wolf SSL
/
CyaSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: HTTPClient-SSL HTTPClient HTTPClient-SSL http_access ... more
Embed:
(wiki syntax)
Show/hide line numbers
internal.h
00001 /* internal.h 00002 * 00003 * Copyright (C) 2006-2014 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA 00020 */ 00021 00022 00023 #ifndef CYASSL_INT_H 00024 #define CYASSL_INT_H 00025 00026 00027 #include <cyassl/ctaocrypt/types.h> 00028 #include <cyassl/ssl.h> 00029 #include <cyassl/crl.h> 00030 #include <cyassl/ctaocrypt/random.h> 00031 #include <cyassl/ctaocrypt/des3.h> 00032 #include <cyassl/ctaocrypt/hc128.h> 00033 #include <cyassl/ctaocrypt/rabbit.h> 00034 #include <cyassl/ctaocrypt/asn.h> 00035 #include <cyassl/ctaocrypt/md5.h> 00036 #include <cyassl/ctaocrypt/sha.h> 00037 #include <cyassl/ctaocrypt/aes.h> 00038 #include <cyassl/ctaocrypt/camellia.h> 00039 #include <cyassl/ctaocrypt/logging.h> 00040 #include <cyassl/ctaocrypt/hmac.h> 00041 #ifndef NO_RC4 00042 #include <cyassl/ctaocrypt/arc4.h> 00043 #endif 00044 #ifdef HAVE_ECC 00045 #include <cyassl/ctaocrypt/ecc.h> 00046 #endif 00047 #ifndef NO_SHA256 00048 #include <cyassl/ctaocrypt/sha256.h> 00049 #endif 00050 #ifdef HAVE_OCSP 00051 #include <cyassl/ocsp.h> 00052 #endif 00053 #ifdef CYASSL_SHA512 00054 #include <cyassl/ctaocrypt/sha512.h> 00055 #endif 00056 00057 #ifdef HAVE_AESGCM 00058 #include <cyassl/ctaocrypt/sha512.h> 00059 #endif 00060 00061 #ifdef CYASSL_RIPEMD 00062 #include <cyassl/ctaocrypt/ripemd.h> 00063 #endif 00064 00065 #ifdef CYASSL_CALLBACKS 00066 #include <cyassl/callbacks.h> 00067 #include <signal.h> 00068 #endif 00069 00070 #ifdef USE_WINDOWS_API 00071 #ifdef CYASSL_GAME_BUILD 00072 #include "system/xtl.h" 00073 #else 00074 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) 00075 /* On WinCE winsock2.h must be included before windows.h */ 00076 #include <winsock2.h> 00077 #endif 00078 #include <windows.h> 00079 #endif 00080 #elif defined(THREADX) 00081 #ifndef SINGLE_THREADED 00082 #include "tx_api.h" 00083 #endif 00084 #elif defined(MICRIUM) 00085 /* do nothing, just don't pick Unix */ 00086 #elif defined(FREERTOS) || defined(CYASSL_SAFERTOS) 00087 /* do nothing */ 00088 #elif defined(EBSNET) 00089 /* do nothing */ 00090 #elif defined(FREESCALE_MQX) 00091 /* do nothing */ 00092 #elif defined(CYASSL_MDK_ARM) 00093 #if defined(CYASSL_MDK5) 00094 #include "cmsis_os.h" 00095 #else 00096 #include <rtl.h> 00097 #endif 00098 #elif defined(MBED) 00099 00100 #else 00101 #ifndef SINGLE_THREADED 00102 #define CYASSL_PTHREADS 00103 #include <pthread.h> 00104 #endif 00105 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) 00106 #include <unistd.h> /* for close of BIO */ 00107 #endif 00108 #endif 00109 00110 00111 #ifdef HAVE_LIBZ 00112 #include "zlib.h" 00113 #endif 00114 00115 #ifdef _MSC_VER 00116 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 00117 #pragma warning(disable: 4996) 00118 #endif 00119 00120 #ifdef NO_AES 00121 #if !defined (ALIGN16) 00122 #define ALIGN16 00123 #endif 00124 #endif 00125 00126 #ifdef NO_SHA 00127 #define SHA_DIGEST_SIZE 20 00128 #endif 00129 00130 #ifdef NO_SHA256 00131 #define SHA256_DIGEST_SIZE 32 00132 #endif 00133 00134 00135 #ifdef __cplusplus 00136 extern "C" { 00137 #endif 00138 00139 00140 #ifdef USE_WINDOWS_API 00141 typedef unsigned int SOCKET_T; 00142 #else 00143 typedef int SOCKET_T; 00144 #endif 00145 00146 00147 typedef byte word24[3]; 00148 00149 /* used by ssl.c and cyassl_int.c */ 00150 void c32to24(word32 in, word24 out); 00151 00152 /* Define or comment out the cipher suites you'd like to be compiled in 00153 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined 00154 00155 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx 00156 */ 00157 #if !defined(NO_RSA) && !defined(NO_RC4) 00158 #if !defined(NO_SHA) 00159 #define BUILD_SSL_RSA_WITH_RC4_128_SHA 00160 #endif 00161 #if !defined(NO_MD5) 00162 #define BUILD_SSL_RSA_WITH_RC4_128_MD5 00163 #endif 00164 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) 00165 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 00166 #endif 00167 #endif 00168 00169 #if !defined(NO_RSA) && !defined(NO_DES3) 00170 #if !defined(NO_SHA) 00171 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 00172 #if !defined(NO_TLS) && defined(HAVE_NTRU) 00173 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 00174 #endif 00175 #endif 00176 #endif 00177 00178 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) 00179 #if !defined(NO_SHA) 00180 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 00181 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 00182 #if defined(HAVE_NTRU) 00183 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 00184 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 00185 #endif 00186 #endif 00187 #if !defined (NO_SHA256) 00188 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 00189 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 00190 #endif 00191 #if defined (HAVE_AESGCM) 00192 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 00193 #if defined (CYASSL_SHA384) 00194 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 00195 #endif 00196 #endif 00197 #if defined (HAVE_AESCCM) 00198 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 00199 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 00200 #endif 00201 #if defined(HAVE_BLAKE2) 00202 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 00203 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 00204 #endif 00205 #endif 00206 00207 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) 00208 #ifndef NO_RSA 00209 #if !defined(NO_SHA) 00210 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00211 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00212 #endif 00213 #ifndef NO_SHA256 00214 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00215 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00216 #endif 00217 #if !defined(NO_DH) && defined(OPENSSL_EXTRA) 00218 #if !defined(NO_SHA) 00219 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00220 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00221 #endif 00222 #ifndef NO_SHA256 00223 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00224 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00225 #endif 00226 #endif 00227 #endif 00228 #endif 00229 00230 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) 00231 #if !defined(NO_SHA) 00232 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 00233 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 00234 #endif 00235 #ifndef NO_SHA256 00236 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 00237 #ifdef HAVE_AESCCM 00238 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 00239 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 00240 #endif 00241 #endif 00242 #endif 00243 00244 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) 00245 #if !defined(NO_RSA) 00246 #if !defined(NO_SHA) 00247 #define BUILD_TLS_RSA_WITH_NULL_SHA 00248 #endif 00249 #ifndef NO_SHA256 00250 #define BUILD_TLS_RSA_WITH_NULL_SHA256 00251 #endif 00252 #endif 00253 #if !defined(NO_PSK) 00254 #if !defined(NO_SHA) 00255 #define BUILD_TLS_PSK_WITH_NULL_SHA 00256 #endif 00257 #ifndef NO_SHA256 00258 #define BUILD_TLS_PSK_WITH_NULL_SHA256 00259 #endif 00260 #endif 00261 #endif 00262 00263 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) 00264 #define BUILD_TLS_RSA_WITH_HC_128_MD5 00265 #if !defined(NO_SHA) 00266 #define BUILD_TLS_RSA_WITH_HC_128_SHA 00267 #endif 00268 #if defined(HAVE_BLAKE2) 00269 #define BUILD_TLS_RSA_WITH_HC_128_B2B256 00270 #endif 00271 #endif 00272 00273 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) 00274 #if !defined(NO_SHA) 00275 #define BUILD_TLS_RSA_WITH_RABBIT_SHA 00276 #endif 00277 #endif 00278 00279 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00280 !defined(NO_RSA) && defined(OPENSSL_EXTRA) 00281 #if !defined(NO_SHA) 00282 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00283 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00284 #endif 00285 #if !defined (NO_SHA256) 00286 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00287 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00288 #if defined (HAVE_AESGCM) 00289 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00290 #if defined (CYASSL_SHA384) 00291 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00292 #endif 00293 #endif 00294 #endif 00295 #endif 00296 00297 #if defined(HAVE_ECC) && !defined(NO_TLS) 00298 #if !defined(NO_AES) 00299 #if !defined(NO_SHA) 00300 #if !defined(NO_RSA) 00301 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00302 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00303 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00304 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00305 #endif 00306 00307 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00308 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00309 00310 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00311 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00312 #endif /* NO_SHA */ 00313 #ifndef NO_SHA256 00314 #if !defined(NO_RSA) 00315 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00316 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00317 #endif 00318 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00319 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00320 #endif 00321 00322 #ifdef CYASSL_SHA384 00323 #if !defined(NO_RSA) 00324 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00325 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00326 #endif 00327 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00328 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00329 #endif 00330 00331 #if defined (HAVE_AESGCM) 00332 #if !defined(NO_RSA) 00333 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00334 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00335 #if defined(CYASSL_SHA384) 00336 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00337 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00338 #endif 00339 #endif 00340 00341 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00342 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00343 00344 #if defined(CYASSL_SHA384) 00345 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00346 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00347 #endif 00348 #endif 00349 #if defined (HAVE_AESCCM) 00350 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00351 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00352 #endif 00353 #endif /* NO_AES */ 00354 #if !defined(NO_RC4) 00355 #if !defined(NO_SHA) 00356 #if !defined(NO_RSA) 00357 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00358 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00359 #endif 00360 00361 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00362 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00363 #endif 00364 #endif 00365 #if !defined(NO_DES3) 00366 #if !defined(NO_RSA) 00367 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00368 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00369 #endif 00370 00371 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00372 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00373 #endif 00374 #endif 00375 00376 00377 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ 00378 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) 00379 #define BUILD_ARC4 00380 #endif 00381 00382 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) 00383 #define BUILD_DES3 00384 #endif 00385 00386 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ 00387 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ 00388 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) 00389 #undef BUILD_AES 00390 #define BUILD_AES 00391 #endif 00392 00393 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ 00394 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) 00395 #define BUILD_AESGCM 00396 #endif 00397 00398 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ 00399 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ 00400 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) 00401 #define BUILD_HC128 00402 #endif 00403 00404 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) 00405 #define BUILD_RABBIT 00406 #endif 00407 00408 #ifdef NO_DES3 00409 #define DES_BLOCK_SIZE 8 00410 #else 00411 #undef BUILD_DES3 00412 #define BUILD_DES3 00413 #endif 00414 00415 #ifdef NO_AES 00416 #define AES_BLOCK_SIZE 16 00417 #else 00418 #undef BUILD_AES 00419 #define BUILD_AES 00420 #endif 00421 00422 #ifndef NO_RC4 00423 #undef BUILD_ARC4 00424 #define BUILD_ARC4 00425 #endif 00426 00427 00428 00429 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) 00430 #define HAVE_AEAD 00431 #endif 00432 00433 00434 /* actual cipher values, 2nd byte */ 00435 enum { 00436 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, 00437 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, 00438 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, 00439 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, 00440 TLS_RSA_WITH_NULL_SHA = 0x02, 00441 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, 00442 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, 00443 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, 00444 TLS_PSK_WITH_NULL_SHA256 = 0xb0, 00445 TLS_PSK_WITH_NULL_SHA = 0x2c, 00446 SSL_RSA_WITH_RC4_128_SHA = 0x05, 00447 SSL_RSA_WITH_RC4_128_MD5 = 0x04, 00448 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, 00449 00450 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ 00451 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, 00452 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, 00453 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, 00454 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, 00455 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, 00456 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, 00457 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, 00458 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, 00459 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, 00460 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, 00461 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, 00462 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, 00463 00464 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ 00465 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, 00466 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, 00467 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, 00468 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, 00469 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, 00470 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, 00471 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, 00472 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, 00473 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, 00474 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, 00475 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, 00476 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, 00477 00478 /* CyaSSL extension - eSTREAM */ 00479 TLS_RSA_WITH_HC_128_MD5 = 0xFB, 00480 TLS_RSA_WITH_HC_128_SHA = 0xFC, 00481 TLS_RSA_WITH_RABBIT_SHA = 0xFD, 00482 00483 /* CyaSSL extension - Blake2b 256 */ 00484 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, 00485 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, 00486 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ 00487 00488 /* CyaSSL extension - NTRU */ 00489 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, 00490 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, 00491 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */ 00492 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, 00493 00494 /* SHA256 */ 00495 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, 00496 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, 00497 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, 00498 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, 00499 TLS_RSA_WITH_NULL_SHA256 = 0x3b, 00500 00501 /* AES-GCM */ 00502 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, 00503 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, 00504 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, 00505 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, 00506 00507 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ 00508 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, 00509 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, 00510 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, 00511 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, 00512 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, 00513 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, 00514 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, 00515 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, 00516 00517 /* AES-CCM, first byte is 0xC0 but isn't ECC, 00518 * also, in some of the other AES-CCM suites 00519 * there will be second byte number conflicts 00520 * with non-ECC AES-GCM */ 00521 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, 00522 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, 00523 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, 00524 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, 00525 TLS_PSK_WITH_AES_128_CCM = 0xa4, 00526 TLS_PSK_WITH_AES_256_CCM = 0xa5, 00527 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, 00528 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, 00529 00530 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, 00531 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, 00532 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, 00533 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, 00534 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, 00535 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, 00536 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, 00537 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, 00538 00539 /* Renegotiation Indication Extension Special Suite */ 00540 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff 00541 }; 00542 00543 00544 enum Misc { 00545 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ 00546 00547 SEND_CERT = 1, 00548 SEND_BLANK_CERT = 2, 00549 00550 DTLS_MAJOR = 0xfe, /* DTLS major version number */ 00551 DTLS_MINOR = 0xff, /* DTLS minor version number */ 00552 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ 00553 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ 00554 SSLv3_MINOR = 0, /* TLSv1 minor version number */ 00555 TLSv1_MINOR = 1, /* TLSv1 minor version number */ 00556 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ 00557 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ 00558 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ 00559 NO_COMPRESSION = 0, 00560 ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */ 00561 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ 00562 SECRET_LEN = 48, /* pre RSA and all master */ 00563 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ 00564 SIZEOF_SENDER = 4, /* clnt or srvr */ 00565 FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */ 00566 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ 00567 MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE, 00568 /* max added to msg, mac + pad from */ 00569 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max 00570 digest sz + BLOC_SZ (iv) + pad byte (1) */ 00571 MAX_COMP_EXTRA = 1024, /* max compression extra */ 00572 MAX_MTU = 1500, /* max expected MTU */ 00573 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ 00574 MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */ 00575 MAX_STR_VERSION = 8, /* string rep of protocol version */ 00576 00577 PAD_MD5 = 48, /* pad length for finished */ 00578 PAD_SHA = 40, /* pad length for finished */ 00579 MAX_PAD_SIZE = 256, /* maximum length of padding */ 00580 COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ 00581 COMPRESS_CONSTANT = 13, /* compression calc constant */ 00582 COMPRESS_UPPER = 55, /* compression calc numerator */ 00583 COMPRESS_LOWER = 64, /* compression calc denominator */ 00584 00585 PEM_LINE_LEN = 80, /* PEM line max + fudge */ 00586 LENGTH_SZ = 2, /* length field for HMAC, data only */ 00587 VERSION_SZ = 2, /* length of proctocol version */ 00588 SEQ_SZ = 8, /* 64 bit sequence number */ 00589 BYTE3_LEN = 3, /* up to 24 bit byte lengths */ 00590 ALERT_SIZE = 2, /* level + description */ 00591 VERIFY_HEADER = 2, /* always use 2 bytes */ 00592 EXT_ID_SZ = 2, /* always use 2 bytes */ 00593 MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ 00594 00595 MAX_SUITE_SZ = 200, /* 100 suites for now! */ 00596 RAN_LEN = 32, /* random length */ 00597 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ 00598 ID_LEN = 32, /* session id length */ 00599 MAX_COOKIE_LEN = 32, /* max dtls cookie size */ 00600 COOKIE_SZ = 20, /* use a 20 byte cookie */ 00601 SUITE_LEN = 2, /* cipher suite sz length */ 00602 ENUM_LEN = 1, /* always a byte */ 00603 OPAQUE8_LEN = 1, /* 1 byte */ 00604 OPAQUE16_LEN = 2, /* 2 bytes */ 00605 OPAQUE24_LEN = 3, /* 3 bytes */ 00606 COMP_LEN = 1, /* compression length */ 00607 CURVE_LEN = 2, /* ecc named curve length */ 00608 SERVER_ID_LEN = 20, /* server session id length */ 00609 00610 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ 00611 RECORD_HEADER_SZ = 5, /* type + version + len(2) */ 00612 CERT_HEADER_SZ = 3, /* always 3 bytes */ 00613 REQ_HEADER_SZ = 2, /* cert request header sz */ 00614 HINT_LEN_SZ = 2, /* length of hint size field */ 00615 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ 00616 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ 00617 HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ 00618 HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ 00619 HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ 00620 HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ 00621 00622 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ 00623 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ 00624 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ 00625 DTLS_RECORD_EXTRA = 8, /* diff from normal */ 00626 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ 00627 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ 00628 DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */ 00629 00630 FINISHED_LABEL_SZ = 15, /* TLS finished label size */ 00631 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ 00632 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ 00633 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ 00634 MAX_PRF_HALF = 128, /* Maximum half secret len */ 00635 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ 00636 MAX_PRF_DIG = 224, /* Maximum digest len */ 00637 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ 00638 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 00639 00640 RC4_KEY_SIZE = 16, /* always 128bit */ 00641 DES_KEY_SIZE = 8, /* des */ 00642 DES3_KEY_SIZE = 24, /* 3 des ede */ 00643 DES_IV_SIZE = DES_BLOCK_SIZE, 00644 AES_256_KEY_SIZE = 32, /* for 256 bit */ 00645 AES_192_KEY_SIZE = 24, /* for 192 bit */ 00646 AES_IV_SIZE = 16, /* always block size */ 00647 AES_128_KEY_SIZE = 16, /* for 128 bit */ 00648 00649 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ 00650 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ 00651 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ 00652 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ 00653 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ 00654 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ 00655 AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */ 00656 AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */ 00657 AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ, 00658 00659 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ 00660 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ 00661 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ 00662 00663 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ 00664 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ 00665 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ 00666 CAMELLIA_IV_SIZE = 16, /* always block size */ 00667 00668 HC_128_KEY_SIZE = 16, /* 128 bits */ 00669 HC_128_IV_SIZE = 16, /* also 128 bits */ 00670 00671 RABBIT_KEY_SIZE = 16, /* 128 bits */ 00672 RABBIT_IV_SIZE = 8, /* 64 bits for iv */ 00673 00674 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ 00675 00676 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ 00677 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ 00678 00679 MAX_HELLO_SZ = 128, /* max client or server hello */ 00680 MAX_CERT_VERIFY_SZ = 1024, /* max */ 00681 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ 00682 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ 00683 DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */ 00684 00685 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ 00686 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ 00687 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ 00688 00689 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ 00690 MAX_PSK_KEY_LEN = 64, /* max psk key supported */ 00691 00692 MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ 00693 00694 #ifdef FORTRESS 00695 MAX_EX_DATA = 3, /* allow for three items of ex_data */ 00696 #endif 00697 00698 MAX_X509_SIZE = 2048, /* max static x509 buffer size */ 00699 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ 00700 MAX_FILENAME_SZ = 256, /* max file name length */ 00701 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, 00702 will use dynamic buffer if not big enough */ 00703 00704 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ 00705 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ 00706 MAX_NTRU_BITS = 256, /* max symmetric bit strength */ 00707 NO_SNIFF = 0, /* not sniffing */ 00708 SNIFF = 1, /* currently sniffing */ 00709 00710 HASH_SIG_SIZE = 2, /* default SHA1 RSA */ 00711 00712 NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */ 00713 00714 NO_COPY = 0, /* should we copy static buffer for write */ 00715 COPY = 1 /* should we copy static buffer for write */ 00716 }; 00717 00718 00719 #ifdef SESSION_INDEX 00720 /* Shift values for making a session index */ 00721 #define SESSIDX_ROW_SHIFT 4 00722 #define SESSIDX_IDX_MASK 0x0F 00723 #endif 00724 00725 00726 /* max cert chain peer depth */ 00727 #ifndef MAX_CHAIN_DEPTH 00728 #define MAX_CHAIN_DEPTH 9 00729 #endif 00730 00731 00732 /* don't use extra 3/4k stack space unless need to */ 00733 #ifdef HAVE_NTRU 00734 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ 00735 #else 00736 #define MAX_ENCRYPT_SZ ENCRYPT_LEN 00737 #endif 00738 00739 00740 /* states */ 00741 enum states { 00742 NULL_STATE = 0, 00743 00744 SERVER_HELLOVERIFYREQUEST_COMPLETE, 00745 SERVER_HELLO_COMPLETE, 00746 SERVER_CERT_COMPLETE, 00747 SERVER_KEYEXCHANGE_COMPLETE, 00748 SERVER_HELLODONE_COMPLETE, 00749 SERVER_FINISHED_COMPLETE, 00750 00751 CLIENT_HELLO_COMPLETE, 00752 CLIENT_KEYEXCHANGE_COMPLETE, 00753 CLIENT_FINISHED_COMPLETE, 00754 00755 HANDSHAKE_DONE 00756 }; 00757 00758 00759 #if defined(__GNUC__) 00760 #define CYASSL_PACK __attribute__ ((packed)) 00761 #else 00762 #define CYASSL_PACK 00763 #endif 00764 00765 /* SSL Version */ 00766 typedef struct ProtocolVersion { 00767 byte major; 00768 byte minor; 00769 } CYASSL_PACK ProtocolVersion; 00770 00771 00772 CYASSL_LOCAL ProtocolVersion MakeSSLv3(void); 00773 CYASSL_LOCAL ProtocolVersion MakeTLSv1(void); 00774 CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void); 00775 CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void); 00776 00777 #ifdef CYASSL_DTLS 00778 CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void); 00779 CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); 00780 #endif 00781 00782 00783 enum BIO_TYPE { 00784 BIO_BUFFER = 1, 00785 BIO_SOCKET = 2, 00786 BIO_SSL = 3, 00787 BIO_MEMORY = 4 00788 }; 00789 00790 00791 /* CyaSSL BIO_METHOD type */ 00792 struct CYASSL_BIO_METHOD { 00793 byte type; /* method type */ 00794 }; 00795 00796 00797 /* CyaSSL BIO type */ 00798 struct CYASSL_BIO { 00799 byte type; /* method type */ 00800 byte close; /* close flag */ 00801 byte eof; /* eof flag */ 00802 CYASSL* ssl; /* possible associated ssl */ 00803 byte* mem; /* memory buffer */ 00804 int memLen; /* memory buffer length */ 00805 int fd; /* possible file descriptor */ 00806 CYASSL_BIO* prev; /* previous in chain */ 00807 CYASSL_BIO* next; /* next in chain */ 00808 }; 00809 00810 00811 /* CyaSSL method type */ 00812 struct CYASSL_METHOD { 00813 ProtocolVersion version; 00814 byte side; /* connection side, server or client */ 00815 byte downgrade; /* whether to downgrade version, default no */ 00816 }; 00817 00818 00819 /* defautls to client */ 00820 CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion); 00821 00822 /* for sniffer */ 00823 CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, 00824 word32 size, word32 totalSz, int sniff); 00825 CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx); 00826 00827 00828 /* CyaSSL buffer type */ 00829 typedef struct buffer { 00830 word32 length; 00831 byte* buffer; 00832 } buffer; 00833 00834 00835 enum { 00836 FORCED_FREE = 1, 00837 NO_FORCED_FREE = 0 00838 }; 00839 00840 00841 /* only use compression extra if using compression */ 00842 #ifdef HAVE_LIBZ 00843 #define COMP_EXTRA MAX_COMP_EXTRA 00844 #else 00845 #define COMP_EXTRA 0 00846 #endif 00847 00848 /* only the sniffer needs space in the buffer for extra MTU record(s) */ 00849 #ifdef CYASSL_SNIFFER 00850 #define MTU_EXTRA MAX_MTU * 3 00851 #else 00852 #define MTU_EXTRA 0 00853 #endif 00854 00855 00856 /* embedded callbacks require large static buffers, make sure on */ 00857 #ifdef CYASSL_CALLBACKS 00858 #undef LARGE_STATIC_BUFFERS 00859 #define LARGE_STATIC_BUFFERS 00860 #endif 00861 00862 00863 /* give user option to use 16K static buffers */ 00864 #if defined(LARGE_STATIC_BUFFERS) 00865 #define RECORD_SIZE MAX_RECORD_SIZE 00866 #else 00867 #ifdef CYASSL_DTLS 00868 #define RECORD_SIZE MAX_MTU 00869 #else 00870 #define RECORD_SIZE 128 00871 #endif 00872 #endif 00873 00874 00875 /* user option to turn off 16K output option */ 00876 /* if using small static buffers (default) and SSL_write tries to write data 00877 larger than the record we have, dynamically get it, unless user says only 00878 write in static buffer chuncks */ 00879 #ifndef STATIC_CHUNKS_ONLY 00880 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE 00881 #else 00882 #define OUTPUT_RECORD_SIZE RECORD_SIZE 00883 #endif 00884 00885 /* CyaSSL input buffer 00886 00887 RFC 2246: 00888 00889 length 00890 The length (in bytes) of the following TLSPlaintext.fragment. 00891 The length should not exceed 2^14. 00892 */ 00893 #if defined(LARGE_STATIC_BUFFERS) 00894 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ 00895 MTU_EXTRA + MAX_MSG_EXTRA 00896 #else 00897 /* don't fragment memory from the record header */ 00898 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ 00899 #endif 00900 00901 typedef struct { 00902 word32 length; /* total buffer length used */ 00903 word32 idx; /* idx to part of length already consumed */ 00904 byte* buffer; /* place holder for static or dynamic buffer */ 00905 word32 bufferSize; /* current buffer size */ 00906 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 00907 byte dynamicFlag; /* dynamic memory currently in use */ 00908 byte offset; /* alignment offset attempt */ 00909 } bufferStatic; 00910 00911 /* Cipher Suites holder */ 00912 typedef struct Suites { 00913 int setSuites; /* user set suites from default */ 00914 byte suites[MAX_SUITE_SZ]; 00915 word16 suiteSz; /* suite length in bytes */ 00916 byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ 00917 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ 00918 byte hashAlgo; /* selected hash algorithm */ 00919 byte sigAlgo; /* selected sig algorithm */ 00920 } Suites; 00921 00922 00923 CYASSL_LOCAL 00924 void InitSuites(Suites*, ProtocolVersion, 00925 byte, byte, byte, byte, byte, byte, int); 00926 CYASSL_LOCAL 00927 int SetCipherList(Suites*, const char* list); 00928 00929 #ifndef PSK_TYPES_DEFINED 00930 typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, 00931 unsigned int, unsigned char*, unsigned int); 00932 typedef unsigned int (*psk_server_callback)(CYASSL*, const char*, 00933 unsigned char*, unsigned int); 00934 #endif /* PSK_TYPES_DEFINED */ 00935 00936 00937 #ifndef CYASSL_USER_IO 00938 /* default IO callbacks */ 00939 CYASSL_LOCAL 00940 int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx); 00941 CYASSL_LOCAL 00942 int EmbedSend(CYASSL *ssl, char *buf, int sz, void *ctx); 00943 00944 #ifdef HAVE_OCSP 00945 CYASSL_LOCAL 00946 int EmbedOcspLookup(void*, const char*, int, byte*, int, byte**); 00947 CYASSL_LOCAL 00948 void EmbedOcspRespFree(void*, byte*); 00949 #endif 00950 00951 #ifdef CYASSL_DTLS 00952 CYASSL_LOCAL 00953 int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx); 00954 CYASSL_LOCAL 00955 int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx); 00956 CYASSL_LOCAL 00957 int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx); 00958 CYASSL_LOCAL 00959 int IsUDP(void*); 00960 #endif /* CYASSL_DTLS */ 00961 #endif /* CYASSL_USER_IO */ 00962 00963 #ifdef HAVE_NETX 00964 CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx); 00965 CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx); 00966 #endif /* HAVE_NETX */ 00967 00968 00969 /* CyaSSL Cipher type just points back to SSL */ 00970 struct CYASSL_CIPHER { 00971 CYASSL* ssl; 00972 }; 00973 00974 00975 typedef struct OCSP_Entry OCSP_Entry; 00976 00977 #ifdef SHA_DIGEST_SIZE 00978 #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE 00979 #else 00980 #define OCSP_DIGEST_SIZE 160 00981 #endif 00982 00983 #ifdef NO_ASN 00984 /* no_asn won't have */ 00985 typedef struct CertStatus CertStatus; 00986 #endif 00987 00988 struct OCSP_Entry { 00989 OCSP_Entry* next; /* next entry */ 00990 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ 00991 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ 00992 CertStatus* status; /* OCSP response list */ 00993 int totalStatus; /* number on list */ 00994 }; 00995 00996 00997 #ifndef HAVE_OCSP 00998 typedef struct CYASSL_OCSP CYASSL_OCSP; 00999 #endif 01000 01001 /* CyaSSL OCSP controller */ 01002 struct CYASSL_OCSP { 01003 CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01004 OCSP_Entry* ocspList; /* OCSP response list */ 01005 CyaSSL_Mutex ocspLock; /* OCSP list lock */ 01006 }; 01007 01008 #ifndef MAX_DATE_SIZE 01009 #define MAX_DATE_SIZE 32 01010 #endif 01011 01012 typedef struct CRL_Entry CRL_Entry; 01013 01014 #ifdef SHA_DIGEST_SIZE 01015 #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE 01016 #else 01017 #define CRL_DIGEST_SIZE 160 01018 #endif 01019 01020 #ifdef NO_ASN 01021 typedef struct RevokedCert RevokedCert; 01022 #endif 01023 01024 /* Complete CRL */ 01025 struct CRL_Entry { 01026 CRL_Entry* next; /* next entry */ 01027 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ 01028 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ 01029 /* restore the hash here if needed for optimized comparisons */ 01030 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 01031 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 01032 byte lastDateFormat; /* last date format */ 01033 byte nextDateFormat; /* next date format */ 01034 RevokedCert* certs; /* revoked cert list */ 01035 int totalCerts; /* number on list */ 01036 }; 01037 01038 01039 typedef struct CRL_Monitor CRL_Monitor; 01040 01041 /* CRL directory monitor */ 01042 struct CRL_Monitor { 01043 char* path; /* full dir path, if valid pointer we're using */ 01044 int type; /* PEM or ASN1 type */ 01045 }; 01046 01047 01048 #ifndef HAVE_CRL 01049 typedef struct CYASSL_CRL CYASSL_CRL; 01050 #endif 01051 01052 /* CyaSSL CRL controller */ 01053 struct CYASSL_CRL { 01054 CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01055 CRL_Entry* crlList; /* our CRL list */ 01056 CyaSSL_Mutex crlLock; /* CRL list lock */ 01057 CRL_Monitor monitors[2]; /* PEM and DER possible */ 01058 #ifdef HAVE_CRL_MONITOR 01059 pthread_t tid; /* monitoring thread */ 01060 #endif 01061 }; 01062 01063 01064 #ifdef NO_ASN 01065 typedef struct Signer Signer; 01066 #endif 01067 01068 01069 #ifndef CA_TABLE_SIZE 01070 #define CA_TABLE_SIZE 11 01071 #endif 01072 01073 /* CyaSSL Certificate Manager */ 01074 struct CYASSL_CERT_MANAGER { 01075 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ 01076 CyaSSL_Mutex caLock; /* CA list lock */ 01077 CallbackCACache caCacheCallback; /* CA cache addition callback */ 01078 void* heap; /* heap helper */ 01079 CYASSL_CRL* crl; /* CRL checker */ 01080 byte crlEnabled; /* is CRL on ? */ 01081 byte crlCheckAll; /* always leaf, but all ? */ 01082 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ 01083 CYASSL_OCSP* ocsp; /* OCSP checker */ 01084 byte ocspEnabled; /* is OCSP on ? */ 01085 byte ocspSendNonce; /* send the OCSP nonce ? */ 01086 byte ocspUseOverrideURL; /* ignore cert's responder, override */ 01087 char* ocspOverrideURL; /* use this responder */ 01088 void* ocspIOCtx; /* I/O callback CTX */ 01089 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 01090 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 01091 }; 01092 01093 CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER*, const char*); 01094 CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER*, const char*); 01095 CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER*, void*, int, int*); 01096 CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER*, const void*, int); 01097 CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*); 01098 01099 /* CyaSSL Sock Addr */ 01100 struct CYASSL_SOCKADDR { 01101 unsigned int sz; /* sockaddr size */ 01102 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ 01103 }; 01104 01105 typedef struct CYASSL_DTLS_CTX { 01106 CYASSL_SOCKADDR peer; 01107 int fd; 01108 } CYASSL_DTLS_CTX; 01109 01110 /* RFC 6066 TLS Extensions */ 01111 #ifdef HAVE_TLS_EXTENSIONS 01112 01113 typedef enum { 01114 SERVER_NAME_INDICATION = 0, 01115 MAX_FRAGMENT_LENGTH = 1, 01116 TRUNCATED_HMAC = 4, 01117 ELLIPTIC_CURVES = 10 01118 } TLSX_Type; 01119 01120 typedef struct TLSX { 01121 TLSX_Type type; /* Extension Type */ 01122 void* data; /* Extension Data */ 01123 byte resp; /* IsResponse Flag */ 01124 struct TLSX* next; /* List Behavior */ 01125 } TLSX; 01126 01127 CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); 01128 CYASSL_LOCAL void TLSX_FreeAll(TLSX* list); 01129 01130 #ifndef NO_CYASSL_CLIENT 01131 CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl); 01132 CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output); 01133 #endif 01134 01135 #ifndef NO_CYASSL_SERVER 01136 CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl); 01137 CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output); 01138 #endif 01139 01140 CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, 01141 byte isRequest, Suites *suites); 01142 01143 /* Server Name Indication */ 01144 #ifdef HAVE_SNI 01145 01146 typedef struct SNI { 01147 byte type; /* SNI Type */ 01148 union { char* host_name; } data; /* SNI Data */ 01149 struct SNI* next; /* List Behavior */ 01150 #ifndef NO_CYASSL_SERVER 01151 byte options; /* Behaviour options */ 01152 byte status; /* Matching result */ 01153 #endif 01154 } SNI; 01155 01156 CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, 01157 word16 size); 01158 01159 #ifndef NO_CYASSL_SERVER 01160 CYASSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, 01161 byte options); 01162 CYASSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); 01163 CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, 01164 void** data); 01165 CYASSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, 01166 byte type, byte* sni, word32* inOutSz); 01167 #endif 01168 01169 #endif /* HAVE_SNI */ 01170 01171 /* Maximum Fragment Length */ 01172 #ifdef HAVE_MAX_FRAGMENT 01173 01174 CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl); 01175 01176 #endif /* HAVE_MAX_FRAGMENT */ 01177 01178 #ifdef HAVE_TRUNCATED_HMAC 01179 01180 CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); 01181 01182 #endif /* HAVE_TRUNCATED_HMAC */ 01183 01184 #ifdef HAVE_SUPPORTED_CURVES 01185 01186 typedef struct EllipticCurve { 01187 word16 name; /* CurveNames */ 01188 struct EllipticCurve* next; /* List Behavior */ 01189 01190 } EllipticCurve; 01191 01192 CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name); 01193 01194 #ifndef NO_CYASSL_SERVER 01195 CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, 01196 byte second); 01197 #endif 01198 01199 #endif /* HAVE_SUPPORTED_CURVES */ 01200 01201 #endif /* HAVE_TLS_EXTENSIONS */ 01202 01203 /* CyaSSL context type */ 01204 struct CYASSL_CTX { 01205 CYASSL_METHOD* method; 01206 CyaSSL_Mutex countMutex; /* reference count mutex */ 01207 int refCount; /* reference count */ 01208 #ifndef NO_CERTS 01209 buffer certificate; 01210 buffer certChain; 01211 /* chain after self, in DER, with leading size for each cert */ 01212 buffer privateKey; 01213 buffer serverDH_P; 01214 buffer serverDH_G; 01215 CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ 01216 #endif 01217 Suites suites; 01218 void* heap; /* for user memory overrides */ 01219 byte verifyPeer; 01220 byte verifyNone; 01221 byte failNoCert; 01222 byte sessionCacheOff; 01223 byte sessionCacheFlushOff; 01224 byte sendVerify; /* for client side */ 01225 byte haveRSA; /* RSA available */ 01226 byte haveDH; /* server DH parms set by user */ 01227 byte haveNTRU; /* server private NTRU key loaded */ 01228 byte haveECDSAsig; /* server cert signed w/ ECDSA */ 01229 byte haveStaticECC; /* static server ECC private key */ 01230 byte partialWrite; /* only one msg per write call */ 01231 byte quietShutdown; /* don't send close notify */ 01232 byte groupMessages; /* group handshake messages before sending */ 01233 CallbackIORecv CBIORecv; 01234 CallbackIOSend CBIOSend; 01235 #ifdef CYASSL_DTLS 01236 CallbackGenCookie CBIOCookie; /* gen cookie callback */ 01237 #endif 01238 VerifyCallback verifyCallback; /* cert verification callback */ 01239 word32 timeout; /* session timeout */ 01240 #ifdef HAVE_ECC 01241 word16 eccTempKeySz; /* in octets 20 - 66 */ 01242 word32 pkCurveOID; /* curve Ecc_Sum */ 01243 #endif 01244 #ifndef NO_PSK 01245 byte havePSK; /* psk key set by user */ 01246 psk_client_callback client_psk_cb; /* client callback */ 01247 psk_server_callback server_psk_cb; /* server callback */ 01248 char server_hint[MAX_PSK_ID_LEN]; 01249 #endif /* NO_PSK */ 01250 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 01251 pem_password_cb passwd_cb; 01252 void* userdata; 01253 #endif /* OPENSSL_EXTRA */ 01254 #ifdef HAVE_OCSP 01255 CYASSL_OCSP ocsp; 01256 #endif 01257 #ifdef HAVE_CAVIUM 01258 int devId; /* cavium device id to use */ 01259 #endif 01260 #ifdef HAVE_TLS_EXTENSIONS 01261 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 01262 #endif 01263 #ifdef ATOMIC_USER 01264 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ 01265 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ 01266 #endif 01267 #ifdef HAVE_PK_CALLBACKS 01268 #ifdef HAVE_ECC 01269 CallbackEccSign EccSignCb; /* User EccSign Callback handler */ 01270 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ 01271 #endif /* HAVE_ECC */ 01272 #ifndef NO_RSA 01273 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */ 01274 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */ 01275 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ 01276 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ 01277 #endif /* NO_RSA */ 01278 #endif /* HAVE_PK_CALLBACKS */ 01279 }; 01280 01281 01282 CYASSL_LOCAL 01283 int InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*); 01284 CYASSL_LOCAL 01285 void FreeSSL_Ctx(CYASSL_CTX*); 01286 CYASSL_LOCAL 01287 void SSL_CtxResourceFree(CYASSL_CTX*); 01288 01289 CYASSL_LOCAL 01290 int DeriveTlsKeys(CYASSL* ssl); 01291 CYASSL_LOCAL 01292 int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, 01293 word32 inSz, word16 sz); 01294 #ifndef NO_CERTS 01295 CYASSL_LOCAL 01296 int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify); 01297 CYASSL_LOCAL 01298 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash); 01299 #endif 01300 01301 /* All cipher suite related info */ 01302 typedef struct CipherSpecs { 01303 byte bulk_cipher_algorithm; 01304 byte cipher_type; /* block, stream, or aead */ 01305 byte mac_algorithm; 01306 byte kea; /* key exchange algo */ 01307 byte sig_algo; 01308 byte hash_size; 01309 byte pad_size; 01310 byte static_ecdh; 01311 word16 key_size; 01312 word16 iv_size; 01313 word16 block_size; 01314 word16 aead_mac_size; 01315 } CipherSpecs; 01316 01317 01318 void InitCipherSpecs(CipherSpecs* cs); 01319 01320 01321 /* Supported Message Authentication Codes from page 43 */ 01322 enum MACAlgorithm { 01323 no_mac, 01324 md5_mac, 01325 sha_mac, 01326 sha224_mac, 01327 sha256_mac, 01328 sha384_mac, 01329 sha512_mac, 01330 rmd_mac, 01331 blake2b_mac 01332 }; 01333 01334 01335 /* Supported Key Exchange Protocols */ 01336 enum KeyExchangeAlgorithm { 01337 no_kea, 01338 rsa_kea, 01339 diffie_hellman_kea, 01340 fortezza_kea, 01341 psk_kea, 01342 ntru_kea, 01343 ecc_diffie_hellman_kea, 01344 ecc_static_diffie_hellman_kea /* for verify suite only */ 01345 }; 01346 01347 01348 /* Supported Authentication Schemes */ 01349 enum SignatureAlgorithm { 01350 anonymous_sa_algo, 01351 rsa_sa_algo, 01352 dsa_sa_algo, 01353 ecc_dsa_sa_algo 01354 }; 01355 01356 01357 /* Supprted ECC Curve Types */ 01358 enum EccCurves { 01359 named_curve = 3 01360 }; 01361 01362 01363 /* Supprted ECC Named Curves */ 01364 enum EccNamedCurves { 01365 secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */ 01366 secp384r1 = 0x18, 01367 secp521r1 = 0x19, 01368 01369 secp160r1 = 0x10, 01370 secp192r1 = 0x13, /* Openssl also call it prime192v1 */ 01371 secp224r1 = 0x15 01372 }; 01373 01374 01375 /* Valid client certificate request types from page 27 */ 01376 enum ClientCertificateType { 01377 rsa_sign = 1, 01378 dss_sign = 2, 01379 rsa_fixed_dh = 3, 01380 dss_fixed_dh = 4, 01381 rsa_ephemeral_dh = 5, 01382 dss_ephemeral_dh = 6, 01383 fortezza_kea_cert = 20 01384 }; 01385 01386 01387 enum CipherType { stream, block, aead }; 01388 01389 01390 #ifdef CYASSL_DTLS 01391 01392 #ifdef WORD64_AVAILABLE 01393 typedef word64 DtlsSeq; 01394 #else 01395 typedef word32 DtlsSeq; 01396 #endif 01397 #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT) 01398 01399 typedef struct DtlsState { 01400 DtlsSeq window; /* Sliding window for current epoch */ 01401 word16 nextEpoch; /* Expected epoch in next record */ 01402 word32 nextSeq; /* Expected sequence in next record */ 01403 01404 word16 curEpoch; /* Received epoch in current record */ 01405 word32 curSeq; /* Received sequence in current record */ 01406 01407 DtlsSeq prevWindow; /* Sliding window for old epoch */ 01408 word32 prevSeq; /* Next sequence in allowed old epoch */ 01409 } DtlsState; 01410 01411 #endif /* CYASSL_DTLS */ 01412 01413 01414 /* keys and secrets */ 01415 typedef struct Keys { 01416 byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */ 01417 byte server_write_MAC_secret[MAX_DIGEST_SIZE]; 01418 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ 01419 byte server_write_key[AES_256_KEY_SIZE]; 01420 byte client_write_IV[AES_IV_SIZE]; /* max sizes */ 01421 byte server_write_IV[AES_IV_SIZE]; 01422 #ifdef HAVE_AEAD 01423 byte aead_exp_IV[AEAD_EXP_IV_SZ]; 01424 byte aead_enc_imp_IV[AEAD_IMP_IV_SZ]; 01425 byte aead_dec_imp_IV[AEAD_IMP_IV_SZ]; 01426 #endif 01427 01428 word32 peer_sequence_number; 01429 word32 sequence_number; 01430 01431 #ifdef CYASSL_DTLS 01432 DtlsState dtls_state; /* Peer's state */ 01433 word16 dtls_peer_handshake_number; 01434 word16 dtls_expected_peer_handshake_number; 01435 01436 word16 dtls_epoch; /* Current tx epoch */ 01437 word32 dtls_sequence_number; /* Current tx sequence */ 01438 word16 dtls_handshake_number; /* Current tx handshake seq */ 01439 #endif 01440 01441 word32 encryptSz; /* last size of encrypted data */ 01442 word32 padSz; /* how much to advance after decrypt part */ 01443 byte encryptionOn; /* true after change cipher spec */ 01444 byte decryptedCur; /* only decrypt current record once */ 01445 } Keys; 01446 01447 01448 /* cipher for now */ 01449 typedef struct Ciphers { 01450 #ifdef BUILD_ARC4 01451 Arc4* arc4; 01452 #endif 01453 #ifdef BUILD_DES3 01454 Des3* des3; 01455 #endif 01456 #if defined(BUILD_AES) || defined(BUILD_AESGCM) 01457 Aes* aes; 01458 #endif 01459 #ifdef HAVE_CAMELLIA 01460 Camellia* cam; 01461 #endif 01462 #ifdef HAVE_HC128 01463 HC128* hc128; 01464 #endif 01465 #ifdef BUILD_RABBIT 01466 Rabbit* rabbit; 01467 #endif 01468 byte setup; /* have we set it up flag for detection */ 01469 } Ciphers; 01470 01471 01472 CYASSL_LOCAL void InitCiphers(CYASSL* ssl); 01473 CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); 01474 01475 01476 /* hashes type */ 01477 typedef struct Hashes { 01478 #ifndef NO_OLD_TLS 01479 byte md5[MD5_DIGEST_SIZE]; 01480 #endif 01481 byte sha[SHA_DIGEST_SIZE]; 01482 #ifndef NO_SHA256 01483 byte sha256[SHA256_DIGEST_SIZE]; 01484 #endif 01485 #ifdef CYASSL_SHA384 01486 byte sha384[SHA384_DIGEST_SIZE]; 01487 #endif 01488 } Hashes; 01489 01490 01491 /* Static x509 buffer */ 01492 typedef struct x509_buffer { 01493 int length; /* actual size */ 01494 byte buffer[MAX_X509_SIZE]; /* max static cert size */ 01495 } x509_buffer; 01496 01497 01498 /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ 01499 struct CYASSL_X509_CHAIN { 01500 int count; /* total number in chain */ 01501 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ 01502 }; 01503 01504 01505 /* CyaSSL session type */ 01506 struct CYASSL_SESSION { 01507 byte sessionID[ID_LEN]; /* id for protocol */ 01508 byte masterSecret[SECRET_LEN]; /* stored secret */ 01509 word32 bornOn; /* create time in seconds */ 01510 word32 timeout; /* timeout in seconds */ 01511 #ifdef SESSION_CERTS 01512 CYASSL_X509_CHAIN chain; /* peer cert chain, static */ 01513 ProtocolVersion version; /* which version was used */ 01514 byte cipherSuite0; /* first byte, normally 0 */ 01515 byte cipherSuite; /* 2nd byte, actual suite */ 01516 #endif 01517 #ifndef NO_CLIENT_CACHE 01518 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ 01519 word16 idLen; /* serverID length */ 01520 #endif 01521 }; 01522 01523 01524 CYASSL_LOCAL 01525 CYASSL_SESSION* GetSession(CYASSL*, byte*); 01526 CYASSL_LOCAL 01527 int SetSession(CYASSL*, CYASSL_SESSION*); 01528 01529 typedef int (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int); 01530 01531 #ifndef NO_CLIENT_CACHE 01532 CYASSL_SESSION* GetSessionClient(CYASSL*, const byte*, int); 01533 #endif 01534 01535 /* client connect state for nonblocking restart */ 01536 enum ConnectState { 01537 CONNECT_BEGIN = 0, 01538 CLIENT_HELLO_SENT, 01539 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ 01540 HELLO_AGAIN_REPLY, 01541 FIRST_REPLY_DONE, 01542 FIRST_REPLY_FIRST, 01543 FIRST_REPLY_SECOND, 01544 FIRST_REPLY_THIRD, 01545 FIRST_REPLY_FOURTH, 01546 FINISHED_DONE, 01547 SECOND_REPLY_DONE 01548 }; 01549 01550 01551 /* server accept state for nonblocking restart */ 01552 enum AcceptState { 01553 ACCEPT_BEGIN = 0, 01554 ACCEPT_CLIENT_HELLO_DONE, 01555 HELLO_VERIFY_SENT, 01556 ACCEPT_FIRST_REPLY_DONE, 01557 SERVER_HELLO_SENT, 01558 CERT_SENT, 01559 KEY_EXCHANGE_SENT, 01560 CERT_REQ_SENT, 01561 SERVER_HELLO_DONE, 01562 ACCEPT_SECOND_REPLY_DONE, 01563 CHANGE_CIPHER_SENT, 01564 ACCEPT_FINISHED_DONE, 01565 ACCEPT_THIRD_REPLY_DONE 01566 }; 01567 01568 01569 typedef struct Buffers { 01570 #ifndef NO_CERTS 01571 buffer certificate; /* CYASSL_CTX owns, unless we own */ 01572 buffer key; /* CYASSL_CTX owns, unless we own */ 01573 buffer certChain; /* CYASSL_CTX owns */ 01574 /* chain after self, in DER, with leading size for each cert */ 01575 buffer serverDH_P; /* CYASSL_CTX owns, unless we own */ 01576 buffer serverDH_G; /* CYASSL_CTX owns, unless we own */ 01577 buffer serverDH_Pub; 01578 buffer serverDH_Priv; 01579 #endif 01580 buffer domainName; /* for client check */ 01581 bufferStatic inputBuffer; 01582 bufferStatic outputBuffer; 01583 buffer clearOutputBuffer; 01584 int prevSent; /* previous plain text bytes sent 01585 when got WANT_WRITE */ 01586 int plainSz; /* plain text bytes in buffer to send 01587 when got WANT_WRITE */ 01588 byte weOwnCert; /* SSL own cert flag */ 01589 byte weOwnKey; /* SSL own key flag */ 01590 byte weOwnDH; /* SSL own dh (p,g) flag */ 01591 #ifdef CYASSL_DTLS 01592 CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ 01593 #endif 01594 #ifdef HAVE_PK_CALLBACKS 01595 #ifdef HAVE_ECC 01596 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ 01597 #endif /* HAVE_ECC */ 01598 #ifndef NO_RSA 01599 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ 01600 #endif /* NO_RSA */ 01601 #endif /* HAVE_PK_CALLBACKS */ 01602 } Buffers; 01603 01604 typedef struct Options { 01605 byte sessionCacheOff; 01606 byte sessionCacheFlushOff; 01607 byte cipherSuite0; /* first byte, normally 0 */ 01608 byte cipherSuite; /* second byte, actual suite */ 01609 byte serverState; 01610 byte clientState; 01611 byte handShakeState; 01612 byte side; /* client or server end */ 01613 byte verifyPeer; 01614 byte verifyNone; 01615 byte failNoCert; 01616 byte downgrade; /* allow downgrade of versions */ 01617 byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */ 01618 byte resuming; 01619 byte haveSessionId; /* server may not send */ 01620 byte tls; /* using TLS ? */ 01621 byte tls1_1; /* using TLSv1.1+ ? */ 01622 byte dtls; /* using datagrams ? */ 01623 byte connReset; /* has the peer reset */ 01624 byte isClosed; /* if we consider conn closed */ 01625 byte closeNotify; /* we've recieved a close notify */ 01626 byte sentNotify; /* we've sent a close notify */ 01627 byte connectState; /* nonblocking resume */ 01628 byte acceptState; /* nonblocking resume */ 01629 byte usingCompression; /* are we using compression */ 01630 byte haveRSA; /* RSA available */ 01631 byte haveDH; /* server DH parms set by user */ 01632 byte haveNTRU; /* server NTRU private key loaded */ 01633 byte haveECDSAsig; /* server ECDSA signed cert */ 01634 byte haveStaticECC; /* static server ECC private key */ 01635 byte havePeerCert; /* do we have peer's cert */ 01636 byte havePeerVerify; /* and peer's cert verify */ 01637 byte usingPSK_cipher; /* whether we're using psk as cipher */ 01638 byte sendAlertState; /* nonblocking resume */ 01639 byte processReply; /* nonblocking resume */ 01640 byte partialWrite; /* only one msg per write call */ 01641 byte quietShutdown; /* don't send close notify */ 01642 byte certOnly; /* stop once we get cert */ 01643 byte groupMessages; /* group handshake messages */ 01644 byte usingNonblock; /* set when using nonblocking socket */ 01645 byte saveArrays; /* save array Memory for user get keys 01646 or psk */ 01647 #ifndef NO_PSK 01648 byte havePSK; /* psk key set by user */ 01649 psk_client_callback client_psk_cb; 01650 psk_server_callback server_psk_cb; 01651 #endif /* NO_PSK */ 01652 } Options; 01653 01654 typedef struct Arrays { 01655 byte clientRandom[RAN_LEN]; 01656 byte serverRandom[RAN_LEN]; 01657 byte sessionID[ID_LEN]; 01658 byte preMasterSecret[ENCRYPT_LEN]; 01659 byte masterSecret[SECRET_LEN]; 01660 #ifdef CYASSL_DTLS 01661 byte cookie[MAX_COOKIE_LEN]; 01662 byte cookieSz; 01663 #endif 01664 #ifndef NO_PSK 01665 char client_identity[MAX_PSK_ID_LEN]; 01666 char server_hint[MAX_PSK_ID_LEN]; 01667 byte psk_key[MAX_PSK_KEY_LEN]; 01668 word32 psk_keySz; /* acutal size */ 01669 #endif 01670 word32 preMasterSz; /* differs for DH, actual size */ 01671 } Arrays; 01672 01673 #ifndef ASN_NAME_MAX 01674 #define ASN_NAME_MAX 256 01675 #endif 01676 01677 #ifndef MAX_DATE_SZ 01678 #define MAX_DATE_SZ 32 01679 #endif 01680 01681 struct CYASSL_X509_NAME { 01682 char *name; 01683 char staticName[ASN_NAME_MAX]; 01684 int dynamicName; 01685 int sz; 01686 #ifdef OPENSSL_EXTRA 01687 DecodedName fullName; 01688 #endif /* OPENSSL_EXTRA */ 01689 }; 01690 01691 #ifndef EXTERNAL_SERIAL_SIZE 01692 #define EXTERNAL_SERIAL_SIZE 32 01693 #endif 01694 01695 #ifdef NO_ASN 01696 typedef struct DNS_entry DNS_entry; 01697 #endif 01698 01699 struct CYASSL_X509 { 01700 int version; 01701 CYASSL_X509_NAME issuer; 01702 CYASSL_X509_NAME subject; 01703 int serialSz; 01704 byte serial[EXTERNAL_SERIAL_SIZE]; 01705 char subjectCN[ASN_NAME_MAX]; /* common name short cut */ 01706 #ifdef CYASSL_SEP 01707 int deviceTypeSz; 01708 byte deviceType[EXTERNAL_SERIAL_SIZE]; 01709 int hwTypeSz; 01710 byte hwType[EXTERNAL_SERIAL_SIZE]; 01711 int hwSerialNumSz; 01712 byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; 01713 #ifdef OPENSSL_EXTRA 01714 byte certPolicySet; 01715 byte certPolicyCrit; 01716 #endif /* OPENSSL_EXTRA */ 01717 #endif 01718 int notBeforeSz; 01719 byte notBefore[MAX_DATE_SZ]; 01720 int notAfterSz; 01721 byte notAfter[MAX_DATE_SZ]; 01722 int sigOID; 01723 buffer sig; 01724 int pubKeyOID; 01725 buffer pubKey; 01726 #ifdef HAVE_ECC 01727 word32 pkCurveOID; 01728 #endif /* HAVE_ECC */ 01729 buffer derCert; /* may need */ 01730 DNS_entry* altNames; /* alt names list */ 01731 DNS_entry* altNamesNext; /* hint for retrieval */ 01732 byte dynamicMemory; /* dynamic memory flag */ 01733 byte isCa; 01734 #ifdef OPENSSL_EXTRA 01735 word32 pathLength; 01736 word16 keyUsage; 01737 byte basicConstSet; 01738 byte basicConstCrit; 01739 byte basicConstPlSet; 01740 byte subjAltNameSet; 01741 byte subjAltNameCrit; 01742 byte authKeyIdSet; 01743 byte authKeyIdCrit; 01744 byte* authKeyId; 01745 word32 authKeyIdSz; 01746 byte subjKeyIdSet; 01747 byte subjKeyIdCrit; 01748 byte* subjKeyId; 01749 word32 subjKeyIdSz; 01750 byte keyUsageSet; 01751 byte keyUsageCrit; 01752 #endif /* OPENSSL_EXTRA */ 01753 }; 01754 01755 01756 /* record layer header for PlainText, Compressed, and CipherText */ 01757 typedef struct RecordLayerHeader { 01758 byte type; 01759 byte pvMajor; 01760 byte pvMinor; 01761 byte length[2]; 01762 } RecordLayerHeader; 01763 01764 01765 /* record layer header for DTLS PlainText, Compressed, and CipherText */ 01766 typedef struct DtlsRecordLayerHeader { 01767 byte type; 01768 byte pvMajor; 01769 byte pvMinor; 01770 byte epoch[2]; /* increment on cipher state change */ 01771 byte sequence_number[6]; /* per record */ 01772 byte length[2]; 01773 } DtlsRecordLayerHeader; 01774 01775 01776 typedef struct DtlsPool { 01777 buffer buf[DTLS_POOL_SZ]; 01778 int used; 01779 } DtlsPool; 01780 01781 typedef struct DtlsMsg { 01782 struct DtlsMsg* next; 01783 word32 seq; /* Handshake sequence number */ 01784 word32 sz; /* Length of whole mesage */ 01785 word32 fragSz; /* Length of fragments received */ 01786 byte type; 01787 byte* buf; 01788 byte* msg; 01789 } DtlsMsg; 01790 01791 01792 #ifdef HAVE_NETX 01793 01794 /* NETX I/O Callback default */ 01795 typedef struct NetX_Ctx { 01796 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ 01797 NX_PACKET* nxPacket; /* incoming packet handle for short reads */ 01798 ULONG nxOffset; /* offset already read from nxPacket */ 01799 ULONG nxWait; /* wait option flag */ 01800 } NetX_Ctx; 01801 01802 #endif 01803 01804 01805 /* CyaSSL ssl type */ 01806 struct CYASSL { 01807 CYASSL_CTX* ctx; 01808 int error; 01809 ProtocolVersion version; /* negotiated version */ 01810 ProtocolVersion chVersion; /* client hello version */ 01811 Suites* suites; /* only need during handshake */ 01812 Ciphers encrypt; 01813 Ciphers decrypt; 01814 CipherSpecs specs; 01815 Keys keys; 01816 int rfd; /* read file descriptor */ 01817 int wfd; /* write file descriptor */ 01818 int rflags; /* user read flags */ 01819 int wflags; /* user write flags */ 01820 CYASSL_BIO* biord; /* socket bio read to free/close */ 01821 CYASSL_BIO* biowr; /* socket bio write to free/close */ 01822 void* IOCB_ReadCtx; 01823 void* IOCB_WriteCtx; 01824 RNG* rng; 01825 #ifndef NO_OLD_TLS 01826 #ifndef NO_SHA 01827 Sha hashSha; /* sha hash of handshake msgs */ 01828 #endif 01829 #ifndef NO_MD5 01830 Md5 hashMd5; /* md5 hash of handshake msgs */ 01831 #endif 01832 #endif 01833 #ifndef NO_SHA256 01834 Sha256 hashSha256; /* sha256 hash of handshake msgs */ 01835 #endif 01836 #ifdef CYASSL_SHA384 01837 Sha384 hashSha384; /* sha384 hash of handshake msgs */ 01838 #endif 01839 Hashes verifyHashes; 01840 Hashes certHashes; /* for cert verify */ 01841 Buffers buffers; 01842 Options options; 01843 Arrays* arrays; 01844 CYASSL_SESSION session; 01845 VerifyCallback verifyCallback; /* cert verification callback */ 01846 void* verifyCbCtx; /* cert verify callback user ctx*/ 01847 #ifndef NO_RSA 01848 RsaKey* peerRsaKey; 01849 byte peerRsaKeyPresent; 01850 #endif 01851 #ifdef HAVE_NTRU 01852 word16 peerNtruKeyLen; 01853 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; 01854 byte peerNtruKeyPresent; 01855 #endif 01856 #ifdef HAVE_ECC 01857 ecc_key* peerEccKey; /* peer's ECDHE key */ 01858 ecc_key* peerEccDsaKey; /* peer's ECDSA key */ 01859 ecc_key* eccTempKey; /* private ECDHE key */ 01860 ecc_key* eccDsaKey; /* private ECDSA key */ 01861 word16 eccTempKeySz; /* in octets 20 - 66 */ 01862 word32 pkCurveOID; /* curve Ecc_Sum */ 01863 byte peerEccKeyPresent; 01864 byte peerEccDsaKeyPresent; 01865 byte eccTempKeyPresent; 01866 byte eccDsaKeyPresent; 01867 #endif 01868 hmacfp hmac; 01869 void* heap; /* for user overrides */ 01870 RecordLayerHeader curRL; 01871 word16 curSize; 01872 word32 timeout; /* session timeout */ 01873 CYASSL_CIPHER cipher; 01874 #ifdef HAVE_LIBZ 01875 z_stream c_stream; /* compression stream */ 01876 z_stream d_stream; /* decompression stream */ 01877 byte didStreamInit; /* for stream init and end */ 01878 #endif 01879 #ifdef CYASSL_DTLS 01880 int dtls_timeout_init; /* starting timeout vaule */ 01881 int dtls_timeout_max; /* maximum timeout value */ 01882 int dtls_timeout; /* current timeout value, changes */ 01883 DtlsPool* dtls_pool; 01884 DtlsMsg* dtls_msg_list; 01885 void* IOCB_CookieCtx; /* gen cookie ctx */ 01886 word32 dtls_expected_rx; 01887 #endif 01888 #ifdef CYASSL_CALLBACKS 01889 HandShakeInfo handShakeInfo; /* info saved during handshake */ 01890 TimeoutInfo timeoutInfo; /* info saved during handshake */ 01891 byte hsInfoOn; /* track handshake info */ 01892 byte toInfoOn; /* track timeout info */ 01893 #endif 01894 #ifdef KEEP_PEER_CERT 01895 CYASSL_X509 peerCert; /* X509 peer cert */ 01896 #endif 01897 #ifdef FORTRESS 01898 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ 01899 #endif 01900 #ifdef HAVE_CAVIUM 01901 int devId; /* cavium device id to use */ 01902 #endif 01903 #ifdef HAVE_TLS_EXTENSIONS 01904 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 01905 #ifdef HAVE_MAX_FRAGMENT 01906 word16 max_fragment; 01907 #endif 01908 #ifdef HAVE_TRUNCATED_HMAC 01909 byte truncated_hmac; 01910 #endif 01911 #endif 01912 #ifdef HAVE_NETX 01913 NetX_Ctx nxCtx; /* NetX IO Context */ 01914 #endif 01915 #ifdef SESSION_INDEX 01916 int sessionIndex; /* Session's location in the cache. */ 01917 #endif 01918 CYASSL_ALERT_HISTORY alert_history; 01919 #ifdef ATOMIC_USER 01920 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ 01921 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ 01922 #endif 01923 #ifdef HAVE_PK_CALLBACKS 01924 #ifdef HAVE_ECC 01925 void* EccSignCtx; /* Ecc Sign Callback Context */ 01926 void* EccVerifyCtx; /* Ecc Verify Callback Context */ 01927 #endif /* HAVE_ECC */ 01928 #ifndef NO_RSA 01929 void* RsaSignCtx; /* Rsa Sign Callback Context */ 01930 void* RsaVerifyCtx; /* Rsa Verify Callback Context */ 01931 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ 01932 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ 01933 #endif /* NO_RSA */ 01934 #endif /* HAVE_PK_CALLBACKS */ 01935 }; 01936 01937 01938 CYASSL_LOCAL 01939 int InitSSL(CYASSL*, CYASSL_CTX*); 01940 CYASSL_LOCAL 01941 void FreeSSL(CYASSL*); 01942 CYASSL_API void SSL_ResourceFree(CYASSL*); /* Micrium uses */ 01943 01944 01945 enum { 01946 IV_SZ = 32, /* max iv sz */ 01947 NAME_SZ = 80 /* max one line */ 01948 }; 01949 01950 01951 typedef struct EncryptedInfo { 01952 char name[NAME_SZ]; /* encryption name */ 01953 byte iv[IV_SZ]; /* encrypted IV */ 01954 word32 ivSz; /* encrypted IV size */ 01955 long consumed; /* tracks PEM bytes consumed */ 01956 byte set; /* if encryption set */ 01957 CYASSL_CTX* ctx; /* CTX owner */ 01958 } EncryptedInfo; 01959 01960 01961 #ifndef NO_CERTS 01962 CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, 01963 buffer* der, void* heap, EncryptedInfo* info, 01964 int* eccKey); 01965 01966 CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, 01967 int type, CYASSL* ssl, int userChain, 01968 CYASSL_CRL* crl); 01969 #endif 01970 01971 01972 #ifdef CYASSL_CALLBACKS 01973 CYASSL_LOCAL 01974 void InitHandShakeInfo(HandShakeInfo*); 01975 CYASSL_LOCAL 01976 void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*); 01977 CYASSL_LOCAL 01978 void AddPacketName(const char*, HandShakeInfo*); 01979 01980 CYASSL_LOCAL 01981 void InitTimeoutInfo(TimeoutInfo*); 01982 CYASSL_LOCAL 01983 void FreeTimeoutInfo(TimeoutInfo*, void*); 01984 CYASSL_LOCAL 01985 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); 01986 CYASSL_LOCAL 01987 void AddLateName(const char*, TimeoutInfo*); 01988 CYASSL_LOCAL 01989 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); 01990 #endif 01991 01992 01993 /* Record Layer Header identifier from page 12 */ 01994 enum ContentType { 01995 no_type = 0, 01996 change_cipher_spec = 20, 01997 alert = 21, 01998 handshake = 22, 01999 application_data = 23 02000 }; 02001 02002 02003 /* handshake header, same for each message type, pgs 20/21 */ 02004 typedef struct HandShakeHeader { 02005 byte type; 02006 word24 length; 02007 } HandShakeHeader; 02008 02009 02010 /* DTLS handshake header, same for each message type */ 02011 typedef struct DtlsHandShakeHeader { 02012 byte type; 02013 word24 length; 02014 byte message_seq[2]; /* start at 0, restransmit gets same # */ 02015 word24 fragment_offset; /* bytes in previous fragments */ 02016 word24 fragment_length; /* length of this fragment */ 02017 } DtlsHandShakeHeader; 02018 02019 02020 enum HandShakeType { 02021 no_shake = -1, 02022 hello_request = 0, 02023 client_hello = 1, 02024 server_hello = 2, 02025 hello_verify_request = 3, /* DTLS addition */ 02026 session_ticket = 4, 02027 certificate = 11, 02028 server_key_exchange = 12, 02029 certificate_request = 13, 02030 server_hello_done = 14, 02031 certificate_verify = 15, 02032 client_key_exchange = 16, 02033 finished = 20 02034 }; 02035 02036 02037 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; 02038 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; 02039 02040 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; 02041 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; 02042 02043 02044 /* internal functions */ 02045 CYASSL_LOCAL int SendChangeCipher(CYASSL*); 02046 CYASSL_LOCAL int SendData(CYASSL*, const void*, int); 02047 CYASSL_LOCAL int SendCertificate(CYASSL*); 02048 CYASSL_LOCAL int SendCertificateRequest(CYASSL*); 02049 CYASSL_LOCAL int SendServerKeyExchange(CYASSL*); 02050 CYASSL_LOCAL int SendBuffered(CYASSL*); 02051 CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int, int); 02052 CYASSL_LOCAL int SendFinished(CYASSL*); 02053 CYASSL_LOCAL int SendAlert(CYASSL*, int, int); 02054 CYASSL_LOCAL int ProcessReply(CYASSL*); 02055 02056 CYASSL_LOCAL int SetCipherSpecs(CYASSL*); 02057 CYASSL_LOCAL int MakeMasterSecret(CYASSL*); 02058 02059 CYASSL_LOCAL int AddSession(CYASSL*); 02060 CYASSL_LOCAL int DeriveKeys(CYASSL* ssl); 02061 CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData); 02062 02063 CYASSL_LOCAL int IsTLS(const CYASSL* ssl); 02064 CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl); 02065 02066 CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl); 02067 CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree); 02068 CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl); 02069 02070 CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl); 02071 #ifndef NO_CERTS 02072 CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash); 02073 #ifndef NO_SKID 02074 CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); 02075 #endif 02076 #endif 02077 CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, 02078 const byte* sender); 02079 CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep); 02080 CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size); 02081 CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); 02082 02083 #ifndef NO_TLS 02084 CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*); 02085 CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, 02086 word32 sz, int content, int verify); 02087 #endif 02088 02089 #ifndef NO_CYASSL_CLIENT 02090 CYASSL_LOCAL int SendClientHello(CYASSL*); 02091 CYASSL_LOCAL int SendClientKeyExchange(CYASSL*); 02092 CYASSL_LOCAL int SendCertificateVerify(CYASSL*); 02093 #endif /* NO_CYASSL_CLIENT */ 02094 02095 #ifndef NO_CYASSL_SERVER 02096 CYASSL_LOCAL int SendServerHello(CYASSL*); 02097 CYASSL_LOCAL int SendServerHelloDone(CYASSL*); 02098 #ifdef CYASSL_DTLS 02099 CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*); 02100 #endif 02101 #endif /* NO_CYASSL_SERVER */ 02102 02103 #ifdef CYASSL_DTLS 02104 CYASSL_LOCAL int DtlsPoolInit(CYASSL*); 02105 CYASSL_LOCAL int DtlsPoolSave(CYASSL*, const byte*, int); 02106 CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*); 02107 CYASSL_LOCAL int DtlsPoolSend(CYASSL*); 02108 CYASSL_LOCAL void DtlsPoolReset(CYASSL*); 02109 02110 CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); 02111 CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); 02112 CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); 02113 CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, 02114 word32, word32); 02115 CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); 02116 CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, 02117 byte, word32, word32, void*); 02118 CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); 02119 #endif /* CYASSL_DTLS */ 02120 02121 #ifndef NO_TLS 02122 02123 02124 #endif /* NO_TLS */ 02125 02126 02127 CYASSL_LOCAL word32 LowResTimer(void); 02128 02129 CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int); 02130 CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name); 02131 CYASSL_LOCAL void InitX509(CYASSL_X509*, int); 02132 CYASSL_LOCAL void FreeX509(CYASSL_X509*); 02133 #ifndef NO_CERTS 02134 CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509*, DecodedCert*); 02135 #endif 02136 02137 02138 #ifdef __cplusplus 02139 } /* extern "C" */ 02140 #endif 02141 02142 #endif /* CyaSSL_INT_H */ 02143 02144
Generated on Wed Jul 13 2022 02:18:39 by
1.7.2