wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/internal.h@1:e27310ce7654, 2015-07-20 (annotated)

Committer:: wolfSSL
Date:: Mon Jul 20 08:05:20 2015 +0000
Revision:: 1:e27310ce7654
Parent:: 0:d92f9d21154c

3.6.0 for mbed

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	1:e27310ce7654	1	/* internal.h
wolfSSL	1:e27310ce7654	2	*
wolfSSL	1:e27310ce7654	3	* Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL	1:e27310ce7654	4	*
wolfSSL	1:e27310ce7654	5	* This file is part of wolfSSL. (formerly known as wolfSSL)
wolfSSL	1:e27310ce7654	6	*
wolfSSL	1:e27310ce7654	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	1:e27310ce7654	8	* it under the terms of the GNU General Public License as published by
wolfSSL	1:e27310ce7654	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	1:e27310ce7654	10	* (at your option) any later version.
wolfSSL	1:e27310ce7654	11	*
wolfSSL	1:e27310ce7654	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	1:e27310ce7654	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	1:e27310ce7654	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	1:e27310ce7654	15	* GNU General Public License for more details.
wolfSSL	1:e27310ce7654	16	*
wolfSSL	1:e27310ce7654	17	* You should have received a copy of the GNU General Public License
wolfSSL	1:e27310ce7654	18	* along with this program; if not, write to the Free Software
wolfSSL	1:e27310ce7654	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	1:e27310ce7654	20	*/
wolfSSL	1:e27310ce7654	21
wolfSSL	1:e27310ce7654	22
wolfSSL	1:e27310ce7654	23	#ifndef WOLFSSL_INT_H
wolfSSL	1:e27310ce7654	24	#define WOLFSSL_INT_H
wolfSSL	1:e27310ce7654	25
wolfSSL	1:e27310ce7654	26
wolfSSL	1:e27310ce7654	27	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	1:e27310ce7654	28	#include <wolfssl/ssl.h>
wolfSSL	1:e27310ce7654	29	#ifdef HAVE_CRL
wolfSSL	1:e27310ce7654	30	#include <wolfssl/crl.h>
wolfSSL	1:e27310ce7654	31	#endif
wolfSSL	1:e27310ce7654	32	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	1:e27310ce7654	33	#ifndef NO_DES3
wolfSSL	1:e27310ce7654	34	#include <wolfssl/wolfcrypt/des3.h>
wolfSSL	1:e27310ce7654	35	#endif
wolfSSL	1:e27310ce7654	36	#ifndef NO_HC128
wolfSSL	1:e27310ce7654	37	#include <wolfssl/wolfcrypt/hc128.h>
wolfSSL	1:e27310ce7654	38	#endif
wolfSSL	1:e27310ce7654	39	#ifndef NO_RABBIT
wolfSSL	1:e27310ce7654	40	#include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL	1:e27310ce7654	41	#endif
wolfSSL	1:e27310ce7654	42	#ifdef HAVE_CHACHA
wolfSSL	1:e27310ce7654	43	#include <wolfssl/wolfcrypt/chacha.h>
wolfSSL	1:e27310ce7654	44	#endif
wolfSSL	1:e27310ce7654	45	#ifndef NO_ASN
wolfSSL	1:e27310ce7654	46	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	1:e27310ce7654	47	#endif
wolfSSL	1:e27310ce7654	48	#ifndef NO_MD5
wolfSSL	1:e27310ce7654	49	#include <wolfssl/wolfcrypt/md5.h>
wolfSSL	1:e27310ce7654	50	#endif
wolfSSL	1:e27310ce7654	51	#ifndef NO_SHA
wolfSSL	1:e27310ce7654	52	#include <wolfssl/wolfcrypt/sha.h>
wolfSSL	1:e27310ce7654	53	#endif
wolfSSL	1:e27310ce7654	54	#ifndef NO_AES
wolfSSL	1:e27310ce7654	55	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	1:e27310ce7654	56	#endif
wolfSSL	1:e27310ce7654	57	#ifdef HAVE_POLY1305
wolfSSL	1:e27310ce7654	58	#include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL	1:e27310ce7654	59	#endif
wolfSSL	1:e27310ce7654	60	#ifdef HAVE_CAMELLIA
wolfSSL	1:e27310ce7654	61	#include <wolfssl/wolfcrypt/camellia.h>
wolfSSL	1:e27310ce7654	62	#endif
wolfSSL	1:e27310ce7654	63	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	1:e27310ce7654	64	#ifndef NO_HMAC
wolfSSL	1:e27310ce7654	65	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	1:e27310ce7654	66	#endif
wolfSSL	1:e27310ce7654	67	#ifndef NO_RC4
wolfSSL	1:e27310ce7654	68	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	1:e27310ce7654	69	#endif
wolfSSL	1:e27310ce7654	70	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	71	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	1:e27310ce7654	72	#endif
wolfSSL	1:e27310ce7654	73	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	74	#include <wolfssl/wolfcrypt/sha256.h>
wolfSSL	1:e27310ce7654	75	#endif
wolfSSL	1:e27310ce7654	76	#ifdef HAVE_OCSP
wolfSSL	1:e27310ce7654	77	#include <wolfssl/ocsp.h>
wolfSSL	1:e27310ce7654	78	#endif
wolfSSL	1:e27310ce7654	79	#ifdef WOLFSSL_SHA512
wolfSSL	1:e27310ce7654	80	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	1:e27310ce7654	81	#endif
wolfSSL	1:e27310ce7654	82
wolfSSL	1:e27310ce7654	83	#ifdef HAVE_AESGCM
wolfSSL	1:e27310ce7654	84	#include <wolfssl/wolfcrypt/sha512.h>
wolfSSL	1:e27310ce7654	85	#endif
wolfSSL	1:e27310ce7654	86
wolfSSL	1:e27310ce7654	87	#ifdef WOLFSSL_RIPEMD
wolfSSL	1:e27310ce7654	88	#include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL	1:e27310ce7654	89	#endif
wolfSSL	1:e27310ce7654	90
wolfSSL	1:e27310ce7654	91	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	1:e27310ce7654	92
wolfSSL	1:e27310ce7654	93	#ifdef WOLFSSL_CALLBACKS
wolfSSL	1:e27310ce7654	94	#include <wolfssl/callbacks.h>
wolfSSL	1:e27310ce7654	95	#include <signal.h>
wolfSSL	1:e27310ce7654	96	#endif
wolfSSL	1:e27310ce7654	97
wolfSSL	1:e27310ce7654	98	#ifdef USE_WINDOWS_API
wolfSSL	1:e27310ce7654	99	#ifdef WOLFSSL_GAME_BUILD
wolfSSL	1:e27310ce7654	100	#include "system/xtl.h"
wolfSSL	1:e27310ce7654	101	#else
wolfSSL	1:e27310ce7654	102	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
wolfSSL	1:e27310ce7654	103	/* On WinCE winsock2.h must be included before windows.h */
wolfSSL	1:e27310ce7654	104	#include <winsock2.h>
wolfSSL	1:e27310ce7654	105	#endif
wolfSSL	1:e27310ce7654	106	#include <windows.h>
wolfSSL	1:e27310ce7654	107	#endif
wolfSSL	1:e27310ce7654	108	#elif defined(THREADX)
wolfSSL	1:e27310ce7654	109	#ifndef SINGLE_THREADED
wolfSSL	1:e27310ce7654	110	#include "tx_api.h"
wolfSSL	1:e27310ce7654	111	#endif
wolfSSL	1:e27310ce7654	112	#elif defined(MICRIUM)
wolfSSL	1:e27310ce7654	113	/* do nothing, just don't pick Unix */
wolfSSL	1:e27310ce7654	114	#elif defined(FREERTOS) \|\| defined(WOLFSSL_SAFERTOS)
wolfSSL	1:e27310ce7654	115	/* do nothing */
wolfSSL	1:e27310ce7654	116	#elif defined(EBSNET)
wolfSSL	1:e27310ce7654	117	/* do nothing */
wolfSSL	1:e27310ce7654	118	#elif defined(FREESCALE_MQX)
wolfSSL	1:e27310ce7654	119	/* do nothing */
wolfSSL	1:e27310ce7654	120	#elif defined(WOLFSSL_MDK_ARM)
wolfSSL	1:e27310ce7654	121	#if defined(WOLFSSL_MDK5)
wolfSSL	1:e27310ce7654	122	#include "cmsis_os.h"
wolfSSL	1:e27310ce7654	123	#else
wolfSSL	1:e27310ce7654	124	#include <rtl.h>
wolfSSL	1:e27310ce7654	125	#endif
wolfSSL	1:e27310ce7654	126	#elif defined(MBED)\|\| defined(WOLFSSL_CMSIS_RTOS)
wolfSSL	1:e27310ce7654	127	/* do nothing */
wolfSSL	1:e27310ce7654	128	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	1:e27310ce7654	129	/* do nothing */
wolfSSL	1:e27310ce7654	130	#else
wolfSSL	1:e27310ce7654	131	#ifndef SINGLE_THREADED
wolfSSL	1:e27310ce7654	132	#define WOLFSSL_PTHREADS
wolfSSL	1:e27310ce7654	133	#include <pthread.h>
wolfSSL	1:e27310ce7654	134	#endif
wolfSSL	1:e27310ce7654	135	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	1:e27310ce7654	136	#include <unistd.h> /* for close of BIO */
wolfSSL	1:e27310ce7654	137	#endif
wolfSSL	1:e27310ce7654	138	#endif
wolfSSL	1:e27310ce7654	139
wolfSSL	1:e27310ce7654	140
wolfSSL	1:e27310ce7654	141	#ifdef HAVE_LIBZ
wolfSSL	1:e27310ce7654	142	#include "zlib.h"
wolfSSL	1:e27310ce7654	143	#endif
wolfSSL	1:e27310ce7654	144
wolfSSL	1:e27310ce7654	145	#ifdef _MSC_VER
wolfSSL	1:e27310ce7654	146	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	1:e27310ce7654	147	#pragma warning(disable: 4996)
wolfSSL	1:e27310ce7654	148	#endif
wolfSSL	1:e27310ce7654	149
wolfSSL	1:e27310ce7654	150	#ifdef NO_AES
wolfSSL	1:e27310ce7654	151	#if !defined (ALIGN16)
wolfSSL	1:e27310ce7654	152	#define ALIGN16
wolfSSL	1:e27310ce7654	153	#endif
wolfSSL	1:e27310ce7654	154	#endif
wolfSSL	1:e27310ce7654	155
wolfSSL	1:e27310ce7654	156	#ifdef NO_SHA
wolfSSL	1:e27310ce7654	157	#define SHA_DIGEST_SIZE 20
wolfSSL	1:e27310ce7654	158	#endif
wolfSSL	1:e27310ce7654	159
wolfSSL	1:e27310ce7654	160	#ifdef NO_SHA256
wolfSSL	1:e27310ce7654	161	#define SHA256_DIGEST_SIZE 32
wolfSSL	1:e27310ce7654	162	#endif
wolfSSL	1:e27310ce7654	163
wolfSSL	1:e27310ce7654	164	#ifdef NO_MD5
wolfSSL	1:e27310ce7654	165	#define MD5_DIGEST_SIZE 16
wolfSSL	1:e27310ce7654	166	#endif
wolfSSL	1:e27310ce7654	167
wolfSSL	1:e27310ce7654	168
wolfSSL	1:e27310ce7654	169	#ifdef __cplusplus
wolfSSL	1:e27310ce7654	170	extern "C" {
wolfSSL	1:e27310ce7654	171	#endif
wolfSSL	1:e27310ce7654	172
wolfSSL	1:e27310ce7654	173
wolfSSL	1:e27310ce7654	174	#ifdef USE_WINDOWS_API
wolfSSL	1:e27310ce7654	175	typedef unsigned int SOCKET_T;
wolfSSL	1:e27310ce7654	176	#else
wolfSSL	1:e27310ce7654	177	typedef int SOCKET_T;
wolfSSL	1:e27310ce7654	178	#endif
wolfSSL	1:e27310ce7654	179
wolfSSL	1:e27310ce7654	180
wolfSSL	1:e27310ce7654	181	typedef byte word24[3];
wolfSSL	1:e27310ce7654	182
wolfSSL	1:e27310ce7654	183	/* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL	1:e27310ce7654	184	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL	1:e27310ce7654	185
wolfSSL	1:e27310ce7654	186	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL	1:e27310ce7654	187
wolfSSL	1:e27310ce7654	188	Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL	1:e27310ce7654	189	flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL	1:e27310ce7654	190	Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL	1:e27310ce7654	191	need to be switched off. Allowed suites use (EC)DHE, AES-GCM\|CCM, or
wolfSSL	1:e27310ce7654	192	CHACHA-POLY.
wolfSSL	1:e27310ce7654	193	*/
wolfSSL	1:e27310ce7654	194
wolfSSL	1:e27310ce7654	195	/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL	1:e27310ce7654	196	* not turned off. */
wolfSSL	1:e27310ce7654	197	#if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL	1:e27310ce7654	198	((!defined(HAVE_ECC) && (defined(NO_DH) \|\| defined(NO_RSA))) \|\| \
wolfSSL	1:e27310ce7654	199	(!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL	1:e27310ce7654	200	(!defined(HAVE_POLY1305) \|\| !defined(HAVE_CHACHA))) \|\| \
wolfSSL	1:e27310ce7654	201	(defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) \|\| \
wolfSSL	1:e27310ce7654	202	!defined(NO_OLD_TLS))
wolfSSL	1:e27310ce7654	203
wolfSSL	1:e27310ce7654	204	#error "You are trying to build max strength with requirements disabled."
wolfSSL	1:e27310ce7654	205	#endif
wolfSSL	1:e27310ce7654	206
wolfSSL	1:e27310ce7654	207	#ifndef WOLFSSL_MAX_STRENGTH
wolfSSL	1:e27310ce7654	208
wolfSSL	1:e27310ce7654	209	#if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL	1:e27310ce7654	210	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	211	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	1:e27310ce7654	212	#endif
wolfSSL	1:e27310ce7654	213	#if !defined(NO_MD5)
wolfSSL	1:e27310ce7654	214	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	1:e27310ce7654	215	#endif
wolfSSL	1:e27310ce7654	216	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
wolfSSL	1:e27310ce7654	217	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	1:e27310ce7654	218	#endif
wolfSSL	1:e27310ce7654	219	#endif
wolfSSL	1:e27310ce7654	220
wolfSSL	1:e27310ce7654	221	#if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL	1:e27310ce7654	222	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	223	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	1:e27310ce7654	224	#if !defined(NO_TLS) && defined(HAVE_NTRU)
wolfSSL	1:e27310ce7654	225	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	1:e27310ce7654	226	#endif
wolfSSL	1:e27310ce7654	227	#endif
wolfSSL	1:e27310ce7654	228	#endif
wolfSSL	1:e27310ce7654	229
wolfSSL	1:e27310ce7654	230	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	231	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	232	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	233	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	234	#if defined(HAVE_NTRU)
wolfSSL	1:e27310ce7654	235	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	236	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	237	#endif
wolfSSL	1:e27310ce7654	238	#endif
wolfSSL	1:e27310ce7654	239	#if !defined (NO_SHA256)
wolfSSL	1:e27310ce7654	240	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	241	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	1:e27310ce7654	242	#endif
wolfSSL	1:e27310ce7654	243	#if defined (HAVE_AESGCM)
wolfSSL	1:e27310ce7654	244	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	245	#if defined (WOLFSSL_SHA384)
wolfSSL	1:e27310ce7654	246	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	247	#endif
wolfSSL	1:e27310ce7654	248	#endif
wolfSSL	1:e27310ce7654	249	#if defined (HAVE_AESCCM)
wolfSSL	1:e27310ce7654	250	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	1:e27310ce7654	251	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	1:e27310ce7654	252	#endif
wolfSSL	1:e27310ce7654	253	#if defined(HAVE_BLAKE2)
wolfSSL	1:e27310ce7654	254	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	1:e27310ce7654	255	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	1:e27310ce7654	256	#endif
wolfSSL	1:e27310ce7654	257	#endif
wolfSSL	1:e27310ce7654	258
wolfSSL	1:e27310ce7654	259	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	260	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	261	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	262	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	1:e27310ce7654	263	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	1:e27310ce7654	264	#endif
wolfSSL	1:e27310ce7654	265	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	266	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	1:e27310ce7654	267	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	1:e27310ce7654	268	#endif
wolfSSL	1:e27310ce7654	269	#if !defined(NO_DH)
wolfSSL	1:e27310ce7654	270	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	271	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	1:e27310ce7654	272	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	1:e27310ce7654	273	#endif
wolfSSL	1:e27310ce7654	274	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	275	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	1:e27310ce7654	276	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	1:e27310ce7654	277	#endif
wolfSSL	1:e27310ce7654	278	#endif
wolfSSL	1:e27310ce7654	279	#endif
wolfSSL	1:e27310ce7654	280	#endif
wolfSSL	1:e27310ce7654	281
wolfSSL	1:e27310ce7654	282	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	283	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	284	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	285	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	286	#endif
wolfSSL	1:e27310ce7654	287	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	288	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	289	#ifdef HAVE_AESGCM
wolfSSL	1:e27310ce7654	290	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	291	#endif
wolfSSL	1:e27310ce7654	292	#ifdef HAVE_AESCCM
wolfSSL	1:e27310ce7654	293	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	1:e27310ce7654	294	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	1:e27310ce7654	295	#define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	1:e27310ce7654	296	#define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	1:e27310ce7654	297	#endif
wolfSSL	1:e27310ce7654	298	#endif
wolfSSL	1:e27310ce7654	299	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	300	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	1:e27310ce7654	301	#ifdef HAVE_AESGCM
wolfSSL	1:e27310ce7654	302	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	303	#endif
wolfSSL	1:e27310ce7654	304	#endif
wolfSSL	1:e27310ce7654	305	#endif
wolfSSL	1:e27310ce7654	306
wolfSSL	1:e27310ce7654	307	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL	1:e27310ce7654	308	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	309	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	310	#define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	1:e27310ce7654	311	#endif
wolfSSL	1:e27310ce7654	312	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	313	#define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	1:e27310ce7654	314	#endif
wolfSSL	1:e27310ce7654	315	#endif
wolfSSL	1:e27310ce7654	316	#if !defined(NO_PSK)
wolfSSL	1:e27310ce7654	317	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	318	#define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	1:e27310ce7654	319	#endif
wolfSSL	1:e27310ce7654	320	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	321	#define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	1:e27310ce7654	322	#endif
wolfSSL	1:e27310ce7654	323	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	324	#define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	1:e27310ce7654	325	#endif
wolfSSL	1:e27310ce7654	326	#endif
wolfSSL	1:e27310ce7654	327	#endif
wolfSSL	1:e27310ce7654	328
wolfSSL	1:e27310ce7654	329	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	330	#define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	1:e27310ce7654	331	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	332	#define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	1:e27310ce7654	333	#endif
wolfSSL	1:e27310ce7654	334	#if defined(HAVE_BLAKE2)
wolfSSL	1:e27310ce7654	335	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	1:e27310ce7654	336	#endif
wolfSSL	1:e27310ce7654	337	#endif
wolfSSL	1:e27310ce7654	338
wolfSSL	1:e27310ce7654	339	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL	1:e27310ce7654	340	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	341	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	1:e27310ce7654	342	#endif
wolfSSL	1:e27310ce7654	343	#endif
wolfSSL	1:e27310ce7654	344
wolfSSL	1:e27310ce7654	345	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	1:e27310ce7654	346	!defined(NO_RSA)
wolfSSL	1:e27310ce7654	347
wolfSSL	1:e27310ce7654	348	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	349	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	350	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	351	#endif
wolfSSL	1:e27310ce7654	352	#if !defined(NO_SHA256)
wolfSSL	1:e27310ce7654	353	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	354	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	1:e27310ce7654	355	#endif
wolfSSL	1:e27310ce7654	356	#endif
wolfSSL	1:e27310ce7654	357
wolfSSL	1:e27310ce7654	358	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL	1:e27310ce7654	359	!defined(NO_AES) && !defined(NO_SHA)
wolfSSL	1:e27310ce7654	360	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	361	#endif
wolfSSL	1:e27310ce7654	362
wolfSSL	1:e27310ce7654	363	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	364	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	365	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	366	#ifdef HAVE_NULL_CIPHER
wolfSSL	1:e27310ce7654	367	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	1:e27310ce7654	368	#endif
wolfSSL	1:e27310ce7654	369	#endif
wolfSSL	1:e27310ce7654	370	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	371	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	1:e27310ce7654	372	#ifdef HAVE_NULL_CIPHER
wolfSSL	1:e27310ce7654	373	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	1:e27310ce7654	374	#endif
wolfSSL	1:e27310ce7654	375	#endif
wolfSSL	1:e27310ce7654	376	#endif
wolfSSL	1:e27310ce7654	377
wolfSSL	1:e27310ce7654	378	#if defined(HAVE_ECC) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	379	#if !defined(NO_AES)
wolfSSL	1:e27310ce7654	380	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	381	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	382	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	383	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	384	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	385	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	386	#endif
wolfSSL	1:e27310ce7654	387
wolfSSL	1:e27310ce7654	388	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	389	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	390
wolfSSL	1:e27310ce7654	391	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	1:e27310ce7654	392	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	1:e27310ce7654	393	#endif /* NO_SHA */
wolfSSL	1:e27310ce7654	394	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	395	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	396	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	397	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	398	#endif
wolfSSL	1:e27310ce7654	399	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	400	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	1:e27310ce7654	401	#endif
wolfSSL	1:e27310ce7654	402
wolfSSL	1:e27310ce7654	403	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	404	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	405	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	1:e27310ce7654	406	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	1:e27310ce7654	407	#endif
wolfSSL	1:e27310ce7654	408	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	1:e27310ce7654	409	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	1:e27310ce7654	410	#endif
wolfSSL	1:e27310ce7654	411
wolfSSL	1:e27310ce7654	412	#if defined (HAVE_AESGCM)
wolfSSL	1:e27310ce7654	413	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	414	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	415	#if defined(WOLFSSL_SHA384)
wolfSSL	1:e27310ce7654	416	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	417	#endif
wolfSSL	1:e27310ce7654	418	#endif
wolfSSL	1:e27310ce7654	419
wolfSSL	1:e27310ce7654	420	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	421
wolfSSL	1:e27310ce7654	422	#if defined(WOLFSSL_SHA384)
wolfSSL	1:e27310ce7654	423	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	424	#endif
wolfSSL	1:e27310ce7654	425	#endif
wolfSSL	1:e27310ce7654	426	#endif /* NO_AES */
wolfSSL	1:e27310ce7654	427	#if !defined(NO_RC4)
wolfSSL	1:e27310ce7654	428	#if !defined(NO_SHA)
wolfSSL	1:e27310ce7654	429	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	430	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	1:e27310ce7654	431	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	1:e27310ce7654	432	#endif
wolfSSL	1:e27310ce7654	433
wolfSSL	1:e27310ce7654	434	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	1:e27310ce7654	435	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	1:e27310ce7654	436	#endif
wolfSSL	1:e27310ce7654	437	#endif
wolfSSL	1:e27310ce7654	438	#if !defined(NO_DES3)
wolfSSL	1:e27310ce7654	439	#ifndef NO_SHA
wolfSSL	1:e27310ce7654	440	#if !defined(NO_RSA)
wolfSSL	1:e27310ce7654	441	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	1:e27310ce7654	442	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	1:e27310ce7654	443	#endif
wolfSSL	1:e27310ce7654	444
wolfSSL	1:e27310ce7654	445	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	1:e27310ce7654	446	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	1:e27310ce7654	447	#endif /* NO_SHA */
wolfSSL	1:e27310ce7654	448	#endif
wolfSSL	1:e27310ce7654	449	#endif
wolfSSL	1:e27310ce7654	450
wolfSSL	1:e27310ce7654	451	#endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL	1:e27310ce7654	452
wolfSSL	1:e27310ce7654	453	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL	1:e27310ce7654	454	!defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL	1:e27310ce7654	455
wolfSSL	1:e27310ce7654	456	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	457	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	458	#endif
wolfSSL	1:e27310ce7654	459
wolfSSL	1:e27310ce7654	460	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	461	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	462	#endif
wolfSSL	1:e27310ce7654	463	#endif
wolfSSL	1:e27310ce7654	464
wolfSSL	1:e27310ce7654	465	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL	1:e27310ce7654	466	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	467	#ifdef HAVE_AESGCM
wolfSSL	1:e27310ce7654	468	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	469	#endif
wolfSSL	1:e27310ce7654	470	#ifdef HAVE_AESCCM
wolfSSL	1:e27310ce7654	471	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	1:e27310ce7654	472	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	1:e27310ce7654	473	#endif
wolfSSL	1:e27310ce7654	474	#endif
wolfSSL	1:e27310ce7654	475	#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL	1:e27310ce7654	476	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	477	#endif
wolfSSL	1:e27310ce7654	478	#endif
wolfSSL	1:e27310ce7654	479
wolfSSL	1:e27310ce7654	480	#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
wolfSSL	1:e27310ce7654	481	#ifdef HAVE_AESGCM
wolfSSL	1:e27310ce7654	482	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	483	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	484	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	485	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	1:e27310ce7654	486	#endif
wolfSSL	1:e27310ce7654	487	#endif
wolfSSL	1:e27310ce7654	488	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	489	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	490	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	491	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	1:e27310ce7654	492	#endif
wolfSSL	1:e27310ce7654	493	#endif
wolfSSL	1:e27310ce7654	494	#endif
wolfSSL	1:e27310ce7654	495	#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL	1:e27310ce7654	496	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	1:e27310ce7654	497	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	1:e27310ce7654	498	#endif
wolfSSL	1:e27310ce7654	499	#endif
wolfSSL	1:e27310ce7654	500
wolfSSL	1:e27310ce7654	501	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL	1:e27310ce7654	502	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	503	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	1:e27310ce7654	504	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	505	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	1:e27310ce7654	506	#endif
wolfSSL	1:e27310ce7654	507	#endif
wolfSSL	1:e27310ce7654	508	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	1:e27310ce7654	509	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	1:e27310ce7654	510	#endif
wolfSSL	1:e27310ce7654	511	#endif
wolfSSL	1:e27310ce7654	512
wolfSSL	1:e27310ce7654	513
wolfSSL	1:e27310ce7654	514	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
wolfSSL	1:e27310ce7654	515	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL	1:e27310ce7654	516	#define BUILD_ARC4
wolfSSL	1:e27310ce7654	517	#endif
wolfSSL	1:e27310ce7654	518
wolfSSL	1:e27310ce7654	519	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL	1:e27310ce7654	520	#define BUILD_DES3
wolfSSL	1:e27310ce7654	521	#endif
wolfSSL	1:e27310ce7654	522
wolfSSL	1:e27310ce7654	523	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
wolfSSL	1:e27310ce7654	524	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
wolfSSL	1:e27310ce7654	525	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
wolfSSL	1:e27310ce7654	526	#undef BUILD_AES
wolfSSL	1:e27310ce7654	527	#define BUILD_AES
wolfSSL	1:e27310ce7654	528	#endif
wolfSSL	1:e27310ce7654	529
wolfSSL	1:e27310ce7654	530	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	1:e27310ce7654	531	defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	1:e27310ce7654	532	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) \|\| \
wolfSSL	1:e27310ce7654	533	defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256)
wolfSSL	1:e27310ce7654	534	#define BUILD_AESGCM
wolfSSL	1:e27310ce7654	535	#endif
wolfSSL	1:e27310ce7654	536
wolfSSL	1:e27310ce7654	537	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
wolfSSL	1:e27310ce7654	538	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
wolfSSL	1:e27310ce7654	539	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL	1:e27310ce7654	540	#define BUILD_HC128
wolfSSL	1:e27310ce7654	541	#endif
wolfSSL	1:e27310ce7654	542
wolfSSL	1:e27310ce7654	543	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL	1:e27310ce7654	544	#define BUILD_RABBIT
wolfSSL	1:e27310ce7654	545	#endif
wolfSSL	1:e27310ce7654	546
wolfSSL	1:e27310ce7654	547	#ifdef NO_DES3
wolfSSL	1:e27310ce7654	548	#define DES_BLOCK_SIZE 8
wolfSSL	1:e27310ce7654	549	#else
wolfSSL	1:e27310ce7654	550	#undef BUILD_DES3
wolfSSL	1:e27310ce7654	551	#define BUILD_DES3
wolfSSL	1:e27310ce7654	552	#endif
wolfSSL	1:e27310ce7654	553
wolfSSL	1:e27310ce7654	554	#ifdef NO_AES
wolfSSL	1:e27310ce7654	555	#define AES_BLOCK_SIZE 16
wolfSSL	1:e27310ce7654	556	#else
wolfSSL	1:e27310ce7654	557	#undef BUILD_AES
wolfSSL	1:e27310ce7654	558	#define BUILD_AES
wolfSSL	1:e27310ce7654	559	#endif
wolfSSL	1:e27310ce7654	560
wolfSSL	1:e27310ce7654	561	#ifndef NO_RC4
wolfSSL	1:e27310ce7654	562	#undef BUILD_ARC4
wolfSSL	1:e27310ce7654	563	#define BUILD_ARC4
wolfSSL	1:e27310ce7654	564	#endif
wolfSSL	1:e27310ce7654	565
wolfSSL	1:e27310ce7654	566	#ifdef HAVE_CHACHA
wolfSSL	1:e27310ce7654	567	#define CHACHA20_BLOCK_SIZE 16
wolfSSL	1:e27310ce7654	568	#endif
wolfSSL	1:e27310ce7654	569
wolfSSL	1:e27310ce7654	570	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	1:e27310ce7654	571	defined(HAVE_AESGCM) \|\| defined(HAVE_AESCCM) \|\| \
wolfSSL	1:e27310ce7654	572	(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
wolfSSL	1:e27310ce7654	573
wolfSSL	1:e27310ce7654	574	#define HAVE_AEAD
wolfSSL	1:e27310ce7654	575	#endif
wolfSSL	1:e27310ce7654	576
wolfSSL	1:e27310ce7654	577	#if defined(WOLFSSL_MAX_STRENGTH) \|\| \
wolfSSL	1:e27310ce7654	578	defined(HAVE_ECC) \|\| !defined(NO_DH)
wolfSSL	1:e27310ce7654	579
wolfSSL	1:e27310ce7654	580	#define HAVE_PFS
wolfSSL	1:e27310ce7654	581	#endif
wolfSSL	1:e27310ce7654	582
wolfSSL	1:e27310ce7654	583
wolfSSL	1:e27310ce7654	584	/* actual cipher values, 2nd byte */
wolfSSL	1:e27310ce7654	585	enum {
wolfSSL	1:e27310ce7654	586	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL	1:e27310ce7654	587	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL	1:e27310ce7654	588	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL	1:e27310ce7654	589	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL	1:e27310ce7654	590	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL	1:e27310ce7654	591	TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL	1:e27310ce7654	592	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL	1:e27310ce7654	593	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL	1:e27310ce7654	594	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL	1:e27310ce7654	595	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL	1:e27310ce7654	596	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL	1:e27310ce7654	597	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL	1:e27310ce7654	598	TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL	1:e27310ce7654	599	SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL	1:e27310ce7654	600	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL	1:e27310ce7654	601	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL	1:e27310ce7654	602
wolfSSL	1:e27310ce7654	603	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	1:e27310ce7654	604	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL	1:e27310ce7654	605	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL	1:e27310ce7654	606	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL	1:e27310ce7654	607	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL	1:e27310ce7654	608	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL	1:e27310ce7654	609	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL	1:e27310ce7654	610	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL	1:e27310ce7654	611	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL	1:e27310ce7654	612	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL	1:e27310ce7654	613	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL	1:e27310ce7654	614	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL	1:e27310ce7654	615	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL	1:e27310ce7654	616
wolfSSL	1:e27310ce7654	617	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	1:e27310ce7654	618	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL	1:e27310ce7654	619	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL	1:e27310ce7654	620	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL	1:e27310ce7654	621	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL	1:e27310ce7654	622	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL	1:e27310ce7654	623	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL	1:e27310ce7654	624	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL	1:e27310ce7654	625	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL	1:e27310ce7654	626	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL	1:e27310ce7654	627	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL	1:e27310ce7654	628	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL	1:e27310ce7654	629	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL	1:e27310ce7654	630
wolfSSL	1:e27310ce7654	631	/* wolfSSL extension - eSTREAM */
wolfSSL	1:e27310ce7654	632	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL	1:e27310ce7654	633	TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL	1:e27310ce7654	634	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL	1:e27310ce7654	635
wolfSSL	1:e27310ce7654	636	/* wolfSSL extension - Blake2b 256 */
wolfSSL	1:e27310ce7654	637	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL	1:e27310ce7654	638	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL	1:e27310ce7654	639	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL	1:e27310ce7654	640
wolfSSL	1:e27310ce7654	641	/* wolfSSL extension - NTRU */
wolfSSL	1:e27310ce7654	642	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL	1:e27310ce7654	643	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL	1:e27310ce7654	644	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL	1:e27310ce7654	645	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL	1:e27310ce7654	646
wolfSSL	1:e27310ce7654	647	/* SHA256 */
wolfSSL	1:e27310ce7654	648	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL	1:e27310ce7654	649	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL	1:e27310ce7654	650	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL	1:e27310ce7654	651	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL	1:e27310ce7654	652	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL	1:e27310ce7654	653	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL	1:e27310ce7654	654	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL	1:e27310ce7654	655
wolfSSL	1:e27310ce7654	656	/* SHA384 */
wolfSSL	1:e27310ce7654	657	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL	1:e27310ce7654	658	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL	1:e27310ce7654	659
wolfSSL	1:e27310ce7654	660	/* AES-GCM */
wolfSSL	1:e27310ce7654	661	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL	1:e27310ce7654	662	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL	1:e27310ce7654	663	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL	1:e27310ce7654	664	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL	1:e27310ce7654	665	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL	1:e27310ce7654	666	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL	1:e27310ce7654	667	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL	1:e27310ce7654	668	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL	1:e27310ce7654	669
wolfSSL	1:e27310ce7654	670	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL	1:e27310ce7654	671	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL	1:e27310ce7654	672	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL	1:e27310ce7654	673	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL	1:e27310ce7654	674	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL	1:e27310ce7654	675	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL	1:e27310ce7654	676	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL	1:e27310ce7654	677	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL	1:e27310ce7654	678	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL	1:e27310ce7654	679
wolfSSL	1:e27310ce7654	680	/* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL	1:e27310ce7654	681	* also, in some of the other AES-CCM suites
wolfSSL	1:e27310ce7654	682	* there will be second byte number conflicts
wolfSSL	1:e27310ce7654	683	* with non-ECC AES-GCM */
wolfSSL	1:e27310ce7654	684	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL	1:e27310ce7654	685	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL	1:e27310ce7654	686	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL	1:e27310ce7654	687	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL	1:e27310ce7654	688	TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL	1:e27310ce7654	689	TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL	1:e27310ce7654	690	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL	1:e27310ce7654	691	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL	1:e27310ce7654	692	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL	1:e27310ce7654	693	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL	1:e27310ce7654	694
wolfSSL	1:e27310ce7654	695	/* Camellia */
wolfSSL	1:e27310ce7654	696	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL	1:e27310ce7654	697	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL	1:e27310ce7654	698	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL	1:e27310ce7654	699	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL	1:e27310ce7654	700	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL	1:e27310ce7654	701	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL	1:e27310ce7654	702	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL	1:e27310ce7654	703	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL	1:e27310ce7654	704
wolfSSL	1:e27310ce7654	705	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13,
wolfSSL	1:e27310ce7654	706	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
wolfSSL	1:e27310ce7654	707	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15,
wolfSSL	1:e27310ce7654	708
wolfSSL	1:e27310ce7654	709	/* Renegotiation Indication Extension Special Suite */
wolfSSL	1:e27310ce7654	710	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL	1:e27310ce7654	711	};
wolfSSL	1:e27310ce7654	712
wolfSSL	1:e27310ce7654	713
wolfSSL	1:e27310ce7654	714	#ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL	1:e27310ce7654	715	#define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL	1:e27310ce7654	716	/* default session resumption cache timeout in seconds */
wolfSSL	1:e27310ce7654	717	#endif
wolfSSL	1:e27310ce7654	718
wolfSSL	1:e27310ce7654	719
wolfSSL	1:e27310ce7654	720	enum Misc {
wolfSSL	1:e27310ce7654	721	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL	1:e27310ce7654	722	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL	1:e27310ce7654	723
wolfSSL	1:e27310ce7654	724	SEND_CERT = 1,
wolfSSL	1:e27310ce7654	725	SEND_BLANK_CERT = 2,
wolfSSL	1:e27310ce7654	726
wolfSSL	1:e27310ce7654	727	DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL	1:e27310ce7654	728	DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL	1:e27310ce7654	729	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL	1:e27310ce7654	730	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL	1:e27310ce7654	731	SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL	1:e27310ce7654	732	TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL	1:e27310ce7654	733	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL	1:e27310ce7654	734	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL	1:e27310ce7654	735	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL	1:e27310ce7654	736	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL	1:e27310ce7654	737	NO_COMPRESSION = 0,
wolfSSL	1:e27310ce7654	738	ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL	1:e27310ce7654	739	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL	1:e27310ce7654	740	SECRET_LEN = 48, /* pre RSA and all master */
wolfSSL	1:e27310ce7654	741	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL	1:e27310ce7654	742	SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL	1:e27310ce7654	743	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
wolfSSL	1:e27310ce7654	744	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL	1:e27310ce7654	745	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
wolfSSL	1:e27310ce7654	746	/* max added to msg, mac + pad from */
wolfSSL	1:e27310ce7654	747	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL	1:e27310ce7654	748	digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL	1:e27310ce7654	749	MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL	1:e27310ce7654	750	MAX_MTU = 1500, /* max expected MTU */
wolfSSL	1:e27310ce7654	751	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL	1:e27310ce7654	752	MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
wolfSSL	1:e27310ce7654	753	MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL	1:e27310ce7654	754
wolfSSL	1:e27310ce7654	755	PAD_MD5 = 48, /* pad length for finished */
wolfSSL	1:e27310ce7654	756	PAD_SHA = 40, /* pad length for finished */
wolfSSL	1:e27310ce7654	757	MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL	1:e27310ce7654	758	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
wolfSSL	1:e27310ce7654	759	COMPRESS_CONSTANT = 13, /* compression calc constant */
wolfSSL	1:e27310ce7654	760	COMPRESS_UPPER = 55, /* compression calc numerator */
wolfSSL	1:e27310ce7654	761	COMPRESS_LOWER = 64, /* compression calc denominator */
wolfSSL	1:e27310ce7654	762
wolfSSL	1:e27310ce7654	763	PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL	1:e27310ce7654	764	LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL	1:e27310ce7654	765	VERSION_SZ = 2, /* length of proctocol version */
wolfSSL	1:e27310ce7654	766	SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL	1:e27310ce7654	767	BYTE3_LEN = 3, /* up to 24 bit byte lengths */
wolfSSL	1:e27310ce7654	768	ALERT_SIZE = 2, /* level + description */
wolfSSL	1:e27310ce7654	769	VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL	1:e27310ce7654	770	EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL	1:e27310ce7654	771	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
wolfSSL	1:e27310ce7654	772	SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL	1:e27310ce7654	773
wolfSSL	1:e27310ce7654	774	MAX_SUITE_SZ = 200, /* 100 suites for now! */
wolfSSL	1:e27310ce7654	775	RAN_LEN = 32, /* random length */
wolfSSL	1:e27310ce7654	776	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL	1:e27310ce7654	777	ID_LEN = 32, /* session id length */
wolfSSL	1:e27310ce7654	778	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL	1:e27310ce7654	779	COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL	1:e27310ce7654	780	SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL	1:e27310ce7654	781	ENUM_LEN = 1, /* always a byte */
wolfSSL	1:e27310ce7654	782	OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL	1:e27310ce7654	783	OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL	1:e27310ce7654	784	OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL	1:e27310ce7654	785	OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL	1:e27310ce7654	786	COMP_LEN = 1, /* compression length */
wolfSSL	1:e27310ce7654	787	CURVE_LEN = 2, /* ecc named curve length */
wolfSSL	1:e27310ce7654	788	SERVER_ID_LEN = 20, /* server session id length */
wolfSSL	1:e27310ce7654	789
wolfSSL	1:e27310ce7654	790	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL	1:e27310ce7654	791	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL	1:e27310ce7654	792	CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL	1:e27310ce7654	793	REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL	1:e27310ce7654	794	HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL	1:e27310ce7654	795	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL	1:e27310ce7654	796	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL	1:e27310ce7654	797	HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
wolfSSL	1:e27310ce7654	798	HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
wolfSSL	1:e27310ce7654	799	HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
wolfSSL	1:e27310ce7654	800	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
wolfSSL	1:e27310ce7654	801
wolfSSL	1:e27310ce7654	802	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL	1:e27310ce7654	803	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL	1:e27310ce7654	804	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL	1:e27310ce7654	805	DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL	1:e27310ce7654	806	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL	1:e27310ce7654	807	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL	1:e27310ce7654	808	DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
wolfSSL	1:e27310ce7654	809
wolfSSL	1:e27310ce7654	810	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL	1:e27310ce7654	811	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL	1:e27310ce7654	812	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL	1:e27310ce7654	813	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL	1:e27310ce7654	814	MAX_PRF_HALF = 256, /* Maximum half secret len */
wolfSSL	1:e27310ce7654	815	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL	1:e27310ce7654	816	MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL	1:e27310ce7654	817	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL	1:e27310ce7654	818	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL	1:e27310ce7654	819
wolfSSL	1:e27310ce7654	820	RC4_KEY_SIZE = 16, /* always 128bit */
wolfSSL	1:e27310ce7654	821	DES_KEY_SIZE = 8, /* des */
wolfSSL	1:e27310ce7654	822	DES3_KEY_SIZE = 24, /* 3 des ede */
wolfSSL	1:e27310ce7654	823	DES_IV_SIZE = DES_BLOCK_SIZE,
wolfSSL	1:e27310ce7654	824	AES_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	1:e27310ce7654	825	AES_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	1:e27310ce7654	826	AES_IV_SIZE = 16, /* always block size */
wolfSSL	1:e27310ce7654	827	AES_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	1:e27310ce7654	828
wolfSSL	1:e27310ce7654	829	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL	1:e27310ce7654	830	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL	1:e27310ce7654	831	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL	1:e27310ce7654	832	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL	1:e27310ce7654	833	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL	1:e27310ce7654	834	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL	1:e27310ce7654	835	AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
wolfSSL	1:e27310ce7654	836	AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
wolfSSL	1:e27310ce7654	837	AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
wolfSSL	1:e27310ce7654	838
wolfSSL	1:e27310ce7654	839	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL	1:e27310ce7654	840	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL	1:e27310ce7654	841	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL	1:e27310ce7654	842
wolfSSL	1:e27310ce7654	843	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	1:e27310ce7654	844	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL	1:e27310ce7654	845	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	1:e27310ce7654	846	CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL	1:e27310ce7654	847
wolfSSL	1:e27310ce7654	848	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL	1:e27310ce7654	849	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL	1:e27310ce7654	850	CHACHA20_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	1:e27310ce7654	851
wolfSSL	1:e27310ce7654	852	POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL	1:e27310ce7654	853
wolfSSL	1:e27310ce7654	854	HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL	1:e27310ce7654	855	HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL	1:e27310ce7654	856
wolfSSL	1:e27310ce7654	857	RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL	1:e27310ce7654	858	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL	1:e27310ce7654	859
wolfSSL	1:e27310ce7654	860	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL	1:e27310ce7654	861
wolfSSL	1:e27310ce7654	862	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL	1:e27310ce7654	863	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL	1:e27310ce7654	864
wolfSSL	1:e27310ce7654	865	MAX_HELLO_SZ = 128, /* max client or server hello */
wolfSSL	1:e27310ce7654	866	MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL	1:e27310ce7654	867	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL	1:e27310ce7654	868	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL	1:e27310ce7654	869
wolfSSL	1:e27310ce7654	870	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL	1:e27310ce7654	871	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL	1:e27310ce7654	872	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL	1:e27310ce7654	873
wolfSSL	1:e27310ce7654	874	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL	1:e27310ce7654	875	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL	1:e27310ce7654	876
wolfSSL	1:e27310ce7654	877	MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL	1:e27310ce7654	878
wolfSSL	1:e27310ce7654	879	#ifdef FORTRESS
wolfSSL	1:e27310ce7654	880	MAX_EX_DATA = 3, /* allow for three items of ex_data */
wolfSSL	1:e27310ce7654	881	#endif
wolfSSL	1:e27310ce7654	882
wolfSSL	1:e27310ce7654	883	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL	1:e27310ce7654	884	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL	1:e27310ce7654	885	MAX_FILENAME_SZ = 256, /* max file name length */
wolfSSL	1:e27310ce7654	886	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
wolfSSL	1:e27310ce7654	887	will use dynamic buffer if not big enough */
wolfSSL	1:e27310ce7654	888
wolfSSL	1:e27310ce7654	889	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL	1:e27310ce7654	890	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL	1:e27310ce7654	891	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL	1:e27310ce7654	892	NO_SNIFF = 0, /* not sniffing */
wolfSSL	1:e27310ce7654	893	SNIFF = 1, /* currently sniffing */
wolfSSL	1:e27310ce7654	894
wolfSSL	1:e27310ce7654	895	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL	1:e27310ce7654	896
wolfSSL	1:e27310ce7654	897	NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
wolfSSL	1:e27310ce7654	898
wolfSSL	1:e27310ce7654	899	NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL	1:e27310ce7654	900	COPY = 1 /* should we copy static buffer for write */
wolfSSL	1:e27310ce7654	901	};
wolfSSL	1:e27310ce7654	902
wolfSSL	1:e27310ce7654	903
wolfSSL	1:e27310ce7654	904	#ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL	1:e27310ce7654	905	#ifdef WOLFSSL_MAX_STRENGTH
wolfSSL	1:e27310ce7654	906	#define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL	1:e27310ce7654	907	#else
wolfSSL	1:e27310ce7654	908	#define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL	1:e27310ce7654	909	#endif
wolfSSL	1:e27310ce7654	910	#endif
wolfSSL	1:e27310ce7654	911	#if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL	1:e27310ce7654	912	#error DH minimum bit size must be multiple of 8
wolfSSL	1:e27310ce7654	913	#endif
wolfSSL	1:e27310ce7654	914	#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL	1:e27310ce7654	915	#error DH minimum bit size must not be greater than 16000
wolfSSL	1:e27310ce7654	916	#endif
wolfSSL	1:e27310ce7654	917	#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL	1:e27310ce7654	918
wolfSSL	1:e27310ce7654	919
wolfSSL	1:e27310ce7654	920	#ifdef SESSION_INDEX
wolfSSL	1:e27310ce7654	921	/* Shift values for making a session index */
wolfSSL	1:e27310ce7654	922	#define SESSIDX_ROW_SHIFT 4
wolfSSL	1:e27310ce7654	923	#define SESSIDX_IDX_MASK 0x0F
wolfSSL	1:e27310ce7654	924	#endif
wolfSSL	1:e27310ce7654	925
wolfSSL	1:e27310ce7654	926
wolfSSL	1:e27310ce7654	927	/* max cert chain peer depth */
wolfSSL	1:e27310ce7654	928	#ifndef MAX_CHAIN_DEPTH
wolfSSL	1:e27310ce7654	929	#define MAX_CHAIN_DEPTH 9
wolfSSL	1:e27310ce7654	930	#endif
wolfSSL	1:e27310ce7654	931
wolfSSL	1:e27310ce7654	932	#ifndef SESSION_TICKET_LEN
wolfSSL	1:e27310ce7654	933	#define SESSION_TICKET_LEN 256
wolfSSL	1:e27310ce7654	934	#endif
wolfSSL	1:e27310ce7654	935
wolfSSL	1:e27310ce7654	936	#ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL	1:e27310ce7654	937	#define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL	1:e27310ce7654	938	#endif
wolfSSL	1:e27310ce7654	939
wolfSSL	1:e27310ce7654	940
wolfSSL	1:e27310ce7654	941	/* don't use extra 3/4k stack space unless need to */
wolfSSL	1:e27310ce7654	942	#ifdef HAVE_NTRU
wolfSSL	1:e27310ce7654	943	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL	1:e27310ce7654	944	#else
wolfSSL	1:e27310ce7654	945	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL	1:e27310ce7654	946	#endif
wolfSSL	1:e27310ce7654	947
wolfSSL	1:e27310ce7654	948
wolfSSL	1:e27310ce7654	949	/* states */
wolfSSL	1:e27310ce7654	950	enum states {
wolfSSL	1:e27310ce7654	951	NULL_STATE = 0,
wolfSSL	1:e27310ce7654	952
wolfSSL	1:e27310ce7654	953	SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL	1:e27310ce7654	954	SERVER_HELLO_COMPLETE,
wolfSSL	1:e27310ce7654	955	SERVER_CERT_COMPLETE,
wolfSSL	1:e27310ce7654	956	SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL	1:e27310ce7654	957	SERVER_HELLODONE_COMPLETE,
wolfSSL	1:e27310ce7654	958	SERVER_FINISHED_COMPLETE,
wolfSSL	1:e27310ce7654	959
wolfSSL	1:e27310ce7654	960	CLIENT_HELLO_COMPLETE,
wolfSSL	1:e27310ce7654	961	CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL	1:e27310ce7654	962	CLIENT_FINISHED_COMPLETE,
wolfSSL	1:e27310ce7654	963
wolfSSL	1:e27310ce7654	964	HANDSHAKE_DONE
wolfSSL	1:e27310ce7654	965	};
wolfSSL	1:e27310ce7654	966
wolfSSL	1:e27310ce7654	967
wolfSSL	1:e27310ce7654	968	#if defined(__GNUC__)
wolfSSL	1:e27310ce7654	969	#define WOLFSSL_PACK __attribute__ ((packed))
wolfSSL	1:e27310ce7654	970	#else
wolfSSL	1:e27310ce7654	971	#define WOLFSSL_PACK
wolfSSL	1:e27310ce7654	972	#endif
wolfSSL	1:e27310ce7654	973
wolfSSL	1:e27310ce7654	974	/* SSL Version */
wolfSSL	1:e27310ce7654	975	typedef struct ProtocolVersion {
wolfSSL	1:e27310ce7654	976	byte major;
wolfSSL	1:e27310ce7654	977	byte minor;
wolfSSL	1:e27310ce7654	978	} WOLFSSL_PACK ProtocolVersion;
wolfSSL	1:e27310ce7654	979
wolfSSL	1:e27310ce7654	980
wolfSSL	1:e27310ce7654	981	WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL	1:e27310ce7654	982	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL	1:e27310ce7654	983	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL	1:e27310ce7654	984	WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL	1:e27310ce7654	985
wolfSSL	1:e27310ce7654	986	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	987	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL	1:e27310ce7654	988	WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL	1:e27310ce7654	989	#endif
wolfSSL	1:e27310ce7654	990
wolfSSL	1:e27310ce7654	991
wolfSSL	1:e27310ce7654	992	enum BIO_TYPE {
wolfSSL	1:e27310ce7654	993	BIO_BUFFER = 1,
wolfSSL	1:e27310ce7654	994	BIO_SOCKET = 2,
wolfSSL	1:e27310ce7654	995	BIO_SSL = 3,
wolfSSL	1:e27310ce7654	996	BIO_MEMORY = 4
wolfSSL	1:e27310ce7654	997	};
wolfSSL	1:e27310ce7654	998
wolfSSL	1:e27310ce7654	999
wolfSSL	1:e27310ce7654	1000	/* wolfSSL BIO_METHOD type */
wolfSSL	1:e27310ce7654	1001	struct WOLFSSL_BIO_METHOD {
wolfSSL	1:e27310ce7654	1002	byte type; /* method type */
wolfSSL	1:e27310ce7654	1003	};
wolfSSL	1:e27310ce7654	1004
wolfSSL	1:e27310ce7654	1005
wolfSSL	1:e27310ce7654	1006	/* wolfSSL BIO type */
wolfSSL	1:e27310ce7654	1007	struct WOLFSSL_BIO {
wolfSSL	1:e27310ce7654	1008	byte type; /* method type */
wolfSSL	1:e27310ce7654	1009	byte close; /* close flag */
wolfSSL	1:e27310ce7654	1010	byte eof; /* eof flag */
wolfSSL	1:e27310ce7654	1011	WOLFSSL* ssl; /* possible associated ssl */
wolfSSL	1:e27310ce7654	1012	byte* mem; /* memory buffer */
wolfSSL	1:e27310ce7654	1013	int memLen; /* memory buffer length */
wolfSSL	1:e27310ce7654	1014	int fd; /* possible file descriptor */
wolfSSL	1:e27310ce7654	1015	WOLFSSL_BIO* prev; /* previous in chain */
wolfSSL	1:e27310ce7654	1016	WOLFSSL_BIO* next; /* next in chain */
wolfSSL	1:e27310ce7654	1017	};
wolfSSL	1:e27310ce7654	1018
wolfSSL	1:e27310ce7654	1019
wolfSSL	1:e27310ce7654	1020	/* wolfSSL method type */
wolfSSL	1:e27310ce7654	1021	struct WOLFSSL_METHOD {
wolfSSL	1:e27310ce7654	1022	ProtocolVersion version;
wolfSSL	1:e27310ce7654	1023	byte side; /* connection side, server or client */
wolfSSL	1:e27310ce7654	1024	byte downgrade; /* whether to downgrade version, default no */
wolfSSL	1:e27310ce7654	1025	};
wolfSSL	1:e27310ce7654	1026
wolfSSL	1:e27310ce7654	1027
wolfSSL	1:e27310ce7654	1028	/* defautls to client */
wolfSSL	1:e27310ce7654	1029	WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL	1:e27310ce7654	1030
wolfSSL	1:e27310ce7654	1031	/* for sniffer */
wolfSSL	1:e27310ce7654	1032	WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	1:e27310ce7654	1033	word32 size, word32 totalSz, int sniff);
wolfSSL	1:e27310ce7654	1034	WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL	1:e27310ce7654	1035
wolfSSL	1:e27310ce7654	1036
wolfSSL	1:e27310ce7654	1037	/* wolfSSL buffer type */
wolfSSL	1:e27310ce7654	1038	typedef struct buffer {
wolfSSL	1:e27310ce7654	1039	byte* buffer;
wolfSSL	1:e27310ce7654	1040	word32 length;
wolfSSL	1:e27310ce7654	1041	} buffer;
wolfSSL	1:e27310ce7654	1042
wolfSSL	1:e27310ce7654	1043
wolfSSL	1:e27310ce7654	1044	enum {
wolfSSL	1:e27310ce7654	1045	FORCED_FREE = 1,
wolfSSL	1:e27310ce7654	1046	NO_FORCED_FREE = 0
wolfSSL	1:e27310ce7654	1047	};
wolfSSL	1:e27310ce7654	1048
wolfSSL	1:e27310ce7654	1049
wolfSSL	1:e27310ce7654	1050	/* only use compression extra if using compression */
wolfSSL	1:e27310ce7654	1051	#ifdef HAVE_LIBZ
wolfSSL	1:e27310ce7654	1052	#define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL	1:e27310ce7654	1053	#else
wolfSSL	1:e27310ce7654	1054	#define COMP_EXTRA 0
wolfSSL	1:e27310ce7654	1055	#endif
wolfSSL	1:e27310ce7654	1056
wolfSSL	1:e27310ce7654	1057	/* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL	1:e27310ce7654	1058	#ifdef WOLFSSL_SNIFFER
wolfSSL	1:e27310ce7654	1059	#define MTU_EXTRA MAX_MTU * 3
wolfSSL	1:e27310ce7654	1060	#else
wolfSSL	1:e27310ce7654	1061	#define MTU_EXTRA 0
wolfSSL	1:e27310ce7654	1062	#endif
wolfSSL	1:e27310ce7654	1063
wolfSSL	1:e27310ce7654	1064
wolfSSL	1:e27310ce7654	1065	/* embedded callbacks require large static buffers, make sure on */
wolfSSL	1:e27310ce7654	1066	#ifdef WOLFSSL_CALLBACKS
wolfSSL	1:e27310ce7654	1067	#undef LARGE_STATIC_BUFFERS
wolfSSL	1:e27310ce7654	1068	#define LARGE_STATIC_BUFFERS
wolfSSL	1:e27310ce7654	1069	#endif
wolfSSL	1:e27310ce7654	1070
wolfSSL	1:e27310ce7654	1071
wolfSSL	1:e27310ce7654	1072	/* give user option to use 16K static buffers */
wolfSSL	1:e27310ce7654	1073	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	1:e27310ce7654	1074	#define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	1:e27310ce7654	1075	#else
wolfSSL	1:e27310ce7654	1076	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	1077	#define RECORD_SIZE MAX_MTU
wolfSSL	1:e27310ce7654	1078	#else
wolfSSL	1:e27310ce7654	1079	#define RECORD_SIZE 128
wolfSSL	1:e27310ce7654	1080	#endif
wolfSSL	1:e27310ce7654	1081	#endif
wolfSSL	1:e27310ce7654	1082
wolfSSL	1:e27310ce7654	1083
wolfSSL	1:e27310ce7654	1084	/* user option to turn off 16K output option */
wolfSSL	1:e27310ce7654	1085	/* if using small static buffers (default) and SSL_write tries to write data
wolfSSL	1:e27310ce7654	1086	larger than the record we have, dynamically get it, unless user says only
wolfSSL	1:e27310ce7654	1087	write in static buffer chuncks */
wolfSSL	1:e27310ce7654	1088	#ifndef STATIC_CHUNKS_ONLY
wolfSSL	1:e27310ce7654	1089	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL	1:e27310ce7654	1090	#else
wolfSSL	1:e27310ce7654	1091	#define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL	1:e27310ce7654	1092	#endif
wolfSSL	1:e27310ce7654	1093
wolfSSL	1:e27310ce7654	1094	/* wolfSSL input buffer
wolfSSL	1:e27310ce7654	1095
wolfSSL	1:e27310ce7654	1096	RFC 2246:
wolfSSL	1:e27310ce7654	1097
wolfSSL	1:e27310ce7654	1098	length
wolfSSL	1:e27310ce7654	1099	The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL	1:e27310ce7654	1100	The length should not exceed 2^14.
wolfSSL	1:e27310ce7654	1101	*/
wolfSSL	1:e27310ce7654	1102	#if defined(LARGE_STATIC_BUFFERS)
wolfSSL	1:e27310ce7654	1103	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL	1:e27310ce7654	1104	MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL	1:e27310ce7654	1105	#else
wolfSSL	1:e27310ce7654	1106	/* don't fragment memory from the record header */
wolfSSL	1:e27310ce7654	1107	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL	1:e27310ce7654	1108	#endif
wolfSSL	1:e27310ce7654	1109
wolfSSL	1:e27310ce7654	1110	typedef struct {
wolfSSL	1:e27310ce7654	1111	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL	1:e27310ce7654	1112	byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL	1:e27310ce7654	1113	word32 length; /* total buffer length used */
wolfSSL	1:e27310ce7654	1114	word32 idx; /* idx to part of length already consumed */
wolfSSL	1:e27310ce7654	1115	word32 bufferSize; /* current buffer size */
wolfSSL	1:e27310ce7654	1116	byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL	1:e27310ce7654	1117	byte offset; /* alignment offset attempt */
wolfSSL	1:e27310ce7654	1118	} bufferStatic;
wolfSSL	1:e27310ce7654	1119
wolfSSL	1:e27310ce7654	1120	/* Cipher Suites holder */
wolfSSL	1:e27310ce7654	1121	typedef struct Suites {
wolfSSL	1:e27310ce7654	1122	word16 suiteSz; /* suite length in bytes */
wolfSSL	1:e27310ce7654	1123	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL	1:e27310ce7654	1124	byte suites[MAX_SUITE_SZ];
wolfSSL	1:e27310ce7654	1125	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
wolfSSL	1:e27310ce7654	1126	byte setSuites; /* user set suites from default */
wolfSSL	1:e27310ce7654	1127	byte hashAlgo; /* selected hash algorithm */
wolfSSL	1:e27310ce7654	1128	byte sigAlgo; /* selected sig algorithm */
wolfSSL	1:e27310ce7654	1129	} Suites;
wolfSSL	1:e27310ce7654	1130
wolfSSL	1:e27310ce7654	1131
wolfSSL	1:e27310ce7654	1132	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1133	void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
wolfSSL	1:e27310ce7654	1134	word16, word16, int);
wolfSSL	1:e27310ce7654	1135	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1136	int SetCipherList(Suites, const char list);
wolfSSL	1:e27310ce7654	1137
wolfSSL	1:e27310ce7654	1138	#ifndef PSK_TYPES_DEFINED
wolfSSL	1:e27310ce7654	1139	typedef unsigned int (psk_client_callback)(WOLFSSL, const char, char,
wolfSSL	1:e27310ce7654	1140	unsigned int, unsigned char*, unsigned int);
wolfSSL	1:e27310ce7654	1141	typedef unsigned int (psk_server_callback)(WOLFSSL, const char*,
wolfSSL	1:e27310ce7654	1142	unsigned char*, unsigned int);
wolfSSL	1:e27310ce7654	1143	#endif /* PSK_TYPES_DEFINED */
wolfSSL	1:e27310ce7654	1144
wolfSSL	1:e27310ce7654	1145
wolfSSL	1:e27310ce7654	1146	#ifdef HAVE_NETX
wolfSSL	1:e27310ce7654	1147	WOLFSSL_LOCAL int NetX_Receive(WOLFSSL ssl, char buf, int sz, void *ctx);
wolfSSL	1:e27310ce7654	1148	WOLFSSL_LOCAL int NetX_Send(WOLFSSL ssl, char buf, int sz, void *ctx);
wolfSSL	1:e27310ce7654	1149	#endif /* HAVE_NETX */
wolfSSL	1:e27310ce7654	1150
wolfSSL	1:e27310ce7654	1151
wolfSSL	1:e27310ce7654	1152	/* wolfSSL Cipher type just points back to SSL */
wolfSSL	1:e27310ce7654	1153	struct WOLFSSL_CIPHER {
wolfSSL	1:e27310ce7654	1154	WOLFSSL* ssl;
wolfSSL	1:e27310ce7654	1155	};
wolfSSL	1:e27310ce7654	1156
wolfSSL	1:e27310ce7654	1157
wolfSSL	1:e27310ce7654	1158	typedef struct OCSP_Entry OCSP_Entry;
wolfSSL	1:e27310ce7654	1159
wolfSSL	1:e27310ce7654	1160	#ifdef NO_SHA
wolfSSL	1:e27310ce7654	1161	#define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	1:e27310ce7654	1162	#else
wolfSSL	1:e27310ce7654	1163	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	1:e27310ce7654	1164	#endif
wolfSSL	1:e27310ce7654	1165
wolfSSL	1:e27310ce7654	1166	#ifdef NO_ASN
wolfSSL	1:e27310ce7654	1167	/* no_asn won't have */
wolfSSL	1:e27310ce7654	1168	typedef struct CertStatus CertStatus;
wolfSSL	1:e27310ce7654	1169	#endif
wolfSSL	1:e27310ce7654	1170
wolfSSL	1:e27310ce7654	1171	struct OCSP_Entry {
wolfSSL	1:e27310ce7654	1172	OCSP_Entry* next; /* next entry */
wolfSSL	1:e27310ce7654	1173	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL	1:e27310ce7654	1174	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL	1:e27310ce7654	1175	CertStatus* status; /* OCSP response list */
wolfSSL	1:e27310ce7654	1176	int totalStatus; /* number on list */
wolfSSL	1:e27310ce7654	1177	};
wolfSSL	1:e27310ce7654	1178
wolfSSL	1:e27310ce7654	1179
wolfSSL	1:e27310ce7654	1180	#ifndef HAVE_OCSP
wolfSSL	1:e27310ce7654	1181	typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL	1:e27310ce7654	1182	#endif
wolfSSL	1:e27310ce7654	1183
wolfSSL	1:e27310ce7654	1184	/* wolfSSL OCSP controller */
wolfSSL	1:e27310ce7654	1185	struct WOLFSSL_OCSP {
wolfSSL	1:e27310ce7654	1186	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	1:e27310ce7654	1187	OCSP_Entry* ocspList; /* OCSP response list */
wolfSSL	1:e27310ce7654	1188	wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL	1:e27310ce7654	1189	};
wolfSSL	1:e27310ce7654	1190
wolfSSL	1:e27310ce7654	1191	#ifndef MAX_DATE_SIZE
wolfSSL	1:e27310ce7654	1192	#define MAX_DATE_SIZE 32
wolfSSL	1:e27310ce7654	1193	#endif
wolfSSL	1:e27310ce7654	1194
wolfSSL	1:e27310ce7654	1195	typedef struct CRL_Entry CRL_Entry;
wolfSSL	1:e27310ce7654	1196
wolfSSL	1:e27310ce7654	1197	#ifdef NO_SHA
wolfSSL	1:e27310ce7654	1198	#define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	1:e27310ce7654	1199	#else
wolfSSL	1:e27310ce7654	1200	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL	1:e27310ce7654	1201	#endif
wolfSSL	1:e27310ce7654	1202
wolfSSL	1:e27310ce7654	1203	#ifdef NO_ASN
wolfSSL	1:e27310ce7654	1204	typedef struct RevokedCert RevokedCert;
wolfSSL	1:e27310ce7654	1205	#endif
wolfSSL	1:e27310ce7654	1206
wolfSSL	1:e27310ce7654	1207	/* Complete CRL */
wolfSSL	1:e27310ce7654	1208	struct CRL_Entry {
wolfSSL	1:e27310ce7654	1209	CRL_Entry* next; /* next entry */
wolfSSL	1:e27310ce7654	1210	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL	1:e27310ce7654	1211	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL	1:e27310ce7654	1212	/* restore the hash here if needed for optimized comparisons */
wolfSSL	1:e27310ce7654	1213	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL	1:e27310ce7654	1214	byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL	1:e27310ce7654	1215	byte lastDateFormat; /* last date format */
wolfSSL	1:e27310ce7654	1216	byte nextDateFormat; /* next date format */
wolfSSL	1:e27310ce7654	1217	RevokedCert* certs; /* revoked cert list */
wolfSSL	1:e27310ce7654	1218	int totalCerts; /* number on list */
wolfSSL	1:e27310ce7654	1219	};
wolfSSL	1:e27310ce7654	1220
wolfSSL	1:e27310ce7654	1221
wolfSSL	1:e27310ce7654	1222	typedef struct CRL_Monitor CRL_Monitor;
wolfSSL	1:e27310ce7654	1223
wolfSSL	1:e27310ce7654	1224	/* CRL directory monitor */
wolfSSL	1:e27310ce7654	1225	struct CRL_Monitor {
wolfSSL	1:e27310ce7654	1226	char* path; /* full dir path, if valid pointer we're using */
wolfSSL	1:e27310ce7654	1227	int type; /* PEM or ASN1 type */
wolfSSL	1:e27310ce7654	1228	};
wolfSSL	1:e27310ce7654	1229
wolfSSL	1:e27310ce7654	1230
wolfSSL	1:e27310ce7654	1231	#ifndef HAVE_CRL
wolfSSL	1:e27310ce7654	1232	typedef struct WOLFSSL_CRL WOLFSSL_CRL;
wolfSSL	1:e27310ce7654	1233	#endif
wolfSSL	1:e27310ce7654	1234
wolfSSL	1:e27310ce7654	1235	/* wolfSSL CRL controller */
wolfSSL	1:e27310ce7654	1236	struct WOLFSSL_CRL {
wolfSSL	1:e27310ce7654	1237	WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL	1:e27310ce7654	1238	CRL_Entry* crlList; /* our CRL list */
wolfSSL	1:e27310ce7654	1239	wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL	1:e27310ce7654	1240	CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL	1:e27310ce7654	1241	#ifdef HAVE_CRL_MONITOR
wolfSSL	1:e27310ce7654	1242	pthread_t tid; /* monitoring thread */
wolfSSL	1:e27310ce7654	1243	int mfd; /* monitor fd, -1 if no init yet */
wolfSSL	1:e27310ce7654	1244	#endif
wolfSSL	1:e27310ce7654	1245	};
wolfSSL	1:e27310ce7654	1246
wolfSSL	1:e27310ce7654	1247
wolfSSL	1:e27310ce7654	1248	#ifdef NO_ASN
wolfSSL	1:e27310ce7654	1249	typedef struct Signer Signer;
wolfSSL	1:e27310ce7654	1250	#endif
wolfSSL	1:e27310ce7654	1251
wolfSSL	1:e27310ce7654	1252
wolfSSL	1:e27310ce7654	1253	#ifndef CA_TABLE_SIZE
wolfSSL	1:e27310ce7654	1254	#define CA_TABLE_SIZE 11
wolfSSL	1:e27310ce7654	1255	#endif
wolfSSL	0:d92f9d21154c	1256
wolfSSL	1:e27310ce7654	1257	/* wolfSSL Certificate Manager */
wolfSSL	1:e27310ce7654	1258	struct WOLFSSL_CERT_MANAGER {
wolfSSL	1:e27310ce7654	1259	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL	1:e27310ce7654	1260	void* heap; /* heap helper */
wolfSSL	1:e27310ce7654	1261	WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL	1:e27310ce7654	1262	WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL	1:e27310ce7654	1263	char* ocspOverrideURL; /* use this responder */
wolfSSL	1:e27310ce7654	1264	void* ocspIOCtx; /* I/O callback CTX */
wolfSSL	1:e27310ce7654	1265	CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL	1:e27310ce7654	1266	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL	1:e27310ce7654	1267	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL	1:e27310ce7654	1268	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL	1:e27310ce7654	1269	wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL	1:e27310ce7654	1270	byte crlEnabled; /* is CRL on ? */
wolfSSL	1:e27310ce7654	1271	byte crlCheckAll; /* always leaf, but all ? */
wolfSSL	1:e27310ce7654	1272	byte ocspEnabled; /* is OCSP on ? */
wolfSSL	1:e27310ce7654	1273	byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL	1:e27310ce7654	1274	byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL	1:e27310ce7654	1275	byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL	1:e27310ce7654	1276	};
wolfSSL	1:e27310ce7654	1277
wolfSSL	1:e27310ce7654	1278	WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	1:e27310ce7654	1279	WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER, const char);
wolfSSL	1:e27310ce7654	1280	WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER, void, int, int*);
wolfSSL	1:e27310ce7654	1281	WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER, const void, int);
wolfSSL	1:e27310ce7654	1282	WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL	1:e27310ce7654	1283
wolfSSL	1:e27310ce7654	1284	/* wolfSSL Sock Addr */
wolfSSL	1:e27310ce7654	1285	struct WOLFSSL_SOCKADDR {
wolfSSL	1:e27310ce7654	1286	unsigned int sz; /* sockaddr size */
wolfSSL	1:e27310ce7654	1287	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL	1:e27310ce7654	1288	};
wolfSSL	1:e27310ce7654	1289
wolfSSL	1:e27310ce7654	1290	typedef struct WOLFSSL_DTLS_CTX {
wolfSSL	1:e27310ce7654	1291	WOLFSSL_SOCKADDR peer;
wolfSSL	1:e27310ce7654	1292	int fd;
wolfSSL	1:e27310ce7654	1293	} WOLFSSL_DTLS_CTX;
wolfSSL	1:e27310ce7654	1294
wolfSSL	1:e27310ce7654	1295
wolfSSL	1:e27310ce7654	1296	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	1297
wolfSSL	1:e27310ce7654	1298	#ifdef WORD64_AVAILABLE
wolfSSL	1:e27310ce7654	1299	typedef word64 DtlsSeq;
wolfSSL	1:e27310ce7654	1300	#else
wolfSSL	1:e27310ce7654	1301	typedef word32 DtlsSeq;
wolfSSL	1:e27310ce7654	1302	#endif
wolfSSL	1:e27310ce7654	1303	#define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
wolfSSL	1:e27310ce7654	1304
wolfSSL	1:e27310ce7654	1305	typedef struct DtlsState {
wolfSSL	1:e27310ce7654	1306	DtlsSeq window; /* Sliding window for current epoch */
wolfSSL	1:e27310ce7654	1307	word16 nextEpoch; /* Expected epoch in next record */
wolfSSL	1:e27310ce7654	1308	word32 nextSeq; /* Expected sequence in next record */
wolfSSL	1:e27310ce7654	1309
wolfSSL	1:e27310ce7654	1310	word16 curEpoch; /* Received epoch in current record */
wolfSSL	1:e27310ce7654	1311	word32 curSeq; /* Received sequence in current record */
wolfSSL	1:e27310ce7654	1312
wolfSSL	1:e27310ce7654	1313	DtlsSeq prevWindow; /* Sliding window for old epoch */
wolfSSL	1:e27310ce7654	1314	word32 prevSeq; /* Next sequence in allowed old epoch */
wolfSSL	1:e27310ce7654	1315	} DtlsState;
wolfSSL	1:e27310ce7654	1316
wolfSSL	1:e27310ce7654	1317	#endif /* WOLFSSL_DTLS */
wolfSSL	1:e27310ce7654	1318
wolfSSL	1:e27310ce7654	1319
wolfSSL	1:e27310ce7654	1320	/* keys and secrets */
wolfSSL	1:e27310ce7654	1321	typedef struct Keys {
wolfSSL	1:e27310ce7654	1322	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL	1:e27310ce7654	1323	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
wolfSSL	1:e27310ce7654	1324	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
wolfSSL	1:e27310ce7654	1325	byte server_write_key[AES_256_KEY_SIZE];
wolfSSL	1:e27310ce7654	1326	byte client_write_IV[AES_IV_SIZE]; /* max sizes */
wolfSSL	1:e27310ce7654	1327	byte server_write_IV[AES_IV_SIZE];
wolfSSL	1:e27310ce7654	1328	#ifdef HAVE_AEAD
wolfSSL	1:e27310ce7654	1329	byte aead_exp_IV[AEAD_EXP_IV_SZ];
wolfSSL	1:e27310ce7654	1330	byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
wolfSSL	1:e27310ce7654	1331	byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
wolfSSL	1:e27310ce7654	1332	#endif
wolfSSL	1:e27310ce7654	1333
wolfSSL	1:e27310ce7654	1334	word32 peer_sequence_number;
wolfSSL	1:e27310ce7654	1335	word32 sequence_number;
wolfSSL	1:e27310ce7654	1336
wolfSSL	1:e27310ce7654	1337	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	1338	DtlsState dtls_state; /* Peer's state */
wolfSSL	1:e27310ce7654	1339	word16 dtls_peer_handshake_number;
wolfSSL	1:e27310ce7654	1340	word16 dtls_expected_peer_handshake_number;
wolfSSL	1:e27310ce7654	1341
wolfSSL	1:e27310ce7654	1342	word16 dtls_epoch; /* Current tx epoch */
wolfSSL	1:e27310ce7654	1343	word32 dtls_sequence_number; /* Current tx sequence */
wolfSSL	1:e27310ce7654	1344	word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL	1:e27310ce7654	1345	#endif
wolfSSL	1:e27310ce7654	1346
wolfSSL	1:e27310ce7654	1347	word32 encryptSz; /* last size of encrypted data */
wolfSSL	1:e27310ce7654	1348	word32 padSz; /* how much to advance after decrypt part */
wolfSSL	1:e27310ce7654	1349	byte encryptionOn; /* true after change cipher spec */
wolfSSL	1:e27310ce7654	1350	byte decryptedCur; /* only decrypt current record once */
wolfSSL	1:e27310ce7654	1351	} Keys;
wolfSSL	1:e27310ce7654	1352
wolfSSL	1:e27310ce7654	1353
wolfSSL	1:e27310ce7654	1354
wolfSSL	1:e27310ce7654	1355	/* RFC 6066 TLS Extensions */
wolfSSL	1:e27310ce7654	1356	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	1:e27310ce7654	1357
wolfSSL	1:e27310ce7654	1358	typedef enum {
wolfSSL	1:e27310ce7654	1359	SERVER_NAME_INDICATION = 0x0000,
wolfSSL	1:e27310ce7654	1360	MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL	1:e27310ce7654	1361	TRUNCATED_HMAC = 0x0004,
wolfSSL	1:e27310ce7654	1362	ELLIPTIC_CURVES = 0x000a,
wolfSSL	1:e27310ce7654	1363	SESSION_TICKET = 0x0023,
wolfSSL	1:e27310ce7654	1364	SECURE_RENEGOTIATION = 0xff01
wolfSSL	1:e27310ce7654	1365	} TLSX_Type;
wolfSSL	1:e27310ce7654	1366
wolfSSL	1:e27310ce7654	1367	typedef struct TLSX {
wolfSSL	1:e27310ce7654	1368	TLSX_Type type; /* Extension Type */
wolfSSL	1:e27310ce7654	1369	void* data; /* Extension Data */
wolfSSL	1:e27310ce7654	1370	byte resp; /* IsResponse Flag */
wolfSSL	1:e27310ce7654	1371	struct TLSX* next; /* List Behavior */
wolfSSL	1:e27310ce7654	1372	} TLSX;
wolfSSL	1:e27310ce7654	1373
wolfSSL	1:e27310ce7654	1374	WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL	1:e27310ce7654	1375	WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list);
wolfSSL	1:e27310ce7654	1376	WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	1377
wolfSSL	1:e27310ce7654	1378	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	1:e27310ce7654	1379	WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	1380	WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
wolfSSL	1:e27310ce7654	1381	#endif
wolfSSL	1:e27310ce7654	1382
wolfSSL	1:e27310ce7654	1383	#ifndef NO_WOLFSSL_SERVER
wolfSSL	1:e27310ce7654	1384	WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	1385	WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
wolfSSL	1:e27310ce7654	1386	#endif
wolfSSL	1:e27310ce7654	1387
wolfSSL	1:e27310ce7654	1388	WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL	1:e27310ce7654	1389	byte isRequest, Suites *suites);
wolfSSL	1:e27310ce7654	1390
wolfSSL	1:e27310ce7654	1391	#elif defined(HAVE_SNI) \
wolfSSL	1:e27310ce7654	1392	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	1:e27310ce7654	1393	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	1:e27310ce7654	1394	\|\| defined(HAVE_SUPPORTED_CURVES) \
wolfSSL	1:e27310ce7654	1395	\|\| defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL	1:e27310ce7654	1396	\|\| defined(HAVE_SESSION_TICKET)
wolfSSL	1:e27310ce7654	1397
wolfSSL	1:e27310ce7654	1398	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL	1:e27310ce7654	1399
wolfSSL	1:e27310ce7654	1400	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	1:e27310ce7654	1401
wolfSSL	1:e27310ce7654	1402	/* Server Name Indication */
wolfSSL	1:e27310ce7654	1403	#ifdef HAVE_SNI
wolfSSL	1:e27310ce7654	1404
wolfSSL	1:e27310ce7654	1405	typedef struct SNI {
wolfSSL	1:e27310ce7654	1406	byte type; /* SNI Type */
wolfSSL	1:e27310ce7654	1407	union { char* host_name; } data; /* SNI Data */
wolfSSL	1:e27310ce7654	1408	struct SNI* next; /* List Behavior */
wolfSSL	1:e27310ce7654	1409	#ifndef NO_WOLFSSL_SERVER
wolfSSL	1:e27310ce7654	1410	byte options; /* Behaviour options */
wolfSSL	1:e27310ce7654	1411	byte status; /* Matching result */
wolfSSL	1:e27310ce7654	1412	#endif
wolfSSL	1:e27310ce7654	1413	} SNI;
wolfSSL	1:e27310ce7654	1414
wolfSSL	1:e27310ce7654	1415	WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL	1:e27310ce7654	1416	word16 size);
wolfSSL	1:e27310ce7654	1417
wolfSSL	1:e27310ce7654	1418	#ifndef NO_WOLFSSL_SERVER
wolfSSL	1:e27310ce7654	1419	WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL	1:e27310ce7654	1420	byte options);
wolfSSL	1:e27310ce7654	1421	WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL	1:e27310ce7654	1422	WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL	1:e27310ce7654	1423	void** data);
wolfSSL	1:e27310ce7654	1424	WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL	1:e27310ce7654	1425	byte type, byte* sni, word32* inOutSz);
wolfSSL	1:e27310ce7654	1426	#endif
wolfSSL	1:e27310ce7654	1427
wolfSSL	1:e27310ce7654	1428	#endif /* HAVE_SNI */
wolfSSL	1:e27310ce7654	1429
wolfSSL	1:e27310ce7654	1430	/* Maximum Fragment Length */
wolfSSL	1:e27310ce7654	1431	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	1:e27310ce7654	1432
wolfSSL	1:e27310ce7654	1433	WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
wolfSSL	1:e27310ce7654	1434
wolfSSL	1:e27310ce7654	1435	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	1:e27310ce7654	1436
wolfSSL	1:e27310ce7654	1437	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	1:e27310ce7654	1438
wolfSSL	1:e27310ce7654	1439	WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
wolfSSL	1:e27310ce7654	1440
wolfSSL	1:e27310ce7654	1441	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	1:e27310ce7654	1442
wolfSSL	1:e27310ce7654	1443	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	1:e27310ce7654	1444
wolfSSL	1:e27310ce7654	1445	typedef struct EllipticCurve {
wolfSSL	1:e27310ce7654	1446	word16 name; /* CurveNames */
wolfSSL	1:e27310ce7654	1447	struct EllipticCurve* next; /* List Behavior */
wolfSSL	1:e27310ce7654	1448	} EllipticCurve;
wolfSSL	1:e27310ce7654	1449
wolfSSL	1:e27310ce7654	1450	WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
wolfSSL	1:e27310ce7654	1451
wolfSSL	1:e27310ce7654	1452	#ifndef NO_WOLFSSL_SERVER
wolfSSL	1:e27310ce7654	1453	WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
wolfSSL	1:e27310ce7654	1454	byte second);
wolfSSL	1:e27310ce7654	1455	#endif
wolfSSL	1:e27310ce7654	1456
wolfSSL	1:e27310ce7654	1457	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	1:e27310ce7654	1458
wolfSSL	1:e27310ce7654	1459	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	1:e27310ce7654	1460
wolfSSL	1:e27310ce7654	1461	enum key_cache_state {
wolfSSL	1:e27310ce7654	1462	SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL	1:e27310ce7654	1463	SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL	1:e27310ce7654	1464	SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL	1:e27310ce7654	1465	SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL	1:e27310ce7654	1466	SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL	1:e27310ce7654	1467	};
wolfSSL	1:e27310ce7654	1468
wolfSSL	1:e27310ce7654	1469
wolfSSL	1:e27310ce7654	1470	/* Additional Conection State according to rfc5746 section 3.1 */
wolfSSL	1:e27310ce7654	1471	typedef struct SecureRenegotiation {
wolfSSL	1:e27310ce7654	1472	byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL	1:e27310ce7654	1473	byte startScr; /* server requested client to start scr */
wolfSSL	1:e27310ce7654	1474	enum key_cache_state cache_status; /* track key cache state */
wolfSSL	1:e27310ce7654	1475	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	1:e27310ce7654	1476	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL	1:e27310ce7654	1477	byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
wolfSSL	1:e27310ce7654	1478	Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL	1:e27310ce7654	1479	} SecureRenegotiation;
wolfSSL	1:e27310ce7654	1480
wolfSSL	1:e27310ce7654	1481	WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
wolfSSL	1:e27310ce7654	1482
wolfSSL	1:e27310ce7654	1483	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	1:e27310ce7654	1484
wolfSSL	1:e27310ce7654	1485	#ifdef HAVE_SESSION_TICKET
wolfSSL	1:e27310ce7654	1486
wolfSSL	1:e27310ce7654	1487	typedef struct SessionTicket {
wolfSSL	1:e27310ce7654	1488	word32 lifetime;
wolfSSL	1:e27310ce7654	1489	byte* data;
wolfSSL	1:e27310ce7654	1490	word16 size;
wolfSSL	1:e27310ce7654	1491	} SessionTicket;
wolfSSL	1:e27310ce7654	1492
wolfSSL	1:e27310ce7654	1493	WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL	1:e27310ce7654	1494	SessionTicket* ticket);
wolfSSL	1:e27310ce7654	1495	WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL	1:e27310ce7654	1496	byte* data, word16 size);
wolfSSL	1:e27310ce7654	1497	WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
wolfSSL	1:e27310ce7654	1498	#endif /* HAVE_SESSION_TICKET */
wolfSSL	1:e27310ce7654	1499
wolfSSL	1:e27310ce7654	1500	/* wolfSSL context type */
wolfSSL	1:e27310ce7654	1501	struct WOLFSSL_CTX {
wolfSSL	1:e27310ce7654	1502	WOLFSSL_METHOD* method;
wolfSSL	1:e27310ce7654	1503	wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL	1:e27310ce7654	1504	int refCount; /* reference count */
wolfSSL	1:e27310ce7654	1505	#ifndef NO_DH
wolfSSL	1:e27310ce7654	1506	buffer serverDH_P;
wolfSSL	1:e27310ce7654	1507	buffer serverDH_G;
wolfSSL	1:e27310ce7654	1508	#endif
wolfSSL	1:e27310ce7654	1509	#ifndef NO_CERTS
wolfSSL	1:e27310ce7654	1510	buffer certificate;
wolfSSL	1:e27310ce7654	1511	buffer certChain;
wolfSSL	1:e27310ce7654	1512	/* chain after self, in DER, with leading size for each cert */
wolfSSL	1:e27310ce7654	1513	buffer privateKey;
wolfSSL	1:e27310ce7654	1514	WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL	1:e27310ce7654	1515	#endif
wolfSSL	1:e27310ce7654	1516	Suites* suites; /* make dynamic, user may not need/set */
wolfSSL	1:e27310ce7654	1517	void* heap; /* for user memory overrides */
wolfSSL	1:e27310ce7654	1518	byte verifyPeer;
wolfSSL	1:e27310ce7654	1519	byte verifyNone;
wolfSSL	1:e27310ce7654	1520	byte failNoCert;
wolfSSL	1:e27310ce7654	1521	byte sessionCacheOff;
wolfSSL	1:e27310ce7654	1522	byte sessionCacheFlushOff;
wolfSSL	1:e27310ce7654	1523	byte sendVerify; /* for client side */
wolfSSL	1:e27310ce7654	1524	byte haveRSA; /* RSA available */
wolfSSL	1:e27310ce7654	1525	byte haveDH; /* server DH parms set by user */
wolfSSL	1:e27310ce7654	1526	byte haveNTRU; /* server private NTRU key loaded */
wolfSSL	1:e27310ce7654	1527	byte haveECDSAsig; /* server cert signed w/ ECDSA */
wolfSSL	1:e27310ce7654	1528	byte haveStaticECC; /* static server ECC private key */
wolfSSL	1:e27310ce7654	1529	byte partialWrite; /* only one msg per write call */
wolfSSL	1:e27310ce7654	1530	byte quietShutdown; /* don't send close notify */
wolfSSL	1:e27310ce7654	1531	byte groupMessages; /* group handshake messages before sending */
wolfSSL	1:e27310ce7654	1532	byte minDowngrade; /* minimum downgrade version */
wolfSSL	1:e27310ce7654	1533	#ifndef NO_DH
wolfSSL	1:e27310ce7654	1534	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	1:e27310ce7654	1535	#endif
wolfSSL	1:e27310ce7654	1536	CallbackIORecv CBIORecv;
wolfSSL	1:e27310ce7654	1537	CallbackIOSend CBIOSend;
wolfSSL	1:e27310ce7654	1538	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	1539	CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL	1:e27310ce7654	1540	#endif
wolfSSL	1:e27310ce7654	1541	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	1:e27310ce7654	1542	word32 timeout; /* session timeout */
wolfSSL	1:e27310ce7654	1543	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	1544	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	1:e27310ce7654	1545	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	1:e27310ce7654	1546	#endif
wolfSSL	1:e27310ce7654	1547	#ifndef NO_PSK
wolfSSL	1:e27310ce7654	1548	byte havePSK; /* psk key set by user */
wolfSSL	1:e27310ce7654	1549	psk_client_callback client_psk_cb; /* client callback */
wolfSSL	1:e27310ce7654	1550	psk_server_callback server_psk_cb; /* server callback */
wolfSSL	1:e27310ce7654	1551	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	1:e27310ce7654	1552	#endif /* NO_PSK */
wolfSSL	1:e27310ce7654	1553	#ifdef HAVE_ANON
wolfSSL	1:e27310ce7654	1554	byte haveAnon; /* User wants to allow Anon suites */
wolfSSL	1:e27310ce7654	1555	#endif /* HAVE_ANON */
wolfSSL	1:e27310ce7654	1556	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	1:e27310ce7654	1557	pem_password_cb passwd_cb;
wolfSSL	1:e27310ce7654	1558	void* userdata;
wolfSSL	1:e27310ce7654	1559	#endif /* OPENSSL_EXTRA */
wolfSSL	1:e27310ce7654	1560	#ifdef HAVE_OCSP
wolfSSL	1:e27310ce7654	1561	WOLFSSL_OCSP ocsp;
wolfSSL	1:e27310ce7654	1562	#endif
wolfSSL	1:e27310ce7654	1563	#ifdef HAVE_CAVIUM
wolfSSL	1:e27310ce7654	1564	int devId; /* cavium device id to use */
wolfSSL	1:e27310ce7654	1565	#endif
wolfSSL	1:e27310ce7654	1566	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	1:e27310ce7654	1567	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	1:e27310ce7654	1568	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER)
wolfSSL	1:e27310ce7654	1569	SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL	1:e27310ce7654	1570	void* ticketEncCtx; /* session encrypt context */
wolfSSL	1:e27310ce7654	1571	int ticketHint; /* ticket hint in seconds */
wolfSSL	1:e27310ce7654	1572	#endif
wolfSSL	1:e27310ce7654	1573	#endif
wolfSSL	1:e27310ce7654	1574	#ifdef ATOMIC_USER
wolfSSL	1:e27310ce7654	1575	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL	1:e27310ce7654	1576	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL	1:e27310ce7654	1577	#endif
wolfSSL	1:e27310ce7654	1578	#ifdef HAVE_PK_CALLBACKS
wolfSSL	1:e27310ce7654	1579	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	1580	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL	1:e27310ce7654	1581	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL	1:e27310ce7654	1582	#endif /* HAVE_ECC */
wolfSSL	1:e27310ce7654	1583	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	1584	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
wolfSSL	1:e27310ce7654	1585	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
wolfSSL	1:e27310ce7654	1586	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL	1:e27310ce7654	1587	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL	1:e27310ce7654	1588	#endif /* NO_RSA */
wolfSSL	1:e27310ce7654	1589	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	1:e27310ce7654	1590	};
wolfSSL	1:e27310ce7654	1591
wolfSSL	1:e27310ce7654	1592
wolfSSL	1:e27310ce7654	1593	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1594	int InitSSL_Ctx(WOLFSSL_CTX, WOLFSSL_METHOD);
wolfSSL	1:e27310ce7654	1595	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1596	void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL	1:e27310ce7654	1597	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1598	void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL	1:e27310ce7654	1599
wolfSSL	1:e27310ce7654	1600	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1601	int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	1602	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1603	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	1:e27310ce7654	1604	word32 inSz, word16 sz);
wolfSSL	1:e27310ce7654	1605	#ifndef NO_CERTS
wolfSSL	1:e27310ce7654	1606	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1607	int AddCA(WOLFSSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
wolfSSL	1:e27310ce7654	1608	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1609	int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL	1:e27310ce7654	1610	#endif
wolfSSL	1:e27310ce7654	1611
wolfSSL	1:e27310ce7654	1612	/* All cipher suite related info */
wolfSSL	1:e27310ce7654	1613	typedef struct CipherSpecs {
wolfSSL	1:e27310ce7654	1614	word16 key_size;
wolfSSL	1:e27310ce7654	1615	word16 iv_size;
wolfSSL	1:e27310ce7654	1616	word16 block_size;
wolfSSL	1:e27310ce7654	1617	word16 aead_mac_size;
wolfSSL	1:e27310ce7654	1618	byte bulk_cipher_algorithm;
wolfSSL	1:e27310ce7654	1619	byte cipher_type; /* block, stream, or aead */
wolfSSL	1:e27310ce7654	1620	byte mac_algorithm;
wolfSSL	1:e27310ce7654	1621	byte kea; /* key exchange algo */
wolfSSL	1:e27310ce7654	1622	byte sig_algo;
wolfSSL	1:e27310ce7654	1623	byte hash_size;
wolfSSL	1:e27310ce7654	1624	byte pad_size;
wolfSSL	1:e27310ce7654	1625	byte static_ecdh;
wolfSSL	1:e27310ce7654	1626	} CipherSpecs;
wolfSSL	1:e27310ce7654	1627
wolfSSL	1:e27310ce7654	1628
wolfSSL	1:e27310ce7654	1629	void InitCipherSpecs(CipherSpecs* cs);
wolfSSL	1:e27310ce7654	1630
wolfSSL	1:e27310ce7654	1631
wolfSSL	1:e27310ce7654	1632	/* Supported Message Authentication Codes from page 43 */
wolfSSL	1:e27310ce7654	1633	enum MACAlgorithm {
wolfSSL	1:e27310ce7654	1634	no_mac,
wolfSSL	1:e27310ce7654	1635	md5_mac,
wolfSSL	1:e27310ce7654	1636	sha_mac,
wolfSSL	1:e27310ce7654	1637	sha224_mac,
wolfSSL	1:e27310ce7654	1638	sha256_mac, /* needs to match external KDF_MacAlgorithm */
wolfSSL	1:e27310ce7654	1639	sha384_mac,
wolfSSL	1:e27310ce7654	1640	sha512_mac,
wolfSSL	1:e27310ce7654	1641	rmd_mac,
wolfSSL	1:e27310ce7654	1642	blake2b_mac
wolfSSL	1:e27310ce7654	1643	};
wolfSSL	1:e27310ce7654	1644
wolfSSL	1:e27310ce7654	1645
wolfSSL	1:e27310ce7654	1646	/* Supported Key Exchange Protocols */
wolfSSL	1:e27310ce7654	1647	enum KeyExchangeAlgorithm {
wolfSSL	1:e27310ce7654	1648	no_kea,
wolfSSL	1:e27310ce7654	1649	rsa_kea,
wolfSSL	1:e27310ce7654	1650	diffie_hellman_kea,
wolfSSL	1:e27310ce7654	1651	fortezza_kea,
wolfSSL	1:e27310ce7654	1652	psk_kea,
wolfSSL	1:e27310ce7654	1653	dhe_psk_kea,
wolfSSL	1:e27310ce7654	1654	ntru_kea,
wolfSSL	1:e27310ce7654	1655	ecc_diffie_hellman_kea,
wolfSSL	1:e27310ce7654	1656	ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL	1:e27310ce7654	1657	};
wolfSSL	1:e27310ce7654	1658
wolfSSL	1:e27310ce7654	1659
wolfSSL	1:e27310ce7654	1660	/* Supported Authentication Schemes */
wolfSSL	1:e27310ce7654	1661	enum SignatureAlgorithm {
wolfSSL	1:e27310ce7654	1662	anonymous_sa_algo,
wolfSSL	1:e27310ce7654	1663	rsa_sa_algo,
wolfSSL	1:e27310ce7654	1664	dsa_sa_algo,
wolfSSL	1:e27310ce7654	1665	ecc_dsa_sa_algo
wolfSSL	1:e27310ce7654	1666	};
wolfSSL	1:e27310ce7654	1667
wolfSSL	1:e27310ce7654	1668
wolfSSL	1:e27310ce7654	1669	/* Supprted ECC Curve Types */
wolfSSL	1:e27310ce7654	1670	enum EccCurves {
wolfSSL	1:e27310ce7654	1671	named_curve = 3
wolfSSL	1:e27310ce7654	1672	};
wolfSSL	1:e27310ce7654	1673
wolfSSL	1:e27310ce7654	1674
wolfSSL	1:e27310ce7654	1675	/* Valid client certificate request types from page 27 */
wolfSSL	1:e27310ce7654	1676	enum ClientCertificateType {
wolfSSL	1:e27310ce7654	1677	rsa_sign = 1,
wolfSSL	1:e27310ce7654	1678	dss_sign = 2,
wolfSSL	1:e27310ce7654	1679	rsa_fixed_dh = 3,
wolfSSL	1:e27310ce7654	1680	dss_fixed_dh = 4,
wolfSSL	1:e27310ce7654	1681	rsa_ephemeral_dh = 5,
wolfSSL	1:e27310ce7654	1682	dss_ephemeral_dh = 6,
wolfSSL	1:e27310ce7654	1683	fortezza_kea_cert = 20,
wolfSSL	1:e27310ce7654	1684	ecdsa_sign = 64,
wolfSSL	1:e27310ce7654	1685	rsa_fixed_ecdh = 65,
wolfSSL	1:e27310ce7654	1686	ecdsa_fixed_ecdh = 66
wolfSSL	1:e27310ce7654	1687	};
wolfSSL	1:e27310ce7654	1688
wolfSSL	1:e27310ce7654	1689
wolfSSL	1:e27310ce7654	1690	enum CipherType { stream, block, aead };
wolfSSL	1:e27310ce7654	1691
wolfSSL	1:e27310ce7654	1692
wolfSSL	1:e27310ce7654	1693
wolfSSL	1:e27310ce7654	1694
wolfSSL	1:e27310ce7654	1695
wolfSSL	1:e27310ce7654	1696
wolfSSL	1:e27310ce7654	1697	/* cipher for now */
wolfSSL	1:e27310ce7654	1698	typedef struct Ciphers {
wolfSSL	1:e27310ce7654	1699	#ifdef BUILD_ARC4
wolfSSL	1:e27310ce7654	1700	Arc4* arc4;
wolfSSL	1:e27310ce7654	1701	#endif
wolfSSL	1:e27310ce7654	1702	#ifdef BUILD_DES3
wolfSSL	1:e27310ce7654	1703	Des3* des3;
wolfSSL	1:e27310ce7654	1704	#endif
wolfSSL	1:e27310ce7654	1705	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
wolfSSL	1:e27310ce7654	1706	Aes* aes;
wolfSSL	1:e27310ce7654	1707	#endif
wolfSSL	1:e27310ce7654	1708	#ifdef HAVE_CAMELLIA
wolfSSL	1:e27310ce7654	1709	Camellia* cam;
wolfSSL	1:e27310ce7654	1710	#endif
wolfSSL	1:e27310ce7654	1711	#ifdef HAVE_CHACHA
wolfSSL	1:e27310ce7654	1712	ChaCha* chacha;
wolfSSL	1:e27310ce7654	1713	#endif
wolfSSL	1:e27310ce7654	1714	#ifdef HAVE_HC128
wolfSSL	1:e27310ce7654	1715	HC128* hc128;
wolfSSL	1:e27310ce7654	1716	#endif
wolfSSL	1:e27310ce7654	1717	#ifdef BUILD_RABBIT
wolfSSL	1:e27310ce7654	1718	Rabbit* rabbit;
wolfSSL	1:e27310ce7654	1719	#endif
wolfSSL	1:e27310ce7654	1720	byte setup; /* have we set it up flag for detection */
wolfSSL	1:e27310ce7654	1721	} Ciphers;
wolfSSL	1:e27310ce7654	1722
wolfSSL	1:e27310ce7654	1723
wolfSSL	1:e27310ce7654	1724	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	1:e27310ce7654	1725	/* Ciphers for one time authentication such as poly1305 */
wolfSSL	1:e27310ce7654	1726	typedef struct OneTimeAuth {
wolfSSL	1:e27310ce7654	1727	#ifdef HAVE_POLY1305
wolfSSL	1:e27310ce7654	1728	Poly1305* poly1305;
wolfSSL	1:e27310ce7654	1729	#endif
wolfSSL	1:e27310ce7654	1730	byte setup; /* flag for if a cipher has been set */
wolfSSL	1:e27310ce7654	1731
wolfSSL	1:e27310ce7654	1732	} OneTimeAuth;
wolfSSL	1:e27310ce7654	1733	#endif
wolfSSL	1:e27310ce7654	1734
wolfSSL	1:e27310ce7654	1735
wolfSSL	1:e27310ce7654	1736	WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	1737	WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	1738
wolfSSL	1:e27310ce7654	1739
wolfSSL	1:e27310ce7654	1740	/* hashes type */
wolfSSL	1:e27310ce7654	1741	typedef struct Hashes {
wolfSSL	1:e27310ce7654	1742	#ifndef NO_OLD_TLS
wolfSSL	1:e27310ce7654	1743	byte md5[MD5_DIGEST_SIZE];
wolfSSL	1:e27310ce7654	1744	#endif
wolfSSL	1:e27310ce7654	1745	byte sha[SHA_DIGEST_SIZE];
wolfSSL	1:e27310ce7654	1746	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	1747	byte sha256[SHA256_DIGEST_SIZE];
wolfSSL	1:e27310ce7654	1748	#endif
wolfSSL	1:e27310ce7654	1749	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	1750	byte sha384[SHA384_DIGEST_SIZE];
wolfSSL	1:e27310ce7654	1751	#endif
wolfSSL	1:e27310ce7654	1752	#ifdef WOLFSSL_SHA512
wolfSSL	1:e27310ce7654	1753	byte sha512[SHA512_DIGEST_SIZE];
wolfSSL	1:e27310ce7654	1754	#endif
wolfSSL	1:e27310ce7654	1755	} Hashes;
wolfSSL	1:e27310ce7654	1756
wolfSSL	1:e27310ce7654	1757
wolfSSL	1:e27310ce7654	1758	/* Static x509 buffer */
wolfSSL	1:e27310ce7654	1759	typedef struct x509_buffer {
wolfSSL	1:e27310ce7654	1760	int length; /* actual size */
wolfSSL	1:e27310ce7654	1761	byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL	1:e27310ce7654	1762	} x509_buffer;
wolfSSL	1:e27310ce7654	1763
wolfSSL	1:e27310ce7654	1764
wolfSSL	1:e27310ce7654	1765	/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL	1:e27310ce7654	1766	struct WOLFSSL_X509_CHAIN {
wolfSSL	1:e27310ce7654	1767	int count; /* total number in chain */
wolfSSL	1:e27310ce7654	1768	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL	1:e27310ce7654	1769	};
wolfSSL	1:e27310ce7654	1770
wolfSSL	1:e27310ce7654	1771
wolfSSL	1:e27310ce7654	1772	/* wolfSSL session type */
wolfSSL	1:e27310ce7654	1773	struct WOLFSSL_SESSION {
wolfSSL	1:e27310ce7654	1774	word32 bornOn; /* create time in seconds */
wolfSSL	1:e27310ce7654	1775	word32 timeout; /* timeout in seconds */
wolfSSL	1:e27310ce7654	1776	byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL	1:e27310ce7654	1777	byte sessionIDSz;
wolfSSL	1:e27310ce7654	1778	byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL	1:e27310ce7654	1779	#ifdef SESSION_CERTS
wolfSSL	1:e27310ce7654	1780	WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL	1:e27310ce7654	1781	ProtocolVersion version; /* which version was used */
wolfSSL	1:e27310ce7654	1782	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	1:e27310ce7654	1783	byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL	1:e27310ce7654	1784	#endif
wolfSSL	1:e27310ce7654	1785	#ifndef NO_CLIENT_CACHE
wolfSSL	1:e27310ce7654	1786	word16 idLen; /* serverID length */
wolfSSL	1:e27310ce7654	1787	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL	1:e27310ce7654	1788	#endif
wolfSSL	1:e27310ce7654	1789	#ifdef HAVE_SESSION_TICKET
wolfSSL	1:e27310ce7654	1790	word16 ticketLen;
wolfSSL	1:e27310ce7654	1791	byte ticket[SESSION_TICKET_LEN];
wolfSSL	1:e27310ce7654	1792	#endif
wolfSSL	1:e27310ce7654	1793	};
wolfSSL	1:e27310ce7654	1794
wolfSSL	1:e27310ce7654	1795
wolfSSL	1:e27310ce7654	1796	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1797	WOLFSSL_SESSION* GetSession(WOLFSSL, byte);
wolfSSL	1:e27310ce7654	1798	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	1799	int SetSession(WOLFSSL, WOLFSSL_SESSION);
wolfSSL	1:e27310ce7654	1800
wolfSSL	1:e27310ce7654	1801	typedef int (hmacfp) (WOLFSSL, byte, const byte, word32, int, int);
wolfSSL	1:e27310ce7654	1802
wolfSSL	1:e27310ce7654	1803	#ifndef NO_CLIENT_CACHE
wolfSSL	1:e27310ce7654	1804	WOLFSSL_SESSION* GetSessionClient(WOLFSSL, const byte, int);
wolfSSL	1:e27310ce7654	1805	#endif
wolfSSL	1:e27310ce7654	1806
wolfSSL	1:e27310ce7654	1807	/* client connect state for nonblocking restart */
wolfSSL	1:e27310ce7654	1808	enum ConnectState {
wolfSSL	1:e27310ce7654	1809	CONNECT_BEGIN = 0,
wolfSSL	1:e27310ce7654	1810	CLIENT_HELLO_SENT,
wolfSSL	1:e27310ce7654	1811	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL	1:e27310ce7654	1812	HELLO_AGAIN_REPLY,
wolfSSL	1:e27310ce7654	1813	FIRST_REPLY_DONE,
wolfSSL	1:e27310ce7654	1814	FIRST_REPLY_FIRST,
wolfSSL	1:e27310ce7654	1815	FIRST_REPLY_SECOND,
wolfSSL	1:e27310ce7654	1816	FIRST_REPLY_THIRD,
wolfSSL	1:e27310ce7654	1817	FIRST_REPLY_FOURTH,
wolfSSL	1:e27310ce7654	1818	FINISHED_DONE,
wolfSSL	1:e27310ce7654	1819	SECOND_REPLY_DONE
wolfSSL	1:e27310ce7654	1820	};
wolfSSL	1:e27310ce7654	1821
wolfSSL	1:e27310ce7654	1822
wolfSSL	1:e27310ce7654	1823	/* server accept state for nonblocking restart */
wolfSSL	1:e27310ce7654	1824	enum AcceptState {
wolfSSL	1:e27310ce7654	1825	ACCEPT_BEGIN = 0,
wolfSSL	1:e27310ce7654	1826	ACCEPT_CLIENT_HELLO_DONE,
wolfSSL	1:e27310ce7654	1827	HELLO_VERIFY_SENT,
wolfSSL	1:e27310ce7654	1828	ACCEPT_FIRST_REPLY_DONE,
wolfSSL	1:e27310ce7654	1829	SERVER_HELLO_SENT,
wolfSSL	1:e27310ce7654	1830	CERT_SENT,
wolfSSL	1:e27310ce7654	1831	KEY_EXCHANGE_SENT,
wolfSSL	1:e27310ce7654	1832	CERT_REQ_SENT,
wolfSSL	1:e27310ce7654	1833	SERVER_HELLO_DONE,
wolfSSL	1:e27310ce7654	1834	ACCEPT_SECOND_REPLY_DONE,
wolfSSL	1:e27310ce7654	1835	TICKET_SENT,
wolfSSL	1:e27310ce7654	1836	CHANGE_CIPHER_SENT,
wolfSSL	1:e27310ce7654	1837	ACCEPT_FINISHED_DONE,
wolfSSL	1:e27310ce7654	1838	ACCEPT_THIRD_REPLY_DONE
wolfSSL	1:e27310ce7654	1839	};
wolfSSL	1:e27310ce7654	1840
wolfSSL	1:e27310ce7654	1841
wolfSSL	1:e27310ce7654	1842	typedef struct Buffers {
wolfSSL	1:e27310ce7654	1843	bufferStatic inputBuffer;
wolfSSL	1:e27310ce7654	1844	bufferStatic outputBuffer;
wolfSSL	1:e27310ce7654	1845	buffer domainName; /* for client check */
wolfSSL	1:e27310ce7654	1846	buffer clearOutputBuffer;
wolfSSL	1:e27310ce7654	1847	int prevSent; /* previous plain text bytes sent
wolfSSL	1:e27310ce7654	1848	when got WANT_WRITE */
wolfSSL	1:e27310ce7654	1849	int plainSz; /* plain text bytes in buffer to send
wolfSSL	1:e27310ce7654	1850	when got WANT_WRITE */
wolfSSL	1:e27310ce7654	1851	byte weOwnCert; /* SSL own cert flag */
wolfSSL	1:e27310ce7654	1852	byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL	1:e27310ce7654	1853	byte weOwnKey; /* SSL own key flag */
wolfSSL	1:e27310ce7654	1854	byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL	1:e27310ce7654	1855	#ifndef NO_DH
wolfSSL	1:e27310ce7654	1856	buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	1:e27310ce7654	1857	buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	1:e27310ce7654	1858	buffer serverDH_Pub;
wolfSSL	1:e27310ce7654	1859	buffer serverDH_Priv;
wolfSSL	1:e27310ce7654	1860	#endif
wolfSSL	1:e27310ce7654	1861	#ifndef NO_CERTS
wolfSSL	1:e27310ce7654	1862	buffer certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	1:e27310ce7654	1863	buffer key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	1:e27310ce7654	1864	buffer certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL	1:e27310ce7654	1865	/* chain after self, in DER, with leading size for each cert */
wolfSSL	1:e27310ce7654	1866	#endif
wolfSSL	1:e27310ce7654	1867	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	1868	WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL	1:e27310ce7654	1869	#endif
wolfSSL	1:e27310ce7654	1870	#ifdef HAVE_PK_CALLBACKS
wolfSSL	1:e27310ce7654	1871	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	1872	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL	1:e27310ce7654	1873	#endif /* HAVE_ECC */
wolfSSL	1:e27310ce7654	1874	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	1875	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL	1:e27310ce7654	1876	#endif /* NO_RSA */
wolfSSL	1:e27310ce7654	1877	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	1:e27310ce7654	1878	} Buffers;
wolfSSL	1:e27310ce7654	1879
wolfSSL	1:e27310ce7654	1880	typedef struct Options {
wolfSSL	1:e27310ce7654	1881	#ifndef NO_PSK
wolfSSL	1:e27310ce7654	1882	psk_client_callback client_psk_cb;
wolfSSL	1:e27310ce7654	1883	psk_server_callback server_psk_cb;
wolfSSL	1:e27310ce7654	1884	word16 havePSK:1; /* psk key set by user */
wolfSSL	1:e27310ce7654	1885	#endif /* NO_PSK */
wolfSSL	1:e27310ce7654	1886
wolfSSL	1:e27310ce7654	1887	/* on/off or small bit flags, optimize layout */
wolfSSL	1:e27310ce7654	1888	word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL	1:e27310ce7654	1889	word16 sessionCacheOff:1;
wolfSSL	1:e27310ce7654	1890	word16 sessionCacheFlushOff:1;
wolfSSL	1:e27310ce7654	1891	word16 side:1; /* client or server end */
wolfSSL	1:e27310ce7654	1892	word16 verifyPeer:1;
wolfSSL	1:e27310ce7654	1893	word16 verifyNone:1;
wolfSSL	1:e27310ce7654	1894	word16 failNoCert:1;
wolfSSL	1:e27310ce7654	1895	word16 downgrade:1; /* allow downgrade of versions */
wolfSSL	1:e27310ce7654	1896	word16 resuming:1;
wolfSSL	1:e27310ce7654	1897	word16 haveSessionId:1; /* server may not send */
wolfSSL	1:e27310ce7654	1898	word16 tls:1; /* using TLS ? */
wolfSSL	1:e27310ce7654	1899	word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL	1:e27310ce7654	1900	word16 dtls:1; /* using datagrams ? */
wolfSSL	1:e27310ce7654	1901	word16 connReset:1; /* has the peer reset */
wolfSSL	1:e27310ce7654	1902	word16 isClosed:1; /* if we consider conn closed */
wolfSSL	1:e27310ce7654	1903	word16 closeNotify:1; /* we've recieved a close notify */
wolfSSL	1:e27310ce7654	1904	word16 sentNotify:1; /* we've sent a close notify */
wolfSSL	1:e27310ce7654	1905	word16 usingCompression:1; /* are we using compression */
wolfSSL	1:e27310ce7654	1906	word16 haveRSA:1; /* RSA available */
wolfSSL	1:e27310ce7654	1907	word16 haveDH:1; /* server DH parms set by user */
wolfSSL	1:e27310ce7654	1908	word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL	1:e27310ce7654	1909	word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL	1:e27310ce7654	1910	word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL	1:e27310ce7654	1911	word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL	1:e27310ce7654	1912	word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL	1:e27310ce7654	1913	word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL	1:e27310ce7654	1914	word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL	1:e27310ce7654	1915	word16 sendAlertState:1; /* nonblocking resume */
wolfSSL	1:e27310ce7654	1916	word16 partialWrite:1; /* only one msg per write call */
wolfSSL	1:e27310ce7654	1917	word16 quietShutdown:1; /* don't send close notify */
wolfSSL	1:e27310ce7654	1918	word16 certOnly:1; /* stop once we get cert */
wolfSSL	1:e27310ce7654	1919	word16 groupMessages:1; /* group handshake messages */
wolfSSL	1:e27310ce7654	1920	word16 usingNonblock:1; /* are we using nonblocking socket */
wolfSSL	1:e27310ce7654	1921	word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL	1:e27310ce7654	1922	or psk */
wolfSSL	1:e27310ce7654	1923	#ifdef HAVE_POLY1305
wolfSSL	1:e27310ce7654	1924	word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL	1:e27310ce7654	1925	#endif
wolfSSL	1:e27310ce7654	1926	#ifdef HAVE_ANON
wolfSSL	1:e27310ce7654	1927	word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL	1:e27310ce7654	1928	#endif
wolfSSL	1:e27310ce7654	1929	#ifdef HAVE_SESSION_TICKET
wolfSSL	1:e27310ce7654	1930	word16 createTicket:1; /* Server to create new Ticket */
wolfSSL	1:e27310ce7654	1931	word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL	1:e27310ce7654	1932	#endif
wolfSSL	1:e27310ce7654	1933
wolfSSL	1:e27310ce7654	1934	/* need full byte values for this section */
wolfSSL	1:e27310ce7654	1935	byte processReply; /* nonblocking resume */
wolfSSL	1:e27310ce7654	1936	byte cipherSuite0; /* first byte, normally 0 */
wolfSSL	1:e27310ce7654	1937	byte cipherSuite; /* second byte, actual suite */
wolfSSL	1:e27310ce7654	1938	byte serverState;
wolfSSL	1:e27310ce7654	1939	byte clientState;
wolfSSL	1:e27310ce7654	1940	byte handShakeState;
wolfSSL	1:e27310ce7654	1941	byte handShakeDone; /* at least one handshake complete */
wolfSSL	1:e27310ce7654	1942	byte minDowngrade; /* minimum downgrade version */
wolfSSL	1:e27310ce7654	1943	byte connectState; /* nonblocking resume */
wolfSSL	1:e27310ce7654	1944	byte acceptState; /* nonblocking resume */
wolfSSL	1:e27310ce7654	1945	#ifndef NO_DH
wolfSSL	1:e27310ce7654	1946	word16 minDhKeySz; /* minimum DH key size */
wolfSSL	1:e27310ce7654	1947	word16 dhKeySz; /* actual DH key size */
wolfSSL	1:e27310ce7654	1948	#endif
wolfSSL	1:e27310ce7654	1949
wolfSSL	1:e27310ce7654	1950	} Options;
wolfSSL	1:e27310ce7654	1951
wolfSSL	1:e27310ce7654	1952	typedef struct Arrays {
wolfSSL	1:e27310ce7654	1953	word32 preMasterSz; /* differs for DH, actual size */
wolfSSL	1:e27310ce7654	1954	#ifndef NO_PSK
wolfSSL	1:e27310ce7654	1955	word32 psk_keySz; /* acutal size */
wolfSSL	1:e27310ce7654	1956	char client_identity[MAX_PSK_ID_LEN];
wolfSSL	1:e27310ce7654	1957	char server_hint[MAX_PSK_ID_LEN];
wolfSSL	1:e27310ce7654	1958	byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL	1:e27310ce7654	1959	#endif
wolfSSL	1:e27310ce7654	1960	byte clientRandom[RAN_LEN];
wolfSSL	1:e27310ce7654	1961	byte serverRandom[RAN_LEN];
wolfSSL	1:e27310ce7654	1962	byte sessionID[ID_LEN];
wolfSSL	1:e27310ce7654	1963	byte sessionIDSz;
wolfSSL	1:e27310ce7654	1964	byte preMasterSecret[ENCRYPT_LEN];
wolfSSL	1:e27310ce7654	1965	byte masterSecret[SECRET_LEN];
wolfSSL	1:e27310ce7654	1966	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	1967	byte cookie[MAX_COOKIE_LEN];
wolfSSL	1:e27310ce7654	1968	byte cookieSz;
wolfSSL	1:e27310ce7654	1969	#endif
wolfSSL	1:e27310ce7654	1970	} Arrays;
wolfSSL	1:e27310ce7654	1971
wolfSSL	1:e27310ce7654	1972	#ifndef ASN_NAME_MAX
wolfSSL	1:e27310ce7654	1973	#define ASN_NAME_MAX 256
wolfSSL	1:e27310ce7654	1974	#endif
wolfSSL	1:e27310ce7654	1975
wolfSSL	1:e27310ce7654	1976	#ifndef MAX_DATE_SZ
wolfSSL	1:e27310ce7654	1977	#define MAX_DATE_SZ 32
wolfSSL	1:e27310ce7654	1978	#endif
wolfSSL	1:e27310ce7654	1979
wolfSSL	1:e27310ce7654	1980	struct WOLFSSL_X509_NAME {
wolfSSL	1:e27310ce7654	1981	char *name;
wolfSSL	1:e27310ce7654	1982	char staticName[ASN_NAME_MAX];
wolfSSL	1:e27310ce7654	1983	int dynamicName;
wolfSSL	1:e27310ce7654	1984	int sz;
wolfSSL	1:e27310ce7654	1985	#ifdef OPENSSL_EXTRA
wolfSSL	1:e27310ce7654	1986	DecodedName fullName;
wolfSSL	1:e27310ce7654	1987	#endif /* OPENSSL_EXTRA */
wolfSSL	1:e27310ce7654	1988	};
wolfSSL	1:e27310ce7654	1989
wolfSSL	1:e27310ce7654	1990	#ifndef EXTERNAL_SERIAL_SIZE
wolfSSL	1:e27310ce7654	1991	#define EXTERNAL_SERIAL_SIZE 32
wolfSSL	1:e27310ce7654	1992	#endif
wolfSSL	1:e27310ce7654	1993
wolfSSL	1:e27310ce7654	1994	#ifdef NO_ASN
wolfSSL	1:e27310ce7654	1995	typedef struct DNS_entry DNS_entry;
wolfSSL	1:e27310ce7654	1996	#endif
wolfSSL	1:e27310ce7654	1997
wolfSSL	1:e27310ce7654	1998	struct WOLFSSL_X509 {
wolfSSL	1:e27310ce7654	1999	int version;
wolfSSL	1:e27310ce7654	2000	WOLFSSL_X509_NAME issuer;
wolfSSL	1:e27310ce7654	2001	WOLFSSL_X509_NAME subject;
wolfSSL	1:e27310ce7654	2002	int serialSz;
wolfSSL	1:e27310ce7654	2003	byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL	1:e27310ce7654	2004	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL	1:e27310ce7654	2005	#ifdef WOLFSSL_SEP
wolfSSL	1:e27310ce7654	2006	int deviceTypeSz;
wolfSSL	1:e27310ce7654	2007	byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL	1:e27310ce7654	2008	int hwTypeSz;
wolfSSL	1:e27310ce7654	2009	byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL	1:e27310ce7654	2010	int hwSerialNumSz;
wolfSSL	1:e27310ce7654	2011	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL	1:e27310ce7654	2012	#ifdef OPENSSL_EXTRA
wolfSSL	1:e27310ce7654	2013	byte certPolicySet;
wolfSSL	1:e27310ce7654	2014	byte certPolicyCrit;
wolfSSL	1:e27310ce7654	2015	#endif /* OPENSSL_EXTRA */
wolfSSL	1:e27310ce7654	2016	#endif
wolfSSL	1:e27310ce7654	2017	int notBeforeSz;
wolfSSL	1:e27310ce7654	2018	byte notBefore[MAX_DATE_SZ];
wolfSSL	1:e27310ce7654	2019	int notAfterSz;
wolfSSL	1:e27310ce7654	2020	byte notAfter[MAX_DATE_SZ];
wolfSSL	1:e27310ce7654	2021	int sigOID;
wolfSSL	1:e27310ce7654	2022	buffer sig;
wolfSSL	1:e27310ce7654	2023	int pubKeyOID;
wolfSSL	1:e27310ce7654	2024	buffer pubKey;
wolfSSL	1:e27310ce7654	2025	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	2026	word32 pkCurveOID;
wolfSSL	1:e27310ce7654	2027	#endif /* HAVE_ECC */
wolfSSL	1:e27310ce7654	2028	buffer derCert; /* may need */
wolfSSL	1:e27310ce7654	2029	DNS_entry* altNames; /* alt names list */
wolfSSL	1:e27310ce7654	2030	DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL	1:e27310ce7654	2031	byte dynamicMemory; /* dynamic memory flag */
wolfSSL	1:e27310ce7654	2032	byte isCa;
wolfSSL	1:e27310ce7654	2033	#ifdef OPENSSL_EXTRA
wolfSSL	1:e27310ce7654	2034	word32 pathLength;
wolfSSL	1:e27310ce7654	2035	word16 keyUsage;
wolfSSL	1:e27310ce7654	2036	byte basicConstSet;
wolfSSL	1:e27310ce7654	2037	byte basicConstCrit;
wolfSSL	1:e27310ce7654	2038	byte basicConstPlSet;
wolfSSL	1:e27310ce7654	2039	byte subjAltNameSet;
wolfSSL	1:e27310ce7654	2040	byte subjAltNameCrit;
wolfSSL	1:e27310ce7654	2041	byte authKeyIdSet;
wolfSSL	1:e27310ce7654	2042	byte authKeyIdCrit;
wolfSSL	1:e27310ce7654	2043	byte* authKeyId;
wolfSSL	1:e27310ce7654	2044	word32 authKeyIdSz;
wolfSSL	1:e27310ce7654	2045	byte subjKeyIdSet;
wolfSSL	1:e27310ce7654	2046	byte subjKeyIdCrit;
wolfSSL	1:e27310ce7654	2047	byte* subjKeyId;
wolfSSL	1:e27310ce7654	2048	word32 subjKeyIdSz;
wolfSSL	1:e27310ce7654	2049	byte keyUsageSet;
wolfSSL	1:e27310ce7654	2050	byte keyUsageCrit;
wolfSSL	1:e27310ce7654	2051	#endif /* OPENSSL_EXTRA */
wolfSSL	1:e27310ce7654	2052	};
wolfSSL	1:e27310ce7654	2053
wolfSSL	1:e27310ce7654	2054
wolfSSL	1:e27310ce7654	2055	/* record layer header for PlainText, Compressed, and CipherText */
wolfSSL	1:e27310ce7654	2056	typedef struct RecordLayerHeader {
wolfSSL	1:e27310ce7654	2057	byte type;
wolfSSL	1:e27310ce7654	2058	byte pvMajor;
wolfSSL	1:e27310ce7654	2059	byte pvMinor;
wolfSSL	1:e27310ce7654	2060	byte length[2];
wolfSSL	1:e27310ce7654	2061	} RecordLayerHeader;
wolfSSL	1:e27310ce7654	2062
wolfSSL	1:e27310ce7654	2063
wolfSSL	1:e27310ce7654	2064	/* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL	1:e27310ce7654	2065	typedef struct DtlsRecordLayerHeader {
wolfSSL	1:e27310ce7654	2066	byte type;
wolfSSL	1:e27310ce7654	2067	byte pvMajor;
wolfSSL	1:e27310ce7654	2068	byte pvMinor;
wolfSSL	1:e27310ce7654	2069	byte epoch[2]; /* increment on cipher state change */
wolfSSL	1:e27310ce7654	2070	byte sequence_number[6]; /* per record */
wolfSSL	1:e27310ce7654	2071	byte length[2];
wolfSSL	1:e27310ce7654	2072	} DtlsRecordLayerHeader;
wolfSSL	1:e27310ce7654	2073
wolfSSL	1:e27310ce7654	2074
wolfSSL	1:e27310ce7654	2075	typedef struct DtlsPool {
wolfSSL	1:e27310ce7654	2076	buffer buf[DTLS_POOL_SZ];
wolfSSL	1:e27310ce7654	2077	int used;
wolfSSL	1:e27310ce7654	2078	} DtlsPool;
wolfSSL	1:e27310ce7654	2079
wolfSSL	1:e27310ce7654	2080	typedef struct DtlsMsg {
wolfSSL	1:e27310ce7654	2081	struct DtlsMsg* next;
wolfSSL	1:e27310ce7654	2082	word32 seq; /* Handshake sequence number */
wolfSSL	1:e27310ce7654	2083	word32 sz; /* Length of whole mesage */
wolfSSL	1:e27310ce7654	2084	word32 fragSz; /* Length of fragments received */
wolfSSL	1:e27310ce7654	2085	byte type;
wolfSSL	1:e27310ce7654	2086	byte* buf;
wolfSSL	1:e27310ce7654	2087	byte* msg;
wolfSSL	1:e27310ce7654	2088	} DtlsMsg;
wolfSSL	1:e27310ce7654	2089
wolfSSL	1:e27310ce7654	2090
wolfSSL	1:e27310ce7654	2091	#ifdef HAVE_NETX
wolfSSL	1:e27310ce7654	2092
wolfSSL	1:e27310ce7654	2093	/* NETX I/O Callback default */
wolfSSL	1:e27310ce7654	2094	typedef struct NetX_Ctx {
wolfSSL	1:e27310ce7654	2095	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL	1:e27310ce7654	2096	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL	1:e27310ce7654	2097	ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL	1:e27310ce7654	2098	ULONG nxWait; /* wait option flag */
wolfSSL	1:e27310ce7654	2099	} NetX_Ctx;
wolfSSL	1:e27310ce7654	2100
wolfSSL	1:e27310ce7654	2101	#endif
wolfSSL	1:e27310ce7654	2102
wolfSSL	1:e27310ce7654	2103
wolfSSL	1:e27310ce7654	2104	/* Handshake messages recevied from peer (plus change cipher */
wolfSSL	1:e27310ce7654	2105	typedef struct MsgsReceived {
wolfSSL	1:e27310ce7654	2106	word16 got_hello_request:1;
wolfSSL	1:e27310ce7654	2107	word16 got_client_hello:1;
wolfSSL	1:e27310ce7654	2108	word16 got_server_hello:1;
wolfSSL	1:e27310ce7654	2109	word16 got_hello_verify_request:1;
wolfSSL	1:e27310ce7654	2110	word16 got_session_ticket:1;
wolfSSL	1:e27310ce7654	2111	word16 got_certificate:1;
wolfSSL	1:e27310ce7654	2112	word16 got_server_key_exchange:1;
wolfSSL	1:e27310ce7654	2113	word16 got_certificate_request:1;
wolfSSL	1:e27310ce7654	2114	word16 got_server_hello_done:1;
wolfSSL	1:e27310ce7654	2115	word16 got_certificate_verify:1;
wolfSSL	1:e27310ce7654	2116	word16 got_client_key_exchange:1;
wolfSSL	1:e27310ce7654	2117	word16 got_finished:1;
wolfSSL	1:e27310ce7654	2118	word16 got_change_cipher:1;
wolfSSL	1:e27310ce7654	2119	} MsgsReceived;
wolfSSL	1:e27310ce7654	2120
wolfSSL	1:e27310ce7654	2121
wolfSSL	1:e27310ce7654	2122	/* Handshake hashes */
wolfSSL	1:e27310ce7654	2123	typedef struct HS_Hashes {
wolfSSL	1:e27310ce7654	2124	Hashes verifyHashes;
wolfSSL	1:e27310ce7654	2125	Hashes certHashes; /* for cert verify */
wolfSSL	1:e27310ce7654	2126	#ifndef NO_OLD_TLS
wolfSSL	1:e27310ce7654	2127	#ifndef NO_SHA
wolfSSL	1:e27310ce7654	2128	Sha hashSha; /* sha hash of handshake msgs */
wolfSSL	1:e27310ce7654	2129	#endif
wolfSSL	1:e27310ce7654	2130	#ifndef NO_MD5
wolfSSL	1:e27310ce7654	2131	Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL	1:e27310ce7654	2132	#endif
wolfSSL	1:e27310ce7654	2133	#endif /* NO_OLD_TLS */
wolfSSL	1:e27310ce7654	2134	#ifndef NO_SHA256
wolfSSL	1:e27310ce7654	2135	Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL	1:e27310ce7654	2136	#endif
wolfSSL	1:e27310ce7654	2137	#ifdef WOLFSSL_SHA384
wolfSSL	1:e27310ce7654	2138	Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL	1:e27310ce7654	2139	#endif
wolfSSL	1:e27310ce7654	2140	#ifdef WOLFSSL_SHA512
wolfSSL	1:e27310ce7654	2141	Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL	1:e27310ce7654	2142	#endif
wolfSSL	1:e27310ce7654	2143	} HS_Hashes;
wolfSSL	1:e27310ce7654	2144
wolfSSL	1:e27310ce7654	2145
wolfSSL	1:e27310ce7654	2146	/* wolfSSL ssl type */
wolfSSL	1:e27310ce7654	2147	struct WOLFSSL {
wolfSSL	1:e27310ce7654	2148	WOLFSSL_CTX* ctx;
wolfSSL	1:e27310ce7654	2149	Suites* suites; /* only need during handshake */
wolfSSL	1:e27310ce7654	2150	Arrays* arrays;
wolfSSL	1:e27310ce7654	2151	HS_Hashes* hsHashes;
wolfSSL	1:e27310ce7654	2152	void* IOCB_ReadCtx;
wolfSSL	1:e27310ce7654	2153	void* IOCB_WriteCtx;
wolfSSL	1:e27310ce7654	2154	RNG* rng;
wolfSSL	1:e27310ce7654	2155	void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL	1:e27310ce7654	2156	VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL	1:e27310ce7654	2157	void* heap; /* for user overrides */
wolfSSL	1:e27310ce7654	2158	#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL	1:e27310ce7654	2159	HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL	1:e27310ce7654	2160	void* hsDoneCtx; /* user handshake cb context */
wolfSSL	1:e27310ce7654	2161	#endif
wolfSSL	1:e27310ce7654	2162	WOLFSSL_CIPHER cipher;
wolfSSL	1:e27310ce7654	2163	hmacfp hmac;
wolfSSL	1:e27310ce7654	2164	Ciphers encrypt;
wolfSSL	1:e27310ce7654	2165	Ciphers decrypt;
wolfSSL	1:e27310ce7654	2166	Buffers buffers;
wolfSSL	1:e27310ce7654	2167	WOLFSSL_SESSION session;
wolfSSL	1:e27310ce7654	2168	WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL	1:e27310ce7654	2169	int error;
wolfSSL	1:e27310ce7654	2170	int rfd; /* read file descriptor */
wolfSSL	1:e27310ce7654	2171	int wfd; /* write file descriptor */
wolfSSL	1:e27310ce7654	2172	int rflags; /* user read flags */
wolfSSL	1:e27310ce7654	2173	int wflags; /* user write flags */
wolfSSL	1:e27310ce7654	2174	word32 timeout; /* session timeout */
wolfSSL	1:e27310ce7654	2175	word16 curSize;
wolfSSL	1:e27310ce7654	2176	RecordLayerHeader curRL;
wolfSSL	1:e27310ce7654	2177	MsgsReceived msgsReceived; /* peer messages received */
wolfSSL	1:e27310ce7654	2178	ProtocolVersion version; /* negotiated version */
wolfSSL	1:e27310ce7654	2179	ProtocolVersion chVersion; /* client hello version */
wolfSSL	1:e27310ce7654	2180	CipherSpecs specs;
wolfSSL	1:e27310ce7654	2181	Keys keys;
wolfSSL	1:e27310ce7654	2182	Options options;
wolfSSL	1:e27310ce7654	2183	#ifdef OPENSSL_EXTRA
wolfSSL	1:e27310ce7654	2184	WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL	1:e27310ce7654	2185	WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL	1:e27310ce7654	2186	#endif
wolfSSL	1:e27310ce7654	2187	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	2188	RsaKey* peerRsaKey;
wolfSSL	1:e27310ce7654	2189	byte peerRsaKeyPresent;
wolfSSL	1:e27310ce7654	2190	#endif
wolfSSL	1:e27310ce7654	2191	#ifdef HAVE_NTRU
wolfSSL	1:e27310ce7654	2192	word16 peerNtruKeyLen;
wolfSSL	1:e27310ce7654	2193	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL	1:e27310ce7654	2194	byte peerNtruKeyPresent;
wolfSSL	1:e27310ce7654	2195	#endif
wolfSSL	1:e27310ce7654	2196	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	2197	ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL	1:e27310ce7654	2198	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL	1:e27310ce7654	2199	ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL	1:e27310ce7654	2200	word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL	1:e27310ce7654	2201	word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL	1:e27310ce7654	2202	byte peerEccKeyPresent;
wolfSSL	1:e27310ce7654	2203	byte peerEccDsaKeyPresent;
wolfSSL	1:e27310ce7654	2204	byte eccTempKeyPresent;
wolfSSL	1:e27310ce7654	2205	#endif
wolfSSL	1:e27310ce7654	2206	#ifdef HAVE_LIBZ
wolfSSL	1:e27310ce7654	2207	z_stream c_stream; /* compression stream */
wolfSSL	1:e27310ce7654	2208	z_stream d_stream; /* decompression stream */
wolfSSL	1:e27310ce7654	2209	byte didStreamInit; /* for stream init and end */
wolfSSL	1:e27310ce7654	2210	#endif
wolfSSL	1:e27310ce7654	2211	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	2212	int dtls_timeout_init; /* starting timeout vaule */
wolfSSL	1:e27310ce7654	2213	int dtls_timeout_max; /* maximum timeout value */
wolfSSL	1:e27310ce7654	2214	int dtls_timeout; /* current timeout value, changes */
wolfSSL	1:e27310ce7654	2215	DtlsPool* dtls_pool;
wolfSSL	1:e27310ce7654	2216	DtlsMsg* dtls_msg_list;
wolfSSL	1:e27310ce7654	2217	void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL	1:e27310ce7654	2218	word32 dtls_expected_rx;
wolfSSL	1:e27310ce7654	2219	#endif
wolfSSL	1:e27310ce7654	2220	#ifdef WOLFSSL_CALLBACKS
wolfSSL	1:e27310ce7654	2221	HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL	1:e27310ce7654	2222	TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL	1:e27310ce7654	2223	byte hsInfoOn; /* track handshake info */
wolfSSL	1:e27310ce7654	2224	byte toInfoOn; /* track timeout info */
wolfSSL	1:e27310ce7654	2225	#endif
wolfSSL	1:e27310ce7654	2226	#ifdef HAVE_FUZZER
wolfSSL	1:e27310ce7654	2227	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL	1:e27310ce7654	2228	void* fuzzerCtx; /* user defined pointer */
wolfSSL	1:e27310ce7654	2229	#endif
wolfSSL	1:e27310ce7654	2230	#ifdef KEEP_PEER_CERT
wolfSSL	1:e27310ce7654	2231	WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL	1:e27310ce7654	2232	#endif
wolfSSL	1:e27310ce7654	2233	#ifdef FORTRESS
wolfSSL	1:e27310ce7654	2234	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL	1:e27310ce7654	2235	#endif
wolfSSL	1:e27310ce7654	2236	#ifdef HAVE_CAVIUM
wolfSSL	1:e27310ce7654	2237	int devId; /* cavium device id to use */
wolfSSL	1:e27310ce7654	2238	#endif
wolfSSL	1:e27310ce7654	2239	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	1:e27310ce7654	2240	OneTimeAuth auth;
wolfSSL	1:e27310ce7654	2241	#endif
wolfSSL	1:e27310ce7654	2242	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	1:e27310ce7654	2243	TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL	1:e27310ce7654	2244	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	1:e27310ce7654	2245	word16 max_fragment;
wolfSSL	1:e27310ce7654	2246	#endif
wolfSSL	1:e27310ce7654	2247	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	1:e27310ce7654	2248	byte truncated_hmac;
wolfSSL	1:e27310ce7654	2249	#endif
wolfSSL	1:e27310ce7654	2250	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	1:e27310ce7654	2251	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL	1:e27310ce7654	2252	#endif /* user turned on */
wolfSSL	1:e27310ce7654	2253	#if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL	1:e27310ce7654	2254	CallbackSessionTicket session_ticket_cb;
wolfSSL	1:e27310ce7654	2255	void* session_ticket_ctx;
wolfSSL	1:e27310ce7654	2256	byte expect_session_ticket;
wolfSSL	1:e27310ce7654	2257	#endif
wolfSSL	1:e27310ce7654	2258	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	1:e27310ce7654	2259	#ifdef HAVE_NETX
wolfSSL	1:e27310ce7654	2260	NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL	1:e27310ce7654	2261	#endif
wolfSSL	1:e27310ce7654	2262	#ifdef SESSION_INDEX
wolfSSL	1:e27310ce7654	2263	int sessionIndex; /* Session's location in the cache. */
wolfSSL	1:e27310ce7654	2264	#endif
wolfSSL	1:e27310ce7654	2265	#ifdef ATOMIC_USER
wolfSSL	1:e27310ce7654	2266	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL	1:e27310ce7654	2267	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL	1:e27310ce7654	2268	#endif
wolfSSL	1:e27310ce7654	2269	#ifdef HAVE_PK_CALLBACKS
wolfSSL	1:e27310ce7654	2270	#ifdef HAVE_ECC
wolfSSL	1:e27310ce7654	2271	void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL	1:e27310ce7654	2272	void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL	1:e27310ce7654	2273	#endif /* HAVE_ECC */
wolfSSL	1:e27310ce7654	2274	#ifndef NO_RSA
wolfSSL	1:e27310ce7654	2275	void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL	1:e27310ce7654	2276	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL	1:e27310ce7654	2277	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL	1:e27310ce7654	2278	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL	1:e27310ce7654	2279	#endif /* NO_RSA */
wolfSSL	1:e27310ce7654	2280	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	1:e27310ce7654	2281	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	1:e27310ce7654	2282	SessionSecretCb sessionSecretCb;
wolfSSL	1:e27310ce7654	2283	void* sessionSecretCtx;
wolfSSL	1:e27310ce7654	2284	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	1:e27310ce7654	2285	};
wolfSSL	1:e27310ce7654	2286
wolfSSL	1:e27310ce7654	2287
wolfSSL	1:e27310ce7654	2288	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2289	int InitSSL(WOLFSSL, WOLFSSL_CTX);
wolfSSL	1:e27310ce7654	2290	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2291	void FreeSSL(WOLFSSL*);
wolfSSL	1:e27310ce7654	2292	WOLFSSL_API void SSL_ResourceFree(WOLFSSL); / Micrium uses */
wolfSSL	1:e27310ce7654	2293
wolfSSL	1:e27310ce7654	2294
wolfSSL	1:e27310ce7654	2295	enum {
wolfSSL	1:e27310ce7654	2296	IV_SZ = 32, /* max iv sz */
wolfSSL	1:e27310ce7654	2297	NAME_SZ = 80 /* max one line */
wolfSSL	1:e27310ce7654	2298	};
wolfSSL	1:e27310ce7654	2299
wolfSSL	1:e27310ce7654	2300
wolfSSL	1:e27310ce7654	2301	typedef struct EncryptedInfo {
wolfSSL	1:e27310ce7654	2302	char name[NAME_SZ]; /* encryption name */
wolfSSL	1:e27310ce7654	2303	byte iv[IV_SZ]; /* encrypted IV */
wolfSSL	1:e27310ce7654	2304	word32 ivSz; /* encrypted IV size */
wolfSSL	1:e27310ce7654	2305	long consumed; /* tracks PEM bytes consumed */
wolfSSL	1:e27310ce7654	2306	byte set; /* if encryption set */
wolfSSL	1:e27310ce7654	2307	WOLFSSL_CTX* ctx; /* CTX owner */
wolfSSL	1:e27310ce7654	2308	} EncryptedInfo;
wolfSSL	1:e27310ce7654	2309
wolfSSL	1:e27310ce7654	2310
wolfSSL	1:e27310ce7654	2311	#ifndef NO_CERTS
wolfSSL	1:e27310ce7654	2312	WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL	1:e27310ce7654	2313	buffer* der, void* heap, EncryptedInfo* info,
wolfSSL	1:e27310ce7654	2314	int* eccKey);
wolfSSL	1:e27310ce7654	2315
wolfSSL	1:e27310ce7654	2316	WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL	1:e27310ce7654	2317	int type, WOLFSSL* ssl, int userChain,
wolfSSL	1:e27310ce7654	2318	WOLFSSL_CRL* crl);
wolfSSL	1:e27310ce7654	2319	#endif
wolfSSL	1:e27310ce7654	2320
wolfSSL	1:e27310ce7654	2321
wolfSSL	1:e27310ce7654	2322	#ifdef WOLFSSL_CALLBACKS
wolfSSL	1:e27310ce7654	2323	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2324	void InitHandShakeInfo(HandShakeInfo*);
wolfSSL	1:e27310ce7654	2325	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2326	void FinishHandShakeInfo(HandShakeInfo, const WOLFSSL);
wolfSSL	1:e27310ce7654	2327	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2328	void AddPacketName(const char, HandShakeInfo);
wolfSSL	1:e27310ce7654	2329
wolfSSL	1:e27310ce7654	2330	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2331	void InitTimeoutInfo(TimeoutInfo*);
wolfSSL	1:e27310ce7654	2332	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2333	void FreeTimeoutInfo(TimeoutInfo, void);
wolfSSL	1:e27310ce7654	2334	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2335	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
wolfSSL	1:e27310ce7654	2336	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2337	void AddLateName(const char, TimeoutInfo);
wolfSSL	1:e27310ce7654	2338	WOLFSSL_LOCAL
wolfSSL	1:e27310ce7654	2339	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL	1:e27310ce7654	2340	#endif
wolfSSL	1:e27310ce7654	2341
wolfSSL	1:e27310ce7654	2342
wolfSSL	1:e27310ce7654	2343	/* Record Layer Header identifier from page 12 */
wolfSSL	1:e27310ce7654	2344	enum ContentType {
wolfSSL	1:e27310ce7654	2345	no_type = 0,
wolfSSL	1:e27310ce7654	2346	change_cipher_spec = 20,
wolfSSL	1:e27310ce7654	2347	alert = 21,
wolfSSL	1:e27310ce7654	2348	handshake = 22,
wolfSSL	1:e27310ce7654	2349	application_data = 23
wolfSSL	1:e27310ce7654	2350	};
wolfSSL	1:e27310ce7654	2351
wolfSSL	1:e27310ce7654	2352
wolfSSL	1:e27310ce7654	2353	/* handshake header, same for each message type, pgs 20/21 */
wolfSSL	1:e27310ce7654	2354	typedef struct HandShakeHeader {
wolfSSL	1:e27310ce7654	2355	byte type;
wolfSSL	1:e27310ce7654	2356	word24 length;
wolfSSL	1:e27310ce7654	2357	} HandShakeHeader;
wolfSSL	1:e27310ce7654	2358
wolfSSL	1:e27310ce7654	2359
wolfSSL	1:e27310ce7654	2360	/* DTLS handshake header, same for each message type */
wolfSSL	1:e27310ce7654	2361	typedef struct DtlsHandShakeHeader {
wolfSSL	1:e27310ce7654	2362	byte type;
wolfSSL	1:e27310ce7654	2363	word24 length;
wolfSSL	1:e27310ce7654	2364	byte message_seq[2]; /* start at 0, restransmit gets same # */
wolfSSL	1:e27310ce7654	2365	word24 fragment_offset; /* bytes in previous fragments */
wolfSSL	1:e27310ce7654	2366	word24 fragment_length; /* length of this fragment */
wolfSSL	1:e27310ce7654	2367	} DtlsHandShakeHeader;
wolfSSL	1:e27310ce7654	2368
wolfSSL	1:e27310ce7654	2369
wolfSSL	1:e27310ce7654	2370	enum HandShakeType {
wolfSSL	1:e27310ce7654	2371	no_shake = -1,
wolfSSL	1:e27310ce7654	2372	hello_request = 0,
wolfSSL	1:e27310ce7654	2373	client_hello = 1,
wolfSSL	1:e27310ce7654	2374	server_hello = 2,
wolfSSL	1:e27310ce7654	2375	hello_verify_request = 3, /* DTLS addition */
wolfSSL	1:e27310ce7654	2376	session_ticket = 4,
wolfSSL	1:e27310ce7654	2377	certificate = 11,
wolfSSL	1:e27310ce7654	2378	server_key_exchange = 12,
wolfSSL	1:e27310ce7654	2379	certificate_request = 13,
wolfSSL	1:e27310ce7654	2380	server_hello_done = 14,
wolfSSL	1:e27310ce7654	2381	certificate_verify = 15,
wolfSSL	1:e27310ce7654	2382	client_key_exchange = 16,
wolfSSL	1:e27310ce7654	2383	finished = 20,
wolfSSL	1:e27310ce7654	2384	certificate_status = 22,
wolfSSL	1:e27310ce7654	2385	change_cipher_hs = 55 /* simulate unique handshake type for sanity
wolfSSL	1:e27310ce7654	2386	checks. record layer change_cipher
wolfSSL	1:e27310ce7654	2387	conflicts with handshake finished */
wolfSSL	1:e27310ce7654	2388	};
wolfSSL	1:e27310ce7654	2389
wolfSSL	1:e27310ce7654	2390
wolfSSL	1:e27310ce7654	2391	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL	1:e27310ce7654	2392	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL	1:e27310ce7654	2393
wolfSSL	1:e27310ce7654	2394	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL	1:e27310ce7654	2395	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL	1:e27310ce7654	2396
wolfSSL	1:e27310ce7654	2397
wolfSSL	1:e27310ce7654	2398	/* internal functions */
wolfSSL	1:e27310ce7654	2399	WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL	1:e27310ce7654	2400	WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL	1:e27310ce7654	2401	WOLFSSL_LOCAL int DoClientTicket(WOLFSSL, const byte, word32);
wolfSSL	1:e27310ce7654	2402	WOLFSSL_LOCAL int SendData(WOLFSSL, const void, int);
wolfSSL	1:e27310ce7654	2403	WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL	1:e27310ce7654	2404	WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL	1:e27310ce7654	2405	WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL	1:e27310ce7654	2406	WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL	1:e27310ce7654	2407	WOLFSSL_LOCAL int ReceiveData(WOLFSSL, byte, int, int);
wolfSSL	1:e27310ce7654	2408	WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL	1:e27310ce7654	2409	WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL	1:e27310ce7654	2410	WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL	1:e27310ce7654	2411
wolfSSL	1:e27310ce7654	2412	WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL	1:e27310ce7654	2413	WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL	1:e27310ce7654	2414
wolfSSL	1:e27310ce7654	2415	WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL	1:e27310ce7654	2416	WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	2417	WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
wolfSSL	1:e27310ce7654	2418
wolfSSL	1:e27310ce7654	2419	WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	2420	WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	2421
wolfSSL	1:e27310ce7654	2422	WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	2423	WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL	1:e27310ce7654	2424	WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	2425
wolfSSL	1:e27310ce7654	2426	WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL	1:e27310ce7654	2427	#ifndef NO_CERTS
wolfSSL	1:e27310ce7654	2428	WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL	1:e27310ce7654	2429	#ifndef NO_SKID
wolfSSL	1:e27310ce7654	2430	WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL	1:e27310ce7654	2431	#endif
wolfSSL	1:e27310ce7654	2432	#endif
wolfSSL	1:e27310ce7654	2433	WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL	1:e27310ce7654	2434	const byte* sender);
wolfSSL	1:e27310ce7654	2435	WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL	1:e27310ce7654	2436	WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL	1:e27310ce7654	2437	WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL	1:e27310ce7654	2438
wolfSSL	1:e27310ce7654	2439	#ifndef NO_TLS
wolfSSL	1:e27310ce7654	2440	WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL	1:e27310ce7654	2441	WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL	1:e27310ce7654	2442	word32 sz, int content, int verify);
wolfSSL	1:e27310ce7654	2443	#endif
wolfSSL	1:e27310ce7654	2444
wolfSSL	1:e27310ce7654	2445	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	1:e27310ce7654	2446	WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL	1:e27310ce7654	2447	WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL	1:e27310ce7654	2448	WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL	1:e27310ce7654	2449	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	1:e27310ce7654	2450
wolfSSL	1:e27310ce7654	2451	#ifndef NO_WOLFSSL_SERVER
wolfSSL	1:e27310ce7654	2452	WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL	1:e27310ce7654	2453	WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL	1:e27310ce7654	2454	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	2455	WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL*);
wolfSSL	1:e27310ce7654	2456	#endif
wolfSSL	1:e27310ce7654	2457	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	1:e27310ce7654	2458
wolfSSL	1:e27310ce7654	2459	#ifdef WOLFSSL_DTLS
wolfSSL	1:e27310ce7654	2460	WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*);
wolfSSL	1:e27310ce7654	2461	WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL, const byte, int);
wolfSSL	1:e27310ce7654	2462	WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*);
wolfSSL	1:e27310ce7654	2463	WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*);
wolfSSL	1:e27310ce7654	2464	WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*);
wolfSSL	1:e27310ce7654	2465
wolfSSL	1:e27310ce7654	2466	WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL	1:e27310ce7654	2467	WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
wolfSSL	1:e27310ce7654	2468	WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
wolfSSL	1:e27310ce7654	2469	WOLFSSL_LOCAL void DtlsMsgSet(DtlsMsg, word32, const byte, byte,
wolfSSL	1:e27310ce7654	2470	word32, word32);
wolfSSL	1:e27310ce7654	2471	WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL	1:e27310ce7654	2472	WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg, word32, const byte, word32,
wolfSSL	1:e27310ce7654	2473	byte, word32, word32, void*);
wolfSSL	1:e27310ce7654	2474	WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
wolfSSL	1:e27310ce7654	2475	#endif /* WOLFSSL_DTLS */
wolfSSL	1:e27310ce7654	2476
wolfSSL	1:e27310ce7654	2477	#ifndef NO_TLS
wolfSSL	1:e27310ce7654	2478
wolfSSL	1:e27310ce7654	2479
wolfSSL	1:e27310ce7654	2480	#endif /* NO_TLS */
wolfSSL	1:e27310ce7654	2481
wolfSSL	1:e27310ce7654	2482
wolfSSL	1:e27310ce7654	2483	WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL	1:e27310ce7654	2484
wolfSSL	1:e27310ce7654	2485	WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL	1:e27310ce7654	2486	WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
wolfSSL	1:e27310ce7654	2487	WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int);
wolfSSL	1:e27310ce7654	2488	WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL	1:e27310ce7654	2489	#ifndef NO_CERTS
wolfSSL	1:e27310ce7654	2490	WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509, DecodedCert);
wolfSSL	1:e27310ce7654	2491	#endif
wolfSSL	1:e27310ce7654	2492
wolfSSL	1:e27310ce7654	2493	/* used by ssl.c and wolfssl_int.c */
wolfSSL	1:e27310ce7654	2494	WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
wolfSSL	1:e27310ce7654	2495
wolfSSL	1:e27310ce7654	2496	WOLFSSL_LOCAL const char* const* GetCipherNames(void);
wolfSSL	1:e27310ce7654	2497	WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL	1:e27310ce7654	2498
wolfSSL	1:e27310ce7654	2499
wolfSSL	1:e27310ce7654	2500	enum encrypt_side {
wolfSSL	1:e27310ce7654	2501	ENCRYPT_SIDE_ONLY = 1,
wolfSSL	1:e27310ce7654	2502	DECRYPT_SIDE_ONLY,
wolfSSL	1:e27310ce7654	2503	ENCRYPT_AND_DECRYPT_SIDE
wolfSSL	1:e27310ce7654	2504	};
wolfSSL	1:e27310ce7654	2505
wolfSSL	1:e27310ce7654	2506	WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL	1:e27310ce7654	2507
wolfSSL	1:e27310ce7654	2508
wolfSSL	1:e27310ce7654	2509	#ifdef __cplusplus
wolfSSL	1:e27310ce7654	2510	} /* extern "C" */
wolfSSL	1:e27310ce7654	2511	#endif
wolfSSL	1:e27310ce7654	2512
wolfSSL	1:e27310ce7654	2513	#endif /* wolfSSL_INT_H */
wolfSSL	1:e27310ce7654	2514
wolfSSL	1:e27310ce7654	2515

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfssl/internal.h@1:e27310ce7654, 2015-07-20 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning