CyaSSL - CyaSSL changed for NucleoF401RE board: implemente…

Users » Vanger » Code » CyaSSL

CyaSSL changed for NucleoF401RE board: implemented random and time functions for build. (Has trouble with wildcard domains like *.google.com, *.yahoo.com)

Fork of CyaSSL by wolf SSL

cyassl/internal.h@4:e505054279ed, 2015-01-14 (annotated)

Committer:: Vanger
Date:: Wed Jan 14 22:07:14 2015 +0000
Revision:: 4:e505054279ed
Parent:: 0:1239e9b70ca2

Implemented some platform specific functions in the Cyassl library code: time functions, seed random functions, and also changed the settings.h file to define settings specific to the platform being used

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	0:1239e9b70ca2	1	/* internal.h
wolfSSL	0:1239e9b70ca2	2	*
wolfSSL	0:1239e9b70ca2	3	* Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL	0:1239e9b70ca2	4	*
wolfSSL	0:1239e9b70ca2	5	* This file is part of CyaSSL.
wolfSSL	0:1239e9b70ca2	6	*
wolfSSL	0:1239e9b70ca2	7	* CyaSSL is free software; you can redistribute it and/or modify
wolfSSL	0:1239e9b70ca2	8	* it under the terms of the GNU General Public License as published by
wolfSSL	0:1239e9b70ca2	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	0:1239e9b70ca2	10	* (at your option) any later version.
wolfSSL	0:1239e9b70ca2	11	*
wolfSSL	0:1239e9b70ca2	12	* CyaSSL is distributed in the hope that it will be useful,
wolfSSL	0:1239e9b70ca2	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	0:1239e9b70ca2	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	0:1239e9b70ca2	15	* GNU General Public License for more details.
wolfSSL	0:1239e9b70ca2	16	*
wolfSSL	0:1239e9b70ca2	17	* You should have received a copy of the GNU General Public License
wolfSSL	0:1239e9b70ca2	18	* along with this program; if not, write to the Free Software
wolfSSL	0:1239e9b70ca2	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	0:1239e9b70ca2	20	*/
wolfSSL	0:1239e9b70ca2	21
wolfSSL	0:1239e9b70ca2	22
wolfSSL	0:1239e9b70ca2	23	#ifndef CYASSL_INT_H
wolfSSL	0:1239e9b70ca2	24	#define CYASSL_INT_H
wolfSSL	0:1239e9b70ca2	25
wolfSSL	0:1239e9b70ca2	26
wolfSSL	0:1239e9b70ca2	27	#include <cyassl/ctaocrypt/types.h>
wolfSSL	0:1239e9b70ca2	28	#include <cyassl/ssl.h>
wolfSSL	0:1239e9b70ca2	29	#include <cyassl/crl.h>
wolfSSL	0:1239e9b70ca2	30	#include <cyassl/ctaocrypt/random.h>
wolfSSL	0:1239e9b70ca2	31	#include <cyassl/ctaocrypt/des3.h>
wolfSSL	0:1239e9b70ca2	32	#include <cyassl/ctaocrypt/hc128.h>
wolfSSL	0:1239e9b70ca2	33	#include <cyassl/ctaocrypt/rabbit.h>
wolfSSL	0:1239e9b70ca2	34	#include <cyassl/ctaocrypt/asn.h>
wolfSSL	0:1239e9b70ca2	35	#include <cyassl/ctaocrypt/md5.h>
wolfSSL	0:1239e9b70ca2	36	#include <cyassl/ctaocrypt/sha.h>
wolfSSL	0:1239e9b70ca2	37	#include <cyassl/ctaocrypt/aes.h>
wolfSSL	0:1239e9b70ca2	38	#include <cyassl/ctaocrypt/camellia.h>
wolfSSL	0:1239e9b70ca2	39	#include <cyassl/ctaocrypt/logging.h>
wolfSSL	0:1239e9b70ca2	40	#include <cyassl/ctaocrypt/hmac.h>
wolfSSL	0:1239e9b70ca2	41	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	42	#include <cyassl/ctaocrypt/arc4.h>
wolfSSL	0:1239e9b70ca2	43	#endif
wolfSSL	0:1239e9b70ca2	44	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	45	#include <cyassl/ctaocrypt/ecc.h>
wolfSSL	0:1239e9b70ca2	46	#endif
wolfSSL	0:1239e9b70ca2	47	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	48	#include <cyassl/ctaocrypt/sha256.h>
wolfSSL	0:1239e9b70ca2	49	#endif
wolfSSL	0:1239e9b70ca2	50	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	51	#include <cyassl/ocsp.h>
wolfSSL	0:1239e9b70ca2	52	#endif
wolfSSL	0:1239e9b70ca2	53	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	54	#include <cyassl/ctaocrypt/sha512.h>
wolfSSL	0:1239e9b70ca2	55	#endif
wolfSSL	0:1239e9b70ca2	56
wolfSSL	0:1239e9b70ca2	57	#ifdef HAVE_AESGCM
wolfSSL	0:1239e9b70ca2	58	#include <cyassl/ctaocrypt/sha512.h>
wolfSSL	0:1239e9b70ca2	59	#endif
wolfSSL	0:1239e9b70ca2	60
wolfSSL	0:1239e9b70ca2	61	#ifdef CYASSL_RIPEMD
wolfSSL	0:1239e9b70ca2	62	#include <cyassl/ctaocrypt/ripemd.h>
wolfSSL	0:1239e9b70ca2	63	#endif
wolfSSL	0:1239e9b70ca2	64
wolfSSL	0:1239e9b70ca2	65	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	66	#include <cyassl/callbacks.h>
wolfSSL	0:1239e9b70ca2	67	#include <signal.h>
wolfSSL	0:1239e9b70ca2	68	#endif
wolfSSL	0:1239e9b70ca2	69
wolfSSL	0:1239e9b70ca2	70	#ifdef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	71	#ifdef CYASSL_GAME_BUILD
wolfSSL	0:1239e9b70ca2	72	#include "system/xtl.h"
wolfSSL	0:1239e9b70ca2	73	#else
wolfSSL	0:1239e9b70ca2	74	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	0:1239e9b70ca2	75	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	0:1239e9b70ca2	76	#include <winsock2.h>
wolfSSL	0:1239e9b70ca2	77	#endif
wolfSSL	0:1239e9b70ca2	78	#include <windows.h>
wolfSSL	0:1239e9b70ca2	79	#endif
wolfSSL	0:1239e9b70ca2	80	#elif defined(THREADX)
wolfSSL	0:1239e9b70ca2	81	#ifndef SINGLE_THREADED
wolfSSL	0:1239e9b70ca2	82	#include "tx_api.h"
wolfSSL	0:1239e9b70ca2	83	#endif
wolfSSL	0:1239e9b70ca2	84	#elif defined(MICRIUM)
wolfSSL	0:1239e9b70ca2	85	/* do nothing, just don't pick Unix */
wolfSSL	0:1239e9b70ca2	86	#elif defined(FREERTOS) \|\| defined(CYASSL_SAFERTOS)
wolfSSL	0:1239e9b70ca2	87	/* do nothing */
wolfSSL	0:1239e9b70ca2	88	#elif defined(EBSNET)
wolfSSL	0:1239e9b70ca2	89	/* do nothing */
wolfSSL	0:1239e9b70ca2	90	#elif defined(FREESCALE_MQX)
wolfSSL	0:1239e9b70ca2	91	/* do nothing */
wolfSSL	0:1239e9b70ca2	92	#elif defined(CYASSL_MDK_ARM)
wolfSSL	0:1239e9b70ca2	93	#if defined(CYASSL_MDK5)
wolfSSL	0:1239e9b70ca2	94	#include "cmsis_os.h"
wolfSSL	0:1239e9b70ca2	95	#else
wolfSSL	0:1239e9b70ca2	96	#include <rtl.h>
wolfSSL	0:1239e9b70ca2	97	#endif
wolfSSL	0:1239e9b70ca2	98	#elif defined(MBED)
wolfSSL	0:1239e9b70ca2	99
wolfSSL	0:1239e9b70ca2	100	#else
wolfSSL	0:1239e9b70ca2	101	#ifndef SINGLE_THREADED
wolfSSL	0:1239e9b70ca2	102	#define CYASSL_PTHREADS
wolfSSL	0:1239e9b70ca2	103	#include <pthread.h>
wolfSSL	0:1239e9b70ca2	104	#endif
wolfSSL	0:1239e9b70ca2	105	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	0:1239e9b70ca2	106	#include <unistd.h> /* for close of BIO */
wolfSSL	0:1239e9b70ca2	107	#endif
wolfSSL	0:1239e9b70ca2	108	#endif
wolfSSL	0:1239e9b70ca2	109
wolfSSL	0:1239e9b70ca2	110
wolfSSL	0:1239e9b70ca2	111	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	112	#include "zlib.h"
wolfSSL	0:1239e9b70ca2	113	#endif
wolfSSL	0:1239e9b70ca2	114
wolfSSL	0:1239e9b70ca2	115	#ifdef _MSC_VER
wolfSSL	0:1239e9b70ca2	116	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	0:1239e9b70ca2	117	#pragma warning(disable: 4996)
wolfSSL	0:1239e9b70ca2	118	#endif
wolfSSL	0:1239e9b70ca2	119
wolfSSL	0:1239e9b70ca2	120	#ifdef NO_AES
wolfSSL	0:1239e9b70ca2	121	#if !defined (ALIGN16)
wolfSSL	0:1239e9b70ca2	122	#define ALIGN16
wolfSSL	0:1239e9b70ca2	123	#endif
wolfSSL	0:1239e9b70ca2	124	#endif
wolfSSL	0:1239e9b70ca2	125
wolfSSL	0:1239e9b70ca2	126	#ifdef NO_SHA
wolfSSL	0:1239e9b70ca2	127	#define SHA_DIGEST_SIZE 20
wolfSSL	0:1239e9b70ca2	128	#endif
wolfSSL	0:1239e9b70ca2	129
wolfSSL	0:1239e9b70ca2	130	#ifdef NO_SHA256
wolfSSL	0:1239e9b70ca2	131	#define SHA256_DIGEST_SIZE 32
wolfSSL	0:1239e9b70ca2	132	#endif
wolfSSL	0:1239e9b70ca2	133
wolfSSL	0:1239e9b70ca2	134
wolfSSL	0:1239e9b70ca2	135	#ifdef __cplusplus
wolfSSL	0:1239e9b70ca2	136	extern "C" {
wolfSSL	0:1239e9b70ca2	137	#endif
wolfSSL	0:1239e9b70ca2	138
wolfSSL	0:1239e9b70ca2	139
wolfSSL	0:1239e9b70ca2	140	#ifdef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	141	typedef unsigned int SOCKET_T;
wolfSSL	0:1239e9b70ca2	142	#else
wolfSSL	0:1239e9b70ca2	143	typedef int SOCKET_T;
wolfSSL	0:1239e9b70ca2	144	#endif
wolfSSL	0:1239e9b70ca2	145
wolfSSL	0:1239e9b70ca2	146
wolfSSL	0:1239e9b70ca2	147	typedef byte word24[3];
wolfSSL	0:1239e9b70ca2	148
wolfSSL	0:1239e9b70ca2	149	/* used by ssl.c and cyassl_int.c */
wolfSSL	0:1239e9b70ca2	150	void c32to24(word32 in, word24 out);
wolfSSL	0:1239e9b70ca2	151
wolfSSL	0:1239e9b70ca2	152	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	0:1239e9b70ca2	153	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	0:1239e9b70ca2	154
wolfSSL	0:1239e9b70ca2	155	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	0:1239e9b70ca2	156	*/
wolfSSL	0:1239e9b70ca2	157	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	0:1239e9b70ca2	158	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	159	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	160	#endif
wolfSSL	0:1239e9b70ca2	161	#if !defined(NO_MD5)
wolfSSL	0:1239e9b70ca2	162	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	0:1239e9b70ca2	163	#endif
wolfSSL	0:1239e9b70ca2	164	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	165	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	166	#endif
wolfSSL	0:1239e9b70ca2	167	#endif
wolfSSL	0:1239e9b70ca2	168
wolfSSL	0:1239e9b70ca2	169	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	0:1239e9b70ca2	170	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	171	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	172	#if !defined(NO_TLS) && defined(HAVE_NTRU)
wolfSSL	0:1239e9b70ca2	173	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	174	#endif
wolfSSL	0:1239e9b70ca2	175	#endif
wolfSSL	0:1239e9b70ca2	176	#endif
wolfSSL	0:1239e9b70ca2	177
wolfSSL	0:1239e9b70ca2	178	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	0:1239e9b70ca2	179	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	180	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	181	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	182	#if defined(HAVE_NTRU)
wolfSSL	0:1239e9b70ca2	183	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	184	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	185	#endif
wolfSSL	0:1239e9b70ca2	186	#endif
wolfSSL	0:1239e9b70ca2	187	#if !defined (NO_SHA256)
wolfSSL	0:1239e9b70ca2	188	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	189	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	190	#endif
wolfSSL	0:1239e9b70ca2	191	#if defined (HAVE_AESGCM)
wolfSSL	0:1239e9b70ca2	192	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	193	#if defined (CYASSL_SHA384)
wolfSSL	0:1239e9b70ca2	194	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	195	#endif
wolfSSL	0:1239e9b70ca2	196	#endif
wolfSSL	0:1239e9b70ca2	197	#if defined (HAVE_AESCCM)
wolfSSL	0:1239e9b70ca2	198	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	199	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	200	#endif
wolfSSL	0:1239e9b70ca2	201	#if defined(HAVE_BLAKE2)
wolfSSL	0:1239e9b70ca2	202	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	0:1239e9b70ca2	203	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	0:1239e9b70ca2	204	#endif
wolfSSL	0:1239e9b70ca2	205	#endif
wolfSSL	0:1239e9b70ca2	206
wolfSSL	0:1239e9b70ca2	207	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL	0:1239e9b70ca2	208	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	209	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	210	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	211	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	212	#endif
wolfSSL	0:1239e9b70ca2	213	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	214	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	215	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	216	#endif
wolfSSL	0:1239e9b70ca2	217	#if !defined(NO_DH) && defined(OPENSSL_EXTRA)
wolfSSL	0:1239e9b70ca2	218	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	219	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	220	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	221	#endif
wolfSSL	0:1239e9b70ca2	222	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	223	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	224	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	225	#endif
wolfSSL	0:1239e9b70ca2	226	#endif
wolfSSL	0:1239e9b70ca2	227	#endif
wolfSSL	0:1239e9b70ca2	228	#endif
wolfSSL	0:1239e9b70ca2	229
wolfSSL	0:1239e9b70ca2	230	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	0:1239e9b70ca2	231	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	232	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	233	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	234	#endif
wolfSSL	0:1239e9b70ca2	235	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	236	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	237	#ifdef HAVE_AESCCM
wolfSSL	0:1239e9b70ca2	238	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	239	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	240	#endif
wolfSSL	0:1239e9b70ca2	241	#endif
wolfSSL	0:1239e9b70ca2	242	#endif
wolfSSL	0:1239e9b70ca2	243
wolfSSL	0:1239e9b70ca2	244	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	0:1239e9b70ca2	245	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	246	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	247	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	248	#endif
wolfSSL	0:1239e9b70ca2	249	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	250	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	251	#endif
wolfSSL	0:1239e9b70ca2	252	#endif
wolfSSL	0:1239e9b70ca2	253	#if !defined(NO_PSK)
wolfSSL	0:1239e9b70ca2	254	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	255	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	256	#endif
wolfSSL	0:1239e9b70ca2	257	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	258	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	259	#endif
wolfSSL	0:1239e9b70ca2	260	#endif
wolfSSL	0:1239e9b70ca2	261	#endif
wolfSSL	0:1239e9b70ca2	262
wolfSSL	0:1239e9b70ca2	263	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	0:1239e9b70ca2	264	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	0:1239e9b70ca2	265	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	266	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	0:1239e9b70ca2	267	#endif
wolfSSL	0:1239e9b70ca2	268	#if defined(HAVE_BLAKE2)
wolfSSL	0:1239e9b70ca2	269	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	0:1239e9b70ca2	270	#endif
wolfSSL	0:1239e9b70ca2	271	#endif
wolfSSL	0:1239e9b70ca2	272
wolfSSL	0:1239e9b70ca2	273	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	274	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	275	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	0:1239e9b70ca2	276	#endif
wolfSSL	0:1239e9b70ca2	277	#endif
wolfSSL	0:1239e9b70ca2	278
wolfSSL	0:1239e9b70ca2	279	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	0:1239e9b70ca2	280	!defined(NO_RSA) && defined(OPENSSL_EXTRA)
wolfSSL	0:1239e9b70ca2	281	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	282	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	283	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	284	#endif
wolfSSL	0:1239e9b70ca2	285	#if !defined (NO_SHA256)
wolfSSL	0:1239e9b70ca2	286	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	287	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	288	#if defined (HAVE_AESGCM)
wolfSSL	0:1239e9b70ca2	289	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	290	#if defined (CYASSL_SHA384)
wolfSSL	0:1239e9b70ca2	291	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	292	#endif
wolfSSL	0:1239e9b70ca2	293	#endif
wolfSSL	0:1239e9b70ca2	294	#endif
wolfSSL	0:1239e9b70ca2	295	#endif
wolfSSL	0:1239e9b70ca2	296
wolfSSL	0:1239e9b70ca2	297	#if defined(HAVE_ECC) && !defined(NO_TLS)
wolfSSL	0:1239e9b70ca2	298	#if !defined(NO_AES)
wolfSSL	0:1239e9b70ca2	299	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	300	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	301	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	302	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	303	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	304	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	305	#endif
wolfSSL	0:1239e9b70ca2	306
wolfSSL	0:1239e9b70ca2	307	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	308	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	309
wolfSSL	0:1239e9b70ca2	310	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	311	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	312	#endif /* NO_SHA */
wolfSSL	0:1239e9b70ca2	313	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	314	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	315	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	316	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	317	#endif
wolfSSL	0:1239e9b70ca2	318	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	319	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	320	#endif
wolfSSL	0:1239e9b70ca2	321
wolfSSL	0:1239e9b70ca2	322	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	323	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	324	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	325	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	326	#endif
wolfSSL	0:1239e9b70ca2	327	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	328	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	329	#endif
wolfSSL	0:1239e9b70ca2	330
wolfSSL	0:1239e9b70ca2	331	#if defined (HAVE_AESGCM)
wolfSSL	0:1239e9b70ca2	332	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	333	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	334	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	335	#if defined(CYASSL_SHA384)
wolfSSL	0:1239e9b70ca2	336	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	337	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	338	#endif
wolfSSL	0:1239e9b70ca2	339	#endif
wolfSSL	0:1239e9b70ca2	340
wolfSSL	0:1239e9b70ca2	341	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	342	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	343
wolfSSL	0:1239e9b70ca2	344	#if defined(CYASSL_SHA384)
wolfSSL	0:1239e9b70ca2	345	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	346	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	347	#endif
wolfSSL	0:1239e9b70ca2	348	#endif
wolfSSL	0:1239e9b70ca2	349	#if defined (HAVE_AESCCM)
wolfSSL	0:1239e9b70ca2	350	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	351	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	352	#endif
wolfSSL	0:1239e9b70ca2	353	#endif /* NO_AES */
wolfSSL	0:1239e9b70ca2	354	#if !defined(NO_RC4)
wolfSSL	0:1239e9b70ca2	355	#if !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	356	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	357	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	358	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	359	#endif
wolfSSL	0:1239e9b70ca2	360
wolfSSL	0:1239e9b70ca2	361	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	362	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	363	#endif
wolfSSL	0:1239e9b70ca2	364	#endif
wolfSSL	0:1239e9b70ca2	365	#if !defined(NO_DES3)
wolfSSL	0:1239e9b70ca2	366	#if !defined(NO_RSA)
wolfSSL	0:1239e9b70ca2	367	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	368	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	369	#endif
wolfSSL	0:1239e9b70ca2	370
wolfSSL	0:1239e9b70ca2	371	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	372	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	373	#endif
wolfSSL	0:1239e9b70ca2	374	#endif
wolfSSL	0:1239e9b70ca2	375
wolfSSL	0:1239e9b70ca2	376
wolfSSL	0:1239e9b70ca2	377	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	0:1239e9b70ca2	378	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	0:1239e9b70ca2	379	#define BUILD_ARC4
wolfSSL	0:1239e9b70ca2	380	#endif
wolfSSL	0:1239e9b70ca2	381
wolfSSL	0:1239e9b70ca2	382	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	0:1239e9b70ca2	383	#define BUILD_DES3
wolfSSL	0:1239e9b70ca2	384	#endif
wolfSSL	0:1239e9b70ca2	385
wolfSSL	0:1239e9b70ca2	386	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	0:1239e9b70ca2	387	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	0:1239e9b70ca2	388	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
wolfSSL	0:1239e9b70ca2	389	#undef BUILD_AES
wolfSSL	0:1239e9b70ca2	390	#define BUILD_AES
wolfSSL	0:1239e9b70ca2	391	#endif
wolfSSL	0:1239e9b70ca2	392
wolfSSL	0:1239e9b70ca2	393	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	0:1239e9b70ca2	394	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
wolfSSL	0:1239e9b70ca2	395	#define BUILD_AESGCM
wolfSSL	0:1239e9b70ca2	396	#endif
wolfSSL	0:1239e9b70ca2	397
wolfSSL	0:1239e9b70ca2	398	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	0:1239e9b70ca2	399	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
wolfSSL	0:1239e9b70ca2	400	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL	0:1239e9b70ca2	401	#define BUILD_HC128
wolfSSL	0:1239e9b70ca2	402	#endif
wolfSSL	0:1239e9b70ca2	403
wolfSSL	0:1239e9b70ca2	404	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	0:1239e9b70ca2	405	#define BUILD_RABBIT
wolfSSL	0:1239e9b70ca2	406	#endif
wolfSSL	0:1239e9b70ca2	407
wolfSSL	0:1239e9b70ca2	408	#ifdef NO_DES3
wolfSSL	0:1239e9b70ca2	409	#define DES_BLOCK_SIZE 8
wolfSSL	0:1239e9b70ca2	410	#else
wolfSSL	0:1239e9b70ca2	411	#undef BUILD_DES3
wolfSSL	0:1239e9b70ca2	412	#define BUILD_DES3
wolfSSL	0:1239e9b70ca2	413	#endif
wolfSSL	0:1239e9b70ca2	414
wolfSSL	0:1239e9b70ca2	415	#ifdef NO_AES
wolfSSL	0:1239e9b70ca2	416	#define AES_BLOCK_SIZE 16
wolfSSL	0:1239e9b70ca2	417	#else
wolfSSL	0:1239e9b70ca2	418	#undef BUILD_AES
wolfSSL	0:1239e9b70ca2	419	#define BUILD_AES
wolfSSL	0:1239e9b70ca2	420	#endif
wolfSSL	0:1239e9b70ca2	421
wolfSSL	0:1239e9b70ca2	422	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	423	#undef BUILD_ARC4
wolfSSL	0:1239e9b70ca2	424	#define BUILD_ARC4
wolfSSL	0:1239e9b70ca2	425	#endif
wolfSSL	0:1239e9b70ca2	426
wolfSSL	0:1239e9b70ca2	427
wolfSSL	0:1239e9b70ca2	428
wolfSSL	0:1239e9b70ca2	429	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	0:1239e9b70ca2	430	#define HAVE_AEAD
wolfSSL	0:1239e9b70ca2	431	#endif
wolfSSL	0:1239e9b70ca2	432
wolfSSL	0:1239e9b70ca2	433
wolfSSL	0:1239e9b70ca2	434	/* actual cipher values, 2nd byte */
wolfSSL	0:1239e9b70ca2	435	enum {
wolfSSL	0:1239e9b70ca2	436	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	0:1239e9b70ca2	437	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	0:1239e9b70ca2	438	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	0:1239e9b70ca2	439	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	0:1239e9b70ca2	440	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	0:1239e9b70ca2	441	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	0:1239e9b70ca2	442	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	0:1239e9b70ca2	443	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	0:1239e9b70ca2	444	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	0:1239e9b70ca2	445	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	0:1239e9b70ca2	446	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	0:1239e9b70ca2	447	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	0:1239e9b70ca2	448	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	0:1239e9b70ca2	449
wolfSSL	0:1239e9b70ca2	450	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	0:1239e9b70ca2	451	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	0:1239e9b70ca2	452	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	0:1239e9b70ca2	453	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	0:1239e9b70ca2	454	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	0:1239e9b70ca2	455	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	0:1239e9b70ca2	456	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	0:1239e9b70ca2	457	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	0:1239e9b70ca2	458	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	0:1239e9b70ca2	459	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	0:1239e9b70ca2	460	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	0:1239e9b70ca2	461	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	0:1239e9b70ca2	462	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	0:1239e9b70ca2	463
wolfSSL	0:1239e9b70ca2	464	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	0:1239e9b70ca2	465	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	0:1239e9b70ca2	466	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	0:1239e9b70ca2	467	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	0:1239e9b70ca2	468	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	0:1239e9b70ca2	469	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	0:1239e9b70ca2	470	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	0:1239e9b70ca2	471	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	0:1239e9b70ca2	472	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	0:1239e9b70ca2	473	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	0:1239e9b70ca2	474	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	0:1239e9b70ca2	475	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	0:1239e9b70ca2	476	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	0:1239e9b70ca2	477
wolfSSL	0:1239e9b70ca2	478	/* CyaSSL extension - eSTREAM */
wolfSSL	0:1239e9b70ca2	479	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	0:1239e9b70ca2	480	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	0:1239e9b70ca2	481	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	0:1239e9b70ca2	482
wolfSSL	0:1239e9b70ca2	483	/* CyaSSL extension - Blake2b 256 */
wolfSSL	0:1239e9b70ca2	484	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL	0:1239e9b70ca2	485	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL	0:1239e9b70ca2	486	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL	0:1239e9b70ca2	487
wolfSSL	0:1239e9b70ca2	488	/* CyaSSL extension - NTRU */
wolfSSL	0:1239e9b70ca2	489	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	0:1239e9b70ca2	490	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	0:1239e9b70ca2	491	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */
wolfSSL	0:1239e9b70ca2	492	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	0:1239e9b70ca2	493
wolfSSL	0:1239e9b70ca2	494	/* SHA256 */
wolfSSL	0:1239e9b70ca2	495	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	0:1239e9b70ca2	496	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	0:1239e9b70ca2	497	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	0:1239e9b70ca2	498	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	0:1239e9b70ca2	499	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	0:1239e9b70ca2	500
wolfSSL	0:1239e9b70ca2	501	/* AES-GCM */
wolfSSL	0:1239e9b70ca2	502	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	0:1239e9b70ca2	503	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	0:1239e9b70ca2	504	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	0:1239e9b70ca2	505	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	0:1239e9b70ca2	506
wolfSSL	0:1239e9b70ca2	507	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	0:1239e9b70ca2	508	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	0:1239e9b70ca2	509	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	0:1239e9b70ca2	510	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	0:1239e9b70ca2	511	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	0:1239e9b70ca2	512	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	0:1239e9b70ca2	513	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	0:1239e9b70ca2	514	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	0:1239e9b70ca2	515	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	0:1239e9b70ca2	516
wolfSSL	0:1239e9b70ca2	517	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	0:1239e9b70ca2	518	* also, in some of the other AES-CCM suites
wolfSSL	0:1239e9b70ca2	519	* there will be second byte number conflicts
wolfSSL	0:1239e9b70ca2	520	* with non-ECC AES-GCM */
wolfSSL	0:1239e9b70ca2	521	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	0:1239e9b70ca2	522	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	0:1239e9b70ca2	523	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	0:1239e9b70ca2	524	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	0:1239e9b70ca2	525	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	0:1239e9b70ca2	526	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	0:1239e9b70ca2	527	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	0:1239e9b70ca2	528	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	0:1239e9b70ca2	529
wolfSSL	0:1239e9b70ca2	530	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	0:1239e9b70ca2	531	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	0:1239e9b70ca2	532	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	0:1239e9b70ca2	533	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	0:1239e9b70ca2	534	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	0:1239e9b70ca2	535	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	0:1239e9b70ca2	536	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	0:1239e9b70ca2	537	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	0:1239e9b70ca2	538
wolfSSL	0:1239e9b70ca2	539	/* Renegotiation Indication Extension Special Suite */
wolfSSL	0:1239e9b70ca2	540	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	0:1239e9b70ca2	541	};
wolfSSL	0:1239e9b70ca2	542
wolfSSL	0:1239e9b70ca2	543
wolfSSL	0:1239e9b70ca2	544	enum Misc {
wolfSSL	0:1239e9b70ca2	545	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	0:1239e9b70ca2	546
wolfSSL	0:1239e9b70ca2	547	SEND_CERT = 1,
wolfSSL	0:1239e9b70ca2	548	SEND_BLANK_CERT = 2,
wolfSSL	0:1239e9b70ca2	549
wolfSSL	0:1239e9b70ca2	550	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	0:1239e9b70ca2	551	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	0:1239e9b70ca2	552	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	0:1239e9b70ca2	553	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	0:1239e9b70ca2	554	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	0:1239e9b70ca2	555	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	0:1239e9b70ca2	556	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	0:1239e9b70ca2	557	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	0:1239e9b70ca2	558	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	0:1239e9b70ca2	559	NO_COMPRESSION = 0,
wolfSSL	0:1239e9b70ca2	560	ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
wolfSSL	0:1239e9b70ca2	561	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	0:1239e9b70ca2	562	SECRET_LEN = 48, /* pre RSA and all master */
wolfSSL	0:1239e9b70ca2	563	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	0:1239e9b70ca2	564	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	0:1239e9b70ca2	565	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
wolfSSL	0:1239e9b70ca2	566	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	0:1239e9b70ca2	567	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
wolfSSL	0:1239e9b70ca2	568	/* max added to msg, mac + pad from */
wolfSSL	0:1239e9b70ca2	569	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	0:1239e9b70ca2	570	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	0:1239e9b70ca2	571	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	0:1239e9b70ca2	572	MAX_MTU = 1500, /* max expected MTU */
wolfSSL	0:1239e9b70ca2	573	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	0:1239e9b70ca2	574	MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */
wolfSSL	0:1239e9b70ca2	575	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	0:1239e9b70ca2	576
wolfSSL	0:1239e9b70ca2	577	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	0:1239e9b70ca2	578	PAD_SHA = 40, /* pad length for finished */
wolfSSL	0:1239e9b70ca2	579	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	0:1239e9b70ca2	580	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
wolfSSL	0:1239e9b70ca2	581	COMPRESS_CONSTANT = 13, /* compression calc constant */
wolfSSL	0:1239e9b70ca2	582	COMPRESS_UPPER = 55, /* compression calc numerator */
wolfSSL	0:1239e9b70ca2	583	COMPRESS_LOWER = 64, /* compression calc denominator */
wolfSSL	0:1239e9b70ca2	584
wolfSSL	0:1239e9b70ca2	585	PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL	0:1239e9b70ca2	586	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	0:1239e9b70ca2	587	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	0:1239e9b70ca2	588	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	0:1239e9b70ca2	589	BYTE3_LEN = 3, /* up to 24 bit byte lengths */
wolfSSL	0:1239e9b70ca2	590	ALERT_SIZE = 2, /* level + description */
wolfSSL	0:1239e9b70ca2	591	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	0:1239e9b70ca2	592	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	0:1239e9b70ca2	593	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
wolfSSL	0:1239e9b70ca2	594
wolfSSL	0:1239e9b70ca2	595	MAX_SUITE_SZ = 200, /* 100 suites for now! */
wolfSSL	0:1239e9b70ca2	596	RAN_LEN = 32, /* random length */
wolfSSL	0:1239e9b70ca2	597	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	0:1239e9b70ca2	598	ID_LEN = 32, /* session id length */
wolfSSL	0:1239e9b70ca2	599	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	0:1239e9b70ca2	600	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	0:1239e9b70ca2	601	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	0:1239e9b70ca2	602	ENUM_LEN = 1, /* always a byte */
wolfSSL	0:1239e9b70ca2	603	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	0:1239e9b70ca2	604	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	0:1239e9b70ca2	605	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	0:1239e9b70ca2	606	COMP_LEN = 1, /* compression length */
wolfSSL	0:1239e9b70ca2	607	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	0:1239e9b70ca2	608	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	0:1239e9b70ca2	609
wolfSSL	0:1239e9b70ca2	610	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	0:1239e9b70ca2	611	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	0:1239e9b70ca2	612	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	0:1239e9b70ca2	613	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	0:1239e9b70ca2	614	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	0:1239e9b70ca2	615	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	0:1239e9b70ca2	616	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	0:1239e9b70ca2	617	HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
wolfSSL	0:1239e9b70ca2	618	HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
wolfSSL	0:1239e9b70ca2	619	HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
wolfSSL	0:1239e9b70ca2	620	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
wolfSSL	0:1239e9b70ca2	621
wolfSSL	0:1239e9b70ca2	622	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	0:1239e9b70ca2	623	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	0:1239e9b70ca2	624	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	0:1239e9b70ca2	625	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	0:1239e9b70ca2	626	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	0:1239e9b70ca2	627	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	0:1239e9b70ca2	628	DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
wolfSSL	0:1239e9b70ca2	629
wolfSSL	0:1239e9b70ca2	630	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	0:1239e9b70ca2	631	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	0:1239e9b70ca2	632	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	0:1239e9b70ca2	633	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	0:1239e9b70ca2	634	MAX_PRF_HALF = 128, /* Maximum half secret len */
wolfSSL	0:1239e9b70ca2	635	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL	0:1239e9b70ca2	636	MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL	0:1239e9b70ca2	637	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	0:1239e9b70ca2	638	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	0:1239e9b70ca2	639
wolfSSL	0:1239e9b70ca2	640	RC4_KEY_SIZE = 16, /* always 128bit */
wolfSSL	0:1239e9b70ca2	641	DES_KEY_SIZE = 8, /* des */
wolfSSL	0:1239e9b70ca2	642	DES3_KEY_SIZE = 24, /* 3 des ede */
wolfSSL	0:1239e9b70ca2	643	DES_IV_SIZE = DES_BLOCK_SIZE,
wolfSSL	0:1239e9b70ca2	644	AES_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	0:1239e9b70ca2	645	AES_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	0:1239e9b70ca2	646	AES_IV_SIZE = 16, /* always block size */
wolfSSL	0:1239e9b70ca2	647	AES_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	0:1239e9b70ca2	648
wolfSSL	0:1239e9b70ca2	649	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	0:1239e9b70ca2	650	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	0:1239e9b70ca2	651	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	0:1239e9b70ca2	652	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	0:1239e9b70ca2	653	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	0:1239e9b70ca2	654	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	0:1239e9b70ca2	655	AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
wolfSSL	0:1239e9b70ca2	656	AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
wolfSSL	0:1239e9b70ca2	657	AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
wolfSSL	0:1239e9b70ca2	658
wolfSSL	0:1239e9b70ca2	659	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	0:1239e9b70ca2	660	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	0:1239e9b70ca2	661	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	0:1239e9b70ca2	662
wolfSSL	0:1239e9b70ca2	663	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	0:1239e9b70ca2	664	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	0:1239e9b70ca2	665	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	0:1239e9b70ca2	666	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	0:1239e9b70ca2	667
wolfSSL	0:1239e9b70ca2	668	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	0:1239e9b70ca2	669	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	0:1239e9b70ca2	670
wolfSSL	0:1239e9b70ca2	671	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	0:1239e9b70ca2	672	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	0:1239e9b70ca2	673
wolfSSL	0:1239e9b70ca2	674	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	0:1239e9b70ca2	675
wolfSSL	0:1239e9b70ca2	676	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	0:1239e9b70ca2	677	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	0:1239e9b70ca2	678
wolfSSL	0:1239e9b70ca2	679	MAX_HELLO_SZ = 128, /* max client or server hello */
wolfSSL	0:1239e9b70ca2	680	MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL	0:1239e9b70ca2	681	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	0:1239e9b70ca2	682	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	0:1239e9b70ca2	683	DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */
wolfSSL	0:1239e9b70ca2	684
wolfSSL	0:1239e9b70ca2	685	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	0:1239e9b70ca2	686	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	0:1239e9b70ca2	687	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	0:1239e9b70ca2	688
wolfSSL	0:1239e9b70ca2	689	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL	0:1239e9b70ca2	690	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	0:1239e9b70ca2	691
wolfSSL	0:1239e9b70ca2	692	MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL	0:1239e9b70ca2	693
wolfSSL	0:1239e9b70ca2	694	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	695	MAX_EX_DATA = 3, /* allow for three items of ex_data */
wolfSSL	0:1239e9b70ca2	696	#endif
wolfSSL	0:1239e9b70ca2	697
wolfSSL	0:1239e9b70ca2	698	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	0:1239e9b70ca2	699	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	0:1239e9b70ca2	700	MAX_FILENAME_SZ = 256, /* max file name length */
wolfSSL	0:1239e9b70ca2	701	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
wolfSSL	0:1239e9b70ca2	702	will use dynamic buffer if not big enough */
wolfSSL	0:1239e9b70ca2	703
wolfSSL	0:1239e9b70ca2	704	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	0:1239e9b70ca2	705	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	0:1239e9b70ca2	706	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	0:1239e9b70ca2	707	NO_SNIFF = 0, /* not sniffing */
wolfSSL	0:1239e9b70ca2	708	SNIFF = 1, /* currently sniffing */
wolfSSL	0:1239e9b70ca2	709
wolfSSL	0:1239e9b70ca2	710	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	0:1239e9b70ca2	711
wolfSSL	0:1239e9b70ca2	712	NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
wolfSSL	0:1239e9b70ca2	713
wolfSSL	0:1239e9b70ca2	714	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	0:1239e9b70ca2	715	COPY = 1 /* should we copy static buffer for write */
wolfSSL	0:1239e9b70ca2	716	};
wolfSSL	0:1239e9b70ca2	717
wolfSSL	0:1239e9b70ca2	718
wolfSSL	0:1239e9b70ca2	719	#ifdef SESSION_INDEX
wolfSSL	0:1239e9b70ca2	720	/* Shift values for making a session index */
wolfSSL	0:1239e9b70ca2	721	#define SESSIDX_ROW_SHIFT 4
wolfSSL	0:1239e9b70ca2	722	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	0:1239e9b70ca2	723	#endif
wolfSSL	0:1239e9b70ca2	724
wolfSSL	0:1239e9b70ca2	725
wolfSSL	0:1239e9b70ca2	726	/* max cert chain peer depth */
wolfSSL	0:1239e9b70ca2	727	#ifndef MAX_CHAIN_DEPTH
wolfSSL	0:1239e9b70ca2	728	#define MAX_CHAIN_DEPTH 9
wolfSSL	0:1239e9b70ca2	729	#endif
wolfSSL	0:1239e9b70ca2	730
wolfSSL	0:1239e9b70ca2	731
wolfSSL	0:1239e9b70ca2	732	/* don't use extra 3/4k stack space unless need to */
wolfSSL	0:1239e9b70ca2	733	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	734	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	0:1239e9b70ca2	735	#else
wolfSSL	0:1239e9b70ca2	736	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	0:1239e9b70ca2	737	#endif
wolfSSL	0:1239e9b70ca2	738
wolfSSL	0:1239e9b70ca2	739
wolfSSL	0:1239e9b70ca2	740	/* states */
wolfSSL	0:1239e9b70ca2	741	enum states {
wolfSSL	0:1239e9b70ca2	742	NULL_STATE = 0,
wolfSSL	0:1239e9b70ca2	743
wolfSSL	0:1239e9b70ca2	744	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	0:1239e9b70ca2	745	SERVER_HELLO_COMPLETE,
wolfSSL	0:1239e9b70ca2	746	SERVER_CERT_COMPLETE,
wolfSSL	0:1239e9b70ca2	747	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	0:1239e9b70ca2	748	SERVER_HELLODONE_COMPLETE,
wolfSSL	0:1239e9b70ca2	749	SERVER_FINISHED_COMPLETE,
wolfSSL	0:1239e9b70ca2	750
wolfSSL	0:1239e9b70ca2	751	CLIENT_HELLO_COMPLETE,
wolfSSL	0:1239e9b70ca2	752	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	0:1239e9b70ca2	753	CLIENT_FINISHED_COMPLETE,
wolfSSL	0:1239e9b70ca2	754
wolfSSL	0:1239e9b70ca2	755	HANDSHAKE_DONE
wolfSSL	0:1239e9b70ca2	756	};
wolfSSL	0:1239e9b70ca2	757
wolfSSL	0:1239e9b70ca2	758
wolfSSL	0:1239e9b70ca2	759	#if defined(__GNUC__)
wolfSSL	0:1239e9b70ca2	760	#define CYASSL_PACK __attribute__ ((packed))
wolfSSL	0:1239e9b70ca2	761	#else
wolfSSL	0:1239e9b70ca2	762	#define CYASSL_PACK
wolfSSL	0:1239e9b70ca2	763	#endif
wolfSSL	0:1239e9b70ca2	764
wolfSSL	0:1239e9b70ca2	765	/* SSL Version */
wolfSSL	0:1239e9b70ca2	766	typedef struct ProtocolVersion {
wolfSSL	0:1239e9b70ca2	767	byte major;
wolfSSL	0:1239e9b70ca2	768	byte minor;
wolfSSL	0:1239e9b70ca2	769	} CYASSL_PACK ProtocolVersion;
wolfSSL	0:1239e9b70ca2	770
wolfSSL	0:1239e9b70ca2	771
wolfSSL	0:1239e9b70ca2	772	CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	0:1239e9b70ca2	773	CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	0:1239e9b70ca2	774	CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	0:1239e9b70ca2	775	CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	0:1239e9b70ca2	776
wolfSSL	0:1239e9b70ca2	777	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	778	CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	0:1239e9b70ca2	779	CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	0:1239e9b70ca2	780	#endif
wolfSSL	0:1239e9b70ca2	781
wolfSSL	0:1239e9b70ca2	782
wolfSSL	0:1239e9b70ca2	783	enum BIO_TYPE {
wolfSSL	0:1239e9b70ca2	784	BIO_BUFFER = 1,
wolfSSL	0:1239e9b70ca2	785	BIO_SOCKET = 2,
wolfSSL	0:1239e9b70ca2	786	BIO_SSL = 3,
wolfSSL	0:1239e9b70ca2	787	BIO_MEMORY = 4
wolfSSL	0:1239e9b70ca2	788	};
wolfSSL	0:1239e9b70ca2	789
wolfSSL	0:1239e9b70ca2	790
wolfSSL	0:1239e9b70ca2	791	/* CyaSSL BIO_METHOD type */
wolfSSL	0:1239e9b70ca2	792	struct CYASSL_BIO_METHOD {
wolfSSL	0:1239e9b70ca2	793	byte type; /* method type */
wolfSSL	0:1239e9b70ca2	794	};
wolfSSL	0:1239e9b70ca2	795
wolfSSL	0:1239e9b70ca2	796
wolfSSL	0:1239e9b70ca2	797	/* CyaSSL BIO type */
wolfSSL	0:1239e9b70ca2	798	struct CYASSL_BIO {
wolfSSL	0:1239e9b70ca2	799	byte type; /* method type */
wolfSSL	0:1239e9b70ca2	800	byte close; /* close flag */
wolfSSL	0:1239e9b70ca2	801	byte eof; /* eof flag */
wolfSSL	0:1239e9b70ca2	802	CYASSL* ssl; /* possible associated ssl */
wolfSSL	0:1239e9b70ca2	803	byte* mem; /* memory buffer */
wolfSSL	0:1239e9b70ca2	804	int memLen; /* memory buffer length */
wolfSSL	0:1239e9b70ca2	805	int fd; /* possible file descriptor */
wolfSSL	0:1239e9b70ca2	806	CYASSL_BIO* prev; /* previous in chain */
wolfSSL	0:1239e9b70ca2	807	CYASSL_BIO* next; /* next in chain */
wolfSSL	0:1239e9b70ca2	808	};
wolfSSL	0:1239e9b70ca2	809
wolfSSL	0:1239e9b70ca2	810
wolfSSL	0:1239e9b70ca2	811	/* CyaSSL method type */
wolfSSL	0:1239e9b70ca2	812	struct CYASSL_METHOD {
wolfSSL	0:1239e9b70ca2	813	ProtocolVersion version;
wolfSSL	0:1239e9b70ca2	814	byte side; /* connection side, server or client */
wolfSSL	0:1239e9b70ca2	815	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	0:1239e9b70ca2	816	};
wolfSSL	0:1239e9b70ca2	817
wolfSSL	0:1239e9b70ca2	818
wolfSSL	0:1239e9b70ca2	819	/* defautls to client */
wolfSSL	0:1239e9b70ca2	820	CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
wolfSSL	0:1239e9b70ca2	821
wolfSSL	0:1239e9b70ca2	822	/* for sniffer */
wolfSSL	0:1239e9b70ca2	823	CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	824	word32 size, word32 totalSz, int sniff);
wolfSSL	0:1239e9b70ca2	825	CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	0:1239e9b70ca2	826
wolfSSL	0:1239e9b70ca2	827
wolfSSL	0:1239e9b70ca2	828	/* CyaSSL buffer type */
wolfSSL	0:1239e9b70ca2	829	typedef struct buffer {
wolfSSL	0:1239e9b70ca2	830	word32 length;
wolfSSL	0:1239e9b70ca2	831	byte* buffer;
wolfSSL	0:1239e9b70ca2	832	} buffer;
wolfSSL	0:1239e9b70ca2	833
wolfSSL	0:1239e9b70ca2	834
wolfSSL	0:1239e9b70ca2	835	enum {
wolfSSL	0:1239e9b70ca2	836	FORCED_FREE = 1,
wolfSSL	0:1239e9b70ca2	837	NO_FORCED_FREE = 0
wolfSSL	0:1239e9b70ca2	838	};
wolfSSL	0:1239e9b70ca2	839
wolfSSL	0:1239e9b70ca2	840
wolfSSL	0:1239e9b70ca2	841	/* only use compression extra if using compression */
wolfSSL	0:1239e9b70ca2	842	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	843	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	0:1239e9b70ca2	844	#else
wolfSSL	0:1239e9b70ca2	845	#define COMP_EXTRA 0
wolfSSL	0:1239e9b70ca2	846	#endif
wolfSSL	0:1239e9b70ca2	847
wolfSSL	0:1239e9b70ca2	848	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	0:1239e9b70ca2	849	#ifdef CYASSL_SNIFFER
wolfSSL	0:1239e9b70ca2	850	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	0:1239e9b70ca2	851	#else
wolfSSL	0:1239e9b70ca2	852	#define MTU_EXTRA 0
wolfSSL	0:1239e9b70ca2	853	#endif
wolfSSL	0:1239e9b70ca2	854
wolfSSL	0:1239e9b70ca2	855
wolfSSL	0:1239e9b70ca2	856	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	0:1239e9b70ca2	857	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	858	#undef LARGE_STATIC_BUFFERS
wolfSSL	0:1239e9b70ca2	859	#define LARGE_STATIC_BUFFERS
wolfSSL	0:1239e9b70ca2	860	#endif
wolfSSL	0:1239e9b70ca2	861
wolfSSL	0:1239e9b70ca2	862
wolfSSL	0:1239e9b70ca2	863	/* give user option to use 16K static buffers */
wolfSSL	0:1239e9b70ca2	864	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	0:1239e9b70ca2	865	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	0:1239e9b70ca2	866	#else
wolfSSL	0:1239e9b70ca2	867	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	868	#define RECORD_SIZE MAX_MTU
wolfSSL	0:1239e9b70ca2	869	#else
wolfSSL	0:1239e9b70ca2	870	#define RECORD_SIZE 128
wolfSSL	0:1239e9b70ca2	871	#endif
wolfSSL	0:1239e9b70ca2	872	#endif
wolfSSL	0:1239e9b70ca2	873
wolfSSL	0:1239e9b70ca2	874
wolfSSL	0:1239e9b70ca2	875	/* user option to turn off 16K output option */
wolfSSL	0:1239e9b70ca2	876	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	0:1239e9b70ca2	877	larger than the record we have, dynamically get it, unless user says only
wolfSSL	0:1239e9b70ca2	878	write in static buffer chuncks */
wolfSSL	0:1239e9b70ca2	879	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	0:1239e9b70ca2	880	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	0:1239e9b70ca2	881	#else
wolfSSL	0:1239e9b70ca2	882	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	0:1239e9b70ca2	883	#endif
wolfSSL	0:1239e9b70ca2	884
wolfSSL	0:1239e9b70ca2	885	/* CyaSSL input buffer
wolfSSL	0:1239e9b70ca2	886
wolfSSL	0:1239e9b70ca2	887	RFC 2246:
wolfSSL	0:1239e9b70ca2	888
wolfSSL	0:1239e9b70ca2	889	length
wolfSSL	0:1239e9b70ca2	890	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	0:1239e9b70ca2	891	The length should not exceed 2^14.
wolfSSL	0:1239e9b70ca2	892	*/
wolfSSL	0:1239e9b70ca2	893	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	0:1239e9b70ca2	894	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	0:1239e9b70ca2	895	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	0:1239e9b70ca2	896	#else
wolfSSL	0:1239e9b70ca2	897	/* don't fragment memory from the record header */
wolfSSL	0:1239e9b70ca2	898	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	0:1239e9b70ca2	899	#endif
wolfSSL	0:1239e9b70ca2	900
wolfSSL	0:1239e9b70ca2	901	typedef struct {
wolfSSL	0:1239e9b70ca2	902	word32 length; /* total buffer length used */
wolfSSL	0:1239e9b70ca2	903	word32 idx; /* idx to part of length already consumed */
wolfSSL	0:1239e9b70ca2	904	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	0:1239e9b70ca2	905	word32 bufferSize; /* current buffer size */
wolfSSL	0:1239e9b70ca2	906	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	0:1239e9b70ca2	907	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	0:1239e9b70ca2	908	byte offset; /* alignment offset attempt */
wolfSSL	0:1239e9b70ca2	909	} bufferStatic;
wolfSSL	0:1239e9b70ca2	910
wolfSSL	0:1239e9b70ca2	911	/* Cipher Suites holder */
wolfSSL	0:1239e9b70ca2	912	typedef struct Suites {
wolfSSL	0:1239e9b70ca2	913	int setSuites; /* user set suites from default */
wolfSSL	0:1239e9b70ca2	914	byte suites[MAX_SUITE_SZ];
wolfSSL	0:1239e9b70ca2	915	word16 suiteSz; /* suite length in bytes */
wolfSSL	0:1239e9b70ca2	916	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
wolfSSL	0:1239e9b70ca2	917	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	0:1239e9b70ca2	918	byte hashAlgo; /* selected hash algorithm */
wolfSSL	0:1239e9b70ca2	919	byte sigAlgo; /* selected sig algorithm */
wolfSSL	0:1239e9b70ca2	920	} Suites;
wolfSSL	0:1239e9b70ca2	921
wolfSSL	0:1239e9b70ca2	922
wolfSSL	0:1239e9b70ca2	923	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	924	void InitSuites(Suites*, ProtocolVersion,
wolfSSL	0:1239e9b70ca2	925	byte, byte, byte, byte, byte, byte, int);
wolfSSL	0:1239e9b70ca2	926	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	927	int SetCipherList(Suites, const char list);
wolfSSL	0:1239e9b70ca2	928
wolfSSL	0:1239e9b70ca2	929	#ifndef PSK_TYPES_DEFINED
wolfSSL	0:1239e9b70ca2	930	typedef unsigned int (psk_client_callback)(CYASSL, const char, char,
wolfSSL	0:1239e9b70ca2	931	unsigned int, unsigned char*, unsigned int);
wolfSSL	0:1239e9b70ca2	932	typedef unsigned int (psk_server_callback)(CYASSL, const char*,
wolfSSL	0:1239e9b70ca2	933	unsigned char*, unsigned int);
wolfSSL	0:1239e9b70ca2	934	#endif /* PSK_TYPES_DEFINED */
wolfSSL	0:1239e9b70ca2	935
wolfSSL	0:1239e9b70ca2	936
wolfSSL	0:1239e9b70ca2	937	#ifndef CYASSL_USER_IO
wolfSSL	0:1239e9b70ca2	938	/* default IO callbacks */
wolfSSL	0:1239e9b70ca2	939	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	940	int EmbedReceive(CYASSL ssl, char buf, int sz, void *ctx);
wolfSSL	0:1239e9b70ca2	941	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	942	int EmbedSend(CYASSL ssl, char buf, int sz, void *ctx);
wolfSSL	0:1239e9b70ca2	943
wolfSSL	0:1239e9b70ca2	944	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	945	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	946	int EmbedOcspLookup(void, const char, int, byte, int, byte*);
wolfSSL	0:1239e9b70ca2	947	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	948	void EmbedOcspRespFree(void, byte);
wolfSSL	0:1239e9b70ca2	949	#endif
wolfSSL	0:1239e9b70ca2	950
wolfSSL	0:1239e9b70ca2	951	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	952	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	953	int EmbedReceiveFrom(CYASSL ssl, char buf, int sz, void *ctx);
wolfSSL	0:1239e9b70ca2	954	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	955	int EmbedSendTo(CYASSL ssl, char buf, int sz, void *ctx);
wolfSSL	0:1239e9b70ca2	956	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	957	int EmbedGenerateCookie(CYASSL* ssl, byte buf, int sz, void ctx);
wolfSSL	0:1239e9b70ca2	958	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	959	int IsUDP(void*);
wolfSSL	0:1239e9b70ca2	960	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	961	#endif /* CYASSL_USER_IO */
wolfSSL	0:1239e9b70ca2	962
wolfSSL	0:1239e9b70ca2	963	#ifdef HAVE_NETX
wolfSSL	0:1239e9b70ca2	964	CYASSL_LOCAL int NetX_Receive(CYASSL ssl, char buf, int sz, void *ctx);
wolfSSL	0:1239e9b70ca2	965	CYASSL_LOCAL int NetX_Send(CYASSL ssl, char buf, int sz, void *ctx);
wolfSSL	0:1239e9b70ca2	966	#endif /* HAVE_NETX */
wolfSSL	0:1239e9b70ca2	967
wolfSSL	0:1239e9b70ca2	968
wolfSSL	0:1239e9b70ca2	969	/* CyaSSL Cipher type just points back to SSL */
wolfSSL	0:1239e9b70ca2	970	struct CYASSL_CIPHER {
wolfSSL	0:1239e9b70ca2	971	CYASSL* ssl;
wolfSSL	0:1239e9b70ca2	972	};
wolfSSL	0:1239e9b70ca2	973
wolfSSL	0:1239e9b70ca2	974
wolfSSL	0:1239e9b70ca2	975	typedef struct OCSP_Entry OCSP_Entry;
wolfSSL	0:1239e9b70ca2	976
wolfSSL	0:1239e9b70ca2	977	#ifdef SHA_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	978	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	979	#else
wolfSSL	0:1239e9b70ca2	980	#define OCSP_DIGEST_SIZE 160
wolfSSL	0:1239e9b70ca2	981	#endif
wolfSSL	0:1239e9b70ca2	982
wolfSSL	0:1239e9b70ca2	983	#ifdef NO_ASN
wolfSSL	0:1239e9b70ca2	984	/* no_asn won't have */
wolfSSL	0:1239e9b70ca2	985	typedef struct CertStatus CertStatus;
wolfSSL	0:1239e9b70ca2	986	#endif
wolfSSL	0:1239e9b70ca2	987
wolfSSL	0:1239e9b70ca2	988	struct OCSP_Entry {
wolfSSL	0:1239e9b70ca2	989	OCSP_Entry* next; /* next entry */
wolfSSL	0:1239e9b70ca2	990	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL	0:1239e9b70ca2	991	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL	0:1239e9b70ca2	992	CertStatus* status; /* OCSP response list */
wolfSSL	0:1239e9b70ca2	993	int totalStatus; /* number on list */
wolfSSL	0:1239e9b70ca2	994	};
wolfSSL	0:1239e9b70ca2	995
wolfSSL	0:1239e9b70ca2	996
wolfSSL	0:1239e9b70ca2	997	#ifndef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	998	typedef struct CYASSL_OCSP CYASSL_OCSP;
wolfSSL	0:1239e9b70ca2	999	#endif
wolfSSL	0:1239e9b70ca2	1000
wolfSSL	0:1239e9b70ca2	1001	/* CyaSSL OCSP controller */
wolfSSL	0:1239e9b70ca2	1002	struct CYASSL_OCSP {
wolfSSL	0:1239e9b70ca2	1003	CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	0:1239e9b70ca2	1004	OCSP_Entry* ocspList; /* OCSP response list */
wolfSSL	0:1239e9b70ca2	1005	CyaSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	0:1239e9b70ca2	1006	};
wolfSSL	0:1239e9b70ca2	1007
wolfSSL	0:1239e9b70ca2	1008	#ifndef MAX_DATE_SIZE
wolfSSL	0:1239e9b70ca2	1009	#define MAX_DATE_SIZE 32
wolfSSL	0:1239e9b70ca2	1010	#endif
wolfSSL	0:1239e9b70ca2	1011
wolfSSL	0:1239e9b70ca2	1012	typedef struct CRL_Entry CRL_Entry;
wolfSSL	0:1239e9b70ca2	1013
wolfSSL	0:1239e9b70ca2	1014	#ifdef SHA_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	1015	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	1016	#else
wolfSSL	0:1239e9b70ca2	1017	#define CRL_DIGEST_SIZE 160
wolfSSL	0:1239e9b70ca2	1018	#endif
wolfSSL	0:1239e9b70ca2	1019
wolfSSL	0:1239e9b70ca2	1020	#ifdef NO_ASN
wolfSSL	0:1239e9b70ca2	1021	typedef struct RevokedCert RevokedCert;
wolfSSL	0:1239e9b70ca2	1022	#endif
wolfSSL	0:1239e9b70ca2	1023
wolfSSL	0:1239e9b70ca2	1024	/* Complete CRL */
wolfSSL	0:1239e9b70ca2	1025	struct CRL_Entry {
wolfSSL	0:1239e9b70ca2	1026	CRL_Entry* next; /* next entry */
wolfSSL	0:1239e9b70ca2	1027	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	0:1239e9b70ca2	1028	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	0:1239e9b70ca2	1029	/* restore the hash here if needed for optimized comparisons */
wolfSSL	0:1239e9b70ca2	1030	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	0:1239e9b70ca2	1031	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	0:1239e9b70ca2	1032	byte lastDateFormat; /* last date format */
wolfSSL	0:1239e9b70ca2	1033	byte nextDateFormat; /* next date format */
wolfSSL	0:1239e9b70ca2	1034	RevokedCert* certs; /* revoked cert list */
wolfSSL	0:1239e9b70ca2	1035	int totalCerts; /* number on list */
wolfSSL	0:1239e9b70ca2	1036	};
wolfSSL	0:1239e9b70ca2	1037
wolfSSL	0:1239e9b70ca2	1038
wolfSSL	0:1239e9b70ca2	1039	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	0:1239e9b70ca2	1040
wolfSSL	0:1239e9b70ca2	1041	/* CRL directory monitor */
wolfSSL	0:1239e9b70ca2	1042	struct CRL_Monitor {
wolfSSL	0:1239e9b70ca2	1043	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	0:1239e9b70ca2	1044	int type; /* PEM or ASN1 type */
wolfSSL	0:1239e9b70ca2	1045	};
wolfSSL	0:1239e9b70ca2	1046
wolfSSL	0:1239e9b70ca2	1047
wolfSSL	0:1239e9b70ca2	1048	#ifndef HAVE_CRL
wolfSSL	0:1239e9b70ca2	1049	typedef struct CYASSL_CRL CYASSL_CRL;
wolfSSL	0:1239e9b70ca2	1050	#endif
wolfSSL	0:1239e9b70ca2	1051
wolfSSL	0:1239e9b70ca2	1052	/* CyaSSL CRL controller */
wolfSSL	0:1239e9b70ca2	1053	struct CYASSL_CRL {
wolfSSL	0:1239e9b70ca2	1054	CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	0:1239e9b70ca2	1055	CRL_Entry* crlList; /* our CRL list */
wolfSSL	0:1239e9b70ca2	1056	CyaSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	0:1239e9b70ca2	1057	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	0:1239e9b70ca2	1058	#ifdef HAVE_CRL_MONITOR
wolfSSL	0:1239e9b70ca2	1059	pthread_t tid; /* monitoring thread */
wolfSSL	0:1239e9b70ca2	1060	#endif
wolfSSL	0:1239e9b70ca2	1061	};
wolfSSL	0:1239e9b70ca2	1062
wolfSSL	0:1239e9b70ca2	1063
wolfSSL	0:1239e9b70ca2	1064	#ifdef NO_ASN
wolfSSL	0:1239e9b70ca2	1065	typedef struct Signer Signer;
wolfSSL	0:1239e9b70ca2	1066	#endif
wolfSSL	0:1239e9b70ca2	1067
wolfSSL	0:1239e9b70ca2	1068
wolfSSL	0:1239e9b70ca2	1069	#ifndef CA_TABLE_SIZE
wolfSSL	0:1239e9b70ca2	1070	#define CA_TABLE_SIZE 11
wolfSSL	0:1239e9b70ca2	1071	#endif
wolfSSL	0:1239e9b70ca2	1072
wolfSSL	0:1239e9b70ca2	1073	/* CyaSSL Certificate Manager */
wolfSSL	0:1239e9b70ca2	1074	struct CYASSL_CERT_MANAGER {
wolfSSL	0:1239e9b70ca2	1075	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	0:1239e9b70ca2	1076	CyaSSL_Mutex caLock; /* CA list lock */
wolfSSL	0:1239e9b70ca2	1077	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	0:1239e9b70ca2	1078	void* heap; /* heap helper */
wolfSSL	0:1239e9b70ca2	1079	CYASSL_CRL* crl; /* CRL checker */
wolfSSL	0:1239e9b70ca2	1080	byte crlEnabled; /* is CRL on ? */
wolfSSL	0:1239e9b70ca2	1081	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	0:1239e9b70ca2	1082	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	0:1239e9b70ca2	1083	CYASSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	0:1239e9b70ca2	1084	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	0:1239e9b70ca2	1085	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	0:1239e9b70ca2	1086	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	0:1239e9b70ca2	1087	char* ocspOverrideURL; /* use this responder */
wolfSSL	0:1239e9b70ca2	1088	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	0:1239e9b70ca2	1089	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	0:1239e9b70ca2	1090	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	0:1239e9b70ca2	1091	};
wolfSSL	0:1239e9b70ca2	1092
wolfSSL	0:1239e9b70ca2	1093	CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER, const char);
wolfSSL	0:1239e9b70ca2	1094	CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER, const char);
wolfSSL	0:1239e9b70ca2	1095	CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER, void, int, int*);
wolfSSL	0:1239e9b70ca2	1096	CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER, const void, int);
wolfSSL	0:1239e9b70ca2	1097	CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*);
wolfSSL	0:1239e9b70ca2	1098
wolfSSL	0:1239e9b70ca2	1099	/* CyaSSL Sock Addr */
wolfSSL	0:1239e9b70ca2	1100	struct CYASSL_SOCKADDR {
wolfSSL	0:1239e9b70ca2	1101	unsigned int sz; /* sockaddr size */
wolfSSL	0:1239e9b70ca2	1102	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	0:1239e9b70ca2	1103	};
wolfSSL	0:1239e9b70ca2	1104
wolfSSL	0:1239e9b70ca2	1105	typedef struct CYASSL_DTLS_CTX {
wolfSSL	0:1239e9b70ca2	1106	CYASSL_SOCKADDR peer;
wolfSSL	0:1239e9b70ca2	1107	int fd;
wolfSSL	0:1239e9b70ca2	1108	} CYASSL_DTLS_CTX;
wolfSSL	0:1239e9b70ca2	1109
wolfSSL	0:1239e9b70ca2	1110	/* RFC 6066 TLS Extensions */
wolfSSL	0:1239e9b70ca2	1111	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	1112
wolfSSL	0:1239e9b70ca2	1113	typedef enum {
wolfSSL	0:1239e9b70ca2	1114	SERVER_NAME_INDICATION = 0,
wolfSSL	0:1239e9b70ca2	1115	MAX_FRAGMENT_LENGTH = 1,
wolfSSL	0:1239e9b70ca2	1116	TRUNCATED_HMAC = 4,
wolfSSL	0:1239e9b70ca2	1117	ELLIPTIC_CURVES = 10
wolfSSL	0:1239e9b70ca2	1118	} TLSX_Type;
wolfSSL	0:1239e9b70ca2	1119
wolfSSL	0:1239e9b70ca2	1120	typedef struct TLSX {
wolfSSL	0:1239e9b70ca2	1121	TLSX_Type type; /* Extension Type */
wolfSSL	0:1239e9b70ca2	1122	void* data; /* Extension Data */
wolfSSL	0:1239e9b70ca2	1123	byte resp; /* IsResponse Flag */
wolfSSL	0:1239e9b70ca2	1124	struct TLSX* next; /* List Behavior */
wolfSSL	0:1239e9b70ca2	1125	} TLSX;
wolfSSL	0:1239e9b70ca2	1126
wolfSSL	0:1239e9b70ca2	1127	CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	0:1239e9b70ca2	1128	CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
wolfSSL	0:1239e9b70ca2	1129
wolfSSL	0:1239e9b70ca2	1130	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	1131	CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	1132	CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output);
wolfSSL	0:1239e9b70ca2	1133	#endif
wolfSSL	0:1239e9b70ca2	1134
wolfSSL	0:1239e9b70ca2	1135	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1136	CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	1137	CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
wolfSSL	0:1239e9b70ca2	1138	#endif
wolfSSL	0:1239e9b70ca2	1139
wolfSSL	0:1239e9b70ca2	1140	CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL	0:1239e9b70ca2	1141	byte isRequest, Suites *suites);
wolfSSL	0:1239e9b70ca2	1142
wolfSSL	0:1239e9b70ca2	1143	/* Server Name Indication */
wolfSSL	0:1239e9b70ca2	1144	#ifdef HAVE_SNI
wolfSSL	0:1239e9b70ca2	1145
wolfSSL	0:1239e9b70ca2	1146	typedef struct SNI {
wolfSSL	0:1239e9b70ca2	1147	byte type; /* SNI Type */
wolfSSL	0:1239e9b70ca2	1148	union { char* host_name; } data; /* SNI Data */
wolfSSL	0:1239e9b70ca2	1149	struct SNI* next; /* List Behavior */
wolfSSL	0:1239e9b70ca2	1150	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1151	byte options; /* Behaviour options */
wolfSSL	0:1239e9b70ca2	1152	byte status; /* Matching result */
wolfSSL	0:1239e9b70ca2	1153	#endif
wolfSSL	0:1239e9b70ca2	1154	} SNI;
wolfSSL	0:1239e9b70ca2	1155
wolfSSL	0:1239e9b70ca2	1156	CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	0:1239e9b70ca2	1157	word16 size);
wolfSSL	0:1239e9b70ca2	1158
wolfSSL	0:1239e9b70ca2	1159	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1160	CYASSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	0:1239e9b70ca2	1161	byte options);
wolfSSL	0:1239e9b70ca2	1162	CYASSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	0:1239e9b70ca2	1163	CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	0:1239e9b70ca2	1164	void** data);
wolfSSL	0:1239e9b70ca2	1165	CYASSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	0:1239e9b70ca2	1166	byte type, byte* sni, word32* inOutSz);
wolfSSL	0:1239e9b70ca2	1167	#endif
wolfSSL	0:1239e9b70ca2	1168
wolfSSL	0:1239e9b70ca2	1169	#endif /* HAVE_SNI */
wolfSSL	0:1239e9b70ca2	1170
wolfSSL	0:1239e9b70ca2	1171	/* Maximum Fragment Length */
wolfSSL	0:1239e9b70ca2	1172	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	1173
wolfSSL	0:1239e9b70ca2	1174	CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
wolfSSL	0:1239e9b70ca2	1175
wolfSSL	0:1239e9b70ca2	1176	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	0:1239e9b70ca2	1177
wolfSSL	0:1239e9b70ca2	1178	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	1179
wolfSSL	0:1239e9b70ca2	1180	CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
wolfSSL	0:1239e9b70ca2	1181
wolfSSL	0:1239e9b70ca2	1182	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	0:1239e9b70ca2	1183
wolfSSL	0:1239e9b70ca2	1184	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	0:1239e9b70ca2	1185
wolfSSL	0:1239e9b70ca2	1186	typedef struct EllipticCurve {
wolfSSL	0:1239e9b70ca2	1187	word16 name; /* CurveNames */
wolfSSL	0:1239e9b70ca2	1188	struct EllipticCurve* next; /* List Behavior */
wolfSSL	0:1239e9b70ca2	1189
wolfSSL	0:1239e9b70ca2	1190	} EllipticCurve;
wolfSSL	0:1239e9b70ca2	1191
wolfSSL	0:1239e9b70ca2	1192	CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
wolfSSL	0:1239e9b70ca2	1193
wolfSSL	0:1239e9b70ca2	1194	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1195	CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
wolfSSL	0:1239e9b70ca2	1196	byte second);
wolfSSL	0:1239e9b70ca2	1197	#endif
wolfSSL	0:1239e9b70ca2	1198
wolfSSL	0:1239e9b70ca2	1199	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	0:1239e9b70ca2	1200
wolfSSL	0:1239e9b70ca2	1201	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	0:1239e9b70ca2	1202
wolfSSL	0:1239e9b70ca2	1203	/* CyaSSL context type */
wolfSSL	0:1239e9b70ca2	1204	struct CYASSL_CTX {
wolfSSL	0:1239e9b70ca2	1205	CYASSL_METHOD* method;
wolfSSL	0:1239e9b70ca2	1206	CyaSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	0:1239e9b70ca2	1207	int refCount; /* reference count */
wolfSSL	0:1239e9b70ca2	1208	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1209	buffer certificate;
wolfSSL	0:1239e9b70ca2	1210	buffer certChain;
wolfSSL	0:1239e9b70ca2	1211	/* chain after self, in DER, with leading size for each cert */
wolfSSL	0:1239e9b70ca2	1212	buffer privateKey;
wolfSSL	0:1239e9b70ca2	1213	buffer serverDH_P;
wolfSSL	0:1239e9b70ca2	1214	buffer serverDH_G;
wolfSSL	0:1239e9b70ca2	1215	CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	0:1239e9b70ca2	1216	#endif
wolfSSL	0:1239e9b70ca2	1217	Suites suites;
wolfSSL	0:1239e9b70ca2	1218	void* heap; /* for user memory overrides */
wolfSSL	0:1239e9b70ca2	1219	byte verifyPeer;
wolfSSL	0:1239e9b70ca2	1220	byte verifyNone;
wolfSSL	0:1239e9b70ca2	1221	byte failNoCert;
wolfSSL	0:1239e9b70ca2	1222	byte sessionCacheOff;
wolfSSL	0:1239e9b70ca2	1223	byte sessionCacheFlushOff;
wolfSSL	0:1239e9b70ca2	1224	byte sendVerify; /* for client side */
wolfSSL	0:1239e9b70ca2	1225	byte haveRSA; /* RSA available */
wolfSSL	0:1239e9b70ca2	1226	byte haveDH; /* server DH parms set by user */
wolfSSL	0:1239e9b70ca2	1227	byte haveNTRU; /* server private NTRU key loaded */
wolfSSL	0:1239e9b70ca2	1228	byte haveECDSAsig; /* server cert signed w/ ECDSA */
wolfSSL	0:1239e9b70ca2	1229	byte haveStaticECC; /* static server ECC private key */
wolfSSL	0:1239e9b70ca2	1230	byte partialWrite; /* only one msg per write call */
wolfSSL	0:1239e9b70ca2	1231	byte quietShutdown; /* don't send close notify */
wolfSSL	0:1239e9b70ca2	1232	byte groupMessages; /* group handshake messages before sending */
wolfSSL	0:1239e9b70ca2	1233	CallbackIORecv CBIORecv;
wolfSSL	0:1239e9b70ca2	1234	CallbackIOSend CBIOSend;
wolfSSL	0:1239e9b70ca2	1235	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1236	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	0:1239e9b70ca2	1237	#endif
wolfSSL	0:1239e9b70ca2	1238	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	0:1239e9b70ca2	1239	word32 timeout; /* session timeout */
wolfSSL	0:1239e9b70ca2	1240	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1241	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	0:1239e9b70ca2	1242	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	0:1239e9b70ca2	1243	#endif
wolfSSL	0:1239e9b70ca2	1244	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	1245	byte havePSK; /* psk key set by user */
wolfSSL	0:1239e9b70ca2	1246	psk_client_callback client_psk_cb; /* client callback */
wolfSSL	0:1239e9b70ca2	1247	psk_server_callback server_psk_cb; /* server callback */
wolfSSL	0:1239e9b70ca2	1248	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	0:1239e9b70ca2	1249	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	1250	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	1251	pem_password_cb passwd_cb;
wolfSSL	0:1239e9b70ca2	1252	void* userdata;
wolfSSL	0:1239e9b70ca2	1253	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1254	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	1255	CYASSL_OCSP ocsp;
wolfSSL	0:1239e9b70ca2	1256	#endif
wolfSSL	0:1239e9b70ca2	1257	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	1258	int devId; /* cavium device id to use */
wolfSSL	0:1239e9b70ca2	1259	#endif
wolfSSL	0:1239e9b70ca2	1260	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	1261	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	0:1239e9b70ca2	1262	#endif
wolfSSL	0:1239e9b70ca2	1263	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	1264	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	0:1239e9b70ca2	1265	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	0:1239e9b70ca2	1266	#endif
wolfSSL	0:1239e9b70ca2	1267	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1268	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1269	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	0:1239e9b70ca2	1270	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	0:1239e9b70ca2	1271	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1272	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1273	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
wolfSSL	0:1239e9b70ca2	1274	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
wolfSSL	0:1239e9b70ca2	1275	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	0:1239e9b70ca2	1276	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	0:1239e9b70ca2	1277	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1278	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1279	};
wolfSSL	0:1239e9b70ca2	1280
wolfSSL	0:1239e9b70ca2	1281
wolfSSL	0:1239e9b70ca2	1282	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1283	int InitSSL_Ctx(CYASSL_CTX, CYASSL_METHOD);
wolfSSL	0:1239e9b70ca2	1284	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1285	void FreeSSL_Ctx(CYASSL_CTX*);
wolfSSL	0:1239e9b70ca2	1286	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1287	void SSL_CtxResourceFree(CYASSL_CTX*);
wolfSSL	0:1239e9b70ca2	1288
wolfSSL	0:1239e9b70ca2	1289	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1290	int DeriveTlsKeys(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	1291	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1292	int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	1293	word32 inSz, word16 sz);
wolfSSL	0:1239e9b70ca2	1294	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1295	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1296	int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
wolfSSL	0:1239e9b70ca2	1297	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1298	int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	0:1239e9b70ca2	1299	#endif
wolfSSL	0:1239e9b70ca2	1300
wolfSSL	0:1239e9b70ca2	1301	/* All cipher suite related info */
wolfSSL	0:1239e9b70ca2	1302	typedef struct CipherSpecs {
wolfSSL	0:1239e9b70ca2	1303	byte bulk_cipher_algorithm;
wolfSSL	0:1239e9b70ca2	1304	byte cipher_type; /* block, stream, or aead */
wolfSSL	0:1239e9b70ca2	1305	byte mac_algorithm;
wolfSSL	0:1239e9b70ca2	1306	byte kea; /* key exchange algo */
wolfSSL	0:1239e9b70ca2	1307	byte sig_algo;
wolfSSL	0:1239e9b70ca2	1308	byte hash_size;
wolfSSL	0:1239e9b70ca2	1309	byte pad_size;
wolfSSL	0:1239e9b70ca2	1310	byte static_ecdh;
wolfSSL	0:1239e9b70ca2	1311	word16 key_size;
wolfSSL	0:1239e9b70ca2	1312	word16 iv_size;
wolfSSL	0:1239e9b70ca2	1313	word16 block_size;
wolfSSL	0:1239e9b70ca2	1314	word16 aead_mac_size;
wolfSSL	0:1239e9b70ca2	1315	} CipherSpecs;
wolfSSL	0:1239e9b70ca2	1316
wolfSSL	0:1239e9b70ca2	1317
wolfSSL	0:1239e9b70ca2	1318	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	0:1239e9b70ca2	1319
wolfSSL	0:1239e9b70ca2	1320
wolfSSL	0:1239e9b70ca2	1321	/* Supported Message Authentication Codes from page 43 */
wolfSSL	0:1239e9b70ca2	1322	enum MACAlgorithm {
wolfSSL	0:1239e9b70ca2	1323	no_mac,
wolfSSL	0:1239e9b70ca2	1324	md5_mac,
wolfSSL	0:1239e9b70ca2	1325	sha_mac,
wolfSSL	0:1239e9b70ca2	1326	sha224_mac,
wolfSSL	0:1239e9b70ca2	1327	sha256_mac,
wolfSSL	0:1239e9b70ca2	1328	sha384_mac,
wolfSSL	0:1239e9b70ca2	1329	sha512_mac,
wolfSSL	0:1239e9b70ca2	1330	rmd_mac,
wolfSSL	0:1239e9b70ca2	1331	blake2b_mac
wolfSSL	0:1239e9b70ca2	1332	};
wolfSSL	0:1239e9b70ca2	1333
wolfSSL	0:1239e9b70ca2	1334
wolfSSL	0:1239e9b70ca2	1335	/* Supported Key Exchange Protocols */
wolfSSL	0:1239e9b70ca2	1336	enum KeyExchangeAlgorithm {
wolfSSL	0:1239e9b70ca2	1337	no_kea,
wolfSSL	0:1239e9b70ca2	1338	rsa_kea,
wolfSSL	0:1239e9b70ca2	1339	diffie_hellman_kea,
wolfSSL	0:1239e9b70ca2	1340	fortezza_kea,
wolfSSL	0:1239e9b70ca2	1341	psk_kea,
wolfSSL	0:1239e9b70ca2	1342	ntru_kea,
wolfSSL	0:1239e9b70ca2	1343	ecc_diffie_hellman_kea,
wolfSSL	0:1239e9b70ca2	1344	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	0:1239e9b70ca2	1345	};
wolfSSL	0:1239e9b70ca2	1346
wolfSSL	0:1239e9b70ca2	1347
wolfSSL	0:1239e9b70ca2	1348	/* Supported Authentication Schemes */
wolfSSL	0:1239e9b70ca2	1349	enum SignatureAlgorithm {
wolfSSL	0:1239e9b70ca2	1350	anonymous_sa_algo,
wolfSSL	0:1239e9b70ca2	1351	rsa_sa_algo,
wolfSSL	0:1239e9b70ca2	1352	dsa_sa_algo,
wolfSSL	0:1239e9b70ca2	1353	ecc_dsa_sa_algo
wolfSSL	0:1239e9b70ca2	1354	};
wolfSSL	0:1239e9b70ca2	1355
wolfSSL	0:1239e9b70ca2	1356
wolfSSL	0:1239e9b70ca2	1357	/* Supprted ECC Curve Types */
wolfSSL	0:1239e9b70ca2	1358	enum EccCurves {
wolfSSL	0:1239e9b70ca2	1359	named_curve = 3
wolfSSL	0:1239e9b70ca2	1360	};
wolfSSL	0:1239e9b70ca2	1361
wolfSSL	0:1239e9b70ca2	1362
wolfSSL	0:1239e9b70ca2	1363	/* Supprted ECC Named Curves */
wolfSSL	0:1239e9b70ca2	1364	enum EccNamedCurves {
wolfSSL	0:1239e9b70ca2	1365	secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */
wolfSSL	0:1239e9b70ca2	1366	secp384r1 = 0x18,
wolfSSL	0:1239e9b70ca2	1367	secp521r1 = 0x19,
wolfSSL	0:1239e9b70ca2	1368
wolfSSL	0:1239e9b70ca2	1369	secp160r1 = 0x10,
wolfSSL	0:1239e9b70ca2	1370	secp192r1 = 0x13, /* Openssl also call it prime192v1 */
wolfSSL	0:1239e9b70ca2	1371	secp224r1 = 0x15
wolfSSL	0:1239e9b70ca2	1372	};
wolfSSL	0:1239e9b70ca2	1373
wolfSSL	0:1239e9b70ca2	1374
wolfSSL	0:1239e9b70ca2	1375	/* Valid client certificate request types from page 27 */
wolfSSL	0:1239e9b70ca2	1376	enum ClientCertificateType {
wolfSSL	0:1239e9b70ca2	1377	rsa_sign = 1,
wolfSSL	0:1239e9b70ca2	1378	dss_sign = 2,
wolfSSL	0:1239e9b70ca2	1379	rsa_fixed_dh = 3,
wolfSSL	0:1239e9b70ca2	1380	dss_fixed_dh = 4,
wolfSSL	0:1239e9b70ca2	1381	rsa_ephemeral_dh = 5,
wolfSSL	0:1239e9b70ca2	1382	dss_ephemeral_dh = 6,
wolfSSL	0:1239e9b70ca2	1383	fortezza_kea_cert = 20
wolfSSL	0:1239e9b70ca2	1384	};
wolfSSL	0:1239e9b70ca2	1385
wolfSSL	0:1239e9b70ca2	1386
wolfSSL	0:1239e9b70ca2	1387	enum CipherType { stream, block, aead };
wolfSSL	0:1239e9b70ca2	1388
wolfSSL	0:1239e9b70ca2	1389
wolfSSL	0:1239e9b70ca2	1390	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1391
wolfSSL	0:1239e9b70ca2	1392	#ifdef WORD64_AVAILABLE
wolfSSL	0:1239e9b70ca2	1393	typedef word64 DtlsSeq;
wolfSSL	0:1239e9b70ca2	1394	#else
wolfSSL	0:1239e9b70ca2	1395	typedef word32 DtlsSeq;
wolfSSL	0:1239e9b70ca2	1396	#endif
wolfSSL	0:1239e9b70ca2	1397	#define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
wolfSSL	0:1239e9b70ca2	1398
wolfSSL	0:1239e9b70ca2	1399	typedef struct DtlsState {
wolfSSL	0:1239e9b70ca2	1400	DtlsSeq window; /* Sliding window for current epoch */
wolfSSL	0:1239e9b70ca2	1401	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	0:1239e9b70ca2	1402	word32 nextSeq; /* Expected sequence in next record */
wolfSSL	0:1239e9b70ca2	1403
wolfSSL	0:1239e9b70ca2	1404	word16 curEpoch; /* Received epoch in current record */
wolfSSL	0:1239e9b70ca2	1405	word32 curSeq; /* Received sequence in current record */
wolfSSL	0:1239e9b70ca2	1406
wolfSSL	0:1239e9b70ca2	1407	DtlsSeq prevWindow; /* Sliding window for old epoch */
wolfSSL	0:1239e9b70ca2	1408	word32 prevSeq; /* Next sequence in allowed old epoch */
wolfSSL	0:1239e9b70ca2	1409	} DtlsState;
wolfSSL	0:1239e9b70ca2	1410
wolfSSL	0:1239e9b70ca2	1411	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	1412
wolfSSL	0:1239e9b70ca2	1413
wolfSSL	0:1239e9b70ca2	1414	/* keys and secrets */
wolfSSL	0:1239e9b70ca2	1415	typedef struct Keys {
wolfSSL	0:1239e9b70ca2	1416	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	0:1239e9b70ca2	1417	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	1418	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
wolfSSL	0:1239e9b70ca2	1419	byte server_write_key[AES_256_KEY_SIZE];
wolfSSL	0:1239e9b70ca2	1420	byte client_write_IV[AES_IV_SIZE]; /* max sizes */
wolfSSL	0:1239e9b70ca2	1421	byte server_write_IV[AES_IV_SIZE];
wolfSSL	0:1239e9b70ca2	1422	#ifdef HAVE_AEAD
wolfSSL	0:1239e9b70ca2	1423	byte aead_exp_IV[AEAD_EXP_IV_SZ];
wolfSSL	0:1239e9b70ca2	1424	byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
wolfSSL	0:1239e9b70ca2	1425	byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
wolfSSL	0:1239e9b70ca2	1426	#endif
wolfSSL	0:1239e9b70ca2	1427
wolfSSL	0:1239e9b70ca2	1428	word32 peer_sequence_number;
wolfSSL	0:1239e9b70ca2	1429	word32 sequence_number;
wolfSSL	0:1239e9b70ca2	1430
wolfSSL	0:1239e9b70ca2	1431	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1432	DtlsState dtls_state; /* Peer's state */
wolfSSL	0:1239e9b70ca2	1433	word16 dtls_peer_handshake_number;
wolfSSL	0:1239e9b70ca2	1434	word16 dtls_expected_peer_handshake_number;
wolfSSL	0:1239e9b70ca2	1435
wolfSSL	0:1239e9b70ca2	1436	word16 dtls_epoch; /* Current tx epoch */
wolfSSL	0:1239e9b70ca2	1437	word32 dtls_sequence_number; /* Current tx sequence */
wolfSSL	0:1239e9b70ca2	1438	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	0:1239e9b70ca2	1439	#endif
wolfSSL	0:1239e9b70ca2	1440
wolfSSL	0:1239e9b70ca2	1441	word32 encryptSz; /* last size of encrypted data */
wolfSSL	0:1239e9b70ca2	1442	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	0:1239e9b70ca2	1443	byte encryptionOn; /* true after change cipher spec */
wolfSSL	0:1239e9b70ca2	1444	byte decryptedCur; /* only decrypt current record once */
wolfSSL	0:1239e9b70ca2	1445	} Keys;
wolfSSL	0:1239e9b70ca2	1446
wolfSSL	0:1239e9b70ca2	1447
wolfSSL	0:1239e9b70ca2	1448	/* cipher for now */
wolfSSL	0:1239e9b70ca2	1449	typedef struct Ciphers {
wolfSSL	0:1239e9b70ca2	1450	#ifdef BUILD_ARC4
wolfSSL	0:1239e9b70ca2	1451	Arc4* arc4;
wolfSSL	0:1239e9b70ca2	1452	#endif
wolfSSL	0:1239e9b70ca2	1453	#ifdef BUILD_DES3
wolfSSL	0:1239e9b70ca2	1454	Des3* des3;
wolfSSL	0:1239e9b70ca2	1455	#endif
wolfSSL	0:1239e9b70ca2	1456	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	0:1239e9b70ca2	1457	Aes* aes;
wolfSSL	0:1239e9b70ca2	1458	#endif
wolfSSL	0:1239e9b70ca2	1459	#ifdef HAVE_CAMELLIA
wolfSSL	0:1239e9b70ca2	1460	Camellia* cam;
wolfSSL	0:1239e9b70ca2	1461	#endif
wolfSSL	0:1239e9b70ca2	1462	#ifdef HAVE_HC128
wolfSSL	0:1239e9b70ca2	1463	HC128* hc128;
wolfSSL	0:1239e9b70ca2	1464	#endif
wolfSSL	0:1239e9b70ca2	1465	#ifdef BUILD_RABBIT
wolfSSL	0:1239e9b70ca2	1466	Rabbit* rabbit;
wolfSSL	0:1239e9b70ca2	1467	#endif
wolfSSL	0:1239e9b70ca2	1468	byte setup; /* have we set it up flag for detection */
wolfSSL	0:1239e9b70ca2	1469	} Ciphers;
wolfSSL	0:1239e9b70ca2	1470
wolfSSL	0:1239e9b70ca2	1471
wolfSSL	0:1239e9b70ca2	1472	CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	1473	CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	1474
wolfSSL	0:1239e9b70ca2	1475
wolfSSL	0:1239e9b70ca2	1476	/* hashes type */
wolfSSL	0:1239e9b70ca2	1477	typedef struct Hashes {
wolfSSL	0:1239e9b70ca2	1478	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1479	byte md5[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	1480	#endif
wolfSSL	0:1239e9b70ca2	1481	byte sha[SHA_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	1482	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	1483	byte sha256[SHA256_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	1484	#endif
wolfSSL	0:1239e9b70ca2	1485	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	1486	byte sha384[SHA384_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	1487	#endif
wolfSSL	0:1239e9b70ca2	1488	} Hashes;
wolfSSL	0:1239e9b70ca2	1489
wolfSSL	0:1239e9b70ca2	1490
wolfSSL	0:1239e9b70ca2	1491	/* Static x509 buffer */
wolfSSL	0:1239e9b70ca2	1492	typedef struct x509_buffer {
wolfSSL	0:1239e9b70ca2	1493	int length; /* actual size */
wolfSSL	0:1239e9b70ca2	1494	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	0:1239e9b70ca2	1495	} x509_buffer;
wolfSSL	0:1239e9b70ca2	1496
wolfSSL	0:1239e9b70ca2	1497
wolfSSL	0:1239e9b70ca2	1498	/* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	1499	struct CYASSL_X509_CHAIN {
wolfSSL	0:1239e9b70ca2	1500	int count; /* total number in chain */
wolfSSL	0:1239e9b70ca2	1501	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	0:1239e9b70ca2	1502	};
wolfSSL	0:1239e9b70ca2	1503
wolfSSL	0:1239e9b70ca2	1504
wolfSSL	0:1239e9b70ca2	1505	/* CyaSSL session type */
wolfSSL	0:1239e9b70ca2	1506	struct CYASSL_SESSION {
wolfSSL	0:1239e9b70ca2	1507	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	0:1239e9b70ca2	1508	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	0:1239e9b70ca2	1509	word32 bornOn; /* create time in seconds */
wolfSSL	0:1239e9b70ca2	1510	word32 timeout; /* timeout in seconds */
wolfSSL	0:1239e9b70ca2	1511	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	1512	CYASSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	0:1239e9b70ca2	1513	ProtocolVersion version; /* which version was used */
wolfSSL	0:1239e9b70ca2	1514	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	0:1239e9b70ca2	1515	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	0:1239e9b70ca2	1516	#endif
wolfSSL	0:1239e9b70ca2	1517	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	1518	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	0:1239e9b70ca2	1519	word16 idLen; /* serverID length */
wolfSSL	0:1239e9b70ca2	1520	#endif
wolfSSL	0:1239e9b70ca2	1521	};
wolfSSL	0:1239e9b70ca2	1522
wolfSSL	0:1239e9b70ca2	1523
wolfSSL	0:1239e9b70ca2	1524	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1525	CYASSL_SESSION* GetSession(CYASSL, byte);
wolfSSL	0:1239e9b70ca2	1526	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1527	int SetSession(CYASSL, CYASSL_SESSION);
wolfSSL	0:1239e9b70ca2	1528
wolfSSL	0:1239e9b70ca2	1529	typedef int (hmacfp) (CYASSL, byte, const byte, word32, int, int);
wolfSSL	0:1239e9b70ca2	1530
wolfSSL	0:1239e9b70ca2	1531	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	1532	CYASSL_SESSION* GetSessionClient(CYASSL, const byte, int);
wolfSSL	0:1239e9b70ca2	1533	#endif
wolfSSL	0:1239e9b70ca2	1534
wolfSSL	0:1239e9b70ca2	1535	/* client connect state for nonblocking restart */
wolfSSL	0:1239e9b70ca2	1536	enum ConnectState {
wolfSSL	0:1239e9b70ca2	1537	CONNECT_BEGIN = 0,
wolfSSL	0:1239e9b70ca2	1538	CLIENT_HELLO_SENT,
wolfSSL	0:1239e9b70ca2	1539	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	0:1239e9b70ca2	1540	HELLO_AGAIN_REPLY,
wolfSSL	0:1239e9b70ca2	1541	FIRST_REPLY_DONE,
wolfSSL	0:1239e9b70ca2	1542	FIRST_REPLY_FIRST,
wolfSSL	0:1239e9b70ca2	1543	FIRST_REPLY_SECOND,
wolfSSL	0:1239e9b70ca2	1544	FIRST_REPLY_THIRD,
wolfSSL	0:1239e9b70ca2	1545	FIRST_REPLY_FOURTH,
wolfSSL	0:1239e9b70ca2	1546	FINISHED_DONE,
wolfSSL	0:1239e9b70ca2	1547	SECOND_REPLY_DONE
wolfSSL	0:1239e9b70ca2	1548	};
wolfSSL	0:1239e9b70ca2	1549
wolfSSL	0:1239e9b70ca2	1550
wolfSSL	0:1239e9b70ca2	1551	/* server accept state for nonblocking restart */
wolfSSL	0:1239e9b70ca2	1552	enum AcceptState {
wolfSSL	0:1239e9b70ca2	1553	ACCEPT_BEGIN = 0,
wolfSSL	0:1239e9b70ca2	1554	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	0:1239e9b70ca2	1555	HELLO_VERIFY_SENT,
wolfSSL	0:1239e9b70ca2	1556	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	0:1239e9b70ca2	1557	SERVER_HELLO_SENT,
wolfSSL	0:1239e9b70ca2	1558	CERT_SENT,
wolfSSL	0:1239e9b70ca2	1559	KEY_EXCHANGE_SENT,
wolfSSL	0:1239e9b70ca2	1560	CERT_REQ_SENT,
wolfSSL	0:1239e9b70ca2	1561	SERVER_HELLO_DONE,
wolfSSL	0:1239e9b70ca2	1562	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	0:1239e9b70ca2	1563	CHANGE_CIPHER_SENT,
wolfSSL	0:1239e9b70ca2	1564	ACCEPT_FINISHED_DONE,
wolfSSL	0:1239e9b70ca2	1565	ACCEPT_THIRD_REPLY_DONE
wolfSSL	0:1239e9b70ca2	1566	};
wolfSSL	0:1239e9b70ca2	1567
wolfSSL	0:1239e9b70ca2	1568
wolfSSL	0:1239e9b70ca2	1569	typedef struct Buffers {
wolfSSL	0:1239e9b70ca2	1570	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1571	buffer certificate; /* CYASSL_CTX owns, unless we own */
wolfSSL	0:1239e9b70ca2	1572	buffer key; /* CYASSL_CTX owns, unless we own */
wolfSSL	0:1239e9b70ca2	1573	buffer certChain; /* CYASSL_CTX owns */
wolfSSL	0:1239e9b70ca2	1574	/* chain after self, in DER, with leading size for each cert */
wolfSSL	0:1239e9b70ca2	1575	buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
wolfSSL	0:1239e9b70ca2	1576	buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
wolfSSL	0:1239e9b70ca2	1577	buffer serverDH_Pub;
wolfSSL	0:1239e9b70ca2	1578	buffer serverDH_Priv;
wolfSSL	0:1239e9b70ca2	1579	#endif
wolfSSL	0:1239e9b70ca2	1580	buffer domainName; /* for client check */
wolfSSL	0:1239e9b70ca2	1581	bufferStatic inputBuffer;
wolfSSL	0:1239e9b70ca2	1582	bufferStatic outputBuffer;
wolfSSL	0:1239e9b70ca2	1583	buffer clearOutputBuffer;
wolfSSL	0:1239e9b70ca2	1584	int prevSent; /* previous plain text bytes sent
wolfSSL	0:1239e9b70ca2	1585	when got WANT_WRITE */
wolfSSL	0:1239e9b70ca2	1586	int plainSz; /* plain text bytes in buffer to send
wolfSSL	0:1239e9b70ca2	1587	when got WANT_WRITE */
wolfSSL	0:1239e9b70ca2	1588	byte weOwnCert; /* SSL own cert flag */
wolfSSL	0:1239e9b70ca2	1589	byte weOwnKey; /* SSL own key flag */
wolfSSL	0:1239e9b70ca2	1590	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	0:1239e9b70ca2	1591	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1592	CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	0:1239e9b70ca2	1593	#endif
wolfSSL	0:1239e9b70ca2	1594	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1595	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1596	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	0:1239e9b70ca2	1597	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1598	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1599	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	0:1239e9b70ca2	1600	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1601	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1602	} Buffers;
wolfSSL	0:1239e9b70ca2	1603
wolfSSL	0:1239e9b70ca2	1604	typedef struct Options {
wolfSSL	0:1239e9b70ca2	1605	byte sessionCacheOff;
wolfSSL	0:1239e9b70ca2	1606	byte sessionCacheFlushOff;
wolfSSL	0:1239e9b70ca2	1607	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	0:1239e9b70ca2	1608	byte cipherSuite; /* second byte, actual suite */
wolfSSL	0:1239e9b70ca2	1609	byte serverState;
wolfSSL	0:1239e9b70ca2	1610	byte clientState;
wolfSSL	0:1239e9b70ca2	1611	byte handShakeState;
wolfSSL	0:1239e9b70ca2	1612	byte side; /* client or server end */
wolfSSL	0:1239e9b70ca2	1613	byte verifyPeer;
wolfSSL	0:1239e9b70ca2	1614	byte verifyNone;
wolfSSL	0:1239e9b70ca2	1615	byte failNoCert;
wolfSSL	0:1239e9b70ca2	1616	byte downgrade; /* allow downgrade of versions */
wolfSSL	0:1239e9b70ca2	1617	byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	0:1239e9b70ca2	1618	byte resuming;
wolfSSL	0:1239e9b70ca2	1619	byte haveSessionId; /* server may not send */
wolfSSL	0:1239e9b70ca2	1620	byte tls; /* using TLS ? */
wolfSSL	0:1239e9b70ca2	1621	byte tls1_1; /* using TLSv1.1+ ? */
wolfSSL	0:1239e9b70ca2	1622	byte dtls; /* using datagrams ? */
wolfSSL	0:1239e9b70ca2	1623	byte connReset; /* has the peer reset */
wolfSSL	0:1239e9b70ca2	1624	byte isClosed; /* if we consider conn closed */
wolfSSL	0:1239e9b70ca2	1625	byte closeNotify; /* we've recieved a close notify */
wolfSSL	0:1239e9b70ca2	1626	byte sentNotify; /* we've sent a close notify */
wolfSSL	0:1239e9b70ca2	1627	byte connectState; /* nonblocking resume */
wolfSSL	0:1239e9b70ca2	1628	byte acceptState; /* nonblocking resume */
wolfSSL	0:1239e9b70ca2	1629	byte usingCompression; /* are we using compression */
wolfSSL	0:1239e9b70ca2	1630	byte haveRSA; /* RSA available */
wolfSSL	0:1239e9b70ca2	1631	byte haveDH; /* server DH parms set by user */
wolfSSL	0:1239e9b70ca2	1632	byte haveNTRU; /* server NTRU private key loaded */
wolfSSL	0:1239e9b70ca2	1633	byte haveECDSAsig; /* server ECDSA signed cert */
wolfSSL	0:1239e9b70ca2	1634	byte haveStaticECC; /* static server ECC private key */
wolfSSL	0:1239e9b70ca2	1635	byte havePeerCert; /* do we have peer's cert */
wolfSSL	0:1239e9b70ca2	1636	byte havePeerVerify; /* and peer's cert verify */
wolfSSL	0:1239e9b70ca2	1637	byte usingPSK_cipher; /* whether we're using psk as cipher */
wolfSSL	0:1239e9b70ca2	1638	byte sendAlertState; /* nonblocking resume */
wolfSSL	0:1239e9b70ca2	1639	byte processReply; /* nonblocking resume */
wolfSSL	0:1239e9b70ca2	1640	byte partialWrite; /* only one msg per write call */
wolfSSL	0:1239e9b70ca2	1641	byte quietShutdown; /* don't send close notify */
wolfSSL	0:1239e9b70ca2	1642	byte certOnly; /* stop once we get cert */
wolfSSL	0:1239e9b70ca2	1643	byte groupMessages; /* group handshake messages */
wolfSSL	0:1239e9b70ca2	1644	byte usingNonblock; /* set when using nonblocking socket */
wolfSSL	0:1239e9b70ca2	1645	byte saveArrays; /* save array Memory for user get keys
wolfSSL	0:1239e9b70ca2	1646	or psk */
wolfSSL	0:1239e9b70ca2	1647	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	1648	byte havePSK; /* psk key set by user */
wolfSSL	0:1239e9b70ca2	1649	psk_client_callback client_psk_cb;
wolfSSL	0:1239e9b70ca2	1650	psk_server_callback server_psk_cb;
wolfSSL	0:1239e9b70ca2	1651	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	1652	} Options;
wolfSSL	0:1239e9b70ca2	1653
wolfSSL	0:1239e9b70ca2	1654	typedef struct Arrays {
wolfSSL	0:1239e9b70ca2	1655	byte clientRandom[RAN_LEN];
wolfSSL	0:1239e9b70ca2	1656	byte serverRandom[RAN_LEN];
wolfSSL	0:1239e9b70ca2	1657	byte sessionID[ID_LEN];
wolfSSL	0:1239e9b70ca2	1658	byte preMasterSecret[ENCRYPT_LEN];
wolfSSL	0:1239e9b70ca2	1659	byte masterSecret[SECRET_LEN];
wolfSSL	0:1239e9b70ca2	1660	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1661	byte cookie[MAX_COOKIE_LEN];
wolfSSL	0:1239e9b70ca2	1662	byte cookieSz;
wolfSSL	0:1239e9b70ca2	1663	#endif
wolfSSL	0:1239e9b70ca2	1664	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	1665	char client_identity[MAX_PSK_ID_LEN];
wolfSSL	0:1239e9b70ca2	1666	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	0:1239e9b70ca2	1667	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	0:1239e9b70ca2	1668	word32 psk_keySz; /* acutal size */
wolfSSL	0:1239e9b70ca2	1669	#endif
wolfSSL	0:1239e9b70ca2	1670	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	0:1239e9b70ca2	1671	} Arrays;
wolfSSL	0:1239e9b70ca2	1672
wolfSSL	0:1239e9b70ca2	1673	#ifndef ASN_NAME_MAX
wolfSSL	0:1239e9b70ca2	1674	#define ASN_NAME_MAX 256
wolfSSL	0:1239e9b70ca2	1675	#endif
wolfSSL	0:1239e9b70ca2	1676
wolfSSL	0:1239e9b70ca2	1677	#ifndef MAX_DATE_SZ
wolfSSL	0:1239e9b70ca2	1678	#define MAX_DATE_SZ 32
wolfSSL	0:1239e9b70ca2	1679	#endif
wolfSSL	0:1239e9b70ca2	1680
wolfSSL	0:1239e9b70ca2	1681	struct CYASSL_X509_NAME {
wolfSSL	0:1239e9b70ca2	1682	char *name;
wolfSSL	0:1239e9b70ca2	1683	char staticName[ASN_NAME_MAX];
wolfSSL	0:1239e9b70ca2	1684	int dynamicName;
wolfSSL	0:1239e9b70ca2	1685	int sz;
wolfSSL	0:1239e9b70ca2	1686	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1687	DecodedName fullName;
wolfSSL	0:1239e9b70ca2	1688	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1689	};
wolfSSL	0:1239e9b70ca2	1690
wolfSSL	0:1239e9b70ca2	1691	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	0:1239e9b70ca2	1692	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	0:1239e9b70ca2	1693	#endif
wolfSSL	0:1239e9b70ca2	1694
wolfSSL	0:1239e9b70ca2	1695	#ifdef NO_ASN
wolfSSL	0:1239e9b70ca2	1696	typedef struct DNS_entry DNS_entry;
wolfSSL	0:1239e9b70ca2	1697	#endif
wolfSSL	0:1239e9b70ca2	1698
wolfSSL	0:1239e9b70ca2	1699	struct CYASSL_X509 {
wolfSSL	0:1239e9b70ca2	1700	int version;
wolfSSL	0:1239e9b70ca2	1701	CYASSL_X509_NAME issuer;
wolfSSL	0:1239e9b70ca2	1702	CYASSL_X509_NAME subject;
wolfSSL	0:1239e9b70ca2	1703	int serialSz;
wolfSSL	0:1239e9b70ca2	1704	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	0:1239e9b70ca2	1705	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	0:1239e9b70ca2	1706	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	1707	int deviceTypeSz;
wolfSSL	0:1239e9b70ca2	1708	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	0:1239e9b70ca2	1709	int hwTypeSz;
wolfSSL	0:1239e9b70ca2	1710	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	0:1239e9b70ca2	1711	int hwSerialNumSz;
wolfSSL	0:1239e9b70ca2	1712	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	0:1239e9b70ca2	1713	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1714	byte certPolicySet;
wolfSSL	0:1239e9b70ca2	1715	byte certPolicyCrit;
wolfSSL	0:1239e9b70ca2	1716	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1717	#endif
wolfSSL	0:1239e9b70ca2	1718	int notBeforeSz;
wolfSSL	0:1239e9b70ca2	1719	byte notBefore[MAX_DATE_SZ];
wolfSSL	0:1239e9b70ca2	1720	int notAfterSz;
wolfSSL	0:1239e9b70ca2	1721	byte notAfter[MAX_DATE_SZ];
wolfSSL	0:1239e9b70ca2	1722	int sigOID;
wolfSSL	0:1239e9b70ca2	1723	buffer sig;
wolfSSL	0:1239e9b70ca2	1724	int pubKeyOID;
wolfSSL	0:1239e9b70ca2	1725	buffer pubKey;
wolfSSL	0:1239e9b70ca2	1726	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1727	word32 pkCurveOID;
wolfSSL	0:1239e9b70ca2	1728	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1729	buffer derCert; /* may need */
wolfSSL	0:1239e9b70ca2	1730	DNS_entry* altNames; /* alt names list */
wolfSSL	0:1239e9b70ca2	1731	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	0:1239e9b70ca2	1732	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	0:1239e9b70ca2	1733	byte isCa;
wolfSSL	0:1239e9b70ca2	1734	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1735	word32 pathLength;
wolfSSL	0:1239e9b70ca2	1736	word16 keyUsage;
wolfSSL	0:1239e9b70ca2	1737	byte basicConstSet;
wolfSSL	0:1239e9b70ca2	1738	byte basicConstCrit;
wolfSSL	0:1239e9b70ca2	1739	byte basicConstPlSet;
wolfSSL	0:1239e9b70ca2	1740	byte subjAltNameSet;
wolfSSL	0:1239e9b70ca2	1741	byte subjAltNameCrit;
wolfSSL	0:1239e9b70ca2	1742	byte authKeyIdSet;
wolfSSL	0:1239e9b70ca2	1743	byte authKeyIdCrit;
wolfSSL	0:1239e9b70ca2	1744	byte* authKeyId;
wolfSSL	0:1239e9b70ca2	1745	word32 authKeyIdSz;
wolfSSL	0:1239e9b70ca2	1746	byte subjKeyIdSet;
wolfSSL	0:1239e9b70ca2	1747	byte subjKeyIdCrit;
wolfSSL	0:1239e9b70ca2	1748	byte* subjKeyId;
wolfSSL	0:1239e9b70ca2	1749	word32 subjKeyIdSz;
wolfSSL	0:1239e9b70ca2	1750	byte keyUsageSet;
wolfSSL	0:1239e9b70ca2	1751	byte keyUsageCrit;
wolfSSL	0:1239e9b70ca2	1752	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1753	};
wolfSSL	0:1239e9b70ca2	1754
wolfSSL	0:1239e9b70ca2	1755
wolfSSL	0:1239e9b70ca2	1756	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	0:1239e9b70ca2	1757	typedef struct RecordLayerHeader {
wolfSSL	0:1239e9b70ca2	1758	byte type;
wolfSSL	0:1239e9b70ca2	1759	byte pvMajor;
wolfSSL	0:1239e9b70ca2	1760	byte pvMinor;
wolfSSL	0:1239e9b70ca2	1761	byte length[2];
wolfSSL	0:1239e9b70ca2	1762	} RecordLayerHeader;
wolfSSL	0:1239e9b70ca2	1763
wolfSSL	0:1239e9b70ca2	1764
wolfSSL	0:1239e9b70ca2	1765	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	0:1239e9b70ca2	1766	typedef struct DtlsRecordLayerHeader {
wolfSSL	0:1239e9b70ca2	1767	byte type;
wolfSSL	0:1239e9b70ca2	1768	byte pvMajor;
wolfSSL	0:1239e9b70ca2	1769	byte pvMinor;
wolfSSL	0:1239e9b70ca2	1770	byte epoch[2]; /* increment on cipher state change */
wolfSSL	0:1239e9b70ca2	1771	byte sequence_number[6]; /* per record */
wolfSSL	0:1239e9b70ca2	1772	byte length[2];
wolfSSL	0:1239e9b70ca2	1773	} DtlsRecordLayerHeader;
wolfSSL	0:1239e9b70ca2	1774
wolfSSL	0:1239e9b70ca2	1775
wolfSSL	0:1239e9b70ca2	1776	typedef struct DtlsPool {
wolfSSL	0:1239e9b70ca2	1777	buffer buf[DTLS_POOL_SZ];
wolfSSL	0:1239e9b70ca2	1778	int used;
wolfSSL	0:1239e9b70ca2	1779	} DtlsPool;
wolfSSL	0:1239e9b70ca2	1780
wolfSSL	0:1239e9b70ca2	1781	typedef struct DtlsMsg {
wolfSSL	0:1239e9b70ca2	1782	struct DtlsMsg* next;
wolfSSL	0:1239e9b70ca2	1783	word32 seq; /* Handshake sequence number */
wolfSSL	0:1239e9b70ca2	1784	word32 sz; /* Length of whole mesage */
wolfSSL	0:1239e9b70ca2	1785	word32 fragSz; /* Length of fragments received */
wolfSSL	0:1239e9b70ca2	1786	byte type;
wolfSSL	0:1239e9b70ca2	1787	byte* buf;
wolfSSL	0:1239e9b70ca2	1788	byte* msg;
wolfSSL	0:1239e9b70ca2	1789	} DtlsMsg;
wolfSSL	0:1239e9b70ca2	1790
wolfSSL	0:1239e9b70ca2	1791
wolfSSL	0:1239e9b70ca2	1792	#ifdef HAVE_NETX
wolfSSL	0:1239e9b70ca2	1793
wolfSSL	0:1239e9b70ca2	1794	/* NETX I/O Callback default */
wolfSSL	0:1239e9b70ca2	1795	typedef struct NetX_Ctx {
wolfSSL	0:1239e9b70ca2	1796	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	0:1239e9b70ca2	1797	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	0:1239e9b70ca2	1798	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	0:1239e9b70ca2	1799	ULONG nxWait; /* wait option flag */
wolfSSL	0:1239e9b70ca2	1800	} NetX_Ctx;
wolfSSL	0:1239e9b70ca2	1801
wolfSSL	0:1239e9b70ca2	1802	#endif
wolfSSL	0:1239e9b70ca2	1803
wolfSSL	0:1239e9b70ca2	1804
wolfSSL	0:1239e9b70ca2	1805	/* CyaSSL ssl type */
wolfSSL	0:1239e9b70ca2	1806	struct CYASSL {
wolfSSL	0:1239e9b70ca2	1807	CYASSL_CTX* ctx;
wolfSSL	0:1239e9b70ca2	1808	int error;
wolfSSL	0:1239e9b70ca2	1809	ProtocolVersion version; /* negotiated version */
wolfSSL	0:1239e9b70ca2	1810	ProtocolVersion chVersion; /* client hello version */
wolfSSL	0:1239e9b70ca2	1811	Suites* suites; /* only need during handshake */
wolfSSL	0:1239e9b70ca2	1812	Ciphers encrypt;
wolfSSL	0:1239e9b70ca2	1813	Ciphers decrypt;
wolfSSL	0:1239e9b70ca2	1814	CipherSpecs specs;
wolfSSL	0:1239e9b70ca2	1815	Keys keys;
wolfSSL	0:1239e9b70ca2	1816	int rfd; /* read file descriptor */
wolfSSL	0:1239e9b70ca2	1817	int wfd; /* write file descriptor */
wolfSSL	0:1239e9b70ca2	1818	int rflags; /* user read flags */
wolfSSL	0:1239e9b70ca2	1819	int wflags; /* user write flags */
wolfSSL	0:1239e9b70ca2	1820	CYASSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	0:1239e9b70ca2	1821	CYASSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	0:1239e9b70ca2	1822	void* IOCB_ReadCtx;
wolfSSL	0:1239e9b70ca2	1823	void* IOCB_WriteCtx;
wolfSSL	0:1239e9b70ca2	1824	RNG* rng;
wolfSSL	0:1239e9b70ca2	1825	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1826	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	1827	Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	0:1239e9b70ca2	1828	#endif
wolfSSL	0:1239e9b70ca2	1829	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	1830	Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	0:1239e9b70ca2	1831	#endif
wolfSSL	0:1239e9b70ca2	1832	#endif
wolfSSL	0:1239e9b70ca2	1833	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	1834	Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	0:1239e9b70ca2	1835	#endif
wolfSSL	0:1239e9b70ca2	1836	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	1837	Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	0:1239e9b70ca2	1838	#endif
wolfSSL	0:1239e9b70ca2	1839	Hashes verifyHashes;
wolfSSL	0:1239e9b70ca2	1840	Hashes certHashes; /* for cert verify */
wolfSSL	0:1239e9b70ca2	1841	Buffers buffers;
wolfSSL	0:1239e9b70ca2	1842	Options options;
wolfSSL	0:1239e9b70ca2	1843	Arrays* arrays;
wolfSSL	0:1239e9b70ca2	1844	CYASSL_SESSION session;
wolfSSL	0:1239e9b70ca2	1845	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	0:1239e9b70ca2	1846	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	0:1239e9b70ca2	1847	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1848	RsaKey* peerRsaKey;
wolfSSL	0:1239e9b70ca2	1849	byte peerRsaKeyPresent;
wolfSSL	0:1239e9b70ca2	1850	#endif
wolfSSL	0:1239e9b70ca2	1851	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	1852	word16 peerNtruKeyLen;
wolfSSL	0:1239e9b70ca2	1853	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	0:1239e9b70ca2	1854	byte peerNtruKeyPresent;
wolfSSL	0:1239e9b70ca2	1855	#endif
wolfSSL	0:1239e9b70ca2	1856	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1857	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	0:1239e9b70ca2	1858	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	0:1239e9b70ca2	1859	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	0:1239e9b70ca2	1860	ecc_key* eccDsaKey; /* private ECDSA key */
wolfSSL	0:1239e9b70ca2	1861	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	0:1239e9b70ca2	1862	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	0:1239e9b70ca2	1863	byte peerEccKeyPresent;
wolfSSL	0:1239e9b70ca2	1864	byte peerEccDsaKeyPresent;
wolfSSL	0:1239e9b70ca2	1865	byte eccTempKeyPresent;
wolfSSL	0:1239e9b70ca2	1866	byte eccDsaKeyPresent;
wolfSSL	0:1239e9b70ca2	1867	#endif
wolfSSL	0:1239e9b70ca2	1868	hmacfp hmac;
wolfSSL	0:1239e9b70ca2	1869	void* heap; /* for user overrides */
wolfSSL	0:1239e9b70ca2	1870	RecordLayerHeader curRL;
wolfSSL	0:1239e9b70ca2	1871	word16 curSize;
wolfSSL	0:1239e9b70ca2	1872	word32 timeout; /* session timeout */
wolfSSL	0:1239e9b70ca2	1873	CYASSL_CIPHER cipher;
wolfSSL	0:1239e9b70ca2	1874	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	1875	z_stream c_stream; /* compression stream */
wolfSSL	0:1239e9b70ca2	1876	z_stream d_stream; /* decompression stream */
wolfSSL	0:1239e9b70ca2	1877	byte didStreamInit; /* for stream init and end */
wolfSSL	0:1239e9b70ca2	1878	#endif
wolfSSL	0:1239e9b70ca2	1879	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1880	int dtls_timeout_init; /* starting timeout vaule */
wolfSSL	0:1239e9b70ca2	1881	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	0:1239e9b70ca2	1882	int dtls_timeout; /* current timeout value, changes */
wolfSSL	0:1239e9b70ca2	1883	DtlsPool* dtls_pool;
wolfSSL	0:1239e9b70ca2	1884	DtlsMsg* dtls_msg_list;
wolfSSL	0:1239e9b70ca2	1885	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	0:1239e9b70ca2	1886	word32 dtls_expected_rx;
wolfSSL	0:1239e9b70ca2	1887	#endif
wolfSSL	0:1239e9b70ca2	1888	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	1889	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	0:1239e9b70ca2	1890	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	0:1239e9b70ca2	1891	byte hsInfoOn; /* track handshake info */
wolfSSL	0:1239e9b70ca2	1892	byte toInfoOn; /* track timeout info */
wolfSSL	0:1239e9b70ca2	1893	#endif
wolfSSL	0:1239e9b70ca2	1894	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	1895	CYASSL_X509 peerCert; /* X509 peer cert */
wolfSSL	0:1239e9b70ca2	1896	#endif
wolfSSL	0:1239e9b70ca2	1897	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	1898	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL	0:1239e9b70ca2	1899	#endif
wolfSSL	0:1239e9b70ca2	1900	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	1901	int devId; /* cavium device id to use */
wolfSSL	0:1239e9b70ca2	1902	#endif
wolfSSL	0:1239e9b70ca2	1903	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	1904	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	0:1239e9b70ca2	1905	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	1906	word16 max_fragment;
