wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/internal.h@11:cee25a834751, 2017-05-30 (annotated)

Committer:: wolfSSL
Date:: Tue May 30 01:44:10 2017 +0000
Revision:: 11:cee25a834751

wolfSSL 3.11.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	11:cee25a834751	1	/* internal.h
wolfSSL	11:cee25a834751	2	*
wolfSSL	11:cee25a834751	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	11:cee25a834751	4	*
wolfSSL	11:cee25a834751	5	* This file is part of wolfSSL.
wolfSSL	11:cee25a834751	6	*
wolfSSL	11:cee25a834751	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	11:cee25a834751	8	* it under the terms of the GNU General Public License as published by
wolfSSL	11:cee25a834751	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	11:cee25a834751	10	* (at your option) any later version.
wolfSSL	11:cee25a834751	11	*
wolfSSL	11:cee25a834751	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	11:cee25a834751	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	11:cee25a834751	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	11:cee25a834751	15	* GNU General Public License for more details.
wolfSSL	11:cee25a834751	16	*
wolfSSL	11:cee25a834751	17	* You should have received a copy of the GNU General Public License
wolfSSL	11:cee25a834751	18	* along with this program; if not, write to the Free Software
wolfSSL	11:cee25a834751	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	11:cee25a834751	20	*/
wolfSSL	11:cee25a834751	21
wolfSSL	11:cee25a834751	22
wolfSSL	11:cee25a834751	23
wolfSSL	11:cee25a834751	24	#ifndef WOLFSSL_INT_H
wolfSSL	11:cee25a834751	25	#define WOLFSSL_INT_H
wolfSSL	11:cee25a834751	26
wolfSSL	11:cee25a834751	27
wolfSSL	11:cee25a834751	28	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	11:cee25a834751	29	#include <wolfssl/ssl.h>
wolfSSL	11:cee25a834751	30	#ifdef HAVE_CRL
wolfSSL	11:cee25a834751	31	#include <wolfssl/crl.h>
wolfSSL	11:cee25a834751	32	#endif
wolfSSL	11:cee25a834751	33	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	11:cee25a834751	34	#ifndef NO_DES3
wolfSSL	11:cee25a834751	35	#include <wolfssl/wolfcrypt/des3.h>
wolfSSL	11:cee25a834751	36	#endif
wolfSSL	11:cee25a834751	37	#ifndef NO_HC128
wolfSSL	11:cee25a834751	38	#include <wolfssl/wolfcrypt/hc128.h>
wolfSSL	11:cee25a834751	39	#endif
wolfSSL	11:cee25a834751	40	#ifndef NO_RABBIT
wolfSSL	11:cee25a834751	41	#include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL	11:cee25a834751	42	#endif
wolfSSL	11:cee25a834751	43	#ifdef HAVE_CHACHA
wolfSSL	11:cee25a834751	44	#include <wolfssl/wolfcrypt/chacha.h>
wolfSSL	11:cee25a834751	45	#endif
wolfSSL	11:cee25a834751	46	#ifndef NO_ASN
wolfSSL	11:cee25a834751	47	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	11:cee25a834751	48	#include <wolfssl/wolfcrypt/pkcs12.h>
wolfSSL	11:cee25a834751	49	#endif
wolfSSL	11:cee25a834751	50	#ifndef NO_MD5
wolfSSL	11:cee25a834751	51	#include <wolfssl/wolfcrypt/md5.h>
wolfSSL	11:cee25a834751	52	#endif
wolfSSL	11:cee25a834751	53	#ifndef NO_SHA
wolfSSL	11:cee25a834751	54	#include <wolfssl/wolfcrypt/sha.h>
wolfSSL	11:cee25a834751	55	#endif
wolfSSL	11:cee25a834751	56	#ifndef NO_AES
wolfSSL	11:cee25a834751	57	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	11:cee25a834751	58	#endif
wolfSSL	11:cee25a834751	59	#ifdef HAVE_POLY1305
wolfSSL	11:cee25a834751	60	#include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL	11:cee25a834751	61	#endif
wolfSSL	11:cee25a834751	62	#ifdef HAVE_CAMELLIA
wolfSSL	11:cee25a834751	63	#include <wolfssl/wolfcrypt/camellia.h>
wolfSSL	11:cee25a834751	64	#endif
wolfSSL	11:cee25a834751	65	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	11:cee25a834751	66	#ifndef NO_HMAC
wolfSSL	11:cee25a834751	67	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	11:cee25a834751	68	#endif
wolfSSL	11:cee25a834751	69	#ifndef NO_RC4
wolfSSL	11:cee25a834751	70	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	11:cee25a834751	71	#endif
wolfSSL	11:cee25a834751	72	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	73	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	11:cee25a834751	74	#endif
wolfSSL	11:cee25a834751	75	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	76	#include <wolfssl/wolfcrypt/sha256.h>
wolfSSL	11:cee25a834751	77	#endif
wolfSSL	11:cee25a834751	78	#ifdef HAVE_OCSP
wolfSSL	11:cee25a834751	79	#include <wolfssl/ocsp.h>
wolfSSL	11:cee25a834751	80	#endif
wolfSSL	11:cee25a834751	81	#ifdef WOLFSSL_SHA512
wolfSSL	11:cee25a834751	82	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	11:cee25a834751	83	#endif
wolfSSL	11:cee25a834751	84	#ifdef HAVE_AESGCM
wolfSSL	11:cee25a834751	85	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	11:cee25a834751	86	#endif
wolfSSL	11:cee25a834751	87	#ifdef WOLFSSL_RIPEMD
wolfSSL	11:cee25a834751	88	#include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL	11:cee25a834751	89	#endif
wolfSSL	11:cee25a834751	90	#ifdef HAVE_IDEA
wolfSSL	11:cee25a834751	91	#include <wolfssl/wolfcrypt/idea.h>
wolfSSL	11:cee25a834751	92	#endif
wolfSSL	11:cee25a834751	93	#ifndef NO_RSA
wolfSSL	11:cee25a834751	94	#include <wolfssl/wolfcrypt/rsa.h>
wolfSSL	11:cee25a834751	95	#endif
wolfSSL	11:cee25a834751	96	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	97	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	11:cee25a834751	98	#endif
wolfSSL	11:cee25a834751	99	#ifndef NO_DH
wolfSSL	11:cee25a834751	100	#include <wolfssl/wolfcrypt/dh.h>
wolfSSL	11:cee25a834751	101	#endif
wolfSSL	11:cee25a834751	102
wolfSSL	11:cee25a834751	103	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	11:cee25a834751	104
wolfSSL	11:cee25a834751	105	#ifdef WOLFSSL_CALLBACKS
wolfSSL	11:cee25a834751	106	#include <wolfssl/callbacks.h>
wolfSSL	11:cee25a834751	107	#include <signal.h>
wolfSSL	11:cee25a834751	108	#endif
wolfSSL	11:cee25a834751	109
wolfSSL	11:cee25a834751	110	#ifdef USE_WINDOWS_API
wolfSSL	11:cee25a834751	111	#ifdef WOLFSSL_GAME_BUILD
wolfSSL	11:cee25a834751	112	#include "system/xtl.h"
wolfSSL	11:cee25a834751	113	#else
wolfSSL	11:cee25a834751	114	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	11:cee25a834751	115	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	11:cee25a834751	116	#include <winsock2.h>
wolfSSL	11:cee25a834751	117	#endif
wolfSSL	11:cee25a834751	118	#include <windows.h>
wolfSSL	11:cee25a834751	119	#endif
wolfSSL	11:cee25a834751	120	#elif defined(THREADX)
wolfSSL	11:cee25a834751	121	#ifndef SINGLE_THREADED
wolfSSL	11:cee25a834751	122	#include "tx_api.h"
wolfSSL	11:cee25a834751	123	#endif
wolfSSL	11:cee25a834751	124	#elif defined(MICRIUM)
wolfSSL	11:cee25a834751	125	/* do nothing, just don't pick Unix */
wolfSSL	11:cee25a834751	126	#elif defined(FREERTOS) \|\| defined(FREERTOS_TCP) \|\| defined(WOLFSSL_SAFERTOS)
wolfSSL	11:cee25a834751	127	/* do nothing */
wolfSSL	11:cee25a834751	128	#elif defined(EBSNET)
wolfSSL	11:cee25a834751	129	/* do nothing */
wolfSSL	11:cee25a834751	130	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	11:cee25a834751	131	/* do nothing */
wolfSSL	11:cee25a834751	132	#elif defined(FREESCALE_FREE_RTOS)
wolfSSL	11:cee25a834751	133	#include "fsl_os_abstraction.h"
wolfSSL	11:cee25a834751	134	#elif defined(WOLFSSL_uITRON4)
wolfSSL	11:cee25a834751	135	/* do nothing */
wolfSSL	11:cee25a834751	136	#elif defined(WOLFSSL_uTKERNEL2)
wolfSSL	11:cee25a834751	137	/* do nothing */
wolfSSL	11:cee25a834751	138	#elif defined(WOLFSSL_MDK_ARM)
wolfSSL	11:cee25a834751	139	#if defined(WOLFSSL_MDK5)
wolfSSL	11:cee25a834751	140	#include "cmsis_os.h"
wolfSSL	11:cee25a834751	141	#else
wolfSSL	11:cee25a834751	142	#include <rtl.h>
wolfSSL	11:cee25a834751	143	#endif
wolfSSL	11:cee25a834751	144	#elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL	11:cee25a834751	145	#include "cmsis_os.h"
wolfSSL	11:cee25a834751	146	#elif defined(MBED)
wolfSSL	11:cee25a834751	147	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	11:cee25a834751	148	/* do nothing */
wolfSSL	11:cee25a834751	149	#elif defined(INTIME_RTOS)
wolfSSL	11:cee25a834751	150	#include <rt.h>
wolfSSL	11:cee25a834751	151	#else
wolfSSL	11:cee25a834751	152	#ifndef SINGLE_THREADED
wolfSSL	11:cee25a834751	153	#define WOLFSSL_PTHREADS
wolfSSL	11:cee25a834751	154	#include <pthread.h>
wolfSSL	11:cee25a834751	155	#endif
wolfSSL	11:cee25a834751	156	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	11:cee25a834751	157	#include <unistd.h> /* for close of BIO */
wolfSSL	11:cee25a834751	158	#endif
wolfSSL	11:cee25a834751	159	#endif
wolfSSL	11:cee25a834751	160
wolfSSL	11:cee25a834751	161	#ifndef CHAR_BIT
wolfSSL	11:cee25a834751	162	/* Needed for DTLS without big math */
wolfSSL	11:cee25a834751	163	#include <limits.h>
wolfSSL	11:cee25a834751	164	#endif
wolfSSL	11:cee25a834751	165
wolfSSL	11:cee25a834751	166
wolfSSL	11:cee25a834751	167	#ifdef HAVE_LIBZ
wolfSSL	11:cee25a834751	168	#include "zlib.h"
wolfSSL	11:cee25a834751	169	#endif
wolfSSL	11:cee25a834751	170
wolfSSL	11:cee25a834751	171	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	11:cee25a834751	172	#include <wolfssl/wolfcrypt/async.h>
wolfSSL	11:cee25a834751	173	#endif
wolfSSL	11:cee25a834751	174
wolfSSL	11:cee25a834751	175	#ifdef _MSC_VER
wolfSSL	11:cee25a834751	176	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	11:cee25a834751	177	#pragma warning(disable: 4996)
wolfSSL	11:cee25a834751	178	#endif
wolfSSL	11:cee25a834751	179
wolfSSL	11:cee25a834751	180	#ifdef NO_SHA
wolfSSL	11:cee25a834751	181	#define SHA_DIGEST_SIZE 20
wolfSSL	11:cee25a834751	182	#endif
wolfSSL	11:cee25a834751	183
wolfSSL	11:cee25a834751	184	#ifdef NO_SHA256
wolfSSL	11:cee25a834751	185	#define SHA256_DIGEST_SIZE 32
wolfSSL	11:cee25a834751	186	#endif
wolfSSL	11:cee25a834751	187
wolfSSL	11:cee25a834751	188	#ifdef NO_MD5
wolfSSL	11:cee25a834751	189	#define MD5_DIGEST_SIZE 16
wolfSSL	11:cee25a834751	190	#endif
wolfSSL	11:cee25a834751	191
wolfSSL	11:cee25a834751	192
wolfSSL	11:cee25a834751	193	#ifdef __cplusplus
wolfSSL	11:cee25a834751	194	extern "C" {
wolfSSL	11:cee25a834751	195	#endif
wolfSSL	11:cee25a834751	196
wolfSSL	11:cee25a834751	197
wolfSSL	11:cee25a834751	198	typedef byte word24[3];
wolfSSL	11:cee25a834751	199
wolfSSL	11:cee25a834751	200	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	11:cee25a834751	201	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	11:cee25a834751	202
wolfSSL	11:cee25a834751	203	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	11:cee25a834751	204
wolfSSL	11:cee25a834751	205	Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL	11:cee25a834751	206	flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL	11:cee25a834751	207	Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL	11:cee25a834751	208	need to be switched off. Allowed suites use (EC)DHE, AES-GCM\|CCM, or
wolfSSL	11:cee25a834751	209	CHACHA-POLY.
wolfSSL	11:cee25a834751	210	*/
wolfSSL	11:cee25a834751	211
wolfSSL	11:cee25a834751	212	/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL	11:cee25a834751	213	* not turned off. */
wolfSSL	11:cee25a834751	214	#if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL	11:cee25a834751	215	((!defined(HAVE_ECC) && (defined(NO_DH) \|\| defined(NO_RSA))) \|\| \
wolfSSL	11:cee25a834751	216	(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL	11:cee25a834751	217	(!defined(HAVE_POLY1305) \|\| !defined(HAVE_CHACHA))) \|\| \
wolfSSL	11:cee25a834751	218	(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) \|\| \
wolfSSL	11:cee25a834751	219	!defined(NO_OLD_TLS))
wolfSSL	11:cee25a834751	220
wolfSSL	11:cee25a834751	221	#error "You are trying to build max strength with requirements disabled."
wolfSSL	11:cee25a834751	222	#endif
wolfSSL	11:cee25a834751	223
wolfSSL	11:cee25a834751	224	/* Have QSH : Quantum-safe Handshake */
wolfSSL	11:cee25a834751	225	#if defined(HAVE_QSH)
wolfSSL	11:cee25a834751	226	#define BUILD_TLS_QSH
wolfSSL	11:cee25a834751	227	#endif
wolfSSL	11:cee25a834751	228
wolfSSL	11:cee25a834751	229	#ifndef WOLFSSL_MAX_STRENGTH
wolfSSL	11:cee25a834751	230
wolfSSL	11:cee25a834751	231	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	11:cee25a834751	232	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	233	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	234	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	11:cee25a834751	235	#endif
wolfSSL	11:cee25a834751	236	#if !defined(NO_MD5)
wolfSSL	11:cee25a834751	237	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	11:cee25a834751	238	#endif
wolfSSL	11:cee25a834751	239	#endif
wolfSSL	11:cee25a834751	240	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
wolfSSL	11:cee25a834751	241	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	242	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	11:cee25a834751	243	#endif
wolfSSL	11:cee25a834751	244	#endif
wolfSSL	11:cee25a834751	245
wolfSSL	11:cee25a834751	246	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	11:cee25a834751	247	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	248	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	249	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	250	#endif
wolfSSL	11:cee25a834751	251	#if !defined(NO_TLS) && defined(HAVE_NTRU) \
wolfSSL	11:cee25a834751	252	&& defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	253	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	254	#endif
wolfSSL	11:cee25a834751	255	#endif
wolfSSL	11:cee25a834751	256	#endif
wolfSSL	11:cee25a834751	257
wolfSSL	11:cee25a834751	258	#if !defined(NO_RSA) && defined(HAVE_IDEA)
wolfSSL	11:cee25a834751	259	#if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	260	#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	11:cee25a834751	261	#endif
wolfSSL	11:cee25a834751	262	#endif
wolfSSL	11:cee25a834751	263
wolfSSL	11:cee25a834751	264	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	265	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	266	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	267	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	268	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	269	#endif
wolfSSL	11:cee25a834751	270	#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	271	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	272	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	273	#endif
wolfSSL	11:cee25a834751	274	#endif
wolfSSL	11:cee25a834751	275	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	276	#if !defined (NO_SHA256)
wolfSSL	11:cee25a834751	277	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	278	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	11:cee25a834751	279	#endif
wolfSSL	11:cee25a834751	280	#if defined (HAVE_AESGCM)
wolfSSL	11:cee25a834751	281	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	282	#if defined (WOLFSSL_SHA384)
wolfSSL	11:cee25a834751	283	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	284	#endif
wolfSSL	11:cee25a834751	285	#endif
wolfSSL	11:cee25a834751	286	#if defined (HAVE_AESCCM)
wolfSSL	11:cee25a834751	287	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	11:cee25a834751	288	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	11:cee25a834751	289	#endif
wolfSSL	11:cee25a834751	290	#if defined(HAVE_BLAKE2)
wolfSSL	11:cee25a834751	291	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	11:cee25a834751	292	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	11:cee25a834751	293	#endif
wolfSSL	11:cee25a834751	294	#endif
wolfSSL	11:cee25a834751	295	#endif
wolfSSL	11:cee25a834751	296
wolfSSL	11:cee25a834751	297	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	298	#ifndef NO_RSA
wolfSSL	11:cee25a834751	299	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	300	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	301	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	11:cee25a834751	302	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	11:cee25a834751	303	#endif
wolfSSL	11:cee25a834751	304	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	305	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	11:cee25a834751	306	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	11:cee25a834751	307	#endif
wolfSSL	11:cee25a834751	308	#endif
wolfSSL	11:cee25a834751	309	#if !defined(NO_DH)
wolfSSL	11:cee25a834751	310	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	311	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	11:cee25a834751	312	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	11:cee25a834751	313	#endif
wolfSSL	11:cee25a834751	314	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	315	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	11:cee25a834751	316	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	11:cee25a834751	317	#endif
wolfSSL	11:cee25a834751	318	#endif
wolfSSL	11:cee25a834751	319	#endif
wolfSSL	11:cee25a834751	320	#endif
wolfSSL	11:cee25a834751	321
wolfSSL	11:cee25a834751	322	#if defined(WOLFSSL_STATIC_PSK)
wolfSSL	11:cee25a834751	323	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	324	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	325	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	326	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	327	#endif
wolfSSL	11:cee25a834751	328	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	329	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	330	#ifdef HAVE_AESGCM
wolfSSL	11:cee25a834751	331	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	332	#endif
wolfSSL	11:cee25a834751	333	#ifdef HAVE_AESCCM
wolfSSL	11:cee25a834751	334	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	11:cee25a834751	335	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	11:cee25a834751	336	#define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	11:cee25a834751	337	#define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	11:cee25a834751	338	#endif
wolfSSL	11:cee25a834751	339	#endif
wolfSSL	11:cee25a834751	340	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	341	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	11:cee25a834751	342	#ifdef HAVE_AESGCM
wolfSSL	11:cee25a834751	343	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	344	#endif
wolfSSL	11:cee25a834751	345	#endif
wolfSSL	11:cee25a834751	346	#endif
wolfSSL	11:cee25a834751	347	#endif
wolfSSL	11:cee25a834751	348
wolfSSL	11:cee25a834751	349	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	11:cee25a834751	350	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	351	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	352	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	353	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	11:cee25a834751	354	#endif
wolfSSL	11:cee25a834751	355	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	356	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	11:cee25a834751	357	#endif
wolfSSL	11:cee25a834751	358	#endif
wolfSSL	11:cee25a834751	359	#endif
wolfSSL	11:cee25a834751	360	#if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
wolfSSL	11:cee25a834751	361	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	362	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	11:cee25a834751	363	#endif
wolfSSL	11:cee25a834751	364	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	365	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	11:cee25a834751	366	#endif
wolfSSL	11:cee25a834751	367	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	368	#define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	11:cee25a834751	369	#endif
wolfSSL	11:cee25a834751	370	#endif
wolfSSL	11:cee25a834751	371	#endif
wolfSSL	11:cee25a834751	372
wolfSSL	11:cee25a834751	373	#if defined(WOLFSSL_STATIC_RSA)
wolfSSL	11:cee25a834751	374	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	375	#ifndef NO_MD5
wolfSSL	11:cee25a834751	376	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	11:cee25a834751	377	#endif
wolfSSL	11:cee25a834751	378	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	379	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	11:cee25a834751	380	#endif
wolfSSL	11:cee25a834751	381	#if defined(HAVE_BLAKE2)
wolfSSL	11:cee25a834751	382	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	11:cee25a834751	383	#endif
wolfSSL	11:cee25a834751	384	#endif
wolfSSL	11:cee25a834751	385
wolfSSL	11:cee25a834751	386	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	11:cee25a834751	387	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	388	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	11:cee25a834751	389	#endif
wolfSSL	11:cee25a834751	390	#endif
wolfSSL	11:cee25a834751	391	#endif
wolfSSL	11:cee25a834751	392
wolfSSL	11:cee25a834751	393	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	11:cee25a834751	394	!defined(NO_RSA)
wolfSSL	11:cee25a834751	395
wolfSSL	11:cee25a834751	396	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	397	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	398	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	399	#if !defined(NO_DES3)
wolfSSL	11:cee25a834751	400	#define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	401	#endif
wolfSSL	11:cee25a834751	402	#endif
wolfSSL	11:cee25a834751	403	#if !defined(NO_SHA256)
wolfSSL	11:cee25a834751	404	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	405	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	11:cee25a834751	406	#endif
wolfSSL	11:cee25a834751	407	#endif
wolfSSL	11:cee25a834751	408
wolfSSL	11:cee25a834751	409	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL	11:cee25a834751	410	!defined(NO_AES) && !defined(NO_SHA)
wolfSSL	11:cee25a834751	411	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	412	#endif
wolfSSL	11:cee25a834751	413
wolfSSL	11:cee25a834751	414	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	415	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	416	#ifndef NO_AES
wolfSSL	11:cee25a834751	417	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	418	#endif
wolfSSL	11:cee25a834751	419	#ifdef HAVE_NULL_CIPHER
wolfSSL	11:cee25a834751	420	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	11:cee25a834751	421	#endif
wolfSSL	11:cee25a834751	422	#endif
wolfSSL	11:cee25a834751	423	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	424	#ifndef NO_AES
wolfSSL	11:cee25a834751	425	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	11:cee25a834751	426	#endif
wolfSSL	11:cee25a834751	427	#ifdef HAVE_NULL_CIPHER
wolfSSL	11:cee25a834751	428	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	11:cee25a834751	429	#endif
wolfSSL	11:cee25a834751	430	#endif
wolfSSL	11:cee25a834751	431	#endif
wolfSSL	11:cee25a834751	432
wolfSSL	11:cee25a834751	433	#if defined(HAVE_ECC) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	434	#if !defined(NO_AES)
wolfSSL	11:cee25a834751	435	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	436	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	437	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	438	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	439	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	440	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	441	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	442	#endif
wolfSSL	11:cee25a834751	443	#endif
wolfSSL	11:cee25a834751	444
wolfSSL	11:cee25a834751	445	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	446	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	447
wolfSSL	11:cee25a834751	448	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	449	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	11:cee25a834751	450	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	11:cee25a834751	451	#endif
wolfSSL	11:cee25a834751	452	#endif /* NO_SHA */
wolfSSL	11:cee25a834751	453	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	454	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	455	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	456	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	457	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	458	#endif
wolfSSL	11:cee25a834751	459	#endif
wolfSSL	11:cee25a834751	460	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	461	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	462	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	463	#endif
wolfSSL	11:cee25a834751	464	#endif
wolfSSL	11:cee25a834751	465
wolfSSL	11:cee25a834751	466	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	467	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	468	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	11:cee25a834751	469	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	470	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	11:cee25a834751	471	#endif
wolfSSL	11:cee25a834751	472	#endif
wolfSSL	11:cee25a834751	473	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	11:cee25a834751	474	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	475	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	11:cee25a834751	476	#endif
wolfSSL	11:cee25a834751	477	#endif
wolfSSL	11:cee25a834751	478
wolfSSL	11:cee25a834751	479	#if defined (HAVE_AESGCM)
wolfSSL	11:cee25a834751	480	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	481	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	482	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	483	#endif
wolfSSL	11:cee25a834751	484	#if defined(WOLFSSL_SHA384)
wolfSSL	11:cee25a834751	485	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	486	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	487	#endif
wolfSSL	11:cee25a834751	488	#endif
wolfSSL	11:cee25a834751	489	#endif
wolfSSL	11:cee25a834751	490
wolfSSL	11:cee25a834751	491	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	492	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	493	#endif
wolfSSL	11:cee25a834751	494
wolfSSL	11:cee25a834751	495	#if defined(WOLFSSL_SHA384)
wolfSSL	11:cee25a834751	496	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	497	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	498	#endif
wolfSSL	11:cee25a834751	499	#endif
wolfSSL	11:cee25a834751	500	#endif
wolfSSL	11:cee25a834751	501	#endif /* NO_AES */
wolfSSL	11:cee25a834751	502	#if !defined(NO_RC4)
wolfSSL	11:cee25a834751	503	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	504	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	505	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	11:cee25a834751	506	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	507	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	11:cee25a834751	508	#endif
wolfSSL	11:cee25a834751	509	#endif
wolfSSL	11:cee25a834751	510
wolfSSL	11:cee25a834751	511	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	11:cee25a834751	512	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	513	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	11:cee25a834751	514	#endif
wolfSSL	11:cee25a834751	515	#endif
wolfSSL	11:cee25a834751	516	#endif
wolfSSL	11:cee25a834751	517	#if !defined(NO_DES3)
wolfSSL	11:cee25a834751	518	#ifndef NO_SHA
wolfSSL	11:cee25a834751	519	#if !defined(NO_RSA)
wolfSSL	11:cee25a834751	520	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	521	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	522	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	523	#endif
wolfSSL	11:cee25a834751	524	#endif
wolfSSL	11:cee25a834751	525
wolfSSL	11:cee25a834751	526	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	527	#if defined(WOLFSSL_STATIC_DH)
wolfSSL	11:cee25a834751	528	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	11:cee25a834751	529	#endif
wolfSSL	11:cee25a834751	530	#endif /* NO_SHA */
wolfSSL	11:cee25a834751	531	#endif
wolfSSL	11:cee25a834751	532	#if defined(HAVE_NULL_CIPHER)
wolfSSL	11:cee25a834751	533	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	534	#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	11:cee25a834751	535	#endif
wolfSSL	11:cee25a834751	536	#if !defined(NO_PSK) && !defined(NO_SHA256)
wolfSSL	11:cee25a834751	537	#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	11:cee25a834751	538	#endif
wolfSSL	11:cee25a834751	539	#endif
wolfSSL	11:cee25a834751	540	#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
wolfSSL	11:cee25a834751	541	#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	11:cee25a834751	542	#endif
wolfSSL	11:cee25a834751	543	#endif
wolfSSL	11:cee25a834751	544	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	11:cee25a834751	545	#if !defined(NO_OLD_POLY1305)
wolfSSL	11:cee25a834751	546	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	547	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	11:cee25a834751	548	#ifndef NO_RSA
wolfSSL	11:cee25a834751	549	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	11:cee25a834751	550	#endif
wolfSSL	11:cee25a834751	551	#endif
wolfSSL	11:cee25a834751	552	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	11:cee25a834751	553	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	11:cee25a834751	554	#endif
wolfSSL	11:cee25a834751	555	#endif /* NO_OLD_POLY1305 */
wolfSSL	11:cee25a834751	556	#if !defined(NO_PSK)
wolfSSL	11:cee25a834751	557	#define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	11:cee25a834751	558	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	559	#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	11:cee25a834751	560	#endif
wolfSSL	11:cee25a834751	561	#ifndef NO_DH
wolfSSL	11:cee25a834751	562	#define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	11:cee25a834751	563	#endif
wolfSSL	11:cee25a834751	564	#endif /* !NO_PSK */
wolfSSL	11:cee25a834751	565	#endif
wolfSSL	11:cee25a834751	566
wolfSSL	11:cee25a834751	567	#endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL	11:cee25a834751	568
wolfSSL	11:cee25a834751	569	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	11:cee25a834751	570	!defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL	11:cee25a834751	571
wolfSSL	11:cee25a834751	572	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	573	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	574	#endif
wolfSSL	11:cee25a834751	575
wolfSSL	11:cee25a834751	576	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	577	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	578	#endif
wolfSSL	11:cee25a834751	579	#endif
wolfSSL	11:cee25a834751	580
wolfSSL	11:cee25a834751	581	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	11:cee25a834751	582	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	583	#ifdef HAVE_AESGCM
wolfSSL	11:cee25a834751	584	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	585	#endif
wolfSSL	11:cee25a834751	586	#ifdef HAVE_AESCCM
wolfSSL	11:cee25a834751	587	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	11:cee25a834751	588	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	11:cee25a834751	589	#endif
wolfSSL	11:cee25a834751	590	#endif
wolfSSL	11:cee25a834751	591	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL	11:cee25a834751	592	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	593	#endif
wolfSSL	11:cee25a834751	594	#endif
wolfSSL	11:cee25a834751	595
wolfSSL	11:cee25a834751	596	#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
wolfSSL	11:cee25a834751	597	#ifdef HAVE_AESGCM
wolfSSL	11:cee25a834751	598	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	599	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	600	#ifndef NO_RSA
wolfSSL	11:cee25a834751	601	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	11:cee25a834751	602	#endif
wolfSSL	11:cee25a834751	603	#endif
wolfSSL	11:cee25a834751	604	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	605	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	606	#ifndef NO_RSA
wolfSSL	11:cee25a834751	607	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	11:cee25a834751	608	#endif
wolfSSL	11:cee25a834751	609	#endif
wolfSSL	11:cee25a834751	610	#endif
wolfSSL	11:cee25a834751	611	#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL	11:cee25a834751	612	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL	11:cee25a834751	613	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	11:cee25a834751	614	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	11:cee25a834751	615	#endif
wolfSSL	11:cee25a834751	616	#endif
wolfSSL	11:cee25a834751	617
wolfSSL	11:cee25a834751	618	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	11:cee25a834751	619	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	620	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	11:cee25a834751	621	#ifndef NO_RSA
wolfSSL	11:cee25a834751	622	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	11:cee25a834751	623	#endif
wolfSSL	11:cee25a834751	624	#endif
wolfSSL	11:cee25a834751	625	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	11:cee25a834751	626	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	11:cee25a834751	627	#endif
wolfSSL	11:cee25a834751	628	#endif
wolfSSL	11:cee25a834751	629
wolfSSL	11:cee25a834751	630
wolfSSL	11:cee25a834751	631	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	11:cee25a834751	632	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	11:cee25a834751	633	#define BUILD_ARC4
wolfSSL	11:cee25a834751	634	#endif
wolfSSL	11:cee25a834751	635
wolfSSL	11:cee25a834751	636	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	11:cee25a834751	637	#define BUILD_DES3
wolfSSL	11:cee25a834751	638	#endif
wolfSSL	11:cee25a834751	639
wolfSSL	11:cee25a834751	640	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	11:cee25a834751	641	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	11:cee25a834751	642	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) \|\| \
wolfSSL	11:cee25a834751	643	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
wolfSSL	11:cee25a834751	644	#undef BUILD_AES
wolfSSL	11:cee25a834751	645	#define BUILD_AES
wolfSSL	11:cee25a834751	646	#endif
wolfSSL	11:cee25a834751	647
wolfSSL	11:cee25a834751	648	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	11:cee25a834751	649	defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	11:cee25a834751	650	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	11:cee25a834751	651	defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	11:cee25a834751	652	defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	11:cee25a834751	653	defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	11:cee25a834751	654	defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	11:cee25a834751	655	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	11:cee25a834751	656	defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) \|\| \
wolfSSL	11:cee25a834751	657	defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
wolfSSL	11:cee25a834751	658	#define BUILD_AESGCM
wolfSSL	11:cee25a834751	659	#endif
wolfSSL	11:cee25a834751	660
wolfSSL	11:cee25a834751	661	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	11:cee25a834751	662	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
wolfSSL	11:cee25a834751	663	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL	11:cee25a834751	664	#define BUILD_HC128
wolfSSL	11:cee25a834751	665	#endif
wolfSSL	11:cee25a834751	666
wolfSSL	11:cee25a834751	667	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	11:cee25a834751	668	#define BUILD_RABBIT
wolfSSL	11:cee25a834751	669	#endif
wolfSSL	11:cee25a834751	670
wolfSSL	11:cee25a834751	671	#ifdef NO_DES3
wolfSSL	11:cee25a834751	672	#define DES_BLOCK_SIZE 8
wolfSSL	11:cee25a834751	673	#else
wolfSSL	11:cee25a834751	674	#undef BUILD_DES3
wolfSSL	11:cee25a834751	675	#define BUILD_DES3
wolfSSL	11:cee25a834751	676	#endif
wolfSSL	11:cee25a834751	677
wolfSSL	11:cee25a834751	678	#if defined(NO_AES) \|\| defined(NO_AES_DECRYPT)
wolfSSL	11:cee25a834751	679	#define AES_BLOCK_SIZE 16
wolfSSL	11:cee25a834751	680	#undef BUILD_AES
wolfSSL	11:cee25a834751	681	#else
wolfSSL	11:cee25a834751	682	#undef BUILD_AES
wolfSSL	11:cee25a834751	683	#define BUILD_AES
wolfSSL	11:cee25a834751	684	#endif
wolfSSL	11:cee25a834751	685
wolfSSL	11:cee25a834751	686	#ifndef NO_RC4
wolfSSL	11:cee25a834751	687	#undef BUILD_ARC4
wolfSSL	11:cee25a834751	688	#define BUILD_ARC4
wolfSSL	11:cee25a834751	689	#endif
wolfSSL	11:cee25a834751	690
wolfSSL	11:cee25a834751	691	#ifdef HAVE_CHACHA
wolfSSL	11:cee25a834751	692	#define CHACHA20_BLOCK_SIZE 16
wolfSSL	11:cee25a834751	693	#endif
wolfSSL	11:cee25a834751	694
wolfSSL	11:cee25a834751	695	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	11:cee25a834751	696	defined(HAVE_AESGCM) \|\| defined(HAVE_AESCCM) \|\| \
wolfSSL	11:cee25a834751	697	(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
wolfSSL	11:cee25a834751	698
wolfSSL	11:cee25a834751	699	#define HAVE_AEAD
wolfSSL	11:cee25a834751	700	#endif
wolfSSL	11:cee25a834751	701
wolfSSL	11:cee25a834751	702	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	11:cee25a834751	703	defined(HAVE_ECC) \|\| !defined(NO_DH)
wolfSSL	11:cee25a834751	704
wolfSSL	11:cee25a834751	705	#define HAVE_PFS
wolfSSL	11:cee25a834751	706	#endif
wolfSSL	11:cee25a834751	707
wolfSSL	11:cee25a834751	708	#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
wolfSSL	11:cee25a834751	709	#define BUILD_IDEA
wolfSSL	11:cee25a834751	710	#endif
wolfSSL	11:cee25a834751	711
wolfSSL	11:cee25a834751	712	/* actual cipher values, 2nd byte */
wolfSSL	11:cee25a834751	713	enum {
wolfSSL	11:cee25a834751	714	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
wolfSSL	11:cee25a834751	715	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	11:cee25a834751	716	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	11:cee25a834751	717	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL	11:cee25a834751	718	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	11:cee25a834751	719	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	11:cee25a834751	720	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	11:cee25a834751	721	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	11:cee25a834751	722	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	11:cee25a834751	723	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL	11:cee25a834751	724	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	11:cee25a834751	725	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	11:cee25a834751	726	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL	11:cee25a834751	727	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	11:cee25a834751	728	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	11:cee25a834751	729	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	11:cee25a834751	730	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	11:cee25a834751	731	SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
wolfSSL	11:cee25a834751	732
wolfSSL	11:cee25a834751	733	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	11:cee25a834751	734	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	11:cee25a834751	735	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	11:cee25a834751	736	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	11:cee25a834751	737	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	11:cee25a834751	738	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	11:cee25a834751	739	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	11:cee25a834751	740	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	11:cee25a834751	741	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	11:cee25a834751	742	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	11:cee25a834751	743	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	11:cee25a834751	744	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	11:cee25a834751	745	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	11:cee25a834751	746	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
wolfSSL	11:cee25a834751	747	TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
wolfSSL	11:cee25a834751	748	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
wolfSSL	11:cee25a834751	749
wolfSSL	11:cee25a834751	750	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	11:cee25a834751	751	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	11:cee25a834751	752	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	11:cee25a834751	753	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	11:cee25a834751	754	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	11:cee25a834751	755	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	11:cee25a834751	756	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	11:cee25a834751	757	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	11:cee25a834751	758	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	11:cee25a834751	759	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	11:cee25a834751	760	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	11:cee25a834751	761	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	11:cee25a834751	762	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	11:cee25a834751	763
wolfSSL	11:cee25a834751	764	/* wolfSSL extension - eSTREAM */
wolfSSL	11:cee25a834751	765	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	11:cee25a834751	766	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	11:cee25a834751	767	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	11:cee25a834751	768
wolfSSL	11:cee25a834751	769	/* wolfSSL extension - Blake2b 256 */
wolfSSL	11:cee25a834751	770	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL	11:cee25a834751	771	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL	11:cee25a834751	772	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL	11:cee25a834751	773
wolfSSL	11:cee25a834751	774	/* wolfSSL extension - NTRU */
wolfSSL	11:cee25a834751	775	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	11:cee25a834751	776	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	11:cee25a834751	777	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL	11:cee25a834751	778	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	11:cee25a834751	779
wolfSSL	11:cee25a834751	780	/* wolfSSL extension - NTRU , Quantum-safe Handshake
wolfSSL	11:cee25a834751	781	first byte is 0xD0 (QSH_BYTE) */
wolfSSL	11:cee25a834751	782	TLS_QSH = 0x01,
wolfSSL	11:cee25a834751	783
wolfSSL	11:cee25a834751	784	/* SHA256 */
wolfSSL	11:cee25a834751	785	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	11:cee25a834751	786	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	11:cee25a834751	787	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	11:cee25a834751	788	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	11:cee25a834751	789	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	11:cee25a834751	790	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL	11:cee25a834751	791	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL	11:cee25a834751	792
wolfSSL	11:cee25a834751	793	/* SHA384 */
wolfSSL	11:cee25a834751	794	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL	11:cee25a834751	795	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL	11:cee25a834751	796
wolfSSL	11:cee25a834751	797	/* AES-GCM */
wolfSSL	11:cee25a834751	798	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	11:cee25a834751	799	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	11:cee25a834751	800	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	11:cee25a834751	801	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	11:cee25a834751	802	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL	11:cee25a834751	803	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL	11:cee25a834751	804	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL	11:cee25a834751	805	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL	11:cee25a834751	806
wolfSSL	11:cee25a834751	807	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	11:cee25a834751	808	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	11:cee25a834751	809	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	11:cee25a834751	810	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	11:cee25a834751	811	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	11:cee25a834751	812	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	11:cee25a834751	813	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	11:cee25a834751	814	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	11:cee25a834751	815	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	11:cee25a834751	816
wolfSSL	11:cee25a834751	817	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	11:cee25a834751	818	* also, in some of the other AES-CCM suites
wolfSSL	11:cee25a834751	819	* there will be second byte number conflicts
wolfSSL	11:cee25a834751	820	* with non-ECC AES-GCM */
wolfSSL	11:cee25a834751	821	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	11:cee25a834751	822	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	11:cee25a834751	823	TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
wolfSSL	11:cee25a834751	824	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	11:cee25a834751	825	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	11:cee25a834751	826	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	11:cee25a834751	827	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	11:cee25a834751	828	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	11:cee25a834751	829	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	11:cee25a834751	830	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL	11:cee25a834751	831	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL	11:cee25a834751	832
wolfSSL	11:cee25a834751	833	/* Camellia */
wolfSSL	11:cee25a834751	834	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	11:cee25a834751	835	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	11:cee25a834751	836	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	11:cee25a834751	837	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	11:cee25a834751	838	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	11:cee25a834751	839	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	11:cee25a834751	840	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	11:cee25a834751	841	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	11:cee25a834751	842
wolfSSL	11:cee25a834751	843	/* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
wolfSSL	11:cee25a834751	844	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
wolfSSL	11:cee25a834751	845	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
wolfSSL	11:cee25a834751	846	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
wolfSSL	11:cee25a834751	847	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
wolfSSL	11:cee25a834751	848	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
wolfSSL	11:cee25a834751	849	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
wolfSSL	11:cee25a834751	850
wolfSSL	11:cee25a834751	851	/* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
wolfSSL	11:cee25a834751	852	TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
wolfSSL	11:cee25a834751	853	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
wolfSSL	11:cee25a834751	854	TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
wolfSSL	11:cee25a834751	855
wolfSSL	11:cee25a834751	856	/* Renegotiation Indication Extension Special Suite */
wolfSSL	11:cee25a834751	857	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	11:cee25a834751	858	};
wolfSSL	11:cee25a834751	859
wolfSSL	11:cee25a834751	860
wolfSSL	11:cee25a834751	861	#ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL	11:cee25a834751	862	#define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL	11:cee25a834751	863	/* default session resumption cache timeout in seconds */
wolfSSL	11:cee25a834751	864	#endif
wolfSSL	11:cee25a834751	865
wolfSSL	11:cee25a834751	866
wolfSSL	11:cee25a834751	867	#ifndef WOLFSSL_DTLS_WINDOW_WORDS
wolfSSL	11:cee25a834751	868	#define WOLFSSL_DTLS_WINDOW_WORDS 2
wolfSSL	11:cee25a834751	869	#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
wolfSSL	11:cee25a834751	870	#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
wolfSSL	11:cee25a834751	871	#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
wolfSSL	11:cee25a834751	872	#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL	11:cee25a834751	873
wolfSSL	11:cee25a834751	874
wolfSSL	11:cee25a834751	875	enum Misc {
wolfSSL	11:cee25a834751	876	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	11:cee25a834751	877	QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
wolfSSL	11:cee25a834751	878	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL	11:cee25a834751	879
wolfSSL	11:cee25a834751	880	SEND_CERT = 1,
wolfSSL	11:cee25a834751	881	SEND_BLANK_CERT = 2,
wolfSSL	11:cee25a834751	882
wolfSSL	11:cee25a834751	883	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	11:cee25a834751	884	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	11:cee25a834751	885	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	11:cee25a834751	886	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	11:cee25a834751	887	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	11:cee25a834751	888	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	11:cee25a834751	889	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	11:cee25a834751	890	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	11:cee25a834751	891	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL	11:cee25a834751	892	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	11:cee25a834751	893	NO_COMPRESSION = 0,
wolfSSL	11:cee25a834751	894	ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL	11:cee25a834751	895	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	11:cee25a834751	896	HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
wolfSSL	11:cee25a834751	897	SECRET_LEN = 48, /* pre RSA and all master */
wolfSSL	11:cee25a834751	898	#if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL	11:cee25a834751	899	ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
wolfSSL	11:cee25a834751	900	#else
wolfSSL	11:cee25a834751	901	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	11:cee25a834751	902	#endif
wolfSSL	11:cee25a834751	903	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	11:cee25a834751	904	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
wolfSSL	11:cee25a834751	905	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	11:cee25a834751	906	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
wolfSSL	11:cee25a834751	907	/* max added to msg, mac + pad from */
wolfSSL	11:cee25a834751	908	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	11:cee25a834751	909	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	11:cee25a834751	910	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	11:cee25a834751	911	MAX_MTU = 1500, /* max expected MTU */
wolfSSL	11:cee25a834751	912	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	11:cee25a834751	913	MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
wolfSSL	11:cee25a834751	914	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	11:cee25a834751	915
wolfSSL	11:cee25a834751	916	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	11:cee25a834751	917	PAD_SHA = 40, /* pad length for finished */
wolfSSL	11:cee25a834751	918	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	11:cee25a834751	919	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
wolfSSL	11:cee25a834751	920	COMPRESS_CONSTANT = 13, /* compression calc constant */
wolfSSL	11:cee25a834751	921	COMPRESS_UPPER = 55, /* compression calc numerator */
wolfSSL	11:cee25a834751	922	COMPRESS_LOWER = 64, /* compression calc denominator */
wolfSSL	11:cee25a834751	923
wolfSSL	11:cee25a834751	924	PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL	11:cee25a834751	925	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	11:cee25a834751	926	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	11:cee25a834751	927	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	11:cee25a834751	928	ALERT_SIZE = 2, /* level + description */
wolfSSL	11:cee25a834751	929	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	11:cee25a834751	930	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	11:cee25a834751	931	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
wolfSSL	11:cee25a834751	932	SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL	11:cee25a834751	933
wolfSSL	11:cee25a834751	934	RAN_LEN = 32, /* random length */
wolfSSL	11:cee25a834751	935	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	11:cee25a834751	936	ID_LEN = 32, /* session id length */
wolfSSL	11:cee25a834751	937	COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
wolfSSL	11:cee25a834751	938	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	11:cee25a834751	939	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	11:cee25a834751	940	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	11:cee25a834751	941	ENUM_LEN = 1, /* always a byte */
wolfSSL	11:cee25a834751	942	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	11:cee25a834751	943	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	11:cee25a834751	944	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	11:cee25a834751	945	OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL	11:cee25a834751	946	OPAQUE64_LEN = 8, /* 8 bytes */
wolfSSL	11:cee25a834751	947	COMP_LEN = 1, /* compression length */
wolfSSL	11:cee25a834751	948	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	11:cee25a834751	949	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	11:cee25a834751	950
wolfSSL	11:cee25a834751	951	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	11:cee25a834751	952	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	11:cee25a834751	953	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	11:cee25a834751	954	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	11:cee25a834751	955	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	11:cee25a834751	956	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	11:cee25a834751	957	HELLO_EXT_SZ = 4, /* base length of a hello extension */
wolfSSL	11:cee25a834751	958	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	11:cee25a834751	959	HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
wolfSSL	11:cee25a834751	960	HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
wolfSSL	11:cee25a834751	961	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
wolfSSL	11:cee25a834751	962
wolfSSL	11:cee25a834751	963	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	11:cee25a834751	964	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	11:cee25a834751	965	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	11:cee25a834751	966	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	11:cee25a834751	967	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	11:cee25a834751	968	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	11:cee25a834751	969	DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
wolfSSL	11:cee25a834751	970	DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
wolfSSL	11:cee25a834751	971	DTLS_EXPORT_VERSION = 3, /* wolfSSL version for serialized session */
wolfSSL	11:cee25a834751	972	DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
wolfSSL	11:cee25a834751	973	DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
wolfSSL	11:cee25a834751	974	/* max amount of bytes used from Keys */
wolfSSL	11:cee25a834751	975	DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
wolfSSL	11:cee25a834751	976	/* min amount of bytes used from Keys */
wolfSSL	11:cee25a834751	977	DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
wolfSSL	11:cee25a834751	978	DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
wolfSSL	11:cee25a834751	979	DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
wolfSSL	11:cee25a834751	980	MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
wolfSSL	11:cee25a834751	981	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	11:cee25a834751	982	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	11:cee25a834751	983	EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
wolfSSL	11:cee25a834751	984	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	11:cee25a834751	985	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	11:cee25a834751	986	MAX_PRF_HALF = 256, /* Maximum half secret len */
wolfSSL	11:cee25a834751	987	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL	11:cee25a834751	988	MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL	11:cee25a834751	989	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	11:cee25a834751	990	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	11:cee25a834751	991
wolfSSL	11:cee25a834751	992	RC4_KEY_SIZE = 16, /* always 128bit */
wolfSSL	11:cee25a834751	993	DES_KEY_SIZE = 8, /* des */
wolfSSL	11:cee25a834751	994	DES3_KEY_SIZE = 24, /* 3 des ede */
wolfSSL	11:cee25a834751	995	DES_IV_SIZE = DES_BLOCK_SIZE,
wolfSSL	11:cee25a834751	996	AES_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	11:cee25a834751	997	AES_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	11:cee25a834751	998	AES_IV_SIZE = 16, /* always block size */
wolfSSL	11:cee25a834751	999	AES_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	11:cee25a834751	1000
wolfSSL	11:cee25a834751	1001	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	11:cee25a834751	1002	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	11:cee25a834751	1003	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	11:cee25a834751	1004	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	11:cee25a834751	1005	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	11:cee25a834751	1006	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	11:cee25a834751	1007	AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
wolfSSL	11:cee25a834751	1008	AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
wolfSSL	11:cee25a834751	1009	AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
wolfSSL	11:cee25a834751	1010
wolfSSL	11:cee25a834751	1011	CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
wolfSSL	11:cee25a834751	1012	CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
wolfSSL	11:cee25a834751	1013	CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
wolfSSL	11:cee25a834751	1014
wolfSSL	11:cee25a834751	1015	/* For any new implicit/explicit IV size adjust AEAD_MAX_**_SZ /
wolfSSL	11:cee25a834751	1016
wolfSSL	11:cee25a834751	1017	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	11:cee25a834751	1018	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	11:cee25a834751	1019	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	11:cee25a834751	1020
wolfSSL	11:cee25a834751	1021	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	11:cee25a834751	1022	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	11:cee25a834751	1023	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	11:cee25a834751	1024	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	11:cee25a834751	1025
wolfSSL	11:cee25a834751	1026	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	11:cee25a834751	1027	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	11:cee25a834751	1028	CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
wolfSSL	11:cee25a834751	1029
wolfSSL	11:cee25a834751	1030	POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL	11:cee25a834751	1031
wolfSSL	11:cee25a834751	1032	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	11:cee25a834751	1033	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	11:cee25a834751	1034
wolfSSL	11:cee25a834751	1035	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	11:cee25a834751	1036	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	11:cee25a834751	1037
wolfSSL	11:cee25a834751	1038	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	11:cee25a834751	1039
wolfSSL	11:cee25a834751	1040	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	11:cee25a834751	1041	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	11:cee25a834751	1042
wolfSSL	11:cee25a834751	1043	#ifdef HAVE_QSH
wolfSSL	11:cee25a834751	1044	/* qsh handshake sends 600+ size keys over hello extensions */
wolfSSL	11:cee25a834751	1045	MAX_HELLO_SZ = 2048, /* max client or server hello */
wolfSSL	11:cee25a834751	1046	#else
wolfSSL	11:cee25a834751	1047	MAX_HELLO_SZ = 128, /* max client or server hello */
wolfSSL	11:cee25a834751	1048	#endif
wolfSSL	11:cee25a834751	1049	MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL	11:cee25a834751	1050	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	11:cee25a834751	1051	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	11:cee25a834751	1052
wolfSSL	11:cee25a834751	1053	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	11:cee25a834751	1054	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	11:cee25a834751	1055	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	11:cee25a834751	1056
wolfSSL	11:cee25a834751	1057	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL	11:cee25a834751	1058	NULL_TERM_LEN = 1, /* length of null '\0' termination character */
wolfSSL	11:cee25a834751	1059	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	11:cee25a834751	1060
wolfSSL	11:cee25a834751	1061	MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL	11:cee25a834751	1062
wolfSSL	11:cee25a834751	1063	#if defined(HAVE_EX_DATA) \|\| defined(FORTRESS)
wolfSSL	11:cee25a834751	1064	MAX_EX_DATA = 5, /* allow for five items of ex_data */
wolfSSL	11:cee25a834751	1065	#endif
wolfSSL	11:cee25a834751	1066
wolfSSL	11:cee25a834751	1067	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	11:cee25a834751	1068	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	11:cee25a834751	1069	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
wolfSSL	11:cee25a834751	1070	will use dynamic buffer if not big enough */
wolfSSL	11:cee25a834751	1071
wolfSSL	11:cee25a834751	1072	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	11:cee25a834751	1073	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	11:cee25a834751	1074	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	11:cee25a834751	1075	NO_SNIFF = 0, /* not sniffing */
wolfSSL	11:cee25a834751	1076	SNIFF = 1, /* currently sniffing */
wolfSSL	11:cee25a834751	1077
wolfSSL	11:cee25a834751	1078	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	11:cee25a834751	1079
wolfSSL	11:cee25a834751	1080	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	11:cee25a834751	1081	COPY = 1, /* should we copy static buffer for write */
wolfSSL	11:cee25a834751	1082
wolfSSL	11:cee25a834751	1083	PREV_ORDER = -1, /* Sequence number is in previous epoch. */
wolfSSL	11:cee25a834751	1084	PEER_ORDER = 1, /* Peer sequence number for verify. */
wolfSSL	11:cee25a834751	1085	CUR_ORDER = 0 /* Current sequence number. */
wolfSSL	11:cee25a834751	1086	};
wolfSSL	11:cee25a834751	1087
wolfSSL	11:cee25a834751	1088
wolfSSL	11:cee25a834751	1089	/* Set max implicit IV size for AEAD cipher suites */
wolfSSL	11:cee25a834751	1090	#ifdef HAVE_CHACHA
wolfSSL	11:cee25a834751	1091	#define AEAD_MAX_IMP_SZ 12
wolfSSL	11:cee25a834751	1092	#else
wolfSSL	11:cee25a834751	1093	#define AEAD_MAX_IMP_SZ 4
wolfSSL	11:cee25a834751	1094	#endif
wolfSSL	11:cee25a834751	1095
wolfSSL	11:cee25a834751	1096	/* Set max explicit IV size for AEAD cipher suites */
wolfSSL	11:cee25a834751	1097	#define AEAD_MAX_EXP_SZ 8
wolfSSL	11:cee25a834751	1098
wolfSSL	11:cee25a834751	1099
wolfSSL	11:cee25a834751	1100	#ifndef WOLFSSL_MAX_SUITE_SZ
wolfSSL	11:cee25a834751	1101	#define WOLFSSL_MAX_SUITE_SZ 300
wolfSSL	11:cee25a834751	1102	/* 150 suites for now! */
wolfSSL	11:cee25a834751	1103	#endif
wolfSSL	11:cee25a834751	1104
wolfSSL	11:cee25a834751	1105	/* set minimum ECC key size allowed */
wolfSSL	11:cee25a834751	1106	#ifndef WOLFSSL_MIN_ECC_BITS
wolfSSL	11:cee25a834751	1107	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	11:cee25a834751	1108	#define WOLFSSL_MIN_ECC_BITS 256
wolfSSL	11:cee25a834751	1109	#else
wolfSSL	11:cee25a834751	1110	#define WOLFSSL_MIN_ECC_BITS 224
wolfSSL	11:cee25a834751	1111	#endif
wolfSSL	11:cee25a834751	1112	#endif /* WOLFSSL_MIN_ECC_BITS */
wolfSSL	11:cee25a834751	1113	#if (WOLFSSL_MIN_ECC_BITS % 8)
wolfSSL	11:cee25a834751	1114	/* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
wolfSSL	11:cee25a834751	1115	In these cases round down to the nearest value divisable by 8. The
wolfSSL	11:cee25a834751	1116	restriction of being divisable by 8 is in place to match wc_ecc_size
wolfSSL	11:cee25a834751	1117	function from wolfSSL.
wolfSSL	11:cee25a834751	1118	*/
wolfSSL	11:cee25a834751	1119	#error ECC minimum bit size must be a multiple of 8
wolfSSL	11:cee25a834751	1120	#endif
wolfSSL	11:cee25a834751	1121	#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
wolfSSL	11:cee25a834751	1122
wolfSSL	11:cee25a834751	1123	/* set minimum RSA key size allowed */
wolfSSL	11:cee25a834751	1124	#ifndef WOLFSSL_MIN_RSA_BITS
wolfSSL	11:cee25a834751	1125	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	11:cee25a834751	1126	#define WOLFSSL_MIN_RSA_BITS 2048
wolfSSL	11:cee25a834751	1127	#else
wolfSSL	11:cee25a834751	1128	#define WOLFSSL_MIN_RSA_BITS 1024
wolfSSL	11:cee25a834751	1129	#endif
wolfSSL	11:cee25a834751	1130	#endif /* WOLFSSL_MIN_RSA_BITS */
wolfSSL	11:cee25a834751	1131	#if (WOLFSSL_MIN_RSA_BITS % 8)
wolfSSL	11:cee25a834751	1132	/* This is to account for the example case of a min size of 2050 bits but
wolfSSL	11:cee25a834751	1133	still allows 2049 bit key. So we need the measurment to be in bytes. */
wolfSSL	11:cee25a834751	1134	#error RSA minimum bit size must be a multiple of 8
wolfSSL	11:cee25a834751	1135	#endif
wolfSSL	11:cee25a834751	1136	#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
wolfSSL	11:cee25a834751	1137
wolfSSL	11:cee25a834751	1138	/* set minimum DH key size allowed */
wolfSSL	11:cee25a834751	1139	#ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL	11:cee25a834751	1140	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	11:cee25a834751	1141	#define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL	11:cee25a834751	1142	#else
wolfSSL	11:cee25a834751	1143	#define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL	11:cee25a834751	1144	#endif
wolfSSL	11:cee25a834751	1145	#endif
wolfSSL	11:cee25a834751	1146	#if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL	11:cee25a834751	1147	#error DH minimum bit size must be multiple of 8
wolfSSL	11:cee25a834751	1148	#endif
wolfSSL	11:cee25a834751	1149	#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL	11:cee25a834751	1150	#error DH minimum bit size must not be greater than 16000
wolfSSL	11:cee25a834751	1151	#endif
wolfSSL	11:cee25a834751	1152	#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL	11:cee25a834751	1153
wolfSSL	11:cee25a834751	1154
wolfSSL	11:cee25a834751	1155	#ifdef SESSION_INDEX
wolfSSL	11:cee25a834751	1156	/* Shift values for making a session index */
wolfSSL	11:cee25a834751	1157	#define SESSIDX_ROW_SHIFT 4
wolfSSL	11:cee25a834751	1158	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	11:cee25a834751	1159	#endif
wolfSSL	11:cee25a834751	1160
wolfSSL	11:cee25a834751	1161
wolfSSL	11:cee25a834751	1162	/* max cert chain peer depth */
wolfSSL	11:cee25a834751	1163	#ifndef MAX_CHAIN_DEPTH
wolfSSL	11:cee25a834751	1164	#define MAX_CHAIN_DEPTH 9
wolfSSL	11:cee25a834751	1165	#endif
wolfSSL	11:cee25a834751	1166
wolfSSL	11:cee25a834751	1167	/* max size of a certificate message payload */
wolfSSL	11:cee25a834751	1168	/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
wolfSSL	11:cee25a834751	1169	#ifndef MAX_CERTIFICATE_SZ
wolfSSL	11:cee25a834751	1170	#define MAX_CERTIFICATE_SZ \
wolfSSL	11:cee25a834751	1171	CERT_HEADER_SZ + \
wolfSSL	11:cee25a834751	1172	(MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
wolfSSL	11:cee25a834751	1173	#endif
wolfSSL	11:cee25a834751	1174
wolfSSL	11:cee25a834751	1175	/* max size of a handshake message, currently set to the certificate */
wolfSSL	11:cee25a834751	1176	#ifndef MAX_HANDSHAKE_SZ
wolfSSL	11:cee25a834751	1177	#define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
wolfSSL	11:cee25a834751	1178	#endif
wolfSSL	11:cee25a834751	1179
wolfSSL	11:cee25a834751	1180	#ifndef SESSION_TICKET_LEN
wolfSSL	11:cee25a834751	1181	#define SESSION_TICKET_LEN 256
wolfSSL	11:cee25a834751	1182	#endif
wolfSSL	11:cee25a834751	1183
wolfSSL	11:cee25a834751	1184	#ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL	11:cee25a834751	1185	#define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL	11:cee25a834751	1186	#endif
wolfSSL	11:cee25a834751	1187
wolfSSL	11:cee25a834751	1188
wolfSSL	11:cee25a834751	1189	/* don't use extra 3/4k stack space unless need to */
wolfSSL	11:cee25a834751	1190	#ifdef HAVE_NTRU
wolfSSL	11:cee25a834751	1191	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	11:cee25a834751	1192	#else
wolfSSL	11:cee25a834751	1193	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	11:cee25a834751	1194	#endif
wolfSSL	11:cee25a834751	1195
wolfSSL	11:cee25a834751	1196
wolfSSL	11:cee25a834751	1197	/* states */
wolfSSL	11:cee25a834751	1198	enum states {
wolfSSL	11:cee25a834751	1199	NULL_STATE = 0,
wolfSSL	11:cee25a834751	1200
wolfSSL	11:cee25a834751	1201	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	11:cee25a834751	1202	SERVER_HELLO_COMPLETE,
wolfSSL	11:cee25a834751	1203	SERVER_CERT_COMPLETE,
wolfSSL	11:cee25a834751	1204	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	11:cee25a834751	1205	SERVER_HELLODONE_COMPLETE,
wolfSSL	11:cee25a834751	1206	SERVER_FINISHED_COMPLETE,
wolfSSL	11:cee25a834751	1207
wolfSSL	11:cee25a834751	1208	CLIENT_HELLO_COMPLETE,
wolfSSL	11:cee25a834751	1209	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	11:cee25a834751	1210	CLIENT_FINISHED_COMPLETE,
wolfSSL	11:cee25a834751	1211
wolfSSL	11:cee25a834751	1212	HANDSHAKE_DONE
wolfSSL	11:cee25a834751	1213	};
wolfSSL	11:cee25a834751	1214
wolfSSL	11:cee25a834751	1215
wolfSSL	11:cee25a834751	1216	#if defined(__GNUC__)
wolfSSL	11:cee25a834751	1217	#define WOLFSSL_PACK __attribute__ ((packed))
wolfSSL	11:cee25a834751	1218	#else
wolfSSL	11:cee25a834751	1219	#define WOLFSSL_PACK
wolfSSL	11:cee25a834751	1220	#endif
wolfSSL	11:cee25a834751	1221
wolfSSL	11:cee25a834751	1222	/* SSL Version */
wolfSSL	11:cee25a834751	1223	typedef struct ProtocolVersion {
wolfSSL	11:cee25a834751	1224	byte major;
wolfSSL	11:cee25a834751	1225	byte minor;
wolfSSL	11:cee25a834751	1226	} WOLFSSL_PACK ProtocolVersion;
wolfSSL	11:cee25a834751	1227
wolfSSL	11:cee25a834751	1228
wolfSSL	11:cee25a834751	1229	WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	11:cee25a834751	1230	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	11:cee25a834751	1231	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	11:cee25a834751	1232	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	11:cee25a834751	1233
wolfSSL	11:cee25a834751	1234	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	1235	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	11:cee25a834751	1236	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	11:cee25a834751	1237
wolfSSL	11:cee25a834751	1238	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	11:cee25a834751	1239	WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	11:cee25a834751	1240	word32 sz);
wolfSSL	11:cee25a834751	1241	WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
wolfSSL	11:cee25a834751	1242	word32 sz);
wolfSSL	11:cee25a834751	1243	WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	1244	#endif
wolfSSL	11:cee25a834751	1245	#endif
wolfSSL	11:cee25a834751	1246
wolfSSL	11:cee25a834751	1247
wolfSSL	11:cee25a834751	1248	enum BIO_TYPE {
wolfSSL	11:cee25a834751	1249	BIO_BUFFER = 1,
wolfSSL	11:cee25a834751	1250	BIO_SOCKET = 2,
wolfSSL	11:cee25a834751	1251	BIO_SSL = 3,
wolfSSL	11:cee25a834751	1252	BIO_MEMORY = 4,
wolfSSL	11:cee25a834751	1253	BIO_BIO = 5,
wolfSSL	11:cee25a834751	1254	BIO_FILE = 6
wolfSSL	11:cee25a834751	1255	};
wolfSSL	11:cee25a834751	1256
wolfSSL	11:cee25a834751	1257
wolfSSL	11:cee25a834751	1258	/* wolfSSL BIO_METHOD type */
wolfSSL	11:cee25a834751	1259	struct WOLFSSL_BIO_METHOD {
wolfSSL	11:cee25a834751	1260	byte type; /* method type */
wolfSSL	11:cee25a834751	1261	};
wolfSSL	11:cee25a834751	1262
wolfSSL	11:cee25a834751	1263
wolfSSL	11:cee25a834751	1264	/* wolfSSL BIO type */
wolfSSL	11:cee25a834751	1265	struct WOLFSSL_BIO {
wolfSSL	11:cee25a834751	1266	WOLFSSL* ssl; /* possible associated ssl */
wolfSSL	11:cee25a834751	1267	#ifndef NO_FILESYSTEM
wolfSSL	11:cee25a834751	1268	XFILE file;
wolfSSL	11:cee25a834751	1269	#endif
wolfSSL	11:cee25a834751	1270	WOLFSSL_BIO* prev; /* previous in chain */
wolfSSL	11:cee25a834751	1271	WOLFSSL_BIO* next; /* next in chain */
wolfSSL	11:cee25a834751	1272	WOLFSSL_BIO* pair; /* BIO paired with */
wolfSSL	11:cee25a834751	1273	void* heap; /* user heap hint */
wolfSSL	11:cee25a834751	1274	byte* mem; /* memory buffer */
wolfSSL	11:cee25a834751	1275	int wrSz; /* write buffer size (mem) */
wolfSSL	11:cee25a834751	1276	int wrIdx; /* current index for write buffer */
wolfSSL	11:cee25a834751	1277	int rdIdx; /* current read index */
wolfSSL	11:cee25a834751	1278	int readRq; /* read request */
wolfSSL	11:cee25a834751	1279	int memLen; /* memory buffer length */
wolfSSL	11:cee25a834751	1280	int fd; /* possible file descriptor */
wolfSSL	11:cee25a834751	1281	int eof; /* eof flag */
wolfSSL	11:cee25a834751	1282	byte type; /* method type */
wolfSSL	11:cee25a834751	1283	byte close; /* close flag */
wolfSSL	11:cee25a834751	1284	};
wolfSSL	11:cee25a834751	1285
wolfSSL	11:cee25a834751	1286
wolfSSL	11:cee25a834751	1287	/* wolfSSL method type */
wolfSSL	11:cee25a834751	1288	struct WOLFSSL_METHOD {
wolfSSL	11:cee25a834751	1289	ProtocolVersion version;
wolfSSL	11:cee25a834751	1290	byte side; /* connection side, server or client */
wolfSSL	11:cee25a834751	1291	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	11:cee25a834751	1292	};
wolfSSL	11:cee25a834751	1293
wolfSSL	11:cee25a834751	1294
wolfSSL	11:cee25a834751	1295	/* defaults to client */
wolfSSL	11:cee25a834751	1296	WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL	11:cee25a834751	1297
wolfSSL	11:cee25a834751	1298	/* for sniffer */
wolfSSL	11:cee25a834751	1299	WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	11:cee25a834751	1300	word32 size, word32 totalSz, int sniff);
wolfSSL	11:cee25a834751	1301	WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	11:cee25a834751	1302
wolfSSL	11:cee25a834751	1303
wolfSSL	11:cee25a834751	1304	/* wolfSSL buffer type - internal uses "buffer" type */
wolfSSL	11:cee25a834751	1305	typedef WOLFSSL_BUFFER_INFO buffer;
wolfSSL	11:cee25a834751	1306
wolfSSL	11:cee25a834751	1307	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	1308	/* wolfSSL DER buffer */
wolfSSL	11:cee25a834751	1309	typedef struct DerBuffer {
wolfSSL	11:cee25a834751	1310	byte* buffer;
wolfSSL	11:cee25a834751	1311	void* heap;
wolfSSL	11:cee25a834751	1312	word32 length;
wolfSSL	11:cee25a834751	1313	int type; /* enum CertType */
wolfSSL	11:cee25a834751	1314	int dynType; /* DYNAMIC_TYPE_* */
wolfSSL	11:cee25a834751	1315	} DerBuffer;
wolfSSL	11:cee25a834751	1316	#endif /* !NO_CERTS */
wolfSSL	11:cee25a834751	1317
wolfSSL	11:cee25a834751	1318
wolfSSL	11:cee25a834751	1319	enum {
wolfSSL	11:cee25a834751	1320	FORCED_FREE = 1,
wolfSSL	11:cee25a834751	1321	NO_FORCED_FREE = 0
wolfSSL	11:cee25a834751	1322	};
wolfSSL	11:cee25a834751	1323
wolfSSL	11:cee25a834751	1324
wolfSSL	11:cee25a834751	1325	/* only use compression extra if using compression */
wolfSSL	11:cee25a834751	1326	#ifdef HAVE_LIBZ
wolfSSL	11:cee25a834751	1327	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	11:cee25a834751	1328	#else
wolfSSL	11:cee25a834751	1329	#define COMP_EXTRA 0
wolfSSL	11:cee25a834751	1330	#endif
wolfSSL	11:cee25a834751	1331
wolfSSL	11:cee25a834751	1332	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	11:cee25a834751	1333	#ifdef WOLFSSL_SNIFFER
wolfSSL	11:cee25a834751	1334	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	11:cee25a834751	1335	#else
wolfSSL	11:cee25a834751	1336	#define MTU_EXTRA 0
wolfSSL	11:cee25a834751	1337	#endif
wolfSSL	11:cee25a834751	1338
wolfSSL	11:cee25a834751	1339
wolfSSL	11:cee25a834751	1340	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	11:cee25a834751	1341	#ifdef WOLFSSL_CALLBACKS
wolfSSL	11:cee25a834751	1342	#undef LARGE_STATIC_BUFFERS
wolfSSL	11:cee25a834751	1343	#define LARGE_STATIC_BUFFERS
wolfSSL	11:cee25a834751	1344	#endif
wolfSSL	11:cee25a834751	1345
wolfSSL	11:cee25a834751	1346
wolfSSL	11:cee25a834751	1347	/* give user option to use 16K static buffers */
wolfSSL	11:cee25a834751	1348	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	11:cee25a834751	1349	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	11:cee25a834751	1350	#else
wolfSSL	11:cee25a834751	1351	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	1352	#define RECORD_SIZE MAX_MTU
wolfSSL	11:cee25a834751	1353	#else
wolfSSL	11:cee25a834751	1354	#define RECORD_SIZE 128
wolfSSL	11:cee25a834751	1355	#endif
wolfSSL	11:cee25a834751	1356	#endif
wolfSSL	11:cee25a834751	1357
wolfSSL	11:cee25a834751	1358
wolfSSL	11:cee25a834751	1359	/* user option to turn off 16K output option */
wolfSSL	11:cee25a834751	1360	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	11:cee25a834751	1361	larger than the record we have, dynamically get it, unless user says only
wolfSSL	11:cee25a834751	1362	write in static buffer chunks */
wolfSSL	11:cee25a834751	1363	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	11:cee25a834751	1364	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	11:cee25a834751	1365	#else
wolfSSL	11:cee25a834751	1366	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	11:cee25a834751	1367	#endif
wolfSSL	11:cee25a834751	1368
wolfSSL	11:cee25a834751	1369	/* wolfSSL input buffer
wolfSSL	11:cee25a834751	1370
wolfSSL	11:cee25a834751	1371	RFC 2246:
wolfSSL	11:cee25a834751	1372
wolfSSL	11:cee25a834751	1373	length
wolfSSL	11:cee25a834751	1374	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	11:cee25a834751	1375	The length should not exceed 2^14.
wolfSSL	11:cee25a834751	1376	*/
wolfSSL	11:cee25a834751	1377	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	11:cee25a834751	1378	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	11:cee25a834751	1379	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	11:cee25a834751	1380	#else
wolfSSL	11:cee25a834751	1381	/* don't fragment memory from the record header */
wolfSSL	11:cee25a834751	1382	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	11:cee25a834751	1383	#endif
wolfSSL	11:cee25a834751	1384
wolfSSL	11:cee25a834751	1385	typedef struct {
wolfSSL	11:cee25a834751	1386	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	11:cee25a834751	1387	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	11:cee25a834751	1388	word32 length; /* total buffer length used */
wolfSSL	11:cee25a834751	1389	word32 idx; /* idx to part of length already consumed */
wolfSSL	11:cee25a834751	1390	word32 bufferSize; /* current buffer size */
wolfSSL	11:cee25a834751	1391	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	11:cee25a834751	1392	byte offset; /* alignment offset attempt */
wolfSSL	11:cee25a834751	1393	} bufferStatic;
wolfSSL	11:cee25a834751	1394
wolfSSL	11:cee25a834751	1395	/* Cipher Suites holder */
wolfSSL	11:cee25a834751	1396	typedef struct Suites {
wolfSSL	11:cee25a834751	1397	word16 suiteSz; /* suite length in bytes */
wolfSSL	11:cee25a834751	1398	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	11:cee25a834751	1399	byte suites[WOLFSSL_MAX_SUITE_SZ];
wolfSSL	11:cee25a834751	1400	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
wolfSSL	11:cee25a834751	1401	byte setSuites; /* user set suites from default */
wolfSSL	11:cee25a834751	1402	byte hashAlgo; /* selected hash algorithm */
wolfSSL	11:cee25a834751	1403	byte sigAlgo; /* selected sig algorithm */
wolfSSL	11:cee25a834751	1404	} Suites;
wolfSSL	11:cee25a834751	1405
wolfSSL	11:cee25a834751	1406
wolfSSL	11:cee25a834751	1407	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	1408	void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
wolfSSL	11:cee25a834751	1409	word16, word16, word16, int);
wolfSSL	11:cee25a834751	1410	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	1411	int SetCipherList(WOLFSSL_CTX, Suites, const char* list);
wolfSSL	11:cee25a834751	1412
wolfSSL	11:cee25a834751	1413	#ifndef PSK_TYPES_DEFINED
wolfSSL	11:cee25a834751	1414	typedef unsigned int (wc_psk_client_callback)(WOLFSSL, const char, char,
wolfSSL	11:cee25a834751	1415	unsigned int, unsigned char*, unsigned int);
wolfSSL	11:cee25a834751	1416	typedef unsigned int (wc_psk_server_callback)(WOLFSSL, const char*,
wolfSSL	11:cee25a834751	1417	unsigned char*, unsigned int);
wolfSSL	11:cee25a834751	1418	#endif /* PSK_TYPES_DEFINED */
wolfSSL	11:cee25a834751	1419	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	1420	typedef int (wc_dtls_export)(WOLFSSL ssl,
wolfSSL	11:cee25a834751	1421	unsigned char* exportBuffer, unsigned int sz, void* userCtx);
wolfSSL	11:cee25a834751	1422	#endif
wolfSSL	11:cee25a834751	1423
wolfSSL	11:cee25a834751	1424
wolfSSL	11:cee25a834751	1425	/* wolfSSL Cipher type just points back to SSL */
wolfSSL	11:cee25a834751	1426	struct WOLFSSL_CIPHER {
wolfSSL	11:cee25a834751	1427	WOLFSSL* ssl;
wolfSSL	11:cee25a834751	1428	};
wolfSSL	11:cee25a834751	1429
wolfSSL	11:cee25a834751	1430
wolfSSL	11:cee25a834751	1431	typedef struct OcspEntry OcspEntry;
wolfSSL	11:cee25a834751	1432
wolfSSL	11:cee25a834751	1433	#ifdef NO_SHA
wolfSSL	11:cee25a834751	1434	#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	11:cee25a834751	1435	#else
wolfSSL	11:cee25a834751	1436	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	11:cee25a834751	1437	#endif
wolfSSL	11:cee25a834751	1438
wolfSSL	11:cee25a834751	1439	#ifdef NO_ASN
wolfSSL	11:cee25a834751	1440	/* no_asn won't have */
wolfSSL	11:cee25a834751	1441	typedef struct CertStatus CertStatus;
wolfSSL	11:cee25a834751	1442	#endif
wolfSSL	11:cee25a834751	1443
wolfSSL	11:cee25a834751	1444	struct OcspEntry {
wolfSSL	11:cee25a834751	1445	OcspEntry* next; /* next entry */
wolfSSL	11:cee25a834751	1446	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL	11:cee25a834751	1447	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL	11:cee25a834751	1448	CertStatus* status; /* OCSP response list */
wolfSSL	11:cee25a834751	1449	int totalStatus; /* number on list */
wolfSSL	11:cee25a834751	1450	};
wolfSSL	11:cee25a834751	1451
wolfSSL	11:cee25a834751	1452
wolfSSL	11:cee25a834751	1453	#ifndef HAVE_OCSP
wolfSSL	11:cee25a834751	1454	typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL	11:cee25a834751	1455	#endif
wolfSSL	11:cee25a834751	1456
wolfSSL	11:cee25a834751	1457	/* wolfSSL OCSP controller */
wolfSSL	11:cee25a834751	1458	struct WOLFSSL_OCSP {
wolfSSL	11:cee25a834751	1459	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	11:cee25a834751	1460	OcspEntry* ocspList; /* OCSP response list */
wolfSSL	11:cee25a834751	1461	wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	11:cee25a834751	1462	#if defined(WOLFSSL_NGINX) \|\| defined (WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	1463	int(statusCb)(WOLFSSL, void*);
wolfSSL	11:cee25a834751	1464	#endif
wolfSSL	11:cee25a834751	1465	};
wolfSSL	11:cee25a834751	1466
wolfSSL	11:cee25a834751	1467	#ifndef MAX_DATE_SIZE
wolfSSL	11:cee25a834751	1468	#define MAX_DATE_SIZE 32
wolfSSL	11:cee25a834751	1469	#endif
wolfSSL	11:cee25a834751	1470
wolfSSL	11:cee25a834751	1471	typedef struct CRL_Entry CRL_Entry;
wolfSSL	11:cee25a834751	1472
wolfSSL	11:cee25a834751	1473	#ifdef NO_SHA
wolfSSL	11:cee25a834751	1474	#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	11:cee25a834751	1475	#else
wolfSSL	11:cee25a834751	1476	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	11:cee25a834751	1477	#endif
wolfSSL	11:cee25a834751	1478
wolfSSL	11:cee25a834751	1479	#ifdef NO_ASN
wolfSSL	11:cee25a834751	1480	typedef struct RevokedCert RevokedCert;
wolfSSL	11:cee25a834751	1481	#endif
wolfSSL	11:cee25a834751	1482
wolfSSL	11:cee25a834751	1483	/* Complete CRL */
wolfSSL	11:cee25a834751	1484	struct CRL_Entry {
wolfSSL	11:cee25a834751	1485	CRL_Entry* next; /* next entry */
wolfSSL	11:cee25a834751	1486	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	11:cee25a834751	1487	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	11:cee25a834751	1488	/* restore the hash here if needed for optimized comparisons */
wolfSSL	11:cee25a834751	1489	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	11:cee25a834751	1490	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	11:cee25a834751	1491	byte lastDateFormat; /* last date format */
wolfSSL	11:cee25a834751	1492	byte nextDateFormat; /* next date format */
wolfSSL	11:cee25a834751	1493	RevokedCert* certs; /* revoked cert list */
wolfSSL	11:cee25a834751	1494	int totalCerts; /* number on list */
wolfSSL	11:cee25a834751	1495	};
wolfSSL	11:cee25a834751	1496
wolfSSL	11:cee25a834751	1497
wolfSSL	11:cee25a834751	1498	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	11:cee25a834751	1499
wolfSSL	11:cee25a834751	1500	/* CRL directory monitor */
wolfSSL	11:cee25a834751	1501	struct CRL_Monitor {
wolfSSL	11:cee25a834751	1502	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	11:cee25a834751	1503	int type; /* PEM or ASN1 type */
wolfSSL	11:cee25a834751	1504	};
wolfSSL	11:cee25a834751	1505
wolfSSL	11:cee25a834751	1506
wolfSSL	11:cee25a834751	1507	#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
wolfSSL	11:cee25a834751	1508	#undef HAVE_CRL_MONITOR
wolfSSL	11:cee25a834751	1509	#endif
wolfSSL	11:cee25a834751	1510
wolfSSL	11:cee25a834751	1511	/* wolfSSL CRL controller */
wolfSSL	11:cee25a834751	1512	struct WOLFSSL_CRL {
wolfSSL	11:cee25a834751	1513	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	11:cee25a834751	1514	CRL_Entry* crlList; /* our CRL list */
wolfSSL	11:cee25a834751	1515	#ifdef HAVE_CRL_IO
wolfSSL	11:cee25a834751	1516	CbCrlIO crlIOCb;
wolfSSL	11:cee25a834751	1517	#endif
wolfSSL	11:cee25a834751	1518	wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	11:cee25a834751	1519	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	11:cee25a834751	1520	#ifdef HAVE_CRL_MONITOR
wolfSSL	11:cee25a834751	1521	pthread_cond_t cond; /* condition to signal setup */
wolfSSL	11:cee25a834751	1522	pthread_t tid; /* monitoring thread */
wolfSSL	11:cee25a834751	1523	int mfd; /* monitor fd, -1 if no init yet */
wolfSSL	11:cee25a834751	1524	int setup; /* thread is setup predicate */
wolfSSL	11:cee25a834751	1525	#endif
wolfSSL	11:cee25a834751	1526	void* heap; /* heap hint for dynamic memory */
wolfSSL	11:cee25a834751	1527	};
wolfSSL	11:cee25a834751	1528
wolfSSL	11:cee25a834751	1529
wolfSSL	11:cee25a834751	1530	#ifdef NO_ASN
wolfSSL	11:cee25a834751	1531	typedef struct Signer Signer;
wolfSSL	11:cee25a834751	1532	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	11:cee25a834751	1533	typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL	11:cee25a834751	1534	#endif
wolfSSL	11:cee25a834751	1535	#endif
wolfSSL	11:cee25a834751	1536
wolfSSL	11:cee25a834751	1537
wolfSSL	11:cee25a834751	1538	#ifndef CA_TABLE_SIZE
wolfSSL	11:cee25a834751	1539	#define CA_TABLE_SIZE 11
wolfSSL	11:cee25a834751	1540	#endif
wolfSSL	11:cee25a834751	1541	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	11:cee25a834751	1542	#define TP_TABLE_SIZE 11
wolfSSL	11:cee25a834751	1543	#endif
wolfSSL	11:cee25a834751	1544
wolfSSL	11:cee25a834751	1545	/* wolfSSL Certificate Manager */
wolfSSL	11:cee25a834751	1546	struct WOLFSSL_CERT_MANAGER {
wolfSSL	11:cee25a834751	1547	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	11:cee25a834751	1548	void* heap; /* heap helper */
wolfSSL	11:cee25a834751	1549	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	11:cee25a834751	1550	TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
wolfSSL	11:cee25a834751	1551	wolfSSL_Mutex tpLock; /* trusted peer list lock */
wolfSSL	11:cee25a834751	1552	#endif
wolfSSL	11:cee25a834751	1553	WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL	11:cee25a834751	1554	WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	11:cee25a834751	1555	#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	11:cee25a834751	1556	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL	11:cee25a834751	1557	WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
wolfSSL	11:cee25a834751	1558	#endif
wolfSSL	11:cee25a834751	1559	char* ocspOverrideURL; /* use this responder */
wolfSSL	11:cee25a834751	1560	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	11:cee25a834751	1561	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	11:cee25a834751	1562	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	11:cee25a834751	1563	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	11:cee25a834751	1564	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	11:cee25a834751	1565	wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL	11:cee25a834751	1566	byte crlEnabled; /* is CRL on ? */
wolfSSL	11:cee25a834751	1567	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	11:cee25a834751	1568	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	11:cee25a834751	1569	byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL	11:cee25a834751	1570	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	11:cee25a834751	1571	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	11:cee25a834751	1572	byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
wolfSSL	11:cee25a834751	1573
wolfSSL	11:cee25a834751	1574	#ifndef NO_RSA
wolfSSL	11:cee25a834751	1575	short minRsaKeySz; /* minimum allowed RSA key size */
wolfSSL	11:cee25a834751	1576	#endif
wolfSSL	11:cee25a834751	1577	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	1578	short minEccKeySz; /* minimum allowed ECC key size */
wolfSSL	11:cee25a834751	1579	#endif
wolfSSL	11:cee25a834751	1580	};
wolfSSL	11:cee25a834751	1581
wolfSSL	11:cee25a834751	1582	WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	11:cee25a834751	1583	WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	11:cee25a834751	1584	WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER, void, int, int*);
wolfSSL	11:cee25a834751	1585	WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER, const void, int);
wolfSSL	11:cee25a834751	1586	WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL	11:cee25a834751	1587
wolfSSL	11:cee25a834751	1588	/* wolfSSL Sock Addr */
wolfSSL	11:cee25a834751	1589	struct WOLFSSL_SOCKADDR {
wolfSSL	11:cee25a834751	1590	unsigned int sz; /* sockaddr size */
wolfSSL	11:cee25a834751	1591	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	11:cee25a834751	1592	};
wolfSSL	11:cee25a834751	1593
wolfSSL	11:cee25a834751	1594	typedef struct WOLFSSL_DTLS_CTX {
wolfSSL	11:cee25a834751	1595	WOLFSSL_SOCKADDR peer;
wolfSSL	11:cee25a834751	1596	int rfd;
wolfSSL	11:cee25a834751	1597	int wfd;
wolfSSL	11:cee25a834751	1598	} WOLFSSL_DTLS_CTX;
wolfSSL	11:cee25a834751	1599
wolfSSL	11:cee25a834751	1600
wolfSSL	11:cee25a834751	1601	#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
wolfSSL	11:cee25a834751	1602
wolfSSL	11:cee25a834751	1603	/* keys and secrets
wolfSSL	11:cee25a834751	1604	* keep as a constant size (no additional ifdefs) for session export */
wolfSSL	11:cee25a834751	1605	typedef struct Keys {
wolfSSL	11:cee25a834751	1606	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	11:cee25a834751	1607	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
wolfSSL	11:cee25a834751	1608	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
wolfSSL	11:cee25a834751	1609	byte server_write_key[AES_256_KEY_SIZE];
wolfSSL	11:cee25a834751	1610	byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
wolfSSL	11:cee25a834751	1611	byte server_write_IV[MAX_WRITE_IV_SZ];
wolfSSL	11:cee25a834751	1612	#if defined(HAVE_AEAD) \|\| defined(WOLFSSL_SESSION_EXPORT)
wolfSSL	11:cee25a834751	1613	byte aead_exp_IV[AEAD_MAX_EXP_SZ];
wolfSSL	11:cee25a834751	1614	byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	11:cee25a834751	1615	byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL	11:cee25a834751	1616	#endif
wolfSSL	11:cee25a834751	1617
wolfSSL	11:cee25a834751	1618	word32 peer_sequence_number_hi;
wolfSSL	11:cee25a834751	1619	word32 peer_sequence_number_lo;
wolfSSL	11:cee25a834751	1620	word32 sequence_number_hi;
wolfSSL	11:cee25a834751	1621	word32 sequence_number_lo;
wolfSSL	11:cee25a834751	1622
wolfSSL	11:cee25a834751	1623	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	1624	word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	11:cee25a834751	1625	/* Sliding window for current epoch */
wolfSSL	11:cee25a834751	1626	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	11:cee25a834751	1627	word16 nextSeq_hi; /* Expected sequence in next record */
wolfSSL	11:cee25a834751	1628	word32 nextSeq_lo;
wolfSSL	11:cee25a834751	1629
wolfSSL	11:cee25a834751	1630	word16 curEpoch; /* Received epoch in current record */
wolfSSL	11:cee25a834751	1631	word16 curSeq_hi; /* Received sequence in current record */
wolfSSL	11:cee25a834751	1632	word32 curSeq_lo;
wolfSSL	11:cee25a834751	1633
wolfSSL	11:cee25a834751	1634	word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	11:cee25a834751	1635	/* Sliding window for old epoch */
wolfSSL	11:cee25a834751	1636	word16 prevSeq_hi; /* Next sequence in allowed old epoch */
wolfSSL	11:cee25a834751	1637	word32 prevSeq_lo;
wolfSSL	11:cee25a834751	1638
wolfSSL	11:cee25a834751	1639	word16 dtls_peer_handshake_number;
wolfSSL	11:cee25a834751	1640	word16 dtls_expected_peer_handshake_number;
wolfSSL	11:cee25a834751	1641
wolfSSL	11:cee25a834751	1642	word16 dtls_epoch; /* Current epoch */
wolfSSL	11:cee25a834751	1643	word16 dtls_sequence_number_hi; /* Current epoch */
wolfSSL	11:cee25a834751	1644	word32 dtls_sequence_number_lo;
wolfSSL	11:cee25a834751	1645	word16 dtls_prev_sequence_number_hi; /* Previous epoch */
wolfSSL	11:cee25a834751	1646	word32 dtls_prev_sequence_number_lo;
wolfSSL	11:cee25a834751	1647	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	11:cee25a834751	1648	#endif
wolfSSL	11:cee25a834751	1649
wolfSSL	11:cee25a834751	1650	word32 encryptSz; /* last size of encrypted data */
wolfSSL	11:cee25a834751	1651	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	11:cee25a834751	1652	byte encryptionOn; /* true after change cipher spec */
wolfSSL	11:cee25a834751	1653	byte decryptedCur; /* only decrypt current record once */
wolfSSL	11:cee25a834751	1654	} Keys;
wolfSSL	11:cee25a834751	1655
wolfSSL	11:cee25a834751	1656
wolfSSL	11:cee25a834751	1657
wolfSSL	11:cee25a834751	1658	/** TLS Extensions - RFC 6066 */
wolfSSL	11:cee25a834751	1659	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	11:cee25a834751	1660
wolfSSL	11:cee25a834751	1661	typedef enum {
wolfSSL	11:cee25a834751	1662	TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
wolfSSL	11:cee25a834751	1663	TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL	11:cee25a834751	1664	TLSX_TRUNCATED_HMAC = 0x0004,
wolfSSL	11:cee25a834751	1665	TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
wolfSSL	11:cee25a834751	1666	TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
wolfSSL	11:cee25a834751	1667	TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
wolfSSL	11:cee25a834751	1668	TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
wolfSSL	11:cee25a834751	1669	TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
wolfSSL	11:cee25a834751	1670	TLSX_SESSION_TICKET = 0x0023,
wolfSSL	11:cee25a834751	1671	TLSX_RENEGOTIATION_INFO = 0xff01
wolfSSL	11:cee25a834751	1672	} TLSX_Type;
wolfSSL	11:cee25a834751	1673
wolfSSL	11:cee25a834751	1674	typedef struct TLSX {
wolfSSL	11:cee25a834751	1675	TLSX_Type type; /* Extension Type */
wolfSSL	11:cee25a834751	1676	void* data; /* Extension Data */
wolfSSL	11:cee25a834751	1677	byte resp; /* IsResponse Flag */
wolfSSL	11:cee25a834751	1678	struct TLSX* next; /* List Behavior */
wolfSSL	11:cee25a834751	1679	} TLSX;
wolfSSL	11:cee25a834751	1680
wolfSSL	11:cee25a834751	1681	WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	11:cee25a834751	1682	WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
wolfSSL	11:cee25a834751	1683	WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	1684	WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
wolfSSL	11:cee25a834751	1685
wolfSSL	11:cee25a834751	1686	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	11:cee25a834751	1687	WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	1688	WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
wolfSSL	11:cee25a834751	1689	#endif
wolfSSL	11:cee25a834751	1690
wolfSSL	11:cee25a834751	1691	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	1692	WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	1693	WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
wolfSSL	11:cee25a834751	1694	#endif
wolfSSL	11:cee25a834751	1695
wolfSSL	11:cee25a834751	1696	WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	11:cee25a834751	1697	byte isRequest, Suites *suites);
wolfSSL	11:cee25a834751	1698
wolfSSL	11:cee25a834751	1699	#elif defined(HAVE_SNI) \
wolfSSL	11:cee25a834751	1700	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	11:cee25a834751	1701	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	11:cee25a834751	1702	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	11:cee25a834751	1703	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL	11:cee25a834751	1704	\|\| defined(HAVE_SUPPORTED_CURVES) \
wolfSSL	11:cee25a834751	1705	\|\| defined(HAVE_ALPN) \
wolfSSL	11:cee25a834751	1706	\|\| defined(HAVE_QSH) \
wolfSSL	11:cee25a834751	1707	\|\| defined(HAVE_SESSION_TICKET) \
wolfSSL	11:cee25a834751	1708	\|\| defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	11:cee25a834751	1709	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	11:cee25a834751	1710
wolfSSL	11:cee25a834751	1711	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL	11:cee25a834751	1712
wolfSSL	11:cee25a834751	1713	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	11:cee25a834751	1714
wolfSSL	11:cee25a834751	1715	/** Server Name Indication - RFC 6066 (session 3) */
wolfSSL	11:cee25a834751	1716	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1717
wolfSSL	11:cee25a834751	1718	typedef struct SNI {
wolfSSL	11:cee25a834751	1719	byte type; /* SNI Type */
wolfSSL	11:cee25a834751	1720	union { char* host_name; } data; /* SNI Data */
wolfSSL	11:cee25a834751	1721	struct SNI* next; /* List Behavior */
wolfSSL	11:cee25a834751	1722	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	1723	byte options; /* Behavior options */
wolfSSL	11:cee25a834751	1724	byte status; /* Matching result */
wolfSSL	11:cee25a834751	1725	#endif
wolfSSL	11:cee25a834751	1726	} SNI;
wolfSSL	11:cee25a834751	1727
wolfSSL	11:cee25a834751	1728	WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	11:cee25a834751	1729	word16 size, void* heap);
wolfSSL	11:cee25a834751	1730
wolfSSL	11:cee25a834751	1731	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	1732	WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	11:cee25a834751	1733	byte options);
wolfSSL	11:cee25a834751	1734	WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	11:cee25a834751	1735	WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	11:cee25a834751	1736	void** data);
wolfSSL	11:cee25a834751	1737	WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	11:cee25a834751	1738	byte type, byte* sni, word32* inOutSz);
wolfSSL	11:cee25a834751	1739	#endif
wolfSSL	11:cee25a834751	1740
wolfSSL	11:cee25a834751	1741	#endif /* HAVE_SNI */
wolfSSL	11:cee25a834751	1742
wolfSSL	11:cee25a834751	1743	/* Application-Layer Protocol Negotiation - RFC 7301 */
wolfSSL	11:cee25a834751	1744	#ifdef HAVE_ALPN
wolfSSL	11:cee25a834751	1745	typedef struct ALPN {
wolfSSL	11:cee25a834751	1746	char* protocol_name; /* ALPN protocol name */
wolfSSL	11:cee25a834751	1747	struct ALPN* next; /* List Behavior */
wolfSSL	11:cee25a834751	1748	byte options; /* Behavior options */
wolfSSL	11:cee25a834751	1749	byte negotiated; /* ALPN protocol negotiated or not */
wolfSSL	11:cee25a834751	1750	} ALPN;
wolfSSL	11:cee25a834751	1751
wolfSSL	11:cee25a834751	1752	WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
wolfSSL	11:cee25a834751	1753	void** data, word16 *dataSz);
wolfSSL	11:cee25a834751	1754
wolfSSL	11:cee25a834751	1755	WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
wolfSSL	11:cee25a834751	1756	word16 size, byte options, void* heap);
wolfSSL	11:cee25a834751	1757
wolfSSL	11:cee25a834751	1758	WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
wolfSSL	11:cee25a834751	1759
wolfSSL	11:cee25a834751	1760	#endif /* HAVE_ALPN */
wolfSSL	11:cee25a834751	1761
wolfSSL	11:cee25a834751	1762	/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
wolfSSL	11:cee25a834751	1763	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	11:cee25a834751	1764
wolfSSL	11:cee25a834751	1765	WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
wolfSSL	11:cee25a834751	1766
wolfSSL	11:cee25a834751	1767	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	11:cee25a834751	1768
wolfSSL	11:cee25a834751	1769	/** Truncated HMAC - RFC 6066 (session 7) */
wolfSSL	11:cee25a834751	1770	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	11:cee25a834751	1771
wolfSSL	11:cee25a834751	1772	WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
wolfSSL	11:cee25a834751	1773
wolfSSL	11:cee25a834751	1774	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	11:cee25a834751	1775
wolfSSL	11:cee25a834751	1776	/** Certificate Status Request - RFC 6066 (session 8) */
wolfSSL	11:cee25a834751	1777	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	11:cee25a834751	1778
wolfSSL	11:cee25a834751	1779	typedef struct {
wolfSSL	11:cee25a834751	1780	byte status_type;
wolfSSL	11:cee25a834751	1781	byte options;
wolfSSL	11:cee25a834751	1782	union {
wolfSSL	11:cee25a834751	1783	OcspRequest ocsp;
wolfSSL	11:cee25a834751	1784	} request;
wolfSSL	11:cee25a834751	1785	} CertificateStatusRequest;
wolfSSL	11:cee25a834751	1786
wolfSSL	11:cee25a834751	1787	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
wolfSSL	11:cee25a834751	1788	byte status_type, byte options, void* heap, int devId);
wolfSSL	11:cee25a834751	1789	WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
wolfSSL	11:cee25a834751	1790	void* heap);
wolfSSL	11:cee25a834751	1791	WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
wolfSSL	11:cee25a834751	1792	WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	1793
wolfSSL	11:cee25a834751	1794	#endif
wolfSSL	11:cee25a834751	1795
wolfSSL	11:cee25a834751	1796	/** Certificate Status Request v2 - RFC 6961 */
wolfSSL	11:cee25a834751	1797	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	11:cee25a834751	1798
wolfSSL	11:cee25a834751	1799	typedef struct CSRIv2 {
wolfSSL	11:cee25a834751	1800	byte status_type;
wolfSSL	11:cee25a834751	1801	byte options;
wolfSSL	11:cee25a834751	1802	word16 requests;
wolfSSL	11:cee25a834751	1803	union {
wolfSSL	11:cee25a834751	1804	OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
wolfSSL	11:cee25a834751	1805	} request;
wolfSSL	11:cee25a834751	1806	struct CSRIv2* next;
wolfSSL	11:cee25a834751	1807	} CertificateStatusRequestItemV2;
wolfSSL	11:cee25a834751	1808
wolfSSL	11:cee25a834751	1809	WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
wolfSSL	11:cee25a834751	1810	byte status_type, byte options, void* heap, int devId);
wolfSSL	11:cee25a834751	1811	WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
wolfSSL	11:cee25a834751	1812	byte isPeer, void* heap);
wolfSSL	11:cee25a834751	1813	WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
wolfSSL	11:cee25a834751	1814	byte index);
wolfSSL	11:cee25a834751	1815	WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	1816
wolfSSL	11:cee25a834751	1817	#endif
wolfSSL	11:cee25a834751	1818
wolfSSL	11:cee25a834751	1819	/** Supported Elliptic Curves - RFC 4492 (session 4) */
wolfSSL	11:cee25a834751	1820	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	11:cee25a834751	1821
wolfSSL	11:cee25a834751	1822	typedef struct EllipticCurve {
wolfSSL	11:cee25a834751	1823	word16 name; /* CurveNames */
wolfSSL	11:cee25a834751	1824	struct EllipticCurve* next; /* List Behavior */
wolfSSL	11:cee25a834751	1825	} EllipticCurve;
wolfSSL	11:cee25a834751	1826
wolfSSL	11:cee25a834751	1827	WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
wolfSSL	11:cee25a834751	1828	void* heap);
wolfSSL	11:cee25a834751	1829
wolfSSL	11:cee25a834751	1830	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	1831	WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
wolfSSL	11:cee25a834751	1832	byte second);
wolfSSL	11:cee25a834751	1833	#endif
wolfSSL	11:cee25a834751	1834
wolfSSL	11:cee25a834751	1835	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	11:cee25a834751	1836
wolfSSL	11:cee25a834751	1837	/** Renegotiation Indication - RFC 5746 */
wolfSSL	11:cee25a834751	1838	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	11:cee25a834751	1839	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	11:cee25a834751	1840
wolfSSL	11:cee25a834751	1841	enum key_cache_state {
wolfSSL	11:cee25a834751	1842	SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL	11:cee25a834751	1843	SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL	11:cee25a834751	1844	SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL	11:cee25a834751	1845	SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL	11:cee25a834751	1846	SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL	11:cee25a834751	1847	};
wolfSSL	11:cee25a834751	1848
wolfSSL	11:cee25a834751	1849	/* Additional Connection State according to rfc5746 section 3.1 */
wolfSSL	11:cee25a834751	1850	typedef struct SecureRenegotiation {
wolfSSL	11:cee25a834751	1851	byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL	11:cee25a834751	1852	byte startScr; /* server requested client to start scr */
wolfSSL	11:cee25a834751	1853	enum key_cache_state cache_status; /* track key cache state */
wolfSSL	11:cee25a834751	1854	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	11:cee25a834751	1855	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	11:cee25a834751	1856	byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
wolfSSL	11:cee25a834751	1857	Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL	11:cee25a834751	1858	} SecureRenegotiation;
wolfSSL	11:cee25a834751	1859
wolfSSL	11:cee25a834751	1860	WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
wolfSSL	11:cee25a834751	1861
wolfSSL	11:cee25a834751	1862	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	11:cee25a834751	1863	WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
wolfSSL	11:cee25a834751	1864	#endif
wolfSSL	11:cee25a834751	1865
wolfSSL	11:cee25a834751	1866	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	11:cee25a834751	1867
wolfSSL	11:cee25a834751	1868	/** Session Ticket - RFC 5077 (session 3.2) */
wolfSSL	11:cee25a834751	1869	#ifdef HAVE_SESSION_TICKET
wolfSSL	11:cee25a834751	1870
wolfSSL	11:cee25a834751	1871	typedef struct SessionTicket {
wolfSSL	11:cee25a834751	1872	word32 lifetime;
wolfSSL	11:cee25a834751	1873	byte* data;
wolfSSL	11:cee25a834751	1874	word16 size;
wolfSSL	11:cee25a834751	1875	} SessionTicket;
wolfSSL	11:cee25a834751	1876
wolfSSL	11:cee25a834751	1877	WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL	11:cee25a834751	1878	SessionTicket* ticket, void* heap);
wolfSSL	11:cee25a834751	1879	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	11:cee25a834751	1880	byte* data, word16 size, void* heap);
wolfSSL	11:cee25a834751	1881	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
wolfSSL	11:cee25a834751	1882
wolfSSL	11:cee25a834751	1883	#endif /* HAVE_SESSION_TICKET */
wolfSSL	11:cee25a834751	1884
wolfSSL	11:cee25a834751	1885	/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
wolfSSL	11:cee25a834751	1886	#ifdef HAVE_QSH
wolfSSL	11:cee25a834751	1887
wolfSSL	11:cee25a834751	1888	typedef struct QSHScheme {
wolfSSL	11:cee25a834751	1889	struct QSHScheme* next; /* List Behavior */
wolfSSL	11:cee25a834751	1890	byte* PK;
wolfSSL	11:cee25a834751	1891	word16 name; /* QSHScheme Names */
wolfSSL	11:cee25a834751	1892	word16 PKLen;
wolfSSL	11:cee25a834751	1893	} QSHScheme;
wolfSSL	11:cee25a834751	1894
wolfSSL	11:cee25a834751	1895	typedef struct QSHkey {
wolfSSL	11:cee25a834751	1896	struct QSHKey* next;
wolfSSL	11:cee25a834751	1897	word16 name;
wolfSSL	11:cee25a834751	1898	buffer pub;
wolfSSL	11:cee25a834751	1899	buffer pri;
wolfSSL	11:cee25a834751	1900	} QSHKey;
wolfSSL	11:cee25a834751	1901
wolfSSL	11:cee25a834751	1902	typedef struct QSHSecret {
wolfSSL	11:cee25a834751	1903	QSHScheme* list;
wolfSSL	11:cee25a834751	1904	buffer* SerSi;
wolfSSL	11:cee25a834751	1905	buffer* CliSi;
wolfSSL	11:cee25a834751	1906	} QSHSecret;
wolfSSL	11:cee25a834751	1907
wolfSSL	11:cee25a834751	1908	/* used in key exchange during handshake */
wolfSSL	11:cee25a834751	1909	WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
wolfSSL	11:cee25a834751	1910	word16 length, byte isServer);
wolfSSL	11:cee25a834751	1911	WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
wolfSSL	11:cee25a834751	1912	WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
wolfSSL	11:cee25a834751	1913
wolfSSL	11:cee25a834751	1914	/* used by api for setting a specific QSH scheme */
wolfSSL	11:cee25a834751	1915	WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
wolfSSL	11:cee25a834751	1916	byte* pKey, word16 pKeySz, void* heap);
wolfSSL	11:cee25a834751	1917
wolfSSL	11:cee25a834751	1918	/* used when parsing in QSHCipher structs */
wolfSSL	11:cee25a834751	1919	WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	11:cee25a834751	1920	byte* out, word16* szOut);
wolfSSL	11:cee25a834751	1921	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	1922	WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
wolfSSL	11:cee25a834751	1923	#endif
wolfSSL	11:cee25a834751	1924
wolfSSL	11:cee25a834751	1925	#endif /* HAVE_QSH */
wolfSSL	11:cee25a834751	1926
wolfSSL	11:cee25a834751	1927
wolfSSL	11:cee25a834751	1928	/* wolfSSL context type */
wolfSSL	11:cee25a834751	1929	struct WOLFSSL_CTX {
wolfSSL	11:cee25a834751	1930	WOLFSSL_METHOD* method;
wolfSSL	11:cee25a834751	1931	#ifdef SINGLE_THREADED
wolfSSL	11:cee25a834751	1932	WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
wolfSSL	11:cee25a834751	1933	#endif
wolfSSL	11:cee25a834751	1934	wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	11:cee25a834751	1935	int refCount; /* reference count */
wolfSSL	11:cee25a834751	1936	int err; /* error code in case of mutex not created */
wolfSSL	11:cee25a834751	1937	#ifndef NO_DH
wolfSSL	11:cee25a834751	1938	buffer serverDH_P;
wolfSSL	11:cee25a834751	1939	buffer serverDH_G;
wolfSSL	11:cee25a834751	1940	#endif
wolfSSL	11:cee25a834751	1941	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	1942	DerBuffer* certificate;
wolfSSL	11:cee25a834751	1943	DerBuffer* certChain;
wolfSSL	11:cee25a834751	1944	/* chain after self, in DER, with leading size for each cert */
wolfSSL	11:cee25a834751	1945	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	1946	STACK_OF(WOLFSSL_X509_NAME)* ca_names;
wolfSSL	11:cee25a834751	1947	#endif
wolfSSL	11:cee25a834751	1948	#if defined(WOLFSSL_NGINX) \|\| defined (WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	1949	STACK_OF(WOLFSSL_X509)* x509Chain;
wolfSSL	11:cee25a834751	1950	#endif
wolfSSL	11:cee25a834751	1951	DerBuffer* privateKey;
wolfSSL	11:cee25a834751	1952	WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	11:cee25a834751	1953	#endif
wolfSSL	11:cee25a834751	1954	#ifdef KEEP_OUR_CERT
wolfSSL	11:cee25a834751	1955	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
wolfSSL	11:cee25a834751	1956	int ownOurCert; /* Dispose of certificate if we own */
wolfSSL	11:cee25a834751	1957	#endif
wolfSSL	11:cee25a834751	1958	Suites* suites; /* make dynamic, user may not need/set */
wolfSSL	11:cee25a834751	1959	void* heap; /* for user memory overrides */
wolfSSL	11:cee25a834751	1960	byte verifyPeer;
wolfSSL	11:cee25a834751	1961	byte verifyNone;
wolfSSL	11:cee25a834751	1962	byte failNoCert;
wolfSSL	11:cee25a834751	1963	byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/
wolfSSL	11:cee25a834751	1964	byte sessionCacheOff;
wolfSSL	11:cee25a834751	1965	byte sessionCacheFlushOff;
wolfSSL	11:cee25a834751	1966	#ifdef HAVE_EXT_CACHE
wolfSSL	11:cee25a834751	1967	byte internalCacheOff;
wolfSSL	11:cee25a834751	1968	#endif
wolfSSL	11:cee25a834751	1969	byte sendVerify; /* for client side */
wolfSSL	11:cee25a834751	1970	byte haveRSA; /* RSA available */
wolfSSL	11:cee25a834751	1971	byte haveECC; /* ECC available */
wolfSSL	11:cee25a834751	1972	byte haveDH; /* server DH parms set by user */
wolfSSL	11:cee25a834751	1973	byte haveNTRU; /* server private NTRU key loaded */
wolfSSL	11:cee25a834751	1974	byte haveECDSAsig; /* server cert signed w/ ECDSA */
wolfSSL	11:cee25a834751	1975	byte haveStaticECC; /* static server ECC private key */
wolfSSL	11:cee25a834751	1976	byte partialWrite; /* only one msg per write call */
wolfSSL	11:cee25a834751	1977	byte quietShutdown; /* don't send close notify */
wolfSSL	11:cee25a834751	1978	byte groupMessages; /* group handshake messages before sending */
wolfSSL	11:cee25a834751	1979	byte minDowngrade; /* minimum downgrade version */
wolfSSL	11:cee25a834751	1980	byte haveEMS; /* have extended master secret extension */
wolfSSL	11:cee25a834751	1981	byte useClientOrder; /* Use client's cipher preference order */
wolfSSL	11:cee25a834751	1982	#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL	11:cee25a834751	1983	byte dtlsSctp; /* DTLS-over-SCTP mode */
wolfSSL	11:cee25a834751	1984	word16 dtlsMtuSz; /* DTLS MTU size */
wolfSSL	11:cee25a834751	1985	#endif
wolfSSL	11:cee25a834751	1986	#ifndef NO_DH
wolfSSL	11:cee25a834751	1987	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	11:cee25a834751	1988	#endif
wolfSSL	11:cee25a834751	1989	#ifndef NO_RSA
wolfSSL	11:cee25a834751	1990	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	11:cee25a834751	1991	#endif
wolfSSL	11:cee25a834751	1992	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	1993	short minEccKeySz; /* minimum ECC key size */
wolfSSL	11:cee25a834751	1994	#endif
wolfSSL	11:cee25a834751	1995	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	1996	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	11:cee25a834751	1997	#endif
wolfSSL	11:cee25a834751	1998	CallbackIORecv CBIORecv;
wolfSSL	11:cee25a834751	1999	CallbackIOSend CBIOSend;
wolfSSL	11:cee25a834751	2000	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	2001	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	11:cee25a834751	2002	wc_dtls_export dtls_export; /* export function for DTLS session */
wolfSSL	11:cee25a834751	2003	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	11:cee25a834751	2004	CallbackGetPeer CBGetPeer;
wolfSSL	11:cee25a834751	2005	CallbackSetPeer CBSetPeer;
wolfSSL	11:cee25a834751	2006	#endif
wolfSSL	11:cee25a834751	2007	#endif /* WOLFSSL_DTLS */
wolfSSL	11:cee25a834751	2008	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	11:cee25a834751	2009	word32 timeout; /* session timeout */
wolfSSL	11:cee25a834751	2010	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2011	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	11:cee25a834751	2012	word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL	11:cee25a834751	2013	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	11:cee25a834751	2014	#endif
wolfSSL	11:cee25a834751	2015	#ifndef NO_PSK
wolfSSL	11:cee25a834751	2016	byte havePSK; /* psk key set by user */
wolfSSL	11:cee25a834751	2017	wc_psk_client_callback client_psk_cb; /* client callback */
wolfSSL	11:cee25a834751	2018	wc_psk_server_callback server_psk_cb; /* server callback */
wolfSSL	11:cee25a834751	2019	char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	11:cee25a834751	2020	#endif /* NO_PSK */
wolfSSL	11:cee25a834751	2021	#ifdef HAVE_ANON
wolfSSL	11:cee25a834751	2022	byte haveAnon; /* User wants to allow Anon suites */
wolfSSL	11:cee25a834751	2023	#endif /* HAVE_ANON */
wolfSSL	11:cee25a834751	2024	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	11:cee25a834751	2025	pem_password_cb* passwd_cb;
wolfSSL	11:cee25a834751	2026	void* userdata;
wolfSSL	11:cee25a834751	2027	WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
wolfSSL	11:cee25a834751	2028	byte readAhead;
wolfSSL	11:cee25a834751	2029	void* userPRFArg; /* passed to prf callback */
wolfSSL	11:cee25a834751	2030	#endif /* OPENSSL_EXTRA */
wolfSSL	11:cee25a834751	2031	#ifdef HAVE_EX_DATA
wolfSSL	11:cee25a834751	2032	void* ex_data[MAX_EX_DATA];
wolfSSL	11:cee25a834751	2033	#endif
wolfSSL	11:cee25a834751	2034	#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY))
wolfSSL	11:cee25a834751	2035	CallbackALPNSelect alpnSelect;
wolfSSL	11:cee25a834751	2036	void* alpnSelectArg;
wolfSSL	11:cee25a834751	2037	#endif
wolfSSL	11:cee25a834751	2038	#if defined(HAVE_STUNNEL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	2039	CallbackSniRecv sniRecvCb;
wolfSSL	11:cee25a834751	2040	void* sniRecvCbArg;
wolfSSL	11:cee25a834751	2041	#endif
wolfSSL	11:cee25a834751	2042	#ifdef HAVE_OCSP
wolfSSL	11:cee25a834751	2043	WOLFSSL_OCSP ocsp;
wolfSSL	11:cee25a834751	2044	#endif
wolfSSL	11:cee25a834751	2045	int devId; /* async device id to use */
wolfSSL	11:cee25a834751	2046	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	11:cee25a834751	2047	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	11:cee25a834751	2048	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	2049	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	11:cee25a834751	2050	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	11:cee25a834751	2051	OcspRequest* certOcspRequest;
wolfSSL	11:cee25a834751	2052	#endif
wolfSSL	11:cee25a834751	2053	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	11:cee25a834751	2054	OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
wolfSSL	11:cee25a834751	2055	#endif
wolfSSL	11:cee25a834751	2056	#endif
wolfSSL	11:cee25a834751	2057	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	11:cee25a834751	2058	SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL	11:cee25a834751	2059	void* ticketEncCtx; /* session encrypt context */
wolfSSL	11:cee25a834751	2060	int ticketHint; /* ticket hint in seconds */
wolfSSL	11:cee25a834751	2061	#endif
wolfSSL	11:cee25a834751	2062	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	11:cee25a834751	2063	byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
wolfSSL	11:cee25a834751	2064	#endif
wolfSSL	11:cee25a834751	2065	#endif
wolfSSL	11:cee25a834751	2066	#ifdef ATOMIC_USER
wolfSSL	11:cee25a834751	2067	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	11:cee25a834751	2068	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	11:cee25a834751	2069	#endif
wolfSSL	11:cee25a834751	2070	#ifdef HAVE_PK_CALLBACKS
wolfSSL	11:cee25a834751	2071	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2072	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	11:cee25a834751	2073	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	11:cee25a834751	2074	CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
wolfSSL	11:cee25a834751	2075	#endif /* HAVE_ECC */
wolfSSL	11:cee25a834751	2076	#ifndef NO_RSA
wolfSSL	11:cee25a834751	2077	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
wolfSSL	11:cee25a834751	2078	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
wolfSSL	11:cee25a834751	2079	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	11:cee25a834751	2080	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	11:cee25a834751	2081	#endif /* NO_RSA */
wolfSSL	11:cee25a834751	2082	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	11:cee25a834751	2083	#ifdef HAVE_WOLF_EVENT
wolfSSL	11:cee25a834751	2084	WOLF_EVENT_QUEUE event_queue;
wolfSSL	11:cee25a834751	2085	#endif /* HAVE_WOLF_EVENT */
wolfSSL	11:cee25a834751	2086	#ifdef HAVE_EXT_CACHE
wolfSSL	11:cee25a834751	2087	WOLFSSL_SESSION(get_sess_cb)(WOLFSSL, unsigned char, int, int*);
wolfSSL	11:cee25a834751	2088	int (new_sess_cb)(WOLFSSL, WOLFSSL_SESSION*);
wolfSSL	11:cee25a834751	2089	void (rem_sess_cb)(WOLFSSL_CTX, WOLFSSL_SESSION*);
wolfSSL	11:cee25a834751	2090	#endif
wolfSSL	11:cee25a834751	2091	};
wolfSSL	11:cee25a834751	2092
wolfSSL	11:cee25a834751	2093
wolfSSL	11:cee25a834751	2094	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2095	WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
wolfSSL	11:cee25a834751	2096	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2097	int InitSSL_Ctx(WOLFSSL_CTX, WOLFSSL_METHOD, void* heap);
wolfSSL	11:cee25a834751	2098	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2099	void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL	11:cee25a834751	2100	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2101	void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL	11:cee25a834751	2102
wolfSSL	11:cee25a834751	2103	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2104	int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	2105	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2106	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	11:cee25a834751	2107	word32 inSz, word16 sz);
wolfSSL	11:cee25a834751	2108	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	2109	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2110	int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
wolfSSL	11:cee25a834751	2111	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2112	int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	11:cee25a834751	2113	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	11:cee25a834751	2114	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2115	int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
wolfSSL	11:cee25a834751	2116	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2117	int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	11:cee25a834751	2118	#endif
wolfSSL	11:cee25a834751	2119	#endif
wolfSSL	11:cee25a834751	2120
wolfSSL	11:cee25a834751	2121	/* All cipher suite related info
wolfSSL	11:cee25a834751	2122	* Keep as a constant size (no ifdefs) for session export */
wolfSSL	11:cee25a834751	2123	typedef struct CipherSpecs {
wolfSSL	11:cee25a834751	2124	word16 key_size;
wolfSSL	11:cee25a834751	2125	word16 iv_size;
wolfSSL	11:cee25a834751	2126	word16 block_size;
wolfSSL	11:cee25a834751	2127	word16 aead_mac_size;
wolfSSL	11:cee25a834751	2128	byte bulk_cipher_algorithm;
wolfSSL	11:cee25a834751	2129	byte cipher_type; /* block, stream, or aead */
wolfSSL	11:cee25a834751	2130	byte mac_algorithm;
wolfSSL	11:cee25a834751	2131	byte kea; /* key exchange algo */
wolfSSL	11:cee25a834751	2132	byte sig_algo;
wolfSSL	11:cee25a834751	2133	byte hash_size;
wolfSSL	11:cee25a834751	2134	byte pad_size;
wolfSSL	11:cee25a834751	2135	byte static_ecdh;
wolfSSL	11:cee25a834751	2136	} CipherSpecs;
wolfSSL	11:cee25a834751	2137
wolfSSL	11:cee25a834751	2138
wolfSSL	11:cee25a834751	2139	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	11:cee25a834751	2140
wolfSSL	11:cee25a834751	2141
wolfSSL	11:cee25a834751	2142	/* Supported Message Authentication Codes from page 43 */
wolfSSL	11:cee25a834751	2143	enum MACAlgorithm {
wolfSSL	11:cee25a834751	2144	no_mac,
wolfSSL	11:cee25a834751	2145	md5_mac,
wolfSSL	11:cee25a834751	2146	sha_mac,
wolfSSL	11:cee25a834751	2147	sha224_mac,
wolfSSL	11:cee25a834751	2148	sha256_mac, /* needs to match external KDF_MacAlgorithm */
wolfSSL	11:cee25a834751	2149	sha384_mac,
wolfSSL	11:cee25a834751	2150	sha512_mac,
wolfSSL	11:cee25a834751	2151	rmd_mac,
wolfSSL	11:cee25a834751	2152	blake2b_mac
wolfSSL	11:cee25a834751	2153	};
wolfSSL	11:cee25a834751	2154
wolfSSL	11:cee25a834751	2155
wolfSSL	11:cee25a834751	2156	/* Supported Key Exchange Protocols */
wolfSSL	11:cee25a834751	2157	enum KeyExchangeAlgorithm {
wolfSSL	11:cee25a834751	2158	no_kea,
wolfSSL	11:cee25a834751	2159	rsa_kea,
wolfSSL	11:cee25a834751	2160	diffie_hellman_kea,
wolfSSL	11:cee25a834751	2161	fortezza_kea,
wolfSSL	11:cee25a834751	2162	psk_kea,
wolfSSL	11:cee25a834751	2163	dhe_psk_kea,
wolfSSL	11:cee25a834751	2164	ecdhe_psk_kea,
wolfSSL	11:cee25a834751	2165	ntru_kea,
wolfSSL	11:cee25a834751	2166	ecc_diffie_hellman_kea,
wolfSSL	11:cee25a834751	2167	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	11:cee25a834751	2168	};
wolfSSL	11:cee25a834751	2169
wolfSSL	11:cee25a834751	2170
wolfSSL	11:cee25a834751	2171	/* Supported Authentication Schemes */
wolfSSL	11:cee25a834751	2172	enum SignatureAlgorithm {
wolfSSL	11:cee25a834751	2173	anonymous_sa_algo,
wolfSSL	11:cee25a834751	2174	rsa_sa_algo,
wolfSSL	11:cee25a834751	2175	dsa_sa_algo,
wolfSSL	11:cee25a834751	2176	ecc_dsa_sa_algo
wolfSSL	11:cee25a834751	2177	};
wolfSSL	11:cee25a834751	2178
wolfSSL	11:cee25a834751	2179
wolfSSL	11:cee25a834751	2180	/* Supprted ECC Curve Types */
wolfSSL	11:cee25a834751	2181	enum EccCurves {
wolfSSL	11:cee25a834751	2182	named_curve = 3
wolfSSL	11:cee25a834751	2183	};
wolfSSL	11:cee25a834751	2184
wolfSSL	11:cee25a834751	2185
wolfSSL	11:cee25a834751	2186	/* Valid client certificate request types from page 27 */
wolfSSL	11:cee25a834751	2187	enum ClientCertificateType {
wolfSSL	11:cee25a834751	2188	rsa_sign = 1,
wolfSSL	11:cee25a834751	2189	dss_sign = 2,
wolfSSL	11:cee25a834751	2190	rsa_fixed_dh = 3,
wolfSSL	11:cee25a834751	2191	dss_fixed_dh = 4,
wolfSSL	11:cee25a834751	2192	rsa_ephemeral_dh = 5,
wolfSSL	11:cee25a834751	2193	dss_ephemeral_dh = 6,
wolfSSL	11:cee25a834751	2194	fortezza_kea_cert = 20,
wolfSSL	11:cee25a834751	2195	ecdsa_sign = 64,
wolfSSL	11:cee25a834751	2196	rsa_fixed_ecdh = 65,
wolfSSL	11:cee25a834751	2197	ecdsa_fixed_ecdh = 66
wolfSSL	11:cee25a834751	2198	};
wolfSSL	11:cee25a834751	2199
wolfSSL	11:cee25a834751	2200
wolfSSL	11:cee25a834751	2201	enum CipherType { stream, block, aead };
wolfSSL	11:cee25a834751	2202
wolfSSL	11:cee25a834751	2203
wolfSSL	11:cee25a834751	2204
wolfSSL	11:cee25a834751	2205
wolfSSL	11:cee25a834751	2206
wolfSSL	11:cee25a834751	2207
wolfSSL	11:cee25a834751	2208	/* cipher for now */
wolfSSL	11:cee25a834751	2209	typedef struct Ciphers {
wolfSSL	11:cee25a834751	2210	#ifdef BUILD_ARC4
wolfSSL	11:cee25a834751	2211	Arc4* arc4;
wolfSSL	11:cee25a834751	2212	#endif
wolfSSL	11:cee25a834751	2213	#ifdef BUILD_DES3
wolfSSL	11:cee25a834751	2214	Des3* des3;
wolfSSL	11:cee25a834751	2215	#endif
wolfSSL	11:cee25a834751	2216	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	11:cee25a834751	2217	Aes* aes;
wolfSSL	11:cee25a834751	2218	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	11:cee25a834751	2219	byte* additional;
wolfSSL	11:cee25a834751	2220	byte* nonce;
wolfSSL	11:cee25a834751	2221	#endif
wolfSSL	11:cee25a834751	2222	#endif
wolfSSL	11:cee25a834751	2223	#ifdef HAVE_CAMELLIA
wolfSSL	11:cee25a834751	2224	Camellia* cam;
wolfSSL	11:cee25a834751	2225	#endif
wolfSSL	11:cee25a834751	2226	#ifdef HAVE_CHACHA
wolfSSL	11:cee25a834751	2227	ChaCha* chacha;
wolfSSL	11:cee25a834751	2228	#endif
wolfSSL	11:cee25a834751	2229	#ifdef HAVE_HC128
wolfSSL	11:cee25a834751	2230	HC128* hc128;
wolfSSL	11:cee25a834751	2231	#endif
wolfSSL	11:cee25a834751	2232	#ifdef BUILD_RABBIT
wolfSSL	11:cee25a834751	2233	Rabbit* rabbit;
wolfSSL	11:cee25a834751	2234	#endif
wolfSSL	11:cee25a834751	2235	#ifdef HAVE_IDEA
wolfSSL	11:cee25a834751	2236	Idea* idea;
wolfSSL	11:cee25a834751	2237	#endif
wolfSSL	11:cee25a834751	2238	byte state;
wolfSSL	11:cee25a834751	2239	byte setup; /* have we set it up flag for detection */
wolfSSL	11:cee25a834751	2240	} Ciphers;
wolfSSL	11:cee25a834751	2241
wolfSSL	11:cee25a834751	2242
wolfSSL	11:cee25a834751	2243	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	11:cee25a834751	2244	/* Ciphers for one time authentication such as poly1305 */
wolfSSL	11:cee25a834751	2245	typedef struct OneTimeAuth {
wolfSSL	11:cee25a834751	2246	#ifdef HAVE_POLY1305
wolfSSL	11:cee25a834751	2247	Poly1305* poly1305;
wolfSSL	11:cee25a834751	2248	#endif
wolfSSL	11:cee25a834751	2249	byte setup; /* flag for if a cipher has been set */
wolfSSL	11:cee25a834751	2250
wolfSSL	11:cee25a834751	2251	} OneTimeAuth;
wolfSSL	11:cee25a834751	2252	#endif
wolfSSL	11:cee25a834751	2253
wolfSSL	11:cee25a834751	2254
wolfSSL	11:cee25a834751	2255	WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	2256	WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	2257
wolfSSL	11:cee25a834751	2258
wolfSSL	11:cee25a834751	2259	/* hashes type */
wolfSSL	11:cee25a834751	2260	typedef struct Hashes {
wolfSSL	11:cee25a834751	2261	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	11:cee25a834751	2262	byte md5[MD5_DIGEST_SIZE];
wolfSSL	11:cee25a834751	2263	#endif
wolfSSL	11:cee25a834751	2264	#if !defined(NO_SHA)
wolfSSL	11:cee25a834751	2265	byte sha[SHA_DIGEST_SIZE];
wolfSSL	11:cee25a834751	2266	#endif
wolfSSL	11:cee25a834751	2267	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	2268	byte sha256[SHA256_DIGEST_SIZE];
wolfSSL	11:cee25a834751	2269	#endif
wolfSSL	11:cee25a834751	2270	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	2271	byte sha384[SHA384_DIGEST_SIZE];
wolfSSL	11:cee25a834751	2272	#endif
wolfSSL	11:cee25a834751	2273	#ifdef WOLFSSL_SHA512
wolfSSL	11:cee25a834751	2274	byte sha512[SHA512_DIGEST_SIZE];
wolfSSL	11:cee25a834751	2275	#endif
wolfSSL	11:cee25a834751	2276	} Hashes;
wolfSSL	11:cee25a834751	2277
wolfSSL	11:cee25a834751	2278
wolfSSL	11:cee25a834751	2279	/* Static x509 buffer */
wolfSSL	11:cee25a834751	2280	typedef struct x509_buffer {
wolfSSL	11:cee25a834751	2281	int length; /* actual size */
wolfSSL	11:cee25a834751	2282	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	11:cee25a834751	2283	} x509_buffer;
wolfSSL	11:cee25a834751	2284
wolfSSL	11:cee25a834751	2285
wolfSSL	11:cee25a834751	2286	/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	11:cee25a834751	2287	struct WOLFSSL_X509_CHAIN {
wolfSSL	11:cee25a834751	2288	int count; /* total number in chain */
wolfSSL	11:cee25a834751	2289	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	11:cee25a834751	2290	};
wolfSSL	11:cee25a834751	2291
wolfSSL	11:cee25a834751	2292
wolfSSL	11:cee25a834751	2293	/* wolfSSL session type */
wolfSSL	11:cee25a834751	2294	struct WOLFSSL_SESSION {
wolfSSL	11:cee25a834751	2295	word32 bornOn; /* create time in seconds */
wolfSSL	11:cee25a834751	2296	word32 timeout; /* timeout in seconds */
wolfSSL	11:cee25a834751	2297	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	11:cee25a834751	2298	byte sessionIDSz;
wolfSSL	11:cee25a834751	2299	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	11:cee25a834751	2300	word16 haveEMS; /* ext master secret flag */
wolfSSL	11:cee25a834751	2301	#ifdef SESSION_CERTS
wolfSSL	11:cee25a834751	2302	WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	11:cee25a834751	2303	ProtocolVersion version; /* which version was used */
wolfSSL	11:cee25a834751	2304	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	11:cee25a834751	2305	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	11:cee25a834751	2306	#endif
wolfSSL	11:cee25a834751	2307	#ifndef NO_CLIENT_CACHE
wolfSSL	11:cee25a834751	2308	word16 idLen; /* serverID length */
wolfSSL	11:cee25a834751	2309	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	11:cee25a834751	2310	#endif
wolfSSL	11:cee25a834751	2311	#ifdef HAVE_SESSION_TICKET
wolfSSL	11:cee25a834751	2312	byte* ticket;
wolfSSL	11:cee25a834751	2313	word16 ticketLen;
wolfSSL	11:cee25a834751	2314	byte staticTicket[SESSION_TICKET_LEN];
wolfSSL	11:cee25a834751	2315	byte isDynamic;
wolfSSL	11:cee25a834751	2316	#endif
wolfSSL	11:cee25a834751	2317	#ifdef HAVE_EXT_CACHE
wolfSSL	11:cee25a834751	2318	byte isAlloced;
wolfSSL	11:cee25a834751	2319	#endif
wolfSSL	11:cee25a834751	2320	#ifdef HAVE_EX_DATA
wolfSSL	11:cee25a834751	2321	void* ex_data[MAX_EX_DATA];
wolfSSL	11:cee25a834751	2322	#endif
wolfSSL	11:cee25a834751	2323	};
wolfSSL	11:cee25a834751	2324
wolfSSL	11:cee25a834751	2325
wolfSSL	11:cee25a834751	2326	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2327	WOLFSSL_SESSION* GetSession(WOLFSSL, byte, byte);
wolfSSL	11:cee25a834751	2328	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2329	int SetSession(WOLFSSL, WOLFSSL_SESSION);
wolfSSL	11:cee25a834751	2330
wolfSSL	11:cee25a834751	2331	typedef int (hmacfp) (WOLFSSL, byte, const byte, word32, int, int);
wolfSSL	11:cee25a834751	2332
wolfSSL	11:cee25a834751	2333	#ifndef NO_CLIENT_CACHE
wolfSSL	11:cee25a834751	2334	WOLFSSL_SESSION* GetSessionClient(WOLFSSL, const byte, int);
wolfSSL	11:cee25a834751	2335	#endif
wolfSSL	11:cee25a834751	2336
wolfSSL	11:cee25a834751	2337	/* client connect state for nonblocking restart */
wolfSSL	11:cee25a834751	2338	enum ConnectState {
wolfSSL	11:cee25a834751	2339	CONNECT_BEGIN = 0,
wolfSSL	11:cee25a834751	2340	CLIENT_HELLO_SENT,
wolfSSL	11:cee25a834751	2341	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	11:cee25a834751	2342	HELLO_AGAIN_REPLY,
wolfSSL	11:cee25a834751	2343	FIRST_REPLY_DONE,
wolfSSL	11:cee25a834751	2344	FIRST_REPLY_FIRST,
wolfSSL	11:cee25a834751	2345	FIRST_REPLY_SECOND,
wolfSSL	11:cee25a834751	2346	FIRST_REPLY_THIRD,
wolfSSL	11:cee25a834751	2347	FIRST_REPLY_FOURTH,
wolfSSL	11:cee25a834751	2348	FINISHED_DONE,
wolfSSL	11:cee25a834751	2349	SECOND_REPLY_DONE
wolfSSL	11:cee25a834751	2350	};
wolfSSL	11:cee25a834751	2351
wolfSSL	11:cee25a834751	2352
wolfSSL	11:cee25a834751	2353	/* server accept state for nonblocking restart */
wolfSSL	11:cee25a834751	2354	enum AcceptState {
wolfSSL	11:cee25a834751	2355	ACCEPT_BEGIN = 0,
wolfSSL	11:cee25a834751	2356	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	11:cee25a834751	2357	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	11:cee25a834751	2358	SERVER_HELLO_SENT,
wolfSSL	11:cee25a834751	2359	CERT_SENT,
wolfSSL	11:cee25a834751	2360	CERT_STATUS_SENT,
wolfSSL	11:cee25a834751	2361	KEY_EXCHANGE_SENT,
wolfSSL	11:cee25a834751	2362	CERT_REQ_SENT,
wolfSSL	11:cee25a834751	2363	SERVER_HELLO_DONE,
wolfSSL	11:cee25a834751	2364	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	11:cee25a834751	2365	TICKET_SENT,
wolfSSL	11:cee25a834751	2366	CHANGE_CIPHER_SENT,
wolfSSL	11:cee25a834751	2367	ACCEPT_FINISHED_DONE,
wolfSSL	11:cee25a834751	2368	ACCEPT_THIRD_REPLY_DONE
wolfSSL	11:cee25a834751	2369	};
wolfSSL	11:cee25a834751	2370
wolfSSL	11:cee25a834751	2371	/* buffers for struct WOLFSSL */
wolfSSL	11:cee25a834751	2372	typedef struct Buffers {
wolfSSL	11:cee25a834751	2373	bufferStatic inputBuffer;
wolfSSL	11:cee25a834751	2374	bufferStatic outputBuffer;
wolfSSL	11:cee25a834751	2375	buffer domainName; /* for client check */
wolfSSL	11:cee25a834751	2376	buffer clearOutputBuffer;
wolfSSL	11:cee25a834751	2377	buffer sig; /* signature data */
wolfSSL	11:cee25a834751	2378	buffer digest; /* digest data */
wolfSSL	11:cee25a834751	2379	int prevSent; /* previous plain text bytes sent
wolfSSL	11:cee25a834751	2380	when got WANT_WRITE */
wolfSSL	11:cee25a834751	2381	int plainSz; /* plain text bytes in buffer to send
wolfSSL	11:cee25a834751	2382	when got WANT_WRITE */
wolfSSL	11:cee25a834751	2383	byte weOwnCert; /* SSL own cert flag */
wolfSSL	11:cee25a834751	2384	byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL	11:cee25a834751	2385	byte weOwnKey; /* SSL own key flag */
wolfSSL	11:cee25a834751	2386	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	11:cee25a834751	2387	#ifndef NO_DH
wolfSSL	11:cee25a834751	2388	buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	11:cee25a834751	2389	buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	11:cee25a834751	2390	buffer serverDH_Pub;
wolfSSL	11:cee25a834751	2391	buffer serverDH_Priv;
wolfSSL	11:cee25a834751	2392	DhKey* serverDH_Key;
wolfSSL	11:cee25a834751	2393	#endif
wolfSSL	11:cee25a834751	2394	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	2395	DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	11:cee25a834751	2396	DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	11:cee25a834751	2397	DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	11:cee25a834751	2398	/* chain after self, in DER, with leading size for each cert */
wolfSSL	11:cee25a834751	2399	#endif
wolfSSL	11:cee25a834751	2400	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	2401	WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	11:cee25a834751	2402	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	2403	buffer dtlsCookieSecret; /* DTLS cookie secret */
wolfSSL	11:cee25a834751	2404	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	11:cee25a834751	2405	#endif
wolfSSL	11:cee25a834751	2406	#ifdef HAVE_PK_CALLBACKS
wolfSSL	11:cee25a834751	2407	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2408	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	11:cee25a834751	2409	#endif /* HAVE_ECC */
wolfSSL	11:cee25a834751	2410	#ifndef NO_RSA
wolfSSL	11:cee25a834751	2411	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	11:cee25a834751	2412	#endif /* NO_RSA */
wolfSSL	11:cee25a834751	2413	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	11:cee25a834751	2414	} Buffers;
wolfSSL	11:cee25a834751	2415
wolfSSL	11:cee25a834751	2416	typedef struct Options {
wolfSSL	11:cee25a834751	2417	#ifndef NO_PSK
wolfSSL	11:cee25a834751	2418	wc_psk_client_callback client_psk_cb;
wolfSSL	11:cee25a834751	2419	wc_psk_server_callback server_psk_cb;
wolfSSL	11:cee25a834751	2420	word16 havePSK:1; /* psk key set by user */
wolfSSL	11:cee25a834751	2421	#endif /* NO_PSK */
wolfSSL	11:cee25a834751	2422	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	2423	unsigned long mask; /* store SSL_OP_ flags */
wolfSSL	11:cee25a834751	2424	#endif
wolfSSL	11:cee25a834751	2425
wolfSSL	11:cee25a834751	2426	/* on/off or small bit flags, optimize layout */
wolfSSL	11:cee25a834751	2427	word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	11:cee25a834751	2428	word16 sessionCacheOff:1;
wolfSSL	11:cee25a834751	2429	word16 sessionCacheFlushOff:1;
wolfSSL	11:cee25a834751	2430	#ifdef HAVE_EXT_CACHE
wolfSSL	11:cee25a834751	2431	word16 internalCacheOff:1;
wolfSSL	11:cee25a834751	2432	#endif
wolfSSL	11:cee25a834751	2433	word16 side:1; /* client or server end */
wolfSSL	11:cee25a834751	2434	word16 verifyPeer:1;
wolfSSL	11:cee25a834751	2435	word16 verifyNone:1;
wolfSSL	11:cee25a834751	2436	word16 failNoCert:1;
wolfSSL	11:cee25a834751	2437	word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
wolfSSL	11:cee25a834751	2438	word16 downgrade:1; /* allow downgrade of versions */
wolfSSL	11:cee25a834751	2439	word16 resuming:1;
wolfSSL	11:cee25a834751	2440	word16 haveSessionId:1; /* server may not send */
wolfSSL	11:cee25a834751	2441	word16 tls:1; /* using TLS ? */
wolfSSL	11:cee25a834751	2442	word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL	11:cee25a834751	2443	word16 dtls:1; /* using datagrams ? */
wolfSSL	11:cee25a834751	2444	word16 connReset:1; /* has the peer reset */
wolfSSL	11:cee25a834751	2445	word16 isClosed:1; /* if we consider conn closed */
wolfSSL	11:cee25a834751	2446	word16 closeNotify:1; /* we've received a close notify */
wolfSSL	11:cee25a834751	2447	word16 sentNotify:1; /* we've sent a close notify */
wolfSSL	11:cee25a834751	2448	word16 usingCompression:1; /* are we using compression */
wolfSSL	11:cee25a834751	2449	word16 haveRSA:1; /* RSA available */
wolfSSL	11:cee25a834751	2450	word16 haveECC:1; /* ECC available */
wolfSSL	11:cee25a834751	2451	word16 haveDH:1; /* server DH parms set by user */
wolfSSL	11:cee25a834751	2452	word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL	11:cee25a834751	2453	word16 haveQSH:1; /* have QSH ability */
wolfSSL	11:cee25a834751	2454	word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL	11:cee25a834751	2455	word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL	11:cee25a834751	2456	word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL	11:cee25a834751	2457	word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL	11:cee25a834751	2458	word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL	11:cee25a834751	2459	word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL	11:cee25a834751	2460	word16 sendAlertState:1; /* nonblocking resume */
wolfSSL	11:cee25a834751	2461	word16 partialWrite:1; /* only one msg per write call */
wolfSSL	11:cee25a834751	2462	word16 quietShutdown:1; /* don't send close notify */
wolfSSL	11:cee25a834751	2463	word16 certOnly:1; /* stop once we get cert */
wolfSSL	11:cee25a834751	2464	word16 groupMessages:1; /* group handshake messages */
wolfSSL	11:cee25a834751	2465	word16 usingNonblock:1; /* are we using nonblocking socket */
wolfSSL	11:cee25a834751	2466	word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL	11:cee25a834751	2467	or psk */
wolfSSL	11:cee25a834751	2468	word16 weOwnRng:1; /* will be true unless CTX owns */
wolfSSL	11:cee25a834751	2469	#ifdef HAVE_POLY1305
wolfSSL	11:cee25a834751	2470	word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL	11:cee25a834751	2471	#endif
wolfSSL	11:cee25a834751	2472	#ifdef HAVE_ANON
wolfSSL	11:cee25a834751	2473	word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL	11:cee25a834751	2474	#endif
wolfSSL	11:cee25a834751	2475	#ifdef HAVE_SESSION_TICKET
wolfSSL	11:cee25a834751	2476	word16 createTicket:1; /* Server to create new Ticket */
wolfSSL	11:cee25a834751	2477	word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL	11:cee25a834751	2478	word16 rejectTicket:1; /* Callback rejected ticket */
wolfSSL	11:cee25a834751	2479	#endif
wolfSSL	11:cee25a834751	2480	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	2481	word16 dtlsHsRetain:1; /* DTLS retaining HS data */
wolfSSL	11:cee25a834751	2482	#ifdef WOLFSSL_SCTP
wolfSSL	11:cee25a834751	2483	word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
wolfSSL	11:cee25a834751	2484	#endif
wolfSSL	11:cee25a834751	2485	#endif
wolfSSL	11:cee25a834751	2486	word16 haveEMS:1; /* using extended master secret */
wolfSSL	11:cee25a834751	2487	#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	11:cee25a834751	2488	word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
wolfSSL	11:cee25a834751	2489	#endif
wolfSSL	11:cee25a834751	2490	word16 keepResources:1; /* Keep resources after handshake */
wolfSSL	11:cee25a834751	2491	word16 useClientOrder:1; /* Use client's cipher order */
wolfSSL	11:cee25a834751	2492
wolfSSL	11:cee25a834751	2493	/* need full byte values for this section */
wolfSSL	11:cee25a834751	2494	byte processReply; /* nonblocking resume */
wolfSSL	11:cee25a834751	2495	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	11:cee25a834751	2496	byte cipherSuite; /* second byte, actual suite */
wolfSSL	11:cee25a834751	2497	byte serverState;
wolfSSL	11:cee25a834751	2498	byte clientState;
wolfSSL	11:cee25a834751	2499	byte handShakeState;
wolfSSL	11:cee25a834751	2500	byte handShakeDone; /* at least one handshake complete */
wolfSSL	11:cee25a834751	2501	byte minDowngrade; /* minimum downgrade version */
wolfSSL	11:cee25a834751	2502	byte connectState; /* nonblocking resume */
wolfSSL	11:cee25a834751	2503	byte acceptState; /* nonblocking resume */
wolfSSL	11:cee25a834751	2504	byte asyncState; /* sub-state for enum asyncState */
wolfSSL	11:cee25a834751	2505	byte buildMsgState; /* sub-state for enum buildMsgState */
wolfSSL	11:cee25a834751	2506	#ifndef NO_DH
wolfSSL	11:cee25a834751	2507	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	11:cee25a834751	2508	word16 dhKeySz; /* actual DH key size */
wolfSSL	11:cee25a834751	2509	#endif
wolfSSL	11:cee25a834751	2510	#ifndef NO_RSA
wolfSSL	11:cee25a834751	2511	short minRsaKeySz; /* minimum RSA key size */
wolfSSL	11:cee25a834751	2512	#endif
wolfSSL	11:cee25a834751	2513	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2514	short minEccKeySz; /* minimum ECC key size */
wolfSSL	11:cee25a834751	2515	#endif
wolfSSL	11:cee25a834751	2516
wolfSSL	11:cee25a834751	2517	} Options;
wolfSSL	11:cee25a834751	2518
wolfSSL	11:cee25a834751	2519	typedef struct Arrays {
wolfSSL	11:cee25a834751	2520	byte* pendingMsg; /* defrag buffer */
wolfSSL	11:cee25a834751	2521	byte* preMasterSecret;
wolfSSL	11:cee25a834751	2522	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	11:cee25a834751	2523	word32 pendingMsgSz; /* defrag buffer size */
wolfSSL	11:cee25a834751	2524	word32 pendingMsgOffset; /* current offset into defrag buffer */
wolfSSL	11:cee25a834751	2525	#ifndef NO_PSK
wolfSSL	11:cee25a834751	2526	word32 psk_keySz; /* actual size */
wolfSSL	11:cee25a834751	2527	char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	11:cee25a834751	2528	char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL	11:cee25a834751	2529	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	11:cee25a834751	2530	#endif
wolfSSL	11:cee25a834751	2531	byte clientRandom[RAN_LEN];
wolfSSL	11:cee25a834751	2532	byte serverRandom[RAN_LEN];
wolfSSL	11:cee25a834751	2533	byte sessionID[ID_LEN];
wolfSSL	11:cee25a834751	2534	byte sessionIDSz;
wolfSSL	11:cee25a834751	2535	byte masterSecret[SECRET_LEN];
wolfSSL	11:cee25a834751	2536	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	2537	byte cookie[MAX_COOKIE_LEN];
wolfSSL	11:cee25a834751	2538	byte cookieSz;
wolfSSL	11:cee25a834751	2539	#endif
wolfSSL	11:cee25a834751	2540	byte pendingMsgType; /* defrag buffer message type */
wolfSSL	11:cee25a834751	2541	} Arrays;
wolfSSL	11:cee25a834751	2542
wolfSSL	11:cee25a834751	2543	#ifndef ASN_NAME_MAX
wolfSSL	11:cee25a834751	2544	#define ASN_NAME_MAX 256
wolfSSL	11:cee25a834751	2545	#endif
wolfSSL	11:cee25a834751	2546
wolfSSL	11:cee25a834751	2547	#ifndef MAX_DATE_SZ
wolfSSL	11:cee25a834751	2548	#define MAX_DATE_SZ 32
wolfSSL	11:cee25a834751	2549	#endif
wolfSSL	11:cee25a834751	2550
wolfSSL	11:cee25a834751	2551	struct WOLFSSL_STACK {
wolfSSL	11:cee25a834751	2552	unsigned long num; /* number of nodes in stack
wolfSSL	11:cee25a834751	2553	* (saftey measure for freeing and shortcut for count) */
wolfSSL	11:cee25a834751	2554	union {
wolfSSL	11:cee25a834751	2555	WOLFSSL_X509* x509;
wolfSSL	11:cee25a834751	2556	WOLFSSL_X509_NAME* name;
wolfSSL	11:cee25a834751	2557	WOLFSSL_BIO* bio;
wolfSSL	11:cee25a834751	2558	WOLFSSL_ASN1_OBJECT* obj;
wolfSSL	11:cee25a834751	2559	char* string;
wolfSSL	11:cee25a834751	2560	} data;
wolfSSL	11:cee25a834751	2561	WOLFSSL_STACK* next;
wolfSSL	11:cee25a834751	2562	};
wolfSSL	11:cee25a834751	2563
wolfSSL	11:cee25a834751	2564
wolfSSL	11:cee25a834751	2565	struct WOLFSSL_X509_NAME {
wolfSSL	11:cee25a834751	2566	char *name;
wolfSSL	11:cee25a834751	2567	char staticName[ASN_NAME_MAX];
wolfSSL	11:cee25a834751	2568	int dynamicName;
wolfSSL	11:cee25a834751	2569	int sz;
wolfSSL	11:cee25a834751	2570	#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
wolfSSL	11:cee25a834751	2571	DecodedName fullName;
wolfSSL	11:cee25a834751	2572	WOLFSSL_X509_NAME_ENTRY cnEntry;
wolfSSL	11:cee25a834751	2573	WOLFSSL_X509* x509; /* x509 that struct belongs to */
wolfSSL	11:cee25a834751	2574	#endif /* OPENSSL_EXTRA */
wolfSSL	11:cee25a834751	2575	};
wolfSSL	11:cee25a834751	2576
wolfSSL	11:cee25a834751	2577	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	11:cee25a834751	2578	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	11:cee25a834751	2579	#endif
wolfSSL	11:cee25a834751	2580
wolfSSL	11:cee25a834751	2581	#ifdef NO_ASN
wolfSSL	11:cee25a834751	2582	typedef struct DNS_entry DNS_entry;
wolfSSL	11:cee25a834751	2583	#endif
wolfSSL	11:cee25a834751	2584
wolfSSL	11:cee25a834751	2585	struct WOLFSSL_X509 {
wolfSSL	11:cee25a834751	2586	int version;
wolfSSL	11:cee25a834751	2587	WOLFSSL_X509_NAME issuer;
wolfSSL	11:cee25a834751	2588	WOLFSSL_X509_NAME subject;
wolfSSL	11:cee25a834751	2589	int serialSz;
wolfSSL	11:cee25a834751	2590	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	11:cee25a834751	2591	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	11:cee25a834751	2592	#ifdef WOLFSSL_SEP
wolfSSL	11:cee25a834751	2593	int deviceTypeSz;
wolfSSL	11:cee25a834751	2594	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	11:cee25a834751	2595	int hwTypeSz;
wolfSSL	11:cee25a834751	2596	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	11:cee25a834751	2597	int hwSerialNumSz;
wolfSSL	11:cee25a834751	2598	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	11:cee25a834751	2599	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	2600	byte certPolicySet;
wolfSSL	11:cee25a834751	2601	byte certPolicyCrit;
wolfSSL	11:cee25a834751	2602	#endif /* OPENSSL_EXTRA */
wolfSSL	11:cee25a834751	2603	#endif
wolfSSL	11:cee25a834751	2604	int notBeforeSz;
wolfSSL	11:cee25a834751	2605	byte notBefore[MAX_DATE_SZ];
wolfSSL	11:cee25a834751	2606	int notAfterSz;
wolfSSL	11:cee25a834751	2607	byte notAfter[MAX_DATE_SZ];
wolfSSL	11:cee25a834751	2608	int sigOID;
wolfSSL	11:cee25a834751	2609	buffer sig;
wolfSSL	11:cee25a834751	2610	int pubKeyOID;
wolfSSL	11:cee25a834751	2611	buffer pubKey;
wolfSSL	11:cee25a834751	2612	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2613	word32 pkCurveOID;
wolfSSL	11:cee25a834751	2614	#endif /* HAVE_ECC */
wolfSSL	11:cee25a834751	2615	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	2616	DerBuffer* derCert; /* may need */
wolfSSL	11:cee25a834751	2617	#endif
wolfSSL	11:cee25a834751	2618	DNS_entry* altNames; /* alt names list */
wolfSSL	11:cee25a834751	2619	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	11:cee25a834751	2620	void* heap; /* heap hint */
wolfSSL	11:cee25a834751	2621	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	11:cee25a834751	2622	byte isCa;
wolfSSL	11:cee25a834751	2623	#ifdef WOLFSSL_CERT_EXT
wolfSSL	11:cee25a834751	2624	char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
wolfSSL	11:cee25a834751	2625	int certPoliciesNb;
wolfSSL	11:cee25a834751	2626	#endif /* WOLFSSL_CERT_EXT */
wolfSSL	11:cee25a834751	2627	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	2628	#ifdef HAVE_EX_DATA
wolfSSL	11:cee25a834751	2629	void* ex_data[MAX_EX_DATA];
wolfSSL	11:cee25a834751	2630	#endif
wolfSSL	11:cee25a834751	2631	word32 pathLength;
wolfSSL	11:cee25a834751	2632	word16 keyUsage;
wolfSSL	11:cee25a834751	2633	byte CRLdistSet;
wolfSSL	11:cee25a834751	2634	byte CRLdistCrit;
wolfSSL	11:cee25a834751	2635	byte* CRLInfo;
wolfSSL	11:cee25a834751	2636	int CRLInfoSz;
wolfSSL	11:cee25a834751	2637	byte authInfoSet;
wolfSSL	11:cee25a834751	2638	byte authInfoCrit;
wolfSSL	11:cee25a834751	2639	byte* authInfo;
wolfSSL	11:cee25a834751	2640	int authInfoSz;
wolfSSL	11:cee25a834751	2641	byte basicConstSet;
wolfSSL	11:cee25a834751	2642	byte basicConstCrit;
wolfSSL	11:cee25a834751	2643	byte basicConstPlSet;
wolfSSL	11:cee25a834751	2644	byte subjAltNameSet;
wolfSSL	11:cee25a834751	2645	byte subjAltNameCrit;
wolfSSL	11:cee25a834751	2646	byte authKeyIdSet;
wolfSSL	11:cee25a834751	2647	byte authKeyIdCrit;
wolfSSL	11:cee25a834751	2648	byte* authKeyId;
wolfSSL	11:cee25a834751	2649	word32 authKeyIdSz;
wolfSSL	11:cee25a834751	2650	byte subjKeyIdSet;
wolfSSL	11:cee25a834751	2651	byte subjKeyIdCrit;
wolfSSL	11:cee25a834751	2652	byte* subjKeyId;
wolfSSL	11:cee25a834751	2653	word32 subjKeyIdSz;
wolfSSL	11:cee25a834751	2654	byte keyUsageSet;
wolfSSL	11:cee25a834751	2655	byte keyUsageCrit;
wolfSSL	11:cee25a834751	2656	byte extKeyUsageCrit;
wolfSSL	11:cee25a834751	2657	byte* extKeyUsageSrc;
wolfSSL	11:cee25a834751	2658	word32 extKeyUsageSz;
wolfSSL	11:cee25a834751	2659	word32 extKeyUsageCount;
wolfSSL	11:cee25a834751	2660	#endif /* OPENSSL_EXTRA */
wolfSSL	11:cee25a834751	2661	};
wolfSSL	11:cee25a834751	2662
wolfSSL	11:cee25a834751	2663
wolfSSL	11:cee25a834751	2664	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	11:cee25a834751	2665	typedef struct RecordLayerHeader {
wolfSSL	11:cee25a834751	2666	byte type;
wolfSSL	11:cee25a834751	2667	byte pvMajor;
wolfSSL	11:cee25a834751	2668	byte pvMinor;
wolfSSL	11:cee25a834751	2669	byte length[2];
wolfSSL	11:cee25a834751	2670	} RecordLayerHeader;
wolfSSL	11:cee25a834751	2671
wolfSSL	11:cee25a834751	2672
wolfSSL	11:cee25a834751	2673	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	11:cee25a834751	2674	typedef struct DtlsRecordLayerHeader {
wolfSSL	11:cee25a834751	2675	byte type;
wolfSSL	11:cee25a834751	2676	byte pvMajor;
wolfSSL	11:cee25a834751	2677	byte pvMinor;
wolfSSL	11:cee25a834751	2678	byte sequence_number[8]; /* per record */
wolfSSL	11:cee25a834751	2679	byte length[2];
wolfSSL	11:cee25a834751	2680	} DtlsRecordLayerHeader;
wolfSSL	11:cee25a834751	2681
wolfSSL	11:cee25a834751	2682
wolfSSL	11:cee25a834751	2683	typedef struct DtlsFrag {
wolfSSL	11:cee25a834751	2684	word32 begin;
wolfSSL	11:cee25a834751	2685	word32 end;
wolfSSL	11:cee25a834751	2686	struct DtlsFrag* next;
wolfSSL	11:cee25a834751	2687	} DtlsFrag;
wolfSSL	11:cee25a834751	2688
wolfSSL	11:cee25a834751	2689
wolfSSL	11:cee25a834751	2690	typedef struct DtlsMsg {
wolfSSL	11:cee25a834751	2691	struct DtlsMsg* next;
wolfSSL	11:cee25a834751	2692	byte* buf;
wolfSSL	11:cee25a834751	2693	byte* msg;
wolfSSL	11:cee25a834751	2694	DtlsFrag* fragList;
wolfSSL	11:cee25a834751	2695	word32 fragSz; /* Length of fragments received */
wolfSSL	11:cee25a834751	2696	word32 seq; /* Handshake sequence number */
wolfSSL	11:cee25a834751	2697	word32 sz; /* Length of whole mesage */
wolfSSL	11:cee25a834751	2698	byte type;
wolfSSL	11:cee25a834751	2699	} DtlsMsg;
wolfSSL	11:cee25a834751	2700
wolfSSL	11:cee25a834751	2701
wolfSSL	11:cee25a834751	2702	#ifdef HAVE_NETX
wolfSSL	11:cee25a834751	2703
wolfSSL	11:cee25a834751	2704	/* NETX I/O Callback default */
wolfSSL	11:cee25a834751	2705	typedef struct NetX_Ctx {
wolfSSL	11:cee25a834751	2706	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	11:cee25a834751	2707	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	11:cee25a834751	2708	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	11:cee25a834751	2709	ULONG nxWait; /* wait option flag */
wolfSSL	11:cee25a834751	2710	} NetX_Ctx;
wolfSSL	11:cee25a834751	2711
wolfSSL	11:cee25a834751	2712	#endif
wolfSSL	11:cee25a834751	2713
wolfSSL	11:cee25a834751	2714
wolfSSL	11:cee25a834751	2715	/* Handshake messages received from peer (plus change cipher */
wolfSSL	11:cee25a834751	2716	typedef struct MsgsReceived {
wolfSSL	11:cee25a834751	2717	word16 got_hello_request:1;
wolfSSL	11:cee25a834751	2718	word16 got_client_hello:1;
wolfSSL	11:cee25a834751	2719	word16 got_server_hello:1;
wolfSSL	11:cee25a834751	2720	word16 got_hello_verify_request:1;
wolfSSL	11:cee25a834751	2721	word16 got_session_ticket:1;
wolfSSL	11:cee25a834751	2722	word16 got_certificate:1;
wolfSSL	11:cee25a834751	2723	word16 got_certificate_status:1;
wolfSSL	11:cee25a834751	2724	word16 got_server_key_exchange:1;
wolfSSL	11:cee25a834751	2725	word16 got_certificate_request:1;
wolfSSL	11:cee25a834751	2726	word16 got_server_hello_done:1;
wolfSSL	11:cee25a834751	2727	word16 got_certificate_verify:1;
wolfSSL	11:cee25a834751	2728	word16 got_client_key_exchange:1;
wolfSSL	11:cee25a834751	2729	word16 got_finished:1;
wolfSSL	11:cee25a834751	2730	word16 got_change_cipher:1;
wolfSSL	11:cee25a834751	2731	} MsgsReceived;
wolfSSL	11:cee25a834751	2732
wolfSSL	11:cee25a834751	2733
wolfSSL	11:cee25a834751	2734	/* Handshake hashes */
wolfSSL	11:cee25a834751	2735	typedef struct HS_Hashes {
wolfSSL	11:cee25a834751	2736	Hashes verifyHashes;
wolfSSL	11:cee25a834751	2737	Hashes certHashes; /* for cert verify */
wolfSSL	11:cee25a834751	2738	#ifndef NO_SHA
wolfSSL	11:cee25a834751	2739	Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	11:cee25a834751	2740	#endif
wolfSSL	11:cee25a834751	2741	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	11:cee25a834751	2742	Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	11:cee25a834751	2743	#endif
wolfSSL	11:cee25a834751	2744	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	2745	Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	11:cee25a834751	2746	#endif
wolfSSL	11:cee25a834751	2747	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	2748	Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	11:cee25a834751	2749	#endif
wolfSSL	11:cee25a834751	2750	#ifdef WOLFSSL_SHA512
wolfSSL	11:cee25a834751	2751	Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL	11:cee25a834751	2752	#endif
wolfSSL	11:cee25a834751	2753	} HS_Hashes;
wolfSSL	11:cee25a834751	2754
wolfSSL	11:cee25a834751	2755
wolfSSL	11:cee25a834751	2756	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	11:cee25a834751	2757	#define MAX_ASYNC_ARGS 16
wolfSSL	11:cee25a834751	2758	typedef void (FreeArgsCb)(struct WOLFSSL ssl, void* pArgs);
wolfSSL	11:cee25a834751	2759
wolfSSL	11:cee25a834751	2760	struct WOLFSSL_ASYNC {
wolfSSL	11:cee25a834751	2761	WC_ASYNC_DEV* dev;
wolfSSL	11:cee25a834751	2762	FreeArgsCb freeArgs; /* function pointer to cleanup args */
wolfSSL	11:cee25a834751	2763	word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
wolfSSL	11:cee25a834751	2764	};
wolfSSL	11:cee25a834751	2765	#endif
wolfSSL	11:cee25a834751	2766
wolfSSL	11:cee25a834751	2767	#ifdef HAVE_WRITE_DUP
wolfSSL	11:cee25a834751	2768
wolfSSL	11:cee25a834751	2769	#define WRITE_DUP_SIDE 1
wolfSSL	11:cee25a834751	2770	#define READ_DUP_SIDE 2
wolfSSL	11:cee25a834751	2771
wolfSSL	11:cee25a834751	2772	typedef struct WriteDup {
wolfSSL	11:cee25a834751	2773	wolfSSL_Mutex dupMutex; /* reference count mutex */
wolfSSL	11:cee25a834751	2774	int dupCount; /* reference count */
wolfSSL	11:cee25a834751	2775	int dupErr; /* under dupMutex, pass to other side */
wolfSSL	11:cee25a834751	2776	} WriteDup;
wolfSSL	11:cee25a834751	2777
wolfSSL	11:cee25a834751	2778	WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	2779	WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
wolfSSL	11:cee25a834751	2780	#endif /* HAVE_WRITE_DUP */
wolfSSL	11:cee25a834751	2781
wolfSSL	11:cee25a834751	2782
wolfSSL	11:cee25a834751	2783	/* wolfSSL ssl type */
wolfSSL	11:cee25a834751	2784	struct WOLFSSL {
wolfSSL	11:cee25a834751	2785	WOLFSSL_CTX* ctx;
wolfSSL	11:cee25a834751	2786	Suites* suites; /* only need during handshake */
wolfSSL	11:cee25a834751	2787	Arrays* arrays;
wolfSSL	11:cee25a834751	2788	HS_Hashes* hsHashes;
wolfSSL	11:cee25a834751	2789	void* IOCB_ReadCtx;
wolfSSL	11:cee25a834751	2790	void* IOCB_WriteCtx;
wolfSSL	11:cee25a834751	2791	WC_RNG* rng;
wolfSSL	11:cee25a834751	2792	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	11:cee25a834751	2793	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	11:cee25a834751	2794	void* heap; /* for user overrides */
wolfSSL	11:cee25a834751	2795	#ifdef HAVE_WRITE_DUP
wolfSSL	11:cee25a834751	2796	WriteDup* dupWrite; /* valid pointer indicates ON */
wolfSSL	11:cee25a834751	2797	/* side that decrements dupCount to zero frees overall structure */
wolfSSL	11:cee25a834751	2798	byte dupSide; /* write side or read side */
wolfSSL	11:cee25a834751	2799	#endif
wolfSSL	11:cee25a834751	2800	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	11:cee25a834751	2801	WOLFSSL_HEAP_HINT heap_hint;
wolfSSL	11:cee25a834751	2802	#endif
wolfSSL	11:cee25a834751	2803	#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL	11:cee25a834751	2804	HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL	11:cee25a834751	2805	void* hsDoneCtx; /* user handshake cb context */
wolfSSL	11:cee25a834751	2806	#endif
wolfSSL	11:cee25a834751	2807	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	11:cee25a834751	2808	struct WOLFSSL_ASYNC async;
wolfSSL	11:cee25a834751	2809	#endif
wolfSSL	11:cee25a834751	2810	void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
wolfSSL	11:cee25a834751	2811	word32 hsType; /* Type of Handshake key (hsKey) */
wolfSSL	11:cee25a834751	2812	WOLFSSL_CIPHER cipher;
wolfSSL	11:cee25a834751	2813	hmacfp hmac;
wolfSSL	11:cee25a834751	2814	Ciphers encrypt;
wolfSSL	11:cee25a834751	2815	Ciphers decrypt;
wolfSSL	11:cee25a834751	2816	Buffers buffers;
wolfSSL	11:cee25a834751	2817	WOLFSSL_SESSION session;
wolfSSL	11:cee25a834751	2818	#ifdef HAVE_EXT_CACHE
wolfSSL	11:cee25a834751	2819	WOLFSSL_SESSION* extSession;
wolfSSL	11:cee25a834751	2820	#endif
wolfSSL	11:cee25a834751	2821	WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL	11:cee25a834751	2822	int error;
wolfSSL	11:cee25a834751	2823	int rfd; /* read file descriptor */
wolfSSL	11:cee25a834751	2824	int wfd; /* write file descriptor */
wolfSSL	11:cee25a834751	2825	int rflags; /* user read flags */
wolfSSL	11:cee25a834751	2826	int wflags; /* user write flags */
wolfSSL	11:cee25a834751	2827	word32 timeout; /* session timeout */
wolfSSL	11:cee25a834751	2828	word32 fragOffset; /* fragment offset */
wolfSSL	11:cee25a834751	2829	word16 curSize;
wolfSSL	11:cee25a834751	2830	RecordLayerHeader curRL;
wolfSSL	11:cee25a834751	2831	MsgsReceived msgsReceived; /* peer messages received */
wolfSSL	11:cee25a834751	2832	ProtocolVersion version; /* negotiated version */
wolfSSL	11:cee25a834751	2833	ProtocolVersion chVersion; /* client hello version */
wolfSSL	11:cee25a834751	2834	CipherSpecs specs;
wolfSSL	11:cee25a834751	2835	Keys keys;
wolfSSL	11:cee25a834751	2836	Options options;
wolfSSL	11:cee25a834751	2837	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	2838	WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	11:cee25a834751	2839	WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	11:cee25a834751	2840	unsigned long peerVerifyRet;
wolfSSL	11:cee25a834751	2841	byte readAhead;
wolfSSL	11:cee25a834751	2842	#ifdef HAVE_PK_CALLBACKS
wolfSSL	11:cee25a834751	2843	void* loggingCtx; /* logging callback argument */
wolfSSL	11:cee25a834751	2844	#endif
wolfSSL	11:cee25a834751	2845	#endif
wolfSSL	11:cee25a834751	2846	#ifndef NO_RSA
wolfSSL	11:cee25a834751	2847	RsaKey* peerRsaKey;
wolfSSL	11:cee25a834751	2848	byte peerRsaKeyPresent;
wolfSSL	11:cee25a834751	2849	#endif
wolfSSL	11:cee25a834751	2850	#ifdef HAVE_QSH
wolfSSL	11:cee25a834751	2851	QSHKey* QSH_Key;
wolfSSL	11:cee25a834751	2852	QSHKey* peerQSHKey;
wolfSSL	11:cee25a834751	2853	QSHSecret* QSH_secret;
wolfSSL	11:cee25a834751	2854	byte isQSH; /* is the handshake a QSH? */
wolfSSL	11:cee25a834751	2855	byte sendQSHKeys; /* flag for if the client should sen
wolfSSL	11:cee25a834751	2856	public keys */
wolfSSL	11:cee25a834751	2857	byte peerQSHKeyPresent;
wolfSSL	11:cee25a834751	2858	byte minRequest;
wolfSSL	11:cee25a834751	2859	byte maxRequest;
wolfSSL	11:cee25a834751	2860	byte user_set_QSHSchemes;
wolfSSL	11:cee25a834751	2861	#endif
wolfSSL	11:cee25a834751	2862	#ifdef HAVE_NTRU
wolfSSL	11:cee25a834751	2863	word16 peerNtruKeyLen;
wolfSSL	11:cee25a834751	2864	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	11:cee25a834751	2865	byte peerNtruKeyPresent;
wolfSSL	11:cee25a834751	2866	#endif
wolfSSL	11:cee25a834751	2867	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2868	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	11:cee25a834751	2869	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	11:cee25a834751	2870	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	11:cee25a834751	2871	int eccVerifyRes;
wolfSSL	11:cee25a834751	2872	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	11:cee25a834751	2873	word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL	11:cee25a834751	2874	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	11:cee25a834751	2875	byte peerEccKeyPresent;
wolfSSL	11:cee25a834751	2876	byte peerEccDsaKeyPresent;
wolfSSL	11:cee25a834751	2877	byte eccTempKeyPresent;
wolfSSL	11:cee25a834751	2878	#endif
wolfSSL	11:cee25a834751	2879	#ifdef HAVE_LIBZ
wolfSSL	11:cee25a834751	2880	z_stream c_stream; /* compression stream */
wolfSSL	11:cee25a834751	2881	z_stream d_stream; /* decompression stream */
wolfSSL	11:cee25a834751	2882	byte didStreamInit; /* for stream init and end */
wolfSSL	11:cee25a834751	2883	#endif
wolfSSL	11:cee25a834751	2884	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	2885	int dtls_timeout_init; /* starting timeout value */
wolfSSL	11:cee25a834751	2886	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	11:cee25a834751	2887	int dtls_timeout; /* current timeout value, changes */
wolfSSL	11:cee25a834751	2888	word32 dtls_tx_msg_list_sz;
wolfSSL	11:cee25a834751	2889	word32 dtls_rx_msg_list_sz;
wolfSSL	11:cee25a834751	2890	DtlsMsg* dtls_tx_msg_list;
wolfSSL	11:cee25a834751	2891	DtlsMsg* dtls_rx_msg_list;
wolfSSL	11:cee25a834751	2892	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	11:cee25a834751	2893	word32 dtls_expected_rx;
wolfSSL	11:cee25a834751	2894	wc_dtls_export dtls_export; /* export function for session */
wolfSSL	11:cee25a834751	2895	#ifdef WOLFSSL_SCTP
wolfSSL	11:cee25a834751	2896	word16 dtlsMtuSz;
wolfSSL	11:cee25a834751	2897	#endif /* WOLFSSL_SCTP */
wolfSSL	11:cee25a834751	2898	#endif
wolfSSL	11:cee25a834751	2899	#ifdef WOLFSSL_CALLBACKS
wolfSSL	11:cee25a834751	2900	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	11:cee25a834751	2901	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	11:cee25a834751	2902	byte hsInfoOn; /* track handshake info */
wolfSSL	11:cee25a834751	2903	byte toInfoOn; /* track timeout info */
wolfSSL	11:cee25a834751	2904	#endif
wolfSSL	11:cee25a834751	2905	#ifdef HAVE_FUZZER
wolfSSL	11:cee25a834751	2906	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL	11:cee25a834751	2907	void* fuzzerCtx; /* user defined pointer */
wolfSSL	11:cee25a834751	2908	#endif
wolfSSL	11:cee25a834751	2909	#ifdef KEEP_PEER_CERT
wolfSSL	11:cee25a834751	2910	WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL	11:cee25a834751	2911	#endif
wolfSSL	11:cee25a834751	2912	#ifdef KEEP_OUR_CERT
wolfSSL	11:cee25a834751	2913	WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
wolfSSL	11:cee25a834751	2914	points to ctx if not owned (owned
wolfSSL	11:cee25a834751	2915	flag found in buffers.weOwnCert) */
wolfSSL	11:cee25a834751	2916	#endif
wolfSSL	11:cee25a834751	2917	byte keepCert; /* keep certificate after handshake */
wolfSSL	11:cee25a834751	2918	#if defined(HAVE_EX_DATA) \|\| defined(FORTRESS)
wolfSSL	11:cee25a834751	2919	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL	11:cee25a834751	2920	#endif
wolfSSL	11:cee25a834751	2921	int devId; /* async device id to use */
wolfSSL	11:cee25a834751	2922	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	11:cee25a834751	2923	OneTimeAuth auth;
wolfSSL	11:cee25a834751	2924	#endif
wolfSSL	11:cee25a834751	2925	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	11:cee25a834751	2926	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	11:cee25a834751	2927	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	11:cee25a834751	2928	word16 max_fragment;
wolfSSL	11:cee25a834751	2929	#endif
wolfSSL	11:cee25a834751	2930	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	11:cee25a834751	2931	byte truncated_hmac;
wolfSSL	11:cee25a834751	2932	#endif
wolfSSL	11:cee25a834751	2933	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	11:cee25a834751	2934	byte status_request;
wolfSSL	11:cee25a834751	2935	#endif
wolfSSL	11:cee25a834751	2936	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	11:cee25a834751	2937	byte status_request_v2;
wolfSSL	11:cee25a834751	2938	#endif
wolfSSL	11:cee25a834751	2939	#if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	11:cee25a834751	2940	\|\| defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	11:cee25a834751	2941	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL	11:cee25a834751	2942	#endif /* user turned on */
wolfSSL	11:cee25a834751	2943	#ifdef HAVE_ALPN
wolfSSL	11:cee25a834751	2944	char* alpn_client_list; /* keep the client's list */
wolfSSL	11:cee25a834751	2945	#if defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	2946	CallbackALPNSelect alpnSelect;
wolfSSL	11:cee25a834751	2947	void* alpnSelectArg;
wolfSSL	11:cee25a834751	2948	#endif
wolfSSL	11:cee25a834751	2949	#endif /* of accepted protocols */
wolfSSL	11:cee25a834751	2950	#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL	11:cee25a834751	2951	CallbackSessionTicket session_ticket_cb;
wolfSSL	11:cee25a834751	2952	void* session_ticket_ctx;
wolfSSL	11:cee25a834751	2953	byte expect_session_ticket;
wolfSSL	11:cee25a834751	2954	#endif
wolfSSL	11:cee25a834751	2955	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	11:cee25a834751	2956	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	2957	byte* ocspResp;
wolfSSL	11:cee25a834751	2958	int ocspRespSz;
wolfSSL	11:cee25a834751	2959	#if defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	2960	char* url;
wolfSSL	11:cee25a834751	2961	#endif
wolfSSL	11:cee25a834751	2962	#endif
wolfSSL	11:cee25a834751	2963	#ifdef HAVE_NETX
wolfSSL	11:cee25a834751	2964	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	11:cee25a834751	2965	#endif
wolfSSL	11:cee25a834751	2966	#ifdef SESSION_INDEX
wolfSSL	11:cee25a834751	2967	int sessionIndex; /* Session's location in the cache. */
wolfSSL	11:cee25a834751	2968	#endif
wolfSSL	11:cee25a834751	2969	#ifdef ATOMIC_USER
wolfSSL	11:cee25a834751	2970	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	11:cee25a834751	2971	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	11:cee25a834751	2972	#endif
wolfSSL	11:cee25a834751	2973	#ifdef HAVE_PK_CALLBACKS
wolfSSL	11:cee25a834751	2974	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	2975	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	11:cee25a834751	2976	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	11:cee25a834751	2977	void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
wolfSSL	11:cee25a834751	2978	#endif /* HAVE_ECC */
wolfSSL	11:cee25a834751	2979	#ifndef NO_RSA
wolfSSL	11:cee25a834751	2980	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	11:cee25a834751	2981	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	11:cee25a834751	2982	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	11:cee25a834751	2983	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	11:cee25a834751	2984	#endif /* NO_RSA */
wolfSSL	11:cee25a834751	2985	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	11:cee25a834751	2986	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	11:cee25a834751	2987	SessionSecretCb sessionSecretCb;
wolfSSL	11:cee25a834751	2988	void* sessionSecretCtx;
wolfSSL	11:cee25a834751	2989	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	11:cee25a834751	2990	#ifdef WOLFSSL_JNI
wolfSSL	11:cee25a834751	2991	void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
wolfSSL	11:cee25a834751	2992	#endif /* WOLFSSL_JNI */
wolfSSL	11:cee25a834751	2993	};
wolfSSL	11:cee25a834751	2994
wolfSSL	11:cee25a834751	2995
wolfSSL	11:cee25a834751	2996	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2997	int SetSSL_CTX(WOLFSSL, WOLFSSL_CTX, int);
wolfSSL	11:cee25a834751	2998	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	2999	int InitSSL(WOLFSSL, WOLFSSL_CTX, int);
wolfSSL	11:cee25a834751	3000	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3001	void FreeSSL(WOLFSSL, void heap);
wolfSSL	11:cee25a834751	3002	WOLFSSL_API void SSL_ResourceFree(WOLFSSL); / Micrium uses */
wolfSSL	11:cee25a834751	3003
wolfSSL	11:cee25a834751	3004
wolfSSL	11:cee25a834751	3005	enum {
wolfSSL	11:cee25a834751	3006	IV_SZ = 32, /* max iv sz */
wolfSSL	11:cee25a834751	3007	NAME_SZ = 80 /* max one line */
wolfSSL	11:cee25a834751	3008	};
wolfSSL	11:cee25a834751	3009
wolfSSL	11:cee25a834751	3010
wolfSSL	11:cee25a834751	3011	typedef struct EncryptedInfo {
wolfSSL	11:cee25a834751	3012	char name[NAME_SZ]; /* encryption name */
wolfSSL	11:cee25a834751	3013	byte iv[IV_SZ]; /* encrypted IV */
wolfSSL	11:cee25a834751	3014	word32 ivSz; /* encrypted IV size */
wolfSSL	11:cee25a834751	3015	long consumed; /* tracks PEM bytes consumed */
wolfSSL	11:cee25a834751	3016	byte set; /* if encryption set */
wolfSSL	11:cee25a834751	3017	WOLFSSL_CTX* ctx; /* CTX owner */
wolfSSL	11:cee25a834751	3018	} EncryptedInfo;
wolfSSL	11:cee25a834751	3019
wolfSSL	11:cee25a834751	3020
wolfSSL	11:cee25a834751	3021	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	3022
wolfSSL	11:cee25a834751	3023	WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
wolfSSL	11:cee25a834751	3024	WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
wolfSSL	11:cee25a834751	3025
wolfSSL	11:cee25a834751	3026	WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL	11:cee25a834751	3027	DerBuffer** pDer, void* heap, EncryptedInfo* info,
wolfSSL	11:cee25a834751	3028	int* eccKey);
wolfSSL	11:cee25a834751	3029
wolfSSL	11:cee25a834751	3030	WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL	11:cee25a834751	3031	long sz, int format, int type, WOLFSSL* ssl,
wolfSSL	11:cee25a834751	3032	long* used, int userChain);
wolfSSL	11:cee25a834751	3033	WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL	11:cee25a834751	3034	int type, WOLFSSL* ssl, int userChain,
wolfSSL	11:cee25a834751	3035	WOLFSSL_CRL* crl);
wolfSSL	11:cee25a834751	3036
wolfSSL	11:cee25a834751	3037	#ifdef OPENSSL_EXTRA
wolfSSL	11:cee25a834751	3038	WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
wolfSSL	11:cee25a834751	3039	size_t domainNameLen);
wolfSSL	11:cee25a834751	3040	#endif
wolfSSL	11:cee25a834751	3041	#endif
wolfSSL	11:cee25a834751	3042
wolfSSL	11:cee25a834751	3043
wolfSSL	11:cee25a834751	3044	#ifdef WOLFSSL_CALLBACKS
wolfSSL	11:cee25a834751	3045	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3046	void InitHandShakeInfo(HandShakeInfo, WOLFSSL);
wolfSSL	11:cee25a834751	3047	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3048	void FinishHandShakeInfo(HandShakeInfo*);
wolfSSL	11:cee25a834751	3049	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3050	void AddPacketName(const char, HandShakeInfo);
wolfSSL	11:cee25a834751	3051
wolfSSL	11:cee25a834751	3052	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3053	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	11:cee25a834751	3054	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3055	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	11:cee25a834751	3056	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3057	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
wolfSSL	11:cee25a834751	3058	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3059	void AddLateName(const char, TimeoutInfo);
wolfSSL	11:cee25a834751	3060	WOLFSSL_LOCAL
wolfSSL	11:cee25a834751	3061	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	11:cee25a834751	3062	#endif
wolfSSL	11:cee25a834751	3063
wolfSSL	11:cee25a834751	3064
wolfSSL	11:cee25a834751	3065	/* Record Layer Header identifier from page 12 */
wolfSSL	11:cee25a834751	3066	enum ContentType {
wolfSSL	11:cee25a834751	3067	no_type = 0,
wolfSSL	11:cee25a834751	3068	change_cipher_spec = 20,
wolfSSL	11:cee25a834751	3069	alert = 21,
wolfSSL	11:cee25a834751	3070	handshake = 22,
wolfSSL	11:cee25a834751	3071	application_data = 23
wolfSSL	11:cee25a834751	3072	};
wolfSSL	11:cee25a834751	3073
wolfSSL	11:cee25a834751	3074
wolfSSL	11:cee25a834751	3075	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	11:cee25a834751	3076	typedef struct HandShakeHeader {
wolfSSL	11:cee25a834751	3077	byte type;
wolfSSL	11:cee25a834751	3078	word24 length;
wolfSSL	11:cee25a834751	3079	} HandShakeHeader;
wolfSSL	11:cee25a834751	3080
wolfSSL	11:cee25a834751	3081
wolfSSL	11:cee25a834751	3082	/* DTLS handshake header, same for each message type */
wolfSSL	11:cee25a834751	3083	typedef struct DtlsHandShakeHeader {
wolfSSL	11:cee25a834751	3084	byte type;
wolfSSL	11:cee25a834751	3085	word24 length;
wolfSSL	11:cee25a834751	3086	byte message_seq[2]; /* start at 0, retransmit gets same # */
wolfSSL	11:cee25a834751	3087	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	11:cee25a834751	3088	word24 fragment_length; /* length of this fragment */
wolfSSL	11:cee25a834751	3089	} DtlsHandShakeHeader;
wolfSSL	11:cee25a834751	3090
wolfSSL	11:cee25a834751	3091
wolfSSL	11:cee25a834751	3092	enum HandShakeType {
wolfSSL	11:cee25a834751	3093	hello_request = 0,
wolfSSL	11:cee25a834751	3094	client_hello = 1,
wolfSSL	11:cee25a834751	3095	server_hello = 2,
wolfSSL	11:cee25a834751	3096	hello_verify_request = 3, /* DTLS addition */
wolfSSL	11:cee25a834751	3097	session_ticket = 4,
wolfSSL	11:cee25a834751	3098	certificate = 11,
wolfSSL	11:cee25a834751	3099	server_key_exchange = 12,
wolfSSL	11:cee25a834751	3100	certificate_request = 13,
wolfSSL	11:cee25a834751	3101	server_hello_done = 14,
wolfSSL	11:cee25a834751	3102	certificate_verify = 15,
wolfSSL	11:cee25a834751	3103	client_key_exchange = 16,
wolfSSL	11:cee25a834751	3104	finished = 20,
wolfSSL	11:cee25a834751	3105	certificate_status = 22,
wolfSSL	11:cee25a834751	3106	change_cipher_hs = 55, /* simulate unique handshake type for sanity
wolfSSL	11:cee25a834751	3107	checks. record layer change_cipher
wolfSSL	11:cee25a834751	3108	conflicts with handshake finished */
wolfSSL	11:cee25a834751	3109	no_shake = 255 /* used to initialize the DtlsMsg record */
wolfSSL	11:cee25a834751	3110	};
wolfSSL	11:cee25a834751	3111
wolfSSL	11:cee25a834751	3112
wolfSSL	11:cee25a834751	3113	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	11:cee25a834751	3114	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	11:cee25a834751	3115
wolfSSL	11:cee25a834751	3116	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	11:cee25a834751	3117	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	11:cee25a834751	3118
wolfSSL	11:cee25a834751	3119
wolfSSL	11:cee25a834751	3120	/* internal functions */
wolfSSL	11:cee25a834751	3121	WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL	11:cee25a834751	3122	WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL	11:cee25a834751	3123	WOLFSSL_LOCAL int DoClientTicket(WOLFSSL, const byte, word32);
wolfSSL	11:cee25a834751	3124	WOLFSSL_LOCAL int SendData(WOLFSSL, const void, int);
wolfSSL	11:cee25a834751	3125	WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL	11:cee25a834751	3126	WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL	11:cee25a834751	3127	WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
wolfSSL	11:cee25a834751	3128	WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL	11:cee25a834751	3129	WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL	11:cee25a834751	3130	WOLFSSL_LOCAL int ReceiveData(WOLFSSL, byte, int, int);
wolfSSL	11:cee25a834751	3131	WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL	11:cee25a834751	3132	WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL	11:cee25a834751	3133	WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL	11:cee25a834751	3134
wolfSSL	11:cee25a834751	3135	WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL	11:cee25a834751	3136	WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL	11:cee25a834751	3137
wolfSSL	11:cee25a834751	3138	WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL	11:cee25a834751	3139	WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3140	WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
wolfSSL	11:cee25a834751	3141
wolfSSL	11:cee25a834751	3142	WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3143	WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3144
wolfSSL	11:cee25a834751	3145	WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3146	WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL	11:cee25a834751	3147	WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3148
wolfSSL	11:cee25a834751	3149	WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3150	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	3151	#ifndef NO_RSA
wolfSSL	11:cee25a834751	3152	WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
wolfSSL	11:cee25a834751	3153	byte* verifySig, word32 sigSz,
wolfSSL	11:cee25a834751	3154	const byte* plain, word32 plainSz,
wolfSSL	11:cee25a834751	3155	RsaKey* key);
wolfSSL	11:cee25a834751	3156	WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	11:cee25a834751	3157	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	11:cee25a834751	3158	WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL	11:cee25a834751	3159	byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	11:cee25a834751	3160	WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
wolfSSL	11:cee25a834751	3161	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	11:cee25a834751	3162	WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	11:cee25a834751	3163	word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
wolfSSL	11:cee25a834751	3164	#endif /* !NO_RSA */
wolfSSL	11:cee25a834751	3165
wolfSSL	11:cee25a834751	3166	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	3167	WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	11:cee25a834751	3168	byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL	11:cee25a834751	3169	void* ctx);
wolfSSL	11:cee25a834751	3170	WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	11:cee25a834751	3171	const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL	11:cee25a834751	3172	void* ctx);
wolfSSL	11:cee25a834751	3173	WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
wolfSSL	11:cee25a834751	3174	ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
wolfSSL	11:cee25a834751	3175	word32* outlen, int side, void* ctx);
wolfSSL	11:cee25a834751	3176	#endif /* HAVE_ECC */
wolfSSL	11:cee25a834751	3177
wolfSSL	11:cee25a834751	3178	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	11:cee25a834751	3179
wolfSSL	11:cee25a834751	3180	/* options for searching hash table for a matching trusted peer cert */
wolfSSL	11:cee25a834751	3181	#define WC_MATCH_SKID 0
wolfSSL	11:cee25a834751	3182	#define WC_MATCH_NAME 1
wolfSSL	11:cee25a834751	3183
wolfSSL	11:cee25a834751	3184	WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
wolfSSL	11:cee25a834751	3185	int type);
wolfSSL	11:cee25a834751	3186	WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
wolfSSL	11:cee25a834751	3187	DecodedCert* cert);
wolfSSL	11:cee25a834751	3188	#endif
wolfSSL	11:cee25a834751	3189
wolfSSL	11:cee25a834751	3190	WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	11:cee25a834751	3191	#ifndef NO_SKID
wolfSSL	11:cee25a834751	3192	WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	11:cee25a834751	3193	#endif
wolfSSL	11:cee25a834751	3194	#endif /* !NO_CERTS */
wolfSSL	11:cee25a834751	3195	WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
wolfSSL	11:cee25a834751	3196	word32* hashLen);
wolfSSL	11:cee25a834751	3197	WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL	11:cee25a834751	3198	const byte* sender);
wolfSSL	11:cee25a834751	3199	WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL	11:cee25a834751	3200	WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL	11:cee25a834751	3201	WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL	11:cee25a834751	3202
wolfSSL	11:cee25a834751	3203	#ifndef NO_TLS
wolfSSL	11:cee25a834751	3204	WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL	11:cee25a834751	3205	WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL	11:cee25a834751	3206	word32 sz, int content, int verify);
wolfSSL	11:cee25a834751	3207	#endif
wolfSSL	11:cee25a834751	3208
wolfSSL	11:cee25a834751	3209	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	11:cee25a834751	3210	WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL	11:cee25a834751	3211	WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL	11:cee25a834751	3212	WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL	11:cee25a834751	3213	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	11:cee25a834751	3214
wolfSSL	11:cee25a834751	3215	#ifndef NO_WOLFSSL_SERVER
wolfSSL	11:cee25a834751	3216	WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL	11:cee25a834751	3217	WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL	11:cee25a834751	3218	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	11:cee25a834751	3219
wolfSSL	11:cee25a834751	3220	#ifdef WOLFSSL_DTLS
wolfSSL	11:cee25a834751	3221	WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	11:cee25a834751	3222	WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	11:cee25a834751	3223	WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	11:cee25a834751	3224	WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	11:cee25a834751	3225	word32, word32, void*);
wolfSSL	11:cee25a834751	3226	WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	11:cee25a834751	3227	WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL, word32, const byte, word32,
wolfSSL	11:cee25a834751	3228	byte, word32, word32, void*);
wolfSSL	11:cee25a834751	3229	WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	11:cee25a834751	3230
wolfSSL	11:cee25a834751	3231	WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL, const byte, word32);
wolfSSL	11:cee25a834751	3232	WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
wolfSSL	11:cee25a834751	3233	WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
wolfSSL	11:cee25a834751	3234	WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
wolfSSL	11:cee25a834751	3235	WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
wolfSSL	11:cee25a834751	3236	#endif /* WOLFSSL_DTLS */
wolfSSL	11:cee25a834751	3237
wolfSSL	11:cee25a834751	3238	#ifndef NO_TLS
wolfSSL	11:cee25a834751	3239
wolfSSL	11:cee25a834751	3240
wolfSSL	11:cee25a834751	3241	#endif /* NO_TLS */
wolfSSL	11:cee25a834751	3242
wolfSSL	11:cee25a834751	3243
wolfSSL	11:cee25a834751	3244	WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL	11:cee25a834751	3245
wolfSSL	11:cee25a834751	3246	#ifndef NO_CERTS
wolfSSL	11:cee25a834751	3247	WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL	11:cee25a834751	3248	WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
wolfSSL	11:cee25a834751	3249	WOLFSSL_LOCAL void InitX509(WOLFSSL_X509, int, void heap);
wolfSSL	11:cee25a834751	3250	WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL	11:cee25a834751	3251	WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509, DecodedCert);
wolfSSL	11:cee25a834751	3252	#endif
wolfSSL	11:cee25a834751	3253
wolfSSL	11:cee25a834751	3254	/* used by ssl.c and internal.c */
wolfSSL	11:cee25a834751	3255	WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
wolfSSL	11:cee25a834751	3256
wolfSSL	11:cee25a834751	3257	WOLFSSL_LOCAL const char* const* GetCipherNames(void);
wolfSSL	11:cee25a834751	3258	WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL	11:cee25a834751	3259	WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite);
wolfSSL	11:cee25a834751	3260	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
wolfSSL	11:cee25a834751	3261	WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite(
wolfSSL	11:cee25a834751	3262	const unsigned char cipherSuite, const unsigned char cipherSuite0);
wolfSSL	11:cee25a834751	3263
wolfSSL	11:cee25a834751	3264	enum encrypt_side {
wolfSSL	11:cee25a834751	3265	ENCRYPT_SIDE_ONLY = 1,
wolfSSL	11:cee25a834751	3266	DECRYPT_SIDE_ONLY,
wolfSSL	11:cee25a834751	3267	ENCRYPT_AND_DECRYPT_SIDE
wolfSSL	11:cee25a834751	3268	};
wolfSSL	11:cee25a834751	3269
wolfSSL	11:cee25a834751	3270	WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL	11:cee25a834751	3271
wolfSSL	11:cee25a834751	3272
wolfSSL	11:cee25a834751	3273	#ifndef NO_DH
wolfSSL	11:cee25a834751	3274	WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	11:cee25a834751	3275	byte* priv, word32* privSz,
wolfSSL	11:cee25a834751	3276	byte* pub, word32* pubSz);
wolfSSL	11:cee25a834751	3277	WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	11:cee25a834751	3278	const byte* priv, word32 privSz,
wolfSSL	11:cee25a834751	3279	const byte* otherPub, word32 otherPubSz,
wolfSSL	11:cee25a834751	3280	byte* agree, word32* agreeSz);
wolfSSL	11:cee25a834751	3281	#endif /* !NO_DH */
wolfSSL	11:cee25a834751	3282
wolfSSL	11:cee25a834751	3283	#ifdef HAVE_ECC
wolfSSL	11:cee25a834751	3284	WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
wolfSSL	11:cee25a834751	3285	#endif
wolfSSL	11:cee25a834751	3286
wolfSSL	11:cee25a834751	3287	WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL	11:cee25a834751	3288	const byte* input, int inSz, int type, int hashOutput,
wolfSSL	11:cee25a834751	3289	int sizeOnly, int asyncOkay);
wolfSSL	11:cee25a834751	3290
wolfSSL	11:cee25a834751	3291	WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL	11:cee25a834751	3292	WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL	11:cee25a834751	3293
wolfSSL	11:cee25a834751	3294	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	11:cee25a834751	3295	WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
wolfSSL	11:cee25a834751	3296	WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev,
wolfSSL	11:cee25a834751	3297	word32 flags);
wolfSSL	11:cee25a834751	3298	#endif
wolfSSL	11:cee25a834751	3299
wolfSSL	11:cee25a834751	3300
wolfSSL	11:cee25a834751	3301	#ifdef __cplusplus
wolfSSL	11:cee25a834751	3302	} /* extern "C" */
wolfSSL	11:cee25a834751	3303	#endif
wolfSSL	11:cee25a834751	3304
wolfSSL	11:cee25a834751	3305	#endif /* wolfSSL_INT_H */
wolfSSL	11:cee25a834751	3306

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfssl/internal.h@11:cee25a834751, 2017-05-30 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning