wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/internal.h@4:1b0d80432c79, 2016-04-28 (annotated)

Committer:: wolfSSL
Date:: Thu Apr 28 00:57:21 2016 +0000
Revision:: 4:1b0d80432c79

wolfSSL 3.9.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	4:1b0d80432c79	1	/* internal.h
wolfSSL	4:1b0d80432c79	2	*
wolfSSL	4:1b0d80432c79	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	4:1b0d80432c79	4	*
wolfSSL	4:1b0d80432c79	5	* This file is part of wolfSSL.
wolfSSL	4:1b0d80432c79	6	*
wolfSSL	4:1b0d80432c79	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	4:1b0d80432c79	8	* it under the terms of the GNU General Public License as published by
wolfSSL	4:1b0d80432c79	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	4:1b0d80432c79	10	* (at your option) any later version.
wolfSSL	4:1b0d80432c79	11	*
wolfSSL	4:1b0d80432c79	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	4:1b0d80432c79	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	4:1b0d80432c79	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	4:1b0d80432c79	15	* GNU General Public License for more details.
wolfSSL	4:1b0d80432c79	16	*
wolfSSL	4:1b0d80432c79	17	* You should have received a copy of the GNU General Public License
wolfSSL	4:1b0d80432c79	18	* along with this program; if not, write to the Free Software
wolfSSL	4:1b0d80432c79	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	4:1b0d80432c79	20	*/
wolfSSL	4:1b0d80432c79	21
wolfSSL	4:1b0d80432c79	22
wolfSSL	4:1b0d80432c79	23
wolfSSL	4:1b0d80432c79	24	#ifndef WOLFSSL_INT_H
wolfSSL	4:1b0d80432c79	25	#define WOLFSSL_INT_H
wolfSSL	4:1b0d80432c79	26
wolfSSL	4:1b0d80432c79	27
wolfSSL	4:1b0d80432c79	28	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	4:1b0d80432c79	29	#include <wolfssl/ssl.h>
wolfSSL	4:1b0d80432c79	30	#ifdef HAVE_CRL
wolfSSL	4:1b0d80432c79	31	#include <wolfssl/crl.h>
wolfSSL	4:1b0d80432c79	32	#endif
wolfSSL	4:1b0d80432c79	33	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	4:1b0d80432c79	34	#ifndef NO_DES3
wolfSSL	4:1b0d80432c79	35	#include <wolfssl/wolfcrypt/des3.h>
wolfSSL	4:1b0d80432c79	36	#endif
wolfSSL	4:1b0d80432c79	37	#ifndef NO_HC128
wolfSSL	4:1b0d80432c79	38	#include <wolfssl/wolfcrypt/hc128.h>
wolfSSL	4:1b0d80432c79	39	#endif
wolfSSL	4:1b0d80432c79	40	#ifndef NO_RABBIT
wolfSSL	4:1b0d80432c79	41	#include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL	4:1b0d80432c79	42	#endif
wolfSSL	4:1b0d80432c79	43	#ifdef HAVE_CHACHA
wolfSSL	4:1b0d80432c79	44	#include <wolfssl/wolfcrypt/chacha.h>
wolfSSL	4:1b0d80432c79	45	#endif
wolfSSL	4:1b0d80432c79	46	#ifndef NO_ASN
wolfSSL	4:1b0d80432c79	47	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	4:1b0d80432c79	48	#endif
wolfSSL	4:1b0d80432c79	49	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	50	#include <wolfssl/wolfcrypt/md5.h>
wolfSSL	4:1b0d80432c79	51	#endif
wolfSSL	4:1b0d80432c79	52	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	53	#include <wolfssl/wolfcrypt/sha.h>
wolfSSL	4:1b0d80432c79	54	#endif
wolfSSL	4:1b0d80432c79	55	#ifndef NO_AES
wolfSSL	4:1b0d80432c79	56	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	4:1b0d80432c79	57	#endif
wolfSSL	4:1b0d80432c79	58	#ifdef HAVE_POLY1305
wolfSSL	4:1b0d80432c79	59	#include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL	4:1b0d80432c79	60	#endif
wolfSSL	4:1b0d80432c79	61	#ifdef HAVE_CAMELLIA
wolfSSL	4:1b0d80432c79	62	#include <wolfssl/wolfcrypt/camellia.h>
wolfSSL	4:1b0d80432c79	63	#endif
wolfSSL	4:1b0d80432c79	64	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	4:1b0d80432c79	65	#ifndef NO_HMAC
wolfSSL	4:1b0d80432c79	66	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	4:1b0d80432c79	67	#endif
wolfSSL	4:1b0d80432c79	68	#ifndef NO_RC4
wolfSSL	4:1b0d80432c79	69	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	4:1b0d80432c79	70	#endif
wolfSSL	4:1b0d80432c79	71	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	72	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	4:1b0d80432c79	73	#endif
wolfSSL	4:1b0d80432c79	74	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	75	#include <wolfssl/wolfcrypt/sha256.h>
wolfSSL	4:1b0d80432c79	76	#endif
wolfSSL	4:1b0d80432c79	77	#ifdef HAVE_OCSP
wolfSSL	4:1b0d80432c79	78	#include <wolfssl/ocsp.h>
wolfSSL	4:1b0d80432c79	79	#endif
wolfSSL	4:1b0d80432c79	80	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	81	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	4:1b0d80432c79	82	#endif
wolfSSL	4:1b0d80432c79	83
wolfSSL	4:1b0d80432c79	84	#ifdef HAVE_AESGCM
wolfSSL	4:1b0d80432c79	85	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	4:1b0d80432c79	86	#endif
wolfSSL	4:1b0d80432c79	87
wolfSSL	4:1b0d80432c79	88	#ifdef WOLFSSL_RIPEMD
wolfSSL	4:1b0d80432c79	89	#include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL	4:1b0d80432c79	90	#endif
wolfSSL	4:1b0d80432c79	91
wolfSSL	4:1b0d80432c79	92	#ifdef HAVE_IDEA
wolfSSL	4:1b0d80432c79	93	#include <wolfssl/wolfcrypt/idea.h>
wolfSSL	4:1b0d80432c79	94	#endif
wolfSSL	4:1b0d80432c79	95
wolfSSL	4:1b0d80432c79	96	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	4:1b0d80432c79	97
wolfSSL	4:1b0d80432c79	98	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	99	#include <wolfssl/callbacks.h>
wolfSSL	4:1b0d80432c79	100	#include <signal.h>
wolfSSL	4:1b0d80432c79	101	#endif
wolfSSL	4:1b0d80432c79	102
wolfSSL	4:1b0d80432c79	103	#ifdef USE_WINDOWS_API
wolfSSL	4:1b0d80432c79	104	#ifdef WOLFSSL_GAME_BUILD
wolfSSL	4:1b0d80432c79	105	#include "system/xtl.h"
wolfSSL	4:1b0d80432c79	106	#else
wolfSSL	4:1b0d80432c79	107	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	4:1b0d80432c79	108	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	4:1b0d80432c79	109	#include <winsock2.h>
wolfSSL	4:1b0d80432c79	110	#endif
wolfSSL	4:1b0d80432c79	111	#include <windows.h>
wolfSSL	4:1b0d80432c79	112	#endif
wolfSSL	4:1b0d80432c79	113	#elif defined(THREADX)
wolfSSL	4:1b0d80432c79	114	#ifndef SINGLE_THREADED
wolfSSL	4:1b0d80432c79	115	#include "tx_api.h"
wolfSSL	4:1b0d80432c79	116	#endif
wolfSSL	4:1b0d80432c79	117	#elif defined(MICRIUM)
wolfSSL	4:1b0d80432c79	118	/* do nothing, just don't pick Unix */
wolfSSL	4:1b0d80432c79	119	#elif defined(FREERTOS) \|\| defined(FREERTOS_TCP) \|\| defined(WOLFSSL_SAFERTOS)
wolfSSL	4:1b0d80432c79	120	/* do nothing */
wolfSSL	4:1b0d80432c79	121	#elif defined(EBSNET)
wolfSSL	4:1b0d80432c79	122	/* do nothing */
wolfSSL	4:1b0d80432c79	123	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	4:1b0d80432c79	124	/* do nothing */
wolfSSL	4:1b0d80432c79	125	#elif defined(FREESCALE_FREE_RTOS)
wolfSSL	4:1b0d80432c79	126	#include "fsl_os_abstraction.h"
wolfSSL	4:1b0d80432c79	127	#elif defined(WOLFSSL_uITRON4)
wolfSSL	4:1b0d80432c79	128	/* do nothing */
wolfSSL	4:1b0d80432c79	129	#elif defined(WOLFSSL_uTKERNEL2)
wolfSSL	4:1b0d80432c79	130	/* do nothing */
wolfSSL	4:1b0d80432c79	131	#elif defined(WOLFSSL_MDK_ARM)
wolfSSL	4:1b0d80432c79	132	#if defined(WOLFSSL_MDK5)
wolfSSL	4:1b0d80432c79	133	#include "cmsis_os.h"
wolfSSL	4:1b0d80432c79	134	#else
wolfSSL	4:1b0d80432c79	135	#include <rtl.h>
wolfSSL	4:1b0d80432c79	136	#endif
wolfSSL	4:1b0d80432c79	137	#elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL	4:1b0d80432c79	138	#include "cmsis_os.h"
wolfSSL	4:1b0d80432c79	139	#elif defined(MBED)
wolfSSL	4:1b0d80432c79	140	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	4:1b0d80432c79	141	/* do nothing */
wolfSSL	4:1b0d80432c79	142	#else
wolfSSL	4:1b0d80432c79	143	#ifndef SINGLE_THREADED
wolfSSL	4:1b0d80432c79	144	#define WOLFSSL_PTHREADS
wolfSSL	4:1b0d80432c79	145	#include <pthread.h>
wolfSSL	4:1b0d80432c79	146	#endif
wolfSSL	4:1b0d80432c79	147	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	4:1b0d80432c79	148	#include <unistd.h> /* for close of BIO */
wolfSSL	4:1b0d80432c79	149	#endif
wolfSSL	4:1b0d80432c79	150	#endif
wolfSSL	4:1b0d80432c79	151
wolfSSL	4:1b0d80432c79	152
wolfSSL	4:1b0d80432c79	153	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	154	#include "zlib.h"
wolfSSL	4:1b0d80432c79	155	#endif
wolfSSL	4:1b0d80432c79	156
wolfSSL	4:1b0d80432c79	157	#ifdef _MSC_VER
wolfSSL	4:1b0d80432c79	158	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	4:1b0d80432c79	159	#pragma warning(disable: 4996)
wolfSSL	4:1b0d80432c79	160	#endif
wolfSSL	4:1b0d80432c79	161
wolfSSL	4:1b0d80432c79	162	#ifdef NO_AES
wolfSSL	4:1b0d80432c79	163	#if !defined (ALIGN16)
wolfSSL	4:1b0d80432c79	164	#define ALIGN16
wolfSSL	4:1b0d80432c79	165	#endif
wolfSSL	4:1b0d80432c79	166	#endif
wolfSSL	4:1b0d80432c79	167
wolfSSL	4:1b0d80432c79	168	#ifdef NO_SHA
wolfSSL	4:1b0d80432c79	169	#define SHA_DIGEST_SIZE 20
wolfSSL	4:1b0d80432c79	170	#endif
wolfSSL	4:1b0d80432c79	171
wolfSSL	4:1b0d80432c79	172	#ifdef NO_SHA256
wolfSSL	4:1b0d80432c79	173	#define SHA256_DIGEST_SIZE 32
wolfSSL	4:1b0d80432c79	174	#endif
wolfSSL	4:1b0d80432c79	175
wolfSSL	4:1b0d80432c79	176	#ifdef NO_MD5
wolfSSL	4:1b0d80432c79	177	#define MD5_DIGEST_SIZE 16
wolfSSL	4:1b0d80432c79	178	#endif
wolfSSL	4:1b0d80432c79	179
wolfSSL	4:1b0d80432c79	180
wolfSSL	4:1b0d80432c79	181	#ifdef __cplusplus
wolfSSL	4:1b0d80432c79	182	extern "C" {
wolfSSL	4:1b0d80432c79	183	#endif
wolfSSL	4:1b0d80432c79	184
wolfSSL	4:1b0d80432c79	185
wolfSSL	4:1b0d80432c79	186	#ifdef USE_WINDOWS_API
wolfSSL	4:1b0d80432c79	187	typedef unsigned int SOCKET_T;
wolfSSL	4:1b0d80432c79	188	#else
wolfSSL	4:1b0d80432c79	189	typedef int SOCKET_T;
wolfSSL	4:1b0d80432c79	190	#endif
wolfSSL	4:1b0d80432c79	191
wolfSSL	4:1b0d80432c79	192
wolfSSL	4:1b0d80432c79	193	typedef byte word24[3];
wolfSSL	4:1b0d80432c79	194
wolfSSL	4:1b0d80432c79	195	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	4:1b0d80432c79	196	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	4:1b0d80432c79	197
wolfSSL	4:1b0d80432c79	198	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	4:1b0d80432c79	199
wolfSSL	4:1b0d80432c79	200	Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL	4:1b0d80432c79	201	flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL	4:1b0d80432c79	202	Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL	4:1b0d80432c79	203	need to be switched off. Allowed suites use (EC)DHE, AES-GCM\|CCM, or
wolfSSL	4:1b0d80432c79	204	CHACHA-POLY.
wolfSSL	4:1b0d80432c79	205	*/
wolfSSL	4:1b0d80432c79	206
wolfSSL	4:1b0d80432c79	207	/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL	4:1b0d80432c79	208	* not turned off. */
wolfSSL	4:1b0d80432c79	209	#if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL	4:1b0d80432c79	210	((!defined(HAVE_ECC) && (defined(NO_DH) \|\| defined(NO_RSA))) \|\| \
wolfSSL	4:1b0d80432c79	211	(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL	4:1b0d80432c79	212	(!defined(HAVE_POLY1305) \|\| !defined(HAVE_CHACHA))) \|\| \
wolfSSL	4:1b0d80432c79	213	(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) \|\| \
wolfSSL	4:1b0d80432c79	214	!defined(NO_OLD_TLS))
wolfSSL	4:1b0d80432c79	215
wolfSSL	4:1b0d80432c79	216	#error "You are trying to build max strength with requirements disabled."
wolfSSL	4:1b0d80432c79	217	#endif
wolfSSL	4:1b0d80432c79	218
wolfSSL	4:1b0d80432c79	219	/* Have QSH : Quantum-safe Handshake */
wolfSSL	4:1b0d80432c79	220	#if defined(HAVE_QSH)
wolfSSL	4:1b0d80432c79	221	#define BUILD_TLS_QSH
wolfSSL	4:1b0d80432c79	222	#endif
wolfSSL	4:1b0d80432c79	223
wolfSSL	4:1b0d80432c79	224	#ifndef WOLFSSL_MAX_STRENGTH
wolfSSL	4:1b0d80432c79	225
wolfSSL	4:1b0d80432c79	226	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	4:1b0d80432c79	227	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	228	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	229	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	230	#endif
wolfSSL	4:1b0d80432c79	231	#if !defined(NO_MD5)
wolfSSL	4:1b0d80432c79	232	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	4:1b0d80432c79	233	#endif
wolfSSL	4:1b0d80432c79	234	#endif
wolfSSL	4:1b0d80432c79	235	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
wolfSSL	4:1b0d80432c79	236	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	237	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	238	#endif
wolfSSL	4:1b0d80432c79	239	#endif
wolfSSL	4:1b0d80432c79	240
wolfSSL	4:1b0d80432c79	241	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	4:1b0d80432c79	242	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	243	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	244	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	245	#endif
wolfSSL	4:1b0d80432c79	246	#if !defined(NO_TLS) && defined(HAVE_NTRU) \
wolfSSL	4:1b0d80432c79	247	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	248	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	249	#endif
wolfSSL	4:1b0d80432c79	250	#endif
wolfSSL	4:1b0d80432c79	251	#endif
wolfSSL	4:1b0d80432c79	252
wolfSSL	4:1b0d80432c79	253	#if !defined(NO_RSA) && defined(HAVE_IDEA)
wolfSSL	4:1b0d80432c79	254	#if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	255	#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	4:1b0d80432c79	256	#endif
wolfSSL	4:1b0d80432c79	257	#endif
wolfSSL	4:1b0d80432c79	258
wolfSSL	4:1b0d80432c79	259	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	260	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	261	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	262	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	263	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	264	#endif
wolfSSL	4:1b0d80432c79	265	#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	266	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	267	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	268	#endif
wolfSSL	4:1b0d80432c79	269	#endif
wolfSSL	4:1b0d80432c79	270	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	271	#if !defined (NO_SHA256)
wolfSSL	4:1b0d80432c79	272	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	273	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	274	#endif
wolfSSL	4:1b0d80432c79	275	#if defined (HAVE_AESGCM)
wolfSSL	4:1b0d80432c79	276	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	277	#if defined (WOLFSSL_SHA384)
wolfSSL	4:1b0d80432c79	278	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	279	#endif
wolfSSL	4:1b0d80432c79	280	#endif
wolfSSL	4:1b0d80432c79	281	#if defined (HAVE_AESCCM)
wolfSSL	4:1b0d80432c79	282	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	283	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	284	#endif
wolfSSL	4:1b0d80432c79	285	#if defined(HAVE_BLAKE2)
wolfSSL	4:1b0d80432c79	286	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	4:1b0d80432c79	287	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	4:1b0d80432c79	288	#endif
wolfSSL	4:1b0d80432c79	289	#endif
wolfSSL	4:1b0d80432c79	290	#endif
wolfSSL	4:1b0d80432c79	291
wolfSSL	4:1b0d80432c79	292	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	293	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	294	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	295	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	296	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	297	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	298	#endif
wolfSSL	4:1b0d80432c79	299	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	300	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	301	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	302	#endif
wolfSSL	4:1b0d80432c79	303	#endif
wolfSSL	4:1b0d80432c79	304	#if !defined(NO_DH)
wolfSSL	4:1b0d80432c79	305	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	306	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	307	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	308	#endif
wolfSSL	4:1b0d80432c79	309	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	310	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	311	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	312	#endif
wolfSSL	4:1b0d80432c79	313	#endif
wolfSSL	4:1b0d80432c79	314	#endif
wolfSSL	4:1b0d80432c79	315	#endif
wolfSSL	4:1b0d80432c79	316
wolfSSL	4:1b0d80432c79	317	#if defined(WOLFSSL_STATIC_PSK)
wolfSSL	4:1b0d80432c79	318	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	319	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	320	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	321	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	322	#endif
wolfSSL	4:1b0d80432c79	323	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	324	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	325	#ifdef HAVE_AESGCM
wolfSSL	4:1b0d80432c79	326	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	327	#endif
wolfSSL	4:1b0d80432c79	328	#ifdef HAVE_AESCCM
wolfSSL	4:1b0d80432c79	329	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	330	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	331	#define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	332	#define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	333	#endif
wolfSSL	4:1b0d80432c79	334	#endif
wolfSSL	4:1b0d80432c79	335	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	336	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	337	#ifdef HAVE_AESGCM
wolfSSL	4:1b0d80432c79	338	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	339	#endif
wolfSSL	4:1b0d80432c79	340	#endif
wolfSSL	4:1b0d80432c79	341	#endif
wolfSSL	4:1b0d80432c79	342	#endif
wolfSSL	4:1b0d80432c79	343
wolfSSL	4:1b0d80432c79	344	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	4:1b0d80432c79	345	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	346	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	347	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	348	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	349	#endif
wolfSSL	4:1b0d80432c79	350	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	351	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	352	#endif
wolfSSL	4:1b0d80432c79	353	#endif
wolfSSL	4:1b0d80432c79	354	#endif
wolfSSL	4:1b0d80432c79	355	#if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
wolfSSL	4:1b0d80432c79	356	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	357	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	358	#endif
wolfSSL	4:1b0d80432c79	359	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	360	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	361	#endif
wolfSSL	4:1b0d80432c79	362	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	363	#define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	364	#endif
wolfSSL	4:1b0d80432c79	365	#endif
wolfSSL	4:1b0d80432c79	366	#endif
wolfSSL	4:1b0d80432c79	367
wolfSSL	4:1b0d80432c79	368	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	4:1b0d80432c79	369	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	370	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	371	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	4:1b0d80432c79	372	#endif
wolfSSL	4:1b0d80432c79	373	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	374	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	4:1b0d80432c79	375	#endif
wolfSSL	4:1b0d80432c79	376	#if defined(HAVE_BLAKE2)
wolfSSL	4:1b0d80432c79	377	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	4:1b0d80432c79	378	#endif
wolfSSL	4:1b0d80432c79	379	#endif
wolfSSL	4:1b0d80432c79	380
wolfSSL	4:1b0d80432c79	381	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	382	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	383	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	4:1b0d80432c79	384	#endif
wolfSSL	4:1b0d80432c79	385	#endif
wolfSSL	4:1b0d80432c79	386	#endif
wolfSSL	4:1b0d80432c79	387
wolfSSL	4:1b0d80432c79	388	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	4:1b0d80432c79	389	!defined(NO_RSA)
wolfSSL	4:1b0d80432c79	390
wolfSSL	4:1b0d80432c79	391	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	392	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	393	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	394	#endif
wolfSSL	4:1b0d80432c79	395	#if !defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	396	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	397	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	398	#endif
wolfSSL	4:1b0d80432c79	399	#endif
wolfSSL	4:1b0d80432c79	400
wolfSSL	4:1b0d80432c79	401	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL	4:1b0d80432c79	402	!defined(NO_AES) && !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	403	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	404	#endif
wolfSSL	4:1b0d80432c79	405
wolfSSL	4:1b0d80432c79	406	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	407	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	408	#ifndef NO_AES
wolfSSL	4:1b0d80432c79	409	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	410	#endif
wolfSSL	4:1b0d80432c79	411	#ifdef HAVE_NULL_CIPHER
wolfSSL	4:1b0d80432c79	412	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	413	#endif
wolfSSL	4:1b0d80432c79	414	#endif
wolfSSL	4:1b0d80432c79	415	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	416	#ifndef NO_AES
wolfSSL	4:1b0d80432c79	417	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	418	#endif
wolfSSL	4:1b0d80432c79	419	#ifdef HAVE_NULL_CIPHER
wolfSSL	4:1b0d80432c79	420	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	421	#endif
wolfSSL	4:1b0d80432c79	422	#endif
wolfSSL	4:1b0d80432c79	423	#endif
wolfSSL	4:1b0d80432c79	424
wolfSSL	4:1b0d80432c79	425	#if defined(HAVE_ECC) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	426	#if !defined(NO_AES)
wolfSSL	4:1b0d80432c79	427	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	428	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	429	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	430	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	431	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	432	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	433	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	434	#endif
wolfSSL	4:1b0d80432c79	435	#endif
wolfSSL	4:1b0d80432c79	436
wolfSSL	4:1b0d80432c79	437	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	438	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	439
wolfSSL	4:1b0d80432c79	440	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	441	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	442	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	443	#endif
wolfSSL	4:1b0d80432c79	444	#endif /* NO_SHA */
wolfSSL	4:1b0d80432c79	445	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	446	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	447	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	448	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	449	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	450	#endif
wolfSSL	4:1b0d80432c79	451	#endif
wolfSSL	4:1b0d80432c79	452	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	453	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	454	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	455	#endif
wolfSSL	4:1b0d80432c79	456	#endif
wolfSSL	4:1b0d80432c79	457
wolfSSL	4:1b0d80432c79	458	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	459	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	460	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	461	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	462	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	463	#endif
wolfSSL	4:1b0d80432c79	464	#endif
wolfSSL	4:1b0d80432c79	465	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	466	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	467	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	468	#endif
wolfSSL	4:1b0d80432c79	469	#endif
wolfSSL	4:1b0d80432c79	470
wolfSSL	4:1b0d80432c79	471	#if defined (HAVE_AESGCM)
wolfSSL	4:1b0d80432c79	472	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	473	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	474	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	475	#endif
wolfSSL	4:1b0d80432c79	476	#if defined(WOLFSSL_SHA384)
wolfSSL	4:1b0d80432c79	477	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	478	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	479	#endif
wolfSSL	4:1b0d80432c79	480	#endif
wolfSSL	4:1b0d80432c79	481	#endif
wolfSSL	4:1b0d80432c79	482
wolfSSL	4:1b0d80432c79	483	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	484	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	485	#endif
wolfSSL	4:1b0d80432c79	486
wolfSSL	4:1b0d80432c79	487	#if defined(WOLFSSL_SHA384)
wolfSSL	4:1b0d80432c79	488	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	489	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	490	#endif
wolfSSL	4:1b0d80432c79	491	#endif
wolfSSL	4:1b0d80432c79	492	#endif
wolfSSL	4:1b0d80432c79	493	#endif /* NO_AES */
wolfSSL	4:1b0d80432c79	494	#if !defined(NO_RC4)
wolfSSL	4:1b0d80432c79	495	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	496	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	497	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	498	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	499	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	500	#endif
wolfSSL	4:1b0d80432c79	501	#endif
wolfSSL	4:1b0d80432c79	502
wolfSSL	4:1b0d80432c79	503	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	504	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	505	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	506	#endif
wolfSSL	4:1b0d80432c79	507	#endif
wolfSSL	4:1b0d80432c79	508	#endif
wolfSSL	4:1b0d80432c79	509	#if !defined(NO_DES3)
wolfSSL	4:1b0d80432c79	510	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	511	#if !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	512	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	513	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	514	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	515	#endif
wolfSSL	4:1b0d80432c79	516	#endif
wolfSSL	4:1b0d80432c79	517
wolfSSL	4:1b0d80432c79	518	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	519	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	4:1b0d80432c79	520	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	521	#endif
wolfSSL	4:1b0d80432c79	522	#endif /* NO_SHA */
wolfSSL	4:1b0d80432c79	523	#endif
wolfSSL	4:1b0d80432c79	524	#if defined(HAVE_NULL_CIPHER)
wolfSSL	4:1b0d80432c79	525	#if !defined(NO_SHA)
wolfSSL	4:1b0d80432c79	526	#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	527	#endif
wolfSSL	4:1b0d80432c79	528	#if !defined(NO_PSK) && !defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	529	#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	530	#endif
wolfSSL	4:1b0d80432c79	531	#endif
wolfSSL	4:1b0d80432c79	532	#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
wolfSSL	4:1b0d80432c79	533	#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	534	#endif
wolfSSL	4:1b0d80432c79	535	#endif
wolfSSL	4:1b0d80432c79	536	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	537	#if !defined(NO_OLD_POLY1305)
wolfSSL	4:1b0d80432c79	538	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	539	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	540	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	541	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	542	#endif
wolfSSL	4:1b0d80432c79	543	#endif
wolfSSL	4:1b0d80432c79	544	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	545	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	546	#endif
wolfSSL	4:1b0d80432c79	547	#endif /* NO_OLD_POLY1305 */
wolfSSL	4:1b0d80432c79	548	#if !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	549	#define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	550	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	551	#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	552	#endif
wolfSSL	4:1b0d80432c79	553	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	554	#define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	555	#endif
wolfSSL	4:1b0d80432c79	556	#endif /* !NO_PSK */
wolfSSL	4:1b0d80432c79	557	#endif
wolfSSL	4:1b0d80432c79	558
wolfSSL	4:1b0d80432c79	559	#endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL	4:1b0d80432c79	560
wolfSSL	4:1b0d80432c79	561	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	4:1b0d80432c79	562	!defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL	4:1b0d80432c79	563
wolfSSL	4:1b0d80432c79	564	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	565	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	566	#endif
wolfSSL	4:1b0d80432c79	567
wolfSSL	4:1b0d80432c79	568	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	569	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	570	#endif
wolfSSL	4:1b0d80432c79	571	#endif
wolfSSL	4:1b0d80432c79	572
wolfSSL	4:1b0d80432c79	573	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	4:1b0d80432c79	574	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	575	#ifdef HAVE_AESGCM
wolfSSL	4:1b0d80432c79	576	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	577	#endif
wolfSSL	4:1b0d80432c79	578	#ifdef HAVE_AESCCM
wolfSSL	4:1b0d80432c79	579	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	580	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	581	#endif
wolfSSL	4:1b0d80432c79	582	#endif
wolfSSL	4:1b0d80432c79	583	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL	4:1b0d80432c79	584	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	585	#endif
wolfSSL	4:1b0d80432c79	586	#endif
wolfSSL	4:1b0d80432c79	587
wolfSSL	4:1b0d80432c79	588	#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
wolfSSL	4:1b0d80432c79	589	#ifdef HAVE_AESGCM
wolfSSL	4:1b0d80432c79	590	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	591	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	592	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	593	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	594	#endif
wolfSSL	4:1b0d80432c79	595	#endif
wolfSSL	4:1b0d80432c79	596	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	597	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	598	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	599	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	600	#endif
wolfSSL	4:1b0d80432c79	601	#endif
wolfSSL	4:1b0d80432c79	602	#endif
wolfSSL	4:1b0d80432c79	603	#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	604	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	605	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	606	#endif
wolfSSL	4:1b0d80432c79	607	#endif
wolfSSL	4:1b0d80432c79	608
wolfSSL	4:1b0d80432c79	609	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	610	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	611	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	612	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	613	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	614	#endif
wolfSSL	4:1b0d80432c79	615	#endif
wolfSSL	4:1b0d80432c79	616	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	617	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	618	#endif
wolfSSL	4:1b0d80432c79	619	#endif
wolfSSL	4:1b0d80432c79	620
wolfSSL	4:1b0d80432c79	621
wolfSSL	4:1b0d80432c79	622	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	4:1b0d80432c79	623	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	4:1b0d80432c79	624	#define BUILD_ARC4
wolfSSL	4:1b0d80432c79	625	#endif
wolfSSL	4:1b0d80432c79	626
wolfSSL	4:1b0d80432c79	627	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	4:1b0d80432c79	628	#define BUILD_DES3
wolfSSL	4:1b0d80432c79	629	#endif
wolfSSL	4:1b0d80432c79	630
wolfSSL	4:1b0d80432c79	631	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	4:1b0d80432c79	632	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	4:1b0d80432c79	633	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) \|\| \
wolfSSL	4:1b0d80432c79	634	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
wolfSSL	4:1b0d80432c79	635	#undef BUILD_AES
wolfSSL	4:1b0d80432c79	636	#define BUILD_AES
wolfSSL	4:1b0d80432c79	637	#endif
wolfSSL	4:1b0d80432c79	638
wolfSSL	4:1b0d80432c79	639	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	4:1b0d80432c79	640	defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	4:1b0d80432c79	641	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	4:1b0d80432c79	642	defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	4:1b0d80432c79	643	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256)
wolfSSL	4:1b0d80432c79	644	#define BUILD_AESGCM
wolfSSL	4:1b0d80432c79	645	#endif
wolfSSL	4:1b0d80432c79	646
wolfSSL	4:1b0d80432c79	647	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	4:1b0d80432c79	648	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
wolfSSL	4:1b0d80432c79	649	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL	4:1b0d80432c79	650	#define BUILD_HC128
wolfSSL	4:1b0d80432c79	651	#endif
wolfSSL	4:1b0d80432c79	652
wolfSSL	4:1b0d80432c79	653	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	4:1b0d80432c79	654	#define BUILD_RABBIT
wolfSSL	4:1b0d80432c79	655	#endif
wolfSSL	4:1b0d80432c79	656
wolfSSL	4:1b0d80432c79	657	#ifdef NO_DES3
wolfSSL	4:1b0d80432c79	658	#define DES_BLOCK_SIZE 8
wolfSSL	4:1b0d80432c79	659	#else
wolfSSL	4:1b0d80432c79	660	#undef BUILD_DES3
wolfSSL	4:1b0d80432c79	661	#define BUILD_DES3
wolfSSL	4:1b0d80432c79	662	#endif
wolfSSL	4:1b0d80432c79	663
wolfSSL	4:1b0d80432c79	664	#ifdef NO_AES
wolfSSL	4:1b0d80432c79	665	#define AES_BLOCK_SIZE 16
wolfSSL	4:1b0d80432c79	666	#else
wolfSSL	4:1b0d80432c79	667	#undef BUILD_AES
wolfSSL	4:1b0d80432c79	668	#define BUILD_AES
wolfSSL	4:1b0d80432c79	669	#endif
wolfSSL	4:1b0d80432c79	670
wolfSSL	4:1b0d80432c79	671	#ifndef NO_RC4
wolfSSL	4:1b0d80432c79	672	#undef BUILD_ARC4
wolfSSL	4:1b0d80432c79	673	#define BUILD_ARC4
wolfSSL	4:1b0d80432c79	674	#endif
wolfSSL	4:1b0d80432c79	675
wolfSSL	4:1b0d80432c79	676	#ifdef HAVE_CHACHA
wolfSSL	4:1b0d80432c79	677	#define CHACHA20_BLOCK_SIZE 16
wolfSSL	4:1b0d80432c79	678	#endif
wolfSSL	4:1b0d80432c79	679
wolfSSL	4:1b0d80432c79	680	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	4:1b0d80432c79	681	defined(HAVE_AESGCM) \|\| defined(HAVE_AESCCM) \|\| \
wolfSSL	4:1b0d80432c79	682	(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
wolfSSL	4:1b0d80432c79	683
wolfSSL	4:1b0d80432c79	684	#define HAVE_AEAD
wolfSSL	4:1b0d80432c79	685	#endif
wolfSSL	4:1b0d80432c79	686
wolfSSL	4:1b0d80432c79	687	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	4:1b0d80432c79	688	defined(HAVE_ECC) \|\| !defined(NO_DH)
wolfSSL	4:1b0d80432c79	689
wolfSSL	4:1b0d80432c79	690	#define HAVE_PFS
wolfSSL	4:1b0d80432c79	691	#endif
wolfSSL	4:1b0d80432c79	692
wolfSSL	4:1b0d80432c79	693	#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
wolfSSL	4:1b0d80432c79	694	#define BUILD_IDEA
wolfSSL	4:1b0d80432c79	695	#endif
wolfSSL	4:1b0d80432c79	696
wolfSSL	4:1b0d80432c79	697	/* actual cipher values, 2nd byte */
wolfSSL	4:1b0d80432c79	698	enum {
wolfSSL	4:1b0d80432c79	699	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	4:1b0d80432c79	700	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	4:1b0d80432c79	701	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL	4:1b0d80432c79	702	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	4:1b0d80432c79	703	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	4:1b0d80432c79	704	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	4:1b0d80432c79	705	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	4:1b0d80432c79	706	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	4:1b0d80432c79	707	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL	4:1b0d80432c79	708	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	4:1b0d80432c79	709	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	4:1b0d80432c79	710	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL	4:1b0d80432c79	711	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	4:1b0d80432c79	712	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	4:1b0d80432c79	713	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	4:1b0d80432c79	714	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	4:1b0d80432c79	715	SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
wolfSSL	4:1b0d80432c79	716
wolfSSL	4:1b0d80432c79	717	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	4:1b0d80432c79	718	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	4:1b0d80432c79	719	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	4:1b0d80432c79	720	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	4:1b0d80432c79	721	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	4:1b0d80432c79	722	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	4:1b0d80432c79	723	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	4:1b0d80432c79	724	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	4:1b0d80432c79	725	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	4:1b0d80432c79	726	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	4:1b0d80432c79	727	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	4:1b0d80432c79	728	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	4:1b0d80432c79	729	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	4:1b0d80432c79	730	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
wolfSSL	4:1b0d80432c79	731	TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
wolfSSL	4:1b0d80432c79	732	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
wolfSSL	4:1b0d80432c79	733
wolfSSL	4:1b0d80432c79	734	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	4:1b0d80432c79	735	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	4:1b0d80432c79	736	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	4:1b0d80432c79	737	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	4:1b0d80432c79	738	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	4:1b0d80432c79	739	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	4:1b0d80432c79	740	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	4:1b0d80432c79	741	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	4:1b0d80432c79	742	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	4:1b0d80432c79	743	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	4:1b0d80432c79	744	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	4:1b0d80432c79	745	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	4:1b0d80432c79	746	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	4:1b0d80432c79	747
wolfSSL	4:1b0d80432c79	748	/* wolfSSL extension - eSTREAM */
wolfSSL	4:1b0d80432c79	749	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	4:1b0d80432c79	750	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	4:1b0d80432c79	751	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	4:1b0d80432c79	752
wolfSSL	4:1b0d80432c79	753	/* wolfSSL extension - Blake2b 256 */
wolfSSL	4:1b0d80432c79	754	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL	4:1b0d80432c79	755	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL	4:1b0d80432c79	756	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL	4:1b0d80432c79	757
wolfSSL	4:1b0d80432c79	758	/* wolfSSL extension - NTRU */
wolfSSL	4:1b0d80432c79	759	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	4:1b0d80432c79	760	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	4:1b0d80432c79	761	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL	4:1b0d80432c79	762	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	4:1b0d80432c79	763
wolfSSL	4:1b0d80432c79	764	/* wolfSSL extension - NTRU , Quantum-safe Handshake
wolfSSL	4:1b0d80432c79	765	first byte is 0xD0 (QSH_BYTE) */
wolfSSL	4:1b0d80432c79	766	TLS_QSH = 0x01,
wolfSSL	4:1b0d80432c79	767
wolfSSL	4:1b0d80432c79	768	/* SHA256 */
wolfSSL	4:1b0d80432c79	769	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	4:1b0d80432c79	770	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	4:1b0d80432c79	771	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	4:1b0d80432c79	772	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	4:1b0d80432c79	773	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	4:1b0d80432c79	774	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL	4:1b0d80432c79	775	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL	4:1b0d80432c79	776
wolfSSL	4:1b0d80432c79	777	/* SHA384 */
wolfSSL	4:1b0d80432c79	778	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL	4:1b0d80432c79	779	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL	4:1b0d80432c79	780
wolfSSL	4:1b0d80432c79	781	/* AES-GCM */
wolfSSL	4:1b0d80432c79	782	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	4:1b0d80432c79	783	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	4:1b0d80432c79	784	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	4:1b0d80432c79	785	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	4:1b0d80432c79	786	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL	4:1b0d80432c79	787	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL	4:1b0d80432c79	788	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL	4:1b0d80432c79	789	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL	4:1b0d80432c79	790
wolfSSL	4:1b0d80432c79	791	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	4:1b0d80432c79	792	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	4:1b0d80432c79	793	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	4:1b0d80432c79	794	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	4:1b0d80432c79	795	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	4:1b0d80432c79	796	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	4:1b0d80432c79	797	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	4:1b0d80432c79	798	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	4:1b0d80432c79	799	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	4:1b0d80432c79	800
wolfSSL	4:1b0d80432c79	801	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	4:1b0d80432c79	802	* also, in some of the other AES-CCM suites
wolfSSL	4:1b0d80432c79	803	* there will be second byte number conflicts
wolfSSL	4:1b0d80432c79	804	* with non-ECC AES-GCM */
wolfSSL	4:1b0d80432c79	805	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	4:1b0d80432c79	806	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	4:1b0d80432c79	807	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	4:1b0d80432c79	808	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	4:1b0d80432c79	809	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	4:1b0d80432c79	810	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	4:1b0d80432c79	811	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	4:1b0d80432c79	812	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	4:1b0d80432c79	813	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL	4:1b0d80432c79	814	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL	4:1b0d80432c79	815
wolfSSL	4:1b0d80432c79	816	/* Camellia */
wolfSSL	4:1b0d80432c79	817	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	4:1b0d80432c79	818	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	4:1b0d80432c79	819	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	4:1b0d80432c79	820	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	4:1b0d80432c79	821	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	4:1b0d80432c79	822	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	4:1b0d80432c79	823	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	4:1b0d80432c79	824	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	4:1b0d80432c79	825
wolfSSL	4:1b0d80432c79	826	/* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
wolfSSL	4:1b0d80432c79	827	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
wolfSSL	4:1b0d80432c79	828	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
wolfSSL	4:1b0d80432c79	829	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
wolfSSL	4:1b0d80432c79	830	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
wolfSSL	4:1b0d80432c79	831	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
wolfSSL	4:1b0d80432c79	832	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
wolfSSL	4:1b0d80432c79	833
wolfSSL	4:1b0d80432c79	834	/* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
wolfSSL	4:1b0d80432c79	835	TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
wolfSSL	4:1b0d80432c79	836	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
wolfSSL	4:1b0d80432c79	837	TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
wolfSSL	4:1b0d80432c79	838
wolfSSL	4:1b0d80432c79	839	/* Renegotiation Indication Extension Special Suite */
wolfSSL	4:1b0d80432c79	840	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	4:1b0d80432c79	841	};
wolfSSL	4:1b0d80432c79	842
wolfSSL	4:1b0d80432c79	843
wolfSSL	4:1b0d80432c79	844	#ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL	4:1b0d80432c79	845	#define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL	4:1b0d80432c79	846	/* default session resumption cache timeout in seconds */
wolfSSL	4:1b0d80432c79	847	#endif
wolfSSL	4:1b0d80432c79	848
wolfSSL	4:1b0d80432c79	849
wolfSSL	4:1b0d80432c79	850	enum Misc {
wolfSSL	4:1b0d80432c79	851	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	4:1b0d80432c79	852	QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
wolfSSL	4:1b0d80432c79	853	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL	4:1b0d80432c79	854
wolfSSL	4:1b0d80432c79	855	SEND_CERT = 1,
wolfSSL	4:1b0d80432c79	856	SEND_BLANK_CERT = 2,
wolfSSL	4:1b0d80432c79	857
wolfSSL	4:1b0d80432c79	858	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	4:1b0d80432c79	859	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	4:1b0d80432c79	860	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	4:1b0d80432c79	861	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	4:1b0d80432c79	862	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	4:1b0d80432c79	863	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	4:1b0d80432c79	864	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	4:1b0d80432c79	865	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	4:1b0d80432c79	866	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL	4:1b0d80432c79	867	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	4:1b0d80432c79	868	NO_COMPRESSION = 0,
wolfSSL	4:1b0d80432c79	869	ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL	4:1b0d80432c79	870	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	4:1b0d80432c79	871	SECRET_LEN = 48, /* pre RSA and all master */
wolfSSL	4:1b0d80432c79	872	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	4:1b0d80432c79	873	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	4:1b0d80432c79	874	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
wolfSSL	4:1b0d80432c79	875	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	4:1b0d80432c79	876	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
wolfSSL	4:1b0d80432c79	877	/* max added to msg, mac + pad from */
wolfSSL	4:1b0d80432c79	878	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	4:1b0d80432c79	879	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	4:1b0d80432c79	880	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	4:1b0d80432c79	881	MAX_MTU = 1500, /* max expected MTU */
wolfSSL	4:1b0d80432c79	882	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	4:1b0d80432c79	883	MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
wolfSSL	4:1b0d80432c79	884	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	4:1b0d80432c79	885
wolfSSL	4:1b0d80432c79	886	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	4:1b0d80432c79	887	PAD_SHA = 40, /* pad length for finished */
wolfSSL	4:1b0d80432c79	888	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	4:1b0d80432c79	889	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
wolfSSL	4:1b0d80432c79	890	COMPRESS_CONSTANT = 13, /* compression calc constant */
wolfSSL	4:1b0d80432c79	891	COMPRESS_UPPER = 55, /* compression calc numerator */
wolfSSL	4:1b0d80432c79	892	COMPRESS_LOWER = 64, /* compression calc denominator */
wolfSSL	4:1b0d80432c79	893
wolfSSL	4:1b0d80432c79	894	PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL	4:1b0d80432c79	895	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	4:1b0d80432c79	896	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	4:1b0d80432c79	897	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	4:1b0d80432c79	898	BYTE3_LEN = 3, /* up to 24 bit byte lengths */
wolfSSL	4:1b0d80432c79	899	ALERT_SIZE = 2, /* level + description */
wolfSSL	4:1b0d80432c79	900	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	4:1b0d80432c79	901	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	4:1b0d80432c79	902	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
wolfSSL	4:1b0d80432c79	903	SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL	4:1b0d80432c79	904
wolfSSL	4:1b0d80432c79	905	RAN_LEN = 32, /* random length */
wolfSSL	4:1b0d80432c79	906	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	4:1b0d80432c79	907	ID_LEN = 32, /* session id length */
wolfSSL	4:1b0d80432c79	908	COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
wolfSSL	4:1b0d80432c79	909	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	4:1b0d80432c79	910	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	4:1b0d80432c79	911	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	4:1b0d80432c79	912	ENUM_LEN = 1, /* always a byte */
wolfSSL	4:1b0d80432c79	913	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	4:1b0d80432c79	914	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	4:1b0d80432c79	915	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	4:1b0d80432c79	916	OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL	4:1b0d80432c79	917	COMP_LEN = 1, /* compression length */
wolfSSL	4:1b0d80432c79	918	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	4:1b0d80432c79	919	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	4:1b0d80432c79	920
wolfSSL	4:1b0d80432c79	921	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	4:1b0d80432c79	922	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	4:1b0d80432c79	923	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	4:1b0d80432c79	924	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	4:1b0d80432c79	925	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	4:1b0d80432c79	926	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	4:1b0d80432c79	927	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	4:1b0d80432c79	928	HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
wolfSSL	4:1b0d80432c79	929	HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
wolfSSL	4:1b0d80432c79	930	HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
wolfSSL	4:1b0d80432c79	931	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
wolfSSL	4:1b0d80432c79	932
wolfSSL	4:1b0d80432c79	933	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	4:1b0d80432c79	934	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	4:1b0d80432c79	935	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	4:1b0d80432c79	936	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	4:1b0d80432c79	937	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	4:1b0d80432c79	938	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	4:1b0d80432c79	939	DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
wolfSSL	4:1b0d80432c79	940
wolfSSL	4:1b0d80432c79	941	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	4:1b0d80432c79	942	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	4:1b0d80432c79	943	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	4:1b0d80432c79	944	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	4:1b0d80432c79	945	MAX_PRF_HALF = 256, /* Maximum half secret len */
wolfSSL	4:1b0d80432c79	946	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL	4:1b0d80432c79	947	MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL	4:1b0d80432c79	948	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	4:1b0d80432c79	949	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	4:1b0d80432c79	950
wolfSSL	4:1b0d80432c79	951	RC4_KEY_SIZE = 16, /* always 128bit */
wolfSSL	4:1b0d80432c79	952	DES_KEY_SIZE = 8, /* des */
wolfSSL	4:1b0d80432c79	953	DES3_KEY_SIZE = 24, /* 3 des ede */
wolfSSL	4:1b0d80432c79	954	DES_IV_SIZE = DES_BLOCK_SIZE,
wolfSSL	4:1b0d80432c79	955	AES_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	4:1b0d80432c79	956	AES_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	4:1b0d80432c79	957	AES_IV_SIZE = 16, /* always block size */
wolfSSL	4:1b0d80432c79	958	AES_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	4:1b0d80432c79	959
wolfSSL	4:1b0d80432c79	960	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	4:1b0d80432c79	961	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	4:1b0d80432c79	962	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	4:1b0d80432c79	963	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	4:1b0d80432c79	964	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	4:1b0d80432c79	965	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	4:1b0d80432c79	966	AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
wolfSSL	4:1b0d80432c79	967	AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
wolfSSL	4:1b0d80432c79	968	AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
wolfSSL	4:1b0d80432c79	969
wolfSSL	4:1b0d80432c79	970	CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
wolfSSL	4:1b0d80432c79	971	CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
wolfSSL	4:1b0d80432c79	972	CHACHA20_OLD_OFFSET = 8, /* Offset for seq # in old poly1305 */
wolfSSL	4:1b0d80432c79	973
wolfSSL	4:1b0d80432c79	974	/* For any new implicit/explicit IV size adjust AEAD_MAX_**_SZ /
wolfSSL	4:1b0d80432c79	975
wolfSSL	4:1b0d80432c79	976	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	4:1b0d80432c79	977	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	4:1b0d80432c79	978	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	4:1b0d80432c79	979
wolfSSL	4:1b0d80432c79	980	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	4:1b0d80432c79	981	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	4:1b0d80432c79	982	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	4:1b0d80432c79	983	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	4:1b0d80432c79	984
wolfSSL	4:1b0d80432c79	985	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	4:1b0d80432c79	986	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	4:1b0d80432c79	987	CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
wolfSSL	4:1b0d80432c79	988
wolfSSL	4:1b0d80432c79	989	POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL	4:1b0d80432c79	990
wolfSSL	4:1b0d80432c79	991	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	4:1b0d80432c79	992	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	4:1b0d80432c79	993
wolfSSL	4:1b0d80432c79	994	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	4:1b0d80432c79	995	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	4:1b0d80432c79	996
wolfSSL	4:1b0d80432c79	997	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	4:1b0d80432c79	998
wolfSSL	4:1b0d80432c79	999	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	4:1b0d80432c79	1000	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	4:1b0d80432c79	1001
wolfSSL	4:1b0d80432c79	1002	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	1003	/* qsh handshake sends 600+ size keys over hello extensions */
wolfSSL	4:1b0d80432c79	1004	MAX_HELLO_SZ = 2048, /* max client or server hello */
wolfSSL	4:1b0d80432c79	1005	#else
wolfSSL	4:1b0d80432c79	1006	MAX_HELLO_SZ = 128, /* max client or server hello */
wolfSSL	4:1b0d80432c79	1007	#endif
wolfSSL	4:1b0d80432c79	1008	MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL	4:1b0d80432c79	1009	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	4:1b0d80432c79	1010	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	4:1b0d80432c79	1011
wolfSSL	4:1b0d80432c79	1012	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	4:1b0d80432c79	1013	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	4:1b0d80432c79	1014	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	4:1b0d80432c79	1015
wolfSSL	4:1b0d80432c79	1016	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL	4:1b0d80432c79	1017	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	4:1b0d80432c79	1018
wolfSSL	4:1b0d80432c79	1019	MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL	4:1b0d80432c79	1020
wolfSSL	4:1b0d80432c79	1021	#if defined(FORTRESS) \|\| defined (HAVE_STUNNEL)
wolfSSL	4:1b0d80432c79	1022	MAX_EX_DATA = 3, /* allow for three items of ex_data */
wolfSSL	4:1b0d80432c79	1023	#endif
wolfSSL	4:1b0d80432c79	1024
wolfSSL	4:1b0d80432c79	1025	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	4:1b0d80432c79	1026	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	4:1b0d80432c79	1027	MAX_FILENAME_SZ = 256, /* max file name length */
wolfSSL	4:1b0d80432c79	1028	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
wolfSSL	4:1b0d80432c79	1029	will use dynamic buffer if not big enough */
wolfSSL	4:1b0d80432c79	1030
wolfSSL	4:1b0d80432c79	1031	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	4:1b0d80432c79	1032	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	4:1b0d80432c79	1033	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	4:1b0d80432c79	1034	NO_SNIFF = 0, /* not sniffing */
wolfSSL	4:1b0d80432c79	1035	SNIFF = 1, /* currently sniffing */
wolfSSL	4:1b0d80432c79	1036
wolfSSL	4:1b0d80432c79	1037	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	4:1b0d80432c79	1038
wolfSSL	4:1b0d80432c79	1039	NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
wolfSSL	4:1b0d80432c79	1040
wolfSSL	4:1b0d80432c79	1041	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	4:1b0d80432c79	1042	COPY = 1 /* should we copy static buffer for write */
wolfSSL	4:1b0d80432c79	1043	};
wolfSSL	4:1b0d80432c79	1044
wolfSSL	4:1b0d80432c79	1045
wolfSSL	4:1b0d80432c79	1046	/* Set max implicit IV size for AEAD cipher suites */
wolfSSL	4:1b0d80432c79	1047	#ifdef HAVE_CHACHA
wolfSSL	4:1b0d80432c79	1048	#define AEAD_MAX_IMP_SZ 12
wolfSSL	4:1b0d80432c79	1049	#else
wolfSSL	4:1b0d80432c79	1050	#define AEAD_MAX_IMP_SZ 4
wolfSSL	4:1b0d80432c79	1051	#endif
wolfSSL	4:1b0d80432c79	1052
wolfSSL	4:1b0d80432c79	1053	/* Set max explicit IV size for AEAD cipher suites */
wolfSSL	4:1b0d80432c79	1054	#define AEAD_MAX_EXP_SZ 8
wolfSSL	4:1b0d80432c79	1055
wolfSSL	4:1b0d80432c79	1056
wolfSSL	4:1b0d80432c79	1057	#ifndef WOLFSSL_MAX_SUITE_SZ
wolfSSL	4:1b0d80432c79	1058	#define WOLFSSL_MAX_SUITE_SZ 300
wolfSSL	4:1b0d80432c79	1059	/* 150 suites for now! */
wolfSSL	4:1b0d80432c79	1060	#endif
wolfSSL	4:1b0d80432c79	1061
wolfSSL	4:1b0d80432c79	1062
wolfSSL	4:1b0d80432c79	1063	#ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL	4:1b0d80432c79	1064	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	4:1b0d80432c79	1065	#define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL	4:1b0d80432c79	1066	#else
wolfSSL	4:1b0d80432c79	1067	#define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL	4:1b0d80432c79	1068	#endif
wolfSSL	4:1b0d80432c79	1069	#endif
wolfSSL	4:1b0d80432c79	1070	#if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL	4:1b0d80432c79	1071	#error DH minimum bit size must be multiple of 8
wolfSSL	4:1b0d80432c79	1072	#endif
wolfSSL	4:1b0d80432c79	1073	#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL	4:1b0d80432c79	1074	#error DH minimum bit size must not be greater than 16000
wolfSSL	4:1b0d80432c79	1075	#endif
wolfSSL	4:1b0d80432c79	1076	#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL	4:1b0d80432c79	1077
wolfSSL	4:1b0d80432c79	1078
wolfSSL	4:1b0d80432c79	1079	#ifdef SESSION_INDEX
wolfSSL	4:1b0d80432c79	1080	/* Shift values for making a session index */
wolfSSL	4:1b0d80432c79	1081	#define SESSIDX_ROW_SHIFT 4
wolfSSL	4:1b0d80432c79	1082	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	4:1b0d80432c79	1083	#endif
wolfSSL	4:1b0d80432c79	1084
wolfSSL	4:1b0d80432c79	1085
wolfSSL	4:1b0d80432c79	1086	/* max cert chain peer depth */
wolfSSL	4:1b0d80432c79	1087	#ifndef MAX_CHAIN_DEPTH
wolfSSL	4:1b0d80432c79	1088	#define MAX_CHAIN_DEPTH 9
wolfSSL	4:1b0d80432c79	1089	#endif
wolfSSL	4:1b0d80432c79	1090
wolfSSL	4:1b0d80432c79	1091	/* max size of a certificate message payload */
wolfSSL	4:1b0d80432c79	1092	/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
wolfSSL	4:1b0d80432c79	1093	#ifndef MAX_CERTIFICATE_SZ
wolfSSL	4:1b0d80432c79	1094	#define MAX_CERTIFICATE_SZ \
wolfSSL	4:1b0d80432c79	1095	CERT_HEADER_SZ + \
wolfSSL	4:1b0d80432c79	1096	(MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
wolfSSL	4:1b0d80432c79	1097	#endif
wolfSSL	4:1b0d80432c79	1098
wolfSSL	4:1b0d80432c79	1099	/* max size of a handshake message, currently set to the certificate */
wolfSSL	4:1b0d80432c79	1100	#ifndef MAX_HANDSHAKE_SZ
wolfSSL	4:1b0d80432c79	1101	#define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
wolfSSL	4:1b0d80432c79	1102	#endif
wolfSSL	4:1b0d80432c79	1103
wolfSSL	4:1b0d80432c79	1104	#ifndef SESSION_TICKET_LEN
wolfSSL	4:1b0d80432c79	1105	#define SESSION_TICKET_LEN 256
wolfSSL	4:1b0d80432c79	1106	#endif
wolfSSL	4:1b0d80432c79	1107
wolfSSL	4:1b0d80432c79	1108	#ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL	4:1b0d80432c79	1109	#define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL	4:1b0d80432c79	1110	#endif
wolfSSL	4:1b0d80432c79	1111
wolfSSL	4:1b0d80432c79	1112
wolfSSL	4:1b0d80432c79	1113	/* don't use extra 3/4k stack space unless need to */
wolfSSL	4:1b0d80432c79	1114	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	1115	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	4:1b0d80432c79	1116	#else
wolfSSL	4:1b0d80432c79	1117	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	4:1b0d80432c79	1118	#endif
wolfSSL	4:1b0d80432c79	1119
wolfSSL	4:1b0d80432c79	1120
wolfSSL	4:1b0d80432c79	1121	/* states */
wolfSSL	4:1b0d80432c79	1122	enum states {
wolfSSL	4:1b0d80432c79	1123	NULL_STATE = 0,
wolfSSL	4:1b0d80432c79	1124
wolfSSL	4:1b0d80432c79	1125	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	4:1b0d80432c79	1126	SERVER_HELLO_COMPLETE,
wolfSSL	4:1b0d80432c79	1127	SERVER_CERT_COMPLETE,
wolfSSL	4:1b0d80432c79	1128	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	4:1b0d80432c79	1129	SERVER_HELLODONE_COMPLETE,
wolfSSL	4:1b0d80432c79	1130	SERVER_FINISHED_COMPLETE,
wolfSSL	4:1b0d80432c79	1131
wolfSSL	4:1b0d80432c79	1132	CLIENT_HELLO_COMPLETE,
wolfSSL	4:1b0d80432c79	1133	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	4:1b0d80432c79	1134	CLIENT_FINISHED_COMPLETE,
wolfSSL	4:1b0d80432c79	1135
wolfSSL	4:1b0d80432c79	1136	HANDSHAKE_DONE
wolfSSL	4:1b0d80432c79	1137	};
wolfSSL	4:1b0d80432c79	1138
wolfSSL	4:1b0d80432c79	1139
wolfSSL	4:1b0d80432c79	1140	#if defined(__GNUC__)
wolfSSL	4:1b0d80432c79	1141	#define WOLFSSL_PACK __attribute__ ((packed))
wolfSSL	4:1b0d80432c79	1142	#else
wolfSSL	4:1b0d80432c79	1143	#define WOLFSSL_PACK
wolfSSL	4:1b0d80432c79	1144	#endif
wolfSSL	4:1b0d80432c79	1145
wolfSSL	4:1b0d80432c79	1146	/* SSL Version */
wolfSSL	4:1b0d80432c79	1147	typedef struct ProtocolVersion {
wolfSSL	4:1b0d80432c79	1148	byte major;
wolfSSL	4:1b0d80432c79	1149	byte minor;
wolfSSL	4:1b0d80432c79	1150	} WOLFSSL_PACK ProtocolVersion;
wolfSSL	4:1b0d80432c79	1151
wolfSSL	4:1b0d80432c79	1152
wolfSSL	4:1b0d80432c79	1153	WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	4:1b0d80432c79	1154	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	4:1b0d80432c79	1155	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	4:1b0d80432c79	1156	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	4:1b0d80432c79	1157
wolfSSL	4:1b0d80432c79	1158	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1159	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	4:1b0d80432c79	1160	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	4:1b0d80432c79	1161	#endif
wolfSSL	4:1b0d80432c79	1162
wolfSSL	4:1b0d80432c79	1163
wolfSSL	4:1b0d80432c79	1164	enum BIO_TYPE {
wolfSSL	4:1b0d80432c79	1165	BIO_BUFFER = 1,
wolfSSL	4:1b0d80432c79	1166	BIO_SOCKET = 2,
wolfSSL	4:1b0d80432c79	1167	BIO_SSL = 3,
wolfSSL	4:1b0d80432c79	1168	BIO_MEMORY = 4
wolfSSL	4:1b0d80432c79	1169	};
wolfSSL	4:1b0d80432c79	1170
wolfSSL	4:1b0d80432c79	1171
wolfSSL	4:1b0d80432c79	1172	/* wolfSSL BIO_METHOD type */
wolfSSL	4:1b0d80432c79	1173	struct WOLFSSL_BIO_METHOD {
wolfSSL	4:1b0d80432c79	1174	byte type; /* method type */
wolfSSL	4:1b0d80432c79	1175	};
wolfSSL	4:1b0d80432c79	1176
wolfSSL	4:1b0d80432c79	1177
wolfSSL	4:1b0d80432c79	1178	/* wolfSSL BIO type */
wolfSSL	4:1b0d80432c79	1179	struct WOLFSSL_BIO {
wolfSSL	4:1b0d80432c79	1180	byte type; /* method type */
wolfSSL	4:1b0d80432c79	1181	byte close; /* close flag */
wolfSSL	4:1b0d80432c79	1182	byte eof; /* eof flag */
wolfSSL	4:1b0d80432c79	1183	WOLFSSL* ssl; /* possible associated ssl */
wolfSSL	4:1b0d80432c79	1184	byte* mem; /* memory buffer */
wolfSSL	4:1b0d80432c79	1185	int memLen; /* memory buffer length */
wolfSSL	4:1b0d80432c79	1186	int fd; /* possible file descriptor */
wolfSSL	4:1b0d80432c79	1187	WOLFSSL_BIO* prev; /* previous in chain */
wolfSSL	4:1b0d80432c79	1188	WOLFSSL_BIO* next; /* next in chain */
wolfSSL	4:1b0d80432c79	1189	};
wolfSSL	4:1b0d80432c79	1190
wolfSSL	4:1b0d80432c79	1191
wolfSSL	4:1b0d80432c79	1192	/* wolfSSL method type */
wolfSSL	4:1b0d80432c79	1193	struct WOLFSSL_METHOD {
wolfSSL	4:1b0d80432c79	1194	ProtocolVersion version;
wolfSSL	4:1b0d80432c79	1195	byte side; /* connection side, server or client */
wolfSSL	4:1b0d80432c79	1196	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	4:1b0d80432c79	1197	};
wolfSSL	4:1b0d80432c79	1198
wolfSSL	4:1b0d80432c79	1199
wolfSSL	4:1b0d80432c79	1200	/* defaults to client */
wolfSSL	4:1b0d80432c79	1201	WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL	4:1b0d80432c79	1202
wolfSSL	4:1b0d80432c79	1203	/* for sniffer */
wolfSSL	4:1b0d80432c79	1204	WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	1205	word32 size, word32 totalSz, int sniff);
wolfSSL	4:1b0d80432c79	1206	WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	4:1b0d80432c79	1207
wolfSSL	4:1b0d80432c79	1208
wolfSSL	4:1b0d80432c79	1209	/* wolfSSL buffer type */
wolfSSL	4:1b0d80432c79	1210	typedef struct buffer {
wolfSSL	4:1b0d80432c79	1211	byte* buffer;
wolfSSL	4:1b0d80432c79	1212	word32 length;
wolfSSL	4:1b0d80432c79	1213	} buffer;
wolfSSL	4:1b0d80432c79	1214
wolfSSL	4:1b0d80432c79	1215	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	1216	/* wolfSSL DER buffer */
wolfSSL	4:1b0d80432c79	1217	typedef struct DerBuffer {
wolfSSL	4:1b0d80432c79	1218	byte* buffer;
wolfSSL	4:1b0d80432c79	1219	void* heap;
wolfSSL	4:1b0d80432c79	1220	word32 length;
wolfSSL	4:1b0d80432c79	1221	int type; /* enum CertType */
wolfSSL	4:1b0d80432c79	1222	int dynType; /* DYNAMIC_TYPE_* */
wolfSSL	4:1b0d80432c79	1223	} DerBuffer;
wolfSSL	4:1b0d80432c79	1224	#endif /* !NO_CERTS */
wolfSSL	4:1b0d80432c79	1225
wolfSSL	4:1b0d80432c79	1226
wolfSSL	4:1b0d80432c79	1227	enum {
wolfSSL	4:1b0d80432c79	1228	FORCED_FREE = 1,
wolfSSL	4:1b0d80432c79	1229	NO_FORCED_FREE = 0
wolfSSL	4:1b0d80432c79	1230	};
wolfSSL	4:1b0d80432c79	1231
wolfSSL	4:1b0d80432c79	1232
wolfSSL	4:1b0d80432c79	1233	/* only use compression extra if using compression */
wolfSSL	4:1b0d80432c79	1234	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	1235	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	4:1b0d80432c79	1236	#else
wolfSSL	4:1b0d80432c79	1237	#define COMP_EXTRA 0
wolfSSL	4:1b0d80432c79	1238	#endif
wolfSSL	4:1b0d80432c79	1239
wolfSSL	4:1b0d80432c79	1240	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	4:1b0d80432c79	1241	#ifdef WOLFSSL_SNIFFER
wolfSSL	4:1b0d80432c79	1242	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	4:1b0d80432c79	1243	#else
wolfSSL	4:1b0d80432c79	1244	#define MTU_EXTRA 0
wolfSSL	4:1b0d80432c79	1245	#endif
wolfSSL	4:1b0d80432c79	1246
wolfSSL	4:1b0d80432c79	1247
wolfSSL	4:1b0d80432c79	1248	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	4:1b0d80432c79	1249	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	1250	#undef LARGE_STATIC_BUFFERS
wolfSSL	4:1b0d80432c79	1251	#define LARGE_STATIC_BUFFERS
wolfSSL	4:1b0d80432c79	1252	#endif
wolfSSL	4:1b0d80432c79	1253
wolfSSL	4:1b0d80432c79	1254
wolfSSL	4:1b0d80432c79	1255	/* give user option to use 16K static buffers */
wolfSSL	4:1b0d80432c79	1256	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	4:1b0d80432c79	1257	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	4:1b0d80432c79	1258	#else
wolfSSL	4:1b0d80432c79	1259	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1260	#define RECORD_SIZE MAX_MTU
wolfSSL	4:1b0d80432c79	1261	#else
wolfSSL	4:1b0d80432c79	1262	#define RECORD_SIZE 128
wolfSSL	4:1b0d80432c79	1263	#endif
wolfSSL	4:1b0d80432c79	1264	#endif
wolfSSL	4:1b0d80432c79	1265
wolfSSL	4:1b0d80432c79	1266
wolfSSL	4:1b0d80432c79	1267	/* user option to turn off 16K output option */
wolfSSL	4:1b0d80432c79	1268	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	4:1b0d80432c79	1269	larger than the record we have, dynamically get it, unless user says only
wolfSSL	4:1b0d80432c79	1270	write in static buffer chunks */
wolfSSL	4:1b0d80432c79	1271	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	4:1b0d80432c79	1272	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	4:1b0d80432c79	1273	#else
wolfSSL	4:1b0d80432c79	1274	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	4:1b0d80432c79	1275	#endif
wolfSSL	4:1b0d80432c79	1276
wolfSSL	4:1b0d80432c79	1277	/* wolfSSL input buffer
wolfSSL	4:1b0d80432c79	1278
wolfSSL	4:1b0d80432c79	1279	RFC 2246:
wolfSSL	4:1b0d80432c79	1280
wolfSSL	4:1b0d80432c79	1281	length
wolfSSL	4:1b0d80432c79	1282	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	4:1b0d80432c79	1283	The length should not exceed 2^14.
wolfSSL	4:1b0d80432c79	1284	*/
wolfSSL	4:1b0d80432c79	1285	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	4:1b0d80432c79	1286	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	4:1b0d80432c79	1287	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	4:1b0d80432c79	1288	#else
wolfSSL	4:1b0d80432c79	1289	/* don't fragment memory from the record header */
wolfSSL	4:1b0d80432c79	1290	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	4:1b0d80432c79	1291	#endif
wolfSSL	4:1b0d80432c79	1292
wolfSSL	4:1b0d80432c79	1293	typedef struct {
wolfSSL	4:1b0d80432c79	1294	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	4:1b0d80432c79	1295	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	4:1b0d80432c79	1296	word32 length; /* total buffer length used */
wolfSSL	4:1b0d80432c79	1297	word32 idx; /* idx to part of length already consumed */
wolfSSL	4:1b0d80432c79	1298	word32 bufferSize; /* current buffer size */
wolfSSL	4:1b0d80432c79	1299	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	4:1b0d80432c79	1300	byte offset; /* alignment offset attempt */
wolfSSL	4:1b0d80432c79	1301	} bufferStatic;
wolfSSL	4:1b0d80432c79	1302
wolfSSL	4:1b0d80432c79	1303	/* Cipher Suites holder */
wolfSSL	4:1b0d80432c79	1304	typedef struct Suites {
wolfSSL	4:1b0d80432c79	1305	word16 suiteSz; /* suite length in bytes */
wolfSSL	4:1b0d80432c79	1306	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	4:1b0d80432c79	1307	byte suites[WOLFSSL_MAX_SUITE_SZ];
wolfSSL	4:1b0d80432c79	1308	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
wolfSSL	4:1b0d80432c79	1309	byte setSuites; /* user set suites from default */
wolfSSL	4:1b0d80432c79	1310	byte hashAlgo; /* selected hash algorithm */
wolfSSL	4:1b0d80432c79	1311	byte sigAlgo; /* selected sig algorithm */
wolfSSL	4:1b0d80432c79	1312	} Suites;
wolfSSL	4:1b0d80432c79	1313
wolfSSL	4:1b0d80432c79	1314
wolfSSL	4:1b0d80432c79	1315	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1316	void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
wolfSSL	4:1b0d80432c79	1317	word16, word16, word16, int);
wolfSSL	4:1b0d80432c79	1318	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1319	int SetCipherList(Suites, const char list);
wolfSSL	4:1b0d80432c79	1320
wolfSSL	4:1b0d80432c79	1321	#ifndef PSK_TYPES_DEFINED
wolfSSL	4:1b0d80432c79	1322	typedef unsigned int (wc_psk_client_callback)(WOLFSSL, const char, char,
wolfSSL	4:1b0d80432c79	1323	unsigned int, unsigned char*, unsigned int);
wolfSSL	4:1b0d80432c79	1324	typedef unsigned int (wc_psk_server_callback)(WOLFSSL, const char*,
wolfSSL	4:1b0d80432c79	1325	unsigned char*, unsigned int);
wolfSSL	4:1b0d80432c79	1326	#endif /* PSK_TYPES_DEFINED */
wolfSSL	4:1b0d80432c79	1327
wolfSSL	4:1b0d80432c79	1328
wolfSSL	4:1b0d80432c79	1329	#ifdef HAVE_NETX
wolfSSL	4:1b0d80432c79	1330	WOLFSSL_LOCAL int NetX_Receive(WOLFSSL ssl, char buf, int sz, void *ctx);
wolfSSL	4:1b0d80432c79	1331	WOLFSSL_LOCAL int NetX_Send(WOLFSSL ssl, char buf, int sz, void *ctx);
wolfSSL	4:1b0d80432c79	1332	#endif /* HAVE_NETX */
wolfSSL	4:1b0d80432c79	1333
wolfSSL	4:1b0d80432c79	1334
wolfSSL	4:1b0d80432c79	1335	/* wolfSSL Cipher type just points back to SSL */
wolfSSL	4:1b0d80432c79	1336	struct WOLFSSL_CIPHER {
wolfSSL	4:1b0d80432c79	1337	WOLFSSL* ssl;
wolfSSL	4:1b0d80432c79	1338	};
wolfSSL	4:1b0d80432c79	1339
wolfSSL	4:1b0d80432c79	1340
wolfSSL	4:1b0d80432c79	1341	typedef struct OcspEntry OcspEntry;
wolfSSL	4:1b0d80432c79	1342
wolfSSL	4:1b0d80432c79	1343	#ifdef NO_SHA
wolfSSL	4:1b0d80432c79	1344	#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	1345	#else
wolfSSL	4:1b0d80432c79	1346	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	1347	#endif
wolfSSL	4:1b0d80432c79	1348
wolfSSL	4:1b0d80432c79	1349	#ifdef NO_ASN
wolfSSL	4:1b0d80432c79	1350	/* no_asn won't have */
wolfSSL	4:1b0d80432c79	1351	typedef struct CertStatus CertStatus;
wolfSSL	4:1b0d80432c79	1352	#endif
wolfSSL	4:1b0d80432c79	1353
wolfSSL	4:1b0d80432c79	1354	struct OcspEntry {
wolfSSL	4:1b0d80432c79	1355	OcspEntry* next; /* next entry */
wolfSSL	4:1b0d80432c79	1356	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL	4:1b0d80432c79	1357	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL	4:1b0d80432c79	1358	CertStatus* status; /* OCSP response list */
wolfSSL	4:1b0d80432c79	1359	int totalStatus; /* number on list */
wolfSSL	4:1b0d80432c79	1360	};
wolfSSL	4:1b0d80432c79	1361
wolfSSL	4:1b0d80432c79	1362
wolfSSL	4:1b0d80432c79	1363	#ifndef HAVE_OCSP
wolfSSL	4:1b0d80432c79	1364	typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL	4:1b0d80432c79	1365	#endif
wolfSSL	4:1b0d80432c79	1366
wolfSSL	4:1b0d80432c79	1367	/* wolfSSL OCSP controller */
wolfSSL	4:1b0d80432c79	1368	struct WOLFSSL_OCSP {
wolfSSL	4:1b0d80432c79	1369	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	4:1b0d80432c79	1370	OcspEntry* ocspList; /* OCSP response list */
wolfSSL	4:1b0d80432c79	1371	wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	4:1b0d80432c79	1372	};
wolfSSL	4:1b0d80432c79	1373
wolfSSL	4:1b0d80432c79	1374	#ifndef MAX_DATE_SIZE
wolfSSL	4:1b0d80432c79	1375	#define MAX_DATE_SIZE 32
wolfSSL	4:1b0d80432c79	1376	#endif
wolfSSL	4:1b0d80432c79	1377
wolfSSL	4:1b0d80432c79	1378	typedef struct CRL_Entry CRL_Entry;
wolfSSL	4:1b0d80432c79	1379
wolfSSL	4:1b0d80432c79	1380	#ifdef NO_SHA
wolfSSL	4:1b0d80432c79	1381	#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	1382	#else
wolfSSL	4:1b0d80432c79	1383	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	4:1b0d80432c79	1384	#endif
wolfSSL	4:1b0d80432c79	1385
wolfSSL	4:1b0d80432c79	1386	#ifdef NO_ASN
wolfSSL	4:1b0d80432c79	1387	typedef struct RevokedCert RevokedCert;
wolfSSL	4:1b0d80432c79	1388	#endif
wolfSSL	4:1b0d80432c79	1389
wolfSSL	4:1b0d80432c79	1390	/* Complete CRL */
wolfSSL	4:1b0d80432c79	1391	struct CRL_Entry {
wolfSSL	4:1b0d80432c79	1392	CRL_Entry* next; /* next entry */
wolfSSL	4:1b0d80432c79	1393	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	4:1b0d80432c79	1394	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	4:1b0d80432c79	1395	/* restore the hash here if needed for optimized comparisons */
wolfSSL	4:1b0d80432c79	1396	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	4:1b0d80432c79	1397	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	4:1b0d80432c79	1398	byte lastDateFormat; /* last date format */
wolfSSL	4:1b0d80432c79	1399	byte nextDateFormat; /* next date format */
wolfSSL	4:1b0d80432c79	1400	RevokedCert* certs; /* revoked cert list */
wolfSSL	4:1b0d80432c79	1401	int totalCerts; /* number on list */
wolfSSL	4:1b0d80432c79	1402	};
wolfSSL	4:1b0d80432c79	1403
wolfSSL	4:1b0d80432c79	1404
wolfSSL	4:1b0d80432c79	1405	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	4:1b0d80432c79	1406
wolfSSL	4:1b0d80432c79	1407	/* CRL directory monitor */
wolfSSL	4:1b0d80432c79	1408	struct CRL_Monitor {
wolfSSL	4:1b0d80432c79	1409	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	4:1b0d80432c79	1410	int type; /* PEM or ASN1 type */
wolfSSL	4:1b0d80432c79	1411	};
wolfSSL	4:1b0d80432c79	1412
wolfSSL	4:1b0d80432c79	1413
wolfSSL	4:1b0d80432c79	1414	#ifndef HAVE_CRL
wolfSSL	4:1b0d80432c79	1415	typedef struct WOLFSSL_CRL WOLFSSL_CRL;
wolfSSL	4:1b0d80432c79	1416	#endif
wolfSSL	4:1b0d80432c79	1417
wolfSSL	4:1b0d80432c79	1418	#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
wolfSSL	4:1b0d80432c79	1419	#undef HAVE_CRL_MONITOR
wolfSSL	4:1b0d80432c79	1420	#endif
wolfSSL	4:1b0d80432c79	1421
wolfSSL	4:1b0d80432c79	1422	/* wolfSSL CRL controller */
wolfSSL	4:1b0d80432c79	1423	struct WOLFSSL_CRL {
wolfSSL	4:1b0d80432c79	1424	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	4:1b0d80432c79	1425	CRL_Entry* crlList; /* our CRL list */
wolfSSL	4:1b0d80432c79	1426	wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	4:1b0d80432c79	1427	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	4:1b0d80432c79	1428	#ifdef HAVE_CRL_MONITOR
wolfSSL	4:1b0d80432c79	1429	pthread_cond_t cond; /* condition to signal setup */
wolfSSL	4:1b0d80432c79	1430	pthread_t tid; /* monitoring thread */
wolfSSL	4:1b0d80432c79	1431	int mfd; /* monitor fd, -1 if no init yet */
wolfSSL	4:1b0d80432c79	1432	int setup; /* thread is setup predicate */
wolfSSL	4:1b0d80432c79	1433	#endif
wolfSSL	4:1b0d80432c79	1434	};
wolfSSL	4:1b0d80432c79	1435
wolfSSL	4:1b0d80432c79	1436
wolfSSL	4:1b0d80432c79	1437	#ifdef NO_ASN
wolfSSL	4:1b0d80432c79	1438	typedef struct Signer Signer;
wolfSSL	4:1b0d80432c79	1439	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	1440	typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL	4:1b0d80432c79	1441	#endif
wolfSSL	4:1b0d80432c79	1442	#endif
wolfSSL	4:1b0d80432c79	1443
wolfSSL	4:1b0d80432c79	1444
wolfSSL	4:1b0d80432c79	1445	#ifndef CA_TABLE_SIZE
wolfSSL	4:1b0d80432c79	1446	#define CA_TABLE_SIZE 11
wolfSSL	4:1b0d80432c79	1447	#endif
wolfSSL	4:1b0d80432c79	1448	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	1449	#define TP_TABLE_SIZE 11
wolfSSL	4:1b0d80432c79	1450	#endif
wolfSSL	4:1b0d80432c79	1451
wolfSSL	4:1b0d80432c79	1452	/* wolfSSL Certificate Manager */
wolfSSL	4:1b0d80432c79	1453	struct WOLFSSL_CERT_MANAGER {
wolfSSL	4:1b0d80432c79	1454	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	4:1b0d80432c79	1455	void* heap; /* heap helper */
wolfSSL	4:1b0d80432c79	1456	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	1457	TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
wolfSSL	4:1b0d80432c79	1458	wolfSSL_Mutex tpLock; /* trusted peer list lock */
wolfSSL	4:1b0d80432c79	1459	#endif
wolfSSL	4:1b0d80432c79	1460	WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL	4:1b0d80432c79	1461	WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	4:1b0d80432c79	1462	#if !defined(NO_WOLFSSL_SEVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	1463	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL	4:1b0d80432c79	1464	WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
wolfSSL	4:1b0d80432c79	1465	#endif
wolfSSL	4:1b0d80432c79	1466	char* ocspOverrideURL; /* use this responder */
wolfSSL	4:1b0d80432c79	1467	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	4:1b0d80432c79	1468	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	4:1b0d80432c79	1469	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	4:1b0d80432c79	1470	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	4:1b0d80432c79	1471	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	4:1b0d80432c79	1472	wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL	4:1b0d80432c79	1473	byte crlEnabled; /* is CRL on ? */
wolfSSL	4:1b0d80432c79	1474	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	4:1b0d80432c79	1475	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	4:1b0d80432c79	1476	byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL	4:1b0d80432c79	1477	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	4:1b0d80432c79	1478	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	4:1b0d80432c79	1479	byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
wolfSSL	4:1b0d80432c79	1480	};
wolfSSL	4:1b0d80432c79	1481
wolfSSL	4:1b0d80432c79	1482	WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	4:1b0d80432c79	1483	WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	4:1b0d80432c79	1484	WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER, void, int, int*);
wolfSSL	4:1b0d80432c79	1485	WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER, const void, int);
wolfSSL	4:1b0d80432c79	1486	WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL	4:1b0d80432c79	1487
wolfSSL	4:1b0d80432c79	1488	/* wolfSSL Sock Addr */
wolfSSL	4:1b0d80432c79	1489	struct WOLFSSL_SOCKADDR {
wolfSSL	4:1b0d80432c79	1490	unsigned int sz; /* sockaddr size */
wolfSSL	4:1b0d80432c79	1491	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	4:1b0d80432c79	1492	};
wolfSSL	4:1b0d80432c79	1493
wolfSSL	4:1b0d80432c79	1494	typedef struct WOLFSSL_DTLS_CTX {
wolfSSL	4:1b0d80432c79	1495	WOLFSSL_SOCKADDR peer;
wolfSSL	4:1b0d80432c79	1496	int fd;
wolfSSL	4:1b0d80432c79	1497	} WOLFSSL_DTLS_CTX;
wolfSSL	4:1b0d80432c79	1498
wolfSSL	4:1b0d80432c79	1499
wolfSSL	4:1b0d80432c79	1500	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1501
wolfSSL	4:1b0d80432c79	1502	#ifdef WORD64_AVAILABLE
wolfSSL	4:1b0d80432c79	1503	typedef word64 DtlsSeq;
wolfSSL	4:1b0d80432c79	1504	#else
wolfSSL	4:1b0d80432c79	1505	typedef word32 DtlsSeq;
wolfSSL	4:1b0d80432c79	1506	#endif
wolfSSL	4:1b0d80432c79	1507	#define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
wolfSSL	4:1b0d80432c79	1508
wolfSSL	4:1b0d80432c79	1509	typedef struct DtlsState {
wolfSSL	4:1b0d80432c79	1510	DtlsSeq window; /* Sliding window for current epoch */
wolfSSL	4:1b0d80432c79	1511	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	4:1b0d80432c79	1512	word32 nextSeq; /* Expected sequence in next record */
wolfSSL	4:1b0d80432c79	1513
wolfSSL	4:1b0d80432c79	1514	word16 curEpoch; /* Received epoch in current record */
wolfSSL	4:1b0d80432c79	1515	word32 curSeq; /* Received sequence in current record */
wolfSSL	4:1b0d80432c79	1516
wolfSSL	4:1b0d80432c79	1517	DtlsSeq prevWindow; /* Sliding window for old epoch */
wolfSSL	4:1b0d80432c79	1518	word32 prevSeq; /* Next sequence in allowed old epoch */
wolfSSL	4:1b0d80432c79	1519	} DtlsState;
wolfSSL	4:1b0d80432c79	1520
wolfSSL	4:1b0d80432c79	1521	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	1522
wolfSSL	4:1b0d80432c79	1523
wolfSSL	4:1b0d80432c79	1524	#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
wolfSSL	4:1b0d80432c79	1525
wolfSSL	4:1b0d80432c79	1526	/* keys and secrets */
wolfSSL	4:1b0d80432c79	1527	typedef struct Keys {
wolfSSL	4:1b0d80432c79	1528	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	4:1b0d80432c79	1529	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	1530	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
wolfSSL	4:1b0d80432c79	1531	byte server_write_key[AES_256_KEY_SIZE];
wolfSSL	4:1b0d80432c79	1532	byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
wolfSSL	4:1b0d80432c79	1533	byte server_write_IV[MAX_WRITE_IV_SZ];
wolfSSL	4:1b0d80432c79	1534	#ifdef HAVE_AEAD
wolfSSL	4:1b0d80432c79	1535	byte aead_exp_IV[AEAD_MAX_EXP_SZ];
wolfSSL	4:1b0d80432c79	1536	byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	4:1b0d80432c79	1537	byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	4:1b0d80432c79	1538	#endif
wolfSSL	4:1b0d80432c79	1539
wolfSSL	4:1b0d80432c79	1540	word32 peer_sequence_number;
wolfSSL	4:1b0d80432c79	1541	word32 sequence_number;
wolfSSL	4:1b0d80432c79	1542
wolfSSL	4:1b0d80432c79	1543	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1544	DtlsState dtls_state; /* Peer's state */
wolfSSL	4:1b0d80432c79	1545	word16 dtls_peer_handshake_number;
wolfSSL	4:1b0d80432c79	1546	word16 dtls_expected_peer_handshake_number;
wolfSSL	4:1b0d80432c79	1547
wolfSSL	4:1b0d80432c79	1548	word32 dtls_sequence_number; /* Current tx sequence */
wolfSSL	4:1b0d80432c79	1549	word32 dtls_prev_sequence_number; /* Previous epoch's seq number*/
wolfSSL	4:1b0d80432c79	1550	word16 dtls_epoch; /* Current tx epoch */
wolfSSL	4:1b0d80432c79	1551	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	4:1b0d80432c79	1552	#endif
wolfSSL	4:1b0d80432c79	1553
wolfSSL	4:1b0d80432c79	1554	word32 encryptSz; /* last size of encrypted data */
wolfSSL	4:1b0d80432c79	1555	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	4:1b0d80432c79	1556	byte encryptionOn; /* true after change cipher spec */
wolfSSL	4:1b0d80432c79	1557	byte decryptedCur; /* only decrypt current record once */
wolfSSL	4:1b0d80432c79	1558	} Keys;
wolfSSL	4:1b0d80432c79	1559
wolfSSL	4:1b0d80432c79	1560
wolfSSL	4:1b0d80432c79	1561
wolfSSL	4:1b0d80432c79	1562	/** TLS Extensions - RFC 6066 */
wolfSSL	4:1b0d80432c79	1563	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	1564
wolfSSL	4:1b0d80432c79	1565	typedef enum {
wolfSSL	4:1b0d80432c79	1566	TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
wolfSSL	4:1b0d80432c79	1567	TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL	4:1b0d80432c79	1568	TLSX_TRUNCATED_HMAC = 0x0004,
wolfSSL	4:1b0d80432c79	1569	TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
wolfSSL	4:1b0d80432c79	1570	TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
wolfSSL	4:1b0d80432c79	1571	TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
wolfSSL	4:1b0d80432c79	1572	TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
wolfSSL	4:1b0d80432c79	1573	TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
wolfSSL	4:1b0d80432c79	1574	TLSX_SESSION_TICKET = 0x0023,
wolfSSL	4:1b0d80432c79	1575	TLSX_RENEGOTIATION_INFO = 0xff01
wolfSSL	4:1b0d80432c79	1576	} TLSX_Type;
wolfSSL	4:1b0d80432c79	1577
wolfSSL	4:1b0d80432c79	1578	typedef struct TLSX {
wolfSSL	4:1b0d80432c79	1579	TLSX_Type type; /* Extension Type */
wolfSSL	4:1b0d80432c79	1580	void* data; /* Extension Data */
wolfSSL	4:1b0d80432c79	1581	byte resp; /* IsResponse Flag */
wolfSSL	4:1b0d80432c79	1582	struct TLSX* next; /* List Behavior */
wolfSSL	4:1b0d80432c79	1583	} TLSX;
wolfSSL	4:1b0d80432c79	1584
wolfSSL	4:1b0d80432c79	1585	WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	4:1b0d80432c79	1586	WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list);
wolfSSL	4:1b0d80432c79	1587	WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	1588	WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
wolfSSL	4:1b0d80432c79	1589
wolfSSL	4:1b0d80432c79	1590	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	1591	WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	1592	WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
wolfSSL	4:1b0d80432c79	1593	#endif
wolfSSL	4:1b0d80432c79	1594
wolfSSL	4:1b0d80432c79	1595	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1596	WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	1597	WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
wolfSSL	4:1b0d80432c79	1598	#endif
wolfSSL	4:1b0d80432c79	1599
wolfSSL	4:1b0d80432c79	1600	WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	4:1b0d80432c79	1601	byte isRequest, Suites *suites);
wolfSSL	4:1b0d80432c79	1602
wolfSSL	4:1b0d80432c79	1603	#elif defined(HAVE_SNI) \
wolfSSL	4:1b0d80432c79	1604	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	4:1b0d80432c79	1605	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	4:1b0d80432c79	1606	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	1607	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL	4:1b0d80432c79	1608	\|\| defined(HAVE_SUPPORTED_CURVES) \
wolfSSL	4:1b0d80432c79	1609	\|\| defined(HAVE_ALPN) \
wolfSSL	4:1b0d80432c79	1610	\|\| defined(HAVE_QSH) \
wolfSSL	4:1b0d80432c79	1611	\|\| defined(HAVE_SESSION_TICKET) \
wolfSSL	4:1b0d80432c79	1612	\|\| defined(HAVE_SECURE_RENEGOTIATION)
wolfSSL	4:1b0d80432c79	1613
wolfSSL	4:1b0d80432c79	1614	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL	4:1b0d80432c79	1615
wolfSSL	4:1b0d80432c79	1616	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	4:1b0d80432c79	1617
wolfSSL	4:1b0d80432c79	1618	/** Server Name Indication - RFC 6066 (session 3) */
wolfSSL	4:1b0d80432c79	1619	#ifdef HAVE_SNI
wolfSSL	4:1b0d80432c79	1620
wolfSSL	4:1b0d80432c79	1621	typedef struct SNI {
wolfSSL	4:1b0d80432c79	1622	byte type; /* SNI Type */
wolfSSL	4:1b0d80432c79	1623	union { char* host_name; } data; /* SNI Data */
wolfSSL	4:1b0d80432c79	1624	struct SNI* next; /* List Behavior */
wolfSSL	4:1b0d80432c79	1625	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1626	byte options; /* Behavior options */
wolfSSL	4:1b0d80432c79	1627	byte status; /* Matching result */
wolfSSL	4:1b0d80432c79	1628	#endif
wolfSSL	4:1b0d80432c79	1629	} SNI;
wolfSSL	4:1b0d80432c79	1630
wolfSSL	4:1b0d80432c79	1631	WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	4:1b0d80432c79	1632	word16 size);
wolfSSL	4:1b0d80432c79	1633
wolfSSL	4:1b0d80432c79	1634	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1635	WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	4:1b0d80432c79	1636	byte options);
wolfSSL	4:1b0d80432c79	1637	WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	4:1b0d80432c79	1638	WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	4:1b0d80432c79	1639	void** data);
wolfSSL	4:1b0d80432c79	1640	WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	4:1b0d80432c79	1641	byte type, byte* sni, word32* inOutSz);
wolfSSL	4:1b0d80432c79	1642	#endif
wolfSSL	4:1b0d80432c79	1643
wolfSSL	4:1b0d80432c79	1644	#endif /* HAVE_SNI */
wolfSSL	4:1b0d80432c79	1645
wolfSSL	4:1b0d80432c79	1646	/* Application-Layer Protocol Negotiation - RFC 7301 */
wolfSSL	4:1b0d80432c79	1647	#ifdef HAVE_ALPN
wolfSSL	4:1b0d80432c79	1648	typedef struct ALPN {
wolfSSL	4:1b0d80432c79	1649	char* protocol_name; /* ALPN protocol name */
wolfSSL	4:1b0d80432c79	1650	struct ALPN* next; /* List Behavior */
wolfSSL	4:1b0d80432c79	1651	byte options; /* Behavior options */
wolfSSL	4:1b0d80432c79	1652	byte negotiated; /* ALPN protocol negotiated or not */
wolfSSL	4:1b0d80432c79	1653	} ALPN;
wolfSSL	4:1b0d80432c79	1654
wolfSSL	4:1b0d80432c79	1655	WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
wolfSSL	4:1b0d80432c79	1656	void** data, word16 *dataSz);
wolfSSL	4:1b0d80432c79	1657
wolfSSL	4:1b0d80432c79	1658	WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
wolfSSL	4:1b0d80432c79	1659	word16 size, byte options);
wolfSSL	4:1b0d80432c79	1660
wolfSSL	4:1b0d80432c79	1661	WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
wolfSSL	4:1b0d80432c79	1662
wolfSSL	4:1b0d80432c79	1663	#endif /* HAVE_ALPN */
wolfSSL	4:1b0d80432c79	1664
wolfSSL	4:1b0d80432c79	1665	/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
wolfSSL	4:1b0d80432c79	1666	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	1667
wolfSSL	4:1b0d80432c79	1668	WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
wolfSSL	4:1b0d80432c79	1669
wolfSSL	4:1b0d80432c79	1670	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	4:1b0d80432c79	1671
wolfSSL	4:1b0d80432c79	1672	/** Truncated HMAC - RFC 6066 (session 7) */
wolfSSL	4:1b0d80432c79	1673	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	1674
wolfSSL	4:1b0d80432c79	1675	WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
wolfSSL	4:1b0d80432c79	1676
wolfSSL	4:1b0d80432c79	1677	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	4:1b0d80432c79	1678
wolfSSL	4:1b0d80432c79	1679	/** Certificate Status Request - RFC 6066 (session 8) */
wolfSSL	4:1b0d80432c79	1680	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	1681
wolfSSL	4:1b0d80432c79	1682	typedef struct {
wolfSSL	4:1b0d80432c79	1683	byte status_type;
wolfSSL	4:1b0d80432c79	1684	byte options;
wolfSSL	4:1b0d80432c79	1685	union {
wolfSSL	4:1b0d80432c79	1686	OcspRequest ocsp;
wolfSSL	4:1b0d80432c79	1687	} request;
wolfSSL	4:1b0d80432c79	1688	} CertificateStatusRequest;
wolfSSL	4:1b0d80432c79	1689
wolfSSL	4:1b0d80432c79	1690	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
wolfSSL	4:1b0d80432c79	1691	byte status_type, byte options);
wolfSSL	4:1b0d80432c79	1692	WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert);
wolfSSL	4:1b0d80432c79	1693	WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
wolfSSL	4:1b0d80432c79	1694	WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	1695
wolfSSL	4:1b0d80432c79	1696	#endif
wolfSSL	4:1b0d80432c79	1697
wolfSSL	4:1b0d80432c79	1698	/** Certificate Status Request v2 - RFC 6961 */
wolfSSL	4:1b0d80432c79	1699	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	1700
wolfSSL	4:1b0d80432c79	1701	typedef struct CSRIv2 {
wolfSSL	4:1b0d80432c79	1702	byte status_type;
wolfSSL	4:1b0d80432c79	1703	byte options;
wolfSSL	4:1b0d80432c79	1704	word16 requests;
wolfSSL	4:1b0d80432c79	1705	union {
wolfSSL	4:1b0d80432c79	1706	OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
wolfSSL	4:1b0d80432c79	1707	} request;
wolfSSL	4:1b0d80432c79	1708	struct CSRIv2* next;
wolfSSL	4:1b0d80432c79	1709	} CertificateStatusRequestItemV2;
wolfSSL	4:1b0d80432c79	1710
wolfSSL	4:1b0d80432c79	1711	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
wolfSSL	4:1b0d80432c79	1712	byte status_type, byte options);
wolfSSL	4:1b0d80432c79	1713	WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer);
wolfSSL	4:1b0d80432c79	1714	WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
wolfSSL	4:1b0d80432c79	1715	byte index);
wolfSSL	4:1b0d80432c79	1716	WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	1717
wolfSSL	4:1b0d80432c79	1718	#endif
wolfSSL	4:1b0d80432c79	1719
wolfSSL	4:1b0d80432c79	1720	/** Supported Elliptic Curves - RFC 4492 (session 4) */
wolfSSL	4:1b0d80432c79	1721	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	4:1b0d80432c79	1722
wolfSSL	4:1b0d80432c79	1723	typedef struct EllipticCurve {
wolfSSL	4:1b0d80432c79	1724	word16 name; /* CurveNames */
wolfSSL	4:1b0d80432c79	1725	struct EllipticCurve* next; /* List Behavior */
wolfSSL	4:1b0d80432c79	1726	} EllipticCurve;
wolfSSL	4:1b0d80432c79	1727
wolfSSL	4:1b0d80432c79	1728	WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
wolfSSL	4:1b0d80432c79	1729
wolfSSL	4:1b0d80432c79	1730	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1731	WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
wolfSSL	4:1b0d80432c79	1732	byte second);
wolfSSL	4:1b0d80432c79	1733	#endif
wolfSSL	4:1b0d80432c79	1734
wolfSSL	4:1b0d80432c79	1735	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	4:1b0d80432c79	1736
wolfSSL	4:1b0d80432c79	1737	/** Renegotiation Indication - RFC 5746 */
wolfSSL	4:1b0d80432c79	1738	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	1739
wolfSSL	4:1b0d80432c79	1740	enum key_cache_state {
wolfSSL	4:1b0d80432c79	1741	SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL	4:1b0d80432c79	1742	SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL	4:1b0d80432c79	1743	SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL	4:1b0d80432c79	1744	SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL	4:1b0d80432c79	1745	SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL	4:1b0d80432c79	1746	};
wolfSSL	4:1b0d80432c79	1747
wolfSSL	4:1b0d80432c79	1748	/* Additional Connection State according to rfc5746 section 3.1 */
wolfSSL	4:1b0d80432c79	1749	typedef struct SecureRenegotiation {
wolfSSL	4:1b0d80432c79	1750	byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL	4:1b0d80432c79	1751	byte startScr; /* server requested client to start scr */
wolfSSL	4:1b0d80432c79	1752	enum key_cache_state cache_status; /* track key cache state */
wolfSSL	4:1b0d80432c79	1753	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	4:1b0d80432c79	1754	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	4:1b0d80432c79	1755	byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
wolfSSL	4:1b0d80432c79	1756	Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL	4:1b0d80432c79	1757	} SecureRenegotiation;
wolfSSL	4:1b0d80432c79	1758
wolfSSL	4:1b0d80432c79	1759	WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
wolfSSL	4:1b0d80432c79	1760
wolfSSL	4:1b0d80432c79	1761	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	4:1b0d80432c79	1762
wolfSSL	4:1b0d80432c79	1763	/** Session Ticket - RFC 5077 (session 3.2) */
wolfSSL	4:1b0d80432c79	1764	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	1765
wolfSSL	4:1b0d80432c79	1766	typedef struct SessionTicket {
wolfSSL	4:1b0d80432c79	1767	word32 lifetime;
wolfSSL	4:1b0d80432c79	1768	byte* data;
wolfSSL	4:1b0d80432c79	1769	word16 size;
wolfSSL	4:1b0d80432c79	1770	} SessionTicket;
wolfSSL	4:1b0d80432c79	1771
wolfSSL	4:1b0d80432c79	1772	WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL	4:1b0d80432c79	1773	SessionTicket* ticket);
wolfSSL	4:1b0d80432c79	1774	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	4:1b0d80432c79	1775	byte* data, word16 size);
wolfSSL	4:1b0d80432c79	1776	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
wolfSSL	4:1b0d80432c79	1777
wolfSSL	4:1b0d80432c79	1778	#endif /* HAVE_SESSION_TICKET */
wolfSSL	4:1b0d80432c79	1779
wolfSSL	4:1b0d80432c79	1780	/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
wolfSSL	4:1b0d80432c79	1781	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	1782
wolfSSL	4:1b0d80432c79	1783	typedef struct QSHScheme {
wolfSSL	4:1b0d80432c79	1784	struct QSHScheme* next; /* List Behavior */
wolfSSL	4:1b0d80432c79	1785	byte* PK;
wolfSSL	4:1b0d80432c79	1786	word16 name; /* QSHScheme Names */
wolfSSL	4:1b0d80432c79	1787	word16 PKLen;
wolfSSL	4:1b0d80432c79	1788	} QSHScheme;
wolfSSL	4:1b0d80432c79	1789
wolfSSL	4:1b0d80432c79	1790	typedef struct QSHkey {
wolfSSL	4:1b0d80432c79	1791	struct QSHKey* next;
wolfSSL	4:1b0d80432c79	1792	word16 name;
wolfSSL	4:1b0d80432c79	1793	buffer pub;
wolfSSL	4:1b0d80432c79	1794	buffer pri;
wolfSSL	4:1b0d80432c79	1795	} QSHKey;
wolfSSL	4:1b0d80432c79	1796
wolfSSL	4:1b0d80432c79	1797	typedef struct QSHSecret {
wolfSSL	4:1b0d80432c79	1798	QSHScheme* list;
wolfSSL	4:1b0d80432c79	1799	buffer* SerSi;
wolfSSL	4:1b0d80432c79	1800	buffer* CliSi;
wolfSSL	4:1b0d80432c79	1801	} QSHSecret;
wolfSSL	4:1b0d80432c79	1802
wolfSSL	4:1b0d80432c79	1803	/* used in key exchange during handshake */
wolfSSL	4:1b0d80432c79	1804	WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
wolfSSL	4:1b0d80432c79	1805	word16 length, byte isServer);
wolfSSL	4:1b0d80432c79	1806	WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
wolfSSL	4:1b0d80432c79	1807	WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
wolfSSL	4:1b0d80432c79	1808
wolfSSL	4:1b0d80432c79	1809	/* used by api for setting a specific QSH scheme */
wolfSSL	4:1b0d80432c79	1810	WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
wolfSSL	4:1b0d80432c79	1811	byte* pKey, word16 pKeySz);
wolfSSL	4:1b0d80432c79	1812
wolfSSL	4:1b0d80432c79	1813	/* used when parsing in QSHCipher structs */
wolfSSL	4:1b0d80432c79	1814	WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	4:1b0d80432c79	1815	byte* out, word16* szOut);
wolfSSL	4:1b0d80432c79	1816	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1817	WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
wolfSSL	4:1b0d80432c79	1818	#endif
wolfSSL	4:1b0d80432c79	1819
wolfSSL	4:1b0d80432c79	1820	#endif /* HAVE_QSH */
wolfSSL	4:1b0d80432c79	1821
wolfSSL	4:1b0d80432c79	1822	/* wolfSSL context type */
wolfSSL	4:1b0d80432c79	1823	struct WOLFSSL_CTX {
wolfSSL	4:1b0d80432c79	1824	WOLFSSL_METHOD* method;
wolfSSL	4:1b0d80432c79	1825	wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	4:1b0d80432c79	1826	int refCount; /* reference count */
wolfSSL	4:1b0d80432c79	1827	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	1828	buffer serverDH_P;
wolfSSL	4:1b0d80432c79	1829	buffer serverDH_G;
wolfSSL	4:1b0d80432c79	1830	#endif
wolfSSL	4:1b0d80432c79	1831	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	1832	DerBuffer* certificate;
wolfSSL	4:1b0d80432c79	1833	DerBuffer* certChain;
wolfSSL	4:1b0d80432c79	1834	/* chain after self, in DER, with leading size for each cert */
wolfSSL	4:1b0d80432c79	1835	DerBuffer* privateKey;
wolfSSL	4:1b0d80432c79	1836	WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	4:1b0d80432c79	1837	#endif
wolfSSL	4:1b0d80432c79	1838	Suites* suites; /* make dynamic, user may not need/set */
wolfSSL	4:1b0d80432c79	1839	void* heap; /* for user memory overrides */
wolfSSL	4:1b0d80432c79	1840	byte verifyPeer;
wolfSSL	4:1b0d80432c79	1841	byte verifyNone;
wolfSSL	4:1b0d80432c79	1842	byte failNoCert;
wolfSSL	4:1b0d80432c79	1843	byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/
wolfSSL	4:1b0d80432c79	1844	byte sessionCacheOff;
wolfSSL	4:1b0d80432c79	1845	byte sessionCacheFlushOff;
wolfSSL	4:1b0d80432c79	1846	byte sendVerify; /* for client side */
wolfSSL	4:1b0d80432c79	1847	byte haveRSA; /* RSA available */
wolfSSL	4:1b0d80432c79	1848	byte haveECC; /* ECC available */
wolfSSL	4:1b0d80432c79	1849	byte haveDH; /* server DH parms set by user */
wolfSSL	4:1b0d80432c79	1850	byte haveNTRU; /* server private NTRU key loaded */
wolfSSL	4:1b0d80432c79	1851	byte haveECDSAsig; /* server cert signed w/ ECDSA */
wolfSSL	4:1b0d80432c79	1852	byte haveStaticECC; /* static server ECC private key */
wolfSSL	4:1b0d80432c79	1853	byte partialWrite; /* only one msg per write call */
wolfSSL	4:1b0d80432c79	1854	byte quietShutdown; /* don't send close notify */
wolfSSL	4:1b0d80432c79	1855	byte groupMessages; /* group handshake messages before sending */
wolfSSL	4:1b0d80432c79	1856	byte minDowngrade; /* minimum downgrade version */
wolfSSL	4:1b0d80432c79	1857	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	1858	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	4:1b0d80432c79	1859	#endif
wolfSSL	4:1b0d80432c79	1860	CallbackIORecv CBIORecv;
wolfSSL	4:1b0d80432c79	1861	CallbackIOSend CBIOSend;
wolfSSL	4:1b0d80432c79	1862	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1863	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	4:1b0d80432c79	1864	#endif
wolfSSL	4:1b0d80432c79	1865	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	4:1b0d80432c79	1866	word32 timeout; /* session timeout */
wolfSSL	4:1b0d80432c79	1867	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	1868	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	4:1b0d80432c79	1869	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	4:1b0d80432c79	1870	#endif
wolfSSL	4:1b0d80432c79	1871	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	1872	byte havePSK; /* psk key set by user */
wolfSSL	4:1b0d80432c79	1873	wc_psk_client_callback client_psk_cb; /* client callback */
wolfSSL	4:1b0d80432c79	1874	wc_psk_server_callback server_psk_cb; /* server callback */
wolfSSL	4:1b0d80432c79	1875	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	4:1b0d80432c79	1876	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	1877	#ifdef HAVE_ANON
wolfSSL	4:1b0d80432c79	1878	byte haveAnon; /* User wants to allow Anon suites */
wolfSSL	4:1b0d80432c79	1879	#endif /* HAVE_ANON */
wolfSSL	4:1b0d80432c79	1880	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	4:1b0d80432c79	1881	pem_password_cb passwd_cb;
wolfSSL	4:1b0d80432c79	1882	void* userdata;
wolfSSL	4:1b0d80432c79	1883	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	1884	#ifdef HAVE_STUNNEL
wolfSSL	4:1b0d80432c79	1885	void* ex_data[MAX_EX_DATA];
wolfSSL	4:1b0d80432c79	1886	CallbackSniRecv sniRecvCb;
wolfSSL	4:1b0d80432c79	1887	void* sniRecvCbArg;
wolfSSL	4:1b0d80432c79	1888	#endif
wolfSSL	4:1b0d80432c79	1889	#ifdef HAVE_OCSP
wolfSSL	4:1b0d80432c79	1890	WOLFSSL_OCSP ocsp;
wolfSSL	4:1b0d80432c79	1891	#endif
wolfSSL	4:1b0d80432c79	1892	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	1893	int devId; /* cavium device id to use */
wolfSSL	4:1b0d80432c79	1894	#endif
wolfSSL	4:1b0d80432c79	1895	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	1896	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	4:1b0d80432c79	1897	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	1898	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	1899	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	1900	OcspRequest* certOcspRequest;
wolfSSL	4:1b0d80432c79	1901	#endif
wolfSSL	4:1b0d80432c79	1902	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	1903	OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
wolfSSL	4:1b0d80432c79	1904	#endif
wolfSSL	4:1b0d80432c79	1905	#endif
wolfSSL	4:1b0d80432c79	1906	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER)
wolfSSL	4:1b0d80432c79	1907	SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL	4:1b0d80432c79	1908	void* ticketEncCtx; /* session encrypt context */
wolfSSL	4:1b0d80432c79	1909	int ticketHint; /* ticket hint in seconds */
wolfSSL	4:1b0d80432c79	1910	#endif
wolfSSL	4:1b0d80432c79	1911	#endif
wolfSSL	4:1b0d80432c79	1912	#ifdef ATOMIC_USER
wolfSSL	4:1b0d80432c79	1913	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	4:1b0d80432c79	1914	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	4:1b0d80432c79	1915	#endif
wolfSSL	4:1b0d80432c79	1916	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	1917	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	1918	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	4:1b0d80432c79	1919	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	4:1b0d80432c79	1920	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	1921	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	1922	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
wolfSSL	4:1b0d80432c79	1923	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
wolfSSL	4:1b0d80432c79	1924	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	4:1b0d80432c79	1925	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	4:1b0d80432c79	1926	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	1927	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	4:1b0d80432c79	1928	};
wolfSSL	4:1b0d80432c79	1929
wolfSSL	4:1b0d80432c79	1930
wolfSSL	4:1b0d80432c79	1931	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1932	int InitSSL_Ctx(WOLFSSL_CTX, WOLFSSL_METHOD);
wolfSSL	4:1b0d80432c79	1933	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1934	void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL	4:1b0d80432c79	1935	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1936	void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL	4:1b0d80432c79	1937
wolfSSL	4:1b0d80432c79	1938	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1939	int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	1940	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1941	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	1942	word32 inSz, word16 sz);
wolfSSL	4:1b0d80432c79	1943	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	1944	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1945	int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
wolfSSL	4:1b0d80432c79	1946	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1947	int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	4:1b0d80432c79	1948	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	1949	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1950	int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
wolfSSL	4:1b0d80432c79	1951	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	1952	int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	4:1b0d80432c79	1953	#endif
wolfSSL	4:1b0d80432c79	1954	#endif
wolfSSL	4:1b0d80432c79	1955
wolfSSL	4:1b0d80432c79	1956	/* All cipher suite related info */
wolfSSL	4:1b0d80432c79	1957	typedef struct CipherSpecs {
wolfSSL	4:1b0d80432c79	1958	word16 key_size;
wolfSSL	4:1b0d80432c79	1959	word16 iv_size;
wolfSSL	4:1b0d80432c79	1960	word16 block_size;
wolfSSL	4:1b0d80432c79	1961	word16 aead_mac_size;
wolfSSL	4:1b0d80432c79	1962	byte bulk_cipher_algorithm;
wolfSSL	4:1b0d80432c79	1963	byte cipher_type; /* block, stream, or aead */
wolfSSL	4:1b0d80432c79	1964	byte mac_algorithm;
wolfSSL	4:1b0d80432c79	1965	byte kea; /* key exchange algo */
wolfSSL	4:1b0d80432c79	1966	byte sig_algo;
wolfSSL	4:1b0d80432c79	1967	byte hash_size;
wolfSSL	4:1b0d80432c79	1968	byte pad_size;
wolfSSL	4:1b0d80432c79	1969	byte static_ecdh;
wolfSSL	4:1b0d80432c79	1970	} CipherSpecs;
wolfSSL	4:1b0d80432c79	1971
wolfSSL	4:1b0d80432c79	1972
wolfSSL	4:1b0d80432c79	1973	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	4:1b0d80432c79	1974
wolfSSL	4:1b0d80432c79	1975
wolfSSL	4:1b0d80432c79	1976	/* Supported Message Authentication Codes from page 43 */
wolfSSL	4:1b0d80432c79	1977	enum MACAlgorithm {
wolfSSL	4:1b0d80432c79	1978	no_mac,
wolfSSL	4:1b0d80432c79	1979	md5_mac,
wolfSSL	4:1b0d80432c79	1980	sha_mac,
wolfSSL	4:1b0d80432c79	1981	sha224_mac,
wolfSSL	4:1b0d80432c79	1982	sha256_mac, /* needs to match external KDF_MacAlgorithm */
wolfSSL	4:1b0d80432c79	1983	sha384_mac,
wolfSSL	4:1b0d80432c79	1984	sha512_mac,
wolfSSL	4:1b0d80432c79	1985	rmd_mac,
wolfSSL	4:1b0d80432c79	1986	blake2b_mac
wolfSSL	4:1b0d80432c79	1987	};
wolfSSL	4:1b0d80432c79	1988
wolfSSL	4:1b0d80432c79	1989
wolfSSL	4:1b0d80432c79	1990	/* Supported Key Exchange Protocols */
wolfSSL	4:1b0d80432c79	1991	enum KeyExchangeAlgorithm {
wolfSSL	4:1b0d80432c79	1992	no_kea,
wolfSSL	4:1b0d80432c79	1993	rsa_kea,
wolfSSL	4:1b0d80432c79	1994	diffie_hellman_kea,
wolfSSL	4:1b0d80432c79	1995	fortezza_kea,
wolfSSL	4:1b0d80432c79	1996	psk_kea,
wolfSSL	4:1b0d80432c79	1997	dhe_psk_kea,
wolfSSL	4:1b0d80432c79	1998	ecdhe_psk_kea,
wolfSSL	4:1b0d80432c79	1999	ntru_kea,
wolfSSL	4:1b0d80432c79	2000	ecc_diffie_hellman_kea,
wolfSSL	4:1b0d80432c79	2001	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	4:1b0d80432c79	2002	};
wolfSSL	4:1b0d80432c79	2003
wolfSSL	4:1b0d80432c79	2004
wolfSSL	4:1b0d80432c79	2005	/* Supported Authentication Schemes */
wolfSSL	4:1b0d80432c79	2006	enum SignatureAlgorithm {
wolfSSL	4:1b0d80432c79	2007	anonymous_sa_algo,
wolfSSL	4:1b0d80432c79	2008	rsa_sa_algo,
wolfSSL	4:1b0d80432c79	2009	dsa_sa_algo,
wolfSSL	4:1b0d80432c79	2010	ecc_dsa_sa_algo
wolfSSL	4:1b0d80432c79	2011	};
wolfSSL	4:1b0d80432c79	2012
wolfSSL	4:1b0d80432c79	2013
wolfSSL	4:1b0d80432c79	2014	/* Supprted ECC Curve Types */
wolfSSL	4:1b0d80432c79	2015	enum EccCurves {
wolfSSL	4:1b0d80432c79	2016	named_curve = 3
wolfSSL	4:1b0d80432c79	2017	};
wolfSSL	4:1b0d80432c79	2018
wolfSSL	4:1b0d80432c79	2019
wolfSSL	4:1b0d80432c79	2020	/* Valid client certificate request types from page 27 */
wolfSSL	4:1b0d80432c79	2021	enum ClientCertificateType {
wolfSSL	4:1b0d80432c79	2022	rsa_sign = 1,
wolfSSL	4:1b0d80432c79	2023	dss_sign = 2,
wolfSSL	4:1b0d80432c79	2024	rsa_fixed_dh = 3,
wolfSSL	4:1b0d80432c79	2025	dss_fixed_dh = 4,
wolfSSL	4:1b0d80432c79	2026	rsa_ephemeral_dh = 5,
wolfSSL	4:1b0d80432c79	2027	dss_ephemeral_dh = 6,
wolfSSL	4:1b0d80432c79	2028	fortezza_kea_cert = 20,
wolfSSL	4:1b0d80432c79	2029	ecdsa_sign = 64,
wolfSSL	4:1b0d80432c79	2030	rsa_fixed_ecdh = 65,
wolfSSL	4:1b0d80432c79	2031	ecdsa_fixed_ecdh = 66
wolfSSL	4:1b0d80432c79	2032	};
wolfSSL	4:1b0d80432c79	2033
wolfSSL	4:1b0d80432c79	2034
wolfSSL	4:1b0d80432c79	2035	enum CipherType { stream, block, aead };
wolfSSL	4:1b0d80432c79	2036
wolfSSL	4:1b0d80432c79	2037
wolfSSL	4:1b0d80432c79	2038
wolfSSL	4:1b0d80432c79	2039
wolfSSL	4:1b0d80432c79	2040
wolfSSL	4:1b0d80432c79	2041
wolfSSL	4:1b0d80432c79	2042	/* cipher for now */
wolfSSL	4:1b0d80432c79	2043	typedef struct Ciphers {
wolfSSL	4:1b0d80432c79	2044	#ifdef BUILD_ARC4
wolfSSL	4:1b0d80432c79	2045	Arc4* arc4;
wolfSSL	4:1b0d80432c79	2046	#endif
wolfSSL	4:1b0d80432c79	2047	#ifdef BUILD_DES3
wolfSSL	4:1b0d80432c79	2048	Des3* des3;
wolfSSL	4:1b0d80432c79	2049	#endif
wolfSSL	4:1b0d80432c79	2050	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	4:1b0d80432c79	2051	Aes* aes;
wolfSSL	4:1b0d80432c79	2052	#endif
wolfSSL	4:1b0d80432c79	2053	#ifdef HAVE_CAMELLIA
wolfSSL	4:1b0d80432c79	2054	Camellia* cam;
wolfSSL	4:1b0d80432c79	2055	#endif
wolfSSL	4:1b0d80432c79	2056	#ifdef HAVE_CHACHA
wolfSSL	4:1b0d80432c79	2057	ChaCha* chacha;
wolfSSL	4:1b0d80432c79	2058	#endif
wolfSSL	4:1b0d80432c79	2059	#ifdef HAVE_HC128
wolfSSL	4:1b0d80432c79	2060	HC128* hc128;
wolfSSL	4:1b0d80432c79	2061	#endif
wolfSSL	4:1b0d80432c79	2062	#ifdef BUILD_RABBIT
wolfSSL	4:1b0d80432c79	2063	Rabbit* rabbit;
wolfSSL	4:1b0d80432c79	2064	#endif
wolfSSL	4:1b0d80432c79	2065	#ifdef HAVE_IDEA
wolfSSL	4:1b0d80432c79	2066	Idea* idea;
wolfSSL	4:1b0d80432c79	2067	#endif
wolfSSL	4:1b0d80432c79	2068	byte setup; /* have we set it up flag for detection */
wolfSSL	4:1b0d80432c79	2069	} Ciphers;
wolfSSL	4:1b0d80432c79	2070
wolfSSL	4:1b0d80432c79	2071
wolfSSL	4:1b0d80432c79	2072	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	4:1b0d80432c79	2073	/* Ciphers for one time authentication such as poly1305 */
wolfSSL	4:1b0d80432c79	2074	typedef struct OneTimeAuth {
wolfSSL	4:1b0d80432c79	2075	#ifdef HAVE_POLY1305
wolfSSL	4:1b0d80432c79	2076	Poly1305* poly1305;
wolfSSL	4:1b0d80432c79	2077	#endif
wolfSSL	4:1b0d80432c79	2078	byte setup; /* flag for if a cipher has been set */
wolfSSL	4:1b0d80432c79	2079
wolfSSL	4:1b0d80432c79	2080	} OneTimeAuth;
wolfSSL	4:1b0d80432c79	2081	#endif
wolfSSL	4:1b0d80432c79	2082
wolfSSL	4:1b0d80432c79	2083
wolfSSL	4:1b0d80432c79	2084	WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2085	WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2086
wolfSSL	4:1b0d80432c79	2087
wolfSSL	4:1b0d80432c79	2088	/* hashes type */
wolfSSL	4:1b0d80432c79	2089	typedef struct Hashes {
wolfSSL	4:1b0d80432c79	2090	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	2091	byte md5[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	2092	#endif
wolfSSL	4:1b0d80432c79	2093	byte sha[SHA_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	2094	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	2095	byte sha256[SHA256_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	2096	#endif
wolfSSL	4:1b0d80432c79	2097	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	2098	byte sha384[SHA384_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	2099	#endif
wolfSSL	4:1b0d80432c79	2100	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	2101	byte sha512[SHA512_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	2102	#endif
wolfSSL	4:1b0d80432c79	2103	} Hashes;
wolfSSL	4:1b0d80432c79	2104
wolfSSL	4:1b0d80432c79	2105
wolfSSL	4:1b0d80432c79	2106	/* Static x509 buffer */
wolfSSL	4:1b0d80432c79	2107	typedef struct x509_buffer {
wolfSSL	4:1b0d80432c79	2108	int length; /* actual size */
wolfSSL	4:1b0d80432c79	2109	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	4:1b0d80432c79	2110	} x509_buffer;
wolfSSL	4:1b0d80432c79	2111
wolfSSL	4:1b0d80432c79	2112
wolfSSL	4:1b0d80432c79	2113	/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	4:1b0d80432c79	2114	struct WOLFSSL_X509_CHAIN {
wolfSSL	4:1b0d80432c79	2115	int count; /* total number in chain */
wolfSSL	4:1b0d80432c79	2116	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	4:1b0d80432c79	2117	};
wolfSSL	4:1b0d80432c79	2118
wolfSSL	4:1b0d80432c79	2119
wolfSSL	4:1b0d80432c79	2120	/* wolfSSL session type */
wolfSSL	4:1b0d80432c79	2121	struct WOLFSSL_SESSION {
wolfSSL	4:1b0d80432c79	2122	word32 bornOn; /* create time in seconds */
wolfSSL	4:1b0d80432c79	2123	word32 timeout; /* timeout in seconds */
wolfSSL	4:1b0d80432c79	2124	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	4:1b0d80432c79	2125	byte sessionIDSz;
wolfSSL	4:1b0d80432c79	2126	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	4:1b0d80432c79	2127	#ifdef SESSION_CERTS
wolfSSL	4:1b0d80432c79	2128	WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	4:1b0d80432c79	2129	ProtocolVersion version; /* which version was used */
wolfSSL	4:1b0d80432c79	2130	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	4:1b0d80432c79	2131	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	4:1b0d80432c79	2132	#endif
wolfSSL	4:1b0d80432c79	2133	#ifndef NO_CLIENT_CACHE
wolfSSL	4:1b0d80432c79	2134	word16 idLen; /* serverID length */
wolfSSL	4:1b0d80432c79	2135	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	4:1b0d80432c79	2136	#endif
wolfSSL	4:1b0d80432c79	2137	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	2138	word16 ticketLen;
wolfSSL	4:1b0d80432c79	2139	byte ticket[SESSION_TICKET_LEN];
wolfSSL	4:1b0d80432c79	2140	#endif
wolfSSL	4:1b0d80432c79	2141	#ifdef HAVE_STUNNEL
wolfSSL	4:1b0d80432c79	2142	void* ex_data[MAX_EX_DATA];
wolfSSL	4:1b0d80432c79	2143	#endif
wolfSSL	4:1b0d80432c79	2144	};
wolfSSL	4:1b0d80432c79	2145
wolfSSL	4:1b0d80432c79	2146
wolfSSL	4:1b0d80432c79	2147	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2148	WOLFSSL_SESSION* GetSession(WOLFSSL, byte);
wolfSSL	4:1b0d80432c79	2149	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2150	int SetSession(WOLFSSL, WOLFSSL_SESSION);
wolfSSL	4:1b0d80432c79	2151
wolfSSL	4:1b0d80432c79	2152	typedef int (hmacfp) (WOLFSSL, byte, const byte, word32, int, int);
wolfSSL	4:1b0d80432c79	2153
wolfSSL	4:1b0d80432c79	2154	#ifndef NO_CLIENT_CACHE
wolfSSL	4:1b0d80432c79	2155	WOLFSSL_SESSION* GetSessionClient(WOLFSSL, const byte, int);
wolfSSL	4:1b0d80432c79	2156	#endif
wolfSSL	4:1b0d80432c79	2157
wolfSSL	4:1b0d80432c79	2158	/* client connect state for nonblocking restart */
wolfSSL	4:1b0d80432c79	2159	enum ConnectState {
wolfSSL	4:1b0d80432c79	2160	CONNECT_BEGIN = 0,
wolfSSL	4:1b0d80432c79	2161	CLIENT_HELLO_SENT,
wolfSSL	4:1b0d80432c79	2162	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	4:1b0d80432c79	2163	HELLO_AGAIN_REPLY,
wolfSSL	4:1b0d80432c79	2164	FIRST_REPLY_DONE,
wolfSSL	4:1b0d80432c79	2165	FIRST_REPLY_FIRST,
wolfSSL	4:1b0d80432c79	2166	FIRST_REPLY_SECOND,
wolfSSL	4:1b0d80432c79	2167	FIRST_REPLY_THIRD,
wolfSSL	4:1b0d80432c79	2168	FIRST_REPLY_FOURTH,
wolfSSL	4:1b0d80432c79	2169	FINISHED_DONE,
wolfSSL	4:1b0d80432c79	2170	SECOND_REPLY_DONE
wolfSSL	4:1b0d80432c79	2171	};
wolfSSL	4:1b0d80432c79	2172
wolfSSL	4:1b0d80432c79	2173
wolfSSL	4:1b0d80432c79	2174	/* server accept state for nonblocking restart */
wolfSSL	4:1b0d80432c79	2175	enum AcceptState {
wolfSSL	4:1b0d80432c79	2176	ACCEPT_BEGIN = 0,
wolfSSL	4:1b0d80432c79	2177	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	4:1b0d80432c79	2178	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	4:1b0d80432c79	2179	SERVER_HELLO_SENT,
wolfSSL	4:1b0d80432c79	2180	CERT_SENT,
wolfSSL	4:1b0d80432c79	2181	CERT_STATUS_SENT,
wolfSSL	4:1b0d80432c79	2182	KEY_EXCHANGE_SENT,
wolfSSL	4:1b0d80432c79	2183	CERT_REQ_SENT,
wolfSSL	4:1b0d80432c79	2184	SERVER_HELLO_DONE,
wolfSSL	4:1b0d80432c79	2185	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	4:1b0d80432c79	2186	TICKET_SENT,
wolfSSL	4:1b0d80432c79	2187	CHANGE_CIPHER_SENT,
wolfSSL	4:1b0d80432c79	2188	ACCEPT_FINISHED_DONE,
wolfSSL	4:1b0d80432c79	2189	ACCEPT_THIRD_REPLY_DONE
wolfSSL	4:1b0d80432c79	2190	};
wolfSSL	4:1b0d80432c79	2191
wolfSSL	4:1b0d80432c79	2192
wolfSSL	4:1b0d80432c79	2193	typedef struct Buffers {
wolfSSL	4:1b0d80432c79	2194	bufferStatic inputBuffer;
wolfSSL	4:1b0d80432c79	2195	bufferStatic outputBuffer;
wolfSSL	4:1b0d80432c79	2196	buffer domainName; /* for client check */
wolfSSL	4:1b0d80432c79	2197	buffer clearOutputBuffer;
wolfSSL	4:1b0d80432c79	2198	int prevSent; /* previous plain text bytes sent
wolfSSL	4:1b0d80432c79	2199	when got WANT_WRITE */
wolfSSL	4:1b0d80432c79	2200	int plainSz; /* plain text bytes in buffer to send
wolfSSL	4:1b0d80432c79	2201	when got WANT_WRITE */
wolfSSL	4:1b0d80432c79	2202	byte weOwnCert; /* SSL own cert flag */
wolfSSL	4:1b0d80432c79	2203	byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL	4:1b0d80432c79	2204	byte weOwnKey; /* SSL own key flag */
wolfSSL	4:1b0d80432c79	2205	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	4:1b0d80432c79	2206	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	2207	buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	4:1b0d80432c79	2208	buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	4:1b0d80432c79	2209	buffer serverDH_Pub;
wolfSSL	4:1b0d80432c79	2210	buffer serverDH_Priv;
wolfSSL	4:1b0d80432c79	2211	#endif
wolfSSL	4:1b0d80432c79	2212	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2213	DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	4:1b0d80432c79	2214	DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	4:1b0d80432c79	2215	DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	4:1b0d80432c79	2216	/* chain after self, in DER, with leading size for each cert */
wolfSSL	4:1b0d80432c79	2217	#endif
wolfSSL	4:1b0d80432c79	2218	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2219	WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	4:1b0d80432c79	2220	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2221	buffer dtlsCookieSecret; /* DTLS cookie secret */
wolfSSL	4:1b0d80432c79	2222	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	2223	#endif
wolfSSL	4:1b0d80432c79	2224	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	2225	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2226	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	4:1b0d80432c79	2227	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	2228	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2229	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	4:1b0d80432c79	2230	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	2231	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	4:1b0d80432c79	2232	} Buffers;
wolfSSL	4:1b0d80432c79	2233
wolfSSL	4:1b0d80432c79	2234	typedef struct Options {
wolfSSL	4:1b0d80432c79	2235	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	2236	wc_psk_client_callback client_psk_cb;
wolfSSL	4:1b0d80432c79	2237	wc_psk_server_callback server_psk_cb;
wolfSSL	4:1b0d80432c79	2238	word16 havePSK:1; /* psk key set by user */
wolfSSL	4:1b0d80432c79	2239	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	2240
wolfSSL	4:1b0d80432c79	2241	/* on/off or small bit flags, optimize layout */
wolfSSL	4:1b0d80432c79	2242	word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	4:1b0d80432c79	2243	word16 sessionCacheOff:1;
wolfSSL	4:1b0d80432c79	2244	word16 sessionCacheFlushOff:1;
wolfSSL	4:1b0d80432c79	2245	word16 side:1; /* client or server end */
wolfSSL	4:1b0d80432c79	2246	word16 verifyPeer:1;
wolfSSL	4:1b0d80432c79	2247	word16 verifyNone:1;
wolfSSL	4:1b0d80432c79	2248	word16 failNoCert:1;
wolfSSL	4:1b0d80432c79	2249	word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
wolfSSL	4:1b0d80432c79	2250	word16 downgrade:1; /* allow downgrade of versions */
wolfSSL	4:1b0d80432c79	2251	word16 resuming:1;
wolfSSL	4:1b0d80432c79	2252	word16 haveSessionId:1; /* server may not send */
wolfSSL	4:1b0d80432c79	2253	word16 tls:1; /* using TLS ? */
wolfSSL	4:1b0d80432c79	2254	word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL	4:1b0d80432c79	2255	word16 dtls:1; /* using datagrams ? */
wolfSSL	4:1b0d80432c79	2256	word16 connReset:1; /* has the peer reset */
wolfSSL	4:1b0d80432c79	2257	word16 isClosed:1; /* if we consider conn closed */
wolfSSL	4:1b0d80432c79	2258	word16 closeNotify:1; /* we've received a close notify */
wolfSSL	4:1b0d80432c79	2259	word16 sentNotify:1; /* we've sent a close notify */
wolfSSL	4:1b0d80432c79	2260	word16 usingCompression:1; /* are we using compression */
wolfSSL	4:1b0d80432c79	2261	word16 haveRSA:1; /* RSA available */
wolfSSL	4:1b0d80432c79	2262	word16 haveECC:1; /* ECC available */
wolfSSL	4:1b0d80432c79	2263	word16 haveDH:1; /* server DH parms set by user */
wolfSSL	4:1b0d80432c79	2264	word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL	4:1b0d80432c79	2265	word16 haveQSH:1; /* have QSH ability */
wolfSSL	4:1b0d80432c79	2266	word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL	4:1b0d80432c79	2267	word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL	4:1b0d80432c79	2268	word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL	4:1b0d80432c79	2269	word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL	4:1b0d80432c79	2270	word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL	4:1b0d80432c79	2271	word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL	4:1b0d80432c79	2272	word16 sendAlertState:1; /* nonblocking resume */
wolfSSL	4:1b0d80432c79	2273	word16 partialWrite:1; /* only one msg per write call */
wolfSSL	4:1b0d80432c79	2274	word16 quietShutdown:1; /* don't send close notify */
wolfSSL	4:1b0d80432c79	2275	word16 certOnly:1; /* stop once we get cert */
wolfSSL	4:1b0d80432c79	2276	word16 groupMessages:1; /* group handshake messages */
wolfSSL	4:1b0d80432c79	2277	word16 usingNonblock:1; /* are we using nonblocking socket */
wolfSSL	4:1b0d80432c79	2278	word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL	4:1b0d80432c79	2279	or psk */
wolfSSL	4:1b0d80432c79	2280	#ifdef HAVE_POLY1305
wolfSSL	4:1b0d80432c79	2281	word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL	4:1b0d80432c79	2282	#endif
wolfSSL	4:1b0d80432c79	2283	#ifdef HAVE_ANON
wolfSSL	4:1b0d80432c79	2284	word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL	4:1b0d80432c79	2285	#endif
wolfSSL	4:1b0d80432c79	2286	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	2287	word16 createTicket:1; /* Server to create new Ticket */
wolfSSL	4:1b0d80432c79	2288	word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL	4:1b0d80432c79	2289	#endif
wolfSSL	4:1b0d80432c79	2290	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2291	word16 dtlsHsRetain:1; /* DTLS retaining HS data */
wolfSSL	4:1b0d80432c79	2292	#endif
wolfSSL	4:1b0d80432c79	2293
wolfSSL	4:1b0d80432c79	2294	/* need full byte values for this section */
wolfSSL	4:1b0d80432c79	2295	byte processReply; /* nonblocking resume */
wolfSSL	4:1b0d80432c79	2296	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	4:1b0d80432c79	2297	byte cipherSuite; /* second byte, actual suite */
wolfSSL	4:1b0d80432c79	2298	byte serverState;
wolfSSL	4:1b0d80432c79	2299	byte clientState;
wolfSSL	4:1b0d80432c79	2300	byte handShakeState;
wolfSSL	4:1b0d80432c79	2301	byte handShakeDone; /* at least one handshake complete */
wolfSSL	4:1b0d80432c79	2302	byte minDowngrade; /* minimum downgrade version */
wolfSSL	4:1b0d80432c79	2303	byte connectState; /* nonblocking resume */
wolfSSL	4:1b0d80432c79	2304	byte acceptState; /* nonblocking resume */
wolfSSL	4:1b0d80432c79	2305	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	2306	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	4:1b0d80432c79	2307	word16 dhKeySz; /* actual DH key size */
wolfSSL	4:1b0d80432c79	2308	#endif
wolfSSL	4:1b0d80432c79	2309
wolfSSL	4:1b0d80432c79	2310	} Options;
wolfSSL	4:1b0d80432c79	2311
wolfSSL	4:1b0d80432c79	2312	typedef struct Arrays {
wolfSSL	4:1b0d80432c79	2313	byte* pendingMsg; /* defrag buffer */
wolfSSL	4:1b0d80432c79	2314	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	4:1b0d80432c79	2315	word32 pendingMsgSz; /* defrag buffer size */
wolfSSL	4:1b0d80432c79	2316	word32 pendingMsgOffset; /* current offset into defrag buffer */
wolfSSL	4:1b0d80432c79	2317	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	2318	word32 psk_keySz; /* actual size */
wolfSSL	4:1b0d80432c79	2319	char client_identity[MAX_PSK_ID_LEN];
wolfSSL	4:1b0d80432c79	2320	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	4:1b0d80432c79	2321	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	4:1b0d80432c79	2322	#endif
wolfSSL	4:1b0d80432c79	2323	byte clientRandom[RAN_LEN];
wolfSSL	4:1b0d80432c79	2324	byte serverRandom[RAN_LEN];
wolfSSL	4:1b0d80432c79	2325	byte sessionID[ID_LEN];
wolfSSL	4:1b0d80432c79	2326	byte sessionIDSz;
wolfSSL	4:1b0d80432c79	2327	byte preMasterSecret[ENCRYPT_LEN];
wolfSSL	4:1b0d80432c79	2328	byte masterSecret[SECRET_LEN];
wolfSSL	4:1b0d80432c79	2329	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2330	byte cookie[MAX_COOKIE_LEN];
wolfSSL	4:1b0d80432c79	2331	byte cookieSz;
wolfSSL	4:1b0d80432c79	2332	#endif
wolfSSL	4:1b0d80432c79	2333	byte pendingMsgType; /* defrag buffer message type */
wolfSSL	4:1b0d80432c79	2334	} Arrays;
wolfSSL	4:1b0d80432c79	2335
wolfSSL	4:1b0d80432c79	2336	#ifndef ASN_NAME_MAX
wolfSSL	4:1b0d80432c79	2337	#define ASN_NAME_MAX 256
wolfSSL	4:1b0d80432c79	2338	#endif
wolfSSL	4:1b0d80432c79	2339
wolfSSL	4:1b0d80432c79	2340	#ifndef MAX_DATE_SZ
wolfSSL	4:1b0d80432c79	2341	#define MAX_DATE_SZ 32
wolfSSL	4:1b0d80432c79	2342	#endif
wolfSSL	4:1b0d80432c79	2343
wolfSSL	4:1b0d80432c79	2344	struct WOLFSSL_X509_NAME {
wolfSSL	4:1b0d80432c79	2345	char *name;
wolfSSL	4:1b0d80432c79	2346	char staticName[ASN_NAME_MAX];
wolfSSL	4:1b0d80432c79	2347	int dynamicName;
wolfSSL	4:1b0d80432c79	2348	int sz;
wolfSSL	4:1b0d80432c79	2349	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	2350	DecodedName fullName;
wolfSSL	4:1b0d80432c79	2351	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	2352	};
wolfSSL	4:1b0d80432c79	2353
wolfSSL	4:1b0d80432c79	2354	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	4:1b0d80432c79	2355	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	4:1b0d80432c79	2356	#endif
wolfSSL	4:1b0d80432c79	2357
wolfSSL	4:1b0d80432c79	2358	#ifdef NO_ASN
wolfSSL	4:1b0d80432c79	2359	typedef struct DNS_entry DNS_entry;
wolfSSL	4:1b0d80432c79	2360	#endif
wolfSSL	4:1b0d80432c79	2361
wolfSSL	4:1b0d80432c79	2362	struct WOLFSSL_X509 {
wolfSSL	4:1b0d80432c79	2363	int version;
wolfSSL	4:1b0d80432c79	2364	WOLFSSL_X509_NAME issuer;
wolfSSL	4:1b0d80432c79	2365	WOLFSSL_X509_NAME subject;
wolfSSL	4:1b0d80432c79	2366	int serialSz;
wolfSSL	4:1b0d80432c79	2367	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	4:1b0d80432c79	2368	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	4:1b0d80432c79	2369	#ifdef WOLFSSL_SEP
wolfSSL	4:1b0d80432c79	2370	int deviceTypeSz;
wolfSSL	4:1b0d80432c79	2371	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	4:1b0d80432c79	2372	int hwTypeSz;
wolfSSL	4:1b0d80432c79	2373	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	4:1b0d80432c79	2374	int hwSerialNumSz;
wolfSSL	4:1b0d80432c79	2375	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	4:1b0d80432c79	2376	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	2377	byte certPolicySet;
wolfSSL	4:1b0d80432c79	2378	byte certPolicyCrit;
wolfSSL	4:1b0d80432c79	2379	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	2380	#endif
wolfSSL	4:1b0d80432c79	2381	int notBeforeSz;
wolfSSL	4:1b0d80432c79	2382	byte notBefore[MAX_DATE_SZ];
wolfSSL	4:1b0d80432c79	2383	int notAfterSz;
wolfSSL	4:1b0d80432c79	2384	byte notAfter[MAX_DATE_SZ];
wolfSSL	4:1b0d80432c79	2385	int sigOID;
wolfSSL	4:1b0d80432c79	2386	buffer sig;
wolfSSL	4:1b0d80432c79	2387	int pubKeyOID;
wolfSSL	4:1b0d80432c79	2388	buffer pubKey;
wolfSSL	4:1b0d80432c79	2389	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2390	word32 pkCurveOID;
wolfSSL	4:1b0d80432c79	2391	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	2392	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2393	DerBuffer* derCert; /* may need */
wolfSSL	4:1b0d80432c79	2394	#endif
wolfSSL	4:1b0d80432c79	2395	DNS_entry* altNames; /* alt names list */
wolfSSL	4:1b0d80432c79	2396	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	4:1b0d80432c79	2397	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	4:1b0d80432c79	2398	byte isCa;
wolfSSL	4:1b0d80432c79	2399	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	2400	word32 pathLength;
wolfSSL	4:1b0d80432c79	2401	word16 keyUsage;
wolfSSL	4:1b0d80432c79	2402	byte basicConstSet;
wolfSSL	4:1b0d80432c79	2403	byte basicConstCrit;
wolfSSL	4:1b0d80432c79	2404	byte basicConstPlSet;
wolfSSL	4:1b0d80432c79	2405	byte subjAltNameSet;
wolfSSL	4:1b0d80432c79	2406	byte subjAltNameCrit;
wolfSSL	4:1b0d80432c79	2407	byte authKeyIdSet;
wolfSSL	4:1b0d80432c79	2408	byte authKeyIdCrit;
wolfSSL	4:1b0d80432c79	2409	byte* authKeyId;
wolfSSL	4:1b0d80432c79	2410	word32 authKeyIdSz;
wolfSSL	4:1b0d80432c79	2411	byte subjKeyIdSet;
wolfSSL	4:1b0d80432c79	2412	byte subjKeyIdCrit;
wolfSSL	4:1b0d80432c79	2413	byte* subjKeyId;
wolfSSL	4:1b0d80432c79	2414	word32 subjKeyIdSz;
wolfSSL	4:1b0d80432c79	2415	byte keyUsageSet;
wolfSSL	4:1b0d80432c79	2416	byte keyUsageCrit;
wolfSSL	4:1b0d80432c79	2417	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	2418	};
wolfSSL	4:1b0d80432c79	2419
wolfSSL	4:1b0d80432c79	2420
wolfSSL	4:1b0d80432c79	2421	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	4:1b0d80432c79	2422	typedef struct RecordLayerHeader {
wolfSSL	4:1b0d80432c79	2423	byte type;
wolfSSL	4:1b0d80432c79	2424	byte pvMajor;
wolfSSL	4:1b0d80432c79	2425	byte pvMinor;
wolfSSL	4:1b0d80432c79	2426	byte length[2];
wolfSSL	4:1b0d80432c79	2427	} RecordLayerHeader;
wolfSSL	4:1b0d80432c79	2428
wolfSSL	4:1b0d80432c79	2429
wolfSSL	4:1b0d80432c79	2430	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	4:1b0d80432c79	2431	typedef struct DtlsRecordLayerHeader {
wolfSSL	4:1b0d80432c79	2432	byte type;
wolfSSL	4:1b0d80432c79	2433	byte pvMajor;
wolfSSL	4:1b0d80432c79	2434	byte pvMinor;
wolfSSL	4:1b0d80432c79	2435	byte epoch[2]; /* increment on cipher state change */
wolfSSL	4:1b0d80432c79	2436	byte sequence_number[6]; /* per record */
wolfSSL	4:1b0d80432c79	2437	byte length[2];
wolfSSL	4:1b0d80432c79	2438	} DtlsRecordLayerHeader;
wolfSSL	4:1b0d80432c79	2439
wolfSSL	4:1b0d80432c79	2440
wolfSSL	4:1b0d80432c79	2441	typedef struct DtlsPool {
wolfSSL	4:1b0d80432c79	2442	buffer buf[DTLS_POOL_SZ];
wolfSSL	4:1b0d80432c79	2443	word16 epoch[DTLS_POOL_SZ];
wolfSSL	4:1b0d80432c79	2444	int used;
wolfSSL	4:1b0d80432c79	2445	} DtlsPool;
wolfSSL	4:1b0d80432c79	2446
wolfSSL	4:1b0d80432c79	2447
wolfSSL	4:1b0d80432c79	2448	typedef struct DtlsFrag {
wolfSSL	4:1b0d80432c79	2449	word32 begin;
wolfSSL	4:1b0d80432c79	2450	word32 end;
wolfSSL	4:1b0d80432c79	2451	struct DtlsFrag* next;
wolfSSL	4:1b0d80432c79	2452	} DtlsFrag;
wolfSSL	4:1b0d80432c79	2453
wolfSSL	4:1b0d80432c79	2454
wolfSSL	4:1b0d80432c79	2455	typedef struct DtlsMsg {
wolfSSL	4:1b0d80432c79	2456	struct DtlsMsg* next;
wolfSSL	4:1b0d80432c79	2457	byte* buf;
wolfSSL	4:1b0d80432c79	2458	byte* msg;
wolfSSL	4:1b0d80432c79	2459	DtlsFrag* fragList;
wolfSSL	4:1b0d80432c79	2460	word32 fragSz; /* Length of fragments received */
wolfSSL	4:1b0d80432c79	2461	word32 seq; /* Handshake sequence number */
wolfSSL	4:1b0d80432c79	2462	word32 sz; /* Length of whole mesage */
wolfSSL	4:1b0d80432c79	2463	byte type;
wolfSSL	4:1b0d80432c79	2464	} DtlsMsg;
wolfSSL	4:1b0d80432c79	2465
wolfSSL	4:1b0d80432c79	2466
wolfSSL	4:1b0d80432c79	2467	#ifdef HAVE_NETX
wolfSSL	4:1b0d80432c79	2468
wolfSSL	4:1b0d80432c79	2469	/* NETX I/O Callback default */
wolfSSL	4:1b0d80432c79	2470	typedef struct NetX_Ctx {
wolfSSL	4:1b0d80432c79	2471	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	4:1b0d80432c79	2472	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	4:1b0d80432c79	2473	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	4:1b0d80432c79	2474	ULONG nxWait; /* wait option flag */
wolfSSL	4:1b0d80432c79	2475	} NetX_Ctx;
wolfSSL	4:1b0d80432c79	2476
wolfSSL	4:1b0d80432c79	2477	#endif
wolfSSL	4:1b0d80432c79	2478
wolfSSL	4:1b0d80432c79	2479
wolfSSL	4:1b0d80432c79	2480	/* Handshake messages received from peer (plus change cipher */
wolfSSL	4:1b0d80432c79	2481	typedef struct MsgsReceived {
wolfSSL	4:1b0d80432c79	2482	word16 got_hello_request:1;
wolfSSL	4:1b0d80432c79	2483	word16 got_client_hello:1;
wolfSSL	4:1b0d80432c79	2484	word16 got_server_hello:1;
wolfSSL	4:1b0d80432c79	2485	word16 got_hello_verify_request:1;
wolfSSL	4:1b0d80432c79	2486	word16 got_session_ticket:1;
wolfSSL	4:1b0d80432c79	2487	word16 got_certificate:1;
wolfSSL	4:1b0d80432c79	2488	word16 got_certificate_status:1;
wolfSSL	4:1b0d80432c79	2489	word16 got_server_key_exchange:1;
wolfSSL	4:1b0d80432c79	2490	word16 got_certificate_request:1;
wolfSSL	4:1b0d80432c79	2491	word16 got_server_hello_done:1;
wolfSSL	4:1b0d80432c79	2492	word16 got_certificate_verify:1;
wolfSSL	4:1b0d80432c79	2493	word16 got_client_key_exchange:1;
wolfSSL	4:1b0d80432c79	2494	word16 got_finished:1;
wolfSSL	4:1b0d80432c79	2495	word16 got_change_cipher:1;
wolfSSL	4:1b0d80432c79	2496	} MsgsReceived;
wolfSSL	4:1b0d80432c79	2497
wolfSSL	4:1b0d80432c79	2498
wolfSSL	4:1b0d80432c79	2499	/* Handshake hashes */
wolfSSL	4:1b0d80432c79	2500	typedef struct HS_Hashes {
wolfSSL	4:1b0d80432c79	2501	Hashes verifyHashes;
wolfSSL	4:1b0d80432c79	2502	Hashes certHashes; /* for cert verify */
wolfSSL	4:1b0d80432c79	2503	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	2504	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	2505	Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	4:1b0d80432c79	2506	#endif
wolfSSL	4:1b0d80432c79	2507	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	2508	Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	4:1b0d80432c79	2509	#endif
wolfSSL	4:1b0d80432c79	2510	#endif /* NO_OLD_TLS */
wolfSSL	4:1b0d80432c79	2511	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	2512	Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	4:1b0d80432c79	2513	#endif
wolfSSL	4:1b0d80432c79	2514	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	2515	Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	4:1b0d80432c79	2516	#endif
wolfSSL	4:1b0d80432c79	2517	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	2518	Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL	4:1b0d80432c79	2519	#endif
wolfSSL	4:1b0d80432c79	2520	} HS_Hashes;
wolfSSL	4:1b0d80432c79	2521
wolfSSL	4:1b0d80432c79	2522
wolfSSL	4:1b0d80432c79	2523	/* wolfSSL ssl type */
wolfSSL	4:1b0d80432c79	2524	struct WOLFSSL {
wolfSSL	4:1b0d80432c79	2525	WOLFSSL_CTX* ctx;
wolfSSL	4:1b0d80432c79	2526	Suites* suites; /* only need during handshake */
wolfSSL	4:1b0d80432c79	2527	Arrays* arrays;
wolfSSL	4:1b0d80432c79	2528	HS_Hashes* hsHashes;
wolfSSL	4:1b0d80432c79	2529	void* IOCB_ReadCtx;
wolfSSL	4:1b0d80432c79	2530	void* IOCB_WriteCtx;
wolfSSL	4:1b0d80432c79	2531	WC_RNG* rng;
wolfSSL	4:1b0d80432c79	2532	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	4:1b0d80432c79	2533	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	4:1b0d80432c79	2534	void* heap; /* for user overrides */
wolfSSL	4:1b0d80432c79	2535	#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL	4:1b0d80432c79	2536	HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL	4:1b0d80432c79	2537	void* hsDoneCtx; /* user handshake cb context */
wolfSSL	4:1b0d80432c79	2538	#endif
wolfSSL	4:1b0d80432c79	2539	WOLFSSL_CIPHER cipher;
wolfSSL	4:1b0d80432c79	2540	hmacfp hmac;
wolfSSL	4:1b0d80432c79	2541	Ciphers encrypt;
wolfSSL	4:1b0d80432c79	2542	Ciphers decrypt;
wolfSSL	4:1b0d80432c79	2543	Buffers buffers;
wolfSSL	4:1b0d80432c79	2544	WOLFSSL_SESSION session;
wolfSSL	4:1b0d80432c79	2545	WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL	4:1b0d80432c79	2546	int error;
wolfSSL	4:1b0d80432c79	2547	int rfd; /* read file descriptor */
wolfSSL	4:1b0d80432c79	2548	int wfd; /* write file descriptor */
wolfSSL	4:1b0d80432c79	2549	int rflags; /* user read flags */
wolfSSL	4:1b0d80432c79	2550	int wflags; /* user write flags */
wolfSSL	4:1b0d80432c79	2551	word32 timeout; /* session timeout */
wolfSSL	4:1b0d80432c79	2552	word32 fragOffset; /* fragment offset */
wolfSSL	4:1b0d80432c79	2553	word16 curSize;
wolfSSL	4:1b0d80432c79	2554	RecordLayerHeader curRL;
wolfSSL	4:1b0d80432c79	2555	MsgsReceived msgsReceived; /* peer messages received */
wolfSSL	4:1b0d80432c79	2556	ProtocolVersion version; /* negotiated version */
wolfSSL	4:1b0d80432c79	2557	ProtocolVersion chVersion; /* client hello version */
wolfSSL	4:1b0d80432c79	2558	CipherSpecs specs;
wolfSSL	4:1b0d80432c79	2559	Keys keys;
wolfSSL	4:1b0d80432c79	2560	Options options;
wolfSSL	4:1b0d80432c79	2561	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	2562	WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	4:1b0d80432c79	2563	WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	4:1b0d80432c79	2564	#endif
wolfSSL	4:1b0d80432c79	2565	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2566	RsaKey* peerRsaKey;
wolfSSL	4:1b0d80432c79	2567	byte peerRsaKeyPresent;
wolfSSL	4:1b0d80432c79	2568	#endif
wolfSSL	4:1b0d80432c79	2569	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	2570	QSHKey* QSH_Key;
wolfSSL	4:1b0d80432c79	2571	QSHKey* peerQSHKey;
wolfSSL	4:1b0d80432c79	2572	QSHSecret* QSH_secret;
wolfSSL	4:1b0d80432c79	2573	byte isQSH; /* is the handshake a QSH? */
wolfSSL	4:1b0d80432c79	2574	byte sendQSHKeys; /* flag for if the client should sen
wolfSSL	4:1b0d80432c79	2575	public keys */
wolfSSL	4:1b0d80432c79	2576	byte peerQSHKeyPresent;
wolfSSL	4:1b0d80432c79	2577	byte minRequest;
wolfSSL	4:1b0d80432c79	2578	byte maxRequest;
wolfSSL	4:1b0d80432c79	2579	byte user_set_QSHSchemes;
wolfSSL	4:1b0d80432c79	2580	#endif
wolfSSL	4:1b0d80432c79	2581	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	2582	word16 peerNtruKeyLen;
wolfSSL	4:1b0d80432c79	2583	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	4:1b0d80432c79	2584	byte peerNtruKeyPresent;
wolfSSL	4:1b0d80432c79	2585	#endif
wolfSSL	4:1b0d80432c79	2586	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2587	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	4:1b0d80432c79	2588	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	4:1b0d80432c79	2589	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	4:1b0d80432c79	2590	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	4:1b0d80432c79	2591	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	4:1b0d80432c79	2592	byte peerEccKeyPresent;
wolfSSL	4:1b0d80432c79	2593	byte peerEccDsaKeyPresent;
wolfSSL	4:1b0d80432c79	2594	byte eccTempKeyPresent;
wolfSSL	4:1b0d80432c79	2595	#endif
wolfSSL	4:1b0d80432c79	2596	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	2597	z_stream c_stream; /* compression stream */
wolfSSL	4:1b0d80432c79	2598	z_stream d_stream; /* decompression stream */
wolfSSL	4:1b0d80432c79	2599	byte didStreamInit; /* for stream init and end */
wolfSSL	4:1b0d80432c79	2600	#endif
wolfSSL	4:1b0d80432c79	2601	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2602	int dtls_timeout_init; /* starting timeout value */
wolfSSL	4:1b0d80432c79	2603	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	4:1b0d80432c79	2604	int dtls_timeout; /* current timeout value, changes */
wolfSSL	4:1b0d80432c79	2605	DtlsPool* dtls_pool;
wolfSSL	4:1b0d80432c79	2606	DtlsMsg* dtls_msg_list;
wolfSSL	4:1b0d80432c79	2607	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	4:1b0d80432c79	2608	word32 dtls_expected_rx;
wolfSSL	4:1b0d80432c79	2609	#endif
wolfSSL	4:1b0d80432c79	2610	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	2611	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	4:1b0d80432c79	2612	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	4:1b0d80432c79	2613	byte hsInfoOn; /* track handshake info */
wolfSSL	4:1b0d80432c79	2614	byte toInfoOn; /* track timeout info */
wolfSSL	4:1b0d80432c79	2615	#endif
wolfSSL	4:1b0d80432c79	2616	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	2617	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL	4:1b0d80432c79	2618	void* fuzzerCtx; /* user defined pointer */
wolfSSL	4:1b0d80432c79	2619	#endif
wolfSSL	4:1b0d80432c79	2620	#ifdef KEEP_PEER_CERT
wolfSSL	4:1b0d80432c79	2621	WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL	4:1b0d80432c79	2622	#endif
wolfSSL	4:1b0d80432c79	2623	#if defined(FORTRESS) \|\| defined(HAVE_STUNNEL)
wolfSSL	4:1b0d80432c79	2624	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL	4:1b0d80432c79	2625	#endif
wolfSSL	4:1b0d80432c79	2626	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	2627	int devId; /* cavium device id to use */
wolfSSL	4:1b0d80432c79	2628	#endif
wolfSSL	4:1b0d80432c79	2629	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	4:1b0d80432c79	2630	OneTimeAuth auth;
wolfSSL	4:1b0d80432c79	2631	#endif
wolfSSL	4:1b0d80432c79	2632	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	2633	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	4:1b0d80432c79	2634	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	2635	word16 max_fragment;
wolfSSL	4:1b0d80432c79	2636	#endif
wolfSSL	4:1b0d80432c79	2637	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	2638	byte truncated_hmac;
wolfSSL	4:1b0d80432c79	2639	#endif
wolfSSL	4:1b0d80432c79	2640	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	2641	byte status_request;
wolfSSL	4:1b0d80432c79	2642	#endif
wolfSSL	4:1b0d80432c79	2643	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	2644	byte status_request_v2;
wolfSSL	4:1b0d80432c79	2645	#endif
wolfSSL	4:1b0d80432c79	2646	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	2647	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL	4:1b0d80432c79	2648	#endif /* user turned on */
wolfSSL	4:1b0d80432c79	2649	#ifdef HAVE_ALPN
wolfSSL	4:1b0d80432c79	2650	char* alpn_client_list; /* keep the client's list */
wolfSSL	4:1b0d80432c79	2651	#endif /* of accepted protocols */
wolfSSL	4:1b0d80432c79	2652	#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL	4:1b0d80432c79	2653	CallbackSessionTicket session_ticket_cb;
wolfSSL	4:1b0d80432c79	2654	void* session_ticket_ctx;
wolfSSL	4:1b0d80432c79	2655	byte expect_session_ticket;
wolfSSL	4:1b0d80432c79	2656	#endif
wolfSSL	4:1b0d80432c79	2657	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	4:1b0d80432c79	2658	#ifdef HAVE_NETX
wolfSSL	4:1b0d80432c79	2659	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	4:1b0d80432c79	2660	#endif
wolfSSL	4:1b0d80432c79	2661	#ifdef SESSION_INDEX
wolfSSL	4:1b0d80432c79	2662	int sessionIndex; /* Session's location in the cache. */
wolfSSL	4:1b0d80432c79	2663	#endif
wolfSSL	4:1b0d80432c79	2664	#ifdef ATOMIC_USER
wolfSSL	4:1b0d80432c79	2665	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	4:1b0d80432c79	2666	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	4:1b0d80432c79	2667	#endif
wolfSSL	4:1b0d80432c79	2668	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	2669	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2670	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	4:1b0d80432c79	2671	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	4:1b0d80432c79	2672	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	2673	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2674	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	4:1b0d80432c79	2675	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	4:1b0d80432c79	2676	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	4:1b0d80432c79	2677	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	4:1b0d80432c79	2678	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	2679	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	4:1b0d80432c79	2680	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	4:1b0d80432c79	2681	SessionSecretCb sessionSecretCb;
wolfSSL	4:1b0d80432c79	2682	void* sessionSecretCtx;
wolfSSL	4:1b0d80432c79	2683	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	4:1b0d80432c79	2684	#ifdef WOLFSSL_JNI
wolfSSL	4:1b0d80432c79	2685	void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
wolfSSL	4:1b0d80432c79	2686	#endif /* WOLFSSL_JNI */
wolfSSL	4:1b0d80432c79	2687	};
wolfSSL	4:1b0d80432c79	2688
wolfSSL	4:1b0d80432c79	2689
wolfSSL	4:1b0d80432c79	2690	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2691	int SetSSL_CTX(WOLFSSL, WOLFSSL_CTX);
wolfSSL	4:1b0d80432c79	2692	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2693	int InitSSL(WOLFSSL, WOLFSSL_CTX);
wolfSSL	4:1b0d80432c79	2694	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2695	void FreeSSL(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2696	WOLFSSL_API void SSL_ResourceFree(WOLFSSL); / Micrium uses */
wolfSSL	4:1b0d80432c79	2697
wolfSSL	4:1b0d80432c79	2698
wolfSSL	4:1b0d80432c79	2699	enum {
wolfSSL	4:1b0d80432c79	2700	IV_SZ = 32, /* max iv sz */
wolfSSL	4:1b0d80432c79	2701	NAME_SZ = 80 /* max one line */
wolfSSL	4:1b0d80432c79	2702	};
wolfSSL	4:1b0d80432c79	2703
wolfSSL	4:1b0d80432c79	2704
wolfSSL	4:1b0d80432c79	2705	typedef struct EncryptedInfo {
wolfSSL	4:1b0d80432c79	2706	char name[NAME_SZ]; /* encryption name */
wolfSSL	4:1b0d80432c79	2707	byte iv[IV_SZ]; /* encrypted IV */
wolfSSL	4:1b0d80432c79	2708	word32 ivSz; /* encrypted IV size */
wolfSSL	4:1b0d80432c79	2709	long consumed; /* tracks PEM bytes consumed */
wolfSSL	4:1b0d80432c79	2710	byte set; /* if encryption set */
wolfSSL	4:1b0d80432c79	2711	WOLFSSL_CTX* ctx; /* CTX owner */
wolfSSL	4:1b0d80432c79	2712	} EncryptedInfo;
wolfSSL	4:1b0d80432c79	2713
wolfSSL	4:1b0d80432c79	2714
wolfSSL	4:1b0d80432c79	2715	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2716
wolfSSL	4:1b0d80432c79	2717	WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
wolfSSL	4:1b0d80432c79	2718	WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
wolfSSL	4:1b0d80432c79	2719
wolfSSL	4:1b0d80432c79	2720	WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL	4:1b0d80432c79	2721	DerBuffer** pDer, void* heap, EncryptedInfo* info,
wolfSSL	4:1b0d80432c79	2722	int* eccKey);
wolfSSL	4:1b0d80432c79	2723
wolfSSL	4:1b0d80432c79	2724	WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL	4:1b0d80432c79	2725	int type, WOLFSSL* ssl, int userChain,
wolfSSL	4:1b0d80432c79	2726	WOLFSSL_CRL* crl);
wolfSSL	4:1b0d80432c79	2727	#endif
wolfSSL	4:1b0d80432c79	2728
wolfSSL	4:1b0d80432c79	2729
wolfSSL	4:1b0d80432c79	2730	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	2731	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2732	void InitHandShakeInfo(HandShakeInfo*);
wolfSSL	4:1b0d80432c79	2733	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2734	void FinishHandShakeInfo(HandShakeInfo, const WOLFSSL);
wolfSSL	4:1b0d80432c79	2735	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2736	void AddPacketName(const char, HandShakeInfo);
wolfSSL	4:1b0d80432c79	2737
wolfSSL	4:1b0d80432c79	2738	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2739	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	4:1b0d80432c79	2740	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2741	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	4:1b0d80432c79	2742	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2743	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
wolfSSL	4:1b0d80432c79	2744	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2745	void AddLateName(const char, TimeoutInfo);
wolfSSL	4:1b0d80432c79	2746	WOLFSSL_LOCAL
wolfSSL	4:1b0d80432c79	2747	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	4:1b0d80432c79	2748	#endif
wolfSSL	4:1b0d80432c79	2749
wolfSSL	4:1b0d80432c79	2750
wolfSSL	4:1b0d80432c79	2751	/* Record Layer Header identifier from page 12 */
wolfSSL	4:1b0d80432c79	2752	enum ContentType {
wolfSSL	4:1b0d80432c79	2753	no_type = 0,
wolfSSL	4:1b0d80432c79	2754	change_cipher_spec = 20,
wolfSSL	4:1b0d80432c79	2755	alert = 21,
wolfSSL	4:1b0d80432c79	2756	handshake = 22,
wolfSSL	4:1b0d80432c79	2757	application_data = 23
wolfSSL	4:1b0d80432c79	2758	};
wolfSSL	4:1b0d80432c79	2759
wolfSSL	4:1b0d80432c79	2760
wolfSSL	4:1b0d80432c79	2761	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	4:1b0d80432c79	2762	typedef struct HandShakeHeader {
wolfSSL	4:1b0d80432c79	2763	byte type;
wolfSSL	4:1b0d80432c79	2764	word24 length;
wolfSSL	4:1b0d80432c79	2765	} HandShakeHeader;
wolfSSL	4:1b0d80432c79	2766
wolfSSL	4:1b0d80432c79	2767
wolfSSL	4:1b0d80432c79	2768	/* DTLS handshake header, same for each message type */
wolfSSL	4:1b0d80432c79	2769	typedef struct DtlsHandShakeHeader {
wolfSSL	4:1b0d80432c79	2770	byte type;
wolfSSL	4:1b0d80432c79	2771	word24 length;
wolfSSL	4:1b0d80432c79	2772	byte message_seq[2]; /* start at 0, retransmit gets same # */
wolfSSL	4:1b0d80432c79	2773	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	4:1b0d80432c79	2774	word24 fragment_length; /* length of this fragment */
wolfSSL	4:1b0d80432c79	2775	} DtlsHandShakeHeader;
wolfSSL	4:1b0d80432c79	2776
wolfSSL	4:1b0d80432c79	2777
wolfSSL	4:1b0d80432c79	2778	enum HandShakeType {
wolfSSL	4:1b0d80432c79	2779	hello_request = 0,
wolfSSL	4:1b0d80432c79	2780	client_hello = 1,
wolfSSL	4:1b0d80432c79	2781	server_hello = 2,
wolfSSL	4:1b0d80432c79	2782	hello_verify_request = 3, /* DTLS addition */
wolfSSL	4:1b0d80432c79	2783	session_ticket = 4,
wolfSSL	4:1b0d80432c79	2784	certificate = 11,
wolfSSL	4:1b0d80432c79	2785	server_key_exchange = 12,
wolfSSL	4:1b0d80432c79	2786	certificate_request = 13,
wolfSSL	4:1b0d80432c79	2787	server_hello_done = 14,
wolfSSL	4:1b0d80432c79	2788	certificate_verify = 15,
wolfSSL	4:1b0d80432c79	2789	client_key_exchange = 16,
wolfSSL	4:1b0d80432c79	2790	finished = 20,
wolfSSL	4:1b0d80432c79	2791	certificate_status = 22,
wolfSSL	4:1b0d80432c79	2792	change_cipher_hs = 55, /* simulate unique handshake type for sanity
wolfSSL	4:1b0d80432c79	2793	checks. record layer change_cipher
wolfSSL	4:1b0d80432c79	2794	conflicts with handshake finished */
wolfSSL	4:1b0d80432c79	2795	no_shake = 255 /* used to initialize the DtlsMsg record */
wolfSSL	4:1b0d80432c79	2796	};
wolfSSL	4:1b0d80432c79	2797
wolfSSL	4:1b0d80432c79	2798
wolfSSL	4:1b0d80432c79	2799	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	4:1b0d80432c79	2800	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	4:1b0d80432c79	2801
wolfSSL	4:1b0d80432c79	2802	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	4:1b0d80432c79	2803	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	4:1b0d80432c79	2804
wolfSSL	4:1b0d80432c79	2805
wolfSSL	4:1b0d80432c79	2806	/* internal functions */
wolfSSL	4:1b0d80432c79	2807	WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2808	WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2809	WOLFSSL_LOCAL int DoClientTicket(WOLFSSL, const byte, word32);
wolfSSL	4:1b0d80432c79	2810	WOLFSSL_LOCAL int SendData(WOLFSSL, const void, int);
wolfSSL	4:1b0d80432c79	2811	WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2812	WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2813	WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2814	WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2815	WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2816	WOLFSSL_LOCAL int ReceiveData(WOLFSSL, byte, int, int);
wolfSSL	4:1b0d80432c79	2817	WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2818	WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL	4:1b0d80432c79	2819	WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2820
wolfSSL	4:1b0d80432c79	2821	WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2822	WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2823
wolfSSL	4:1b0d80432c79	2824	WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2825	WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2826	WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
wolfSSL	4:1b0d80432c79	2827
wolfSSL	4:1b0d80432c79	2828	WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2829	WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2830
wolfSSL	4:1b0d80432c79	2831	WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2832	WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL	4:1b0d80432c79	2833	WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2834
wolfSSL	4:1b0d80432c79	2835	WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	2836	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2837	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2838	WOLFSSL_LOCAL int VerifyRsaSign(const byte* sig, word32 sigSz,
wolfSSL	4:1b0d80432c79	2839	const byte* plain, word32 plainSz,
wolfSSL	4:1b0d80432c79	2840	RsaKey* key);
wolfSSL	4:1b0d80432c79	2841	#endif
wolfSSL	4:1b0d80432c79	2842	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	2843
wolfSSL	4:1b0d80432c79	2844	/* options for searching hash table for a matching trusted peer cert */
wolfSSL	4:1b0d80432c79	2845	#define WC_MATCH_SKID 0
wolfSSL	4:1b0d80432c79	2846	#define WC_MATCH_NAME 1
wolfSSL	4:1b0d80432c79	2847
wolfSSL	4:1b0d80432c79	2848	WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
wolfSSL	4:1b0d80432c79	2849	int type);
wolfSSL	4:1b0d80432c79	2850	WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
wolfSSL	4:1b0d80432c79	2851	DecodedCert* cert);
wolfSSL	4:1b0d80432c79	2852	#endif
wolfSSL	4:1b0d80432c79	2853	WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	4:1b0d80432c79	2854	#ifndef NO_SKID
wolfSSL	4:1b0d80432c79	2855	WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	4:1b0d80432c79	2856	#endif
wolfSSL	4:1b0d80432c79	2857	#endif
wolfSSL	4:1b0d80432c79	2858	WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL	4:1b0d80432c79	2859	const byte* sender);
wolfSSL	4:1b0d80432c79	2860	WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL	4:1b0d80432c79	2861	WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL	4:1b0d80432c79	2862	WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL	4:1b0d80432c79	2863
wolfSSL	4:1b0d80432c79	2864	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	2865	WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2866	WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL	4:1b0d80432c79	2867	word32 sz, int content, int verify);
wolfSSL	4:1b0d80432c79	2868	#endif
wolfSSL	4:1b0d80432c79	2869
wolfSSL	4:1b0d80432c79	2870	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	2871	WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2872	WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2873	WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2874	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	4:1b0d80432c79	2875
wolfSSL	4:1b0d80432c79	2876	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2877	WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2878	WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2879	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	2880
wolfSSL	4:1b0d80432c79	2881	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2882	WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2883	WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL, const byte, int);
wolfSSL	4:1b0d80432c79	2884	WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2885	WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2886	WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2887	WOLFSSL_LOCAL void DtlsPoolDelete(WOLFSSL*);
wolfSSL	4:1b0d80432c79	2888
wolfSSL	4:1b0d80432c79	2889	WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	4:1b0d80432c79	2890	WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	4:1b0d80432c79	2891	WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	4:1b0d80432c79	2892	WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	4:1b0d80432c79	2893	word32, word32, void*);
wolfSSL	4:1b0d80432c79	2894	WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	4:1b0d80432c79	2895	WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg, word32, const byte, word32,
wolfSSL	4:1b0d80432c79	2896	byte, word32, word32, void*);
wolfSSL	4:1b0d80432c79	2897	WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	4:1b0d80432c79	2898	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	2899
wolfSSL	4:1b0d80432c79	2900	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	2901
wolfSSL	4:1b0d80432c79	2902
wolfSSL	4:1b0d80432c79	2903	#endif /* NO_TLS */
wolfSSL	4:1b0d80432c79	2904
wolfSSL	4:1b0d80432c79	2905
wolfSSL	4:1b0d80432c79	2906	WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL	4:1b0d80432c79	2907
wolfSSL	4:1b0d80432c79	2908	WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL	4:1b0d80432c79	2909	WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
wolfSSL	4:1b0d80432c79	2910	WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int);
wolfSSL	4:1b0d80432c79	2911	WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL	4:1b0d80432c79	2912	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2913	WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509, DecodedCert);
wolfSSL	4:1b0d80432c79	2914	#endif
wolfSSL	4:1b0d80432c79	2915
wolfSSL	4:1b0d80432c79	2916	/* used by ssl.c and wolfssl_int.c */
wolfSSL	4:1b0d80432c79	2917	WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
wolfSSL	4:1b0d80432c79	2918
wolfSSL	4:1b0d80432c79	2919	WOLFSSL_LOCAL const char* const* GetCipherNames(void);
wolfSSL	4:1b0d80432c79	2920	WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL	4:1b0d80432c79	2921
wolfSSL	4:1b0d80432c79	2922
wolfSSL	4:1b0d80432c79	2923	enum encrypt_side {
wolfSSL	4:1b0d80432c79	2924	ENCRYPT_SIDE_ONLY = 1,
wolfSSL	4:1b0d80432c79	2925	DECRYPT_SIDE_ONLY,
wolfSSL	4:1b0d80432c79	2926	ENCRYPT_AND_DECRYPT_SIDE
wolfSSL	4:1b0d80432c79	2927	};
wolfSSL	4:1b0d80432c79	2928
wolfSSL	4:1b0d80432c79	2929	WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL	4:1b0d80432c79	2930
wolfSSL	4:1b0d80432c79	2931
wolfSSL	4:1b0d80432c79	2932	#ifdef __cplusplus
wolfSSL	4:1b0d80432c79	2933	} /* extern "C" */
wolfSSL	4:1b0d80432c79	2934	#endif
wolfSSL	4:1b0d80432c79	2935
wolfSSL	4:1b0d80432c79	2936	#endif /* wolfSSL_INT_H */
wolfSSL	4:1b0d80432c79	2937

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfssl/internal.h@4:1b0d80432c79, 2016-04-28 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning