cosmopolitan/third_party/mbedtls/ssl_cookie.h

#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/ssl.h"
/* clang-format off */

/**
 * \name SECTION: Module settings
 *
 * The configuration options you can set for this module are in this section.
 * Either change them in config.h or define them on the compiler command line.
 * \{
 */
#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
#define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
#endif

/* \} name SECTION: Module settings */

#ifdef __cplusplus
extern "C" {
#endif

/**
 * \brief          Context for the default cookie functions.
 */
typedef struct mbedtls_ssl_cookie_ctx
{
    mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
#if !defined(MBEDTLS_HAVE_TIME)
    unsigned long   serial;     /*!< serial number for expiration   */
#endif
    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
                                     or in number of tickets issued */
} mbedtls_ssl_cookie_ctx;

/**
 * \brief          Initialize cookie context
 */
void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );

/**
 * \brief          Setup cookie context (generate keys)
 */
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );

/**
 * \brief          Set expiration delay for cookies
 *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
 *
 * \param ctx      Cookie contex
 * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
 *                 issued in the meantime.
 *                 0 to disable expiration (NOT recommended)
 */
void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );

/**
 * \brief          Free cookie context
 */
void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );

/**
 * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
 */
mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;

/**
 * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
 */
mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;

#ifdef __cplusplus
}
#endif

#endif /* ssl_cookie.h */
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#ifndef MBEDTLS_SSL_COOKIE_H`
			`#define MBEDTLS_SSL_COOKIE_H`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/config.h"`
			`#include "third_party/mbedtls/ssl.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`/* clang-format off */`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \name SECTION: Module settings`
			`*`
			`* The configuration options you can set for this module are in this section.`
			`* Either change them in config.h or define them on the compiler command line.`
			`* \{`
			`*/`
			`#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT`
			`#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /*< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued /`
			`#endif`

			`/* \} name SECTION: Module settings */`

			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`

			`/**`
			`* \brief Context for the default cookie functions.`
			`*/`
			`typedef struct mbedtls_ssl_cookie_ctx`
			`{`
			`mbedtls_md_context_t hmac_ctx; /!< context for the HMAC portion /`
			`#if !defined(MBEDTLS_HAVE_TIME)`
			`unsigned long serial; /!< serial number for expiration /`
			`#endif`
			`unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,`
			`or in number of tickets issued */`
			`} mbedtls_ssl_cookie_ctx;`

			`/**`
			`* \brief Initialize cookie context`
			`*/`
			`void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );`

			`/**`
			`* \brief Setup cookie context (generate keys)`
			`*/`
			`int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,`
			`int (f_rng)(void , unsigned char *, size_t),`
			`void *p_rng );`

			`/**`
			`* \brief Set expiration delay for cookies`
			`* (Default MBEDTLS_SSL_COOKIE_TIMEOUT)`
			`*`
			`* \param ctx Cookie contex`
			`* \param delay Delay, in seconds if HAVE_TIME, or in number of cookies`
			`* issued in the meantime.`
			`* 0 to disable expiration (NOT recommended)`
			`*/`
			`void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );`

			`/**`
			`* \brief Free cookie context`
			`*/`
			`void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );`

			`/**`
			`* \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t`
			`*/`
			`mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;`

			`/**`
			`* \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t`
			`*/`
			`mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;`

			`#ifdef __cplusplus`
			`}`
			`#endif`

			`#endif /* ssl_cookie.h */`