wolfSSL	0:1239e9b70ca2	1907	#endif
wolfSSL	0:1239e9b70ca2	1908	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	1909	byte truncated_hmac;
wolfSSL	0:1239e9b70ca2	1910	#endif
wolfSSL	0:1239e9b70ca2	1911	#endif
wolfSSL	0:1239e9b70ca2	1912	#ifdef HAVE_NETX
wolfSSL	0:1239e9b70ca2	1913	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	0:1239e9b70ca2	1914	#endif
wolfSSL	0:1239e9b70ca2	1915	#ifdef SESSION_INDEX
wolfSSL	0:1239e9b70ca2	1916	int sessionIndex; /* Session's location in the cache. */
wolfSSL	0:1239e9b70ca2	1917	#endif
wolfSSL	0:1239e9b70ca2	1918	CYASSL_ALERT_HISTORY alert_history;
wolfSSL	0:1239e9b70ca2	1919	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	1920	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	0:1239e9b70ca2	1921	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	0:1239e9b70ca2	1922	#endif
wolfSSL	0:1239e9b70ca2	1923	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1924	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1925	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	0:1239e9b70ca2	1926	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	0:1239e9b70ca2	1927	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1928	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1929	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	0:1239e9b70ca2	1930	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	0:1239e9b70ca2	1931	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	0:1239e9b70ca2	1932	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	0:1239e9b70ca2	1933	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1934	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1935	};
wolfSSL	0:1239e9b70ca2	1936
wolfSSL	0:1239e9b70ca2	1937
wolfSSL	0:1239e9b70ca2	1938	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1939	int InitSSL(CYASSL, CYASSL_CTX);
wolfSSL	0:1239e9b70ca2	1940	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1941	void FreeSSL(CYASSL*);
wolfSSL	0:1239e9b70ca2	1942	CYASSL_API void SSL_ResourceFree(CYASSL); / Micrium uses */
wolfSSL	0:1239e9b70ca2	1943
wolfSSL	0:1239e9b70ca2	1944
wolfSSL	0:1239e9b70ca2	1945	enum {
wolfSSL	0:1239e9b70ca2	1946	IV_SZ = 32, /* max iv sz */
wolfSSL	0:1239e9b70ca2	1947	NAME_SZ = 80 /* max one line */
wolfSSL	0:1239e9b70ca2	1948	};
wolfSSL	0:1239e9b70ca2	1949
wolfSSL	0:1239e9b70ca2	1950
wolfSSL	0:1239e9b70ca2	1951	typedef struct EncryptedInfo {
wolfSSL	0:1239e9b70ca2	1952	char name[NAME_SZ]; /* encryption name */
wolfSSL	0:1239e9b70ca2	1953	byte iv[IV_SZ]; /* encrypted IV */
wolfSSL	0:1239e9b70ca2	1954	word32 ivSz; /* encrypted IV size */
wolfSSL	0:1239e9b70ca2	1955	long consumed; /* tracks PEM bytes consumed */
wolfSSL	0:1239e9b70ca2	1956	byte set; /* if encryption set */
wolfSSL	0:1239e9b70ca2	1957	CYASSL_CTX* ctx; /* CTX owner */
wolfSSL	0:1239e9b70ca2	1958	} EncryptedInfo;
wolfSSL	0:1239e9b70ca2	1959
wolfSSL	0:1239e9b70ca2	1960
wolfSSL	0:1239e9b70ca2	1961	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1962	CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL	0:1239e9b70ca2	1963	buffer* der, void* heap, EncryptedInfo* info,
wolfSSL	0:1239e9b70ca2	1964	int* eccKey);
wolfSSL	0:1239e9b70ca2	1965
wolfSSL	0:1239e9b70ca2	1966	CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
wolfSSL	0:1239e9b70ca2	1967	int type, CYASSL* ssl, int userChain,
wolfSSL	0:1239e9b70ca2	1968	CYASSL_CRL* crl);
wolfSSL	0:1239e9b70ca2	1969	#endif
wolfSSL	0:1239e9b70ca2	1970
wolfSSL	0:1239e9b70ca2	1971
wolfSSL	0:1239e9b70ca2	1972	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	1973	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1974	void InitHandShakeInfo(HandShakeInfo*);
wolfSSL	0:1239e9b70ca2	1975	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1976	void FinishHandShakeInfo(HandShakeInfo, const CYASSL);
wolfSSL	0:1239e9b70ca2	1977	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1978	void AddPacketName(const char, HandShakeInfo);
wolfSSL	0:1239e9b70ca2	1979
wolfSSL	0:1239e9b70ca2	1980	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1981	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	0:1239e9b70ca2	1982	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1983	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	0:1239e9b70ca2	1984	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1985	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
wolfSSL	0:1239e9b70ca2	1986	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1987	void AddLateName(const char, TimeoutInfo);
wolfSSL	0:1239e9b70ca2	1988	CYASSL_LOCAL
wolfSSL	0:1239e9b70ca2	1989	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	0:1239e9b70ca2	1990	#endif
wolfSSL	0:1239e9b70ca2	1991
wolfSSL	0:1239e9b70ca2	1992
wolfSSL	0:1239e9b70ca2	1993	/* Record Layer Header identifier from page 12 */
wolfSSL	0:1239e9b70ca2	1994	enum ContentType {
wolfSSL	0:1239e9b70ca2	1995	no_type = 0,
wolfSSL	0:1239e9b70ca2	1996	change_cipher_spec = 20,
wolfSSL	0:1239e9b70ca2	1997	alert = 21,
wolfSSL	0:1239e9b70ca2	1998	handshake = 22,
wolfSSL	0:1239e9b70ca2	1999	application_data = 23
wolfSSL	0:1239e9b70ca2	2000	};
wolfSSL	0:1239e9b70ca2	2001
wolfSSL	0:1239e9b70ca2	2002
wolfSSL	0:1239e9b70ca2	2003	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	0:1239e9b70ca2	2004	typedef struct HandShakeHeader {
wolfSSL	0:1239e9b70ca2	2005	byte type;
wolfSSL	0:1239e9b70ca2	2006	word24 length;
wolfSSL	0:1239e9b70ca2	2007	} HandShakeHeader;
wolfSSL	0:1239e9b70ca2	2008
wolfSSL	0:1239e9b70ca2	2009
wolfSSL	0:1239e9b70ca2	2010	/* DTLS handshake header, same for each message type */
wolfSSL	0:1239e9b70ca2	2011	typedef struct DtlsHandShakeHeader {
wolfSSL	0:1239e9b70ca2	2012	byte type;
wolfSSL	0:1239e9b70ca2	2013	word24 length;
wolfSSL	0:1239e9b70ca2	2014	byte message_seq[2]; /* start at 0, restransmit gets same # */
wolfSSL	0:1239e9b70ca2	2015	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	0:1239e9b70ca2	2016	word24 fragment_length; /* length of this fragment */
wolfSSL	0:1239e9b70ca2	2017	} DtlsHandShakeHeader;
wolfSSL	0:1239e9b70ca2	2018
wolfSSL	0:1239e9b70ca2	2019
wolfSSL	0:1239e9b70ca2	2020	enum HandShakeType {
wolfSSL	0:1239e9b70ca2	2021	no_shake = -1,
wolfSSL	0:1239e9b70ca2	2022	hello_request = 0,
wolfSSL	0:1239e9b70ca2	2023	client_hello = 1,
wolfSSL	0:1239e9b70ca2	2024	server_hello = 2,
wolfSSL	0:1239e9b70ca2	2025	hello_verify_request = 3, /* DTLS addition */
wolfSSL	0:1239e9b70ca2	2026	session_ticket = 4,
wolfSSL	0:1239e9b70ca2	2027	certificate = 11,
wolfSSL	0:1239e9b70ca2	2028	server_key_exchange = 12,
wolfSSL	0:1239e9b70ca2	2029	certificate_request = 13,
wolfSSL	0:1239e9b70ca2	2030	server_hello_done = 14,
wolfSSL	0:1239e9b70ca2	2031	certificate_verify = 15,
wolfSSL	0:1239e9b70ca2	2032	client_key_exchange = 16,
wolfSSL	0:1239e9b70ca2	2033	finished = 20
wolfSSL	0:1239e9b70ca2	2034	};
wolfSSL	0:1239e9b70ca2	2035
wolfSSL	0:1239e9b70ca2	2036
wolfSSL	0:1239e9b70ca2	2037	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	0:1239e9b70ca2	2038	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	0:1239e9b70ca2	2039
wolfSSL	0:1239e9b70ca2	2040	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	0:1239e9b70ca2	2041	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	0:1239e9b70ca2	2042
wolfSSL	0:1239e9b70ca2	2043
wolfSSL	0:1239e9b70ca2	2044	/* internal functions */
wolfSSL	0:1239e9b70ca2	2045	CYASSL_LOCAL int SendChangeCipher(CYASSL*);
wolfSSL	0:1239e9b70ca2	2046	CYASSL_LOCAL int SendData(CYASSL, const void, int);
wolfSSL	0:1239e9b70ca2	2047	CYASSL_LOCAL int SendCertificate(CYASSL*);
wolfSSL	0:1239e9b70ca2	2048	CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
wolfSSL	0:1239e9b70ca2	2049	CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
wolfSSL	0:1239e9b70ca2	2050	CYASSL_LOCAL int SendBuffered(CYASSL*);
wolfSSL	0:1239e9b70ca2	2051	CYASSL_LOCAL int ReceiveData(CYASSL, byte, int, int);
wolfSSL	0:1239e9b70ca2	2052	CYASSL_LOCAL int SendFinished(CYASSL*);
wolfSSL	0:1239e9b70ca2	2053	CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
wolfSSL	0:1239e9b70ca2	2054	CYASSL_LOCAL int ProcessReply(CYASSL*);
wolfSSL	0:1239e9b70ca2	2055
wolfSSL	0:1239e9b70ca2	2056	CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
wolfSSL	0:1239e9b70ca2	2057	CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
wolfSSL	0:1239e9b70ca2	2058
wolfSSL	0:1239e9b70ca2	2059	CYASSL_LOCAL int AddSession(CYASSL*);
wolfSSL	0:1239e9b70ca2	2060	CYASSL_LOCAL int DeriveKeys(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	2061	CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
wolfSSL	0:1239e9b70ca2	2062
wolfSSL	0:1239e9b70ca2	2063	CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	2064	CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	2065
wolfSSL	0:1239e9b70ca2	2066	CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	2067	CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
wolfSSL	0:1239e9b70ca2	2068	CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	2069
wolfSSL	0:1239e9b70ca2	2070	CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl);
wolfSSL	0:1239e9b70ca2	2071	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	2072	CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	0:1239e9b70ca2	2073	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	2074	CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	0:1239e9b70ca2	2075	#endif
wolfSSL	0:1239e9b70ca2	2076	#endif
wolfSSL	0:1239e9b70ca2	2077	CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
wolfSSL	0:1239e9b70ca2	2078	const byte* sender);
wolfSSL	0:1239e9b70ca2	2079	CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
wolfSSL	0:1239e9b70ca2	2080	CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);
wolfSSL	0:1239e9b70ca2	2081	CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
wolfSSL	0:1239e9b70ca2	2082
wolfSSL	0:1239e9b70ca2	2083	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	2084	CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
wolfSSL	0:1239e9b70ca2	2085	CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
wolfSSL	0:1239e9b70ca2	2086	word32 sz, int content, int verify);
wolfSSL	0:1239e9b70ca2	2087	#endif
wolfSSL	0:1239e9b70ca2	2088
wolfSSL	0:1239e9b70ca2	2089	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	2090	CYASSL_LOCAL int SendClientHello(CYASSL*);
wolfSSL	0:1239e9b70ca2	2091	CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
wolfSSL	0:1239e9b70ca2	2092	CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
wolfSSL	0:1239e9b70ca2	2093	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	2094
wolfSSL	0:1239e9b70ca2	2095	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	2096	CYASSL_LOCAL int SendServerHello(CYASSL*);
wolfSSL	0:1239e9b70ca2	2097	CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
wolfSSL	0:1239e9b70ca2	2098	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2099	CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
wolfSSL	0:1239e9b70ca2	2100	#endif
wolfSSL	0:1239e9b70ca2	2101	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	2102
wolfSSL	0:1239e9b70ca2	2103	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2104	CYASSL_LOCAL int DtlsPoolInit(CYASSL*);
wolfSSL	0:1239e9b70ca2	2105	CYASSL_LOCAL int DtlsPoolSave(CYASSL, const byte, int);
wolfSSL	0:1239e9b70ca2	2106	CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*);
wolfSSL	0:1239e9b70ca2	2107	CYASSL_LOCAL int DtlsPoolSend(CYASSL*);
wolfSSL	0:1239e9b70ca2	2108	CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
wolfSSL	0:1239e9b70ca2	2109
wolfSSL	0:1239e9b70ca2	2110	CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	0:1239e9b70ca2	2111	CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	0:1239e9b70ca2	2112	CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	0:1239e9b70ca2	2113	CYASSL_LOCAL void DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	0:1239e9b70ca2	2114	word32, word32);
wolfSSL	0:1239e9b70ca2	2115	CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	0:1239e9b70ca2	2116	CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg, word32, const byte, word32,
wolfSSL	0:1239e9b70ca2	2117	byte, word32, word32, void*);
wolfSSL	0:1239e9b70ca2	2118	CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	0:1239e9b70ca2	2119	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	2120
wolfSSL	0:1239e9b70ca2	2121	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	2122
wolfSSL	0:1239e9b70ca2	2123
wolfSSL	0:1239e9b70ca2	2124	#endif /* NO_TLS */
wolfSSL	0:1239e9b70ca2	2125
wolfSSL	0:1239e9b70ca2	2126
wolfSSL	0:1239e9b70ca2	2127	CYASSL_LOCAL word32 LowResTimer(void);
wolfSSL	0:1239e9b70ca2	2128
wolfSSL	0:1239e9b70ca2	2129	CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int);
wolfSSL	0:1239e9b70ca2	2130	CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name);
wolfSSL	0:1239e9b70ca2	2131	CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
wolfSSL	0:1239e9b70ca2	2132	CYASSL_LOCAL void FreeX509(CYASSL_X509*);
wolfSSL	0:1239e9b70ca2	2133	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	2134	CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509, DecodedCert);
wolfSSL	0:1239e9b70ca2	2135	#endif
wolfSSL	0:1239e9b70ca2	2136
wolfSSL	0:1239e9b70ca2	2137
wolfSSL	0:1239e9b70ca2	2138	#ifdef __cplusplus
wolfSSL	0:1239e9b70ca2	2139	} /* extern "C" */
wolfSSL	0:1239e9b70ca2	2140	#endif
wolfSSL	0:1239e9b70ca2	2141
wolfSSL	0:1239e9b70ca2	2142	#endif /* CyaSSL_INT_H */
wolfSSL	0:1239e9b70ca2	2143
wolfSSL	0:1239e9b70ca2	2144

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	14 Jan 2015
Imports:	1
Forks:	0
Commits:	5
Dependents:	0
Dependencies:	0
Followers:	2

cyassl/internal.h@4:e505054279ed, 2015-01-14 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning