wolfSSL-TLS13-Beta - wolfSSL 3.11.1 for TLS1.3 beta

Users » wolfSSL » Code » wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

wolfssl/internal.h@13:80fb167dafdf, 2017-05-30 (annotated)

Committer:: wolfSSL
Date:: Tue May 30 06:16:19 2017 +0000
Revision:: 13:80fb167dafdf

wolfSSL 3.11.1: TLS1.3 Beta

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	13:80fb167dafdf	1	/* internal.h
wolfSSL	13:80fb167dafdf	2	*
wolfSSL	13:80fb167dafdf	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	13:80fb167dafdf	4	*
wolfSSL	13:80fb167dafdf	5	* This file is part of wolfSSL.
wolfSSL	13:80fb167dafdf	6	*
wolfSSL	13:80fb167dafdf	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	13:80fb167dafdf	8	* it under the terms of the GNU General Public License as published by
wolfSSL	13:80fb167dafdf	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	13:80fb167dafdf	10	* (at your option) any later version.
wolfSSL	13:80fb167dafdf	11	*
wolfSSL	13:80fb167dafdf	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	13:80fb167dafdf	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	13:80fb167dafdf	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	13:80fb167dafdf	15	* GNU General Public License for more details.
wolfSSL	13:80fb167dafdf	16	*
wolfSSL	13:80fb167dafdf	17	* You should have received a copy of the GNU General Public License
wolfSSL	13:80fb167dafdf	18	* along with this program; if not, write to the Free Software
wolfSSL	13:80fb167dafdf	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	13:80fb167dafdf	20	*/
wolfSSL	13:80fb167dafdf	21
wolfSSL	13:80fb167dafdf	22
wolfSSL	13:80fb167dafdf	23
wolfSSL	13:80fb167dafdf	24	#ifndef WOLFSSL_INT_H
wolfSSL	13:80fb167dafdf	25	#define WOLFSSL_INT_H
wolfSSL	13:80fb167dafdf	26
wolfSSL	13:80fb167dafdf	27
wolfSSL	13:80fb167dafdf	28	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	13:80fb167dafdf	29	#include <wolfssl/ssl.h>
wolfSSL	13:80fb167dafdf	30	#ifdef HAVE_CRL
wolfSSL	13:80fb167dafdf	31	#include <wolfssl/crl.h>
wolfSSL	13:80fb167dafdf	32	#endif
wolfSSL	13:80fb167dafdf	33	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	13:80fb167dafdf	34	#ifndef NO_DES3
wolfSSL	13:80fb167dafdf	35	#include <wolfssl/wolfcrypt/des3.h>
wolfSSL	13:80fb167dafdf	36	#endif
wolfSSL	13:80fb167dafdf	37	#ifndef NO_HC128
wolfSSL	13:80fb167dafdf	38	#include <wolfssl/wolfcrypt/hc128.h>
wolfSSL	13:80fb167dafdf	39	#endif
wolfSSL	13:80fb167dafdf	40	#ifndef NO_RABBIT
wolfSSL	13:80fb167dafdf	41	#include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL	13:80fb167dafdf	42	#endif
wolfSSL	13:80fb167dafdf	43	#ifdef HAVE_CHACHA
wolfSSL	13:80fb167dafdf	44	#include <wolfssl/wolfcrypt/chacha.h>
wolfSSL	13:80fb167dafdf	45	#endif
wolfSSL	13:80fb167dafdf	46	#ifndef NO_ASN
wolfSSL	13:80fb167dafdf	47	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	13:80fb167dafdf	48	#include <wolfssl/wolfcrypt/pkcs12.h>
wolfSSL	13:80fb167dafdf	49	#endif
wolfSSL	13:80fb167dafdf	50	#ifndef NO_MD5
wolfSSL	13:80fb167dafdf	51	#include <wolfssl/wolfcrypt/md5.h>
wolfSSL	13:80fb167dafdf	52	#endif
wolfSSL	13:80fb167dafdf	53	#ifndef NO_SHA
wolfSSL	13:80fb167dafdf	54	#include <wolfssl/wolfcrypt/sha.h>
wolfSSL	13:80fb167dafdf	55	#endif
wolfSSL	13:80fb167dafdf	56	#ifndef NO_AES
wolfSSL	13:80fb167dafdf	57	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	13:80fb167dafdf	58	#endif
wolfSSL	13:80fb167dafdf	59	#ifdef HAVE_POLY1305
wolfSSL	13:80fb167dafdf	60	#include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL	13:80fb167dafdf	61	#endif
wolfSSL	13:80fb167dafdf	62	#ifdef HAVE_CAMELLIA
wolfSSL	13:80fb167dafdf	63	#include <wolfssl/wolfcrypt/camellia.h>
wolfSSL	13:80fb167dafdf	64	#endif
wolfSSL	13:80fb167dafdf	65	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	13:80fb167dafdf	66	#ifndef NO_HMAC
wolfSSL	13:80fb167dafdf	67	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	13:80fb167dafdf	68	#endif
wolfSSL	13:80fb167dafdf	69	#ifndef NO_RC4
wolfSSL	13:80fb167dafdf	70	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	13:80fb167dafdf	71	#endif
wolfSSL	13:80fb167dafdf	72	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	73	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	13:80fb167dafdf	74	#endif
wolfSSL	13:80fb167dafdf	75	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	76	#include <wolfssl/wolfcrypt/sha256.h>
wolfSSL	13:80fb167dafdf	77	#endif
wolfSSL	13:80fb167dafdf	78	#ifdef HAVE_OCSP
wolfSSL	13:80fb167dafdf	79	#include <wolfssl/ocsp.h>
wolfSSL	13:80fb167dafdf	80	#endif
wolfSSL	13:80fb167dafdf	81	#ifdef WOLFSSL_SHA512
wolfSSL	13:80fb167dafdf	82	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	13:80fb167dafdf	83	#endif
wolfSSL	13:80fb167dafdf	84	#ifdef HAVE_AESGCM
wolfSSL	13:80fb167dafdf	85	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	13:80fb167dafdf	86	#endif
wolfSSL	13:80fb167dafdf	87	#ifdef WOLFSSL_RIPEMD
wolfSSL	13:80fb167dafdf	88	#include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL	13:80fb167dafdf	89	#endif
wolfSSL	13:80fb167dafdf	90	#ifdef HAVE_IDEA
wolfSSL	13:80fb167dafdf	91	#include <wolfssl/wolfcrypt/idea.h>
wolfSSL	13:80fb167dafdf	92	#endif
wolfSSL	13:80fb167dafdf	93	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	94	#include <wolfssl/wolfcrypt/rsa.h>
wolfSSL	13:80fb167dafdf	95	#endif
wolfSSL	13:80fb167dafdf	96	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	97	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	13:80fb167dafdf	98	#endif
wolfSSL	13:80fb167dafdf	99	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	100	#include <wolfssl/wolfcrypt/dh.h>
wolfSSL	13:80fb167dafdf	101	#endif
wolfSSL	13:80fb167dafdf	102
wolfSSL	13:80fb167dafdf	103	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	13:80fb167dafdf	104
wolfSSL	13:80fb167dafdf	105	#ifdef WOLFSSL_CALLBACKS
wolfSSL	13:80fb167dafdf	106	#include <wolfssl/callbacks.h>
wolfSSL	13:80fb167dafdf	107	#include <signal.h>
wolfSSL	13:80fb167dafdf	108	#endif
wolfSSL	13:80fb167dafdf	109
wolfSSL	13:80fb167dafdf	110	#ifdef USE_WINDOWS_API
wolfSSL	13:80fb167dafdf	111	#ifdef WOLFSSL_GAME_BUILD
wolfSSL	13:80fb167dafdf	112	#include "system/xtl.h"
wolfSSL	13:80fb167dafdf	113	#else
wolfSSL	13:80fb167dafdf	114	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	13:80fb167dafdf	115	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	13:80fb167dafdf	116	#include <winsock2.h>
wolfSSL	13:80fb167dafdf	117	#endif
wolfSSL	13:80fb167dafdf	118	#include <windows.h>
wolfSSL	13:80fb167dafdf	119	#endif
wolfSSL	13:80fb167dafdf	120	#elif defined(THREADX)
wolfSSL	13:80fb167dafdf	121	#ifndef SINGLE_THREADED
wolfSSL	13:80fb167dafdf	122	#include "tx_api.h"
wolfSSL	13:80fb167dafdf	123	#endif
wolfSSL	13:80fb167dafdf	124	#elif defined(MICRIUM)
wolfSSL	13:80fb167dafdf	125	/* do nothing, just don't pick Unix */
wolfSSL	13:80fb167dafdf	126	#elif defined(FREERTOS) \|\| defined(FREERTOS_TCP) \|\| defined(WOLFSSL_SAFERTOS)
wolfSSL	13:80fb167dafdf	127	/* do nothing */
wolfSSL	13:80fb167dafdf	128	#elif defined(EBSNET)
wolfSSL	13:80fb167dafdf	129	/* do nothing */
wolfSSL	13:80fb167dafdf	130	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	13:80fb167dafdf	131	/* do nothing */
wolfSSL	13:80fb167dafdf	132	#elif defined(FREESCALE_FREE_RTOS)
wolfSSL	13:80fb167dafdf	133	#include "fsl_os_abstraction.h"
wolfSSL	13:80fb167dafdf	134	#elif defined(WOLFSSL_uITRON4)
wolfSSL	13:80fb167dafdf	135	/* do nothing */
wolfSSL	13:80fb167dafdf	136	#elif defined(WOLFSSL_uTKERNEL2)
wolfSSL	13:80fb167dafdf	137	/* do nothing */
wolfSSL	13:80fb167dafdf	138	#elif defined(WOLFSSL_MDK_ARM)
wolfSSL	13:80fb167dafdf	139	#if defined(WOLFSSL_MDK5)
wolfSSL	13:80fb167dafdf	140	#include "cmsis_os.h"
wolfSSL	13:80fb167dafdf	141	#else
wolfSSL	13:80fb167dafdf	142	#include <rtl.h>
wolfSSL	13:80fb167dafdf	143	#endif
wolfSSL	13:80fb167dafdf	144	#elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL	13:80fb167dafdf	145	#include "cmsis_os.h"
wolfSSL	13:80fb167dafdf	146	#elif defined(MBED)
wolfSSL	13:80fb167dafdf	147	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:80fb167dafdf	148	/* do nothing */
wolfSSL	13:80fb167dafdf	149	#elif defined(INTIME_RTOS)
wolfSSL	13:80fb167dafdf	150	#include <rt.h>
wolfSSL	13:80fb167dafdf	151	#else
wolfSSL	13:80fb167dafdf	152	#ifndef SINGLE_THREADED
wolfSSL	13:80fb167dafdf	153	#define WOLFSSL_PTHREADS
wolfSSL	13:80fb167dafdf	154	#include <pthread.h>
wolfSSL	13:80fb167dafdf	155	#endif
wolfSSL	13:80fb167dafdf	156	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	13:80fb167dafdf	157	#include <unistd.h> /* for close of BIO */
wolfSSL	13:80fb167dafdf	158	#endif
wolfSSL	13:80fb167dafdf	159	#endif
wolfSSL	13:80fb167dafdf	160
wolfSSL	13:80fb167dafdf	161	#ifndef CHAR_BIT
wolfSSL	13:80fb167dafdf	162	/* Needed for DTLS without big math */
wolfSSL	13:80fb167dafdf	163	#include <limits.h>
wolfSSL	13:80fb167dafdf	164	#endif
wolfSSL	13:80fb167dafdf	165
wolfSSL	13:80fb167dafdf	166
wolfSSL	13:80fb167dafdf	167	#ifdef HAVE_LIBZ
wolfSSL	13:80fb167dafdf	168	#include "zlib.h"
wolfSSL	13:80fb167dafdf	169	#endif
wolfSSL	13:80fb167dafdf	170
wolfSSL	13:80fb167dafdf	171	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:80fb167dafdf	172	#include <wolfssl/wolfcrypt/async.h>
wolfSSL	13:80fb167dafdf	173	#endif
wolfSSL	13:80fb167dafdf	174
wolfSSL	13:80fb167dafdf	175	#ifdef _MSC_VER
wolfSSL	13:80fb167dafdf	176	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	13:80fb167dafdf	177	#pragma warning(disable: 4996)
wolfSSL	13:80fb167dafdf	178	#endif
wolfSSL	13:80fb167dafdf	179
wolfSSL	13:80fb167dafdf	180	#ifdef NO_SHA
wolfSSL	13:80fb167dafdf	181	#define SHA_DIGEST_SIZE 20
wolfSSL	13:80fb167dafdf	182	#endif
wolfSSL	13:80fb167dafdf	183
wolfSSL	13:80fb167dafdf	184	#ifdef NO_SHA256
wolfSSL	13:80fb167dafdf	185	#define SHA256_DIGEST_SIZE 32
wolfSSL	13:80fb167dafdf	186	#endif
wolfSSL	13:80fb167dafdf	187
wolfSSL	13:80fb167dafdf	188	#ifdef NO_MD5
wolfSSL	13:80fb167dafdf	189	#define MD5_DIGEST_SIZE 16
wolfSSL	13:80fb167dafdf	190	#endif
wolfSSL	13:80fb167dafdf	191
wolfSSL	13:80fb167dafdf	192
wolfSSL	13:80fb167dafdf	193	#ifdef __cplusplus
wolfSSL	13:80fb167dafdf	194	extern "C" {
wolfSSL	13:80fb167dafdf	195	#endif
wolfSSL	13:80fb167dafdf	196
wolfSSL	13:80fb167dafdf	197
wolfSSL	13:80fb167dafdf	198	typedef byte word24[3];
wolfSSL	13:80fb167dafdf	199
wolfSSL	13:80fb167dafdf	200	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	13:80fb167dafdf	201	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	13:80fb167dafdf	202
wolfSSL	13:80fb167dafdf	203	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	13:80fb167dafdf	204
wolfSSL	13:80fb167dafdf	205	Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL	13:80fb167dafdf	206	flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL	13:80fb167dafdf	207	Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL	13:80fb167dafdf	208	need to be switched off. Allowed suites use (EC)DHE, AES-GCM\|CCM, or
wolfSSL	13:80fb167dafdf	209	CHACHA-POLY.
wolfSSL	13:80fb167dafdf	210	*/
wolfSSL	13:80fb167dafdf	211
wolfSSL	13:80fb167dafdf	212	/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL	13:80fb167dafdf	213	* not turned off. */
wolfSSL	13:80fb167dafdf	214	#if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL	13:80fb167dafdf	215	((!defined(HAVE_ECC) && (defined(NO_DH) \|\| defined(NO_RSA))) \|\| \
wolfSSL	13:80fb167dafdf	216	(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL	13:80fb167dafdf	217	(!defined(HAVE_POLY1305) \|\| !defined(HAVE_CHACHA))) \|\| \
wolfSSL	13:80fb167dafdf	218	(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) \|\| \
wolfSSL	13:80fb167dafdf	219	!defined(NO_OLD_TLS))
wolfSSL	13:80fb167dafdf	220
wolfSSL	13:80fb167dafdf	221	#error "You are trying to build max strength with requirements disabled."
wolfSSL	13:80fb167dafdf	222	#endif
wolfSSL	13:80fb167dafdf	223
wolfSSL	13:80fb167dafdf	224	/* Have QSH : Quantum-safe Handshake */
wolfSSL	13:80fb167dafdf	225	#if defined(HAVE_QSH)
wolfSSL	13:80fb167dafdf	226	#define BUILD_TLS_QSH
wolfSSL	13:80fb167dafdf	227	#endif
wolfSSL	13:80fb167dafdf	228
wolfSSL	13:80fb167dafdf	229	#ifndef WOLFSSL_MAX_STRENGTH
wolfSSL	13:80fb167dafdf	230
wolfSSL	13:80fb167dafdf	231	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	13:80fb167dafdf	232	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	233	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	234	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	13:80fb167dafdf	235	#endif
wolfSSL	13:80fb167dafdf	236	#if !defined(NO_MD5)
wolfSSL	13:80fb167dafdf	237	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	13:80fb167dafdf	238	#endif
wolfSSL	13:80fb167dafdf	239	#endif
wolfSSL	13:80fb167dafdf	240	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
wolfSSL	13:80fb167dafdf	241	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	242	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	13:80fb167dafdf	243	#endif
wolfSSL	13:80fb167dafdf	244	#endif
wolfSSL	13:80fb167dafdf	245
wolfSSL	13:80fb167dafdf	246	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	13:80fb167dafdf	247	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	248	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	249	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	250	#endif
wolfSSL	13:80fb167dafdf	251	#if !defined(NO_TLS) && defined(HAVE_NTRU) \
wolfSSL	13:80fb167dafdf	252	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	253	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	254	#endif
wolfSSL	13:80fb167dafdf	255	#endif
wolfSSL	13:80fb167dafdf	256	#endif
wolfSSL	13:80fb167dafdf	257
wolfSSL	13:80fb167dafdf	258	#if !defined(NO_RSA) && defined(HAVE_IDEA)
wolfSSL	13:80fb167dafdf	259	#if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	260	#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	13:80fb167dafdf	261	#endif
wolfSSL	13:80fb167dafdf	262	#endif
wolfSSL	13:80fb167dafdf	263
wolfSSL	13:80fb167dafdf	264	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	265	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	266	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	267	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	268	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	269	#endif
wolfSSL	13:80fb167dafdf	270	#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	271	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	272	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	273	#endif
wolfSSL	13:80fb167dafdf	274	#endif
wolfSSL	13:80fb167dafdf	275	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	276	#if !defined (NO_SHA256)
wolfSSL	13:80fb167dafdf	277	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	278	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	13:80fb167dafdf	279	#endif
wolfSSL	13:80fb167dafdf	280	#if defined (HAVE_AESGCM)
wolfSSL	13:80fb167dafdf	281	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	282	#if defined (WOLFSSL_SHA384)
wolfSSL	13:80fb167dafdf	283	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	284	#endif
wolfSSL	13:80fb167dafdf	285	#endif
wolfSSL	13:80fb167dafdf	286	#if defined (HAVE_AESCCM)
wolfSSL	13:80fb167dafdf	287	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	13:80fb167dafdf	288	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	13:80fb167dafdf	289	#endif
wolfSSL	13:80fb167dafdf	290	#if defined(HAVE_BLAKE2)
wolfSSL	13:80fb167dafdf	291	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	13:80fb167dafdf	292	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	13:80fb167dafdf	293	#endif
wolfSSL	13:80fb167dafdf	294	#endif
wolfSSL	13:80fb167dafdf	295	#endif
wolfSSL	13:80fb167dafdf	296
wolfSSL	13:80fb167dafdf	297	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	298	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	299	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	300	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	301	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	13:80fb167dafdf	302	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	13:80fb167dafdf	303	#endif
wolfSSL	13:80fb167dafdf	304	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	305	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	306	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	13:80fb167dafdf	307	#endif
wolfSSL	13:80fb167dafdf	308	#endif
wolfSSL	13:80fb167dafdf	309	#if !defined(NO_DH)
wolfSSL	13:80fb167dafdf	310	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	311	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	13:80fb167dafdf	312	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	13:80fb167dafdf	313	#endif
wolfSSL	13:80fb167dafdf	314	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	315	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	316	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	13:80fb167dafdf	317	#endif
wolfSSL	13:80fb167dafdf	318	#endif
wolfSSL	13:80fb167dafdf	319	#endif
wolfSSL	13:80fb167dafdf	320	#endif
wolfSSL	13:80fb167dafdf	321
wolfSSL	13:80fb167dafdf	322	#if defined(WOLFSSL_STATIC_PSK)
wolfSSL	13:80fb167dafdf	323	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	324	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	325	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	326	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	327	#endif
wolfSSL	13:80fb167dafdf	328	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	329	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	330	#ifdef HAVE_AESGCM
wolfSSL	13:80fb167dafdf	331	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	332	#endif
wolfSSL	13:80fb167dafdf	333	#ifdef HAVE_AESCCM
wolfSSL	13:80fb167dafdf	334	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	13:80fb167dafdf	335	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	13:80fb167dafdf	336	#define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	13:80fb167dafdf	337	#define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	13:80fb167dafdf	338	#endif
wolfSSL	13:80fb167dafdf	339	#endif
wolfSSL	13:80fb167dafdf	340	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	341	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	13:80fb167dafdf	342	#ifdef HAVE_AESGCM
wolfSSL	13:80fb167dafdf	343	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	344	#endif
wolfSSL	13:80fb167dafdf	345	#endif
wolfSSL	13:80fb167dafdf	346	#endif
wolfSSL	13:80fb167dafdf	347	#endif
wolfSSL	13:80fb167dafdf	348
wolfSSL	13:80fb167dafdf	349	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	13:80fb167dafdf	350	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	351	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	352	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	353	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	13:80fb167dafdf	354	#endif
wolfSSL	13:80fb167dafdf	355	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	356	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	13:80fb167dafdf	357	#endif
wolfSSL	13:80fb167dafdf	358	#endif
wolfSSL	13:80fb167dafdf	359	#endif
wolfSSL	13:80fb167dafdf	360	#if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
wolfSSL	13:80fb167dafdf	361	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	362	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	13:80fb167dafdf	363	#endif
wolfSSL	13:80fb167dafdf	364	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	365	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	13:80fb167dafdf	366	#endif
wolfSSL	13:80fb167dafdf	367	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	368	#define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	13:80fb167dafdf	369	#endif
wolfSSL	13:80fb167dafdf	370	#endif
wolfSSL	13:80fb167dafdf	371	#endif
wolfSSL	13:80fb167dafdf	372
wolfSSL	13:80fb167dafdf	373	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	13:80fb167dafdf	374	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	375	#ifndef NO_MD5
wolfSSL	13:80fb167dafdf	376	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	13:80fb167dafdf	377	#endif
wolfSSL	13:80fb167dafdf	378	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	379	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	13:80fb167dafdf	380	#endif
wolfSSL	13:80fb167dafdf	381	#if defined(HAVE_BLAKE2)
wolfSSL	13:80fb167dafdf	382	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	13:80fb167dafdf	383	#endif
wolfSSL	13:80fb167dafdf	384	#endif
wolfSSL	13:80fb167dafdf	385
wolfSSL	13:80fb167dafdf	386	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	387	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	388	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	13:80fb167dafdf	389	#endif
wolfSSL	13:80fb167dafdf	390	#endif
wolfSSL	13:80fb167dafdf	391	#endif
wolfSSL	13:80fb167dafdf	392
wolfSSL	13:80fb167dafdf	393	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	13:80fb167dafdf	394	!defined(NO_RSA)
wolfSSL	13:80fb167dafdf	395
wolfSSL	13:80fb167dafdf	396	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	397	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	398	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	399	#if !defined(NO_DES3)
wolfSSL	13:80fb167dafdf	400	#define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	401	#endif
wolfSSL	13:80fb167dafdf	402	#endif
wolfSSL	13:80fb167dafdf	403	#if !defined(NO_SHA256)
wolfSSL	13:80fb167dafdf	404	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	405	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	13:80fb167dafdf	406	#endif
wolfSSL	13:80fb167dafdf	407	#endif
wolfSSL	13:80fb167dafdf	408
wolfSSL	13:80fb167dafdf	409	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL	13:80fb167dafdf	410	!defined(NO_AES) && !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	411	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	412	#endif
wolfSSL	13:80fb167dafdf	413
wolfSSL	13:80fb167dafdf	414	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	415	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	416	#ifndef NO_AES
wolfSSL	13:80fb167dafdf	417	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	418	#endif
wolfSSL	13:80fb167dafdf	419	#ifdef HAVE_NULL_CIPHER
wolfSSL	13:80fb167dafdf	420	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	13:80fb167dafdf	421	#endif
wolfSSL	13:80fb167dafdf	422	#endif
wolfSSL	13:80fb167dafdf	423	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	424	#ifndef NO_AES
wolfSSL	13:80fb167dafdf	425	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	13:80fb167dafdf	426	#endif
wolfSSL	13:80fb167dafdf	427	#ifdef HAVE_NULL_CIPHER
wolfSSL	13:80fb167dafdf	428	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	13:80fb167dafdf	429	#endif
wolfSSL	13:80fb167dafdf	430	#endif
wolfSSL	13:80fb167dafdf	431	#endif
wolfSSL	13:80fb167dafdf	432
wolfSSL	13:80fb167dafdf	433	#if defined(HAVE_ECC) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	434	#if !defined(NO_AES)
wolfSSL	13:80fb167dafdf	435	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	436	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	437	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	438	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	439	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	440	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	441	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	442	#endif
wolfSSL	13:80fb167dafdf	443	#endif
wolfSSL	13:80fb167dafdf	444
wolfSSL	13:80fb167dafdf	445	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	446	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	447
wolfSSL	13:80fb167dafdf	448	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	449	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	13:80fb167dafdf	450	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	13:80fb167dafdf	451	#endif
wolfSSL	13:80fb167dafdf	452	#endif /* NO_SHA */
wolfSSL	13:80fb167dafdf	453	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	454	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	455	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	456	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	457	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	458	#endif
wolfSSL	13:80fb167dafdf	459	#endif
wolfSSL	13:80fb167dafdf	460	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	461	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	462	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	463	#endif
wolfSSL	13:80fb167dafdf	464	#endif
wolfSSL	13:80fb167dafdf	465
wolfSSL	13:80fb167dafdf	466	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	467	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	468	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	13:80fb167dafdf	469	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	470	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	13:80fb167dafdf	471	#endif
wolfSSL	13:80fb167dafdf	472	#endif
wolfSSL	13:80fb167dafdf	473	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	13:80fb167dafdf	474	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	475	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	13:80fb167dafdf	476	#endif
wolfSSL	13:80fb167dafdf	477	#endif
wolfSSL	13:80fb167dafdf	478
wolfSSL	13:80fb167dafdf	479	#if defined (HAVE_AESGCM)
wolfSSL	13:80fb167dafdf	480	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	481	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	482	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	483	#endif
wolfSSL	13:80fb167dafdf	484	#if defined(WOLFSSL_SHA384)
wolfSSL	13:80fb167dafdf	485	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	486	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	487	#endif
wolfSSL	13:80fb167dafdf	488	#endif
wolfSSL	13:80fb167dafdf	489	#endif
wolfSSL	13:80fb167dafdf	490
wolfSSL	13:80fb167dafdf	491	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	492	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	493	#endif
wolfSSL	13:80fb167dafdf	494
wolfSSL	13:80fb167dafdf	495	#if defined(WOLFSSL_SHA384)
wolfSSL	13:80fb167dafdf	496	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	497	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	498	#endif
wolfSSL	13:80fb167dafdf	499	#endif
wolfSSL	13:80fb167dafdf	500	#endif
wolfSSL	13:80fb167dafdf	501	#endif /* NO_AES */
wolfSSL	13:80fb167dafdf	502	#if !defined(NO_RC4)
wolfSSL	13:80fb167dafdf	503	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	504	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	505	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	13:80fb167dafdf	506	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	507	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	13:80fb167dafdf	508	#endif
wolfSSL	13:80fb167dafdf	509	#endif
wolfSSL	13:80fb167dafdf	510
wolfSSL	13:80fb167dafdf	511	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	13:80fb167dafdf	512	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	513	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	13:80fb167dafdf	514	#endif
wolfSSL	13:80fb167dafdf	515	#endif
wolfSSL	13:80fb167dafdf	516	#endif
wolfSSL	13:80fb167dafdf	517	#if !defined(NO_DES3)
wolfSSL	13:80fb167dafdf	518	#ifndef NO_SHA
wolfSSL	13:80fb167dafdf	519	#if !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	520	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	521	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	522	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	523	#endif
wolfSSL	13:80fb167dafdf	524	#endif
wolfSSL	13:80fb167dafdf	525
wolfSSL	13:80fb167dafdf	526	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	527	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	13:80fb167dafdf	528	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	13:80fb167dafdf	529	#endif
wolfSSL	13:80fb167dafdf	530	#endif /* NO_SHA */
wolfSSL	13:80fb167dafdf	531	#endif
wolfSSL	13:80fb167dafdf	532	#if defined(HAVE_NULL_CIPHER)
wolfSSL	13:80fb167dafdf	533	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	534	#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	13:80fb167dafdf	535	#endif
wolfSSL	13:80fb167dafdf	536	#if !defined(NO_PSK) && !defined(NO_SHA256)
wolfSSL	13:80fb167dafdf	537	#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	13:80fb167dafdf	538	#endif
wolfSSL	13:80fb167dafdf	539	#endif
wolfSSL	13:80fb167dafdf	540	#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
wolfSSL	13:80fb167dafdf	541	#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	13:80fb167dafdf	542	#endif
wolfSSL	13:80fb167dafdf	543	#endif
wolfSSL	13:80fb167dafdf	544	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	13:80fb167dafdf	545	#if !defined(NO_OLD_POLY1305)
wolfSSL	13:80fb167dafdf	546	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	547	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	548	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	549	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	550	#endif
wolfSSL	13:80fb167dafdf	551	#endif
wolfSSL	13:80fb167dafdf	552	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	553	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	554	#endif
wolfSSL	13:80fb167dafdf	555	#endif /* NO_OLD_POLY1305 */
wolfSSL	13:80fb167dafdf	556	#if !defined(NO_PSK)
wolfSSL	13:80fb167dafdf	557	#define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	558	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	559	#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	560	#endif
wolfSSL	13:80fb167dafdf	561	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	562	#define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	563	#endif
wolfSSL	13:80fb167dafdf	564	#endif /* !NO_PSK */
wolfSSL	13:80fb167dafdf	565	#endif
wolfSSL	13:80fb167dafdf	566
wolfSSL	13:80fb167dafdf	567	#endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL	13:80fb167dafdf	568
wolfSSL	13:80fb167dafdf	569	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	13:80fb167dafdf	570	!defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL	13:80fb167dafdf	571
wolfSSL	13:80fb167dafdf	572	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	573	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	574	#endif
wolfSSL	13:80fb167dafdf	575
wolfSSL	13:80fb167dafdf	576	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	577	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	578	#endif
wolfSSL	13:80fb167dafdf	579	#endif
wolfSSL	13:80fb167dafdf	580
wolfSSL	13:80fb167dafdf	581	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	13:80fb167dafdf	582	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	583	#ifdef HAVE_AESGCM
wolfSSL	13:80fb167dafdf	584	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	585	#endif
wolfSSL	13:80fb167dafdf	586	#ifdef HAVE_AESCCM
wolfSSL	13:80fb167dafdf	587	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	13:80fb167dafdf	588	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	13:80fb167dafdf	589	#endif
wolfSSL	13:80fb167dafdf	590	#endif
wolfSSL	13:80fb167dafdf	591	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL	13:80fb167dafdf	592	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	593	#endif
wolfSSL	13:80fb167dafdf	594	#endif
wolfSSL	13:80fb167dafdf	595
wolfSSL	13:80fb167dafdf	596	#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
wolfSSL	13:80fb167dafdf	597	#ifdef HAVE_AESGCM
wolfSSL	13:80fb167dafdf	598	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	599	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	600	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	601	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	602	#endif
wolfSSL	13:80fb167dafdf	603	#endif
wolfSSL	13:80fb167dafdf	604	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	605	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	606	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	607	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	608	#endif
wolfSSL	13:80fb167dafdf	609	#endif
wolfSSL	13:80fb167dafdf	610	#endif
wolfSSL	13:80fb167dafdf	611	#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL	13:80fb167dafdf	612	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL	13:80fb167dafdf	613	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	13:80fb167dafdf	614	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	13:80fb167dafdf	615	#endif
wolfSSL	13:80fb167dafdf	616	#endif
wolfSSL	13:80fb167dafdf	617
wolfSSL	13:80fb167dafdf	618	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	13:80fb167dafdf	619	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	620	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	621	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	622	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	623	#endif
wolfSSL	13:80fb167dafdf	624	#endif
wolfSSL	13:80fb167dafdf	625	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	13:80fb167dafdf	626	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	627	#endif
wolfSSL	13:80fb167dafdf	628	#endif
wolfSSL	13:80fb167dafdf	629
wolfSSL	13:80fb167dafdf	630	#if defined(WOLFSSL_TLS13)
wolfSSL	13:80fb167dafdf	631	#ifdef HAVE_AESGCM
wolfSSL	13:80fb167dafdf	632	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	633	#define BUILD_TLS_AES_128_GCM_SHA256
wolfSSL	13:80fb167dafdf	634	#endif
wolfSSL	13:80fb167dafdf	635	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	636	#define BUILD_TLS_AES_256_GCM_SHA384
wolfSSL	13:80fb167dafdf	637	#endif
wolfSSL	13:80fb167dafdf	638	#endif
wolfSSL	13:80fb167dafdf	639
wolfSSL	13:80fb167dafdf	640	#ifdef HAVE_CHACHA
wolfSSL	13:80fb167dafdf	641	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	642	#define BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL	13:80fb167dafdf	643	#endif
wolfSSL	13:80fb167dafdf	644	#endif
wolfSSL	13:80fb167dafdf	645
wolfSSL	13:80fb167dafdf	646	#ifdef HAVE_AESCCM
wolfSSL	13:80fb167dafdf	647	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	648	#define BUILD_TLS_AES_128_CCM_SHA256
wolfSSL	13:80fb167dafdf	649	#define BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL	13:80fb167dafdf	650	#endif
wolfSSL	13:80fb167dafdf	651	#endif
wolfSSL	13:80fb167dafdf	652	#endif
wolfSSL	13:80fb167dafdf	653
wolfSSL	13:80fb167dafdf	654	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	13:80fb167dafdf	655	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	13:80fb167dafdf	656	#define BUILD_ARC4
wolfSSL	13:80fb167dafdf	657	#endif
wolfSSL	13:80fb167dafdf	658
wolfSSL	13:80fb167dafdf	659	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	13:80fb167dafdf	660	#define BUILD_DES3
wolfSSL	13:80fb167dafdf	661	#endif
wolfSSL	13:80fb167dafdf	662
wolfSSL	13:80fb167dafdf	663	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	13:80fb167dafdf	664	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	13:80fb167dafdf	665	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) \|\| \
wolfSSL	13:80fb167dafdf	666	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
wolfSSL	13:80fb167dafdf	667	#undef BUILD_AES
wolfSSL	13:80fb167dafdf	668	#define BUILD_AES
wolfSSL	13:80fb167dafdf	669	#endif
wolfSSL	13:80fb167dafdf	670
wolfSSL	13:80fb167dafdf	671	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	13:80fb167dafdf	672	defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	13:80fb167dafdf	673	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	13:80fb167dafdf	674	defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	13:80fb167dafdf	675	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	13:80fb167dafdf	676	defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	13:80fb167dafdf	677	defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	13:80fb167dafdf	678	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	13:80fb167dafdf	679	defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	13:80fb167dafdf	680	defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
wolfSSL	13:80fb167dafdf	681	#define BUILD_AESGCM
wolfSSL	13:80fb167dafdf	682	#endif
wolfSSL	13:80fb167dafdf	683
wolfSSL	13:80fb167dafdf	684	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	13:80fb167dafdf	685	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
wolfSSL	13:80fb167dafdf	686	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL	13:80fb167dafdf	687	#define BUILD_HC128
wolfSSL	13:80fb167dafdf	688	#endif
wolfSSL	13:80fb167dafdf	689
wolfSSL	13:80fb167dafdf	690	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	13:80fb167dafdf	691	#define BUILD_RABBIT
wolfSSL	13:80fb167dafdf	692	#endif
wolfSSL	13:80fb167dafdf	693
wolfSSL	13:80fb167dafdf	694	#ifdef NO_DES3
wolfSSL	13:80fb167dafdf	695	#define DES_BLOCK_SIZE 8
wolfSSL	13:80fb167dafdf	696	#else
wolfSSL	13:80fb167dafdf	697	#undef BUILD_DES3
wolfSSL	13:80fb167dafdf	698	#define BUILD_DES3
wolfSSL	13:80fb167dafdf	699	#endif
wolfSSL	13:80fb167dafdf	700
wolfSSL	13:80fb167dafdf	701	#if defined(NO_AES) \|\| defined(NO_AES_DECRYPT)
wolfSSL	13:80fb167dafdf	702	#define AES_BLOCK_SIZE 16
wolfSSL	13:80fb167dafdf	703	#undef BUILD_AES
wolfSSL	13:80fb167dafdf	704	#else
wolfSSL	13:80fb167dafdf	705	#undef BUILD_AES
wolfSSL	13:80fb167dafdf	706	#define BUILD_AES
wolfSSL	13:80fb167dafdf	707	#endif
wolfSSL	13:80fb167dafdf	708
wolfSSL	13:80fb167dafdf	709	#ifndef NO_RC4
wolfSSL	13:80fb167dafdf	710	#undef BUILD_ARC4
wolfSSL	13:80fb167dafdf	711	#define BUILD_ARC4
wolfSSL	13:80fb167dafdf	712	#endif
wolfSSL	13:80fb167dafdf	713
wolfSSL	13:80fb167dafdf	714	#ifdef HAVE_CHACHA
wolfSSL	13:80fb167dafdf	715	#define CHACHA20_BLOCK_SIZE 16
wolfSSL	13:80fb167dafdf	716	#endif
wolfSSL	13:80fb167dafdf	717
wolfSSL	13:80fb167dafdf	718	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	13:80fb167dafdf	719	defined(HAVE_AESGCM) \|\| defined(HAVE_AESCCM) \|\| \
wolfSSL	13:80fb167dafdf	720	(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
wolfSSL	13:80fb167dafdf	721
wolfSSL	13:80fb167dafdf	722	#define HAVE_AEAD
wolfSSL	13:80fb167dafdf	723	#endif
wolfSSL	13:80fb167dafdf	724
wolfSSL	13:80fb167dafdf	725	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	13:80fb167dafdf	726	defined(HAVE_ECC) \|\| !defined(NO_DH)
wolfSSL	13:80fb167dafdf	727
wolfSSL	13:80fb167dafdf	728	#define HAVE_PFS
wolfSSL	13:80fb167dafdf	729	#endif
wolfSSL	13:80fb167dafdf	730
wolfSSL	13:80fb167dafdf	731	#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
wolfSSL	13:80fb167dafdf	732	#define BUILD_IDEA
wolfSSL	13:80fb167dafdf	733	#endif
wolfSSL	13:80fb167dafdf	734
wolfSSL	13:80fb167dafdf	735	/* actual cipher values, 2nd byte */
wolfSSL	13:80fb167dafdf	736	enum {
wolfSSL	13:80fb167dafdf	737	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
wolfSSL	13:80fb167dafdf	738	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	13:80fb167dafdf	739	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	13:80fb167dafdf	740	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL	13:80fb167dafdf	741	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	13:80fb167dafdf	742	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	13:80fb167dafdf	743	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	13:80fb167dafdf	744	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	13:80fb167dafdf	745	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	13:80fb167dafdf	746	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL	13:80fb167dafdf	747	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	13:80fb167dafdf	748	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	13:80fb167dafdf	749	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL	13:80fb167dafdf	750	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	13:80fb167dafdf	751	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	13:80fb167dafdf	752	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	13:80fb167dafdf	753	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	13:80fb167dafdf	754	SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
wolfSSL	13:80fb167dafdf	755
wolfSSL	13:80fb167dafdf	756	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	13:80fb167dafdf	757	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	13:80fb167dafdf	758	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	13:80fb167dafdf	759	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	13:80fb167dafdf	760	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	13:80fb167dafdf	761	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	13:80fb167dafdf	762	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	13:80fb167dafdf	763	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	13:80fb167dafdf	764	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	13:80fb167dafdf	765	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	13:80fb167dafdf	766	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	13:80fb167dafdf	767	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	13:80fb167dafdf	768	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	13:80fb167dafdf	769	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
wolfSSL	13:80fb167dafdf	770	TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
wolfSSL	13:80fb167dafdf	771	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
wolfSSL	13:80fb167dafdf	772
wolfSSL	13:80fb167dafdf	773	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	13:80fb167dafdf	774	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	13:80fb167dafdf	775	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	13:80fb167dafdf	776	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	13:80fb167dafdf	777	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	13:80fb167dafdf	778	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	13:80fb167dafdf	779	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	13:80fb167dafdf	780	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	13:80fb167dafdf	781	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	13:80fb167dafdf	782	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	13:80fb167dafdf	783	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	13:80fb167dafdf	784	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	13:80fb167dafdf	785	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	13:80fb167dafdf	786
wolfSSL	13:80fb167dafdf	787	/* wolfSSL extension - eSTREAM */
wolfSSL	13:80fb167dafdf	788	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	13:80fb167dafdf	789	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	13:80fb167dafdf	790	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	13:80fb167dafdf	791
wolfSSL	13:80fb167dafdf	792	/* wolfSSL extension - Blake2b 256 */
wolfSSL	13:80fb167dafdf	793	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL	13:80fb167dafdf	794	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL	13:80fb167dafdf	795	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL	13:80fb167dafdf	796
wolfSSL	13:80fb167dafdf	797	/* wolfSSL extension - NTRU */
wolfSSL	13:80fb167dafdf	798	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	13:80fb167dafdf	799	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	13:80fb167dafdf	800	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL	13:80fb167dafdf	801	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	13:80fb167dafdf	802
wolfSSL	13:80fb167dafdf	803	/* wolfSSL extension - NTRU , Quantum-safe Handshake
wolfSSL	13:80fb167dafdf	804	first byte is 0xD0 (QSH_BYTE) */
wolfSSL	13:80fb167dafdf	805	TLS_QSH = 0x01,
wolfSSL	13:80fb167dafdf	806
wolfSSL	13:80fb167dafdf	807	/* SHA256 */
wolfSSL	13:80fb167dafdf	808	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	13:80fb167dafdf	809	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	13:80fb167dafdf	810	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	13:80fb167dafdf	811	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	13:80fb167dafdf	812	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	13:80fb167dafdf	813	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL	13:80fb167dafdf	814	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL	13:80fb167dafdf	815
wolfSSL	13:80fb167dafdf	816	/* SHA384 */
wolfSSL	13:80fb167dafdf	817	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL	13:80fb167dafdf	818	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL	13:80fb167dafdf	819
wolfSSL	13:80fb167dafdf	820	/* AES-GCM */
wolfSSL	13:80fb167dafdf	821	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	13:80fb167dafdf	822	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	13:80fb167dafdf	823	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	13:80fb167dafdf	824	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	13:80fb167dafdf	825	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL	13:80fb167dafdf	826	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL	13:80fb167dafdf	827	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL	13:80fb167dafdf	828	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL	13:80fb167dafdf	829
wolfSSL	13:80fb167dafdf	830	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	13:80fb167dafdf	831	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	13:80fb167dafdf	832	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	13:80fb167dafdf	833	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	13:80fb167dafdf	834	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	13:80fb167dafdf	835	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	13:80fb167dafdf	836	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	13:80fb167dafdf	837	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	13:80fb167dafdf	838	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	13:80fb167dafdf	839
wolfSSL	13:80fb167dafdf	840	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	13:80fb167dafdf	841	* also, in some of the other AES-CCM suites
wolfSSL	13:80fb167dafdf	842	* there will be second byte number conflicts
wolfSSL	13:80fb167dafdf	843	* with non-ECC AES-GCM */
wolfSSL	13:80fb167dafdf	844	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	13:80fb167dafdf	845	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	13:80fb167dafdf	846	TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
wolfSSL	13:80fb167dafdf	847	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	13:80fb167dafdf	848	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	13:80fb167dafdf	849	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	13:80fb167dafdf	850	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	13:80fb167dafdf	851	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	13:80fb167dafdf	852	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	13:80fb167dafdf	853	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL	13:80fb167dafdf	854	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL	13:80fb167dafdf	855
wolfSSL	13:80fb167dafdf	856	/* Camellia */
wolfSSL	13:80fb167dafdf	857	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	13:80fb167dafdf	858	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	13:80fb167dafdf	859	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	13:80fb167dafdf	860	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	13:80fb167dafdf	861	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	13:80fb167dafdf	862	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	13:80fb167dafdf	863	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	13:80fb167dafdf	864	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	13:80fb167dafdf	865
wolfSSL	13:80fb167dafdf	866	/* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
wolfSSL	13:80fb167dafdf	867	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
wolfSSL	13:80fb167dafdf	868	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
wolfSSL	13:80fb167dafdf	869	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
wolfSSL	13:80fb167dafdf	870	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
wolfSSL	13:80fb167dafdf	871	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
wolfSSL	13:80fb167dafdf	872	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
wolfSSL	13:80fb167dafdf	873
wolfSSL	13:80fb167dafdf	874	/* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
wolfSSL	13:80fb167dafdf	875	TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
wolfSSL	13:80fb167dafdf	876	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
wolfSSL	13:80fb167dafdf	877	TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
wolfSSL	13:80fb167dafdf	878
wolfSSL	13:80fb167dafdf	879	/* TLS v1.3 cipher suites */
wolfSSL	13:80fb167dafdf	880	TLS_AES_128_GCM_SHA256 = 0x01,
wolfSSL	13:80fb167dafdf	881	TLS_AES_256_GCM_SHA384 = 0x02,
wolfSSL	13:80fb167dafdf	882	TLS_CHACHA20_POLY1305_SHA256 = 0x03,
wolfSSL	13:80fb167dafdf	883	TLS_AES_128_CCM_SHA256 = 0x04,
wolfSSL	13:80fb167dafdf	884	TLS_AES_128_CCM_8_SHA256 = 0x05,
wolfSSL	13:80fb167dafdf	885
wolfSSL	13:80fb167dafdf	886	/* Renegotiation Indication Extension Special Suite */
wolfSSL	13:80fb167dafdf	887	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	13:80fb167dafdf	888	};
wolfSSL	13:80fb167dafdf	889
wolfSSL	13:80fb167dafdf	890
wolfSSL	13:80fb167dafdf	891	#ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL	13:80fb167dafdf	892	#define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL	13:80fb167dafdf	893	/* default session resumption cache timeout in seconds */
wolfSSL	13:80fb167dafdf	894	#endif
wolfSSL	13:80fb167dafdf	895
wolfSSL	13:80fb167dafdf	896
wolfSSL	13:80fb167dafdf	897	#ifndef WOLFSSL_DTLS_WINDOW_WORDS
wolfSSL	13:80fb167dafdf	898	#define WOLFSSL_DTLS_WINDOW_WORDS 2
wolfSSL	13:80fb167dafdf	899	#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
wolfSSL	13:80fb167dafdf	900	#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
wolfSSL	13:80fb167dafdf	901	#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
wolfSSL	13:80fb167dafdf	902	#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL	13:80fb167dafdf	903
wolfSSL	13:80fb167dafdf	904
wolfSSL	13:80fb167dafdf	905	enum Misc {
wolfSSL	13:80fb167dafdf	906	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	13:80fb167dafdf	907	QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
wolfSSL	13:80fb167dafdf	908	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL	13:80fb167dafdf	909	TLS13_BYTE = 0x13, /* TLS v.13 first byte of cipher suite */
wolfSSL	13:80fb167dafdf	910
wolfSSL	13:80fb167dafdf	911	SEND_CERT = 1,
wolfSSL	13:80fb167dafdf	912	SEND_BLANK_CERT = 2,
wolfSSL	13:80fb167dafdf	913
wolfSSL	13:80fb167dafdf	914	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	13:80fb167dafdf	915	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	13:80fb167dafdf	916	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	13:80fb167dafdf	917	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	13:80fb167dafdf	918	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	13:80fb167dafdf	919	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	13:80fb167dafdf	920	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	13:80fb167dafdf	921	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	13:80fb167dafdf	922	TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
wolfSSL	13:80fb167dafdf	923	TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
wolfSSL	13:80fb167dafdf	924	TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
wolfSSL	13:80fb167dafdf	925	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL	13:80fb167dafdf	926	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	13:80fb167dafdf	927	NO_COMPRESSION = 0,
wolfSSL	13:80fb167dafdf	928	ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL	13:80fb167dafdf	929	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	13:80fb167dafdf	930	HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
wolfSSL	13:80fb167dafdf	931	SECRET_LEN = 48, /* pre RSA and all master */
wolfSSL	13:80fb167dafdf	932	#if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL	13:80fb167dafdf	933	ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
wolfSSL	13:80fb167dafdf	934	#else
wolfSSL	13:80fb167dafdf	935	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	13:80fb167dafdf	936	#endif
wolfSSL	13:80fb167dafdf	937	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	13:80fb167dafdf	938	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
wolfSSL	13:80fb167dafdf	939	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	13:80fb167dafdf	940	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
wolfSSL	13:80fb167dafdf	941	/* max added to msg, mac + pad from */
wolfSSL	13:80fb167dafdf	942	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	13:80fb167dafdf	943	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	13:80fb167dafdf	944	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	13:80fb167dafdf	945	MAX_MTU = 1500, /* max expected MTU */
wolfSSL	13:80fb167dafdf	946	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	13:80fb167dafdf	947	MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
wolfSSL	13:80fb167dafdf	948	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	13:80fb167dafdf	949
wolfSSL	13:80fb167dafdf	950	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	13:80fb167dafdf	951	PAD_SHA = 40, /* pad length for finished */
wolfSSL	13:80fb167dafdf	952	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	13:80fb167dafdf	953	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
wolfSSL	13:80fb167dafdf	954	COMPRESS_CONSTANT = 13, /* compression calc constant */
wolfSSL	13:80fb167dafdf	955	COMPRESS_UPPER = 55, /* compression calc numerator */
wolfSSL	13:80fb167dafdf	956	COMPRESS_LOWER = 64, /* compression calc denominator */
wolfSSL	13:80fb167dafdf	957
wolfSSL	13:80fb167dafdf	958	PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL	13:80fb167dafdf	959	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	13:80fb167dafdf	960	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	13:80fb167dafdf	961	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	13:80fb167dafdf	962	ALERT_SIZE = 2, /* level + description */
wolfSSL	13:80fb167dafdf	963	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	13:80fb167dafdf	964	EXTS_SZ = 2, /* always use 2 bytes */
wolfSSL	13:80fb167dafdf	965	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	13:80fb167dafdf	966	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
wolfSSL	13:80fb167dafdf	967	NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
wolfSSL	13:80fb167dafdf	968	SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL	13:80fb167dafdf	969	SESSION_ADD_SZ = 4, /* session age add */
wolfSSL	13:80fb167dafdf	970	MAX_LIFETIME = 604800, /* maximum ticket lifetime */
wolfSSL	13:80fb167dafdf	971
wolfSSL	13:80fb167dafdf	972	RAN_LEN = 32, /* random length */
wolfSSL	13:80fb167dafdf	973	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	13:80fb167dafdf	974	ID_LEN = 32, /* session id length */
wolfSSL	13:80fb167dafdf	975	COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
wolfSSL	13:80fb167dafdf	976	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	13:80fb167dafdf	977	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	13:80fb167dafdf	978	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	13:80fb167dafdf	979	ENUM_LEN = 1, /* always a byte */
wolfSSL	13:80fb167dafdf	980	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	13:80fb167dafdf	981	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	13:80fb167dafdf	982	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	13:80fb167dafdf	983	OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL	13:80fb167dafdf	984	OPAQUE64_LEN = 8, /* 8 bytes */
wolfSSL	13:80fb167dafdf	985	COMP_LEN = 1, /* compression length */
wolfSSL	13:80fb167dafdf	986	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	13:80fb167dafdf	987	KE_GROUP_LEN = 2, /* key exchange group length */
wolfSSL	13:80fb167dafdf	988	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	13:80fb167dafdf	989
wolfSSL	13:80fb167dafdf	990	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	13:80fb167dafdf	991	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	13:80fb167dafdf	992	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	13:80fb167dafdf	993	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	13:80fb167dafdf	994	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	13:80fb167dafdf	995	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	13:80fb167dafdf	996	HELLO_EXT_SZ = 4, /* base length of a hello extension */
wolfSSL	13:80fb167dafdf	997	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	13:80fb167dafdf	998	HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
wolfSSL	13:80fb167dafdf	999	HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
wolfSSL	13:80fb167dafdf	1000	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
wolfSSL	13:80fb167dafdf	1001
wolfSSL	13:80fb167dafdf	1002	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	13:80fb167dafdf	1003	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	13:80fb167dafdf	1004	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	13:80fb167dafdf	1005	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	13:80fb167dafdf	1006	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	13:80fb167dafdf	1007	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	13:80fb167dafdf	1008	DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
wolfSSL	13:80fb167dafdf	1009	DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
wolfSSL	13:80fb167dafdf	1010	DTLS_EXPORT_VERSION = 3, /* wolfSSL version for serialized session */
wolfSSL	13:80fb167dafdf	1011	DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
wolfSSL	13:80fb167dafdf	1012	DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
wolfSSL	13:80fb167dafdf	1013	/* max amount of bytes used from Keys */
wolfSSL	13:80fb167dafdf	1014	DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
wolfSSL	13:80fb167dafdf	1015	/* min amount of bytes used from Keys */
wolfSSL	13:80fb167dafdf	1016	DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
wolfSSL	13:80fb167dafdf	1017	DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
wolfSSL	13:80fb167dafdf	1018	DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
wolfSSL	13:80fb167dafdf	1019	MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
wolfSSL	13:80fb167dafdf	1020	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	13:80fb167dafdf	1021	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	13:80fb167dafdf	1022	EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
wolfSSL	13:80fb167dafdf	1023	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	13:80fb167dafdf	1024	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	13:80fb167dafdf	1025	MAX_PRF_HALF = 256, /* Maximum half secret len */
wolfSSL	13:80fb167dafdf	1026	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL	13:80fb167dafdf	1027	MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL	13:80fb167dafdf	1028	PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
wolfSSL	13:80fb167dafdf	1029	MAX_LABEL_SZ = 34, /* Maximum length of a label */
wolfSSL	13:80fb167dafdf	1030	MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
wolfSSL	13:80fb167dafdf	1031	OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
wolfSSL	13:80fb167dafdf	1032	OPAQUE8_LEN + MAX_DIGEST_SIZE,
wolfSSL	13:80fb167dafdf	1033	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	13:80fb167dafdf	1034	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	13:80fb167dafdf	1035
wolfSSL	13:80fb167dafdf	1036	RC4_KEY_SIZE = 16, /* always 128bit */
wolfSSL	13:80fb167dafdf	1037	DES_KEY_SIZE = 8, /* des */
wolfSSL	13:80fb167dafdf	1038	DES3_KEY_SIZE = 24, /* 3 des ede */
wolfSSL	13:80fb167dafdf	1039	DES_IV_SIZE = DES_BLOCK_SIZE,
wolfSSL	13:80fb167dafdf	1040	AES_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	13:80fb167dafdf	1041	AES_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	13:80fb167dafdf	1042	AES_IV_SIZE = 16, /* always block size */
wolfSSL	13:80fb167dafdf	1043	AES_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	13:80fb167dafdf	1044
wolfSSL	13:80fb167dafdf	1045	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	13:80fb167dafdf	1046	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	13:80fb167dafdf	1047	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	13:80fb167dafdf	1048	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	13:80fb167dafdf	1049	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	13:80fb167dafdf	1050	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	13:80fb167dafdf	1051	AEAD_NONCE_SZ = 12,
wolfSSL	13:80fb167dafdf	1052	AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
wolfSSL	13:80fb167dafdf	1053	AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
wolfSSL	13:80fb167dafdf	1054	AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
wolfSSL	13:80fb167dafdf	1055
wolfSSL	13:80fb167dafdf	1056	CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
wolfSSL	13:80fb167dafdf	1057	CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
wolfSSL	13:80fb167dafdf	1058	CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
wolfSSL	13:80fb167dafdf	1059
wolfSSL	13:80fb167dafdf	1060	/* For any new implicit/explicit IV size adjust AEAD_MAX_**_SZ /
wolfSSL	13:80fb167dafdf	1061
wolfSSL	13:80fb167dafdf	1062	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	13:80fb167dafdf	1063	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	13:80fb167dafdf	1064	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	13:80fb167dafdf	1065	AESCCM_NONCE_SZ = 12,
wolfSSL	13:80fb167dafdf	1066
wolfSSL	13:80fb167dafdf	1067	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	13:80fb167dafdf	1068	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	13:80fb167dafdf	1069	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	13:80fb167dafdf	1070	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	13:80fb167dafdf	1071
wolfSSL	13:80fb167dafdf	1072	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	13:80fb167dafdf	1073	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	13:80fb167dafdf	1074	CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
wolfSSL	13:80fb167dafdf	1075
wolfSSL	13:80fb167dafdf	1076	POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL	13:80fb167dafdf	1077
wolfSSL	13:80fb167dafdf	1078	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	13:80fb167dafdf	1079	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	13:80fb167dafdf	1080
wolfSSL	13:80fb167dafdf	1081	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	13:80fb167dafdf	1082	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	13:80fb167dafdf	1083
wolfSSL	13:80fb167dafdf	1084	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	13:80fb167dafdf	1085
wolfSSL	13:80fb167dafdf	1086	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	13:80fb167dafdf	1087	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	13:80fb167dafdf	1088
wolfSSL	13:80fb167dafdf	1089	#ifdef HAVE_QSH
wolfSSL	13:80fb167dafdf	1090	/* qsh handshake sends 600+ size keys over hello extensions */
wolfSSL	13:80fb167dafdf	1091	MAX_HELLO_SZ = 2048, /* max client or server hello */
wolfSSL	13:80fb167dafdf	1092	#else
wolfSSL	13:80fb167dafdf	1093	MAX_HELLO_SZ = 128, /* max client or server hello */
wolfSSL	13:80fb167dafdf	1094	#endif
wolfSSL	13:80fb167dafdf	1095	MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL	13:80fb167dafdf	1096	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	13:80fb167dafdf	1097	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	13:80fb167dafdf	1098
wolfSSL	13:80fb167dafdf	1099	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	13:80fb167dafdf	1100	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	13:80fb167dafdf	1101	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	13:80fb167dafdf	1102
wolfSSL	13:80fb167dafdf	1103	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL	13:80fb167dafdf	1104	NULL_TERM_LEN = 1, /* length of null '\0' termination character */
wolfSSL	13:80fb167dafdf	1105	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	13:80fb167dafdf	1106	MIN_PSK_ID_LEN = 6, /* min length of identities */
wolfSSL	13:80fb167dafdf	1107	MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
wolfSSL	13:80fb167dafdf	1108
wolfSSL	13:80fb167dafdf	1109	MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL	13:80fb167dafdf	1110
wolfSSL	13:80fb167dafdf	1111	#if defined(HAVE_EX_DATA) \|\| defined(FORTRESS)
wolfSSL	13:80fb167dafdf	1112	MAX_EX_DATA = 5, /* allow for five items of ex_data */
wolfSSL	13:80fb167dafdf	1113	#endif
wolfSSL	13:80fb167dafdf	1114
wolfSSL	13:80fb167dafdf	1115	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	13:80fb167dafdf	1116	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	13:80fb167dafdf	1117	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
wolfSSL	13:80fb167dafdf	1118	will use dynamic buffer if not big enough */
wolfSSL	13:80fb167dafdf	1119
wolfSSL	13:80fb167dafdf	1120	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	13:80fb167dafdf	1121	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	13:80fb167dafdf	1122	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	13:80fb167dafdf	1123	NO_SNIFF = 0, /* not sniffing */
wolfSSL	13:80fb167dafdf	1124	SNIFF = 1, /* currently sniffing */
wolfSSL	13:80fb167dafdf	1125
wolfSSL	13:80fb167dafdf	1126	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	13:80fb167dafdf	1127
wolfSSL	13:80fb167dafdf	1128	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	13:80fb167dafdf	1129	COPY = 1, /* should we copy static buffer for write */
wolfSSL	13:80fb167dafdf	1130
wolfSSL	13:80fb167dafdf	1131	PREV_ORDER = -1, /* Sequence number is in previous epoch. */
wolfSSL	13:80fb167dafdf	1132	PEER_ORDER = 1, /* Peer sequence number for verify. */
wolfSSL	13:80fb167dafdf	1133	CUR_ORDER = 0 /* Current sequence number. */
wolfSSL	13:80fb167dafdf	1134	};
wolfSSL	13:80fb167dafdf	1135
wolfSSL	13:80fb167dafdf	1136
wolfSSL	13:80fb167dafdf	1137	/* Set max implicit IV size for AEAD cipher suites */
wolfSSL	13:80fb167dafdf	1138	#define AEAD_MAX_IMP_SZ 12
wolfSSL	13:80fb167dafdf	1139
wolfSSL	13:80fb167dafdf	1140	/* Set max explicit IV size for AEAD cipher suites */
wolfSSL	13:80fb167dafdf	1141	#define AEAD_MAX_EXP_SZ 8
wolfSSL	13:80fb167dafdf	1142
wolfSSL	13:80fb167dafdf	1143
wolfSSL	13:80fb167dafdf	1144	#ifndef WOLFSSL_MAX_SUITE_SZ
wolfSSL	13:80fb167dafdf	1145	#define WOLFSSL_MAX_SUITE_SZ 300
wolfSSL	13:80fb167dafdf	1146	/* 150 suites for now! */
wolfSSL	13:80fb167dafdf	1147	#endif
wolfSSL	13:80fb167dafdf	1148
wolfSSL	13:80fb167dafdf	1149	/* set minimum ECC key size allowed */
wolfSSL	13:80fb167dafdf	1150	#ifndef WOLFSSL_MIN_ECC_BITS
wolfSSL	13:80fb167dafdf	1151	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	13:80fb167dafdf	1152	#define WOLFSSL_MIN_ECC_BITS 256
wolfSSL	13:80fb167dafdf	1153	#else
wolfSSL	13:80fb167dafdf	1154	#define WOLFSSL_MIN_ECC_BITS 224
wolfSSL	13:80fb167dafdf	1155	#endif
wolfSSL	13:80fb167dafdf	1156	#endif /* WOLFSSL_MIN_ECC_BITS */
wolfSSL	13:80fb167dafdf	1157	#if (WOLFSSL_MIN_ECC_BITS % 8)
wolfSSL	13:80fb167dafdf	1158	/* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
wolfSSL	13:80fb167dafdf	1159	In these cases round down to the nearest value divisable by 8. The
wolfSSL	13:80fb167dafdf	1160	restriction of being divisable by 8 is in place to match wc_ecc_size
wolfSSL	13:80fb167dafdf	1161	function from wolfSSL.
wolfSSL	13:80fb167dafdf	1162	*/
wolfSSL	13:80fb167dafdf	1163	#error ECC minimum bit size must be a multiple of 8
wolfSSL	13:80fb167dafdf	1164	#endif
wolfSSL	13:80fb167dafdf	1165	#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
wolfSSL	13:80fb167dafdf	1166
wolfSSL	13:80fb167dafdf	1167	/* set minimum RSA key size allowed */
wolfSSL	13:80fb167dafdf	1168	#ifndef WOLFSSL_MIN_RSA_BITS
wolfSSL	13:80fb167dafdf	1169	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	13:80fb167dafdf	1170	#define WOLFSSL_MIN_RSA_BITS 2048
wolfSSL	13:80fb167dafdf	1171	#else
wolfSSL	13:80fb167dafdf	1172	#define WOLFSSL_MIN_RSA_BITS 1024
wolfSSL	13:80fb167dafdf	1173	#endif
wolfSSL	13:80fb167dafdf	1174	#endif /* WOLFSSL_MIN_RSA_BITS */
wolfSSL	13:80fb167dafdf	1175	#if (WOLFSSL_MIN_RSA_BITS % 8)
wolfSSL	13:80fb167dafdf	1176	/* This is to account for the example case of a min size of 2050 bits but
wolfSSL	13:80fb167dafdf	1177	still allows 2049 bit key. So we need the measurment to be in bytes. */
wolfSSL	13:80fb167dafdf	1178	#error RSA minimum bit size must be a multiple of 8
wolfSSL	13:80fb167dafdf	1179	#endif
wolfSSL	13:80fb167dafdf	1180	#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
wolfSSL	13:80fb167dafdf	1181
wolfSSL	13:80fb167dafdf	1182	/* set minimum DH key size allowed */
wolfSSL	13:80fb167dafdf	1183	#ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL	13:80fb167dafdf	1184	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	13:80fb167dafdf	1185	#define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL	13:80fb167dafdf	1186	#else
wolfSSL	13:80fb167dafdf	1187	#define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL	13:80fb167dafdf	1188	#endif
wolfSSL	13:80fb167dafdf	1189	#endif
wolfSSL	13:80fb167dafdf	1190	#if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL	13:80fb167dafdf	1191	#error DH minimum bit size must be multiple of 8
wolfSSL	13:80fb167dafdf	1192	#endif
wolfSSL	13:80fb167dafdf	1193	#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL	13:80fb167dafdf	1194	#error DH minimum bit size must not be greater than 16000
wolfSSL	13:80fb167dafdf	1195	#endif
wolfSSL	13:80fb167dafdf	1196	#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL	13:80fb167dafdf	1197
wolfSSL	13:80fb167dafdf	1198
wolfSSL	13:80fb167dafdf	1199	#ifdef SESSION_INDEX
wolfSSL	13:80fb167dafdf	1200	/* Shift values for making a session index */
wolfSSL	13:80fb167dafdf	1201	#define SESSIDX_ROW_SHIFT 4
wolfSSL	13:80fb167dafdf	1202	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	13:80fb167dafdf	1203	#endif
wolfSSL	13:80fb167dafdf	1204
wolfSSL	13:80fb167dafdf	1205
wolfSSL	13:80fb167dafdf	1206	/* max cert chain peer depth */
wolfSSL	13:80fb167dafdf	1207	#ifndef MAX_CHAIN_DEPTH
wolfSSL	13:80fb167dafdf	1208	#define MAX_CHAIN_DEPTH 9
wolfSSL	13:80fb167dafdf	1209	#endif
wolfSSL	13:80fb167dafdf	1210
wolfSSL	13:80fb167dafdf	1211	/* max size of a certificate message payload */
wolfSSL	13:80fb167dafdf	1212	/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
wolfSSL	13:80fb167dafdf	1213	#ifndef MAX_CERTIFICATE_SZ
wolfSSL	13:80fb167dafdf	1214	#define MAX_CERTIFICATE_SZ \
wolfSSL	13:80fb167dafdf	1215	CERT_HEADER_SZ + \
wolfSSL	13:80fb167dafdf	1216	(MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
wolfSSL	13:80fb167dafdf	1217	#endif
wolfSSL	13:80fb167dafdf	1218
wolfSSL	13:80fb167dafdf	1219	/* max size of a handshake message, currently set to the certificate */
wolfSSL	13:80fb167dafdf	1220	#ifndef MAX_HANDSHAKE_SZ
wolfSSL	13:80fb167dafdf	1221	#define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
wolfSSL	13:80fb167dafdf	1222	#endif
wolfSSL	13:80fb167dafdf	1223
wolfSSL	13:80fb167dafdf	1224	#ifndef SESSION_TICKET_LEN
wolfSSL	13:80fb167dafdf	1225	#define SESSION_TICKET_LEN 256
wolfSSL	13:80fb167dafdf	1226	#endif
wolfSSL	13:80fb167dafdf	1227
wolfSSL	13:80fb167dafdf	1228	#ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL	13:80fb167dafdf	1229	#define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL	13:80fb167dafdf	1230	#endif
wolfSSL	13:80fb167dafdf	1231
wolfSSL	13:80fb167dafdf	1232
wolfSSL	13:80fb167dafdf	1233	/* don't use extra 3/4k stack space unless need to */
wolfSSL	13:80fb167dafdf	1234	#ifdef HAVE_NTRU
wolfSSL	13:80fb167dafdf	1235	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	13:80fb167dafdf	1236	#else
wolfSSL	13:80fb167dafdf	1237	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	13:80fb167dafdf	1238	#endif
wolfSSL	13:80fb167dafdf	1239
wolfSSL	13:80fb167dafdf	1240
wolfSSL	13:80fb167dafdf	1241	/* states */
wolfSSL	13:80fb167dafdf	1242	enum states {
wolfSSL	13:80fb167dafdf	1243	NULL_STATE = 0,
wolfSSL	13:80fb167dafdf	1244
wolfSSL	13:80fb167dafdf	1245	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	13:80fb167dafdf	1246	SERVER_HELLO_COMPLETE,
wolfSSL	13:80fb167dafdf	1247	SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
wolfSSL	13:80fb167dafdf	1248	SERVER_CERT_COMPLETE,
wolfSSL	13:80fb167dafdf	1249	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	13:80fb167dafdf	1250	SERVER_HELLODONE_COMPLETE,
wolfSSL	13:80fb167dafdf	1251	SERVER_FINISHED_COMPLETE,
wolfSSL	13:80fb167dafdf	1252	SERVER_HELLO_RETRY_REQUEST,
wolfSSL	13:80fb167dafdf	1253
wolfSSL	13:80fb167dafdf	1254	CLIENT_HELLO_COMPLETE,
wolfSSL	13:80fb167dafdf	1255	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	13:80fb167dafdf	1256	CLIENT_FINISHED_COMPLETE,
wolfSSL	13:80fb167dafdf	1257
wolfSSL	13:80fb167dafdf	1258	HANDSHAKE_DONE
wolfSSL	13:80fb167dafdf	1259	};
wolfSSL	13:80fb167dafdf	1260
wolfSSL	13:80fb167dafdf	1261
wolfSSL	13:80fb167dafdf	1262	#if defined(__GNUC__)
wolfSSL	13:80fb167dafdf	1263	#define WOLFSSL_PACK __attribute__ ((packed))
wolfSSL	13:80fb167dafdf	1264	#else
wolfSSL	13:80fb167dafdf	1265	#define WOLFSSL_PACK
wolfSSL	13:80fb167dafdf	1266	#endif
wolfSSL	13:80fb167dafdf	1267
wolfSSL	13:80fb167dafdf	1268	/* SSL Version */
wolfSSL	13:80fb167dafdf	1269	typedef struct ProtocolVersion {
wolfSSL	13:80fb167dafdf	1270	byte major;
wolfSSL	13:80fb167dafdf	1271	byte minor;
wolfSSL	13:80fb167dafdf	1272	} WOLFSSL_PACK ProtocolVersion;
wolfSSL	13:80fb167dafdf	1273
wolfSSL	13:80fb167dafdf	1274
wolfSSL	13:80fb167dafdf	1275	WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	13:80fb167dafdf	1276	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	13:80fb167dafdf	1277	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	13:80fb167dafdf	1278	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	13:80fb167dafdf	1279	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
wolfSSL	13:80fb167dafdf	1280
wolfSSL	13:80fb167dafdf	1281	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	1282	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	13:80fb167dafdf	1283	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	13:80fb167dafdf	1284
wolfSSL	13:80fb167dafdf	1285	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	13:80fb167dafdf	1286	WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	13:80fb167dafdf	1287	word32 sz);
wolfSSL	13:80fb167dafdf	1288	WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	13:80fb167dafdf	1289	word32 sz);
wolfSSL	13:80fb167dafdf	1290	WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1291	#endif
wolfSSL	13:80fb167dafdf	1292	#endif
wolfSSL	13:80fb167dafdf	1293
wolfSSL	13:80fb167dafdf	1294
wolfSSL	13:80fb167dafdf	1295	enum BIO_TYPE {
wolfSSL	13:80fb167dafdf	1296	BIO_BUFFER = 1,
wolfSSL	13:80fb167dafdf	1297	BIO_SOCKET = 2,
wolfSSL	13:80fb167dafdf	1298	BIO_SSL = 3,
wolfSSL	13:80fb167dafdf	1299	BIO_MEMORY = 4,
wolfSSL	13:80fb167dafdf	1300	BIO_BIO = 5,
wolfSSL	13:80fb167dafdf	1301	BIO_FILE = 6
wolfSSL	13:80fb167dafdf	1302	};
wolfSSL	13:80fb167dafdf	1303
wolfSSL	13:80fb167dafdf	1304
wolfSSL	13:80fb167dafdf	1305	/* wolfSSL BIO_METHOD type */
wolfSSL	13:80fb167dafdf	1306	struct WOLFSSL_BIO_METHOD {
wolfSSL	13:80fb167dafdf	1307	byte type; /* method type */
wolfSSL	13:80fb167dafdf	1308	};
wolfSSL	13:80fb167dafdf	1309
wolfSSL	13:80fb167dafdf	1310
wolfSSL	13:80fb167dafdf	1311	/* wolfSSL BIO type */
wolfSSL	13:80fb167dafdf	1312	struct WOLFSSL_BIO {
wolfSSL	13:80fb167dafdf	1313	WOLFSSL* ssl; /* possible associated ssl */
wolfSSL	13:80fb167dafdf	1314	#ifndef NO_FILESYSTEM
wolfSSL	13:80fb167dafdf	1315	XFILE file;
wolfSSL	13:80fb167dafdf	1316	#endif
wolfSSL	13:80fb167dafdf	1317	WOLFSSL_BIO* prev; /* previous in chain */
wolfSSL	13:80fb167dafdf	1318	WOLFSSL_BIO* next; /* next in chain */
wolfSSL	13:80fb167dafdf	1319	WOLFSSL_BIO* pair; /* BIO paired with */
wolfSSL	13:80fb167dafdf	1320	void* heap; /* user heap hint */
wolfSSL	13:80fb167dafdf	1321	byte* mem; /* memory buffer */
wolfSSL	13:80fb167dafdf	1322	int wrSz; /* write buffer size (mem) */
wolfSSL	13:80fb167dafdf	1323	int wrIdx; /* current index for write buffer */
wolfSSL	13:80fb167dafdf	1324	int rdIdx; /* current read index */
wolfSSL	13:80fb167dafdf	1325	int readRq; /* read request */
wolfSSL	13:80fb167dafdf	1326	int memLen; /* memory buffer length */
wolfSSL	13:80fb167dafdf	1327	int fd; /* possible file descriptor */
wolfSSL	13:80fb167dafdf	1328	int eof; /* eof flag */
wolfSSL	13:80fb167dafdf	1329	byte type; /* method type */
wolfSSL	13:80fb167dafdf	1330	byte close; /* close flag */
wolfSSL	13:80fb167dafdf	1331	};
wolfSSL	13:80fb167dafdf	1332
wolfSSL	13:80fb167dafdf	1333
wolfSSL	13:80fb167dafdf	1334	/* wolfSSL method type */
wolfSSL	13:80fb167dafdf	1335	struct WOLFSSL_METHOD {
wolfSSL	13:80fb167dafdf	1336	ProtocolVersion version;
wolfSSL	13:80fb167dafdf	1337	byte side; /* connection side, server or client */
wolfSSL	13:80fb167dafdf	1338	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	13:80fb167dafdf	1339	};
wolfSSL	13:80fb167dafdf	1340
wolfSSL	13:80fb167dafdf	1341	/* wolfSSL buffer type - internal uses "buffer" type */
wolfSSL	13:80fb167dafdf	1342	typedef WOLFSSL_BUFFER_INFO buffer;
wolfSSL	13:80fb167dafdf	1343
wolfSSL	13:80fb167dafdf	1344
wolfSSL	13:80fb167dafdf	1345	/* defaults to client */
wolfSSL	13:80fb167dafdf	1346	WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL	13:80fb167dafdf	1347
wolfSSL	13:80fb167dafdf	1348	/* for sniffer */
wolfSSL	13:80fb167dafdf	1349	WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	13:80fb167dafdf	1350	word32 size, word32 totalSz, int sniff);
wolfSSL	13:80fb167dafdf	1351	WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	13:80fb167dafdf	1352	/* TLS v1.3 needs these */
wolfSSL	13:80fb167dafdf	1353	WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	13:80fb167dafdf	1354	word32);
wolfSSL	13:80fb167dafdf	1355	WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	13:80fb167dafdf	1356	word32);
wolfSSL	13:80fb167dafdf	1357	WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
wolfSSL	13:80fb167dafdf	1358	WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
wolfSSL	13:80fb167dafdf	1359	word32 hashSigAlgoSz);
wolfSSL	13:80fb167dafdf	1360	WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL ssl, word16 length);
wolfSSL	13:80fb167dafdf	1361	WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1362	WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
wolfSSL	13:80fb167dafdf	1363	WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
wolfSSL	13:80fb167dafdf	1364	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	1365	WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
wolfSSL	13:80fb167dafdf	1366	#endif
wolfSSL	13:80fb167dafdf	1367	WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1368	WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
wolfSSL	13:80fb167dafdf	1369	WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
wolfSSL	13:80fb167dafdf	1370	int ivSz);
wolfSSL	13:80fb167dafdf	1371	WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
wolfSSL	13:80fb167dafdf	1372	#if defined(HAVE_STUNNEL) \|\| defined(WOLFSSL_NGINX) \|\| defined (WOLFSSL_HAPROXY)
wolfSSL	13:80fb167dafdf	1373	WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1374	#endif
wolfSSL	13:80fb167dafdf	1375	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	1376	WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
wolfSSL	13:80fb167dafdf	1377	word16 sz);
wolfSSL	13:80fb167dafdf	1378	WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
wolfSSL	13:80fb167dafdf	1379	word32* inOutIdx, byte type,
wolfSSL	13:80fb167dafdf	1380	word32 size, word32 totalSz);
wolfSSL	13:80fb167dafdf	1381	WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
wolfSSL	13:80fb167dafdf	1382	word32* inOutIdx, word32 totalSz);
wolfSSL	13:80fb167dafdf	1383	WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
wolfSSL	13:80fb167dafdf	1384	word32* inOutIdx, word32 helloSz);
wolfSSL	13:80fb167dafdf	1385	#endif
wolfSSL	13:80fb167dafdf	1386
wolfSSL	13:80fb167dafdf	1387	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	1388	/* wolfSSL DER buffer */
wolfSSL	13:80fb167dafdf	1389	typedef struct DerBuffer {
wolfSSL	13:80fb167dafdf	1390	byte* buffer;
wolfSSL	13:80fb167dafdf	1391	void* heap;
wolfSSL	13:80fb167dafdf	1392	word32 length;
wolfSSL	13:80fb167dafdf	1393	int type; /* enum CertType */
wolfSSL	13:80fb167dafdf	1394	int dynType; /* DYNAMIC_TYPE_* */
wolfSSL	13:80fb167dafdf	1395	} DerBuffer;
wolfSSL	13:80fb167dafdf	1396	#endif /* !NO_CERTS */
wolfSSL	13:80fb167dafdf	1397
wolfSSL	13:80fb167dafdf	1398
wolfSSL	13:80fb167dafdf	1399	enum {
wolfSSL	13:80fb167dafdf	1400	FORCED_FREE = 1,
wolfSSL	13:80fb167dafdf	1401	NO_FORCED_FREE = 0
wolfSSL	13:80fb167dafdf	1402	};
wolfSSL	13:80fb167dafdf	1403
wolfSSL	13:80fb167dafdf	1404
wolfSSL	13:80fb167dafdf	1405	/* only use compression extra if using compression */
wolfSSL	13:80fb167dafdf	1406	#ifdef HAVE_LIBZ
wolfSSL	13:80fb167dafdf	1407	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	13:80fb167dafdf	1408	#else
wolfSSL	13:80fb167dafdf	1409	#define COMP_EXTRA 0
wolfSSL	13:80fb167dafdf	1410	#endif
wolfSSL	13:80fb167dafdf	1411
wolfSSL	13:80fb167dafdf	1412	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	13:80fb167dafdf	1413	#ifdef WOLFSSL_SNIFFER
wolfSSL	13:80fb167dafdf	1414	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	13:80fb167dafdf	1415	#else
wolfSSL	13:80fb167dafdf	1416	#define MTU_EXTRA 0
wolfSSL	13:80fb167dafdf	1417	#endif
wolfSSL	13:80fb167dafdf	1418
wolfSSL	13:80fb167dafdf	1419
wolfSSL	13:80fb167dafdf	1420	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	13:80fb167dafdf	1421	#ifdef WOLFSSL_CALLBACKS
wolfSSL	13:80fb167dafdf	1422	#undef LARGE_STATIC_BUFFERS
wolfSSL	13:80fb167dafdf	1423	#define LARGE_STATIC_BUFFERS
wolfSSL	13:80fb167dafdf	1424	#endif
wolfSSL	13:80fb167dafdf	1425
wolfSSL	13:80fb167dafdf	1426
wolfSSL	13:80fb167dafdf	1427	/* give user option to use 16K static buffers */
wolfSSL	13:80fb167dafdf	1428	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	13:80fb167dafdf	1429	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	13:80fb167dafdf	1430	#else
wolfSSL	13:80fb167dafdf	1431	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	1432	#define RECORD_SIZE MAX_MTU
wolfSSL	13:80fb167dafdf	1433	#else
wolfSSL	13:80fb167dafdf	1434	#define RECORD_SIZE 128
wolfSSL	13:80fb167dafdf	1435	#endif
wolfSSL	13:80fb167dafdf	1436	#endif
wolfSSL	13:80fb167dafdf	1437
wolfSSL	13:80fb167dafdf	1438
wolfSSL	13:80fb167dafdf	1439	/* user option to turn off 16K output option */
wolfSSL	13:80fb167dafdf	1440	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	13:80fb167dafdf	1441	larger than the record we have, dynamically get it, unless user says only
wolfSSL	13:80fb167dafdf	1442	write in static buffer chunks */
wolfSSL	13:80fb167dafdf	1443	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	13:80fb167dafdf	1444	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	13:80fb167dafdf	1445	#else
wolfSSL	13:80fb167dafdf	1446	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	13:80fb167dafdf	1447	#endif
wolfSSL	13:80fb167dafdf	1448
wolfSSL	13:80fb167dafdf	1449	/* wolfSSL input buffer
wolfSSL	13:80fb167dafdf	1450
wolfSSL	13:80fb167dafdf	1451	RFC 2246:
wolfSSL	13:80fb167dafdf	1452
wolfSSL	13:80fb167dafdf	1453	length
wolfSSL	13:80fb167dafdf	1454	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	13:80fb167dafdf	1455	The length should not exceed 2^14.
wolfSSL	13:80fb167dafdf	1456	*/
wolfSSL	13:80fb167dafdf	1457	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	13:80fb167dafdf	1458	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	13:80fb167dafdf	1459	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	13:80fb167dafdf	1460	#else
wolfSSL	13:80fb167dafdf	1461	/* don't fragment memory from the record header */
wolfSSL	13:80fb167dafdf	1462	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	13:80fb167dafdf	1463	#endif
wolfSSL	13:80fb167dafdf	1464
wolfSSL	13:80fb167dafdf	1465	typedef struct {
wolfSSL	13:80fb167dafdf	1466	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	13:80fb167dafdf	1467	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	13:80fb167dafdf	1468	word32 length; /* total buffer length used */
wolfSSL	13:80fb167dafdf	1469	word32 idx; /* idx to part of length already consumed */
wolfSSL	13:80fb167dafdf	1470	word32 bufferSize; /* current buffer size */
wolfSSL	13:80fb167dafdf	1471	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	13:80fb167dafdf	1472	byte offset; /* alignment offset attempt */
wolfSSL	13:80fb167dafdf	1473	} bufferStatic;
wolfSSL	13:80fb167dafdf	1474
wolfSSL	13:80fb167dafdf	1475	/* Cipher Suites holder */
wolfSSL	13:80fb167dafdf	1476	typedef struct Suites {
wolfSSL	13:80fb167dafdf	1477	word16 suiteSz; /* suite length in bytes */
wolfSSL	13:80fb167dafdf	1478	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	13:80fb167dafdf	1479	byte suites[WOLFSSL_MAX_SUITE_SZ];
wolfSSL	13:80fb167dafdf	1480	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
wolfSSL	13:80fb167dafdf	1481	byte setSuites; /* user set suites from default */
wolfSSL	13:80fb167dafdf	1482	byte hashAlgo; /* selected hash algorithm */
wolfSSL	13:80fb167dafdf	1483	byte sigAlgo; /* selected sig algorithm */
wolfSSL	13:80fb167dafdf	1484	} Suites;
wolfSSL	13:80fb167dafdf	1485
wolfSSL	13:80fb167dafdf	1486
wolfSSL	13:80fb167dafdf	1487	WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
wolfSSL	13:80fb167dafdf	1488	word16, word16, word16, int);
wolfSSL	13:80fb167dafdf	1489	WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
wolfSSL	13:80fb167dafdf	1490	WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX, Suites, const char* list);
wolfSSL	13:80fb167dafdf	1491
wolfSSL	13:80fb167dafdf	1492	#ifndef PSK_TYPES_DEFINED
wolfSSL	13:80fb167dafdf	1493	typedef unsigned int (wc_psk_client_callback)(WOLFSSL, const char, char,
wolfSSL	13:80fb167dafdf	1494	unsigned int, unsigned char*, unsigned int);
wolfSSL	13:80fb167dafdf	1495	typedef unsigned int (wc_psk_server_callback)(WOLFSSL, const char*,
wolfSSL	13:80fb167dafdf	1496	unsigned char*, unsigned int);
wolfSSL	13:80fb167dafdf	1497	#endif /* PSK_TYPES_DEFINED */
wolfSSL	13:80fb167dafdf	1498	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	1499	typedef int (wc_dtls_export)(WOLFSSL ssl,
wolfSSL	13:80fb167dafdf	1500	unsigned char* exportBuffer, unsigned int sz, void* userCtx);
wolfSSL	13:80fb167dafdf	1501	#endif
wolfSSL	13:80fb167dafdf	1502
wolfSSL	13:80fb167dafdf	1503
wolfSSL	13:80fb167dafdf	1504	/* wolfSSL Cipher type just points back to SSL */
wolfSSL	13:80fb167dafdf	1505	struct WOLFSSL_CIPHER {
wolfSSL	13:80fb167dafdf	1506	WOLFSSL* ssl;
wolfSSL	13:80fb167dafdf	1507	};
wolfSSL	13:80fb167dafdf	1508
wolfSSL	13:80fb167dafdf	1509
wolfSSL	13:80fb167dafdf	1510	typedef struct OcspEntry OcspEntry;
wolfSSL	13:80fb167dafdf	1511
wolfSSL	13:80fb167dafdf	1512	#ifdef NO_SHA
wolfSSL	13:80fb167dafdf	1513	#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	13:80fb167dafdf	1514	#else
wolfSSL	13:80fb167dafdf	1515	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	13:80fb167dafdf	1516	#endif
wolfSSL	13:80fb167dafdf	1517
wolfSSL	13:80fb167dafdf	1518	#ifdef NO_ASN
wolfSSL	13:80fb167dafdf	1519	/* no_asn won't have */
wolfSSL	13:80fb167dafdf	1520	typedef struct CertStatus CertStatus;
wolfSSL	13:80fb167dafdf	1521	#endif
wolfSSL	13:80fb167dafdf	1522
wolfSSL	13:80fb167dafdf	1523	struct OcspEntry {
wolfSSL	13:80fb167dafdf	1524	OcspEntry* next; /* next entry */
wolfSSL	13:80fb167dafdf	1525	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL	13:80fb167dafdf	1526	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL	13:80fb167dafdf	1527	CertStatus* status; /* OCSP response list */
wolfSSL	13:80fb167dafdf	1528	int totalStatus; /* number on list */
wolfSSL	13:80fb167dafdf	1529	};
wolfSSL	13:80fb167dafdf	1530
wolfSSL	13:80fb167dafdf	1531
wolfSSL	13:80fb167dafdf	1532	#ifndef HAVE_OCSP
wolfSSL	13:80fb167dafdf	1533	typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL	13:80fb167dafdf	1534	#endif
wolfSSL	13:80fb167dafdf	1535
wolfSSL	13:80fb167dafdf	1536	/* wolfSSL OCSP controller */
wolfSSL	13:80fb167dafdf	1537	struct WOLFSSL_OCSP {
wolfSSL	13:80fb167dafdf	1538	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	13:80fb167dafdf	1539	OcspEntry* ocspList; /* OCSP response list */
wolfSSL	13:80fb167dafdf	1540	wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	13:80fb167dafdf	1541	#if defined(WOLFSSL_NGINX) \|\| defined (WOLFSSL_HAPROXY)
wolfSSL	13:80fb167dafdf	1542	int(statusCb)(WOLFSSL, void*);
wolfSSL	13:80fb167dafdf	1543	#endif
wolfSSL	13:80fb167dafdf	1544	};
wolfSSL	13:80fb167dafdf	1545
wolfSSL	13:80fb167dafdf	1546	#ifndef MAX_DATE_SIZE
wolfSSL	13:80fb167dafdf	1547	#define MAX_DATE_SIZE 32
wolfSSL	13:80fb167dafdf	1548	#endif
wolfSSL	13:80fb167dafdf	1549
wolfSSL	13:80fb167dafdf	1550	typedef struct CRL_Entry CRL_Entry;
wolfSSL	13:80fb167dafdf	1551
wolfSSL	13:80fb167dafdf	1552	#ifdef NO_SHA
wolfSSL	13:80fb167dafdf	1553	#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	13:80fb167dafdf	1554	#else
wolfSSL	13:80fb167dafdf	1555	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	13:80fb167dafdf	1556	#endif
wolfSSL	13:80fb167dafdf	1557
wolfSSL	13:80fb167dafdf	1558	#ifdef NO_ASN
wolfSSL	13:80fb167dafdf	1559	typedef struct RevokedCert RevokedCert;
wolfSSL	13:80fb167dafdf	1560	#endif
wolfSSL	13:80fb167dafdf	1561
wolfSSL	13:80fb167dafdf	1562	/* Complete CRL */
wolfSSL	13:80fb167dafdf	1563	struct CRL_Entry {
wolfSSL	13:80fb167dafdf	1564	CRL_Entry* next; /* next entry */
wolfSSL	13:80fb167dafdf	1565	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	13:80fb167dafdf	1566	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	13:80fb167dafdf	1567	/* restore the hash here if needed for optimized comparisons */
wolfSSL	13:80fb167dafdf	1568	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	13:80fb167dafdf	1569	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	13:80fb167dafdf	1570	byte lastDateFormat; /* last date format */
wolfSSL	13:80fb167dafdf	1571	byte nextDateFormat; /* next date format */
wolfSSL	13:80fb167dafdf	1572	RevokedCert* certs; /* revoked cert list */
wolfSSL	13:80fb167dafdf	1573	int totalCerts; /* number on list */
wolfSSL	13:80fb167dafdf	1574	};
wolfSSL	13:80fb167dafdf	1575
wolfSSL	13:80fb167dafdf	1576
wolfSSL	13:80fb167dafdf	1577	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	13:80fb167dafdf	1578
wolfSSL	13:80fb167dafdf	1579	/* CRL directory monitor */
wolfSSL	13:80fb167dafdf	1580	struct CRL_Monitor {
wolfSSL	13:80fb167dafdf	1581	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	13:80fb167dafdf	1582	int type; /* PEM or ASN1 type */
wolfSSL	13:80fb167dafdf	1583	};
wolfSSL	13:80fb167dafdf	1584
wolfSSL	13:80fb167dafdf	1585
wolfSSL	13:80fb167dafdf	1586	#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
wolfSSL	13:80fb167dafdf	1587	#undef HAVE_CRL_MONITOR
wolfSSL	13:80fb167dafdf	1588	#endif
wolfSSL	13:80fb167dafdf	1589
wolfSSL	13:80fb167dafdf	1590	/* wolfSSL CRL controller */
wolfSSL	13:80fb167dafdf	1591	struct WOLFSSL_CRL {
wolfSSL	13:80fb167dafdf	1592	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	13:80fb167dafdf	1593	CRL_Entry* crlList; /* our CRL list */
wolfSSL	13:80fb167dafdf	1594	#ifdef HAVE_CRL_IO
wolfSSL	13:80fb167dafdf	1595	CbCrlIO crlIOCb;
wolfSSL	13:80fb167dafdf	1596	#endif
wolfSSL	13:80fb167dafdf	1597	wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	13:80fb167dafdf	1598	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	13:80fb167dafdf	1599	#ifdef HAVE_CRL_MONITOR
wolfSSL	13:80fb167dafdf	1600	pthread_cond_t cond; /* condition to signal setup */
wolfSSL	13:80fb167dafdf	1601	pthread_t tid; /* monitoring thread */
wolfSSL	13:80fb167dafdf	1602	int mfd; /* monitor fd, -1 if no init yet */
wolfSSL	13:80fb167dafdf	1603	int setup; /* thread is setup predicate */
wolfSSL	13:80fb167dafdf	1604	#endif
wolfSSL	13:80fb167dafdf	1605	void* heap; /* heap hint for dynamic memory */
wolfSSL	13:80fb167dafdf	1606	};
wolfSSL	13:80fb167dafdf	1607
wolfSSL	13:80fb167dafdf	1608
wolfSSL	13:80fb167dafdf	1609	#ifdef NO_ASN
wolfSSL	13:80fb167dafdf	1610	typedef struct Signer Signer;
wolfSSL	13:80fb167dafdf	1611	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	13:80fb167dafdf	1612	typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL	13:80fb167dafdf	1613	#endif
wolfSSL	13:80fb167dafdf	1614	#endif
wolfSSL	13:80fb167dafdf	1615
wolfSSL	13:80fb167dafdf	1616
wolfSSL	13:80fb167dafdf	1617	#ifndef CA_TABLE_SIZE
wolfSSL	13:80fb167dafdf	1618	#define CA_TABLE_SIZE 11
wolfSSL	13:80fb167dafdf	1619	#endif
wolfSSL	13:80fb167dafdf	1620	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	13:80fb167dafdf	1621	#define TP_TABLE_SIZE 11
wolfSSL	13:80fb167dafdf	1622	#endif
wolfSSL	13:80fb167dafdf	1623
wolfSSL	13:80fb167dafdf	1624	/* wolfSSL Certificate Manager */
wolfSSL	13:80fb167dafdf	1625	struct WOLFSSL_CERT_MANAGER {
wolfSSL	13:80fb167dafdf	1626	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	13:80fb167dafdf	1627	void* heap; /* heap helper */
wolfSSL	13:80fb167dafdf	1628	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	13:80fb167dafdf	1629	TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
wolfSSL	13:80fb167dafdf	1630	wolfSSL_Mutex tpLock; /* trusted peer list lock */
wolfSSL	13:80fb167dafdf	1631	#endif
wolfSSL	13:80fb167dafdf	1632	WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL	13:80fb167dafdf	1633	WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	13:80fb167dafdf	1634	#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	13:80fb167dafdf	1635	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL	13:80fb167dafdf	1636	WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
wolfSSL	13:80fb167dafdf	1637	#endif
wolfSSL	13:80fb167dafdf	1638	char* ocspOverrideURL; /* use this responder */
wolfSSL	13:80fb167dafdf	1639	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	13:80fb167dafdf	1640	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	13:80fb167dafdf	1641	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	13:80fb167dafdf	1642	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	13:80fb167dafdf	1643	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	13:80fb167dafdf	1644	wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL	13:80fb167dafdf	1645	byte crlEnabled; /* is CRL on ? */
wolfSSL	13:80fb167dafdf	1646	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	13:80fb167dafdf	1647	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	13:80fb167dafdf	1648	byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL	13:80fb167dafdf	1649	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	13:80fb167dafdf	1650	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	13:80fb167dafdf	1651	byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
wolfSSL	13:80fb167dafdf	1652
wolfSSL	13:80fb167dafdf	1653	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	1654	short minRsaKeySz; /* minimum allowed RSA key size */
wolfSSL	13:80fb167dafdf	1655	#endif
wolfSSL	13:80fb167dafdf	1656	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	1657	short minEccKeySz; /* minimum allowed ECC key size */
wolfSSL	13:80fb167dafdf	1658	#endif
wolfSSL	13:80fb167dafdf	1659	};
wolfSSL	13:80fb167dafdf	1660
wolfSSL	13:80fb167dafdf	1661	WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	13:80fb167dafdf	1662	WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	13:80fb167dafdf	1663	WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER, void, int, int*);
wolfSSL	13:80fb167dafdf	1664	WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER, const void, int);
wolfSSL	13:80fb167dafdf	1665	WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL	13:80fb167dafdf	1666
wolfSSL	13:80fb167dafdf	1667	/* wolfSSL Sock Addr */
wolfSSL	13:80fb167dafdf	1668	struct WOLFSSL_SOCKADDR {
wolfSSL	13:80fb167dafdf	1669	unsigned int sz; /* sockaddr size */
wolfSSL	13:80fb167dafdf	1670	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	13:80fb167dafdf	1671	};
wolfSSL	13:80fb167dafdf	1672
wolfSSL	13:80fb167dafdf	1673	typedef struct WOLFSSL_DTLS_CTX {
wolfSSL	13:80fb167dafdf	1674	WOLFSSL_SOCKADDR peer;
wolfSSL	13:80fb167dafdf	1675	int rfd;
wolfSSL	13:80fb167dafdf	1676	int wfd;
wolfSSL	13:80fb167dafdf	1677	} WOLFSSL_DTLS_CTX;
wolfSSL	13:80fb167dafdf	1678
wolfSSL	13:80fb167dafdf	1679
wolfSSL	13:80fb167dafdf	1680	#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
wolfSSL	13:80fb167dafdf	1681
wolfSSL	13:80fb167dafdf	1682	/* keys and secrets
wolfSSL	13:80fb167dafdf	1683	* keep as a constant size (no additional ifdefs) for session export */
wolfSSL	13:80fb167dafdf	1684	typedef struct Keys {
wolfSSL	13:80fb167dafdf	1685	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	13:80fb167dafdf	1686	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
wolfSSL	13:80fb167dafdf	1687	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
wolfSSL	13:80fb167dafdf	1688	byte server_write_key[AES_256_KEY_SIZE];
wolfSSL	13:80fb167dafdf	1689	byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
wolfSSL	13:80fb167dafdf	1690	byte server_write_IV[MAX_WRITE_IV_SZ];
wolfSSL	13:80fb167dafdf	1691	#if defined(HAVE_AEAD) \|\| defined(WOLFSSL_SESSION_EXPORT)
wolfSSL	13:80fb167dafdf	1692	byte aead_exp_IV[AEAD_MAX_EXP_SZ];
wolfSSL	13:80fb167dafdf	1693	byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	13:80fb167dafdf	1694	byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	13:80fb167dafdf	1695	#endif
wolfSSL	13:80fb167dafdf	1696
wolfSSL	13:80fb167dafdf	1697	word32 peer_sequence_number_hi;
wolfSSL	13:80fb167dafdf	1698	word32 peer_sequence_number_lo;
wolfSSL	13:80fb167dafdf	1699	word32 sequence_number_hi;
wolfSSL	13:80fb167dafdf	1700	word32 sequence_number_lo;
wolfSSL	13:80fb167dafdf	1701
wolfSSL	13:80fb167dafdf	1702	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	1703	word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	13:80fb167dafdf	1704	/* Sliding window for current epoch */
wolfSSL	13:80fb167dafdf	1705	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	13:80fb167dafdf	1706	word16 nextSeq_hi; /* Expected sequence in next record */
wolfSSL	13:80fb167dafdf	1707	word32 nextSeq_lo;
wolfSSL	13:80fb167dafdf	1708
wolfSSL	13:80fb167dafdf	1709	word16 curEpoch; /* Received epoch in current record */
wolfSSL	13:80fb167dafdf	1710	word16 curSeq_hi; /* Received sequence in current record */
wolfSSL	13:80fb167dafdf	1711	word32 curSeq_lo;
wolfSSL	13:80fb167dafdf	1712
wolfSSL	13:80fb167dafdf	1713	word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	13:80fb167dafdf	1714	/* Sliding window for old epoch */
wolfSSL	13:80fb167dafdf	1715	word16 prevSeq_hi; /* Next sequence in allowed old epoch */
wolfSSL	13:80fb167dafdf	1716	word32 prevSeq_lo;
wolfSSL	13:80fb167dafdf	1717
wolfSSL	13:80fb167dafdf	1718	word16 dtls_peer_handshake_number;
wolfSSL	13:80fb167dafdf	1719	word16 dtls_expected_peer_handshake_number;
wolfSSL	13:80fb167dafdf	1720
wolfSSL	13:80fb167dafdf	1721	word16 dtls_epoch; /* Current epoch */
wolfSSL	13:80fb167dafdf	1722	word16 dtls_sequence_number_hi; /* Current epoch */
wolfSSL	13:80fb167dafdf	1723	word32 dtls_sequence_number_lo;
wolfSSL	13:80fb167dafdf	1724	word16 dtls_prev_sequence_number_hi; /* Previous epoch */
wolfSSL	13:80fb167dafdf	1725	word32 dtls_prev_sequence_number_lo;
wolfSSL	13:80fb167dafdf	1726	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	13:80fb167dafdf	1727	#endif
wolfSSL	13:80fb167dafdf	1728
wolfSSL	13:80fb167dafdf	1729	word32 encryptSz; /* last size of encrypted data */
wolfSSL	13:80fb167dafdf	1730	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	13:80fb167dafdf	1731	byte encryptionOn; /* true after change cipher spec */
wolfSSL	13:80fb167dafdf	1732	byte decryptedCur; /* only decrypt current record once */
wolfSSL	13:80fb167dafdf	1733	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	1734	byte updateResponseReq:1; /* KeyUpdate response from peer required. */
wolfSSL	13:80fb167dafdf	1735	byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
wolfSSL	13:80fb167dafdf	1736	#endif
wolfSSL	13:80fb167dafdf	1737	} Keys;
wolfSSL	13:80fb167dafdf	1738
wolfSSL	13:80fb167dafdf	1739
wolfSSL	13:80fb167dafdf	1740
wolfSSL	13:80fb167dafdf	1741	/** TLS Extensions - RFC 6066 */
wolfSSL	13:80fb167dafdf	1742	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	13:80fb167dafdf	1743
wolfSSL	13:80fb167dafdf	1744	typedef enum {
wolfSSL	13:80fb167dafdf	1745	TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
wolfSSL	13:80fb167dafdf	1746	TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL	13:80fb167dafdf	1747	TLSX_TRUNCATED_HMAC = 0x0004,
wolfSSL	13:80fb167dafdf	1748	TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
wolfSSL	13:80fb167dafdf	1749	TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
wolfSSL	13:80fb167dafdf	1750	TLSX_SIGNATURE_ALGORITHMS = 0x000d,
wolfSSL	13:80fb167dafdf	1751	TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
wolfSSL	13:80fb167dafdf	1752	TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
wolfSSL	13:80fb167dafdf	1753	TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
wolfSSL	13:80fb167dafdf	1754	TLSX_SESSION_TICKET = 0x0023,
wolfSSL	13:80fb167dafdf	1755	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	1756	TLSX_KEY_SHARE = 0x0028,
wolfSSL	13:80fb167dafdf	1757	#ifndef NO_PSK
wolfSSL	13:80fb167dafdf	1758	TLSX_PRE_SHARED_KEY = 0x0029,
wolfSSL	13:80fb167dafdf	1759	#endif
wolfSSL	13:80fb167dafdf	1760	TLSX_SUPPORTED_VERSIONS = 0x002b,
wolfSSL	13:80fb167dafdf	1761	#ifndef NO_PSK
wolfSSL	13:80fb167dafdf	1762	TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
wolfSSL	13:80fb167dafdf	1763	#endif
wolfSSL	13:80fb167dafdf	1764	#endif
wolfSSL	13:80fb167dafdf	1765	TLSX_RENEGOTIATION_INFO = 0xff01
wolfSSL	13:80fb167dafdf	1766	} TLSX_Type;
wolfSSL	13:80fb167dafdf	1767
wolfSSL	13:80fb167dafdf	1768	typedef struct TLSX {
wolfSSL	13:80fb167dafdf	1769	TLSX_Type type; /* Extension Type */
wolfSSL	13:80fb167dafdf	1770	void* data; /* Extension Data */
wolfSSL	13:80fb167dafdf	1771	word32 val; /* Extension Value */
wolfSSL	13:80fb167dafdf	1772	byte resp; /* IsResponse Flag */
wolfSSL	13:80fb167dafdf	1773	struct TLSX* next; /* List Behavior */
wolfSSL	13:80fb167dafdf	1774	} TLSX;
wolfSSL	13:80fb167dafdf	1775
wolfSSL	13:80fb167dafdf	1776	WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	13:80fb167dafdf	1777	WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
wolfSSL	13:80fb167dafdf	1778	WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1779	WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
wolfSSL	13:80fb167dafdf	1780
wolfSSL	13:80fb167dafdf	1781	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	13:80fb167dafdf	1782	WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1783	WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
wolfSSL	13:80fb167dafdf	1784	#endif
wolfSSL	13:80fb167dafdf	1785
wolfSSL	13:80fb167dafdf	1786	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	1787	WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType);
wolfSSL	13:80fb167dafdf	1788	WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output,
wolfSSL	13:80fb167dafdf	1789	byte msgType);
wolfSSL	13:80fb167dafdf	1790	#endif
wolfSSL	13:80fb167dafdf	1791
wolfSSL	13:80fb167dafdf	1792	WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	13:80fb167dafdf	1793	byte msgType, Suites *suites);
wolfSSL	13:80fb167dafdf	1794
wolfSSL	13:80fb167dafdf	1795	#elif defined(HAVE_SNI) \
wolfSSL	13:80fb167dafdf	1796	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	13:80fb167dafdf	1797	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	13:80fb167dafdf	1798	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	13:80fb167dafdf	1799	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL	13:80fb167dafdf	1800	\|\| defined(HAVE_SUPPORTED_CURVES) \
wolfSSL	13:80fb167dafdf	1801	\|\| defined(HAVE_ALPN) \
wolfSSL	13:80fb167dafdf	1802	\|\| defined(HAVE_QSH) \
wolfSSL	13:80fb167dafdf	1803	\|\| defined(HAVE_SESSION_TICKET) \
wolfSSL	13:80fb167dafdf	1804	\|\| defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	13:80fb167dafdf	1805	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	13:80fb167dafdf	1806
wolfSSL	13:80fb167dafdf	1807	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL	13:80fb167dafdf	1808
wolfSSL	13:80fb167dafdf	1809	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	13:80fb167dafdf	1810
wolfSSL	13:80fb167dafdf	1811	/** Server Name Indication - RFC 6066 (session 3) */
wolfSSL	13:80fb167dafdf	1812	#ifdef HAVE_SNI
wolfSSL	13:80fb167dafdf	1813
wolfSSL	13:80fb167dafdf	1814	typedef struct SNI {
wolfSSL	13:80fb167dafdf	1815	byte type; /* SNI Type */
wolfSSL	13:80fb167dafdf	1816	union { char* host_name; } data; /* SNI Data */
wolfSSL	13:80fb167dafdf	1817	struct SNI* next; /* List Behavior */
wolfSSL	13:80fb167dafdf	1818	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	1819	byte options; /* Behavior options */
wolfSSL	13:80fb167dafdf	1820	byte status; /* Matching result */
wolfSSL	13:80fb167dafdf	1821	#endif
wolfSSL	13:80fb167dafdf	1822	} SNI;
wolfSSL	13:80fb167dafdf	1823
wolfSSL	13:80fb167dafdf	1824	WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	13:80fb167dafdf	1825	word16 size, void* heap);
wolfSSL	13:80fb167dafdf	1826
wolfSSL	13:80fb167dafdf	1827	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	1828	WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	13:80fb167dafdf	1829	byte options);
wolfSSL	13:80fb167dafdf	1830	WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	13:80fb167dafdf	1831	WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	13:80fb167dafdf	1832	void** data);
wolfSSL	13:80fb167dafdf	1833	WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	13:80fb167dafdf	1834	byte type, byte* sni, word32* inOutSz);
wolfSSL	13:80fb167dafdf	1835	#endif
wolfSSL	13:80fb167dafdf	1836
wolfSSL	13:80fb167dafdf	1837	#endif /* HAVE_SNI */
wolfSSL	13:80fb167dafdf	1838
wolfSSL	13:80fb167dafdf	1839	/* Application-Layer Protocol Negotiation - RFC 7301 */
wolfSSL	13:80fb167dafdf	1840	#ifdef HAVE_ALPN
wolfSSL	13:80fb167dafdf	1841	typedef struct ALPN {
wolfSSL	13:80fb167dafdf	1842	char* protocol_name; /* ALPN protocol name */
wolfSSL	13:80fb167dafdf	1843	struct ALPN* next; /* List Behavior */
wolfSSL	13:80fb167dafdf	1844	byte options; /* Behavior options */
wolfSSL	13:80fb167dafdf	1845	byte negotiated; /* ALPN protocol negotiated or not */
wolfSSL	13:80fb167dafdf	1846	} ALPN;
wolfSSL	13:80fb167dafdf	1847
wolfSSL	13:80fb167dafdf	1848	WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
wolfSSL	13:80fb167dafdf	1849	void** data, word16 *dataSz);
wolfSSL	13:80fb167dafdf	1850
wolfSSL	13:80fb167dafdf	1851	WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
wolfSSL	13:80fb167dafdf	1852	word16 size, byte options, void* heap);
wolfSSL	13:80fb167dafdf	1853
wolfSSL	13:80fb167dafdf	1854	WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
wolfSSL	13:80fb167dafdf	1855
wolfSSL	13:80fb167dafdf	1856	#endif /* HAVE_ALPN */
wolfSSL	13:80fb167dafdf	1857
wolfSSL	13:80fb167dafdf	1858	/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
wolfSSL	13:80fb167dafdf	1859	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	13:80fb167dafdf	1860
wolfSSL	13:80fb167dafdf	1861	WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
wolfSSL	13:80fb167dafdf	1862
wolfSSL	13:80fb167dafdf	1863	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	13:80fb167dafdf	1864
wolfSSL	13:80fb167dafdf	1865	/** Truncated HMAC - RFC 6066 (session 7) */
wolfSSL	13:80fb167dafdf	1866	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	13:80fb167dafdf	1867
wolfSSL	13:80fb167dafdf	1868	WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
wolfSSL	13:80fb167dafdf	1869
wolfSSL	13:80fb167dafdf	1870	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	13:80fb167dafdf	1871
wolfSSL	13:80fb167dafdf	1872	/** Certificate Status Request - RFC 6066 (session 8) */
wolfSSL	13:80fb167dafdf	1873	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	13:80fb167dafdf	1874
wolfSSL	13:80fb167dafdf	1875	typedef struct {
wolfSSL	13:80fb167dafdf	1876	byte status_type;
wolfSSL	13:80fb167dafdf	1877	byte options;
wolfSSL	13:80fb167dafdf	1878	union {
wolfSSL	13:80fb167dafdf	1879	OcspRequest ocsp;
wolfSSL	13:80fb167dafdf	1880	} request;
wolfSSL	13:80fb167dafdf	1881	} CertificateStatusRequest;
wolfSSL	13:80fb167dafdf	1882
wolfSSL	13:80fb167dafdf	1883	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
wolfSSL	13:80fb167dafdf	1884	byte status_type, byte options, void* heap, int devId);
wolfSSL	13:80fb167dafdf	1885	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	1886	WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
wolfSSL	13:80fb167dafdf	1887	void* heap);
wolfSSL	13:80fb167dafdf	1888	#endif
wolfSSL	13:80fb167dafdf	1889	WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
wolfSSL	13:80fb167dafdf	1890	WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1891
wolfSSL	13:80fb167dafdf	1892	#endif
wolfSSL	13:80fb167dafdf	1893
wolfSSL	13:80fb167dafdf	1894	/** Certificate Status Request v2 - RFC 6961 */
wolfSSL	13:80fb167dafdf	1895	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	13:80fb167dafdf	1896
wolfSSL	13:80fb167dafdf	1897	typedef struct CSRIv2 {
wolfSSL	13:80fb167dafdf	1898	byte status_type;
wolfSSL	13:80fb167dafdf	1899	byte options;
wolfSSL	13:80fb167dafdf	1900	word16 requests;
wolfSSL	13:80fb167dafdf	1901	union {
wolfSSL	13:80fb167dafdf	1902	OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
wolfSSL	13:80fb167dafdf	1903	} request;
wolfSSL	13:80fb167dafdf	1904	struct CSRIv2* next;
wolfSSL	13:80fb167dafdf	1905	} CertificateStatusRequestItemV2;
wolfSSL	13:80fb167dafdf	1906
wolfSSL	13:80fb167dafdf	1907	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
wolfSSL	13:80fb167dafdf	1908	byte status_type, byte options, void* heap, int devId);
wolfSSL	13:80fb167dafdf	1909	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	1910	WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
wolfSSL	13:80fb167dafdf	1911	byte isPeer, void* heap);
wolfSSL	13:80fb167dafdf	1912	#endif
wolfSSL	13:80fb167dafdf	1913	WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
wolfSSL	13:80fb167dafdf	1914	byte index);
wolfSSL	13:80fb167dafdf	1915	WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	1916
wolfSSL	13:80fb167dafdf	1917	#endif
wolfSSL	13:80fb167dafdf	1918
wolfSSL	13:80fb167dafdf	1919	/** Supported Elliptic Curves - RFC 4492 (session 4) */
wolfSSL	13:80fb167dafdf	1920	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	13:80fb167dafdf	1921
wolfSSL	13:80fb167dafdf	1922	typedef struct EllipticCurve {
wolfSSL	13:80fb167dafdf	1923	word16 name; /* CurveNames */
wolfSSL	13:80fb167dafdf	1924	struct EllipticCurve* next; /* List Behavior */
wolfSSL	13:80fb167dafdf	1925	} EllipticCurve;
wolfSSL	13:80fb167dafdf	1926
wolfSSL	13:80fb167dafdf	1927	WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
wolfSSL	13:80fb167dafdf	1928	void* heap);
wolfSSL	13:80fb167dafdf	1929
wolfSSL	13:80fb167dafdf	1930	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	1931	WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
wolfSSL	13:80fb167dafdf	1932	byte second);
wolfSSL	13:80fb167dafdf	1933	#endif
wolfSSL	13:80fb167dafdf	1934
wolfSSL	13:80fb167dafdf	1935	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	13:80fb167dafdf	1936
wolfSSL	13:80fb167dafdf	1937	/** Renegotiation Indication - RFC 5746 */
wolfSSL	13:80fb167dafdf	1938	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	13:80fb167dafdf	1939	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	13:80fb167dafdf	1940
wolfSSL	13:80fb167dafdf	1941	enum key_cache_state {
wolfSSL	13:80fb167dafdf	1942	SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL	13:80fb167dafdf	1943	SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL	13:80fb167dafdf	1944	SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL	13:80fb167dafdf	1945	SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL	13:80fb167dafdf	1946	SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL	13:80fb167dafdf	1947	};
wolfSSL	13:80fb167dafdf	1948
wolfSSL	13:80fb167dafdf	1949	/* Additional Connection State according to rfc5746 section 3.1 */
wolfSSL	13:80fb167dafdf	1950	typedef struct SecureRenegotiation {
wolfSSL	13:80fb167dafdf	1951	byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL	13:80fb167dafdf	1952	byte startScr; /* server requested client to start scr */
wolfSSL	13:80fb167dafdf	1953	enum key_cache_state cache_status; /* track key cache state */
wolfSSL	13:80fb167dafdf	1954	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	13:80fb167dafdf	1955	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	13:80fb167dafdf	1956	byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
wolfSSL	13:80fb167dafdf	1957	Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL	13:80fb167dafdf	1958	} SecureRenegotiation;
wolfSSL	13:80fb167dafdf	1959
wolfSSL	13:80fb167dafdf	1960	WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
wolfSSL	13:80fb167dafdf	1961
wolfSSL	13:80fb167dafdf	1962	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	13:80fb167dafdf	1963	WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
wolfSSL	13:80fb167dafdf	1964	#endif
wolfSSL	13:80fb167dafdf	1965
wolfSSL	13:80fb167dafdf	1966	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	13:80fb167dafdf	1967
wolfSSL	13:80fb167dafdf	1968	/** Session Ticket - RFC 5077 (session 3.2) */
wolfSSL	13:80fb167dafdf	1969	#ifdef HAVE_SESSION_TICKET
wolfSSL	13:80fb167dafdf	1970
wolfSSL	13:80fb167dafdf	1971	typedef struct SessionTicket {
wolfSSL	13:80fb167dafdf	1972	word32 lifetime;
wolfSSL	13:80fb167dafdf	1973	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	1974	word64 seen;
wolfSSL	13:80fb167dafdf	1975	word32 ageAdd;
wolfSSL	13:80fb167dafdf	1976	#endif
wolfSSL	13:80fb167dafdf	1977	byte* data;
wolfSSL	13:80fb167dafdf	1978	word16 size;
wolfSSL	13:80fb167dafdf	1979	} SessionTicket;
wolfSSL	13:80fb167dafdf	1980
wolfSSL	13:80fb167dafdf	1981	WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL	13:80fb167dafdf	1982	SessionTicket* ticket, void* heap);
wolfSSL	13:80fb167dafdf	1983	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	13:80fb167dafdf	1984	byte* data, word16 size, void* heap);
wolfSSL	13:80fb167dafdf	1985	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
wolfSSL	13:80fb167dafdf	1986
wolfSSL	13:80fb167dafdf	1987	#endif /* HAVE_SESSION_TICKET */
wolfSSL	13:80fb167dafdf	1988
wolfSSL	13:80fb167dafdf	1989	/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
wolfSSL	13:80fb167dafdf	1990	#ifdef HAVE_QSH
wolfSSL	13:80fb167dafdf	1991
wolfSSL	13:80fb167dafdf	1992	typedef struct QSHScheme {
wolfSSL	13:80fb167dafdf	1993	struct QSHScheme* next; /* List Behavior */
wolfSSL	13:80fb167dafdf	1994	byte* PK;
wolfSSL	13:80fb167dafdf	1995	word16 name; /* QSHScheme Names */
wolfSSL	13:80fb167dafdf	1996	word16 PKLen;
wolfSSL	13:80fb167dafdf	1997	} QSHScheme;
wolfSSL	13:80fb167dafdf	1998
wolfSSL	13:80fb167dafdf	1999	typedef struct QSHkey {
wolfSSL	13:80fb167dafdf	2000	struct QSHKey* next;
wolfSSL	13:80fb167dafdf	2001	word16 name;
wolfSSL	13:80fb167dafdf	2002	buffer pub;
wolfSSL	13:80fb167dafdf	2003	buffer pri;
wolfSSL	13:80fb167dafdf	2004	} QSHKey;
wolfSSL	13:80fb167dafdf	2005
wolfSSL	13:80fb167dafdf	2006	typedef struct QSHSecret {
wolfSSL	13:80fb167dafdf	2007	QSHScheme* list;
wolfSSL	13:80fb167dafdf	2008	buffer* SerSi;
wolfSSL	13:80fb167dafdf	2009	buffer* CliSi;
wolfSSL	13:80fb167dafdf	2010	} QSHSecret;
wolfSSL	13:80fb167dafdf	2011
wolfSSL	13:80fb167dafdf	2012	/* used in key exchange during handshake */
wolfSSL	13:80fb167dafdf	2013	WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
wolfSSL	13:80fb167dafdf	2014	word16 length, byte isServer);
wolfSSL	13:80fb167dafdf	2015	WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
wolfSSL	13:80fb167dafdf	2016	WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
wolfSSL	13:80fb167dafdf	2017
wolfSSL	13:80fb167dafdf	2018	/* used by api for setting a specific QSH scheme */
wolfSSL	13:80fb167dafdf	2019	WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
wolfSSL	13:80fb167dafdf	2020	byte* pKey, word16 pKeySz, void* heap);
wolfSSL	13:80fb167dafdf	2021
wolfSSL	13:80fb167dafdf	2022	/* used when parsing in QSHCipher structs */
wolfSSL	13:80fb167dafdf	2023	WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	13:80fb167dafdf	2024	byte* out, word16* szOut);
wolfSSL	13:80fb167dafdf	2025	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	2026	WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
wolfSSL	13:80fb167dafdf	2027	#endif
wolfSSL	13:80fb167dafdf	2028
wolfSSL	13:80fb167dafdf	2029	#endif /* HAVE_QSH */
wolfSSL	13:80fb167dafdf	2030
wolfSSL	13:80fb167dafdf	2031	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2032	/* Key Share - TLS v1.3 Specification */
wolfSSL	13:80fb167dafdf	2033
wolfSSL	13:80fb167dafdf	2034	/* The KeyShare extension information - entry in a linked list. */
wolfSSL	13:80fb167dafdf	2035	typedef struct KeyShareEntry {
wolfSSL	13:80fb167dafdf	2036	word16 group; /* NamedGroup */
wolfSSL	13:80fb167dafdf	2037	byte* ke; /* Key exchange data */
wolfSSL	13:80fb167dafdf	2038	word32 keLen; /* Key exchange data length */
wolfSSL	13:80fb167dafdf	2039	void* key; /* Private key */
wolfSSL	13:80fb167dafdf	2040	word32 keyLen; /* Private key length */
wolfSSL	13:80fb167dafdf	2041	struct KeyShareEntry* next; /* List pointer */
wolfSSL	13:80fb167dafdf	2042	} KeyShareEntry;
wolfSSL	13:80fb167dafdf	2043
wolfSSL	13:80fb167dafdf	2044	WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
wolfSSL	13:80fb167dafdf	2045	byte* data, KeyShareEntry **kse);
wolfSSL	13:80fb167dafdf	2046	WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	2047	WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	2048
wolfSSL	13:80fb167dafdf	2049	#ifndef NO_PSK
wolfSSL	13:80fb167dafdf	2050	/* The PreSharedKey extension information - entry in a linked list. */
wolfSSL	13:80fb167dafdf	2051	typedef struct PreSharedKey {
wolfSSL	13:80fb167dafdf	2052	word16 identityLen; /* Length of identity */
wolfSSL	13:80fb167dafdf	2053	byte* identity; /* PSK identity */
wolfSSL	13:80fb167dafdf	2054	word32 ticketAge; /* Age of the ticket */
wolfSSL	13:80fb167dafdf	2055	byte binderLen; /* Length of HMAC */
wolfSSL	13:80fb167dafdf	2056	byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */
wolfSSL	13:80fb167dafdf	2057	byte hmac; /* HMAC algorithm */
wolfSSL	13:80fb167dafdf	2058	byte resumption:1; /* Resumption PSK */
wolfSSL	13:80fb167dafdf	2059	byte chosen:1; /* Server's choice */
wolfSSL	13:80fb167dafdf	2060	struct PreSharedKey* next; /* List pointer */
wolfSSL	13:80fb167dafdf	2061	} PreSharedKey;
wolfSSL	13:80fb167dafdf	2062
wolfSSL	13:80fb167dafdf	2063	WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
wolfSSL	13:80fb167dafdf	2064	byte* output, byte msgType);
wolfSSL	13:80fb167dafdf	2065	WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
wolfSSL	13:80fb167dafdf	2066	byte msgType);
wolfSSL	13:80fb167dafdf	2067	WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
wolfSSL	13:80fb167dafdf	2068	word16 len, word32 age, byte hmac,
wolfSSL	13:80fb167dafdf	2069	byte resumption,
wolfSSL	13:80fb167dafdf	2070	PreSharedKey **preSharedKey);
wolfSSL	13:80fb167dafdf	2071
wolfSSL	13:80fb167dafdf	2072	enum PskKeyExchangeMode {
wolfSSL	13:80fb167dafdf	2073	PSK_KE,
wolfSSL	13:80fb167dafdf	2074	PSK_DHE_KE
wolfSSL	13:80fb167dafdf	2075	};
wolfSSL	13:80fb167dafdf	2076
wolfSSL	13:80fb167dafdf	2077	WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
wolfSSL	13:80fb167dafdf	2078	#endif /* NO_PSK */
wolfSSL	13:80fb167dafdf	2079
wolfSSL	13:80fb167dafdf	2080	/* The types of keys to derive for. */
wolfSSL	13:80fb167dafdf	2081	enum DeriveKeyType {
wolfSSL	13:80fb167dafdf	2082	handshake_key,
wolfSSL	13:80fb167dafdf	2083	traffic_key,
wolfSSL	13:80fb167dafdf	2084	update_traffic_key
wolfSSL	13:80fb167dafdf	2085	};
wolfSSL	13:80fb167dafdf	2086
wolfSSL	13:80fb167dafdf	2087	/* The key update request values for KeyUpdate message. */
wolfSSL	13:80fb167dafdf	2088	enum KeyUpdateRequest {
wolfSSL	13:80fb167dafdf	2089	update_not_requested,
wolfSSL	13:80fb167dafdf	2090	update_requested
wolfSSL	13:80fb167dafdf	2091	};
wolfSSL	13:80fb167dafdf	2092	#endif /* WOLFSSL_TLS13 */
wolfSSL	13:80fb167dafdf	2093
wolfSSL	13:80fb167dafdf	2094
wolfSSL	13:80fb167dafdf	2095	/* wolfSSL context type */
wolfSSL	13:80fb167dafdf	2096	struct WOLFSSL_CTX {
wolfSSL	13:80fb167dafdf	2097	WOLFSSL_METHOD* method;
wolfSSL	13:80fb167dafdf	2098	#ifdef SINGLE_THREADED
wolfSSL	13:80fb167dafdf	2099	WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
wolfSSL	13:80fb167dafdf	2100	#endif
wolfSSL	13:80fb167dafdf	2101	wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	13:80fb167dafdf	2102	int refCount; /* reference count */
wolfSSL	13:80fb167dafdf	2103	int err; /* error code in case of mutex not created */
wolfSSL	13:80fb167dafdf	2104	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	2105	buffer serverDH_P;
wolfSSL	13:80fb167dafdf	2106	buffer serverDH_G;
wolfSSL	13:80fb167dafdf	2107	#endif
wolfSSL	13:80fb167dafdf	2108	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	2109	DerBuffer* certificate;
wolfSSL	13:80fb167dafdf	2110	DerBuffer* certChain;
wolfSSL	13:80fb167dafdf	2111	/* chain after self, in DER, with leading size for each cert */
wolfSSL	13:80fb167dafdf	2112	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	2113	STACK_OF(WOLFSSL_X509_NAME)* ca_names;
wolfSSL	13:80fb167dafdf	2114	#endif
wolfSSL	13:80fb167dafdf	2115	#if defined(WOLFSSL_NGINX) \|\| defined (WOLFSSL_HAPROXY)
wolfSSL	13:80fb167dafdf	2116	STACK_OF(WOLFSSL_X509)* x509Chain;
wolfSSL	13:80fb167dafdf	2117	#endif
wolfSSL	13:80fb167dafdf	2118	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2119	int certChainCnt;
wolfSSL	13:80fb167dafdf	2120	#endif
wolfSSL	13:80fb167dafdf	2121	DerBuffer* privateKey;
wolfSSL	13:80fb167dafdf	2122	WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	13:80fb167dafdf	2123	#endif
wolfSSL	13:80fb167dafdf	2124	#ifdef KEEP_OUR_CERT
wolfSSL	13:80fb167dafdf	2125	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
wolfSSL	13:80fb167dafdf	2126	int ownOurCert; /* Dispose of certificate if we own */
wolfSSL	13:80fb167dafdf	2127	#endif
wolfSSL	13:80fb167dafdf	2128	Suites* suites; /* make dynamic, user may not need/set */
wolfSSL	13:80fb167dafdf	2129	void* heap; /* for user memory overrides */
wolfSSL	13:80fb167dafdf	2130	byte verifyPeer;
wolfSSL	13:80fb167dafdf	2131	byte verifyNone;
wolfSSL	13:80fb167dafdf	2132	byte failNoCert;
wolfSSL	13:80fb167dafdf	2133	byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/
wolfSSL	13:80fb167dafdf	2134	byte sessionCacheOff;
wolfSSL	13:80fb167dafdf	2135	byte sessionCacheFlushOff;
wolfSSL	13:80fb167dafdf	2136	#ifdef HAVE_EXT_CACHE
wolfSSL	13:80fb167dafdf	2137	byte internalCacheOff;
wolfSSL	13:80fb167dafdf	2138	#endif
wolfSSL	13:80fb167dafdf	2139	byte sendVerify; /* for client side */
wolfSSL	13:80fb167dafdf	2140	byte haveRSA; /* RSA available */
wolfSSL	13:80fb167dafdf	2141	byte haveECC; /* ECC available */
wolfSSL	13:80fb167dafdf	2142	byte haveDH; /* server DH parms set by user */
wolfSSL	13:80fb167dafdf	2143	byte haveNTRU; /* server private NTRU key loaded */
wolfSSL	13:80fb167dafdf	2144	byte haveECDSAsig; /* server cert signed w/ ECDSA */
wolfSSL	13:80fb167dafdf	2145	byte haveStaticECC; /* static server ECC private key */
wolfSSL	13:80fb167dafdf	2146	byte partialWrite; /* only one msg per write call */
wolfSSL	13:80fb167dafdf	2147	byte quietShutdown; /* don't send close notify */
wolfSSL	13:80fb167dafdf	2148	byte groupMessages; /* group handshake messages before sending */
wolfSSL	13:80fb167dafdf	2149	byte minDowngrade; /* minimum downgrade version */
wolfSSL	13:80fb167dafdf	2150	byte haveEMS; /* have extended master secret extension */
wolfSSL	13:80fb167dafdf	2151	byte useClientOrder; /* Use client's cipher preference order */
wolfSSL	13:80fb167dafdf	2152	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2153	byte noTicketTls13; /* Server won't create new Ticket */
wolfSSL	13:80fb167dafdf	2154	byte noPskDheKe; /* Don't use (EC)DHE with PSK */
wolfSSL	13:80fb167dafdf	2155	#endif
wolfSSL	13:80fb167dafdf	2156	#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL	13:80fb167dafdf	2157	byte dtlsSctp; /* DTLS-over-SCTP mode */
wolfSSL	13:80fb167dafdf	2158	word16 dtlsMtuSz; /* DTLS MTU size */
wolfSSL	13:80fb167dafdf	2159	#endif
wolfSSL	13:80fb167dafdf	2160	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	2161	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	13:80fb167dafdf	2162	#endif
wolfSSL	13:80fb167dafdf	2163	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	2164	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	13:80fb167dafdf	2165	#endif
wolfSSL	13:80fb167dafdf	2166	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	2167	short minEccKeySz; /* minimum ECC key size */
wolfSSL	13:80fb167dafdf	2168	#endif
wolfSSL	13:80fb167dafdf	2169	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	2170	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	13:80fb167dafdf	2171	#endif
wolfSSL	13:80fb167dafdf	2172	CallbackIORecv CBIORecv;
wolfSSL	13:80fb167dafdf	2173	CallbackIOSend CBIOSend;
wolfSSL	13:80fb167dafdf	2174	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	2175	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	13:80fb167dafdf	2176	wc_dtls_export dtls_export; /* export function for DTLS session */
wolfSSL	13:80fb167dafdf	2177	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	13:80fb167dafdf	2178	CallbackGetPeer CBGetPeer;
wolfSSL	13:80fb167dafdf	2179	CallbackSetPeer CBSetPeer;
wolfSSL	13:80fb167dafdf	2180	#endif
wolfSSL	13:80fb167dafdf	2181	#endif /* WOLFSSL_DTLS */
wolfSSL	13:80fb167dafdf	2182	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	13:80fb167dafdf	2183	word32 timeout; /* session timeout */
wolfSSL	13:80fb167dafdf	2184	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	2185	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	13:80fb167dafdf	2186	word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL	13:80fb167dafdf	2187	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	13:80fb167dafdf	2188	#endif
wolfSSL	13:80fb167dafdf	2189	#ifndef NO_PSK
wolfSSL	13:80fb167dafdf	2190	byte havePSK; /* psk key set by user */
wolfSSL	13:80fb167dafdf	2191	wc_psk_client_callback client_psk_cb; /* client callback */
wolfSSL	13:80fb167dafdf	2192	wc_psk_server_callback server_psk_cb; /* server callback */
wolfSSL	13:80fb167dafdf	2193	char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	13:80fb167dafdf	2194	#endif /* NO_PSK */
wolfSSL	13:80fb167dafdf	2195	#ifdef HAVE_ANON
wolfSSL	13:80fb167dafdf	2196	byte haveAnon; /* User wants to allow Anon suites */
wolfSSL	13:80fb167dafdf	2197	#endif /* HAVE_ANON */
wolfSSL	13:80fb167dafdf	2198	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	13:80fb167dafdf	2199	pem_password_cb* passwd_cb;
wolfSSL	13:80fb167dafdf	2200	void* userdata;
wolfSSL	13:80fb167dafdf	2201	WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
wolfSSL	13:80fb167dafdf	2202	byte readAhead;
wolfSSL	13:80fb167dafdf	2203	void* userPRFArg; /* passed to prf callback */
wolfSSL	13:80fb167dafdf	2204	#endif /* OPENSSL_EXTRA */
wolfSSL	13:80fb167dafdf	2205	#ifdef HAVE_EX_DATA
wolfSSL	13:80fb167dafdf	2206	void* ex_data[MAX_EX_DATA];
wolfSSL	13:80fb167dafdf	2207	#endif
wolfSSL	13:80fb167dafdf	2208	#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY))
wolfSSL	13:80fb167dafdf	2209	CallbackALPNSelect alpnSelect;
wolfSSL	13:80fb167dafdf	2210	void* alpnSelectArg;
wolfSSL	13:80fb167dafdf	2211	#endif
wolfSSL	13:80fb167dafdf	2212	#if defined(HAVE_STUNNEL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	13:80fb167dafdf	2213	CallbackSniRecv sniRecvCb;
wolfSSL	13:80fb167dafdf	2214	void* sniRecvCbArg;
wolfSSL	13:80fb167dafdf	2215	#endif
wolfSSL	13:80fb167dafdf	2216	#ifdef HAVE_OCSP
wolfSSL	13:80fb167dafdf	2217	WOLFSSL_OCSP ocsp;
wolfSSL	13:80fb167dafdf	2218	#endif
wolfSSL	13:80fb167dafdf	2219	int devId; /* async device id to use */
wolfSSL	13:80fb167dafdf	2220	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	13:80fb167dafdf	2221	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	13:80fb167dafdf	2222	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	2223	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	13:80fb167dafdf	2224	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	13:80fb167dafdf	2225	OcspRequest* certOcspRequest;
wolfSSL	13:80fb167dafdf	2226	#endif
wolfSSL	13:80fb167dafdf	2227	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	13:80fb167dafdf	2228	OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
wolfSSL	13:80fb167dafdf	2229	#endif
wolfSSL	13:80fb167dafdf	2230	#endif
wolfSSL	13:80fb167dafdf	2231	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	13:80fb167dafdf	2232	SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL	13:80fb167dafdf	2233	void* ticketEncCtx; /* session encrypt context */
wolfSSL	13:80fb167dafdf	2234	int ticketHint; /* ticket hint in seconds */
wolfSSL	13:80fb167dafdf	2235	#endif
wolfSSL	13:80fb167dafdf	2236	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	13:80fb167dafdf	2237	byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
wolfSSL	13:80fb167dafdf	2238	#endif
wolfSSL	13:80fb167dafdf	2239	#endif
wolfSSL	13:80fb167dafdf	2240	#ifdef ATOMIC_USER
wolfSSL	13:80fb167dafdf	2241	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	13:80fb167dafdf	2242	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	13:80fb167dafdf	2243	#endif
wolfSSL	13:80fb167dafdf	2244	#ifdef HAVE_PK_CALLBACKS
wolfSSL	13:80fb167dafdf	2245	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	2246	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	13:80fb167dafdf	2247	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	13:80fb167dafdf	2248	CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
wolfSSL	13:80fb167dafdf	2249	#endif /* HAVE_ECC */
wolfSSL	13:80fb167dafdf	2250	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	2251	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
wolfSSL	13:80fb167dafdf	2252	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
wolfSSL	13:80fb167dafdf	2253	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	13:80fb167dafdf	2254	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	13:80fb167dafdf	2255	#endif /* NO_RSA */
wolfSSL	13:80fb167dafdf	2256	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	13:80fb167dafdf	2257	#ifdef HAVE_WOLF_EVENT
wolfSSL	13:80fb167dafdf	2258	WOLF_EVENT_QUEUE event_queue;
wolfSSL	13:80fb167dafdf	2259	#endif /* HAVE_WOLF_EVENT */
wolfSSL	13:80fb167dafdf	2260	#ifdef HAVE_EXT_CACHE
wolfSSL	13:80fb167dafdf	2261	WOLFSSL_SESSION(get_sess_cb)(WOLFSSL, unsigned char, int, int*);
wolfSSL	13:80fb167dafdf	2262	int (new_sess_cb)(WOLFSSL, WOLFSSL_SESSION*);
wolfSSL	13:80fb167dafdf	2263	void (rem_sess_cb)(WOLFSSL_CTX, WOLFSSL_SESSION*);
wolfSSL	13:80fb167dafdf	2264	#endif
wolfSSL	13:80fb167dafdf	2265	};
wolfSSL	13:80fb167dafdf	2266
wolfSSL	13:80fb167dafdf	2267
wolfSSL	13:80fb167dafdf	2268	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2269	WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
wolfSSL	13:80fb167dafdf	2270	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2271	int InitSSL_Ctx(WOLFSSL_CTX, WOLFSSL_METHOD, void* heap);
wolfSSL	13:80fb167dafdf	2272	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2273	void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL	13:80fb167dafdf	2274	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2275	void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL	13:80fb167dafdf	2276
wolfSSL	13:80fb167dafdf	2277	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2278	int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	2279	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2280	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	13:80fb167dafdf	2281	word32 inSz, word16 sz);
wolfSSL	13:80fb167dafdf	2282
wolfSSL	13:80fb167dafdf	2283	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	2284	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2285	int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
wolfSSL	13:80fb167dafdf	2286	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2287	int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	13:80fb167dafdf	2288	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	13:80fb167dafdf	2289	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2290	int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
wolfSSL	13:80fb167dafdf	2291	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2292	int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	13:80fb167dafdf	2293	#endif
wolfSSL	13:80fb167dafdf	2294	#endif
wolfSSL	13:80fb167dafdf	2295
wolfSSL	13:80fb167dafdf	2296	/* All cipher suite related info
wolfSSL	13:80fb167dafdf	2297	* Keep as a constant size (no ifdefs) for session export */
wolfSSL	13:80fb167dafdf	2298	typedef struct CipherSpecs {
wolfSSL	13:80fb167dafdf	2299	word16 key_size;
wolfSSL	13:80fb167dafdf	2300	word16 iv_size;
wolfSSL	13:80fb167dafdf	2301	word16 block_size;
wolfSSL	13:80fb167dafdf	2302	word16 aead_mac_size;
wolfSSL	13:80fb167dafdf	2303	byte bulk_cipher_algorithm;
wolfSSL	13:80fb167dafdf	2304	byte cipher_type; /* block, stream, or aead */
wolfSSL	13:80fb167dafdf	2305	byte mac_algorithm;
wolfSSL	13:80fb167dafdf	2306	byte kea; /* key exchange algo */
wolfSSL	13:80fb167dafdf	2307	byte sig_algo;
wolfSSL	13:80fb167dafdf	2308	byte hash_size;
wolfSSL	13:80fb167dafdf	2309	byte pad_size;
wolfSSL	13:80fb167dafdf	2310	byte static_ecdh;
wolfSSL	13:80fb167dafdf	2311	} CipherSpecs;
wolfSSL	13:80fb167dafdf	2312
wolfSSL	13:80fb167dafdf	2313
wolfSSL	13:80fb167dafdf	2314	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	13:80fb167dafdf	2315
wolfSSL	13:80fb167dafdf	2316
wolfSSL	13:80fb167dafdf	2317	/* Supported Message Authentication Codes from page 43 */
wolfSSL	13:80fb167dafdf	2318	enum MACAlgorithm {
wolfSSL	13:80fb167dafdf	2319	no_mac,
wolfSSL	13:80fb167dafdf	2320	md5_mac,
wolfSSL	13:80fb167dafdf	2321	sha_mac,
wolfSSL	13:80fb167dafdf	2322	sha224_mac,
wolfSSL	13:80fb167dafdf	2323	sha256_mac, /* needs to match external KDF_MacAlgorithm */
wolfSSL	13:80fb167dafdf	2324	sha384_mac,
wolfSSL	13:80fb167dafdf	2325	sha512_mac,
wolfSSL	13:80fb167dafdf	2326	rmd_mac,
wolfSSL	13:80fb167dafdf	2327	blake2b_mac
wolfSSL	13:80fb167dafdf	2328	};
wolfSSL	13:80fb167dafdf	2329
wolfSSL	13:80fb167dafdf	2330
wolfSSL	13:80fb167dafdf	2331	/* Supported Key Exchange Protocols */
wolfSSL	13:80fb167dafdf	2332	enum KeyExchangeAlgorithm {
wolfSSL	13:80fb167dafdf	2333	no_kea,
wolfSSL	13:80fb167dafdf	2334	rsa_kea,
wolfSSL	13:80fb167dafdf	2335	diffie_hellman_kea,
wolfSSL	13:80fb167dafdf	2336	fortezza_kea,
wolfSSL	13:80fb167dafdf	2337	psk_kea,
wolfSSL	13:80fb167dafdf	2338	dhe_psk_kea,
wolfSSL	13:80fb167dafdf	2339	ecdhe_psk_kea,
wolfSSL	13:80fb167dafdf	2340	ntru_kea,
wolfSSL	13:80fb167dafdf	2341	ecc_diffie_hellman_kea,
wolfSSL	13:80fb167dafdf	2342	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	13:80fb167dafdf	2343	};
wolfSSL	13:80fb167dafdf	2344
wolfSSL	13:80fb167dafdf	2345
wolfSSL	13:80fb167dafdf	2346	/* Supported Authentication Schemes */
wolfSSL	13:80fb167dafdf	2347	enum SignatureAlgorithm {
wolfSSL	13:80fb167dafdf	2348	anonymous_sa_algo = 0,
wolfSSL	13:80fb167dafdf	2349	rsa_sa_algo = 1,
wolfSSL	13:80fb167dafdf	2350	dsa_sa_algo = 2,
wolfSSL	13:80fb167dafdf	2351	ecc_dsa_sa_algo = 3,
wolfSSL	13:80fb167dafdf	2352	rsa_pss_sa_algo = 8
wolfSSL	13:80fb167dafdf	2353	};
wolfSSL	13:80fb167dafdf	2354
wolfSSL	13:80fb167dafdf	2355
wolfSSL	13:80fb167dafdf	2356	/* Supprted ECC Curve Types */
wolfSSL	13:80fb167dafdf	2357	enum EccCurves {
wolfSSL	13:80fb167dafdf	2358	named_curve = 3
wolfSSL	13:80fb167dafdf	2359	};
wolfSSL	13:80fb167dafdf	2360
wolfSSL	13:80fb167dafdf	2361
wolfSSL	13:80fb167dafdf	2362	/* Valid client certificate request types from page 27 */
wolfSSL	13:80fb167dafdf	2363	enum ClientCertificateType {
wolfSSL	13:80fb167dafdf	2364	rsa_sign = 1,
wolfSSL	13:80fb167dafdf	2365	dss_sign = 2,
wolfSSL	13:80fb167dafdf	2366	rsa_fixed_dh = 3,
wolfSSL	13:80fb167dafdf	2367	dss_fixed_dh = 4,
wolfSSL	13:80fb167dafdf	2368	rsa_ephemeral_dh = 5,
wolfSSL	13:80fb167dafdf	2369	dss_ephemeral_dh = 6,
wolfSSL	13:80fb167dafdf	2370	fortezza_kea_cert = 20,
wolfSSL	13:80fb167dafdf	2371	ecdsa_sign = 64,
wolfSSL	13:80fb167dafdf	2372	rsa_fixed_ecdh = 65,
wolfSSL	13:80fb167dafdf	2373	ecdsa_fixed_ecdh = 66
wolfSSL	13:80fb167dafdf	2374	};
wolfSSL	13:80fb167dafdf	2375
wolfSSL	13:80fb167dafdf	2376
wolfSSL	13:80fb167dafdf	2377	enum CipherType { stream, block, aead };
wolfSSL	13:80fb167dafdf	2378
wolfSSL	13:80fb167dafdf	2379
wolfSSL	13:80fb167dafdf	2380
wolfSSL	13:80fb167dafdf	2381
wolfSSL	13:80fb167dafdf	2382
wolfSSL	13:80fb167dafdf	2383
wolfSSL	13:80fb167dafdf	2384	/* cipher for now */
wolfSSL	13:80fb167dafdf	2385	typedef struct Ciphers {
wolfSSL	13:80fb167dafdf	2386	#ifdef BUILD_ARC4
wolfSSL	13:80fb167dafdf	2387	Arc4* arc4;
wolfSSL	13:80fb167dafdf	2388	#endif
wolfSSL	13:80fb167dafdf	2389	#ifdef BUILD_DES3
wolfSSL	13:80fb167dafdf	2390	Des3* des3;
wolfSSL	13:80fb167dafdf	2391	#endif
wolfSSL	13:80fb167dafdf	2392	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	13:80fb167dafdf	2393	Aes* aes;
wolfSSL	13:80fb167dafdf	2394	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	13:80fb167dafdf	2395	byte* additional;
wolfSSL	13:80fb167dafdf	2396	byte* nonce;
wolfSSL	13:80fb167dafdf	2397	#endif
wolfSSL	13:80fb167dafdf	2398	#endif
wolfSSL	13:80fb167dafdf	2399	#ifdef HAVE_CAMELLIA
wolfSSL	13:80fb167dafdf	2400	Camellia* cam;
wolfSSL	13:80fb167dafdf	2401	#endif
wolfSSL	13:80fb167dafdf	2402	#ifdef HAVE_CHACHA
wolfSSL	13:80fb167dafdf	2403	ChaCha* chacha;
wolfSSL	13:80fb167dafdf	2404	#endif
wolfSSL	13:80fb167dafdf	2405	#ifdef HAVE_HC128
wolfSSL	13:80fb167dafdf	2406	HC128* hc128;
wolfSSL	13:80fb167dafdf	2407	#endif
wolfSSL	13:80fb167dafdf	2408	#ifdef BUILD_RABBIT
wolfSSL	13:80fb167dafdf	2409	Rabbit* rabbit;
wolfSSL	13:80fb167dafdf	2410	#endif
wolfSSL	13:80fb167dafdf	2411	#ifdef HAVE_IDEA
wolfSSL	13:80fb167dafdf	2412	Idea* idea;
wolfSSL	13:80fb167dafdf	2413	#endif
wolfSSL	13:80fb167dafdf	2414	byte state;
wolfSSL	13:80fb167dafdf	2415	byte setup; /* have we set it up flag for detection */
wolfSSL	13:80fb167dafdf	2416	} Ciphers;
wolfSSL	13:80fb167dafdf	2417
wolfSSL	13:80fb167dafdf	2418
wolfSSL	13:80fb167dafdf	2419	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	13:80fb167dafdf	2420	/* Ciphers for one time authentication such as poly1305 */
wolfSSL	13:80fb167dafdf	2421	typedef struct OneTimeAuth {
wolfSSL	13:80fb167dafdf	2422	#ifdef HAVE_POLY1305
wolfSSL	13:80fb167dafdf	2423	Poly1305* poly1305;
wolfSSL	13:80fb167dafdf	2424	#endif
wolfSSL	13:80fb167dafdf	2425	byte setup; /* flag for if a cipher has been set */
wolfSSL	13:80fb167dafdf	2426
wolfSSL	13:80fb167dafdf	2427	} OneTimeAuth;
wolfSSL	13:80fb167dafdf	2428	#endif
wolfSSL	13:80fb167dafdf	2429
wolfSSL	13:80fb167dafdf	2430
wolfSSL	13:80fb167dafdf	2431	WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	2432	WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	2433
wolfSSL	13:80fb167dafdf	2434
wolfSSL	13:80fb167dafdf	2435	/* hashes type */
wolfSSL	13:80fb167dafdf	2436	typedef struct Hashes {
wolfSSL	13:80fb167dafdf	2437	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	13:80fb167dafdf	2438	byte md5[MD5_DIGEST_SIZE];
wolfSSL	13:80fb167dafdf	2439	#endif
wolfSSL	13:80fb167dafdf	2440	#if !defined(NO_SHA)
wolfSSL	13:80fb167dafdf	2441	byte sha[SHA_DIGEST_SIZE];
wolfSSL	13:80fb167dafdf	2442	#endif
wolfSSL	13:80fb167dafdf	2443	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	2444	byte sha256[SHA256_DIGEST_SIZE];
wolfSSL	13:80fb167dafdf	2445	#endif
wolfSSL	13:80fb167dafdf	2446	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	2447	byte sha384[SHA384_DIGEST_SIZE];
wolfSSL	13:80fb167dafdf	2448	#endif
wolfSSL	13:80fb167dafdf	2449	#ifdef WOLFSSL_SHA512
wolfSSL	13:80fb167dafdf	2450	byte sha512[SHA512_DIGEST_SIZE];
wolfSSL	13:80fb167dafdf	2451	#endif
wolfSSL	13:80fb167dafdf	2452	} Hashes;
wolfSSL	13:80fb167dafdf	2453
wolfSSL	13:80fb167dafdf	2454	WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
wolfSSL	13:80fb167dafdf	2455
wolfSSL	13:80fb167dafdf	2456	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2457	typedef union Digest {
wolfSSL	13:80fb167dafdf	2458	#ifndef NO_WOLFSSL_SHA256
wolfSSL	13:80fb167dafdf	2459	Sha256 sha256;
wolfSSL	13:80fb167dafdf	2460	#endif
wolfSSL	13:80fb167dafdf	2461	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	2462	Sha384 sha384;
wolfSSL	13:80fb167dafdf	2463	#endif
wolfSSL	13:80fb167dafdf	2464	#ifdef WOLFSSL_SHA512
wolfSSL	13:80fb167dafdf	2465	Sha512 sha512;
wolfSSL	13:80fb167dafdf	2466	#endif
wolfSSL	13:80fb167dafdf	2467	} Digest;
wolfSSL	13:80fb167dafdf	2468	#endif
wolfSSL	13:80fb167dafdf	2469
wolfSSL	13:80fb167dafdf	2470	/* Static x509 buffer */
wolfSSL	13:80fb167dafdf	2471	typedef struct x509_buffer {
wolfSSL	13:80fb167dafdf	2472	int length; /* actual size */
wolfSSL	13:80fb167dafdf	2473	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	13:80fb167dafdf	2474	} x509_buffer;
wolfSSL	13:80fb167dafdf	2475
wolfSSL	13:80fb167dafdf	2476
wolfSSL	13:80fb167dafdf	2477	/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	13:80fb167dafdf	2478	struct WOLFSSL_X509_CHAIN {
wolfSSL	13:80fb167dafdf	2479	int count; /* total number in chain */
wolfSSL	13:80fb167dafdf	2480	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	13:80fb167dafdf	2481	};
wolfSSL	13:80fb167dafdf	2482
wolfSSL	13:80fb167dafdf	2483
wolfSSL	13:80fb167dafdf	2484	/* wolfSSL session type */
wolfSSL	13:80fb167dafdf	2485	struct WOLFSSL_SESSION {
wolfSSL	13:80fb167dafdf	2486	word32 bornOn; /* create time in seconds */
wolfSSL	13:80fb167dafdf	2487	word32 timeout; /* timeout in seconds */
wolfSSL	13:80fb167dafdf	2488	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	13:80fb167dafdf	2489	byte sessionIDSz;
wolfSSL	13:80fb167dafdf	2490	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	13:80fb167dafdf	2491	word16 haveEMS; /* ext master secret flag */
wolfSSL	13:80fb167dafdf	2492	#ifdef SESSION_CERTS
wolfSSL	13:80fb167dafdf	2493	WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	13:80fb167dafdf	2494	#endif
wolfSSL	13:80fb167dafdf	2495	#if defined(SESSION_CERTS) \|\| (defined(WOLFSSL_TLS13) && \
wolfSSL	13:80fb167dafdf	2496	defined(HAVE_SESSION_TICKET))
wolfSSL	13:80fb167dafdf	2497	ProtocolVersion version; /* which version was used */
wolfSSL	13:80fb167dafdf	2498	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	13:80fb167dafdf	2499	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	13:80fb167dafdf	2500	#endif
wolfSSL	13:80fb167dafdf	2501	#ifndef NO_CLIENT_CACHE
wolfSSL	13:80fb167dafdf	2502	word16 idLen; /* serverID length */
wolfSSL	13:80fb167dafdf	2503	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	13:80fb167dafdf	2504	#endif
wolfSSL	13:80fb167dafdf	2505	#ifdef HAVE_SESSION_TICKET
wolfSSL	13:80fb167dafdf	2506	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2507	byte namedGroup;
wolfSSL	13:80fb167dafdf	2508	word32 ticketSeen; /* Time ticket seen (ms) */
wolfSSL	13:80fb167dafdf	2509	word32 ticketAdd; /* Added by client */
wolfSSL	13:80fb167dafdf	2510	#endif
wolfSSL	13:80fb167dafdf	2511	byte* ticket;
wolfSSL	13:80fb167dafdf	2512	word16 ticketLen;
wolfSSL	13:80fb167dafdf	2513	byte staticTicket[SESSION_TICKET_LEN];
wolfSSL	13:80fb167dafdf	2514	byte isDynamic;
wolfSSL	13:80fb167dafdf	2515	#endif
wolfSSL	13:80fb167dafdf	2516	#ifdef HAVE_EXT_CACHE
wolfSSL	13:80fb167dafdf	2517	byte isAlloced;
wolfSSL	13:80fb167dafdf	2518	#endif
wolfSSL	13:80fb167dafdf	2519	#ifdef HAVE_EX_DATA
wolfSSL	13:80fb167dafdf	2520	void* ex_data[MAX_EX_DATA];
wolfSSL	13:80fb167dafdf	2521	#endif
wolfSSL	13:80fb167dafdf	2522	};
wolfSSL	13:80fb167dafdf	2523
wolfSSL	13:80fb167dafdf	2524
wolfSSL	13:80fb167dafdf	2525	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2526	WOLFSSL_SESSION* GetSession(WOLFSSL, byte, byte);
wolfSSL	13:80fb167dafdf	2527	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	2528	int SetSession(WOLFSSL, WOLFSSL_SESSION);
wolfSSL	13:80fb167dafdf	2529
wolfSSL	13:80fb167dafdf	2530	typedef int (hmacfp) (WOLFSSL, byte, const byte, word32, int, int);
wolfSSL	13:80fb167dafdf	2531
wolfSSL	13:80fb167dafdf	2532	#ifndef NO_CLIENT_CACHE
wolfSSL	13:80fb167dafdf	2533	WOLFSSL_SESSION* GetSessionClient(WOLFSSL, const byte, int);
wolfSSL	13:80fb167dafdf	2534	#endif
wolfSSL	13:80fb167dafdf	2535
wolfSSL	13:80fb167dafdf	2536	/* client connect state for nonblocking restart */
wolfSSL	13:80fb167dafdf	2537	enum ConnectState {
wolfSSL	13:80fb167dafdf	2538	CONNECT_BEGIN = 0,
wolfSSL	13:80fb167dafdf	2539	CLIENT_HELLO_SENT,
wolfSSL	13:80fb167dafdf	2540	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	13:80fb167dafdf	2541	HELLO_AGAIN_REPLY,
wolfSSL	13:80fb167dafdf	2542	FIRST_REPLY_DONE,
wolfSSL	13:80fb167dafdf	2543	FIRST_REPLY_FIRST,
wolfSSL	13:80fb167dafdf	2544	FIRST_REPLY_SECOND,
wolfSSL	13:80fb167dafdf	2545	FIRST_REPLY_THIRD,
wolfSSL	13:80fb167dafdf	2546	FIRST_REPLY_FOURTH,
wolfSSL	13:80fb167dafdf	2547	FINISHED_DONE,
wolfSSL	13:80fb167dafdf	2548	SECOND_REPLY_DONE
wolfSSL	13:80fb167dafdf	2549	};
wolfSSL	13:80fb167dafdf	2550
wolfSSL	13:80fb167dafdf	2551
wolfSSL	13:80fb167dafdf	2552	/* server accept state for nonblocking restart */
wolfSSL	13:80fb167dafdf	2553	enum AcceptState {
wolfSSL	13:80fb167dafdf	2554	ACCEPT_BEGIN = 0,
wolfSSL	13:80fb167dafdf	2555	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	13:80fb167dafdf	2556	ACCEPT_HELLO_RETRY_REQUEST_DONE,
wolfSSL	13:80fb167dafdf	2557	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	13:80fb167dafdf	2558	SERVER_HELLO_SENT,
wolfSSL	13:80fb167dafdf	2559	SERVER_EXTENSIONS_SENT,
wolfSSL	13:80fb167dafdf	2560	CERT_SENT,
wolfSSL	13:80fb167dafdf	2561	CERT_VERIFY_SENT,
wolfSSL	13:80fb167dafdf	2562	CERT_STATUS_SENT,
wolfSSL	13:80fb167dafdf	2563	KEY_EXCHANGE_SENT,
wolfSSL	13:80fb167dafdf	2564	CERT_REQ_SENT,
wolfSSL	13:80fb167dafdf	2565	SERVER_HELLO_DONE,
wolfSSL	13:80fb167dafdf	2566	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	13:80fb167dafdf	2567	TICKET_SENT,
wolfSSL	13:80fb167dafdf	2568	CHANGE_CIPHER_SENT,
wolfSSL	13:80fb167dafdf	2569	ACCEPT_FINISHED_DONE,
wolfSSL	13:80fb167dafdf	2570	ACCEPT_THIRD_REPLY_DONE
wolfSSL	13:80fb167dafdf	2571	};
wolfSSL	13:80fb167dafdf	2572
wolfSSL	13:80fb167dafdf	2573	/* buffers for struct WOLFSSL */
wolfSSL	13:80fb167dafdf	2574	typedef struct Buffers {
wolfSSL	13:80fb167dafdf	2575	bufferStatic inputBuffer;
wolfSSL	13:80fb167dafdf	2576	bufferStatic outputBuffer;
wolfSSL	13:80fb167dafdf	2577	buffer domainName; /* for client check */
wolfSSL	13:80fb167dafdf	2578	buffer clearOutputBuffer;
wolfSSL	13:80fb167dafdf	2579	buffer sig; /* signature data */
wolfSSL	13:80fb167dafdf	2580	buffer digest; /* digest data */
wolfSSL	13:80fb167dafdf	2581	int prevSent; /* previous plain text bytes sent
wolfSSL	13:80fb167dafdf	2582	when got WANT_WRITE */
wolfSSL	13:80fb167dafdf	2583	int plainSz; /* plain text bytes in buffer to send
wolfSSL	13:80fb167dafdf	2584	when got WANT_WRITE */
wolfSSL	13:80fb167dafdf	2585	byte weOwnCert; /* SSL own cert flag */
wolfSSL	13:80fb167dafdf	2586	byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL	13:80fb167dafdf	2587	byte weOwnKey; /* SSL own key flag */
wolfSSL	13:80fb167dafdf	2588	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	13:80fb167dafdf	2589	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	2590	buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	13:80fb167dafdf	2591	buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	13:80fb167dafdf	2592	buffer serverDH_Pub;
wolfSSL	13:80fb167dafdf	2593	buffer serverDH_Priv;
wolfSSL	13:80fb167dafdf	2594	DhKey* serverDH_Key;
wolfSSL	13:80fb167dafdf	2595	#endif
wolfSSL	13:80fb167dafdf	2596	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	2597	DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	13:80fb167dafdf	2598	DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	13:80fb167dafdf	2599	DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	13:80fb167dafdf	2600	/* chain after self, in DER, with leading size for each cert */
wolfSSL	13:80fb167dafdf	2601	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2602	int certChainCnt;
wolfSSL	13:80fb167dafdf	2603	#endif
wolfSSL	13:80fb167dafdf	2604	#endif
wolfSSL	13:80fb167dafdf	2605	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	2606	WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	13:80fb167dafdf	2607	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	2608	buffer dtlsCookieSecret; /* DTLS cookie secret */
wolfSSL	13:80fb167dafdf	2609	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	13:80fb167dafdf	2610	#endif
wolfSSL	13:80fb167dafdf	2611	#ifdef HAVE_PK_CALLBACKS
wolfSSL	13:80fb167dafdf	2612	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	2613	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	13:80fb167dafdf	2614	#endif /* HAVE_ECC */
wolfSSL	13:80fb167dafdf	2615	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	2616	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	13:80fb167dafdf	2617	#endif /* NO_RSA */
wolfSSL	13:80fb167dafdf	2618	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	13:80fb167dafdf	2619	} Buffers;
wolfSSL	13:80fb167dafdf	2620
wolfSSL	13:80fb167dafdf	2621	/* sub-states for send/do key share (key exchange) */
wolfSSL	13:80fb167dafdf	2622	enum asyncState {
wolfSSL	13:80fb167dafdf	2623	TLS_ASYNC_BEGIN = 0,
wolfSSL	13:80fb167dafdf	2624	TLS_ASYNC_BUILD,
wolfSSL	13:80fb167dafdf	2625	TLS_ASYNC_DO,
wolfSSL	13:80fb167dafdf	2626	TLS_ASYNC_VERIFY,
wolfSSL	13:80fb167dafdf	2627	TLS_ASYNC_FINALIZE,
wolfSSL	13:80fb167dafdf	2628	TLS_ASYNC_END
wolfSSL	13:80fb167dafdf	2629	};
wolfSSL	13:80fb167dafdf	2630
wolfSSL	13:80fb167dafdf	2631	typedef struct Options {
wolfSSL	13:80fb167dafdf	2632	#ifndef NO_PSK
wolfSSL	13:80fb167dafdf	2633	wc_psk_client_callback client_psk_cb;
wolfSSL	13:80fb167dafdf	2634	wc_psk_server_callback server_psk_cb;
wolfSSL	13:80fb167dafdf	2635	word16 havePSK:1; /* psk key set by user */
wolfSSL	13:80fb167dafdf	2636	#endif /* NO_PSK */
wolfSSL	13:80fb167dafdf	2637	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	2638	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	13:80fb167dafdf	2639	#endif
wolfSSL	13:80fb167dafdf	2640
wolfSSL	13:80fb167dafdf	2641	/* on/off or small bit flags, optimize layout */
wolfSSL	13:80fb167dafdf	2642	word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	13:80fb167dafdf	2643	word16 sessionCacheOff:1;
wolfSSL	13:80fb167dafdf	2644	word16 sessionCacheFlushOff:1;
wolfSSL	13:80fb167dafdf	2645	#ifdef HAVE_EXT_CACHE
wolfSSL	13:80fb167dafdf	2646	word16 internalCacheOff:1;
wolfSSL	13:80fb167dafdf	2647	#endif
wolfSSL	13:80fb167dafdf	2648	word16 side:1; /* client or server end */
wolfSSL	13:80fb167dafdf	2649	word16 verifyPeer:1;
wolfSSL	13:80fb167dafdf	2650	word16 verifyNone:1;
wolfSSL	13:80fb167dafdf	2651	word16 failNoCert:1;
wolfSSL	13:80fb167dafdf	2652	word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
wolfSSL	13:80fb167dafdf	2653	word16 downgrade:1; /* allow downgrade of versions */
wolfSSL	13:80fb167dafdf	2654	word16 resuming:1;
wolfSSL	13:80fb167dafdf	2655	word16 haveSessionId:1; /* server may not send */
wolfSSL	13:80fb167dafdf	2656	word16 tls:1; /* using TLS ? */
wolfSSL	13:80fb167dafdf	2657	word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL	13:80fb167dafdf	2658	word16 tls1_3:1; /* using TLSv1.3+ ? */
wolfSSL	13:80fb167dafdf	2659	word16 dtls:1; /* using datagrams ? */
wolfSSL	13:80fb167dafdf	2660	word16 connReset:1; /* has the peer reset */
wolfSSL	13:80fb167dafdf	2661	word16 isClosed:1; /* if we consider conn closed */
wolfSSL	13:80fb167dafdf	2662	word16 closeNotify:1; /* we've received a close notify */
wolfSSL	13:80fb167dafdf	2663	word16 sentNotify:1; /* we've sent a close notify */
wolfSSL	13:80fb167dafdf	2664	word16 usingCompression:1; /* are we using compression */
wolfSSL	13:80fb167dafdf	2665	word16 haveRSA:1; /* RSA available */
wolfSSL	13:80fb167dafdf	2666	word16 haveECC:1; /* ECC available */
wolfSSL	13:80fb167dafdf	2667	word16 haveDH:1; /* server DH parms set by user */
wolfSSL	13:80fb167dafdf	2668	word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL	13:80fb167dafdf	2669	word16 haveQSH:1; /* have QSH ability */
wolfSSL	13:80fb167dafdf	2670	word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL	13:80fb167dafdf	2671	word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL	13:80fb167dafdf	2672	word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL	13:80fb167dafdf	2673	word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL	13:80fb167dafdf	2674	word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL	13:80fb167dafdf	2675	word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL	13:80fb167dafdf	2676	word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
wolfSSL	13:80fb167dafdf	2677	word16 sendAlertState:1; /* nonblocking resume */
wolfSSL	13:80fb167dafdf	2678	word16 partialWrite:1; /* only one msg per write call */
wolfSSL	13:80fb167dafdf	2679	word16 quietShutdown:1; /* don't send close notify */
wolfSSL	13:80fb167dafdf	2680	word16 certOnly:1; /* stop once we get cert */
wolfSSL	13:80fb167dafdf	2681	word16 groupMessages:1; /* group handshake messages */
wolfSSL	13:80fb167dafdf	2682	word16 usingNonblock:1; /* are we using nonblocking socket */
wolfSSL	13:80fb167dafdf	2683	word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL	13:80fb167dafdf	2684	or psk */
wolfSSL	13:80fb167dafdf	2685	word16 weOwnRng:1; /* will be true unless CTX owns */
wolfSSL	13:80fb167dafdf	2686	#ifdef HAVE_POLY1305
wolfSSL	13:80fb167dafdf	2687	word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL	13:80fb167dafdf	2688	#endif
wolfSSL	13:80fb167dafdf	2689	#ifdef HAVE_ANON
wolfSSL	13:80fb167dafdf	2690	word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL	13:80fb167dafdf	2691	#endif
wolfSSL	13:80fb167dafdf	2692	#ifdef HAVE_SESSION_TICKET
wolfSSL	13:80fb167dafdf	2693	word16 createTicket:1; /* Server to create new Ticket */
wolfSSL	13:80fb167dafdf	2694	word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL	13:80fb167dafdf	2695	word16 rejectTicket:1; /* Callback rejected ticket */
wolfSSL	13:80fb167dafdf	2696	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2697	word16 noTicketTls13:1; /* Server won't create new Ticket */
wolfSSL	13:80fb167dafdf	2698	#endif
wolfSSL	13:80fb167dafdf	2699	#endif
wolfSSL	13:80fb167dafdf	2700	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	2701	word16 dtlsHsRetain:1; /* DTLS retaining HS data */
wolfSSL	13:80fb167dafdf	2702	#ifdef WOLFSSL_SCTP
wolfSSL	13:80fb167dafdf	2703	word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
wolfSSL	13:80fb167dafdf	2704	#endif
wolfSSL	13:80fb167dafdf	2705	#endif
wolfSSL	13:80fb167dafdf	2706	word16 haveEMS:1; /* using extended master secret */
wolfSSL	13:80fb167dafdf	2707	#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	13:80fb167dafdf	2708	word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
wolfSSL	13:80fb167dafdf	2709	#endif
wolfSSL	13:80fb167dafdf	2710	word16 keepResources:1; /* Keep resources after handshake */
wolfSSL	13:80fb167dafdf	2711	word16 useClientOrder:1; /* Use client's cipher order */
wolfSSL	13:80fb167dafdf	2712
wolfSSL	13:80fb167dafdf	2713	/* need full byte values for this section */
wolfSSL	13:80fb167dafdf	2714	byte processReply; /* nonblocking resume */
wolfSSL	13:80fb167dafdf	2715	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	13:80fb167dafdf	2716	byte cipherSuite; /* second byte, actual suite */
wolfSSL	13:80fb167dafdf	2717	byte serverState;
wolfSSL	13:80fb167dafdf	2718	byte clientState;
wolfSSL	13:80fb167dafdf	2719	byte handShakeState;
wolfSSL	13:80fb167dafdf	2720	byte handShakeDone; /* at least one handshake complete */
wolfSSL	13:80fb167dafdf	2721	byte minDowngrade; /* minimum downgrade version */
wolfSSL	13:80fb167dafdf	2722	byte connectState; /* nonblocking resume */
wolfSSL	13:80fb167dafdf	2723	byte acceptState; /* nonblocking resume */
wolfSSL	13:80fb167dafdf	2724	byte asyncState; /* sub-state for enum asyncState */
wolfSSL	13:80fb167dafdf	2725	byte buildMsgState; /* sub-state for enum buildMsgState */
wolfSSL	13:80fb167dafdf	2726	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	2727	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	13:80fb167dafdf	2728	word16 dhKeySz; /* actual DH key size */
wolfSSL	13:80fb167dafdf	2729	#endif
wolfSSL	13:80fb167dafdf	2730	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	2731	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	13:80fb167dafdf	2732	#endif
wolfSSL	13:80fb167dafdf	2733	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	2734	short minEccKeySz; /* minimum ECC key size */
wolfSSL	13:80fb167dafdf	2735	#endif
wolfSSL	13:80fb167dafdf	2736
wolfSSL	13:80fb167dafdf	2737	} Options;
wolfSSL	13:80fb167dafdf	2738
wolfSSL	13:80fb167dafdf	2739	typedef struct Arrays {
wolfSSL	13:80fb167dafdf	2740	byte* pendingMsg; /* defrag buffer */
wolfSSL	13:80fb167dafdf	2741	byte* preMasterSecret;
wolfSSL	13:80fb167dafdf	2742	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	13:80fb167dafdf	2743	word32 pendingMsgSz; /* defrag buffer size */
wolfSSL	13:80fb167dafdf	2744	word32 pendingMsgOffset; /* current offset into defrag buffer */
wolfSSL	13:80fb167dafdf	2745	#ifndef NO_PSK
wolfSSL	13:80fb167dafdf	2746	word32 psk_keySz; /* actual size */
wolfSSL	13:80fb167dafdf	2747	char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	13:80fb167dafdf	2748	char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	13:80fb167dafdf	2749	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	13:80fb167dafdf	2750	#endif
wolfSSL	13:80fb167dafdf	2751	byte clientRandom[RAN_LEN];
wolfSSL	13:80fb167dafdf	2752	byte serverRandom[RAN_LEN];
wolfSSL	13:80fb167dafdf	2753	byte sessionID[ID_LEN];
wolfSSL	13:80fb167dafdf	2754	byte sessionIDSz;
wolfSSL	13:80fb167dafdf	2755	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	2756	byte clientSecret[SECRET_LEN];
wolfSSL	13:80fb167dafdf	2757	byte serverSecret[SECRET_LEN];
wolfSSL	13:80fb167dafdf	2758	byte secret[SECRET_LEN];
wolfSSL	13:80fb167dafdf	2759	#endif
wolfSSL	13:80fb167dafdf	2760	byte masterSecret[SECRET_LEN];
wolfSSL	13:80fb167dafdf	2761	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	2762	byte cookie[MAX_COOKIE_LEN];
wolfSSL	13:80fb167dafdf	2763	byte cookieSz;
wolfSSL	13:80fb167dafdf	2764	#endif
wolfSSL	13:80fb167dafdf	2765	byte pendingMsgType; /* defrag buffer message type */
wolfSSL	13:80fb167dafdf	2766	} Arrays;
wolfSSL	13:80fb167dafdf	2767
wolfSSL	13:80fb167dafdf	2768	#ifndef ASN_NAME_MAX
wolfSSL	13:80fb167dafdf	2769	#define ASN_NAME_MAX 256
wolfSSL	13:80fb167dafdf	2770	#endif
wolfSSL	13:80fb167dafdf	2771
wolfSSL	13:80fb167dafdf	2772	#ifndef MAX_DATE_SZ
wolfSSL	13:80fb167dafdf	2773	#define MAX_DATE_SZ 32
wolfSSL	13:80fb167dafdf	2774	#endif
wolfSSL	13:80fb167dafdf	2775
wolfSSL	13:80fb167dafdf	2776	struct WOLFSSL_STACK {
wolfSSL	13:80fb167dafdf	2777	unsigned long num; /* number of nodes in stack
wolfSSL	13:80fb167dafdf	2778	* (saftey measure for freeing and shortcut for count) */
wolfSSL	13:80fb167dafdf	2779	union {
wolfSSL	13:80fb167dafdf	2780	WOLFSSL_X509* x509;
wolfSSL	13:80fb167dafdf	2781	WOLFSSL_X509_NAME* name;
wolfSSL	13:80fb167dafdf	2782	WOLFSSL_BIO* bio;
wolfSSL	13:80fb167dafdf	2783	WOLFSSL_ASN1_OBJECT* obj;
wolfSSL	13:80fb167dafdf	2784	char* string;
wolfSSL	13:80fb167dafdf	2785	} data;
wolfSSL	13:80fb167dafdf	2786	WOLFSSL_STACK* next;
wolfSSL	13:80fb167dafdf	2787	};
wolfSSL	13:80fb167dafdf	2788
wolfSSL	13:80fb167dafdf	2789
wolfSSL	13:80fb167dafdf	2790	struct WOLFSSL_X509_NAME {
wolfSSL	13:80fb167dafdf	2791	char *name;
wolfSSL	13:80fb167dafdf	2792	char staticName[ASN_NAME_MAX];
wolfSSL	13:80fb167dafdf	2793	int dynamicName;
wolfSSL	13:80fb167dafdf	2794	int sz;
wolfSSL	13:80fb167dafdf	2795	#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
wolfSSL	13:80fb167dafdf	2796	DecodedName fullName;
wolfSSL	13:80fb167dafdf	2797	WOLFSSL_X509_NAME_ENTRY cnEntry;
wolfSSL	13:80fb167dafdf	2798	WOLFSSL_X509* x509; /* x509 that struct belongs to */
wolfSSL	13:80fb167dafdf	2799	#endif /* OPENSSL_EXTRA */
wolfSSL	13:80fb167dafdf	2800	};
wolfSSL	13:80fb167dafdf	2801
wolfSSL	13:80fb167dafdf	2802	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	13:80fb167dafdf	2803	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	13:80fb167dafdf	2804	#endif
wolfSSL	13:80fb167dafdf	2805
wolfSSL	13:80fb167dafdf	2806	#ifdef NO_ASN
wolfSSL	13:80fb167dafdf	2807	typedef struct DNS_entry DNS_entry;
wolfSSL	13:80fb167dafdf	2808	#endif
wolfSSL	13:80fb167dafdf	2809
wolfSSL	13:80fb167dafdf	2810	struct WOLFSSL_X509 {
wolfSSL	13:80fb167dafdf	2811	int version;
wolfSSL	13:80fb167dafdf	2812	WOLFSSL_X509_NAME issuer;
wolfSSL	13:80fb167dafdf	2813	WOLFSSL_X509_NAME subject;
wolfSSL	13:80fb167dafdf	2814	int serialSz;
wolfSSL	13:80fb167dafdf	2815	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	13:80fb167dafdf	2816	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	13:80fb167dafdf	2817	#ifdef WOLFSSL_SEP
wolfSSL	13:80fb167dafdf	2818	int deviceTypeSz;
wolfSSL	13:80fb167dafdf	2819	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	13:80fb167dafdf	2820	int hwTypeSz;
wolfSSL	13:80fb167dafdf	2821	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	13:80fb167dafdf	2822	int hwSerialNumSz;
wolfSSL	13:80fb167dafdf	2823	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	13:80fb167dafdf	2824	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	2825	byte certPolicySet;
wolfSSL	13:80fb167dafdf	2826	byte certPolicyCrit;
wolfSSL	13:80fb167dafdf	2827	#endif /* OPENSSL_EXTRA */
wolfSSL	13:80fb167dafdf	2828	#endif
wolfSSL	13:80fb167dafdf	2829	int notBeforeSz;
wolfSSL	13:80fb167dafdf	2830	byte notBefore[MAX_DATE_SZ];
wolfSSL	13:80fb167dafdf	2831	int notAfterSz;
wolfSSL	13:80fb167dafdf	2832	byte notAfter[MAX_DATE_SZ];
wolfSSL	13:80fb167dafdf	2833	int sigOID;
wolfSSL	13:80fb167dafdf	2834	buffer sig;
wolfSSL	13:80fb167dafdf	2835	int pubKeyOID;
wolfSSL	13:80fb167dafdf	2836	buffer pubKey;
wolfSSL	13:80fb167dafdf	2837	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	2838	word32 pkCurveOID;
wolfSSL	13:80fb167dafdf	2839	#endif /* HAVE_ECC */
wolfSSL	13:80fb167dafdf	2840	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	2841	DerBuffer* derCert; /* may need */
wolfSSL	13:80fb167dafdf	2842	#endif
wolfSSL	13:80fb167dafdf	2843	DNS_entry* altNames; /* alt names list */
wolfSSL	13:80fb167dafdf	2844	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	13:80fb167dafdf	2845	void* heap; /* heap hint */
wolfSSL	13:80fb167dafdf	2846	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	13:80fb167dafdf	2847	byte isCa;
wolfSSL	13:80fb167dafdf	2848	#ifdef WOLFSSL_CERT_EXT
wolfSSL	13:80fb167dafdf	2849	char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
wolfSSL	13:80fb167dafdf	2850	int certPoliciesNb;
wolfSSL	13:80fb167dafdf	2851	#endif /* WOLFSSL_CERT_EXT */
wolfSSL	13:80fb167dafdf	2852	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	2853	#ifdef HAVE_EX_DATA
wolfSSL	13:80fb167dafdf	2854	void* ex_data[MAX_EX_DATA];
wolfSSL	13:80fb167dafdf	2855	#endif
wolfSSL	13:80fb167dafdf	2856	word32 pathLength;
wolfSSL	13:80fb167dafdf	2857	word16 keyUsage;
wolfSSL	13:80fb167dafdf	2858	byte CRLdistSet;
wolfSSL	13:80fb167dafdf	2859	byte CRLdistCrit;
wolfSSL	13:80fb167dafdf	2860	byte* CRLInfo;
wolfSSL	13:80fb167dafdf	2861	int CRLInfoSz;
wolfSSL	13:80fb167dafdf	2862	byte authInfoSet;
wolfSSL	13:80fb167dafdf	2863	byte authInfoCrit;
wolfSSL	13:80fb167dafdf	2864	byte* authInfo;
wolfSSL	13:80fb167dafdf	2865	int authInfoSz;
wolfSSL	13:80fb167dafdf	2866	byte basicConstSet;
wolfSSL	13:80fb167dafdf	2867	byte basicConstCrit;
wolfSSL	13:80fb167dafdf	2868	byte basicConstPlSet;
wolfSSL	13:80fb167dafdf	2869	byte subjAltNameSet;
wolfSSL	13:80fb167dafdf	2870	byte subjAltNameCrit;
wolfSSL	13:80fb167dafdf	2871	byte authKeyIdSet;
wolfSSL	13:80fb167dafdf	2872	byte authKeyIdCrit;
wolfSSL	13:80fb167dafdf	2873	byte* authKeyId;
wolfSSL	13:80fb167dafdf	2874	word32 authKeyIdSz;
wolfSSL	13:80fb167dafdf	2875	byte subjKeyIdSet;
wolfSSL	13:80fb167dafdf	2876	byte subjKeyIdCrit;
wolfSSL	13:80fb167dafdf	2877	byte* subjKeyId;
wolfSSL	13:80fb167dafdf	2878	word32 subjKeyIdSz;
wolfSSL	13:80fb167dafdf	2879	byte keyUsageSet;
wolfSSL	13:80fb167dafdf	2880	byte keyUsageCrit;
wolfSSL	13:80fb167dafdf	2881	byte extKeyUsageCrit;
wolfSSL	13:80fb167dafdf	2882	byte* extKeyUsageSrc;
wolfSSL	13:80fb167dafdf	2883	word32 extKeyUsageSz;
wolfSSL	13:80fb167dafdf	2884	word32 extKeyUsageCount;
wolfSSL	13:80fb167dafdf	2885	#endif /* OPENSSL_EXTRA */
wolfSSL	13:80fb167dafdf	2886	};
wolfSSL	13:80fb167dafdf	2887
wolfSSL	13:80fb167dafdf	2888
wolfSSL	13:80fb167dafdf	2889	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	13:80fb167dafdf	2890	typedef struct RecordLayerHeader {
wolfSSL	13:80fb167dafdf	2891	byte type;
wolfSSL	13:80fb167dafdf	2892	byte pvMajor;
wolfSSL	13:80fb167dafdf	2893	byte pvMinor;
wolfSSL	13:80fb167dafdf	2894	byte length[2];
wolfSSL	13:80fb167dafdf	2895	} RecordLayerHeader;
wolfSSL	13:80fb167dafdf	2896
wolfSSL	13:80fb167dafdf	2897
wolfSSL	13:80fb167dafdf	2898	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	13:80fb167dafdf	2899	typedef struct DtlsRecordLayerHeader {
wolfSSL	13:80fb167dafdf	2900	byte type;
wolfSSL	13:80fb167dafdf	2901	byte pvMajor;
wolfSSL	13:80fb167dafdf	2902	byte pvMinor;
wolfSSL	13:80fb167dafdf	2903	byte sequence_number[8]; /* per record */
wolfSSL	13:80fb167dafdf	2904	byte length[2];
wolfSSL	13:80fb167dafdf	2905	} DtlsRecordLayerHeader;
wolfSSL	13:80fb167dafdf	2906
wolfSSL	13:80fb167dafdf	2907
wolfSSL	13:80fb167dafdf	2908	typedef struct DtlsFrag {
wolfSSL	13:80fb167dafdf	2909	word32 begin;
wolfSSL	13:80fb167dafdf	2910	word32 end;
wolfSSL	13:80fb167dafdf	2911	struct DtlsFrag* next;
wolfSSL	13:80fb167dafdf	2912	} DtlsFrag;
wolfSSL	13:80fb167dafdf	2913
wolfSSL	13:80fb167dafdf	2914
wolfSSL	13:80fb167dafdf	2915	typedef struct DtlsMsg {
wolfSSL	13:80fb167dafdf	2916	struct DtlsMsg* next;
wolfSSL	13:80fb167dafdf	2917	byte* buf;
wolfSSL	13:80fb167dafdf	2918	byte* msg;
wolfSSL	13:80fb167dafdf	2919	DtlsFrag* fragList;
wolfSSL	13:80fb167dafdf	2920	word32 fragSz; /* Length of fragments received */
wolfSSL	13:80fb167dafdf	2921	word32 seq; /* Handshake sequence number */
wolfSSL	13:80fb167dafdf	2922	word32 sz; /* Length of whole mesage */
wolfSSL	13:80fb167dafdf	2923	byte type;
wolfSSL	13:80fb167dafdf	2924	} DtlsMsg;
wolfSSL	13:80fb167dafdf	2925
wolfSSL	13:80fb167dafdf	2926
wolfSSL	13:80fb167dafdf	2927	#ifdef HAVE_NETX
wolfSSL	13:80fb167dafdf	2928
wolfSSL	13:80fb167dafdf	2929	/* NETX I/O Callback default */
wolfSSL	13:80fb167dafdf	2930	typedef struct NetX_Ctx {
wolfSSL	13:80fb167dafdf	2931	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	13:80fb167dafdf	2932	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	13:80fb167dafdf	2933	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	13:80fb167dafdf	2934	ULONG nxWait; /* wait option flag */
wolfSSL	13:80fb167dafdf	2935	} NetX_Ctx;
wolfSSL	13:80fb167dafdf	2936
wolfSSL	13:80fb167dafdf	2937	#endif
wolfSSL	13:80fb167dafdf	2938
wolfSSL	13:80fb167dafdf	2939
wolfSSL	13:80fb167dafdf	2940	/* Handshake messages received from peer (plus change cipher */
wolfSSL	13:80fb167dafdf	2941	typedef struct MsgsReceived {
wolfSSL	13:80fb167dafdf	2942	word16 got_hello_request:1;
wolfSSL	13:80fb167dafdf	2943	word16 got_client_hello:2;
wolfSSL	13:80fb167dafdf	2944	word16 got_server_hello:1;
wolfSSL	13:80fb167dafdf	2945	word16 got_hello_verify_request:1;
wolfSSL	13:80fb167dafdf	2946	word16 got_session_ticket:1;
wolfSSL	13:80fb167dafdf	2947	word16 got_hello_retry_request:1;
wolfSSL	13:80fb167dafdf	2948	word16 got_encrypted_extensions:1;
wolfSSL	13:80fb167dafdf	2949	word16 got_certificate:1;
wolfSSL	13:80fb167dafdf	2950	word16 got_certificate_status:1;
wolfSSL	13:80fb167dafdf	2951	word16 got_server_key_exchange:1;
wolfSSL	13:80fb167dafdf	2952	word16 got_certificate_request:1;
wolfSSL	13:80fb167dafdf	2953	word16 got_server_hello_done:1;
wolfSSL	13:80fb167dafdf	2954	word16 got_certificate_verify:1;
wolfSSL	13:80fb167dafdf	2955	word16 got_client_key_exchange:1;
wolfSSL	13:80fb167dafdf	2956	word16 got_finished:1;
wolfSSL	13:80fb167dafdf	2957	word16 got_key_update:1;
wolfSSL	13:80fb167dafdf	2958	word16 got_change_cipher:1;
wolfSSL	13:80fb167dafdf	2959	} MsgsReceived;
wolfSSL	13:80fb167dafdf	2960
wolfSSL	13:80fb167dafdf	2961
wolfSSL	13:80fb167dafdf	2962	/* Handshake hashes */
wolfSSL	13:80fb167dafdf	2963	typedef struct HS_Hashes {
wolfSSL	13:80fb167dafdf	2964	Hashes verifyHashes;
wolfSSL	13:80fb167dafdf	2965	Hashes certHashes; /* for cert verify */
wolfSSL	13:80fb167dafdf	2966	#ifndef NO_SHA
wolfSSL	13:80fb167dafdf	2967	Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	13:80fb167dafdf	2968	#endif
wolfSSL	13:80fb167dafdf	2969	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	13:80fb167dafdf	2970	Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	13:80fb167dafdf	2971	#endif
wolfSSL	13:80fb167dafdf	2972	#ifndef NO_SHA256
wolfSSL	13:80fb167dafdf	2973	Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	13:80fb167dafdf	2974	#endif
wolfSSL	13:80fb167dafdf	2975	#ifdef WOLFSSL_SHA384
wolfSSL	13:80fb167dafdf	2976	Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	13:80fb167dafdf	2977	#endif
wolfSSL	13:80fb167dafdf	2978	#ifdef WOLFSSL_SHA512
wolfSSL	13:80fb167dafdf	2979	Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL	13:80fb167dafdf	2980	#endif
wolfSSL	13:80fb167dafdf	2981	} HS_Hashes;
wolfSSL	13:80fb167dafdf	2982
wolfSSL	13:80fb167dafdf	2983
wolfSSL	13:80fb167dafdf	2984	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:80fb167dafdf	2985	#define MAX_ASYNC_ARGS 16
wolfSSL	13:80fb167dafdf	2986	typedef void (FreeArgsCb)(struct WOLFSSL ssl, void* pArgs);
wolfSSL	13:80fb167dafdf	2987
wolfSSL	13:80fb167dafdf	2988	struct WOLFSSL_ASYNC {
wolfSSL	13:80fb167dafdf	2989	WC_ASYNC_DEV* dev;
wolfSSL	13:80fb167dafdf	2990	FreeArgsCb freeArgs; /* function pointer to cleanup args */
wolfSSL	13:80fb167dafdf	2991	word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
wolfSSL	13:80fb167dafdf	2992	};
wolfSSL	13:80fb167dafdf	2993	#endif
wolfSSL	13:80fb167dafdf	2994
wolfSSL	13:80fb167dafdf	2995	#ifdef HAVE_WRITE_DUP
wolfSSL	13:80fb167dafdf	2996
wolfSSL	13:80fb167dafdf	2997	#define WRITE_DUP_SIDE 1
wolfSSL	13:80fb167dafdf	2998	#define READ_DUP_SIDE 2
wolfSSL	13:80fb167dafdf	2999
wolfSSL	13:80fb167dafdf	3000	typedef struct WriteDup {
wolfSSL	13:80fb167dafdf	3001	wolfSSL_Mutex dupMutex; /* reference count mutex */
wolfSSL	13:80fb167dafdf	3002	int dupCount; /* reference count */
wolfSSL	13:80fb167dafdf	3003	int dupErr; /* under dupMutex, pass to other side */
wolfSSL	13:80fb167dafdf	3004	} WriteDup;
wolfSSL	13:80fb167dafdf	3005
wolfSSL	13:80fb167dafdf	3006	WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3007	WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
wolfSSL	13:80fb167dafdf	3008	#endif /* HAVE_WRITE_DUP */
wolfSSL	13:80fb167dafdf	3009
wolfSSL	13:80fb167dafdf	3010
wolfSSL	13:80fb167dafdf	3011	/* wolfSSL ssl type */
wolfSSL	13:80fb167dafdf	3012	struct WOLFSSL {
wolfSSL	13:80fb167dafdf	3013	WOLFSSL_CTX* ctx;
wolfSSL	13:80fb167dafdf	3014	Suites* suites; /* only need during handshake */
wolfSSL	13:80fb167dafdf	3015	Arrays* arrays;
wolfSSL	13:80fb167dafdf	3016	HS_Hashes* hsHashes;
wolfSSL	13:80fb167dafdf	3017	void* IOCB_ReadCtx;
wolfSSL	13:80fb167dafdf	3018	void* IOCB_WriteCtx;
wolfSSL	13:80fb167dafdf	3019	WC_RNG* rng;
wolfSSL	13:80fb167dafdf	3020	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	13:80fb167dafdf	3021	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	13:80fb167dafdf	3022	void* heap; /* for user overrides */
wolfSSL	13:80fb167dafdf	3023	#ifdef HAVE_WRITE_DUP
wolfSSL	13:80fb167dafdf	3024	WriteDup* dupWrite; /* valid pointer indicates ON */
wolfSSL	13:80fb167dafdf	3025	/* side that decrements dupCount to zero frees overall structure */
wolfSSL	13:80fb167dafdf	3026	byte dupSide; /* write side or read side */
wolfSSL	13:80fb167dafdf	3027	#endif
wolfSSL	13:80fb167dafdf	3028	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	13:80fb167dafdf	3029	WOLFSSL_HEAP_HINT heap_hint;
wolfSSL	13:80fb167dafdf	3030	#endif
wolfSSL	13:80fb167dafdf	3031	#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL	13:80fb167dafdf	3032	HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL	13:80fb167dafdf	3033	void* hsDoneCtx; /* user handshake cb context */
wolfSSL	13:80fb167dafdf	3034	#endif
wolfSSL	13:80fb167dafdf	3035	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:80fb167dafdf	3036	struct WOLFSSL_ASYNC async;
wolfSSL	13:80fb167dafdf	3037	#endif
wolfSSL	13:80fb167dafdf	3038	void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
wolfSSL	13:80fb167dafdf	3039	word32 hsType; /* Type of Handshake key (hsKey) */
wolfSSL	13:80fb167dafdf	3040	WOLFSSL_CIPHER cipher;
wolfSSL	13:80fb167dafdf	3041	hmacfp hmac;
wolfSSL	13:80fb167dafdf	3042	Ciphers encrypt;
wolfSSL	13:80fb167dafdf	3043	Ciphers decrypt;
wolfSSL	13:80fb167dafdf	3044	Buffers buffers;
wolfSSL	13:80fb167dafdf	3045	WOLFSSL_SESSION session;
wolfSSL	13:80fb167dafdf	3046	#ifdef HAVE_EXT_CACHE
wolfSSL	13:80fb167dafdf	3047	WOLFSSL_SESSION* extSession;
wolfSSL	13:80fb167dafdf	3048	#endif
wolfSSL	13:80fb167dafdf	3049	WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL	13:80fb167dafdf	3050	int error;
wolfSSL	13:80fb167dafdf	3051	int rfd; /* read file descriptor */
wolfSSL	13:80fb167dafdf	3052	int wfd; /* write file descriptor */
wolfSSL	13:80fb167dafdf	3053	int rflags; /* user read flags */
wolfSSL	13:80fb167dafdf	3054	int wflags; /* user write flags */
wolfSSL	13:80fb167dafdf	3055	word32 timeout; /* session timeout */
wolfSSL	13:80fb167dafdf	3056	word32 fragOffset; /* fragment offset */
wolfSSL	13:80fb167dafdf	3057	word16 curSize;
wolfSSL	13:80fb167dafdf	3058	RecordLayerHeader curRL;
wolfSSL	13:80fb167dafdf	3059	MsgsReceived msgsReceived; /* peer messages received */
wolfSSL	13:80fb167dafdf	3060	ProtocolVersion version; /* negotiated version */
wolfSSL	13:80fb167dafdf	3061	ProtocolVersion chVersion; /* client hello version */
wolfSSL	13:80fb167dafdf	3062	CipherSpecs specs;
wolfSSL	13:80fb167dafdf	3063	Keys keys;
wolfSSL	13:80fb167dafdf	3064	Options options;
wolfSSL	13:80fb167dafdf	3065	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	3066	WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	13:80fb167dafdf	3067	WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	13:80fb167dafdf	3068	unsigned long peerVerifyRet;
wolfSSL	13:80fb167dafdf	3069	byte readAhead;
wolfSSL	13:80fb167dafdf	3070	#ifdef HAVE_PK_CALLBACKS
wolfSSL	13:80fb167dafdf	3071	void* loggingCtx; /* logging callback argument */
wolfSSL	13:80fb167dafdf	3072	#endif
wolfSSL	13:80fb167dafdf	3073	#endif
wolfSSL	13:80fb167dafdf	3074	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	3075	RsaKey* peerRsaKey;
wolfSSL	13:80fb167dafdf	3076	byte peerRsaKeyPresent;
wolfSSL	13:80fb167dafdf	3077	#endif
wolfSSL	13:80fb167dafdf	3078	#ifdef HAVE_QSH
wolfSSL	13:80fb167dafdf	3079	QSHKey* QSH_Key;
wolfSSL	13:80fb167dafdf	3080	QSHKey* peerQSHKey;
wolfSSL	13:80fb167dafdf	3081	QSHSecret* QSH_secret;
wolfSSL	13:80fb167dafdf	3082	byte isQSH; /* is the handshake a QSH? */
wolfSSL	13:80fb167dafdf	3083	byte sendQSHKeys; /* flag for if the client should sen
wolfSSL	13:80fb167dafdf	3084	public keys */
wolfSSL	13:80fb167dafdf	3085	byte peerQSHKeyPresent;
wolfSSL	13:80fb167dafdf	3086	byte minRequest;
wolfSSL	13:80fb167dafdf	3087	byte maxRequest;
wolfSSL	13:80fb167dafdf	3088	byte user_set_QSHSchemes;
wolfSSL	13:80fb167dafdf	3089	#endif
wolfSSL	13:80fb167dafdf	3090	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3091	word16 namedGroup;
wolfSSL	13:80fb167dafdf	3092	#endif
wolfSSL	13:80fb167dafdf	3093	#ifdef HAVE_NTRU
wolfSSL	13:80fb167dafdf	3094	word16 peerNtruKeyLen;
wolfSSL	13:80fb167dafdf	3095	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	13:80fb167dafdf	3096	byte peerNtruKeyPresent;
wolfSSL	13:80fb167dafdf	3097	#endif
wolfSSL	13:80fb167dafdf	3098	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	3099	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	13:80fb167dafdf	3100	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	13:80fb167dafdf	3101	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	13:80fb167dafdf	3102	int eccVerifyRes;
wolfSSL	13:80fb167dafdf	3103	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	13:80fb167dafdf	3104	word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL	13:80fb167dafdf	3105	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	13:80fb167dafdf	3106	byte peerEccKeyPresent;
wolfSSL	13:80fb167dafdf	3107	byte peerEccDsaKeyPresent;
wolfSSL	13:80fb167dafdf	3108	byte eccTempKeyPresent;
wolfSSL	13:80fb167dafdf	3109	#endif
wolfSSL	13:80fb167dafdf	3110	#ifdef HAVE_LIBZ
wolfSSL	13:80fb167dafdf	3111	z_stream c_stream; /* compression stream */
wolfSSL	13:80fb167dafdf	3112	z_stream d_stream; /* decompression stream */
wolfSSL	13:80fb167dafdf	3113	byte didStreamInit; /* for stream init and end */
wolfSSL	13:80fb167dafdf	3114	#endif
wolfSSL	13:80fb167dafdf	3115	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	3116	int dtls_timeout_init; /* starting timeout value */
wolfSSL	13:80fb167dafdf	3117	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	13:80fb167dafdf	3118	int dtls_timeout; /* current timeout value, changes */
wolfSSL	13:80fb167dafdf	3119	word32 dtls_tx_msg_list_sz;
wolfSSL	13:80fb167dafdf	3120	word32 dtls_rx_msg_list_sz;
wolfSSL	13:80fb167dafdf	3121	DtlsMsg* dtls_tx_msg_list;
wolfSSL	13:80fb167dafdf	3122	DtlsMsg* dtls_rx_msg_list;
wolfSSL	13:80fb167dafdf	3123	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	13:80fb167dafdf	3124	word32 dtls_expected_rx;
wolfSSL	13:80fb167dafdf	3125	wc_dtls_export dtls_export; /* export function for session */
wolfSSL	13:80fb167dafdf	3126	#ifdef WOLFSSL_SCTP
wolfSSL	13:80fb167dafdf	3127	word16 dtlsMtuSz;
wolfSSL	13:80fb167dafdf	3128	#endif /* WOLFSSL_SCTP */
wolfSSL	13:80fb167dafdf	3129	#endif
wolfSSL	13:80fb167dafdf	3130	#ifdef WOLFSSL_CALLBACKS
wolfSSL	13:80fb167dafdf	3131	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	13:80fb167dafdf	3132	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	13:80fb167dafdf	3133	byte hsInfoOn; /* track handshake info */
wolfSSL	13:80fb167dafdf	3134	byte toInfoOn; /* track timeout info */
wolfSSL	13:80fb167dafdf	3135	#endif
wolfSSL	13:80fb167dafdf	3136	#ifdef HAVE_FUZZER
wolfSSL	13:80fb167dafdf	3137	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL	13:80fb167dafdf	3138	void* fuzzerCtx; /* user defined pointer */
wolfSSL	13:80fb167dafdf	3139	#endif
wolfSSL	13:80fb167dafdf	3140	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3141	buffer clientCertCtx; /* Certificate context in request */
wolfSSL	13:80fb167dafdf	3142	#endif
wolfSSL	13:80fb167dafdf	3143	#ifdef KEEP_PEER_CERT
wolfSSL	13:80fb167dafdf	3144	WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL	13:80fb167dafdf	3145	#endif
wolfSSL	13:80fb167dafdf	3146	#ifdef KEEP_OUR_CERT
wolfSSL	13:80fb167dafdf	3147	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
wolfSSL	13:80fb167dafdf	3148	points to ctx if not owned (owned
wolfSSL	13:80fb167dafdf	3149	flag found in buffers.weOwnCert) */
wolfSSL	13:80fb167dafdf	3150	#endif
wolfSSL	13:80fb167dafdf	3151	byte keepCert; /* keep certificate after handshake */
wolfSSL	13:80fb167dafdf	3152	#if defined(HAVE_EX_DATA) \|\| defined(FORTRESS)
wolfSSL	13:80fb167dafdf	3153	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL	13:80fb167dafdf	3154	#endif
wolfSSL	13:80fb167dafdf	3155	int devId; /* async device id to use */
wolfSSL	13:80fb167dafdf	3156	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	13:80fb167dafdf	3157	OneTimeAuth auth;
wolfSSL	13:80fb167dafdf	3158	#endif
wolfSSL	13:80fb167dafdf	3159	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	13:80fb167dafdf	3160	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	13:80fb167dafdf	3161	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	13:80fb167dafdf	3162	word16 max_fragment;
wolfSSL	13:80fb167dafdf	3163	#endif
wolfSSL	13:80fb167dafdf	3164	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	13:80fb167dafdf	3165	byte truncated_hmac;
wolfSSL	13:80fb167dafdf	3166	#endif
wolfSSL	13:80fb167dafdf	3167	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	13:80fb167dafdf	3168	byte status_request;
wolfSSL	13:80fb167dafdf	3169	#endif
wolfSSL	13:80fb167dafdf	3170	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	13:80fb167dafdf	3171	byte status_request_v2;
wolfSSL	13:80fb167dafdf	3172	#endif
wolfSSL	13:80fb167dafdf	3173	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	13:80fb167dafdf	3174	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	13:80fb167dafdf	3175	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL	13:80fb167dafdf	3176	#endif /* user turned on */
wolfSSL	13:80fb167dafdf	3177	#ifdef HAVE_ALPN
wolfSSL	13:80fb167dafdf	3178	char* alpn_client_list; /* keep the client's list */
wolfSSL	13:80fb167dafdf	3179	#if defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	13:80fb167dafdf	3180	CallbackALPNSelect alpnSelect;
wolfSSL	13:80fb167dafdf	3181	void* alpnSelectArg;
wolfSSL	13:80fb167dafdf	3182	#endif
wolfSSL	13:80fb167dafdf	3183	#endif /* of accepted protocols */
wolfSSL	13:80fb167dafdf	3184	#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL	13:80fb167dafdf	3185	CallbackSessionTicket session_ticket_cb;
wolfSSL	13:80fb167dafdf	3186	void* session_ticket_ctx;
wolfSSL	13:80fb167dafdf	3187	byte expect_session_ticket;
wolfSSL	13:80fb167dafdf	3188	#endif
wolfSSL	13:80fb167dafdf	3189	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	13:80fb167dafdf	3190	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	3191	byte* ocspResp;
wolfSSL	13:80fb167dafdf	3192	int ocspRespSz;
wolfSSL	13:80fb167dafdf	3193	#if defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	13:80fb167dafdf	3194	char* url;
wolfSSL	13:80fb167dafdf	3195	#endif
wolfSSL	13:80fb167dafdf	3196	#endif
wolfSSL	13:80fb167dafdf	3197	#ifdef HAVE_NETX
wolfSSL	13:80fb167dafdf	3198	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	13:80fb167dafdf	3199	#endif
wolfSSL	13:80fb167dafdf	3200	#ifdef SESSION_INDEX
wolfSSL	13:80fb167dafdf	3201	int sessionIndex; /* Session's location in the cache. */
wolfSSL	13:80fb167dafdf	3202	#endif
wolfSSL	13:80fb167dafdf	3203	#ifdef ATOMIC_USER
wolfSSL	13:80fb167dafdf	3204	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	13:80fb167dafdf	3205	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	13:80fb167dafdf	3206	#endif
wolfSSL	13:80fb167dafdf	3207	#ifdef HAVE_PK_CALLBACKS
wolfSSL	13:80fb167dafdf	3208	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	3209	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	13:80fb167dafdf	3210	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	13:80fb167dafdf	3211	void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
wolfSSL	13:80fb167dafdf	3212	#endif /* HAVE_ECC */
wolfSSL	13:80fb167dafdf	3213	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	3214	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	13:80fb167dafdf	3215	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	13:80fb167dafdf	3216	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	13:80fb167dafdf	3217	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	13:80fb167dafdf	3218	#endif /* NO_RSA */
wolfSSL	13:80fb167dafdf	3219	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	13:80fb167dafdf	3220	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	13:80fb167dafdf	3221	SessionSecretCb sessionSecretCb;
wolfSSL	13:80fb167dafdf	3222	void* sessionSecretCtx;
wolfSSL	13:80fb167dafdf	3223	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	13:80fb167dafdf	3224	#ifdef WOLFSSL_JNI
wolfSSL	13:80fb167dafdf	3225	void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
wolfSSL	13:80fb167dafdf	3226	#endif /* WOLFSSL_JNI */
wolfSSL	13:80fb167dafdf	3227	};
wolfSSL	13:80fb167dafdf	3228
wolfSSL	13:80fb167dafdf	3229
wolfSSL	13:80fb167dafdf	3230	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3231	int SetSSL_CTX(WOLFSSL, WOLFSSL_CTX, int);
wolfSSL	13:80fb167dafdf	3232	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3233	int InitSSL(WOLFSSL, WOLFSSL_CTX, int);
wolfSSL	13:80fb167dafdf	3234	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3235	void FreeSSL(WOLFSSL, void heap);
wolfSSL	13:80fb167dafdf	3236	WOLFSSL_API void SSL_ResourceFree(WOLFSSL); / Micrium uses */
wolfSSL	13:80fb167dafdf	3237
wolfSSL	13:80fb167dafdf	3238
wolfSSL	13:80fb167dafdf	3239	enum {
wolfSSL	13:80fb167dafdf	3240	IV_SZ = 32, /* max iv sz */
wolfSSL	13:80fb167dafdf	3241	NAME_SZ = 80 /* max one line */
wolfSSL	13:80fb167dafdf	3242	};
wolfSSL	13:80fb167dafdf	3243
wolfSSL	13:80fb167dafdf	3244
wolfSSL	13:80fb167dafdf	3245	typedef struct EncryptedInfo {
wolfSSL	13:80fb167dafdf	3246	char name[NAME_SZ]; /* encryption name */
wolfSSL	13:80fb167dafdf	3247	byte iv[IV_SZ]; /* encrypted IV */
wolfSSL	13:80fb167dafdf	3248	word32 ivSz; /* encrypted IV size */
wolfSSL	13:80fb167dafdf	3249	long consumed; /* tracks PEM bytes consumed */
wolfSSL	13:80fb167dafdf	3250	byte set; /* if encryption set */
wolfSSL	13:80fb167dafdf	3251	WOLFSSL_CTX* ctx; /* CTX owner */
wolfSSL	13:80fb167dafdf	3252	} EncryptedInfo;
wolfSSL	13:80fb167dafdf	3253
wolfSSL	13:80fb167dafdf	3254
wolfSSL	13:80fb167dafdf	3255	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	3256
wolfSSL	13:80fb167dafdf	3257	WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
wolfSSL	13:80fb167dafdf	3258	WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
wolfSSL	13:80fb167dafdf	3259
wolfSSL	13:80fb167dafdf	3260	WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL	13:80fb167dafdf	3261	DerBuffer** pDer, void* heap, EncryptedInfo* info,
wolfSSL	13:80fb167dafdf	3262	int* eccKey);
wolfSSL	13:80fb167dafdf	3263
wolfSSL	13:80fb167dafdf	3264	WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL	13:80fb167dafdf	3265	long sz, int format, int type, WOLFSSL* ssl,
wolfSSL	13:80fb167dafdf	3266	long* used, int userChain);
wolfSSL	13:80fb167dafdf	3267	WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL	13:80fb167dafdf	3268	int type, WOLFSSL* ssl, int userChain,
wolfSSL	13:80fb167dafdf	3269	WOLFSSL_CRL* crl);
wolfSSL	13:80fb167dafdf	3270
wolfSSL	13:80fb167dafdf	3271	#ifdef OPENSSL_EXTRA
wolfSSL	13:80fb167dafdf	3272	WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
wolfSSL	13:80fb167dafdf	3273	size_t domainNameLen);
wolfSSL	13:80fb167dafdf	3274	#endif
wolfSSL	13:80fb167dafdf	3275	#endif
wolfSSL	13:80fb167dafdf	3276
wolfSSL	13:80fb167dafdf	3277
wolfSSL	13:80fb167dafdf	3278	#ifdef WOLFSSL_CALLBACKS
wolfSSL	13:80fb167dafdf	3279	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3280	void InitHandShakeInfo(HandShakeInfo, WOLFSSL);
wolfSSL	13:80fb167dafdf	3281	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3282	void FinishHandShakeInfo(HandShakeInfo*);
wolfSSL	13:80fb167dafdf	3283	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3284	void AddPacketName(const char, HandShakeInfo);
wolfSSL	13:80fb167dafdf	3285
wolfSSL	13:80fb167dafdf	3286	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3287	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	13:80fb167dafdf	3288	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3289	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	13:80fb167dafdf	3290	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3291	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
wolfSSL	13:80fb167dafdf	3292	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3293	void AddLateName(const char, TimeoutInfo);
wolfSSL	13:80fb167dafdf	3294	WOLFSSL_LOCAL
wolfSSL	13:80fb167dafdf	3295	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	13:80fb167dafdf	3296	#endif
wolfSSL	13:80fb167dafdf	3297
wolfSSL	13:80fb167dafdf	3298
wolfSSL	13:80fb167dafdf	3299	/* Record Layer Header identifier from page 12 */
wolfSSL	13:80fb167dafdf	3300	enum ContentType {
wolfSSL	13:80fb167dafdf	3301	no_type = 0,
wolfSSL	13:80fb167dafdf	3302	change_cipher_spec = 20,
wolfSSL	13:80fb167dafdf	3303	alert = 21,
wolfSSL	13:80fb167dafdf	3304	handshake = 22,
wolfSSL	13:80fb167dafdf	3305	application_data = 23
wolfSSL	13:80fb167dafdf	3306	};
wolfSSL	13:80fb167dafdf	3307
wolfSSL	13:80fb167dafdf	3308
wolfSSL	13:80fb167dafdf	3309	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	13:80fb167dafdf	3310	typedef struct HandShakeHeader {
wolfSSL	13:80fb167dafdf	3311	byte type;
wolfSSL	13:80fb167dafdf	3312	word24 length;
wolfSSL	13:80fb167dafdf	3313	} HandShakeHeader;
wolfSSL	13:80fb167dafdf	3314
wolfSSL	13:80fb167dafdf	3315
wolfSSL	13:80fb167dafdf	3316	/* DTLS handshake header, same for each message type */
wolfSSL	13:80fb167dafdf	3317	typedef struct DtlsHandShakeHeader {
wolfSSL	13:80fb167dafdf	3318	byte type;
wolfSSL	13:80fb167dafdf	3319	word24 length;
wolfSSL	13:80fb167dafdf	3320	byte message_seq[2]; /* start at 0, retransmit gets same # */
wolfSSL	13:80fb167dafdf	3321	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	13:80fb167dafdf	3322	word24 fragment_length; /* length of this fragment */
wolfSSL	13:80fb167dafdf	3323	} DtlsHandShakeHeader;
wolfSSL	13:80fb167dafdf	3324
wolfSSL	13:80fb167dafdf	3325
wolfSSL	13:80fb167dafdf	3326	enum HandShakeType {
wolfSSL	13:80fb167dafdf	3327	hello_request = 0,
wolfSSL	13:80fb167dafdf	3328	client_hello = 1,
wolfSSL	13:80fb167dafdf	3329	server_hello = 2,
wolfSSL	13:80fb167dafdf	3330	hello_verify_request = 3, /* DTLS addition */
wolfSSL	13:80fb167dafdf	3331	session_ticket = 4,
wolfSSL	13:80fb167dafdf	3332	hello_retry_request = 6,
wolfSSL	13:80fb167dafdf	3333	encrypted_extensions = 8,
wolfSSL	13:80fb167dafdf	3334	certificate = 11,
wolfSSL	13:80fb167dafdf	3335	server_key_exchange = 12,
wolfSSL	13:80fb167dafdf	3336	certificate_request = 13,
wolfSSL	13:80fb167dafdf	3337	server_hello_done = 14,
wolfSSL	13:80fb167dafdf	3338	certificate_verify = 15,
wolfSSL	13:80fb167dafdf	3339	client_key_exchange = 16,
wolfSSL	13:80fb167dafdf	3340	finished = 20,
wolfSSL	13:80fb167dafdf	3341	certificate_status = 22,
wolfSSL	13:80fb167dafdf	3342	key_update = 24,
wolfSSL	13:80fb167dafdf	3343	change_cipher_hs = 55, /* simulate unique handshake type for sanity
wolfSSL	13:80fb167dafdf	3344	checks. record layer change_cipher
wolfSSL	13:80fb167dafdf	3345	conflicts with handshake finished */
wolfSSL	13:80fb167dafdf	3346	no_shake = 255 /* used to initialize the DtlsMsg record */
wolfSSL	13:80fb167dafdf	3347	};
wolfSSL	13:80fb167dafdf	3348
wolfSSL	13:80fb167dafdf	3349
wolfSSL	13:80fb167dafdf	3350	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	13:80fb167dafdf	3351	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	13:80fb167dafdf	3352
wolfSSL	13:80fb167dafdf	3353	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	13:80fb167dafdf	3354	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	13:80fb167dafdf	3355
wolfSSL	13:80fb167dafdf	3356
wolfSSL	13:80fb167dafdf	3357	/* internal functions */
wolfSSL	13:80fb167dafdf	3358	WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3359	WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3360	WOLFSSL_LOCAL int DoClientTicket(WOLFSSL, const byte, word32);
wolfSSL	13:80fb167dafdf	3361	WOLFSSL_LOCAL int SendData(WOLFSSL, const void, int);
wolfSSL	13:80fb167dafdf	3362	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3363	WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3364	WOLFSSL_LOCAL int SendTls13EncryptedExtensions(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3365	#endif
wolfSSL	13:80fb167dafdf	3366	WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3367	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3368	WOLFSSL_LOCAL int SendTls13Certificate(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3369	#endif
wolfSSL	13:80fb167dafdf	3370	WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3371	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3372	WOLFSSL_LOCAL int SendTls13CertificateRequest(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3373	#endif
wolfSSL	13:80fb167dafdf	3374	WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3375	WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3376	WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3377	WOLFSSL_LOCAL int ReceiveData(WOLFSSL, byte, int, int);
wolfSSL	13:80fb167dafdf	3378	WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3379	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3380	WOLFSSL_LOCAL int SendTls13Finished(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3381	WOLFSSL_LOCAL int SendTls13NewSessionTicket(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3382	#endif
wolfSSL	13:80fb167dafdf	3383	WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL	13:80fb167dafdf	3384	WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3385
wolfSSL	13:80fb167dafdf	3386	WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3387	WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3388
wolfSSL	13:80fb167dafdf	3389	WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3390	WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3391	WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
wolfSSL	13:80fb167dafdf	3392
wolfSSL	13:80fb167dafdf	3393	WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3394	WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3395	WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
wolfSSL	13:80fb167dafdf	3396
wolfSSL	13:80fb167dafdf	3397	WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3398	WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL	13:80fb167dafdf	3399	WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3400
wolfSSL	13:80fb167dafdf	3401	WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3402	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	3403	#ifndef NO_RSA
wolfSSL	13:80fb167dafdf	3404	WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
wolfSSL	13:80fb167dafdf	3405	byte* verifySig, word32 sigSz,
wolfSSL	13:80fb167dafdf	3406	const byte* plain, word32 plainSz,
wolfSSL	13:80fb167dafdf	3407	RsaKey* key);
wolfSSL	13:80fb167dafdf	3408	WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	13:80fb167dafdf	3409	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	13:80fb167dafdf	3410	WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL	13:80fb167dafdf	3411	byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL	13:80fb167dafdf	3412	const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	13:80fb167dafdf	3413	WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
wolfSSL	13:80fb167dafdf	3414	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	13:80fb167dafdf	3415	WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	13:80fb167dafdf	3416	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	13:80fb167dafdf	3417	#endif /* !NO_RSA */
wolfSSL	13:80fb167dafdf	3418
wolfSSL	13:80fb167dafdf	3419	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	3420	WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:80fb167dafdf	3421	byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL	13:80fb167dafdf	3422	void* ctx);
wolfSSL	13:80fb167dafdf	3423	WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:80fb167dafdf	3424	const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL	13:80fb167dafdf	3425	void* ctx);
wolfSSL	13:80fb167dafdf	3426	WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
wolfSSL	13:80fb167dafdf	3427	ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
wolfSSL	13:80fb167dafdf	3428	word32* outlen, int side, void* ctx);
wolfSSL	13:80fb167dafdf	3429	#endif /* HAVE_ECC */
wolfSSL	13:80fb167dafdf	3430
wolfSSL	13:80fb167dafdf	3431	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	13:80fb167dafdf	3432
wolfSSL	13:80fb167dafdf	3433	/* options for searching hash table for a matching trusted peer cert */
wolfSSL	13:80fb167dafdf	3434	#define WC_MATCH_SKID 0
wolfSSL	13:80fb167dafdf	3435	#define WC_MATCH_NAME 1
wolfSSL	13:80fb167dafdf	3436
wolfSSL	13:80fb167dafdf	3437	WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
wolfSSL	13:80fb167dafdf	3438	int type);
wolfSSL	13:80fb167dafdf	3439	WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
wolfSSL	13:80fb167dafdf	3440	DecodedCert* cert);
wolfSSL	13:80fb167dafdf	3441	#endif
wolfSSL	13:80fb167dafdf	3442
wolfSSL	13:80fb167dafdf	3443	WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	13:80fb167dafdf	3444	#ifndef NO_SKID
wolfSSL	13:80fb167dafdf	3445	WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	13:80fb167dafdf	3446	#endif
wolfSSL	13:80fb167dafdf	3447	#endif /* !NO_CERTS */
wolfSSL	13:80fb167dafdf	3448	WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
wolfSSL	13:80fb167dafdf	3449	word32* hashLen);
wolfSSL	13:80fb167dafdf	3450	WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL	13:80fb167dafdf	3451	const byte* sender);
wolfSSL	13:80fb167dafdf	3452	WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL	13:80fb167dafdf	3453	WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL	13:80fb167dafdf	3454	WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL	13:80fb167dafdf	3455
wolfSSL	13:80fb167dafdf	3456	#ifndef NO_TLS
wolfSSL	13:80fb167dafdf	3457	WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3458	WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL	13:80fb167dafdf	3459	word32 sz, int content, int verify);
wolfSSL	13:80fb167dafdf	3460	#endif
wolfSSL	13:80fb167dafdf	3461
wolfSSL	13:80fb167dafdf	3462	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	13:80fb167dafdf	3463	WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3464	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3465	WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3466	#endif
wolfSSL	13:80fb167dafdf	3467	WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3468	WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3469	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	13:80fb167dafdf	3470
wolfSSL	13:80fb167dafdf	3471	WOLFSSL_LOCAL int SendTls13CertificateVerify(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3472
wolfSSL	13:80fb167dafdf	3473	#ifndef NO_WOLFSSL_SERVER
wolfSSL	13:80fb167dafdf	3474	WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3475	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3476	WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3477	#endif
wolfSSL	13:80fb167dafdf	3478	WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3479	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	13:80fb167dafdf	3480
wolfSSL	13:80fb167dafdf	3481	#ifdef WOLFSSL_DTLS
wolfSSL	13:80fb167dafdf	3482	WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	13:80fb167dafdf	3483	WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	13:80fb167dafdf	3484	WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	13:80fb167dafdf	3485	WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	13:80fb167dafdf	3486	word32, word32, void*);
wolfSSL	13:80fb167dafdf	3487	WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	13:80fb167dafdf	3488	WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL, word32, const byte, word32,
wolfSSL	13:80fb167dafdf	3489	byte, word32, word32, void*);
wolfSSL	13:80fb167dafdf	3490	WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	13:80fb167dafdf	3491
wolfSSL	13:80fb167dafdf	3492	WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL, const byte, word32);
wolfSSL	13:80fb167dafdf	3493	WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3494	WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
wolfSSL	13:80fb167dafdf	3495	WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
wolfSSL	13:80fb167dafdf	3496	WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
wolfSSL	13:80fb167dafdf	3497	#endif /* WOLFSSL_DTLS */
wolfSSL	13:80fb167dafdf	3498
wolfSSL	13:80fb167dafdf	3499	#ifndef NO_TLS
wolfSSL	13:80fb167dafdf	3500
wolfSSL	13:80fb167dafdf	3501
wolfSSL	13:80fb167dafdf	3502	#endif /* NO_TLS */
wolfSSL	13:80fb167dafdf	3503
wolfSSL	13:80fb167dafdf	3504	#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
wolfSSL	13:80fb167dafdf	3505	WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
wolfSSL	13:80fb167dafdf	3506	#endif
wolfSSL	13:80fb167dafdf	3507	WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL	13:80fb167dafdf	3508
wolfSSL	13:80fb167dafdf	3509	#ifndef NO_CERTS
wolfSSL	13:80fb167dafdf	3510	WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL	13:80fb167dafdf	3511	WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
wolfSSL	13:80fb167dafdf	3512	WOLFSSL_LOCAL void InitX509(WOLFSSL_X509, int, void heap);
wolfSSL	13:80fb167dafdf	3513	WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL	13:80fb167dafdf	3514	WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509, DecodedCert);
wolfSSL	13:80fb167dafdf	3515	#endif
wolfSSL	13:80fb167dafdf	3516
wolfSSL	13:80fb167dafdf	3517	/* used by ssl.c and internal.c */
wolfSSL	13:80fb167dafdf	3518	WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
wolfSSL	13:80fb167dafdf	3519
wolfSSL	13:80fb167dafdf	3520	WOLFSSL_LOCAL const char* const* GetCipherNames(void);
wolfSSL	13:80fb167dafdf	3521	WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL	13:80fb167dafdf	3522	WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite);
wolfSSL	13:80fb167dafdf	3523	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3524	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite(
wolfSSL	13:80fb167dafdf	3525	const unsigned char cipherSuite, const unsigned char cipherSuite0);
wolfSSL	13:80fb167dafdf	3526
wolfSSL	13:80fb167dafdf	3527	enum encrypt_side {
wolfSSL	13:80fb167dafdf	3528	ENCRYPT_SIDE_ONLY = 1,
wolfSSL	13:80fb167dafdf	3529	DECRYPT_SIDE_ONLY,
wolfSSL	13:80fb167dafdf	3530	ENCRYPT_AND_DECRYPT_SIDE
wolfSSL	13:80fb167dafdf	3531	};
wolfSSL	13:80fb167dafdf	3532
wolfSSL	13:80fb167dafdf	3533	WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL	13:80fb167dafdf	3534
wolfSSL	13:80fb167dafdf	3535
wolfSSL	13:80fb167dafdf	3536	#ifndef NO_DH
wolfSSL	13:80fb167dafdf	3537	WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	13:80fb167dafdf	3538	byte* priv, word32* privSz,
wolfSSL	13:80fb167dafdf	3539	byte* pub, word32* pubSz);
wolfSSL	13:80fb167dafdf	3540	WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	13:80fb167dafdf	3541	const byte* priv, word32 privSz,
wolfSSL	13:80fb167dafdf	3542	const byte* otherPub, word32 otherPubSz,
wolfSSL	13:80fb167dafdf	3543	byte* agree, word32* agreeSz);
wolfSSL	13:80fb167dafdf	3544	#endif /* !NO_DH */
wolfSSL	13:80fb167dafdf	3545
wolfSSL	13:80fb167dafdf	3546	#ifdef HAVE_ECC
wolfSSL	13:80fb167dafdf	3547	WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
wolfSSL	13:80fb167dafdf	3548	#endif
wolfSSL	13:80fb167dafdf	3549
wolfSSL	13:80fb167dafdf	3550	WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3551	WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
wolfSSL	13:80fb167dafdf	3552
wolfSSL	13:80fb167dafdf	3553	WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL	13:80fb167dafdf	3554	const byte* input, int inSz, int type, int hashOutput,
wolfSSL	13:80fb167dafdf	3555	int sizeOnly, int asyncOkay);
wolfSSL	13:80fb167dafdf	3556
wolfSSL	13:80fb167dafdf	3557	#ifdef WOLFSSL_TLS13
wolfSSL	13:80fb167dafdf	3558	int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL	13:80fb167dafdf	3559	int inSz, int type, int hashOutput, int sizeOnly);
wolfSSL	13:80fb167dafdf	3560	#endif
wolfSSL	13:80fb167dafdf	3561
wolfSSL	13:80fb167dafdf	3562	WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL	13:80fb167dafdf	3563	WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL	13:80fb167dafdf	3564
wolfSSL	13:80fb167dafdf	3565	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:80fb167dafdf	3566	WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
wolfSSL	13:80fb167dafdf	3567	WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev,
wolfSSL	13:80fb167dafdf	3568	word32 flags);
wolfSSL	13:80fb167dafdf	3569	#endif
wolfSSL	13:80fb167dafdf	3570
wolfSSL	13:80fb167dafdf	3571
wolfSSL	13:80fb167dafdf	3572	#ifdef __cplusplus
wolfSSL	13:80fb167dafdf	3573	} /* extern "C" */
wolfSSL	13:80fb167dafdf	3574	#endif
wolfSSL	13:80fb167dafdf	3575
wolfSSL	13:80fb167dafdf	3576	#endif /* wolfSSL_INT_H */
wolfSSL	13:80fb167dafdf	3577

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	30 May 2017
Imports:	0
Forks:	0
Commits:	14
Dependents:	0
Dependencies:	0
Followers:	1

This repository is Public (Unlisted).

wolfssl/internal.h@13:80fb167dafdf, 2017-05-30 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning