MAX - - /* remove this multifariously conflicting macro, picked up from - * Linux arch//include/asm/current.h. - */ - #undef current - - /* prevent gcc's mm_malloc.h from being included, since it unconditionally - * includes stdlib.h, which is kernel-incompatible. - */ - #define _MM_MALLOC_H_INCLUDED - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) - /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */ - #define malloc(x) kvmalloc(x, GFP_KERNEL) - #define free(x) kvfree(x) - void *lkm_realloc(void *ptr, size_t newsize); - #define realloc(x, y) lkm_realloc(x, y) -#else - #define malloc(x) kmalloc(x, GFP_KERNEL) - #define free(x) kfree(x) - #define realloc(x,y) krealloc(x, y, GFP_KERNEL) -#endif - - /* min() and max() in linux/kernel.h over-aggressively type-check, producing - * myriad spurious -Werrors throughout the codebase. - */ - #undef min - #undef max - - /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) - * and linux/key.h (extern int()). - */ - #define key_update wc_key_update - - #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args) - #define printf(...) lkm_printf(__VA_ARGS__) - - #endif /* BUILDING_WOLFSSL */ - - /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */ - #define XSNPRINTF snprintf - - /* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */ - #define XATOI(s) ({ \ - long _xatoi_res = 0; \ - int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); \ - if (_xatoi_ret != 0) { \ - _xatoi_res = 0; \ - } \ - (int)_xatoi_res; \ - }) - -#else /* ! WOLFSSL_LINUXKM */ - - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS() do{}while(0) - #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() do{}while(0) - #endif - + #include "../../linuxkm/linuxkm_wc_port.h" #endif /* WOLFSSL_LINUXKM */ /* THREADING/MUTEX SECTION */ @@ -227,6 +72,9 @@ #include #endif #include + #ifndef WOLFSSL_USER_IO + #include /* required for InetPton */ + #endif #endif /* WOLFSSL_SGX */ #endif #elif defined(THREADX) @@ -252,6 +100,11 @@ #include "fsl_os_abstraction.h" #elif defined(WOLFSSL_VXWORKS) #include + #ifdef WOLFSSL_VXWORKS_6_x + #ifndef SEM_ID_NULL + #define SEM_ID_NULL ((SEM_ID)NULL) + #endif + #endif #elif defined(WOLFSSL_uITRON4) #include "stddef.h" #include "kernel.h" @@ -313,12 +166,13 @@ #ifdef __cplusplus extern "C" { #endif - +#elif defined(WOLFSSL_EMBOS) + /* do nothing */ #else #ifndef SINGLE_THREADED #ifndef WOLFSSL_USER_MUTEX - #if defined(WOLFSSL_LINUXKM) - #define WOLFSSL_KTHREADS + #ifdef WOLFSSL_LINUXKM + /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #define WOLFSSL_PTHREADS #include @@ -352,7 +206,7 @@ #elif defined(FREERTOS_TCP) #include "FreeRTOS.h" #include "semphr.h" - typedef SemaphoreHandle_t wolfSSL_Mutex; + typedef SemaphoreHandle_t wolfSSL_Mutex; #elif defined (RTTHREAD) #include "rtthread.h" typedef rt_mutex_t wolfSSL_Mutex; @@ -363,10 +217,14 @@ } wolfSSL_Mutex; #elif defined(USE_WINDOWS_API) typedef CRITICAL_SECTION wolfSSL_Mutex; + #elif defined(MAXQ10XX_MUTEX) + #include + #include + #include + typedef pthread_mutex_t wolfSSL_Mutex; + int maxq_CryptHwMutexTryLock(void); #elif defined(WOLFSSL_PTHREADS) - typedef u32 wolfSSL_Mutex; /* pthread_mutex_t = mutex_t = u32 */ - #elif defined(WOLFSSL_KTHREADS) - typedef struct mutex wolfSSL_Mutex; + typedef u32 wolfSSL_Mutex; /* pthread_mutex_t = mutex_t = u32 */ #elif defined(THREADX) typedef TX_MUTEX wolfSSL_Mutex; #elif defined(WOLFSSL_DEOS) @@ -413,15 +271,71 @@ typedef struct k_mutex wolfSSL_Mutex; #elif defined(WOLFSSL_TELIT_M2MB) typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex; + #elif defined(WOLFSSL_EMBOS) + typedef OS_MUTEX wolfSSL_Mutex; #elif defined(WOLFSSL_USER_MUTEX) /* typedef User_Mutex wolfSSL_Mutex; */ #elif defined(WOLFSSL_LINUXKM) - typedef struct mutex wolfSSL_Mutex; + /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ #endif /* SINGLE_THREADED */ +/* Reference counting. */ +typedef struct wolfSSL_Ref { +#if !defined(SINGLE_THREADED) && !defined(HAVE_C___ATOMIC) + wolfSSL_Mutex mutex; +#endif + int count; +} wolfSSL_Ref; + +#ifdef SINGLE_THREADED +#define wolfSSL_RefInit(ref, err) \ + do { \ + (ref)->count = 1; \ + *(err) = 0; \ + } while(0) +#define wolfSSL_RefFree(ref) + #define wolfSSL_RefInc(ref, err) \ + do { \ + (ref)->count++; \ + *(err) = 0; \ + } while(0) +#define wolfSSL_RefDec(ref, isZero, err) \ + do { \ + (ref)->count--; \ + *(isZero) = ((ref)->count == 0); \ + *(err) = 0; \ + } while(0) +#elif defined(HAVE_C___ATOMIC) +#define wolfSSL_RefInit(ref, err) \ + do { \ + (ref)->count = 1; \ + *(err) = 0; \ + } while(0) +#define wolfSSL_RefFree(ref) +#define wolfSSL_RefInc(ref, err) \ + do { \ + __atomic_fetch_add(&(ref)->count, 1, \ + __ATOMIC_RELAXED); \ + *(err) = 0; \ + } while(0) +#define wolfSSL_RefDec(ref, isZero, err) \ + do { \ + __atomic_fetch_sub(&(ref)->count, 1, \ + __ATOMIC_RELAXED); \ + *(isZero) = ((ref)->count == 0); \ + *(err) = 0; \ + } while(0) +#else +WOLFSSL_LOCAL void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err); +WOLFSSL_LOCAL void wolfSSL_RefFree(wolfSSL_Ref* ref); +WOLFSSL_LOCAL void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err); +WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); +#endif + + /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) @@ -450,11 +364,11 @@ #endif /* WOLFSSL_CRYPT_HW_MUTEX */ /* Mutex functions */ -WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex*); +WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m); WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void); -WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex*); -WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex*); -WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex*); +WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex* m); +WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex* m); +WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex* m); #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) /* dynamically set which mutex to use. unlock / lock is controlled by flag */ typedef void (mutex_cb)(int flag, int type, const char* file, int line); @@ -464,8 +378,8 @@ WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb); #endif /* main crypto initialization function */ -WOLFSSL_API int wolfCrypt_Init(void); -WOLFSSL_API int wolfCrypt_Cleanup(void); +WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Init(void); +WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE WOLFSSL_API long wolfCrypt_heap_peakAllocs_checkpoint(void); @@ -485,7 +399,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); * EBSnet feedback */ #define XFILE int - #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); + #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0) #define XFSEEK ebsnet_fseek #define XFTELL vf_tell #define XREWIND vf_rewind @@ -499,7 +413,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(LSR_FS) #include #define XFILE struct fs_file* - #define XFOPEN(NAME, MODE) fs_open((char*)NAME); + #define XFOPEN(NAME, MODE) fs_open((char*)NAME) #define XFSEEK(F, O, W) (void)F #define XFTELL(F) (F)->len #define XREWIND(F) (void)F @@ -569,7 +483,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XFGETS(b,s,f) -2 /* Not ported yet */ #elif defined(WOLFSSL_ZEPHYR) - #include + #include #define XFILE struct fs_file_t* #define STAT struct fs_dirent @@ -664,7 +578,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define opendir FCL_OPENDIR #define closedir FCL_CLOSEDIR #define readdir FCL_READDIR - #define dirent fclDirent + #define dirent fclDirent #define strncasecmp FCL_STRNCASECMP /* FUSION SPECIFIC ERROR CODE */ @@ -693,6 +607,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE NULL #define XFGETS fgets #define XFPRINTF fprintf + #define XFFLUSH fflush #if !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) @@ -730,23 +645,11 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XS_ISREG(s) S_ISREG(s) #define SEPARATOR_CHAR ':' #endif - #endif -#endif -/* Defaults, user may over-ride with user_settings.h or in a porting section - * above - */ -#ifndef XVFPRINTF - #define XVFPRINTF vfprintf -#endif -#ifndef XVSNPRINTF - #define XVSNPRINTF vsnprintf -#endif -#ifndef XFPUTS - #define XFPUTS fputs -#endif -#ifndef XSPRINTF - #define XSPRINTF sprintf + #ifndef XSTAT_TYPE + #define XSTAT_TYPE struct XSTAT + #endif + #endif #endif #ifndef MAX_FILENAME_SZ @@ -756,7 +659,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define MAX_PATH 256 #endif - WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf, + WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, void* heap); #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \ @@ -765,7 +668,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef USE_WINDOWS_API WIN32_FIND_DATAA FindFileData; HANDLE hFind; - struct XSTAT s; + XSTAT_TYPE s; #elif defined(WOLFSSL_ZEPHYR) struct fs_dirent entry; struct fs_dir_t dir; @@ -786,23 +689,39 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #else struct dirent* entry; DIR* dir; - struct XSTAT s; + XSTAT_TYPE s; #endif char name[MAX_FILENAME_SZ]; } ReadDirCtx; - #define WC_READDIR_NOFILE -1 + #define WC_READDIR_NOFILE (-1) WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name); WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name); WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx); #endif /* !NO_WOLFSSL_DIR */ - #define WC_ISFILEEXIST_NOFILE -1 + #define WC_ISFILEEXIST_NOFILE (-1) WOLFSSL_API int wc_FileExists(const char* fname); #endif /* !NO_FILESYSTEM */ +/* Defaults, user may over-ride with user_settings.h or in a porting section + * above + */ +#ifndef XVFPRINTF + #define XVFPRINTF vfprintf +#endif +#ifndef XVSNPRINTF + #define XVSNPRINTF vsnprintf +#endif +#ifndef XFPUTS + #define XFPUTS fputs +#endif +#ifndef XSPRINTF + #define XSPRINTF sprintf +#endif + /* MIN/MAX MACRO SECTION */ /* Windows API defines its own min() macro. */ @@ -855,6 +774,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XTIME(t1) xilinx_time((t1)) #endif #include + time_t xilinx_time(time_t * timer); #elif defined(HAVE_RTP_SYS) #include "os.h" /* dc_rtc_api needs */ @@ -864,9 +784,12 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XTIME(tl) (0) #define XGMTIME(c, t) rtpsys_gmtime((c)) -#elif defined(WOLFSSL_DEOS) +#elif defined(WOLFSSL_DEOS) || defined(WOLFSSL_DEOS_RTEMS) #include - + #ifndef XTIME + extern time_t deos_time(time_t* timer); + #define XTIME(t1) deos_time((t1)) + #endif #elif defined(MICRIUM) #include #include @@ -879,6 +802,13 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XTIME(t1) pic32_time((t1)) #define XGMTIME(c, t) gmtime((c)) +#elif defined(FREESCALE_RTC) + #include + #include "fsl_rtc.h" + #ifndef XTIME + #define XTIME(t1) fsl_time((t1)) + #endif + #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #ifdef FREESCALE_MQX_4_0 #include @@ -957,15 +887,10 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #include #endif - typedef signed int time_t; - time_t z_time(time_t *timer); #define XTIME(tl) z_time((tl)) #define XGMTIME(c, t) gmtime((c)) - #define WOLFSSL_GMTIME - - #define USE_WOLF_TM #elif defined(WOLFSSL_TELIT_M2MB) typedef long time_t; @@ -985,22 +910,14 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(WOLFSSL_LINUXKM) - #ifdef BUILDING_WOLFSSL - /* includes are all above, with incompatible warnings masked out. */ - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) - typedef __kernel_time_t time_t; - #else - typedef __kernel_time64_t time_t; - #endif - extern time_t time(time_t * timer); - #define XTIME time + /* definitions are in linuxkm/linuxkm_wc_port.h */ + +#elif defined(HAL_RTC_MODULE_ENABLED) + #include + WOLFSSL_LOCAL time_t* stm32_hal_time(time_t* t1); + #define XTIME(t1) stm32_hal_time(t1) #define WOLFSSL_GMTIME - #define XGMTIME(c, t) gmtime(c) - #define NO_TIMEVAL 1 - - #endif /* BUILDING_WOLFSSL */ - #else /* default */ /* uses complete facility */ @@ -1013,6 +930,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef __PPC__ #define TIME_T_NOT_64BIT #endif + + #define XMKTIME(tm) mktime(tm) + #define XDIFFTIME(to, from) difftime(to, from) #endif #ifdef SIZEOF_TIME_T @@ -1039,7 +959,11 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #if !defined(XGMTIME) && !defined(TIME_OVERRIDES) /* Always use gmtime_r if available. */ - #if defined(HAVE_GMTIME_R) + #if defined(HAVE_GMTIME_S) + /* reentrant version */ + #define XGMTIME(c, t) gmtime_s((c), (t)) + #define NEED_TMP_TIME + #elif defined(HAVE_GMTIME_R) #define XGMTIME(c, t) gmtime_r((c), (t)) #define NEED_TMP_TIME #else @@ -1107,8 +1031,13 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #ifndef FILE_BUFFER_SIZE - #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, \ - will use dynamic buffer if not big enough */ + /* default static file buffer size for input, will use dynamic buffer if + * not big enough */ + #ifdef WOLFSSL_CERT_EXT + #define FILE_BUFFER_SIZE (3*1024) + #else + #define FILE_BUFFER_SIZE (1*1024) + #endif #endif #ifdef HAVE_CAVIUM_OCTEON_SYNC diff --git a/source/libs/libwolfssl/wolfcrypt/wolfevent.h b/source/libs/libwolfssl/wolfcrypt/wolfevent.h index 83df5cfd..c6372824 100644 --- a/source/libs/libwolfssl/wolfcrypt/wolfevent.h +++ b/source/libs/libwolfssl/wolfcrypt/wolfevent.h @@ -1,6 +1,6 @@ /* wolfevent.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libs/libwolfssl/wolfcrypt/wolfmath.h b/source/libs/libwolfssl/wolfcrypt/wolfmath.h index 3430033e..c578f9b8 100644 --- a/source/libs/libwolfssl/wolfcrypt/wolfmath.h +++ b/source/libs/libwolfssl/wolfcrypt/wolfmath.h @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,6 +58,7 @@ This library provides big integer math functions. MP_API int get_digit_count(const mp_int* a); MP_API mp_digit get_digit(const mp_int* a, int n); MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d); +WOLFSSL_LOCAL void mp_reverse(unsigned char *s, int len); WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b); WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); diff --git a/source/libs/libwolfssl/wolfio.h b/source/libs/libwolfssl/wolfio.h index d5b973dc..3daa9746 100644 --- a/source/libs/libwolfssl/wolfio.h +++ b/source/libs/libwolfssl/wolfio.h @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2021 wolfSSL Inc. + * Copyright (C) 2006-2022 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -151,6 +151,8 @@ #elif defined(EBSNET) #include "rtipapi.h" /* errno */ #include "socket.h" + #elif defined(NETOS) + #include #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS) @@ -166,7 +168,13 @@ #endif #endif - #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* Uses FREERTOS_TCP */ + #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) ||\ + defined(WOLFSSL_RENESAS_RA6M4) + /* Uses FREERTOS_TCP */ + #include + #endif + + #if defined(WOLFSSL_EMBOS) #include #endif @@ -275,6 +283,23 @@ #define SOCKET_EPIPE FCL_EPIPE #define SOCKET_ECONNREFUSED FCL_ECONNREFUSED #define SOCKET_ECONNABORTED FNS_ECONNABORTED +#elif defined(WOLFSSL_LWIP_NATIVE) + #define SOCKET_EWOULDBLOCK ERR_WOULDBLOCK + #define SOCKET_EAGAIN ERR_WOULDBLOCK + #define SOCKET_ECONNRESET ERR_RST + #define SOCKET_EINTR ERR_CLSD + #define SOCKET_EPIPE ERR_CLSD + #define SOCKET_ECONNREFUSED ERR_CONN + #define SOCKET_ECONNABORTED ERR_ABRT +#elif defined(WOLFSSL_EMNET) + #include + #define SOCKET_EWOULDBLOCK IP_ERR_WOULD_BLOCK + #define SOCKET_EAGAIN IP_ERR_WOULD_BLOCK + #define SOCKET_ECONNRESET IP_ERR_CONN_RESET + #define SOCKET_EINTR IP_ERR_FAULT + #define SOCKET_EPIPE IP_ERR_PIPE + #define SOCKET_ECONNREFUSED IP_ERR_CONN_REFUSED + #define SOCKET_ECONNABORTED IP_ERR_CONN_ABORTED #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN @@ -301,6 +326,9 @@ #define RECV_FUNCTION(a,b,c,d) FreeRTOS_recv((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d)) #define SEND_FUNCTION(a,b,c,d) FreeRTOS_send((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d)) #elif defined(WOLFSSL_VXWORKS) + /*socket.h already has "typedef struct sockaddr SOCKADDR;" + so don't redefine it in wolfSSL */ + #define HAVE_SOCKADDR_DEFINED #define SEND_FUNCTION send #define RECV_FUNCTION recv #elif defined(WOLFSSL_NUCLEUS_1_2) @@ -319,6 +347,9 @@ #elif defined(WOLFSSL_LINUXKM) #define SEND_FUNCTION linuxkm_send #define RECV_FUNCTION linuxkm_recv +#elif defined(WOLFSSL_SGX) + #define SEND_FUNCTION send + #define RECV_FUNCTION recv #else #define SEND_FUNCTION send #define RECV_FUNCTION recv @@ -328,14 +359,18 @@ #endif #ifdef USE_WINDOWS_API - typedef unsigned int SOCKET_T; + #if defined(__MINGW64__) + typedef size_t SOCKET_T; + #else + typedef unsigned int SOCKET_T; + #endif #ifndef SOCKET_INVALID #define SOCKET_INVALID INVALID_SOCKET #endif #else typedef int SOCKET_T; #ifndef SOCKET_INVALID - #define SOCKET_INVALID -1 + #define SOCKET_INVALID (-1) #endif #endif @@ -350,7 +385,9 @@ /* Socket Addr Support */ #ifdef HAVE_SOCKADDR + #ifndef HAVE_SOCKADDR_DEFINED typedef struct sockaddr SOCKADDR; + #endif typedef struct sockaddr_storage SOCKADDR_S; typedef struct sockaddr_in SOCKADDR_IN; #ifdef WOLFSSL_IPV6 @@ -359,8 +396,7 @@ typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ - /* use gethostbyname for c99 */ - #if defined(HAVE_GETADDRINFO) && !defined(WOLF_C99) + #if defined(HAVE_GETADDRINFO) typedef struct addrinfo ADDRINFO; #endif #endif /* WOLFSSL_NO_SOCK */ @@ -374,6 +410,10 @@ #endif WOLFSSL_API int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, unsigned short port, int to_sec); +#ifdef HAVE_SOCKADDR +WOLFSSL_API int wolfIO_TcpAccept(SOCKET_T sockfd, SOCKADDR* peer_addr, XSOCKLENT* peer_len); +#endif +WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port); WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags); WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); @@ -418,20 +458,15 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); #ifdef WOLFSSL_DTLS - WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); - WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); - WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, - int sz, void*); + WOLFSSL_API int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, + void *ctx); + WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx); + WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, + void *ctx); #ifdef WOLFSSL_MULTICAST - WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl, - char* buf, int sz, void*); + WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, + int sz, void *ctx); #endif /* WOLFSSL_MULTICAST */ - #ifdef WOLFSSL_SESSION_EXPORT - WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz, - unsigned short* port, int* fam); - WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz, - unsigned short port, int fam); - #endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_DTLS */ #endif /* USE_WOLFSSL_IO */ @@ -442,9 +477,9 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, void* heap); - WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*, - int, unsigned char**); - WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*); + WOLFSSL_API int EmbedOcspLookup(void* ctx, const char* url, int urlSz, + byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf); + WOLFSSL_API void EmbedOcspRespFree(void* ctx, byte *resp); #endif #ifdef HAVE_CRL_IO @@ -477,10 +512,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); /* I/O callbacks */ typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx); typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx); -WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); -WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); -WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL*, CallbackIORecv); -WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL*, CallbackIOSend); +WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv); +WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend); +WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv); +WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend); /* deprecated old name */ #define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv #define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend @@ -582,24 +617,125 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #endif +#ifdef WOLFSSL_LWIP_NATIVE + #include "lwip/tcp.h" + #include "lwip/sockets.h" + typedef struct WOLFSSL_LWIP_NATIVE_STATE { + struct tcp_pcb * pcb; + tcp_recv_fn recv_fn; + tcp_sent_fn sent_fn; + int pulled; + struct pbuf *pbuf; + int wait; + void * arg; /* arg for application */ + int idle_count; + } WOLFSSL_LWIP_NATIVE_STATE; + + WOLFSSL_LOCAL int LwIPNativeSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_LOCAL int LwIPNativeReceive(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_API int wolfSSL_SetIO_LwIP(WOLFSSL* ssl, void *pcb, + tcp_recv_fn recv, tcp_sent_fn sent, void *arg); +#endif +#ifdef WOLFSSL_ISOTP + #define ISOTP_DEFAULT_TIMEOUT 100 + #define ISOTP_DEFAULT_WAIT_COUNT 3 + #define ISOTP_FIRST_FRAME_DATA_SIZE 6 + #define ISOTP_SINGLE_FRAME_DATA_SIZE 7 + #define ISOTP_MAX_CONSECUTIVE_FRAME_DATA_SIZE 7 + #define ISOTP_MAX_MS_FRAME_DELAY 0x7f + #define ISOTP_CAN_BUS_PAYLOAD_SIZE 8 + #define ISOTP_MAX_DATA_SIZE 4095 + /* Packets will never be larger than the ISO-TP max data size */ + #define ISOTP_DEFAULT_BUFFER_SIZE ISOTP_MAX_DATA_SIZE + #define ISOTP_FLOW_CONTROL_PACKET_SIZE 3 + #define ISOTP_FLOW_CONTROL_FRAMES 0 /* infinite */ + #define ISOTP_MAX_SEQUENCE_COUNTER 15 + + enum isotp_frame_type { + ISOTP_FRAME_TYPE_SINGLE = 0, + ISOTP_FRAME_TYPE_FIRST = 1, + ISOTP_FRAME_TYPE_CONSECUTIVE = 2, + ISOTP_FRAME_TYPE_CONTROL = 3 + }; + + enum isotp_flow_control { + ISOTP_FLOW_CONTROL_CTS = 0, + ISOTP_FLOW_CONTROL_WAIT = 1, + ISOTP_FLOW_CONTROL_ABORT = 2 + }; + + enum isotp_connection_state { + ISOTP_CONN_STATE_IDLE, + ISOTP_CONN_STATE_SENDING, + ISOTP_CONN_STATE_RECEIVING + }; + + typedef struct isotp_can_data { + byte data[ISOTP_CAN_BUS_PAYLOAD_SIZE]; + byte length; + } isotp_can_data; + + /* User supplied functions for sending/receiving CAN bus messages of up to + * 8 bytes, as well as a function to add an artificial delay when a + * receiver requests one. */ + typedef int (*can_recv_fn)(struct isotp_can_data *data, void *arg, + int timeout); + typedef int (*can_send_fn)(struct isotp_can_data *data, void *arg); + typedef void (*can_delay_fn)(int microseconds); + + typedef struct isotp_wolfssl_ctx { + struct isotp_can_data frame; + char *buf_ptr; + char *receive_buffer; + char *receive_buffer_ptr; + can_recv_fn recv_fn; + can_send_fn send_fn; + can_delay_fn delay_fn; + void *arg; + int receive_buffer_len; + int receive_buffer_size; + enum isotp_connection_state state; + word16 buf_length; + byte sequence; + byte flow_packets; + byte flow_counter; + byte frame_delay; + byte wait_counter; + byte receive_delay; + } isotp_wolfssl_ctx; + + WOLFSSL_LOCAL int ISOTP_Receive(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_LOCAL int ISOTP_Send(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_API int wolfSSL_SetIO_ISOTP(WOLFSSL *ssl, isotp_wolfssl_ctx *ctx, + can_recv_fn recv_fn, can_send_fn send_fn, can_delay_fn delay_fn, + word32 receive_delay, char *receive_buffer, + int receive_buffer_size, void *arg); + +#endif #ifdef WOLFSSL_DTLS typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz, void* ctx); - WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie); + WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, + CallbackGenCookie cb); WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl); - #ifdef WOLFSSL_SESSION_EXPORT - typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz, - unsigned short* port, int* fam); - typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz, - unsigned short port, int fam); - - WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer); - WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer); - #endif /* WOLFSSL_SESSION_EXPORT */ #endif +#ifdef WOLFSSL_SESSION_EXPORT + typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz, + unsigned short* port, int* fam); + typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz, + unsigned short port, int fam); + + WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer); + WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer); + WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz, + unsigned short* port, int* fam); + WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz, + unsigned short port, int fam); +#endif /* WOLFSSL_SESSION_EXPORT */ @@ -614,7 +750,11 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) #ifdef USE_WINDOWS_API /* Windows-friendly definition */ #undef XINET_PTON - #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) + #if defined(__MINGW64__) && !defined(UNICODE) + #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) + #else + #define XINET_PTON(a,b,c) InetPton((a),(PCWSTR)(b),(c)) + #endif #endif #endif diff --git a/source/network/https.c b/source/network/https.c index 5b3fddae..fb919313 100644 --- a/source/network/https.c +++ b/source/network/https.c @@ -421,7 +421,7 @@ void downloadfile(const char *url, struct download *buffer) if (httpinfo.use_https) { // Create a new SSL context - // wolfSSLv23_client_method() works but TLS 1.2 is slightly faster on Wii + // TLS 1.2 is slightly faster on Wii if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { #ifdef DEBUG_NETWORK diff --git a/source/network/picohttpparser.h b/source/network/picohttpparser.h index 0849f844..07537cf1 100644 --- a/source/network/picohttpparser.h +++ b/source/network/picohttpparser.h @@ -72,8 +72,8 @@ struct phr_chunked_decoder { * repeatedly call the function while it returns -2 (incomplete) every time * supplying newly arrived data. If the end of the chunked-encoded data is * found, the function returns a non-negative number indicating the number of - * octets left undecoded at the tail of the supplied buffer. Returns -1 on - * error. + * octets left undecoded, that starts from the offset returned by `*bufsz`. + * Returns -1 on error. */ ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz);