internal.h 66 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042
  1. /* internal.h
  2. *
  3. * Copyright (C) 2006-2013 wolfSSL Inc.
  4. *
  5. * This file is part of CyaSSL.
  6. *
  7. * CyaSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * CyaSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  20. */
  21. #ifndef CYASSL_INT_H
  22. #define CYASSL_INT_H
  23. #include <cyassl/ctaocrypt/types.h>
  24. #include <cyassl/ssl.h>
  25. #include <cyassl/crl.h>
  26. #include <cyassl/ctaocrypt/random.h>
  27. #include <cyassl/ctaocrypt/des3.h>
  28. #include <cyassl/ctaocrypt/hc128.h>
  29. #include <cyassl/ctaocrypt/rabbit.h>
  30. #include <cyassl/ctaocrypt/asn.h>
  31. #include <cyassl/ctaocrypt/md5.h>
  32. #include <cyassl/ctaocrypt/sha.h>
  33. #include <cyassl/ctaocrypt/aes.h>
  34. #include <cyassl/ctaocrypt/camellia.h>
  35. #include <cyassl/ctaocrypt/logging.h>
  36. #ifndef NO_RC4
  37. #include <cyassl/ctaocrypt/arc4.h>
  38. #endif
  39. #ifdef HAVE_ECC
  40. #include <cyassl/ctaocrypt/ecc.h>
  41. #endif
  42. #ifndef NO_SHA256
  43. #include <cyassl/ctaocrypt/sha256.h>
  44. #endif
  45. #ifdef HAVE_OCSP
  46. #include <cyassl/ocsp.h>
  47. #endif
  48. #ifdef CYASSL_SHA512
  49. #include <cyassl/ctaocrypt/sha512.h>
  50. #endif
  51. #ifdef HAVE_AESGCM
  52. #include <cyassl/ctaocrypt/sha512.h>
  53. #endif
  54. #ifdef CYASSL_RIPEMD
  55. #include <cyassl/ctaocrypt/ripemd.h>
  56. #endif
  57. #ifdef CYASSL_CALLBACKS
  58. #include <cyassl/callbacks.h>
  59. #include <signal.h>
  60. #endif
  61. #ifdef USE_WINDOWS_API
  62. #ifdef CYASSL_GAME_BUILD
  63. #include "system/xtl.h"
  64. #else
  65. #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
  66. /* On WinCE winsock2.h must be included before windows.h */
  67. #include <winsock2.h>
  68. #endif
  69. #include <windows.h>
  70. #endif
  71. #elif defined(THREADX)
  72. #ifndef SINGLE_THREADED
  73. #include "tx_api.h"
  74. #endif
  75. #elif defined(MICRIUM)
  76. /* do nothing, just don't pick Unix */
  77. #elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
  78. /* do nothing */
  79. #elif defined(EBSNET)
  80. /* do nothing */
  81. #elif defined(FREESCALE_MQX)
  82. /* do nothing */
  83. #elif defined(CYASSL_MDK_ARM)
  84. #include <rtl.h>
  85. #else
  86. #ifndef SINGLE_THREADED
  87. #define CYASSL_PTHREADS
  88. #include <pthread.h>
  89. #endif
  90. #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
  91. #include <unistd.h> /* for close of BIO */
  92. #endif
  93. #endif
  94. #ifdef HAVE_LIBZ
  95. #include "zlib.h"
  96. #endif
  97. #ifdef _MSC_VER
  98. /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
  99. #pragma warning(disable: 4996)
  100. #endif
  101. #ifdef NO_AES
  102. #if !defined (ALIGN16)
  103. #define ALIGN16
  104. #endif
  105. #endif
  106. #ifdef NO_SHA
  107. #define SHA_DIGEST_SIZE 20
  108. #endif
  109. #ifdef NO_SHA256
  110. #define SHA256_DIGEST_SIZE 32
  111. #endif
  112. #ifdef __cplusplus
  113. extern "C" {
  114. #endif
  115. #ifdef USE_WINDOWS_API
  116. typedef unsigned int SOCKET_T;
  117. #else
  118. typedef int SOCKET_T;
  119. #endif
  120. typedef byte word24[3];
  121. /* used by ssl.c and cyassl_int.c */
  122. void c32to24(word32 in, word24 out);
  123. /* Define or comment out the cipher suites you'd like to be compiled in
  124. make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
  125. When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
  126. */
  127. #if !defined(NO_RSA) && !defined(NO_RC4)
  128. #if !defined(NO_SHA)
  129. #define BUILD_SSL_RSA_WITH_RC4_128_SHA
  130. #endif
  131. #if !defined(NO_MD5)
  132. #define BUILD_SSL_RSA_WITH_RC4_128_MD5
  133. #endif
  134. #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
  135. #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
  136. #endif
  137. #endif
  138. #if !defined(NO_RSA) && !defined(NO_DES3)
  139. #if !defined(NO_SHA)
  140. #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
  141. #if !defined(NO_TLS) && defined(HAVE_NTRU)
  142. #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
  143. #endif
  144. #endif
  145. #endif
  146. #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
  147. #if !defined(NO_SHA)
  148. #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
  149. #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
  150. #if defined(HAVE_NTRU)
  151. #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
  152. #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
  153. #endif
  154. #endif
  155. #if !defined (NO_SHA256)
  156. #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
  157. #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
  158. #endif
  159. #if defined (HAVE_AESGCM)
  160. #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
  161. #if defined (CYASSL_SHA384)
  162. #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
  163. #endif
  164. #endif
  165. #if defined (HAVE_AESCCM)
  166. #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
  167. #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
  168. #endif
  169. #endif
  170. #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
  171. #ifndef NO_RSA
  172. #if !defined(NO_SHA)
  173. #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  174. #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  175. #endif
  176. #ifndef NO_SHA256
  177. #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
  178. #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
  179. #endif
  180. #if !defined(NO_DH) && defined(OPENSSL_EXTRA)
  181. #if !defined(NO_SHA)
  182. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  183. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  184. #endif
  185. #ifndef NO_SHA256
  186. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
  187. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
  188. #endif
  189. #endif
  190. #endif
  191. #endif
  192. #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
  193. #if !defined(NO_SHA)
  194. #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
  195. #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
  196. #endif
  197. #ifndef NO_SHA256
  198. #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
  199. #ifdef HAVE_AESCCM
  200. #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
  201. #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
  202. #endif
  203. #endif
  204. #endif
  205. #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
  206. #if !defined(NO_RSA)
  207. #if !defined(NO_SHA)
  208. #define BUILD_TLS_RSA_WITH_NULL_SHA
  209. #endif
  210. #ifndef NO_SHA256
  211. #define BUILD_TLS_RSA_WITH_NULL_SHA256
  212. #endif
  213. #endif
  214. #if !defined(NO_PSK)
  215. #if !defined(NO_SHA)
  216. #define BUILD_TLS_PSK_WITH_NULL_SHA
  217. #endif
  218. #ifndef NO_SHA256
  219. #define BUILD_TLS_PSK_WITH_NULL_SHA256
  220. #endif
  221. #endif
  222. #endif
  223. #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
  224. #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
  225. #if !defined(NO_SHA)
  226. #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
  227. #endif
  228. #endif
  229. #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
  230. #if !defined(NO_SHA)
  231. #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
  232. #endif
  233. #endif
  234. #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
  235. !defined(NO_RSA) && defined(OPENSSL_EXTRA)
  236. #if !defined(NO_SHA)
  237. #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  238. #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  239. #endif
  240. #if !defined (NO_SHA256)
  241. #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  242. #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  243. #if defined (HAVE_AESGCM)
  244. #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  245. #if defined (CYASSL_SHA384)
  246. #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  247. #endif
  248. #endif
  249. #endif
  250. #endif
  251. #if defined(HAVE_ECC) && !defined(NO_TLS)
  252. #if !defined(NO_AES)
  253. #if !defined(NO_SHA)
  254. #if !defined(NO_RSA)
  255. #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  256. #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  257. #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  258. #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  259. #endif
  260. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  261. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  262. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  263. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  264. #endif /* NO_SHA */
  265. #ifndef NO_SHA256
  266. #if !defined(NO_RSA)
  267. #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  268. #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  269. #endif
  270. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  271. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  272. #endif
  273. #ifdef CYASSL_SHA384
  274. #if !defined(NO_RSA)
  275. #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  276. #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  277. #endif
  278. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  279. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  280. #endif
  281. #if defined (HAVE_AESGCM)
  282. #if !defined(NO_RSA)
  283. #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  284. #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  285. #if defined(CYASSL_SHA384)
  286. #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  287. #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
  288. #endif
  289. #endif
  290. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  291. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  292. #if defined(CYASS_SHA384)
  293. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  294. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  295. #endif
  296. #endif
  297. #if defined (HAVE_AESCCM)
  298. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  299. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
  300. #endif
  301. #endif /* NO_AES */
  302. #if !defined(NO_RC4)
  303. #if !defined(NO_SHA)
  304. #if !defined(NO_RSA)
  305. #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  306. #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
  307. #endif
  308. #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  309. #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  310. #endif
  311. #endif
  312. #if !defined(NO_DES3)
  313. #if !defined(NO_RSA)
  314. #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  315. #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  316. #endif
  317. #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  318. #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  319. #endif
  320. #endif
  321. #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
  322. defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
  323. #define BUILD_ARC4
  324. #endif
  325. #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
  326. #define BUILD_DES3
  327. #endif
  328. #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
  329. defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
  330. defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
  331. #undef BUILD_AES
  332. #define BUILD_AES
  333. #endif
  334. #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
  335. defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
  336. #define BUILD_AESGCM
  337. #endif
  338. #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
  339. defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
  340. #define BUILD_HC128
  341. #endif
  342. #if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA)
  343. #define BUILD_RABBIT
  344. #endif
  345. #ifdef NO_DES3
  346. #define DES_BLOCK_SIZE 8
  347. #else
  348. #undef BUILD_DES3
  349. #define BUILD_DES3
  350. #endif
  351. #ifdef NO_AES
  352. #define AES_BLOCK_SIZE 16
  353. #else
  354. #undef BUILD_AES
  355. #define BUILD_AES
  356. #endif
  357. #ifndef NO_RC4
  358. #undef BUILD_ARC4
  359. #define BUILD_ARC4
  360. #endif
  361. #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
  362. #define HAVE_AEAD
  363. #endif
  364. /* actual cipher values, 2nd byte */
  365. enum {
  366. TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
  367. TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
  368. TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
  369. TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
  370. TLS_RSA_WITH_NULL_SHA = 0x02,
  371. TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
  372. TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
  373. TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
  374. TLS_PSK_WITH_NULL_SHA256 = 0xb0,
  375. TLS_PSK_WITH_NULL_SHA = 0x2c,
  376. SSL_RSA_WITH_RC4_128_SHA = 0x05,
  377. SSL_RSA_WITH_RC4_128_MD5 = 0x04,
  378. SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
  379. /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
  380. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
  381. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
  382. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
  383. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
  384. TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
  385. TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
  386. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
  387. TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
  388. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
  389. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
  390. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
  391. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
  392. /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
  393. TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
  394. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
  395. TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
  396. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
  397. TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
  398. TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
  399. TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
  400. TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
  401. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
  402. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
  403. TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
  404. TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
  405. /* CyaSSL extension - eSTREAM */
  406. TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
  407. TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
  408. TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD,
  409. /* CyaSSL extension - NTRU */
  410. TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
  411. TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
  412. TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */
  413. TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
  414. /* SHA256 */
  415. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
  416. TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
  417. TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
  418. TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
  419. TLS_RSA_WITH_NULL_SHA256 = 0x3b,
  420. /* AES-GCM */
  421. TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
  422. TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
  423. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
  424. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
  425. /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
  426. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
  427. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
  428. TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
  429. TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
  430. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
  431. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
  432. TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
  433. TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
  434. /* AES-CCM, first byte is 0xC0 but isn't ECC,
  435. * also, in some of the other AES-CCM suites
  436. * there will be second byte number conflicts
  437. * with non-ECC AES-GCM */
  438. TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
  439. TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
  440. TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xc6, /* Still TBD, made up */
  441. TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xc7, /* Still TBD, made up */
  442. TLS_PSK_WITH_AES_128_CCM = 0xa4,
  443. TLS_PSK_WITH_AES_256_CCM = 0xa5,
  444. TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
  445. TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
  446. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
  447. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
  448. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
  449. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
  450. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
  451. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
  452. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
  453. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4
  454. };
  455. #if defined(CYASSL_SHA384)
  456. #define MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
  457. #elif !defined(NO_SHA256)
  458. #define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
  459. #elif !defined(NO_MD5) && !defined(NO_SHA)
  460. #define MAX_DIGEST_SIZE (SHA_DIGEST_SIZE + MD5_DIGEST_SIZE)
  461. #else
  462. #error "You have configured the build so there isn't any hashing."
  463. #endif
  464. enum Misc {
  465. SERVER_END = 0,
  466. CLIENT_END,
  467. ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
  468. SEND_CERT = 1,
  469. SEND_BLANK_CERT = 2,
  470. DTLS_MAJOR = 0xfe, /* DTLS major version number */
  471. DTLS_MINOR = 0xff, /* DTLS minor version number */
  472. DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
  473. SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
  474. SSLv3_MINOR = 0, /* TLSv1 minor version number */
  475. TLSv1_MINOR = 1, /* TLSv1 minor version number */
  476. TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
  477. TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
  478. INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
  479. NO_COMPRESSION = 0,
  480. ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
  481. HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
  482. SECRET_LEN = 48, /* pre RSA and all master */
  483. ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
  484. SIZEOF_SENDER = 4, /* clnt or srvr */
  485. FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
  486. MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
  487. MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
  488. /* max added to msg, mac + pad from */
  489. /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
  490. digest sz + BLOC_SZ (iv) + pad byte (1) */
  491. MAX_COMP_EXTRA = 1024, /* max compression extra */
  492. MAX_MTU = 1500, /* max expected MTU */
  493. MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
  494. MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */
  495. MAX_STR_VERSION = 8, /* string rep of protocol version */
  496. PAD_MD5 = 48, /* pad length for finished */
  497. PAD_SHA = 40, /* pad length for finished */
  498. MAX_PAD_SIZE = 256, /* maximum length of padding */
  499. COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
  500. COMPRESS_CONSTANT = 13, /* compression calc constant */
  501. COMPRESS_UPPER = 55, /* compression calc numerator */
  502. COMPRESS_LOWER = 64, /* compression calc denominator */
  503. PEM_LINE_LEN = 80, /* PEM line max + fudge */
  504. LENGTH_SZ = 2, /* length field for HMAC, data only */
  505. VERSION_SZ = 2, /* length of proctocol version */
  506. SEQ_SZ = 8, /* 64 bit sequence number */
  507. BYTE3_LEN = 3, /* up to 24 bit byte lengths */
  508. ALERT_SIZE = 2, /* level + description */
  509. REQUEST_HEADER = 2, /* always use 2 bytes */
  510. VERIFY_HEADER = 2, /* always use 2 bytes */
  511. EXT_ID_SZ = 2, /* always use 2 bytes */
  512. MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
  513. MAX_SUITE_SZ = 200, /* 100 suites for now! */
  514. RAN_LEN = 32, /* random length */
  515. SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
  516. ID_LEN = 32, /* session id length */
  517. MAX_COOKIE_LEN = 32, /* max dtls cookie size */
  518. COOKIE_SZ = 20, /* use a 20 byte cookie */
  519. SUITE_LEN = 2, /* cipher suite sz length */
  520. ENUM_LEN = 1, /* always a byte */
  521. OPAQUE16_LEN = 2, /* always 2 bytes */
  522. COMP_LEN = 1, /* compression length */
  523. CURVE_LEN = 2, /* ecc named curve length */
  524. SERVER_ID_LEN = 20, /* server session id length */
  525. HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
  526. RECORD_HEADER_SZ = 5, /* type + version + len(2) */
  527. CERT_HEADER_SZ = 3, /* always 3 bytes */
  528. REQ_HEADER_SZ = 2, /* cert request header sz */
  529. HINT_LEN_SZ = 2, /* length of hint size field */
  530. HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
  531. HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
  532. HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
  533. HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
  534. HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
  535. DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
  536. DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
  537. DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
  538. DTLS_RECORD_EXTRA = 8, /* diff from normal */
  539. DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
  540. DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
  541. DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
  542. FINISHED_LABEL_SZ = 15, /* TLS finished label size */
  543. TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
  544. MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
  545. KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
  546. MAX_PRF_HALF = 128, /* Maximum half secret len */
  547. MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
  548. MAX_PRF_DIG = 224, /* Maximum digest len */
  549. MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
  550. SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
  551. RC4_KEY_SIZE = 16, /* always 128bit */
  552. DES_KEY_SIZE = 8, /* des */
  553. DES3_KEY_SIZE = 24, /* 3 des ede */
  554. DES_IV_SIZE = DES_BLOCK_SIZE,
  555. AES_256_KEY_SIZE = 32, /* for 256 bit */
  556. AES_192_KEY_SIZE = 24, /* for 192 bit */
  557. AES_IV_SIZE = 16, /* always block size */
  558. AES_128_KEY_SIZE = 16, /* for 128 bit */
  559. AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
  560. AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
  561. AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
  562. AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
  563. AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
  564. AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
  565. AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
  566. AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
  567. AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
  568. AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
  569. AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
  570. AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
  571. CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
  572. CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
  573. CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
  574. CAMELLIA_IV_SIZE = 16, /* always block size */
  575. HC_128_KEY_SIZE = 16, /* 128 bits */
  576. HC_128_IV_SIZE = 16, /* also 128 bits */
  577. RABBIT_KEY_SIZE = 16, /* 128 bits */
  578. RABBIT_IV_SIZE = 8, /* 64 bits for iv */
  579. EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
  580. ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
  581. MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
  582. MAX_HELLO_SZ = 128, /* max client or server hello */
  583. MAX_CERT_VERIFY_SZ = 1024, /* max */
  584. CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
  585. MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
  586. DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */
  587. DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
  588. DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
  589. DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
  590. MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
  591. MAX_PSK_KEY_LEN = 64, /* max psk key supported */
  592. MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
  593. #ifdef FORTRESS
  594. MAX_EX_DATA = 3, /* allow for three items of ex_data */
  595. #endif
  596. MAX_X509_SIZE = 2048, /* max static x509 buffer size */
  597. CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
  598. MAX_FILENAME_SZ = 256, /* max file name length */
  599. FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
  600. will use dynamic buffer if not big enough */
  601. MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
  602. MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
  603. MAX_NTRU_BITS = 256, /* max symmetric bit strength */
  604. NO_SNIFF = 0, /* not sniffing */
  605. SNIFF = 1, /* currently sniffing */
  606. HASH_SIG_SIZE = 2, /* default SHA1 RSA */
  607. NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
  608. NO_COPY = 0, /* should we copy static buffer for write */
  609. COPY = 1 /* should we copy static buffer for write */
  610. };
  611. #ifdef SESSION_INDEX
  612. /* Shift values for making a session index */
  613. #define SESSIDX_ROW_SHIFT 4
  614. #define SESSIDX_IDX_MASK 0x0F
  615. #endif
  616. /* max cert chain peer depth */
  617. #ifndef MAX_CHAIN_DEPTH
  618. #define MAX_CHAIN_DEPTH 9
  619. #endif
  620. /* don't use extra 3/4k stack space unless need to */
  621. #ifdef HAVE_NTRU
  622. #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
  623. #else
  624. #define MAX_ENCRYPT_SZ ENCRYPT_LEN
  625. #endif
  626. /* states */
  627. enum states {
  628. NULL_STATE = 0,
  629. SERVER_HELLOVERIFYREQUEST_COMPLETE,
  630. SERVER_HELLO_COMPLETE,
  631. SERVER_CERT_COMPLETE,
  632. SERVER_KEYEXCHANGE_COMPLETE,
  633. SERVER_HELLODONE_COMPLETE,
  634. SERVER_FINISHED_COMPLETE,
  635. CLIENT_HELLO_COMPLETE,
  636. CLIENT_KEYEXCHANGE_COMPLETE,
  637. CLIENT_FINISHED_COMPLETE,
  638. HANDSHAKE_DONE
  639. };
  640. #if defined(__GNUC__)
  641. #define CYASSL_PACK __attribute__ ((packed))
  642. #else
  643. #define CYASSL_PACK
  644. #endif
  645. /* SSL Version */
  646. typedef struct ProtocolVersion {
  647. byte major;
  648. byte minor;
  649. } CYASSL_PACK ProtocolVersion;
  650. CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
  651. CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
  652. CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
  653. CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
  654. #ifdef CYASSL_DTLS
  655. CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
  656. CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
  657. #endif
  658. enum BIO_TYPE {
  659. BIO_BUFFER = 1,
  660. BIO_SOCKET = 2,
  661. BIO_SSL = 3,
  662. BIO_MEMORY = 4
  663. };
  664. /* CyaSSL BIO_METHOD type */
  665. struct CYASSL_BIO_METHOD {
  666. byte type; /* method type */
  667. };
  668. /* CyaSSL BIO type */
  669. struct CYASSL_BIO {
  670. byte type; /* method type */
  671. byte close; /* close flag */
  672. byte eof; /* eof flag */
  673. CYASSL* ssl; /* possible associated ssl */
  674. byte* mem; /* memory buffer */
  675. int memLen; /* memory buffer length */
  676. int fd; /* possible file descriptor */
  677. CYASSL_BIO* prev; /* previous in chain */
  678. CYASSL_BIO* next; /* next in chain */
  679. };
  680. /* CyaSSL method type */
  681. struct CYASSL_METHOD {
  682. ProtocolVersion version;
  683. byte side; /* connection side, server or client */
  684. byte downgrade; /* whether to downgrade version, default no */
  685. };
  686. /* defautls to client */
  687. CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
  688. /* for sniffer */
  689. CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
  690. int sniff);
  691. CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
  692. /* CyaSSL buffer type */
  693. typedef struct buffer {
  694. word32 length;
  695. byte* buffer;
  696. } buffer;
  697. enum {
  698. FORCED_FREE = 1,
  699. NO_FORCED_FREE = 0
  700. };
  701. /* only use compression extra if using compression */
  702. #ifdef HAVE_LIBZ
  703. #define COMP_EXTRA MAX_COMP_EXTRA
  704. #else
  705. #define COMP_EXTRA 0
  706. #endif
  707. /* only the sniffer needs space in the buffer for extra MTU record(s) */
  708. #ifdef CYASSL_SNIFFER
  709. #define MTU_EXTRA MAX_MTU * 3
  710. #else
  711. #define MTU_EXTRA 0
  712. #endif
  713. /* embedded callbacks require large static buffers, make sure on */
  714. #ifdef CYASSL_CALLBACKS
  715. #undef LARGE_STATIC_BUFFERS
  716. #define LARGE_STATIC_BUFFERS
  717. #endif
  718. /* give user option to use 16K static buffers */
  719. #if defined(LARGE_STATIC_BUFFERS)
  720. #define RECORD_SIZE MAX_RECORD_SIZE
  721. #else
  722. #ifdef CYASSL_DTLS
  723. #define RECORD_SIZE MAX_MTU
  724. #else
  725. #define RECORD_SIZE 128
  726. #endif
  727. #endif
  728. /* user option to turn off 16K output option */
  729. /* if using small static buffers (default) and SSL_write tries to write data
  730. larger than the record we have, dynamically get it, unless user says only
  731. write in static buffer chuncks */
  732. #ifndef STATIC_CHUNKS_ONLY
  733. #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
  734. #else
  735. #define OUTPUT_RECORD_SIZE RECORD_SIZE
  736. #endif
  737. /* CyaSSL input buffer
  738. RFC 2246:
  739. length
  740. The length (in bytes) of the following TLSPlaintext.fragment.
  741. The length should not exceed 2^14.
  742. */
  743. #if defined(LARGE_STATIC_BUFFERS)
  744. #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
  745. MTU_EXTRA + MAX_MSG_EXTRA
  746. #else
  747. /* zero length arrays may not be supported */
  748. #define STATIC_BUFFER_LEN 1
  749. #endif
  750. typedef struct {
  751. word32 length; /* total buffer length used */
  752. word32 idx; /* idx to part of length already consumed */
  753. byte* buffer; /* place holder for static or dynamic buffer */
  754. word32 bufferSize; /* current buffer size */
  755. ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
  756. byte dynamicFlag; /* dynamic memory currently in use */
  757. byte offset; /* alignment offset attempt */
  758. } bufferStatic;
  759. /* Cipher Suites holder */
  760. typedef struct Suites {
  761. int setSuites; /* user set suites from default */
  762. byte suites[MAX_SUITE_SZ];
  763. word16 suiteSz; /* suite length in bytes */
  764. byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
  765. word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
  766. byte hashAlgo; /* selected hash algorithm */
  767. byte sigAlgo; /* selected sig algorithm */
  768. } Suites;
  769. CYASSL_LOCAL
  770. void InitSuites(Suites*, ProtocolVersion,
  771. byte, byte, byte, byte, byte, byte, int);
  772. CYASSL_LOCAL
  773. int SetCipherList(Suites*, const char* list);
  774. #ifndef PSK_TYPES_DEFINED
  775. typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
  776. unsigned int, unsigned char*, unsigned int);
  777. typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
  778. unsigned char*, unsigned int);
  779. #endif /* PSK_TYPES_DEFINED */
  780. #ifndef CYASSL_USER_IO
  781. /* default IO callbacks */
  782. CYASSL_LOCAL
  783. int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx);
  784. CYASSL_LOCAL
  785. int EmbedSend(CYASSL *ssl, char *buf, int sz, void *ctx);
  786. #ifdef HAVE_OCSP
  787. CYASSL_LOCAL
  788. int EmbedOcspLookup(void*, const char*, int, byte*, int, byte**);
  789. CYASSL_LOCAL
  790. void EmbedOcspRespFree(void*, byte*);
  791. #endif
  792. #ifdef CYASSL_DTLS
  793. CYASSL_LOCAL
  794. int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
  795. CYASSL_LOCAL
  796. int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
  797. CYASSL_LOCAL
  798. int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx);
  799. CYASSL_LOCAL
  800. int IsUDP(void*);
  801. #endif /* CYASSL_DTLS */
  802. #endif /* CYASSL_USER_IO */
  803. #ifdef HAVE_NETX
  804. CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx);
  805. CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx);
  806. #endif /* HAVE_NETX */
  807. /* CyaSSL Cipher type just points back to SSL */
  808. struct CYASSL_CIPHER {
  809. CYASSL* ssl;
  810. };
  811. #ifdef SINGLE_THREADED
  812. typedef int CyaSSL_Mutex;
  813. #else /* MULTI_THREADED */
  814. /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
  815. #ifdef FREERTOS
  816. typedef xSemaphoreHandle CyaSSL_Mutex;
  817. #elif defined(CYASSL_SAFERTOS)
  818. typedef struct CyaSSL_Mutex {
  819. signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
  820. xSemaphoreHandle mutex;
  821. } CyaSSL_Mutex;
  822. #elif defined(USE_WINDOWS_API)
  823. typedef CRITICAL_SECTION CyaSSL_Mutex;
  824. #elif defined(CYASSL_PTHREADS)
  825. typedef pthread_mutex_t CyaSSL_Mutex;
  826. #elif defined(THREADX)
  827. typedef TX_MUTEX CyaSSL_Mutex;
  828. #elif defined(MICRIUM)
  829. typedef OS_MUTEX CyaSSL_Mutex;
  830. #elif defined(EBSNET)
  831. typedef RTP_MUTEX CyaSSL_Mutex;
  832. #elif defined(FREESCALE_MQX)
  833. typedef MUTEX_STRUCT CyaSSL_Mutex;
  834. #elif defined(CYASSL_MDK_ARM)
  835. typedef OS_MUT CyaSSL_Mutex;
  836. #else
  837. #error Need a mutex type in multithreaded mode
  838. #endif /* USE_WINDOWS_API */
  839. #endif /* SINGLE_THREADED */
  840. CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
  841. CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
  842. CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
  843. CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
  844. typedef struct OCSP_Entry OCSP_Entry;
  845. #ifdef SHA_DIGEST_SIZE
  846. #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
  847. #else
  848. #define OCSP_DIGEST_SIZE 160
  849. #endif
  850. #ifdef NO_ASN
  851. /* no_asn won't have */
  852. typedef struct CertStatus CertStatus;
  853. #endif
  854. struct OCSP_Entry {
  855. OCSP_Entry* next; /* next entry */
  856. byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
  857. byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
  858. CertStatus* status; /* OCSP response list */
  859. int totalStatus; /* number on list */
  860. };
  861. /* CyaSSL OCSP controller */
  862. struct CYASSL_OCSP {
  863. byte enabled;
  864. byte useOverrideUrl;
  865. byte useNonce;
  866. char overrideUrl[80];
  867. OCSP_Entry* ocspList;
  868. void* IOCB_OcspCtx;
  869. CallbackIOOcsp CBIOOcsp;
  870. CallbackIOOcspRespFree CBIOOcspRespFree;
  871. };
  872. #ifndef MAX_DATE_SIZE
  873. #define MAX_DATE_SIZE 32
  874. #endif
  875. typedef struct CRL_Entry CRL_Entry;
  876. #ifdef SHA_DIGEST_SIZE
  877. #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
  878. #else
  879. #define CRL_DIGEST_SIZE 160
  880. #endif
  881. #ifdef NO_ASN
  882. typedef struct RevokedCert RevokedCert;
  883. #endif
  884. /* Complete CRL */
  885. struct CRL_Entry {
  886. CRL_Entry* next; /* next entry */
  887. byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
  888. /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
  889. /* restore the hash here if needed for optimized comparisons */
  890. byte lastDate[MAX_DATE_SIZE]; /* last date updated */
  891. byte nextDate[MAX_DATE_SIZE]; /* next update date */
  892. byte lastDateFormat; /* last date format */
  893. byte nextDateFormat; /* next date format */
  894. RevokedCert* certs; /* revoked cert list */
  895. int totalCerts; /* number on list */
  896. };
  897. typedef struct CRL_Monitor CRL_Monitor;
  898. /* CRL directory monitor */
  899. struct CRL_Monitor {
  900. char* path; /* full dir path, if valid pointer we're using */
  901. int type; /* PEM or ASN1 type */
  902. };
  903. #ifndef HAVE_CRL
  904. typedef struct CYASSL_CRL CYASSL_CRL;
  905. #endif
  906. /* CyaSSL CRL controller */
  907. struct CYASSL_CRL {
  908. CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
  909. CRL_Entry* crlList; /* our CRL list */
  910. CyaSSL_Mutex crlLock; /* CRL list lock */
  911. CRL_Monitor monitors[2]; /* PEM and DER possible */
  912. #ifdef HAVE_CRL_MONITOR
  913. pthread_t tid; /* monitoring thread */
  914. #endif
  915. };
  916. #ifdef NO_ASN
  917. typedef struct Signer Signer;
  918. #endif
  919. #ifndef CA_TABLE_SIZE
  920. #define CA_TABLE_SIZE 11
  921. #endif
  922. /* CyaSSL Certificate Manager */
  923. struct CYASSL_CERT_MANAGER {
  924. Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
  925. CyaSSL_Mutex caLock; /* CA list lock */
  926. CallbackCACache caCacheCallback; /* CA cache addition callback */
  927. void* heap; /* heap helper */
  928. CYASSL_CRL* crl; /* CRL checker */
  929. byte crlEnabled; /* is CRL on ? */
  930. byte crlCheckAll; /* always leaf, but all ? */
  931. CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
  932. };
  933. CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER*, const char*);
  934. CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER*, const char*);
  935. CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER*, void*, int, int*);
  936. CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER*, const void*, int);
  937. CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*);
  938. /* CyaSSL Sock Addr */
  939. struct CYASSL_SOCKADDR {
  940. unsigned int sz; /* sockaddr size */
  941. void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
  942. };
  943. typedef struct CYASSL_DTLS_CTX {
  944. CYASSL_SOCKADDR peer;
  945. int fd;
  946. } CYASSL_DTLS_CTX;
  947. /* RFC 6066 TLS Extensions */
  948. #ifdef HAVE_TLS_EXTENSIONS
  949. typedef enum {
  950. SERVER_NAME_INDICATION = 0,
  951. MAX_FRAGMENT_LENGTH = 1,
  952. /*CLIENT_CERTIFICATE_URL = 2,
  953. TRUSTED_CA_KEYS = 3,*/
  954. TRUNCATED_HMAC = 4,
  955. /*STATUS_REQUEST = 5,
  956. SIGNATURE_ALGORITHMS = 13,*/
  957. } TLSX_Type;
  958. typedef struct TLSX {
  959. TLSX_Type type; /* Extension Type */
  960. void* data; /* Extension Data */
  961. byte resp; /* IsResponse Flag */
  962. struct TLSX* next; /* List Behavior */
  963. } TLSX;
  964. CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
  965. CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
  966. #ifndef NO_CYASSL_CLIENT
  967. CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
  968. CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output);
  969. #endif
  970. #ifndef NO_CYASSL_SERVER
  971. CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl);
  972. CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
  973. #endif
  974. CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
  975. byte isRequest, Suites *suites);
  976. /* Server Name Indication */
  977. #ifdef HAVE_SNI
  978. typedef struct SNI {
  979. byte type; /* SNI Type */
  980. union { char* host_name; } data; /* SNI Data */
  981. struct SNI* next; /* List Behavior */
  982. #ifndef NO_CYASSL_SERVER
  983. byte options; /* Behaviour options */
  984. byte status; /* Matching result */
  985. #endif
  986. } SNI;
  987. CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
  988. word16 size);
  989. #ifndef NO_CYASSL_SERVER
  990. CYASSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
  991. byte options);
  992. CYASSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
  993. CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
  994. void** data);
  995. #endif
  996. #endif /* HAVE_SNI */
  997. /* Maximum Fragment Length */
  998. #ifdef HAVE_MAX_FRAGMENT
  999. CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
  1000. #endif /* HAVE_MAX_FRAGMENT */
  1001. #ifdef HAVE_TRUNCATED_HMAC
  1002. #define TRUNCATED_HMAC_SIZE 10
  1003. CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
  1004. #endif /* HAVE_TRUNCATED_HMAC */
  1005. #endif /* HAVE_TLS_EXTENSIONS */
  1006. /* CyaSSL context type */
  1007. struct CYASSL_CTX {
  1008. CYASSL_METHOD* method;
  1009. CyaSSL_Mutex countMutex; /* reference count mutex */
  1010. int refCount; /* reference count */
  1011. #ifndef NO_CERTS
  1012. buffer certificate;
  1013. buffer certChain;
  1014. /* chain after self, in DER, with leading size for each cert */
  1015. buffer privateKey;
  1016. buffer serverDH_P;
  1017. buffer serverDH_G;
  1018. CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
  1019. #endif
  1020. Suites suites;
  1021. void* heap; /* for user memory overrides */
  1022. byte verifyPeer;
  1023. byte verifyNone;
  1024. byte failNoCert;
  1025. byte sessionCacheOff;
  1026. byte sessionCacheFlushOff;
  1027. byte sendVerify; /* for client side */
  1028. byte haveRSA; /* RSA available */
  1029. byte haveDH; /* server DH parms set by user */
  1030. byte haveNTRU; /* server private NTRU key loaded */
  1031. byte haveECDSAsig; /* server cert signed w/ ECDSA */
  1032. byte haveStaticECC; /* static server ECC private key */
  1033. byte partialWrite; /* only one msg per write call */
  1034. byte quietShutdown; /* don't send close notify */
  1035. byte groupMessages; /* group handshake messages before sending */
  1036. CallbackIORecv CBIORecv;
  1037. CallbackIOSend CBIOSend;
  1038. #ifdef CYASSL_DTLS
  1039. CallbackGenCookie CBIOCookie; /* gen cookie callback */
  1040. #endif
  1041. VerifyCallback verifyCallback; /* cert verification callback */
  1042. word32 timeout; /* session timeout */
  1043. #ifdef HAVE_ECC
  1044. word16 eccTempKeySz; /* in octets 20 - 66 */
  1045. #endif
  1046. #ifndef NO_PSK
  1047. byte havePSK; /* psk key set by user */
  1048. psk_client_callback client_psk_cb; /* client callback */
  1049. psk_server_callback server_psk_cb; /* server callback */
  1050. char server_hint[MAX_PSK_ID_LEN];
  1051. #endif /* NO_PSK */
  1052. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  1053. pem_password_cb passwd_cb;
  1054. void* userdata;
  1055. #endif /* OPENSSL_EXTRA */
  1056. #ifdef HAVE_OCSP
  1057. CYASSL_OCSP ocsp;
  1058. #endif
  1059. #ifdef HAVE_CAVIUM
  1060. int devId; /* cavium device id to use */
  1061. #endif
  1062. #ifdef HAVE_TLS_EXTENSIONS
  1063. TLSX* extensions; /* RFC 6066 TLS Extensions data */
  1064. #endif
  1065. };
  1066. CYASSL_LOCAL
  1067. int InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*);
  1068. CYASSL_LOCAL
  1069. void FreeSSL_Ctx(CYASSL_CTX*);
  1070. CYASSL_LOCAL
  1071. void SSL_CtxResourceFree(CYASSL_CTX*);
  1072. CYASSL_LOCAL
  1073. int DeriveTlsKeys(CYASSL* ssl);
  1074. CYASSL_LOCAL
  1075. int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
  1076. word32 inSz, word16 sz);
  1077. #ifndef NO_CERTS
  1078. CYASSL_LOCAL
  1079. int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
  1080. CYASSL_LOCAL
  1081. int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
  1082. #endif
  1083. /* All cipher suite related info */
  1084. typedef struct CipherSpecs {
  1085. byte bulk_cipher_algorithm;
  1086. byte cipher_type; /* block, stream, or aead */
  1087. byte mac_algorithm;
  1088. byte kea; /* key exchange algo */
  1089. byte sig_algo;
  1090. byte hash_size;
  1091. byte pad_size;
  1092. byte static_ecdh;
  1093. word16 key_size;
  1094. word16 iv_size;
  1095. word16 block_size;
  1096. word16 aead_mac_size;
  1097. } CipherSpecs;
  1098. void InitCipherSpecs(CipherSpecs* cs);
  1099. /* Supported Ciphers from page 43 */
  1100. enum BulkCipherAlgorithm {
  1101. cipher_null,
  1102. rc4,
  1103. rc2,
  1104. des,
  1105. triple_des, /* leading 3 (3des) not valid identifier */
  1106. des40,
  1107. idea,
  1108. aes,
  1109. aes_gcm,
  1110. aes_ccm,
  1111. camellia,
  1112. hc128, /* CyaSSL extensions */
  1113. rabbit
  1114. };
  1115. /* Supported Message Authentication Codes from page 43 */
  1116. enum MACAlgorithm {
  1117. no_mac,
  1118. md5_mac,
  1119. sha_mac,
  1120. sha224_mac,
  1121. sha256_mac,
  1122. sha384_mac,
  1123. sha512_mac,
  1124. rmd_mac
  1125. };
  1126. /* Supported Key Exchange Protocols */
  1127. enum KeyExchangeAlgorithm {
  1128. no_kea,
  1129. rsa_kea,
  1130. diffie_hellman_kea,
  1131. fortezza_kea,
  1132. psk_kea,
  1133. ntru_kea,
  1134. ecc_diffie_hellman_kea,
  1135. ecc_static_diffie_hellman_kea /* for verify suite only */
  1136. };
  1137. /* Supported Authentication Schemes */
  1138. enum SignatureAlgorithm {
  1139. anonymous_sa_algo,
  1140. rsa_sa_algo,
  1141. dsa_sa_algo,
  1142. ecc_dsa_sa_algo
  1143. };
  1144. /* Supprted ECC Curve Types */
  1145. enum EccCurves {
  1146. named_curve = 3
  1147. };
  1148. /* Supprted ECC Named Curves */
  1149. enum EccNamedCurves {
  1150. secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */
  1151. secp384r1 = 0x18,
  1152. secp521r1 = 0x19,
  1153. secp160r1 = 0x10,
  1154. secp192r1 = 0x13, /* Openssl also call it prime192v1 */
  1155. secp224r1 = 0x15
  1156. };
  1157. /* Valid client certificate request types from page 27 */
  1158. enum ClientCertificateType {
  1159. rsa_sign = 1,
  1160. dss_sign = 2,
  1161. rsa_fixed_dh = 3,
  1162. dss_fixed_dh = 4,
  1163. rsa_ephemeral_dh = 5,
  1164. dss_ephemeral_dh = 6,
  1165. fortezza_kea_cert = 20
  1166. };
  1167. enum CipherType { stream, block, aead };
  1168. /* keys and secrets */
  1169. typedef struct Keys {
  1170. byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
  1171. byte server_write_MAC_secret[MAX_DIGEST_SIZE];
  1172. byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
  1173. byte server_write_key[AES_256_KEY_SIZE];
  1174. byte client_write_IV[AES_IV_SIZE]; /* max sizes */
  1175. byte server_write_IV[AES_IV_SIZE];
  1176. #ifdef HAVE_AEAD
  1177. byte aead_exp_IV[AEAD_EXP_IV_SZ];
  1178. byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
  1179. byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
  1180. #endif
  1181. word32 peer_sequence_number;
  1182. word32 sequence_number;
  1183. #ifdef CYASSL_DTLS
  1184. word32 dtls_sequence_number;
  1185. word32 dtls_peer_sequence_number;
  1186. word32 dtls_expected_peer_sequence_number;
  1187. word16 dtls_handshake_number;
  1188. word16 dtls_peer_handshake_number;
  1189. word16 dtls_expected_peer_handshake_number;
  1190. word16 dtls_epoch;
  1191. word16 dtls_peer_epoch;
  1192. word16 dtls_expected_peer_epoch;
  1193. #endif
  1194. word32 encryptSz; /* last size of encrypted data */
  1195. byte encryptionOn; /* true after change cipher spec */
  1196. byte decryptedCur; /* only decrypt current record once */
  1197. } Keys;
  1198. /* cipher for now */
  1199. typedef struct Ciphers {
  1200. #ifdef BUILD_ARC4
  1201. Arc4* arc4;
  1202. #endif
  1203. #ifdef BUILD_DES3
  1204. Des3* des3;
  1205. #endif
  1206. #if defined(BUILD_AES) || defined(BUILD_AESGCM)
  1207. Aes* aes;
  1208. #endif
  1209. #ifdef HAVE_CAMELLIA
  1210. Camellia* cam;
  1211. #endif
  1212. #ifdef HAVE_HC128
  1213. HC128* hc128;
  1214. #endif
  1215. #ifdef BUILD_RABBIT
  1216. Rabbit* rabbit;
  1217. #endif
  1218. byte setup; /* have we set it up flag for detection */
  1219. } Ciphers;
  1220. CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
  1221. CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
  1222. /* hashes type */
  1223. typedef struct Hashes {
  1224. #ifndef NO_OLD_TLS
  1225. byte md5[MD5_DIGEST_SIZE];
  1226. #endif
  1227. byte sha[SHA_DIGEST_SIZE];
  1228. #ifndef NO_SHA256
  1229. byte sha256[SHA256_DIGEST_SIZE];
  1230. #endif
  1231. #ifdef CYASSL_SHA384
  1232. byte sha384[SHA384_DIGEST_SIZE];
  1233. #endif
  1234. } Hashes;
  1235. /* Static x509 buffer */
  1236. typedef struct x509_buffer {
  1237. int length; /* actual size */
  1238. byte buffer[MAX_X509_SIZE]; /* max static cert size */
  1239. } x509_buffer;
  1240. /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
  1241. struct CYASSL_X509_CHAIN {
  1242. int count; /* total number in chain */
  1243. x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
  1244. };
  1245. /* CyaSSL session type */
  1246. struct CYASSL_SESSION {
  1247. byte sessionID[ID_LEN]; /* id for protocol */
  1248. byte masterSecret[SECRET_LEN]; /* stored secret */
  1249. word32 bornOn; /* create time in seconds */
  1250. word32 timeout; /* timeout in seconds */
  1251. #ifdef SESSION_CERTS
  1252. CYASSL_X509_CHAIN chain; /* peer cert chain, static */
  1253. ProtocolVersion version; /* which version was used */
  1254. byte cipherSuite0; /* first byte, normally 0 */
  1255. byte cipherSuite; /* 2nd byte, actual suite */
  1256. #endif
  1257. #ifndef NO_CLIENT_CACHE
  1258. byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
  1259. word16 idLen; /* serverID length */
  1260. #endif
  1261. };
  1262. CYASSL_LOCAL
  1263. CYASSL_SESSION* GetSession(CYASSL*, byte*);
  1264. CYASSL_LOCAL
  1265. int SetSession(CYASSL*, CYASSL_SESSION*);
  1266. typedef void (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int);
  1267. #ifndef NO_CLIENT_CACHE
  1268. CYASSL_SESSION* GetSessionClient(CYASSL*, const byte*, int);
  1269. #endif
  1270. /* client connect state for nonblocking restart */
  1271. enum ConnectState {
  1272. CONNECT_BEGIN = 0,
  1273. CLIENT_HELLO_SENT,
  1274. HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
  1275. HELLO_AGAIN_REPLY,
  1276. FIRST_REPLY_DONE,
  1277. FIRST_REPLY_FIRST,
  1278. FIRST_REPLY_SECOND,
  1279. FIRST_REPLY_THIRD,
  1280. FIRST_REPLY_FOURTH,
  1281. FINISHED_DONE,
  1282. SECOND_REPLY_DONE
  1283. };
  1284. /* server accept state for nonblocking restart */
  1285. enum AcceptState {
  1286. ACCEPT_BEGIN = 0,
  1287. ACCEPT_CLIENT_HELLO_DONE,
  1288. HELLO_VERIFY_SENT,
  1289. ACCEPT_FIRST_REPLY_DONE,
  1290. SERVER_HELLO_SENT,
  1291. CERT_SENT,
  1292. KEY_EXCHANGE_SENT,
  1293. CERT_REQ_SENT,
  1294. SERVER_HELLO_DONE,
  1295. ACCEPT_SECOND_REPLY_DONE,
  1296. CHANGE_CIPHER_SENT,
  1297. ACCEPT_FINISHED_DONE,
  1298. ACCEPT_THIRD_REPLY_DONE
  1299. };
  1300. typedef struct Buffers {
  1301. #ifndef NO_CERTS
  1302. buffer certificate; /* CYASSL_CTX owns, unless we own */
  1303. buffer key; /* CYASSL_CTX owns, unless we own */
  1304. buffer certChain; /* CYASSL_CTX owns */
  1305. /* chain after self, in DER, with leading size for each cert */
  1306. buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
  1307. buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
  1308. buffer serverDH_Pub;
  1309. buffer serverDH_Priv;
  1310. #endif
  1311. buffer domainName; /* for client check */
  1312. bufferStatic inputBuffer;
  1313. bufferStatic outputBuffer;
  1314. buffer clearOutputBuffer;
  1315. int prevSent; /* previous plain text bytes sent
  1316. when got WANT_WRITE */
  1317. int plainSz; /* plain text bytes in buffer to send
  1318. when got WANT_WRITE */
  1319. byte weOwnCert; /* SSL own cert flag */
  1320. byte weOwnKey; /* SSL own key flag */
  1321. byte weOwnDH; /* SSL own dh (p,g) flag */
  1322. #ifdef CYASSL_DTLS
  1323. CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
  1324. #endif
  1325. } Buffers;
  1326. typedef struct Options {
  1327. byte sessionCacheOff;
  1328. byte sessionCacheFlushOff;
  1329. byte cipherSuite0; /* first byte, normally 0 */
  1330. byte cipherSuite; /* second byte, actual suite */
  1331. byte serverState;
  1332. byte clientState;
  1333. byte handShakeState;
  1334. byte side; /* client or server end */
  1335. byte verifyPeer;
  1336. byte verifyNone;
  1337. byte failNoCert;
  1338. byte downgrade; /* allow downgrade of versions */
  1339. byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
  1340. byte resuming;
  1341. byte haveSessionId; /* server may not send */
  1342. byte tls; /* using TLS ? */
  1343. byte tls1_1; /* using TLSv1.1+ ? */
  1344. byte dtls; /* using datagrams ? */
  1345. byte connReset; /* has the peer reset */
  1346. byte isClosed; /* if we consider conn closed */
  1347. byte closeNotify; /* we've recieved a close notify */
  1348. byte sentNotify; /* we've sent a close notify */
  1349. byte connectState; /* nonblocking resume */
  1350. byte acceptState; /* nonblocking resume */
  1351. byte usingCompression; /* are we using compression */
  1352. byte haveRSA; /* RSA available */
  1353. byte haveDH; /* server DH parms set by user */
  1354. byte haveNTRU; /* server NTRU private key loaded */
  1355. byte haveECDSAsig; /* server ECDSA signed cert */
  1356. byte haveStaticECC; /* static server ECC private key */
  1357. byte havePeerCert; /* do we have peer's cert */
  1358. byte havePeerVerify; /* and peer's cert verify */
  1359. byte usingPSK_cipher; /* whether we're using psk as cipher */
  1360. byte sendAlertState; /* nonblocking resume */
  1361. byte processReply; /* nonblocking resume */
  1362. byte partialWrite; /* only one msg per write call */
  1363. byte quietShutdown; /* don't send close notify */
  1364. byte certOnly; /* stop once we get cert */
  1365. byte groupMessages; /* group handshake messages */
  1366. byte usingNonblock; /* set when using nonblocking socket */
  1367. byte saveArrays; /* save array Memory for user get keys
  1368. or psk */
  1369. #ifndef NO_PSK
  1370. byte havePSK; /* psk key set by user */
  1371. psk_client_callback client_psk_cb;
  1372. psk_server_callback server_psk_cb;
  1373. #endif /* NO_PSK */
  1374. } Options;
  1375. typedef struct Arrays {
  1376. byte clientRandom[RAN_LEN];
  1377. byte serverRandom[RAN_LEN];
  1378. byte sessionID[ID_LEN];
  1379. byte preMasterSecret[ENCRYPT_LEN];
  1380. byte masterSecret[SECRET_LEN];
  1381. #ifdef CYASSL_DTLS
  1382. byte cookie[MAX_COOKIE_LEN];
  1383. byte cookieSz;
  1384. #endif
  1385. #ifndef NO_PSK
  1386. char client_identity[MAX_PSK_ID_LEN];
  1387. char server_hint[MAX_PSK_ID_LEN];
  1388. byte psk_key[MAX_PSK_KEY_LEN];
  1389. word32 psk_keySz; /* acutal size */
  1390. #endif
  1391. word32 preMasterSz; /* differs for DH, actual size */
  1392. } Arrays;
  1393. #ifndef ASN_NAME_MAX
  1394. #define ASN_NAME_MAX 256
  1395. #endif
  1396. struct CYASSL_X509_NAME {
  1397. char name[ASN_NAME_MAX];
  1398. int sz;
  1399. };
  1400. #ifndef EXTERNAL_SERIAL_SIZE
  1401. #define EXTERNAL_SERIAL_SIZE 32
  1402. #endif
  1403. #ifdef NO_ASN
  1404. typedef struct DNS_entry DNS_entry;
  1405. #endif
  1406. struct CYASSL_X509 {
  1407. CYASSL_X509_NAME issuer;
  1408. CYASSL_X509_NAME subject;
  1409. int serialSz;
  1410. byte serial[EXTERNAL_SERIAL_SIZE];
  1411. char subjectCN[ASN_NAME_MAX]; /* common name short cut */
  1412. buffer derCert; /* may need */
  1413. DNS_entry* altNames; /* alt names list */
  1414. DNS_entry* altNamesNext; /* hint for retrieval */
  1415. byte dynamicMemory; /* dynamic memory flag */
  1416. };
  1417. /* record layer header for PlainText, Compressed, and CipherText */
  1418. typedef struct RecordLayerHeader {
  1419. byte type;
  1420. byte pvMajor;
  1421. byte pvMinor;
  1422. byte length[2];
  1423. } RecordLayerHeader;
  1424. /* record layer header for DTLS PlainText, Compressed, and CipherText */
  1425. typedef struct DtlsRecordLayerHeader {
  1426. byte type;
  1427. byte pvMajor;
  1428. byte pvMinor;
  1429. byte epoch[2]; /* increment on cipher state change */
  1430. byte sequence_number[6]; /* per record */
  1431. byte length[2];
  1432. } DtlsRecordLayerHeader;
  1433. typedef struct DtlsPool {
  1434. buffer buf[DTLS_POOL_SZ];
  1435. int used;
  1436. } DtlsPool;
  1437. typedef struct DtlsMsg {
  1438. struct DtlsMsg* next;
  1439. word32 seq; /* Handshake sequence number */
  1440. word32 sz; /* Length of whole mesage */
  1441. word32 fragSz; /* Length of fragments received */
  1442. byte type;
  1443. byte* buf;
  1444. byte* msg;
  1445. } DtlsMsg;
  1446. #ifdef HAVE_NETX
  1447. /* NETX I/O Callback default */
  1448. typedef struct NetX_Ctx {
  1449. NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
  1450. NX_PACKET* nxPacket; /* incoming packet handle for short reads */
  1451. ULONG nxOffset; /* offset already read from nxPacket */
  1452. ULONG nxWait; /* wait option flag */
  1453. } NetX_Ctx;
  1454. #endif
  1455. /* CyaSSL ssl type */
  1456. struct CYASSL {
  1457. CYASSL_CTX* ctx;
  1458. int error;
  1459. ProtocolVersion version; /* negotiated version */
  1460. ProtocolVersion chVersion; /* client hello version */
  1461. Suites* suites; /* only need during handshake */
  1462. Ciphers encrypt;
  1463. Ciphers decrypt;
  1464. CipherSpecs specs;
  1465. Keys keys;
  1466. int rfd; /* read file descriptor */
  1467. int wfd; /* write file descriptor */
  1468. int rflags; /* user read flags */
  1469. int wflags; /* user write flags */
  1470. CYASSL_BIO* biord; /* socket bio read to free/close */
  1471. CYASSL_BIO* biowr; /* socket bio write to free/close */
  1472. void* IOCB_ReadCtx;
  1473. void* IOCB_WriteCtx;
  1474. RNG* rng;
  1475. #ifndef NO_OLD_TLS
  1476. #ifndef NO_SHA
  1477. Sha hashSha; /* sha hash of handshake msgs */
  1478. #endif
  1479. #ifndef NO_MD5
  1480. Md5 hashMd5; /* md5 hash of handshake msgs */
  1481. #endif
  1482. #endif
  1483. #ifndef NO_SHA256
  1484. Sha256 hashSha256; /* sha256 hash of handshake msgs */
  1485. #endif
  1486. #ifdef CYASSL_SHA384
  1487. Sha384 hashSha384; /* sha384 hash of handshake msgs */
  1488. #endif
  1489. Hashes verifyHashes;
  1490. Hashes certHashes; /* for cert verify */
  1491. Buffers buffers;
  1492. Options options;
  1493. Arrays* arrays;
  1494. CYASSL_SESSION session;
  1495. VerifyCallback verifyCallback; /* cert verification callback */
  1496. void* verifyCbCtx; /* cert verify callback user ctx*/
  1497. #ifndef NO_RSA
  1498. RsaKey* peerRsaKey;
  1499. byte peerRsaKeyPresent;
  1500. #endif
  1501. #ifdef HAVE_NTRU
  1502. word16 peerNtruKeyLen;
  1503. byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
  1504. byte peerNtruKeyPresent;
  1505. #endif
  1506. #ifdef HAVE_ECC
  1507. ecc_key* peerEccKey; /* peer's ECDHE key */
  1508. ecc_key* peerEccDsaKey; /* peer's ECDSA key */
  1509. ecc_key* eccTempKey; /* private ECDHE key */
  1510. ecc_key* eccDsaKey; /* private ECDSA key */
  1511. word16 eccTempKeySz; /* in octets 20 - 66 */
  1512. byte peerEccKeyPresent;
  1513. byte peerEccDsaKeyPresent;
  1514. byte eccTempKeyPresent;
  1515. byte eccDsaKeyPresent;
  1516. #endif
  1517. hmacfp hmac;
  1518. void* heap; /* for user overrides */
  1519. RecordLayerHeader curRL;
  1520. word16 curSize;
  1521. word32 timeout; /* session timeout */
  1522. CYASSL_CIPHER cipher;
  1523. #ifdef HAVE_LIBZ
  1524. z_stream c_stream; /* compression stream */
  1525. z_stream d_stream; /* decompression stream */
  1526. byte didStreamInit; /* for stream init and end */
  1527. #endif
  1528. #ifdef CYASSL_DTLS
  1529. int dtls_timeout_init; /* starting timeout vaule */
  1530. int dtls_timeout_max; /* maximum timeout value */
  1531. int dtls_timeout; /* current timeout value, changes */
  1532. DtlsPool* dtls_pool;
  1533. DtlsMsg* dtls_msg_list;
  1534. void* IOCB_CookieCtx; /* gen cookie ctx */
  1535. word32 dtls_expected_rx;
  1536. #endif
  1537. #ifdef CYASSL_CALLBACKS
  1538. HandShakeInfo handShakeInfo; /* info saved during handshake */
  1539. TimeoutInfo timeoutInfo; /* info saved during handshake */
  1540. byte hsInfoOn; /* track handshake info */
  1541. byte toInfoOn; /* track timeout info */
  1542. #endif
  1543. #ifdef KEEP_PEER_CERT
  1544. CYASSL_X509 peerCert; /* X509 peer cert */
  1545. #endif
  1546. #ifdef FORTRESS
  1547. void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
  1548. #endif
  1549. #ifdef HAVE_CAVIUM
  1550. int devId; /* cavium device id to use */
  1551. #endif
  1552. #ifdef HAVE_TLS_EXTENSIONS
  1553. TLSX* extensions; /* RFC 6066 TLS Extensions data */
  1554. #ifdef HAVE_MAX_FRAGMENT
  1555. word16 max_fragment;
  1556. #endif
  1557. #ifdef HAVE_TRUNCATED_HMAC
  1558. byte truncated_hmac;
  1559. #endif
  1560. #endif
  1561. #ifdef HAVE_NETX
  1562. NetX_Ctx nxCtx; /* NetX IO Context */
  1563. #endif
  1564. #ifdef SESSION_INDEX
  1565. int sessionIndex; /* Session's location in the cache. */
  1566. #endif
  1567. CYASSL_ALERT_HISTORY alert_history;
  1568. };
  1569. CYASSL_LOCAL
  1570. int InitSSL(CYASSL*, CYASSL_CTX*);
  1571. CYASSL_LOCAL
  1572. void FreeSSL(CYASSL*);
  1573. CYASSL_API void SSL_ResourceFree(CYASSL*); /* Micrium uses */
  1574. enum {
  1575. IV_SZ = 32, /* max iv sz */
  1576. NAME_SZ = 80 /* max one line */
  1577. };
  1578. typedef struct EncryptedInfo {
  1579. char name[NAME_SZ]; /* encryption name */
  1580. byte iv[IV_SZ]; /* encrypted IV */
  1581. word32 ivSz; /* encrypted IV size */
  1582. long consumed; /* tracks PEM bytes consumed */
  1583. byte set; /* if encryption set */
  1584. CYASSL_CTX* ctx; /* CTX owner */
  1585. } EncryptedInfo;
  1586. #ifndef NO_CERTS
  1587. CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
  1588. buffer* der, void* heap, EncryptedInfo* info,
  1589. int* eccKey);
  1590. CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
  1591. int type, CYASSL* ssl, int userChain,
  1592. CYASSL_CRL* crl);
  1593. #endif
  1594. #ifdef CYASSL_CALLBACKS
  1595. CYASSL_LOCAL
  1596. void InitHandShakeInfo(HandShakeInfo*);
  1597. CYASSL_LOCAL
  1598. void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*);
  1599. CYASSL_LOCAL
  1600. void AddPacketName(const char*, HandShakeInfo*);
  1601. CYASSL_LOCAL
  1602. void InitTimeoutInfo(TimeoutInfo*);
  1603. CYASSL_LOCAL
  1604. void FreeTimeoutInfo(TimeoutInfo*, void*);
  1605. CYASSL_LOCAL
  1606. void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
  1607. CYASSL_LOCAL
  1608. void AddLateName(const char*, TimeoutInfo*);
  1609. CYASSL_LOCAL
  1610. void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
  1611. #endif
  1612. /* Record Layer Header identifier from page 12 */
  1613. enum ContentType {
  1614. no_type = 0,
  1615. change_cipher_spec = 20,
  1616. alert = 21,
  1617. handshake = 22,
  1618. application_data = 23
  1619. };
  1620. /* handshake header, same for each message type, pgs 20/21 */
  1621. typedef struct HandShakeHeader {
  1622. byte type;
  1623. word24 length;
  1624. } HandShakeHeader;
  1625. /* DTLS handshake header, same for each message type */
  1626. typedef struct DtlsHandShakeHeader {
  1627. byte type;
  1628. word24 length;
  1629. byte message_seq[2]; /* start at 0, restransmit gets same # */
  1630. word24 fragment_offset; /* bytes in previous fragments */
  1631. word24 fragment_length; /* length of this fragment */
  1632. } DtlsHandShakeHeader;
  1633. enum HandShakeType {
  1634. no_shake = -1,
  1635. hello_request = 0,
  1636. client_hello = 1,
  1637. server_hello = 2,
  1638. hello_verify_request = 3, /* DTLS addition */
  1639. session_ticket = 4,
  1640. certificate = 11,
  1641. server_key_exchange = 12,
  1642. certificate_request = 13,
  1643. server_hello_done = 14,
  1644. certificate_verify = 15,
  1645. client_key_exchange = 16,
  1646. finished = 20
  1647. };
  1648. static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
  1649. static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
  1650. static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
  1651. static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
  1652. /* internal functions */
  1653. CYASSL_LOCAL int SendChangeCipher(CYASSL*);
  1654. CYASSL_LOCAL int SendData(CYASSL*, const void*, int);
  1655. CYASSL_LOCAL int SendCertificate(CYASSL*);
  1656. CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
  1657. CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
  1658. CYASSL_LOCAL int SendBuffered(CYASSL*);
  1659. CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int, int);
  1660. CYASSL_LOCAL int SendFinished(CYASSL*);
  1661. CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
  1662. CYASSL_LOCAL int ProcessReply(CYASSL*);
  1663. CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
  1664. CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
  1665. CYASSL_LOCAL int AddSession(CYASSL*);
  1666. CYASSL_LOCAL int DeriveKeys(CYASSL* ssl);
  1667. CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
  1668. CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
  1669. CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
  1670. CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
  1671. CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
  1672. CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
  1673. #ifndef NO_CERTS
  1674. CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
  1675. #ifndef NO_SKID
  1676. CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
  1677. #endif
  1678. #endif
  1679. CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
  1680. const byte* sender);
  1681. CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
  1682. CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);
  1683. CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
  1684. #ifndef NO_TLS
  1685. CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
  1686. CYASSL_LOCAL void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
  1687. word32 sz, int content, int verify);
  1688. #endif
  1689. #ifndef NO_CYASSL_CLIENT
  1690. CYASSL_LOCAL int SendClientHello(CYASSL*);
  1691. CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
  1692. CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
  1693. #endif /* NO_CYASSL_CLIENT */
  1694. #ifndef NO_CYASSL_SERVER
  1695. CYASSL_LOCAL int SendServerHello(CYASSL*);
  1696. CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
  1697. #ifdef CYASSL_DTLS
  1698. CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
  1699. #endif
  1700. #endif /* NO_CYASSL_SERVER */
  1701. #ifdef CYASSL_DTLS
  1702. CYASSL_LOCAL int DtlsPoolInit(CYASSL*);
  1703. CYASSL_LOCAL int DtlsPoolSave(CYASSL*, const byte*, int);
  1704. CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*);
  1705. CYASSL_LOCAL int DtlsPoolSend(CYASSL*);
  1706. CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
  1707. CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
  1708. CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
  1709. CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
  1710. CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
  1711. word32, word32);
  1712. CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
  1713. CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32,
  1714. byte, word32, word32, void*);
  1715. CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
  1716. #endif /* CYASSL_DTLS */
  1717. #ifndef NO_TLS
  1718. #endif /* NO_TLS */
  1719. CYASSL_LOCAL word32 LowResTimer(void);
  1720. CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
  1721. CYASSL_LOCAL void FreeX509(CYASSL_X509*);
  1722. #ifndef NO_CERTS
  1723. CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
  1724. #endif
  1725. #ifdef __cplusplus
  1726. } /* extern "C" */
  1727. #endif
  1728. #endif /* CyaSSL_INT_H */