CyaSSL - A library for setting up Secure Socket Layer (SSL…

MultiTech » Code » CyaSSL

A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.

Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL

cyassl/internal.h@6:cf58d49e1a86, 2015-03-23 (annotated)

Committer:: Mike Fiore
Date:: Mon Mar 23 16:51:07 2015 -0500
Revision:: 6:cf58d49e1a86
Parent:: 0:b86d15c6ba29

fix whitespace in sha512.c

Who changed what in which revision?

User	Revision	Line number	New contents of line
Vanger	0:b86d15c6ba29	1	/* internal.h
Vanger	0:b86d15c6ba29	2	*
Vanger	0:b86d15c6ba29	3	* Copyright (C) 2006-2014 wolfSSL Inc.
Vanger	0:b86d15c6ba29	4	*
Vanger	0:b86d15c6ba29	5	* This file is part of CyaSSL.
Vanger	0:b86d15c6ba29	6	*
Vanger	0:b86d15c6ba29	7	* CyaSSL is free software; you can redistribute it and/or modify
Vanger	0:b86d15c6ba29	8	* it under the terms of the GNU General Public License as published by
Vanger	0:b86d15c6ba29	9	* the Free Software Foundation; either version 2 of the License, or
Vanger	0:b86d15c6ba29	10	* (at your option) any later version.
Vanger	0:b86d15c6ba29	11	*
Vanger	0:b86d15c6ba29	12	* CyaSSL is distributed in the hope that it will be useful,
Vanger	0:b86d15c6ba29	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
Vanger	0:b86d15c6ba29	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Vanger	0:b86d15c6ba29	15	* GNU General Public License for more details.
Vanger	0:b86d15c6ba29	16	*
Vanger	0:b86d15c6ba29	17	* You should have received a copy of the GNU General Public License
Vanger	0:b86d15c6ba29	18	* along with this program; if not, write to the Free Software
Vanger	0:b86d15c6ba29	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Vanger	0:b86d15c6ba29	20	*/
Vanger	0:b86d15c6ba29	21
Vanger	0:b86d15c6ba29	22
Vanger	0:b86d15c6ba29	23	#ifndef CYASSL_INT_H
Vanger	0:b86d15c6ba29	24	#define CYASSL_INT_H
Vanger	0:b86d15c6ba29	25
Vanger	0:b86d15c6ba29	26
Vanger	0:b86d15c6ba29	27	#include <cyassl/ctaocrypt/types.h>
Vanger	0:b86d15c6ba29	28	#include <cyassl/ssl.h>
Vanger	0:b86d15c6ba29	29	#include <cyassl/crl.h>
Vanger	0:b86d15c6ba29	30	#include <cyassl/ctaocrypt/random.h>
Vanger	0:b86d15c6ba29	31	#include <cyassl/ctaocrypt/des3.h>
Vanger	0:b86d15c6ba29	32	#include <cyassl/ctaocrypt/hc128.h>
Vanger	0:b86d15c6ba29	33	#include <cyassl/ctaocrypt/rabbit.h>
Vanger	0:b86d15c6ba29	34	#include <cyassl/ctaocrypt/chacha.h>
Vanger	0:b86d15c6ba29	35	#include <cyassl/ctaocrypt/asn.h>
Vanger	0:b86d15c6ba29	36	#include <cyassl/ctaocrypt/md5.h>
Vanger	0:b86d15c6ba29	37	#include <cyassl/ctaocrypt/sha.h>
Vanger	0:b86d15c6ba29	38	#include <cyassl/ctaocrypt/aes.h>
Vanger	0:b86d15c6ba29	39	#include <cyassl/ctaocrypt/poly1305.h>
Vanger	0:b86d15c6ba29	40	#include <cyassl/ctaocrypt/camellia.h>
Vanger	0:b86d15c6ba29	41	#include <cyassl/ctaocrypt/logging.h>
Vanger	0:b86d15c6ba29	42	#include <cyassl/ctaocrypt/hmac.h>
Vanger	0:b86d15c6ba29	43	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	44	#include <cyassl/ctaocrypt/arc4.h>
Vanger	0:b86d15c6ba29	45	#endif
Vanger	0:b86d15c6ba29	46	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	47	#include <cyassl/ctaocrypt/ecc.h>
Vanger	0:b86d15c6ba29	48	#endif
Vanger	0:b86d15c6ba29	49	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	50	#include <cyassl/ctaocrypt/sha256.h>
Vanger	0:b86d15c6ba29	51	#endif
Vanger	0:b86d15c6ba29	52	#ifdef HAVE_OCSP
Vanger	0:b86d15c6ba29	53	#include <cyassl/ocsp.h>
Vanger	0:b86d15c6ba29	54	#endif
Vanger	0:b86d15c6ba29	55	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	56	#include <cyassl/ctaocrypt/sha512.h>
Vanger	0:b86d15c6ba29	57	#endif
Vanger	0:b86d15c6ba29	58
Vanger	0:b86d15c6ba29	59	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	60	#include <cyassl/ctaocrypt/sha512.h>
Vanger	0:b86d15c6ba29	61	#endif
Vanger	0:b86d15c6ba29	62
Vanger	0:b86d15c6ba29	63	#ifdef CYASSL_RIPEMD
Vanger	0:b86d15c6ba29	64	#include <cyassl/ctaocrypt/ripemd.h>
Vanger	0:b86d15c6ba29	65	#endif
Vanger	0:b86d15c6ba29	66
Vanger	0:b86d15c6ba29	67	#ifdef CYASSL_CALLBACKS
Vanger	0:b86d15c6ba29	68	#include <cyassl/callbacks.h>
Vanger	0:b86d15c6ba29	69	#include <signal.h>
Vanger	0:b86d15c6ba29	70	#endif
Vanger	0:b86d15c6ba29	71
Vanger	0:b86d15c6ba29	72	#ifdef USE_WINDOWS_API
Vanger	0:b86d15c6ba29	73	#ifdef CYASSL_GAME_BUILD
Vanger	0:b86d15c6ba29	74	#include "system/xtl.h"
Vanger	0:b86d15c6ba29	75	#else
Vanger	0:b86d15c6ba29	76	#if defined(_WIN32_WCE) \|\| defined(WIN32_LEAN_AND_MEAN)
Vanger	0:b86d15c6ba29	77	/* On WinCE winsock2.h must be included before windows.h */
Vanger	0:b86d15c6ba29	78	#include <winsock2.h>
Vanger	0:b86d15c6ba29	79	#endif
Vanger	0:b86d15c6ba29	80	#include <windows.h>
Vanger	0:b86d15c6ba29	81	#endif
Vanger	0:b86d15c6ba29	82	#elif defined(THREADX)
Vanger	0:b86d15c6ba29	83	#ifndef SINGLE_THREADED
Vanger	0:b86d15c6ba29	84	#include "tx_api.h"
Vanger	0:b86d15c6ba29	85	#endif
Vanger	0:b86d15c6ba29	86	#elif defined(MICRIUM)
Vanger	0:b86d15c6ba29	87	/* do nothing, just don't pick Unix */
Vanger	0:b86d15c6ba29	88	#elif defined(FREERTOS) \|\| defined(CYASSL_SAFERTOS)
Vanger	0:b86d15c6ba29	89	/* do nothing */
Vanger	0:b86d15c6ba29	90	#elif defined(EBSNET)
Vanger	0:b86d15c6ba29	91	/* do nothing */
Vanger	0:b86d15c6ba29	92	#elif defined(FREESCALE_MQX)
Vanger	0:b86d15c6ba29	93	/* do nothing */
Vanger	0:b86d15c6ba29	94	#elif defined(CYASSL_MDK_ARM)
Vanger	0:b86d15c6ba29	95	#if defined(CYASSL_MDK5)
Vanger	0:b86d15c6ba29	96	#include "cmsis_os.h"
Vanger	0:b86d15c6ba29	97	#else
Vanger	0:b86d15c6ba29	98	#include <rtl.h>
Vanger	0:b86d15c6ba29	99	#endif
Vanger	0:b86d15c6ba29	100	#elif defined(MBED)
Vanger	0:b86d15c6ba29	101	#elif defined(CYASSL_TIRTOS)
Vanger	0:b86d15c6ba29	102	/* do nothing */
Vanger	0:b86d15c6ba29	103	#else
Vanger	0:b86d15c6ba29	104	#ifndef SINGLE_THREADED
Vanger	0:b86d15c6ba29	105	#define CYASSL_PTHREADS
Vanger	0:b86d15c6ba29	106	#include <pthread.h>
Vanger	0:b86d15c6ba29	107	#endif
Vanger	0:b86d15c6ba29	108	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
Vanger	0:b86d15c6ba29	109	#include <unistd.h> /* for close of BIO */
Vanger	0:b86d15c6ba29	110	#endif
Vanger	0:b86d15c6ba29	111	#endif
Vanger	0:b86d15c6ba29	112
Vanger	0:b86d15c6ba29	113
Vanger	0:b86d15c6ba29	114	#ifdef HAVE_LIBZ
Vanger	0:b86d15c6ba29	115	#include "zlib.h"
Vanger	0:b86d15c6ba29	116	#endif
Vanger	0:b86d15c6ba29	117
Vanger	0:b86d15c6ba29	118	#ifdef _MSC_VER
Vanger	0:b86d15c6ba29	119	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
Vanger	0:b86d15c6ba29	120	#pragma warning(disable: 4996)
Vanger	0:b86d15c6ba29	121	#endif
Vanger	0:b86d15c6ba29	122
Vanger	0:b86d15c6ba29	123	#ifdef NO_AES
Vanger	0:b86d15c6ba29	124	#if !defined (ALIGN16)
Vanger	0:b86d15c6ba29	125	#define ALIGN16
Vanger	0:b86d15c6ba29	126	#endif
Vanger	0:b86d15c6ba29	127	#endif
Vanger	0:b86d15c6ba29	128
Vanger	0:b86d15c6ba29	129	#ifdef NO_SHA
Vanger	0:b86d15c6ba29	130	#define SHA_DIGEST_SIZE 20
Vanger	0:b86d15c6ba29	131	#endif
Vanger	0:b86d15c6ba29	132
Vanger	0:b86d15c6ba29	133	#ifdef NO_SHA256
Vanger	0:b86d15c6ba29	134	#define SHA256_DIGEST_SIZE 32
Vanger	0:b86d15c6ba29	135	#endif
Vanger	0:b86d15c6ba29	136
Vanger	0:b86d15c6ba29	137	#ifdef NO_MD5
Vanger	0:b86d15c6ba29	138	#define MD5_DIGEST_SIZE 16
Vanger	0:b86d15c6ba29	139	#endif
Vanger	0:b86d15c6ba29	140
Vanger	0:b86d15c6ba29	141
Vanger	0:b86d15c6ba29	142	#ifdef __cplusplus
Vanger	0:b86d15c6ba29	143	extern "C" {
Vanger	0:b86d15c6ba29	144	#endif
Vanger	0:b86d15c6ba29	145
Vanger	0:b86d15c6ba29	146
Vanger	0:b86d15c6ba29	147	#ifdef USE_WINDOWS_API
Vanger	0:b86d15c6ba29	148	typedef unsigned int SOCKET_T;
Vanger	0:b86d15c6ba29	149	#else
Vanger	0:b86d15c6ba29	150	typedef int SOCKET_T;
Vanger	0:b86d15c6ba29	151	#endif
Vanger	0:b86d15c6ba29	152
Vanger	0:b86d15c6ba29	153
Vanger	0:b86d15c6ba29	154	typedef byte word24[3];
Vanger	0:b86d15c6ba29	155
Vanger	0:b86d15c6ba29	156	/* Define or comment out the cipher suites you'd like to be compiled in
Vanger	0:b86d15c6ba29	157	make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
Vanger	0:b86d15c6ba29	158
Vanger	0:b86d15c6ba29	159	When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
Vanger	0:b86d15c6ba29	160	*/
Vanger	0:b86d15c6ba29	161	#if !defined(NO_RSA) && !defined(NO_RC4)
Vanger	0:b86d15c6ba29	162	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	163	#define BUILD_SSL_RSA_WITH_RC4_128_SHA
Vanger	0:b86d15c6ba29	164	#endif
Vanger	0:b86d15c6ba29	165	#if !defined(NO_MD5)
Vanger	0:b86d15c6ba29	166	#define BUILD_SSL_RSA_WITH_RC4_128_MD5
Vanger	0:b86d15c6ba29	167	#endif
Vanger	0:b86d15c6ba29	168	#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
Vanger	0:b86d15c6ba29	169	#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
Vanger	0:b86d15c6ba29	170	#endif
Vanger	0:b86d15c6ba29	171	#endif
Vanger	0:b86d15c6ba29	172
Vanger	0:b86d15c6ba29	173	#if !defined(NO_RSA) && !defined(NO_DES3)
Vanger	0:b86d15c6ba29	174	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	175	#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
Vanger	0:b86d15c6ba29	176	#if !defined(NO_TLS) && defined(HAVE_NTRU)
Vanger	0:b86d15c6ba29	177	#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
Vanger	0:b86d15c6ba29	178	#endif
Vanger	0:b86d15c6ba29	179	#endif
Vanger	0:b86d15c6ba29	180	#endif
Vanger	0:b86d15c6ba29	181
Vanger	0:b86d15c6ba29	182	#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
Vanger	0:b86d15c6ba29	183	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	184	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	185	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	186	#if defined(HAVE_NTRU)
Vanger	0:b86d15c6ba29	187	#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	188	#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	189	#endif
Vanger	0:b86d15c6ba29	190	#endif
Vanger	0:b86d15c6ba29	191	#if !defined (NO_SHA256)
Vanger	0:b86d15c6ba29	192	#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	193	#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
Vanger	0:b86d15c6ba29	194	#endif
Vanger	0:b86d15c6ba29	195	#if defined (HAVE_AESGCM)
Vanger	0:b86d15c6ba29	196	#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	197	#if defined (CYASSL_SHA384)
Vanger	0:b86d15c6ba29	198	#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	199	#endif
Vanger	0:b86d15c6ba29	200	#endif
Vanger	0:b86d15c6ba29	201	#if defined (HAVE_AESCCM)
Vanger	0:b86d15c6ba29	202	#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
Vanger	0:b86d15c6ba29	203	#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
Vanger	0:b86d15c6ba29	204	#endif
Vanger	0:b86d15c6ba29	205	#if defined(HAVE_BLAKE2)
Vanger	0:b86d15c6ba29	206	#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
Vanger	0:b86d15c6ba29	207	#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
Vanger	0:b86d15c6ba29	208	#endif
Vanger	0:b86d15c6ba29	209	#endif
Vanger	0:b86d15c6ba29	210
Vanger	0:b86d15c6ba29	211	#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
Vanger	0:b86d15c6ba29	212	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	213	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	214	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
Vanger	0:b86d15c6ba29	215	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
Vanger	0:b86d15c6ba29	216	#endif
Vanger	0:b86d15c6ba29	217	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	218	#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
Vanger	0:b86d15c6ba29	219	#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
Vanger	0:b86d15c6ba29	220	#endif
Vanger	0:b86d15c6ba29	221	#if !defined(NO_DH)
Vanger	0:b86d15c6ba29	222	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	223	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
Vanger	0:b86d15c6ba29	224	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
Vanger	0:b86d15c6ba29	225	#endif
Vanger	0:b86d15c6ba29	226	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	227	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
Vanger	0:b86d15c6ba29	228	#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
Vanger	0:b86d15c6ba29	229	#endif
Vanger	0:b86d15c6ba29	230	#endif
Vanger	0:b86d15c6ba29	231	#endif
Vanger	0:b86d15c6ba29	232	#endif
Vanger	0:b86d15c6ba29	233
Vanger	0:b86d15c6ba29	234	#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
Vanger	0:b86d15c6ba29	235	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	236	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	237	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	238	#endif
Vanger	0:b86d15c6ba29	239	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	240	#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	241	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	242	#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	243	#endif
Vanger	0:b86d15c6ba29	244	#ifdef HAVE_AESCCM
Vanger	0:b86d15c6ba29	245	#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
Vanger	0:b86d15c6ba29	246	#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
Vanger	0:b86d15c6ba29	247	#define BUILD_TLS_PSK_WITH_AES_128_CCM
Vanger	0:b86d15c6ba29	248	#define BUILD_TLS_PSK_WITH_AES_256_CCM
Vanger	0:b86d15c6ba29	249	#endif
Vanger	0:b86d15c6ba29	250	#endif
Vanger	0:b86d15c6ba29	251	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	252	#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
Vanger	0:b86d15c6ba29	253	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	254	#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	255	#endif
Vanger	0:b86d15c6ba29	256	#endif
Vanger	0:b86d15c6ba29	257	#endif
Vanger	0:b86d15c6ba29	258
Vanger	0:b86d15c6ba29	259	#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
Vanger	0:b86d15c6ba29	260	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	261	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	262	#define BUILD_TLS_RSA_WITH_NULL_SHA
Vanger	0:b86d15c6ba29	263	#endif
Vanger	0:b86d15c6ba29	264	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	265	#define BUILD_TLS_RSA_WITH_NULL_SHA256
Vanger	0:b86d15c6ba29	266	#endif
Vanger	0:b86d15c6ba29	267	#endif
Vanger	0:b86d15c6ba29	268	#if !defined(NO_PSK)
Vanger	0:b86d15c6ba29	269	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	270	#define BUILD_TLS_PSK_WITH_NULL_SHA
Vanger	0:b86d15c6ba29	271	#endif
Vanger	0:b86d15c6ba29	272	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	273	#define BUILD_TLS_PSK_WITH_NULL_SHA256
Vanger	0:b86d15c6ba29	274	#endif
Vanger	0:b86d15c6ba29	275	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	276	#define BUILD_TLS_PSK_WITH_NULL_SHA384
Vanger	0:b86d15c6ba29	277	#endif
Vanger	0:b86d15c6ba29	278	#endif
Vanger	0:b86d15c6ba29	279	#endif
Vanger	0:b86d15c6ba29	280
Vanger	0:b86d15c6ba29	281	#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
Vanger	0:b86d15c6ba29	282	#define BUILD_TLS_RSA_WITH_HC_128_MD5
Vanger	0:b86d15c6ba29	283	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	284	#define BUILD_TLS_RSA_WITH_HC_128_SHA
Vanger	0:b86d15c6ba29	285	#endif
Vanger	0:b86d15c6ba29	286	#if defined(HAVE_BLAKE2)
Vanger	0:b86d15c6ba29	287	#define BUILD_TLS_RSA_WITH_HC_128_B2B256
Vanger	0:b86d15c6ba29	288	#endif
Vanger	0:b86d15c6ba29	289	#endif
Vanger	0:b86d15c6ba29	290
Vanger	0:b86d15c6ba29	291	#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
Vanger	0:b86d15c6ba29	292	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	293	#define BUILD_TLS_RSA_WITH_RABBIT_SHA
Vanger	0:b86d15c6ba29	294	#endif
Vanger	0:b86d15c6ba29	295	#endif
Vanger	0:b86d15c6ba29	296
Vanger	0:b86d15c6ba29	297	#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
Vanger	0:b86d15c6ba29	298	!defined(NO_RSA)
Vanger	0:b86d15c6ba29	299	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	300	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	301	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	302	#endif
Vanger	0:b86d15c6ba29	303	#if !defined (NO_SHA256)
Vanger	0:b86d15c6ba29	304	#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	305	#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Vanger	0:b86d15c6ba29	306	#if defined (HAVE_AESGCM)
Vanger	0:b86d15c6ba29	307	#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	308	#if defined (CYASSL_SHA384)
Vanger	0:b86d15c6ba29	309	#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	310	#endif
Vanger	0:b86d15c6ba29	311	#endif
Vanger	0:b86d15c6ba29	312	#endif
Vanger	0:b86d15c6ba29	313	#endif
Vanger	0:b86d15c6ba29	314
Vanger	0:b86d15c6ba29	315	#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
Vanger	0:b86d15c6ba29	316	!defined(NO_AES) && !defined(NO_SHA)
Vanger	0:b86d15c6ba29	317	#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	318	#endif
Vanger	0:b86d15c6ba29	319
Vanger	0:b86d15c6ba29	320	#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
Vanger	0:b86d15c6ba29	321	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	322	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	323	#ifdef HAVE_NULL_CIPHER
Vanger	0:b86d15c6ba29	324	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
Vanger	0:b86d15c6ba29	325	#endif
Vanger	0:b86d15c6ba29	326	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	327	#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	328	#endif
Vanger	0:b86d15c6ba29	329	#ifdef HAVE_AESCCM
Vanger	0:b86d15c6ba29	330	#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
Vanger	0:b86d15c6ba29	331	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
Vanger	0:b86d15c6ba29	332	#endif
Vanger	0:b86d15c6ba29	333	#endif
Vanger	0:b86d15c6ba29	334	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	335	#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
Vanger	0:b86d15c6ba29	336	#ifdef HAVE_NULL_CIPHER
Vanger	0:b86d15c6ba29	337	#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
Vanger	0:b86d15c6ba29	338	#endif
Vanger	0:b86d15c6ba29	339	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	340	#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	341	#endif
Vanger	0:b86d15c6ba29	342	#endif
Vanger	0:b86d15c6ba29	343	#endif
Vanger	0:b86d15c6ba29	344
Vanger	0:b86d15c6ba29	345	#if defined(HAVE_ECC) && !defined(NO_TLS)
Vanger	0:b86d15c6ba29	346	#if !defined(NO_AES)
Vanger	0:b86d15c6ba29	347	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	348	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	349	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	350	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	351	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	352	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	353	#endif
Vanger	0:b86d15c6ba29	354
Vanger	0:b86d15c6ba29	355	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	356	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	357
Vanger	0:b86d15c6ba29	358	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	359	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Vanger	0:b86d15c6ba29	360	#endif /* NO_SHA */
Vanger	0:b86d15c6ba29	361	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	362	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	363	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	364	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	365	#endif
Vanger	0:b86d15c6ba29	366	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	367	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Vanger	0:b86d15c6ba29	368	#endif
Vanger	0:b86d15c6ba29	369
Vanger	0:b86d15c6ba29	370	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	371	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	372	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Vanger	0:b86d15c6ba29	373	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Vanger	0:b86d15c6ba29	374	#endif
Vanger	0:b86d15c6ba29	375	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Vanger	0:b86d15c6ba29	376	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Vanger	0:b86d15c6ba29	377	#endif
Vanger	0:b86d15c6ba29	378
Vanger	0:b86d15c6ba29	379	#if defined (HAVE_AESGCM)
Vanger	0:b86d15c6ba29	380	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	381	#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	382	#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	383	#if defined(CYASSL_SHA384)
Vanger	0:b86d15c6ba29	384	#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	385	#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	386	#endif
Vanger	0:b86d15c6ba29	387	#endif
Vanger	0:b86d15c6ba29	388
Vanger	0:b86d15c6ba29	389	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	390	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Vanger	0:b86d15c6ba29	391
Vanger	0:b86d15c6ba29	392	#if defined(CYASSL_SHA384)
Vanger	0:b86d15c6ba29	393	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	394	#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Vanger	0:b86d15c6ba29	395	#endif
Vanger	0:b86d15c6ba29	396	#endif
Vanger	0:b86d15c6ba29	397	#if defined (HAVE_AESCCM)
Vanger	0:b86d15c6ba29	398	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
Vanger	0:b86d15c6ba29	399	#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
Vanger	0:b86d15c6ba29	400	#endif
Vanger	0:b86d15c6ba29	401	#endif /* NO_AES */
Vanger	0:b86d15c6ba29	402	#if !defined(NO_RC4)
Vanger	0:b86d15c6ba29	403	#if !defined(NO_SHA)
Vanger	0:b86d15c6ba29	404	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	405	#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
Vanger	0:b86d15c6ba29	406	#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
Vanger	0:b86d15c6ba29	407	#endif
Vanger	0:b86d15c6ba29	408
Vanger	0:b86d15c6ba29	409	#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Vanger	0:b86d15c6ba29	410	#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Vanger	0:b86d15c6ba29	411	#endif
Vanger	0:b86d15c6ba29	412	#endif
Vanger	0:b86d15c6ba29	413	#if !defined(NO_DES3)
Vanger	0:b86d15c6ba29	414	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	415	#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Vanger	0:b86d15c6ba29	416	#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Vanger	0:b86d15c6ba29	417	#endif
Vanger	0:b86d15c6ba29	418
Vanger	0:b86d15c6ba29	419	#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Vanger	0:b86d15c6ba29	420	#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Vanger	0:b86d15c6ba29	421	#endif
Vanger	0:b86d15c6ba29	422	#endif
Vanger	0:b86d15c6ba29	423
Vanger	0:b86d15c6ba29	424
Vanger	0:b86d15c6ba29	425	#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) \|\| \
Vanger	0:b86d15c6ba29	426	defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
Vanger	0:b86d15c6ba29	427	#define BUILD_ARC4
Vanger	0:b86d15c6ba29	428	#endif
Vanger	0:b86d15c6ba29	429
Vanger	0:b86d15c6ba29	430	#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
Vanger	0:b86d15c6ba29	431	#define BUILD_DES3
Vanger	0:b86d15c6ba29	432	#endif
Vanger	0:b86d15c6ba29	433
Vanger	0:b86d15c6ba29	434	#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) \|\| \
Vanger	0:b86d15c6ba29	435	defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) \|\| \
Vanger	0:b86d15c6ba29	436	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
Vanger	0:b86d15c6ba29	437	#undef BUILD_AES
Vanger	0:b86d15c6ba29	438	#define BUILD_AES
Vanger	0:b86d15c6ba29	439	#endif
Vanger	0:b86d15c6ba29	440
Vanger	0:b86d15c6ba29	441	#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) \|\| \
Vanger	0:b86d15c6ba29	442	defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
Vanger	0:b86d15c6ba29	443	#define BUILD_AESGCM
Vanger	0:b86d15c6ba29	444	#endif
Vanger	0:b86d15c6ba29	445
Vanger	0:b86d15c6ba29	446	#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) \|\| \
Vanger	0:b86d15c6ba29	447	defined(BUILD_TLS_RSA_WITH_HC_128_MD5) \|\| \
Vanger	0:b86d15c6ba29	448	defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
Vanger	0:b86d15c6ba29	449	#define BUILD_HC128
Vanger	0:b86d15c6ba29	450	#endif
Vanger	0:b86d15c6ba29	451
Vanger	0:b86d15c6ba29	452	#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
Vanger	0:b86d15c6ba29	453	#define BUILD_RABBIT
Vanger	0:b86d15c6ba29	454	#endif
Vanger	0:b86d15c6ba29	455
Vanger	0:b86d15c6ba29	456	#ifdef NO_DES3
Vanger	0:b86d15c6ba29	457	#define DES_BLOCK_SIZE 8
Vanger	0:b86d15c6ba29	458	#else
Vanger	0:b86d15c6ba29	459	#undef BUILD_DES3
Vanger	0:b86d15c6ba29	460	#define BUILD_DES3
Vanger	0:b86d15c6ba29	461	#endif
Vanger	0:b86d15c6ba29	462
Vanger	0:b86d15c6ba29	463	#ifdef NO_AES
Vanger	0:b86d15c6ba29	464	#define AES_BLOCK_SIZE 16
Vanger	0:b86d15c6ba29	465	#else
Vanger	0:b86d15c6ba29	466	#undef BUILD_AES
Vanger	0:b86d15c6ba29	467	#define BUILD_AES
Vanger	0:b86d15c6ba29	468	#endif
Vanger	0:b86d15c6ba29	469
Vanger	0:b86d15c6ba29	470	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	471	#undef BUILD_ARC4
Vanger	0:b86d15c6ba29	472	#define BUILD_ARC4
Vanger	0:b86d15c6ba29	473	#endif
Vanger	0:b86d15c6ba29	474
Vanger	0:b86d15c6ba29	475	#ifdef HAVE_CHACHA
Vanger	0:b86d15c6ba29	476	#define CHACHA20_BLOCK_SIZE 16
Vanger	0:b86d15c6ba29	477	/* ChaCha - Poly AEAD suites */
Vanger	0:b86d15c6ba29	478	#if defined(HAVE_POLY1305) && !defined(NO_SHA256)
Vanger	0:b86d15c6ba29	479	#if defined(HAVE_ECC)
Vanger	0:b86d15c6ba29	480	#if !defined(NO_RSA)
Vanger	0:b86d15c6ba29	481	#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Vanger	0:b86d15c6ba29	482	#endif
Vanger	0:b86d15c6ba29	483	#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Vanger	0:b86d15c6ba29	484	#endif
Vanger	0:b86d15c6ba29	485	#if !defined(NO_DH) && !defined(NO_RSA)
Vanger	0:b86d15c6ba29	486	#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Vanger	0:b86d15c6ba29	487	#endif
Vanger	0:b86d15c6ba29	488	#endif /* end of ChaCha - Poly AEAD suites */
Vanger	0:b86d15c6ba29	489	#endif
Vanger	0:b86d15c6ba29	490
Vanger	0:b86d15c6ba29	491	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM) \|\| defined(HAVE_CHACHA)
Vanger	0:b86d15c6ba29	492	#define HAVE_AEAD
Vanger	0:b86d15c6ba29	493	#endif
Vanger	0:b86d15c6ba29	494
Vanger	0:b86d15c6ba29	495
Vanger	0:b86d15c6ba29	496	/* actual cipher values, 2nd byte */
Vanger	0:b86d15c6ba29	497	enum {
Vanger	0:b86d15c6ba29	498	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
Vanger	0:b86d15c6ba29	499	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
Vanger	0:b86d15c6ba29	500	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
Vanger	0:b86d15c6ba29	501	TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
Vanger	0:b86d15c6ba29	502	TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
Vanger	0:b86d15c6ba29	503	TLS_RSA_WITH_NULL_SHA = 0x02,
Vanger	0:b86d15c6ba29	504	TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
Vanger	0:b86d15c6ba29	505	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
Vanger	0:b86d15c6ba29	506	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
Vanger	0:b86d15c6ba29	507	TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
Vanger	0:b86d15c6ba29	508	TLS_PSK_WITH_NULL_SHA256 = 0xb0,
Vanger	0:b86d15c6ba29	509	TLS_PSK_WITH_NULL_SHA384 = 0xb1,
Vanger	0:b86d15c6ba29	510	TLS_PSK_WITH_NULL_SHA = 0x2c,
Vanger	0:b86d15c6ba29	511	SSL_RSA_WITH_RC4_128_SHA = 0x05,
Vanger	0:b86d15c6ba29	512	SSL_RSA_WITH_RC4_128_MD5 = 0x04,
Vanger	0:b86d15c6ba29	513	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
Vanger	0:b86d15c6ba29	514
Vanger	0:b86d15c6ba29	515	/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
Vanger	0:b86d15c6ba29	516	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
Vanger	0:b86d15c6ba29	517	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
Vanger	0:b86d15c6ba29	518	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
Vanger	0:b86d15c6ba29	519	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
Vanger	0:b86d15c6ba29	520	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
Vanger	0:b86d15c6ba29	521	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
Vanger	0:b86d15c6ba29	522	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
Vanger	0:b86d15c6ba29	523	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
Vanger	0:b86d15c6ba29	524	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
Vanger	0:b86d15c6ba29	525	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
Vanger	0:b86d15c6ba29	526	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
Vanger	0:b86d15c6ba29	527	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
Vanger	0:b86d15c6ba29	528
Vanger	0:b86d15c6ba29	529	/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
Vanger	0:b86d15c6ba29	530	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
Vanger	0:b86d15c6ba29	531	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
Vanger	0:b86d15c6ba29	532	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
Vanger	0:b86d15c6ba29	533	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
Vanger	0:b86d15c6ba29	534	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
Vanger	0:b86d15c6ba29	535	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
Vanger	0:b86d15c6ba29	536	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
Vanger	0:b86d15c6ba29	537	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
Vanger	0:b86d15c6ba29	538	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
Vanger	0:b86d15c6ba29	539	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
Vanger	0:b86d15c6ba29	540	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
Vanger	0:b86d15c6ba29	541	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
Vanger	0:b86d15c6ba29	542
Vanger	0:b86d15c6ba29	543	/* CyaSSL extension - eSTREAM */
Vanger	0:b86d15c6ba29	544	TLS_RSA_WITH_HC_128_MD5 = 0xFB,
Vanger	0:b86d15c6ba29	545	TLS_RSA_WITH_HC_128_SHA = 0xFC,
Vanger	0:b86d15c6ba29	546	TLS_RSA_WITH_RABBIT_SHA = 0xFD,
Vanger	0:b86d15c6ba29	547
Vanger	0:b86d15c6ba29	548	/* CyaSSL extension - Blake2b 256 */
Vanger	0:b86d15c6ba29	549	TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
Vanger	0:b86d15c6ba29	550	TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
Vanger	0:b86d15c6ba29	551	TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
Vanger	0:b86d15c6ba29	552
Vanger	0:b86d15c6ba29	553	/* CyaSSL extension - NTRU */
Vanger	0:b86d15c6ba29	554	TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
Vanger	0:b86d15c6ba29	555	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
Vanger	0:b86d15c6ba29	556	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
Vanger	0:b86d15c6ba29	557	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
Vanger	0:b86d15c6ba29	558
Vanger	0:b86d15c6ba29	559	/* SHA256 */
Vanger	0:b86d15c6ba29	560	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
Vanger	0:b86d15c6ba29	561	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
Vanger	0:b86d15c6ba29	562	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
Vanger	0:b86d15c6ba29	563	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
Vanger	0:b86d15c6ba29	564	TLS_RSA_WITH_NULL_SHA256 = 0x3b,
Vanger	0:b86d15c6ba29	565	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
Vanger	0:b86d15c6ba29	566	TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
Vanger	0:b86d15c6ba29	567
Vanger	0:b86d15c6ba29	568	/* SHA384 */
Vanger	0:b86d15c6ba29	569	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
Vanger	0:b86d15c6ba29	570	TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
Vanger	0:b86d15c6ba29	571
Vanger	0:b86d15c6ba29	572	/* AES-GCM */
Vanger	0:b86d15c6ba29	573	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
Vanger	0:b86d15c6ba29	574	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
Vanger	0:b86d15c6ba29	575	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
Vanger	0:b86d15c6ba29	576	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
Vanger	0:b86d15c6ba29	577	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
Vanger	0:b86d15c6ba29	578	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
Vanger	0:b86d15c6ba29	579	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
Vanger	0:b86d15c6ba29	580	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
Vanger	0:b86d15c6ba29	581
Vanger	0:b86d15c6ba29	582	/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
Vanger	0:b86d15c6ba29	583	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
Vanger	0:b86d15c6ba29	584	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
Vanger	0:b86d15c6ba29	585	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
Vanger	0:b86d15c6ba29	586	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
Vanger	0:b86d15c6ba29	587	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
Vanger	0:b86d15c6ba29	588	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
Vanger	0:b86d15c6ba29	589	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
Vanger	0:b86d15c6ba29	590	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
Vanger	0:b86d15c6ba29	591
Vanger	0:b86d15c6ba29	592	/* AES-CCM, first byte is 0xC0 but isn't ECC,
Vanger	0:b86d15c6ba29	593	* also, in some of the other AES-CCM suites
Vanger	0:b86d15c6ba29	594	* there will be second byte number conflicts
Vanger	0:b86d15c6ba29	595	* with non-ECC AES-GCM */
Vanger	0:b86d15c6ba29	596	TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
Vanger	0:b86d15c6ba29	597	TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
Vanger	0:b86d15c6ba29	598	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
Vanger	0:b86d15c6ba29	599	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
Vanger	0:b86d15c6ba29	600	TLS_PSK_WITH_AES_128_CCM = 0xa4,
Vanger	0:b86d15c6ba29	601	TLS_PSK_WITH_AES_256_CCM = 0xa5,
Vanger	0:b86d15c6ba29	602	TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
Vanger	0:b86d15c6ba29	603	TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
Vanger	0:b86d15c6ba29	604	TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
Vanger	0:b86d15c6ba29	605	TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
Vanger	0:b86d15c6ba29	606
Vanger	0:b86d15c6ba29	607	/* Camellia */
Vanger	0:b86d15c6ba29	608	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
Vanger	0:b86d15c6ba29	609	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
Vanger	0:b86d15c6ba29	610	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
Vanger	0:b86d15c6ba29	611	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
Vanger	0:b86d15c6ba29	612	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
Vanger	0:b86d15c6ba29	613	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
Vanger	0:b86d15c6ba29	614	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
Vanger	0:b86d15c6ba29	615	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
Vanger	0:b86d15c6ba29	616
Vanger	0:b86d15c6ba29	617	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13,
Vanger	0:b86d15c6ba29	618	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
Vanger	0:b86d15c6ba29	619	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15,
Vanger	0:b86d15c6ba29	620
Vanger	0:b86d15c6ba29	621	/* Renegotiation Indication Extension Special Suite */
Vanger	0:b86d15c6ba29	622	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
Vanger	0:b86d15c6ba29	623	};
Vanger	0:b86d15c6ba29	624
Vanger	0:b86d15c6ba29	625
Vanger	0:b86d15c6ba29	626	#ifndef CYASSL_SESSION_TIMEOUT
Vanger	0:b86d15c6ba29	627	#define CYASSL_SESSION_TIMEOUT 500
Vanger	0:b86d15c6ba29	628	/* default session resumption cache timeout in seconds */
Vanger	0:b86d15c6ba29	629	#endif
Vanger	0:b86d15c6ba29	630
Vanger	0:b86d15c6ba29	631
Vanger	0:b86d15c6ba29	632	enum Misc {
Vanger	0:b86d15c6ba29	633	ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
Vanger	0:b86d15c6ba29	634	CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
Vanger	0:b86d15c6ba29	635
Vanger	0:b86d15c6ba29	636	SEND_CERT = 1,
Vanger	0:b86d15c6ba29	637	SEND_BLANK_CERT = 2,
Vanger	0:b86d15c6ba29	638
Vanger	0:b86d15c6ba29	639	DTLS_MAJOR = 0xfe, /* DTLS major version number */
Vanger	0:b86d15c6ba29	640	DTLS_MINOR = 0xff, /* DTLS minor version number */
Vanger	0:b86d15c6ba29	641	DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
Vanger	0:b86d15c6ba29	642	SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
Vanger	0:b86d15c6ba29	643	SSLv3_MINOR = 0, /* TLSv1 minor version number */
Vanger	0:b86d15c6ba29	644	TLSv1_MINOR = 1, /* TLSv1 minor version number */
Vanger	0:b86d15c6ba29	645	TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
Vanger	0:b86d15c6ba29	646	TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
Vanger	0:b86d15c6ba29	647	OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
Vanger	0:b86d15c6ba29	648	INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
Vanger	0:b86d15c6ba29	649	NO_COMPRESSION = 0,
Vanger	0:b86d15c6ba29	650	ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
Vanger	0:b86d15c6ba29	651	HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
Vanger	0:b86d15c6ba29	652	SECRET_LEN = 48, /* pre RSA and all master */
Vanger	0:b86d15c6ba29	653	ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
Vanger	0:b86d15c6ba29	654	SIZEOF_SENDER = 4, /* clnt or srvr */
Vanger	0:b86d15c6ba29	655	FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
Vanger	0:b86d15c6ba29	656	MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
Vanger	0:b86d15c6ba29	657	MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
Vanger	0:b86d15c6ba29	658	/* max added to msg, mac + pad from */
Vanger	0:b86d15c6ba29	659	/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
Vanger	0:b86d15c6ba29	660	digest sz + BLOC_SZ (iv) + pad byte (1) */
Vanger	0:b86d15c6ba29	661	MAX_COMP_EXTRA = 1024, /* max compression extra */
Vanger	0:b86d15c6ba29	662	MAX_MTU = 1500, /* max expected MTU */
Vanger	0:b86d15c6ba29	663	MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
Vanger	0:b86d15c6ba29	664	MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
Vanger	0:b86d15c6ba29	665	MAX_STR_VERSION = 8, /* string rep of protocol version */
Vanger	0:b86d15c6ba29	666
Vanger	0:b86d15c6ba29	667	PAD_MD5 = 48, /* pad length for finished */
Vanger	0:b86d15c6ba29	668	PAD_SHA = 40, /* pad length for finished */
Vanger	0:b86d15c6ba29	669	MAX_PAD_SIZE = 256, /* maximum length of padding */
Vanger	0:b86d15c6ba29	670	COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
Vanger	0:b86d15c6ba29	671	COMPRESS_CONSTANT = 13, /* compression calc constant */
Vanger	0:b86d15c6ba29	672	COMPRESS_UPPER = 55, /* compression calc numerator */
Vanger	0:b86d15c6ba29	673	COMPRESS_LOWER = 64, /* compression calc denominator */
Vanger	0:b86d15c6ba29	674
Vanger	0:b86d15c6ba29	675	PEM_LINE_LEN = 80, /* PEM line max + fudge */
Vanger	0:b86d15c6ba29	676	LENGTH_SZ = 2, /* length field for HMAC, data only */
Vanger	0:b86d15c6ba29	677	VERSION_SZ = 2, /* length of proctocol version */
Vanger	0:b86d15c6ba29	678	SEQ_SZ = 8, /* 64 bit sequence number */
Vanger	0:b86d15c6ba29	679	BYTE3_LEN = 3, /* up to 24 bit byte lengths */
Vanger	0:b86d15c6ba29	680	ALERT_SIZE = 2, /* level + description */
Vanger	0:b86d15c6ba29	681	VERIFY_HEADER = 2, /* always use 2 bytes */
Vanger	0:b86d15c6ba29	682	EXT_ID_SZ = 2, /* always use 2 bytes */
Vanger	0:b86d15c6ba29	683	MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
Vanger	0:b86d15c6ba29	684
Vanger	0:b86d15c6ba29	685	MAX_SUITE_SZ = 200, /* 100 suites for now! */
Vanger	0:b86d15c6ba29	686	RAN_LEN = 32, /* random length */
Vanger	0:b86d15c6ba29	687	SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
Vanger	0:b86d15c6ba29	688	ID_LEN = 32, /* session id length */
Vanger	0:b86d15c6ba29	689	MAX_COOKIE_LEN = 32, /* max dtls cookie size */
Vanger	0:b86d15c6ba29	690	COOKIE_SZ = 20, /* use a 20 byte cookie */
Vanger	0:b86d15c6ba29	691	SUITE_LEN = 2, /* cipher suite sz length */
Vanger	0:b86d15c6ba29	692	ENUM_LEN = 1, /* always a byte */
Vanger	0:b86d15c6ba29	693	OPAQUE8_LEN = 1, /* 1 byte */
Vanger	0:b86d15c6ba29	694	OPAQUE16_LEN = 2, /* 2 bytes */
Vanger	0:b86d15c6ba29	695	OPAQUE24_LEN = 3, /* 3 bytes */
Vanger	0:b86d15c6ba29	696	OPAQUE32_LEN = 4, /* 4 bytes */
Vanger	0:b86d15c6ba29	697	COMP_LEN = 1, /* compression length */
Vanger	0:b86d15c6ba29	698	CURVE_LEN = 2, /* ecc named curve length */
Vanger	0:b86d15c6ba29	699	SERVER_ID_LEN = 20, /* server session id length */
Vanger	0:b86d15c6ba29	700
Vanger	0:b86d15c6ba29	701	HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
Vanger	0:b86d15c6ba29	702	RECORD_HEADER_SZ = 5, /* type + version + len(2) */
Vanger	0:b86d15c6ba29	703	CERT_HEADER_SZ = 3, /* always 3 bytes */
Vanger	0:b86d15c6ba29	704	REQ_HEADER_SZ = 2, /* cert request header sz */
Vanger	0:b86d15c6ba29	705	HINT_LEN_SZ = 2, /* length of hint size field */
Vanger	0:b86d15c6ba29	706	TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
Vanger	0:b86d15c6ba29	707	HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
Vanger	0:b86d15c6ba29	708	HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
Vanger	0:b86d15c6ba29	709	HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
Vanger	0:b86d15c6ba29	710	HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
Vanger	0:b86d15c6ba29	711	HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
Vanger	0:b86d15c6ba29	712
Vanger	0:b86d15c6ba29	713	DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
Vanger	0:b86d15c6ba29	714	DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
Vanger	0:b86d15c6ba29	715	DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
Vanger	0:b86d15c6ba29	716	DTLS_RECORD_EXTRA = 8, /* diff from normal */
Vanger	0:b86d15c6ba29	717	DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
Vanger	0:b86d15c6ba29	718	DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
Vanger	0:b86d15c6ba29	719	DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
Vanger	0:b86d15c6ba29	720
Vanger	0:b86d15c6ba29	721	FINISHED_LABEL_SZ = 15, /* TLS finished label size */
Vanger	0:b86d15c6ba29	722	TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
Vanger	0:b86d15c6ba29	723	MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
Vanger	0:b86d15c6ba29	724	KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
Vanger	0:b86d15c6ba29	725	MAX_PRF_HALF = 256, /* Maximum half secret len */
Vanger	0:b86d15c6ba29	726	MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
Vanger	0:b86d15c6ba29	727	MAX_PRF_DIG = 224, /* Maximum digest len */
Vanger	0:b86d15c6ba29	728	MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
Vanger	0:b86d15c6ba29	729	SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
Vanger	0:b86d15c6ba29	730
Vanger	0:b86d15c6ba29	731	RC4_KEY_SIZE = 16, /* always 128bit */
Vanger	0:b86d15c6ba29	732	DES_KEY_SIZE = 8, /* des */
Vanger	0:b86d15c6ba29	733	DES3_KEY_SIZE = 24, /* 3 des ede */
Vanger	0:b86d15c6ba29	734	DES_IV_SIZE = DES_BLOCK_SIZE,
Vanger	0:b86d15c6ba29	735	AES_256_KEY_SIZE = 32, /* for 256 bit */
Vanger	0:b86d15c6ba29	736	AES_192_KEY_SIZE = 24, /* for 192 bit */
Vanger	0:b86d15c6ba29	737	AES_IV_SIZE = 16, /* always block size */
Vanger	0:b86d15c6ba29	738	AES_128_KEY_SIZE = 16, /* for 128 bit */
Vanger	0:b86d15c6ba29	739
Vanger	0:b86d15c6ba29	740	AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
Vanger	0:b86d15c6ba29	741	AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
Vanger	0:b86d15c6ba29	742	AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
Vanger	0:b86d15c6ba29	743	AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
Vanger	0:b86d15c6ba29	744	AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
Vanger	0:b86d15c6ba29	745	AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
Vanger	0:b86d15c6ba29	746	AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
Vanger	0:b86d15c6ba29	747	AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
Vanger	0:b86d15c6ba29	748	AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
Vanger	0:b86d15c6ba29	749
Vanger	0:b86d15c6ba29	750	AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
Vanger	0:b86d15c6ba29	751	AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
Vanger	0:b86d15c6ba29	752	AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
Vanger	0:b86d15c6ba29	753
Vanger	0:b86d15c6ba29	754	CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
Vanger	0:b86d15c6ba29	755	CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
Vanger	0:b86d15c6ba29	756	CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
Vanger	0:b86d15c6ba29	757	CAMELLIA_IV_SIZE = 16, /* always block size */
Vanger	0:b86d15c6ba29	758
Vanger	0:b86d15c6ba29	759	CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
Vanger	0:b86d15c6ba29	760	CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
Vanger	0:b86d15c6ba29	761	CHACHA20_IV_SIZE = 8, /* 64 bits for iv */
Vanger	0:b86d15c6ba29	762
Vanger	0:b86d15c6ba29	763	POLY1305_AUTH_SZ = 16, /* 128 bits */
Vanger	0:b86d15c6ba29	764
Vanger	0:b86d15c6ba29	765	HC_128_KEY_SIZE = 16, /* 128 bits */
Vanger	0:b86d15c6ba29	766	HC_128_IV_SIZE = 16, /* also 128 bits */
Vanger	0:b86d15c6ba29	767
Vanger	0:b86d15c6ba29	768	RABBIT_KEY_SIZE = 16, /* 128 bits */
Vanger	0:b86d15c6ba29	769	RABBIT_IV_SIZE = 8, /* 64 bits for iv */
Vanger	0:b86d15c6ba29	770
Vanger	0:b86d15c6ba29	771	EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
Vanger	0:b86d15c6ba29	772
Vanger	0:b86d15c6ba29	773	ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
Vanger	0:b86d15c6ba29	774	MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
Vanger	0:b86d15c6ba29	775
Vanger	0:b86d15c6ba29	776	MAX_HELLO_SZ = 128, /* max client or server hello */
Vanger	0:b86d15c6ba29	777	MAX_CERT_VERIFY_SZ = 1024, /* max */
Vanger	0:b86d15c6ba29	778	CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
Vanger	0:b86d15c6ba29	779	MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
Vanger	0:b86d15c6ba29	780
Vanger	0:b86d15c6ba29	781	DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
Vanger	0:b86d15c6ba29	782	DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
Vanger	0:b86d15c6ba29	783	DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
Vanger	0:b86d15c6ba29	784
Vanger	0:b86d15c6ba29	785	MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
Vanger	0:b86d15c6ba29	786	MAX_PSK_KEY_LEN = 64, /* max psk key supported */
Vanger	0:b86d15c6ba29	787
Vanger	0:b86d15c6ba29	788	MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
Vanger	0:b86d15c6ba29	789
Vanger	0:b86d15c6ba29	790	#ifdef FORTRESS
Vanger	0:b86d15c6ba29	791	MAX_EX_DATA = 3, /* allow for three items of ex_data */
Vanger	0:b86d15c6ba29	792	#endif
Vanger	0:b86d15c6ba29	793
Vanger	0:b86d15c6ba29	794	MAX_X509_SIZE = 2048, /* max static x509 buffer size */
Vanger	0:b86d15c6ba29	795	CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
Vanger	0:b86d15c6ba29	796	MAX_FILENAME_SZ = 256, /* max file name length */
Vanger	0:b86d15c6ba29	797	FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
Vanger	0:b86d15c6ba29	798	will use dynamic buffer if not big enough */
Vanger	0:b86d15c6ba29	799
Vanger	0:b86d15c6ba29	800	MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
Vanger	0:b86d15c6ba29	801	MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
Vanger	0:b86d15c6ba29	802	MAX_NTRU_BITS = 256, /* max symmetric bit strength */
Vanger	0:b86d15c6ba29	803	NO_SNIFF = 0, /* not sniffing */
Vanger	0:b86d15c6ba29	804	SNIFF = 1, /* currently sniffing */
Vanger	0:b86d15c6ba29	805
Vanger	0:b86d15c6ba29	806	HASH_SIG_SIZE = 2, /* default SHA1 RSA */
Vanger	0:b86d15c6ba29	807
Vanger	0:b86d15c6ba29	808	NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
Vanger	0:b86d15c6ba29	809
Vanger	0:b86d15c6ba29	810	NO_COPY = 0, /* should we copy static buffer for write */
Vanger	0:b86d15c6ba29	811	COPY = 1 /* should we copy static buffer for write */
Vanger	0:b86d15c6ba29	812	};
Vanger	0:b86d15c6ba29	813
Vanger	0:b86d15c6ba29	814	#ifdef SESSION_INDEX
Vanger	0:b86d15c6ba29	815	/* Shift values for making a session index */
Vanger	0:b86d15c6ba29	816	#define SESSIDX_ROW_SHIFT 4
Vanger	0:b86d15c6ba29	817	#define SESSIDX_IDX_MASK 0x0F
Vanger	0:b86d15c6ba29	818	#endif
Vanger	0:b86d15c6ba29	819
Vanger	0:b86d15c6ba29	820
Vanger	0:b86d15c6ba29	821	/* max cert chain peer depth */
Vanger	0:b86d15c6ba29	822	#ifndef MAX_CHAIN_DEPTH
Vanger	0:b86d15c6ba29	823	#define MAX_CHAIN_DEPTH 9
Vanger	0:b86d15c6ba29	824	#endif
Vanger	0:b86d15c6ba29	825
Vanger	0:b86d15c6ba29	826	#ifndef SESSION_TICKET_LEN
Vanger	0:b86d15c6ba29	827	#define SESSION_TICKET_LEN 256
Vanger	0:b86d15c6ba29	828	#endif
Vanger	0:b86d15c6ba29	829
Vanger	0:b86d15c6ba29	830
Vanger	0:b86d15c6ba29	831	/* don't use extra 3/4k stack space unless need to */
Vanger	0:b86d15c6ba29	832	#ifdef HAVE_NTRU
Vanger	0:b86d15c6ba29	833	#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
Vanger	0:b86d15c6ba29	834	#else
Vanger	0:b86d15c6ba29	835	#define MAX_ENCRYPT_SZ ENCRYPT_LEN
Vanger	0:b86d15c6ba29	836	#endif
Vanger	0:b86d15c6ba29	837
Vanger	0:b86d15c6ba29	838
Vanger	0:b86d15c6ba29	839	/* states */
Vanger	0:b86d15c6ba29	840	enum states {
Vanger	0:b86d15c6ba29	841	NULL_STATE = 0,
Vanger	0:b86d15c6ba29	842
Vanger	0:b86d15c6ba29	843	SERVER_HELLOVERIFYREQUEST_COMPLETE,
Vanger	0:b86d15c6ba29	844	SERVER_HELLO_COMPLETE,
Vanger	0:b86d15c6ba29	845	SERVER_CERT_COMPLETE,
Vanger	0:b86d15c6ba29	846	SERVER_KEYEXCHANGE_COMPLETE,
Vanger	0:b86d15c6ba29	847	SERVER_HELLODONE_COMPLETE,
Vanger	0:b86d15c6ba29	848	SERVER_FINISHED_COMPLETE,
Vanger	0:b86d15c6ba29	849
Vanger	0:b86d15c6ba29	850	CLIENT_HELLO_COMPLETE,
Vanger	0:b86d15c6ba29	851	CLIENT_KEYEXCHANGE_COMPLETE,
Vanger	0:b86d15c6ba29	852	CLIENT_FINISHED_COMPLETE,
Vanger	0:b86d15c6ba29	853
Vanger	0:b86d15c6ba29	854	HANDSHAKE_DONE
Vanger	0:b86d15c6ba29	855	};
Vanger	0:b86d15c6ba29	856
Vanger	0:b86d15c6ba29	857
Vanger	0:b86d15c6ba29	858	#if defined(__GNUC__)
Vanger	0:b86d15c6ba29	859	#define CYASSL_PACK __attribute__ ((packed))
Vanger	0:b86d15c6ba29	860	#else
Vanger	0:b86d15c6ba29	861	#define CYASSL_PACK
Vanger	0:b86d15c6ba29	862	#endif
Vanger	0:b86d15c6ba29	863
Vanger	0:b86d15c6ba29	864	/* SSL Version */
Vanger	0:b86d15c6ba29	865	typedef struct ProtocolVersion {
Vanger	0:b86d15c6ba29	866	byte major;
Vanger	0:b86d15c6ba29	867	byte minor;
Vanger	0:b86d15c6ba29	868	} CYASSL_PACK ProtocolVersion;
Vanger	0:b86d15c6ba29	869
Vanger	0:b86d15c6ba29	870
Vanger	0:b86d15c6ba29	871	CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
Vanger	0:b86d15c6ba29	872	CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
Vanger	0:b86d15c6ba29	873	CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
Vanger	0:b86d15c6ba29	874	CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
Vanger	0:b86d15c6ba29	875
Vanger	0:b86d15c6ba29	876	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	877	CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
Vanger	0:b86d15c6ba29	878	CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
Vanger	0:b86d15c6ba29	879	#endif
Vanger	0:b86d15c6ba29	880
Vanger	0:b86d15c6ba29	881
Vanger	0:b86d15c6ba29	882	enum BIO_TYPE {
Vanger	0:b86d15c6ba29	883	BIO_BUFFER = 1,
Vanger	0:b86d15c6ba29	884	BIO_SOCKET = 2,
Vanger	0:b86d15c6ba29	885	BIO_SSL = 3,
Vanger	0:b86d15c6ba29	886	BIO_MEMORY = 4
Vanger	0:b86d15c6ba29	887	};
Vanger	0:b86d15c6ba29	888
Vanger	0:b86d15c6ba29	889
Vanger	0:b86d15c6ba29	890	/* CyaSSL BIO_METHOD type */
Vanger	0:b86d15c6ba29	891	struct CYASSL_BIO_METHOD {
Vanger	0:b86d15c6ba29	892	byte type; /* method type */
Vanger	0:b86d15c6ba29	893	};
Vanger	0:b86d15c6ba29	894
Vanger	0:b86d15c6ba29	895
Vanger	0:b86d15c6ba29	896	/* CyaSSL BIO type */
Vanger	0:b86d15c6ba29	897	struct CYASSL_BIO {
Vanger	0:b86d15c6ba29	898	byte type; /* method type */
Vanger	0:b86d15c6ba29	899	byte close; /* close flag */
Vanger	0:b86d15c6ba29	900	byte eof; /* eof flag */
Vanger	0:b86d15c6ba29	901	CYASSL* ssl; /* possible associated ssl */
Vanger	0:b86d15c6ba29	902	byte* mem; /* memory buffer */
Vanger	0:b86d15c6ba29	903	int memLen; /* memory buffer length */
Vanger	0:b86d15c6ba29	904	int fd; /* possible file descriptor */
Vanger	0:b86d15c6ba29	905	CYASSL_BIO* prev; /* previous in chain */
Vanger	0:b86d15c6ba29	906	CYASSL_BIO* next; /* next in chain */
Vanger	0:b86d15c6ba29	907	};
Vanger	0:b86d15c6ba29	908
Vanger	0:b86d15c6ba29	909
Vanger	0:b86d15c6ba29	910	/* CyaSSL method type */
Vanger	0:b86d15c6ba29	911	struct CYASSL_METHOD {
Vanger	0:b86d15c6ba29	912	ProtocolVersion version;
Vanger	0:b86d15c6ba29	913	byte side; /* connection side, server or client */
Vanger	0:b86d15c6ba29	914	byte downgrade; /* whether to downgrade version, default no */
Vanger	0:b86d15c6ba29	915	};
Vanger	0:b86d15c6ba29	916
Vanger	0:b86d15c6ba29	917
Vanger	0:b86d15c6ba29	918	/* defautls to client */
Vanger	0:b86d15c6ba29	919	CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
Vanger	0:b86d15c6ba29	920
Vanger	0:b86d15c6ba29	921	/* for sniffer */
Vanger	0:b86d15c6ba29	922	CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
Vanger	0:b86d15c6ba29	923	word32 size, word32 totalSz, int sniff);
Vanger	0:b86d15c6ba29	924	CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
Vanger	0:b86d15c6ba29	925
Vanger	0:b86d15c6ba29	926
Vanger	0:b86d15c6ba29	927	/* CyaSSL buffer type */
Vanger	0:b86d15c6ba29	928	typedef struct buffer {
Vanger	0:b86d15c6ba29	929	word32 length;
Vanger	0:b86d15c6ba29	930	byte* buffer;
Vanger	0:b86d15c6ba29	931	} buffer;
Vanger	0:b86d15c6ba29	932
Vanger	0:b86d15c6ba29	933
Vanger	0:b86d15c6ba29	934	enum {
Vanger	0:b86d15c6ba29	935	FORCED_FREE = 1,
Vanger	0:b86d15c6ba29	936	NO_FORCED_FREE = 0
Vanger	0:b86d15c6ba29	937	};
Vanger	0:b86d15c6ba29	938
Vanger	0:b86d15c6ba29	939
Vanger	0:b86d15c6ba29	940	/* only use compression extra if using compression */
Vanger	0:b86d15c6ba29	941	#ifdef HAVE_LIBZ
Vanger	0:b86d15c6ba29	942	#define COMP_EXTRA MAX_COMP_EXTRA
Vanger	0:b86d15c6ba29	943	#else
Vanger	0:b86d15c6ba29	944	#define COMP_EXTRA 0
Vanger	0:b86d15c6ba29	945	#endif
Vanger	0:b86d15c6ba29	946
Vanger	0:b86d15c6ba29	947	/* only the sniffer needs space in the buffer for extra MTU record(s) */
Vanger	0:b86d15c6ba29	948	#ifdef CYASSL_SNIFFER
Vanger	0:b86d15c6ba29	949	#define MTU_EXTRA MAX_MTU * 3
Vanger	0:b86d15c6ba29	950	#else
Vanger	0:b86d15c6ba29	951	#define MTU_EXTRA 0
Vanger	0:b86d15c6ba29	952	#endif
Vanger	0:b86d15c6ba29	953
Vanger	0:b86d15c6ba29	954
Vanger	0:b86d15c6ba29	955	/* embedded callbacks require large static buffers, make sure on */
Vanger	0:b86d15c6ba29	956	#ifdef CYASSL_CALLBACKS
Vanger	0:b86d15c6ba29	957	#undef LARGE_STATIC_BUFFERS
Vanger	0:b86d15c6ba29	958	#define LARGE_STATIC_BUFFERS
Vanger	0:b86d15c6ba29	959	#endif
Vanger	0:b86d15c6ba29	960
Vanger	0:b86d15c6ba29	961
Vanger	0:b86d15c6ba29	962	/* give user option to use 16K static buffers */
Vanger	0:b86d15c6ba29	963	#if defined(LARGE_STATIC_BUFFERS)
Vanger	0:b86d15c6ba29	964	#define RECORD_SIZE MAX_RECORD_SIZE
Vanger	0:b86d15c6ba29	965	#else
Vanger	0:b86d15c6ba29	966	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	967	#define RECORD_SIZE MAX_MTU
Vanger	0:b86d15c6ba29	968	#else
Vanger	0:b86d15c6ba29	969	#define RECORD_SIZE 128
Vanger	0:b86d15c6ba29	970	#endif
Vanger	0:b86d15c6ba29	971	#endif
Vanger	0:b86d15c6ba29	972
Vanger	0:b86d15c6ba29	973
Vanger	0:b86d15c6ba29	974	/* user option to turn off 16K output option */
Vanger	0:b86d15c6ba29	975	/* if using small static buffers (default) and SSL_write tries to write data
Vanger	0:b86d15c6ba29	976	larger than the record we have, dynamically get it, unless user says only
Vanger	0:b86d15c6ba29	977	write in static buffer chuncks */
Vanger	0:b86d15c6ba29	978	#ifndef STATIC_CHUNKS_ONLY
Vanger	0:b86d15c6ba29	979	#define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
Vanger	0:b86d15c6ba29	980	#else
Vanger	0:b86d15c6ba29	981	#define OUTPUT_RECORD_SIZE RECORD_SIZE
Vanger	0:b86d15c6ba29	982	#endif
Vanger	0:b86d15c6ba29	983
Vanger	0:b86d15c6ba29	984	/* CyaSSL input buffer
Vanger	0:b86d15c6ba29	985
Vanger	0:b86d15c6ba29	986	RFC 2246:
Vanger	0:b86d15c6ba29	987
Vanger	0:b86d15c6ba29	988	length
Vanger	0:b86d15c6ba29	989	The length (in bytes) of the following TLSPlaintext.fragment.
Vanger	0:b86d15c6ba29	990	The length should not exceed 2^14.
Vanger	0:b86d15c6ba29	991	*/
Vanger	0:b86d15c6ba29	992	#if defined(LARGE_STATIC_BUFFERS)
Vanger	0:b86d15c6ba29	993	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
Vanger	0:b86d15c6ba29	994	MTU_EXTRA + MAX_MSG_EXTRA
Vanger	0:b86d15c6ba29	995	#else
Vanger	0:b86d15c6ba29	996	/* don't fragment memory from the record header */
Vanger	0:b86d15c6ba29	997	#define STATIC_BUFFER_LEN RECORD_HEADER_SZ
Vanger	0:b86d15c6ba29	998	#endif
Vanger	0:b86d15c6ba29	999
Vanger	0:b86d15c6ba29	1000	typedef struct {
Vanger	0:b86d15c6ba29	1001	word32 length; /* total buffer length used */
Vanger	0:b86d15c6ba29	1002	word32 idx; /* idx to part of length already consumed */
Vanger	0:b86d15c6ba29	1003	byte* buffer; /* place holder for static or dynamic buffer */
Vanger	0:b86d15c6ba29	1004	word32 bufferSize; /* current buffer size */
Vanger	0:b86d15c6ba29	1005	ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
Vanger	0:b86d15c6ba29	1006	byte dynamicFlag; /* dynamic memory currently in use */
Vanger	0:b86d15c6ba29	1007	byte offset; /* alignment offset attempt */
Vanger	0:b86d15c6ba29	1008	} bufferStatic;
Vanger	0:b86d15c6ba29	1009
Vanger	0:b86d15c6ba29	1010	/* Cipher Suites holder */
Vanger	0:b86d15c6ba29	1011	typedef struct Suites {
Vanger	0:b86d15c6ba29	1012	int setSuites; /* user set suites from default */
Vanger	0:b86d15c6ba29	1013	byte suites[MAX_SUITE_SZ];
Vanger	0:b86d15c6ba29	1014	word16 suiteSz; /* suite length in bytes */
Vanger	0:b86d15c6ba29	1015	byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
Vanger	0:b86d15c6ba29	1016	word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
Vanger	0:b86d15c6ba29	1017	byte hashAlgo; /* selected hash algorithm */
Vanger	0:b86d15c6ba29	1018	byte sigAlgo; /* selected sig algorithm */
Vanger	0:b86d15c6ba29	1019	} Suites;
Vanger	0:b86d15c6ba29	1020
Vanger	0:b86d15c6ba29	1021
Vanger	0:b86d15c6ba29	1022	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1023	void InitSuites(Suites*, ProtocolVersion,
Vanger	0:b86d15c6ba29	1024	byte, byte, byte, byte, byte, byte, int);
Vanger	0:b86d15c6ba29	1025	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1026	int SetCipherList(Suites, const char list);
Vanger	0:b86d15c6ba29	1027
Vanger	0:b86d15c6ba29	1028	#ifndef PSK_TYPES_DEFINED
Vanger	0:b86d15c6ba29	1029	typedef unsigned int (psk_client_callback)(CYASSL, const char, char,
Vanger	0:b86d15c6ba29	1030	unsigned int, unsigned char*, unsigned int);
Vanger	0:b86d15c6ba29	1031	typedef unsigned int (psk_server_callback)(CYASSL, const char*,
Vanger	0:b86d15c6ba29	1032	unsigned char*, unsigned int);
Vanger	0:b86d15c6ba29	1033	#endif /* PSK_TYPES_DEFINED */
Vanger	0:b86d15c6ba29	1034
Vanger	0:b86d15c6ba29	1035
Vanger	0:b86d15c6ba29	1036	#ifdef HAVE_NETX
Vanger	0:b86d15c6ba29	1037	CYASSL_LOCAL int NetX_Receive(CYASSL ssl, char buf, int sz, void *ctx);
Vanger	0:b86d15c6ba29	1038	CYASSL_LOCAL int NetX_Send(CYASSL ssl, char buf, int sz, void *ctx);
Vanger	0:b86d15c6ba29	1039	#endif /* HAVE_NETX */
Vanger	0:b86d15c6ba29	1040
Vanger	0:b86d15c6ba29	1041
Vanger	0:b86d15c6ba29	1042	/* CyaSSL Cipher type just points back to SSL */
Vanger	0:b86d15c6ba29	1043	struct CYASSL_CIPHER {
Vanger	0:b86d15c6ba29	1044	CYASSL* ssl;
Vanger	0:b86d15c6ba29	1045	};
Vanger	0:b86d15c6ba29	1046
Vanger	0:b86d15c6ba29	1047
Vanger	0:b86d15c6ba29	1048	typedef struct OCSP_Entry OCSP_Entry;
Vanger	0:b86d15c6ba29	1049
Vanger	0:b86d15c6ba29	1050	#ifdef SHA_DIGEST_SIZE
Vanger	0:b86d15c6ba29	1051	#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
Vanger	0:b86d15c6ba29	1052	#else
Vanger	0:b86d15c6ba29	1053	#define OCSP_DIGEST_SIZE 160
Vanger	0:b86d15c6ba29	1054	#endif
Vanger	0:b86d15c6ba29	1055
Vanger	0:b86d15c6ba29	1056	#ifdef NO_ASN
Vanger	0:b86d15c6ba29	1057	/* no_asn won't have */
Vanger	0:b86d15c6ba29	1058	typedef struct CertStatus CertStatus;
Vanger	0:b86d15c6ba29	1059	#endif
Vanger	0:b86d15c6ba29	1060
Vanger	0:b86d15c6ba29	1061	struct OCSP_Entry {
Vanger	0:b86d15c6ba29	1062	OCSP_Entry* next; /* next entry */
Vanger	0:b86d15c6ba29	1063	byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
Vanger	0:b86d15c6ba29	1064	byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
Vanger	0:b86d15c6ba29	1065	CertStatus* status; /* OCSP response list */
Vanger	0:b86d15c6ba29	1066	int totalStatus; /* number on list */
Vanger	0:b86d15c6ba29	1067	};
Vanger	0:b86d15c6ba29	1068
Vanger	0:b86d15c6ba29	1069
Vanger	0:b86d15c6ba29	1070	#ifndef HAVE_OCSP
Vanger	0:b86d15c6ba29	1071	typedef struct CYASSL_OCSP CYASSL_OCSP;
Vanger	0:b86d15c6ba29	1072	#endif
Vanger	0:b86d15c6ba29	1073
Vanger	0:b86d15c6ba29	1074	/* CyaSSL OCSP controller */
Vanger	0:b86d15c6ba29	1075	struct CYASSL_OCSP {
Vanger	0:b86d15c6ba29	1076	CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
Vanger	0:b86d15c6ba29	1077	OCSP_Entry* ocspList; /* OCSP response list */
Vanger	0:b86d15c6ba29	1078	CyaSSL_Mutex ocspLock; /* OCSP list lock */
Vanger	0:b86d15c6ba29	1079	};
Vanger	0:b86d15c6ba29	1080
Vanger	0:b86d15c6ba29	1081	#ifndef MAX_DATE_SIZE
Vanger	0:b86d15c6ba29	1082	#define MAX_DATE_SIZE 32
Vanger	0:b86d15c6ba29	1083	#endif
Vanger	0:b86d15c6ba29	1084
Vanger	0:b86d15c6ba29	1085	typedef struct CRL_Entry CRL_Entry;
Vanger	0:b86d15c6ba29	1086
Vanger	0:b86d15c6ba29	1087	#ifdef SHA_DIGEST_SIZE
Vanger	0:b86d15c6ba29	1088	#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
Vanger	0:b86d15c6ba29	1089	#else
Vanger	0:b86d15c6ba29	1090	#define CRL_DIGEST_SIZE 160
Vanger	0:b86d15c6ba29	1091	#endif
Vanger	0:b86d15c6ba29	1092
Vanger	0:b86d15c6ba29	1093	#ifdef NO_ASN
Vanger	0:b86d15c6ba29	1094	typedef struct RevokedCert RevokedCert;
Vanger	0:b86d15c6ba29	1095	#endif
Vanger	0:b86d15c6ba29	1096
Vanger	0:b86d15c6ba29	1097	/* Complete CRL */
Vanger	0:b86d15c6ba29	1098	struct CRL_Entry {
Vanger	0:b86d15c6ba29	1099	CRL_Entry* next; /* next entry */
Vanger	0:b86d15c6ba29	1100	byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
Vanger	0:b86d15c6ba29	1101	/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
Vanger	0:b86d15c6ba29	1102	/* restore the hash here if needed for optimized comparisons */
Vanger	0:b86d15c6ba29	1103	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
Vanger	0:b86d15c6ba29	1104	byte nextDate[MAX_DATE_SIZE]; /* next update date */
Vanger	0:b86d15c6ba29	1105	byte lastDateFormat; /* last date format */
Vanger	0:b86d15c6ba29	1106	byte nextDateFormat; /* next date format */
Vanger	0:b86d15c6ba29	1107	RevokedCert* certs; /* revoked cert list */
Vanger	0:b86d15c6ba29	1108	int totalCerts; /* number on list */
Vanger	0:b86d15c6ba29	1109	};
Vanger	0:b86d15c6ba29	1110
Vanger	0:b86d15c6ba29	1111
Vanger	0:b86d15c6ba29	1112	typedef struct CRL_Monitor CRL_Monitor;
Vanger	0:b86d15c6ba29	1113
Vanger	0:b86d15c6ba29	1114	/* CRL directory monitor */
Vanger	0:b86d15c6ba29	1115	struct CRL_Monitor {
Vanger	0:b86d15c6ba29	1116	char* path; /* full dir path, if valid pointer we're using */
Vanger	0:b86d15c6ba29	1117	int type; /* PEM or ASN1 type */
Vanger	0:b86d15c6ba29	1118	};
Vanger	0:b86d15c6ba29	1119
Vanger	0:b86d15c6ba29	1120
Vanger	0:b86d15c6ba29	1121	#ifndef HAVE_CRL
Vanger	0:b86d15c6ba29	1122	typedef struct CYASSL_CRL CYASSL_CRL;
Vanger	0:b86d15c6ba29	1123	#endif
Vanger	0:b86d15c6ba29	1124
Vanger	0:b86d15c6ba29	1125	/* CyaSSL CRL controller */
Vanger	0:b86d15c6ba29	1126	struct CYASSL_CRL {
Vanger	0:b86d15c6ba29	1127	CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
Vanger	0:b86d15c6ba29	1128	CRL_Entry* crlList; /* our CRL list */
Vanger	0:b86d15c6ba29	1129	CyaSSL_Mutex crlLock; /* CRL list lock */
Vanger	0:b86d15c6ba29	1130	CRL_Monitor monitors[2]; /* PEM and DER possible */
Vanger	0:b86d15c6ba29	1131	#ifdef HAVE_CRL_MONITOR
Vanger	0:b86d15c6ba29	1132	pthread_t tid; /* monitoring thread */
Vanger	0:b86d15c6ba29	1133	int mfd; /* monitor fd, -1 if no init yet */
Vanger	0:b86d15c6ba29	1134	#endif
Vanger	0:b86d15c6ba29	1135	};
Vanger	0:b86d15c6ba29	1136
Vanger	0:b86d15c6ba29	1137
Vanger	0:b86d15c6ba29	1138	#ifdef NO_ASN
Vanger	0:b86d15c6ba29	1139	typedef struct Signer Signer;
Vanger	0:b86d15c6ba29	1140	#endif
Vanger	0:b86d15c6ba29	1141
Vanger	0:b86d15c6ba29	1142
Vanger	0:b86d15c6ba29	1143	#ifndef CA_TABLE_SIZE
Vanger	0:b86d15c6ba29	1144	#define CA_TABLE_SIZE 11
Vanger	0:b86d15c6ba29	1145	#endif
Vanger	0:b86d15c6ba29	1146
Vanger	0:b86d15c6ba29	1147	/* CyaSSL Certificate Manager */
Vanger	0:b86d15c6ba29	1148	struct CYASSL_CERT_MANAGER {
Vanger	0:b86d15c6ba29	1149	Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
Vanger	0:b86d15c6ba29	1150	CyaSSL_Mutex caLock; /* CA list lock */
Vanger	0:b86d15c6ba29	1151	CallbackCACache caCacheCallback; /* CA cache addition callback */
Vanger	0:b86d15c6ba29	1152	void* heap; /* heap helper */
Vanger	0:b86d15c6ba29	1153	CYASSL_CRL* crl; /* CRL checker */
Vanger	0:b86d15c6ba29	1154	byte crlEnabled; /* is CRL on ? */
Vanger	0:b86d15c6ba29	1155	byte crlCheckAll; /* always leaf, but all ? */
Vanger	0:b86d15c6ba29	1156	CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
Vanger	0:b86d15c6ba29	1157	CYASSL_OCSP* ocsp; /* OCSP checker */
Vanger	0:b86d15c6ba29	1158	byte ocspEnabled; /* is OCSP on ? */
Vanger	0:b86d15c6ba29	1159	byte ocspSendNonce; /* send the OCSP nonce ? */
Vanger	0:b86d15c6ba29	1160	byte ocspUseOverrideURL; /* ignore cert's responder, override */
Vanger	0:b86d15c6ba29	1161	char* ocspOverrideURL; /* use this responder */
Vanger	0:b86d15c6ba29	1162	void* ocspIOCtx; /* I/O callback CTX */
Vanger	0:b86d15c6ba29	1163	CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
Vanger	0:b86d15c6ba29	1164	CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
Vanger	0:b86d15c6ba29	1165	};
Vanger	0:b86d15c6ba29	1166
Vanger	0:b86d15c6ba29	1167	CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER, const char);
Vanger	0:b86d15c6ba29	1168	CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER, const char);
Vanger	0:b86d15c6ba29	1169	CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER, void, int, int*);
Vanger	0:b86d15c6ba29	1170	CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER, const void, int);
Vanger	0:b86d15c6ba29	1171	CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*);
Vanger	0:b86d15c6ba29	1172
Vanger	0:b86d15c6ba29	1173	/* CyaSSL Sock Addr */
Vanger	0:b86d15c6ba29	1174	struct CYASSL_SOCKADDR {
Vanger	0:b86d15c6ba29	1175	unsigned int sz; /* sockaddr size */
Vanger	0:b86d15c6ba29	1176	void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
Vanger	0:b86d15c6ba29	1177	};
Vanger	0:b86d15c6ba29	1178
Vanger	0:b86d15c6ba29	1179	typedef struct CYASSL_DTLS_CTX {
Vanger	0:b86d15c6ba29	1180	CYASSL_SOCKADDR peer;
Vanger	0:b86d15c6ba29	1181	int fd;
Vanger	0:b86d15c6ba29	1182	} CYASSL_DTLS_CTX;
Vanger	0:b86d15c6ba29	1183
Vanger	0:b86d15c6ba29	1184
Vanger	0:b86d15c6ba29	1185	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	1186
Vanger	0:b86d15c6ba29	1187	#ifdef WORD64_AVAILABLE
Vanger	0:b86d15c6ba29	1188	typedef word64 DtlsSeq;
Vanger	0:b86d15c6ba29	1189	#else
Vanger	0:b86d15c6ba29	1190	typedef word32 DtlsSeq;
Vanger	0:b86d15c6ba29	1191	#endif
Vanger	0:b86d15c6ba29	1192	#define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
Vanger	0:b86d15c6ba29	1193
Vanger	0:b86d15c6ba29	1194	typedef struct DtlsState {
Vanger	0:b86d15c6ba29	1195	DtlsSeq window; /* Sliding window for current epoch */
Vanger	0:b86d15c6ba29	1196	word16 nextEpoch; /* Expected epoch in next record */
Vanger	0:b86d15c6ba29	1197	word32 nextSeq; /* Expected sequence in next record */
Vanger	0:b86d15c6ba29	1198
Vanger	0:b86d15c6ba29	1199	word16 curEpoch; /* Received epoch in current record */
Vanger	0:b86d15c6ba29	1200	word32 curSeq; /* Received sequence in current record */
Vanger	0:b86d15c6ba29	1201
Vanger	0:b86d15c6ba29	1202	DtlsSeq prevWindow; /* Sliding window for old epoch */
Vanger	0:b86d15c6ba29	1203	word32 prevSeq; /* Next sequence in allowed old epoch */
Vanger	0:b86d15c6ba29	1204	} DtlsState;
Vanger	0:b86d15c6ba29	1205
Vanger	0:b86d15c6ba29	1206	#endif /* CYASSL_DTLS */
Vanger	0:b86d15c6ba29	1207
Vanger	0:b86d15c6ba29	1208
Vanger	0:b86d15c6ba29	1209	/* keys and secrets */
Vanger	0:b86d15c6ba29	1210	typedef struct Keys {
Vanger	0:b86d15c6ba29	1211	byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
Vanger	0:b86d15c6ba29	1212	byte server_write_MAC_secret[MAX_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	1213	byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
Vanger	0:b86d15c6ba29	1214	byte server_write_key[AES_256_KEY_SIZE];
Vanger	0:b86d15c6ba29	1215	byte client_write_IV[AES_IV_SIZE]; /* max sizes */
Vanger	0:b86d15c6ba29	1216	byte server_write_IV[AES_IV_SIZE];
Vanger	0:b86d15c6ba29	1217	#ifdef HAVE_AEAD
Vanger	0:b86d15c6ba29	1218	byte aead_exp_IV[AEAD_EXP_IV_SZ];
Vanger	0:b86d15c6ba29	1219	byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
Vanger	0:b86d15c6ba29	1220	byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
Vanger	0:b86d15c6ba29	1221	#endif
Vanger	0:b86d15c6ba29	1222
Vanger	0:b86d15c6ba29	1223	word32 peer_sequence_number;
Vanger	0:b86d15c6ba29	1224	word32 sequence_number;
Vanger	0:b86d15c6ba29	1225
Vanger	0:b86d15c6ba29	1226	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	1227	DtlsState dtls_state; /* Peer's state */
Vanger	0:b86d15c6ba29	1228	word16 dtls_peer_handshake_number;
Vanger	0:b86d15c6ba29	1229	word16 dtls_expected_peer_handshake_number;
Vanger	0:b86d15c6ba29	1230
Vanger	0:b86d15c6ba29	1231	word16 dtls_epoch; /* Current tx epoch */
Vanger	0:b86d15c6ba29	1232	word32 dtls_sequence_number; /* Current tx sequence */
Vanger	0:b86d15c6ba29	1233	word16 dtls_handshake_number; /* Current tx handshake seq */
Vanger	0:b86d15c6ba29	1234	#endif
Vanger	0:b86d15c6ba29	1235
Vanger	0:b86d15c6ba29	1236	word32 encryptSz; /* last size of encrypted data */
Vanger	0:b86d15c6ba29	1237	word32 padSz; /* how much to advance after decrypt part */
Vanger	0:b86d15c6ba29	1238	byte encryptionOn; /* true after change cipher spec */
Vanger	0:b86d15c6ba29	1239	byte decryptedCur; /* only decrypt current record once */
Vanger	0:b86d15c6ba29	1240	} Keys;
Vanger	0:b86d15c6ba29	1241
Vanger	0:b86d15c6ba29	1242
Vanger	0:b86d15c6ba29	1243
Vanger	0:b86d15c6ba29	1244	/* RFC 6066 TLS Extensions */
Vanger	0:b86d15c6ba29	1245	#ifdef HAVE_TLS_EXTENSIONS
Vanger	0:b86d15c6ba29	1246
Vanger	0:b86d15c6ba29	1247	typedef enum {
Vanger	0:b86d15c6ba29	1248	SERVER_NAME_INDICATION = 0x0000,
Vanger	0:b86d15c6ba29	1249	MAX_FRAGMENT_LENGTH = 0x0001,
Vanger	0:b86d15c6ba29	1250	TRUNCATED_HMAC = 0x0004,
Vanger	0:b86d15c6ba29	1251	ELLIPTIC_CURVES = 0x000a,
Vanger	0:b86d15c6ba29	1252	SESSION_TICKET = 0x0023,
Vanger	0:b86d15c6ba29	1253	SECURE_RENEGOTIATION = 0xff01
Vanger	0:b86d15c6ba29	1254	} TLSX_Type;
Vanger	0:b86d15c6ba29	1255
Vanger	0:b86d15c6ba29	1256	typedef struct TLSX {
Vanger	0:b86d15c6ba29	1257	TLSX_Type type; /* Extension Type */
Vanger	0:b86d15c6ba29	1258	void* data; /* Extension Data */
Vanger	0:b86d15c6ba29	1259	byte resp; /* IsResponse Flag */
Vanger	0:b86d15c6ba29	1260	struct TLSX* next; /* List Behavior */
Vanger	0:b86d15c6ba29	1261	} TLSX;
Vanger	0:b86d15c6ba29	1262
Vanger	0:b86d15c6ba29	1263	CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
Vanger	0:b86d15c6ba29	1264	CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
Vanger	0:b86d15c6ba29	1265	CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl);
Vanger	0:b86d15c6ba29	1266
Vanger	0:b86d15c6ba29	1267	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	1268	CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
Vanger	0:b86d15c6ba29	1269	CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output);
Vanger	0:b86d15c6ba29	1270	#endif
Vanger	0:b86d15c6ba29	1271
Vanger	0:b86d15c6ba29	1272	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	1273	CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl);
Vanger	0:b86d15c6ba29	1274	CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
Vanger	0:b86d15c6ba29	1275	#endif
Vanger	0:b86d15c6ba29	1276
Vanger	0:b86d15c6ba29	1277	CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
Vanger	0:b86d15c6ba29	1278	byte isRequest, Suites *suites);
Vanger	0:b86d15c6ba29	1279
Vanger	0:b86d15c6ba29	1280	#elif defined(HAVE_SNI) \
Vanger	0:b86d15c6ba29	1281	\|\| defined(HAVE_MAX_FRAGMENT) \
Vanger	0:b86d15c6ba29	1282	\|\| defined(HAVE_TRUNCATED_HMAC) \
Vanger	0:b86d15c6ba29	1283	\|\| defined(HAVE_SUPPORTED_CURVES) \
Vanger	0:b86d15c6ba29	1284	\|\| defined(HAVE_SECURE_RENEGOTIATION) \
Vanger	0:b86d15c6ba29	1285	\|\| defined(HAVE_SESSION_TICKET)
Vanger	0:b86d15c6ba29	1286
Vanger	0:b86d15c6ba29	1287	#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
Vanger	0:b86d15c6ba29	1288
Vanger	0:b86d15c6ba29	1289	#endif /* HAVE_TLS_EXTENSIONS */
Vanger	0:b86d15c6ba29	1290
Vanger	0:b86d15c6ba29	1291	/* Server Name Indication */
Vanger	0:b86d15c6ba29	1292	#ifdef HAVE_SNI
Vanger	0:b86d15c6ba29	1293
Vanger	0:b86d15c6ba29	1294	typedef struct SNI {
Vanger	0:b86d15c6ba29	1295	byte type; /* SNI Type */
Vanger	0:b86d15c6ba29	1296	union { char* host_name; } data; /* SNI Data */
Vanger	0:b86d15c6ba29	1297	struct SNI* next; /* List Behavior */
Vanger	0:b86d15c6ba29	1298	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	1299	byte options; /* Behaviour options */
Vanger	0:b86d15c6ba29	1300	byte status; /* Matching result */
Vanger	0:b86d15c6ba29	1301	#endif
Vanger	0:b86d15c6ba29	1302	} SNI;
Vanger	0:b86d15c6ba29	1303
Vanger	0:b86d15c6ba29	1304	CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
Vanger	0:b86d15c6ba29	1305	word16 size);
Vanger	0:b86d15c6ba29	1306
Vanger	0:b86d15c6ba29	1307	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	1308	CYASSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
Vanger	0:b86d15c6ba29	1309	byte options);
Vanger	0:b86d15c6ba29	1310	CYASSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
Vanger	0:b86d15c6ba29	1311	CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
Vanger	0:b86d15c6ba29	1312	void** data);
Vanger	0:b86d15c6ba29	1313	CYASSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
Vanger	0:b86d15c6ba29	1314	byte type, byte* sni, word32* inOutSz);
Vanger	0:b86d15c6ba29	1315	#endif
Vanger	0:b86d15c6ba29	1316
Vanger	0:b86d15c6ba29	1317	#endif /* HAVE_SNI */
Vanger	0:b86d15c6ba29	1318
Vanger	0:b86d15c6ba29	1319	/* Maximum Fragment Length */
Vanger	0:b86d15c6ba29	1320	#ifdef HAVE_MAX_FRAGMENT
Vanger	0:b86d15c6ba29	1321
Vanger	0:b86d15c6ba29	1322	CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
Vanger	0:b86d15c6ba29	1323
Vanger	0:b86d15c6ba29	1324	#endif /* HAVE_MAX_FRAGMENT */
Vanger	0:b86d15c6ba29	1325
Vanger	0:b86d15c6ba29	1326	#ifdef HAVE_TRUNCATED_HMAC
Vanger	0:b86d15c6ba29	1327
Vanger	0:b86d15c6ba29	1328	CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
Vanger	0:b86d15c6ba29	1329
Vanger	0:b86d15c6ba29	1330	#endif /* HAVE_TRUNCATED_HMAC */
Vanger	0:b86d15c6ba29	1331
Vanger	0:b86d15c6ba29	1332	#ifdef HAVE_SUPPORTED_CURVES
Vanger	0:b86d15c6ba29	1333
Vanger	0:b86d15c6ba29	1334	typedef struct EllipticCurve {
Vanger	0:b86d15c6ba29	1335	word16 name; /* CurveNames */
Vanger	0:b86d15c6ba29	1336	struct EllipticCurve* next; /* List Behavior */
Vanger	0:b86d15c6ba29	1337	} EllipticCurve;
Vanger	0:b86d15c6ba29	1338
Vanger	0:b86d15c6ba29	1339	CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
Vanger	0:b86d15c6ba29	1340
Vanger	0:b86d15c6ba29	1341	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	1342	CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
Vanger	0:b86d15c6ba29	1343	byte second);
Vanger	0:b86d15c6ba29	1344	#endif
Vanger	0:b86d15c6ba29	1345
Vanger	0:b86d15c6ba29	1346	#endif /* HAVE_SUPPORTED_CURVES */
Vanger	0:b86d15c6ba29	1347
Vanger	0:b86d15c6ba29	1348	#ifdef HAVE_SECURE_RENEGOTIATION
Vanger	0:b86d15c6ba29	1349
Vanger	0:b86d15c6ba29	1350	enum key_cache_state {
Vanger	0:b86d15c6ba29	1351	SCR_CACHE_NULL = 0, /* empty / begin state */
Vanger	0:b86d15c6ba29	1352	SCR_CACHE_NEEDED, /* need to cache keys */
Vanger	0:b86d15c6ba29	1353	SCR_CACHE_COPY, /* we have a cached copy */
Vanger	0:b86d15c6ba29	1354	SCR_CACHE_PARTIAL, /* partial restore to real keys */
Vanger	0:b86d15c6ba29	1355	SCR_CACHE_COMPLETE /* complete restore to real keys */
Vanger	0:b86d15c6ba29	1356	};
Vanger	0:b86d15c6ba29	1357
Vanger	0:b86d15c6ba29	1358
Vanger	0:b86d15c6ba29	1359	/* Additional Conection State according to rfc5746 section 3.1 */
Vanger	0:b86d15c6ba29	1360	typedef struct SecureRenegotiation {
Vanger	0:b86d15c6ba29	1361	byte enabled; /* secure_renegotiation flag in rfc */
Vanger	0:b86d15c6ba29	1362	byte startScr; /* server requested client to start scr */
Vanger	0:b86d15c6ba29	1363	enum key_cache_state cache_status; /* track key cache state */
Vanger	0:b86d15c6ba29	1364	byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
Vanger	0:b86d15c6ba29	1365	byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
Vanger	0:b86d15c6ba29	1366	byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */
Vanger	0:b86d15c6ba29	1367	Keys tmp_keys; /* can't overwrite real keys yet */
Vanger	0:b86d15c6ba29	1368	} SecureRenegotiation;
Vanger	0:b86d15c6ba29	1369
Vanger	0:b86d15c6ba29	1370	CYASSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
Vanger	0:b86d15c6ba29	1371
Vanger	0:b86d15c6ba29	1372	#endif /* HAVE_SECURE_RENEGOTIATION */
Vanger	0:b86d15c6ba29	1373
Vanger	0:b86d15c6ba29	1374	#ifdef HAVE_SESSION_TICKET
Vanger	0:b86d15c6ba29	1375
Vanger	0:b86d15c6ba29	1376	typedef struct SessionTicket {
Vanger	0:b86d15c6ba29	1377	word32 lifetime;
Vanger	0:b86d15c6ba29	1378	byte* data;
Vanger	0:b86d15c6ba29	1379	word16 size;
Vanger	0:b86d15c6ba29	1380	} SessionTicket;
Vanger	0:b86d15c6ba29	1381
Vanger	0:b86d15c6ba29	1382	CYASSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
Vanger	0:b86d15c6ba29	1383	SessionTicket* ticket);
Vanger	0:b86d15c6ba29	1384	CYASSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
Vanger	0:b86d15c6ba29	1385	byte* data, word16 size);
Vanger	0:b86d15c6ba29	1386	CYASSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
Vanger	0:b86d15c6ba29	1387	#endif /* HAVE_SESSION_TICKET */
Vanger	0:b86d15c6ba29	1388
Vanger	0:b86d15c6ba29	1389	/* CyaSSL context type */
Vanger	0:b86d15c6ba29	1390	struct CYASSL_CTX {
Vanger	0:b86d15c6ba29	1391	CYASSL_METHOD* method;
Vanger	0:b86d15c6ba29	1392	CyaSSL_Mutex countMutex; /* reference count mutex */
Vanger	0:b86d15c6ba29	1393	int refCount; /* reference count */
Vanger	0:b86d15c6ba29	1394	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	1395	buffer certificate;
Vanger	0:b86d15c6ba29	1396	buffer certChain;
Vanger	0:b86d15c6ba29	1397	/* chain after self, in DER, with leading size for each cert */
Vanger	0:b86d15c6ba29	1398	buffer privateKey;
Vanger	0:b86d15c6ba29	1399	buffer serverDH_P;
Vanger	0:b86d15c6ba29	1400	buffer serverDH_G;
Vanger	0:b86d15c6ba29	1401	CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
Vanger	0:b86d15c6ba29	1402	#endif
Vanger	0:b86d15c6ba29	1403	Suites suites;
Vanger	0:b86d15c6ba29	1404	void* heap; /* for user memory overrides */
Vanger	0:b86d15c6ba29	1405	byte verifyPeer;
Vanger	0:b86d15c6ba29	1406	byte verifyNone;
Vanger	0:b86d15c6ba29	1407	byte failNoCert;
Vanger	0:b86d15c6ba29	1408	byte sessionCacheOff;
Vanger	0:b86d15c6ba29	1409	byte sessionCacheFlushOff;
Vanger	0:b86d15c6ba29	1410	byte sendVerify; /* for client side */
Vanger	0:b86d15c6ba29	1411	byte haveRSA; /* RSA available */
Vanger	0:b86d15c6ba29	1412	byte haveDH; /* server DH parms set by user */
Vanger	0:b86d15c6ba29	1413	byte haveNTRU; /* server private NTRU key loaded */
Vanger	0:b86d15c6ba29	1414	byte haveECDSAsig; /* server cert signed w/ ECDSA */
Vanger	0:b86d15c6ba29	1415	byte haveStaticECC; /* static server ECC private key */
Vanger	0:b86d15c6ba29	1416	byte partialWrite; /* only one msg per write call */
Vanger	0:b86d15c6ba29	1417	byte quietShutdown; /* don't send close notify */
Vanger	0:b86d15c6ba29	1418	byte groupMessages; /* group handshake messages before sending */
Vanger	0:b86d15c6ba29	1419	CallbackIORecv CBIORecv;
Vanger	0:b86d15c6ba29	1420	CallbackIOSend CBIOSend;
Vanger	0:b86d15c6ba29	1421	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	1422	CallbackGenCookie CBIOCookie; /* gen cookie callback */
Vanger	0:b86d15c6ba29	1423	#endif
Vanger	0:b86d15c6ba29	1424	VerifyCallback verifyCallback; /* cert verification callback */
Vanger	0:b86d15c6ba29	1425	word32 timeout; /* session timeout */
Vanger	0:b86d15c6ba29	1426	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	1427	word16 eccTempKeySz; /* in octets 20 - 66 */
Vanger	0:b86d15c6ba29	1428	word32 pkCurveOID; /* curve Ecc_Sum */
Vanger	0:b86d15c6ba29	1429	#endif
Vanger	0:b86d15c6ba29	1430	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	1431	byte havePSK; /* psk key set by user */
Vanger	0:b86d15c6ba29	1432	psk_client_callback client_psk_cb; /* client callback */
Vanger	0:b86d15c6ba29	1433	psk_server_callback server_psk_cb; /* server callback */
Vanger	0:b86d15c6ba29	1434	char server_hint[MAX_PSK_ID_LEN];
Vanger	0:b86d15c6ba29	1435	#endif /* NO_PSK */
Vanger	0:b86d15c6ba29	1436	#ifdef HAVE_ANON
Vanger	0:b86d15c6ba29	1437	byte haveAnon; /* User wants to allow Anon suites */
Vanger	0:b86d15c6ba29	1438	#endif /* HAVE_ANON */
Vanger	0:b86d15c6ba29	1439	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	1440	pem_password_cb passwd_cb;
Vanger	0:b86d15c6ba29	1441	void* userdata;
Vanger	0:b86d15c6ba29	1442	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	1443	#ifdef HAVE_OCSP
Vanger	0:b86d15c6ba29	1444	CYASSL_OCSP ocsp;
Vanger	0:b86d15c6ba29	1445	#endif
Vanger	0:b86d15c6ba29	1446	#ifdef HAVE_CAVIUM
Vanger	0:b86d15c6ba29	1447	int devId; /* cavium device id to use */
Vanger	0:b86d15c6ba29	1448	#endif
Vanger	0:b86d15c6ba29	1449	#ifdef HAVE_TLS_EXTENSIONS
Vanger	0:b86d15c6ba29	1450	TLSX* extensions; /* RFC 6066 TLS Extensions data */
Vanger	0:b86d15c6ba29	1451	#endif
Vanger	0:b86d15c6ba29	1452	#ifdef ATOMIC_USER
Vanger	0:b86d15c6ba29	1453	CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
Vanger	0:b86d15c6ba29	1454	CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
Vanger	0:b86d15c6ba29	1455	#endif
Vanger	0:b86d15c6ba29	1456	#ifdef HAVE_PK_CALLBACKS
Vanger	0:b86d15c6ba29	1457	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	1458	CallbackEccSign EccSignCb; /* User EccSign Callback handler */
Vanger	0:b86d15c6ba29	1459	CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
Vanger	0:b86d15c6ba29	1460	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	1461	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	1462	CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
Vanger	0:b86d15c6ba29	1463	CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
Vanger	0:b86d15c6ba29	1464	CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
Vanger	0:b86d15c6ba29	1465	CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
Vanger	0:b86d15c6ba29	1466	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	1467	#endif /* HAVE_PK_CALLBACKS */
Vanger	0:b86d15c6ba29	1468	};
Vanger	0:b86d15c6ba29	1469
Vanger	0:b86d15c6ba29	1470
Vanger	0:b86d15c6ba29	1471	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1472	int InitSSL_Ctx(CYASSL_CTX, CYASSL_METHOD);
Vanger	0:b86d15c6ba29	1473	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1474	void FreeSSL_Ctx(CYASSL_CTX*);
Vanger	0:b86d15c6ba29	1475	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1476	void SSL_CtxResourceFree(CYASSL_CTX*);
Vanger	0:b86d15c6ba29	1477
Vanger	0:b86d15c6ba29	1478	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1479	int DeriveTlsKeys(CYASSL* ssl);
Vanger	0:b86d15c6ba29	1480	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1481	int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
Vanger	0:b86d15c6ba29	1482	word32 inSz, word16 sz);
Vanger	0:b86d15c6ba29	1483	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	1484	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1485	int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
Vanger	0:b86d15c6ba29	1486	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1487	int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
Vanger	0:b86d15c6ba29	1488	#endif
Vanger	0:b86d15c6ba29	1489
Vanger	0:b86d15c6ba29	1490	/* All cipher suite related info */
Vanger	0:b86d15c6ba29	1491	typedef struct CipherSpecs {
Vanger	0:b86d15c6ba29	1492	byte bulk_cipher_algorithm;
Vanger	0:b86d15c6ba29	1493	byte cipher_type; /* block, stream, or aead */
Vanger	0:b86d15c6ba29	1494	byte mac_algorithm;
Vanger	0:b86d15c6ba29	1495	byte kea; /* key exchange algo */
Vanger	0:b86d15c6ba29	1496	byte sig_algo;
Vanger	0:b86d15c6ba29	1497	byte hash_size;
Vanger	0:b86d15c6ba29	1498	byte pad_size;
Vanger	0:b86d15c6ba29	1499	byte static_ecdh;
Vanger	0:b86d15c6ba29	1500	word16 key_size;
Vanger	0:b86d15c6ba29	1501	word16 iv_size;
Vanger	0:b86d15c6ba29	1502	word16 block_size;
Vanger	0:b86d15c6ba29	1503	word16 aead_mac_size;
Vanger	0:b86d15c6ba29	1504	} CipherSpecs;
Vanger	0:b86d15c6ba29	1505
Vanger	0:b86d15c6ba29	1506
Vanger	0:b86d15c6ba29	1507	void InitCipherSpecs(CipherSpecs* cs);
Vanger	0:b86d15c6ba29	1508
Vanger	0:b86d15c6ba29	1509
Vanger	0:b86d15c6ba29	1510	/* Supported Message Authentication Codes from page 43 */
Vanger	0:b86d15c6ba29	1511	enum MACAlgorithm {
Vanger	0:b86d15c6ba29	1512	no_mac,
Vanger	0:b86d15c6ba29	1513	md5_mac,
Vanger	0:b86d15c6ba29	1514	sha_mac,
Vanger	0:b86d15c6ba29	1515	sha224_mac,
Vanger	0:b86d15c6ba29	1516	sha256_mac, /* needs to match external KDF_MacAlgorithm */
Vanger	0:b86d15c6ba29	1517	sha384_mac,
Vanger	0:b86d15c6ba29	1518	sha512_mac,
Vanger	0:b86d15c6ba29	1519	rmd_mac,
Vanger	0:b86d15c6ba29	1520	blake2b_mac
Vanger	0:b86d15c6ba29	1521	};
Vanger	0:b86d15c6ba29	1522
Vanger	0:b86d15c6ba29	1523
Vanger	0:b86d15c6ba29	1524	/* Supported Key Exchange Protocols */
Vanger	0:b86d15c6ba29	1525	enum KeyExchangeAlgorithm {
Vanger	0:b86d15c6ba29	1526	no_kea,
Vanger	0:b86d15c6ba29	1527	rsa_kea,
Vanger	0:b86d15c6ba29	1528	diffie_hellman_kea,
Vanger	0:b86d15c6ba29	1529	fortezza_kea,
Vanger	0:b86d15c6ba29	1530	psk_kea,
Vanger	0:b86d15c6ba29	1531	dhe_psk_kea,
Vanger	0:b86d15c6ba29	1532	ntru_kea,
Vanger	0:b86d15c6ba29	1533	ecc_diffie_hellman_kea,
Vanger	0:b86d15c6ba29	1534	ecc_static_diffie_hellman_kea /* for verify suite only */
Vanger	0:b86d15c6ba29	1535	};
Vanger	0:b86d15c6ba29	1536
Vanger	0:b86d15c6ba29	1537
Vanger	0:b86d15c6ba29	1538	/* Supported Authentication Schemes */
Vanger	0:b86d15c6ba29	1539	enum SignatureAlgorithm {
Vanger	0:b86d15c6ba29	1540	anonymous_sa_algo,
Vanger	0:b86d15c6ba29	1541	rsa_sa_algo,
Vanger	0:b86d15c6ba29	1542	dsa_sa_algo,
Vanger	0:b86d15c6ba29	1543	ecc_dsa_sa_algo
Vanger	0:b86d15c6ba29	1544	};
Vanger	0:b86d15c6ba29	1545
Vanger	0:b86d15c6ba29	1546
Vanger	0:b86d15c6ba29	1547	/* Supprted ECC Curve Types */
Vanger	0:b86d15c6ba29	1548	enum EccCurves {
Vanger	0:b86d15c6ba29	1549	named_curve = 3
Vanger	0:b86d15c6ba29	1550	};
Vanger	0:b86d15c6ba29	1551
Vanger	0:b86d15c6ba29	1552
Vanger	0:b86d15c6ba29	1553	/* Supprted ECC Named Curves */
Vanger	0:b86d15c6ba29	1554	enum EccNamedCurves {
Vanger	0:b86d15c6ba29	1555	secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */
Vanger	0:b86d15c6ba29	1556	secp384r1 = 0x18,
Vanger	0:b86d15c6ba29	1557	secp521r1 = 0x19,
Vanger	0:b86d15c6ba29	1558
Vanger	0:b86d15c6ba29	1559	secp160r1 = 0x10,
Vanger	0:b86d15c6ba29	1560	secp192r1 = 0x13, /* Openssl also call it prime192v1 */
Vanger	0:b86d15c6ba29	1561	secp224r1 = 0x15
Vanger	0:b86d15c6ba29	1562	};
Vanger	0:b86d15c6ba29	1563
Vanger	0:b86d15c6ba29	1564
Vanger	0:b86d15c6ba29	1565	/* Valid client certificate request types from page 27 */
Vanger	0:b86d15c6ba29	1566	enum ClientCertificateType {
Vanger	0:b86d15c6ba29	1567	rsa_sign = 1,
Vanger	0:b86d15c6ba29	1568	dss_sign = 2,
Vanger	0:b86d15c6ba29	1569	rsa_fixed_dh = 3,
Vanger	0:b86d15c6ba29	1570	dss_fixed_dh = 4,
Vanger	0:b86d15c6ba29	1571	rsa_ephemeral_dh = 5,
Vanger	0:b86d15c6ba29	1572	dss_ephemeral_dh = 6,
Vanger	0:b86d15c6ba29	1573	fortezza_kea_cert = 20,
Vanger	0:b86d15c6ba29	1574	ecdsa_sign = 64,
Vanger	0:b86d15c6ba29	1575	rsa_fixed_ecdh = 65,
Vanger	0:b86d15c6ba29	1576	ecdsa_fixed_ecdh = 66
Vanger	0:b86d15c6ba29	1577	};
Vanger	0:b86d15c6ba29	1578
Vanger	0:b86d15c6ba29	1579
Vanger	0:b86d15c6ba29	1580	enum CipherType { stream, block, aead };
Vanger	0:b86d15c6ba29	1581
Vanger	0:b86d15c6ba29	1582
Vanger	0:b86d15c6ba29	1583
Vanger	0:b86d15c6ba29	1584
Vanger	0:b86d15c6ba29	1585
Vanger	0:b86d15c6ba29	1586
Vanger	0:b86d15c6ba29	1587	/* cipher for now */
Vanger	0:b86d15c6ba29	1588	typedef struct Ciphers {
Vanger	0:b86d15c6ba29	1589	#ifdef BUILD_ARC4
Vanger	0:b86d15c6ba29	1590	Arc4* arc4;
Vanger	0:b86d15c6ba29	1591	#endif
Vanger	0:b86d15c6ba29	1592	#ifdef BUILD_DES3
Vanger	0:b86d15c6ba29	1593	Des3* des3;
Vanger	0:b86d15c6ba29	1594	#endif
Vanger	0:b86d15c6ba29	1595	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM)
Vanger	0:b86d15c6ba29	1596	Aes* aes;
Vanger	0:b86d15c6ba29	1597	#endif
Vanger	0:b86d15c6ba29	1598	#ifdef HAVE_CAMELLIA
Vanger	0:b86d15c6ba29	1599	Camellia* cam;
Vanger	0:b86d15c6ba29	1600	#endif
Vanger	0:b86d15c6ba29	1601	#ifdef HAVE_CHACHA
Vanger	0:b86d15c6ba29	1602	ChaCha* chacha;
Vanger	0:b86d15c6ba29	1603	#endif
Vanger	0:b86d15c6ba29	1604	#ifdef HAVE_HC128
Vanger	0:b86d15c6ba29	1605	HC128* hc128;
Vanger	0:b86d15c6ba29	1606	#endif
Vanger	0:b86d15c6ba29	1607	#ifdef BUILD_RABBIT
Vanger	0:b86d15c6ba29	1608	Rabbit* rabbit;
Vanger	0:b86d15c6ba29	1609	#endif
Vanger	0:b86d15c6ba29	1610	byte setup; /* have we set it up flag for detection */
Vanger	0:b86d15c6ba29	1611	} Ciphers;
Vanger	0:b86d15c6ba29	1612
Vanger	0:b86d15c6ba29	1613
Vanger	0:b86d15c6ba29	1614	#ifdef HAVE_ONE_TIME_AUTH
Vanger	0:b86d15c6ba29	1615	/* Ciphers for one time authentication such as poly1305 */
Vanger	0:b86d15c6ba29	1616	typedef struct OneTimeAuth {
Vanger	0:b86d15c6ba29	1617	#ifdef HAVE_POLY1305
Vanger	0:b86d15c6ba29	1618	Poly1305* poly1305;
Vanger	0:b86d15c6ba29	1619	#endif
Vanger	0:b86d15c6ba29	1620	byte setup; /* flag for if a cipher has been set */
Vanger	0:b86d15c6ba29	1621
Vanger	0:b86d15c6ba29	1622	} OneTimeAuth;
Vanger	0:b86d15c6ba29	1623	#endif
Vanger	0:b86d15c6ba29	1624
Vanger	0:b86d15c6ba29	1625
Vanger	0:b86d15c6ba29	1626	CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
Vanger	0:b86d15c6ba29	1627	CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
Vanger	0:b86d15c6ba29	1628
Vanger	0:b86d15c6ba29	1629
Vanger	0:b86d15c6ba29	1630	/* hashes type */
Vanger	0:b86d15c6ba29	1631	typedef struct Hashes {
Vanger	0:b86d15c6ba29	1632	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	1633	byte md5[MD5_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	1634	#endif
Vanger	0:b86d15c6ba29	1635	byte sha[SHA_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	1636	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	1637	byte sha256[SHA256_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	1638	#endif
Vanger	0:b86d15c6ba29	1639	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	1640	byte sha384[SHA384_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	1641	#endif
Vanger	0:b86d15c6ba29	1642	} Hashes;
Vanger	0:b86d15c6ba29	1643
Vanger	0:b86d15c6ba29	1644
Vanger	0:b86d15c6ba29	1645	/* Static x509 buffer */
Vanger	0:b86d15c6ba29	1646	typedef struct x509_buffer {
Vanger	0:b86d15c6ba29	1647	int length; /* actual size */
Vanger	0:b86d15c6ba29	1648	byte buffer[MAX_X509_SIZE]; /* max static cert size */
Vanger	0:b86d15c6ba29	1649	} x509_buffer;
Vanger	0:b86d15c6ba29	1650
Vanger	0:b86d15c6ba29	1651
Vanger	0:b86d15c6ba29	1652	/* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
Vanger	0:b86d15c6ba29	1653	struct CYASSL_X509_CHAIN {
Vanger	0:b86d15c6ba29	1654	int count; /* total number in chain */
Vanger	0:b86d15c6ba29	1655	x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
Vanger	0:b86d15c6ba29	1656	};
Vanger	0:b86d15c6ba29	1657
Vanger	0:b86d15c6ba29	1658
Vanger	0:b86d15c6ba29	1659	/* CyaSSL session type */
Vanger	0:b86d15c6ba29	1660	struct CYASSL_SESSION {
Vanger	0:b86d15c6ba29	1661	byte sessionID[ID_LEN]; /* id for protocol */
Vanger	0:b86d15c6ba29	1662	byte sessionIDSz;
Vanger	0:b86d15c6ba29	1663	byte masterSecret[SECRET_LEN]; /* stored secret */
Vanger	0:b86d15c6ba29	1664	word32 bornOn; /* create time in seconds */
Vanger	0:b86d15c6ba29	1665	word32 timeout; /* timeout in seconds */
Vanger	0:b86d15c6ba29	1666	#ifdef SESSION_CERTS
Vanger	0:b86d15c6ba29	1667	CYASSL_X509_CHAIN chain; /* peer cert chain, static */
Vanger	0:b86d15c6ba29	1668	ProtocolVersion version; /* which version was used */
Vanger	0:b86d15c6ba29	1669	byte cipherSuite0; /* first byte, normally 0 */
Vanger	0:b86d15c6ba29	1670	byte cipherSuite; /* 2nd byte, actual suite */
Vanger	0:b86d15c6ba29	1671	#endif
Vanger	0:b86d15c6ba29	1672	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	1673	byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
Vanger	0:b86d15c6ba29	1674	word16 idLen; /* serverID length */
Vanger	0:b86d15c6ba29	1675	#endif
Vanger	0:b86d15c6ba29	1676	#ifdef HAVE_SESSION_TICKET
Vanger	0:b86d15c6ba29	1677	byte ticket[SESSION_TICKET_LEN];
Vanger	0:b86d15c6ba29	1678	word16 ticketLen;
Vanger	0:b86d15c6ba29	1679	#endif
Vanger	0:b86d15c6ba29	1680	};
Vanger	0:b86d15c6ba29	1681
Vanger	0:b86d15c6ba29	1682
Vanger	0:b86d15c6ba29	1683	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1684	CYASSL_SESSION* GetSession(CYASSL, byte);
Vanger	0:b86d15c6ba29	1685	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	1686	int SetSession(CYASSL, CYASSL_SESSION);
Vanger	0:b86d15c6ba29	1687
Vanger	0:b86d15c6ba29	1688	typedef int (hmacfp) (CYASSL, byte, const byte, word32, int, int);
Vanger	0:b86d15c6ba29	1689
Vanger	0:b86d15c6ba29	1690	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	1691	CYASSL_SESSION* GetSessionClient(CYASSL, const byte, int);
Vanger	0:b86d15c6ba29	1692	#endif
Vanger	0:b86d15c6ba29	1693
Vanger	0:b86d15c6ba29	1694	/* client connect state for nonblocking restart */
Vanger	0:b86d15c6ba29	1695	enum ConnectState {
Vanger	0:b86d15c6ba29	1696	CONNECT_BEGIN = 0,
Vanger	0:b86d15c6ba29	1697	CLIENT_HELLO_SENT,
Vanger	0:b86d15c6ba29	1698	HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
Vanger	0:b86d15c6ba29	1699	HELLO_AGAIN_REPLY,
Vanger	0:b86d15c6ba29	1700	FIRST_REPLY_DONE,
Vanger	0:b86d15c6ba29	1701	FIRST_REPLY_FIRST,
Vanger	0:b86d15c6ba29	1702	FIRST_REPLY_SECOND,
Vanger	0:b86d15c6ba29	1703	FIRST_REPLY_THIRD,
Vanger	0:b86d15c6ba29	1704	FIRST_REPLY_FOURTH,
Vanger	0:b86d15c6ba29	1705	FINISHED_DONE,
Vanger	0:b86d15c6ba29	1706	SECOND_REPLY_DONE
Vanger	0:b86d15c6ba29	1707	};
Vanger	0:b86d15c6ba29	1708
Vanger	0:b86d15c6ba29	1709
Vanger	0:b86d15c6ba29	1710	/* server accept state for nonblocking restart */
Vanger	0:b86d15c6ba29	1711	enum AcceptState {
Vanger	0:b86d15c6ba29	1712	ACCEPT_BEGIN = 0,
Vanger	0:b86d15c6ba29	1713	ACCEPT_CLIENT_HELLO_DONE,
Vanger	0:b86d15c6ba29	1714	HELLO_VERIFY_SENT,
Vanger	0:b86d15c6ba29	1715	ACCEPT_FIRST_REPLY_DONE,
Vanger	0:b86d15c6ba29	1716	SERVER_HELLO_SENT,
Vanger	0:b86d15c6ba29	1717	CERT_SENT,
Vanger	0:b86d15c6ba29	1718	KEY_EXCHANGE_SENT,
Vanger	0:b86d15c6ba29	1719	CERT_REQ_SENT,
Vanger	0:b86d15c6ba29	1720	SERVER_HELLO_DONE,
Vanger	0:b86d15c6ba29	1721	ACCEPT_SECOND_REPLY_DONE,
Vanger	0:b86d15c6ba29	1722	CHANGE_CIPHER_SENT,
Vanger	0:b86d15c6ba29	1723	ACCEPT_FINISHED_DONE,
Vanger	0:b86d15c6ba29	1724	ACCEPT_THIRD_REPLY_DONE
Vanger	0:b86d15c6ba29	1725	};
Vanger	0:b86d15c6ba29	1726
Vanger	0:b86d15c6ba29	1727
Vanger	0:b86d15c6ba29	1728	typedef struct Buffers {
Vanger	0:b86d15c6ba29	1729	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	1730	buffer certificate; /* CYASSL_CTX owns, unless we own */
Vanger	0:b86d15c6ba29	1731	buffer key; /* CYASSL_CTX owns, unless we own */
Vanger	0:b86d15c6ba29	1732	buffer certChain; /* CYASSL_CTX owns, unless we own */
Vanger	0:b86d15c6ba29	1733	/* chain after self, in DER, with leading size for each cert */
Vanger	0:b86d15c6ba29	1734	buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
Vanger	0:b86d15c6ba29	1735	buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
Vanger	0:b86d15c6ba29	1736	buffer serverDH_Pub;
Vanger	0:b86d15c6ba29	1737	buffer serverDH_Priv;
Vanger	0:b86d15c6ba29	1738	#endif
Vanger	0:b86d15c6ba29	1739	buffer domainName; /* for client check */
Vanger	0:b86d15c6ba29	1740	bufferStatic inputBuffer;
Vanger	0:b86d15c6ba29	1741	bufferStatic outputBuffer;
Vanger	0:b86d15c6ba29	1742	buffer clearOutputBuffer;
Vanger	0:b86d15c6ba29	1743	int prevSent; /* previous plain text bytes sent
Vanger	0:b86d15c6ba29	1744	when got WANT_WRITE */
Vanger	0:b86d15c6ba29	1745	int plainSz; /* plain text bytes in buffer to send
Vanger	0:b86d15c6ba29	1746	when got WANT_WRITE */
Vanger	0:b86d15c6ba29	1747	byte weOwnCert; /* SSL own cert flag */
Vanger	0:b86d15c6ba29	1748	byte weOwnCertChain; /* SSL own cert chain flag */
Vanger	0:b86d15c6ba29	1749	byte weOwnKey; /* SSL own key flag */
Vanger	0:b86d15c6ba29	1750	byte weOwnDH; /* SSL own dh (p,g) flag */
Vanger	0:b86d15c6ba29	1751	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	1752	CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
Vanger	0:b86d15c6ba29	1753	#endif
Vanger	0:b86d15c6ba29	1754	#ifdef HAVE_PK_CALLBACKS
Vanger	0:b86d15c6ba29	1755	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	1756	buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
Vanger	0:b86d15c6ba29	1757	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	1758	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	1759	buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
Vanger	0:b86d15c6ba29	1760	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	1761	#endif /* HAVE_PK_CALLBACKS */
Vanger	0:b86d15c6ba29	1762	} Buffers;
Vanger	0:b86d15c6ba29	1763
Vanger	0:b86d15c6ba29	1764	typedef struct Options {
Vanger	0:b86d15c6ba29	1765	byte sessionCacheOff;
Vanger	0:b86d15c6ba29	1766	byte sessionCacheFlushOff;
Vanger	0:b86d15c6ba29	1767	byte cipherSuite0; /* first byte, normally 0 */
Vanger	0:b86d15c6ba29	1768	byte cipherSuite; /* second byte, actual suite */
Vanger	0:b86d15c6ba29	1769	byte serverState;
Vanger	0:b86d15c6ba29	1770	byte clientState;
Vanger	0:b86d15c6ba29	1771	byte handShakeState;
Vanger	0:b86d15c6ba29	1772	byte handShakeDone; /* at least one handshake complete */
Vanger	0:b86d15c6ba29	1773	byte side; /* client or server end */
Vanger	0:b86d15c6ba29	1774	byte verifyPeer;
Vanger	0:b86d15c6ba29	1775	byte verifyNone;
Vanger	0:b86d15c6ba29	1776	byte failNoCert;
Vanger	0:b86d15c6ba29	1777	byte downgrade; /* allow downgrade of versions */
Vanger	0:b86d15c6ba29	1778	byte minDowngrade; /* minimum downgrade version */
Vanger	0:b86d15c6ba29	1779	byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
Vanger	0:b86d15c6ba29	1780	byte resuming;
Vanger	0:b86d15c6ba29	1781	byte haveSessionId; /* server may not send */
Vanger	0:b86d15c6ba29	1782	byte tls; /* using TLS ? */
Vanger	0:b86d15c6ba29	1783	byte tls1_1; /* using TLSv1.1+ ? */
Vanger	0:b86d15c6ba29	1784	byte dtls; /* using datagrams ? */
Vanger	0:b86d15c6ba29	1785	byte connReset; /* has the peer reset */
Vanger	0:b86d15c6ba29	1786	byte isClosed; /* if we consider conn closed */
Vanger	0:b86d15c6ba29	1787	byte closeNotify; /* we've recieved a close notify */
Vanger	0:b86d15c6ba29	1788	byte sentNotify; /* we've sent a close notify */
Vanger	0:b86d15c6ba29	1789	byte connectState; /* nonblocking resume */
Vanger	0:b86d15c6ba29	1790	byte acceptState; /* nonblocking resume */
Vanger	0:b86d15c6ba29	1791	byte usingCompression; /* are we using compression */
Vanger	0:b86d15c6ba29	1792	byte haveRSA; /* RSA available */
Vanger	0:b86d15c6ba29	1793	byte haveDH; /* server DH parms set by user */
Vanger	0:b86d15c6ba29	1794	byte haveNTRU; /* server NTRU private key loaded */
Vanger	0:b86d15c6ba29	1795	byte haveECDSAsig; /* server ECDSA signed cert */
Vanger	0:b86d15c6ba29	1796	byte haveStaticECC; /* static server ECC private key */
Vanger	0:b86d15c6ba29	1797	byte havePeerCert; /* do we have peer's cert */
Vanger	0:b86d15c6ba29	1798	byte havePeerVerify; /* and peer's cert verify */
Vanger	0:b86d15c6ba29	1799	byte usingPSK_cipher; /* whether we're using psk as cipher */
Vanger	0:b86d15c6ba29	1800	byte usingAnon_cipher; /* whether we're using an anon cipher */
Vanger	0:b86d15c6ba29	1801	byte sendAlertState; /* nonblocking resume */
Vanger	0:b86d15c6ba29	1802	byte processReply; /* nonblocking resume */
Vanger	0:b86d15c6ba29	1803	byte partialWrite; /* only one msg per write call */
Vanger	0:b86d15c6ba29	1804	byte quietShutdown; /* don't send close notify */
Vanger	0:b86d15c6ba29	1805	byte certOnly; /* stop once we get cert */
Vanger	0:b86d15c6ba29	1806	byte groupMessages; /* group handshake messages */
Vanger	0:b86d15c6ba29	1807	byte usingNonblock; /* set when using nonblocking socket */
Vanger	0:b86d15c6ba29	1808	byte saveArrays; /* save array Memory for user get keys
Vanger	0:b86d15c6ba29	1809	or psk */
Vanger	0:b86d15c6ba29	1810	#ifdef HAVE_POLY1305
Vanger	0:b86d15c6ba29	1811	byte oldPoly; /* set when to use old rfc way of poly*/
Vanger	0:b86d15c6ba29	1812	#endif
Vanger	0:b86d15c6ba29	1813	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	1814	byte havePSK; /* psk key set by user */
Vanger	0:b86d15c6ba29	1815	psk_client_callback client_psk_cb;
Vanger	0:b86d15c6ba29	1816	psk_server_callback server_psk_cb;
Vanger	0:b86d15c6ba29	1817	#endif /* NO_PSK */
Vanger	0:b86d15c6ba29	1818	#ifdef HAVE_ANON
Vanger	0:b86d15c6ba29	1819	byte haveAnon; /* User wants to allow Anon suites */
Vanger	0:b86d15c6ba29	1820	#endif /* HAVE_ANON */
Vanger	0:b86d15c6ba29	1821	} Options;
Vanger	0:b86d15c6ba29	1822
Vanger	0:b86d15c6ba29	1823	typedef struct Arrays {
Vanger	0:b86d15c6ba29	1824	byte clientRandom[RAN_LEN];
Vanger	0:b86d15c6ba29	1825	byte serverRandom[RAN_LEN];
Vanger	0:b86d15c6ba29	1826	byte sessionID[ID_LEN];
Vanger	0:b86d15c6ba29	1827	byte sessionIDSz;
Vanger	0:b86d15c6ba29	1828	byte preMasterSecret[ENCRYPT_LEN];
Vanger	0:b86d15c6ba29	1829	byte masterSecret[SECRET_LEN];
Vanger	0:b86d15c6ba29	1830	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	1831	byte cookie[MAX_COOKIE_LEN];
Vanger	0:b86d15c6ba29	1832	byte cookieSz;
Vanger	0:b86d15c6ba29	1833	#endif
Vanger	0:b86d15c6ba29	1834	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	1835	char client_identity[MAX_PSK_ID_LEN];
Vanger	0:b86d15c6ba29	1836	char server_hint[MAX_PSK_ID_LEN];
Vanger	0:b86d15c6ba29	1837	byte psk_key[MAX_PSK_KEY_LEN];
Vanger	0:b86d15c6ba29	1838	word32 psk_keySz; /* acutal size */
Vanger	0:b86d15c6ba29	1839	#endif
Vanger	0:b86d15c6ba29	1840	word32 preMasterSz; /* differs for DH, actual size */
Vanger	0:b86d15c6ba29	1841	} Arrays;
Vanger	0:b86d15c6ba29	1842
Vanger	0:b86d15c6ba29	1843	#ifndef ASN_NAME_MAX
Vanger	0:b86d15c6ba29	1844	#define ASN_NAME_MAX 256
Vanger	0:b86d15c6ba29	1845	#endif
Vanger	0:b86d15c6ba29	1846
Vanger	0:b86d15c6ba29	1847	#ifndef MAX_DATE_SZ
Vanger	0:b86d15c6ba29	1848	#define MAX_DATE_SZ 32
Vanger	0:b86d15c6ba29	1849	#endif
Vanger	0:b86d15c6ba29	1850
Vanger	0:b86d15c6ba29	1851	struct CYASSL_X509_NAME {
Vanger	0:b86d15c6ba29	1852	char *name;
Vanger	0:b86d15c6ba29	1853	char staticName[ASN_NAME_MAX];
Vanger	0:b86d15c6ba29	1854	int dynamicName;
Vanger	0:b86d15c6ba29	1855	int sz;
Vanger	0:b86d15c6ba29	1856	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	1857	DecodedName fullName;
Vanger	0:b86d15c6ba29	1858	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	1859	};
Vanger	0:b86d15c6ba29	1860
Vanger	0:b86d15c6ba29	1861	#ifndef EXTERNAL_SERIAL_SIZE
Vanger	0:b86d15c6ba29	1862	#define EXTERNAL_SERIAL_SIZE 32
Vanger	0:b86d15c6ba29	1863	#endif
Vanger	0:b86d15c6ba29	1864
Vanger	0:b86d15c6ba29	1865	#ifdef NO_ASN
Vanger	0:b86d15c6ba29	1866	typedef struct DNS_entry DNS_entry;
Vanger	0:b86d15c6ba29	1867	#endif
Vanger	0:b86d15c6ba29	1868
Vanger	0:b86d15c6ba29	1869	struct CYASSL_X509 {
Vanger	0:b86d15c6ba29	1870	int version;
Vanger	0:b86d15c6ba29	1871	CYASSL_X509_NAME issuer;
Vanger	0:b86d15c6ba29	1872	CYASSL_X509_NAME subject;
Vanger	0:b86d15c6ba29	1873	int serialSz;
Vanger	0:b86d15c6ba29	1874	byte serial[EXTERNAL_SERIAL_SIZE];
Vanger	0:b86d15c6ba29	1875	char subjectCN[ASN_NAME_MAX]; /* common name short cut */
Vanger	0:b86d15c6ba29	1876	#ifdef CYASSL_SEP
Vanger	0:b86d15c6ba29	1877	int deviceTypeSz;
Vanger	0:b86d15c6ba29	1878	byte deviceType[EXTERNAL_SERIAL_SIZE];
Vanger	0:b86d15c6ba29	1879	int hwTypeSz;
Vanger	0:b86d15c6ba29	1880	byte hwType[EXTERNAL_SERIAL_SIZE];
Vanger	0:b86d15c6ba29	1881	int hwSerialNumSz;
Vanger	0:b86d15c6ba29	1882	byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
Vanger	0:b86d15c6ba29	1883	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	1884	byte certPolicySet;
Vanger	0:b86d15c6ba29	1885	byte certPolicyCrit;
Vanger	0:b86d15c6ba29	1886	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	1887	#endif
Vanger	0:b86d15c6ba29	1888	int notBeforeSz;
Vanger	0:b86d15c6ba29	1889	byte notBefore[MAX_DATE_SZ];
Vanger	0:b86d15c6ba29	1890	int notAfterSz;
Vanger	0:b86d15c6ba29	1891	byte notAfter[MAX_DATE_SZ];
Vanger	0:b86d15c6ba29	1892	int sigOID;
Vanger	0:b86d15c6ba29	1893	buffer sig;
Vanger	0:b86d15c6ba29	1894	int pubKeyOID;
Vanger	0:b86d15c6ba29	1895	buffer pubKey;
Vanger	0:b86d15c6ba29	1896	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	1897	word32 pkCurveOID;
Vanger	0:b86d15c6ba29	1898	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	1899	buffer derCert; /* may need */
Vanger	0:b86d15c6ba29	1900	DNS_entry* altNames; /* alt names list */
Vanger	0:b86d15c6ba29	1901	DNS_entry* altNamesNext; /* hint for retrieval */
Vanger	0:b86d15c6ba29	1902	byte dynamicMemory; /* dynamic memory flag */
Vanger	0:b86d15c6ba29	1903	byte isCa;
Vanger	0:b86d15c6ba29	1904	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	1905	word32 pathLength;
Vanger	0:b86d15c6ba29	1906	word16 keyUsage;
Vanger	0:b86d15c6ba29	1907	byte basicConstSet;
Vanger	0:b86d15c6ba29	1908	byte basicConstCrit;
Vanger	0:b86d15c6ba29	1909	byte basicConstPlSet;
Vanger	0:b86d15c6ba29	1910	byte subjAltNameSet;
Vanger	0:b86d15c6ba29	1911	byte subjAltNameCrit;
Vanger	0:b86d15c6ba29	1912	byte authKeyIdSet;
Vanger	0:b86d15c6ba29	1913	byte authKeyIdCrit;
Vanger	0:b86d15c6ba29	1914	byte* authKeyId;
Vanger	0:b86d15c6ba29	1915	word32 authKeyIdSz;
Vanger	0:b86d15c6ba29	1916	byte subjKeyIdSet;
Vanger	0:b86d15c6ba29	1917	byte subjKeyIdCrit;
Vanger	0:b86d15c6ba29	1918	byte* subjKeyId;
Vanger	0:b86d15c6ba29	1919	word32 subjKeyIdSz;
Vanger	0:b86d15c6ba29	1920	byte keyUsageSet;
Vanger	0:b86d15c6ba29	1921	byte keyUsageCrit;
Vanger	0:b86d15c6ba29	1922	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	1923	};
Vanger	0:b86d15c6ba29	1924
Vanger	0:b86d15c6ba29	1925
Vanger	0:b86d15c6ba29	1926	/* record layer header for PlainText, Compressed, and CipherText */
Vanger	0:b86d15c6ba29	1927	typedef struct RecordLayerHeader {
Vanger	0:b86d15c6ba29	1928	byte type;
Vanger	0:b86d15c6ba29	1929	byte pvMajor;
Vanger	0:b86d15c6ba29	1930	byte pvMinor;
Vanger	0:b86d15c6ba29	1931	byte length[2];
Vanger	0:b86d15c6ba29	1932	} RecordLayerHeader;
Vanger	0:b86d15c6ba29	1933
Vanger	0:b86d15c6ba29	1934
Vanger	0:b86d15c6ba29	1935	/* record layer header for DTLS PlainText, Compressed, and CipherText */
Vanger	0:b86d15c6ba29	1936	typedef struct DtlsRecordLayerHeader {
Vanger	0:b86d15c6ba29	1937	byte type;
Vanger	0:b86d15c6ba29	1938	byte pvMajor;
Vanger	0:b86d15c6ba29	1939	byte pvMinor;
Vanger	0:b86d15c6ba29	1940	byte epoch[2]; /* increment on cipher state change */
Vanger	0:b86d15c6ba29	1941	byte sequence_number[6]; /* per record */
Vanger	0:b86d15c6ba29	1942	byte length[2];
Vanger	0:b86d15c6ba29	1943	} DtlsRecordLayerHeader;
Vanger	0:b86d15c6ba29	1944
Vanger	0:b86d15c6ba29	1945
Vanger	0:b86d15c6ba29	1946	typedef struct DtlsPool {
Vanger	0:b86d15c6ba29	1947	buffer buf[DTLS_POOL_SZ];
Vanger	0:b86d15c6ba29	1948	int used;
Vanger	0:b86d15c6ba29	1949	} DtlsPool;
Vanger	0:b86d15c6ba29	1950
Vanger	0:b86d15c6ba29	1951	typedef struct DtlsMsg {
Vanger	0:b86d15c6ba29	1952	struct DtlsMsg* next;
Vanger	0:b86d15c6ba29	1953	word32 seq; /* Handshake sequence number */
Vanger	0:b86d15c6ba29	1954	word32 sz; /* Length of whole mesage */
Vanger	0:b86d15c6ba29	1955	word32 fragSz; /* Length of fragments received */
Vanger	0:b86d15c6ba29	1956	byte type;
Vanger	0:b86d15c6ba29	1957	byte* buf;
Vanger	0:b86d15c6ba29	1958	byte* msg;
Vanger	0:b86d15c6ba29	1959	} DtlsMsg;
Vanger	0:b86d15c6ba29	1960
Vanger	0:b86d15c6ba29	1961
Vanger	0:b86d15c6ba29	1962	#ifdef HAVE_NETX
Vanger	0:b86d15c6ba29	1963
Vanger	0:b86d15c6ba29	1964	/* NETX I/O Callback default */
Vanger	0:b86d15c6ba29	1965	typedef struct NetX_Ctx {
Vanger	0:b86d15c6ba29	1966	NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
Vanger	0:b86d15c6ba29	1967	NX_PACKET* nxPacket; /* incoming packet handle for short reads */
Vanger	0:b86d15c6ba29	1968	ULONG nxOffset; /* offset already read from nxPacket */
Vanger	0:b86d15c6ba29	1969	ULONG nxWait; /* wait option flag */
Vanger	0:b86d15c6ba29	1970	} NetX_Ctx;
Vanger	0:b86d15c6ba29	1971
Vanger	0:b86d15c6ba29	1972	#endif
Vanger	0:b86d15c6ba29	1973
Vanger	0:b86d15c6ba29	1974
Vanger	0:b86d15c6ba29	1975	/* Handshake messages recevied from peer (plus change cipher */
Vanger	0:b86d15c6ba29	1976	typedef struct MsgsReceived {
Vanger	0:b86d15c6ba29	1977	word16 got_hello_request:1;
Vanger	0:b86d15c6ba29	1978	word16 got_client_hello:1;
Vanger	0:b86d15c6ba29	1979	word16 got_server_hello:1;
Vanger	0:b86d15c6ba29	1980	word16 got_hello_verify_request:1;
Vanger	0:b86d15c6ba29	1981	word16 got_session_ticket:1;
Vanger	0:b86d15c6ba29	1982	word16 got_certificate:1;
Vanger	0:b86d15c6ba29	1983	word16 got_server_key_exchange:1;
Vanger	0:b86d15c6ba29	1984	word16 got_certificate_request:1;
Vanger	0:b86d15c6ba29	1985	word16 got_server_hello_done:1;
Vanger	0:b86d15c6ba29	1986	word16 got_certificate_verify:1;
Vanger	0:b86d15c6ba29	1987	word16 got_client_key_exchange:1;
Vanger	0:b86d15c6ba29	1988	word16 got_finished:1;
Vanger	0:b86d15c6ba29	1989	word16 got_change_cipher:1;
Vanger	0:b86d15c6ba29	1990	} MsgsReceived;
Vanger	0:b86d15c6ba29	1991
Vanger	0:b86d15c6ba29	1992
Vanger	0:b86d15c6ba29	1993	/* CyaSSL ssl type */
Vanger	0:b86d15c6ba29	1994	struct CYASSL {
Vanger	0:b86d15c6ba29	1995	CYASSL_CTX* ctx;
Vanger	0:b86d15c6ba29	1996	int error;
Vanger	0:b86d15c6ba29	1997	ProtocolVersion version; /* negotiated version */
Vanger	0:b86d15c6ba29	1998	ProtocolVersion chVersion; /* client hello version */
Vanger	0:b86d15c6ba29	1999	Suites* suites; /* only need during handshake */
Vanger	0:b86d15c6ba29	2000	Ciphers encrypt;
Vanger	0:b86d15c6ba29	2001	Ciphers decrypt;
Vanger	0:b86d15c6ba29	2002	#ifdef HAVE_ONE_TIME_AUTH
Vanger	0:b86d15c6ba29	2003	OneTimeAuth auth;
Vanger	0:b86d15c6ba29	2004	#endif
Vanger	0:b86d15c6ba29	2005	CipherSpecs specs;
Vanger	0:b86d15c6ba29	2006	Keys keys;
Vanger	0:b86d15c6ba29	2007	MsgsReceived msgsReceived; /* peer messages received */
Vanger	0:b86d15c6ba29	2008	int rfd; /* read file descriptor */
Vanger	0:b86d15c6ba29	2009	int wfd; /* write file descriptor */
Vanger	0:b86d15c6ba29	2010	int rflags; /* user read flags */
Vanger	0:b86d15c6ba29	2011	int wflags; /* user write flags */
Vanger	0:b86d15c6ba29	2012	CYASSL_BIO* biord; /* socket bio read to free/close */
Vanger	0:b86d15c6ba29	2013	CYASSL_BIO* biowr; /* socket bio write to free/close */
Vanger	0:b86d15c6ba29	2014	void* IOCB_ReadCtx;
Vanger	0:b86d15c6ba29	2015	void* IOCB_WriteCtx;
Vanger	0:b86d15c6ba29	2016	RNG* rng;
Vanger	0:b86d15c6ba29	2017	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	2018	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	2019	Sha hashSha; /* sha hash of handshake msgs */
Vanger	0:b86d15c6ba29	2020	#endif
Vanger	0:b86d15c6ba29	2021	#ifndef NO_MD5
Vanger	0:b86d15c6ba29	2022	Md5 hashMd5; /* md5 hash of handshake msgs */
Vanger	0:b86d15c6ba29	2023	#endif
Vanger	0:b86d15c6ba29	2024	#endif
Vanger	0:b86d15c6ba29	2025	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	2026	Sha256 hashSha256; /* sha256 hash of handshake msgs */
Vanger	0:b86d15c6ba29	2027	#endif
Vanger	0:b86d15c6ba29	2028	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	2029	Sha384 hashSha384; /* sha384 hash of handshake msgs */
Vanger	0:b86d15c6ba29	2030	#endif
Vanger	0:b86d15c6ba29	2031	Hashes verifyHashes;
Vanger	0:b86d15c6ba29	2032	Hashes certHashes; /* for cert verify */
Vanger	0:b86d15c6ba29	2033	Buffers buffers;
Vanger	0:b86d15c6ba29	2034	Options options;
Vanger	0:b86d15c6ba29	2035	Arrays* arrays;
Vanger	0:b86d15c6ba29	2036	CYASSL_SESSION session;
Vanger	0:b86d15c6ba29	2037	VerifyCallback verifyCallback; /* cert verification callback */
Vanger	0:b86d15c6ba29	2038	void* verifyCbCtx; /* cert verify callback user ctx*/
Vanger	0:b86d15c6ba29	2039	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	2040	RsaKey* peerRsaKey;
Vanger	0:b86d15c6ba29	2041	byte peerRsaKeyPresent;
Vanger	0:b86d15c6ba29	2042	#endif
Vanger	0:b86d15c6ba29	2043	#ifdef HAVE_NTRU
Vanger	0:b86d15c6ba29	2044	word16 peerNtruKeyLen;
Vanger	0:b86d15c6ba29	2045	byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
Vanger	0:b86d15c6ba29	2046	byte peerNtruKeyPresent;
Vanger	0:b86d15c6ba29	2047	#endif
Vanger	0:b86d15c6ba29	2048	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	2049	ecc_key* peerEccKey; /* peer's ECDHE key */
Vanger	0:b86d15c6ba29	2050	ecc_key* peerEccDsaKey; /* peer's ECDSA key */
Vanger	0:b86d15c6ba29	2051	ecc_key* eccTempKey; /* private ECDHE key */
Vanger	0:b86d15c6ba29	2052	ecc_key* eccDsaKey; /* private ECDSA key */
Vanger	0:b86d15c6ba29	2053	word16 eccTempKeySz; /* in octets 20 - 66 */
Vanger	0:b86d15c6ba29	2054	word32 pkCurveOID; /* curve Ecc_Sum */
Vanger	0:b86d15c6ba29	2055	byte peerEccKeyPresent;
Vanger	0:b86d15c6ba29	2056	byte peerEccDsaKeyPresent;
Vanger	0:b86d15c6ba29	2057	byte eccTempKeyPresent;
Vanger	0:b86d15c6ba29	2058	byte eccDsaKeyPresent;
Vanger	0:b86d15c6ba29	2059	#endif
Vanger	0:b86d15c6ba29	2060	hmacfp hmac;
Vanger	0:b86d15c6ba29	2061	void* heap; /* for user overrides */
Vanger	0:b86d15c6ba29	2062	RecordLayerHeader curRL;
Vanger	0:b86d15c6ba29	2063	word16 curSize;
Vanger	0:b86d15c6ba29	2064	word32 timeout; /* session timeout */
Vanger	0:b86d15c6ba29	2065	CYASSL_CIPHER cipher;
Vanger	0:b86d15c6ba29	2066	#ifdef HAVE_LIBZ
Vanger	0:b86d15c6ba29	2067	z_stream c_stream; /* compression stream */
Vanger	0:b86d15c6ba29	2068	z_stream d_stream; /* decompression stream */
Vanger	0:b86d15c6ba29	2069	byte didStreamInit; /* for stream init and end */
Vanger	0:b86d15c6ba29	2070	#endif
Vanger	0:b86d15c6ba29	2071	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	2072	int dtls_timeout_init; /* starting timeout vaule */
Vanger	0:b86d15c6ba29	2073	int dtls_timeout_max; /* maximum timeout value */
Vanger	0:b86d15c6ba29	2074	int dtls_timeout; /* current timeout value, changes */
Vanger	0:b86d15c6ba29	2075	DtlsPool* dtls_pool;
Vanger	0:b86d15c6ba29	2076	DtlsMsg* dtls_msg_list;
Vanger	0:b86d15c6ba29	2077	void* IOCB_CookieCtx; /* gen cookie ctx */
Vanger	0:b86d15c6ba29	2078	word32 dtls_expected_rx;
Vanger	0:b86d15c6ba29	2079	#endif
Vanger	0:b86d15c6ba29	2080	#ifdef CYASSL_CALLBACKS
Vanger	0:b86d15c6ba29	2081	HandShakeInfo handShakeInfo; /* info saved during handshake */
Vanger	0:b86d15c6ba29	2082	TimeoutInfo timeoutInfo; /* info saved during handshake */
Vanger	0:b86d15c6ba29	2083	byte hsInfoOn; /* track handshake info */
Vanger	0:b86d15c6ba29	2084	byte toInfoOn; /* track timeout info */
Vanger	0:b86d15c6ba29	2085	#endif
Vanger	0:b86d15c6ba29	2086	#ifdef HAVE_FUZZER
Vanger	0:b86d15c6ba29	2087	CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
Vanger	0:b86d15c6ba29	2088	void* fuzzerCtx; /* user defined pointer */
Vanger	0:b86d15c6ba29	2089	#endif
Vanger	0:b86d15c6ba29	2090	#ifdef KEEP_PEER_CERT
Vanger	0:b86d15c6ba29	2091	CYASSL_X509 peerCert; /* X509 peer cert */
Vanger	0:b86d15c6ba29	2092	#endif
Vanger	0:b86d15c6ba29	2093	#ifdef FORTRESS
Vanger	0:b86d15c6ba29	2094	void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
Vanger	0:b86d15c6ba29	2095	#endif
Vanger	0:b86d15c6ba29	2096	#ifdef HAVE_CAVIUM
Vanger	0:b86d15c6ba29	2097	int devId; /* cavium device id to use */
Vanger	0:b86d15c6ba29	2098	#endif
Vanger	0:b86d15c6ba29	2099	#ifdef HAVE_TLS_EXTENSIONS
Vanger	0:b86d15c6ba29	2100	TLSX* extensions; /* RFC 6066 TLS Extensions data */
Vanger	0:b86d15c6ba29	2101	#ifdef HAVE_MAX_FRAGMENT
Vanger	0:b86d15c6ba29	2102	word16 max_fragment;
Vanger	0:b86d15c6ba29	2103	#endif
Vanger	0:b86d15c6ba29	2104	#ifdef HAVE_TRUNCATED_HMAC
Vanger	0:b86d15c6ba29	2105	byte truncated_hmac;
Vanger	0:b86d15c6ba29	2106	#endif
Vanger	0:b86d15c6ba29	2107	#ifdef HAVE_SECURE_RENEGOTIATION
Vanger	0:b86d15c6ba29	2108	SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
Vanger	0:b86d15c6ba29	2109	#endif /* user turned on */
Vanger	0:b86d15c6ba29	2110	#if !defined(NO_CYASSL_CLIENT) && defined(HAVE_SESSION_TICKET)
Vanger	0:b86d15c6ba29	2111	CallbackSessionTicket session_ticket_cb;
Vanger	0:b86d15c6ba29	2112	void* session_ticket_ctx;
Vanger	0:b86d15c6ba29	2113	byte expect_session_ticket;
Vanger	0:b86d15c6ba29	2114	#endif
Vanger	0:b86d15c6ba29	2115	#endif /* HAVE_TLS_EXTENSIONS */
Vanger	0:b86d15c6ba29	2116	#ifdef HAVE_NETX
Vanger	0:b86d15c6ba29	2117	NetX_Ctx nxCtx; /* NetX IO Context */
Vanger	0:b86d15c6ba29	2118	#endif
Vanger	0:b86d15c6ba29	2119	#ifdef SESSION_INDEX
Vanger	0:b86d15c6ba29	2120	int sessionIndex; /* Session's location in the cache. */
Vanger	0:b86d15c6ba29	2121	#endif
Vanger	0:b86d15c6ba29	2122	CYASSL_ALERT_HISTORY alert_history;
Vanger	0:b86d15c6ba29	2123	#ifdef ATOMIC_USER
Vanger	0:b86d15c6ba29	2124	void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
Vanger	0:b86d15c6ba29	2125	void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
Vanger	0:b86d15c6ba29	2126	#endif
Vanger	0:b86d15c6ba29	2127	#ifdef HAVE_PK_CALLBACKS
Vanger	0:b86d15c6ba29	2128	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	2129	void* EccSignCtx; /* Ecc Sign Callback Context */
Vanger	0:b86d15c6ba29	2130	void* EccVerifyCtx; /* Ecc Verify Callback Context */
Vanger	0:b86d15c6ba29	2131	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	2132	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	2133	void* RsaSignCtx; /* Rsa Sign Callback Context */
Vanger	0:b86d15c6ba29	2134	void* RsaVerifyCtx; /* Rsa Verify Callback Context */
Vanger	0:b86d15c6ba29	2135	void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
Vanger	0:b86d15c6ba29	2136	void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
Vanger	0:b86d15c6ba29	2137	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	2138	#endif /* HAVE_PK_CALLBACKS */
Vanger	0:b86d15c6ba29	2139	#ifdef HAVE_SECRET_CALLBACK
Vanger	0:b86d15c6ba29	2140	SessionSecretCb sessionSecretCb;
Vanger	0:b86d15c6ba29	2141	void* sessionSecretCtx;
Vanger	0:b86d15c6ba29	2142	#endif /* HAVE_SECRET_CALLBACK */
Vanger	0:b86d15c6ba29	2143	};
Vanger	0:b86d15c6ba29	2144
Vanger	0:b86d15c6ba29	2145
Vanger	0:b86d15c6ba29	2146	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2147	int InitSSL(CYASSL, CYASSL_CTX);
Vanger	0:b86d15c6ba29	2148	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2149	void FreeSSL(CYASSL*);
Vanger	0:b86d15c6ba29	2150	CYASSL_API void SSL_ResourceFree(CYASSL); / Micrium uses */
Vanger	0:b86d15c6ba29	2151
Vanger	0:b86d15c6ba29	2152
Vanger	0:b86d15c6ba29	2153	enum {
Vanger	0:b86d15c6ba29	2154	IV_SZ = 32, /* max iv sz */
Vanger	0:b86d15c6ba29	2155	NAME_SZ = 80 /* max one line */
Vanger	0:b86d15c6ba29	2156	};
Vanger	0:b86d15c6ba29	2157
Vanger	0:b86d15c6ba29	2158
Vanger	0:b86d15c6ba29	2159	typedef struct EncryptedInfo {
Vanger	0:b86d15c6ba29	2160	char name[NAME_SZ]; /* encryption name */
Vanger	0:b86d15c6ba29	2161	byte iv[IV_SZ]; /* encrypted IV */
Vanger	0:b86d15c6ba29	2162	word32 ivSz; /* encrypted IV size */
Vanger	0:b86d15c6ba29	2163	long consumed; /* tracks PEM bytes consumed */
Vanger	0:b86d15c6ba29	2164	byte set; /* if encryption set */
Vanger	0:b86d15c6ba29	2165	CYASSL_CTX* ctx; /* CTX owner */
Vanger	0:b86d15c6ba29	2166	} EncryptedInfo;
Vanger	0:b86d15c6ba29	2167
Vanger	0:b86d15c6ba29	2168
Vanger	0:b86d15c6ba29	2169	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	2170	CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
Vanger	0:b86d15c6ba29	2171	buffer* der, void* heap, EncryptedInfo* info,
Vanger	0:b86d15c6ba29	2172	int* eccKey);
Vanger	0:b86d15c6ba29	2173
Vanger	0:b86d15c6ba29	2174	CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
Vanger	0:b86d15c6ba29	2175	int type, CYASSL* ssl, int userChain,
Vanger	0:b86d15c6ba29	2176	CYASSL_CRL* crl);
Vanger	0:b86d15c6ba29	2177	#endif
Vanger	0:b86d15c6ba29	2178
Vanger	0:b86d15c6ba29	2179
Vanger	0:b86d15c6ba29	2180	#ifdef CYASSL_CALLBACKS
Vanger	0:b86d15c6ba29	2181	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2182	void InitHandShakeInfo(HandShakeInfo*);
Vanger	0:b86d15c6ba29	2183	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2184	void FinishHandShakeInfo(HandShakeInfo, const CYASSL);
Vanger	0:b86d15c6ba29	2185	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2186	void AddPacketName(const char, HandShakeInfo);
Vanger	0:b86d15c6ba29	2187
Vanger	0:b86d15c6ba29	2188	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2189	void InitTimeoutInfo(TimeoutInfo*);
Vanger	0:b86d15c6ba29	2190	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2191	void FreeTimeoutInfo(TimeoutInfo, void);
Vanger	0:b86d15c6ba29	2192	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2193	void AddPacketInfo(const char, TimeoutInfo, const byte, int, void);
Vanger	0:b86d15c6ba29	2194	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2195	void AddLateName(const char, TimeoutInfo);
Vanger	0:b86d15c6ba29	2196	CYASSL_LOCAL
Vanger	0:b86d15c6ba29	2197	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
Vanger	0:b86d15c6ba29	2198	#endif
Vanger	0:b86d15c6ba29	2199
Vanger	0:b86d15c6ba29	2200
Vanger	0:b86d15c6ba29	2201	/* Record Layer Header identifier from page 12 */
Vanger	0:b86d15c6ba29	2202	enum ContentType {
Vanger	0:b86d15c6ba29	2203	no_type = 0,
Vanger	0:b86d15c6ba29	2204	change_cipher_spec = 20,
Vanger	0:b86d15c6ba29	2205	alert = 21,
Vanger	0:b86d15c6ba29	2206	handshake = 22,
Vanger	0:b86d15c6ba29	2207	application_data = 23
Vanger	0:b86d15c6ba29	2208	};
Vanger	0:b86d15c6ba29	2209
Vanger	0:b86d15c6ba29	2210
Vanger	0:b86d15c6ba29	2211	/* handshake header, same for each message type, pgs 20/21 */
Vanger	0:b86d15c6ba29	2212	typedef struct HandShakeHeader {
Vanger	0:b86d15c6ba29	2213	byte type;
Vanger	0:b86d15c6ba29	2214	word24 length;
Vanger	0:b86d15c6ba29	2215	} HandShakeHeader;
Vanger	0:b86d15c6ba29	2216
Vanger	0:b86d15c6ba29	2217
Vanger	0:b86d15c6ba29	2218	/* DTLS handshake header, same for each message type */
Vanger	0:b86d15c6ba29	2219	typedef struct DtlsHandShakeHeader {
Vanger	0:b86d15c6ba29	2220	byte type;
Vanger	0:b86d15c6ba29	2221	word24 length;
Vanger	0:b86d15c6ba29	2222	byte message_seq[2]; /* start at 0, restransmit gets same # */
Vanger	0:b86d15c6ba29	2223	word24 fragment_offset; /* bytes in previous fragments */
Vanger	0:b86d15c6ba29	2224	word24 fragment_length; /* length of this fragment */
Vanger	0:b86d15c6ba29	2225	} DtlsHandShakeHeader;
Vanger	0:b86d15c6ba29	2226
Vanger	0:b86d15c6ba29	2227
Vanger	0:b86d15c6ba29	2228	enum HandShakeType {
Vanger	0:b86d15c6ba29	2229	no_shake = -1,
Vanger	0:b86d15c6ba29	2230	hello_request = 0,
Vanger	0:b86d15c6ba29	2231	client_hello = 1,
Vanger	0:b86d15c6ba29	2232	server_hello = 2,
Vanger	0:b86d15c6ba29	2233	hello_verify_request = 3, /* DTLS addition */
Vanger	0:b86d15c6ba29	2234	session_ticket = 4,
Vanger	0:b86d15c6ba29	2235	certificate = 11,
Vanger	0:b86d15c6ba29	2236	server_key_exchange = 12,
Vanger	0:b86d15c6ba29	2237	certificate_request = 13,
Vanger	0:b86d15c6ba29	2238	server_hello_done = 14,
Vanger	0:b86d15c6ba29	2239	certificate_verify = 15,
Vanger	0:b86d15c6ba29	2240	client_key_exchange = 16,
Vanger	0:b86d15c6ba29	2241	finished = 20,
Vanger	0:b86d15c6ba29	2242	change_cipher_hs = 55 /* simulate unique handshake type for sanity
Vanger	0:b86d15c6ba29	2243	checks. record layer change_cipher
Vanger	0:b86d15c6ba29	2244	conflicts with handshake finished */
Vanger	0:b86d15c6ba29	2245	};
Vanger	0:b86d15c6ba29	2246
Vanger	0:b86d15c6ba29	2247
Vanger	0:b86d15c6ba29	2248	static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
Vanger	0:b86d15c6ba29	2249	static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
Vanger	0:b86d15c6ba29	2250
Vanger	0:b86d15c6ba29	2251	static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
Vanger	0:b86d15c6ba29	2252	static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
Vanger	0:b86d15c6ba29	2253
Vanger	0:b86d15c6ba29	2254
Vanger	0:b86d15c6ba29	2255	/* internal functions */
Vanger	0:b86d15c6ba29	2256	CYASSL_LOCAL int SendChangeCipher(CYASSL*);
Vanger	0:b86d15c6ba29	2257	CYASSL_LOCAL int SendData(CYASSL, const void, int);
Vanger	0:b86d15c6ba29	2258	CYASSL_LOCAL int SendCertificate(CYASSL*);
Vanger	0:b86d15c6ba29	2259	CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
Vanger	0:b86d15c6ba29	2260	CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
Vanger	0:b86d15c6ba29	2261	CYASSL_LOCAL int SendBuffered(CYASSL*);
Vanger	0:b86d15c6ba29	2262	CYASSL_LOCAL int ReceiveData(CYASSL, byte, int, int);
Vanger	0:b86d15c6ba29	2263	CYASSL_LOCAL int SendFinished(CYASSL*);
Vanger	0:b86d15c6ba29	2264	CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
Vanger	0:b86d15c6ba29	2265	CYASSL_LOCAL int ProcessReply(CYASSL*);
Vanger	0:b86d15c6ba29	2266
Vanger	0:b86d15c6ba29	2267	CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
Vanger	0:b86d15c6ba29	2268	CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
Vanger	0:b86d15c6ba29	2269
Vanger	0:b86d15c6ba29	2270	CYASSL_LOCAL int AddSession(CYASSL*);
Vanger	0:b86d15c6ba29	2271	CYASSL_LOCAL int DeriveKeys(CYASSL* ssl);
Vanger	0:b86d15c6ba29	2272	CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
Vanger	0:b86d15c6ba29	2273
Vanger	0:b86d15c6ba29	2274	CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
Vanger	0:b86d15c6ba29	2275	CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
Vanger	0:b86d15c6ba29	2276
Vanger	0:b86d15c6ba29	2277	CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
Vanger	0:b86d15c6ba29	2278	CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
Vanger	0:b86d15c6ba29	2279	CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
Vanger	0:b86d15c6ba29	2280
Vanger	0:b86d15c6ba29	2281	CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl);
Vanger	0:b86d15c6ba29	2282	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	2283	CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
Vanger	0:b86d15c6ba29	2284	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	2285	CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
Vanger	0:b86d15c6ba29	2286	#endif
Vanger	0:b86d15c6ba29	2287	#endif
Vanger	0:b86d15c6ba29	2288	CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
Vanger	0:b86d15c6ba29	2289	const byte* sender);
Vanger	0:b86d15c6ba29	2290	CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
Vanger	0:b86d15c6ba29	2291	CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);
Vanger	0:b86d15c6ba29	2292	CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
Vanger	0:b86d15c6ba29	2293
Vanger	0:b86d15c6ba29	2294	#ifndef NO_TLS
Vanger	0:b86d15c6ba29	2295	CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
Vanger	0:b86d15c6ba29	2296	CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
Vanger	0:b86d15c6ba29	2297	word32 sz, int content, int verify);
Vanger	0:b86d15c6ba29	2298	#endif
Vanger	0:b86d15c6ba29	2299
Vanger	0:b86d15c6ba29	2300	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	2301	CYASSL_LOCAL int SendClientHello(CYASSL*);
Vanger	0:b86d15c6ba29	2302	CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
Vanger	0:b86d15c6ba29	2303	CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
Vanger	0:b86d15c6ba29	2304	#endif /* NO_CYASSL_CLIENT */
Vanger	0:b86d15c6ba29	2305
Vanger	0:b86d15c6ba29	2306	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	2307	CYASSL_LOCAL int SendServerHello(CYASSL*);
Vanger	0:b86d15c6ba29	2308	CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
Vanger	0:b86d15c6ba29	2309	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	2310	CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
Vanger	0:b86d15c6ba29	2311	#endif
Vanger	0:b86d15c6ba29	2312	#endif /* NO_CYASSL_SERVER */
Vanger	0:b86d15c6ba29	2313
Vanger	0:b86d15c6ba29	2314	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	2315	CYASSL_LOCAL int DtlsPoolInit(CYASSL*);
Vanger	0:b86d15c6ba29	2316	CYASSL_LOCAL int DtlsPoolSave(CYASSL, const byte, int);
Vanger	0:b86d15c6ba29	2317	CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*);
Vanger	0:b86d15c6ba29	2318	CYASSL_LOCAL int DtlsPoolSend(CYASSL*);
Vanger	0:b86d15c6ba29	2319	CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
Vanger	0:b86d15c6ba29	2320
Vanger	0:b86d15c6ba29	2321	CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
Vanger	0:b86d15c6ba29	2322	CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg, void);
Vanger	0:b86d15c6ba29	2323	CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg, void);
Vanger	0:b86d15c6ba29	2324	CYASSL_LOCAL void DtlsMsgSet(DtlsMsg, word32, const byte, byte,
Vanger	0:b86d15c6ba29	2325	word32, word32);
Vanger	0:b86d15c6ba29	2326	CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
Vanger	0:b86d15c6ba29	2327	CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg, word32, const byte, word32,
Vanger	0:b86d15c6ba29	2328	byte, word32, word32, void*);
Vanger	0:b86d15c6ba29	2329	CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg, DtlsMsg);
Vanger	0:b86d15c6ba29	2330	#endif /* CYASSL_DTLS */
Vanger	0:b86d15c6ba29	2331
Vanger	0:b86d15c6ba29	2332	#ifndef NO_TLS
Vanger	0:b86d15c6ba29	2333
Vanger	0:b86d15c6ba29	2334
Vanger	0:b86d15c6ba29	2335	#endif /* NO_TLS */
Vanger	0:b86d15c6ba29	2336
Vanger	0:b86d15c6ba29	2337
Vanger	0:b86d15c6ba29	2338	CYASSL_LOCAL word32 LowResTimer(void);
Vanger	0:b86d15c6ba29	2339
Vanger	0:b86d15c6ba29	2340	CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int);
Vanger	0:b86d15c6ba29	2341	CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name);
Vanger	0:b86d15c6ba29	2342	CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
Vanger	0:b86d15c6ba29	2343	CYASSL_LOCAL void FreeX509(CYASSL_X509*);
Vanger	0:b86d15c6ba29	2344	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	2345	CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509, DecodedCert);
Vanger	0:b86d15c6ba29	2346	#endif
Vanger	0:b86d15c6ba29	2347
Vanger	0:b86d15c6ba29	2348	/* used by ssl.c and cyassl_int.c */
Vanger	0:b86d15c6ba29	2349	CYASSL_LOCAL void c32to24(word32 in, word24 out);
Vanger	0:b86d15c6ba29	2350
Vanger	0:b86d15c6ba29	2351	CYASSL_LOCAL const char* const* GetCipherNames(void);
Vanger	0:b86d15c6ba29	2352	CYASSL_LOCAL int GetCipherNamesSize(void);
Vanger	0:b86d15c6ba29	2353
Vanger	0:b86d15c6ba29	2354
Vanger	0:b86d15c6ba29	2355	enum encrypt_side {
Vanger	0:b86d15c6ba29	2356	ENCRYPT_SIDE_ONLY = 1,
Vanger	0:b86d15c6ba29	2357	DECRYPT_SIDE_ONLY,
Vanger	0:b86d15c6ba29	2358	ENCRYPT_AND_DECRYPT_SIDE
Vanger	0:b86d15c6ba29	2359	};
Vanger	0:b86d15c6ba29	2360
Vanger	0:b86d15c6ba29	2361	CYASSL_LOCAL int SetKeysSide(CYASSL*, enum encrypt_side);
Vanger	0:b86d15c6ba29	2362
Vanger	0:b86d15c6ba29	2363
Vanger	0:b86d15c6ba29	2364	#ifdef __cplusplus
Vanger	0:b86d15c6ba29	2365	} /* extern "C" */
Vanger	0:b86d15c6ba29	2366	#endif
Vanger	0:b86d15c6ba29	2367
Vanger	0:b86d15c6ba29	2368	#endif /* CyaSSL_INT_H */
Vanger	0:b86d15c6ba29	2369

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	27 Mar 2015
Imports:	27
Forks:	0
Commits:	7
Dependents:	4
Dependencies:	0
Followers:	87

cyassl/internal.h@6:cf58d49e1a86, 2015-03-23 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning