wolfSSL | Mbed

Users » wolfSSL » Code » wolfSSL

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/internal.h@17:a5f916481144, 2020-06-05 (annotated)

Committer:: wolfSSL
Date:: Fri Jun 05 00:11:07 2020 +0000
Revision:: 17:a5f916481144
Parent:: 16:8e0d178b1d1e

wolfSSL 4.4.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	15:117db924cf7c	1	/* internal.h
wolfSSL	15:117db924cf7c	2	*
wolfSSL	16:8e0d178b1d1e	3	* Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL	15:117db924cf7c	4	*
wolfSSL	15:117db924cf7c	5	* This file is part of wolfSSL.
wolfSSL	15:117db924cf7c	6	*
wolfSSL	15:117db924cf7c	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	15:117db924cf7c	8	* it under the terms of the GNU General Public License as published by
wolfSSL	15:117db924cf7c	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	15:117db924cf7c	10	* (at your option) any later version.
wolfSSL	15:117db924cf7c	11	*
wolfSSL	15:117db924cf7c	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	15:117db924cf7c	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	15:117db924cf7c	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	15:117db924cf7c	15	* GNU General Public License for more details.
wolfSSL	15:117db924cf7c	16	*
wolfSSL	15:117db924cf7c	17	* You should have received a copy of the GNU General Public License
wolfSSL	15:117db924cf7c	18	* along with this program; if not, write to the Free Software
wolfSSL	15:117db924cf7c	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	15:117db924cf7c	20	*/
wolfSSL	15:117db924cf7c	21
wolfSSL	15:117db924cf7c	22
wolfSSL	15:117db924cf7c	23
wolfSSL	15:117db924cf7c	24	#ifndef WOLFSSL_INT_H
wolfSSL	15:117db924cf7c	25	#define WOLFSSL_INT_H
wolfSSL	15:117db924cf7c	26
wolfSSL	15:117db924cf7c	27
wolfSSL	15:117db924cf7c	28	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	15:117db924cf7c	29	#include <wolfssl/ssl.h>
wolfSSL	15:117db924cf7c	30	#ifdef HAVE_CRL
wolfSSL	15:117db924cf7c	31	#include <wolfssl/crl.h>
wolfSSL	15:117db924cf7c	32	#endif
wolfSSL	15:117db924cf7c	33	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	15:117db924cf7c	34	#ifndef NO_DES3
wolfSSL	15:117db924cf7c	35	#include <wolfssl/wolfcrypt/des3.h>
wolfSSL	15:117db924cf7c	36	#endif
wolfSSL	15:117db924cf7c	37	#ifndef NO_HC128
wolfSSL	15:117db924cf7c	38	#include <wolfssl/wolfcrypt/hc128.h>
wolfSSL	15:117db924cf7c	39	#endif
wolfSSL	15:117db924cf7c	40	#ifndef NO_RABBIT
wolfSSL	15:117db924cf7c	41	#include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL	15:117db924cf7c	42	#endif
wolfSSL	15:117db924cf7c	43	#ifdef HAVE_CHACHA
wolfSSL	15:117db924cf7c	44	#include <wolfssl/wolfcrypt/chacha.h>
wolfSSL	15:117db924cf7c	45	#endif
wolfSSL	15:117db924cf7c	46	#ifndef NO_ASN
wolfSSL	15:117db924cf7c	47	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	15:117db924cf7c	48	#include <wolfssl/wolfcrypt/pkcs12.h>
wolfSSL	15:117db924cf7c	49	#endif
wolfSSL	15:117db924cf7c	50	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	51	#include <wolfssl/wolfcrypt/md5.h>
wolfSSL	15:117db924cf7c	52	#endif
wolfSSL	15:117db924cf7c	53	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	54	#include <wolfssl/wolfcrypt/sha.h>
wolfSSL	15:117db924cf7c	55	#endif
wolfSSL	15:117db924cf7c	56	#ifndef NO_AES
wolfSSL	15:117db924cf7c	57	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	15:117db924cf7c	58	#endif
wolfSSL	15:117db924cf7c	59	#ifdef HAVE_POLY1305
wolfSSL	15:117db924cf7c	60	#include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL	15:117db924cf7c	61	#endif
wolfSSL	15:117db924cf7c	62	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	63	#include <wolfssl/wolfcrypt/camellia.h>
wolfSSL	15:117db924cf7c	64	#endif
wolfSSL	15:117db924cf7c	65	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	15:117db924cf7c	66	#ifndef NO_HMAC
wolfSSL	15:117db924cf7c	67	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	15:117db924cf7c	68	#endif
wolfSSL	15:117db924cf7c	69	#ifndef NO_RC4
wolfSSL	15:117db924cf7c	70	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	15:117db924cf7c	71	#endif
wolfSSL	15:117db924cf7c	72	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	73	#include <wolfssl/wolfcrypt/sha256.h>
wolfSSL	15:117db924cf7c	74	#endif
wolfSSL	15:117db924cf7c	75	#ifdef HAVE_OCSP
wolfSSL	15:117db924cf7c	76	#include <wolfssl/ocsp.h>
wolfSSL	15:117db924cf7c	77	#endif
wolfSSL	15:117db924cf7c	78	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	79	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	15:117db924cf7c	80	#endif
wolfSSL	15:117db924cf7c	81	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	82	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	15:117db924cf7c	83	#endif
wolfSSL	15:117db924cf7c	84	#ifdef HAVE_AESGCM
wolfSSL	15:117db924cf7c	85	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	15:117db924cf7c	86	#endif
wolfSSL	15:117db924cf7c	87	#ifdef WOLFSSL_RIPEMD
wolfSSL	15:117db924cf7c	88	#include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL	15:117db924cf7c	89	#endif
wolfSSL	15:117db924cf7c	90	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	91	#include <wolfssl/wolfcrypt/idea.h>
wolfSSL	15:117db924cf7c	92	#endif
wolfSSL	15:117db924cf7c	93	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	94	#include <wolfssl/wolfcrypt/rsa.h>
wolfSSL	15:117db924cf7c	95	#endif
wolfSSL	15:117db924cf7c	96	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	97	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	15:117db924cf7c	98	#endif
wolfSSL	15:117db924cf7c	99	#ifndef NO_DH
wolfSSL	15:117db924cf7c	100	#include <wolfssl/wolfcrypt/dh.h>
wolfSSL	15:117db924cf7c	101	#endif
wolfSSL	15:117db924cf7c	102	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	103	#include <wolfssl/wolfcrypt/ed25519.h>
wolfSSL	15:117db924cf7c	104	#endif
wolfSSL	15:117db924cf7c	105	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	106	#include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL	15:117db924cf7c	107	#endif
wolfSSL	16:8e0d178b1d1e	108	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	109	#include <wolfssl/wolfcrypt/ed448.h>
wolfSSL	16:8e0d178b1d1e	110	#endif
wolfSSL	16:8e0d178b1d1e	111	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	112	#include <wolfssl/wolfcrypt/curve448.h>
wolfSSL	16:8e0d178b1d1e	113	#endif
wolfSSL	15:117db924cf7c	114
wolfSSL	15:117db924cf7c	115	#include <wolfssl/wolfcrypt/wc_encrypt.h>
wolfSSL	15:117db924cf7c	116	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	15:117db924cf7c	117
wolfSSL	15:117db924cf7c	118	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	119	#include <wolfssl/callbacks.h>
wolfSSL	15:117db924cf7c	120	#endif
wolfSSL	15:117db924cf7c	121	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	122	#include <signal.h>
wolfSSL	15:117db924cf7c	123	#endif
wolfSSL	15:117db924cf7c	124
wolfSSL	15:117db924cf7c	125	#ifdef USE_WINDOWS_API
wolfSSL	15:117db924cf7c	126	#ifdef WOLFSSL_GAME_BUILD
wolfSSL	15:117db924cf7c	127	#include "system/xtl.h"
wolfSSL	15:117db924cf7c	128	#else
wolfSSL	15:117db924cf7c	129	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	15:117db924cf7c	130	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	15:117db924cf7c	131	#include <winsock2.h>
wolfSSL	15:117db924cf7c	132	#endif
wolfSSL	15:117db924cf7c	133	#include <windows.h>
wolfSSL	15:117db924cf7c	134	#endif
wolfSSL	15:117db924cf7c	135	#elif defined(THREADX)
wolfSSL	15:117db924cf7c	136	#ifndef SINGLE_THREADED
wolfSSL	15:117db924cf7c	137	#include "tx_api.h"
wolfSSL	15:117db924cf7c	138	#endif
wolfSSL	16:8e0d178b1d1e	139
wolfSSL	16:8e0d178b1d1e	140	#elif defined(WOLFSSL_DEOS)
wolfSSL	16:8e0d178b1d1e	141	/* do nothing, just don't pick Unix */
wolfSSL	15:117db924cf7c	142	#elif defined(MICRIUM)
wolfSSL	15:117db924cf7c	143	/* do nothing, just don't pick Unix */
wolfSSL	15:117db924cf7c	144	#elif defined(FREERTOS) \|\| defined(FREERTOS_TCP) \|\| defined(WOLFSSL_SAFERTOS)
wolfSSL	15:117db924cf7c	145	/* do nothing */
wolfSSL	15:117db924cf7c	146	#elif defined(EBSNET)
wolfSSL	15:117db924cf7c	147	/* do nothing */
wolfSSL	15:117db924cf7c	148	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	15:117db924cf7c	149	/* do nothing */
wolfSSL	15:117db924cf7c	150	#elif defined(FREESCALE_FREE_RTOS)
wolfSSL	15:117db924cf7c	151	#include "fsl_os_abstraction.h"
wolfSSL	15:117db924cf7c	152	#elif defined(WOLFSSL_uITRON4)
wolfSSL	15:117db924cf7c	153	/* do nothing */
wolfSSL	15:117db924cf7c	154	#elif defined(WOLFSSL_uTKERNEL2)
wolfSSL	15:117db924cf7c	155	/* do nothing */
wolfSSL	15:117db924cf7c	156	#elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL	15:117db924cf7c	157	#include "cmsis_os.h"
wolfSSL	16:8e0d178b1d1e	158	#elif defined(WOLFSSL_CMSIS_RTOSv2)
wolfSSL	16:8e0d178b1d1e	159	#include "cmsis_os2.h"
wolfSSL	15:117db924cf7c	160	#elif defined(WOLFSSL_MDK_ARM)
wolfSSL	15:117db924cf7c	161	#if defined(WOLFSSL_MDK5)
wolfSSL	16:8e0d178b1d1e	162	#include "cmsis_os.h"
wolfSSL	15:117db924cf7c	163	#else
wolfSSL	15:117db924cf7c	164	#include <rtl.h>
wolfSSL	15:117db924cf7c	165	#endif
wolfSSL	15:117db924cf7c	166	#elif defined(MBED)
wolfSSL	15:117db924cf7c	167	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	15:117db924cf7c	168	/* do nothing */
wolfSSL	15:117db924cf7c	169	#elif defined(INTIME_RTOS)
wolfSSL	15:117db924cf7c	170	#include <rt.h>
wolfSSL	15:117db924cf7c	171	#elif defined(WOLFSSL_NUCLEUS_1_2)
wolfSSL	15:117db924cf7c	172	/* do nothing */
wolfSSL	16:8e0d178b1d1e	173	#elif defined(WOLFSSL_APACHE_MYNEWT)
wolfSSL	16:8e0d178b1d1e	174	#if !defined(WOLFSSL_LWIP)
wolfSSL	16:8e0d178b1d1e	175	void mynewt_ctx_clear(void *ctx);
wolfSSL	16:8e0d178b1d1e	176	void* mynewt_ctx_new();
wolfSSL	16:8e0d178b1d1e	177	#endif
wolfSSL	16:8e0d178b1d1e	178	#elif defined(WOLFSSL_ZEPHYR)
wolfSSL	16:8e0d178b1d1e	179	#ifndef SINGLE_THREADED
wolfSSL	16:8e0d178b1d1e	180	#include <kernel.h>
wolfSSL	16:8e0d178b1d1e	181	#endif
wolfSSL	16:8e0d178b1d1e	182	#elif defined(WOLFSSL_TELIT_M2MB)
wolfSSL	16:8e0d178b1d1e	183	/* do nothing */
wolfSSL	15:117db924cf7c	184	#else
wolfSSL	15:117db924cf7c	185	#ifndef SINGLE_THREADED
wolfSSL	15:117db924cf7c	186	#define WOLFSSL_PTHREADS
wolfSSL	15:117db924cf7c	187	#include <pthread.h>
wolfSSL	15:117db924cf7c	188	#endif
wolfSSL	16:8e0d178b1d1e	189	#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
wolfSSL	15:117db924cf7c	190	#include <unistd.h> /* for close of BIO */
wolfSSL	15:117db924cf7c	191	#endif
wolfSSL	15:117db924cf7c	192	#endif
wolfSSL	15:117db924cf7c	193
wolfSSL	15:117db924cf7c	194	#ifndef CHAR_BIT
wolfSSL	15:117db924cf7c	195	/* Needed for DTLS without big math */
wolfSSL	15:117db924cf7c	196	#include <limits.h>
wolfSSL	15:117db924cf7c	197	#endif
wolfSSL	15:117db924cf7c	198
wolfSSL	15:117db924cf7c	199
wolfSSL	15:117db924cf7c	200	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	201	#include "zlib.h"
wolfSSL	15:117db924cf7c	202	#endif
wolfSSL	15:117db924cf7c	203
wolfSSL	15:117db924cf7c	204	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	205	#include <wolfssl/wolfcrypt/async.h>
wolfSSL	15:117db924cf7c	206	#endif
wolfSSL	15:117db924cf7c	207
wolfSSL	15:117db924cf7c	208	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	209	#ifdef WOLFCRYPT_HAVE_SRP
wolfSSL	15:117db924cf7c	210	#include <wolfssl/wolfcrypt/srp.h>
wolfSSL	15:117db924cf7c	211	#endif
wolfSSL	15:117db924cf7c	212	#endif
wolfSSL	15:117db924cf7c	213
wolfSSL	15:117db924cf7c	214	#ifdef _MSC_VER
wolfSSL	15:117db924cf7c	215	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	15:117db924cf7c	216	#pragma warning(disable: 4996)
wolfSSL	15:117db924cf7c	217	#endif
wolfSSL	15:117db924cf7c	218
wolfSSL	15:117db924cf7c	219	#ifdef NO_SHA
wolfSSL	15:117db924cf7c	220	#define WC_SHA_DIGEST_SIZE 20
wolfSSL	15:117db924cf7c	221	#endif
wolfSSL	15:117db924cf7c	222
wolfSSL	15:117db924cf7c	223	#ifdef NO_SHA256
wolfSSL	15:117db924cf7c	224	#define WC_SHA256_DIGEST_SIZE 32
wolfSSL	15:117db924cf7c	225	#endif
wolfSSL	15:117db924cf7c	226
wolfSSL	15:117db924cf7c	227	#ifdef NO_MD5
wolfSSL	15:117db924cf7c	228	#define WC_MD5_DIGEST_SIZE 16
wolfSSL	15:117db924cf7c	229	#endif
wolfSSL	15:117db924cf7c	230
wolfSSL	15:117db924cf7c	231
wolfSSL	15:117db924cf7c	232	#ifdef __cplusplus
wolfSSL	15:117db924cf7c	233	extern "C" {
wolfSSL	15:117db924cf7c	234	#endif
wolfSSL	15:117db924cf7c	235
wolfSSL	15:117db924cf7c	236	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	15:117db924cf7c	237	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	15:117db924cf7c	238
wolfSSL	15:117db924cf7c	239	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	15:117db924cf7c	240
wolfSSL	15:117db924cf7c	241	Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL	15:117db924cf7c	242	flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL	15:117db924cf7c	243	Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL	15:117db924cf7c	244	need to be switched off. Allowed suites use (EC)DHE, AES-GCM\|CCM, or
wolfSSL	15:117db924cf7c	245	CHACHA-POLY.
wolfSSL	15:117db924cf7c	246	*/
wolfSSL	15:117db924cf7c	247
wolfSSL	15:117db924cf7c	248	/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL	15:117db924cf7c	249	* not turned off. */
wolfSSL	15:117db924cf7c	250	#if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL	15:117db924cf7c	251	((!defined(HAVE_ECC) && (defined(NO_DH) \|\| defined(NO_RSA))) \|\| \
wolfSSL	15:117db924cf7c	252	(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL	15:117db924cf7c	253	(!defined(HAVE_POLY1305) \|\| !defined(HAVE_CHACHA))) \|\| \
wolfSSL	15:117db924cf7c	254	(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) \|\| \
wolfSSL	15:117db924cf7c	255	!defined(NO_OLD_TLS))
wolfSSL	15:117db924cf7c	256
wolfSSL	15:117db924cf7c	257	#error "You are trying to build max strength with requirements disabled."
wolfSSL	15:117db924cf7c	258	#endif
wolfSSL	15:117db924cf7c	259
wolfSSL	15:117db924cf7c	260	/* Have QSH : Quantum-safe Handshake */
wolfSSL	15:117db924cf7c	261	#if defined(HAVE_QSH)
wolfSSL	15:117db924cf7c	262	#define BUILD_TLS_QSH
wolfSSL	15:117db924cf7c	263	#endif
wolfSSL	15:117db924cf7c	264
wolfSSL	16:8e0d178b1d1e	265	#ifndef WOLFSSL_NO_TLS12
wolfSSL	16:8e0d178b1d1e	266
wolfSSL	15:117db924cf7c	267	#ifndef WOLFSSL_MAX_STRENGTH
wolfSSL	15:117db924cf7c	268
wolfSSL	16:8e0d178b1d1e	269	#ifdef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	270	/* AES CBC ciphers are not allowed in AEAD only mode */
wolfSSL	16:8e0d178b1d1e	271	#undef HAVE_AES_CBC
wolfSSL	16:8e0d178b1d1e	272	#endif
wolfSSL	16:8e0d178b1d1e	273
wolfSSL	16:8e0d178b1d1e	274	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	275	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	15:117db924cf7c	276	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	277	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	278	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	279	#endif
wolfSSL	15:117db924cf7c	280	#if !defined(NO_MD5)
wolfSSL	15:117db924cf7c	281	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	15:117db924cf7c	282	#endif
wolfSSL	15:117db924cf7c	283	#endif
wolfSSL	15:117db924cf7c	284	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
wolfSSL	15:117db924cf7c	285	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	286	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	287	#endif
wolfSSL	15:117db924cf7c	288	#endif
wolfSSL	15:117db924cf7c	289
wolfSSL	15:117db924cf7c	290	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	15:117db924cf7c	291	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	292	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	293	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	294	#endif
wolfSSL	15:117db924cf7c	295	#if !defined(NO_TLS) && defined(HAVE_NTRU) \
wolfSSL	15:117db924cf7c	296	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	297	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	298	#endif
wolfSSL	15:117db924cf7c	299	#endif
wolfSSL	15:117db924cf7c	300	#endif
wolfSSL	15:117db924cf7c	301
wolfSSL	15:117db924cf7c	302	#if !defined(NO_RSA) && defined(HAVE_IDEA)
wolfSSL	15:117db924cf7c	303	#if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	304	#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	15:117db924cf7c	305	#endif
wolfSSL	15:117db924cf7c	306	#endif
wolfSSL	16:8e0d178b1d1e	307	#endif /* !WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	308
wolfSSL	15:117db924cf7c	309	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	16:8e0d178b1d1e	310	#if !defined(NO_SHA) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	311	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	312	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	313	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	314	#endif
wolfSSL	15:117db924cf7c	315	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	316	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	317	#endif
wolfSSL	15:117db924cf7c	318	#endif
wolfSSL	15:117db924cf7c	319	#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	320	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	321	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	322	#endif
wolfSSL	15:117db924cf7c	323	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	324	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	325	#endif
wolfSSL	15:117db924cf7c	326	#endif
wolfSSL	15:117db924cf7c	327	#endif
wolfSSL	15:117db924cf7c	328	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	16:8e0d178b1d1e	329	#if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	330	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	331	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	332	#endif
wolfSSL	15:117db924cf7c	333	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	334	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	15:117db924cf7c	335	#endif
wolfSSL	15:117db924cf7c	336	#endif
wolfSSL	15:117db924cf7c	337	#if defined (HAVE_AESGCM)
wolfSSL	15:117db924cf7c	338	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	339	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	340	#endif
wolfSSL	15:117db924cf7c	341	#if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL	15:117db924cf7c	342	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	343	#endif
wolfSSL	15:117db924cf7c	344	#endif
wolfSSL	15:117db924cf7c	345	#if defined (HAVE_AESCCM)
wolfSSL	15:117db924cf7c	346	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	347	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	15:117db924cf7c	348	#endif
wolfSSL	15:117db924cf7c	349	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	350	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	15:117db924cf7c	351	#endif
wolfSSL	15:117db924cf7c	352	#endif
wolfSSL	15:117db924cf7c	353	#endif
wolfSSL	15:117db924cf7c	354	#endif
wolfSSL	15:117db924cf7c	355
wolfSSL	16:8e0d178b1d1e	356	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
wolfSSL	15:117db924cf7c	357	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	358	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	359	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	360	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	15:117db924cf7c	361	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	15:117db924cf7c	362	#endif
wolfSSL	15:117db924cf7c	363	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	364	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	15:117db924cf7c	365	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	15:117db924cf7c	366	#endif
wolfSSL	15:117db924cf7c	367	#endif
wolfSSL	15:117db924cf7c	368	#if !defined(NO_DH)
wolfSSL	15:117db924cf7c	369	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	370	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	15:117db924cf7c	371	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	15:117db924cf7c	372	#endif
wolfSSL	15:117db924cf7c	373	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	374	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	15:117db924cf7c	375	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	15:117db924cf7c	376	#endif
wolfSSL	15:117db924cf7c	377	#endif
wolfSSL	15:117db924cf7c	378	#endif
wolfSSL	15:117db924cf7c	379	#endif
wolfSSL	15:117db924cf7c	380
wolfSSL	15:117db924cf7c	381	#if defined(WOLFSSL_STATIC_PSK)
wolfSSL	15:117db924cf7c	382	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	15:117db924cf7c	383	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	384	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	385	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	386	#endif
wolfSSL	15:117db924cf7c	387	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	388	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	389	#endif
wolfSSL	15:117db924cf7c	390	#endif
wolfSSL	15:117db924cf7c	391	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	392	#ifdef WOLFSSL_AES_128
wolfSSL	16:8e0d178b1d1e	393	#ifdef HAVE_AES_CBC
wolfSSL	16:8e0d178b1d1e	394	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	395	#endif
wolfSSL	16:8e0d178b1d1e	396	#ifdef HAVE_AESGCM
wolfSSL	16:8e0d178b1d1e	397	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	398	#endif
wolfSSL	15:117db924cf7c	399	#endif /* WOLFSSL_AES_128 */
wolfSSL	15:117db924cf7c	400	#ifdef HAVE_AESCCM
wolfSSL	15:117db924cf7c	401	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	402	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	15:117db924cf7c	403	#define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	15:117db924cf7c	404	#endif
wolfSSL	15:117db924cf7c	405	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	406	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	15:117db924cf7c	407	#define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	15:117db924cf7c	408	#endif
wolfSSL	15:117db924cf7c	409	#endif
wolfSSL	15:117db924cf7c	410	#endif
wolfSSL	15:117db924cf7c	411	#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL	16:8e0d178b1d1e	412	#ifdef HAVE_AES_CBC
wolfSSL	16:8e0d178b1d1e	413	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	414	#endif
wolfSSL	15:117db924cf7c	415	#ifdef HAVE_AESGCM
wolfSSL	15:117db924cf7c	416	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	417	#endif
wolfSSL	15:117db924cf7c	418	#endif
wolfSSL	15:117db924cf7c	419	#endif
wolfSSL	15:117db924cf7c	420	#endif
wolfSSL	15:117db924cf7c	421
wolfSSL	15:117db924cf7c	422	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	15:117db924cf7c	423	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	424	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	16:8e0d178b1d1e	425	#ifndef NO_MD5
wolfSSL	16:8e0d178b1d1e	426	#define BUILD_TLS_RSA_WITH_NULL_MD5
wolfSSL	16:8e0d178b1d1e	427	#endif
wolfSSL	15:117db924cf7c	428	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	429	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	15:117db924cf7c	430	#endif
wolfSSL	15:117db924cf7c	431	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	432	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	15:117db924cf7c	433	#endif
wolfSSL	15:117db924cf7c	434	#endif
wolfSSL	15:117db924cf7c	435	#endif
wolfSSL	15:117db924cf7c	436	#if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
wolfSSL	15:117db924cf7c	437	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	438	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	15:117db924cf7c	439	#endif
wolfSSL	15:117db924cf7c	440	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	441	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	15:117db924cf7c	442	#endif
wolfSSL	15:117db924cf7c	443	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	444	#define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	15:117db924cf7c	445	#endif
wolfSSL	15:117db924cf7c	446	#endif
wolfSSL	15:117db924cf7c	447	#endif
wolfSSL	15:117db924cf7c	448
wolfSSL	15:117db924cf7c	449	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	15:117db924cf7c	450	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	15:117db924cf7c	451	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	452	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	15:117db924cf7c	453	#endif
wolfSSL	15:117db924cf7c	454	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	455	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	15:117db924cf7c	456	#endif
wolfSSL	15:117db924cf7c	457	#endif
wolfSSL	15:117db924cf7c	458
wolfSSL	15:117db924cf7c	459	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	460	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	461	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	15:117db924cf7c	462	#endif
wolfSSL	15:117db924cf7c	463	#endif
wolfSSL	15:117db924cf7c	464	#endif
wolfSSL	15:117db924cf7c	465
wolfSSL	15:117db924cf7c	466	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	15:117db924cf7c	467	!defined(NO_RSA)
wolfSSL	15:117db924cf7c	468
wolfSSL	15:117db924cf7c	469	#if !defined(NO_SHA)
wolfSSL	16:8e0d178b1d1e	470	#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	471	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	472	#endif
wolfSSL	16:8e0d178b1d1e	473	#if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	474	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	475	#endif
wolfSSL	15:117db924cf7c	476	#if !defined(NO_DES3)
wolfSSL	15:117db924cf7c	477	#define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	478	#endif
wolfSSL	15:117db924cf7c	479	#endif
wolfSSL	15:117db924cf7c	480	#if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	481	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	482	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	483	#endif
wolfSSL	15:117db924cf7c	484	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	485	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	15:117db924cf7c	486	#endif
wolfSSL	15:117db924cf7c	487	#endif
wolfSSL	15:117db924cf7c	488	#endif
wolfSSL	15:117db924cf7c	489
wolfSSL	15:117db924cf7c	490	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL	15:117db924cf7c	491	!defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
wolfSSL	16:8e0d178b1d1e	492	#ifdef HAVE_AES_CBC
wolfSSL	16:8e0d178b1d1e	493	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	494	#endif
wolfSSL	15:117db924cf7c	495
wolfSSL	15:117db924cf7c	496	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL	15:117db924cf7c	497	#define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	498	#endif
wolfSSL	15:117db924cf7c	499	#endif
wolfSSL	15:117db924cf7c	500
wolfSSL	15:117db924cf7c	501	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	15:117db924cf7c	502	#ifndef NO_SHA256
wolfSSL	16:8e0d178b1d1e	503	#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
wolfSSL	16:8e0d178b1d1e	504	defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	505	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	506	#endif
wolfSSL	15:117db924cf7c	507	#ifdef HAVE_NULL_CIPHER
wolfSSL	15:117db924cf7c	508	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	15:117db924cf7c	509	#endif
wolfSSL	15:117db924cf7c	510	#endif
wolfSSL	15:117db924cf7c	511	#ifdef WOLFSSL_SHA384
wolfSSL	16:8e0d178b1d1e	512	#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
wolfSSL	16:8e0d178b1d1e	513	defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	514	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	515	#endif
wolfSSL	15:117db924cf7c	516	#ifdef HAVE_NULL_CIPHER
wolfSSL	15:117db924cf7c	517	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	15:117db924cf7c	518	#endif
wolfSSL	15:117db924cf7c	519	#endif
wolfSSL	15:117db924cf7c	520	#endif
wolfSSL	15:117db924cf7c	521
wolfSSL	16:8e0d178b1d1e	522	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	523	defined(HAVE_CURVE448)) && !defined(NO_TLS)
wolfSSL	15:117db924cf7c	524	#if !defined(NO_AES)
wolfSSL	16:8e0d178b1d1e	525	#if !defined(NO_SHA) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	526	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	527	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	528	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	529	#endif
wolfSSL	15:117db924cf7c	530	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	531	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	532	#endif
wolfSSL	15:117db924cf7c	533	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	534	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	535	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	536	#endif
wolfSSL	15:117db924cf7c	537	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	538	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	539	#endif
wolfSSL	15:117db924cf7c	540	#endif
wolfSSL	15:117db924cf7c	541	#endif
wolfSSL	15:117db924cf7c	542
wolfSSL	16:8e0d178b1d1e	543	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	544	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	545	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	546	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	547	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	548	#endif
wolfSSL	15:117db924cf7c	549	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	550	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	551	#endif
wolfSSL	15:117db924cf7c	552	#endif
wolfSSL	15:117db924cf7c	553
wolfSSL	15:117db924cf7c	554	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	555	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	556	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	557	#endif
wolfSSL	15:117db924cf7c	558	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	559	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	560	#endif
wolfSSL	15:117db924cf7c	561	#endif
wolfSSL	15:117db924cf7c	562	#endif /* NO_SHA */
wolfSSL	16:8e0d178b1d1e	563	#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
wolfSSL	16:8e0d178b1d1e	564	defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	565	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	566	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	567	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	568	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	569	#endif
wolfSSL	15:117db924cf7c	570	#endif
wolfSSL	16:8e0d178b1d1e	571	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	572	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	573	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	574	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	575	#endif
wolfSSL	15:117db924cf7c	576	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	577	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	578	#endif
wolfSSL	15:117db924cf7c	579	#endif
wolfSSL	15:117db924cf7c	580
wolfSSL	16:8e0d178b1d1e	581	#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
wolfSSL	16:8e0d178b1d1e	582	defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	583	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	584	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	585	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	586	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	587	#endif
wolfSSL	15:117db924cf7c	588	#endif
wolfSSL	16:8e0d178b1d1e	589	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	590	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	591	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	592	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	593	#endif
wolfSSL	15:117db924cf7c	594	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	595	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	596	#endif
wolfSSL	15:117db924cf7c	597	#endif
wolfSSL	15:117db924cf7c	598
wolfSSL	15:117db924cf7c	599	#if defined (HAVE_AESGCM)
wolfSSL	15:117db924cf7c	600	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	601	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	602	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	603	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	604	#endif
wolfSSL	15:117db924cf7c	605	#endif
wolfSSL	15:117db924cf7c	606	#if defined(WOLFSSL_SHA384)
wolfSSL	15:117db924cf7c	607	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	608	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	609	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	610	#endif
wolfSSL	15:117db924cf7c	611	#endif
wolfSSL	15:117db924cf7c	612	#endif
wolfSSL	15:117db924cf7c	613	#endif
wolfSSL	15:117db924cf7c	614
wolfSSL	15:117db924cf7c	615	#if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
wolfSSL	15:117db924cf7c	616	defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	617	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	618	#endif
wolfSSL	15:117db924cf7c	619
wolfSSL	15:117db924cf7c	620	#if defined(WOLFSSL_SHA384)
wolfSSL	15:117db924cf7c	621	#if defined(WOLFSSL_STATIC_DH) && \
wolfSSL	15:117db924cf7c	622	defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	623	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	624	#endif
wolfSSL	15:117db924cf7c	625	#endif
wolfSSL	15:117db924cf7c	626	#endif
wolfSSL	15:117db924cf7c	627	#endif /* NO_AES */
wolfSSL	15:117db924cf7c	628	#if !defined(NO_RC4)
wolfSSL	15:117db924cf7c	629	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	630	#if !defined(NO_RSA)
wolfSSL	16:8e0d178b1d1e	631	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	632	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	633	#endif
wolfSSL	15:117db924cf7c	634	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	635	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	636	#endif
wolfSSL	15:117db924cf7c	637	#endif
wolfSSL	15:117db924cf7c	638
wolfSSL	16:8e0d178b1d1e	639	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	640	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	641	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	16:8e0d178b1d1e	642	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	643	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	644	#endif
wolfSSL	15:117db924cf7c	645	#endif
wolfSSL	15:117db924cf7c	646	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	647	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	648	#endif
wolfSSL	15:117db924cf7c	649	#endif
wolfSSL	15:117db924cf7c	650	#endif
wolfSSL	15:117db924cf7c	651	#if !defined(NO_DES3)
wolfSSL	15:117db924cf7c	652	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	653	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	654	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	655	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	656	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	657	#endif
wolfSSL	15:117db924cf7c	658	#endif
wolfSSL	15:117db924cf7c	659
wolfSSL	16:8e0d178b1d1e	660	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	661	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	662	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	663	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	664	#endif
wolfSSL	15:117db924cf7c	665	#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	666	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	667	#endif
wolfSSL	15:117db924cf7c	668	#endif /* NO_SHA */
wolfSSL	15:117db924cf7c	669	#endif
wolfSSL	15:117db924cf7c	670	#if defined(HAVE_NULL_CIPHER)
wolfSSL	15:117db924cf7c	671	#if !defined(NO_SHA)
wolfSSL	16:8e0d178b1d1e	672	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	673	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	674	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	675	#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	15:117db924cf7c	676	#endif
wolfSSL	15:117db924cf7c	677	#endif
wolfSSL	15:117db924cf7c	678	#if !defined(NO_PSK) && !defined(NO_SHA256)
wolfSSL	15:117db924cf7c	679	#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	15:117db924cf7c	680	#endif
wolfSSL	15:117db924cf7c	681	#endif
wolfSSL	15:117db924cf7c	682	#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
wolfSSL	16:8e0d178b1d1e	683	defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	684	#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	685	#endif
wolfSSL	15:117db924cf7c	686	#endif
wolfSSL	15:117db924cf7c	687	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	15:117db924cf7c	688	#if !defined(NO_OLD_POLY1305)
wolfSSL	16:8e0d178b1d1e	689	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	690	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	691	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	692	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	15:117db924cf7c	693	#endif
wolfSSL	16:8e0d178b1d1e	694	#if !defined(NO_RSA) && defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	695	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	15:117db924cf7c	696	#endif
wolfSSL	15:117db924cf7c	697	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	698	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	15:117db924cf7c	699	#endif
wolfSSL	15:117db924cf7c	700	#endif /* NO_OLD_POLY1305 */
wolfSSL	15:117db924cf7c	701	#if !defined(NO_PSK)
wolfSSL	15:117db924cf7c	702	#define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	703	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	704	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	705	#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	706	#endif
wolfSSL	15:117db924cf7c	707	#ifndef NO_DH
wolfSSL	15:117db924cf7c	708	#define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	709	#endif
wolfSSL	15:117db924cf7c	710	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	711	#endif
wolfSSL	15:117db924cf7c	712
wolfSSL	15:117db924cf7c	713	#endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL	15:117db924cf7c	714
wolfSSL	15:117db924cf7c	715	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	15:117db924cf7c	716	!defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL	15:117db924cf7c	717
wolfSSL	15:117db924cf7c	718	#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL	15:117db924cf7c	719	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	720	#endif
wolfSSL	15:117db924cf7c	721
wolfSSL	15:117db924cf7c	722	#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL	15:117db924cf7c	723	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	724	#endif
wolfSSL	15:117db924cf7c	725	#endif
wolfSSL	15:117db924cf7c	726
wolfSSL	15:117db924cf7c	727	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	15:117db924cf7c	728	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	729	#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
wolfSSL	15:117db924cf7c	730	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	731	#endif
wolfSSL	15:117db924cf7c	732	#ifdef HAVE_AESCCM
wolfSSL	15:117db924cf7c	733	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	734	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	15:117db924cf7c	735	#endif
wolfSSL	15:117db924cf7c	736	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	737	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	15:117db924cf7c	738	#endif
wolfSSL	15:117db924cf7c	739	#endif
wolfSSL	15:117db924cf7c	740	#endif
wolfSSL	15:117db924cf7c	741	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
wolfSSL	15:117db924cf7c	742	defined(WOLFSSL_AES_256)
wolfSSL	15:117db924cf7c	743	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	744	#endif
wolfSSL	15:117db924cf7c	745	#endif
wolfSSL	15:117db924cf7c	746
wolfSSL	16:8e0d178b1d1e	747	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)) \
wolfSSL	16:8e0d178b1d1e	748	&& !defined(NO_TLS) && !defined(NO_AES)
wolfSSL	15:117db924cf7c	749	#ifdef HAVE_AESGCM
wolfSSL	15:117db924cf7c	750	#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL	16:8e0d178b1d1e	751	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	752	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	753	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	754	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	755	#endif
wolfSSL	15:117db924cf7c	756	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	757	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	758	#endif
wolfSSL	15:117db924cf7c	759	#endif
wolfSSL	15:117db924cf7c	760	#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL	16:8e0d178b1d1e	761	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	762	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	763	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	764	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	765	#endif
wolfSSL	15:117db924cf7c	766	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	767	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	768	#endif
wolfSSL	15:117db924cf7c	769	#endif
wolfSSL	15:117db924cf7c	770	#endif
wolfSSL	15:117db924cf7c	771	#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL	16:8e0d178b1d1e	772	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	773	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	774	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	775	#ifdef WOLFSSL_AES_128
wolfSSL	15:117db924cf7c	776	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL	15:117db924cf7c	777	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	15:117db924cf7c	778	#endif
wolfSSL	15:117db924cf7c	779	#ifdef WOLFSSL_AES_256
wolfSSL	15:117db924cf7c	780	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	15:117db924cf7c	781	#endif
wolfSSL	15:117db924cf7c	782	#endif
wolfSSL	15:117db924cf7c	783	#endif
wolfSSL	15:117db924cf7c	784	#endif
wolfSSL	15:117db924cf7c	785
wolfSSL	15:117db924cf7c	786	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	16:8e0d178b1d1e	787	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	16:8e0d178b1d1e	788	#if defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	789	(defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \|\| \
wolfSSL	16:8e0d178b1d1e	790	(defined(HAVE_CURVE448) && defined(HAVE_ED448))
wolfSSL	15:117db924cf7c	791	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	792	#endif
wolfSSL	15:117db924cf7c	793	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	794	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	795	#endif
wolfSSL	15:117db924cf7c	796	#endif
wolfSSL	15:117db924cf7c	797	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	798	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	799	#endif
wolfSSL	15:117db924cf7c	800	#endif
wolfSSL	15:117db924cf7c	801
wolfSSL	16:8e0d178b1d1e	802	#endif
wolfSSL	16:8e0d178b1d1e	803
wolfSSL	15:117db924cf7c	804	#if defined(WOLFSSL_TLS13)
wolfSSL	15:117db924cf7c	805	#ifdef HAVE_AESGCM
wolfSSL	15:117db924cf7c	806	#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL	15:117db924cf7c	807	#define BUILD_TLS_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	808	#endif
wolfSSL	15:117db924cf7c	809	#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL	15:117db924cf7c	810	#define BUILD_TLS_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	811	#endif
wolfSSL	15:117db924cf7c	812	#endif
wolfSSL	15:117db924cf7c	813
wolfSSL	15:117db924cf7c	814	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL	15:117db924cf7c	815	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	816	#define BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	817	#endif
wolfSSL	15:117db924cf7c	818	#endif
wolfSSL	15:117db924cf7c	819
wolfSSL	15:117db924cf7c	820	#ifdef HAVE_AESCCM
wolfSSL	15:117db924cf7c	821	#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL	15:117db924cf7c	822	#define BUILD_TLS_AES_128_CCM_SHA256
wolfSSL	15:117db924cf7c	823	#define BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL	15:117db924cf7c	824	#endif
wolfSSL	15:117db924cf7c	825	#endif
wolfSSL	16:8e0d178b1d1e	826	#ifdef HAVE_NULL_CIPHER
wolfSSL	16:8e0d178b1d1e	827	#ifndef NO_SHA256
wolfSSL	16:8e0d178b1d1e	828	#define BUILD_TLS_SHA256_SHA256
wolfSSL	16:8e0d178b1d1e	829	#endif
wolfSSL	16:8e0d178b1d1e	830	#ifdef WOLFSSL_SHA384
wolfSSL	16:8e0d178b1d1e	831	#define BUILD_TLS_SHA384_SHA384
wolfSSL	16:8e0d178b1d1e	832	#endif
wolfSSL	16:8e0d178b1d1e	833	#endif
wolfSSL	15:117db924cf7c	834	#endif
wolfSSL	15:117db924cf7c	835
wolfSSL	15:117db924cf7c	836	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	837	#if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
wolfSSL	15:117db924cf7c	838	#define BUILD_WDM_WITH_NULL_SHA256
wolfSSL	15:117db924cf7c	839	#endif
wolfSSL	15:117db924cf7c	840	#endif
wolfSSL	15:117db924cf7c	841
wolfSSL	15:117db924cf7c	842	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	15:117db924cf7c	843	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	15:117db924cf7c	844	#define BUILD_ARC4
wolfSSL	15:117db924cf7c	845	#endif
wolfSSL	15:117db924cf7c	846
wolfSSL	15:117db924cf7c	847	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	15:117db924cf7c	848	#define BUILD_DES3
wolfSSL	15:117db924cf7c	849	#endif
wolfSSL	15:117db924cf7c	850
wolfSSL	15:117db924cf7c	851	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	15:117db924cf7c	852	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	15:117db924cf7c	853	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) \|\| \
wolfSSL	15:117db924cf7c	854	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
wolfSSL	15:117db924cf7c	855	#undef BUILD_AES
wolfSSL	15:117db924cf7c	856	#define BUILD_AES
wolfSSL	15:117db924cf7c	857	#endif
wolfSSL	15:117db924cf7c	858
wolfSSL	15:117db924cf7c	859	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	15:117db924cf7c	860	defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	15:117db924cf7c	861	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	15:117db924cf7c	862	defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	15:117db924cf7c	863	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	15:117db924cf7c	864	defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	15:117db924cf7c	865	defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	15:117db924cf7c	866	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	15:117db924cf7c	867	defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	16:8e0d178b1d1e	868	defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	16:8e0d178b1d1e	869	defined(BUILD_TLS_AES_128_GCM_SHA256) \|\| \
wolfSSL	16:8e0d178b1d1e	870	defined(BUILD_TLS_AES_256_GCM_SHA384)
wolfSSL	15:117db924cf7c	871	#define BUILD_AESGCM
wolfSSL	15:117db924cf7c	872	#else
wolfSSL	15:117db924cf7c	873	/* No AES-GCM cipher suites available with build */
wolfSSL	15:117db924cf7c	874	#define NO_AESGCM_AEAD
wolfSSL	15:117db924cf7c	875	#endif
wolfSSL	15:117db924cf7c	876
wolfSSL	15:117db924cf7c	877	#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	878	defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	879	defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	880	defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	881	defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	882	defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	883	defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	884	defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	885	defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) \|\| \
wolfSSL	15:117db924cf7c	886	defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
wolfSSL	15:117db924cf7c	887	/* Have an available ChaCha Poly cipher suite */
wolfSSL	15:117db924cf7c	888	#else
wolfSSL	15:117db924cf7c	889	/* No ChaCha Poly cipher suites available with build */
wolfSSL	15:117db924cf7c	890	#define NO_CHAPOL_AEAD
wolfSSL	15:117db924cf7c	891	#endif
wolfSSL	15:117db924cf7c	892
wolfSSL	15:117db924cf7c	893	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	16:8e0d178b1d1e	894	defined(BUILD_TLS_RSA_WITH_HC_128_MD5)
wolfSSL	15:117db924cf7c	895	#define BUILD_HC128
wolfSSL	15:117db924cf7c	896	#endif
wolfSSL	15:117db924cf7c	897
wolfSSL	15:117db924cf7c	898	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	15:117db924cf7c	899	#define BUILD_RABBIT
wolfSSL	15:117db924cf7c	900	#endif
wolfSSL	15:117db924cf7c	901
wolfSSL	15:117db924cf7c	902	#ifdef NO_DES3
wolfSSL	15:117db924cf7c	903	#define DES_BLOCK_SIZE 8
wolfSSL	15:117db924cf7c	904	#else
wolfSSL	15:117db924cf7c	905	#undef BUILD_DES3
wolfSSL	15:117db924cf7c	906	#define BUILD_DES3
wolfSSL	15:117db924cf7c	907	#endif
wolfSSL	15:117db924cf7c	908
wolfSSL	15:117db924cf7c	909	#if defined(NO_AES) \|\| defined(NO_AES_DECRYPT)
wolfSSL	15:117db924cf7c	910	#define AES_BLOCK_SIZE 16
wolfSSL	15:117db924cf7c	911	#undef BUILD_AES
wolfSSL	15:117db924cf7c	912	#else
wolfSSL	15:117db924cf7c	913	#undef BUILD_AES
wolfSSL	15:117db924cf7c	914	#define BUILD_AES
wolfSSL	15:117db924cf7c	915	#endif
wolfSSL	15:117db924cf7c	916
wolfSSL	15:117db924cf7c	917	#ifndef NO_RC4
wolfSSL	15:117db924cf7c	918	#undef BUILD_ARC4
wolfSSL	15:117db924cf7c	919	#define BUILD_ARC4
wolfSSL	15:117db924cf7c	920	#endif
wolfSSL	15:117db924cf7c	921
wolfSSL	15:117db924cf7c	922	#ifdef HAVE_CHACHA
wolfSSL	15:117db924cf7c	923	#define CHACHA20_BLOCK_SIZE 16
wolfSSL	15:117db924cf7c	924	#endif
wolfSSL	15:117db924cf7c	925
wolfSSL	15:117db924cf7c	926	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	15:117db924cf7c	927	(defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) \|\| \
wolfSSL	15:117db924cf7c	928	defined(HAVE_AESCCM) \|\| \
wolfSSL	16:8e0d178b1d1e	929	(defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
wolfSSL	16:8e0d178b1d1e	930	!defined(NO_CHAPOL_AEAD)) \|\| \
wolfSSL	16:8e0d178b1d1e	931	(defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER))
wolfSSL	15:117db924cf7c	932
wolfSSL	15:117db924cf7c	933	#define HAVE_AEAD
wolfSSL	15:117db924cf7c	934	#endif
wolfSSL	15:117db924cf7c	935
wolfSSL	15:117db924cf7c	936	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	15:117db924cf7c	937	defined(HAVE_ECC) \|\| !defined(NO_DH)
wolfSSL	15:117db924cf7c	938
wolfSSL	15:117db924cf7c	939	#define HAVE_PFS
wolfSSL	15:117db924cf7c	940	#endif
wolfSSL	15:117db924cf7c	941
wolfSSL	15:117db924cf7c	942	#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
wolfSSL	15:117db924cf7c	943	#define BUILD_IDEA
wolfSSL	15:117db924cf7c	944	#endif
wolfSSL	15:117db924cf7c	945
wolfSSL	15:117db924cf7c	946	/* actual cipher values, 2nd byte */
wolfSSL	15:117db924cf7c	947	enum {
wolfSSL	15:117db924cf7c	948	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
wolfSSL	15:117db924cf7c	949	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	15:117db924cf7c	950	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	15:117db924cf7c	951	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL	15:117db924cf7c	952	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	15:117db924cf7c	953	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	16:8e0d178b1d1e	954	TLS_RSA_WITH_NULL_MD5 = 0x01,
wolfSSL	15:117db924cf7c	955	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	15:117db924cf7c	956	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	15:117db924cf7c	957	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	15:117db924cf7c	958	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL	15:117db924cf7c	959	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	15:117db924cf7c	960	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	15:117db924cf7c	961	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL	15:117db924cf7c	962	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	15:117db924cf7c	963	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	15:117db924cf7c	964	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	15:117db924cf7c	965	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	15:117db924cf7c	966	SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
wolfSSL	15:117db924cf7c	967
wolfSSL	15:117db924cf7c	968	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	15:117db924cf7c	969	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	15:117db924cf7c	970	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	15:117db924cf7c	971	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	15:117db924cf7c	972	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	15:117db924cf7c	973	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	15:117db924cf7c	974	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	15:117db924cf7c	975	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	15:117db924cf7c	976	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	15:117db924cf7c	977	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	15:117db924cf7c	978	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	15:117db924cf7c	979	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	15:117db924cf7c	980	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	15:117db924cf7c	981	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
wolfSSL	15:117db924cf7c	982	TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
wolfSSL	15:117db924cf7c	983	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
wolfSSL	15:117db924cf7c	984
wolfSSL	15:117db924cf7c	985	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	15:117db924cf7c	986	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	15:117db924cf7c	987	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	15:117db924cf7c	988	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	15:117db924cf7c	989	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	15:117db924cf7c	990	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	15:117db924cf7c	991	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	15:117db924cf7c	992	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	15:117db924cf7c	993	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	15:117db924cf7c	994	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	15:117db924cf7c	995	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	15:117db924cf7c	996	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	15:117db924cf7c	997	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	15:117db924cf7c	998
wolfSSL	15:117db924cf7c	999	/* wolfSSL extension - eSTREAM */
wolfSSL	15:117db924cf7c	1000	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	15:117db924cf7c	1001	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	15:117db924cf7c	1002	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	15:117db924cf7c	1003	WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
wolfSSL	15:117db924cf7c	1004
wolfSSL	15:117db924cf7c	1005	/* wolfSSL extension - NTRU */
wolfSSL	15:117db924cf7c	1006	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	15:117db924cf7c	1007	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	15:117db924cf7c	1008	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL	15:117db924cf7c	1009	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	15:117db924cf7c	1010
wolfSSL	15:117db924cf7c	1011	/* wolfSSL extension - NTRU , Quantum-safe Handshake
wolfSSL	15:117db924cf7c	1012	first byte is 0xD0 (QSH_BYTE) */
wolfSSL	15:117db924cf7c	1013	TLS_QSH = 0x01,
wolfSSL	15:117db924cf7c	1014
wolfSSL	15:117db924cf7c	1015	/* SHA256 */
wolfSSL	15:117db924cf7c	1016	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	15:117db924cf7c	1017	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	15:117db924cf7c	1018	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	15:117db924cf7c	1019	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	15:117db924cf7c	1020	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	15:117db924cf7c	1021	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL	15:117db924cf7c	1022	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL	15:117db924cf7c	1023
wolfSSL	15:117db924cf7c	1024	/* SHA384 */
wolfSSL	15:117db924cf7c	1025	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL	15:117db924cf7c	1026	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL	15:117db924cf7c	1027
wolfSSL	15:117db924cf7c	1028	/* AES-GCM */
wolfSSL	15:117db924cf7c	1029	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	15:117db924cf7c	1030	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	15:117db924cf7c	1031	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	15:117db924cf7c	1032	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	15:117db924cf7c	1033	TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
wolfSSL	15:117db924cf7c	1034	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL	15:117db924cf7c	1035	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL	15:117db924cf7c	1036	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL	15:117db924cf7c	1037	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL	15:117db924cf7c	1038
wolfSSL	15:117db924cf7c	1039	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	15:117db924cf7c	1040	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	15:117db924cf7c	1041	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	15:117db924cf7c	1042	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	15:117db924cf7c	1043	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	15:117db924cf7c	1044	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	15:117db924cf7c	1045	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	15:117db924cf7c	1046	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	15:117db924cf7c	1047	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	15:117db924cf7c	1048
wolfSSL	15:117db924cf7c	1049	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	15:117db924cf7c	1050	* also, in some of the other AES-CCM suites
wolfSSL	15:117db924cf7c	1051	* there will be second byte number conflicts
wolfSSL	15:117db924cf7c	1052	* with non-ECC AES-GCM */
wolfSSL	15:117db924cf7c	1053	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	15:117db924cf7c	1054	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	15:117db924cf7c	1055	TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
wolfSSL	15:117db924cf7c	1056	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	15:117db924cf7c	1057	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	15:117db924cf7c	1058	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	15:117db924cf7c	1059	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	15:117db924cf7c	1060	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	15:117db924cf7c	1061	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	15:117db924cf7c	1062	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL	15:117db924cf7c	1063	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL	15:117db924cf7c	1064
wolfSSL	15:117db924cf7c	1065	/* Camellia */
wolfSSL	15:117db924cf7c	1066	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	15:117db924cf7c	1067	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	15:117db924cf7c	1068	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	15:117db924cf7c	1069	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	15:117db924cf7c	1070	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	15:117db924cf7c	1071	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	15:117db924cf7c	1072	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	15:117db924cf7c	1073	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	15:117db924cf7c	1074
wolfSSL	15:117db924cf7c	1075	/* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
wolfSSL	15:117db924cf7c	1076	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
wolfSSL	15:117db924cf7c	1077	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
wolfSSL	15:117db924cf7c	1078	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
wolfSSL	15:117db924cf7c	1079	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
wolfSSL	15:117db924cf7c	1080	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
wolfSSL	15:117db924cf7c	1081	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
wolfSSL	15:117db924cf7c	1082
wolfSSL	15:117db924cf7c	1083	/* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
wolfSSL	15:117db924cf7c	1084	TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
wolfSSL	15:117db924cf7c	1085	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
wolfSSL	15:117db924cf7c	1086	TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
wolfSSL	15:117db924cf7c	1087
wolfSSL	15:117db924cf7c	1088	/* TLS v1.3 cipher suites */
wolfSSL	15:117db924cf7c	1089	TLS_AES_128_GCM_SHA256 = 0x01,
wolfSSL	15:117db924cf7c	1090	TLS_AES_256_GCM_SHA384 = 0x02,
wolfSSL	15:117db924cf7c	1091	TLS_CHACHA20_POLY1305_SHA256 = 0x03,
wolfSSL	15:117db924cf7c	1092	TLS_AES_128_CCM_SHA256 = 0x04,
wolfSSL	15:117db924cf7c	1093	TLS_AES_128_CCM_8_SHA256 = 0x05,
wolfSSL	15:117db924cf7c	1094
wolfSSL	16:8e0d178b1d1e	1095	/* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */
wolfSSL	16:8e0d178b1d1e	1096	TLS_SHA256_SHA256 = 0xB4,
wolfSSL	16:8e0d178b1d1e	1097	TLS_SHA384_SHA384 = 0xB5,
wolfSSL	16:8e0d178b1d1e	1098
wolfSSL	16:8e0d178b1d1e	1099	/* Fallback SCSV (Signaling Cipher Suite Value) */
wolfSSL	16:8e0d178b1d1e	1100	TLS_FALLBACK_SCSV = 0x56,
wolfSSL	15:117db924cf7c	1101	/* Renegotiation Indication Extension Special Suite */
wolfSSL	15:117db924cf7c	1102	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	15:117db924cf7c	1103	};
wolfSSL	15:117db924cf7c	1104
wolfSSL	15:117db924cf7c	1105
wolfSSL	15:117db924cf7c	1106	#ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL	15:117db924cf7c	1107	#define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL	15:117db924cf7c	1108	/* default session resumption cache timeout in seconds */
wolfSSL	15:117db924cf7c	1109	#endif
wolfSSL	15:117db924cf7c	1110
wolfSSL	15:117db924cf7c	1111
wolfSSL	15:117db924cf7c	1112	#ifndef WOLFSSL_DTLS_WINDOW_WORDS
wolfSSL	15:117db924cf7c	1113	#define WOLFSSL_DTLS_WINDOW_WORDS 2
wolfSSL	15:117db924cf7c	1114	#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
wolfSSL	15:117db924cf7c	1115	#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
wolfSSL	15:117db924cf7c	1116	#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
wolfSSL	15:117db924cf7c	1117	#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL	15:117db924cf7c	1118
wolfSSL	15:117db924cf7c	1119	#ifndef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	1120	#define WOLFSSL_DTLS_PEERSEQ_SZ 1
wolfSSL	15:117db924cf7c	1121	#else
wolfSSL	15:117db924cf7c	1122	#ifndef WOLFSSL_MULTICAST_PEERS
wolfSSL	15:117db924cf7c	1123	/* max allowed multicast group peers */
wolfSSL	15:117db924cf7c	1124	#define WOLFSSL_MULTICAST_PEERS 100
wolfSSL	15:117db924cf7c	1125	#endif
wolfSSL	15:117db924cf7c	1126	#define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
wolfSSL	15:117db924cf7c	1127	#endif /* WOLFSSL_MULTICAST */
wolfSSL	15:117db924cf7c	1128
wolfSSL	15:117db924cf7c	1129	#ifndef WOLFSSL_MAX_MTU
wolfSSL	15:117db924cf7c	1130	#define WOLFSSL_MAX_MTU 1500
wolfSSL	15:117db924cf7c	1131	#endif /* WOLFSSL_MAX_MTU */
wolfSSL	15:117db924cf7c	1132
wolfSSL	15:117db924cf7c	1133
wolfSSL	15:117db924cf7c	1134	/* set minimum DH key size allowed */
wolfSSL	15:117db924cf7c	1135	#ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL	15:117db924cf7c	1136	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	15:117db924cf7c	1137	#define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL	15:117db924cf7c	1138	#else
wolfSSL	15:117db924cf7c	1139	#define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL	15:117db924cf7c	1140	#endif
wolfSSL	15:117db924cf7c	1141	#endif
wolfSSL	15:117db924cf7c	1142	#if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL	15:117db924cf7c	1143	#error DH minimum bit size must be multiple of 8
wolfSSL	15:117db924cf7c	1144	#endif
wolfSSL	15:117db924cf7c	1145	#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL	15:117db924cf7c	1146	#error DH minimum bit size must not be greater than 16000
wolfSSL	15:117db924cf7c	1147	#endif
wolfSSL	15:117db924cf7c	1148	#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL	15:117db924cf7c	1149	/* set maximum DH key size allowed */
wolfSSL	15:117db924cf7c	1150	#ifndef WOLFSSL_MAX_DHKEY_BITS
wolfSSL	16:8e0d178b1d1e	1151	#if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
wolfSSL	16:8e0d178b1d1e	1152	#define WOLFSSL_MAX_DHKEY_BITS 8192
wolfSSL	16:8e0d178b1d1e	1153	#else
wolfSSL	16:8e0d178b1d1e	1154	#define WOLFSSL_MAX_DHKEY_BITS 4096
wolfSSL	16:8e0d178b1d1e	1155	#endif
wolfSSL	15:117db924cf7c	1156	#endif
wolfSSL	15:117db924cf7c	1157	#if (WOLFSSL_MAX_DHKEY_BITS % 8)
wolfSSL	15:117db924cf7c	1158	#error DH maximum bit size must be multiple of 8
wolfSSL	15:117db924cf7c	1159	#endif
wolfSSL	15:117db924cf7c	1160	#if (WOLFSSL_MAX_DHKEY_BITS > 16000)
wolfSSL	15:117db924cf7c	1161	#error DH maximum bit size must not be greater than 16000
wolfSSL	15:117db924cf7c	1162	#endif
wolfSSL	15:117db924cf7c	1163	#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
wolfSSL	15:117db924cf7c	1164
wolfSSL	16:8e0d178b1d1e	1165	#ifndef MAX_PSK_ID_LEN
wolfSSL	16:8e0d178b1d1e	1166	/* max psk identity/hint supported */
wolfSSL	16:8e0d178b1d1e	1167	#if defined(WOLFSSL_TLS13)
wolfSSL	16:8e0d178b1d1e	1168	#define MAX_PSK_ID_LEN 256
wolfSSL	16:8e0d178b1d1e	1169	#else
wolfSSL	16:8e0d178b1d1e	1170	#define MAX_PSK_ID_LEN 128
wolfSSL	16:8e0d178b1d1e	1171	#endif
wolfSSL	16:8e0d178b1d1e	1172	#endif
wolfSSL	16:8e0d178b1d1e	1173
wolfSSL	16:8e0d178b1d1e	1174	#ifndef MAX_EARLY_DATA_SZ
wolfSSL	16:8e0d178b1d1e	1175	/* maximum early data size */
wolfSSL	16:8e0d178b1d1e	1176	#define MAX_EARLY_DATA_SZ 4096
wolfSSL	16:8e0d178b1d1e	1177	#endif
wolfSSL	15:117db924cf7c	1178
wolfSSL	15:117db924cf7c	1179	enum Misc {
wolfSSL	15:117db924cf7c	1180	CIPHER_BYTE = 0x00, /* Default ciphers */
wolfSSL	15:117db924cf7c	1181	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	15:117db924cf7c	1182	QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
wolfSSL	15:117db924cf7c	1183	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL	15:117db924cf7c	1184	TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
wolfSSL	15:117db924cf7c	1185
wolfSSL	15:117db924cf7c	1186	SEND_CERT = 1,
wolfSSL	15:117db924cf7c	1187	SEND_BLANK_CERT = 2,
wolfSSL	15:117db924cf7c	1188
wolfSSL	15:117db924cf7c	1189	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	15:117db924cf7c	1190	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	15:117db924cf7c	1191	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	15:117db924cf7c	1192	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	15:117db924cf7c	1193	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	15:117db924cf7c	1194	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	15:117db924cf7c	1195	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	15:117db924cf7c	1196	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	15:117db924cf7c	1197	TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
wolfSSL	15:117db924cf7c	1198	TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
wolfSSL	16:8e0d178b1d1e	1199	#ifdef WOLFSSL_TLS13_DRAFT
wolfSSL	15:117db924cf7c	1200	#ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	1201	TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
wolfSSL	15:117db924cf7c	1202	#elif defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL	15:117db924cf7c	1203	TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
wolfSSL	15:117db924cf7c	1204	#elif defined(WOLFSSL_TLS13_DRAFT_23)
wolfSSL	15:117db924cf7c	1205	TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
wolfSSL	15:117db924cf7c	1206	#elif defined(WOLFSSL_TLS13_DRAFT_26)
wolfSSL	15:117db924cf7c	1207	TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
wolfSSL	15:117db924cf7c	1208	#else
wolfSSL	15:117db924cf7c	1209	TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
wolfSSL	15:117db924cf7c	1210	#endif
wolfSSL	15:117db924cf7c	1211	#endif
wolfSSL	15:117db924cf7c	1212	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL	15:117db924cf7c	1213	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	15:117db924cf7c	1214	NO_COMPRESSION = 0,
wolfSSL	15:117db924cf7c	1215	ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL	15:117db924cf7c	1216	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	15:117db924cf7c	1217	HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
wolfSSL	15:117db924cf7c	1218	SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
wolfSSL	15:117db924cf7c	1219	/* pre RSA and all master */
wolfSSL	16:8e0d178b1d1e	1220	#if defined(WOLFSSL_MYSQL_COMPATIBLE) \|\| \
wolfSSL	16:8e0d178b1d1e	1221	(defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
wolfSSL	16:8e0d178b1d1e	1222	#ifndef NO_PSK
wolfSSL	16:8e0d178b1d1e	1223	ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */
wolfSSL	16:8e0d178b1d1e	1224	#else
wolfSSL	16:8e0d178b1d1e	1225	ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */
wolfSSL	16:8e0d178b1d1e	1226	#endif
wolfSSL	16:8e0d178b1d1e	1227	#else
wolfSSL	16:8e0d178b1d1e	1228	#ifndef NO_PSK
wolfSSL	16:8e0d178b1d1e	1229	ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */
wolfSSL	15:117db924cf7c	1230	#else
wolfSSL	15:117db924cf7c	1231	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	15:117db924cf7c	1232	#endif
wolfSSL	16:8e0d178b1d1e	1233	#endif
wolfSSL	15:117db924cf7c	1234	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	15:117db924cf7c	1235	FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
wolfSSL	15:117db924cf7c	1236	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	16:8e0d178b1d1e	1237	MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */
wolfSSL	16:8e0d178b1d1e	1238	MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */
wolfSSL	16:8e0d178b1d1e	1239	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	1240	MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */
wolfSSL	16:8e0d178b1d1e	1241	MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */
wolfSSL	16:8e0d178b1d1e	1242	#endif
wolfSSL	15:117db924cf7c	1243	MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
wolfSSL	15:117db924cf7c	1244	/* max added to msg, mac + pad from */
wolfSSL	15:117db924cf7c	1245	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	15:117db924cf7c	1246	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	15:117db924cf7c	1247	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	15:117db924cf7c	1248	MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
wolfSSL	15:117db924cf7c	1249	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	16:8e0d178b1d1e	1250	MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
wolfSSL	15:117db924cf7c	1251	/* 4096 p, pub, g + 2 byte size for each */
wolfSSL	15:117db924cf7c	1252	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	15:117db924cf7c	1253
wolfSSL	15:117db924cf7c	1254	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	15:117db924cf7c	1255	PAD_SHA = 40, /* pad length for finished */
wolfSSL	15:117db924cf7c	1256	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	15:117db924cf7c	1257
wolfSSL	15:117db924cf7c	1258	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	15:117db924cf7c	1259	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	15:117db924cf7c	1260	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	15:117db924cf7c	1261	ALERT_SIZE = 2, /* level + description */
wolfSSL	15:117db924cf7c	1262	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	15:117db924cf7c	1263	EXTS_SZ = 2, /* always use 2 bytes */
wolfSSL	15:117db924cf7c	1264	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	15:117db924cf7c	1265	MAX_DH_SIZE = MAX_DHKEY_SZ+1,
wolfSSL	15:117db924cf7c	1266	/* Max size plus possible leading 0 */
wolfSSL	15:117db924cf7c	1267	NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
wolfSSL	16:8e0d178b1d1e	1268	MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
wolfSSL	16:8e0d178b1d1e	1269	MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
wolfSSL	15:117db924cf7c	1270	SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL	15:117db924cf7c	1271	SESSION_ADD_SZ = 4, /* session age add */
wolfSSL	15:117db924cf7c	1272	TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
wolfSSL	15:117db924cf7c	1273	DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
wolfSSL	16:8e0d178b1d1e	1274	MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */
wolfSSL	15:117db924cf7c	1275	MAX_LIFETIME = 604800, /* maximum ticket lifetime */
wolfSSL	15:117db924cf7c	1276
wolfSSL	15:117db924cf7c	1277	RAN_LEN = 32, /* random length */
wolfSSL	15:117db924cf7c	1278	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	15:117db924cf7c	1279	ID_LEN = 32, /* session id length */
wolfSSL	15:117db924cf7c	1280	COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
wolfSSL	15:117db924cf7c	1281	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	15:117db924cf7c	1282	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	15:117db924cf7c	1283	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	15:117db924cf7c	1284	ENUM_LEN = 1, /* always a byte */
wolfSSL	15:117db924cf7c	1285	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	15:117db924cf7c	1286	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	15:117db924cf7c	1287	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	15:117db924cf7c	1288	OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL	15:117db924cf7c	1289	OPAQUE64_LEN = 8, /* 8 bytes */
wolfSSL	15:117db924cf7c	1290	COMP_LEN = 1, /* compression length */
wolfSSL	15:117db924cf7c	1291	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	15:117db924cf7c	1292	KE_GROUP_LEN = 2, /* key exchange group length */
wolfSSL	15:117db924cf7c	1293	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	15:117db924cf7c	1294
wolfSSL	15:117db924cf7c	1295	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	15:117db924cf7c	1296	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	15:117db924cf7c	1297	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	15:117db924cf7c	1298	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	15:117db924cf7c	1299	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	15:117db924cf7c	1300	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	15:117db924cf7c	1301	HELLO_EXT_SZ = 4, /* base length of a hello extension */
wolfSSL	15:117db924cf7c	1302	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	15:117db924cf7c	1303	HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
wolfSSL	15:117db924cf7c	1304	HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
wolfSSL	15:117db924cf7c	1305
wolfSSL	15:117db924cf7c	1306	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	15:117db924cf7c	1307	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	15:117db924cf7c	1308	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	15:117db924cf7c	1309	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	15:117db924cf7c	1310	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	15:117db924cf7c	1311	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	15:117db924cf7c	1312	DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
wolfSSL	15:117db924cf7c	1313	DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
wolfSSL	16:8e0d178b1d1e	1314	DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */
wolfSSL	15:117db924cf7c	1315	DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
wolfSSL	15:117db924cf7c	1316	DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
wolfSSL	15:117db924cf7c	1317	DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
wolfSSL	15:117db924cf7c	1318	DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
wolfSSL	15:117db924cf7c	1319	DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
wolfSSL	15:117db924cf7c	1320	/* max amount of bytes used from Keys */
wolfSSL	16:8e0d178b1d1e	1321	DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2),
wolfSSL	15:117db924cf7c	1322	/* min amount of bytes used from Keys */
wolfSSL	15:117db924cf7c	1323	DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
wolfSSL	15:117db924cf7c	1324	DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
wolfSSL	15:117db924cf7c	1325	DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
wolfSSL	15:117db924cf7c	1326	MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
wolfSSL	16:8e0d178b1d1e	1327	MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN),
wolfSSL	16:8e0d178b1d1e	1328	/* max size of buffer for exporting state */
wolfSSL	15:117db924cf7c	1329	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	15:117db924cf7c	1330	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	15:117db924cf7c	1331	EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
wolfSSL	15:117db924cf7c	1332	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	15:117db924cf7c	1333	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	15:117db924cf7c	1334	PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
wolfSSL	15:117db924cf7c	1335	MAX_LABEL_SZ = 34, /* Maximum length of a label */
wolfSSL	15:117db924cf7c	1336	MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
wolfSSL	15:117db924cf7c	1337	OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
wolfSSL	15:117db924cf7c	1338	OPAQUE8_LEN + WC_MAX_DIGEST_SIZE,
wolfSSL	15:117db924cf7c	1339	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	15:117db924cf7c	1340	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	15:117db924cf7c	1341	TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
wolfSSL	15:117db924cf7c	1342
wolfSSL	15:117db924cf7c	1343	#if defined(HAVE_FIPS) && \
wolfSSL	15:117db924cf7c	1344	(!defined(HAVE_FIPS_VERSION) \|\| (HAVE_FIPS_VERSION < 2))
wolfSSL	15:117db924cf7c	1345	MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
wolfSSL	15:117db924cf7c	1346	#else
wolfSSL	15:117db924cf7c	1347	MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
wolfSSL	15:117db924cf7c	1348	#endif
wolfSSL	15:117db924cf7c	1349
wolfSSL	15:117db924cf7c	1350	#ifdef HAVE_SELFTEST
wolfSSL	16:8e0d178b1d1e	1351	#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
wolfSSL	16:8e0d178b1d1e	1352	#define WOLFSSL_AES_KEY_SIZE_ENUM
wolfSSL	15:117db924cf7c	1353	AES_IV_SIZE = 16,
wolfSSL	15:117db924cf7c	1354	AES_128_KEY_SIZE = 16,
wolfSSL	16:8e0d178b1d1e	1355	AES_192_KEY_SIZE = 24,
wolfSSL	16:8e0d178b1d1e	1356	AES_256_KEY_SIZE = 32,
wolfSSL	16:8e0d178b1d1e	1357	#endif
wolfSSL	15:117db924cf7c	1358	#endif
wolfSSL	15:117db924cf7c	1359
wolfSSL	15:117db924cf7c	1360	MAX_IV_SZ = AES_BLOCK_SIZE,
wolfSSL	15:117db924cf7c	1361
wolfSSL	15:117db924cf7c	1362	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	15:117db924cf7c	1363	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	15:117db924cf7c	1364	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	15:117db924cf7c	1365	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	15:117db924cf7c	1366	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	15:117db924cf7c	1367	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	15:117db924cf7c	1368	AEAD_NONCE_SZ = 12,
wolfSSL	15:117db924cf7c	1369	AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
wolfSSL	15:117db924cf7c	1370	AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
wolfSSL	15:117db924cf7c	1371	AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
wolfSSL	15:117db924cf7c	1372
wolfSSL	15:117db924cf7c	1373	CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
wolfSSL	15:117db924cf7c	1374	CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
wolfSSL	15:117db924cf7c	1375	CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
wolfSSL	15:117db924cf7c	1376
wolfSSL	15:117db924cf7c	1377	/* For any new implicit/explicit IV size adjust AEAD_MAX_**_SZ /
wolfSSL	15:117db924cf7c	1378
wolfSSL	15:117db924cf7c	1379	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	15:117db924cf7c	1380	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	15:117db924cf7c	1381	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	15:117db924cf7c	1382	AESCCM_NONCE_SZ = 12,
wolfSSL	15:117db924cf7c	1383
wolfSSL	15:117db924cf7c	1384	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	15:117db924cf7c	1385	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	15:117db924cf7c	1386	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	15:117db924cf7c	1387	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	15:117db924cf7c	1388
wolfSSL	15:117db924cf7c	1389	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	15:117db924cf7c	1390	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	15:117db924cf7c	1391	CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
wolfSSL	15:117db924cf7c	1392
wolfSSL	15:117db924cf7c	1393	POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL	15:117db924cf7c	1394
wolfSSL	16:8e0d178b1d1e	1395	HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */
wolfSSL	16:8e0d178b1d1e	1396
wolfSSL	15:117db924cf7c	1397	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	15:117db924cf7c	1398	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	15:117db924cf7c	1399
wolfSSL	15:117db924cf7c	1400	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	15:117db924cf7c	1401	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	15:117db924cf7c	1402
wolfSSL	15:117db924cf7c	1403	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	15:117db924cf7c	1404
wolfSSL	16:8e0d178b1d1e	1405	#ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */
wolfSSL	15:117db924cf7c	1406	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	16:8e0d178b1d1e	1407	#endif
wolfSSL	15:117db924cf7c	1408	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	15:117db924cf7c	1409	MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
wolfSSL	15:117db924cf7c	1410
wolfSSL	16:8e0d178b1d1e	1411	NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
wolfSSL	15:117db924cf7c	1412	ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
wolfSSL	15:117db924cf7c	1413	ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
wolfSSL	15:117db924cf7c	1414	ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
wolfSSL	15:117db924cf7c	1415	ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
wolfSSL	15:117db924cf7c	1416
wolfSSL	15:117db924cf7c	1417	MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
wolfSSL	15:117db924cf7c	1418	MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
wolfSSL	15:117db924cf7c	1419
wolfSSL	16:8e0d178b1d1e	1420	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	1421	MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */
wolfSSL	16:8e0d178b1d1e	1422	#elif defined(HAVE_ECC)
wolfSSL	16:8e0d178b1d1e	1423	MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
wolfSSL	16:8e0d178b1d1e	1424	#elif defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	1425	MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */
wolfSSL	16:8e0d178b1d1e	1426	#elif defined(HAVE_ED25519)
wolfSSL	16:8e0d178b1d1e	1427	MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
wolfSSL	16:8e0d178b1d1e	1428	#else
wolfSSL	16:8e0d178b1d1e	1429	MAX_CERT_VERIFY_SZ = 1024, /* max default */
wolfSSL	16:8e0d178b1d1e	1430	#endif
wolfSSL	15:117db924cf7c	1431	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	15:117db924cf7c	1432	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	15:117db924cf7c	1433
wolfSSL	15:117db924cf7c	1434	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	15:117db924cf7c	1435	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	15:117db924cf7c	1436	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	15:117db924cf7c	1437
wolfSSL	15:117db924cf7c	1438	NULL_TERM_LEN = 1, /* length of null '\0' termination character */
wolfSSL	15:117db924cf7c	1439	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	15:117db924cf7c	1440	MIN_PSK_ID_LEN = 6, /* min length of identities */
wolfSSL	15:117db924cf7c	1441	MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
wolfSSL	15:117db924cf7c	1442	MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
wolfSSL	15:117db924cf7c	1443
wolfSSL	16:8e0d178b1d1e	1444	#ifndef MAX_WOLFSSL_FILE_SIZE
wolfSSL	16:8e0d178b1d1e	1445	MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */
wolfSSL	15:117db924cf7c	1446	#endif
wolfSSL	15:117db924cf7c	1447
wolfSSL	15:117db924cf7c	1448	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	15:117db924cf7c	1449	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	15:117db924cf7c	1450
wolfSSL	15:117db924cf7c	1451	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	15:117db924cf7c	1452	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	15:117db924cf7c	1453	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	15:117db924cf7c	1454	NO_SNIFF = 0, /* not sniffing */
wolfSSL	15:117db924cf7c	1455	SNIFF = 1, /* currently sniffing */
wolfSSL	15:117db924cf7c	1456
wolfSSL	15:117db924cf7c	1457	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	15:117db924cf7c	1458
wolfSSL	15:117db924cf7c	1459	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	15:117db924cf7c	1460	COPY = 1, /* should we copy static buffer for write */
wolfSSL	15:117db924cf7c	1461
wolfSSL	15:117db924cf7c	1462	INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
wolfSSL	15:117db924cf7c	1463
wolfSSL	15:117db924cf7c	1464	PREV_ORDER = -1, /* Sequence number is in previous epoch. */
wolfSSL	15:117db924cf7c	1465	PEER_ORDER = 1, /* Peer sequence number for verify. */
wolfSSL	15:117db924cf7c	1466	CUR_ORDER = 0, /* Current sequence number. */
wolfSSL	15:117db924cf7c	1467	WRITE_PROTO = 1, /* writing a protocol message */
wolfSSL	15:117db924cf7c	1468	READ_PROTO = 0 /* reading a protocol message */
wolfSSL	15:117db924cf7c	1469	};
wolfSSL	15:117db924cf7c	1470
wolfSSL	15:117db924cf7c	1471	/* minimum Downgrade Minor version */
wolfSSL	15:117db924cf7c	1472	#ifndef WOLFSSL_MIN_DOWNGRADE
wolfSSL	15:117db924cf7c	1473	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	1474	#define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
wolfSSL	15:117db924cf7c	1475	#else
wolfSSL	15:117db924cf7c	1476	#define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
wolfSSL	15:117db924cf7c	1477	#endif
wolfSSL	15:117db924cf7c	1478	#endif
wolfSSL	15:117db924cf7c	1479
wolfSSL	15:117db924cf7c	1480	/* Set max implicit IV size for AEAD cipher suites */
wolfSSL	15:117db924cf7c	1481	#define AEAD_MAX_IMP_SZ 12
wolfSSL	15:117db924cf7c	1482
wolfSSL	15:117db924cf7c	1483	/* Set max explicit IV size for AEAD cipher suites */
wolfSSL	15:117db924cf7c	1484	#define AEAD_MAX_EXP_SZ 8
wolfSSL	15:117db924cf7c	1485
wolfSSL	15:117db924cf7c	1486
wolfSSL	15:117db924cf7c	1487	#ifndef WOLFSSL_MAX_SUITE_SZ
wolfSSL	15:117db924cf7c	1488	#define WOLFSSL_MAX_SUITE_SZ 300
wolfSSL	15:117db924cf7c	1489	/* 150 suites for now! */
wolfSSL	15:117db924cf7c	1490	#endif
wolfSSL	15:117db924cf7c	1491
wolfSSL	15:117db924cf7c	1492	/* number of items in the signature algo list */
wolfSSL	15:117db924cf7c	1493	#ifndef WOLFSSL_MAX_SIGALGO
wolfSSL	15:117db924cf7c	1494	#define WOLFSSL_MAX_SIGALGO 32
wolfSSL	15:117db924cf7c	1495	#endif
wolfSSL	15:117db924cf7c	1496
wolfSSL	15:117db924cf7c	1497
wolfSSL	15:117db924cf7c	1498	/* set minimum ECC key size allowed */
wolfSSL	15:117db924cf7c	1499	#ifndef WOLFSSL_MIN_ECC_BITS
wolfSSL	15:117db924cf7c	1500	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	15:117db924cf7c	1501	#define WOLFSSL_MIN_ECC_BITS 256
wolfSSL	15:117db924cf7c	1502	#else
wolfSSL	15:117db924cf7c	1503	#define WOLFSSL_MIN_ECC_BITS 224
wolfSSL	15:117db924cf7c	1504	#endif
wolfSSL	15:117db924cf7c	1505	#endif /* WOLFSSL_MIN_ECC_BITS */
wolfSSL	15:117db924cf7c	1506	#if (WOLFSSL_MIN_ECC_BITS % 8)
wolfSSL	16:8e0d178b1d1e	1507	/* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1.
wolfSSL	16:8e0d178b1d1e	1508	In these cases round down to the nearest value divisible by 8. The
wolfSSL	16:8e0d178b1d1e	1509	restriction of being divisible by 8 is in place to match wc_ecc_size
wolfSSL	15:117db924cf7c	1510	function from wolfSSL.
wolfSSL	15:117db924cf7c	1511	*/
wolfSSL	15:117db924cf7c	1512	#error ECC minimum bit size must be a multiple of 8
wolfSSL	15:117db924cf7c	1513	#endif
wolfSSL	15:117db924cf7c	1514	#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
wolfSSL	15:117db924cf7c	1515
wolfSSL	15:117db924cf7c	1516	/* set minimum RSA key size allowed */
wolfSSL	15:117db924cf7c	1517	#ifndef WOLFSSL_MIN_RSA_BITS
wolfSSL	15:117db924cf7c	1518	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	15:117db924cf7c	1519	#define WOLFSSL_MIN_RSA_BITS 2048
wolfSSL	15:117db924cf7c	1520	#else
wolfSSL	15:117db924cf7c	1521	#define WOLFSSL_MIN_RSA_BITS 1024
wolfSSL	15:117db924cf7c	1522	#endif
wolfSSL	15:117db924cf7c	1523	#endif /* WOLFSSL_MIN_RSA_BITS */
wolfSSL	15:117db924cf7c	1524	#if (WOLFSSL_MIN_RSA_BITS % 8)
wolfSSL	15:117db924cf7c	1525	/* This is to account for the example case of a min size of 2050 bits but
wolfSSL	16:8e0d178b1d1e	1526	still allows 2049 bit key. So we need the measurement to be in bytes. */
wolfSSL	15:117db924cf7c	1527	#error RSA minimum bit size must be a multiple of 8
wolfSSL	15:117db924cf7c	1528	#endif
wolfSSL	15:117db924cf7c	1529	#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
wolfSSL	15:117db924cf7c	1530
wolfSSL	15:117db924cf7c	1531	#ifdef SESSION_INDEX
wolfSSL	15:117db924cf7c	1532	/* Shift values for making a session index */
wolfSSL	15:117db924cf7c	1533	#define SESSIDX_ROW_SHIFT 4
wolfSSL	15:117db924cf7c	1534	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	15:117db924cf7c	1535	#endif
wolfSSL	15:117db924cf7c	1536
wolfSSL	15:117db924cf7c	1537
wolfSSL	15:117db924cf7c	1538	/* max cert chain peer depth */
wolfSSL	15:117db924cf7c	1539	#ifndef MAX_CHAIN_DEPTH
wolfSSL	15:117db924cf7c	1540	#define MAX_CHAIN_DEPTH 9
wolfSSL	15:117db924cf7c	1541	#endif
wolfSSL	15:117db924cf7c	1542
wolfSSL	15:117db924cf7c	1543	/* max size of a certificate message payload */
wolfSSL	15:117db924cf7c	1544	/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
wolfSSL	15:117db924cf7c	1545	#ifndef MAX_CERTIFICATE_SZ
wolfSSL	15:117db924cf7c	1546	#define MAX_CERTIFICATE_SZ \
wolfSSL	15:117db924cf7c	1547	CERT_HEADER_SZ + \
wolfSSL	15:117db924cf7c	1548	(MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
wolfSSL	15:117db924cf7c	1549	#endif
wolfSSL	15:117db924cf7c	1550
wolfSSL	15:117db924cf7c	1551	/* max size of a handshake message, currently set to the certificate */
wolfSSL	15:117db924cf7c	1552	#ifndef MAX_HANDSHAKE_SZ
wolfSSL	15:117db924cf7c	1553	#define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
wolfSSL	15:117db924cf7c	1554	#endif
wolfSSL	15:117db924cf7c	1555
wolfSSL	15:117db924cf7c	1556	#ifndef SESSION_TICKET_LEN
wolfSSL	15:117db924cf7c	1557	#define SESSION_TICKET_LEN 256
wolfSSL	15:117db924cf7c	1558	#endif
wolfSSL	15:117db924cf7c	1559
wolfSSL	15:117db924cf7c	1560	#ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL	15:117db924cf7c	1561	#define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL	15:117db924cf7c	1562	#endif
wolfSSL	15:117db924cf7c	1563
wolfSSL	15:117db924cf7c	1564
wolfSSL	15:117db924cf7c	1565	/* don't use extra 3/4k stack space unless need to */
wolfSSL	15:117db924cf7c	1566	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	1567	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	15:117db924cf7c	1568	#else
wolfSSL	15:117db924cf7c	1569	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	15:117db924cf7c	1570	#endif
wolfSSL	15:117db924cf7c	1571
wolfSSL	15:117db924cf7c	1572
wolfSSL	15:117db924cf7c	1573	/* states */
wolfSSL	15:117db924cf7c	1574	enum states {
wolfSSL	15:117db924cf7c	1575	NULL_STATE = 0,
wolfSSL	15:117db924cf7c	1576
wolfSSL	15:117db924cf7c	1577	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	15:117db924cf7c	1578	SERVER_HELLO_RETRY_REQUEST_COMPLETE,
wolfSSL	15:117db924cf7c	1579	SERVER_HELLO_COMPLETE,
wolfSSL	15:117db924cf7c	1580	SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
wolfSSL	15:117db924cf7c	1581	SERVER_CERT_COMPLETE,
wolfSSL	15:117db924cf7c	1582	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	15:117db924cf7c	1583	SERVER_HELLODONE_COMPLETE,
wolfSSL	15:117db924cf7c	1584	SERVER_CHANGECIPHERSPEC_COMPLETE,
wolfSSL	15:117db924cf7c	1585	SERVER_FINISHED_COMPLETE,
wolfSSL	15:117db924cf7c	1586
wolfSSL	16:8e0d178b1d1e	1587	CLIENT_HELLO_RETRY,
wolfSSL	15:117db924cf7c	1588	CLIENT_HELLO_COMPLETE,
wolfSSL	15:117db924cf7c	1589	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	15:117db924cf7c	1590	CLIENT_CHANGECIPHERSPEC_COMPLETE,
wolfSSL	15:117db924cf7c	1591	CLIENT_FINISHED_COMPLETE,
wolfSSL	15:117db924cf7c	1592
wolfSSL	15:117db924cf7c	1593	HANDSHAKE_DONE
wolfSSL	15:117db924cf7c	1594	};
wolfSSL	15:117db924cf7c	1595
wolfSSL	15:117db924cf7c	1596	/* SSL Version */
wolfSSL	15:117db924cf7c	1597	typedef struct ProtocolVersion {
wolfSSL	15:117db924cf7c	1598	byte major;
wolfSSL	15:117db924cf7c	1599	byte minor;
wolfSSL	15:117db924cf7c	1600	} WOLFSSL_PACK ProtocolVersion;
wolfSSL	15:117db924cf7c	1601
wolfSSL	15:117db924cf7c	1602
wolfSSL	15:117db924cf7c	1603	WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	15:117db924cf7c	1604	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	15:117db924cf7c	1605	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	15:117db924cf7c	1606	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	15:117db924cf7c	1607	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
wolfSSL	15:117db924cf7c	1608
wolfSSL	15:117db924cf7c	1609	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	1610	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	15:117db924cf7c	1611	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	15:117db924cf7c	1612
wolfSSL	15:117db924cf7c	1613	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	1614	WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	15:117db924cf7c	1615	word32 sz);
wolfSSL	15:117db924cf7c	1616	WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	15:117db924cf7c	1617	word32 sz);
wolfSSL	16:8e0d178b1d1e	1618	WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
wolfSSL	16:8e0d178b1d1e	1619	byte* buf, word32 sz);
wolfSSL	16:8e0d178b1d1e	1620	WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl,
wolfSSL	16:8e0d178b1d1e	1621	byte* buf, word32 sz);
wolfSSL	15:117db924cf7c	1622	WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	1623	#endif
wolfSSL	15:117db924cf7c	1624	#endif
wolfSSL	15:117db924cf7c	1625
wolfSSL	15:117db924cf7c	1626
wolfSSL	15:117db924cf7c	1627	/* wolfSSL method type */
wolfSSL	15:117db924cf7c	1628	struct WOLFSSL_METHOD {
wolfSSL	15:117db924cf7c	1629	ProtocolVersion version;
wolfSSL	15:117db924cf7c	1630	byte side; /* connection side, server or client */
wolfSSL	15:117db924cf7c	1631	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	15:117db924cf7c	1632	};
wolfSSL	15:117db924cf7c	1633
wolfSSL	15:117db924cf7c	1634	/* wolfSSL buffer type - internal uses "buffer" type */
wolfSSL	15:117db924cf7c	1635	typedef WOLFSSL_BUFFER_INFO buffer;
wolfSSL	15:117db924cf7c	1636
wolfSSL	15:117db924cf7c	1637	typedef struct Suites Suites;
wolfSSL	15:117db924cf7c	1638
wolfSSL	15:117db924cf7c	1639
wolfSSL	15:117db924cf7c	1640	/* defaults to client */
wolfSSL	15:117db924cf7c	1641	WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL	15:117db924cf7c	1642
wolfSSL	16:8e0d178b1d1e	1643	WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
wolfSSL	16:8e0d178b1d1e	1644	WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
wolfSSL	16:8e0d178b1d1e	1645
wolfSSL	15:117db924cf7c	1646	/* for sniffer */
wolfSSL	15:117db924cf7c	1647	WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	1648	word32 size, word32 totalSz, int sniff);
wolfSSL	15:117db924cf7c	1649	WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	15:117db924cf7c	1650	/* TLS v1.3 needs these */
wolfSSL	15:117db924cf7c	1651	WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
wolfSSL	15:117db924cf7c	1652	Suites* clSuites);
wolfSSL	16:8e0d178b1d1e	1653	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	1654	WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second);
wolfSSL	16:8e0d178b1d1e	1655	#endif
wolfSSL	15:117db924cf7c	1656	WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	15:117db924cf7c	1657	word32);
wolfSSL	15:117db924cf7c	1658	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	1659	WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
wolfSSL	15:117db924cf7c	1660	word32* inOutIdx, word32 helloSz);
wolfSSL	15:117db924cf7c	1661	#endif
wolfSSL	15:117db924cf7c	1662	WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	15:117db924cf7c	1663	word32);
wolfSSL	15:117db924cf7c	1664	WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
wolfSSL	15:117db924cf7c	1665	WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
wolfSSL	16:8e0d178b1d1e	1666	WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
wolfSSL	15:117db924cf7c	1667	word32 hashSigAlgoSz);
wolfSSL	15:117db924cf7c	1668	WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL ssl, word16 length);
wolfSSL	15:117db924cf7c	1669	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	1670	WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	1671	#ifndef NO_ASN
wolfSSL	15:117db924cf7c	1672	WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
wolfSSL	15:117db924cf7c	1673	#endif
wolfSSL	15:117db924cf7c	1674	#endif
wolfSSL	15:117db924cf7c	1675	WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
wolfSSL	16:8e0d178b1d1e	1676	WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	1677	WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
wolfSSL	15:117db924cf7c	1678	WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
wolfSSL	15:117db924cf7c	1679	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	1680	WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
wolfSSL	16:8e0d178b1d1e	1681	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	1682	WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
wolfSSL	16:8e0d178b1d1e	1683	#endif
wolfSSL	15:117db924cf7c	1684	#endif
wolfSSL	15:117db924cf7c	1685	WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	1686	WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
wolfSSL	15:117db924cf7c	1687	WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
wolfSSL	15:117db924cf7c	1688	int ivSz);
wolfSSL	15:117db924cf7c	1689	WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
wolfSSL	15:117db924cf7c	1690	#if defined(OPENSSL_ALL) \|\| defined(HAVE_STUNNEL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	1691	WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	1692	#endif
wolfSSL	15:117db924cf7c	1693	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	1694	WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
wolfSSL	15:117db924cf7c	1695	word16 sz, const byte* aad, word16 aadSz);
wolfSSL	15:117db924cf7c	1696	WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
wolfSSL	15:117db924cf7c	1697	word32* inOutIdx, byte type,
wolfSSL	15:117db924cf7c	1698	word32 size, word32 totalSz);
wolfSSL	15:117db924cf7c	1699	WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
wolfSSL	15:117db924cf7c	1700	word32* inOutIdx, word32 totalSz);
wolfSSL	15:117db924cf7c	1701	WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
wolfSSL	15:117db924cf7c	1702	word32* inOutIdx, word32 helloSz,
wolfSSL	15:117db924cf7c	1703	byte* extMsgType);
wolfSSL	15:117db924cf7c	1704	#endif
wolfSSL	15:117db924cf7c	1705	int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
wolfSSL	15:117db924cf7c	1706	int pLen, int content);
wolfSSL	15:117db924cf7c	1707
wolfSSL	15:117db924cf7c	1708
wolfSSL	15:117db924cf7c	1709	enum {
wolfSSL	15:117db924cf7c	1710	FORCED_FREE = 1,
wolfSSL	15:117db924cf7c	1711	NO_FORCED_FREE = 0
wolfSSL	15:117db924cf7c	1712	};
wolfSSL	15:117db924cf7c	1713
wolfSSL	15:117db924cf7c	1714
wolfSSL	15:117db924cf7c	1715	/* only use compression extra if using compression */
wolfSSL	15:117db924cf7c	1716	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	1717	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	15:117db924cf7c	1718	#else
wolfSSL	15:117db924cf7c	1719	#define COMP_EXTRA 0
wolfSSL	15:117db924cf7c	1720	#endif
wolfSSL	15:117db924cf7c	1721
wolfSSL	15:117db924cf7c	1722	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	15:117db924cf7c	1723	#ifdef WOLFSSL_SNIFFER
wolfSSL	15:117db924cf7c	1724	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	15:117db924cf7c	1725	#else
wolfSSL	15:117db924cf7c	1726	#define MTU_EXTRA 0
wolfSSL	15:117db924cf7c	1727	#endif
wolfSSL	15:117db924cf7c	1728
wolfSSL	15:117db924cf7c	1729
wolfSSL	15:117db924cf7c	1730	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	15:117db924cf7c	1731	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	1732	#undef LARGE_STATIC_BUFFERS
wolfSSL	15:117db924cf7c	1733	#define LARGE_STATIC_BUFFERS
wolfSSL	15:117db924cf7c	1734	#endif
wolfSSL	15:117db924cf7c	1735
wolfSSL	15:117db924cf7c	1736
wolfSSL	15:117db924cf7c	1737	/* give user option to use 16K static buffers */
wolfSSL	15:117db924cf7c	1738	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	15:117db924cf7c	1739	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	15:117db924cf7c	1740	#else
wolfSSL	15:117db924cf7c	1741	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	1742	#define RECORD_SIZE MAX_MTU
wolfSSL	15:117db924cf7c	1743	#else
wolfSSL	15:117db924cf7c	1744	#define RECORD_SIZE 128
wolfSSL	15:117db924cf7c	1745	#endif
wolfSSL	15:117db924cf7c	1746	#endif
wolfSSL	15:117db924cf7c	1747
wolfSSL	15:117db924cf7c	1748
wolfSSL	15:117db924cf7c	1749	/* user option to turn off 16K output option */
wolfSSL	15:117db924cf7c	1750	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	15:117db924cf7c	1751	larger than the record we have, dynamically get it, unless user says only
wolfSSL	15:117db924cf7c	1752	write in static buffer chunks */
wolfSSL	15:117db924cf7c	1753	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	15:117db924cf7c	1754	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	15:117db924cf7c	1755	#else
wolfSSL	15:117db924cf7c	1756	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	15:117db924cf7c	1757	#endif
wolfSSL	15:117db924cf7c	1758
wolfSSL	15:117db924cf7c	1759	/* wolfSSL input buffer
wolfSSL	15:117db924cf7c	1760
wolfSSL	15:117db924cf7c	1761	RFC 2246:
wolfSSL	15:117db924cf7c	1762
wolfSSL	15:117db924cf7c	1763	length
wolfSSL	15:117db924cf7c	1764	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	15:117db924cf7c	1765	The length should not exceed 2^14.
wolfSSL	15:117db924cf7c	1766	*/
wolfSSL	15:117db924cf7c	1767	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	15:117db924cf7c	1768	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	15:117db924cf7c	1769	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	15:117db924cf7c	1770	#else
wolfSSL	15:117db924cf7c	1771	/* don't fragment memory from the record header */
wolfSSL	15:117db924cf7c	1772	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	15:117db924cf7c	1773	#endif
wolfSSL	15:117db924cf7c	1774
wolfSSL	15:117db924cf7c	1775	typedef struct {
wolfSSL	15:117db924cf7c	1776	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	15:117db924cf7c	1777	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	15:117db924cf7c	1778	word32 length; /* total buffer length used */
wolfSSL	15:117db924cf7c	1779	word32 idx; /* idx to part of length already consumed */
wolfSSL	15:117db924cf7c	1780	word32 bufferSize; /* current buffer size */
wolfSSL	15:117db924cf7c	1781	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	15:117db924cf7c	1782	byte offset; /* alignment offset attempt */
wolfSSL	15:117db924cf7c	1783	} bufferStatic;
wolfSSL	15:117db924cf7c	1784
wolfSSL	15:117db924cf7c	1785	/* Cipher Suites holder */
wolfSSL	15:117db924cf7c	1786	struct Suites {
wolfSSL	15:117db924cf7c	1787	word16 suiteSz; /* suite length in bytes */
wolfSSL	15:117db924cf7c	1788	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	15:117db924cf7c	1789	byte suites[WOLFSSL_MAX_SUITE_SZ];
wolfSSL	15:117db924cf7c	1790	byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
wolfSSL	15:117db924cf7c	1791	byte setSuites; /* user set suites from default */
wolfSSL	15:117db924cf7c	1792	byte hashAlgo; /* selected hash algorithm */
wolfSSL	15:117db924cf7c	1793	byte sigAlgo; /* selected sig algorithm */
wolfSSL	16:8e0d178b1d1e	1794	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	16:8e0d178b1d1e	1795	WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */
wolfSSL	16:8e0d178b1d1e	1796	#endif
wolfSSL	15:117db924cf7c	1797	};
wolfSSL	15:117db924cf7c	1798
wolfSSL	15:117db924cf7c	1799
wolfSSL	15:117db924cf7c	1800	WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
wolfSSL	15:117db924cf7c	1801	int haveRSAsig, int haveAnon,
wolfSSL	15:117db924cf7c	1802	int tls1_2, int keySz);
wolfSSL	15:117db924cf7c	1803	WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
wolfSSL	15:117db924cf7c	1804	word16, word16, word16, word16, word16, int);
wolfSSL	15:117db924cf7c	1805	WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
wolfSSL	15:117db924cf7c	1806	WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX, Suites, const char* list);
wolfSSL	15:117db924cf7c	1807
wolfSSL	15:117db924cf7c	1808	#ifndef PSK_TYPES_DEFINED
wolfSSL	15:117db924cf7c	1809	typedef unsigned int (wc_psk_client_callback)(WOLFSSL, const char, char,
wolfSSL	15:117db924cf7c	1810	unsigned int, unsigned char*, unsigned int);
wolfSSL	15:117db924cf7c	1811	typedef unsigned int (wc_psk_server_callback)(WOLFSSL, const char*,
wolfSSL	15:117db924cf7c	1812	unsigned char*, unsigned int);
wolfSSL	16:8e0d178b1d1e	1813	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	1814	typedef unsigned int (wc_psk_client_tls13_callback)(WOLFSSL, const char*,
wolfSSL	16:8e0d178b1d1e	1815	char, unsigned int, unsigned char, unsigned int,
wolfSSL	16:8e0d178b1d1e	1816	const char**);
wolfSSL	16:8e0d178b1d1e	1817	typedef unsigned int (wc_psk_server_tls13_callback)(WOLFSSL, const char*,
wolfSSL	16:8e0d178b1d1e	1818	unsigned char, unsigned int, const char*);
wolfSSL	16:8e0d178b1d1e	1819	#endif
wolfSSL	15:117db924cf7c	1820	#endif /* PSK_TYPES_DEFINED */
wolfSSL	15:117db924cf7c	1821	#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
wolfSSL	15:117db924cf7c	1822	!defined(WOLFSSL_DTLS_EXPORT_TYPES)
wolfSSL	15:117db924cf7c	1823	typedef int (wc_dtls_export)(WOLFSSL ssl,
wolfSSL	15:117db924cf7c	1824	unsigned char* exportBuffer, unsigned int sz, void* userCtx);
wolfSSL	15:117db924cf7c	1825	#define WOLFSSL_DTLS_EXPORT_TYPES
wolfSSL	15:117db924cf7c	1826	#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
wolfSSL	15:117db924cf7c	1827
wolfSSL	15:117db924cf7c	1828
wolfSSL	16:8e0d178b1d1e	1829	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	1830	#define MAX_DESCRIPTION_SZ 255
wolfSSL	16:8e0d178b1d1e	1831	#endif
wolfSSL	15:117db924cf7c	1832	/* wolfSSL Cipher type just points back to SSL */
wolfSSL	15:117db924cf7c	1833	struct WOLFSSL_CIPHER {
wolfSSL	16:8e0d178b1d1e	1834	byte cipherSuite0;
wolfSSL	16:8e0d178b1d1e	1835	byte cipherSuite;
wolfSSL	15:117db924cf7c	1836	WOLFSSL* ssl;
wolfSSL	16:8e0d178b1d1e	1837	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	1838	char description[MAX_DESCRIPTION_SZ];
wolfSSL	16:8e0d178b1d1e	1839	unsigned long offset;
wolfSSL	16:8e0d178b1d1e	1840	unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */
wolfSSL	16:8e0d178b1d1e	1841	int bits;
wolfSSL	16:8e0d178b1d1e	1842	#endif
wolfSSL	15:117db924cf7c	1843	};
wolfSSL	15:117db924cf7c	1844
wolfSSL	15:117db924cf7c	1845
wolfSSL	15:117db924cf7c	1846	#ifdef NO_ASN
wolfSSL	15:117db924cf7c	1847	/* no_asn won't have */
wolfSSL	15:117db924cf7c	1848	typedef struct CertStatus CertStatus;
wolfSSL	15:117db924cf7c	1849	#endif
wolfSSL	15:117db924cf7c	1850
wolfSSL	15:117db924cf7c	1851	#ifndef HAVE_OCSP
wolfSSL	15:117db924cf7c	1852	typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL	15:117db924cf7c	1853	#endif
wolfSSL	15:117db924cf7c	1854
wolfSSL	15:117db924cf7c	1855	/* wolfSSL OCSP controller */
wolfSSL	16:8e0d178b1d1e	1856	#ifdef HAVE_OCSP
wolfSSL	15:117db924cf7c	1857	struct WOLFSSL_OCSP {
wolfSSL	15:117db924cf7c	1858	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	15:117db924cf7c	1859	OcspEntry* ocspList; /* OCSP response list */
wolfSSL	15:117db924cf7c	1860	wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	16:8e0d178b1d1e	1861	int error;
wolfSSL	15:117db924cf7c	1862	#if defined(OPENSSL_ALL) \|\| defined(OPENSSL_EXTRA) \|\| \
wolfSSL	15:117db924cf7c	1863	defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	1864	int(statusCb)(WOLFSSL, void*);
wolfSSL	15:117db924cf7c	1865	#endif
wolfSSL	15:117db924cf7c	1866	};
wolfSSL	16:8e0d178b1d1e	1867	#endif
wolfSSL	15:117db924cf7c	1868
wolfSSL	15:117db924cf7c	1869	#ifndef MAX_DATE_SIZE
wolfSSL	15:117db924cf7c	1870	#define MAX_DATE_SIZE 32
wolfSSL	15:117db924cf7c	1871	#endif
wolfSSL	15:117db924cf7c	1872
wolfSSL	15:117db924cf7c	1873	typedef struct CRL_Entry CRL_Entry;
wolfSSL	15:117db924cf7c	1874
wolfSSL	15:117db924cf7c	1875	#ifdef NO_SHA
wolfSSL	15:117db924cf7c	1876	#define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
wolfSSL	15:117db924cf7c	1877	#else
wolfSSL	15:117db924cf7c	1878	#define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
wolfSSL	15:117db924cf7c	1879	#endif
wolfSSL	15:117db924cf7c	1880
wolfSSL	15:117db924cf7c	1881	#ifdef NO_ASN
wolfSSL	15:117db924cf7c	1882	typedef struct RevokedCert RevokedCert;
wolfSSL	15:117db924cf7c	1883	#endif
wolfSSL	15:117db924cf7c	1884
wolfSSL	15:117db924cf7c	1885	/* Complete CRL */
wolfSSL	15:117db924cf7c	1886	struct CRL_Entry {
wolfSSL	15:117db924cf7c	1887	CRL_Entry* next; /* next entry */
wolfSSL	15:117db924cf7c	1888	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	15:117db924cf7c	1889	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	15:117db924cf7c	1890	/* restore the hash here if needed for optimized comparisons */
wolfSSL	15:117db924cf7c	1891	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	15:117db924cf7c	1892	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	15:117db924cf7c	1893	byte lastDateFormat; /* last date format */
wolfSSL	15:117db924cf7c	1894	byte nextDateFormat; /* next date format */
wolfSSL	15:117db924cf7c	1895	RevokedCert* certs; /* revoked cert list */
wolfSSL	15:117db924cf7c	1896	int totalCerts; /* number on list */
wolfSSL	15:117db924cf7c	1897	int verified;
wolfSSL	15:117db924cf7c	1898	byte* toBeSigned;
wolfSSL	15:117db924cf7c	1899	word32 tbsSz;
wolfSSL	15:117db924cf7c	1900	byte* signature;
wolfSSL	15:117db924cf7c	1901	word32 signatureSz;
wolfSSL	15:117db924cf7c	1902	word32 signatureOID;
wolfSSL	16:8e0d178b1d1e	1903	#if !defined(NO_SKID) && !defined(NO_ASN)
wolfSSL	15:117db924cf7c	1904	byte extAuthKeyIdSet;
wolfSSL	15:117db924cf7c	1905	byte extAuthKeyId[KEYID_SIZE];
wolfSSL	15:117db924cf7c	1906	#endif
wolfSSL	15:117db924cf7c	1907	};
wolfSSL	15:117db924cf7c	1908
wolfSSL	15:117db924cf7c	1909
wolfSSL	15:117db924cf7c	1910	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	15:117db924cf7c	1911
wolfSSL	15:117db924cf7c	1912	/* CRL directory monitor */
wolfSSL	15:117db924cf7c	1913	struct CRL_Monitor {
wolfSSL	15:117db924cf7c	1914	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	15:117db924cf7c	1915	int type; /* PEM or ASN1 type */
wolfSSL	15:117db924cf7c	1916	};
wolfSSL	15:117db924cf7c	1917
wolfSSL	15:117db924cf7c	1918
wolfSSL	15:117db924cf7c	1919	#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
wolfSSL	15:117db924cf7c	1920	#undef HAVE_CRL_MONITOR
wolfSSL	15:117db924cf7c	1921	#endif
wolfSSL	15:117db924cf7c	1922
wolfSSL	15:117db924cf7c	1923	/* wolfSSL CRL controller */
wolfSSL	15:117db924cf7c	1924	struct WOLFSSL_CRL {
wolfSSL	15:117db924cf7c	1925	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	15:117db924cf7c	1926	CRL_Entry* crlList; /* our CRL list */
wolfSSL	15:117db924cf7c	1927	#ifdef HAVE_CRL_IO
wolfSSL	15:117db924cf7c	1928	CbCrlIO crlIOCb;
wolfSSL	15:117db924cf7c	1929	#endif
wolfSSL	15:117db924cf7c	1930	wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	15:117db924cf7c	1931	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	15:117db924cf7c	1932	#ifdef HAVE_CRL_MONITOR
wolfSSL	15:117db924cf7c	1933	pthread_cond_t cond; /* condition to signal setup */
wolfSSL	15:117db924cf7c	1934	pthread_t tid; /* monitoring thread */
wolfSSL	15:117db924cf7c	1935	int mfd; /* monitor fd, -1 if no init yet */
wolfSSL	15:117db924cf7c	1936	int setup; /* thread is setup predicate */
wolfSSL	15:117db924cf7c	1937	#endif
wolfSSL	15:117db924cf7c	1938	void* heap; /* heap hint for dynamic memory */
wolfSSL	15:117db924cf7c	1939	};
wolfSSL	15:117db924cf7c	1940
wolfSSL	15:117db924cf7c	1941
wolfSSL	15:117db924cf7c	1942	#ifdef NO_ASN
wolfSSL	15:117db924cf7c	1943	typedef struct Signer Signer;
wolfSSL	15:117db924cf7c	1944	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	15:117db924cf7c	1945	typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL	15:117db924cf7c	1946	#endif
wolfSSL	15:117db924cf7c	1947	#endif
wolfSSL	15:117db924cf7c	1948
wolfSSL	15:117db924cf7c	1949
wolfSSL	15:117db924cf7c	1950	#ifndef CA_TABLE_SIZE
wolfSSL	15:117db924cf7c	1951	#define CA_TABLE_SIZE 11
wolfSSL	15:117db924cf7c	1952	#endif
wolfSSL	15:117db924cf7c	1953	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	15:117db924cf7c	1954	#define TP_TABLE_SIZE 11
wolfSSL	15:117db924cf7c	1955	#endif
wolfSSL	15:117db924cf7c	1956
wolfSSL	15:117db924cf7c	1957	/* wolfSSL Certificate Manager */
wolfSSL	15:117db924cf7c	1958	struct WOLFSSL_CERT_MANAGER {
wolfSSL	15:117db924cf7c	1959	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	15:117db924cf7c	1960	void* heap; /* heap helper */
wolfSSL	15:117db924cf7c	1961	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	15:117db924cf7c	1962	TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
wolfSSL	15:117db924cf7c	1963	wolfSSL_Mutex tpLock; /* trusted peer list lock */
wolfSSL	15:117db924cf7c	1964	#endif
wolfSSL	15:117db924cf7c	1965	WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL	15:117db924cf7c	1966	WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	15:117db924cf7c	1967	#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	1968	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL	15:117db924cf7c	1969	WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
wolfSSL	15:117db924cf7c	1970	#endif
wolfSSL	15:117db924cf7c	1971	char* ocspOverrideURL; /* use this responder */
wolfSSL	15:117db924cf7c	1972	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	16:8e0d178b1d1e	1973	#ifndef NO_WOLFSSL_CM_VERIFY
wolfSSL	16:8e0d178b1d1e	1974	VerifyCallback verifyCallback; /* Verify callback */
wolfSSL	16:8e0d178b1d1e	1975	#endif
wolfSSL	15:117db924cf7c	1976	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	15:117db924cf7c	1977	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	15:117db924cf7c	1978	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	15:117db924cf7c	1979	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	15:117db924cf7c	1980	wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL	15:117db924cf7c	1981	byte crlEnabled; /* is CRL on ? */
wolfSSL	15:117db924cf7c	1982	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	15:117db924cf7c	1983	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	15:117db924cf7c	1984	byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL	15:117db924cf7c	1985	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	15:117db924cf7c	1986	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	15:117db924cf7c	1987	byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
wolfSSL	15:117db924cf7c	1988
wolfSSL	15:117db924cf7c	1989	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	1990	short minRsaKeySz; /* minimum allowed RSA key size */
wolfSSL	15:117db924cf7c	1991	#endif
wolfSSL	16:8e0d178b1d1e	1992	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	1993	short minEccKeySz; /* minimum allowed ECC key size */
wolfSSL	15:117db924cf7c	1994	#endif
wolfSSL	15:117db924cf7c	1995	};
wolfSSL	15:117db924cf7c	1996
wolfSSL	15:117db924cf7c	1997	WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	15:117db924cf7c	1998	WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	15:117db924cf7c	1999	WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER, void, int, int*);
wolfSSL	15:117db924cf7c	2000	WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER, const void, int);
wolfSSL	15:117db924cf7c	2001	WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL	16:8e0d178b1d1e	2002	WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL	16:8e0d178b1d1e	2003	long sz, int format, int err_val);
wolfSSL	16:8e0d178b1d1e	2004
wolfSSL	16:8e0d178b1d1e	2005
wolfSSL	16:8e0d178b1d1e	2006	#ifndef NO_CERTS
wolfSSL	16:8e0d178b1d1e	2007	#if !defined NOCERTS &&\
wolfSSL	16:8e0d178b1d1e	2008	(!defined(NO_WOLFSSL_CLIENT) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH))
wolfSSL	16:8e0d178b1d1e	2009	typedef struct ProcPeerCertArgs {
wolfSSL	16:8e0d178b1d1e	2010	buffer* certs;
wolfSSL	16:8e0d178b1d1e	2011	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	2012	buffer* exts; /* extensions */
wolfSSL	16:8e0d178b1d1e	2013	#endif
wolfSSL	16:8e0d178b1d1e	2014	DecodedCert* dCert;
wolfSSL	16:8e0d178b1d1e	2015	word32 idx;
wolfSSL	16:8e0d178b1d1e	2016	word32 begin;
wolfSSL	16:8e0d178b1d1e	2017	int totalCerts; /* number of certs in certs buffer */
wolfSSL	16:8e0d178b1d1e	2018	int count;
wolfSSL	16:8e0d178b1d1e	2019	int certIdx;
wolfSSL	16:8e0d178b1d1e	2020	int lastErr;
wolfSSL	16:8e0d178b1d1e	2021	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	2022	byte ctxSz;
wolfSSL	16:8e0d178b1d1e	2023	#endif
wolfSSL	16:8e0d178b1d1e	2024	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	2025	char untrustedDepth;
wolfSSL	16:8e0d178b1d1e	2026	#endif
wolfSSL	16:8e0d178b1d1e	2027	word16 fatal:1;
wolfSSL	16:8e0d178b1d1e	2028	word16 verifyErr:1;
wolfSSL	16:8e0d178b1d1e	2029	word16 dCertInit:1;
wolfSSL	16:8e0d178b1d1e	2030	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	16:8e0d178b1d1e	2031	word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */
wolfSSL	16:8e0d178b1d1e	2032	#endif
wolfSSL	16:8e0d178b1d1e	2033	} ProcPeerCertArgs;
wolfSSL	16:8e0d178b1d1e	2034	WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
wolfSSL	16:8e0d178b1d1e	2035	int ret, ProcPeerCertArgs* args);
wolfSSL	16:8e0d178b1d1e	2036	#endif /* !defined(NO_WOLFSSL_CLIENT) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH) */
wolfSSL	16:8e0d178b1d1e	2037	#endif /* !defined NO_CERTS */
wolfSSL	15:117db924cf7c	2038
wolfSSL	15:117db924cf7c	2039	/* wolfSSL Sock Addr */
wolfSSL	15:117db924cf7c	2040	struct WOLFSSL_SOCKADDR {
wolfSSL	15:117db924cf7c	2041	unsigned int sz; /* sockaddr size */
wolfSSL	15:117db924cf7c	2042	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	15:117db924cf7c	2043	};
wolfSSL	15:117db924cf7c	2044
wolfSSL	15:117db924cf7c	2045	typedef struct WOLFSSL_DTLS_CTX {
wolfSSL	15:117db924cf7c	2046	WOLFSSL_SOCKADDR peer;
wolfSSL	15:117db924cf7c	2047	int rfd;
wolfSSL	15:117db924cf7c	2048	int wfd;
wolfSSL	15:117db924cf7c	2049	} WOLFSSL_DTLS_CTX;
wolfSSL	15:117db924cf7c	2050
wolfSSL	15:117db924cf7c	2051
wolfSSL	15:117db924cf7c	2052	typedef struct WOLFSSL_DTLS_PEERSEQ {
wolfSSL	15:117db924cf7c	2053	word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	15:117db924cf7c	2054	/* Sliding window for current epoch */
wolfSSL	15:117db924cf7c	2055	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	15:117db924cf7c	2056	word16 nextSeq_hi; /* Expected sequence in next record */
wolfSSL	15:117db924cf7c	2057	word32 nextSeq_lo;
wolfSSL	15:117db924cf7c	2058
wolfSSL	15:117db924cf7c	2059	word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	15:117db924cf7c	2060	/* Sliding window for old epoch */
wolfSSL	15:117db924cf7c	2061	word32 prevSeq_lo;
wolfSSL	15:117db924cf7c	2062	word16 prevSeq_hi; /* Next sequence in allowed old epoch */
wolfSSL	15:117db924cf7c	2063
wolfSSL	15:117db924cf7c	2064	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	2065	word16 peerId;
wolfSSL	15:117db924cf7c	2066	word32 highwaterMark;
wolfSSL	15:117db924cf7c	2067	#endif
wolfSSL	15:117db924cf7c	2068	} WOLFSSL_DTLS_PEERSEQ;
wolfSSL	15:117db924cf7c	2069
wolfSSL	15:117db924cf7c	2070
wolfSSL	15:117db924cf7c	2071	#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
wolfSSL	15:117db924cf7c	2072
wolfSSL	15:117db924cf7c	2073	/* keys and secrets
wolfSSL	15:117db924cf7c	2074	* keep as a constant size (no additional ifdefs) for session export */
wolfSSL	15:117db924cf7c	2075	typedef struct Keys {
wolfSSL	16:8e0d178b1d1e	2076	#if !defined(WOLFSSL_AEAD_ONLY) \|\| defined(WOLFSSL_TLS13)
wolfSSL	15:117db924cf7c	2077	byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	15:117db924cf7c	2078	byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
wolfSSL	16:8e0d178b1d1e	2079	#endif
wolfSSL	15:117db924cf7c	2080	byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
wolfSSL	15:117db924cf7c	2081	byte server_write_key[MAX_SYM_KEY_SIZE];
wolfSSL	15:117db924cf7c	2082	byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
wolfSSL	15:117db924cf7c	2083	byte server_write_IV[MAX_WRITE_IV_SZ];
wolfSSL	15:117db924cf7c	2084	#if defined(HAVE_AEAD) \|\| defined(WOLFSSL_SESSION_EXPORT)
wolfSSL	15:117db924cf7c	2085	byte aead_exp_IV[AEAD_MAX_EXP_SZ];
wolfSSL	15:117db924cf7c	2086	byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	15:117db924cf7c	2087	byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	15:117db924cf7c	2088	#endif
wolfSSL	15:117db924cf7c	2089
wolfSSL	15:117db924cf7c	2090	word32 peer_sequence_number_hi;
wolfSSL	15:117db924cf7c	2091	word32 peer_sequence_number_lo;
wolfSSL	15:117db924cf7c	2092	word32 sequence_number_hi;
wolfSSL	15:117db924cf7c	2093	word32 sequence_number_lo;
wolfSSL	15:117db924cf7c	2094
wolfSSL	15:117db924cf7c	2095	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	2096	word16 curEpoch; /* Received epoch in current record */
wolfSSL	15:117db924cf7c	2097	word16 curSeq_hi; /* Received sequence in current record */
wolfSSL	15:117db924cf7c	2098	word32 curSeq_lo;
wolfSSL	15:117db924cf7c	2099	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	2100	byte curPeerId; /* Received peer group ID in current record */
wolfSSL	15:117db924cf7c	2101	#endif
wolfSSL	15:117db924cf7c	2102	WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
wolfSSL	15:117db924cf7c	2103
wolfSSL	15:117db924cf7c	2104	word16 dtls_peer_handshake_number;
wolfSSL	15:117db924cf7c	2105	word16 dtls_expected_peer_handshake_number;
wolfSSL	15:117db924cf7c	2106
wolfSSL	15:117db924cf7c	2107	word16 dtls_epoch; /* Current epoch */
wolfSSL	15:117db924cf7c	2108	word16 dtls_sequence_number_hi; /* Current epoch */
wolfSSL	15:117db924cf7c	2109	word32 dtls_sequence_number_lo;
wolfSSL	15:117db924cf7c	2110	word16 dtls_prev_sequence_number_hi; /* Previous epoch */
wolfSSL	15:117db924cf7c	2111	word32 dtls_prev_sequence_number_lo;
wolfSSL	15:117db924cf7c	2112	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	15:117db924cf7c	2113	#endif
wolfSSL	15:117db924cf7c	2114
wolfSSL	15:117db924cf7c	2115	word32 encryptSz; /* last size of encrypted data */
wolfSSL	15:117db924cf7c	2116	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	15:117db924cf7c	2117	byte encryptionOn; /* true after change cipher spec */
wolfSSL	15:117db924cf7c	2118	byte decryptedCur; /* only decrypt current record once */
wolfSSL	15:117db924cf7c	2119	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2120	byte updateResponseReq:1; /* KeyUpdate response from peer required. */
wolfSSL	15:117db924cf7c	2121	byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
wolfSSL	15:117db924cf7c	2122	#endif
wolfSSL	16:8e0d178b1d1e	2123	#ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL	16:8e0d178b1d1e	2124	byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
wolfSSL	16:8e0d178b1d1e	2125	byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
wolfSSL	16:8e0d178b1d1e	2126	#endif
wolfSSL	15:117db924cf7c	2127	} Keys;
wolfSSL	15:117db924cf7c	2128
wolfSSL	15:117db924cf7c	2129
wolfSSL	15:117db924cf7c	2130
wolfSSL	15:117db924cf7c	2131	/** TLS Extensions - RFC 6066 */
wolfSSL	15:117db924cf7c	2132	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	2133
wolfSSL	15:117db924cf7c	2134	typedef enum {
wolfSSL	15:117db924cf7c	2135	TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
wolfSSL	15:117db924cf7c	2136	TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL	16:8e0d178b1d1e	2137	TLSX_TRUSTED_CA_KEYS = 0x0003,
wolfSSL	15:117db924cf7c	2138	TLSX_TRUNCATED_HMAC = 0x0004,
wolfSSL	15:117db924cf7c	2139	TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
wolfSSL	15:117db924cf7c	2140	TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
wolfSSL	15:117db924cf7c	2141	TLSX_EC_POINT_FORMATS = 0x000b,
wolfSSL	16:8e0d178b1d1e	2142	#if !defined(WOLFSSL_NO_SIGALG)
wolfSSL	15:117db924cf7c	2143	TLSX_SIGNATURE_ALGORITHMS = 0x000d,
wolfSSL	16:8e0d178b1d1e	2144	#endif
wolfSSL	15:117db924cf7c	2145	TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
wolfSSL	15:117db924cf7c	2146	TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
wolfSSL	16:8e0d178b1d1e	2147	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	2148	TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
wolfSSL	16:8e0d178b1d1e	2149	#endif
wolfSSL	15:117db924cf7c	2150	TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
wolfSSL	15:117db924cf7c	2151	TLSX_SESSION_TICKET = 0x0023,
wolfSSL	15:117db924cf7c	2152	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2153	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	2154	TLSX_PRE_SHARED_KEY = 0x0029,
wolfSSL	15:117db924cf7c	2155	#endif
wolfSSL	15:117db924cf7c	2156	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	2157	TLSX_EARLY_DATA = 0x002a,
wolfSSL	15:117db924cf7c	2158	#endif
wolfSSL	15:117db924cf7c	2159	TLSX_SUPPORTED_VERSIONS = 0x002b,
wolfSSL	15:117db924cf7c	2160	TLSX_COOKIE = 0x002c,
wolfSSL	15:117db924cf7c	2161	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	2162	TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
wolfSSL	15:117db924cf7c	2163	#endif
wolfSSL	15:117db924cf7c	2164	#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL	15:117db924cf7c	2165	TLSX_POST_HANDSHAKE_AUTH = 0x0031,
wolfSSL	15:117db924cf7c	2166	#endif
wolfSSL	15:117db924cf7c	2167	#if defined(WOLFSSL_TLS13_DRAFT_18) \|\| defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL	15:117db924cf7c	2168	TLSX_KEY_SHARE = 0x0028,
wolfSSL	15:117db924cf7c	2169	#else
wolfSSL	15:117db924cf7c	2170	TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
wolfSSL	15:117db924cf7c	2171	TLSX_KEY_SHARE = 0x0033,
wolfSSL	15:117db924cf7c	2172	#endif
wolfSSL	15:117db924cf7c	2173	#endif
wolfSSL	15:117db924cf7c	2174	TLSX_RENEGOTIATION_INFO = 0xff01
wolfSSL	15:117db924cf7c	2175	} TLSX_Type;
wolfSSL	15:117db924cf7c	2176
wolfSSL	15:117db924cf7c	2177	typedef struct TLSX {
wolfSSL	15:117db924cf7c	2178	TLSX_Type type; /* Extension Type */
wolfSSL	15:117db924cf7c	2179	void* data; /* Extension Data */
wolfSSL	15:117db924cf7c	2180	word32 val; /* Extension Value */
wolfSSL	15:117db924cf7c	2181	byte resp; /* IsResponse Flag */
wolfSSL	15:117db924cf7c	2182	struct TLSX* next; /* List Behavior */
wolfSSL	15:117db924cf7c	2183	} TLSX;
wolfSSL	15:117db924cf7c	2184
wolfSSL	15:117db924cf7c	2185	WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	15:117db924cf7c	2186	WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
wolfSSL	15:117db924cf7c	2187	WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
wolfSSL	15:117db924cf7c	2188	WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2189	WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
wolfSSL	15:117db924cf7c	2190
wolfSSL	15:117db924cf7c	2191	#if defined(WOLFSSL_TLS13) \|\| !defined(NO_WOLFSSL_CLIENT)
wolfSSL	16:8e0d178b1d1e	2192	WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
wolfSSL	15:117db924cf7c	2193	word16* pLength);
wolfSSL	15:117db924cf7c	2194	WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
wolfSSL	15:117db924cf7c	2195	byte msgType, word16* pOffset);
wolfSSL	15:117db924cf7c	2196	#endif
wolfSSL	15:117db924cf7c	2197
wolfSSL	15:117db924cf7c	2198	#if defined(WOLFSSL_TLS13) \|\| !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	2199	/* TLS 1.3 Certificate messages have extensions. */
wolfSSL	16:8e0d178b1d1e	2200	WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
wolfSSL	15:117db924cf7c	2201	word16* pLength);
wolfSSL	16:8e0d178b1d1e	2202	WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL ssl, byte output, byte msgType,
wolfSSL	15:117db924cf7c	2203	word16* pOffset);
wolfSSL	15:117db924cf7c	2204	#endif
wolfSSL	15:117db924cf7c	2205
wolfSSL	16:8e0d178b1d1e	2206	WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	16:8e0d178b1d1e	2207	byte msgType, int* found);
wolfSSL	15:117db924cf7c	2208	WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	15:117db924cf7c	2209	byte msgType, Suites *suites);
wolfSSL	15:117db924cf7c	2210
wolfSSL	15:117db924cf7c	2211	#elif defined(HAVE_SNI) \
wolfSSL	15:117db924cf7c	2212	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	16:8e0d178b1d1e	2213	\|\| defined(HAVE_TRUSTED_CA) \
wolfSSL	15:117db924cf7c	2214	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	15:117db924cf7c	2215	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	2216	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL	15:117db924cf7c	2217	\|\| defined(HAVE_SUPPORTED_CURVES) \
wolfSSL	15:117db924cf7c	2218	\|\| defined(HAVE_ALPN) \
wolfSSL	15:117db924cf7c	2219	\|\| defined(HAVE_QSH) \
wolfSSL	15:117db924cf7c	2220	\|\| defined(HAVE_SESSION_TICKET) \
wolfSSL	15:117db924cf7c	2221	\|\| defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	15:117db924cf7c	2222	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	15:117db924cf7c	2223
wolfSSL	15:117db924cf7c	2224	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL	15:117db924cf7c	2225
wolfSSL	15:117db924cf7c	2226	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	15:117db924cf7c	2227
wolfSSL	15:117db924cf7c	2228	/** Server Name Indication - RFC 6066 (session 3) */
wolfSSL	15:117db924cf7c	2229	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	2230
wolfSSL	15:117db924cf7c	2231	typedef struct SNI {
wolfSSL	15:117db924cf7c	2232	byte type; /* SNI Type */
wolfSSL	15:117db924cf7c	2233	union { char* host_name; } data; /* SNI Data */
wolfSSL	15:117db924cf7c	2234	struct SNI* next; /* List Behavior */
wolfSSL	15:117db924cf7c	2235	byte status; /* Matching result */
wolfSSL	15:117db924cf7c	2236	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	2237	byte options; /* Behavior options */
wolfSSL	15:117db924cf7c	2238	#endif
wolfSSL	15:117db924cf7c	2239	} SNI;
wolfSSL	15:117db924cf7c	2240
wolfSSL	15:117db924cf7c	2241	WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	15:117db924cf7c	2242	word16 size, void* heap);
wolfSSL	15:117db924cf7c	2243	WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	15:117db924cf7c	2244	WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	15:117db924cf7c	2245	void** data);
wolfSSL	15:117db924cf7c	2246
wolfSSL	15:117db924cf7c	2247	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	2248	WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	15:117db924cf7c	2249	byte options);
wolfSSL	15:117db924cf7c	2250	WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	15:117db924cf7c	2251	byte type, byte* sni, word32* inOutSz);
wolfSSL	15:117db924cf7c	2252	#endif
wolfSSL	15:117db924cf7c	2253
wolfSSL	15:117db924cf7c	2254	#endif /* HAVE_SNI */
wolfSSL	15:117db924cf7c	2255
wolfSSL	16:8e0d178b1d1e	2256	/* Trusted CA Key Indication - RFC 6066 (section 6) */
wolfSSL	16:8e0d178b1d1e	2257	#ifdef HAVE_TRUSTED_CA
wolfSSL	16:8e0d178b1d1e	2258
wolfSSL	16:8e0d178b1d1e	2259	typedef struct TCA {
wolfSSL	16:8e0d178b1d1e	2260	byte type; /* TCA Type */
wolfSSL	16:8e0d178b1d1e	2261	byte* id; /* TCA identifier */
wolfSSL	16:8e0d178b1d1e	2262	word16 idSz; /* TCA identifier size */
wolfSSL	16:8e0d178b1d1e	2263	struct TCA* next; /* List Behavior */
wolfSSL	16:8e0d178b1d1e	2264	} TCA;
wolfSSL	16:8e0d178b1d1e	2265
wolfSSL	16:8e0d178b1d1e	2266	WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,
wolfSSL	16:8e0d178b1d1e	2267	const byte* id, word16 idSz, void* heap);
wolfSSL	16:8e0d178b1d1e	2268
wolfSSL	16:8e0d178b1d1e	2269	#endif /* HAVE_TRUSTED_CA */
wolfSSL	16:8e0d178b1d1e	2270
wolfSSL	15:117db924cf7c	2271	/* Application-Layer Protocol Negotiation - RFC 7301 */
wolfSSL	15:117db924cf7c	2272	#ifdef HAVE_ALPN
wolfSSL	15:117db924cf7c	2273	typedef struct ALPN {
wolfSSL	15:117db924cf7c	2274	char* protocol_name; /* ALPN protocol name */
wolfSSL	15:117db924cf7c	2275	struct ALPN* next; /* List Behavior */
wolfSSL	15:117db924cf7c	2276	byte options; /* Behavior options */
wolfSSL	15:117db924cf7c	2277	byte negotiated; /* ALPN protocol negotiated or not */
wolfSSL	15:117db924cf7c	2278	} ALPN;
wolfSSL	15:117db924cf7c	2279
wolfSSL	15:117db924cf7c	2280	WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
wolfSSL	15:117db924cf7c	2281	void** data, word16 *dataSz);
wolfSSL	15:117db924cf7c	2282
wolfSSL	15:117db924cf7c	2283	WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
wolfSSL	15:117db924cf7c	2284	word16 size, byte options, void* heap);
wolfSSL	15:117db924cf7c	2285
wolfSSL	15:117db924cf7c	2286	WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
wolfSSL	15:117db924cf7c	2287
wolfSSL	15:117db924cf7c	2288	#endif /* HAVE_ALPN */
wolfSSL	15:117db924cf7c	2289
wolfSSL	15:117db924cf7c	2290	/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
wolfSSL	15:117db924cf7c	2291	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	15:117db924cf7c	2292
wolfSSL	15:117db924cf7c	2293	WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
wolfSSL	15:117db924cf7c	2294
wolfSSL	15:117db924cf7c	2295	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	15:117db924cf7c	2296
wolfSSL	15:117db924cf7c	2297	/** Truncated HMAC - RFC 6066 (session 7) */
wolfSSL	15:117db924cf7c	2298	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	2299
wolfSSL	15:117db924cf7c	2300	WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
wolfSSL	15:117db924cf7c	2301
wolfSSL	15:117db924cf7c	2302	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	15:117db924cf7c	2303
wolfSSL	15:117db924cf7c	2304	/** Certificate Status Request - RFC 6066 (session 8) */
wolfSSL	15:117db924cf7c	2305	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	15:117db924cf7c	2306
wolfSSL	15:117db924cf7c	2307	typedef struct {
wolfSSL	15:117db924cf7c	2308	byte status_type;
wolfSSL	15:117db924cf7c	2309	byte options;
wolfSSL	15:117db924cf7c	2310	WOLFSSL* ssl;
wolfSSL	15:117db924cf7c	2311	union {
wolfSSL	15:117db924cf7c	2312	OcspRequest ocsp;
wolfSSL	15:117db924cf7c	2313	} request;
wolfSSL	15:117db924cf7c	2314	#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	2315	buffer response;
wolfSSL	15:117db924cf7c	2316	#endif
wolfSSL	15:117db924cf7c	2317	} CertificateStatusRequest;
wolfSSL	15:117db924cf7c	2318
wolfSSL	15:117db924cf7c	2319	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
wolfSSL	15:117db924cf7c	2320	byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
wolfSSL	15:117db924cf7c	2321	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	2322	WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
wolfSSL	15:117db924cf7c	2323	void* heap);
wolfSSL	15:117db924cf7c	2324	#endif
wolfSSL	15:117db924cf7c	2325	WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
wolfSSL	15:117db924cf7c	2326	WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2327
wolfSSL	15:117db924cf7c	2328	#endif
wolfSSL	15:117db924cf7c	2329
wolfSSL	15:117db924cf7c	2330	/** Certificate Status Request v2 - RFC 6961 */
wolfSSL	15:117db924cf7c	2331	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	2332
wolfSSL	15:117db924cf7c	2333	typedef struct CSRIv2 {
wolfSSL	15:117db924cf7c	2334	byte status_type;
wolfSSL	15:117db924cf7c	2335	byte options;
wolfSSL	15:117db924cf7c	2336	word16 requests;
wolfSSL	15:117db924cf7c	2337	union {
wolfSSL	15:117db924cf7c	2338	OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
wolfSSL	15:117db924cf7c	2339	} request;
wolfSSL	15:117db924cf7c	2340	struct CSRIv2* next;
wolfSSL	15:117db924cf7c	2341	} CertificateStatusRequestItemV2;
wolfSSL	15:117db924cf7c	2342
wolfSSL	15:117db924cf7c	2343	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
wolfSSL	15:117db924cf7c	2344	byte status_type, byte options, void* heap, int devId);
wolfSSL	15:117db924cf7c	2345	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	2346	WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
wolfSSL	15:117db924cf7c	2347	byte isPeer, void* heap);
wolfSSL	15:117db924cf7c	2348	#endif
wolfSSL	15:117db924cf7c	2349	WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
wolfSSL	15:117db924cf7c	2350	byte index);
wolfSSL	15:117db924cf7c	2351	WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2352
wolfSSL	15:117db924cf7c	2353	#endif
wolfSSL	15:117db924cf7c	2354
wolfSSL	15:117db924cf7c	2355	/** Supported Elliptic Curves - RFC 4492 (session 4) */
wolfSSL	15:117db924cf7c	2356	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	15:117db924cf7c	2357
wolfSSL	15:117db924cf7c	2358	typedef struct SupportedCurve {
wolfSSL	15:117db924cf7c	2359	word16 name; /* Curve Names */
wolfSSL	15:117db924cf7c	2360	struct SupportedCurve* next; /* List Behavior */
wolfSSL	15:117db924cf7c	2361	} SupportedCurve;
wolfSSL	15:117db924cf7c	2362
wolfSSL	15:117db924cf7c	2363	typedef struct PointFormat {
wolfSSL	15:117db924cf7c	2364	byte format; /* PointFormat */
wolfSSL	15:117db924cf7c	2365	struct PointFormat* next; /* List Behavior */
wolfSSL	15:117db924cf7c	2366	} PointFormat;
wolfSSL	15:117db924cf7c	2367
wolfSSL	15:117db924cf7c	2368	WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
wolfSSL	15:117db924cf7c	2369	void* heap);
wolfSSL	15:117db924cf7c	2370
wolfSSL	15:117db924cf7c	2371	WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
wolfSSL	15:117db924cf7c	2372	void* heap);
wolfSSL	15:117db924cf7c	2373
wolfSSL	15:117db924cf7c	2374	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	2375	WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
wolfSSL	15:117db924cf7c	2376	byte second);
wolfSSL	15:117db924cf7c	2377	WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
wolfSSL	16:8e0d178b1d1e	2378	WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2379	#endif
wolfSSL	15:117db924cf7c	2380	WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
wolfSSL	15:117db924cf7c	2381	int checkSupported);
wolfSSL	15:117db924cf7c	2382
wolfSSL	15:117db924cf7c	2383	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	15:117db924cf7c	2384
wolfSSL	15:117db924cf7c	2385	/** Renegotiation Indication - RFC 5746 */
wolfSSL	15:117db924cf7c	2386	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	15:117db924cf7c	2387	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	15:117db924cf7c	2388
wolfSSL	15:117db924cf7c	2389	enum key_cache_state {
wolfSSL	15:117db924cf7c	2390	SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL	15:117db924cf7c	2391	SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL	15:117db924cf7c	2392	SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL	15:117db924cf7c	2393	SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL	15:117db924cf7c	2394	SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL	15:117db924cf7c	2395	};
wolfSSL	15:117db924cf7c	2396
wolfSSL	15:117db924cf7c	2397	/* Additional Connection State according to rfc5746 section 3.1 */
wolfSSL	15:117db924cf7c	2398	typedef struct SecureRenegotiation {
wolfSSL	15:117db924cf7c	2399	byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL	16:8e0d178b1d1e	2400	byte verifySet;
wolfSSL	15:117db924cf7c	2401	byte startScr; /* server requested client to start scr */
wolfSSL	15:117db924cf7c	2402	enum key_cache_state cache_status; /* track key cache state */
wolfSSL	15:117db924cf7c	2403	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	15:117db924cf7c	2404	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	16:8e0d178b1d1e	2405	byte subject_hash_set; /* if peer cert hash is set */
wolfSSL	16:8e0d178b1d1e	2406	byte subject_hash[KEYID_SIZE]; /* peer cert hash */
wolfSSL	15:117db924cf7c	2407	Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL	15:117db924cf7c	2408	} SecureRenegotiation;
wolfSSL	15:117db924cf7c	2409
wolfSSL	15:117db924cf7c	2410	WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
wolfSSL	15:117db924cf7c	2411
wolfSSL	15:117db924cf7c	2412	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	15:117db924cf7c	2413	WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
wolfSSL	15:117db924cf7c	2414	#endif
wolfSSL	15:117db924cf7c	2415
wolfSSL	15:117db924cf7c	2416	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	15:117db924cf7c	2417
wolfSSL	15:117db924cf7c	2418	/** Session Ticket - RFC 5077 (session 3.2) */
wolfSSL	15:117db924cf7c	2419	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	2420
wolfSSL	15:117db924cf7c	2421	typedef struct SessionTicket {
wolfSSL	15:117db924cf7c	2422	word32 lifetime;
wolfSSL	15:117db924cf7c	2423	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2424	word64 seen;
wolfSSL	15:117db924cf7c	2425	word32 ageAdd;
wolfSSL	15:117db924cf7c	2426	#endif
wolfSSL	15:117db924cf7c	2427	byte* data;
wolfSSL	15:117db924cf7c	2428	word16 size;
wolfSSL	15:117db924cf7c	2429	} SessionTicket;
wolfSSL	15:117db924cf7c	2430
wolfSSL	15:117db924cf7c	2431	WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL	15:117db924cf7c	2432	SessionTicket* ticket, void* heap);
wolfSSL	15:117db924cf7c	2433	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	15:117db924cf7c	2434	byte* data, word16 size, void* heap);
wolfSSL	15:117db924cf7c	2435	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
wolfSSL	15:117db924cf7c	2436
wolfSSL	15:117db924cf7c	2437	#endif /* HAVE_SESSION_TICKET */
wolfSSL	15:117db924cf7c	2438
wolfSSL	15:117db924cf7c	2439	/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
wolfSSL	15:117db924cf7c	2440	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	2441
wolfSSL	15:117db924cf7c	2442	typedef struct QSHScheme {
wolfSSL	15:117db924cf7c	2443	struct QSHScheme* next; /* List Behavior */
wolfSSL	15:117db924cf7c	2444	byte* PK;
wolfSSL	15:117db924cf7c	2445	word16 name; /* QSHScheme Names */
wolfSSL	15:117db924cf7c	2446	word16 PKLen;
wolfSSL	15:117db924cf7c	2447	} QSHScheme;
wolfSSL	15:117db924cf7c	2448
wolfSSL	15:117db924cf7c	2449	typedef struct QSHkey {
wolfSSL	15:117db924cf7c	2450	struct QSHKey* next;
wolfSSL	15:117db924cf7c	2451	word16 name;
wolfSSL	15:117db924cf7c	2452	buffer pub;
wolfSSL	15:117db924cf7c	2453	buffer pri;
wolfSSL	15:117db924cf7c	2454	} QSHKey;
wolfSSL	15:117db924cf7c	2455
wolfSSL	15:117db924cf7c	2456	typedef struct QSHSecret {
wolfSSL	15:117db924cf7c	2457	QSHScheme* list;
wolfSSL	15:117db924cf7c	2458	buffer* SerSi;
wolfSSL	15:117db924cf7c	2459	buffer* CliSi;
wolfSSL	15:117db924cf7c	2460	} QSHSecret;
wolfSSL	15:117db924cf7c	2461
wolfSSL	15:117db924cf7c	2462	/* used in key exchange during handshake */
wolfSSL	15:117db924cf7c	2463	WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
wolfSSL	15:117db924cf7c	2464	word16 length, byte isServer);
wolfSSL	15:117db924cf7c	2465	WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
wolfSSL	15:117db924cf7c	2466	WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
wolfSSL	15:117db924cf7c	2467
wolfSSL	15:117db924cf7c	2468	/* used by api for setting a specific QSH scheme */
wolfSSL	15:117db924cf7c	2469	WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
wolfSSL	15:117db924cf7c	2470	byte* pKey, word16 pKeySz, void* heap);
wolfSSL	15:117db924cf7c	2471
wolfSSL	15:117db924cf7c	2472	/* used when parsing in QSHCipher structs */
wolfSSL	15:117db924cf7c	2473	WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	15:117db924cf7c	2474	byte* out, word16* szOut);
wolfSSL	15:117db924cf7c	2475	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	2476	WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
wolfSSL	15:117db924cf7c	2477	#endif
wolfSSL	15:117db924cf7c	2478
wolfSSL	15:117db924cf7c	2479	#endif /* HAVE_QSH */
wolfSSL	15:117db924cf7c	2480
wolfSSL	15:117db924cf7c	2481	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2482	/* Cookie extension information - cookie data. */
wolfSSL	15:117db924cf7c	2483	typedef struct Cookie {
wolfSSL	15:117db924cf7c	2484	word16 len;
wolfSSL	15:117db924cf7c	2485	byte data;
wolfSSL	15:117db924cf7c	2486	} Cookie;
wolfSSL	15:117db924cf7c	2487
wolfSSL	15:117db924cf7c	2488	WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
wolfSSL	15:117db924cf7c	2489	byte* mac, byte macSz, int resp);
wolfSSL	15:117db924cf7c	2490
wolfSSL	15:117db924cf7c	2491
wolfSSL	15:117db924cf7c	2492	/* Key Share - TLS v1.3 Specification */
wolfSSL	15:117db924cf7c	2493
wolfSSL	15:117db924cf7c	2494	/* The KeyShare extension information - entry in a linked list. */
wolfSSL	15:117db924cf7c	2495	typedef struct KeyShareEntry {
wolfSSL	15:117db924cf7c	2496	word16 group; /* NamedGroup */
wolfSSL	15:117db924cf7c	2497	byte* ke; /* Key exchange data */
wolfSSL	15:117db924cf7c	2498	word32 keLen; /* Key exchange data length */
wolfSSL	15:117db924cf7c	2499	void* key; /* Private key */
wolfSSL	15:117db924cf7c	2500	word32 keyLen; /* Private key length */
wolfSSL	15:117db924cf7c	2501	byte* pubKey; /* Public key */
wolfSSL	15:117db924cf7c	2502	word32 pubKeyLen; /* Public key length */
wolfSSL	15:117db924cf7c	2503	struct KeyShareEntry* next; /* List pointer */
wolfSSL	15:117db924cf7c	2504	} KeyShareEntry;
wolfSSL	15:117db924cf7c	2505
wolfSSL	15:117db924cf7c	2506	WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
wolfSSL	15:117db924cf7c	2507	byte* data, KeyShareEntry **kse);
wolfSSL	15:117db924cf7c	2508	WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2509	WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2510	WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2511
wolfSSL	15:117db924cf7c	2512
wolfSSL	15:117db924cf7c	2513	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	2514	#ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	2515	/* Ticket nonce - for deriving PSK.
wolfSSL	15:117db924cf7c	2516	* Length allowed to be: 1..255. Only support 4 bytes.
wolfSSL	15:117db924cf7c	2517	*/
wolfSSL	15:117db924cf7c	2518	typedef struct TicketNonce {
wolfSSL	15:117db924cf7c	2519	byte len;
wolfSSL	15:117db924cf7c	2520	byte data[MAX_TICKET_NONCE_SZ];
wolfSSL	15:117db924cf7c	2521	} TicketNonce;
wolfSSL	15:117db924cf7c	2522	#endif
wolfSSL	15:117db924cf7c	2523
wolfSSL	15:117db924cf7c	2524	/* The PreSharedKey extension information - entry in a linked list. */
wolfSSL	15:117db924cf7c	2525	typedef struct PreSharedKey {
wolfSSL	15:117db924cf7c	2526	word16 identityLen; /* Length of identity */
wolfSSL	15:117db924cf7c	2527	byte* identity; /* PSK identity */
wolfSSL	15:117db924cf7c	2528	word32 ticketAge; /* Age of the ticket */
wolfSSL	15:117db924cf7c	2529	byte cipherSuite0; /* Cipher Suite */
wolfSSL	15:117db924cf7c	2530	byte cipherSuite; /* Cipher Suite */
wolfSSL	15:117db924cf7c	2531	word32 binderLen; /* Length of HMAC */
wolfSSL	16:8e0d178b1d1e	2532	byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */
wolfSSL	15:117db924cf7c	2533	byte hmac; /* HMAC algorithm */
wolfSSL	15:117db924cf7c	2534	byte resumption:1; /* Resumption PSK */
wolfSSL	15:117db924cf7c	2535	byte chosen:1; /* Server's choice */
wolfSSL	15:117db924cf7c	2536	struct PreSharedKey* next; /* List pointer */
wolfSSL	15:117db924cf7c	2537	} PreSharedKey;
wolfSSL	15:117db924cf7c	2538
wolfSSL	16:8e0d178b1d1e	2539	WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
wolfSSL	16:8e0d178b1d1e	2540	byte* output, byte msgType,
wolfSSL	16:8e0d178b1d1e	2541	word16* pSz);
wolfSSL	16:8e0d178b1d1e	2542	WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
wolfSSL	16:8e0d178b1d1e	2543	byte msgType, word16* pSz);
wolfSSL	15:117db924cf7c	2544	WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
wolfSSL	15:117db924cf7c	2545	word16 len, word32 age, byte hmac,
wolfSSL	15:117db924cf7c	2546	byte cipherSuite0, byte cipherSuite,
wolfSSL	15:117db924cf7c	2547	byte resumption,
wolfSSL	15:117db924cf7c	2548	PreSharedKey **preSharedKey);
wolfSSL	15:117db924cf7c	2549
wolfSSL	15:117db924cf7c	2550	/* The possible Pre-Shared Key key exchange modes. */
wolfSSL	15:117db924cf7c	2551	enum PskKeyExchangeMode {
wolfSSL	15:117db924cf7c	2552	PSK_KE,
wolfSSL	15:117db924cf7c	2553	PSK_DHE_KE
wolfSSL	15:117db924cf7c	2554	};
wolfSSL	15:117db924cf7c	2555
wolfSSL	15:117db924cf7c	2556	/* User can define this. */
wolfSSL	15:117db924cf7c	2557	#ifndef WOLFSSL_DEF_PSK_CIPHER
wolfSSL	15:117db924cf7c	2558	#define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2559	#endif
wolfSSL	15:117db924cf7c	2560
wolfSSL	15:117db924cf7c	2561	WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
wolfSSL	15:117db924cf7c	2562
wolfSSL	15:117db924cf7c	2563	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	2564	WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
wolfSSL	15:117db924cf7c	2565	#endif
wolfSSL	15:117db924cf7c	2566	#endif /* HAVE_SESSION_TICKET \|\| !NO_PSK */
wolfSSL	15:117db924cf7c	2567
wolfSSL	15:117db924cf7c	2568
wolfSSL	15:117db924cf7c	2569	/* The types of keys to derive for. */
wolfSSL	15:117db924cf7c	2570	enum DeriveKeyType {
wolfSSL	15:117db924cf7c	2571	no_key,
wolfSSL	15:117db924cf7c	2572	early_data_key,
wolfSSL	15:117db924cf7c	2573	handshake_key,
wolfSSL	15:117db924cf7c	2574	traffic_key,
wolfSSL	15:117db924cf7c	2575	update_traffic_key
wolfSSL	15:117db924cf7c	2576	};
wolfSSL	15:117db924cf7c	2577
wolfSSL	15:117db924cf7c	2578	/* The key update request values for KeyUpdate message. */
wolfSSL	15:117db924cf7c	2579	enum KeyUpdateRequest {
wolfSSL	15:117db924cf7c	2580	update_not_requested,
wolfSSL	15:117db924cf7c	2581	update_requested
wolfSSL	15:117db924cf7c	2582	};
wolfSSL	15:117db924cf7c	2583	#endif /* WOLFSSL_TLS13 */
wolfSSL	15:117db924cf7c	2584
wolfSSL	15:117db924cf7c	2585
wolfSSL	15:117db924cf7c	2586	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	2587	enum SetCBIO {
wolfSSL	15:117db924cf7c	2588	WOLFSSL_CBIO_NONE = 0,
wolfSSL	15:117db924cf7c	2589	WOLFSSL_CBIO_RECV = 0x1,
wolfSSL	16:8e0d178b1d1e	2590	WOLFSSL_CBIO_SEND = 0x2,
wolfSSL	15:117db924cf7c	2591	};
wolfSSL	15:117db924cf7c	2592	#endif
wolfSSL	15:117db924cf7c	2593
wolfSSL	15:117db924cf7c	2594	/* wolfSSL context type */
wolfSSL	15:117db924cf7c	2595	struct WOLFSSL_CTX {
wolfSSL	15:117db924cf7c	2596	WOLFSSL_METHOD* method;
wolfSSL	15:117db924cf7c	2597	#ifdef SINGLE_THREADED
wolfSSL	15:117db924cf7c	2598	WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
wolfSSL	15:117db924cf7c	2599	#endif
wolfSSL	15:117db924cf7c	2600	wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	15:117db924cf7c	2601	int refCount; /* reference count */
wolfSSL	15:117db924cf7c	2602	int err; /* error code in case of mutex not created */
wolfSSL	15:117db924cf7c	2603	#ifndef NO_DH
wolfSSL	15:117db924cf7c	2604	buffer serverDH_P;
wolfSSL	15:117db924cf7c	2605	buffer serverDH_G;
wolfSSL	15:117db924cf7c	2606	#endif
wolfSSL	15:117db924cf7c	2607	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	2608	DerBuffer* certificate;
wolfSSL	15:117db924cf7c	2609	DerBuffer* certChain;
wolfSSL	15:117db924cf7c	2610	/* chain after self, in DER, with leading size for each cert */
wolfSSL	16:8e0d178b1d1e	2611	#if defined(OPENSSL_EXTRA) \|\| defined(WOLFSSL_EXTRA)
wolfSSL	15:117db924cf7c	2612	WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
wolfSSL	15:117db924cf7c	2613	#endif
wolfSSL	15:117db924cf7c	2614	#if defined(OPENSSL_ALL) \|\| defined(OPENSSL_EXTRA) \|\| \
wolfSSL	15:117db924cf7c	2615	defined(WOLFSSL_NGINX) \|\| defined (WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	2616	WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
wolfSSL	16:8e0d178b1d1e	2617	client_cert_cb CBClientCert; /* client certificate callback */
wolfSSL	15:117db924cf7c	2618	#endif
wolfSSL	15:117db924cf7c	2619	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2620	int certChainCnt;
wolfSSL	15:117db924cf7c	2621	#endif
wolfSSL	15:117db924cf7c	2622	DerBuffer* privateKey;
wolfSSL	16:8e0d178b1d1e	2623	byte privateKeyType:7;
wolfSSL	16:8e0d178b1d1e	2624	byte privateKeyId:1;
wolfSSL	15:117db924cf7c	2625	int privateKeySz;
wolfSSL	16:8e0d178b1d1e	2626	int privateKeyDevId;
wolfSSL	15:117db924cf7c	2627	WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	15:117db924cf7c	2628	#endif
wolfSSL	15:117db924cf7c	2629	#ifdef KEEP_OUR_CERT
wolfSSL	15:117db924cf7c	2630	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
wolfSSL	15:117db924cf7c	2631	int ownOurCert; /* Dispose of certificate if we own */
wolfSSL	15:117db924cf7c	2632	#endif
wolfSSL	15:117db924cf7c	2633	Suites* suites; /* make dynamic, user may not need/set */
wolfSSL	15:117db924cf7c	2634	void* heap; /* for user memory overrides */
wolfSSL	15:117db924cf7c	2635	byte verifyDepth;
wolfSSL	15:117db924cf7c	2636	byte verifyPeer:1;
wolfSSL	15:117db924cf7c	2637	byte verifyNone:1;
wolfSSL	15:117db924cf7c	2638	byte failNoCert:1;
wolfSSL	15:117db924cf7c	2639	byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
wolfSSL	15:117db924cf7c	2640	byte sessionCacheOff:1;
wolfSSL	15:117db924cf7c	2641	byte sessionCacheFlushOff:1;
wolfSSL	15:117db924cf7c	2642	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	2643	byte internalCacheOff:1;
wolfSSL	15:117db924cf7c	2644	#endif
wolfSSL	16:8e0d178b1d1e	2645	byte sendVerify:2; /* for client side (can not be single bit) */
wolfSSL	15:117db924cf7c	2646	byte haveRSA:1; /* RSA available */
wolfSSL	15:117db924cf7c	2647	byte haveECC:1; /* ECC available */
wolfSSL	15:117db924cf7c	2648	byte haveDH:1; /* server DH parms set by user */
wolfSSL	15:117db924cf7c	2649	byte haveNTRU:1; /* server private NTRU key loaded */
wolfSSL	15:117db924cf7c	2650	byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
wolfSSL	15:117db924cf7c	2651	byte haveStaticECC:1; /* static server ECC private key */
wolfSSL	15:117db924cf7c	2652	byte partialWrite:1; /* only one msg per write call */
wolfSSL	15:117db924cf7c	2653	byte quietShutdown:1; /* don't send close notify */
wolfSSL	15:117db924cf7c	2654	byte groupMessages:1; /* group handshake messages before sending */
wolfSSL	15:117db924cf7c	2655	byte minDowngrade; /* minimum downgrade version */
wolfSSL	15:117db924cf7c	2656	byte haveEMS:1; /* have extended master secret extension */
wolfSSL	15:117db924cf7c	2657	byte useClientOrder:1; /* Use client's cipher preference order */
wolfSSL	15:117db924cf7c	2658	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2659	byte noTicketTls13:1; /* Server won't create new Ticket */
wolfSSL	15:117db924cf7c	2660	byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
wolfSSL	15:117db924cf7c	2661	#endif
wolfSSL	16:8e0d178b1d1e	2662	byte mutualAuth:1; /* Mutual authentication required */
wolfSSL	15:117db924cf7c	2663	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	15:117db924cf7c	2664	byte postHandshakeAuth:1; /* Post-handshake auth supported. */
wolfSSL	15:117db924cf7c	2665	#endif
wolfSSL	16:8e0d178b1d1e	2666	#ifndef NO_DH
wolfSSL	16:8e0d178b1d1e	2667	#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL	16:8e0d178b1d1e	2668	!defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	2669	byte dhKeyTested:1; /* Set when key has been tested. */
wolfSSL	16:8e0d178b1d1e	2670	#endif
wolfSSL	16:8e0d178b1d1e	2671	#endif
wolfSSL	16:8e0d178b1d1e	2672	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	2673	byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */
wolfSSL	16:8e0d178b1d1e	2674	#endif
wolfSSL	16:8e0d178b1d1e	2675	#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL	16:8e0d178b1d1e	2676	byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
wolfSSL	16:8e0d178b1d1e	2677	#endif
wolfSSL	16:8e0d178b1d1e	2678	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	16:8e0d178b1d1e	2679	byte onHeap:1; /* whether the ctx/method is put on heap hint */
wolfSSL	16:8e0d178b1d1e	2680	#endif
wolfSSL	15:117db924cf7c	2681	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	2682	byte haveMcast; /* multicast requested */
wolfSSL	15:117db924cf7c	2683	byte mcastID; /* multicast group ID */
wolfSSL	15:117db924cf7c	2684	#endif
wolfSSL	15:117db924cf7c	2685	#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL	15:117db924cf7c	2686	byte dtlsSctp; /* DTLS-over-SCTP mode */
wolfSSL	16:8e0d178b1d1e	2687	#endif
wolfSSL	16:8e0d178b1d1e	2688	#if (defined(WOLFSSL_SCTP) \|\| defined(WOLFSSL_DTLS_MTU)) && \
wolfSSL	16:8e0d178b1d1e	2689	defined(WOLFSSL_DTLS)
wolfSSL	15:117db924cf7c	2690	word16 dtlsMtuSz; /* DTLS MTU size */
wolfSSL	15:117db924cf7c	2691	#endif
wolfSSL	15:117db924cf7c	2692	#ifndef NO_DH
wolfSSL	15:117db924cf7c	2693	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	15:117db924cf7c	2694	word16 maxDhKeySz; /* maximum DH key size */
wolfSSL	15:117db924cf7c	2695	#endif
wolfSSL	15:117db924cf7c	2696	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	2697	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	15:117db924cf7c	2698	#endif
wolfSSL	16:8e0d178b1d1e	2699	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	2700	short minEccKeySz; /* minimum ECC key size */
wolfSSL	15:117db924cf7c	2701	#endif
wolfSSL	16:8e0d178b1d1e	2702	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	16:8e0d178b1d1e	2703	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	16:8e0d178b1d1e	2704	#endif
wolfSSL	15:117db924cf7c	2705	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	2706	byte sessionCtx[ID_LEN]; /* app session context ID */
wolfSSL	15:117db924cf7c	2707	word32 disabledCurves; /* curves disabled by user */
wolfSSL	15:117db924cf7c	2708	const unsigned char alpn_cli_protos;/ ALPN client protocol list */
wolfSSL	15:117db924cf7c	2709	unsigned int alpn_cli_protos_len;
wolfSSL	15:117db924cf7c	2710	byte sessionCtxSz;
wolfSSL	15:117db924cf7c	2711	byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
wolfSSL	15:117db924cf7c	2712	CallbackInfoState* CBIS; /* used to get info about SSL state */
wolfSSL	15:117db924cf7c	2713	#endif
wolfSSL	15:117db924cf7c	2714	CallbackIORecv CBIORecv;
wolfSSL	15:117db924cf7c	2715	CallbackIOSend CBIOSend;
wolfSSL	15:117db924cf7c	2716	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	2717	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	15:117db924cf7c	2718	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	2719	wc_dtls_export dtls_export; /* export function for DTLS session */
wolfSSL	15:117db924cf7c	2720	CallbackGetPeer CBGetPeer;
wolfSSL	15:117db924cf7c	2721	CallbackSetPeer CBSetPeer;
wolfSSL	15:117db924cf7c	2722	#endif
wolfSSL	15:117db924cf7c	2723	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	2724	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	16:8e0d178b1d1e	2725	#ifdef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	2726	CertVerifyCallback verifyCertCb;
wolfSSL	16:8e0d178b1d1e	2727	void* verifyCertCbArg;
wolfSSL	16:8e0d178b1d1e	2728	#endif /* OPENSSL_ALL */
wolfSSL	15:117db924cf7c	2729	word32 timeout; /* session timeout */
wolfSSL	16:8e0d178b1d1e	2730	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	2731	word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL	15:117db924cf7c	2732	#endif
wolfSSL	15:117db924cf7c	2733	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	2734	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	15:117db924cf7c	2735	#endif
wolfSSL	16:8e0d178b1d1e	2736	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	2737	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	15:117db924cf7c	2738	#endif
wolfSSL	15:117db924cf7c	2739	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	2740	byte havePSK; /* psk key set by user */
wolfSSL	15:117db924cf7c	2741	wc_psk_client_callback client_psk_cb; /* client callback */
wolfSSL	15:117db924cf7c	2742	wc_psk_server_callback server_psk_cb; /* server callback */
wolfSSL	16:8e0d178b1d1e	2743	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	2744	wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
wolfSSL	16:8e0d178b1d1e	2745	wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
wolfSSL	16:8e0d178b1d1e	2746	#endif
wolfSSL	15:117db924cf7c	2747	char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	15:117db924cf7c	2748	#endif /* HAVE_SESSION_TICKET \|\| !NO_PSK */
wolfSSL	15:117db924cf7c	2749	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2750	word16 group[WOLFSSL_MAX_GROUP_COUNT];
wolfSSL	15:117db924cf7c	2751	byte numGroups;
wolfSSL	15:117db924cf7c	2752	#endif
wolfSSL	15:117db924cf7c	2753	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	2754	word32 maxEarlyDataSz;
wolfSSL	15:117db924cf7c	2755	#endif
wolfSSL	15:117db924cf7c	2756	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	2757	byte haveAnon; /* User wants to allow Anon suites */
wolfSSL	15:117db924cf7c	2758	#endif /* HAVE_ANON */
wolfSSL	15:117db924cf7c	2759	#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL	15:117db924cf7c	2760	pem_password_cb* passwd_cb;
wolfSSL	15:117db924cf7c	2761	void* passwd_userdata;
wolfSSL	15:117db924cf7c	2762	#endif
wolfSSL	15:117db924cf7c	2763	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	15:117db924cf7c	2764	WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
wolfSSL	15:117db924cf7c	2765	WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
wolfSSL	15:117db924cf7c	2766	byte readAhead;
wolfSSL	15:117db924cf7c	2767	void* userPRFArg; /* passed to prf callback */
wolfSSL	15:117db924cf7c	2768	#endif
wolfSSL	15:117db924cf7c	2769	#ifdef HAVE_EX_DATA
wolfSSL	16:8e0d178b1d1e	2770	WOLFSSL_CRYPTO_EX_DATA ex_data;
wolfSSL	15:117db924cf7c	2771	#endif
wolfSSL	15:117db924cf7c	2772	#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY))
wolfSSL	15:117db924cf7c	2773	CallbackALPNSelect alpnSelect;
wolfSSL	15:117db924cf7c	2774	void* alpnSelectArg;
wolfSSL	15:117db924cf7c	2775	#endif
wolfSSL	16:8e0d178b1d1e	2776	#if defined(OPENSSL_ALL) \|\| (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) \|\| \
wolfSSL	16:8e0d178b1d1e	2777	defined(WOLFSSL_NGINX) \|\| defined(HAVE_LIGHTY) \|\| \
wolfSSL	16:8e0d178b1d1e	2778	defined(WOLFSSL_HAPROXY) \|\| defined(WOLFSSL_OPENSSH) ))
wolfSSL	15:117db924cf7c	2779	CallbackSniRecv sniRecvCb;
wolfSSL	15:117db924cf7c	2780	void* sniRecvCbArg;
wolfSSL	15:117db924cf7c	2781	#endif
wolfSSL	15:117db924cf7c	2782	#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
wolfSSL	15:117db924cf7c	2783	CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
wolfSSL	15:117db924cf7c	2784	word32 mcastFirstSeq; /* first trigger level */
wolfSSL	16:8e0d178b1d1e	2785	word32 mcastSecondSeq; /* second trigger level */
wolfSSL	15:117db924cf7c	2786	word32 mcastMaxSeq; /* max level */
wolfSSL	15:117db924cf7c	2787	#endif
wolfSSL	15:117db924cf7c	2788	#ifdef HAVE_OCSP
wolfSSL	15:117db924cf7c	2789	WOLFSSL_OCSP ocsp;
wolfSSL	15:117db924cf7c	2790	#endif
wolfSSL	15:117db924cf7c	2791	int devId; /* async device id to use */
wolfSSL	15:117db924cf7c	2792	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	2793	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	15:117db924cf7c	2794	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	2795	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	2796	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	2797	OcspRequest* certOcspRequest;
wolfSSL	15:117db924cf7c	2798	#endif
wolfSSL	15:117db924cf7c	2799	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	2800	OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
wolfSSL	15:117db924cf7c	2801	#endif
wolfSSL	15:117db924cf7c	2802	#endif
wolfSSL	15:117db924cf7c	2803	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	2804	SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL	15:117db924cf7c	2805	void* ticketEncCtx; /* session encrypt context */
wolfSSL	15:117db924cf7c	2806	int ticketHint; /* ticket hint in seconds */
wolfSSL	15:117db924cf7c	2807	#endif
wolfSSL	15:117db924cf7c	2808	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	15:117db924cf7c	2809	byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
wolfSSL	15:117db924cf7c	2810	#endif
wolfSSL	15:117db924cf7c	2811	#endif
wolfSSL	15:117db924cf7c	2812	#ifdef ATOMIC_USER
wolfSSL	15:117db924cf7c	2813	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	15:117db924cf7c	2814	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	16:8e0d178b1d1e	2815	#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL	16:8e0d178b1d1e	2816	CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */
wolfSSL	16:8e0d178b1d1e	2817	CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */
wolfSSL	16:8e0d178b1d1e	2818	#endif
wolfSSL	15:117db924cf7c	2819	#endif
wolfSSL	15:117db924cf7c	2820	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	2821	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	2822	CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
wolfSSL	15:117db924cf7c	2823	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	15:117db924cf7c	2824	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	15:117db924cf7c	2825	CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
wolfSSL	15:117db924cf7c	2826	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	2827	/* User Ed25519Sign Callback handler */
wolfSSL	15:117db924cf7c	2828	CallbackEd25519Sign Ed25519SignCb;
wolfSSL	15:117db924cf7c	2829	/* User Ed25519Verify Callback handler */
wolfSSL	15:117db924cf7c	2830	CallbackEd25519Verify Ed25519VerifyCb;
wolfSSL	15:117db924cf7c	2831	#endif
wolfSSL	15:117db924cf7c	2832	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	2833	/* User X25519 KeyGen Callback Handler */
wolfSSL	15:117db924cf7c	2834	CallbackX25519KeyGen X25519KeyGenCb;
wolfSSL	15:117db924cf7c	2835	/* User X25519 SharedSecret Callback handler */
wolfSSL	15:117db924cf7c	2836	CallbackX25519SharedSecret X25519SharedSecretCb;
wolfSSL	15:117db924cf7c	2837	#endif
wolfSSL	16:8e0d178b1d1e	2838	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	2839	/* User Ed448Sign Callback handler */
wolfSSL	16:8e0d178b1d1e	2840	CallbackEd448Sign Ed448SignCb;
wolfSSL	16:8e0d178b1d1e	2841	/* User Ed448Verify Callback handler */
wolfSSL	16:8e0d178b1d1e	2842	CallbackEd448Verify Ed448VerifyCb;
wolfSSL	16:8e0d178b1d1e	2843	#endif
wolfSSL	16:8e0d178b1d1e	2844	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	2845	/* User X448 KeyGen Callback Handler */
wolfSSL	16:8e0d178b1d1e	2846	CallbackX448KeyGen X448KeyGenCb;
wolfSSL	16:8e0d178b1d1e	2847	/* User X448 SharedSecret Callback handler */
wolfSSL	16:8e0d178b1d1e	2848	CallbackX448SharedSecret X448SharedSecretCb;
wolfSSL	16:8e0d178b1d1e	2849	#endif
wolfSSL	15:117db924cf7c	2850	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	2851	#ifndef NO_DH
wolfSSL	15:117db924cf7c	2852	CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
wolfSSL	15:117db924cf7c	2853	#endif
wolfSSL	15:117db924cf7c	2854	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	2855	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
wolfSSL	15:117db924cf7c	2856	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
wolfSSL	15:117db924cf7c	2857	CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */
wolfSSL	15:117db924cf7c	2858	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	2859	CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */
wolfSSL	15:117db924cf7c	2860	CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */
wolfSSL	15:117db924cf7c	2861	CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */
wolfSSL	15:117db924cf7c	2862	#endif
wolfSSL	15:117db924cf7c	2863	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	15:117db924cf7c	2864	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	15:117db924cf7c	2865	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	2866	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	2867	#ifdef HAVE_WOLF_EVENT
wolfSSL	15:117db924cf7c	2868	WOLF_EVENT_QUEUE event_queue;
wolfSSL	15:117db924cf7c	2869	#endif /* HAVE_WOLF_EVENT */
wolfSSL	15:117db924cf7c	2870	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	2871	WOLFSSL_SESSION(get_sess_cb)(WOLFSSL, unsigned char, int, int*);
wolfSSL	15:117db924cf7c	2872	int (new_sess_cb)(WOLFSSL, WOLFSSL_SESSION*);
wolfSSL	15:117db924cf7c	2873	void (rem_sess_cb)(WOLFSSL_CTX, WOLFSSL_SESSION*);
wolfSSL	15:117db924cf7c	2874	#endif
wolfSSL	15:117db924cf7c	2875	#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
wolfSSL	15:117db924cf7c	2876	Srp* srp; /* TLS Secure Remote Password Protocol*/
wolfSSL	15:117db924cf7c	2877	byte* srp_password;
wolfSSL	15:117db924cf7c	2878	#endif
wolfSSL	15:117db924cf7c	2879	};
wolfSSL	15:117db924cf7c	2880
wolfSSL	15:117db924cf7c	2881	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2882	int InitSSL_Ctx(WOLFSSL_CTX, WOLFSSL_METHOD, void* heap);
wolfSSL	15:117db924cf7c	2883	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2884	void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL	15:117db924cf7c	2885	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2886	void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL	15:117db924cf7c	2887
wolfSSL	15:117db924cf7c	2888	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2889	int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	2890	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2891	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	2892	word32 inSz, word16 sz);
wolfSSL	15:117db924cf7c	2893
wolfSSL	15:117db924cf7c	2894	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	2895	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2896	int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
wolfSSL	15:117db924cf7c	2897	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2898	int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	15:117db924cf7c	2899	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	15:117db924cf7c	2900	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2901	int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
wolfSSL	15:117db924cf7c	2902	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	2903	int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	15:117db924cf7c	2904	#endif
wolfSSL	15:117db924cf7c	2905	#endif
wolfSSL	15:117db924cf7c	2906
wolfSSL	15:117db924cf7c	2907	/* All cipher suite related info
wolfSSL	15:117db924cf7c	2908	* Keep as a constant size (no ifdefs) for session export */
wolfSSL	15:117db924cf7c	2909	typedef struct CipherSpecs {
wolfSSL	15:117db924cf7c	2910	word16 key_size;
wolfSSL	15:117db924cf7c	2911	word16 iv_size;
wolfSSL	15:117db924cf7c	2912	word16 block_size;
wolfSSL	15:117db924cf7c	2913	word16 aead_mac_size;
wolfSSL	15:117db924cf7c	2914	byte bulk_cipher_algorithm;
wolfSSL	15:117db924cf7c	2915	byte cipher_type; /* block, stream, or aead */
wolfSSL	15:117db924cf7c	2916	byte mac_algorithm;
wolfSSL	15:117db924cf7c	2917	byte kea; /* key exchange algo */
wolfSSL	15:117db924cf7c	2918	byte sig_algo;
wolfSSL	15:117db924cf7c	2919	byte hash_size;
wolfSSL	15:117db924cf7c	2920	byte pad_size;
wolfSSL	15:117db924cf7c	2921	byte static_ecdh;
wolfSSL	15:117db924cf7c	2922	} CipherSpecs;
wolfSSL	15:117db924cf7c	2923
wolfSSL	15:117db924cf7c	2924
wolfSSL	15:117db924cf7c	2925	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	15:117db924cf7c	2926
wolfSSL	15:117db924cf7c	2927
wolfSSL	15:117db924cf7c	2928	/* Supported Key Exchange Protocols */
wolfSSL	15:117db924cf7c	2929	enum KeyExchangeAlgorithm {
wolfSSL	15:117db924cf7c	2930	no_kea,
wolfSSL	15:117db924cf7c	2931	rsa_kea,
wolfSSL	15:117db924cf7c	2932	diffie_hellman_kea,
wolfSSL	15:117db924cf7c	2933	fortezza_kea,
wolfSSL	15:117db924cf7c	2934	psk_kea,
wolfSSL	15:117db924cf7c	2935	dhe_psk_kea,
wolfSSL	15:117db924cf7c	2936	ecdhe_psk_kea,
wolfSSL	15:117db924cf7c	2937	ntru_kea,
wolfSSL	15:117db924cf7c	2938	ecc_diffie_hellman_kea,
wolfSSL	15:117db924cf7c	2939	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	15:117db924cf7c	2940	};
wolfSSL	15:117db924cf7c	2941
wolfSSL	15:117db924cf7c	2942
wolfSSL	15:117db924cf7c	2943	/* Supported Authentication Schemes */
wolfSSL	15:117db924cf7c	2944	enum SignatureAlgorithm {
wolfSSL	15:117db924cf7c	2945	anonymous_sa_algo = 0,
wolfSSL	15:117db924cf7c	2946	rsa_sa_algo = 1,
wolfSSL	15:117db924cf7c	2947	dsa_sa_algo = 2,
wolfSSL	15:117db924cf7c	2948	ecc_dsa_sa_algo = 3,
wolfSSL	15:117db924cf7c	2949	rsa_pss_sa_algo = 8,
wolfSSL	16:8e0d178b1d1e	2950	ed25519_sa_algo = 9,
wolfSSL	16:8e0d178b1d1e	2951	rsa_pss_pss_algo = 10,
wolfSSL	16:8e0d178b1d1e	2952	ed448_sa_algo = 11
wolfSSL	16:8e0d178b1d1e	2953	};
wolfSSL	16:8e0d178b1d1e	2954
wolfSSL	16:8e0d178b1d1e	2955	#define PSS_RSAE_TO_PSS_PSS(macAlgo) \
wolfSSL	16:8e0d178b1d1e	2956	(macAlgo + (pss_sha256 - sha256_mac))
wolfSSL	16:8e0d178b1d1e	2957
wolfSSL	16:8e0d178b1d1e	2958	#define PSS_PSS_HASH_TO_MAC(macAlgo) \
wolfSSL	16:8e0d178b1d1e	2959	(macAlgo - (pss_sha256 - sha256_mac))
wolfSSL	16:8e0d178b1d1e	2960
wolfSSL	16:8e0d178b1d1e	2961	enum SigAlgRsaPss {
wolfSSL	16:8e0d178b1d1e	2962	pss_sha256 = 0x09,
wolfSSL	16:8e0d178b1d1e	2963	pss_sha384 = 0x0a,
wolfSSL	16:8e0d178b1d1e	2964	pss_sha512 = 0x0b,
wolfSSL	15:117db924cf7c	2965	};
wolfSSL	15:117db924cf7c	2966
wolfSSL	15:117db924cf7c	2967
wolfSSL	15:117db924cf7c	2968	/* Supprted ECC Curve Types */
wolfSSL	15:117db924cf7c	2969	enum EccCurves {
wolfSSL	15:117db924cf7c	2970	named_curve = 3
wolfSSL	15:117db924cf7c	2971	};
wolfSSL	15:117db924cf7c	2972
wolfSSL	15:117db924cf7c	2973
wolfSSL	15:117db924cf7c	2974	/* Valid client certificate request types from page 27 */
wolfSSL	15:117db924cf7c	2975	enum ClientCertificateType {
wolfSSL	15:117db924cf7c	2976	rsa_sign = 1,
wolfSSL	15:117db924cf7c	2977	dss_sign = 2,
wolfSSL	15:117db924cf7c	2978	rsa_fixed_dh = 3,
wolfSSL	15:117db924cf7c	2979	dss_fixed_dh = 4,
wolfSSL	15:117db924cf7c	2980	rsa_ephemeral_dh = 5,
wolfSSL	15:117db924cf7c	2981	dss_ephemeral_dh = 6,
wolfSSL	15:117db924cf7c	2982	fortezza_kea_cert = 20,
wolfSSL	15:117db924cf7c	2983	ecdsa_sign = 64,
wolfSSL	15:117db924cf7c	2984	rsa_fixed_ecdh = 65,
wolfSSL	15:117db924cf7c	2985	ecdsa_fixed_ecdh = 66
wolfSSL	15:117db924cf7c	2986	};
wolfSSL	15:117db924cf7c	2987
wolfSSL	15:117db924cf7c	2988
wolfSSL	16:8e0d178b1d1e	2989	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	2990	enum CipherType { stream, block, aead };
wolfSSL	16:8e0d178b1d1e	2991	#else
wolfSSL	16:8e0d178b1d1e	2992	enum CipherType { aead };
wolfSSL	16:8e0d178b1d1e	2993	#endif
wolfSSL	16:8e0d178b1d1e	2994
wolfSSL	16:8e0d178b1d1e	2995
wolfSSL	16:8e0d178b1d1e	2996	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM) \|\| (defined(HAVE_CHACHA) && \
wolfSSL	16:8e0d178b1d1e	2997	defined(HAVE_POLY1305)) \|\| defined(WOLFSSL_TLS13)
wolfSSL	16:8e0d178b1d1e	2998	#define CIPHER_NONCE
wolfSSL	16:8e0d178b1d1e	2999	#endif
wolfSSL	15:117db924cf7c	3000
wolfSSL	15:117db924cf7c	3001
wolfSSL	15:117db924cf7c	3002	/* cipher for now */
wolfSSL	15:117db924cf7c	3003	typedef struct Ciphers {
wolfSSL	15:117db924cf7c	3004	#ifdef BUILD_ARC4
wolfSSL	15:117db924cf7c	3005	Arc4* arc4;
wolfSSL	15:117db924cf7c	3006	#endif
wolfSSL	15:117db924cf7c	3007	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	3008	Des3* des3;
wolfSSL	15:117db924cf7c	3009	#endif
wolfSSL	15:117db924cf7c	3010	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	15:117db924cf7c	3011	Aes* aes;
wolfSSL	16:8e0d178b1d1e	3012	#if (defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)) && \
wolfSSL	16:8e0d178b1d1e	3013	!defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	3014	byte* additional;
wolfSSL	15:117db924cf7c	3015	#endif
wolfSSL	15:117db924cf7c	3016	#endif
wolfSSL	16:8e0d178b1d1e	3017	#ifdef CIPHER_NONCE
wolfSSL	16:8e0d178b1d1e	3018	byte* nonce;
wolfSSL	16:8e0d178b1d1e	3019	#endif
wolfSSL	15:117db924cf7c	3020	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	3021	Camellia* cam;
wolfSSL	15:117db924cf7c	3022	#endif
wolfSSL	15:117db924cf7c	3023	#ifdef HAVE_CHACHA
wolfSSL	15:117db924cf7c	3024	ChaCha* chacha;
wolfSSL	15:117db924cf7c	3025	#endif
wolfSSL	15:117db924cf7c	3026	#ifdef HAVE_HC128
wolfSSL	15:117db924cf7c	3027	HC128* hc128;
wolfSSL	15:117db924cf7c	3028	#endif
wolfSSL	15:117db924cf7c	3029	#ifdef BUILD_RABBIT
wolfSSL	15:117db924cf7c	3030	Rabbit* rabbit;
wolfSSL	15:117db924cf7c	3031	#endif
wolfSSL	15:117db924cf7c	3032	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	3033	Idea* idea;
wolfSSL	15:117db924cf7c	3034	#endif
wolfSSL	16:8e0d178b1d1e	3035	#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
wolfSSL	16:8e0d178b1d1e	3036	Hmac* hmac;
wolfSSL	16:8e0d178b1d1e	3037	#endif
wolfSSL	15:117db924cf7c	3038	byte state;
wolfSSL	15:117db924cf7c	3039	byte setup; /* have we set it up flag for detection */
wolfSSL	15:117db924cf7c	3040	} Ciphers;
wolfSSL	15:117db924cf7c	3041
wolfSSL	15:117db924cf7c	3042
wolfSSL	15:117db924cf7c	3043	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	15:117db924cf7c	3044	/* Ciphers for one time authentication such as poly1305 */
wolfSSL	15:117db924cf7c	3045	typedef struct OneTimeAuth {
wolfSSL	15:117db924cf7c	3046	#ifdef HAVE_POLY1305
wolfSSL	15:117db924cf7c	3047	Poly1305* poly1305;
wolfSSL	15:117db924cf7c	3048	#endif
wolfSSL	15:117db924cf7c	3049	byte setup; /* flag for if a cipher has been set */
wolfSSL	15:117db924cf7c	3050
wolfSSL	15:117db924cf7c	3051	} OneTimeAuth;
wolfSSL	15:117db924cf7c	3052	#endif
wolfSSL	15:117db924cf7c	3053
wolfSSL	15:117db924cf7c	3054
wolfSSL	15:117db924cf7c	3055	WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	3056	WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	3057
wolfSSL	15:117db924cf7c	3058
wolfSSL	15:117db924cf7c	3059	/* hashes type */
wolfSSL	15:117db924cf7c	3060	typedef struct Hashes {
wolfSSL	15:117db924cf7c	3061	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	15:117db924cf7c	3062	byte md5[WC_MD5_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	3063	#endif
wolfSSL	15:117db924cf7c	3064	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	3065	byte sha[WC_SHA_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	3066	#endif
wolfSSL	15:117db924cf7c	3067	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	3068	byte sha256[WC_SHA256_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	3069	#endif
wolfSSL	15:117db924cf7c	3070	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3071	byte sha384[WC_SHA384_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	3072	#endif
wolfSSL	15:117db924cf7c	3073	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3074	byte sha512[WC_SHA512_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	3075	#endif
wolfSSL	15:117db924cf7c	3076	} Hashes;
wolfSSL	15:117db924cf7c	3077
wolfSSL	15:117db924cf7c	3078	WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
wolfSSL	15:117db924cf7c	3079
wolfSSL	15:117db924cf7c	3080	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3081	typedef union Digest {
wolfSSL	15:117db924cf7c	3082	#ifndef NO_WOLFSSL_SHA256
wolfSSL	15:117db924cf7c	3083	wc_Sha256 sha256;
wolfSSL	15:117db924cf7c	3084	#endif
wolfSSL	15:117db924cf7c	3085	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3086	wc_Sha384 sha384;
wolfSSL	15:117db924cf7c	3087	#endif
wolfSSL	15:117db924cf7c	3088	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3089	wc_Sha512 sha512;
wolfSSL	15:117db924cf7c	3090	#endif
wolfSSL	15:117db924cf7c	3091	} Digest;
wolfSSL	15:117db924cf7c	3092	#endif
wolfSSL	15:117db924cf7c	3093
wolfSSL	15:117db924cf7c	3094	/* Static x509 buffer */
wolfSSL	15:117db924cf7c	3095	typedef struct x509_buffer {
wolfSSL	15:117db924cf7c	3096	int length; /* actual size */
wolfSSL	15:117db924cf7c	3097	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	15:117db924cf7c	3098	} x509_buffer;
wolfSSL	15:117db924cf7c	3099
wolfSSL	15:117db924cf7c	3100
wolfSSL	15:117db924cf7c	3101	/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	15:117db924cf7c	3102	struct WOLFSSL_X509_CHAIN {
wolfSSL	15:117db924cf7c	3103	int count; /* total number in chain */
wolfSSL	15:117db924cf7c	3104	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	15:117db924cf7c	3105	};
wolfSSL	15:117db924cf7c	3106
wolfSSL	15:117db924cf7c	3107
wolfSSL	15:117db924cf7c	3108	/* wolfSSL session type */
wolfSSL	15:117db924cf7c	3109	struct WOLFSSL_SESSION {
wolfSSL	15:117db924cf7c	3110	word32 bornOn; /* create time in seconds */
wolfSSL	15:117db924cf7c	3111	word32 timeout; /* timeout in seconds */
wolfSSL	15:117db924cf7c	3112	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	15:117db924cf7c	3113	byte sessionIDSz;
wolfSSL	15:117db924cf7c	3114	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	15:117db924cf7c	3115	word16 haveEMS; /* ext master secret flag */
wolfSSL	15:117db924cf7c	3116	#ifdef SESSION_CERTS
wolfSSL	16:8e0d178b1d1e	3117	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	3118	WOLFSSL_X509* peer; /* peer cert */
wolfSSL	16:8e0d178b1d1e	3119	#endif
wolfSSL	15:117db924cf7c	3120	WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	15:117db924cf7c	3121	#ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL	15:117db924cf7c	3122	WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
wolfSSL	15:117db924cf7c	3123	#endif
wolfSSL	15:117db924cf7c	3124	#endif
wolfSSL	15:117db924cf7c	3125	#if defined(SESSION_CERTS) \|\| (defined(WOLFSSL_TLS13) && \
wolfSSL	15:117db924cf7c	3126	defined(HAVE_SESSION_TICKET))
wolfSSL	15:117db924cf7c	3127	ProtocolVersion version; /* which version was used */
wolfSSL	16:8e0d178b1d1e	3128	#endif
wolfSSL	16:8e0d178b1d1e	3129	#if defined(SESSION_CERTS) \|\| !defined(NO_RESUME_SUITE_CHECK) \|\| \
wolfSSL	16:8e0d178b1d1e	3130	(defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL	15:117db924cf7c	3131	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	15:117db924cf7c	3132	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	15:117db924cf7c	3133	#endif
wolfSSL	15:117db924cf7c	3134	#ifndef NO_CLIENT_CACHE
wolfSSL	15:117db924cf7c	3135	word16 idLen; /* serverID length */
wolfSSL	15:117db924cf7c	3136	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	15:117db924cf7c	3137	#endif
wolfSSL	15:117db924cf7c	3138	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	3139	byte sessionCtxSz; /* sessionCtx length */
wolfSSL	15:117db924cf7c	3140	byte sessionCtx[ID_LEN]; /* app specific context id */
wolfSSL	15:117db924cf7c	3141	#endif
wolfSSL	15:117db924cf7c	3142	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3143	word16 namedGroup;
wolfSSL	15:117db924cf7c	3144	#endif
wolfSSL	15:117db924cf7c	3145	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	3146	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3147	word32 ticketSeen; /* Time ticket seen (ms) */
wolfSSL	15:117db924cf7c	3148	word32 ticketAdd; /* Added by client */
wolfSSL	15:117db924cf7c	3149	#ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	3150	TicketNonce ticketNonce; /* Nonce used to derive PSK */
wolfSSL	15:117db924cf7c	3151	#endif
wolfSSL	15:117db924cf7c	3152	#endif
wolfSSL	15:117db924cf7c	3153	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	3154	word32 maxEarlyDataSz;
wolfSSL	15:117db924cf7c	3155	#endif
wolfSSL	15:117db924cf7c	3156	#endif
wolfSSL	15:117db924cf7c	3157	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	3158	byte* ticket;
wolfSSL	15:117db924cf7c	3159	word16 ticketLen;
wolfSSL	15:117db924cf7c	3160	byte staticTicket[SESSION_TICKET_LEN];
wolfSSL	15:117db924cf7c	3161	byte isDynamic;
wolfSSL	15:117db924cf7c	3162	#endif
wolfSSL	15:117db924cf7c	3163	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	3164	byte isAlloced;
wolfSSL	15:117db924cf7c	3165	#endif
wolfSSL	15:117db924cf7c	3166	#ifdef HAVE_EX_DATA
wolfSSL	16:8e0d178b1d1e	3167	WOLFSSL_CRYPTO_EX_DATA ex_data;
wolfSSL	15:117db924cf7c	3168	#endif
wolfSSL	15:117db924cf7c	3169	};
wolfSSL	15:117db924cf7c	3170
wolfSSL	15:117db924cf7c	3171
wolfSSL	15:117db924cf7c	3172	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	3173	WOLFSSL_SESSION* GetSession(WOLFSSL, byte, byte);
wolfSSL	15:117db924cf7c	3174	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	3175	int SetSession(WOLFSSL, WOLFSSL_SESSION);
wolfSSL	15:117db924cf7c	3176
wolfSSL	15:117db924cf7c	3177	typedef int (hmacfp) (WOLFSSL, byte, const byte, word32, int, int, int);
wolfSSL	15:117db924cf7c	3178
wolfSSL	15:117db924cf7c	3179	#ifndef NO_CLIENT_CACHE
wolfSSL	15:117db924cf7c	3180	WOLFSSL_SESSION* GetSessionClient(WOLFSSL, const byte, int);
wolfSSL	15:117db924cf7c	3181	#endif
wolfSSL	15:117db924cf7c	3182
wolfSSL	15:117db924cf7c	3183	/* client connect state for nonblocking restart */
wolfSSL	15:117db924cf7c	3184	enum ConnectState {
wolfSSL	15:117db924cf7c	3185	CONNECT_BEGIN = 0,
wolfSSL	15:117db924cf7c	3186	CLIENT_HELLO_SENT,
wolfSSL	15:117db924cf7c	3187	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	15:117db924cf7c	3188	HELLO_AGAIN_REPLY,
wolfSSL	15:117db924cf7c	3189	FIRST_REPLY_DONE,
wolfSSL	15:117db924cf7c	3190	FIRST_REPLY_FIRST,
wolfSSL	15:117db924cf7c	3191	FIRST_REPLY_SECOND,
wolfSSL	15:117db924cf7c	3192	FIRST_REPLY_THIRD,
wolfSSL	15:117db924cf7c	3193	FIRST_REPLY_FOURTH,
wolfSSL	15:117db924cf7c	3194	FINISHED_DONE,
wolfSSL	15:117db924cf7c	3195	SECOND_REPLY_DONE
wolfSSL	15:117db924cf7c	3196	};
wolfSSL	15:117db924cf7c	3197
wolfSSL	15:117db924cf7c	3198
wolfSSL	15:117db924cf7c	3199	/* server accept state for nonblocking restart */
wolfSSL	15:117db924cf7c	3200	enum AcceptState {
wolfSSL	15:117db924cf7c	3201	ACCEPT_BEGIN = 0,
wolfSSL	16:8e0d178b1d1e	3202	ACCEPT_BEGIN_RENEG,
wolfSSL	15:117db924cf7c	3203	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	15:117db924cf7c	3204	ACCEPT_HELLO_RETRY_REQUEST_DONE,
wolfSSL	15:117db924cf7c	3205	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	15:117db924cf7c	3206	SERVER_HELLO_SENT,
wolfSSL	15:117db924cf7c	3207	SERVER_EXTENSIONS_SENT,
wolfSSL	15:117db924cf7c	3208	CERT_SENT,
wolfSSL	15:117db924cf7c	3209	CERT_VERIFY_SENT,
wolfSSL	15:117db924cf7c	3210	CERT_STATUS_SENT,
wolfSSL	15:117db924cf7c	3211	KEY_EXCHANGE_SENT,
wolfSSL	15:117db924cf7c	3212	CERT_REQ_SENT,
wolfSSL	15:117db924cf7c	3213	SERVER_HELLO_DONE,
wolfSSL	15:117db924cf7c	3214	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	15:117db924cf7c	3215	TICKET_SENT,
wolfSSL	15:117db924cf7c	3216	CHANGE_CIPHER_SENT,
wolfSSL	15:117db924cf7c	3217	ACCEPT_FINISHED_DONE,
wolfSSL	15:117db924cf7c	3218	ACCEPT_THIRD_REPLY_DONE
wolfSSL	15:117db924cf7c	3219	};
wolfSSL	15:117db924cf7c	3220
wolfSSL	15:117db924cf7c	3221	/* TLS 1.3 server accept state for nonblocking restart */
wolfSSL	15:117db924cf7c	3222	enum AcceptStateTls13 {
wolfSSL	15:117db924cf7c	3223	TLS13_ACCEPT_BEGIN = 0,
wolfSSL	16:8e0d178b1d1e	3224	TLS13_ACCEPT_BEGIN_RENEG,
wolfSSL	15:117db924cf7c	3225	TLS13_ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	15:117db924cf7c	3226	TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
wolfSSL	15:117db924cf7c	3227	TLS13_ACCEPT_FIRST_REPLY_DONE,
wolfSSL	15:117db924cf7c	3228	TLS13_ACCEPT_SECOND_REPLY_DONE,
wolfSSL	15:117db924cf7c	3229	TLS13_SERVER_HELLO_SENT,
wolfSSL	15:117db924cf7c	3230	TLS13_ACCEPT_THIRD_REPLY_DONE,
wolfSSL	15:117db924cf7c	3231	TLS13_SERVER_EXTENSIONS_SENT,
wolfSSL	15:117db924cf7c	3232	TLS13_CERT_REQ_SENT,
wolfSSL	15:117db924cf7c	3233	TLS13_CERT_SENT,
wolfSSL	15:117db924cf7c	3234	TLS13_CERT_VERIFY_SENT,
wolfSSL	15:117db924cf7c	3235	TLS13_ACCEPT_FINISHED_SENT,
wolfSSL	15:117db924cf7c	3236	TLS13_PRE_TICKET_SENT,
wolfSSL	15:117db924cf7c	3237	TLS13_ACCEPT_FINISHED_DONE,
wolfSSL	15:117db924cf7c	3238	TLS13_TICKET_SENT
wolfSSL	15:117db924cf7c	3239	};
wolfSSL	15:117db924cf7c	3240
wolfSSL	15:117db924cf7c	3241	/* buffers for struct WOLFSSL */
wolfSSL	15:117db924cf7c	3242	typedef struct Buffers {
wolfSSL	15:117db924cf7c	3243	bufferStatic inputBuffer;
wolfSSL	15:117db924cf7c	3244	bufferStatic outputBuffer;
wolfSSL	15:117db924cf7c	3245	buffer domainName; /* for client check */
wolfSSL	15:117db924cf7c	3246	buffer clearOutputBuffer;
wolfSSL	15:117db924cf7c	3247	buffer sig; /* signature data */
wolfSSL	15:117db924cf7c	3248	buffer digest; /* digest data */
wolfSSL	15:117db924cf7c	3249	int prevSent; /* previous plain text bytes sent
wolfSSL	15:117db924cf7c	3250	when got WANT_WRITE */
wolfSSL	15:117db924cf7c	3251	int plainSz; /* plain text bytes in buffer to send
wolfSSL	15:117db924cf7c	3252	when got WANT_WRITE */
wolfSSL	15:117db924cf7c	3253	byte weOwnCert; /* SSL own cert flag */
wolfSSL	15:117db924cf7c	3254	byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL	15:117db924cf7c	3255	byte weOwnKey; /* SSL own key flag */
wolfSSL	15:117db924cf7c	3256	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	15:117db924cf7c	3257	#ifndef NO_DH
wolfSSL	15:117db924cf7c	3258	buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	15:117db924cf7c	3259	buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	15:117db924cf7c	3260	buffer serverDH_Pub;
wolfSSL	15:117db924cf7c	3261	buffer serverDH_Priv;
wolfSSL	15:117db924cf7c	3262	DhKey* serverDH_Key;
wolfSSL	15:117db924cf7c	3263	#endif
wolfSSL	15:117db924cf7c	3264	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	3265	DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	15:117db924cf7c	3266	DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	16:8e0d178b1d1e	3267	byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */
wolfSSL	16:8e0d178b1d1e	3268	byte keyId:1; /* Key data is an id not data */
wolfSSL	15:117db924cf7c	3269	int keySz; /* Size of RSA key */
wolfSSL	16:8e0d178b1d1e	3270	int keyDevId; /* Device Id for key */
wolfSSL	15:117db924cf7c	3271	DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	15:117db924cf7c	3272	/* chain after self, in DER, with leading size for each cert */
wolfSSL	15:117db924cf7c	3273	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3274	int certChainCnt;
wolfSSL	15:117db924cf7c	3275	DerBuffer* certExts;
wolfSSL	15:117db924cf7c	3276	#endif
wolfSSL	15:117db924cf7c	3277	#endif
wolfSSL	15:117db924cf7c	3278	#ifdef WOLFSSL_SEND_HRR_COOKIE
wolfSSL	15:117db924cf7c	3279	buffer tls13CookieSecret; /* HRR cookie secret */
wolfSSL	15:117db924cf7c	3280	#endif
wolfSSL	15:117db924cf7c	3281	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	3282	WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	15:117db924cf7c	3283	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	3284	buffer dtlsCookieSecret; /* DTLS cookie secret */
wolfSSL	15:117db924cf7c	3285	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	3286	#endif
wolfSSL	15:117db924cf7c	3287	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3288	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	3289	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	15:117db924cf7c	3290	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	3291	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	3292	buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
wolfSSL	15:117db924cf7c	3293	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	3294	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	3295	buffer peerEd448Key; /* for Ed448 Verify Callbacks */
wolfSSL	16:8e0d178b1d1e	3296	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	3297	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	3298	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	15:117db924cf7c	3299	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	3300	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	3301	} Buffers;
wolfSSL	15:117db924cf7c	3302
wolfSSL	15:117db924cf7c	3303	/* sub-states for send/do key share (key exchange) */
wolfSSL	15:117db924cf7c	3304	enum asyncState {
wolfSSL	15:117db924cf7c	3305	TLS_ASYNC_BEGIN = 0,
wolfSSL	15:117db924cf7c	3306	TLS_ASYNC_BUILD,
wolfSSL	15:117db924cf7c	3307	TLS_ASYNC_DO,
wolfSSL	15:117db924cf7c	3308	TLS_ASYNC_VERIFY,
wolfSSL	15:117db924cf7c	3309	TLS_ASYNC_FINALIZE,
wolfSSL	15:117db924cf7c	3310	TLS_ASYNC_END
wolfSSL	15:117db924cf7c	3311	};
wolfSSL	15:117db924cf7c	3312
wolfSSL	15:117db924cf7c	3313	/* sub-states for build message */
wolfSSL	15:117db924cf7c	3314	enum buildMsgState {
wolfSSL	15:117db924cf7c	3315	BUILD_MSG_BEGIN = 0,
wolfSSL	15:117db924cf7c	3316	BUILD_MSG_SIZE,
wolfSSL	15:117db924cf7c	3317	BUILD_MSG_HASH,
wolfSSL	15:117db924cf7c	3318	BUILD_MSG_VERIFY_MAC,
wolfSSL	15:117db924cf7c	3319	BUILD_MSG_ENCRYPT,
wolfSSL	16:8e0d178b1d1e	3320	BUILD_MSG_ENCRYPTED_VERIFY_MAC,
wolfSSL	15:117db924cf7c	3321	};
wolfSSL	15:117db924cf7c	3322
wolfSSL	15:117db924cf7c	3323	/* sub-states for cipher operations */
wolfSSL	15:117db924cf7c	3324	enum cipherState {
wolfSSL	15:117db924cf7c	3325	CIPHER_STATE_BEGIN = 0,
wolfSSL	15:117db924cf7c	3326	CIPHER_STATE_DO,
wolfSSL	15:117db924cf7c	3327	CIPHER_STATE_END,
wolfSSL	15:117db924cf7c	3328	};
wolfSSL	15:117db924cf7c	3329
wolfSSL	15:117db924cf7c	3330	typedef struct Options {
wolfSSL	15:117db924cf7c	3331	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	3332	wc_psk_client_callback client_psk_cb;
wolfSSL	15:117db924cf7c	3333	wc_psk_server_callback server_psk_cb;
wolfSSL	16:8e0d178b1d1e	3334	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	3335	wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
wolfSSL	16:8e0d178b1d1e	3336	wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
wolfSSL	16:8e0d178b1d1e	3337	#endif
wolfSSL	15:117db924cf7c	3338	#endif /* NO_PSK */
wolfSSL	16:8e0d178b1d1e	3339	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	15:117db924cf7c	3340	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	15:117db924cf7c	3341	#endif
wolfSSL	15:117db924cf7c	3342
wolfSSL	15:117db924cf7c	3343	/* on/off or small bit flags, optimize layout */
wolfSSL	15:117db924cf7c	3344	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	3345	word16 havePSK:1; /* psk key set by user */
wolfSSL	15:117db924cf7c	3346	#endif /* HAVE_SESSION_TICKET \|\| !NO_PSK */
wolfSSL	15:117db924cf7c	3347	word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	15:117db924cf7c	3348	word16 sessionCacheOff:1;
wolfSSL	15:117db924cf7c	3349	word16 sessionCacheFlushOff:1;
wolfSSL	15:117db924cf7c	3350	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	3351	word16 internalCacheOff:1;
wolfSSL	15:117db924cf7c	3352	#endif
wolfSSL	16:8e0d178b1d1e	3353	word16 side:2; /* client, server or neither end */
wolfSSL	15:117db924cf7c	3354	word16 verifyPeer:1;
wolfSSL	15:117db924cf7c	3355	word16 verifyNone:1;
wolfSSL	15:117db924cf7c	3356	word16 failNoCert:1;
wolfSSL	15:117db924cf7c	3357	word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
wolfSSL	15:117db924cf7c	3358	word16 downgrade:1; /* allow downgrade of versions */
wolfSSL	15:117db924cf7c	3359	word16 resuming:1;
wolfSSL	15:117db924cf7c	3360	word16 haveSessionId:1; /* server may not send */
wolfSSL	15:117db924cf7c	3361	word16 tls:1; /* using TLS ? */
wolfSSL	15:117db924cf7c	3362	word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL	15:117db924cf7c	3363	word16 tls1_3:1; /* using TLSv1.3+ ? */
wolfSSL	15:117db924cf7c	3364	word16 dtls:1; /* using datagrams ? */
wolfSSL	15:117db924cf7c	3365	word16 connReset:1; /* has the peer reset */
wolfSSL	15:117db924cf7c	3366	word16 isClosed:1; /* if we consider conn closed */
wolfSSL	15:117db924cf7c	3367	word16 closeNotify:1; /* we've received a close notify */
wolfSSL	15:117db924cf7c	3368	word16 sentNotify:1; /* we've sent a close notify */
wolfSSL	15:117db924cf7c	3369	word16 usingCompression:1; /* are we using compression */
wolfSSL	15:117db924cf7c	3370	word16 haveRSA:1; /* RSA available */
wolfSSL	15:117db924cf7c	3371	word16 haveECC:1; /* ECC available */
wolfSSL	15:117db924cf7c	3372	word16 haveDH:1; /* server DH parms set by user */
wolfSSL	15:117db924cf7c	3373	word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL	15:117db924cf7c	3374	word16 haveQSH:1; /* have QSH ability */
wolfSSL	15:117db924cf7c	3375	word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL	15:117db924cf7c	3376	word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL	15:117db924cf7c	3377	word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL	15:117db924cf7c	3378	word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL	15:117db924cf7c	3379	word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL	15:117db924cf7c	3380	word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL	15:117db924cf7c	3381	word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
wolfSSL	15:117db924cf7c	3382	word16 sendAlertState:1; /* nonblocking resume */
wolfSSL	15:117db924cf7c	3383	word16 partialWrite:1; /* only one msg per write call */
wolfSSL	15:117db924cf7c	3384	word16 quietShutdown:1; /* don't send close notify */
wolfSSL	15:117db924cf7c	3385	word16 certOnly:1; /* stop once we get cert */
wolfSSL	15:117db924cf7c	3386	word16 groupMessages:1; /* group handshake messages */
wolfSSL	15:117db924cf7c	3387	word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL	15:117db924cf7c	3388	or psk */
wolfSSL	15:117db924cf7c	3389	word16 weOwnRng:1; /* will be true unless CTX owns */
wolfSSL	15:117db924cf7c	3390	word16 haveEMS:1; /* using extended master secret */
wolfSSL	15:117db924cf7c	3391	#ifdef HAVE_POLY1305
wolfSSL	15:117db924cf7c	3392	word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL	15:117db924cf7c	3393	#endif
wolfSSL	15:117db924cf7c	3394	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	3395	word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL	15:117db924cf7c	3396	#endif
wolfSSL	15:117db924cf7c	3397	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	3398	word16 createTicket:1; /* Server to create new Ticket */
wolfSSL	15:117db924cf7c	3399	word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL	15:117db924cf7c	3400	word16 rejectTicket:1; /* Callback rejected ticket */
wolfSSL	15:117db924cf7c	3401	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3402	word16 noTicketTls13:1; /* Server won't create new Ticket */
wolfSSL	15:117db924cf7c	3403	#endif
wolfSSL	15:117db924cf7c	3404	#endif
wolfSSL	15:117db924cf7c	3405	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	3406	word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
wolfSSL	15:117db924cf7c	3407	word16 dtlsHsRetain:1; /* DTLS retaining HS data */
wolfSSL	15:117db924cf7c	3408	word16 haveMcast:1; /* using multicast ? */
wolfSSL	15:117db924cf7c	3409	#ifdef WOLFSSL_SCTP
wolfSSL	15:117db924cf7c	3410	word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
wolfSSL	15:117db924cf7c	3411	#endif
wolfSSL	15:117db924cf7c	3412	#endif
wolfSSL	15:117db924cf7c	3413	#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	15:117db924cf7c	3414	word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
wolfSSL	15:117db924cf7c	3415	#endif
wolfSSL	15:117db924cf7c	3416	word16 keepResources:1; /* Keep resources after handshake */
wolfSSL	15:117db924cf7c	3417	word16 useClientOrder:1; /* Use client's cipher order */
wolfSSL	16:8e0d178b1d1e	3418	word16 mutualAuth:1; /* Mutual authentication is rquired */
wolfSSL	15:117db924cf7c	3419	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	15:117db924cf7c	3420	word16 postHandshakeAuth:1;/* Client send post_handshake_auth
wolfSSL	16:8e0d178b1d1e	3421	* extension */
wolfSSL	15:117db924cf7c	3422	#endif
wolfSSL	15:117db924cf7c	3423	#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	3424	word16 sendCookie:1; /* Server creates a Cookie in HRR */
wolfSSL	15:117db924cf7c	3425	#endif
wolfSSL	15:117db924cf7c	3426	#ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL	15:117db924cf7c	3427	word16 usingAltCertChain:1;/* Alternate cert chain was used */
wolfSSL	15:117db924cf7c	3428	#endif
wolfSSL	15:117db924cf7c	3429	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
wolfSSL	15:117db924cf7c	3430	word16 sentChangeCipher:1; /* Change Cipher Spec sent */
wolfSSL	15:117db924cf7c	3431	#endif
wolfSSL	16:8e0d178b1d1e	3432	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	3433	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	3434	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	15:117db924cf7c	3435	word16 cacheMessages:1; /* Cache messages for sign/verify */
wolfSSL	15:117db924cf7c	3436	#endif
wolfSSL	16:8e0d178b1d1e	3437	#ifndef NO_DH
wolfSSL	16:8e0d178b1d1e	3438	#if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
wolfSSL	16:8e0d178b1d1e	3439	!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	3440	word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
wolfSSL	16:8e0d178b1d1e	3441	word16 dhKeyTested:1; /* Set when key has been tested. */
wolfSSL	16:8e0d178b1d1e	3442	#endif
wolfSSL	16:8e0d178b1d1e	3443	#endif
wolfSSL	16:8e0d178b1d1e	3444	#ifdef SINGLE_THREADED
wolfSSL	16:8e0d178b1d1e	3445	word16 ownSuites:1; /* if suites are malloced in ssl object */
wolfSSL	16:8e0d178b1d1e	3446	#endif
wolfSSL	16:8e0d178b1d1e	3447	#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL	16:8e0d178b1d1e	3448	word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
wolfSSL	16:8e0d178b1d1e	3449	word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
wolfSSL	16:8e0d178b1d1e	3450	word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */
wolfSSL	16:8e0d178b1d1e	3451	word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */
wolfSSL	16:8e0d178b1d1e	3452	#endif
wolfSSL	15:117db924cf7c	3453
wolfSSL	15:117db924cf7c	3454	/* need full byte values for this section */
wolfSSL	15:117db924cf7c	3455	byte processReply; /* nonblocking resume */
wolfSSL	15:117db924cf7c	3456	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	15:117db924cf7c	3457	byte cipherSuite; /* second byte, actual suite */
wolfSSL	15:117db924cf7c	3458	byte serverState;
wolfSSL	15:117db924cf7c	3459	byte clientState;
wolfSSL	15:117db924cf7c	3460	byte handShakeState;
wolfSSL	15:117db924cf7c	3461	byte handShakeDone; /* at least one handshake complete */
wolfSSL	15:117db924cf7c	3462	byte minDowngrade; /* minimum downgrade version */
wolfSSL	15:117db924cf7c	3463	byte connectState; /* nonblocking resume */
wolfSSL	15:117db924cf7c	3464	byte acceptState; /* nonblocking resume */
wolfSSL	15:117db924cf7c	3465	byte asyncState; /* sub-state for enum asyncState */
wolfSSL	15:117db924cf7c	3466	byte buildMsgState; /* sub-state for enum buildMsgState */
wolfSSL	15:117db924cf7c	3467	byte alertCount; /* detect warning dos attempt */
wolfSSL	15:117db924cf7c	3468	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	3469	word16 mcastID; /* Multicast group ID */
wolfSSL	15:117db924cf7c	3470	#endif
wolfSSL	15:117db924cf7c	3471	#ifndef NO_DH
wolfSSL	15:117db924cf7c	3472	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	15:117db924cf7c	3473	word16 maxDhKeySz; /* minimum DH key size */
wolfSSL	15:117db924cf7c	3474	word16 dhKeySz; /* actual DH key size */
wolfSSL	15:117db924cf7c	3475	#endif
wolfSSL	15:117db924cf7c	3476	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	3477	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	15:117db924cf7c	3478	#endif
wolfSSL	16:8e0d178b1d1e	3479	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	3480	short minEccKeySz; /* minimum ECC key size */
wolfSSL	15:117db924cf7c	3481	#endif
wolfSSL	16:8e0d178b1d1e	3482	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	3483	byte verifyDepth; /* maximum verification depth */
wolfSSL	15:117db924cf7c	3484	#endif
wolfSSL	15:117db924cf7c	3485	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	3486	word16 pskIdIndex;
wolfSSL	15:117db924cf7c	3487	word32 maxEarlyDataSz;
wolfSSL	15:117db924cf7c	3488	#endif
wolfSSL	15:117db924cf7c	3489	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3490	byte oldMinor; /* client preferred version < TLS 1.3 */
wolfSSL	15:117db924cf7c	3491	#endif
wolfSSL	15:117db924cf7c	3492	} Options;
wolfSSL	15:117db924cf7c	3493
wolfSSL	15:117db924cf7c	3494	typedef struct Arrays {
wolfSSL	15:117db924cf7c	3495	byte* pendingMsg; /* defrag buffer */
wolfSSL	15:117db924cf7c	3496	byte* preMasterSecret;
wolfSSL	15:117db924cf7c	3497	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	15:117db924cf7c	3498	word32 pendingMsgSz; /* defrag buffer size */
wolfSSL	15:117db924cf7c	3499	word32 pendingMsgOffset; /* current offset into defrag buffer */
wolfSSL	15:117db924cf7c	3500	#if defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	3501	word32 psk_keySz; /* actual size */
wolfSSL	15:117db924cf7c	3502	char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	15:117db924cf7c	3503	char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	15:117db924cf7c	3504	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	15:117db924cf7c	3505	#endif
wolfSSL	15:117db924cf7c	3506	byte clientRandom[RAN_LEN];
wolfSSL	15:117db924cf7c	3507	byte serverRandom[RAN_LEN];
wolfSSL	15:117db924cf7c	3508	byte sessionID[ID_LEN];
wolfSSL	15:117db924cf7c	3509	byte sessionIDSz;
wolfSSL	15:117db924cf7c	3510	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3511	byte secret[SECRET_LEN];
wolfSSL	15:117db924cf7c	3512	#endif
wolfSSL	15:117db924cf7c	3513	byte masterSecret[SECRET_LEN];
wolfSSL	16:8e0d178b1d1e	3514	#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL	16:8e0d178b1d1e	3515	!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL	16:8e0d178b1d1e	3516	byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE];
wolfSSL	16:8e0d178b1d1e	3517	#endif
wolfSSL	15:117db924cf7c	3518	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	3519	byte cookie[MAX_COOKIE_LEN];
wolfSSL	15:117db924cf7c	3520	byte cookieSz;
wolfSSL	15:117db924cf7c	3521	#endif
wolfSSL	15:117db924cf7c	3522	byte pendingMsgType; /* defrag buffer message type */
wolfSSL	15:117db924cf7c	3523	} Arrays;
wolfSSL	15:117db924cf7c	3524
wolfSSL	15:117db924cf7c	3525	#ifndef ASN_NAME_MAX
wolfSSL	15:117db924cf7c	3526	#define ASN_NAME_MAX 256
wolfSSL	15:117db924cf7c	3527	#endif
wolfSSL	15:117db924cf7c	3528
wolfSSL	15:117db924cf7c	3529	#ifndef MAX_DATE_SZ
wolfSSL	15:117db924cf7c	3530	#define MAX_DATE_SZ 32
wolfSSL	15:117db924cf7c	3531	#endif
wolfSSL	15:117db924cf7c	3532
wolfSSL	16:8e0d178b1d1e	3533	#define STACK_TYPE_X509 0
wolfSSL	16:8e0d178b1d1e	3534	#define STACK_TYPE_GEN_NAME 1
wolfSSL	16:8e0d178b1d1e	3535	#define STACK_TYPE_BIO 2
wolfSSL	16:8e0d178b1d1e	3536	#define STACK_TYPE_OBJ 3
wolfSSL	16:8e0d178b1d1e	3537	#define STACK_TYPE_STRING 4
wolfSSL	16:8e0d178b1d1e	3538	#define STACK_TYPE_CIPHER 5
wolfSSL	16:8e0d178b1d1e	3539	#define STACK_TYPE_ACCESS_DESCRIPTION 6
wolfSSL	16:8e0d178b1d1e	3540	#define STACK_TYPE_X509_EXT 7
wolfSSL	16:8e0d178b1d1e	3541	#define STACK_TYPE_NULL 8
wolfSSL	16:8e0d178b1d1e	3542	#define STACK_TYPE_X509_NAME 9
wolfSSL	16:8e0d178b1d1e	3543	#define STACK_TYPE_CONF_VALUE 10
wolfSSL	16:8e0d178b1d1e	3544	#define STACK_TYPE_X509_INFO 11
wolfSSL	16:8e0d178b1d1e	3545
wolfSSL	15:117db924cf7c	3546	struct WOLFSSL_STACK {
wolfSSL	15:117db924cf7c	3547	unsigned long num; /* number of nodes in stack
wolfSSL	16:8e0d178b1d1e	3548	* (safety measure for freeing and shortcut for count) */
wolfSSL	16:8e0d178b1d1e	3549	#if defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	3550	wolf_sk_compare_cb comp;
wolfSSL	16:8e0d178b1d1e	3551	#endif
wolfSSL	16:8e0d178b1d1e	3552
wolfSSL	15:117db924cf7c	3553	union {
wolfSSL	16:8e0d178b1d1e	3554	WOLFSSL_X509* x509;
wolfSSL	16:8e0d178b1d1e	3555	WOLFSSL_X509_NAME* name;
wolfSSL	16:8e0d178b1d1e	3556	WOLFSSL_X509_INFO* info;
wolfSSL	16:8e0d178b1d1e	3557	WOLFSSL_BIO* bio;
wolfSSL	16:8e0d178b1d1e	3558	WOLFSSL_ASN1_OBJECT* obj;
wolfSSL	16:8e0d178b1d1e	3559	WOLFSSL_CIPHER cipher;
wolfSSL	16:8e0d178b1d1e	3560	WOLFSSL_ACCESS_DESCRIPTION* access;
wolfSSL	16:8e0d178b1d1e	3561	WOLFSSL_X509_EXTENSION* ext;
wolfSSL	16:8e0d178b1d1e	3562	WOLFSSL_CONF_VALUE* conf;
wolfSSL	16:8e0d178b1d1e	3563	void* generic;
wolfSSL	16:8e0d178b1d1e	3564	char* string;
wolfSSL	16:8e0d178b1d1e	3565	WOLFSSL_GENERAL_NAME* gn;
wolfSSL	15:117db924cf7c	3566	} data;
wolfSSL	16:8e0d178b1d1e	3567	void* heap; /* memory heap hint */
wolfSSL	15:117db924cf7c	3568	WOLFSSL_STACK* next;
wolfSSL	16:8e0d178b1d1e	3569	byte type; /* Identifies type of stack. */
wolfSSL	15:117db924cf7c	3570	};
wolfSSL	15:117db924cf7c	3571
wolfSSL	15:117db924cf7c	3572	struct WOLFSSL_X509_NAME {
wolfSSL	15:117db924cf7c	3573	char *name;
wolfSSL	15:117db924cf7c	3574	int dynamicName;
wolfSSL	15:117db924cf7c	3575	int sz;
wolfSSL	15:117db924cf7c	3576	char staticName[ASN_NAME_MAX];
wolfSSL	15:117db924cf7c	3577	#if (defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)) && \
wolfSSL	15:117db924cf7c	3578	!defined(NO_ASN)
wolfSSL	15:117db924cf7c	3579	DecodedName fullName;
wolfSSL	15:117db924cf7c	3580	WOLFSSL_X509_NAME_ENTRY cnEntry;
wolfSSL	15:117db924cf7c	3581	WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
wolfSSL	15:117db924cf7c	3582	WOLFSSL_X509* x509; /* x509 that struct belongs to */
wolfSSL	15:117db924cf7c	3583	#endif /* OPENSSL_EXTRA */
wolfSSL	15:117db924cf7c	3584	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX)
wolfSSL	15:117db924cf7c	3585	byte raw[ASN_NAME_MAX];
wolfSSL	15:117db924cf7c	3586	int rawLen;
wolfSSL	15:117db924cf7c	3587	#endif
wolfSSL	15:117db924cf7c	3588	};
wolfSSL	15:117db924cf7c	3589
wolfSSL	15:117db924cf7c	3590	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	15:117db924cf7c	3591	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	15:117db924cf7c	3592	#endif
wolfSSL	15:117db924cf7c	3593
wolfSSL	15:117db924cf7c	3594	#ifdef NO_ASN
wolfSSL	15:117db924cf7c	3595	typedef struct DNS_entry DNS_entry;
wolfSSL	15:117db924cf7c	3596	#endif
wolfSSL	15:117db924cf7c	3597
wolfSSL	15:117db924cf7c	3598	struct WOLFSSL_X509 {
wolfSSL	15:117db924cf7c	3599	int version;
wolfSSL	15:117db924cf7c	3600	int serialSz;
wolfSSL	15:117db924cf7c	3601	#ifdef WOLFSSL_SEP
wolfSSL	15:117db924cf7c	3602	int deviceTypeSz;
wolfSSL	15:117db924cf7c	3603	int hwTypeSz;
wolfSSL	15:117db924cf7c	3604	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	15:117db924cf7c	3605	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	15:117db924cf7c	3606	int hwSerialNumSz;
wolfSSL	15:117db924cf7c	3607	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	16:8e0d178b1d1e	3608	#endif /* WOLFSSL_SEP */
wolfSSL	16:8e0d178b1d1e	3609	#if (defined(WOLFSSL_SEP) \|\| defined(WOLFSSL_QT) \|\| defined (OPENSSL_ALL)) && \
wolfSSL	16:8e0d178b1d1e	3610	(defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL	16:8e0d178b1d1e	3611	byte certPolicySet;
wolfSSL	16:8e0d178b1d1e	3612	byte certPolicyCrit;
wolfSSL	16:8e0d178b1d1e	3613	#endif /* (WOLFSSL_SEP \|\| WOLFSSL_QT) && (OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL) */
wolfSSL	16:8e0d178b1d1e	3614	#if defined(WOLFSSL_QT) \|\| defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	3615	WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
wolfSSL	16:8e0d178b1d1e	3616	WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
wolfSSL	16:8e0d178b1d1e	3617	#endif /* WOLFSSL_QT \|\| OPENSSL_ALL */
wolfSSL	16:8e0d178b1d1e	3618	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	3619	WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
wolfSSL	16:8e0d178b1d1e	3620	#endif
wolfSSL	16:8e0d178b1d1e	3621	WOLFSSL_ASN1_TIME notBefore;
wolfSSL	16:8e0d178b1d1e	3622	WOLFSSL_ASN1_TIME notAfter;
wolfSSL	15:117db924cf7c	3623	buffer sig;
wolfSSL	15:117db924cf7c	3624	int sigOID;
wolfSSL	15:117db924cf7c	3625	DNS_entry* altNames; /* alt names list */
wolfSSL	15:117db924cf7c	3626	buffer pubKey;
wolfSSL	15:117db924cf7c	3627	int pubKeyOID;
wolfSSL	15:117db924cf7c	3628	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	16:8e0d178b1d1e	3629	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	3630	word32 pkCurveOID;
wolfSSL	16:8e0d178b1d1e	3631	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	3632	#ifndef NO_CERTS
wolfSSL	16:8e0d178b1d1e	3633	DerBuffer* derCert; /* may need */
wolfSSL	16:8e0d178b1d1e	3634	#endif
wolfSSL	15:117db924cf7c	3635	void* heap; /* heap hint */
wolfSSL	15:117db924cf7c	3636	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	15:117db924cf7c	3637	byte isCa:1;
wolfSSL	15:117db924cf7c	3638	#ifdef WOLFSSL_CERT_EXT
wolfSSL	15:117db924cf7c	3639	char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
wolfSSL	15:117db924cf7c	3640	int certPoliciesNb;
wolfSSL	15:117db924cf7c	3641	#endif /* WOLFSSL_CERT_EXT */
wolfSSL	16:8e0d178b1d1e	3642	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	3643	wolfSSL_Mutex refMutex; /* ref count mutex */
wolfSSL	16:8e0d178b1d1e	3644	int refCount; /* reference count */
wolfSSL	16:8e0d178b1d1e	3645	#endif
wolfSSL	15:117db924cf7c	3646	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	3647	#ifdef HAVE_EX_DATA
wolfSSL	16:8e0d178b1d1e	3648	WOLFSSL_CRYPTO_EX_DATA ex_data;
wolfSSL	15:117db924cf7c	3649	#endif
wolfSSL	15:117db924cf7c	3650	byte* authKeyId;
wolfSSL	15:117db924cf7c	3651	byte* subjKeyId;
wolfSSL	15:117db924cf7c	3652	byte* extKeyUsageSrc;
wolfSSL	16:8e0d178b1d1e	3653	const byte* CRLInfo;
wolfSSL	15:117db924cf7c	3654	byte* authInfo;
wolfSSL	16:8e0d178b1d1e	3655	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	3656	byte* authInfoCaIssuer;
wolfSSL	16:8e0d178b1d1e	3657	int authInfoCaIssuerSz;
wolfSSL	16:8e0d178b1d1e	3658	#endif
wolfSSL	15:117db924cf7c	3659	word32 pathLength;
wolfSSL	15:117db924cf7c	3660	word16 keyUsage;
wolfSSL	15:117db924cf7c	3661	int CRLInfoSz;
wolfSSL	15:117db924cf7c	3662	int authInfoSz;
wolfSSL	15:117db924cf7c	3663	word32 authKeyIdSz;
wolfSSL	15:117db924cf7c	3664	word32 subjKeyIdSz;
wolfSSL	15:117db924cf7c	3665	word32 extKeyUsageSz;
wolfSSL	15:117db924cf7c	3666	word32 extKeyUsageCount;
wolfSSL	15:117db924cf7c	3667
wolfSSL	15:117db924cf7c	3668	byte CRLdistSet:1;
wolfSSL	15:117db924cf7c	3669	byte CRLdistCrit:1;
wolfSSL	15:117db924cf7c	3670	byte authInfoSet:1;
wolfSSL	15:117db924cf7c	3671	byte authInfoCrit:1;
wolfSSL	15:117db924cf7c	3672	byte keyUsageSet:1;
wolfSSL	15:117db924cf7c	3673	byte keyUsageCrit:1;
wolfSSL	15:117db924cf7c	3674	byte extKeyUsageCrit:1;
wolfSSL	15:117db924cf7c	3675	byte subjKeyIdSet:1;
wolfSSL	15:117db924cf7c	3676
wolfSSL	15:117db924cf7c	3677	byte subjKeyIdCrit:1;
wolfSSL	15:117db924cf7c	3678	byte basicConstSet:1;
wolfSSL	15:117db924cf7c	3679	byte basicConstCrit:1;
wolfSSL	15:117db924cf7c	3680	byte basicConstPlSet:1;
wolfSSL	15:117db924cf7c	3681	byte subjAltNameSet:1;
wolfSSL	15:117db924cf7c	3682	byte subjAltNameCrit:1;
wolfSSL	15:117db924cf7c	3683	byte authKeyIdSet:1;
wolfSSL	15:117db924cf7c	3684	byte authKeyIdCrit:1;
wolfSSL	15:117db924cf7c	3685	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	15:117db924cf7c	3686	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	15:117db924cf7c	3687	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	15:117db924cf7c	3688	#ifdef WOLFSSL_CERT_REQ
wolfSSL	15:117db924cf7c	3689	char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
wolfSSL	15:117db924cf7c	3690	#endif
wolfSSL	15:117db924cf7c	3691	WOLFSSL_X509_NAME issuer;
wolfSSL	15:117db924cf7c	3692	WOLFSSL_X509_NAME subject;
wolfSSL	16:8e0d178b1d1e	3693	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_HAPROXY) \|\| defined(WOLFSSL_WPAS)
wolfSSL	16:8e0d178b1d1e	3694	WOLFSSL_X509_ALGOR algor;
wolfSSL	16:8e0d178b1d1e	3695	WOLFSSL_X509_PUBKEY key;
wolfSSL	16:8e0d178b1d1e	3696	#endif
wolfSSL	16:8e0d178b1d1e	3697	byte issuerSet:1;
wolfSSL	15:117db924cf7c	3698	};
wolfSSL	15:117db924cf7c	3699
wolfSSL	15:117db924cf7c	3700
wolfSSL	15:117db924cf7c	3701	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	15:117db924cf7c	3702	typedef struct RecordLayerHeader {
wolfSSL	15:117db924cf7c	3703	byte type;
wolfSSL	15:117db924cf7c	3704	byte pvMajor;
wolfSSL	15:117db924cf7c	3705	byte pvMinor;
wolfSSL	15:117db924cf7c	3706	byte length[2];
wolfSSL	15:117db924cf7c	3707	} RecordLayerHeader;
wolfSSL	15:117db924cf7c	3708
wolfSSL	15:117db924cf7c	3709
wolfSSL	15:117db924cf7c	3710	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	15:117db924cf7c	3711	typedef struct DtlsRecordLayerHeader {
wolfSSL	15:117db924cf7c	3712	byte type;
wolfSSL	15:117db924cf7c	3713	byte pvMajor;
wolfSSL	15:117db924cf7c	3714	byte pvMinor;
wolfSSL	15:117db924cf7c	3715	byte sequence_number[8]; /* per record */
wolfSSL	15:117db924cf7c	3716	byte length[2];
wolfSSL	15:117db924cf7c	3717	} DtlsRecordLayerHeader;
wolfSSL	15:117db924cf7c	3718
wolfSSL	15:117db924cf7c	3719
wolfSSL	15:117db924cf7c	3720	typedef struct DtlsFrag {
wolfSSL	15:117db924cf7c	3721	word32 begin;
wolfSSL	15:117db924cf7c	3722	word32 end;
wolfSSL	15:117db924cf7c	3723	struct DtlsFrag* next;
wolfSSL	15:117db924cf7c	3724	} DtlsFrag;
wolfSSL	15:117db924cf7c	3725
wolfSSL	15:117db924cf7c	3726
wolfSSL	15:117db924cf7c	3727	typedef struct DtlsMsg {
wolfSSL	15:117db924cf7c	3728	struct DtlsMsg* next;
wolfSSL	15:117db924cf7c	3729	byte* buf;
wolfSSL	15:117db924cf7c	3730	byte* msg;
wolfSSL	15:117db924cf7c	3731	DtlsFrag* fragList;
wolfSSL	15:117db924cf7c	3732	word32 fragSz; /* Length of fragments received */
wolfSSL	15:117db924cf7c	3733	word32 seq; /* Handshake sequence number */
wolfSSL	16:8e0d178b1d1e	3734	word32 sz; /* Length of whole message */
wolfSSL	15:117db924cf7c	3735	byte type;
wolfSSL	15:117db924cf7c	3736	} DtlsMsg;
wolfSSL	15:117db924cf7c	3737
wolfSSL	15:117db924cf7c	3738
wolfSSL	15:117db924cf7c	3739	#ifdef HAVE_NETX
wolfSSL	15:117db924cf7c	3740
wolfSSL	15:117db924cf7c	3741	/* NETX I/O Callback default */
wolfSSL	15:117db924cf7c	3742	typedef struct NetX_Ctx {
wolfSSL	15:117db924cf7c	3743	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	15:117db924cf7c	3744	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	15:117db924cf7c	3745	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	15:117db924cf7c	3746	ULONG nxWait; /* wait option flag */
wolfSSL	15:117db924cf7c	3747	} NetX_Ctx;
wolfSSL	15:117db924cf7c	3748
wolfSSL	15:117db924cf7c	3749	#endif
wolfSSL	15:117db924cf7c	3750
wolfSSL	15:117db924cf7c	3751	/* Handshake messages received from peer (plus change cipher */
wolfSSL	15:117db924cf7c	3752	typedef struct MsgsReceived {
wolfSSL	15:117db924cf7c	3753	word16 got_hello_request:1;
wolfSSL	15:117db924cf7c	3754	word16 got_client_hello:2;
wolfSSL	15:117db924cf7c	3755	word16 got_server_hello:2;
wolfSSL	15:117db924cf7c	3756	word16 got_hello_verify_request:1;
wolfSSL	15:117db924cf7c	3757	word16 got_session_ticket:1;
wolfSSL	15:117db924cf7c	3758	word16 got_end_of_early_data:1;
wolfSSL	15:117db924cf7c	3759	word16 got_hello_retry_request:1;
wolfSSL	15:117db924cf7c	3760	word16 got_encrypted_extensions:1;
wolfSSL	15:117db924cf7c	3761	word16 got_certificate:1;
wolfSSL	15:117db924cf7c	3762	word16 got_certificate_status:1;
wolfSSL	15:117db924cf7c	3763	word16 got_server_key_exchange:1;
wolfSSL	15:117db924cf7c	3764	word16 got_certificate_request:1;
wolfSSL	15:117db924cf7c	3765	word16 got_server_hello_done:1;
wolfSSL	15:117db924cf7c	3766	word16 got_certificate_verify:1;
wolfSSL	15:117db924cf7c	3767	word16 got_client_key_exchange:1;
wolfSSL	15:117db924cf7c	3768	word16 got_finished:1;
wolfSSL	15:117db924cf7c	3769	word16 got_key_update:1;
wolfSSL	15:117db924cf7c	3770	word16 got_change_cipher:1;
wolfSSL	15:117db924cf7c	3771	} MsgsReceived;
wolfSSL	15:117db924cf7c	3772
wolfSSL	15:117db924cf7c	3773
wolfSSL	15:117db924cf7c	3774	/* Handshake hashes */
wolfSSL	15:117db924cf7c	3775	typedef struct HS_Hashes {
wolfSSL	15:117db924cf7c	3776	Hashes verifyHashes;
wolfSSL	15:117db924cf7c	3777	Hashes certHashes; /* for cert verify */
wolfSSL	15:117db924cf7c	3778	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	3779	wc_Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	15:117db924cf7c	3780	#endif
wolfSSL	15:117db924cf7c	3781	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	15:117db924cf7c	3782	wc_Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	15:117db924cf7c	3783	#endif
wolfSSL	15:117db924cf7c	3784	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	3785	wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	15:117db924cf7c	3786	#endif
wolfSSL	15:117db924cf7c	3787	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3788	wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	15:117db924cf7c	3789	#endif
wolfSSL	15:117db924cf7c	3790	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3791	wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL	15:117db924cf7c	3792	#endif
wolfSSL	16:8e0d178b1d1e	3793	#if (defined(HAVE_ED25519) \|\| defined(HAVE_ED448)) && \
wolfSSL	16:8e0d178b1d1e	3794	!defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	3795	byte* messages; /* handshake messages */
wolfSSL	16:8e0d178b1d1e	3796	int length; /* length of handshake messages' data */
wolfSSL	15:117db924cf7c	3797	int prevLen; /* length of messages but last */
wolfSSL	15:117db924cf7c	3798	#endif
wolfSSL	15:117db924cf7c	3799	} HS_Hashes;
wolfSSL	15:117db924cf7c	3800
wolfSSL	15:117db924cf7c	3801
wolfSSL	15:117db924cf7c	3802	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3803	#define MAX_ASYNC_ARGS 18
wolfSSL	15:117db924cf7c	3804	typedef void (FreeArgsCb)(struct WOLFSSL ssl, void* pArgs);
wolfSSL	15:117db924cf7c	3805
wolfSSL	15:117db924cf7c	3806	struct WOLFSSL_ASYNC {
wolfSSL	15:117db924cf7c	3807	WC_ASYNC_DEV* dev;
wolfSSL	15:117db924cf7c	3808	FreeArgsCb freeArgs; /* function pointer to cleanup args */
wolfSSL	15:117db924cf7c	3809	word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
wolfSSL	15:117db924cf7c	3810	};
wolfSSL	15:117db924cf7c	3811	#endif
wolfSSL	15:117db924cf7c	3812
wolfSSL	15:117db924cf7c	3813	#ifdef HAVE_WRITE_DUP
wolfSSL	15:117db924cf7c	3814
wolfSSL	15:117db924cf7c	3815	#define WRITE_DUP_SIDE 1
wolfSSL	15:117db924cf7c	3816	#define READ_DUP_SIDE 2
wolfSSL	15:117db924cf7c	3817
wolfSSL	15:117db924cf7c	3818	typedef struct WriteDup {
wolfSSL	15:117db924cf7c	3819	wolfSSL_Mutex dupMutex; /* reference count mutex */
wolfSSL	15:117db924cf7c	3820	int dupCount; /* reference count */
wolfSSL	15:117db924cf7c	3821	int dupErr; /* under dupMutex, pass to other side */
wolfSSL	15:117db924cf7c	3822	} WriteDup;
wolfSSL	15:117db924cf7c	3823
wolfSSL	15:117db924cf7c	3824	WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	3825	WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
wolfSSL	15:117db924cf7c	3826	#endif /* HAVE_WRITE_DUP */
wolfSSL	15:117db924cf7c	3827
wolfSSL	15:117db924cf7c	3828	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	15:117db924cf7c	3829	typedef struct CertReqCtx CertReqCtx;
wolfSSL	15:117db924cf7c	3830
wolfSSL	15:117db924cf7c	3831	struct CertReqCtx {
wolfSSL	15:117db924cf7c	3832	CertReqCtx* next;
wolfSSL	15:117db924cf7c	3833	byte len;
wolfSSL	15:117db924cf7c	3834	byte ctx;
wolfSSL	15:117db924cf7c	3835	};
wolfSSL	15:117db924cf7c	3836	#endif
wolfSSL	15:117db924cf7c	3837
wolfSSL	15:117db924cf7c	3838	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	3839	typedef enum EarlyDataState {
wolfSSL	15:117db924cf7c	3840	no_early_data,
wolfSSL	16:8e0d178b1d1e	3841	early_data_ext,
wolfSSL	15:117db924cf7c	3842	expecting_early_data,
wolfSSL	15:117db924cf7c	3843	process_early_data,
wolfSSL	15:117db924cf7c	3844	done_early_data
wolfSSL	15:117db924cf7c	3845	} EarlyDataState;
wolfSSL	15:117db924cf7c	3846	#endif
wolfSSL	15:117db924cf7c	3847
wolfSSL	15:117db924cf7c	3848	/* wolfSSL ssl type */
wolfSSL	15:117db924cf7c	3849	struct WOLFSSL {
wolfSSL	15:117db924cf7c	3850	WOLFSSL_CTX* ctx;
wolfSSL	15:117db924cf7c	3851	Suites* suites; /* only need during handshake */
wolfSSL	15:117db924cf7c	3852	Arrays* arrays;
wolfSSL	16:8e0d178b1d1e	3853	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	3854	byte clientSecret[SECRET_LEN];
wolfSSL	16:8e0d178b1d1e	3855	byte serverSecret[SECRET_LEN];
wolfSSL	16:8e0d178b1d1e	3856	#endif
wolfSSL	15:117db924cf7c	3857	HS_Hashes* hsHashes;
wolfSSL	15:117db924cf7c	3858	void* IOCB_ReadCtx;
wolfSSL	15:117db924cf7c	3859	void* IOCB_WriteCtx;
wolfSSL	15:117db924cf7c	3860	WC_RNG* rng;
wolfSSL	15:117db924cf7c	3861	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	15:117db924cf7c	3862	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	15:117db924cf7c	3863	void* heap; /* for user overrides */
wolfSSL	15:117db924cf7c	3864	#ifdef HAVE_WRITE_DUP
wolfSSL	15:117db924cf7c	3865	WriteDup* dupWrite; /* valid pointer indicates ON */
wolfSSL	15:117db924cf7c	3866	/* side that decrements dupCount to zero frees overall structure */
wolfSSL	15:117db924cf7c	3867	byte dupSide; /* write side or read side */
wolfSSL	15:117db924cf7c	3868	#endif
wolfSSL	15:117db924cf7c	3869	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	3870	byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
wolfSSL	15:117db924cf7c	3871	#endif
wolfSSL	15:117db924cf7c	3872	CallbackIORecv CBIORecv;
wolfSSL	15:117db924cf7c	3873	CallbackIOSend CBIOSend;
wolfSSL	15:117db924cf7c	3874	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	15:117db924cf7c	3875	WOLFSSL_HEAP_HINT heap_hint;
wolfSSL	15:117db924cf7c	3876	#endif
wolfSSL	15:117db924cf7c	3877	#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL	15:117db924cf7c	3878	HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL	15:117db924cf7c	3879	void* hsDoneCtx; /* user handshake cb context */
wolfSSL	15:117db924cf7c	3880	#endif
wolfSSL	15:117db924cf7c	3881	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3882	struct WOLFSSL_ASYNC async;
wolfSSL	15:117db924cf7c	3883	#elif defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	3884	void* nonblockarg; /* dynamic arg for handling non-block resume */
wolfSSL	15:117db924cf7c	3885	#endif
wolfSSL	15:117db924cf7c	3886	void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
wolfSSL	15:117db924cf7c	3887	word32 hsType; /* Type of Handshake key (hsKey) */
wolfSSL	15:117db924cf7c	3888	WOLFSSL_CIPHER cipher;
wolfSSL	16:8e0d178b1d1e	3889	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	3890	hmacfp hmac;
wolfSSL	16:8e0d178b1d1e	3891	#endif
wolfSSL	15:117db924cf7c	3892	Ciphers encrypt;
wolfSSL	15:117db924cf7c	3893	Ciphers decrypt;
wolfSSL	15:117db924cf7c	3894	Buffers buffers;
wolfSSL	15:117db924cf7c	3895	WOLFSSL_SESSION session;
wolfSSL	15:117db924cf7c	3896	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	3897	WOLFSSL_SESSION* extSession;
wolfSSL	15:117db924cf7c	3898	#endif
wolfSSL	15:117db924cf7c	3899	WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL	15:117db924cf7c	3900	int error;
wolfSSL	15:117db924cf7c	3901	int rfd; /* read file descriptor */
wolfSSL	15:117db924cf7c	3902	int wfd; /* write file descriptor */
wolfSSL	15:117db924cf7c	3903	int rflags; /* user read flags */
wolfSSL	15:117db924cf7c	3904	int wflags; /* user write flags */
wolfSSL	15:117db924cf7c	3905	word32 timeout; /* session timeout */
wolfSSL	15:117db924cf7c	3906	word32 fragOffset; /* fragment offset */
wolfSSL	15:117db924cf7c	3907	word16 curSize;
wolfSSL	15:117db924cf7c	3908	byte verifyDepth;
wolfSSL	15:117db924cf7c	3909	RecordLayerHeader curRL;
wolfSSL	15:117db924cf7c	3910	MsgsReceived msgsReceived; /* peer messages received */
wolfSSL	15:117db924cf7c	3911	ProtocolVersion version; /* negotiated version */
wolfSSL	15:117db924cf7c	3912	ProtocolVersion chVersion; /* client hello version */
wolfSSL	15:117db924cf7c	3913	CipherSpecs specs;
wolfSSL	15:117db924cf7c	3914	Keys keys;
wolfSSL	15:117db924cf7c	3915	Options options;
wolfSSL	15:117db924cf7c	3916	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	3917	CallbackInfoState* CBIS; /* used to get info about SSL state */
wolfSSL	15:117db924cf7c	3918	int cbmode; /* read or write on info callback */
wolfSSL	15:117db924cf7c	3919	int cbtype; /* event type in info callback */
wolfSSL	15:117db924cf7c	3920	WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	15:117db924cf7c	3921	WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	15:117db924cf7c	3922	byte sessionCtx[ID_LEN]; /* app session context ID */
wolfSSL	16:8e0d178b1d1e	3923	WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
wolfSSL	16:8e0d178b1d1e	3924	#endif
wolfSSL	16:8e0d178b1d1e	3925	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	3926	unsigned long peerVerifyRet;
wolfSSL	16:8e0d178b1d1e	3927	#endif
wolfSSL	16:8e0d178b1d1e	3928	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	3929	byte readAhead;
wolfSSL	15:117db924cf7c	3930	byte sessionCtxSz; /* size of sessionCtx stored */
wolfSSL	15:117db924cf7c	3931	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3932	void* loggingCtx; /* logging callback argument */
wolfSSL	15:117db924cf7c	3933	#endif
wolfSSL	15:117db924cf7c	3934	#endif /* OPENSSL_EXTRA */
wolfSSL	15:117db924cf7c	3935	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	3936	RsaKey* peerRsaKey;
wolfSSL	16:8e0d178b1d1e	3937	#ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL	16:8e0d178b1d1e	3938	byte *peerTsipEncRsaKeyIndex;
wolfSSL	16:8e0d178b1d1e	3939	#endif
wolfSSL	15:117db924cf7c	3940	byte peerRsaKeyPresent;
wolfSSL	15:117db924cf7c	3941	#endif
wolfSSL	15:117db924cf7c	3942	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	3943	QSHKey* QSH_Key;
wolfSSL	15:117db924cf7c	3944	QSHKey* peerQSHKey;
wolfSSL	15:117db924cf7c	3945	QSHSecret* QSH_secret;
wolfSSL	15:117db924cf7c	3946	byte isQSH; /* is the handshake a QSH? */
wolfSSL	15:117db924cf7c	3947	byte sendQSHKeys; /* flag for if the client should sen
wolfSSL	15:117db924cf7c	3948	public keys */
wolfSSL	15:117db924cf7c	3949	byte peerQSHKeyPresent;
wolfSSL	15:117db924cf7c	3950	byte minRequest;
wolfSSL	15:117db924cf7c	3951	byte maxRequest;
wolfSSL	15:117db924cf7c	3952	byte user_set_QSHSchemes;
wolfSSL	15:117db924cf7c	3953	#endif
wolfSSL	16:8e0d178b1d1e	3954	#if defined(WOLFSSL_TLS13) \|\| defined(HAVE_FFDHE)
wolfSSL	16:8e0d178b1d1e	3955	word16 namedGroup;
wolfSSL	16:8e0d178b1d1e	3956	#endif
wolfSSL	15:117db924cf7c	3957	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3958	word16 group[WOLFSSL_MAX_GROUP_COUNT];
wolfSSL	15:117db924cf7c	3959	byte numGroups;
wolfSSL	15:117db924cf7c	3960	#endif
wolfSSL	16:8e0d178b1d1e	3961	word16 pssAlgo;
wolfSSL	15:117db924cf7c	3962	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	3963	#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL	15:117db924cf7c	3964	word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
wolfSSL	15:117db924cf7c	3965	byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
wolfSSL	15:117db924cf7c	3966	* offer */
wolfSSL	15:117db924cf7c	3967	#endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
wolfSSL	15:117db924cf7c	3968	#endif
wolfSSL	15:117db924cf7c	3969	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	3970	word16 peerNtruKeyLen;
wolfSSL	15:117db924cf7c	3971	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	15:117db924cf7c	3972	byte peerNtruKeyPresent;
wolfSSL	15:117db924cf7c	3973	#endif
wolfSSL	16:8e0d178b1d1e	3974	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	3975	int eccVerifyRes;
wolfSSL	15:117db924cf7c	3976	#endif
wolfSSL	16:8e0d178b1d1e	3977	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	3978	word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL	15:117db924cf7c	3979	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	15:117db924cf7c	3980	byte eccTempKeyPresent; /* also holds type */
wolfSSL	15:117db924cf7c	3981	byte peerEccKeyPresent;
wolfSSL	15:117db924cf7c	3982	#endif
wolfSSL	15:117db924cf7c	3983	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	3984	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	15:117db924cf7c	3985	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	15:117db924cf7c	3986	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	15:117db924cf7c	3987	byte peerEccDsaKeyPresent;
wolfSSL	15:117db924cf7c	3988	#endif
wolfSSL	16:8e0d178b1d1e	3989	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	3990	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	15:117db924cf7c	3991	#endif
wolfSSL	15:117db924cf7c	3992	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	3993	ed25519_key* peerEd25519Key;
wolfSSL	15:117db924cf7c	3994	byte peerEd25519KeyPresent;
wolfSSL	15:117db924cf7c	3995	#endif
wolfSSL	15:117db924cf7c	3996	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	3997	curve25519_key* peerX25519Key;
wolfSSL	15:117db924cf7c	3998	byte peerX25519KeyPresent;
wolfSSL	15:117db924cf7c	3999	#endif
wolfSSL	16:8e0d178b1d1e	4000	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	4001	ed448_key* peerEd448Key;
wolfSSL	16:8e0d178b1d1e	4002	byte peerEd448KeyPresent;
wolfSSL	16:8e0d178b1d1e	4003	#endif
wolfSSL	16:8e0d178b1d1e	4004	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	4005	curve448_key* peerX448Key;
wolfSSL	16:8e0d178b1d1e	4006	byte peerX448KeyPresent;
wolfSSL	16:8e0d178b1d1e	4007	#endif
wolfSSL	15:117db924cf7c	4008	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	4009	z_stream c_stream; /* compression stream */
wolfSSL	15:117db924cf7c	4010	z_stream d_stream; /* decompression stream */
wolfSSL	15:117db924cf7c	4011	byte didStreamInit; /* for stream init and end */
wolfSSL	15:117db924cf7c	4012	#endif
wolfSSL	15:117db924cf7c	4013	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	4014	int dtls_timeout_init; /* starting timeout value */
wolfSSL	15:117db924cf7c	4015	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	15:117db924cf7c	4016	int dtls_timeout; /* current timeout value, changes */
wolfSSL	15:117db924cf7c	4017	word32 dtls_tx_msg_list_sz;
wolfSSL	15:117db924cf7c	4018	word32 dtls_rx_msg_list_sz;
wolfSSL	15:117db924cf7c	4019	DtlsMsg* dtls_tx_msg_list;
wolfSSL	16:8e0d178b1d1e	4020	DtlsMsg* dtls_tx_msg;
wolfSSL	15:117db924cf7c	4021	DtlsMsg* dtls_rx_msg_list;
wolfSSL	15:117db924cf7c	4022	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	15:117db924cf7c	4023	word32 dtls_expected_rx;
wolfSSL	15:117db924cf7c	4024	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	4025	wc_dtls_export dtls_export; /* export function for session */
wolfSSL	15:117db924cf7c	4026	#endif
wolfSSL	16:8e0d178b1d1e	4027	#if defined(WOLFSSL_SCTP) \|\| defined(WOLFSSL_DTLS_MTU)
wolfSSL	15:117db924cf7c	4028	word16 dtlsMtuSz;
wolfSSL	16:8e0d178b1d1e	4029	#endif /* WOLFSSL_SCTP \|\| WOLFSSL_DTLS_MTU */
wolfSSL	15:117db924cf7c	4030	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	4031	void* mcastHwCbCtx; /* Multicast highwater callback ctx */
wolfSSL	15:117db924cf7c	4032	#endif /* WOLFSSL_MULTICAST */
wolfSSL	15:117db924cf7c	4033	#ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL	15:117db924cf7c	4034	word32 macDropCount;
wolfSSL	15:117db924cf7c	4035	word32 replayDropCount;
wolfSSL	15:117db924cf7c	4036	#endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL	15:117db924cf7c	4037	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	4038	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	4039	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	15:117db924cf7c	4040	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	15:117db924cf7c	4041	#endif
wolfSSL	15:117db924cf7c	4042	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	4043	SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
wolfSSL	15:117db924cf7c	4044	void* protoMsgCtx; /* user set context with msg callback */
wolfSSL	15:117db924cf7c	4045	#endif
wolfSSL	15:117db924cf7c	4046	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	4047	byte hsInfoOn; /* track handshake info */
wolfSSL	15:117db924cf7c	4048	byte toInfoOn; /* track timeout info */
wolfSSL	15:117db924cf7c	4049	#endif
wolfSSL	15:117db924cf7c	4050	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	4051	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL	15:117db924cf7c	4052	void* fuzzerCtx; /* user defined pointer */
wolfSSL	15:117db924cf7c	4053	#endif
wolfSSL	15:117db924cf7c	4054	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	15:117db924cf7c	4055	CertReqCtx* certReqCtx;
wolfSSL	15:117db924cf7c	4056	#endif
wolfSSL	15:117db924cf7c	4057	#ifdef KEEP_PEER_CERT
wolfSSL	15:117db924cf7c	4058	WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL	15:117db924cf7c	4059	#endif
wolfSSL	15:117db924cf7c	4060	#ifdef KEEP_OUR_CERT
wolfSSL	15:117db924cf7c	4061	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
wolfSSL	15:117db924cf7c	4062	points to ctx if not owned (owned
wolfSSL	15:117db924cf7c	4063	flag found in buffers.weOwnCert) */
wolfSSL	15:117db924cf7c	4064	#endif
wolfSSL	15:117db924cf7c	4065	byte keepCert; /* keep certificate after handshake */
wolfSSL	15:117db924cf7c	4066	#if defined(HAVE_EX_DATA) \|\| defined(FORTRESS)
wolfSSL	16:8e0d178b1d1e	4067	WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */
wolfSSL	15:117db924cf7c	4068	#endif
wolfSSL	15:117db924cf7c	4069	int devId; /* async device id to use */
wolfSSL	15:117db924cf7c	4070	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	15:117db924cf7c	4071	OneTimeAuth auth;
wolfSSL	15:117db924cf7c	4072	#endif
wolfSSL	15:117db924cf7c	4073	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	4074	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	15:117db924cf7c	4075	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	15:117db924cf7c	4076	word16 max_fragment;
wolfSSL	15:117db924cf7c	4077	#endif
wolfSSL	15:117db924cf7c	4078	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	4079	byte truncated_hmac;
wolfSSL	15:117db924cf7c	4080	#endif
wolfSSL	15:117db924cf7c	4081	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	15:117db924cf7c	4082	byte status_request;
wolfSSL	15:117db924cf7c	4083	#endif
wolfSSL	15:117db924cf7c	4084	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	4085	byte status_request_v2;
wolfSSL	15:117db924cf7c	4086	#endif
wolfSSL	15:117db924cf7c	4087	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	15:117db924cf7c	4088	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	16:8e0d178b1d1e	4089	int secure_rene_count; /* how many times */
wolfSSL	15:117db924cf7c	4090	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL	15:117db924cf7c	4091	#endif /* user turned on */
wolfSSL	15:117db924cf7c	4092	#ifdef HAVE_ALPN
wolfSSL	15:117db924cf7c	4093	char* alpn_client_list; /* keep the client's list */
wolfSSL	15:117db924cf7c	4094	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	4095	CallbackALPNSelect alpnSelect;
wolfSSL	15:117db924cf7c	4096	void* alpnSelectArg;
wolfSSL	15:117db924cf7c	4097	#endif
wolfSSL	15:117db924cf7c	4098	#endif /* of accepted protocols */
wolfSSL	15:117db924cf7c	4099	#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL	15:117db924cf7c	4100	CallbackSessionTicket session_ticket_cb;
wolfSSL	15:117db924cf7c	4101	void* session_ticket_ctx;
wolfSSL	15:117db924cf7c	4102	byte expect_session_ticket;
wolfSSL	15:117db924cf7c	4103	#endif
wolfSSL	15:117db924cf7c	4104	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	15:117db924cf7c	4105	#ifdef HAVE_OCSP
wolfSSL	15:117db924cf7c	4106	void* ocspIOCtx;
wolfSSL	15:117db924cf7c	4107	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	4108	byte* ocspResp;
wolfSSL	15:117db924cf7c	4109	int ocspRespSz;
wolfSSL	15:117db924cf7c	4110	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	4111	char* url;
wolfSSL	15:117db924cf7c	4112	#endif
wolfSSL	15:117db924cf7c	4113	#endif
wolfSSL	15:117db924cf7c	4114	#endif
wolfSSL	15:117db924cf7c	4115	#ifdef HAVE_NETX
wolfSSL	15:117db924cf7c	4116	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	15:117db924cf7c	4117	#endif
wolfSSL	16:8e0d178b1d1e	4118	#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
wolfSSL	16:8e0d178b1d1e	4119	void* mnCtx; /* mynewt mn_socket IO Context */
wolfSSL	16:8e0d178b1d1e	4120	#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
wolfSSL	16:8e0d178b1d1e	4121	#ifdef WOLFSSL_GNRC
wolfSSL	16:8e0d178b1d1e	4122	struct gnrc_wolfssl_ctx gnrcCtx; / Riot-OS GNRC UDP/IP context */
wolfSSL	16:8e0d178b1d1e	4123	#endif
wolfSSL	15:117db924cf7c	4124	#ifdef SESSION_INDEX
wolfSSL	15:117db924cf7c	4125	int sessionIndex; /* Session's location in the cache. */
wolfSSL	15:117db924cf7c	4126	#endif
wolfSSL	15:117db924cf7c	4127	#ifdef ATOMIC_USER
wolfSSL	15:117db924cf7c	4128	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	15:117db924cf7c	4129	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	16:8e0d178b1d1e	4130	#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL	16:8e0d178b1d1e	4131	void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */
wolfSSL	16:8e0d178b1d1e	4132	void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */
wolfSSL	16:8e0d178b1d1e	4133	#endif
wolfSSL	15:117db924cf7c	4134	#endif
wolfSSL	15:117db924cf7c	4135	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4136	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	4137	void* EccKeyGenCtx; /* EccKeyGen Callback Context */
wolfSSL	15:117db924cf7c	4138	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	15:117db924cf7c	4139	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	15:117db924cf7c	4140	void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
wolfSSL	15:117db924cf7c	4141	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	4142	void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
wolfSSL	15:117db924cf7c	4143	void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
wolfSSL	15:117db924cf7c	4144	#endif
wolfSSL	15:117db924cf7c	4145	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	4146	void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
wolfSSL	15:117db924cf7c	4147	void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
wolfSSL	15:117db924cf7c	4148	#endif
wolfSSL	16:8e0d178b1d1e	4149	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	4150	void* Ed448SignCtx; /* ED448 Sign Callback Context */
wolfSSL	16:8e0d178b1d1e	4151	void* Ed448VerifyCtx; /* ED448 Verify Callback Context */
wolfSSL	16:8e0d178b1d1e	4152	#endif
wolfSSL	16:8e0d178b1d1e	4153	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	4154	void* X448KeyGenCtx; /* X448 KeyGen Callback Context */
wolfSSL	16:8e0d178b1d1e	4155	void* X448SharedSecretCtx; /* X448 Pms Callback Context */
wolfSSL	16:8e0d178b1d1e	4156	#endif
wolfSSL	15:117db924cf7c	4157	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	4158	#ifndef NO_DH
wolfSSL	15:117db924cf7c	4159	void* DhAgreeCtx; /* DH Pms Callback Context */
wolfSSL	15:117db924cf7c	4160	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	4161	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	4162	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	15:117db924cf7c	4163	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	15:117db924cf7c	4164	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	4165	void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
wolfSSL	15:117db924cf7c	4166	void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
wolfSSL	15:117db924cf7c	4167	#endif
wolfSSL	15:117db924cf7c	4168	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	15:117db924cf7c	4169	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	15:117db924cf7c	4170	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	4171	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4172	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	15:117db924cf7c	4173	SessionSecretCb sessionSecretCb;
wolfSSL	15:117db924cf7c	4174	void* sessionSecretCtx;
wolfSSL	16:8e0d178b1d1e	4175	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	4176	Tls13SecretCb tls13SecretCb;
wolfSSL	16:8e0d178b1d1e	4177	void* tls13SecretCtx;
wolfSSL	16:8e0d178b1d1e	4178	#endif
wolfSSL	15:117db924cf7c	4179	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	15:117db924cf7c	4180	#ifdef WOLFSSL_JNI
wolfSSL	15:117db924cf7c	4181	void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
wolfSSL	15:117db924cf7c	4182	#endif /* WOLFSSL_JNI */
wolfSSL	15:117db924cf7c	4183	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	4184	EarlyDataState earlyData;
wolfSSL	15:117db924cf7c	4185	word32 earlyDataSz;
wolfSSL	15:117db924cf7c	4186	#endif
wolfSSL	16:8e0d178b1d1e	4187	#ifdef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	4188	long verifyCallbackResult;
wolfSSL	16:8e0d178b1d1e	4189	#endif
wolfSSL	16:8e0d178b1d1e	4190	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	4191	WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
wolfSSL	16:8e0d178b1d1e	4192	WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
wolfSSL	16:8e0d178b1d1e	4193	#endif
wolfSSL	15:117db924cf7c	4194	};
wolfSSL	15:117db924cf7c	4195
wolfSSL	15:117db924cf7c	4196
wolfSSL	16:8e0d178b1d1e	4197	WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
wolfSSL	16:8e0d178b1d1e	4198	WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL, WOLFSSL_CTX, int);
wolfSSL	16:8e0d178b1d1e	4199	WOLFSSL_LOCAL int InitSSL(WOLFSSL, WOLFSSL_CTX, int);
wolfSSL	16:8e0d178b1d1e	4200	WOLFSSL_LOCAL void FreeSSL(WOLFSSL, void heap);
wolfSSL	16:8e0d178b1d1e	4201	WOLFSSL_API void SSL_ResourceFree(WOLFSSL); / Micrium uses */
wolfSSL	15:117db924cf7c	4202
wolfSSL	15:117db924cf7c	4203
wolfSSL	15:117db924cf7c	4204	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	4205
wolfSSL	15:117db924cf7c	4206	WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL	15:117db924cf7c	4207	long sz, int format, int type, WOLFSSL* ssl,
wolfSSL	16:8e0d178b1d1e	4208	long* used, int userChain, int verify);
wolfSSL	15:117db924cf7c	4209	WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL	15:117db924cf7c	4210	int type, WOLFSSL* ssl, int userChain,
wolfSSL	16:8e0d178b1d1e	4211	WOLFSSL_CRL* crl, int verify);
wolfSSL	15:117db924cf7c	4212
wolfSSL	15:117db924cf7c	4213	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	4214	WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
wolfSSL	15:117db924cf7c	4215	size_t domainNameLen);
wolfSSL	15:117db924cf7c	4216	#endif
wolfSSL	15:117db924cf7c	4217	#endif
wolfSSL	15:117db924cf7c	4218
wolfSSL	15:117db924cf7c	4219
wolfSSL	15:117db924cf7c	4220	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	4221	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4222	void InitHandShakeInfo(HandShakeInfo, WOLFSSL);
wolfSSL	15:117db924cf7c	4223	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4224	void FinishHandShakeInfo(HandShakeInfo*);
wolfSSL	15:117db924cf7c	4225	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4226	void AddPacketName(WOLFSSL* ssl, const char* name);
wolfSSL	15:117db924cf7c	4227
wolfSSL	15:117db924cf7c	4228	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4229	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	15:117db924cf7c	4230	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4231	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	15:117db924cf7c	4232	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4233	void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
wolfSSL	15:117db924cf7c	4234	const byte* data, int sz, int write, void* heap);
wolfSSL	15:117db924cf7c	4235	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4236	void AddLateName(const char, TimeoutInfo);
wolfSSL	15:117db924cf7c	4237	WOLFSSL_LOCAL
wolfSSL	15:117db924cf7c	4238	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	15:117db924cf7c	4239	#endif
wolfSSL	15:117db924cf7c	4240
wolfSSL	15:117db924cf7c	4241
wolfSSL	15:117db924cf7c	4242	/* Record Layer Header identifier from page 12 */
wolfSSL	15:117db924cf7c	4243	enum ContentType {
wolfSSL	15:117db924cf7c	4244	no_type = 0,
wolfSSL	15:117db924cf7c	4245	change_cipher_spec = 20,
wolfSSL	15:117db924cf7c	4246	alert = 21,
wolfSSL	15:117db924cf7c	4247	handshake = 22,
wolfSSL	15:117db924cf7c	4248	application_data = 23
wolfSSL	15:117db924cf7c	4249	};
wolfSSL	15:117db924cf7c	4250
wolfSSL	15:117db924cf7c	4251
wolfSSL	15:117db924cf7c	4252	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	15:117db924cf7c	4253	typedef struct HandShakeHeader {
wolfSSL	15:117db924cf7c	4254	byte type;
wolfSSL	15:117db924cf7c	4255	word24 length;
wolfSSL	15:117db924cf7c	4256	} HandShakeHeader;
wolfSSL	15:117db924cf7c	4257
wolfSSL	15:117db924cf7c	4258
wolfSSL	15:117db924cf7c	4259	/* DTLS handshake header, same for each message type */
wolfSSL	15:117db924cf7c	4260	typedef struct DtlsHandShakeHeader {
wolfSSL	15:117db924cf7c	4261	byte type;
wolfSSL	15:117db924cf7c	4262	word24 length;
wolfSSL	15:117db924cf7c	4263	byte message_seq[2]; /* start at 0, retransmit gets same # */
wolfSSL	15:117db924cf7c	4264	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	15:117db924cf7c	4265	word24 fragment_length; /* length of this fragment */
wolfSSL	15:117db924cf7c	4266	} DtlsHandShakeHeader;
wolfSSL	15:117db924cf7c	4267
wolfSSL	15:117db924cf7c	4268
wolfSSL	15:117db924cf7c	4269	enum HandShakeType {
wolfSSL	15:117db924cf7c	4270	hello_request = 0,
wolfSSL	15:117db924cf7c	4271	client_hello = 1,
wolfSSL	15:117db924cf7c	4272	server_hello = 2,
wolfSSL	15:117db924cf7c	4273	hello_verify_request = 3, /* DTLS addition */
wolfSSL	15:117db924cf7c	4274	session_ticket = 4,
wolfSSL	15:117db924cf7c	4275	end_of_early_data = 5,
wolfSSL	15:117db924cf7c	4276	hello_retry_request = 6,
wolfSSL	15:117db924cf7c	4277	encrypted_extensions = 8,
wolfSSL	15:117db924cf7c	4278	certificate = 11,
wolfSSL	15:117db924cf7c	4279	server_key_exchange = 12,
wolfSSL	15:117db924cf7c	4280	certificate_request = 13,
wolfSSL	15:117db924cf7c	4281	server_hello_done = 14,
wolfSSL	15:117db924cf7c	4282	certificate_verify = 15,
wolfSSL	15:117db924cf7c	4283	client_key_exchange = 16,
wolfSSL	15:117db924cf7c	4284	finished = 20,
wolfSSL	15:117db924cf7c	4285	certificate_status = 22,
wolfSSL	15:117db924cf7c	4286	key_update = 24,
wolfSSL	15:117db924cf7c	4287	change_cipher_hs = 55, /* simulate unique handshake type for sanity
wolfSSL	15:117db924cf7c	4288	checks. record layer change_cipher
wolfSSL	15:117db924cf7c	4289	conflicts with handshake finished */
wolfSSL	15:117db924cf7c	4290	message_hash = 254, /* synthetic message type for TLS v1.3 */
wolfSSL	15:117db924cf7c	4291	no_shake = 255 /* used to initialize the DtlsMsg record */
wolfSSL	15:117db924cf7c	4292	};
wolfSSL	15:117db924cf7c	4293
wolfSSL	15:117db924cf7c	4294	enum ProvisionSide {
wolfSSL	15:117db924cf7c	4295	PROVISION_CLIENT = 1,
wolfSSL	15:117db924cf7c	4296	PROVISION_SERVER = 2,
wolfSSL	15:117db924cf7c	4297	PROVISION_CLIENT_SERVER = 3
wolfSSL	15:117db924cf7c	4298	};
wolfSSL	15:117db924cf7c	4299
wolfSSL	15:117db924cf7c	4300
wolfSSL	15:117db924cf7c	4301	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	15:117db924cf7c	4302	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	15:117db924cf7c	4303
wolfSSL	15:117db924cf7c	4304	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	15:117db924cf7c	4305	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	15:117db924cf7c	4306
wolfSSL	16:8e0d178b1d1e	4307	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	4308	typedef struct {
wolfSSL	16:8e0d178b1d1e	4309	int name_len;
wolfSSL	16:8e0d178b1d1e	4310	const char *name;
wolfSSL	16:8e0d178b1d1e	4311	int nid;
wolfSSL	16:8e0d178b1d1e	4312	} WOLF_EC_NIST_NAME;
wolfSSL	16:8e0d178b1d1e	4313	extern const WOLF_EC_NIST_NAME kNistCurves[];
wolfSSL	16:8e0d178b1d1e	4314	/* This is the longest and shortest curve name in the kNistCurves list */
wolfSSL	16:8e0d178b1d1e	4315	#define kNistCurves_MIN_NAME_LEN 5
wolfSSL	16:8e0d178b1d1e	4316	#define kNistCurves_MAX_NAME_LEN 7
wolfSSL	16:8e0d178b1d1e	4317	#endif
wolfSSL	15:117db924cf7c	4318
wolfSSL	15:117db924cf7c	4319	/* internal functions */
wolfSSL	15:117db924cf7c	4320	WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL	15:117db924cf7c	4321	WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL	15:117db924cf7c	4322	WOLFSSL_LOCAL int DoClientTicket(WOLFSSL, const byte, word32);
wolfSSL	15:117db924cf7c	4323	WOLFSSL_LOCAL int SendData(WOLFSSL, const void, int);
wolfSSL	15:117db924cf7c	4324	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	4325	#ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	4326	WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
wolfSSL	15:117db924cf7c	4327	#else
wolfSSL	15:117db924cf7c	4328	WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
wolfSSL	15:117db924cf7c	4329	#endif
wolfSSL	15:117db924cf7c	4330	#endif
wolfSSL	15:117db924cf7c	4331	WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL	15:117db924cf7c	4332	WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL	15:117db924cf7c	4333	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	4334	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	4335	WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL, OcspRequest, buffer);
wolfSSL	15:117db924cf7c	4336	#endif
wolfSSL	16:8e0d178b1d1e	4337	#if defined(HAVE_SECURE_RENEGOTIATION) && \
wolfSSL	16:8e0d178b1d1e	4338	defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	16:8e0d178b1d1e	4339	WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
wolfSSL	16:8e0d178b1d1e	4340	#endif
wolfSSL	15:117db924cf7c	4341	WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
wolfSSL	15:117db924cf7c	4342	WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL	15:117db924cf7c	4343	WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL	15:117db924cf7c	4344	WOLFSSL_LOCAL int ReceiveData(WOLFSSL, byte, int, int);
wolfSSL	15:117db924cf7c	4345	WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL	15:117db924cf7c	4346	WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL	15:117db924cf7c	4347	WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL	15:117db924cf7c	4348
wolfSSL	15:117db924cf7c	4349	WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL	15:117db924cf7c	4350	WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL	15:117db924cf7c	4351
wolfSSL	15:117db924cf7c	4352	WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL	15:117db924cf7c	4353	WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4354	WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
wolfSSL	15:117db924cf7c	4355
wolfSSL	15:117db924cf7c	4356	WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4357	WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4358	WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
wolfSSL	15:117db924cf7c	4359
wolfSSL	15:117db924cf7c	4360	WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4361	WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL	15:117db924cf7c	4362	WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4363
wolfSSL	15:117db924cf7c	4364	WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4365
wolfSSL	15:117db924cf7c	4366	WOLFSSL_LOCAL int SetTicket(WOLFSSL, const byte, word32);
wolfSSL	15:117db924cf7c	4367	WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
wolfSSL	15:117db924cf7c	4368
wolfSSL	16:8e0d178b1d1e	4369	#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
wolfSSL	16:8e0d178b1d1e	4370	WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey);
wolfSSL	16:8e0d178b1d1e	4371	WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
wolfSSL	16:8e0d178b1d1e	4372	#endif
wolfSSL	16:8e0d178b1d1e	4373
wolfSSL	16:8e0d178b1d1e	4374	WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA rsa, WC_RNG *tmpRNG,
wolfSSL	16:8e0d178b1d1e	4375	int *initTmpRng);
wolfSSL	16:8e0d178b1d1e	4376
wolfSSL	15:117db924cf7c	4377	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	4378	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	4379	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	4380	WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
wolfSSL	15:117db924cf7c	4381	byte* out, word32 sigSz, enum wc_HashType hashType);
wolfSSL	16:8e0d178b1d1e	4382	WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
wolfSSL	15:117db924cf7c	4383	enum wc_HashType* hashType, int* mgf);
wolfSSL	15:117db924cf7c	4384	#endif
wolfSSL	15:117db924cf7c	4385	WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
wolfSSL	15:117db924cf7c	4386	word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
wolfSSL	15:117db924cf7c	4387	int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4388	WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	15:117db924cf7c	4389	byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL	15:117db924cf7c	4390	DerBuffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4391	WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL	15:117db924cf7c	4392	byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL	15:117db924cf7c	4393	buffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4394	WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
wolfSSL	15:117db924cf7c	4395	word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4396	WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	15:117db924cf7c	4397	word32* outSz, RsaKey* key, buffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4398	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	4399
wolfSSL	15:117db924cf7c	4400	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	4401	WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	15:117db924cf7c	4402	byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4403	WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	15:117db924cf7c	4404	const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4405	WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
wolfSSL	15:117db924cf7c	4406	ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
wolfSSL	15:117db924cf7c	4407	word32* outlen, int side);
wolfSSL	15:117db924cf7c	4408	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	4409	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	4410	WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4411	WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	15:117db924cf7c	4412	byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4413	WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
wolfSSL	15:117db924cf7c	4414	word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
wolfSSL	15:117db924cf7c	4415	buffer* keyBufInfo);
wolfSSL	15:117db924cf7c	4416	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	4417	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	4418	WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl);
wolfSSL	16:8e0d178b1d1e	4419	WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	16:8e0d178b1d1e	4420	byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo);
wolfSSL	16:8e0d178b1d1e	4421	WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in,
wolfSSL	16:8e0d178b1d1e	4422	word32 inSz, const byte* msg, word32 msgSz, ed448_key* key,
wolfSSL	16:8e0d178b1d1e	4423	buffer* keyBufInfo);
wolfSSL	16:8e0d178b1d1e	4424	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	4425
wolfSSL	15:117db924cf7c	4426
wolfSSL	15:117db924cf7c	4427	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	15:117db924cf7c	4428
wolfSSL	15:117db924cf7c	4429	/* options for searching hash table for a matching trusted peer cert */
wolfSSL	15:117db924cf7c	4430	#define WC_MATCH_SKID 0
wolfSSL	15:117db924cf7c	4431	#define WC_MATCH_NAME 1
wolfSSL	15:117db924cf7c	4432
wolfSSL	15:117db924cf7c	4433	WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
wolfSSL	15:117db924cf7c	4434	int type);
wolfSSL	15:117db924cf7c	4435	WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
wolfSSL	15:117db924cf7c	4436	DecodedCert* cert);
wolfSSL	15:117db924cf7c	4437	#endif
wolfSSL	15:117db924cf7c	4438
wolfSSL	15:117db924cf7c	4439	WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	15:117db924cf7c	4440	#ifndef NO_SKID
wolfSSL	15:117db924cf7c	4441	WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	15:117db924cf7c	4442	#endif
wolfSSL	15:117db924cf7c	4443	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	4444	WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
wolfSSL	15:117db924cf7c	4445	word32* hashLen);
wolfSSL	15:117db924cf7c	4446	WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL	15:117db924cf7c	4447	const byte* sender);
wolfSSL	15:117db924cf7c	4448	WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL	15:117db924cf7c	4449	WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL	15:117db924cf7c	4450	WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL	15:117db924cf7c	4451
wolfSSL	15:117db924cf7c	4452	#ifndef NO_TLS
wolfSSL	15:117db924cf7c	4453	WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL	16:8e0d178b1d1e	4454	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	4455	WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL	15:117db924cf7c	4456	word32 sz, int padSz, int content, int verify);
wolfSSL	15:117db924cf7c	4457	#endif
wolfSSL	16:8e0d178b1d1e	4458	#endif
wolfSSL	15:117db924cf7c	4459
wolfSSL	15:117db924cf7c	4460	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	4461	WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL	15:117db924cf7c	4462	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	4463	WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
wolfSSL	15:117db924cf7c	4464	#endif
wolfSSL	15:117db924cf7c	4465	WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL	15:117db924cf7c	4466	WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL	15:117db924cf7c	4467	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	4468
wolfSSL	15:117db924cf7c	4469	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	4470	WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL	15:117db924cf7c	4471	WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL	15:117db924cf7c	4472	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	4473
wolfSSL	15:117db924cf7c	4474	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	4475	WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	15:117db924cf7c	4476	WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	15:117db924cf7c	4477	WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	15:117db924cf7c	4478	WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	15:117db924cf7c	4479	word32, word32, void*);
wolfSSL	15:117db924cf7c	4480	WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	15:117db924cf7c	4481	WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL, word32, const byte, word32,
wolfSSL	15:117db924cf7c	4482	byte, word32, word32, void*);
wolfSSL	15:117db924cf7c	4483	WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	15:117db924cf7c	4484
wolfSSL	15:117db924cf7c	4485	WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL, const byte, word32);
wolfSSL	15:117db924cf7c	4486	WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
wolfSSL	15:117db924cf7c	4487	WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
wolfSSL	15:117db924cf7c	4488	WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
wolfSSL	15:117db924cf7c	4489	WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
wolfSSL	15:117db924cf7c	4490	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	4491
wolfSSL	15:117db924cf7c	4492	#ifndef NO_TLS
wolfSSL	15:117db924cf7c	4493
wolfSSL	15:117db924cf7c	4494
wolfSSL	15:117db924cf7c	4495	#endif /* NO_TLS */
wolfSSL	15:117db924cf7c	4496
wolfSSL	15:117db924cf7c	4497	#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) \|\| !defined(NO_PSK))
wolfSSL	15:117db924cf7c	4498	WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
wolfSSL	15:117db924cf7c	4499	#endif
wolfSSL	15:117db924cf7c	4500	WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL	15:117db924cf7c	4501
wolfSSL	15:117db924cf7c	4502	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	4503	WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL	15:117db924cf7c	4504	WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
wolfSSL	15:117db924cf7c	4505	WOLFSSL_LOCAL void InitX509(WOLFSSL_X509, int, void heap);
wolfSSL	15:117db924cf7c	4506	WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL	15:117db924cf7c	4507	WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509, DecodedCert);
wolfSSL	15:117db924cf7c	4508	#endif
wolfSSL	15:117db924cf7c	4509
wolfSSL	16:8e0d178b1d1e	4510	#ifndef MAX_CIPHER_NAME
wolfSSL	16:8e0d178b1d1e	4511	#define MAX_CIPHER_NAME 50
wolfSSL	16:8e0d178b1d1e	4512	#endif
wolfSSL	16:8e0d178b1d1e	4513
wolfSSL	16:8e0d178b1d1e	4514	#ifdef WOLFSSL_NAMES_STATIC
wolfSSL	16:8e0d178b1d1e	4515	typedef char cipher_name[MAX_CIPHER_NAME];
wolfSSL	16:8e0d178b1d1e	4516	#else
wolfSSL	16:8e0d178b1d1e	4517	typedef const char* cipher_name;
wolfSSL	16:8e0d178b1d1e	4518	#endif
wolfSSL	16:8e0d178b1d1e	4519
wolfSSL	15:117db924cf7c	4520	typedef struct CipherSuiteInfo {
wolfSSL	16:8e0d178b1d1e	4521	cipher_name name;
wolfSSL	15:117db924cf7c	4522	#ifndef NO_ERROR_STRINGS
wolfSSL	16:8e0d178b1d1e	4523	cipher_name name_iana;
wolfSSL	15:117db924cf7c	4524	#endif
wolfSSL	15:117db924cf7c	4525	byte cipherSuite0;
wolfSSL	15:117db924cf7c	4526	byte cipherSuite;
wolfSSL	16:8e0d178b1d1e	4527	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	4528	byte minor;
wolfSSL	16:8e0d178b1d1e	4529	byte major;
wolfSSL	16:8e0d178b1d1e	4530	#endif
wolfSSL	15:117db924cf7c	4531	} CipherSuiteInfo;
wolfSSL	15:117db924cf7c	4532
wolfSSL	15:117db924cf7c	4533	WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
wolfSSL	15:117db924cf7c	4534	WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL	15:117db924cf7c	4535	WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
wolfSSL	16:8e0d178b1d1e	4536	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	4537	/* used in wolfSSL_sk_CIPHER_description */
wolfSSL	16:8e0d178b1d1e	4538	#define MAX_SEGMENTS 5
wolfSSL	16:8e0d178b1d1e	4539	#define MAX_SEGMENT_SZ 20
wolfSSL	16:8e0d178b1d1e	4540	WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*);
wolfSSL	16:8e0d178b1d1e	4541	WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor);
wolfSSL	16:8e0d178b1d1e	4542	WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]);
wolfSSL	16:8e0d178b1d1e	4543	WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]);
wolfSSL	16:8e0d178b1d1e	4544	WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]);
wolfSSL	16:8e0d178b1d1e	4545	WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]);
wolfSSL	16:8e0d178b1d1e	4546	WOLFSSL_LOCAL int SetCipherBits(const char* enc);
wolfSSL	16:8e0d178b1d1e	4547	#endif
wolfSSL	15:117db924cf7c	4548	WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
wolfSSL	15:117db924cf7c	4549	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4550	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
wolfSSL	16:8e0d178b1d1e	4551	WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
wolfSSL	16:8e0d178b1d1e	4552	byte* cipherSuite);
wolfSSL	15:117db924cf7c	4553
wolfSSL	15:117db924cf7c	4554	enum encrypt_side {
wolfSSL	15:117db924cf7c	4555	ENCRYPT_SIDE_ONLY = 1,
wolfSSL	15:117db924cf7c	4556	DECRYPT_SIDE_ONLY,
wolfSSL	15:117db924cf7c	4557	ENCRYPT_AND_DECRYPT_SIDE
wolfSSL	15:117db924cf7c	4558	};
wolfSSL	15:117db924cf7c	4559
wolfSSL	15:117db924cf7c	4560	WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL	15:117db924cf7c	4561
wolfSSL	16:8e0d178b1d1e	4562	/* SetInternal and SetExternal functions */
wolfSSL	16:8e0d178b1d1e	4563	WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
wolfSSL	16:8e0d178b1d1e	4564	WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
wolfSSL	16:8e0d178b1d1e	4565	#ifndef HAVE_USER_RSA
wolfSSL	16:8e0d178b1d1e	4566	WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
wolfSSL	16:8e0d178b1d1e	4567	WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
wolfSSL	16:8e0d178b1d1e	4568	#endif
wolfSSL	16:8e0d178b1d1e	4569	WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
wolfSSL	16:8e0d178b1d1e	4570	WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
wolfSSL	15:117db924cf7c	4571
wolfSSL	15:117db924cf7c	4572	#ifndef NO_DH
wolfSSL	15:117db924cf7c	4573	WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	15:117db924cf7c	4574	byte* priv, word32* privSz,
wolfSSL	15:117db924cf7c	4575	byte* pub, word32* pubSz);
wolfSSL	15:117db924cf7c	4576	WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	15:117db924cf7c	4577	const byte* priv, word32 privSz,
wolfSSL	15:117db924cf7c	4578	const byte* otherPub, word32 otherPubSz,
wolfSSL	15:117db924cf7c	4579	byte* agree, word32* agreeSz);
wolfSSL	15:117db924cf7c	4580	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	4581
wolfSSL	15:117db924cf7c	4582	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	4583	WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
wolfSSL	16:8e0d178b1d1e	4584	WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum);
wolfSSL	15:117db924cf7c	4585	#endif
wolfSSL	15:117db924cf7c	4586
wolfSSL	15:117db924cf7c	4587	WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4588	WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	4589
wolfSSL	15:117db924cf7c	4590	WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL	15:117db924cf7c	4591	const byte* input, int inSz, int type, int hashOutput,
wolfSSL	15:117db924cf7c	4592	int sizeOnly, int asyncOkay);
wolfSSL	15:117db924cf7c	4593
wolfSSL	15:117db924cf7c	4594	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	4595	int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL	15:117db924cf7c	4596	int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
wolfSSL	15:117db924cf7c	4597	#endif
wolfSSL	15:117db924cf7c	4598
wolfSSL	15:117db924cf7c	4599	WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL	15:117db924cf7c	4600	WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL	15:117db924cf7c	4601
wolfSSL	15:117db924cf7c	4602	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4603	WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
wolfSSL	15:117db924cf7c	4604	WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
wolfSSL	15:117db924cf7c	4605	WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
wolfSSL	15:117db924cf7c	4606	#endif
wolfSSL	15:117db924cf7c	4607
wolfSSL	15:117db924cf7c	4608
wolfSSL	15:117db924cf7c	4609	#ifdef __cplusplus
wolfSSL	15:117db924cf7c	4610	} /* extern "C" */
wolfSSL	15:117db924cf7c	4611	#endif
wolfSSL	15:117db924cf7c	4612
wolfSSL	15:117db924cf7c	4613	#endif /* wolfSSL_INT_H */
wolfSSL	15:117db924cf7c	4614

Repository toolbox

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

Important changes to repositories hosted on mbed.com

wolfssl/internal.h@17:a5f916481144, 2020-06-05 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Important changes to repositories hosted on mbed.com

wolfssl/internal.h@17:a5f916481144, 2020-06-05 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning