wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/internal.h@7:481bce714567, 2017-05-02 (annotated)

Committer:: wolfSSL
Date:: Tue May 02 08:44:47 2017 +0000
Revision:: 7:481bce714567

wolfSSL3.10.2

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	7:481bce714567	1	/* internal.h
wolfSSL	7:481bce714567	2	*
wolfSSL	7:481bce714567	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	7:481bce714567	4	*
wolfSSL	7:481bce714567	5	* This file is part of wolfSSL.
wolfSSL	7:481bce714567	6	*
wolfSSL	7:481bce714567	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	7:481bce714567	8	* it under the terms of the GNU General Public License as published by
wolfSSL	7:481bce714567	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	7:481bce714567	10	* (at your option) any later version.
wolfSSL	7:481bce714567	11	*
wolfSSL	7:481bce714567	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	7:481bce714567	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	7:481bce714567	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	7:481bce714567	15	* GNU General Public License for more details.
wolfSSL	7:481bce714567	16	*
wolfSSL	7:481bce714567	17	* You should have received a copy of the GNU General Public License
wolfSSL	7:481bce714567	18	* along with this program; if not, write to the Free Software
wolfSSL	7:481bce714567	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	7:481bce714567	20	*/
wolfSSL	7:481bce714567	21
wolfSSL	7:481bce714567	22
wolfSSL	7:481bce714567	23
wolfSSL	7:481bce714567	24	#ifndef WOLFSSL_INT_H
wolfSSL	7:481bce714567	25	#define WOLFSSL_INT_H
wolfSSL	7:481bce714567	26
wolfSSL	7:481bce714567	27
wolfSSL	7:481bce714567	28	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	7:481bce714567	29	#include <wolfssl/ssl.h>
wolfSSL	7:481bce714567	30	#ifdef HAVE_CRL
wolfSSL	7:481bce714567	31	#include <wolfssl/crl.h>
wolfSSL	7:481bce714567	32	#endif
wolfSSL	7:481bce714567	33	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	7:481bce714567	34	#ifndef NO_DES3
wolfSSL	7:481bce714567	35	#include <wolfssl/wolfcrypt/des3.h>
wolfSSL	7:481bce714567	36	#endif
wolfSSL	7:481bce714567	37	#ifndef NO_HC128
wolfSSL	7:481bce714567	38	#include <wolfssl/wolfcrypt/hc128.h>
wolfSSL	7:481bce714567	39	#endif
wolfSSL	7:481bce714567	40	#ifndef NO_RABBIT
wolfSSL	7:481bce714567	41	#include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL	7:481bce714567	42	#endif
wolfSSL	7:481bce714567	43	#ifdef HAVE_CHACHA
wolfSSL	7:481bce714567	44	#include <wolfssl/wolfcrypt/chacha.h>
wolfSSL	7:481bce714567	45	#endif
wolfSSL	7:481bce714567	46	#ifndef NO_ASN
wolfSSL	7:481bce714567	47	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	7:481bce714567	48	#include <wolfssl/wolfcrypt/pkcs12.h>
wolfSSL	7:481bce714567	49	#endif
wolfSSL	7:481bce714567	50	#ifndef NO_MD5
wolfSSL	7:481bce714567	51	#include <wolfssl/wolfcrypt/md5.h>
wolfSSL	7:481bce714567	52	#endif
wolfSSL	7:481bce714567	53	#ifndef NO_SHA
wolfSSL	7:481bce714567	54	#include <wolfssl/wolfcrypt/sha.h>
wolfSSL	7:481bce714567	55	#endif
wolfSSL	7:481bce714567	56	#ifndef NO_AES
wolfSSL	7:481bce714567	57	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	7:481bce714567	58	#endif
wolfSSL	7:481bce714567	59	#ifdef HAVE_POLY1305
wolfSSL	7:481bce714567	60	#include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL	7:481bce714567	61	#endif
wolfSSL	7:481bce714567	62	#ifdef HAVE_CAMELLIA
wolfSSL	7:481bce714567	63	#include <wolfssl/wolfcrypt/camellia.h>
wolfSSL	7:481bce714567	64	#endif
wolfSSL	7:481bce714567	65	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	7:481bce714567	66	#ifndef NO_HMAC
wolfSSL	7:481bce714567	67	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	7:481bce714567	68	#endif
wolfSSL	7:481bce714567	69	#ifndef NO_RC4
wolfSSL	7:481bce714567	70	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	7:481bce714567	71	#endif
wolfSSL	7:481bce714567	72	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	73	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	7:481bce714567	74	#endif
wolfSSL	7:481bce714567	75	#ifndef NO_SHA256
wolfSSL	7:481bce714567	76	#include <wolfssl/wolfcrypt/sha256.h>
wolfSSL	7:481bce714567	77	#endif
wolfSSL	7:481bce714567	78	#ifdef HAVE_OCSP
wolfSSL	7:481bce714567	79	#include <wolfssl/ocsp.h>
wolfSSL	7:481bce714567	80	#endif
wolfSSL	7:481bce714567	81	#ifdef WOLFSSL_SHA512
wolfSSL	7:481bce714567	82	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	7:481bce714567	83	#endif
wolfSSL	7:481bce714567	84
wolfSSL	7:481bce714567	85	#ifdef HAVE_AESGCM
wolfSSL	7:481bce714567	86	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	7:481bce714567	87	#endif
wolfSSL	7:481bce714567	88
wolfSSL	7:481bce714567	89	#ifdef WOLFSSL_RIPEMD
wolfSSL	7:481bce714567	90	#include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL	7:481bce714567	91	#endif
wolfSSL	7:481bce714567	92
wolfSSL	7:481bce714567	93	#ifdef HAVE_IDEA
wolfSSL	7:481bce714567	94	#include <wolfssl/wolfcrypt/idea.h>
wolfSSL	7:481bce714567	95	#endif
wolfSSL	7:481bce714567	96
wolfSSL	7:481bce714567	97	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	7:481bce714567	98
wolfSSL	7:481bce714567	99	#ifdef WOLFSSL_CALLBACKS
wolfSSL	7:481bce714567	100	#include <wolfssl/callbacks.h>
wolfSSL	7:481bce714567	101	#include <signal.h>
wolfSSL	7:481bce714567	102	#endif
wolfSSL	7:481bce714567	103
wolfSSL	7:481bce714567	104	#ifdef USE_WINDOWS_API
wolfSSL	7:481bce714567	105	#ifdef WOLFSSL_GAME_BUILD
wolfSSL	7:481bce714567	106	#include "system/xtl.h"
wolfSSL	7:481bce714567	107	#else
wolfSSL	7:481bce714567	108	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	7:481bce714567	109	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	7:481bce714567	110	#include <winsock2.h>
wolfSSL	7:481bce714567	111	#endif
wolfSSL	7:481bce714567	112	#include <windows.h>
wolfSSL	7:481bce714567	113	#endif
wolfSSL	7:481bce714567	114	#elif defined(THREADX)
wolfSSL	7:481bce714567	115	#ifndef SINGLE_THREADED
wolfSSL	7:481bce714567	116	#include "tx_api.h"
wolfSSL	7:481bce714567	117	#endif
wolfSSL	7:481bce714567	118	#elif defined(MICRIUM)
wolfSSL	7:481bce714567	119	/* do nothing, just don't pick Unix */
wolfSSL	7:481bce714567	120	#elif defined(FREERTOS) \|\| defined(FREERTOS_TCP) \|\| defined(WOLFSSL_SAFERTOS)
wolfSSL	7:481bce714567	121	/* do nothing */
wolfSSL	7:481bce714567	122	#elif defined(EBSNET)
wolfSSL	7:481bce714567	123	/* do nothing */
wolfSSL	7:481bce714567	124	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	7:481bce714567	125	/* do nothing */
wolfSSL	7:481bce714567	126	#elif defined(FREESCALE_FREE_RTOS)
wolfSSL	7:481bce714567	127	#include "fsl_os_abstraction.h"
wolfSSL	7:481bce714567	128	#elif defined(WOLFSSL_uITRON4)
wolfSSL	7:481bce714567	129	/* do nothing */
wolfSSL	7:481bce714567	130	#elif defined(WOLFSSL_uTKERNEL2)
wolfSSL	7:481bce714567	131	/* do nothing */
wolfSSL	7:481bce714567	132	#elif defined(WOLFSSL_MDK_ARM)
wolfSSL	7:481bce714567	133	#if defined(WOLFSSL_MDK5)
wolfSSL	7:481bce714567	134	#include "cmsis_os.h"
wolfSSL	7:481bce714567	135	#else
wolfSSL	7:481bce714567	136	#include <rtl.h>
wolfSSL	7:481bce714567	137	#endif
wolfSSL	7:481bce714567	138	#elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL	7:481bce714567	139	#include "cmsis_os.h"
wolfSSL	7:481bce714567	140	#elif defined(MBED)
wolfSSL	7:481bce714567	141	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	7:481bce714567	142	/* do nothing */
wolfSSL	7:481bce714567	143	#else
wolfSSL	7:481bce714567	144	#ifndef SINGLE_THREADED
wolfSSL	7:481bce714567	145	#define WOLFSSL_PTHREADS
wolfSSL	7:481bce714567	146	#include <pthread.h>
wolfSSL	7:481bce714567	147	#endif
wolfSSL	7:481bce714567	148	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	7:481bce714567	149	#include <unistd.h> /* for close of BIO */
wolfSSL	7:481bce714567	150	#endif
wolfSSL	7:481bce714567	151	#endif
wolfSSL	7:481bce714567	152
wolfSSL	7:481bce714567	153	#ifndef CHAR_BIT
wolfSSL	7:481bce714567	154	/* Needed for DTLS without big math */
wolfSSL	7:481bce714567	155	#include <limits.h>
wolfSSL	7:481bce714567	156	#endif
wolfSSL	7:481bce714567	157
wolfSSL	7:481bce714567	158
wolfSSL	7:481bce714567	159	#ifdef HAVE_LIBZ
wolfSSL	7:481bce714567	160	#include "zlib.h"
wolfSSL	7:481bce714567	161	#endif
wolfSSL	7:481bce714567	162
wolfSSL	7:481bce714567	163	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	164	#include <wolfssl/wolfcrypt/async.h>
wolfSSL	7:481bce714567	165	#endif
wolfSSL	7:481bce714567	166
wolfSSL	7:481bce714567	167	#ifdef _MSC_VER
wolfSSL	7:481bce714567	168	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	7:481bce714567	169	#pragma warning(disable: 4996)
wolfSSL	7:481bce714567	170	#endif
wolfSSL	7:481bce714567	171
wolfSSL	7:481bce714567	172	#ifdef NO_SHA
wolfSSL	7:481bce714567	173	#define SHA_DIGEST_SIZE 20
wolfSSL	7:481bce714567	174	#endif
wolfSSL	7:481bce714567	175
wolfSSL	7:481bce714567	176	#ifdef NO_SHA256
wolfSSL	7:481bce714567	177	#define SHA256_DIGEST_SIZE 32
wolfSSL	7:481bce714567	178	#endif
wolfSSL	7:481bce714567	179
wolfSSL	7:481bce714567	180	#ifdef NO_MD5
wolfSSL	7:481bce714567	181	#define MD5_DIGEST_SIZE 16
wolfSSL	7:481bce714567	182	#endif
wolfSSL	7:481bce714567	183
wolfSSL	7:481bce714567	184
wolfSSL	7:481bce714567	185	#ifdef __cplusplus
wolfSSL	7:481bce714567	186	extern "C" {
wolfSSL	7:481bce714567	187	#endif
wolfSSL	7:481bce714567	188
wolfSSL	7:481bce714567	189
wolfSSL	7:481bce714567	190	#ifdef USE_WINDOWS_API
wolfSSL	7:481bce714567	191	typedef unsigned int SOCKET_T;
wolfSSL	7:481bce714567	192	#else
wolfSSL	7:481bce714567	193	typedef int SOCKET_T;
wolfSSL	7:481bce714567	194	#endif
wolfSSL	7:481bce714567	195
wolfSSL	7:481bce714567	196
wolfSSL	7:481bce714567	197	typedef byte word24[3];
wolfSSL	7:481bce714567	198
wolfSSL	7:481bce714567	199	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	7:481bce714567	200	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	7:481bce714567	201
wolfSSL	7:481bce714567	202	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	7:481bce714567	203
wolfSSL	7:481bce714567	204	Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL	7:481bce714567	205	flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL	7:481bce714567	206	Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL	7:481bce714567	207	need to be switched off. Allowed suites use (EC)DHE, AES-GCM\|CCM, or
wolfSSL	7:481bce714567	208	CHACHA-POLY.
wolfSSL	7:481bce714567	209	*/
wolfSSL	7:481bce714567	210
wolfSSL	7:481bce714567	211	/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL	7:481bce714567	212	* not turned off. */
wolfSSL	7:481bce714567	213	#if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL	7:481bce714567	214	((!defined(HAVE_ECC) && (defined(NO_DH) \|\| defined(NO_RSA))) \|\| \
wolfSSL	7:481bce714567	215	(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL	7:481bce714567	216	(!defined(HAVE_POLY1305) \|\| !defined(HAVE_CHACHA))) \|\| \
wolfSSL	7:481bce714567	217	(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) \|\| \
wolfSSL	7:481bce714567	218	!defined(NO_OLD_TLS))
wolfSSL	7:481bce714567	219
wolfSSL	7:481bce714567	220	#error "You are trying to build max strength with requirements disabled."
wolfSSL	7:481bce714567	221	#endif
wolfSSL	7:481bce714567	222
wolfSSL	7:481bce714567	223	/* Have QSH : Quantum-safe Handshake */
wolfSSL	7:481bce714567	224	#if defined(HAVE_QSH)
wolfSSL	7:481bce714567	225	#define BUILD_TLS_QSH
wolfSSL	7:481bce714567	226	#endif
wolfSSL	7:481bce714567	227
wolfSSL	7:481bce714567	228	#ifndef WOLFSSL_MAX_STRENGTH
wolfSSL	7:481bce714567	229
wolfSSL	7:481bce714567	230	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	7:481bce714567	231	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	232	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	233	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	7:481bce714567	234	#endif
wolfSSL	7:481bce714567	235	#if !defined(NO_MD5)
wolfSSL	7:481bce714567	236	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	7:481bce714567	237	#endif
wolfSSL	7:481bce714567	238	#endif
wolfSSL	7:481bce714567	239	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
wolfSSL	7:481bce714567	240	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	241	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	7:481bce714567	242	#endif
wolfSSL	7:481bce714567	243	#endif
wolfSSL	7:481bce714567	244
wolfSSL	7:481bce714567	245	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	7:481bce714567	246	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	247	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	248	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	249	#endif
wolfSSL	7:481bce714567	250	#if !defined(NO_TLS) && defined(HAVE_NTRU) \
wolfSSL	7:481bce714567	251	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	252	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	253	#endif
wolfSSL	7:481bce714567	254	#endif
wolfSSL	7:481bce714567	255	#endif
wolfSSL	7:481bce714567	256
wolfSSL	7:481bce714567	257	#if !defined(NO_RSA) && defined(HAVE_IDEA)
wolfSSL	7:481bce714567	258	#if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	259	#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	7:481bce714567	260	#endif
wolfSSL	7:481bce714567	261	#endif
wolfSSL	7:481bce714567	262
wolfSSL	7:481bce714567	263	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	7:481bce714567	264	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	265	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	266	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	267	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	268	#endif
wolfSSL	7:481bce714567	269	#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	270	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	271	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	272	#endif
wolfSSL	7:481bce714567	273	#endif
wolfSSL	7:481bce714567	274	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	275	#if !defined (NO_SHA256)
wolfSSL	7:481bce714567	276	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	277	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	7:481bce714567	278	#endif
wolfSSL	7:481bce714567	279	#if defined (HAVE_AESGCM)
wolfSSL	7:481bce714567	280	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	281	#if defined (WOLFSSL_SHA384)
wolfSSL	7:481bce714567	282	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	283	#endif
wolfSSL	7:481bce714567	284	#endif
wolfSSL	7:481bce714567	285	#if defined (HAVE_AESCCM)
wolfSSL	7:481bce714567	286	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	7:481bce714567	287	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	7:481bce714567	288	#endif
wolfSSL	7:481bce714567	289	#if defined(HAVE_BLAKE2)
wolfSSL	7:481bce714567	290	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	7:481bce714567	291	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	7:481bce714567	292	#endif
wolfSSL	7:481bce714567	293	#endif
wolfSSL	7:481bce714567	294	#endif
wolfSSL	7:481bce714567	295
wolfSSL	7:481bce714567	296	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL	7:481bce714567	297	#ifndef NO_RSA
wolfSSL	7:481bce714567	298	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	299	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	300	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	7:481bce714567	301	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	7:481bce714567	302	#endif
wolfSSL	7:481bce714567	303	#ifndef NO_SHA256
wolfSSL	7:481bce714567	304	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	7:481bce714567	305	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	7:481bce714567	306	#endif
wolfSSL	7:481bce714567	307	#endif
wolfSSL	7:481bce714567	308	#if !defined(NO_DH)
wolfSSL	7:481bce714567	309	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	310	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	7:481bce714567	311	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	7:481bce714567	312	#endif
wolfSSL	7:481bce714567	313	#ifndef NO_SHA256
wolfSSL	7:481bce714567	314	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	7:481bce714567	315	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	7:481bce714567	316	#endif
wolfSSL	7:481bce714567	317	#endif
wolfSSL	7:481bce714567	318	#endif
wolfSSL	7:481bce714567	319	#endif
wolfSSL	7:481bce714567	320
wolfSSL	7:481bce714567	321	#if defined(WOLFSSL_STATIC_PSK)
wolfSSL	7:481bce714567	322	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	7:481bce714567	323	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	324	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	325	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	326	#endif
wolfSSL	7:481bce714567	327	#ifndef NO_SHA256
wolfSSL	7:481bce714567	328	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	329	#ifdef HAVE_AESGCM
wolfSSL	7:481bce714567	330	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	331	#endif
wolfSSL	7:481bce714567	332	#ifdef HAVE_AESCCM
wolfSSL	7:481bce714567	333	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	7:481bce714567	334	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	7:481bce714567	335	#define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	7:481bce714567	336	#define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	7:481bce714567	337	#endif
wolfSSL	7:481bce714567	338	#endif
wolfSSL	7:481bce714567	339	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	340	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	7:481bce714567	341	#ifdef HAVE_AESGCM
wolfSSL	7:481bce714567	342	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	343	#endif
wolfSSL	7:481bce714567	344	#endif
wolfSSL	7:481bce714567	345	#endif
wolfSSL	7:481bce714567	346	#endif
wolfSSL	7:481bce714567	347
wolfSSL	7:481bce714567	348	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	7:481bce714567	349	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	350	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	351	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	352	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	7:481bce714567	353	#endif
wolfSSL	7:481bce714567	354	#ifndef NO_SHA256
wolfSSL	7:481bce714567	355	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	7:481bce714567	356	#endif
wolfSSL	7:481bce714567	357	#endif
wolfSSL	7:481bce714567	358	#endif
wolfSSL	7:481bce714567	359	#if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
wolfSSL	7:481bce714567	360	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	361	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	7:481bce714567	362	#endif
wolfSSL	7:481bce714567	363	#ifndef NO_SHA256
wolfSSL	7:481bce714567	364	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	7:481bce714567	365	#endif
wolfSSL	7:481bce714567	366	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	367	#define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	7:481bce714567	368	#endif
wolfSSL	7:481bce714567	369	#endif
wolfSSL	7:481bce714567	370	#endif
wolfSSL	7:481bce714567	371
wolfSSL	7:481bce714567	372	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	7:481bce714567	373	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	7:481bce714567	374	#ifndef NO_MD5
wolfSSL	7:481bce714567	375	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	7:481bce714567	376	#endif
wolfSSL	7:481bce714567	377	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	378	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	7:481bce714567	379	#endif
wolfSSL	7:481bce714567	380	#if defined(HAVE_BLAKE2)
wolfSSL	7:481bce714567	381	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	7:481bce714567	382	#endif
wolfSSL	7:481bce714567	383	#endif
wolfSSL	7:481bce714567	384
wolfSSL	7:481bce714567	385	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	7:481bce714567	386	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	387	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	7:481bce714567	388	#endif
wolfSSL	7:481bce714567	389	#endif
wolfSSL	7:481bce714567	390	#endif
wolfSSL	7:481bce714567	391
wolfSSL	7:481bce714567	392	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	7:481bce714567	393	!defined(NO_RSA)
wolfSSL	7:481bce714567	394
wolfSSL	7:481bce714567	395	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	396	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	397	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	398	#if !defined(NO_DES3)
wolfSSL	7:481bce714567	399	#define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	400	#endif
wolfSSL	7:481bce714567	401	#endif
wolfSSL	7:481bce714567	402	#if !defined(NO_SHA256)
wolfSSL	7:481bce714567	403	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	404	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	7:481bce714567	405	#endif
wolfSSL	7:481bce714567	406	#endif
wolfSSL	7:481bce714567	407
wolfSSL	7:481bce714567	408	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL	7:481bce714567	409	!defined(NO_AES) && !defined(NO_SHA)
wolfSSL	7:481bce714567	410	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	411	#endif
wolfSSL	7:481bce714567	412
wolfSSL	7:481bce714567	413	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	7:481bce714567	414	#ifndef NO_SHA256
wolfSSL	7:481bce714567	415	#ifndef NO_AES
wolfSSL	7:481bce714567	416	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	417	#endif
wolfSSL	7:481bce714567	418	#ifdef HAVE_NULL_CIPHER
wolfSSL	7:481bce714567	419	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	7:481bce714567	420	#endif
wolfSSL	7:481bce714567	421	#endif
wolfSSL	7:481bce714567	422	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	423	#ifndef NO_AES
wolfSSL	7:481bce714567	424	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	7:481bce714567	425	#endif
wolfSSL	7:481bce714567	426	#ifdef HAVE_NULL_CIPHER
wolfSSL	7:481bce714567	427	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	7:481bce714567	428	#endif
wolfSSL	7:481bce714567	429	#endif
wolfSSL	7:481bce714567	430	#endif
wolfSSL	7:481bce714567	431
wolfSSL	7:481bce714567	432	#if defined(HAVE_ECC) && !defined(NO_TLS)
wolfSSL	7:481bce714567	433	#if !defined(NO_AES)
wolfSSL	7:481bce714567	434	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	435	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	436	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	437	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	438	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	439	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	440	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	441	#endif
wolfSSL	7:481bce714567	442	#endif
wolfSSL	7:481bce714567	443
wolfSSL	7:481bce714567	444	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	445	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	446
wolfSSL	7:481bce714567	447	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	448	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	7:481bce714567	449	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	7:481bce714567	450	#endif
wolfSSL	7:481bce714567	451	#endif /* NO_SHA */
wolfSSL	7:481bce714567	452	#ifndef NO_SHA256
wolfSSL	7:481bce714567	453	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	454	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	455	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	456	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	457	#endif
wolfSSL	7:481bce714567	458	#endif
wolfSSL	7:481bce714567	459	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	460	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	461	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	462	#endif
wolfSSL	7:481bce714567	463	#endif
wolfSSL	7:481bce714567	464
wolfSSL	7:481bce714567	465	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	466	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	467	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	7:481bce714567	468	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	469	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	7:481bce714567	470	#endif
wolfSSL	7:481bce714567	471	#endif
wolfSSL	7:481bce714567	472	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	7:481bce714567	473	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	474	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	7:481bce714567	475	#endif
wolfSSL	7:481bce714567	476	#endif
wolfSSL	7:481bce714567	477
wolfSSL	7:481bce714567	478	#if defined (HAVE_AESGCM)
wolfSSL	7:481bce714567	479	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	480	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	481	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	482	#endif
wolfSSL	7:481bce714567	483	#if defined(WOLFSSL_SHA384)
wolfSSL	7:481bce714567	484	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	485	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	486	#endif
wolfSSL	7:481bce714567	487	#endif
wolfSSL	7:481bce714567	488	#endif
wolfSSL	7:481bce714567	489
wolfSSL	7:481bce714567	490	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	491	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	492	#endif
wolfSSL	7:481bce714567	493
wolfSSL	7:481bce714567	494	#if defined(WOLFSSL_SHA384)
wolfSSL	7:481bce714567	495	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	496	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	497	#endif
wolfSSL	7:481bce714567	498	#endif
wolfSSL	7:481bce714567	499	#endif
wolfSSL	7:481bce714567	500	#endif /* NO_AES */
wolfSSL	7:481bce714567	501	#if !defined(NO_RC4)
wolfSSL	7:481bce714567	502	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	503	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	504	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	7:481bce714567	505	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	506	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	7:481bce714567	507	#endif
wolfSSL	7:481bce714567	508	#endif
wolfSSL	7:481bce714567	509
wolfSSL	7:481bce714567	510	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	7:481bce714567	511	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	512	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	7:481bce714567	513	#endif
wolfSSL	7:481bce714567	514	#endif
wolfSSL	7:481bce714567	515	#endif
wolfSSL	7:481bce714567	516	#if !defined(NO_DES3)
wolfSSL	7:481bce714567	517	#ifndef NO_SHA
wolfSSL	7:481bce714567	518	#if !defined(NO_RSA)
wolfSSL	7:481bce714567	519	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	520	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	521	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	522	#endif
wolfSSL	7:481bce714567	523	#endif
wolfSSL	7:481bce714567	524
wolfSSL	7:481bce714567	525	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	526	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	7:481bce714567	527	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	7:481bce714567	528	#endif
wolfSSL	7:481bce714567	529	#endif /* NO_SHA */
wolfSSL	7:481bce714567	530	#endif
wolfSSL	7:481bce714567	531	#if defined(HAVE_NULL_CIPHER)
wolfSSL	7:481bce714567	532	#if !defined(NO_SHA)
wolfSSL	7:481bce714567	533	#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	7:481bce714567	534	#endif
wolfSSL	7:481bce714567	535	#if !defined(NO_PSK) && !defined(NO_SHA256)
wolfSSL	7:481bce714567	536	#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	7:481bce714567	537	#endif
wolfSSL	7:481bce714567	538	#endif
wolfSSL	7:481bce714567	539	#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
wolfSSL	7:481bce714567	540	#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	7:481bce714567	541	#endif
wolfSSL	7:481bce714567	542	#endif
wolfSSL	7:481bce714567	543	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	7:481bce714567	544	#if !defined(NO_OLD_POLY1305)
wolfSSL	7:481bce714567	545	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	546	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	7:481bce714567	547	#ifndef NO_RSA
wolfSSL	7:481bce714567	548	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	7:481bce714567	549	#endif
wolfSSL	7:481bce714567	550	#endif
wolfSSL	7:481bce714567	551	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	7:481bce714567	552	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	7:481bce714567	553	#endif
wolfSSL	7:481bce714567	554	#endif /* NO_OLD_POLY1305 */
wolfSSL	7:481bce714567	555	#if !defined(NO_PSK)
wolfSSL	7:481bce714567	556	#define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	7:481bce714567	557	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	558	#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	7:481bce714567	559	#endif
wolfSSL	7:481bce714567	560	#ifndef NO_DH
wolfSSL	7:481bce714567	561	#define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	7:481bce714567	562	#endif
wolfSSL	7:481bce714567	563	#endif /* !NO_PSK */
wolfSSL	7:481bce714567	564	#endif
wolfSSL	7:481bce714567	565
wolfSSL	7:481bce714567	566	#endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL	7:481bce714567	567
wolfSSL	7:481bce714567	568	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	7:481bce714567	569	!defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL	7:481bce714567	570
wolfSSL	7:481bce714567	571	#ifndef NO_SHA256
wolfSSL	7:481bce714567	572	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	573	#endif
wolfSSL	7:481bce714567	574
wolfSSL	7:481bce714567	575	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	576	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	577	#endif
wolfSSL	7:481bce714567	578	#endif
wolfSSL	7:481bce714567	579
wolfSSL	7:481bce714567	580	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	7:481bce714567	581	#ifndef NO_SHA256
wolfSSL	7:481bce714567	582	#ifdef HAVE_AESGCM
wolfSSL	7:481bce714567	583	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	584	#endif
wolfSSL	7:481bce714567	585	#ifdef HAVE_AESCCM
wolfSSL	7:481bce714567	586	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	7:481bce714567	587	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	7:481bce714567	588	#endif
wolfSSL	7:481bce714567	589	#endif
wolfSSL	7:481bce714567	590	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL	7:481bce714567	591	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	592	#endif
wolfSSL	7:481bce714567	593	#endif
wolfSSL	7:481bce714567	594
wolfSSL	7:481bce714567	595	#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
wolfSSL	7:481bce714567	596	#ifdef HAVE_AESGCM
wolfSSL	7:481bce714567	597	#ifndef NO_SHA256
wolfSSL	7:481bce714567	598	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	599	#ifndef NO_RSA
wolfSSL	7:481bce714567	600	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	7:481bce714567	601	#endif
wolfSSL	7:481bce714567	602	#endif
wolfSSL	7:481bce714567	603	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	604	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	605	#ifndef NO_RSA
wolfSSL	7:481bce714567	606	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	7:481bce714567	607	#endif
wolfSSL	7:481bce714567	608	#endif
wolfSSL	7:481bce714567	609	#endif
wolfSSL	7:481bce714567	610	#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL	7:481bce714567	611	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL	7:481bce714567	612	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	7:481bce714567	613	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	7:481bce714567	614	#endif
wolfSSL	7:481bce714567	615	#endif
wolfSSL	7:481bce714567	616
wolfSSL	7:481bce714567	617	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	7:481bce714567	618	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	619	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	7:481bce714567	620	#ifndef NO_RSA
wolfSSL	7:481bce714567	621	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	7:481bce714567	622	#endif
wolfSSL	7:481bce714567	623	#endif
wolfSSL	7:481bce714567	624	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	7:481bce714567	625	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	7:481bce714567	626	#endif
wolfSSL	7:481bce714567	627	#endif
wolfSSL	7:481bce714567	628
wolfSSL	7:481bce714567	629
wolfSSL	7:481bce714567	630	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	7:481bce714567	631	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	7:481bce714567	632	#define BUILD_ARC4
wolfSSL	7:481bce714567	633	#endif
wolfSSL	7:481bce714567	634
wolfSSL	7:481bce714567	635	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	7:481bce714567	636	#define BUILD_DES3
wolfSSL	7:481bce714567	637	#endif
wolfSSL	7:481bce714567	638
wolfSSL	7:481bce714567	639	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	7:481bce714567	640	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	7:481bce714567	641	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) \|\| \
wolfSSL	7:481bce714567	642	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
wolfSSL	7:481bce714567	643	#undef BUILD_AES
wolfSSL	7:481bce714567	644	#define BUILD_AES
wolfSSL	7:481bce714567	645	#endif
wolfSSL	7:481bce714567	646
wolfSSL	7:481bce714567	647	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	7:481bce714567	648	defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	7:481bce714567	649	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	7:481bce714567	650	defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	7:481bce714567	651	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	7:481bce714567	652	defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	7:481bce714567	653	defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	7:481bce714567	654	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	7:481bce714567	655	defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	7:481bce714567	656	defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
wolfSSL	7:481bce714567	657	#define BUILD_AESGCM
wolfSSL	7:481bce714567	658	#endif
wolfSSL	7:481bce714567	659
wolfSSL	7:481bce714567	660	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	7:481bce714567	661	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
wolfSSL	7:481bce714567	662	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL	7:481bce714567	663	#define BUILD_HC128
wolfSSL	7:481bce714567	664	#endif
wolfSSL	7:481bce714567	665
wolfSSL	7:481bce714567	666	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	7:481bce714567	667	#define BUILD_RABBIT
wolfSSL	7:481bce714567	668	#endif
wolfSSL	7:481bce714567	669
wolfSSL	7:481bce714567	670	#ifdef NO_DES3
wolfSSL	7:481bce714567	671	#define DES_BLOCK_SIZE 8
wolfSSL	7:481bce714567	672	#else
wolfSSL	7:481bce714567	673	#undef BUILD_DES3
wolfSSL	7:481bce714567	674	#define BUILD_DES3
wolfSSL	7:481bce714567	675	#endif
wolfSSL	7:481bce714567	676
wolfSSL	7:481bce714567	677	#if defined(NO_AES) \|\| defined(NO_AES_DECRYPT)
wolfSSL	7:481bce714567	678	#define AES_BLOCK_SIZE 16
wolfSSL	7:481bce714567	679	#undef BUILD_AES
wolfSSL	7:481bce714567	680	#else
wolfSSL	7:481bce714567	681	#undef BUILD_AES
wolfSSL	7:481bce714567	682	#define BUILD_AES
wolfSSL	7:481bce714567	683	#endif
wolfSSL	7:481bce714567	684
wolfSSL	7:481bce714567	685	#ifndef NO_RC4
wolfSSL	7:481bce714567	686	#undef BUILD_ARC4
wolfSSL	7:481bce714567	687	#define BUILD_ARC4
wolfSSL	7:481bce714567	688	#endif
wolfSSL	7:481bce714567	689
wolfSSL	7:481bce714567	690	#ifdef HAVE_CHACHA
wolfSSL	7:481bce714567	691	#define CHACHA20_BLOCK_SIZE 16
wolfSSL	7:481bce714567	692	#endif
wolfSSL	7:481bce714567	693
wolfSSL	7:481bce714567	694	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	7:481bce714567	695	defined(HAVE_AESGCM) \|\| defined(HAVE_AESCCM) \|\| \
wolfSSL	7:481bce714567	696	(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
wolfSSL	7:481bce714567	697
wolfSSL	7:481bce714567	698	#define HAVE_AEAD
wolfSSL	7:481bce714567	699	#endif
wolfSSL	7:481bce714567	700
wolfSSL	7:481bce714567	701	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	7:481bce714567	702	defined(HAVE_ECC) \|\| !defined(NO_DH)
wolfSSL	7:481bce714567	703
wolfSSL	7:481bce714567	704	#define HAVE_PFS
wolfSSL	7:481bce714567	705	#endif
wolfSSL	7:481bce714567	706
wolfSSL	7:481bce714567	707	#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
wolfSSL	7:481bce714567	708	#define BUILD_IDEA
wolfSSL	7:481bce714567	709	#endif
wolfSSL	7:481bce714567	710
wolfSSL	7:481bce714567	711	/* actual cipher values, 2nd byte */
wolfSSL	7:481bce714567	712	enum {
wolfSSL	7:481bce714567	713	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
wolfSSL	7:481bce714567	714	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	7:481bce714567	715	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	7:481bce714567	716	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL	7:481bce714567	717	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	7:481bce714567	718	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	7:481bce714567	719	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	7:481bce714567	720	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	7:481bce714567	721	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	7:481bce714567	722	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL	7:481bce714567	723	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	7:481bce714567	724	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	7:481bce714567	725	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL	7:481bce714567	726	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	7:481bce714567	727	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	7:481bce714567	728	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	7:481bce714567	729	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	7:481bce714567	730	SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
wolfSSL	7:481bce714567	731
wolfSSL	7:481bce714567	732	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	7:481bce714567	733	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	7:481bce714567	734	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	7:481bce714567	735	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	7:481bce714567	736	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	7:481bce714567	737	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	7:481bce714567	738	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	7:481bce714567	739	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	7:481bce714567	740	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	7:481bce714567	741	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	7:481bce714567	742	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	7:481bce714567	743	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	7:481bce714567	744	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	7:481bce714567	745	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
wolfSSL	7:481bce714567	746	TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
wolfSSL	7:481bce714567	747	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
wolfSSL	7:481bce714567	748
wolfSSL	7:481bce714567	749	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	7:481bce714567	750	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	7:481bce714567	751	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	7:481bce714567	752	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	7:481bce714567	753	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	7:481bce714567	754	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	7:481bce714567	755	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	7:481bce714567	756	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	7:481bce714567	757	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	7:481bce714567	758	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	7:481bce714567	759	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	7:481bce714567	760	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	7:481bce714567	761	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	7:481bce714567	762
wolfSSL	7:481bce714567	763	/* wolfSSL extension - eSTREAM */
wolfSSL	7:481bce714567	764	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	7:481bce714567	765	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	7:481bce714567	766	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	7:481bce714567	767
wolfSSL	7:481bce714567	768	/* wolfSSL extension - Blake2b 256 */
wolfSSL	7:481bce714567	769	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL	7:481bce714567	770	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL	7:481bce714567	771	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL	7:481bce714567	772
wolfSSL	7:481bce714567	773	/* wolfSSL extension - NTRU */
wolfSSL	7:481bce714567	774	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	7:481bce714567	775	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	7:481bce714567	776	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL	7:481bce714567	777	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	7:481bce714567	778
wolfSSL	7:481bce714567	779	/* wolfSSL extension - NTRU , Quantum-safe Handshake
wolfSSL	7:481bce714567	780	first byte is 0xD0 (QSH_BYTE) */
wolfSSL	7:481bce714567	781	TLS_QSH = 0x01,
wolfSSL	7:481bce714567	782
wolfSSL	7:481bce714567	783	/* SHA256 */
wolfSSL	7:481bce714567	784	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	7:481bce714567	785	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	7:481bce714567	786	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	7:481bce714567	787	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	7:481bce714567	788	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	7:481bce714567	789	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL	7:481bce714567	790	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL	7:481bce714567	791
wolfSSL	7:481bce714567	792	/* SHA384 */
wolfSSL	7:481bce714567	793	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL	7:481bce714567	794	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL	7:481bce714567	795
wolfSSL	7:481bce714567	796	/* AES-GCM */
wolfSSL	7:481bce714567	797	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	7:481bce714567	798	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	7:481bce714567	799	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	7:481bce714567	800	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	7:481bce714567	801	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL	7:481bce714567	802	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL	7:481bce714567	803	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL	7:481bce714567	804	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL	7:481bce714567	805
wolfSSL	7:481bce714567	806	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	7:481bce714567	807	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	7:481bce714567	808	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	7:481bce714567	809	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	7:481bce714567	810	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	7:481bce714567	811	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	7:481bce714567	812	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	7:481bce714567	813	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	7:481bce714567	814	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	7:481bce714567	815
wolfSSL	7:481bce714567	816	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	7:481bce714567	817	* also, in some of the other AES-CCM suites
wolfSSL	7:481bce714567	818	* there will be second byte number conflicts
wolfSSL	7:481bce714567	819	* with non-ECC AES-GCM */
wolfSSL	7:481bce714567	820	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	7:481bce714567	821	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	7:481bce714567	822	TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
wolfSSL	7:481bce714567	823	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	7:481bce714567	824	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	7:481bce714567	825	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	7:481bce714567	826	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	7:481bce714567	827	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	7:481bce714567	828	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	7:481bce714567	829	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL	7:481bce714567	830	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL	7:481bce714567	831
wolfSSL	7:481bce714567	832	/* Camellia */
wolfSSL	7:481bce714567	833	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	7:481bce714567	834	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	7:481bce714567	835	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	7:481bce714567	836	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	7:481bce714567	837	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	7:481bce714567	838	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	7:481bce714567	839	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	7:481bce714567	840	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	7:481bce714567	841
wolfSSL	7:481bce714567	842	/* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
wolfSSL	7:481bce714567	843	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
wolfSSL	7:481bce714567	844	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
wolfSSL	7:481bce714567	845	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
wolfSSL	7:481bce714567	846	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
wolfSSL	7:481bce714567	847	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
wolfSSL	7:481bce714567	848	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
wolfSSL	7:481bce714567	849
wolfSSL	7:481bce714567	850	/* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
wolfSSL	7:481bce714567	851	TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
wolfSSL	7:481bce714567	852	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
wolfSSL	7:481bce714567	853	TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
wolfSSL	7:481bce714567	854
wolfSSL	7:481bce714567	855	/* Renegotiation Indication Extension Special Suite */
wolfSSL	7:481bce714567	856	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	7:481bce714567	857	};
wolfSSL	7:481bce714567	858
wolfSSL	7:481bce714567	859
wolfSSL	7:481bce714567	860	#ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL	7:481bce714567	861	#define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL	7:481bce714567	862	/* default session resumption cache timeout in seconds */
wolfSSL	7:481bce714567	863	#endif
wolfSSL	7:481bce714567	864
wolfSSL	7:481bce714567	865
wolfSSL	7:481bce714567	866	#ifndef WOLFSSL_DTLS_WINDOW_WORDS
wolfSSL	7:481bce714567	867	#define WOLFSSL_DTLS_WINDOW_WORDS 2
wolfSSL	7:481bce714567	868	#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
wolfSSL	7:481bce714567	869	#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
wolfSSL	7:481bce714567	870	#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
wolfSSL	7:481bce714567	871	#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL	7:481bce714567	872
wolfSSL	7:481bce714567	873
wolfSSL	7:481bce714567	874	enum Misc {
wolfSSL	7:481bce714567	875	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	7:481bce714567	876	QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
wolfSSL	7:481bce714567	877	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL	7:481bce714567	878
wolfSSL	7:481bce714567	879	SEND_CERT = 1,
wolfSSL	7:481bce714567	880	SEND_BLANK_CERT = 2,
wolfSSL	7:481bce714567	881
wolfSSL	7:481bce714567	882	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	7:481bce714567	883	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	7:481bce714567	884	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	7:481bce714567	885	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	7:481bce714567	886	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	7:481bce714567	887	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	7:481bce714567	888	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	7:481bce714567	889	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	7:481bce714567	890	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL	7:481bce714567	891	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	7:481bce714567	892	NO_COMPRESSION = 0,
wolfSSL	7:481bce714567	893	ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL	7:481bce714567	894	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	7:481bce714567	895	HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
wolfSSL	7:481bce714567	896	SECRET_LEN = 48, /* pre RSA and all master */
wolfSSL	7:481bce714567	897	#if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL	7:481bce714567	898	ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
wolfSSL	7:481bce714567	899	#else
wolfSSL	7:481bce714567	900	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	7:481bce714567	901	#endif
wolfSSL	7:481bce714567	902	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	7:481bce714567	903	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
wolfSSL	7:481bce714567	904	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	7:481bce714567	905	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
wolfSSL	7:481bce714567	906	/* max added to msg, mac + pad from */
wolfSSL	7:481bce714567	907	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	7:481bce714567	908	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	7:481bce714567	909	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	7:481bce714567	910	MAX_MTU = 1500, /* max expected MTU */
wolfSSL	7:481bce714567	911	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	7:481bce714567	912	MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
wolfSSL	7:481bce714567	913	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	7:481bce714567	914
wolfSSL	7:481bce714567	915	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	7:481bce714567	916	PAD_SHA = 40, /* pad length for finished */
wolfSSL	7:481bce714567	917	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	7:481bce714567	918	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
wolfSSL	7:481bce714567	919	COMPRESS_CONSTANT = 13, /* compression calc constant */
wolfSSL	7:481bce714567	920	COMPRESS_UPPER = 55, /* compression calc numerator */
wolfSSL	7:481bce714567	921	COMPRESS_LOWER = 64, /* compression calc denominator */
wolfSSL	7:481bce714567	922
wolfSSL	7:481bce714567	923	PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL	7:481bce714567	924	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	7:481bce714567	925	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	7:481bce714567	926	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	7:481bce714567	927	ALERT_SIZE = 2, /* level + description */
wolfSSL	7:481bce714567	928	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	7:481bce714567	929	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	7:481bce714567	930	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
wolfSSL	7:481bce714567	931	SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL	7:481bce714567	932
wolfSSL	7:481bce714567	933	RAN_LEN = 32, /* random length */
wolfSSL	7:481bce714567	934	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	7:481bce714567	935	ID_LEN = 32, /* session id length */
wolfSSL	7:481bce714567	936	COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
wolfSSL	7:481bce714567	937	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	7:481bce714567	938	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	7:481bce714567	939	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	7:481bce714567	940	ENUM_LEN = 1, /* always a byte */
wolfSSL	7:481bce714567	941	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	7:481bce714567	942	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	7:481bce714567	943	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	7:481bce714567	944	OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL	7:481bce714567	945	OPAQUE64_LEN = 8, /* 8 bytes */
wolfSSL	7:481bce714567	946	COMP_LEN = 1, /* compression length */
wolfSSL	7:481bce714567	947	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	7:481bce714567	948	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	7:481bce714567	949
wolfSSL	7:481bce714567	950	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	7:481bce714567	951	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	7:481bce714567	952	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	7:481bce714567	953	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	7:481bce714567	954	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	7:481bce714567	955	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	7:481bce714567	956	HELLO_EXT_SZ = 4, /* base length of a hello extension */
wolfSSL	7:481bce714567	957	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	7:481bce714567	958	HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
wolfSSL	7:481bce714567	959	HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
wolfSSL	7:481bce714567	960	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
wolfSSL	7:481bce714567	961
wolfSSL	7:481bce714567	962	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	7:481bce714567	963	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	7:481bce714567	964	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	7:481bce714567	965	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	7:481bce714567	966	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	7:481bce714567	967	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	7:481bce714567	968	DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
wolfSSL	7:481bce714567	969	DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
wolfSSL	7:481bce714567	970	DTLS_EXPORT_VERSION = 3, /* wolfSSL version for serialized session */
wolfSSL	7:481bce714567	971	DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
wolfSSL	7:481bce714567	972	DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
wolfSSL	7:481bce714567	973	/* max amount of bytes used from Keys */
wolfSSL	7:481bce714567	974	DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
wolfSSL	7:481bce714567	975	/* min amount of bytes used from Keys */
wolfSSL	7:481bce714567	976	DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
wolfSSL	7:481bce714567	977	DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
wolfSSL	7:481bce714567	978	DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
wolfSSL	7:481bce714567	979	MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
wolfSSL	7:481bce714567	980	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	7:481bce714567	981	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	7:481bce714567	982	EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
wolfSSL	7:481bce714567	983	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	7:481bce714567	984	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	7:481bce714567	985	MAX_PRF_HALF = 256, /* Maximum half secret len */
wolfSSL	7:481bce714567	986	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL	7:481bce714567	987	MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL	7:481bce714567	988	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	7:481bce714567	989	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	7:481bce714567	990
wolfSSL	7:481bce714567	991	RC4_KEY_SIZE = 16, /* always 128bit */
wolfSSL	7:481bce714567	992	DES_KEY_SIZE = 8, /* des */
wolfSSL	7:481bce714567	993	DES3_KEY_SIZE = 24, /* 3 des ede */
wolfSSL	7:481bce714567	994	DES_IV_SIZE = DES_BLOCK_SIZE,
wolfSSL	7:481bce714567	995	AES_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	7:481bce714567	996	AES_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	7:481bce714567	997	AES_IV_SIZE = 16, /* always block size */
wolfSSL	7:481bce714567	998	AES_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	7:481bce714567	999
wolfSSL	7:481bce714567	1000	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	7:481bce714567	1001	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	7:481bce714567	1002	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	7:481bce714567	1003	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	7:481bce714567	1004	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	7:481bce714567	1005	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	7:481bce714567	1006	AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
wolfSSL	7:481bce714567	1007	AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
wolfSSL	7:481bce714567	1008	AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
wolfSSL	7:481bce714567	1009
wolfSSL	7:481bce714567	1010	CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
wolfSSL	7:481bce714567	1011	CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
wolfSSL	7:481bce714567	1012	CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
wolfSSL	7:481bce714567	1013
wolfSSL	7:481bce714567	1014	/* For any new implicit/explicit IV size adjust AEAD_MAX_**_SZ /
wolfSSL	7:481bce714567	1015
wolfSSL	7:481bce714567	1016	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	7:481bce714567	1017	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	7:481bce714567	1018	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	7:481bce714567	1019
wolfSSL	7:481bce714567	1020	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	7:481bce714567	1021	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	7:481bce714567	1022	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	7:481bce714567	1023	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	7:481bce714567	1024
wolfSSL	7:481bce714567	1025	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	7:481bce714567	1026	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	7:481bce714567	1027	CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
wolfSSL	7:481bce714567	1028
wolfSSL	7:481bce714567	1029	POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL	7:481bce714567	1030
wolfSSL	7:481bce714567	1031	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	7:481bce714567	1032	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	7:481bce714567	1033
wolfSSL	7:481bce714567	1034	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	7:481bce714567	1035	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	7:481bce714567	1036
wolfSSL	7:481bce714567	1037	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	7:481bce714567	1038
wolfSSL	7:481bce714567	1039	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	7:481bce714567	1040	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	7:481bce714567	1041
wolfSSL	7:481bce714567	1042	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	1043	/* qsh handshake sends 600+ size keys over hello extensions */
wolfSSL	7:481bce714567	1044	MAX_HELLO_SZ = 2048, /* max client or server hello */
wolfSSL	7:481bce714567	1045	#else
wolfSSL	7:481bce714567	1046	MAX_HELLO_SZ = 128, /* max client or server hello */
wolfSSL	7:481bce714567	1047	#endif
wolfSSL	7:481bce714567	1048	MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL	7:481bce714567	1049	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	7:481bce714567	1050	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	7:481bce714567	1051
wolfSSL	7:481bce714567	1052	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	7:481bce714567	1053	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	7:481bce714567	1054	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	7:481bce714567	1055
wolfSSL	7:481bce714567	1056	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL	7:481bce714567	1057	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	7:481bce714567	1058
wolfSSL	7:481bce714567	1059	MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL	7:481bce714567	1060
wolfSSL	7:481bce714567	1061	#if defined(FORTRESS) \|\| defined (HAVE_STUNNEL)
wolfSSL	7:481bce714567	1062	MAX_EX_DATA = 3, /* allow for three items of ex_data */
wolfSSL	7:481bce714567	1063	#endif
wolfSSL	7:481bce714567	1064
wolfSSL	7:481bce714567	1065	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	7:481bce714567	1066	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	7:481bce714567	1067	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
wolfSSL	7:481bce714567	1068	will use dynamic buffer if not big enough */
wolfSSL	7:481bce714567	1069
wolfSSL	7:481bce714567	1070	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	7:481bce714567	1071	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	7:481bce714567	1072	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	7:481bce714567	1073	NO_SNIFF = 0, /* not sniffing */
wolfSSL	7:481bce714567	1074	SNIFF = 1, /* currently sniffing */
wolfSSL	7:481bce714567	1075
wolfSSL	7:481bce714567	1076	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	7:481bce714567	1077
wolfSSL	7:481bce714567	1078	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	7:481bce714567	1079	COPY = 1, /* should we copy static buffer for write */
wolfSSL	7:481bce714567	1080
wolfSSL	7:481bce714567	1081	PREV_ORDER = -1, /* Sequence number is in previous epoch. */
wolfSSL	7:481bce714567	1082	PEER_ORDER = 1, /* Peer sequence number for verify. */
wolfSSL	7:481bce714567	1083	CUR_ORDER = 0 /* Current sequence number. */
wolfSSL	7:481bce714567	1084	};
wolfSSL	7:481bce714567	1085
wolfSSL	7:481bce714567	1086
wolfSSL	7:481bce714567	1087	/* Set max implicit IV size for AEAD cipher suites */
wolfSSL	7:481bce714567	1088	#ifdef HAVE_CHACHA
wolfSSL	7:481bce714567	1089	#define AEAD_MAX_IMP_SZ 12
wolfSSL	7:481bce714567	1090	#else
wolfSSL	7:481bce714567	1091	#define AEAD_MAX_IMP_SZ 4
wolfSSL	7:481bce714567	1092	#endif
wolfSSL	7:481bce714567	1093
wolfSSL	7:481bce714567	1094	/* Set max explicit IV size for AEAD cipher suites */
wolfSSL	7:481bce714567	1095	#define AEAD_MAX_EXP_SZ 8
wolfSSL	7:481bce714567	1096
wolfSSL	7:481bce714567	1097
wolfSSL	7:481bce714567	1098	#ifndef WOLFSSL_MAX_SUITE_SZ
wolfSSL	7:481bce714567	1099	#define WOLFSSL_MAX_SUITE_SZ 300
wolfSSL	7:481bce714567	1100	/* 150 suites for now! */
wolfSSL	7:481bce714567	1101	#endif
wolfSSL	7:481bce714567	1102
wolfSSL	7:481bce714567	1103	/* set minimum ECC key size allowed */
wolfSSL	7:481bce714567	1104	#ifndef WOLFSSL_MIN_ECC_BITS
wolfSSL	7:481bce714567	1105	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	7:481bce714567	1106	#define WOLFSSL_MIN_ECC_BITS 256
wolfSSL	7:481bce714567	1107	#else
wolfSSL	7:481bce714567	1108	#define WOLFSSL_MIN_ECC_BITS 224
wolfSSL	7:481bce714567	1109	#endif
wolfSSL	7:481bce714567	1110	#endif /* WOLFSSL_MIN_ECC_BITS */
wolfSSL	7:481bce714567	1111	#if (WOLFSSL_MIN_ECC_BITS % 8)
wolfSSL	7:481bce714567	1112	/* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
wolfSSL	7:481bce714567	1113	In these cases round down to the nearest value divisable by 8. The
wolfSSL	7:481bce714567	1114	restriction of being divisable by 8 is in place to match wc_ecc_size
wolfSSL	7:481bce714567	1115	function from wolfSSL.
wolfSSL	7:481bce714567	1116	*/
wolfSSL	7:481bce714567	1117	#error ECC minimum bit size must be a multiple of 8
wolfSSL	7:481bce714567	1118	#endif
wolfSSL	7:481bce714567	1119	#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
wolfSSL	7:481bce714567	1120
wolfSSL	7:481bce714567	1121	/* set minimum RSA key size allowed */
wolfSSL	7:481bce714567	1122	#ifndef WOLFSSL_MIN_RSA_BITS
wolfSSL	7:481bce714567	1123	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	7:481bce714567	1124	#define WOLFSSL_MIN_RSA_BITS 2048
wolfSSL	7:481bce714567	1125	#else
wolfSSL	7:481bce714567	1126	#define WOLFSSL_MIN_RSA_BITS 1024
wolfSSL	7:481bce714567	1127	#endif
wolfSSL	7:481bce714567	1128	#endif /* WOLFSSL_MIN_RSA_BITS */
wolfSSL	7:481bce714567	1129	#if (WOLFSSL_MIN_RSA_BITS % 8)
wolfSSL	7:481bce714567	1130	/* This is to account for the example case of a min size of 2050 bits but
wolfSSL	7:481bce714567	1131	still allows 2049 bit key. So we need the measurment to be in bytes. */
wolfSSL	7:481bce714567	1132	#error RSA minimum bit size must be a multiple of 8
wolfSSL	7:481bce714567	1133	#endif
wolfSSL	7:481bce714567	1134	#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
wolfSSL	7:481bce714567	1135
wolfSSL	7:481bce714567	1136	/* set minimum DH key size allowed */
wolfSSL	7:481bce714567	1137	#ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL	7:481bce714567	1138	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	7:481bce714567	1139	#define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL	7:481bce714567	1140	#else
wolfSSL	7:481bce714567	1141	#define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL	7:481bce714567	1142	#endif
wolfSSL	7:481bce714567	1143	#endif
wolfSSL	7:481bce714567	1144	#if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL	7:481bce714567	1145	#error DH minimum bit size must be multiple of 8
wolfSSL	7:481bce714567	1146	#endif
wolfSSL	7:481bce714567	1147	#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL	7:481bce714567	1148	#error DH minimum bit size must not be greater than 16000
wolfSSL	7:481bce714567	1149	#endif
wolfSSL	7:481bce714567	1150	#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL	7:481bce714567	1151
wolfSSL	7:481bce714567	1152
wolfSSL	7:481bce714567	1153	#ifdef SESSION_INDEX
wolfSSL	7:481bce714567	1154	/* Shift values for making a session index */
wolfSSL	7:481bce714567	1155	#define SESSIDX_ROW_SHIFT 4
wolfSSL	7:481bce714567	1156	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	7:481bce714567	1157	#endif
wolfSSL	7:481bce714567	1158
wolfSSL	7:481bce714567	1159
wolfSSL	7:481bce714567	1160	/* max cert chain peer depth */
wolfSSL	7:481bce714567	1161	#ifndef MAX_CHAIN_DEPTH
wolfSSL	7:481bce714567	1162	#define MAX_CHAIN_DEPTH 9
wolfSSL	7:481bce714567	1163	#endif
wolfSSL	7:481bce714567	1164
wolfSSL	7:481bce714567	1165	/* max size of a certificate message payload */
wolfSSL	7:481bce714567	1166	/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
wolfSSL	7:481bce714567	1167	#ifndef MAX_CERTIFICATE_SZ
wolfSSL	7:481bce714567	1168	#define MAX_CERTIFICATE_SZ \
wolfSSL	7:481bce714567	1169	CERT_HEADER_SZ + \
wolfSSL	7:481bce714567	1170	(MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
wolfSSL	7:481bce714567	1171	#endif
wolfSSL	7:481bce714567	1172
wolfSSL	7:481bce714567	1173	/* max size of a handshake message, currently set to the certificate */
wolfSSL	7:481bce714567	1174	#ifndef MAX_HANDSHAKE_SZ
wolfSSL	7:481bce714567	1175	#define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
wolfSSL	7:481bce714567	1176	#endif
wolfSSL	7:481bce714567	1177
wolfSSL	7:481bce714567	1178	#ifndef SESSION_TICKET_LEN
wolfSSL	7:481bce714567	1179	#define SESSION_TICKET_LEN 256
wolfSSL	7:481bce714567	1180	#endif
wolfSSL	7:481bce714567	1181
wolfSSL	7:481bce714567	1182	#ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL	7:481bce714567	1183	#define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL	7:481bce714567	1184	#endif
wolfSSL	7:481bce714567	1185
wolfSSL	7:481bce714567	1186
wolfSSL	7:481bce714567	1187	/* don't use extra 3/4k stack space unless need to */
wolfSSL	7:481bce714567	1188	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	1189	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	7:481bce714567	1190	#else
wolfSSL	7:481bce714567	1191	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	7:481bce714567	1192	#endif
wolfSSL	7:481bce714567	1193
wolfSSL	7:481bce714567	1194
wolfSSL	7:481bce714567	1195	/* states */
wolfSSL	7:481bce714567	1196	enum states {
wolfSSL	7:481bce714567	1197	NULL_STATE = 0,
wolfSSL	7:481bce714567	1198
wolfSSL	7:481bce714567	1199	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	7:481bce714567	1200	SERVER_HELLO_COMPLETE,
wolfSSL	7:481bce714567	1201	SERVER_CERT_COMPLETE,
wolfSSL	7:481bce714567	1202	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	7:481bce714567	1203	SERVER_HELLODONE_COMPLETE,
wolfSSL	7:481bce714567	1204	SERVER_FINISHED_COMPLETE,
wolfSSL	7:481bce714567	1205
wolfSSL	7:481bce714567	1206	CLIENT_HELLO_COMPLETE,
wolfSSL	7:481bce714567	1207	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	7:481bce714567	1208	CLIENT_FINISHED_COMPLETE,
wolfSSL	7:481bce714567	1209
wolfSSL	7:481bce714567	1210	HANDSHAKE_DONE
wolfSSL	7:481bce714567	1211	};
wolfSSL	7:481bce714567	1212
wolfSSL	7:481bce714567	1213
wolfSSL	7:481bce714567	1214	#if defined(__GNUC__)
wolfSSL	7:481bce714567	1215	#define WOLFSSL_PACK __attribute__ ((packed))
wolfSSL	7:481bce714567	1216	#else
wolfSSL	7:481bce714567	1217	#define WOLFSSL_PACK
wolfSSL	7:481bce714567	1218	#endif
wolfSSL	7:481bce714567	1219
wolfSSL	7:481bce714567	1220	/* SSL Version */
wolfSSL	7:481bce714567	1221	typedef struct ProtocolVersion {
wolfSSL	7:481bce714567	1222	byte major;
wolfSSL	7:481bce714567	1223	byte minor;
wolfSSL	7:481bce714567	1224	} WOLFSSL_PACK ProtocolVersion;
wolfSSL	7:481bce714567	1225
wolfSSL	7:481bce714567	1226
wolfSSL	7:481bce714567	1227	WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	7:481bce714567	1228	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	7:481bce714567	1229	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	7:481bce714567	1230	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	7:481bce714567	1231
wolfSSL	7:481bce714567	1232	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	1233	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	7:481bce714567	1234	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	7:481bce714567	1235
wolfSSL	7:481bce714567	1236	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	7:481bce714567	1237	WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	7:481bce714567	1238	word32 sz);
wolfSSL	7:481bce714567	1239	WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	7:481bce714567	1240	word32 sz);
wolfSSL	7:481bce714567	1241	WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
wolfSSL	7:481bce714567	1242	#endif
wolfSSL	7:481bce714567	1243	#endif
wolfSSL	7:481bce714567	1244
wolfSSL	7:481bce714567	1245
wolfSSL	7:481bce714567	1246	enum BIO_TYPE {
wolfSSL	7:481bce714567	1247	BIO_BUFFER = 1,
wolfSSL	7:481bce714567	1248	BIO_SOCKET = 2,
wolfSSL	7:481bce714567	1249	BIO_SSL = 3,
wolfSSL	7:481bce714567	1250	BIO_MEMORY = 4,
wolfSSL	7:481bce714567	1251	BIO_BIO = 5,
wolfSSL	7:481bce714567	1252	BIO_FILE = 6
wolfSSL	7:481bce714567	1253	};
wolfSSL	7:481bce714567	1254
wolfSSL	7:481bce714567	1255
wolfSSL	7:481bce714567	1256	/* wolfSSL BIO_METHOD type */
wolfSSL	7:481bce714567	1257	struct WOLFSSL_BIO_METHOD {
wolfSSL	7:481bce714567	1258	byte type; /* method type */
wolfSSL	7:481bce714567	1259	};
wolfSSL	7:481bce714567	1260
wolfSSL	7:481bce714567	1261
wolfSSL	7:481bce714567	1262	/* wolfSSL BIO type */
wolfSSL	7:481bce714567	1263	struct WOLFSSL_BIO {
wolfSSL	7:481bce714567	1264	WOLFSSL* ssl; /* possible associated ssl */
wolfSSL	7:481bce714567	1265	#ifndef NO_FILESYSTEM
wolfSSL	7:481bce714567	1266	XFILE file;
wolfSSL	7:481bce714567	1267	#endif
wolfSSL	7:481bce714567	1268	WOLFSSL_BIO* prev; /* previous in chain */
wolfSSL	7:481bce714567	1269	WOLFSSL_BIO* next; /* next in chain */
wolfSSL	7:481bce714567	1270	WOLFSSL_BIO* pair; /* BIO paired with */
wolfSSL	7:481bce714567	1271	void* heap; /* user heap hint */
wolfSSL	7:481bce714567	1272	byte* mem; /* memory buffer */
wolfSSL	7:481bce714567	1273	int wrSz; /* write buffer size (mem) */
wolfSSL	7:481bce714567	1274	int wrIdx; /* current index for write buffer */
wolfSSL	7:481bce714567	1275	int rdIdx; /* current read index */
wolfSSL	7:481bce714567	1276	int readRq; /* read request */
wolfSSL	7:481bce714567	1277	int memLen; /* memory buffer length */
wolfSSL	7:481bce714567	1278	int fd; /* possible file descriptor */
wolfSSL	7:481bce714567	1279	int eof; /* eof flag */
wolfSSL	7:481bce714567	1280	byte type; /* method type */
wolfSSL	7:481bce714567	1281	byte close; /* close flag */
wolfSSL	7:481bce714567	1282	};
wolfSSL	7:481bce714567	1283
wolfSSL	7:481bce714567	1284
wolfSSL	7:481bce714567	1285	/* wolfSSL method type */
wolfSSL	7:481bce714567	1286	struct WOLFSSL_METHOD {
wolfSSL	7:481bce714567	1287	ProtocolVersion version;
wolfSSL	7:481bce714567	1288	byte side; /* connection side, server or client */
wolfSSL	7:481bce714567	1289	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	7:481bce714567	1290	};
wolfSSL	7:481bce714567	1291
wolfSSL	7:481bce714567	1292
wolfSSL	7:481bce714567	1293	/* defaults to client */
wolfSSL	7:481bce714567	1294	WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL	7:481bce714567	1295
wolfSSL	7:481bce714567	1296	/* for sniffer */
wolfSSL	7:481bce714567	1297	WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	7:481bce714567	1298	word32 size, word32 totalSz, int sniff);
wolfSSL	7:481bce714567	1299	WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	7:481bce714567	1300
wolfSSL	7:481bce714567	1301
wolfSSL	7:481bce714567	1302	/* wolfSSL buffer type - internal uses "buffer" type */
wolfSSL	7:481bce714567	1303	typedef WOLFSSL_BUFFER_INFO buffer;
wolfSSL	7:481bce714567	1304
wolfSSL	7:481bce714567	1305	#ifndef NO_CERTS
wolfSSL	7:481bce714567	1306	/* wolfSSL DER buffer */
wolfSSL	7:481bce714567	1307	typedef struct DerBuffer {
wolfSSL	7:481bce714567	1308	byte* buffer;
wolfSSL	7:481bce714567	1309	void* heap;
wolfSSL	7:481bce714567	1310	word32 length;
wolfSSL	7:481bce714567	1311	int type; /* enum CertType */
wolfSSL	7:481bce714567	1312	int dynType; /* DYNAMIC_TYPE_* */
wolfSSL	7:481bce714567	1313	} DerBuffer;
wolfSSL	7:481bce714567	1314	#endif /* !NO_CERTS */
wolfSSL	7:481bce714567	1315
wolfSSL	7:481bce714567	1316
wolfSSL	7:481bce714567	1317	enum {
wolfSSL	7:481bce714567	1318	FORCED_FREE = 1,
wolfSSL	7:481bce714567	1319	NO_FORCED_FREE = 0
wolfSSL	7:481bce714567	1320	};
wolfSSL	7:481bce714567	1321
wolfSSL	7:481bce714567	1322
wolfSSL	7:481bce714567	1323	/* only use compression extra if using compression */
wolfSSL	7:481bce714567	1324	#ifdef HAVE_LIBZ
wolfSSL	7:481bce714567	1325	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	7:481bce714567	1326	#else
wolfSSL	7:481bce714567	1327	#define COMP_EXTRA 0
wolfSSL	7:481bce714567	1328	#endif
wolfSSL	7:481bce714567	1329
wolfSSL	7:481bce714567	1330	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	7:481bce714567	1331	#ifdef WOLFSSL_SNIFFER
wolfSSL	7:481bce714567	1332	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	7:481bce714567	1333	#else
wolfSSL	7:481bce714567	1334	#define MTU_EXTRA 0
wolfSSL	7:481bce714567	1335	#endif
wolfSSL	7:481bce714567	1336
wolfSSL	7:481bce714567	1337
wolfSSL	7:481bce714567	1338	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	7:481bce714567	1339	#ifdef WOLFSSL_CALLBACKS
wolfSSL	7:481bce714567	1340	#undef LARGE_STATIC_BUFFERS
wolfSSL	7:481bce714567	1341	#define LARGE_STATIC_BUFFERS
wolfSSL	7:481bce714567	1342	#endif
wolfSSL	7:481bce714567	1343
wolfSSL	7:481bce714567	1344
wolfSSL	7:481bce714567	1345	/* give user option to use 16K static buffers */
wolfSSL	7:481bce714567	1346	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	7:481bce714567	1347	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	7:481bce714567	1348	#else
wolfSSL	7:481bce714567	1349	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	1350	#define RECORD_SIZE MAX_MTU
wolfSSL	7:481bce714567	1351	#else
wolfSSL	7:481bce714567	1352	#define RECORD_SIZE 128
wolfSSL	7:481bce714567	1353	#endif
wolfSSL	7:481bce714567	1354	#endif
wolfSSL	7:481bce714567	1355
wolfSSL	7:481bce714567	1356
wolfSSL	7:481bce714567	1357	/* user option to turn off 16K output option */
wolfSSL	7:481bce714567	1358	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	7:481bce714567	1359	larger than the record we have, dynamically get it, unless user says only
wolfSSL	7:481bce714567	1360	write in static buffer chunks */
wolfSSL	7:481bce714567	1361	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	7:481bce714567	1362	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	7:481bce714567	1363	#else
wolfSSL	7:481bce714567	1364	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	7:481bce714567	1365	#endif
wolfSSL	7:481bce714567	1366
wolfSSL	7:481bce714567	1367	/* wolfSSL input buffer
wolfSSL	7:481bce714567	1368
wolfSSL	7:481bce714567	1369	RFC 2246:
wolfSSL	7:481bce714567	1370
wolfSSL	7:481bce714567	1371	length
wolfSSL	7:481bce714567	1372	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	7:481bce714567	1373	The length should not exceed 2^14.
wolfSSL	7:481bce714567	1374	*/
wolfSSL	7:481bce714567	1375	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	7:481bce714567	1376	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	7:481bce714567	1377	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	7:481bce714567	1378	#else
wolfSSL	7:481bce714567	1379	/* don't fragment memory from the record header */
wolfSSL	7:481bce714567	1380	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	7:481bce714567	1381	#endif
wolfSSL	7:481bce714567	1382
wolfSSL	7:481bce714567	1383	typedef struct {
wolfSSL	7:481bce714567	1384	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	7:481bce714567	1385	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	7:481bce714567	1386	word32 length; /* total buffer length used */
wolfSSL	7:481bce714567	1387	word32 idx; /* idx to part of length already consumed */
wolfSSL	7:481bce714567	1388	word32 bufferSize; /* current buffer size */
wolfSSL	7:481bce714567	1389	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	7:481bce714567	1390	byte offset; /* alignment offset attempt */
wolfSSL	7:481bce714567	1391	} bufferStatic;
wolfSSL	7:481bce714567	1392
wolfSSL	7:481bce714567	1393	/* Cipher Suites holder */
wolfSSL	7:481bce714567	1394	typedef struct Suites {
wolfSSL	7:481bce714567	1395	word16 suiteSz; /* suite length in bytes */
wolfSSL	7:481bce714567	1396	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	7:481bce714567	1397	byte suites[WOLFSSL_MAX_SUITE_SZ];
wolfSSL	7:481bce714567	1398	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
wolfSSL	7:481bce714567	1399	byte setSuites; /* user set suites from default */
wolfSSL	7:481bce714567	1400	byte hashAlgo; /* selected hash algorithm */
wolfSSL	7:481bce714567	1401	byte sigAlgo; /* selected sig algorithm */
wolfSSL	7:481bce714567	1402	} Suites;
wolfSSL	7:481bce714567	1403
wolfSSL	7:481bce714567	1404
wolfSSL	7:481bce714567	1405	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	1406	void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
wolfSSL	7:481bce714567	1407	word16, word16, word16, int);
wolfSSL	7:481bce714567	1408	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	1409	int SetCipherList(Suites, const char list);
wolfSSL	7:481bce714567	1410
wolfSSL	7:481bce714567	1411	#ifndef PSK_TYPES_DEFINED
wolfSSL	7:481bce714567	1412	typedef unsigned int (wc_psk_client_callback)(WOLFSSL, const char, char,
wolfSSL	7:481bce714567	1413	unsigned int, unsigned char*, unsigned int);
wolfSSL	7:481bce714567	1414	typedef unsigned int (wc_psk_server_callback)(WOLFSSL, const char*,
wolfSSL	7:481bce714567	1415	unsigned char*, unsigned int);
wolfSSL	7:481bce714567	1416	#endif /* PSK_TYPES_DEFINED */
wolfSSL	7:481bce714567	1417	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	1418	typedef int (wc_dtls_export)(WOLFSSL ssl,
wolfSSL	7:481bce714567	1419	unsigned char* exportBuffer, unsigned int sz, void* userCtx);
wolfSSL	7:481bce714567	1420	#endif
wolfSSL	7:481bce714567	1421
wolfSSL	7:481bce714567	1422	#ifdef HAVE_NETX
wolfSSL	7:481bce714567	1423	WOLFSSL_LOCAL int NetX_Receive(WOLFSSL ssl, char buf, int sz, void *ctx);
wolfSSL	7:481bce714567	1424	WOLFSSL_LOCAL int NetX_Send(WOLFSSL ssl, char buf, int sz, void *ctx);
wolfSSL	7:481bce714567	1425	#endif /* HAVE_NETX */
wolfSSL	7:481bce714567	1426
wolfSSL	7:481bce714567	1427
wolfSSL	7:481bce714567	1428	/* wolfSSL Cipher type just points back to SSL */
wolfSSL	7:481bce714567	1429	struct WOLFSSL_CIPHER {
wolfSSL	7:481bce714567	1430	WOLFSSL* ssl;
wolfSSL	7:481bce714567	1431	};
wolfSSL	7:481bce714567	1432
wolfSSL	7:481bce714567	1433
wolfSSL	7:481bce714567	1434	typedef struct OcspEntry OcspEntry;
wolfSSL	7:481bce714567	1435
wolfSSL	7:481bce714567	1436	#ifdef NO_SHA
wolfSSL	7:481bce714567	1437	#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	7:481bce714567	1438	#else
wolfSSL	7:481bce714567	1439	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	7:481bce714567	1440	#endif
wolfSSL	7:481bce714567	1441
wolfSSL	7:481bce714567	1442	#ifdef NO_ASN
wolfSSL	7:481bce714567	1443	/* no_asn won't have */
wolfSSL	7:481bce714567	1444	typedef struct CertStatus CertStatus;
wolfSSL	7:481bce714567	1445	#endif
wolfSSL	7:481bce714567	1446
wolfSSL	7:481bce714567	1447	struct OcspEntry {
wolfSSL	7:481bce714567	1448	OcspEntry* next; /* next entry */
wolfSSL	7:481bce714567	1449	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL	7:481bce714567	1450	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL	7:481bce714567	1451	CertStatus* status; /* OCSP response list */
wolfSSL	7:481bce714567	1452	int totalStatus; /* number on list */
wolfSSL	7:481bce714567	1453	};
wolfSSL	7:481bce714567	1454
wolfSSL	7:481bce714567	1455
wolfSSL	7:481bce714567	1456	#ifndef HAVE_OCSP
wolfSSL	7:481bce714567	1457	typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL	7:481bce714567	1458	#endif
wolfSSL	7:481bce714567	1459
wolfSSL	7:481bce714567	1460	/* wolfSSL OCSP controller */
wolfSSL	7:481bce714567	1461	struct WOLFSSL_OCSP {
wolfSSL	7:481bce714567	1462	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	7:481bce714567	1463	OcspEntry* ocspList; /* OCSP response list */
wolfSSL	7:481bce714567	1464	wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	7:481bce714567	1465	};
wolfSSL	7:481bce714567	1466
wolfSSL	7:481bce714567	1467	#ifndef MAX_DATE_SIZE
wolfSSL	7:481bce714567	1468	#define MAX_DATE_SIZE 32
wolfSSL	7:481bce714567	1469	#endif
wolfSSL	7:481bce714567	1470
wolfSSL	7:481bce714567	1471	typedef struct CRL_Entry CRL_Entry;
wolfSSL	7:481bce714567	1472
wolfSSL	7:481bce714567	1473	#ifdef NO_SHA
wolfSSL	7:481bce714567	1474	#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	7:481bce714567	1475	#else
wolfSSL	7:481bce714567	1476	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	7:481bce714567	1477	#endif
wolfSSL	7:481bce714567	1478
wolfSSL	7:481bce714567	1479	#ifdef NO_ASN
wolfSSL	7:481bce714567	1480	typedef struct RevokedCert RevokedCert;
wolfSSL	7:481bce714567	1481	#endif
wolfSSL	7:481bce714567	1482
wolfSSL	7:481bce714567	1483	/* Complete CRL */
wolfSSL	7:481bce714567	1484	struct CRL_Entry {
wolfSSL	7:481bce714567	1485	CRL_Entry* next; /* next entry */
wolfSSL	7:481bce714567	1486	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	7:481bce714567	1487	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	7:481bce714567	1488	/* restore the hash here if needed for optimized comparisons */
wolfSSL	7:481bce714567	1489	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	7:481bce714567	1490	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	7:481bce714567	1491	byte lastDateFormat; /* last date format */
wolfSSL	7:481bce714567	1492	byte nextDateFormat; /* next date format */
wolfSSL	7:481bce714567	1493	RevokedCert* certs; /* revoked cert list */
wolfSSL	7:481bce714567	1494	int totalCerts; /* number on list */
wolfSSL	7:481bce714567	1495	};
wolfSSL	7:481bce714567	1496
wolfSSL	7:481bce714567	1497
wolfSSL	7:481bce714567	1498	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	7:481bce714567	1499
wolfSSL	7:481bce714567	1500	/* CRL directory monitor */
wolfSSL	7:481bce714567	1501	struct CRL_Monitor {
wolfSSL	7:481bce714567	1502	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	7:481bce714567	1503	int type; /* PEM or ASN1 type */
wolfSSL	7:481bce714567	1504	};
wolfSSL	7:481bce714567	1505
wolfSSL	7:481bce714567	1506
wolfSSL	7:481bce714567	1507	#ifndef HAVE_CRL
wolfSSL	7:481bce714567	1508	typedef struct WOLFSSL_CRL WOLFSSL_CRL;
wolfSSL	7:481bce714567	1509	#endif
wolfSSL	7:481bce714567	1510
wolfSSL	7:481bce714567	1511	#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
wolfSSL	7:481bce714567	1512	#undef HAVE_CRL_MONITOR
wolfSSL	7:481bce714567	1513	#endif
wolfSSL	7:481bce714567	1514
wolfSSL	7:481bce714567	1515	/* wolfSSL CRL controller */
wolfSSL	7:481bce714567	1516	struct WOLFSSL_CRL {
wolfSSL	7:481bce714567	1517	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	7:481bce714567	1518	CRL_Entry* crlList; /* our CRL list */
wolfSSL	7:481bce714567	1519	wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	7:481bce714567	1520	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	7:481bce714567	1521	#ifdef HAVE_CRL_MONITOR
wolfSSL	7:481bce714567	1522	pthread_cond_t cond; /* condition to signal setup */
wolfSSL	7:481bce714567	1523	pthread_t tid; /* monitoring thread */
wolfSSL	7:481bce714567	1524	int mfd; /* monitor fd, -1 if no init yet */
wolfSSL	7:481bce714567	1525	int setup; /* thread is setup predicate */
wolfSSL	7:481bce714567	1526	#endif
wolfSSL	7:481bce714567	1527	void* heap; /* heap hint for dynamic memory */
wolfSSL	7:481bce714567	1528	};
wolfSSL	7:481bce714567	1529
wolfSSL	7:481bce714567	1530
wolfSSL	7:481bce714567	1531	#ifdef NO_ASN
wolfSSL	7:481bce714567	1532	typedef struct Signer Signer;
wolfSSL	7:481bce714567	1533	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	7:481bce714567	1534	typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL	7:481bce714567	1535	#endif
wolfSSL	7:481bce714567	1536	#endif
wolfSSL	7:481bce714567	1537
wolfSSL	7:481bce714567	1538
wolfSSL	7:481bce714567	1539	#ifndef CA_TABLE_SIZE
wolfSSL	7:481bce714567	1540	#define CA_TABLE_SIZE 11
wolfSSL	7:481bce714567	1541	#endif
wolfSSL	7:481bce714567	1542	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	7:481bce714567	1543	#define TP_TABLE_SIZE 11
wolfSSL	7:481bce714567	1544	#endif
wolfSSL	7:481bce714567	1545
wolfSSL	7:481bce714567	1546	/* wolfSSL Certificate Manager */
wolfSSL	7:481bce714567	1547	struct WOLFSSL_CERT_MANAGER {
wolfSSL	7:481bce714567	1548	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	7:481bce714567	1549	void* heap; /* heap helper */
wolfSSL	7:481bce714567	1550	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	7:481bce714567	1551	TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
wolfSSL	7:481bce714567	1552	wolfSSL_Mutex tpLock; /* trusted peer list lock */
wolfSSL	7:481bce714567	1553	#endif
wolfSSL	7:481bce714567	1554	WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL	7:481bce714567	1555	WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	7:481bce714567	1556	#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	7:481bce714567	1557	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL	7:481bce714567	1558	WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
wolfSSL	7:481bce714567	1559	#endif
wolfSSL	7:481bce714567	1560	char* ocspOverrideURL; /* use this responder */
wolfSSL	7:481bce714567	1561	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	7:481bce714567	1562	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	7:481bce714567	1563	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	7:481bce714567	1564	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	7:481bce714567	1565	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	7:481bce714567	1566	wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL	7:481bce714567	1567	byte crlEnabled; /* is CRL on ? */
wolfSSL	7:481bce714567	1568	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	7:481bce714567	1569	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	7:481bce714567	1570	byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL	7:481bce714567	1571	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	7:481bce714567	1572	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	7:481bce714567	1573	byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
wolfSSL	7:481bce714567	1574
wolfSSL	7:481bce714567	1575	#ifndef NO_RSA
wolfSSL	7:481bce714567	1576	short minRsaKeySz; /* minimum allowed RSA key size */
wolfSSL	7:481bce714567	1577	#endif
wolfSSL	7:481bce714567	1578	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	1579	short minEccKeySz; /* minimum allowed ECC key size */
wolfSSL	7:481bce714567	1580	#endif
wolfSSL	7:481bce714567	1581	};
wolfSSL	7:481bce714567	1582
wolfSSL	7:481bce714567	1583	WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	7:481bce714567	1584	WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	7:481bce714567	1585	WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER, void, int, int*);
wolfSSL	7:481bce714567	1586	WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER, const void, int);
wolfSSL	7:481bce714567	1587	WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL	7:481bce714567	1588
wolfSSL	7:481bce714567	1589	/* wolfSSL Sock Addr */
wolfSSL	7:481bce714567	1590	struct WOLFSSL_SOCKADDR {
wolfSSL	7:481bce714567	1591	unsigned int sz; /* sockaddr size */
wolfSSL	7:481bce714567	1592	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	7:481bce714567	1593	};
wolfSSL	7:481bce714567	1594
wolfSSL	7:481bce714567	1595	typedef struct WOLFSSL_DTLS_CTX {
wolfSSL	7:481bce714567	1596	WOLFSSL_SOCKADDR peer;
wolfSSL	7:481bce714567	1597	int rfd;
wolfSSL	7:481bce714567	1598	int wfd;
wolfSSL	7:481bce714567	1599	} WOLFSSL_DTLS_CTX;
wolfSSL	7:481bce714567	1600
wolfSSL	7:481bce714567	1601
wolfSSL	7:481bce714567	1602	#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
wolfSSL	7:481bce714567	1603
wolfSSL	7:481bce714567	1604	/* keys and secrets
wolfSSL	7:481bce714567	1605	* keep as a constant size (no additional ifdefs) for session export */
wolfSSL	7:481bce714567	1606	typedef struct Keys {
wolfSSL	7:481bce714567	1607	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	7:481bce714567	1608	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
wolfSSL	7:481bce714567	1609	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
wolfSSL	7:481bce714567	1610	byte server_write_key[AES_256_KEY_SIZE];
wolfSSL	7:481bce714567	1611	byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
wolfSSL	7:481bce714567	1612	byte server_write_IV[MAX_WRITE_IV_SZ];
wolfSSL	7:481bce714567	1613	#if defined(HAVE_AEAD) \|\| defined(WOLFSSL_SESSION_EXPORT)
wolfSSL	7:481bce714567	1614	byte aead_exp_IV[AEAD_MAX_EXP_SZ];
wolfSSL	7:481bce714567	1615	byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	7:481bce714567	1616	byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	7:481bce714567	1617	#endif
wolfSSL	7:481bce714567	1618
wolfSSL	7:481bce714567	1619	word32 peer_sequence_number_hi;
wolfSSL	7:481bce714567	1620	word32 peer_sequence_number_lo;
wolfSSL	7:481bce714567	1621	word32 sequence_number_hi;
wolfSSL	7:481bce714567	1622	word32 sequence_number_lo;
wolfSSL	7:481bce714567	1623
wolfSSL	7:481bce714567	1624	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	1625	word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	7:481bce714567	1626	/* Sliding window for current epoch */
wolfSSL	7:481bce714567	1627	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	7:481bce714567	1628	word16 nextSeq_hi; /* Expected sequence in next record */
wolfSSL	7:481bce714567	1629	word32 nextSeq_lo;
wolfSSL	7:481bce714567	1630
wolfSSL	7:481bce714567	1631	word16 curEpoch; /* Received epoch in current record */
wolfSSL	7:481bce714567	1632	word16 curSeq_hi; /* Received sequence in current record */
wolfSSL	7:481bce714567	1633	word32 curSeq_lo;
wolfSSL	7:481bce714567	1634
wolfSSL	7:481bce714567	1635	word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	7:481bce714567	1636	/* Sliding window for old epoch */
wolfSSL	7:481bce714567	1637	word16 prevSeq_hi; /* Next sequence in allowed old epoch */
wolfSSL	7:481bce714567	1638	word32 prevSeq_lo;
wolfSSL	7:481bce714567	1639
wolfSSL	7:481bce714567	1640	word16 dtls_peer_handshake_number;
wolfSSL	7:481bce714567	1641	word16 dtls_expected_peer_handshake_number;
wolfSSL	7:481bce714567	1642
wolfSSL	7:481bce714567	1643	word16 dtls_epoch; /* Current epoch */
wolfSSL	7:481bce714567	1644	word16 dtls_sequence_number_hi; /* Current epoch */
wolfSSL	7:481bce714567	1645	word32 dtls_sequence_number_lo;
wolfSSL	7:481bce714567	1646	word16 dtls_prev_sequence_number_hi; /* Previous epoch */
wolfSSL	7:481bce714567	1647	word32 dtls_prev_sequence_number_lo;
wolfSSL	7:481bce714567	1648	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	7:481bce714567	1649	#endif
wolfSSL	7:481bce714567	1650
wolfSSL	7:481bce714567	1651	word32 encryptSz; /* last size of encrypted data */
wolfSSL	7:481bce714567	1652	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	7:481bce714567	1653	byte encryptionOn; /* true after change cipher spec */
wolfSSL	7:481bce714567	1654	byte decryptedCur; /* only decrypt current record once */
wolfSSL	7:481bce714567	1655	} Keys;
wolfSSL	7:481bce714567	1656
wolfSSL	7:481bce714567	1657
wolfSSL	7:481bce714567	1658
wolfSSL	7:481bce714567	1659	/** TLS Extensions - RFC 6066 */
wolfSSL	7:481bce714567	1660	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	7:481bce714567	1661
wolfSSL	7:481bce714567	1662	typedef enum {
wolfSSL	7:481bce714567	1663	TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
wolfSSL	7:481bce714567	1664	TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL	7:481bce714567	1665	TLSX_TRUNCATED_HMAC = 0x0004,
wolfSSL	7:481bce714567	1666	TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
wolfSSL	7:481bce714567	1667	TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
wolfSSL	7:481bce714567	1668	TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
wolfSSL	7:481bce714567	1669	TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
wolfSSL	7:481bce714567	1670	TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
wolfSSL	7:481bce714567	1671	TLSX_SESSION_TICKET = 0x0023,
wolfSSL	7:481bce714567	1672	TLSX_RENEGOTIATION_INFO = 0xff01
wolfSSL	7:481bce714567	1673	} TLSX_Type;
wolfSSL	7:481bce714567	1674
wolfSSL	7:481bce714567	1675	typedef struct TLSX {
wolfSSL	7:481bce714567	1676	TLSX_Type type; /* Extension Type */
wolfSSL	7:481bce714567	1677	void* data; /* Extension Data */
wolfSSL	7:481bce714567	1678	byte resp; /* IsResponse Flag */
wolfSSL	7:481bce714567	1679	struct TLSX* next; /* List Behavior */
wolfSSL	7:481bce714567	1680	} TLSX;
wolfSSL	7:481bce714567	1681
wolfSSL	7:481bce714567	1682	WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	7:481bce714567	1683	WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
wolfSSL	7:481bce714567	1684	WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL	7:481bce714567	1685	WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
wolfSSL	7:481bce714567	1686
wolfSSL	7:481bce714567	1687	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	1688	WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
wolfSSL	7:481bce714567	1689	WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
wolfSSL	7:481bce714567	1690	#endif
wolfSSL	7:481bce714567	1691
wolfSSL	7:481bce714567	1692	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1693	WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
wolfSSL	7:481bce714567	1694	WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
wolfSSL	7:481bce714567	1695	#endif
wolfSSL	7:481bce714567	1696
wolfSSL	7:481bce714567	1697	WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	7:481bce714567	1698	byte isRequest, Suites *suites);
wolfSSL	7:481bce714567	1699
wolfSSL	7:481bce714567	1700	#elif defined(HAVE_SNI) \
wolfSSL	7:481bce714567	1701	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	7:481bce714567	1702	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	7:481bce714567	1703	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	7:481bce714567	1704	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL	7:481bce714567	1705	\|\| defined(HAVE_SUPPORTED_CURVES) \
wolfSSL	7:481bce714567	1706	\|\| defined(HAVE_ALPN) \
wolfSSL	7:481bce714567	1707	\|\| defined(HAVE_QSH) \
wolfSSL	7:481bce714567	1708	\|\| defined(HAVE_SESSION_TICKET) \
wolfSSL	7:481bce714567	1709	\|\| defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	7:481bce714567	1710	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	7:481bce714567	1711
wolfSSL	7:481bce714567	1712	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL	7:481bce714567	1713
wolfSSL	7:481bce714567	1714	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	7:481bce714567	1715
wolfSSL	7:481bce714567	1716	/** Server Name Indication - RFC 6066 (session 3) */
wolfSSL	7:481bce714567	1717	#ifdef HAVE_SNI
wolfSSL	7:481bce714567	1718
wolfSSL	7:481bce714567	1719	typedef struct SNI {
wolfSSL	7:481bce714567	1720	byte type; /* SNI Type */
wolfSSL	7:481bce714567	1721	union { char* host_name; } data; /* SNI Data */
wolfSSL	7:481bce714567	1722	struct SNI* next; /* List Behavior */
wolfSSL	7:481bce714567	1723	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1724	byte options; /* Behavior options */
wolfSSL	7:481bce714567	1725	byte status; /* Matching result */
wolfSSL	7:481bce714567	1726	#endif
wolfSSL	7:481bce714567	1727	} SNI;
wolfSSL	7:481bce714567	1728
wolfSSL	7:481bce714567	1729	WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	7:481bce714567	1730	word16 size, void* heap);
wolfSSL	7:481bce714567	1731
wolfSSL	7:481bce714567	1732	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1733	WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	7:481bce714567	1734	byte options);
wolfSSL	7:481bce714567	1735	WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	7:481bce714567	1736	WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	7:481bce714567	1737	void** data);
wolfSSL	7:481bce714567	1738	WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	7:481bce714567	1739	byte type, byte* sni, word32* inOutSz);
wolfSSL	7:481bce714567	1740	#endif
wolfSSL	7:481bce714567	1741
wolfSSL	7:481bce714567	1742	#endif /* HAVE_SNI */
wolfSSL	7:481bce714567	1743
wolfSSL	7:481bce714567	1744	/* Application-Layer Protocol Negotiation - RFC 7301 */
wolfSSL	7:481bce714567	1745	#ifdef HAVE_ALPN
wolfSSL	7:481bce714567	1746	typedef struct ALPN {
wolfSSL	7:481bce714567	1747	char* protocol_name; /* ALPN protocol name */
wolfSSL	7:481bce714567	1748	struct ALPN* next; /* List Behavior */
wolfSSL	7:481bce714567	1749	byte options; /* Behavior options */
wolfSSL	7:481bce714567	1750	byte negotiated; /* ALPN protocol negotiated or not */
wolfSSL	7:481bce714567	1751	} ALPN;
wolfSSL	7:481bce714567	1752
wolfSSL	7:481bce714567	1753	WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
wolfSSL	7:481bce714567	1754	void** data, word16 *dataSz);
wolfSSL	7:481bce714567	1755
wolfSSL	7:481bce714567	1756	WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
wolfSSL	7:481bce714567	1757	word16 size, byte options, void* heap);
wolfSSL	7:481bce714567	1758
wolfSSL	7:481bce714567	1759	WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
wolfSSL	7:481bce714567	1760
wolfSSL	7:481bce714567	1761	#endif /* HAVE_ALPN */
wolfSSL	7:481bce714567	1762
wolfSSL	7:481bce714567	1763	/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
wolfSSL	7:481bce714567	1764	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	7:481bce714567	1765
wolfSSL	7:481bce714567	1766	WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
wolfSSL	7:481bce714567	1767
wolfSSL	7:481bce714567	1768	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	7:481bce714567	1769
wolfSSL	7:481bce714567	1770	/** Truncated HMAC - RFC 6066 (session 7) */
wolfSSL	7:481bce714567	1771	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	7:481bce714567	1772
wolfSSL	7:481bce714567	1773	WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
wolfSSL	7:481bce714567	1774
wolfSSL	7:481bce714567	1775	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	7:481bce714567	1776
wolfSSL	7:481bce714567	1777	/** Certificate Status Request - RFC 6066 (session 8) */
wolfSSL	7:481bce714567	1778	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	7:481bce714567	1779
wolfSSL	7:481bce714567	1780	typedef struct {
wolfSSL	7:481bce714567	1781	byte status_type;
wolfSSL	7:481bce714567	1782	byte options;
wolfSSL	7:481bce714567	1783	union {
wolfSSL	7:481bce714567	1784	OcspRequest ocsp;
wolfSSL	7:481bce714567	1785	} request;
wolfSSL	7:481bce714567	1786	} CertificateStatusRequest;
wolfSSL	7:481bce714567	1787
wolfSSL	7:481bce714567	1788	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
wolfSSL	7:481bce714567	1789	byte status_type, byte options, void* heap);
wolfSSL	7:481bce714567	1790	WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
wolfSSL	7:481bce714567	1791	void* heap);
wolfSSL	7:481bce714567	1792	WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
wolfSSL	7:481bce714567	1793	WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
wolfSSL	7:481bce714567	1794
wolfSSL	7:481bce714567	1795	#endif
wolfSSL	7:481bce714567	1796
wolfSSL	7:481bce714567	1797	/** Certificate Status Request v2 - RFC 6961 */
wolfSSL	7:481bce714567	1798	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	7:481bce714567	1799
wolfSSL	7:481bce714567	1800	typedef struct CSRIv2 {
wolfSSL	7:481bce714567	1801	byte status_type;
wolfSSL	7:481bce714567	1802	byte options;
wolfSSL	7:481bce714567	1803	word16 requests;
wolfSSL	7:481bce714567	1804	union {
wolfSSL	7:481bce714567	1805	OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
wolfSSL	7:481bce714567	1806	} request;
wolfSSL	7:481bce714567	1807	struct CSRIv2* next;
wolfSSL	7:481bce714567	1808	} CertificateStatusRequestItemV2;
wolfSSL	7:481bce714567	1809
wolfSSL	7:481bce714567	1810	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
wolfSSL	7:481bce714567	1811	byte status_type, byte options, void* heap);
wolfSSL	7:481bce714567	1812	WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
wolfSSL	7:481bce714567	1813	byte isPeer, void* heap);
wolfSSL	7:481bce714567	1814	WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
wolfSSL	7:481bce714567	1815	byte index);
wolfSSL	7:481bce714567	1816	WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
wolfSSL	7:481bce714567	1817
wolfSSL	7:481bce714567	1818	#endif
wolfSSL	7:481bce714567	1819
wolfSSL	7:481bce714567	1820	/** Supported Elliptic Curves - RFC 4492 (session 4) */
wolfSSL	7:481bce714567	1821	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	7:481bce714567	1822
wolfSSL	7:481bce714567	1823	typedef struct EllipticCurve {
wolfSSL	7:481bce714567	1824	word16 name; /* CurveNames */
wolfSSL	7:481bce714567	1825	struct EllipticCurve* next; /* List Behavior */
wolfSSL	7:481bce714567	1826	} EllipticCurve;
wolfSSL	7:481bce714567	1827
wolfSSL	7:481bce714567	1828	WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
wolfSSL	7:481bce714567	1829	void* heap);
wolfSSL	7:481bce714567	1830
wolfSSL	7:481bce714567	1831	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1832	WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
wolfSSL	7:481bce714567	1833	byte second);
wolfSSL	7:481bce714567	1834	#endif
wolfSSL	7:481bce714567	1835
wolfSSL	7:481bce714567	1836	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	7:481bce714567	1837
wolfSSL	7:481bce714567	1838	/** Renegotiation Indication - RFC 5746 */
wolfSSL	7:481bce714567	1839	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	7:481bce714567	1840	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	7:481bce714567	1841
wolfSSL	7:481bce714567	1842	enum key_cache_state {
wolfSSL	7:481bce714567	1843	SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL	7:481bce714567	1844	SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL	7:481bce714567	1845	SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL	7:481bce714567	1846	SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL	7:481bce714567	1847	SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL	7:481bce714567	1848	};
wolfSSL	7:481bce714567	1849
wolfSSL	7:481bce714567	1850	/* Additional Connection State according to rfc5746 section 3.1 */
wolfSSL	7:481bce714567	1851	typedef struct SecureRenegotiation {
wolfSSL	7:481bce714567	1852	byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL	7:481bce714567	1853	byte startScr; /* server requested client to start scr */
wolfSSL	7:481bce714567	1854	enum key_cache_state cache_status; /* track key cache state */
wolfSSL	7:481bce714567	1855	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	7:481bce714567	1856	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	7:481bce714567	1857	byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
wolfSSL	7:481bce714567	1858	Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL	7:481bce714567	1859	} SecureRenegotiation;
wolfSSL	7:481bce714567	1860
wolfSSL	7:481bce714567	1861	WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
wolfSSL	7:481bce714567	1862
wolfSSL	7:481bce714567	1863	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	7:481bce714567	1864	WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
wolfSSL	7:481bce714567	1865	#endif
wolfSSL	7:481bce714567	1866
wolfSSL	7:481bce714567	1867	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	7:481bce714567	1868
wolfSSL	7:481bce714567	1869	/** Session Ticket - RFC 5077 (session 3.2) */
wolfSSL	7:481bce714567	1870	#ifdef HAVE_SESSION_TICKET
wolfSSL	7:481bce714567	1871
wolfSSL	7:481bce714567	1872	typedef struct SessionTicket {
wolfSSL	7:481bce714567	1873	word32 lifetime;
wolfSSL	7:481bce714567	1874	byte* data;
wolfSSL	7:481bce714567	1875	word16 size;
wolfSSL	7:481bce714567	1876	} SessionTicket;
wolfSSL	7:481bce714567	1877
wolfSSL	7:481bce714567	1878	WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL	7:481bce714567	1879	SessionTicket* ticket, void* heap);
wolfSSL	7:481bce714567	1880	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	7:481bce714567	1881	byte* data, word16 size, void* heap);
wolfSSL	7:481bce714567	1882	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
wolfSSL	7:481bce714567	1883
wolfSSL	7:481bce714567	1884	#endif /* HAVE_SESSION_TICKET */
wolfSSL	7:481bce714567	1885
wolfSSL	7:481bce714567	1886	/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
wolfSSL	7:481bce714567	1887	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	1888
wolfSSL	7:481bce714567	1889	typedef struct QSHScheme {
wolfSSL	7:481bce714567	1890	struct QSHScheme* next; /* List Behavior */
wolfSSL	7:481bce714567	1891	byte* PK;
wolfSSL	7:481bce714567	1892	word16 name; /* QSHScheme Names */
wolfSSL	7:481bce714567	1893	word16 PKLen;
wolfSSL	7:481bce714567	1894	} QSHScheme;
wolfSSL	7:481bce714567	1895
wolfSSL	7:481bce714567	1896	typedef struct QSHkey {
wolfSSL	7:481bce714567	1897	struct QSHKey* next;
wolfSSL	7:481bce714567	1898	word16 name;
wolfSSL	7:481bce714567	1899	buffer pub;
wolfSSL	7:481bce714567	1900	buffer pri;
wolfSSL	7:481bce714567	1901	} QSHKey;
wolfSSL	7:481bce714567	1902
wolfSSL	7:481bce714567	1903	typedef struct QSHSecret {
wolfSSL	7:481bce714567	1904	QSHScheme* list;
wolfSSL	7:481bce714567	1905	buffer* SerSi;
wolfSSL	7:481bce714567	1906	buffer* CliSi;
wolfSSL	7:481bce714567	1907	} QSHSecret;
wolfSSL	7:481bce714567	1908
wolfSSL	7:481bce714567	1909	/* used in key exchange during handshake */
wolfSSL	7:481bce714567	1910	WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
wolfSSL	7:481bce714567	1911	word16 length, byte isServer);
wolfSSL	7:481bce714567	1912	WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
wolfSSL	7:481bce714567	1913	WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
wolfSSL	7:481bce714567	1914
wolfSSL	7:481bce714567	1915	/* used by api for setting a specific QSH scheme */
wolfSSL	7:481bce714567	1916	WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
wolfSSL	7:481bce714567	1917	byte* pKey, word16 pKeySz, void* heap);
wolfSSL	7:481bce714567	1918
wolfSSL	7:481bce714567	1919	/* used when parsing in QSHCipher structs */
wolfSSL	7:481bce714567	1920	WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	7:481bce714567	1921	byte* out, word16* szOut);
wolfSSL	7:481bce714567	1922	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	1923	WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
wolfSSL	7:481bce714567	1924	#endif
wolfSSL	7:481bce714567	1925
wolfSSL	7:481bce714567	1926	#endif /* HAVE_QSH */
wolfSSL	7:481bce714567	1927
wolfSSL	7:481bce714567	1928
wolfSSL	7:481bce714567	1929	/* wolfSSL context type */
wolfSSL	7:481bce714567	1930	struct WOLFSSL_CTX {
wolfSSL	7:481bce714567	1931	WOLFSSL_METHOD* method;
wolfSSL	7:481bce714567	1932	#ifdef SINGLE_THREADED
wolfSSL	7:481bce714567	1933	WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
wolfSSL	7:481bce714567	1934	#endif
wolfSSL	7:481bce714567	1935	wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	7:481bce714567	1936	int refCount; /* reference count */
wolfSSL	7:481bce714567	1937	int err; /* error code in case of mutex not created */
wolfSSL	7:481bce714567	1938	#ifndef NO_DH
wolfSSL	7:481bce714567	1939	buffer serverDH_P;
wolfSSL	7:481bce714567	1940	buffer serverDH_G;
wolfSSL	7:481bce714567	1941	#endif
wolfSSL	7:481bce714567	1942	#ifndef NO_CERTS
wolfSSL	7:481bce714567	1943	DerBuffer* certificate;
wolfSSL	7:481bce714567	1944	DerBuffer* certChain;
wolfSSL	7:481bce714567	1945	/* chain after self, in DER, with leading size for each cert */
wolfSSL	7:481bce714567	1946	DerBuffer* privateKey;
wolfSSL	7:481bce714567	1947	WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	7:481bce714567	1948	#endif
wolfSSL	7:481bce714567	1949	#ifdef KEEP_OUR_CERT
wolfSSL	7:481bce714567	1950	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
wolfSSL	7:481bce714567	1951	#endif
wolfSSL	7:481bce714567	1952	Suites* suites; /* make dynamic, user may not need/set */
wolfSSL	7:481bce714567	1953	void* heap; /* for user memory overrides */
wolfSSL	7:481bce714567	1954	byte verifyPeer;
wolfSSL	7:481bce714567	1955	byte verifyNone;
wolfSSL	7:481bce714567	1956	byte failNoCert;
wolfSSL	7:481bce714567	1957	byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/
wolfSSL	7:481bce714567	1958	byte sessionCacheOff;
wolfSSL	7:481bce714567	1959	byte sessionCacheFlushOff;
wolfSSL	7:481bce714567	1960	byte sendVerify; /* for client side */
wolfSSL	7:481bce714567	1961	byte haveRSA; /* RSA available */
wolfSSL	7:481bce714567	1962	byte haveECC; /* ECC available */
wolfSSL	7:481bce714567	1963	byte haveDH; /* server DH parms set by user */
wolfSSL	7:481bce714567	1964	byte haveNTRU; /* server private NTRU key loaded */
wolfSSL	7:481bce714567	1965	byte haveECDSAsig; /* server cert signed w/ ECDSA */
wolfSSL	7:481bce714567	1966	byte haveStaticECC; /* static server ECC private key */
wolfSSL	7:481bce714567	1967	byte partialWrite; /* only one msg per write call */
wolfSSL	7:481bce714567	1968	byte quietShutdown; /* don't send close notify */
wolfSSL	7:481bce714567	1969	byte groupMessages; /* group handshake messages before sending */
wolfSSL	7:481bce714567	1970	byte minDowngrade; /* minimum downgrade version */
wolfSSL	7:481bce714567	1971	byte haveEMS; /* have extended master secret extension */
wolfSSL	7:481bce714567	1972	#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL	7:481bce714567	1973	byte dtlsSctp; /* DTLS-over-SCTP mode */
wolfSSL	7:481bce714567	1974	word16 dtlsMtuSz; /* DTLS MTU size */
wolfSSL	7:481bce714567	1975	#endif
wolfSSL	7:481bce714567	1976	#ifndef NO_DH
wolfSSL	7:481bce714567	1977	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	7:481bce714567	1978	#endif
wolfSSL	7:481bce714567	1979	#ifndef NO_RSA
wolfSSL	7:481bce714567	1980	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	7:481bce714567	1981	#endif
wolfSSL	7:481bce714567	1982	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	1983	short minEccKeySz; /* minimum ECC key size */
wolfSSL	7:481bce714567	1984	#endif
wolfSSL	7:481bce714567	1985	CallbackIORecv CBIORecv;
wolfSSL	7:481bce714567	1986	CallbackIOSend CBIOSend;
wolfSSL	7:481bce714567	1987	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	1988	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	7:481bce714567	1989	wc_dtls_export dtls_export; /* export function for DTLS session */
wolfSSL	7:481bce714567	1990	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	7:481bce714567	1991	CallbackGetPeer CBGetPeer;
wolfSSL	7:481bce714567	1992	CallbackSetPeer CBSetPeer;
wolfSSL	7:481bce714567	1993	#endif
wolfSSL	7:481bce714567	1994	#endif /* WOLFSSL_DTLS */
wolfSSL	7:481bce714567	1995	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	7:481bce714567	1996	word32 timeout; /* session timeout */
wolfSSL	7:481bce714567	1997	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	1998	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	7:481bce714567	1999	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	7:481bce714567	2000	#endif
wolfSSL	7:481bce714567	2001	#ifndef NO_PSK
wolfSSL	7:481bce714567	2002	byte havePSK; /* psk key set by user */
wolfSSL	7:481bce714567	2003	wc_psk_client_callback client_psk_cb; /* client callback */
wolfSSL	7:481bce714567	2004	wc_psk_server_callback server_psk_cb; /* server callback */
wolfSSL	7:481bce714567	2005	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	7:481bce714567	2006	#endif /* NO_PSK */
wolfSSL	7:481bce714567	2007	#ifdef HAVE_ANON
wolfSSL	7:481bce714567	2008	byte haveAnon; /* User wants to allow Anon suites */
wolfSSL	7:481bce714567	2009	#endif /* HAVE_ANON */
wolfSSL	7:481bce714567	2010	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	7:481bce714567	2011	pem_password_cb* passwd_cb;
wolfSSL	7:481bce714567	2012	void* userdata;
wolfSSL	7:481bce714567	2013	WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
wolfSSL	7:481bce714567	2014	byte readAhead;
wolfSSL	7:481bce714567	2015	void* userPRFArg; /* passed to prf callback */
wolfSSL	7:481bce714567	2016	#endif /* OPENSSL_EXTRA */
wolfSSL	7:481bce714567	2017	#ifdef HAVE_STUNNEL
wolfSSL	7:481bce714567	2018	void* ex_data[MAX_EX_DATA];
wolfSSL	7:481bce714567	2019	CallbackSniRecv sniRecvCb;
wolfSSL	7:481bce714567	2020	void* sniRecvCbArg;
wolfSSL	7:481bce714567	2021	#endif
wolfSSL	7:481bce714567	2022	#ifdef HAVE_OCSP
wolfSSL	7:481bce714567	2023	WOLFSSL_OCSP ocsp;
wolfSSL	7:481bce714567	2024	#endif
wolfSSL	7:481bce714567	2025	int devId; /* async device id to use */
wolfSSL	7:481bce714567	2026	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	7:481bce714567	2027	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	7:481bce714567	2028	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	2029	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	7:481bce714567	2030	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	7:481bce714567	2031	OcspRequest* certOcspRequest;
wolfSSL	7:481bce714567	2032	#endif
wolfSSL	7:481bce714567	2033	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	7:481bce714567	2034	OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
wolfSSL	7:481bce714567	2035	#endif
wolfSSL	7:481bce714567	2036	#endif
wolfSSL	7:481bce714567	2037	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	7:481bce714567	2038	SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL	7:481bce714567	2039	void* ticketEncCtx; /* session encrypt context */
wolfSSL	7:481bce714567	2040	int ticketHint; /* ticket hint in seconds */
wolfSSL	7:481bce714567	2041	#endif
wolfSSL	7:481bce714567	2042	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	7:481bce714567	2043	byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
wolfSSL	7:481bce714567	2044	#endif
wolfSSL	7:481bce714567	2045	#endif
wolfSSL	7:481bce714567	2046	#ifdef ATOMIC_USER
wolfSSL	7:481bce714567	2047	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	7:481bce714567	2048	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	7:481bce714567	2049	#endif
wolfSSL	7:481bce714567	2050	#ifdef HAVE_PK_CALLBACKS
wolfSSL	7:481bce714567	2051	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	2052	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	7:481bce714567	2053	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	7:481bce714567	2054	CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
wolfSSL	7:481bce714567	2055	#endif /* HAVE_ECC */
wolfSSL	7:481bce714567	2056	#ifndef NO_RSA
wolfSSL	7:481bce714567	2057	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
wolfSSL	7:481bce714567	2058	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
wolfSSL	7:481bce714567	2059	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	7:481bce714567	2060	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	7:481bce714567	2061	#endif /* NO_RSA */
wolfSSL	7:481bce714567	2062	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	7:481bce714567	2063	#ifdef HAVE_WOLF_EVENT
wolfSSL	7:481bce714567	2064	WOLF_EVENT_QUEUE event_queue;
wolfSSL	7:481bce714567	2065	#endif /* HAVE_WOLF_EVENT */
wolfSSL	7:481bce714567	2066	};
wolfSSL	7:481bce714567	2067
wolfSSL	7:481bce714567	2068
wolfSSL	7:481bce714567	2069	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2070	WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
wolfSSL	7:481bce714567	2071	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2072	int InitSSL_Ctx(WOLFSSL_CTX, WOLFSSL_METHOD, void* heap);
wolfSSL	7:481bce714567	2073	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2074	void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL	7:481bce714567	2075	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2076	void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL	7:481bce714567	2077
wolfSSL	7:481bce714567	2078	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2079	int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL	7:481bce714567	2080	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2081	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	7:481bce714567	2082	word32 inSz, word16 sz);
wolfSSL	7:481bce714567	2083	#ifndef NO_CERTS
wolfSSL	7:481bce714567	2084	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2085	int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
wolfSSL	7:481bce714567	2086	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2087	int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	7:481bce714567	2088	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	7:481bce714567	2089	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2090	int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
wolfSSL	7:481bce714567	2091	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2092	int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	7:481bce714567	2093	#endif
wolfSSL	7:481bce714567	2094	#endif
wolfSSL	7:481bce714567	2095
wolfSSL	7:481bce714567	2096	/* All cipher suite related info
wolfSSL	7:481bce714567	2097	* Keep as a constant size (no ifdefs) for session export */
wolfSSL	7:481bce714567	2098	typedef struct CipherSpecs {
wolfSSL	7:481bce714567	2099	word16 key_size;
wolfSSL	7:481bce714567	2100	word16 iv_size;
wolfSSL	7:481bce714567	2101	word16 block_size;
wolfSSL	7:481bce714567	2102	word16 aead_mac_size;
wolfSSL	7:481bce714567	2103	byte bulk_cipher_algorithm;
wolfSSL	7:481bce714567	2104	byte cipher_type; /* block, stream, or aead */
wolfSSL	7:481bce714567	2105	byte mac_algorithm;
wolfSSL	7:481bce714567	2106	byte kea; /* key exchange algo */
wolfSSL	7:481bce714567	2107	byte sig_algo;
wolfSSL	7:481bce714567	2108	byte hash_size;
wolfSSL	7:481bce714567	2109	byte pad_size;
wolfSSL	7:481bce714567	2110	byte static_ecdh;
wolfSSL	7:481bce714567	2111	} CipherSpecs;
wolfSSL	7:481bce714567	2112
wolfSSL	7:481bce714567	2113
wolfSSL	7:481bce714567	2114	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	7:481bce714567	2115
wolfSSL	7:481bce714567	2116
wolfSSL	7:481bce714567	2117	/* Supported Message Authentication Codes from page 43 */
wolfSSL	7:481bce714567	2118	enum MACAlgorithm {
wolfSSL	7:481bce714567	2119	no_mac,
wolfSSL	7:481bce714567	2120	md5_mac,
wolfSSL	7:481bce714567	2121	sha_mac,
wolfSSL	7:481bce714567	2122	sha224_mac,
wolfSSL	7:481bce714567	2123	sha256_mac, /* needs to match external KDF_MacAlgorithm */
wolfSSL	7:481bce714567	2124	sha384_mac,
wolfSSL	7:481bce714567	2125	sha512_mac,
wolfSSL	7:481bce714567	2126	rmd_mac,
wolfSSL	7:481bce714567	2127	blake2b_mac
wolfSSL	7:481bce714567	2128	};
wolfSSL	7:481bce714567	2129
wolfSSL	7:481bce714567	2130
wolfSSL	7:481bce714567	2131	/* Supported Key Exchange Protocols */
wolfSSL	7:481bce714567	2132	enum KeyExchangeAlgorithm {
wolfSSL	7:481bce714567	2133	no_kea,
wolfSSL	7:481bce714567	2134	rsa_kea,
wolfSSL	7:481bce714567	2135	diffie_hellman_kea,
wolfSSL	7:481bce714567	2136	fortezza_kea,
wolfSSL	7:481bce714567	2137	psk_kea,
wolfSSL	7:481bce714567	2138	dhe_psk_kea,
wolfSSL	7:481bce714567	2139	ecdhe_psk_kea,
wolfSSL	7:481bce714567	2140	ntru_kea,
wolfSSL	7:481bce714567	2141	ecc_diffie_hellman_kea,
wolfSSL	7:481bce714567	2142	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	7:481bce714567	2143	};
wolfSSL	7:481bce714567	2144
wolfSSL	7:481bce714567	2145
wolfSSL	7:481bce714567	2146	/* Supported Authentication Schemes */
wolfSSL	7:481bce714567	2147	enum SignatureAlgorithm {
wolfSSL	7:481bce714567	2148	anonymous_sa_algo,
wolfSSL	7:481bce714567	2149	rsa_sa_algo,
wolfSSL	7:481bce714567	2150	dsa_sa_algo,
wolfSSL	7:481bce714567	2151	ecc_dsa_sa_algo
wolfSSL	7:481bce714567	2152	};
wolfSSL	7:481bce714567	2153
wolfSSL	7:481bce714567	2154
wolfSSL	7:481bce714567	2155	/* Supprted ECC Curve Types */
wolfSSL	7:481bce714567	2156	enum EccCurves {
wolfSSL	7:481bce714567	2157	named_curve = 3
wolfSSL	7:481bce714567	2158	};
wolfSSL	7:481bce714567	2159
wolfSSL	7:481bce714567	2160
wolfSSL	7:481bce714567	2161	/* Valid client certificate request types from page 27 */
wolfSSL	7:481bce714567	2162	enum ClientCertificateType {
wolfSSL	7:481bce714567	2163	rsa_sign = 1,
wolfSSL	7:481bce714567	2164	dss_sign = 2,
wolfSSL	7:481bce714567	2165	rsa_fixed_dh = 3,
wolfSSL	7:481bce714567	2166	dss_fixed_dh = 4,
wolfSSL	7:481bce714567	2167	rsa_ephemeral_dh = 5,
wolfSSL	7:481bce714567	2168	dss_ephemeral_dh = 6,
wolfSSL	7:481bce714567	2169	fortezza_kea_cert = 20,
wolfSSL	7:481bce714567	2170	ecdsa_sign = 64,
wolfSSL	7:481bce714567	2171	rsa_fixed_ecdh = 65,
wolfSSL	7:481bce714567	2172	ecdsa_fixed_ecdh = 66
wolfSSL	7:481bce714567	2173	};
wolfSSL	7:481bce714567	2174
wolfSSL	7:481bce714567	2175
wolfSSL	7:481bce714567	2176	enum CipherType { stream, block, aead };
wolfSSL	7:481bce714567	2177
wolfSSL	7:481bce714567	2178
wolfSSL	7:481bce714567	2179
wolfSSL	7:481bce714567	2180
wolfSSL	7:481bce714567	2181
wolfSSL	7:481bce714567	2182
wolfSSL	7:481bce714567	2183	/* cipher for now */
wolfSSL	7:481bce714567	2184	typedef struct Ciphers {
wolfSSL	7:481bce714567	2185	#ifdef BUILD_ARC4
wolfSSL	7:481bce714567	2186	Arc4* arc4;
wolfSSL	7:481bce714567	2187	#endif
wolfSSL	7:481bce714567	2188	#ifdef BUILD_DES3
wolfSSL	7:481bce714567	2189	Des3* des3;
wolfSSL	7:481bce714567	2190	#endif
wolfSSL	7:481bce714567	2191	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	7:481bce714567	2192	Aes* aes;
wolfSSL	7:481bce714567	2193	#endif
wolfSSL	7:481bce714567	2194	#ifdef HAVE_CAMELLIA
wolfSSL	7:481bce714567	2195	Camellia* cam;
wolfSSL	7:481bce714567	2196	#endif
wolfSSL	7:481bce714567	2197	#ifdef HAVE_CHACHA
wolfSSL	7:481bce714567	2198	ChaCha* chacha;
wolfSSL	7:481bce714567	2199	#endif
wolfSSL	7:481bce714567	2200	#ifdef HAVE_HC128
wolfSSL	7:481bce714567	2201	HC128* hc128;
wolfSSL	7:481bce714567	2202	#endif
wolfSSL	7:481bce714567	2203	#ifdef BUILD_RABBIT
wolfSSL	7:481bce714567	2204	Rabbit* rabbit;
wolfSSL	7:481bce714567	2205	#endif
wolfSSL	7:481bce714567	2206	#ifdef HAVE_IDEA
wolfSSL	7:481bce714567	2207	Idea* idea;
wolfSSL	7:481bce714567	2208	#endif
wolfSSL	7:481bce714567	2209	byte setup; /* have we set it up flag for detection */
wolfSSL	7:481bce714567	2210	} Ciphers;
wolfSSL	7:481bce714567	2211
wolfSSL	7:481bce714567	2212
wolfSSL	7:481bce714567	2213	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	7:481bce714567	2214	/* Ciphers for one time authentication such as poly1305 */
wolfSSL	7:481bce714567	2215	typedef struct OneTimeAuth {
wolfSSL	7:481bce714567	2216	#ifdef HAVE_POLY1305
wolfSSL	7:481bce714567	2217	Poly1305* poly1305;
wolfSSL	7:481bce714567	2218	#endif
wolfSSL	7:481bce714567	2219	byte setup; /* flag for if a cipher has been set */
wolfSSL	7:481bce714567	2220
wolfSSL	7:481bce714567	2221	} OneTimeAuth;
wolfSSL	7:481bce714567	2222	#endif
wolfSSL	7:481bce714567	2223
wolfSSL	7:481bce714567	2224
wolfSSL	7:481bce714567	2225	WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL	7:481bce714567	2226	WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL	7:481bce714567	2227
wolfSSL	7:481bce714567	2228
wolfSSL	7:481bce714567	2229	/* hashes type */
wolfSSL	7:481bce714567	2230	typedef struct Hashes {
wolfSSL	7:481bce714567	2231	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	2232	byte md5[MD5_DIGEST_SIZE];
wolfSSL	7:481bce714567	2233	#endif
wolfSSL	7:481bce714567	2234	byte sha[SHA_DIGEST_SIZE];
wolfSSL	7:481bce714567	2235	#ifndef NO_SHA256
wolfSSL	7:481bce714567	2236	byte sha256[SHA256_DIGEST_SIZE];
wolfSSL	7:481bce714567	2237	#endif
wolfSSL	7:481bce714567	2238	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	2239	byte sha384[SHA384_DIGEST_SIZE];
wolfSSL	7:481bce714567	2240	#endif
wolfSSL	7:481bce714567	2241	#ifdef WOLFSSL_SHA512
wolfSSL	7:481bce714567	2242	byte sha512[SHA512_DIGEST_SIZE];
wolfSSL	7:481bce714567	2243	#endif
wolfSSL	7:481bce714567	2244	} Hashes;
wolfSSL	7:481bce714567	2245
wolfSSL	7:481bce714567	2246
wolfSSL	7:481bce714567	2247	/* Static x509 buffer */
wolfSSL	7:481bce714567	2248	typedef struct x509_buffer {
wolfSSL	7:481bce714567	2249	int length; /* actual size */
wolfSSL	7:481bce714567	2250	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	7:481bce714567	2251	} x509_buffer;
wolfSSL	7:481bce714567	2252
wolfSSL	7:481bce714567	2253
wolfSSL	7:481bce714567	2254	/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	7:481bce714567	2255	struct WOLFSSL_X509_CHAIN {
wolfSSL	7:481bce714567	2256	int count; /* total number in chain */
wolfSSL	7:481bce714567	2257	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	7:481bce714567	2258	};
wolfSSL	7:481bce714567	2259
wolfSSL	7:481bce714567	2260
wolfSSL	7:481bce714567	2261	/* wolfSSL session type */
wolfSSL	7:481bce714567	2262	struct WOLFSSL_SESSION {
wolfSSL	7:481bce714567	2263	word32 bornOn; /* create time in seconds */
wolfSSL	7:481bce714567	2264	word32 timeout; /* timeout in seconds */
wolfSSL	7:481bce714567	2265	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	7:481bce714567	2266	byte sessionIDSz;
wolfSSL	7:481bce714567	2267	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	7:481bce714567	2268	word16 haveEMS; /* ext master secret flag */
wolfSSL	7:481bce714567	2269	#ifdef SESSION_CERTS
wolfSSL	7:481bce714567	2270	WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	7:481bce714567	2271	ProtocolVersion version; /* which version was used */
wolfSSL	7:481bce714567	2272	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	7:481bce714567	2273	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	7:481bce714567	2274	#endif
wolfSSL	7:481bce714567	2275	#ifndef NO_CLIENT_CACHE
wolfSSL	7:481bce714567	2276	word16 idLen; /* serverID length */
wolfSSL	7:481bce714567	2277	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	7:481bce714567	2278	#endif
wolfSSL	7:481bce714567	2279	#ifdef HAVE_SESSION_TICKET
wolfSSL	7:481bce714567	2280	byte* ticket;
wolfSSL	7:481bce714567	2281	word16 ticketLen;
wolfSSL	7:481bce714567	2282	byte staticTicket[SESSION_TICKET_LEN];
wolfSSL	7:481bce714567	2283	byte isDynamic;
wolfSSL	7:481bce714567	2284	#endif
wolfSSL	7:481bce714567	2285	#ifdef HAVE_STUNNEL
wolfSSL	7:481bce714567	2286	void* ex_data[MAX_EX_DATA];
wolfSSL	7:481bce714567	2287	#endif
wolfSSL	7:481bce714567	2288	};
wolfSSL	7:481bce714567	2289
wolfSSL	7:481bce714567	2290
wolfSSL	7:481bce714567	2291	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2292	WOLFSSL_SESSION* GetSession(WOLFSSL, byte, byte);
wolfSSL	7:481bce714567	2293	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2294	int SetSession(WOLFSSL, WOLFSSL_SESSION);
wolfSSL	7:481bce714567	2295
wolfSSL	7:481bce714567	2296	typedef int (hmacfp) (WOLFSSL, byte, const byte, word32, int, int);
wolfSSL	7:481bce714567	2297
wolfSSL	7:481bce714567	2298	#ifndef NO_CLIENT_CACHE
wolfSSL	7:481bce714567	2299	WOLFSSL_SESSION* GetSessionClient(WOLFSSL, const byte, int);
wolfSSL	7:481bce714567	2300	#endif
wolfSSL	7:481bce714567	2301
wolfSSL	7:481bce714567	2302	/* client connect state for nonblocking restart */
wolfSSL	7:481bce714567	2303	enum ConnectState {
wolfSSL	7:481bce714567	2304	CONNECT_BEGIN = 0,
wolfSSL	7:481bce714567	2305	CLIENT_HELLO_SENT,
wolfSSL	7:481bce714567	2306	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	7:481bce714567	2307	HELLO_AGAIN_REPLY,
wolfSSL	7:481bce714567	2308	FIRST_REPLY_DONE,
wolfSSL	7:481bce714567	2309	FIRST_REPLY_FIRST,
wolfSSL	7:481bce714567	2310	FIRST_REPLY_SECOND,
wolfSSL	7:481bce714567	2311	FIRST_REPLY_THIRD,
wolfSSL	7:481bce714567	2312	FIRST_REPLY_FOURTH,
wolfSSL	7:481bce714567	2313	FINISHED_DONE,
wolfSSL	7:481bce714567	2314	SECOND_REPLY_DONE
wolfSSL	7:481bce714567	2315	};
wolfSSL	7:481bce714567	2316
wolfSSL	7:481bce714567	2317
wolfSSL	7:481bce714567	2318	/* server accept state for nonblocking restart */
wolfSSL	7:481bce714567	2319	enum AcceptState {
wolfSSL	7:481bce714567	2320	ACCEPT_BEGIN = 0,
wolfSSL	7:481bce714567	2321	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	7:481bce714567	2322	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	7:481bce714567	2323	SERVER_HELLO_SENT,
wolfSSL	7:481bce714567	2324	CERT_SENT,
wolfSSL	7:481bce714567	2325	CERT_STATUS_SENT,
wolfSSL	7:481bce714567	2326	KEY_EXCHANGE_SENT,
wolfSSL	7:481bce714567	2327	CERT_REQ_SENT,
wolfSSL	7:481bce714567	2328	SERVER_HELLO_DONE,
wolfSSL	7:481bce714567	2329	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	7:481bce714567	2330	TICKET_SENT,
wolfSSL	7:481bce714567	2331	CHANGE_CIPHER_SENT,
wolfSSL	7:481bce714567	2332	ACCEPT_FINISHED_DONE,
wolfSSL	7:481bce714567	2333	ACCEPT_THIRD_REPLY_DONE
wolfSSL	7:481bce714567	2334	};
wolfSSL	7:481bce714567	2335
wolfSSL	7:481bce714567	2336	/* sub-states for send/do key share (key exchange) */
wolfSSL	7:481bce714567	2337	enum KeyShareState {
wolfSSL	7:481bce714567	2338	KEYSHARE_BEGIN = 0,
wolfSSL	7:481bce714567	2339	KEYSHARE_BUILD,
wolfSSL	7:481bce714567	2340	KEYSHARE_DO,
wolfSSL	7:481bce714567	2341	KEYSHARE_VERIFY,
wolfSSL	7:481bce714567	2342	KEYSHARE_FINALIZE,
wolfSSL	7:481bce714567	2343	KEYSHARE_END
wolfSSL	7:481bce714567	2344	};
wolfSSL	7:481bce714567	2345
wolfSSL	7:481bce714567	2346	/* buffers for struct WOLFSSL */
wolfSSL	7:481bce714567	2347	typedef struct Buffers {
wolfSSL	7:481bce714567	2348	bufferStatic inputBuffer;
wolfSSL	7:481bce714567	2349	bufferStatic outputBuffer;
wolfSSL	7:481bce714567	2350	buffer domainName; /* for client check */
wolfSSL	7:481bce714567	2351	buffer clearOutputBuffer;
wolfSSL	7:481bce714567	2352	buffer sig; /* signature data */
wolfSSL	7:481bce714567	2353	buffer digest; /* digest data */
wolfSSL	7:481bce714567	2354	int prevSent; /* previous plain text bytes sent
wolfSSL	7:481bce714567	2355	when got WANT_WRITE */
wolfSSL	7:481bce714567	2356	int plainSz; /* plain text bytes in buffer to send
wolfSSL	7:481bce714567	2357	when got WANT_WRITE */
wolfSSL	7:481bce714567	2358	byte weOwnCert; /* SSL own cert flag */
wolfSSL	7:481bce714567	2359	byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL	7:481bce714567	2360	byte weOwnKey; /* SSL own key flag */
wolfSSL	7:481bce714567	2361	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	7:481bce714567	2362	#ifndef NO_DH
wolfSSL	7:481bce714567	2363	buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	7:481bce714567	2364	buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	7:481bce714567	2365	buffer serverDH_Pub;
wolfSSL	7:481bce714567	2366	buffer serverDH_Priv;
wolfSSL	7:481bce714567	2367	#endif
wolfSSL	7:481bce714567	2368	#ifndef NO_CERTS
wolfSSL	7:481bce714567	2369	DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	7:481bce714567	2370	DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	7:481bce714567	2371	DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	7:481bce714567	2372	/* chain after self, in DER, with leading size for each cert */
wolfSSL	7:481bce714567	2373	#endif
wolfSSL	7:481bce714567	2374	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	2375	WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	7:481bce714567	2376	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	2377	buffer dtlsCookieSecret; /* DTLS cookie secret */
wolfSSL	7:481bce714567	2378	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	2379	#endif
wolfSSL	7:481bce714567	2380	#ifdef HAVE_PK_CALLBACKS
wolfSSL	7:481bce714567	2381	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	2382	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	7:481bce714567	2383	#endif /* HAVE_ECC */
wolfSSL	7:481bce714567	2384	#ifndef NO_RSA
wolfSSL	7:481bce714567	2385	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	7:481bce714567	2386	#endif /* NO_RSA */
wolfSSL	7:481bce714567	2387	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	7:481bce714567	2388	} Buffers;
wolfSSL	7:481bce714567	2389
wolfSSL	7:481bce714567	2390	typedef struct Options {
wolfSSL	7:481bce714567	2391	#ifndef NO_PSK
wolfSSL	7:481bce714567	2392	wc_psk_client_callback client_psk_cb;
wolfSSL	7:481bce714567	2393	wc_psk_server_callback server_psk_cb;
wolfSSL	7:481bce714567	2394	word16 havePSK:1; /* psk key set by user */
wolfSSL	7:481bce714567	2395	#endif /* NO_PSK */
wolfSSL	7:481bce714567	2396	#ifdef OPENSSL_EXTRA
wolfSSL	7:481bce714567	2397	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	7:481bce714567	2398	#endif
wolfSSL	7:481bce714567	2399
wolfSSL	7:481bce714567	2400	/* on/off or small bit flags, optimize layout */
wolfSSL	7:481bce714567	2401	word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	7:481bce714567	2402	word16 sessionCacheOff:1;
wolfSSL	7:481bce714567	2403	word16 sessionCacheFlushOff:1;
wolfSSL	7:481bce714567	2404	word16 side:1; /* client or server end */
wolfSSL	7:481bce714567	2405	word16 verifyPeer:1;
wolfSSL	7:481bce714567	2406	word16 verifyNone:1;
wolfSSL	7:481bce714567	2407	word16 failNoCert:1;
wolfSSL	7:481bce714567	2408	word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
wolfSSL	7:481bce714567	2409	word16 downgrade:1; /* allow downgrade of versions */
wolfSSL	7:481bce714567	2410	word16 resuming:1;
wolfSSL	7:481bce714567	2411	word16 haveSessionId:1; /* server may not send */
wolfSSL	7:481bce714567	2412	word16 tls:1; /* using TLS ? */
wolfSSL	7:481bce714567	2413	word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL	7:481bce714567	2414	word16 dtls:1; /* using datagrams ? */
wolfSSL	7:481bce714567	2415	word16 connReset:1; /* has the peer reset */
wolfSSL	7:481bce714567	2416	word16 isClosed:1; /* if we consider conn closed */
wolfSSL	7:481bce714567	2417	word16 closeNotify:1; /* we've received a close notify */
wolfSSL	7:481bce714567	2418	word16 sentNotify:1; /* we've sent a close notify */
wolfSSL	7:481bce714567	2419	word16 usingCompression:1; /* are we using compression */
wolfSSL	7:481bce714567	2420	word16 haveRSA:1; /* RSA available */
wolfSSL	7:481bce714567	2421	word16 haveECC:1; /* ECC available */
wolfSSL	7:481bce714567	2422	word16 haveDH:1; /* server DH parms set by user */
wolfSSL	7:481bce714567	2423	word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL	7:481bce714567	2424	word16 haveQSH:1; /* have QSH ability */
wolfSSL	7:481bce714567	2425	word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL	7:481bce714567	2426	word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL	7:481bce714567	2427	word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL	7:481bce714567	2428	word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL	7:481bce714567	2429	word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL	7:481bce714567	2430	word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL	7:481bce714567	2431	word16 sendAlertState:1; /* nonblocking resume */
wolfSSL	7:481bce714567	2432	word16 partialWrite:1; /* only one msg per write call */
wolfSSL	7:481bce714567	2433	word16 quietShutdown:1; /* don't send close notify */
wolfSSL	7:481bce714567	2434	word16 certOnly:1; /* stop once we get cert */
wolfSSL	7:481bce714567	2435	word16 groupMessages:1; /* group handshake messages */
wolfSSL	7:481bce714567	2436	word16 usingNonblock:1; /* are we using nonblocking socket */
wolfSSL	7:481bce714567	2437	word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL	7:481bce714567	2438	or psk */
wolfSSL	7:481bce714567	2439	word16 weOwnRng:1; /* will be true unless CTX owns */
wolfSSL	7:481bce714567	2440	#ifdef HAVE_POLY1305
wolfSSL	7:481bce714567	2441	word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL	7:481bce714567	2442	#endif
wolfSSL	7:481bce714567	2443	#ifdef HAVE_ANON
wolfSSL	7:481bce714567	2444	word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL	7:481bce714567	2445	#endif
wolfSSL	7:481bce714567	2446	#ifdef HAVE_SESSION_TICKET
wolfSSL	7:481bce714567	2447	word16 createTicket:1; /* Server to create new Ticket */
wolfSSL	7:481bce714567	2448	word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL	7:481bce714567	2449	word16 rejectTicket:1; /* Callback rejected ticket */
wolfSSL	7:481bce714567	2450	#endif
wolfSSL	7:481bce714567	2451	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	2452	word16 dtlsHsRetain:1; /* DTLS retaining HS data */
wolfSSL	7:481bce714567	2453	#ifdef WOLFSSL_SCTP
wolfSSL	7:481bce714567	2454	word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
wolfSSL	7:481bce714567	2455	#endif
wolfSSL	7:481bce714567	2456	#endif
wolfSSL	7:481bce714567	2457	word16 haveEMS:1; /* using extended master secret */
wolfSSL	7:481bce714567	2458	#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	7:481bce714567	2459	word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
wolfSSL	7:481bce714567	2460	#endif
wolfSSL	7:481bce714567	2461
wolfSSL	7:481bce714567	2462	/* need full byte values for this section */
wolfSSL	7:481bce714567	2463	byte processReply; /* nonblocking resume */
wolfSSL	7:481bce714567	2464	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	7:481bce714567	2465	byte cipherSuite; /* second byte, actual suite */
wolfSSL	7:481bce714567	2466	byte serverState;
wolfSSL	7:481bce714567	2467	byte clientState;
wolfSSL	7:481bce714567	2468	byte handShakeState;
wolfSSL	7:481bce714567	2469	byte handShakeDone; /* at least one handshake complete */
wolfSSL	7:481bce714567	2470	byte minDowngrade; /* minimum downgrade version */
wolfSSL	7:481bce714567	2471	byte connectState; /* nonblocking resume */
wolfSSL	7:481bce714567	2472	byte acceptState; /* nonblocking resume */
wolfSSL	7:481bce714567	2473	byte keyShareState; /* sub-state for key share (key exchange).
wolfSSL	7:481bce714567	2474	See enum KeyShareState. */
wolfSSL	7:481bce714567	2475	#ifndef NO_DH
wolfSSL	7:481bce714567	2476	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	7:481bce714567	2477	word16 dhKeySz; /* actual DH key size */
wolfSSL	7:481bce714567	2478	#endif
wolfSSL	7:481bce714567	2479	#ifndef NO_RSA
wolfSSL	7:481bce714567	2480	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	7:481bce714567	2481	#endif
wolfSSL	7:481bce714567	2482	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	2483	short minEccKeySz; /* minimum ECC key size */
wolfSSL	7:481bce714567	2484	#endif
wolfSSL	7:481bce714567	2485
wolfSSL	7:481bce714567	2486	} Options;
wolfSSL	7:481bce714567	2487
wolfSSL	7:481bce714567	2488	typedef struct Arrays {
wolfSSL	7:481bce714567	2489	byte* pendingMsg; /* defrag buffer */
wolfSSL	7:481bce714567	2490	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	7:481bce714567	2491	word32 pendingMsgSz; /* defrag buffer size */
wolfSSL	7:481bce714567	2492	word32 pendingMsgOffset; /* current offset into defrag buffer */
wolfSSL	7:481bce714567	2493	#ifndef NO_PSK
wolfSSL	7:481bce714567	2494	word32 psk_keySz; /* actual size */
wolfSSL	7:481bce714567	2495	char client_identity[MAX_PSK_ID_LEN];
wolfSSL	7:481bce714567	2496	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	7:481bce714567	2497	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	7:481bce714567	2498	#endif
wolfSSL	7:481bce714567	2499	byte clientRandom[RAN_LEN];
wolfSSL	7:481bce714567	2500	byte serverRandom[RAN_LEN];
wolfSSL	7:481bce714567	2501	byte sessionID[ID_LEN];
wolfSSL	7:481bce714567	2502	byte sessionIDSz;
wolfSSL	7:481bce714567	2503	byte preMasterSecret[ENCRYPT_LEN];
wolfSSL	7:481bce714567	2504	byte masterSecret[SECRET_LEN];
wolfSSL	7:481bce714567	2505	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	2506	byte cookie[MAX_COOKIE_LEN];
wolfSSL	7:481bce714567	2507	byte cookieSz;
wolfSSL	7:481bce714567	2508	#endif
wolfSSL	7:481bce714567	2509	byte pendingMsgType; /* defrag buffer message type */
wolfSSL	7:481bce714567	2510	} Arrays;
wolfSSL	7:481bce714567	2511
wolfSSL	7:481bce714567	2512	#ifndef ASN_NAME_MAX
wolfSSL	7:481bce714567	2513	#define ASN_NAME_MAX 256
wolfSSL	7:481bce714567	2514	#endif
wolfSSL	7:481bce714567	2515
wolfSSL	7:481bce714567	2516	#ifndef MAX_DATE_SZ
wolfSSL	7:481bce714567	2517	#define MAX_DATE_SZ 32
wolfSSL	7:481bce714567	2518	#endif
wolfSSL	7:481bce714567	2519
wolfSSL	7:481bce714567	2520	struct WOLFSSL_STACK {
wolfSSL	7:481bce714567	2521	unsigned long num; /* number of nodes in stack
wolfSSL	7:481bce714567	2522	* (saftey measure for freeing and shortcut for count) */
wolfSSL	7:481bce714567	2523	union {
wolfSSL	7:481bce714567	2524	WOLFSSL_X509* x509;
wolfSSL	7:481bce714567	2525	WOLFSSL_BIO* bio;
wolfSSL	7:481bce714567	2526	WOLFSSL_ASN1_OBJECT* obj;
wolfSSL	7:481bce714567	2527	} data;
wolfSSL	7:481bce714567	2528	WOLFSSL_STACK* next;
wolfSSL	7:481bce714567	2529	};
wolfSSL	7:481bce714567	2530
wolfSSL	7:481bce714567	2531
wolfSSL	7:481bce714567	2532	struct WOLFSSL_X509_NAME {
wolfSSL	7:481bce714567	2533	char *name;
wolfSSL	7:481bce714567	2534	char staticName[ASN_NAME_MAX];
wolfSSL	7:481bce714567	2535	int dynamicName;
wolfSSL	7:481bce714567	2536	int sz;
wolfSSL	7:481bce714567	2537	#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
wolfSSL	7:481bce714567	2538	DecodedName fullName;
wolfSSL	7:481bce714567	2539	WOLFSSL_X509_NAME_ENTRY cnEntry;
wolfSSL	7:481bce714567	2540	WOLFSSL_X509* x509; /* x509 that struct belongs to */
wolfSSL	7:481bce714567	2541	#endif /* OPENSSL_EXTRA */
wolfSSL	7:481bce714567	2542	};
wolfSSL	7:481bce714567	2543
wolfSSL	7:481bce714567	2544	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	7:481bce714567	2545	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	7:481bce714567	2546	#endif
wolfSSL	7:481bce714567	2547
wolfSSL	7:481bce714567	2548	#ifdef NO_ASN
wolfSSL	7:481bce714567	2549	typedef struct DNS_entry DNS_entry;
wolfSSL	7:481bce714567	2550	#endif
wolfSSL	7:481bce714567	2551
wolfSSL	7:481bce714567	2552	struct WOLFSSL_X509 {
wolfSSL	7:481bce714567	2553	int version;
wolfSSL	7:481bce714567	2554	WOLFSSL_X509_NAME issuer;
wolfSSL	7:481bce714567	2555	WOLFSSL_X509_NAME subject;
wolfSSL	7:481bce714567	2556	int serialSz;
wolfSSL	7:481bce714567	2557	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	7:481bce714567	2558	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	7:481bce714567	2559	#ifdef WOLFSSL_SEP
wolfSSL	7:481bce714567	2560	int deviceTypeSz;
wolfSSL	7:481bce714567	2561	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	7:481bce714567	2562	int hwTypeSz;
wolfSSL	7:481bce714567	2563	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	7:481bce714567	2564	int hwSerialNumSz;
wolfSSL	7:481bce714567	2565	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	7:481bce714567	2566	#ifdef OPENSSL_EXTRA
wolfSSL	7:481bce714567	2567	byte certPolicySet;
wolfSSL	7:481bce714567	2568	byte certPolicyCrit;
wolfSSL	7:481bce714567	2569	#endif /* OPENSSL_EXTRA */
wolfSSL	7:481bce714567	2570	#endif
wolfSSL	7:481bce714567	2571	int notBeforeSz;
wolfSSL	7:481bce714567	2572	byte notBefore[MAX_DATE_SZ];
wolfSSL	7:481bce714567	2573	int notAfterSz;
wolfSSL	7:481bce714567	2574	byte notAfter[MAX_DATE_SZ];
wolfSSL	7:481bce714567	2575	int sigOID;
wolfSSL	7:481bce714567	2576	buffer sig;
wolfSSL	7:481bce714567	2577	int pubKeyOID;
wolfSSL	7:481bce714567	2578	buffer pubKey;
wolfSSL	7:481bce714567	2579	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	2580	word32 pkCurveOID;
wolfSSL	7:481bce714567	2581	#endif /* HAVE_ECC */
wolfSSL	7:481bce714567	2582	#ifndef NO_CERTS
wolfSSL	7:481bce714567	2583	DerBuffer* derCert; /* may need */
wolfSSL	7:481bce714567	2584	#endif
wolfSSL	7:481bce714567	2585	DNS_entry* altNames; /* alt names list */
wolfSSL	7:481bce714567	2586	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	7:481bce714567	2587	void* heap; /* heap hint */
wolfSSL	7:481bce714567	2588	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	7:481bce714567	2589	byte isCa;
wolfSSL	7:481bce714567	2590	#ifdef WOLFSSL_CERT_EXT
wolfSSL	7:481bce714567	2591	char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
wolfSSL	7:481bce714567	2592	int certPoliciesNb;
wolfSSL	7:481bce714567	2593	#endif /* WOLFSSL_CERT_EXT */
wolfSSL	7:481bce714567	2594	#ifdef OPENSSL_EXTRA
wolfSSL	7:481bce714567	2595	word32 pathLength;
wolfSSL	7:481bce714567	2596	word16 keyUsage;
wolfSSL	7:481bce714567	2597	byte CRLdistSet;
wolfSSL	7:481bce714567	2598	byte CRLdistCrit;
wolfSSL	7:481bce714567	2599	byte* CRLInfo;
wolfSSL	7:481bce714567	2600	int CRLInfoSz;
wolfSSL	7:481bce714567	2601	byte authInfoSet;
wolfSSL	7:481bce714567	2602	byte authInfoCrit;
wolfSSL	7:481bce714567	2603	byte* authInfo;
wolfSSL	7:481bce714567	2604	int authInfoSz;
wolfSSL	7:481bce714567	2605	byte basicConstSet;
wolfSSL	7:481bce714567	2606	byte basicConstCrit;
wolfSSL	7:481bce714567	2607	byte basicConstPlSet;
wolfSSL	7:481bce714567	2608	byte subjAltNameSet;
wolfSSL	7:481bce714567	2609	byte subjAltNameCrit;
wolfSSL	7:481bce714567	2610	byte authKeyIdSet;
wolfSSL	7:481bce714567	2611	byte authKeyIdCrit;
wolfSSL	7:481bce714567	2612	byte* authKeyId;
wolfSSL	7:481bce714567	2613	word32 authKeyIdSz;
wolfSSL	7:481bce714567	2614	byte subjKeyIdSet;
wolfSSL	7:481bce714567	2615	byte subjKeyIdCrit;
wolfSSL	7:481bce714567	2616	byte* subjKeyId;
wolfSSL	7:481bce714567	2617	word32 subjKeyIdSz;
wolfSSL	7:481bce714567	2618	byte keyUsageSet;
wolfSSL	7:481bce714567	2619	byte keyUsageCrit;
wolfSSL	7:481bce714567	2620	byte extKeyUsageCrit;
wolfSSL	7:481bce714567	2621	byte* extKeyUsageSrc;
wolfSSL	7:481bce714567	2622	word32 extKeyUsageSz;
wolfSSL	7:481bce714567	2623	word32 extKeyUsageCount;
wolfSSL	7:481bce714567	2624	#endif /* OPENSSL_EXTRA */
wolfSSL	7:481bce714567	2625	};
wolfSSL	7:481bce714567	2626
wolfSSL	7:481bce714567	2627
wolfSSL	7:481bce714567	2628	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	7:481bce714567	2629	typedef struct RecordLayerHeader {
wolfSSL	7:481bce714567	2630	byte type;
wolfSSL	7:481bce714567	2631	byte pvMajor;
wolfSSL	7:481bce714567	2632	byte pvMinor;
wolfSSL	7:481bce714567	2633	byte length[2];
wolfSSL	7:481bce714567	2634	} RecordLayerHeader;
wolfSSL	7:481bce714567	2635
wolfSSL	7:481bce714567	2636
wolfSSL	7:481bce714567	2637	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	7:481bce714567	2638	typedef struct DtlsRecordLayerHeader {
wolfSSL	7:481bce714567	2639	byte type;
wolfSSL	7:481bce714567	2640	byte pvMajor;
wolfSSL	7:481bce714567	2641	byte pvMinor;
wolfSSL	7:481bce714567	2642	byte sequence_number[8]; /* per record */
wolfSSL	7:481bce714567	2643	byte length[2];
wolfSSL	7:481bce714567	2644	} DtlsRecordLayerHeader;
wolfSSL	7:481bce714567	2645
wolfSSL	7:481bce714567	2646
wolfSSL	7:481bce714567	2647	typedef struct DtlsFrag {
wolfSSL	7:481bce714567	2648	word32 begin;
wolfSSL	7:481bce714567	2649	word32 end;
wolfSSL	7:481bce714567	2650	struct DtlsFrag* next;
wolfSSL	7:481bce714567	2651	} DtlsFrag;
wolfSSL	7:481bce714567	2652
wolfSSL	7:481bce714567	2653
wolfSSL	7:481bce714567	2654	typedef struct DtlsMsg {
wolfSSL	7:481bce714567	2655	struct DtlsMsg* next;
wolfSSL	7:481bce714567	2656	byte* buf;
wolfSSL	7:481bce714567	2657	byte* msg;
wolfSSL	7:481bce714567	2658	DtlsFrag* fragList;
wolfSSL	7:481bce714567	2659	word32 fragSz; /* Length of fragments received */
wolfSSL	7:481bce714567	2660	word32 seq; /* Handshake sequence number */
wolfSSL	7:481bce714567	2661	word32 sz; /* Length of whole mesage */
wolfSSL	7:481bce714567	2662	byte type;
wolfSSL	7:481bce714567	2663	} DtlsMsg;
wolfSSL	7:481bce714567	2664
wolfSSL	7:481bce714567	2665
wolfSSL	7:481bce714567	2666	#ifdef HAVE_NETX
wolfSSL	7:481bce714567	2667
wolfSSL	7:481bce714567	2668	/* NETX I/O Callback default */
wolfSSL	7:481bce714567	2669	typedef struct NetX_Ctx {
wolfSSL	7:481bce714567	2670	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	7:481bce714567	2671	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	7:481bce714567	2672	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	7:481bce714567	2673	ULONG nxWait; /* wait option flag */
wolfSSL	7:481bce714567	2674	} NetX_Ctx;
wolfSSL	7:481bce714567	2675
wolfSSL	7:481bce714567	2676	#endif
wolfSSL	7:481bce714567	2677
wolfSSL	7:481bce714567	2678
wolfSSL	7:481bce714567	2679	/* Handshake messages received from peer (plus change cipher */
wolfSSL	7:481bce714567	2680	typedef struct MsgsReceived {
wolfSSL	7:481bce714567	2681	word16 got_hello_request:1;
wolfSSL	7:481bce714567	2682	word16 got_client_hello:1;
wolfSSL	7:481bce714567	2683	word16 got_server_hello:1;
wolfSSL	7:481bce714567	2684	word16 got_hello_verify_request:1;
wolfSSL	7:481bce714567	2685	word16 got_session_ticket:1;
wolfSSL	7:481bce714567	2686	word16 got_certificate:1;
wolfSSL	7:481bce714567	2687	word16 got_certificate_status:1;
wolfSSL	7:481bce714567	2688	word16 got_server_key_exchange:1;
wolfSSL	7:481bce714567	2689	word16 got_certificate_request:1;
wolfSSL	7:481bce714567	2690	word16 got_server_hello_done:1;
wolfSSL	7:481bce714567	2691	word16 got_certificate_verify:1;
wolfSSL	7:481bce714567	2692	word16 got_client_key_exchange:1;
wolfSSL	7:481bce714567	2693	word16 got_finished:1;
wolfSSL	7:481bce714567	2694	word16 got_change_cipher:1;
wolfSSL	7:481bce714567	2695	} MsgsReceived;
wolfSSL	7:481bce714567	2696
wolfSSL	7:481bce714567	2697
wolfSSL	7:481bce714567	2698	/* Handshake hashes */
wolfSSL	7:481bce714567	2699	typedef struct HS_Hashes {
wolfSSL	7:481bce714567	2700	Hashes verifyHashes;
wolfSSL	7:481bce714567	2701	Hashes certHashes; /* for cert verify */
wolfSSL	7:481bce714567	2702	#ifndef NO_OLD_TLS
wolfSSL	7:481bce714567	2703	#ifndef NO_SHA
wolfSSL	7:481bce714567	2704	Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	7:481bce714567	2705	#endif
wolfSSL	7:481bce714567	2706	#ifndef NO_MD5
wolfSSL	7:481bce714567	2707	Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	7:481bce714567	2708	#endif
wolfSSL	7:481bce714567	2709	#endif /* NO_OLD_TLS */
wolfSSL	7:481bce714567	2710	#ifndef NO_SHA256
wolfSSL	7:481bce714567	2711	Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	7:481bce714567	2712	#endif
wolfSSL	7:481bce714567	2713	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	2714	Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	7:481bce714567	2715	#endif
wolfSSL	7:481bce714567	2716	#ifdef WOLFSSL_SHA512
wolfSSL	7:481bce714567	2717	Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL	7:481bce714567	2718	#endif
wolfSSL	7:481bce714567	2719	} HS_Hashes;
wolfSSL	7:481bce714567	2720
wolfSSL	7:481bce714567	2721
wolfSSL	7:481bce714567	2722	/* wolfSSL ssl type */
wolfSSL	7:481bce714567	2723	struct WOLFSSL {
wolfSSL	7:481bce714567	2724	WOLFSSL_CTX* ctx;
wolfSSL	7:481bce714567	2725	Suites* suites; /* only need during handshake */
wolfSSL	7:481bce714567	2726	Arrays* arrays;
wolfSSL	7:481bce714567	2727	HS_Hashes* hsHashes;
wolfSSL	7:481bce714567	2728	void* IOCB_ReadCtx;
wolfSSL	7:481bce714567	2729	void* IOCB_WriteCtx;
wolfSSL	7:481bce714567	2730	WC_RNG* rng;
wolfSSL	7:481bce714567	2731	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	7:481bce714567	2732	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	7:481bce714567	2733	void* heap; /* for user overrides */
wolfSSL	7:481bce714567	2734	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	7:481bce714567	2735	WOLFSSL_HEAP_HINT heap_hint;
wolfSSL	7:481bce714567	2736	#endif
wolfSSL	7:481bce714567	2737	#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL	7:481bce714567	2738	HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL	7:481bce714567	2739	void* hsDoneCtx; /* user handshake cb context */
wolfSSL	7:481bce714567	2740	#endif
wolfSSL	7:481bce714567	2741	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	2742	AsyncCryptSSLState async;
wolfSSL	7:481bce714567	2743	AsyncCryptDev asyncDev;
wolfSSL	7:481bce714567	2744	#endif
wolfSSL	7:481bce714567	2745	void* sigKey; /* RsaKey or ecc_key allocated from heap */
wolfSSL	7:481bce714567	2746	word32 sigType; /* Type of sigKey */
wolfSSL	7:481bce714567	2747	word32 sigLen; /* Actual signature length */
wolfSSL	7:481bce714567	2748	WOLFSSL_CIPHER cipher;
wolfSSL	7:481bce714567	2749	hmacfp hmac;
wolfSSL	7:481bce714567	2750	Ciphers encrypt;
wolfSSL	7:481bce714567	2751	Ciphers decrypt;
wolfSSL	7:481bce714567	2752	Buffers buffers;
wolfSSL	7:481bce714567	2753	WOLFSSL_SESSION session;
wolfSSL	7:481bce714567	2754	WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL	7:481bce714567	2755	int error;
wolfSSL	7:481bce714567	2756	int rfd; /* read file descriptor */
wolfSSL	7:481bce714567	2757	int wfd; /* write file descriptor */
wolfSSL	7:481bce714567	2758	int rflags; /* user read flags */
wolfSSL	7:481bce714567	2759	int wflags; /* user write flags */
wolfSSL	7:481bce714567	2760	word32 timeout; /* session timeout */
wolfSSL	7:481bce714567	2761	word32 fragOffset; /* fragment offset */
wolfSSL	7:481bce714567	2762	word16 curSize;
wolfSSL	7:481bce714567	2763	RecordLayerHeader curRL;
wolfSSL	7:481bce714567	2764	MsgsReceived msgsReceived; /* peer messages received */
wolfSSL	7:481bce714567	2765	ProtocolVersion version; /* negotiated version */
wolfSSL	7:481bce714567	2766	ProtocolVersion chVersion; /* client hello version */
wolfSSL	7:481bce714567	2767	CipherSpecs specs;
wolfSSL	7:481bce714567	2768	Keys keys;
wolfSSL	7:481bce714567	2769	Options options;
wolfSSL	7:481bce714567	2770	#ifdef OPENSSL_EXTRA
wolfSSL	7:481bce714567	2771	WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	7:481bce714567	2772	WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	7:481bce714567	2773	unsigned long peerVerifyRet;
wolfSSL	7:481bce714567	2774	byte readAhead;
wolfSSL	7:481bce714567	2775	#ifdef HAVE_PK_CALLBACKS
wolfSSL	7:481bce714567	2776	void* loggingCtx; /* logging callback argument */
wolfSSL	7:481bce714567	2777	#endif
wolfSSL	7:481bce714567	2778	#endif
wolfSSL	7:481bce714567	2779	#ifndef NO_RSA
wolfSSL	7:481bce714567	2780	RsaKey* peerRsaKey;
wolfSSL	7:481bce714567	2781	byte peerRsaKeyPresent;
wolfSSL	7:481bce714567	2782	#endif
wolfSSL	7:481bce714567	2783	#ifdef HAVE_QSH
wolfSSL	7:481bce714567	2784	QSHKey* QSH_Key;
wolfSSL	7:481bce714567	2785	QSHKey* peerQSHKey;
wolfSSL	7:481bce714567	2786	QSHSecret* QSH_secret;
wolfSSL	7:481bce714567	2787	byte isQSH; /* is the handshake a QSH? */
wolfSSL	7:481bce714567	2788	byte sendQSHKeys; /* flag for if the client should sen
wolfSSL	7:481bce714567	2789	public keys */
wolfSSL	7:481bce714567	2790	byte peerQSHKeyPresent;
wolfSSL	7:481bce714567	2791	byte minRequest;
wolfSSL	7:481bce714567	2792	byte maxRequest;
wolfSSL	7:481bce714567	2793	byte user_set_QSHSchemes;
wolfSSL	7:481bce714567	2794	#endif
wolfSSL	7:481bce714567	2795	#ifdef HAVE_NTRU
wolfSSL	7:481bce714567	2796	word16 peerNtruKeyLen;
wolfSSL	7:481bce714567	2797	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	7:481bce714567	2798	byte peerNtruKeyPresent;
wolfSSL	7:481bce714567	2799	#endif
wolfSSL	7:481bce714567	2800	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	2801	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	7:481bce714567	2802	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	7:481bce714567	2803	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	7:481bce714567	2804	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	7:481bce714567	2805	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	7:481bce714567	2806	byte peerEccKeyPresent;
wolfSSL	7:481bce714567	2807	byte peerEccDsaKeyPresent;
wolfSSL	7:481bce714567	2808	byte eccTempKeyPresent;
wolfSSL	7:481bce714567	2809	#endif
wolfSSL	7:481bce714567	2810	#ifdef HAVE_LIBZ
wolfSSL	7:481bce714567	2811	z_stream c_stream; /* compression stream */
wolfSSL	7:481bce714567	2812	z_stream d_stream; /* decompression stream */
wolfSSL	7:481bce714567	2813	byte didStreamInit; /* for stream init and end */
wolfSSL	7:481bce714567	2814	#endif
wolfSSL	7:481bce714567	2815	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	2816	int dtls_timeout_init; /* starting timeout value */
wolfSSL	7:481bce714567	2817	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	7:481bce714567	2818	int dtls_timeout; /* current timeout value, changes */
wolfSSL	7:481bce714567	2819	word32 dtls_tx_msg_list_sz;
wolfSSL	7:481bce714567	2820	word32 dtls_rx_msg_list_sz;
wolfSSL	7:481bce714567	2821	DtlsMsg* dtls_tx_msg_list;
wolfSSL	7:481bce714567	2822	DtlsMsg* dtls_rx_msg_list;
wolfSSL	7:481bce714567	2823	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	7:481bce714567	2824	word32 dtls_expected_rx;
wolfSSL	7:481bce714567	2825	wc_dtls_export dtls_export; /* export function for session */
wolfSSL	7:481bce714567	2826	#ifdef WOLFSSL_SCTP
wolfSSL	7:481bce714567	2827	word16 dtlsMtuSz;
wolfSSL	7:481bce714567	2828	#endif /* WOLFSSL_SCTP */
wolfSSL	7:481bce714567	2829	#endif
wolfSSL	7:481bce714567	2830	#ifdef WOLFSSL_CALLBACKS
wolfSSL	7:481bce714567	2831	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	7:481bce714567	2832	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	7:481bce714567	2833	byte hsInfoOn; /* track handshake info */
wolfSSL	7:481bce714567	2834	byte toInfoOn; /* track timeout info */
wolfSSL	7:481bce714567	2835	#endif
wolfSSL	7:481bce714567	2836	#ifdef HAVE_FUZZER
wolfSSL	7:481bce714567	2837	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL	7:481bce714567	2838	void* fuzzerCtx; /* user defined pointer */
wolfSSL	7:481bce714567	2839	#endif
wolfSSL	7:481bce714567	2840	#ifdef KEEP_PEER_CERT
wolfSSL	7:481bce714567	2841	WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL	7:481bce714567	2842	#endif
wolfSSL	7:481bce714567	2843	#ifdef KEEP_OUR_CERT
wolfSSL	7:481bce714567	2844	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
wolfSSL	7:481bce714567	2845	points to ctx if not owned (owned
wolfSSL	7:481bce714567	2846	flag found in buffers.weOwnCert) */
wolfSSL	7:481bce714567	2847	#endif
wolfSSL	7:481bce714567	2848	byte keepCert; /* keep certificate after handshake */
wolfSSL	7:481bce714567	2849	#if defined(FORTRESS) \|\| defined(HAVE_STUNNEL)
wolfSSL	7:481bce714567	2850	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL	7:481bce714567	2851	#endif
wolfSSL	7:481bce714567	2852	int devId; /* async device id to use */
wolfSSL	7:481bce714567	2853	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	7:481bce714567	2854	OneTimeAuth auth;
wolfSSL	7:481bce714567	2855	#endif
wolfSSL	7:481bce714567	2856	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	7:481bce714567	2857	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	7:481bce714567	2858	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	7:481bce714567	2859	word16 max_fragment;
wolfSSL	7:481bce714567	2860	#endif
wolfSSL	7:481bce714567	2861	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	7:481bce714567	2862	byte truncated_hmac;
wolfSSL	7:481bce714567	2863	#endif
wolfSSL	7:481bce714567	2864	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	7:481bce714567	2865	byte status_request;
wolfSSL	7:481bce714567	2866	#endif
wolfSSL	7:481bce714567	2867	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	7:481bce714567	2868	byte status_request_v2;
wolfSSL	7:481bce714567	2869	#endif
wolfSSL	7:481bce714567	2870	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	7:481bce714567	2871	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	7:481bce714567	2872	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL	7:481bce714567	2873	#endif /* user turned on */
wolfSSL	7:481bce714567	2874	#ifdef HAVE_ALPN
wolfSSL	7:481bce714567	2875	char* alpn_client_list; /* keep the client's list */
wolfSSL	7:481bce714567	2876	#endif /* of accepted protocols */
wolfSSL	7:481bce714567	2877	#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL	7:481bce714567	2878	CallbackSessionTicket session_ticket_cb;
wolfSSL	7:481bce714567	2879	void* session_ticket_ctx;
wolfSSL	7:481bce714567	2880	byte expect_session_ticket;
wolfSSL	7:481bce714567	2881	#endif
wolfSSL	7:481bce714567	2882	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	7:481bce714567	2883	#ifdef HAVE_NETX
wolfSSL	7:481bce714567	2884	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	7:481bce714567	2885	#endif
wolfSSL	7:481bce714567	2886	#ifdef SESSION_INDEX
wolfSSL	7:481bce714567	2887	int sessionIndex; /* Session's location in the cache. */
wolfSSL	7:481bce714567	2888	#endif
wolfSSL	7:481bce714567	2889	#ifdef ATOMIC_USER
wolfSSL	7:481bce714567	2890	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	7:481bce714567	2891	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	7:481bce714567	2892	#endif
wolfSSL	7:481bce714567	2893	#ifdef HAVE_PK_CALLBACKS
wolfSSL	7:481bce714567	2894	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	2895	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	7:481bce714567	2896	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	7:481bce714567	2897	void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
wolfSSL	7:481bce714567	2898	#endif /* HAVE_ECC */
wolfSSL	7:481bce714567	2899	#ifndef NO_RSA
wolfSSL	7:481bce714567	2900	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	7:481bce714567	2901	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	7:481bce714567	2902	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	7:481bce714567	2903	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	7:481bce714567	2904	#endif /* NO_RSA */
wolfSSL	7:481bce714567	2905	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	7:481bce714567	2906	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	7:481bce714567	2907	SessionSecretCb sessionSecretCb;
wolfSSL	7:481bce714567	2908	void* sessionSecretCtx;
wolfSSL	7:481bce714567	2909	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	7:481bce714567	2910	#ifdef WOLFSSL_JNI
wolfSSL	7:481bce714567	2911	void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
wolfSSL	7:481bce714567	2912	#endif /* WOLFSSL_JNI */
wolfSSL	7:481bce714567	2913	#ifdef HAVE_WOLF_EVENT
wolfSSL	7:481bce714567	2914	WOLF_EVENT event;
wolfSSL	7:481bce714567	2915	#endif /* HAVE_WOLF_EVENT */
wolfSSL	7:481bce714567	2916	};
wolfSSL	7:481bce714567	2917
wolfSSL	7:481bce714567	2918
wolfSSL	7:481bce714567	2919	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2920	int SetSSL_CTX(WOLFSSL, WOLFSSL_CTX);
wolfSSL	7:481bce714567	2921	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2922	int InitSSL(WOLFSSL, WOLFSSL_CTX);
wolfSSL	7:481bce714567	2923	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2924	void FreeSSL(WOLFSSL, void heap);
wolfSSL	7:481bce714567	2925	WOLFSSL_API void SSL_ResourceFree(WOLFSSL); / Micrium uses */
wolfSSL	7:481bce714567	2926
wolfSSL	7:481bce714567	2927
wolfSSL	7:481bce714567	2928	enum {
wolfSSL	7:481bce714567	2929	IV_SZ = 32, /* max iv sz */
wolfSSL	7:481bce714567	2930	NAME_SZ = 80 /* max one line */
wolfSSL	7:481bce714567	2931	};
wolfSSL	7:481bce714567	2932
wolfSSL	7:481bce714567	2933
wolfSSL	7:481bce714567	2934	typedef struct EncryptedInfo {
wolfSSL	7:481bce714567	2935	char name[NAME_SZ]; /* encryption name */
wolfSSL	7:481bce714567	2936	byte iv[IV_SZ]; /* encrypted IV */
wolfSSL	7:481bce714567	2937	word32 ivSz; /* encrypted IV size */
wolfSSL	7:481bce714567	2938	long consumed; /* tracks PEM bytes consumed */
wolfSSL	7:481bce714567	2939	byte set; /* if encryption set */
wolfSSL	7:481bce714567	2940	WOLFSSL_CTX* ctx; /* CTX owner */
wolfSSL	7:481bce714567	2941	} EncryptedInfo;
wolfSSL	7:481bce714567	2942
wolfSSL	7:481bce714567	2943
wolfSSL	7:481bce714567	2944	#ifndef NO_CERTS
wolfSSL	7:481bce714567	2945
wolfSSL	7:481bce714567	2946	WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
wolfSSL	7:481bce714567	2947	WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
wolfSSL	7:481bce714567	2948
wolfSSL	7:481bce714567	2949	WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL	7:481bce714567	2950	DerBuffer** pDer, void* heap, EncryptedInfo* info,
wolfSSL	7:481bce714567	2951	int* eccKey);
wolfSSL	7:481bce714567	2952
wolfSSL	7:481bce714567	2953	WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL	7:481bce714567	2954	long sz, int format, int type, WOLFSSL* ssl,
wolfSSL	7:481bce714567	2955	long* used, int userChain);
wolfSSL	7:481bce714567	2956	WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL	7:481bce714567	2957	int type, WOLFSSL* ssl, int userChain,
wolfSSL	7:481bce714567	2958	WOLFSSL_CRL* crl);
wolfSSL	7:481bce714567	2959	#endif
wolfSSL	7:481bce714567	2960
wolfSSL	7:481bce714567	2961
wolfSSL	7:481bce714567	2962	#ifdef WOLFSSL_CALLBACKS
wolfSSL	7:481bce714567	2963	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2964	void InitHandShakeInfo(HandShakeInfo, WOLFSSL);
wolfSSL	7:481bce714567	2965	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2966	void FinishHandShakeInfo(HandShakeInfo*);
wolfSSL	7:481bce714567	2967	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2968	void AddPacketName(const char, HandShakeInfo);
wolfSSL	7:481bce714567	2969
wolfSSL	7:481bce714567	2970	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2971	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	7:481bce714567	2972	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2973	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	7:481bce714567	2974	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2975	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
wolfSSL	7:481bce714567	2976	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2977	void AddLateName(const char, TimeoutInfo);
wolfSSL	7:481bce714567	2978	WOLFSSL_LOCAL
wolfSSL	7:481bce714567	2979	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	7:481bce714567	2980	#endif
wolfSSL	7:481bce714567	2981
wolfSSL	7:481bce714567	2982
wolfSSL	7:481bce714567	2983	/* Record Layer Header identifier from page 12 */
wolfSSL	7:481bce714567	2984	enum ContentType {
wolfSSL	7:481bce714567	2985	no_type = 0,
wolfSSL	7:481bce714567	2986	change_cipher_spec = 20,
wolfSSL	7:481bce714567	2987	alert = 21,
wolfSSL	7:481bce714567	2988	handshake = 22,
wolfSSL	7:481bce714567	2989	application_data = 23
wolfSSL	7:481bce714567	2990	};
wolfSSL	7:481bce714567	2991
wolfSSL	7:481bce714567	2992
wolfSSL	7:481bce714567	2993	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	7:481bce714567	2994	typedef struct HandShakeHeader {
wolfSSL	7:481bce714567	2995	byte type;
wolfSSL	7:481bce714567	2996	word24 length;
wolfSSL	7:481bce714567	2997	} HandShakeHeader;
wolfSSL	7:481bce714567	2998
wolfSSL	7:481bce714567	2999
wolfSSL	7:481bce714567	3000	/* DTLS handshake header, same for each message type */
wolfSSL	7:481bce714567	3001	typedef struct DtlsHandShakeHeader {
wolfSSL	7:481bce714567	3002	byte type;
wolfSSL	7:481bce714567	3003	word24 length;
wolfSSL	7:481bce714567	3004	byte message_seq[2]; /* start at 0, retransmit gets same # */
wolfSSL	7:481bce714567	3005	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	7:481bce714567	3006	word24 fragment_length; /* length of this fragment */
wolfSSL	7:481bce714567	3007	} DtlsHandShakeHeader;
wolfSSL	7:481bce714567	3008
wolfSSL	7:481bce714567	3009
wolfSSL	7:481bce714567	3010	enum HandShakeType {
wolfSSL	7:481bce714567	3011	hello_request = 0,
wolfSSL	7:481bce714567	3012	client_hello = 1,
wolfSSL	7:481bce714567	3013	server_hello = 2,
wolfSSL	7:481bce714567	3014	hello_verify_request = 3, /* DTLS addition */
wolfSSL	7:481bce714567	3015	session_ticket = 4,
wolfSSL	7:481bce714567	3016	certificate = 11,
wolfSSL	7:481bce714567	3017	server_key_exchange = 12,
wolfSSL	7:481bce714567	3018	certificate_request = 13,
wolfSSL	7:481bce714567	3019	server_hello_done = 14,
wolfSSL	7:481bce714567	3020	certificate_verify = 15,
wolfSSL	7:481bce714567	3021	client_key_exchange = 16,
wolfSSL	7:481bce714567	3022	finished = 20,
wolfSSL	7:481bce714567	3023	certificate_status = 22,
wolfSSL	7:481bce714567	3024	change_cipher_hs = 55, /* simulate unique handshake type for sanity
wolfSSL	7:481bce714567	3025	checks. record layer change_cipher
wolfSSL	7:481bce714567	3026	conflicts with handshake finished */
wolfSSL	7:481bce714567	3027	no_shake = 255 /* used to initialize the DtlsMsg record */
wolfSSL	7:481bce714567	3028	};
wolfSSL	7:481bce714567	3029
wolfSSL	7:481bce714567	3030
wolfSSL	7:481bce714567	3031	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	7:481bce714567	3032	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	7:481bce714567	3033
wolfSSL	7:481bce714567	3034	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	7:481bce714567	3035	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	7:481bce714567	3036
wolfSSL	7:481bce714567	3037
wolfSSL	7:481bce714567	3038	/* internal functions */
wolfSSL	7:481bce714567	3039	WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL	7:481bce714567	3040	WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL	7:481bce714567	3041	WOLFSSL_LOCAL int DoClientTicket(WOLFSSL, const byte, word32);
wolfSSL	7:481bce714567	3042	WOLFSSL_LOCAL int SendData(WOLFSSL, const void, int);
wolfSSL	7:481bce714567	3043	WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL	7:481bce714567	3044	WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL	7:481bce714567	3045	WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
wolfSSL	7:481bce714567	3046	WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL	7:481bce714567	3047	WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL	7:481bce714567	3048	WOLFSSL_LOCAL int ReceiveData(WOLFSSL, byte, int, int);
wolfSSL	7:481bce714567	3049	WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL	7:481bce714567	3050	WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL	7:481bce714567	3051	WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL	7:481bce714567	3052
wolfSSL	7:481bce714567	3053	WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL	7:481bce714567	3054	WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL	7:481bce714567	3055
wolfSSL	7:481bce714567	3056	WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL	7:481bce714567	3057	WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL	7:481bce714567	3058	WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
wolfSSL	7:481bce714567	3059
wolfSSL	7:481bce714567	3060	WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL	7:481bce714567	3061	WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL	7:481bce714567	3062
wolfSSL	7:481bce714567	3063	WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL	7:481bce714567	3064	WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL	7:481bce714567	3065	WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL	7:481bce714567	3066
wolfSSL	7:481bce714567	3067	WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL	7:481bce714567	3068	#ifndef NO_CERTS
wolfSSL	7:481bce714567	3069	#ifndef NO_RSA
wolfSSL	7:481bce714567	3070	WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
wolfSSL	7:481bce714567	3071	byte* verifySig, word32 sigSz,
wolfSSL	7:481bce714567	3072	const byte* plain, word32 plainSz,
wolfSSL	7:481bce714567	3073	RsaKey* key);
wolfSSL	7:481bce714567	3074	WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	7:481bce714567	3075	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	7:481bce714567	3076	WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL	7:481bce714567	3077	byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	7:481bce714567	3078	WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
wolfSSL	7:481bce714567	3079	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	7:481bce714567	3080	WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	7:481bce714567	3081	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	7:481bce714567	3082	#endif /* !NO_RSA */
wolfSSL	7:481bce714567	3083
wolfSSL	7:481bce714567	3084	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	3085	WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	7:481bce714567	3086	byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL	7:481bce714567	3087	void* ctx);
wolfSSL	7:481bce714567	3088	WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	7:481bce714567	3089	const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL	7:481bce714567	3090	void* ctx);
wolfSSL	7:481bce714567	3091	WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
wolfSSL	7:481bce714567	3092	ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
wolfSSL	7:481bce714567	3093	word32* outlen, int side, void* ctx);
wolfSSL	7:481bce714567	3094	#endif /* HAVE_ECC */
wolfSSL	7:481bce714567	3095
wolfSSL	7:481bce714567	3096	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	7:481bce714567	3097
wolfSSL	7:481bce714567	3098	/* options for searching hash table for a matching trusted peer cert */
wolfSSL	7:481bce714567	3099	#define WC_MATCH_SKID 0
wolfSSL	7:481bce714567	3100	#define WC_MATCH_NAME 1
wolfSSL	7:481bce714567	3101
wolfSSL	7:481bce714567	3102	WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
wolfSSL	7:481bce714567	3103	int type);
wolfSSL	7:481bce714567	3104	WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
wolfSSL	7:481bce714567	3105	DecodedCert* cert);
wolfSSL	7:481bce714567	3106	#endif
wolfSSL	7:481bce714567	3107
wolfSSL	7:481bce714567	3108	WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	7:481bce714567	3109	#ifndef NO_SKID
wolfSSL	7:481bce714567	3110	WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	7:481bce714567	3111	#endif
wolfSSL	7:481bce714567	3112	#endif /* !NO_CERTS */
wolfSSL	7:481bce714567	3113	WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
wolfSSL	7:481bce714567	3114	word32* hashLen);
wolfSSL	7:481bce714567	3115	WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL	7:481bce714567	3116	const byte* sender);
wolfSSL	7:481bce714567	3117	WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL	7:481bce714567	3118	WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL	7:481bce714567	3119	WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL	7:481bce714567	3120
wolfSSL	7:481bce714567	3121	#ifndef NO_TLS
wolfSSL	7:481bce714567	3122	WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL	7:481bce714567	3123	WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL	7:481bce714567	3124	word32 sz, int content, int verify);
wolfSSL	7:481bce714567	3125	#endif
wolfSSL	7:481bce714567	3126
wolfSSL	7:481bce714567	3127	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	7:481bce714567	3128	WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL	7:481bce714567	3129	WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL	7:481bce714567	3130	WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL	7:481bce714567	3131	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	7:481bce714567	3132
wolfSSL	7:481bce714567	3133	#ifndef NO_WOLFSSL_SERVER
wolfSSL	7:481bce714567	3134	WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL	7:481bce714567	3135	WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL	7:481bce714567	3136	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	7:481bce714567	3137
wolfSSL	7:481bce714567	3138	#ifdef WOLFSSL_DTLS
wolfSSL	7:481bce714567	3139	WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	7:481bce714567	3140	WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	7:481bce714567	3141	WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	7:481bce714567	3142	WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	7:481bce714567	3143	word32, word32, void*);
wolfSSL	7:481bce714567	3144	WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	7:481bce714567	3145	WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL, word32, const byte, word32,
wolfSSL	7:481bce714567	3146	byte, word32, word32, void*);
wolfSSL	7:481bce714567	3147	WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	7:481bce714567	3148
wolfSSL	7:481bce714567	3149	WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL, const byte, word32);
wolfSSL	7:481bce714567	3150	WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
wolfSSL	7:481bce714567	3151	WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
wolfSSL	7:481bce714567	3152	WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
wolfSSL	7:481bce714567	3153	WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
wolfSSL	7:481bce714567	3154	#endif /* WOLFSSL_DTLS */
wolfSSL	7:481bce714567	3155
wolfSSL	7:481bce714567	3156	#ifndef NO_TLS
wolfSSL	7:481bce714567	3157
wolfSSL	7:481bce714567	3158
wolfSSL	7:481bce714567	3159	#endif /* NO_TLS */
wolfSSL	7:481bce714567	3160
wolfSSL	7:481bce714567	3161
wolfSSL	7:481bce714567	3162	WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL	7:481bce714567	3163
wolfSSL	7:481bce714567	3164	#ifndef NO_CERTS
wolfSSL	7:481bce714567	3165	WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL	7:481bce714567	3166	WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
wolfSSL	7:481bce714567	3167	WOLFSSL_LOCAL void InitX509(WOLFSSL_X509, int, void heap);
wolfSSL	7:481bce714567	3168	WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL	7:481bce714567	3169	WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509, DecodedCert);
wolfSSL	7:481bce714567	3170	#endif
wolfSSL	7:481bce714567	3171
wolfSSL	7:481bce714567	3172	/* used by ssl.c and wolfssl_int.c */
wolfSSL	7:481bce714567	3173	WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
wolfSSL	7:481bce714567	3174
wolfSSL	7:481bce714567	3175	WOLFSSL_LOCAL const char* const* GetCipherNames(void);
wolfSSL	7:481bce714567	3176	WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL	7:481bce714567	3177	WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite);
wolfSSL	7:481bce714567	3178	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
wolfSSL	7:481bce714567	3179	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite(
wolfSSL	7:481bce714567	3180	const unsigned char cipherSuite, const unsigned char cipherSuite0);
wolfSSL	7:481bce714567	3181
wolfSSL	7:481bce714567	3182	enum encrypt_side {
wolfSSL	7:481bce714567	3183	ENCRYPT_SIDE_ONLY = 1,
wolfSSL	7:481bce714567	3184	DECRYPT_SIDE_ONLY,
wolfSSL	7:481bce714567	3185	ENCRYPT_AND_DECRYPT_SIDE
wolfSSL	7:481bce714567	3186	};
wolfSSL	7:481bce714567	3187
wolfSSL	7:481bce714567	3188	WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL	7:481bce714567	3189
wolfSSL	7:481bce714567	3190
wolfSSL	7:481bce714567	3191	#ifndef NO_DH
wolfSSL	7:481bce714567	3192	WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl,
wolfSSL	7:481bce714567	3193	byte* p, word32 pSz,
wolfSSL	7:481bce714567	3194	byte* g, word32 gSz,
wolfSSL	7:481bce714567	3195	byte* priv, word32* privSz,
wolfSSL	7:481bce714567	3196	byte* pub, word32* pubSz);
wolfSSL	7:481bce714567	3197	WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl,
wolfSSL	7:481bce714567	3198	byte* p, word32 pSz,
wolfSSL	7:481bce714567	3199	byte* g, word32 gSz,
wolfSSL	7:481bce714567	3200	byte* priv, word32* privSz,
wolfSSL	7:481bce714567	3201	byte* pub, word32* pubSz,
wolfSSL	7:481bce714567	3202	const byte* otherPub, word32 otherPubSz,
wolfSSL	7:481bce714567	3203	byte* agree, word32* agreeSz);
wolfSSL	7:481bce714567	3204	#endif
wolfSSL	7:481bce714567	3205
wolfSSL	7:481bce714567	3206	#ifdef HAVE_ECC
wolfSSL	7:481bce714567	3207	WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
wolfSSL	7:481bce714567	3208	#endif
wolfSSL	7:481bce714567	3209
wolfSSL	7:481bce714567	3210	WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL	7:481bce714567	3211	const byte* input, int inSz, int type, int hashOutput,
wolfSSL	7:481bce714567	3212	int sizeOnly);
wolfSSL	7:481bce714567	3213
wolfSSL	7:481bce714567	3214	#ifdef __cplusplus
wolfSSL	7:481bce714567	3215	} /* extern "C" */
wolfSSL	7:481bce714567	3216	#endif
wolfSSL	7:481bce714567	3217
wolfSSL	7:481bce714567	3218	#endif /* wolfSSL_INT_H */
wolfSSL	7:481bce714567	3219

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfssl/internal.h@7:481bce714567, 2017-05-02 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning