47#if !defined(MBEDTLS_CONFIG_FILE)
50#include MBEDTLS_CONFIG_FILE
53#if defined(MBEDTLS_SSL_TICKET_C)
55#if defined(MBEDTLS_PLATFORM_C)
59#define mbedtls_calloc calloc
60#define mbedtls_free free
76#if defined(MBEDTLS_THREADING_C)
77 mbedtls_mutex_init( &
ctx->mutex );
81#define MAX_KEY_BYTES 32
83#define TICKET_KEY_NAME_BYTES 4
84#define TICKET_IV_BYTES 12
85#define TICKET_CRYPT_LEN_BYTES 2
86#define TICKET_AUTH_TAG_BYTES 16
88#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \
90 TICKET_CRYPT_LEN_BYTES + \
91 TICKET_AUTH_TAG_BYTES )
92#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \
94 TICKET_CRYPT_LEN_BYTES )
100 unsigned char index )
103 unsigned char buf[MAX_KEY_BYTES];
106#if defined(MBEDTLS_HAVE_TIME)
131#if !defined(MBEDTLS_HAVE_TIME)
134 if(
ctx->ticket_lifetime != 0 )
139 if( current_time >= key_time &&
140 current_time - key_time < ctx->ticket_lifetime )
145 ctx->active = 1 -
ctx->active;
147 return( ssl_ticket_gen_key(
ctx,
ctx->active ) );
158 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng,
168 ctx->ticket_lifetime = lifetime;
171 if( cipher_info ==
NULL )
180 if( cipher_info->
key_bitlen > 8 * MAX_KEY_BYTES )
189 if( (
ret = ssl_ticket_gen_key(
ctx, 0 ) ) != 0 ||
190 (
ret = ssl_ticket_gen_key(
ctx, 1 ) ) != 0 )
205 unsigned char *
buf,
size_t buf_len,
208 unsigned char *
p =
buf;
209 size_t left = buf_len;
210#if defined(MBEDTLS_X509_CRT_PARSE_C)
221#if defined(MBEDTLS_X509_CRT_PARSE_C)
225 cert_len =
session->peer_cert->raw.len;
227 if(
left < 3 + cert_len )
230 *
p++ = (
unsigned char)( ( cert_len >> 16 ) & 0xFF );
231 *
p++ = (
unsigned char)( ( cert_len >> 8 ) & 0xFF );
232 *
p++ = (
unsigned char)( ( cert_len ) & 0xFF );
249 const unsigned char *
buf,
size_t len )
251 const unsigned char *
p =
buf;
252 const unsigned char *
const end =
buf +
len;
253#if defined(MBEDTLS_X509_CRT_PARSE_C)
263#if defined(MBEDTLS_X509_CRT_PARSE_C)
264 if( 3 > (
size_t)(
end -
p ) )
267 cert_len = (
p[0] << 16 ) | (
p[1] << 8 ) |
p[2];
278 if( cert_len > (
size_t)(
end -
p ) )
289 p, cert_len ) ) != 0 )
323 unsigned char *
start,
324 const unsigned char *
end,
332 unsigned char *iv =
start + TICKET_KEY_NAME_BYTES;
333 unsigned char *state_len_bytes = iv + TICKET_IV_BYTES;
334 unsigned char *
state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
336 size_t clear_len, ciph_len;
347#if defined(MBEDTLS_THREADING_C)
348 if( (
ret = mbedtls_mutex_lock( &
ctx->mutex ) ) != 0 )
352 if( (
ret = ssl_ticket_update_keys(
ctx ) ) != 0 )
357 *ticket_lifetime =
ctx->ticket_lifetime;
361 if( (
ret =
ctx->f_rng(
ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 )
367 (
unsigned long) clear_len > 65535 )
371 state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
372 state_len_bytes[1] = ( clear_len ) & 0xff;
381 tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
385 if( ciph_len != clear_len )
391 *tlen = TICKET_MIN_LEN + ciph_len;
394#if defined(MBEDTLS_THREADING_C)
395 if( mbedtls_mutex_unlock( &
ctx->mutex ) != 0 )
407 const unsigned char name[4] )
411 for(
i = 0;
i <
sizeof(
ctx->keys ) /
sizeof( *
ctx->keys );
i++ )
413 return( &
ctx->keys[
i] );
430 unsigned char *iv =
buf + TICKET_KEY_NAME_BYTES;
431 unsigned char *enc_len_p = iv + TICKET_IV_BYTES;
432 unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
434 size_t enc_len, clear_len;
439 if(
len < TICKET_MIN_LEN )
442#if defined(MBEDTLS_THREADING_C)
443 if( (
ret = mbedtls_mutex_lock( &
ctx->mutex ) ) != 0 )
447 if( (
ret = ssl_ticket_update_keys(
ctx ) ) != 0 )
450 enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
451 tag = ticket + enc_len;
453 if(
len != TICKET_MIN_LEN + enc_len )
475 tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
482 if( clear_len != enc_len )
489 if( (
ret = ssl_load_session(
session, ticket, clear_len ) ) != 0 )
492#if defined(MBEDTLS_HAVE_TIME)
497 if( current_time < session->
start ||
507#if defined(MBEDTLS_THREADING_C)
508 if( mbedtls_mutex_unlock( &
ctx->mutex ) != 0 )
523#if defined(MBEDTLS_THREADING_C)
524 mbedtls_mutex_free( &
ctx->mutex );
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes and fills the cipher-context structure with the appropriate values....
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic autenticated encryption (AEAD) function.
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED
static int mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
This function returns the key length of the cipher.
int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic autenticated decryption (AEAD) function.
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
static void cleanup(void)
GLenum GLuint GLenum GLsizei const GLchar * buf
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
#define memcpy(s1, s2, n)
#define mbedtls_cipher_info_from_type
Configuration options (set of defines)
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA
#define MBEDTLS_ERR_SSL_ALLOC_FAILED
#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
#define MBEDTLS_ERR_SSL_INVALID_MAC
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
#define MBEDTLS_ERR_SSL_INTERNAL_ERROR
Internal functions shared by the SSL modules.
#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need)
This macro checks if the remaining size in a buffer is greater or equal than a needed space....
TLS server ticket callbacks implementation.
void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)
Initialize a ticket context. (Just make it ready for mbedtls_ssl_ticket_setup() or mbedtls_ssl_ticket...
void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
Free a context's content and zeroize it.
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime)
Prepare context to be actually used.
mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write
Implementation of the ticket write callback.
mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse
Implementation of the ticket parse callback.
mbedtls_cipher_mode_t mode
Context for session ticket handling functions.
Information for session ticket protection.
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR