55#if !defined(MBEDTLS_CONFIG_FILE)
58#include MBEDTLS_CONFIG_FILE
61#if defined(MBEDTLS_SSL_TLS_C)
63#if defined(MBEDTLS_PLATFORM_C)
67#define mbedtls_calloc calloc
68#define mbedtls_free free
78#if defined(MBEDTLS_X509_CRT_PARSE_C)
88#if defined(MBEDTLS_SSL_PROTO_DTLS)
132#define SSL_DONT_FORCE_FLUSH 0
133#define SSL_FORCE_FLUSH 1
135#if defined(MBEDTLS_SSL_PROTO_DTLS)
151 size_t mtu = ssl_get_current_mtu( ssl );
161 size_t const bytes_written = ssl->
out_left;
162 size_t const mtu = ssl_get_maximum_datagram_size( ssl );
166 if( bytes_written > mtu )
172 return( (
int) ( mtu - bytes_written ) );
178 size_t remaining, expansion;
181#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
196 if( max_len <= ssl->out_left )
202 ret = ssl_get_remaining_space_in_datagram( ssl );
212 if( remaining <= expansion )
215 remaining -= expansion;
216 if( remaining >= max_len )
219 return( (
int) remaining );
230 if( ssl->
handshake->retransmit_timeout >= ssl->
conf->hs_timeout_max )
239 if( ssl->
handshake->retransmit_timeout != ssl->
conf->hs_timeout_min )
245 new_timeout = 2 * ssl->
handshake->retransmit_timeout;
248 if( new_timeout < ssl->handshake->retransmit_timeout ||
249 new_timeout > ssl->
conf->hs_timeout_max )
251 new_timeout = ssl->
conf->hs_timeout_max;
254 ssl->
handshake->retransmit_timeout = new_timeout;
263 ssl->
handshake->retransmit_timeout = ssl->
conf->hs_timeout_min;
269#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
278static unsigned int ssl_mfl_code_to_length(
int mfl )
298#if defined(MBEDTLS_SSL_CLI_C)
304#if defined(MBEDTLS_X509_CRT_PARSE_C)
316 src->peer_cert->raw.len ) ) != 0 )
325#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
340#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
342 const unsigned char *key_enc,
const unsigned char *key_dec,
344 const unsigned char *iv_enc,
const unsigned char *iv_dec,
346 const unsigned char *mac_enc,
const unsigned char *mac_dec,
347 size_t maclen ) =
NULL;
358#if defined(MBEDTLS_SSL_PROTO_SSL3)
359static int ssl3_prf(
const unsigned char *
secret,
size_t slen,
361 const unsigned char *
random,
size_t rlen,
362 unsigned char *dstbuf,
size_t dlen )
369 unsigned char sha1sum[20];
383 for(
i = 0;
i < dlen / 16;
i++ )
419#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
422 const unsigned char *
random,
size_t rlen,
423 unsigned char *dstbuf,
size_t dlen )
427 const unsigned char *
S1, *
S2;
428 unsigned char tmp[128];
429 unsigned char h_i[20];
439 hs = ( slen + 1 ) / 2;
461 for(
i = 0;
i < dlen;
i += 16 )
471 k = (
i + 16 > dlen ) ? dlen % 16 : 16;
473 for(
j = 0;
j <
k;
j++ )
474 dstbuf[
i +
j] = h_i[
j];
492 for(
i = 0;
i < dlen;
i += 20 )
502 k = (
i + 20 > dlen ) ? dlen % 20 : 20;
504 for(
j = 0;
j <
k;
j++ )
505 dstbuf[
i +
j] = (
unsigned char)( dstbuf[
i +
j] ^ h_i[
j] );
517#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
519 const unsigned char *
secret,
size_t slen,
521 const unsigned char *
random,
size_t rlen,
522 unsigned char *dstbuf,
size_t dlen )
525 size_t i,
j,
k, md_len;
526 unsigned char tmp[128];
539 if(
sizeof( tmp ) < md_len +
strlen(
label ) + rlen )
557 for(
i = 0;
i < dlen;
i += md_len )
567 k = (
i + md_len > dlen ) ? dlen % md_len : md_len;
569 for(
j = 0;
j <
k;
j++ )
570 dstbuf[
i +
j] = h_i[
j];
581#if defined(MBEDTLS_SHA256_C)
582static int tls_prf_sha256(
const unsigned char *
secret,
size_t slen,
584 const unsigned char *
random,
size_t rlen,
585 unsigned char *dstbuf,
size_t dlen )
592#if defined(MBEDTLS_SHA512_C)
593static int tls_prf_sha384(
const unsigned char *
secret,
size_t slen,
595 const unsigned char *
random,
size_t rlen,
596 unsigned char *dstbuf,
size_t dlen )
604static void ssl_update_checksum_start(
mbedtls_ssl_context *,
const unsigned char *,
size_t );
606#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
607 defined(MBEDTLS_SSL_PROTO_TLS1_1)
608static void ssl_update_checksum_md5sha1(
mbedtls_ssl_context *,
const unsigned char *,
size_t );
611#if defined(MBEDTLS_SSL_PROTO_SSL3)
616#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
621#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
622#if defined(MBEDTLS_SHA256_C)
623static void ssl_update_checksum_sha256(
mbedtls_ssl_context *,
const unsigned char *,
size_t );
628#if defined(MBEDTLS_SHA512_C)
629static void ssl_update_checksum_sha384(
mbedtls_ssl_context *,
const unsigned char *,
size_t );
638 unsigned char tmp[64];
639 unsigned char keyblk[256];
642 unsigned char *mac_enc;
643 unsigned char *mac_dec;
656 if( cipher_info ==
NULL )
664 if( md_info ==
NULL )
674#if defined(MBEDTLS_SSL_PROTO_SSL3)
683#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
692#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
693#if defined(MBEDTLS_SHA512_C)
697 handshake->
tls_prf = tls_prf_sha384;
698 handshake->
calc_verify = ssl_calc_verify_tls_sha384;
703#if defined(MBEDTLS_SHA256_C)
706 handshake->
tls_prf = tls_prf_sha256;
707 handshake->
calc_verify = ssl_calc_verify_tls_sha256;
728 if( handshake->
resume == 0 )
733#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
736 unsigned char session_hash[48];
743#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
746#if defined(MBEDTLS_SHA512_C)
763 "extended master secret",
764 session_hash, hash_len,
838 size_t taglen, explicit_ivlen;
854 taglen =
transform->ciphersuite_info->flags &
860 transform->minlen = explicit_ivlen + taglen;
876#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
886#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
909#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
923#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
929#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
951#if defined(MBEDTLS_SSL_CLI_C)
954 key1 = keyblk + mac_key_len * 2;
955 key2 = keyblk + mac_key_len * 2 +
transform->keylen;
958 mac_dec = keyblk + mac_key_len;
963 iv_copy_len = (
transform->fixed_ivlen ) ?
971#if defined(MBEDTLS_SSL_SRV_C)
975 key2 = keyblk + mac_key_len * 2;
977 mac_enc = keyblk + mac_key_len;
983 iv_copy_len = (
transform->fixed_ivlen ) ?
996#if defined(MBEDTLS_SSL_PROTO_SSL3)
999 if( mac_key_len >
sizeof transform->mac_enc )
1010#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
1011 defined(MBEDTLS_SSL_PROTO_TLS1_2)
1016 if( mac_key_len != 0 )
1029#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
1030 if( mbedtls_ssl_hw_record_init !=
NULL )
1034 if( (
ret = mbedtls_ssl_hw_record_init( ssl,
key1, key2,
transform->keylen,
1038 mac_key_len ) ) != 0 )
1046#if defined(MBEDTLS_SSL_EXPORT_KEYS)
1047 if( ssl->
conf->f_export_keys !=
NULL )
1049 ssl->
conf->f_export_keys( ssl->
conf->p_export_keys,
1057 cipher_info ) ) != 0 )
1064 cipher_info ) ) != 0 )
1086#if defined(MBEDTLS_CIPHER_MODE_CBC)
1107#if defined(MBEDTLS_ZLIB_SUPPORT)
1112 if( ssl->compress_buf ==
NULL )
1115 ssl->compress_buf =
mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
1116 if( ssl->compress_buf ==
NULL )
1119 MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
1144#if defined(MBEDTLS_SSL_PROTO_SSL3)
1149 unsigned char pad_1[48];
1150 unsigned char pad_2[48];
1160 memset( pad_1, 0x36, 48 );
1161 memset( pad_2, 0x5C, 48 );
1193#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
1220#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
1221#if defined(MBEDTLS_SHA256_C)
1242#if defined(MBEDTLS_SHA512_C)
1264#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1269 const unsigned char *psk = ssl->
conf->psk;
1270 size_t psk_len = ssl->
conf->psk_len;
1286#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1292 *(
p++) = (
unsigned char)( psk_len >> 8 );
1293 *(
p++) = (
unsigned char)( psk_len );
1295 if(
end <
p || (
size_t)(
end -
p ) < psk_len )
1303#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1319#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1333 *(
p++) = (
unsigned char)(
len >> 8 );
1334 *(
p++) = (
unsigned char)(
len );
1341#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1348 p + 2,
end - (
p + 2 ),
1355 *(
p++) = (
unsigned char)( zlen >> 8 );
1356 *(
p++) = (
unsigned char)( zlen );
1373 *(
p++) = (
unsigned char)( psk_len >> 8 );
1374 *(
p++) = (
unsigned char)( psk_len );
1376 if(
end <
p || (
size_t)(
end -
p ) < psk_len )
1388#if defined(MBEDTLS_SSL_PROTO_SSL3)
1392#define SSL_MAC_MAX_BYTES 20
1394 const unsigned char *
secret,
1395 const unsigned char *
buf,
size_t len,
1396 const unsigned char *ctr,
int type,
1397 unsigned char out[SSL_MAC_MAX_BYTES] )
1399 unsigned char header[11];
1433#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
1434 defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
1435#define SSL_SOME_MODES_USE_MAC
1462#if defined(SSL_SOME_MODES_USE_MAC)
1470#if defined(MBEDTLS_SSL_PROTO_SSL3)
1473 unsigned char mac[SSL_MAC_MAX_BYTES];
1485#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
1486 defined(MBEDTLS_SSL_PROTO_TLS1_2)
1520#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
1527 "including %d bytes of padding",
1534 ssl->
out_msg, &olen ) ) != 0 )
1548#if defined(MBEDTLS_GCM_C) || \
1549 defined(MBEDTLS_CCM_C) || \
1550 defined(MBEDTLS_CHACHAPOLY_C)
1556 size_t enc_msglen, olen;
1557 unsigned char *enc_msg;
1559 unsigned char iv[12];
1595 for(
i = 0;
i < 8;
i++ )
1608 ssl->
out_iv, explicit_ivlen );
1618 "including 0 bytes of padding",
1627 enc_msg, enc_msglen,
1629 enc_msg + enc_msglen, taglen ) ) != 0 )
1635 if( olen != enc_msglen )
1648#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
1652 unsigned char *enc_msg;
1653 size_t enc_msglen, padlen, olen = 0,
i;
1660 for(
i = 0;
i <= padlen;
i++ )
1668#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
1696 "including %d bytes of IV and %d bytes of padding",
1703 enc_msg, enc_msglen,
1704 enc_msg, &olen ) ) != 0 )
1710 if( enc_msglen != olen )
1716#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
1728#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1729 if( auth_done == 0 )
1741 unsigned char pseudo_hdr[13];
1747 pseudo_hdr[11] = (
unsigned char)( ( ssl->
out_msglen >> 8 ) & 0xFF );
1774 if( auth_done != 1 )
1785#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
1795static void mbedtls_ssl_cf_memcpy_if_eq(
unsigned char *
dst,
1796 const unsigned char *
src,
1798 size_t c1,
size_t c2 )
1801 const size_t diff = c1 ^ c2;
1805#if defined(_MSC_VER)
1806#pragma warning( push )
1807#pragma warning( disable : 4146 )
1811 const size_t diff_msb = ( diff | -diff );
1814 const size_t diff1 = diff_msb >> (
sizeof( diff_msb ) * 8 - 1 );
1817 const unsigned char mask = (
unsigned char) -diff1;
1819#if defined(_MSC_VER)
1820#pragma warning( pop )
1825 for(
i = 0;
i <
len;
i++ )
1837 const unsigned char *
add_data,
size_t add_data_len,
1838 const unsigned char *
data,
size_t data_len_secret,
1839 size_t min_data_len,
size_t max_data_len,
1840 unsigned char *output )
1860 const unsigned char *
const ikey =
ctx->hmac_ctx;
1861 const unsigned char *
const okey = ikey +
block_size;
1871#define MD_CHK( func_call ) \
1873 ret = (func_call); \
1891 mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size,
1892 offset, data_len_secret );
1894 if(
offset < max_data_len )
1923 const unsigned char *src_base,
1924 size_t offset_secret,
1925 size_t offset_min,
size_t offset_max,
1932 mbedtls_ssl_cf_memcpy_if_eq(
dst, src_base +
offset,
len,
1942#if defined(SSL_SOME_MODES_USE_MAC)
1943 size_t padlen = 0, correct = 1;
1963#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
1975 ssl->
in_msg, &olen ) ) != 0 )
1989#if defined(MBEDTLS_GCM_C) || \
1990 defined(MBEDTLS_CCM_C) || \
1991 defined(MBEDTLS_CHACHAPOLY_C)
1997 size_t dec_msglen, olen;
1998 unsigned char *dec_msg;
1999 unsigned char *dec_msg_result;
2001 unsigned char iv[12];
2010 if( ssl->
in_msglen < explicit_iv_len + taglen )
2014 explicit_iv_len, taglen ) );
2017 dec_msglen = ssl->
in_msglen - explicit_iv_len - taglen;
2020 dec_msg_result = ssl->
in_msg;
2052 for(
i = 0;
i < 8;
i++ )
2071 dec_msg, dec_msglen,
2072 dec_msg_result, &olen,
2073 dec_msg + dec_msglen, taglen ) ) != 0 )
2084 if( olen != dec_msglen )
2092#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
2099 unsigned char *dec_msg;
2100 unsigned char *dec_msg_result;
2108#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
2125 dec_msg_result = ssl->
in_msg;
2130#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2134 unsigned char pseudo_hdr[13];
2143 pseudo_hdr[11] = (
unsigned char)( ( ssl->
in_msglen >> 8 ) & 0xFF );
2144 pseudo_hdr[12] = (
unsigned char)( ( ssl->
in_msglen ) & 0xFF );
2180#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
2198 dec_msg, dec_msglen,
2199 dec_msg_result, &olen ) ) != 0 )
2205 if( dec_msglen != olen )
2211#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
2228#if defined(MBEDTLS_SSL_DEBUG_ALL)
2236#if defined(MBEDTLS_SSL_PROTO_SSL3)
2241#if defined(MBEDTLS_SSL_DEBUG_ALL)
2243 "should be no more than %d",
2251#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
2252 defined(MBEDTLS_SSL_PROTO_TLS1_2)
2259 size_t pad_count = 0, real_count = 1;
2260 size_t padding_idx = ssl->
in_msglen - padlen;
2273 correct &= ( padlen <= ssl->
in_msglen );
2277 padding_idx *= correct;
2279 for(
i = 0;
i < 256;
i++ )
2281 real_count &= (
i < padlen );
2282 pad_count += real_count *
2283 ( ssl->
in_msg[padding_idx +
i] == padlen - 1 );
2286 correct &= ( pad_count == padlen );
2288#if defined(MBEDTLS_SSL_DEBUG_ALL)
2289 if( padlen > 0 && correct == 0 )
2292 padlen &= correct * 0x1FF;
2311#if defined(MBEDTLS_SSL_DEBUG_ALL)
2320#if defined(SSL_SOME_MODES_USE_MAC)
2321 if( auth_done == 0 )
2331#if defined(MBEDTLS_SSL_PROTO_SSL3)
2344#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
2345 defined(MBEDTLS_SSL_PROTO_TLS1_2)
2361 const size_t max_len = ssl->
in_msglen + padlen;
2362 const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
2392#if defined(MBEDTLS_SSL_DEBUG_ALL)
2400#if defined(MBEDTLS_SSL_DEBUG_ALL)
2416 if( auth_done != 1 )
2424#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
2443 "messages, possible DoS attack" ) );
2450#if defined(MBEDTLS_SSL_PROTO_DTLS)
2459 for(
i = 8;
i > ssl_ep_len( ssl );
i-- )
2460 if( ++ssl->
in_ctr[
i - 1] != 0 )
2464 if(
i == ssl_ep_len( ssl ) )
2478#undef MAC_CIPHERTEXT
2480#if defined(MBEDTLS_ZLIB_SUPPORT)
2487 unsigned char *msg_post = ssl->
out_msg;
2490 unsigned char *msg_pre = ssl->compress_buf;
2534 unsigned char *msg_post = ssl->
in_msg;
2537 unsigned char *msg_pre = ssl->compress_buf;
2566 ssl->
transform_in->ctx_inflate.avail_out - header_bytes;
2580#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
2583#if defined(MBEDTLS_SSL_PROTO_DTLS)
2590 uint32_t ratio = ssl->
conf->hs_timeout_max / ssl->
conf->hs_timeout_min + 1;
2591 unsigned char doublings = 1;
2606 return( ssl_write_hello_request( ssl ) );
2636 "or mbedtls_ssl_set_bio()" ) );
2646#if defined(MBEDTLS_SSL_PROTO_DTLS)
2655 "mbedtls_ssl_set_timer_cb() for DTLS" ) );
2669 if( ssl->next_record_offset != 0 )
2671 if( ssl->
in_left < ssl->next_record_offset )
2677 ssl->
in_left -= ssl->next_record_offset;
2682 ssl->next_record_offset ) );
2684 ssl->
in_hdr + ssl->next_record_offset,
2688 ssl->next_record_offset = 0;
2697 if( nb_want <= ssl->in_left)
2719 if( ssl_check_timer( ssl ) != 0 )
2750 ssl_set_timer( ssl, 0 );
2754 if( ssl_double_retransmit_timeout( ssl ) != 0 )
2760 if( (
ret = mbedtls_ssl_resend( ssl ) ) != 0 )
2768#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
2772 if( (
ret = ssl_resend_hello_request( ssl ) ) != 0 )
2794 while( ssl->
in_left < nb_want )
2798 if( ssl_check_timer( ssl ) != 0 )
2828 (
"f_recv returned %d bytes but only %lu were requested",
2829 ret, (
unsigned long)
len ) );
2855 "or mbedtls_ssl_set_bio()" ) );
2882 (
"f_send returned %d bytes but only %lu bytes were sent",
2890#if defined(MBEDTLS_SSL_PROTO_DTLS)
2910#if defined(MBEDTLS_SSL_PROTO_DTLS)
2916 mbedtls_ssl_flight_item *
msg;
2925 sizeof( mbedtls_ssl_flight_item ) ) );
2960static void ssl_flight_free( mbedtls_ssl_flight_item *flight )
2962 mbedtls_ssl_flight_item *
cur = flight;
2963 mbedtls_ssl_flight_item *
next;
2976#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2986 unsigned char tmp_out_ctr[8];
2987#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
3002 ssl->
handshake->alt_transform_out = tmp_transform;
3012#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
3013 if( mbedtls_ssl_hw_record_activate !=
NULL )
3015 if( (
ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
3035 ret = mbedtls_ssl_flight_transmit( ssl );
3060 if( (
ret = ssl_swap_epochs( ssl ) ) != 0 )
3068 size_t max_frag_len;
3069 const mbedtls_ssl_flight_item *
const cur = ssl->
handshake->cur_msg;
3071 int const is_finished =
3075 uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
3076 SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
3081 if( is_finished && ssl->
handshake->cur_msg_p == (
cur->p + 12 ) )
3084 if( (
ret = ssl_swap_epochs( ssl ) ) != 0 )
3088 ret = ssl_get_remaining_payload_in_datagram( ssl );
3096 if( max_frag_len == 0 )
3113 const unsigned char *
const p = ssl->
handshake->cur_msg_p;
3114 const size_t hs_len =
cur->len - 12;
3115 const size_t frag_off =
p - (
cur->p + 12 );
3116 const size_t rem_len = hs_len - frag_off;
3117 size_t cur_hs_frag_len, max_hs_frag_len;
3119 if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
3123 if( (
ret = ssl_swap_epochs( ssl ) ) != 0 )
3132 max_hs_frag_len = max_frag_len - 12;
3134 cur_hs_frag_len = rem_len > max_hs_frag_len ?
3135 max_hs_frag_len : rem_len;
3137 if( frag_off == 0 && cur_hs_frag_len != hs_len )
3140 (
unsigned) cur_hs_frag_len,
3141 (
unsigned) max_hs_frag_len ) );
3149 ssl->
out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
3150 ssl->
out_msg[7] = ( ( frag_off >> 8 ) & 0xff );
3151 ssl->
out_msg[8] = ( ( frag_off ) & 0xff );
3153 ssl->
out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
3154 ssl->
out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff );
3155 ssl->
out_msg[11] = ( ( cur_hs_frag_len ) & 0xff );
3165 ssl->
handshake->cur_msg_p += cur_hs_frag_len;
3200 ssl_set_timer( ssl, ssl->
handshake->retransmit_timeout );
3214 ssl_flight_free( ssl->
handshake->flight );
3225 ssl_buffering_free( ssl );
3228 ssl_set_timer( ssl, 0 );
3244 ssl_reset_retransmit_timeout( ssl );
3245 ssl_set_timer( ssl, ssl->
handshake->retransmit_timeout );
3287 const unsigned char hs_type = ssl->
out_msg[0];
3298#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
3319#if defined(MBEDTLS_SSL_PROTO_DTLS)
3340 "size %u, maximum %u",
3351 ssl->
out_msg[1] = (
unsigned char)( hs_len >> 16 );
3362#if defined(MBEDTLS_SSL_PROTO_DTLS)
3369 "size %u, maximum %u",
3370 (
unsigned) ( hs_len ),
3404#if defined(MBEDTLS_SSL_PROTO_DTLS)
3409 if( (
ret = ssl_flight_append( ssl ) ) != 0 )
3450#if defined(MBEDTLS_ZLIB_SUPPORT)
3454 if( (
ret = ssl_compress_buf( ssl ) ) != 0 )
3464#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
3465 if( mbedtls_ssl_hw_record_write !=
NULL )
3469 ret = mbedtls_ssl_hw_record_write( ssl );
3483 size_t protected_record_size;
3495 if( (
ret = ssl_encrypt_buf( ssl ) ) != 0 )
3508#if defined(MBEDTLS_SSL_PROTO_DTLS)
3513 ret = ssl_get_remaining_space_in_datagram( ssl );
3517 if( protected_record_size > (
size_t)
ret )
3526 "version = [%d:%d], msglen = %d",
3531 ssl->
out_hdr, protected_record_size );
3533 ssl->
out_left += protected_record_size;
3534 ssl->
out_hdr += protected_record_size;
3537 for(
i = 8;
i > ssl_ep_len( ssl );
i-- )
3542 if(
i == ssl_ep_len( ssl ) )
3549#if defined(MBEDTLS_SSL_PROTO_DTLS)
3551 flush == SSL_DONT_FORCE_FLUSH )
3554 ret = ssl_get_remaining_payload_in_datagram( ssl );
3563 if( remaining == 0 )
3565 flush = SSL_FORCE_FLUSH;
3569 MBEDTLS_SSL_DEBUG_MSG( 2, (
"Still %u bytes available in current datagram", (
unsigned) remaining ) );
3574 if( ( flush == SSL_FORCE_FLUSH ) &&
3586#if defined(MBEDTLS_SSL_PROTO_DTLS)
3601 return( ( ssl->
in_msg[9] << 16 ) |
3602 ( ssl->
in_msg[10] << 8 ) |
3608 return( ( ssl->
in_msg[6] << 16 ) |
3609 ( ssl->
in_msg[7] << 8 ) |
3615 uint32_t msg_len, frag_off, frag_len;
3617 msg_len = ssl_get_hs_total_len( ssl );
3618 frag_off = ssl_get_hs_frag_off( ssl );
3619 frag_len = ssl_get_hs_frag_len( ssl );
3621 if( frag_off > msg_len )
3624 if( frag_len > msg_len - frag_off )
3636static void ssl_bitmask_set(
unsigned char *
mask,
size_t offset,
size_t len )
3638 unsigned int start_bits, end_bits;
3640 start_bits = 8 - (
offset % 8 );
3641 if( start_bits != 8 )
3643 size_t first_byte_idx =
offset / 8;
3646 if(
len <= start_bits )
3649 mask[first_byte_idx] |= 1 << ( start_bits -
len );
3658 for( ; start_bits != 0; start_bits-- )
3659 mask[first_byte_idx] |= 1 << ( start_bits - 1 );
3665 size_t last_byte_idx = (
offset +
len ) / 8;
3669 for( ; end_bits != 0; end_bits-- )
3670 mask[last_byte_idx] |= 1 << ( 8 - end_bits );
3679static int ssl_bitmask_check(
unsigned char *
mask,
size_t len )
3683 for(
i = 0;
i <
len / 8;
i++ )
3684 if(
mask[
i] != 0xFF )
3687 for(
i = 0;
i <
len % 8;
i++ )
3688 if( (
mask[
len / 8] & ( 1 << ( 7 -
i ) ) ) == 0 )
3695static size_t ssl_get_reassembly_buffer_size(
size_t msg_len,
3696 unsigned add_bitmap )
3701 alloc_len += msg_len;
3704 alloc_len += msg_len / 8 + ( msg_len % 8 != 0 );
3706 return( alloc_len );
3713 return( ( ssl->
in_msg[1] << 16 ) |
3714 ( ssl->
in_msg[2] << 8 ) |
3730 " %d, type = %d, hslen = %d",
3733#if defined(MBEDTLS_SSL_PROTO_DTLS)
3737 unsigned int recv_msg_seq = ( ssl->
in_msg[4] << 8 ) | ssl->
in_msg[5];
3739 if( ssl_check_hs_header( ssl ) != 0 )
3747 recv_msg_seq != ssl->
handshake->in_msg_seq ) ||
3751 if( recv_msg_seq > ssl->
handshake->in_msg_seq )
3762 if( recv_msg_seq == ssl->
handshake->in_flight_start_seq - 1 &&
3766 "message_seq = %d, start_of_flight = %d",
3768 ssl->
handshake->in_flight_start_seq ) );
3770 if( (
ret = mbedtls_ssl_resend( ssl ) ) != 0 )
3779 "message_seq = %d, expected = %d",
3792 if( ssl_hs_is_proper_fragment( ssl ) == 1 )
3820#if defined(MBEDTLS_SSL_PROTO_DTLS)
3835 ssl_buffering_free_slot( ssl, 0 );
3838 for(
offset = 0, hs_buf = &hs->buffering.hs[0];
3842 *hs_buf = *(hs_buf + 1);
3861#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
3864 ssl->in_window_top = 0;
3868static inline uint64_t ssl_load_six_bytes(
unsigned char *
buf )
3889 if( rec_seqnum > ssl->in_window_top )
3892 bit = ssl->in_window_top - rec_seqnum;
3897 if( ( ssl->in_window & ( (
uint64_t) 1 << bit ) ) != 0 )
3913 if( rec_seqnum > ssl->in_window_top )
3922 ssl->in_window <<=
shift;
3923 ssl->in_window |= 1;
3926 ssl->in_window_top = rec_seqnum;
3931 uint64_t bit = ssl->in_window_top - rec_seqnum;
3934 ssl->in_window |= (
uint64_t) 1 << bit;
3939#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
3954static int ssl_check_dtls_clihlo_cookie(
3958 const unsigned char *cli_id,
size_t cli_id_len,
3959 const unsigned char *
in,
size_t in_len,
3960 unsigned char *
obuf,
size_t buf_len,
size_t *olen )
3962 size_t sid_len, cookie_len;
3965 if( f_cookie_write ==
NULL || f_cookie_check ==
NULL )
3996 in[3] != 0 ||
in[4] != 0 ||
3997 in[19] != 0 ||
in[20] != 0 ||
in[21] != 0 )
4003 if( sid_len > in_len - 61 )
4006 cookie_len =
in[60 + sid_len];
4007 if( cookie_len > in_len - 60 )
4010 if( f_cookie_check( p_cookie,
in + sid_len + 61, cookie_len,
4011 cli_id, cli_id_len ) == 0 )
4048 if( f_cookie_write( p_cookie,
4049 &
p,
obuf + buf_len, cli_id, cli_id_len ) != 0 )
4057 obuf[27] = (
unsigned char)( *olen - 28 );
4059 obuf[14] =
obuf[22] = (
unsigned char)( ( *olen - 25 ) >> 16 );
4060 obuf[15] =
obuf[23] = (
unsigned char)( ( *olen - 25 ) >> 8 );
4061 obuf[16] =
obuf[24] = (
unsigned char)( ( *olen - 25 ) );
4063 obuf[11] = (
unsigned char)( ( *olen - 13 ) >> 8 );
4064 obuf[12] = (
unsigned char)( ( *olen - 13 ) );
4093 ret = ssl_check_dtls_clihlo_cookie(
4094 ssl->
conf->f_cookie_write,
4095 ssl->
conf->f_cookie_check,
4096 ssl->
conf->p_cookie,
4097 ssl->cli_id, ssl->cli_id_len,
4122 if( (
ret = ssl_session_reset_int( ssl, 1 ) ) != 0 )
4156 int major_ver, minor_ver;
4165 "version = [%d:%d], msglen = %d",
4167 major_ver, minor_ver, ssl->
in_msglen ) );
4177#if defined(MBEDTLS_SSL_PROTO_DTLS)
4221#if defined(MBEDTLS_SSL_PROTO_DTLS)
4224 unsigned int rec_epoch = ( ssl->
in_ctr[0] << 8 ) | ssl->
in_ctr[1];
4227 if( rec_epoch != ssl->in_epoch )
4230 "expected %d, received %d",
4231 ssl->in_epoch, rec_epoch ) );
4233#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
4248 "from the same port" ) );
4249 return( ssl_handle_possible_reconnect( ssl ) );
4255 if( rec_epoch == (
unsigned int) ssl->in_epoch + 1 )
4265#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
4267 if( rec_epoch == ssl->in_epoch &&
4268 mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
4310#if defined(MBEDTLS_SSL_PROTO_SSL3)
4318#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
4319 defined(MBEDTLS_SSL_PROTO_TLS1_2)
4346#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
4347 if( mbedtls_ssl_hw_record_read !=
NULL )
4351 ret = mbedtls_ssl_hw_record_read( ssl );
4364 if( (
ret = ssl_decrypt_buf( ssl ) ) != 0 )
4380#if defined(MBEDTLS_ZLIB_SUPPORT)
4384 if( (
ret = ssl_decompress_buf( ssl ) ) != 0 )
4392#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
4395 mbedtls_ssl_dtls_replay_update( ssl );
4418 unsigned update_hs_digest )
4428 ret = ssl_consume_current_message( ssl );
4432 if( ssl_record_is_in_progress( ssl ) == 0 )
4434#if defined(MBEDTLS_SSL_PROTO_DTLS)
4435 int have_buffered = 0;
4440 ssl_next_record_is_in_datagram( ssl ) == 0 )
4442 if( ssl_load_buffered_message( ssl ) == 0 )
4446 if( have_buffered == 0 )
4449 ret = ssl_get_next_record( ssl );
4463#if defined(MBEDTLS_SSL_PROTO_DTLS)
4467 ret = ssl_buffer_message( ssl );
4485 update_hs_digest == 1 )
4501#if defined(MBEDTLS_SSL_PROTO_DTLS)
4504 if( ssl->
in_left > ssl->next_record_offset )
4526 if( !hs->buffering.seen_ccs )
4540 ssl->next_record_offset = 0;
4542 hs->buffering.seen_ccs = 0;
4546#if defined(MBEDTLS_DEBUG_C)
4552 hs_buf = &hs->buffering.hs[
offset];
4553 if( hs_buf->is_valid == 1 )
4557 hs_buf->is_complete ?
"fully" :
"partially" ) );
4565 hs_buf = &hs->buffering.hs[0];
4566 if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
4569 size_t msg_len = ( hs_buf->data[1] << 16 ) |
4570 ( hs_buf->data[2] << 8 ) |
4583 hs_buf->data, msg_len + 12 );
4616 ssl_free_buffered_record( ssl );
4620 hs->buffering.total_bytes_buffered ) )
4632 MBEDTLS_SSL_DEBUG_MSG( 2, (
"Free buffering slot %d to make space for reassembly of next handshake message",
4639 hs->buffering.total_bytes_buffered ) )
4664 hs->buffering.seen_ccs = 1;
4669 unsigned recv_msg_seq_offset;
4670 unsigned recv_msg_seq = ( ssl->
in_msg[4] << 8 ) | ssl->
in_msg[5];
4672 size_t msg_len = ssl->
in_hslen - 12;
4676 if( recv_msg_seq < ssl->handshake->in_msg_seq )
4682 recv_msg_seq_offset = recv_msg_seq - ssl->
handshake->in_msg_seq;
4687 (
"Ignore future HS message with sequence number %u, "
4688 "buffering window %u - %u",
4689 recv_msg_seq, ssl->
handshake->in_msg_seq,
4696 recv_msg_seq, recv_msg_seq_offset ) );
4698 hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
4701 if( !hs_buf->is_valid )
4703 size_t reassembly_buf_sz;
4705 hs_buf->is_fragmented =
4706 ( ssl_hs_is_proper_fragment( ssl ) == 1 );
4720 if( hs->buffering.total_bytes_buffered >
4727 reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
4728 hs_buf->is_fragmented );
4731 hs->buffering.total_bytes_buffered ) )
4733 if( recv_msg_seq_offset > 0 )
4737 MBEDTLS_SSL_DEBUG_MSG( 2, (
"Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
4739 (
unsigned) hs->buffering.total_bytes_buffered ) );
4744 MBEDTLS_SSL_DEBUG_MSG( 2, (
"Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
4746 (
unsigned) hs->buffering.total_bytes_buffered ) );
4749 if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
4751 MBEDTLS_SSL_DEBUG_MSG( 2, (
"Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
4753 (
unsigned) reassembly_buf_sz,
4755 (
unsigned) hs->buffering.total_bytes_buffered ) );
4765 if( hs_buf->data ==
NULL )
4770 hs_buf->data_len = reassembly_buf_sz;
4775 memset( hs_buf->data + 6, 0, 3 );
4776 memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
4778 hs_buf->is_valid = 1;
4780 hs->buffering.total_bytes_buffered += reassembly_buf_sz;
4793 if( !hs_buf->is_complete )
4795 size_t frag_len, frag_off;
4796 unsigned char *
const msg = hs_buf->data + 12;
4804 frag_off = ssl_get_hs_frag_off( ssl );
4805 frag_len = ssl_get_hs_frag_len( ssl );
4808 frag_off, frag_len ) );
4811 if( hs_buf->is_fragmented )
4813 unsigned char *
const bitmask =
msg + msg_len;
4814 ssl_bitmask_set( bitmask, frag_off, frag_len );
4815 hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
4820 hs_buf->is_complete = 1;
4824 hs_buf->is_complete ?
"" :
"not yet " ) );
4937#if defined(MBEDTLS_SSL_PROTO_DTLS)
4945 if( hs->buffering.future_record.data !=
NULL )
4947 hs->buffering.total_bytes_buffered -=
4948 hs->buffering.future_record.len;
4951 hs->buffering.future_record.data =
NULL;
4958 unsigned char * rec;
4968 rec = hs->buffering.future_record.data;
4969 rec_len = hs->buffering.future_record.len;
4970 rec_epoch = hs->buffering.future_record.epoch;
4977 if( ssl_next_record_is_in_datagram( ssl ) == 1 )
4982 if( rec_epoch != ssl->in_epoch )
5000 ssl->next_record_offset = 0;
5002 ssl_free_buffered_record( ssl );
5012 size_t const rec_hdr_len = 13;
5013 size_t const total_buf_sz = rec_hdr_len + ssl->
in_msglen;
5025 if( hs->buffering.future_record.data !=
NULL )
5030 hs->buffering.total_bytes_buffered ) )
5032 MBEDTLS_SSL_DEBUG_MSG( 2, (
"Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
5034 (
unsigned) hs->buffering.total_bytes_buffered ) );
5040 ssl->in_epoch + 1 ) );
5046 hs->buffering.future_record.epoch = ssl->in_epoch + 1;
5047 hs->buffering.future_record.len = total_buf_sz;
5049 hs->buffering.future_record.data =
5051 if( hs->buffering.future_record.data ==
NULL )
5058 memcpy( hs->buffering.future_record.data, ssl->
in_hdr, total_buf_sz );
5060 hs->buffering.total_bytes_buffered += total_buf_sz;
5070#if defined(MBEDTLS_SSL_PROTO_DTLS)
5077 ret = ssl_load_buffered_record( ssl );
5088 if( (
ret = ssl_parse_record_header( ssl ) ) != 0 )
5090#if defined(MBEDTLS_SSL_PROTO_DTLS)
5096 ret = ssl_buffer_future_record( ssl );
5107 ssl->next_record_offset = ssl->
in_msglen
5116 ssl->next_record_offset = 0;
5141#if defined(MBEDTLS_SSL_PROTO_DTLS)
5145 if( ssl->next_record_offset < ssl->
in_left )
5154 if( (
ret = ssl_prepare_record_content( ssl ) ) != 0 )
5156#if defined(MBEDTLS_SSL_PROTO_DTLS)
5169#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
5180#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
5181 if( ssl->
conf->badmac_limit != 0 &&
5182 ++ssl->badmac_seen >= ssl->
conf->badmac_limit )
5192 ssl->next_record_offset = 0;
5205#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
5244 if( ssl->
in_msg[0] != 1 )
5251#if defined(MBEDTLS_SSL_PROTO_DTLS)
5300#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
5310#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
5326#if defined(MBEDTLS_SSL_PROTO_DTLS)
5331 ssl_handshake_wrapup_free_hs_transform( ssl );
5353 unsigned char level,
5382#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
5383 !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
5384 !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
5385 !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
5386 !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
5387 !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
5388 !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
5452#if defined(MBEDTLS_SSL_CLI_C)
5462#if defined(MBEDTLS_SSL_PROTO_SSL3)
5481#if defined(MBEDTLS_SSL_SRV_C)
5506 while( crt !=
NULL )
5532#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
5559#if defined(MBEDTLS_SSL_SRV_C)
5560#if defined(MBEDTLS_SSL_PROTO_SSL3)
5583#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
5584 defined(MBEDTLS_SSL_PROTO_TLS1_2)
5660 while( i < ssl->in_hslen )
5680 if( n < 128 || i + n > ssl->
in_hslen )
5700 goto crt_parse_der_failed;
5704 goto crt_parse_der_failed;
5708 crt_parse_der_failed:
5723#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
5757#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
5764 void *rs_ctx =
NULL;
5778#if defined(MBEDTLS_SSL_SRV_C)
5798#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
5800 ssl->
handshake->ecrs_state == ssl_ecrs_crt_verify )
5814 if( (
ret = ssl_parse_certificate_chain( ssl ) ) != 0 )
5816#if defined(MBEDTLS_SSL_SRV_C)
5828#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
5830 ssl->
handshake->ecrs_state = ssl_ecrs_crt_verify;
5842#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
5871#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
5880#if defined(MBEDTLS_ECP_C)
5959#if defined(MBEDTLS_DEBUG_C)
6040#if defined(MBEDTLS_SSL_PROTO_DTLS)
6043#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
6044 ssl_dtls_replay_reset( ssl );
6048 if( ++ssl->in_epoch == 0 )
6062#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
6063 if( mbedtls_ssl_hw_record_activate !=
NULL )
6065 if( (
ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
6085 ((
void) ciphersuite_info);
6087#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
6088 defined(MBEDTLS_SSL_PROTO_TLS1_1)
6093#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
6094#if defined(MBEDTLS_SHA512_C)
6099#if defined(MBEDTLS_SHA256_C)
6113#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
6114 defined(MBEDTLS_SSL_PROTO_TLS1_1)
6118#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
6119#if defined(MBEDTLS_SHA256_C)
6122#if defined(MBEDTLS_SHA512_C)
6129 const unsigned char *
buf,
size_t len )
6131#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
6132 defined(MBEDTLS_SSL_PROTO_TLS1_1)
6136#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
6137#if defined(MBEDTLS_SHA256_C)
6140#if defined(MBEDTLS_SHA512_C)
6146#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
6147 defined(MBEDTLS_SSL_PROTO_TLS1_1)
6149 const unsigned char *
buf,
size_t len )
6156#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
6157#if defined(MBEDTLS_SHA256_C)
6159 const unsigned char *
buf,
size_t len )
6165#if defined(MBEDTLS_SHA512_C)
6167 const unsigned char *
buf,
size_t len )
6174#if defined(MBEDTLS_SSL_PROTO_SSL3)
6175static void ssl_calc_finished_ssl(
6182 unsigned char padbuf[48];
6183 unsigned char md5sum[16];
6184 unsigned char sha1sum[20];
6207#if !defined(MBEDTLS_MD5_ALT)
6209 md5.state,
sizeof(
md5.state ) );
6212#if !defined(MBEDTLS_SHA1_ALT)
6214 sha1.state,
sizeof(
sha1.state ) );
6220 memset( padbuf, 0x36, 48 );
6232 memset( padbuf, 0x5C, 48 );
6259#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
6260static void ssl_calc_finished_tls(
6267 unsigned char padbuf[36];
6287#if !defined(MBEDTLS_MD5_ALT)
6289 md5.state,
sizeof(
md5.state ) );
6292#if !defined(MBEDTLS_SHA1_ALT)
6294 sha1.state,
sizeof(
sha1.state ) );
6299 :
"server finished";
6318#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
6319#if defined(MBEDTLS_SHA256_C)
6320static void ssl_calc_finished_tls_sha256(
6326 unsigned char padbuf[32];
6344#if !defined(MBEDTLS_SHA256_ALT)
6351 :
"server finished";
6368#if defined(MBEDTLS_SHA512_C)
6370static void ssl_calc_finished_tls_sha384(
6376 unsigned char padbuf[48];
6394#if !defined(MBEDTLS_SHA512_ALT)
6401 :
"server finished";
6407#if defined(__GNUC__) && __GNUC__ >= 11
6408#pragma GCC diagnostic push
6409#pragma GCC diagnostic ignored "-Wstringop-overflow"
6412#if defined(__GNUC__) && __GNUC__ >= 11
6413#pragma GCC diagnostic pop
6461#if defined(MBEDTLS_SSL_RENEGOTIATION)
6474#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
6497#if defined(MBEDTLS_SSL_PROTO_DTLS)
6502 ssl_set_timer( ssl, 0 );
6510 ssl_handshake_wrapup_free_hs_transform( ssl );
6535#if defined(MBEDTLS_SSL_RENEGOTIATION)
6550#if defined(MBEDTLS_SSL_CLI_C)
6554#if defined(MBEDTLS_SSL_SRV_C)
6568#if defined(MBEDTLS_SSL_PROTO_DTLS)
6581 for(
i = 2;
i > 0;
i-- )
6599#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
6600 if( mbedtls_ssl_hw_record_activate !=
NULL )
6602 if( (
ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
6610#if defined(MBEDTLS_SSL_PROTO_DTLS)
6612 mbedtls_ssl_send_flight_completed( ssl );
6621#if defined(MBEDTLS_SSL_PROTO_DTLS)
6623 (
ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
6635#if defined(MBEDTLS_SSL_PROTO_SSL3)
6636#define SSL_MAX_HASH_LEN 36
6638#define SSL_MAX_HASH_LEN 12
6644 unsigned int hash_len;
6645 unsigned char buf[SSL_MAX_HASH_LEN];
6666#if defined(MBEDTLS_SSL_PROTO_SSL3)
6683 buf, hash_len ) != 0 )
6691#if defined(MBEDTLS_SSL_RENEGOTIATION)
6698#if defined(MBEDTLS_SSL_CLI_C)
6702#if defined(MBEDTLS_SSL_SRV_C)
6710#if defined(MBEDTLS_SSL_PROTO_DTLS)
6712 mbedtls_ssl_recv_flight_completed( ssl );
6724#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
6725 defined(MBEDTLS_SSL_PROTO_TLS1_1)
6731#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
6732#if defined(MBEDTLS_SHA256_C)
6736#if defined(MBEDTLS_SHA512_C)
6744#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
6745 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
6749#if defined(MBEDTLS_DHM_C)
6752#if defined(MBEDTLS_ECDH_C)
6755#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
6757#if defined(MBEDTLS_SSL_CLI_C)
6758 handshake->ecjpake_cache =
NULL;
6759 handshake->ecjpake_cache_len = 0;
6763#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
6764 mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
6767#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
6838 ssl_handshake_params_init( ssl->
handshake );
6840#if defined(MBEDTLS_SSL_PROTO_DTLS)
6850 ssl_set_timer( ssl, 0 );
6857#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
6859static int ssl_cookie_write_dummy(
void *
ctx,
6860 unsigned char **
p,
unsigned char *
end,
6861 const unsigned char *cli_id,
size_t cli_id_len )
6867 ((
void) cli_id_len);
6872static int ssl_cookie_check_dummy(
void *
ctx,
6873 const unsigned char *
cookie,
size_t cookie_len,
6874 const unsigned char *cli_id,
size_t cli_id_len )
6878 ((
void) cookie_len);
6880 ((
void) cli_id_len);
6897#if defined(MBEDTLS_SSL_PROTO_DTLS)
6933#if defined(MBEDTLS_SSL_PROTO_DTLS)
6973#if defined(MBEDTLS_SSL_PROTO_DTLS)
6987 ssl_update_out_pointers( ssl,
NULL );
6988 ssl_update_in_pointers ( ssl,
NULL );
7021 ssl_reset_in_out_pointers( ssl );
7023 if( (
ret = ssl_handshake_init( ssl ) ) != 0 )
7063#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \
7064 !defined(MBEDTLS_SSL_SRV_C)
7071 ssl_set_timer( ssl, 0 );
7073#if defined(MBEDTLS_SSL_RENEGOTIATION)
7084 ssl_reset_in_out_pointers( ssl );
7088#if defined(MBEDTLS_SSL_PROTO_DTLS)
7089 ssl->next_record_offset = 0;
7092#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
7093 ssl_dtls_replay_reset( ssl );
7104#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
7119#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
7127#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
7128 if( mbedtls_ssl_hw_record_reset !=
NULL )
7131 if( (
ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 )
7153#if defined(MBEDTLS_SSL_ALPN)
7157#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
7158#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
7164 ssl->cli_id_len = 0;
7168 if( (
ret = ssl_handshake_init( ssl ) ) != 0 )
7180 return( ssl_session_reset_int( ssl, 0 ) );
7196#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
7199 conf->anti_replay =
mode;
7203#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
7206 conf->badmac_limit =
limit;
7210#if defined(MBEDTLS_SSL_PROTO_DTLS)
7213 unsigned allow_packing )
7215 ssl->disable_datagram_packing = !allow_packing;
7221 conf->hs_timeout_min =
min;
7222 conf->hs_timeout_max =
max;
7231#if defined(MBEDTLS_X509_CRT_PARSE_C)
7242 int (*f_rng)(
void *,
unsigned char *,
size_t),
7245 conf->
f_rng = f_rng;
7246 conf->
p_rng = p_rng;
7250 void (*f_dbg)(
void *,
int,
const char *,
int,
const char *),
7253 conf->
f_dbg = f_dbg;
7254 conf->
p_dbg = p_dbg;
7269#if defined(MBEDTLS_SSL_PROTO_DTLS)
7291 ssl_set_timer( ssl, 0 );
7294#if defined(MBEDTLS_SSL_SRV_C)
7306#if defined(MBEDTLS_SSL_CLI_C)
7329 const int *ciphersuites )
7338 const int *ciphersuites,
7350#if defined(MBEDTLS_X509_CRT_PARSE_C)
7365 if( new_cert ==
NULL )
7382 cur->next = new_cert;
7392 return( ssl_append_key_cert( &conf->
key_cert, own_cert, pk_key ) );
7404#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
7410 own_cert, pk_key ) );
7428#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
7433 const unsigned char *pw,
7454#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
7456 const unsigned char *psk,
size_t psk_len,
7457 const unsigned char *psk_identity,
size_t psk_identity_len )
7459 if( psk ==
NULL || psk_identity ==
NULL )
7466 if( ( psk_identity_len >> 16 ) != 0 ||
7472 if( conf->psk !=
NULL )
7480 if( conf->psk_identity !=
NULL )
7483 conf->psk_identity =
NULL;
7484 conf->psk_identity_len = 0;
7493 conf->psk_identity =
NULL;
7497 conf->psk_len = psk_len;
7498 conf->psk_identity_len = psk_identity_len;
7500 memcpy( conf->psk, psk, conf->psk_len );
7501 memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
7507 const unsigned char *psk,
size_t psk_len )
7537 conf->f_psk = f_psk;
7538 conf->p_psk = p_psk;
7542#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
7544#if !defined(MBEDTLS_DEPRECATED_REMOVED)
7545int mbedtls_ssl_conf_dh_param(
mbedtls_ssl_config *conf,
const char *dhm_P,
const char *dhm_G )
7562 const unsigned char *dhm_P,
size_t P_len,
7563 const unsigned char *dhm_G,
size_t G_len )
7594#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
7599 unsigned int bitlen )
7605#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
7616#if defined(MBEDTLS_ECP_C)
7627#if defined(MBEDTLS_X509_CRT_PARSE_C)
7631 size_t hostname_len = 0;
7666 ssl->
hostname[hostname_len] =
'\0';
7673#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
7676 const unsigned char *,
size_t),
7679 conf->
f_sni = f_sni;
7680 conf->
p_sni = p_sni;
7684#if defined(MBEDTLS_SSL_ALPN)
7687 size_t cur_len, tot_len;
7696 for(
p = protos; *
p !=
NULL;
p++ )
7701 if( ( cur_len == 0 ) ||
7730#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
7733 conf->fallback = fallback;
7737#if defined(MBEDTLS_SSL_SRV_C)
7739 char cert_req_ca_list )
7741 conf->cert_req_ca_list = cert_req_ca_list;
7745#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
7752#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
7759#if defined(MBEDTLS_ARC4_C)
7766#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
7781#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
7788#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
7800#if defined(MBEDTLS_SSL_RENEGOTIATION)
7812 const unsigned char period[8] )
7818#if defined(MBEDTLS_SSL_SESSION_TICKETS)
7819#if defined(MBEDTLS_SSL_CLI_C)
7826#if defined(MBEDTLS_SSL_SRV_C)
7832 conf->f_ticket_write = f_ticket_write;
7833 conf->f_ticket_parse = f_ticket_parse;
7834 conf->p_ticket = p_ticket;
7839#if defined(MBEDTLS_SSL_EXPORT_KEYS)
7841 mbedtls_ssl_export_keys_t *f_export_keys,
7842 void *p_export_keys )
7844 conf->f_export_keys = f_export_keys;
7845 conf->p_export_keys = p_export_keys;
7849#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
7850void mbedtls_ssl_conf_async_private_cb(
7852 mbedtls_ssl_async_sign_t *f_async_sign,
7853 mbedtls_ssl_async_decrypt_t *f_async_decrypt,
7854 mbedtls_ssl_async_resume_t *f_async_resume,
7855 mbedtls_ssl_async_cancel_t *f_async_cancel,
7856 void *async_config_data )
7858 conf->f_async_sign_start = f_async_sign;
7859 conf->f_async_decrypt_start = f_async_decrypt;
7860 conf->f_async_resume = f_async_resume;
7861 conf->f_async_cancel = f_async_cancel;
7862 conf->p_async_config_data = async_config_data;
7867 return( conf->p_async_config_data );
7875 return( ssl->
handshake->user_async_ctx );
7911#if defined(MBEDTLS_SSL_PROTO_DTLS)
7913 ssl->
in_left > ssl->next_record_offset )
7957 return( 0xFFFFFFFF );
7970#if defined(MBEDTLS_SSL_PROTO_DTLS)
7976 return(
"DTLSv1.0" );
7979 return(
"DTLSv1.2" );
7982 return(
"unknown (DTLS)" );
7990 return(
"SSLv3.0" );
7993 return(
"TLSv1.0" );
7996 return(
"TLSv1.1" );
7999 return(
"TLSv1.2" );
8002 return(
"unknown" );
8008 size_t transform_expansion = 0;
8015#if defined(MBEDTLS_ZLIB_SUPPORT)
8026 transform_expansion =
transform->minlen;
8035 transform_expansion +=
transform->maclen;
8044#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
8059#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
8067 max_len = ssl_mfl_code_to_length( ssl->
conf->
mfl_code );
8087#if defined(MBEDTLS_SSL_PROTO_DTLS)
8102 return( ssl->mtu < ssl->
handshake->mtu ?
8111#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
8112 !defined(MBEDTLS_SSL_PROTO_DTLS)
8116#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
8123#if defined(MBEDTLS_SSL_PROTO_DTLS)
8124 if( ssl_get_current_mtu( ssl ) != 0 )
8126 const size_t mtu = ssl_get_current_mtu( ssl );
8133 if( mtu <= overhead )
8139 if( max_len > mtu - overhead )
8140 max_len = mtu - overhead;
8144#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
8145 !defined(MBEDTLS_SSL_PROTO_DTLS)
8149 return( (
int) max_len );
8152#if defined(MBEDTLS_X509_CRT_PARSE_C)
8162#if defined(MBEDTLS_SSL_CLI_C)
8173 return( ssl_session_copy(
dst, ssl->
session ) );
8187#if defined(MBEDTLS_SSL_CLI_C)
8191#if defined(MBEDTLS_SSL_SRV_C)
8224#if defined(MBEDTLS_SSL_RENEGOTIATION)
8225#if defined(MBEDTLS_SSL_SRV_C)
8266 if( (
ret = ssl_handshake_init( ssl ) ) != 0 )
8271#if defined(MBEDTLS_SSL_PROTO_DTLS)
8307#if defined(MBEDTLS_SSL_SRV_C)
8320 return( ssl_write_hello_request( ssl ) );
8324#if defined(MBEDTLS_SSL_CLI_C)
8334 if( (
ret = ssl_start_renegotiation( ssl ) ) != 0 )
8358 size_t ep_len = ssl_ep_len( ssl );
8374 if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
8397#if defined(MBEDTLS_SSL_PROTO_DTLS)
8406 if( (
ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
8424#if defined(MBEDTLS_SSL_RENEGOTIATION)
8425 ret = ssl_check_ctr_renegotiate( ssl );
8490#if defined(MBEDTLS_SSL_CLI_C)
8498#if defined(MBEDTLS_SSL_PROTO_DTLS)
8508#if defined(MBEDTLS_SSL_SRV_C)
8515#if defined(MBEDTLS_SSL_PROTO_DTLS)
8525#if defined(MBEDTLS_SSL_RENEGOTIATION)
8537#if defined(MBEDTLS_SSL_PROTO_DTLS)
8544 ret = ssl_start_renegotiation( ssl );
8561#if defined(MBEDTLS_SSL_PROTO_SSL3)
8572#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
8573 defined(MBEDTLS_SSL_PROTO_TLS1_2)
8612#if defined(MBEDTLS_SSL_RENEGOTIATION)
8620 "but not honored by client" ) );
8645 ssl_set_timer( ssl, 0 );
8647#if defined(MBEDTLS_SSL_PROTO_DTLS)
8651#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
8655 if( (
ret = ssl_resend_hello_request( ssl ) ) != 0 )
8705 const unsigned char *
buf,
size_t len )
8718#if defined(MBEDTLS_SSL_PROTO_DTLS)
8722 "maximum fragment length: %d > %d",
8763 return( (
int)
len );
8773#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
8775 const unsigned char *
buf,
size_t len )
8786 return( ssl_write_real( ssl,
buf,
len ) );
8791 if( (
ret = ssl_write_real( ssl,
buf, 1 ) ) <= 0 )
8796 if( (
ret = ssl_write_real( ssl,
buf + 1,
len - 1 ) ) <= 0 )
8816#if defined(MBEDTLS_SSL_RENEGOTIATION)
8817 if( (
ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
8833#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
8880#if defined(MBEDTLS_ZLIB_SUPPORT)
8894#if defined(MBEDTLS_X509_CRT_PARSE_C)
8908#if defined(MBEDTLS_SSL_PROTO_DTLS)
8918 ssl_free_buffered_record( ssl );
8921 ssl_buffering_free_slot( ssl,
offset );
8933 if( hs_buf->is_valid == 1 )
8935 hs->buffering.total_bytes_buffered -= hs_buf->data_len;
8948 if( handshake ==
NULL )
8951#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
8952 if( ssl->
conf->f_async_cancel !=
NULL && handshake->async_in_progress != 0 )
8954 ssl->
conf->f_async_cancel( ssl );
8955 handshake->async_in_progress = 0;
8959#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
8960 defined(MBEDTLS_SSL_PROTO_TLS1_1)
8964#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
8965#if defined(MBEDTLS_SHA256_C)
8968#if defined(MBEDTLS_SHA512_C)
8973#if defined(MBEDTLS_DHM_C)
8976#if defined(MBEDTLS_ECDH_C)
8979#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
8981#if defined(MBEDTLS_SSL_CLI_C)
8983 handshake->ecjpake_cache =
NULL;
8984 handshake->ecjpake_cache_len = 0;
8988#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
8989 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
8994#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
8995 if( handshake->psk !=
NULL )
9002#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
9003 defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
9021#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
9022 mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
9025#if defined(MBEDTLS_SSL_PROTO_DTLS)
9027 ssl_flight_free( handshake->flight );
9028 ssl_buffering_free( ssl );
9040#if defined(MBEDTLS_X509_CRT_PARSE_C)
9048#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
9077#if defined(MBEDTLS_ZLIB_SUPPORT)
9078 if( ssl->compress_buf !=
NULL )
9108#if defined(MBEDTLS_X509_CRT_PARSE_C)
9116#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
9117 if( mbedtls_ssl_hw_record_finish !=
NULL )
9120 mbedtls_ssl_hw_record_finish( ssl );
9124#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
9142#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
9143static int ssl_preset_default_hashes[] = {
9144#if defined(MBEDTLS_SHA512_C)
9148#if defined(MBEDTLS_SHA256_C)
9152#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
9159static int ssl_preset_suiteb_ciphersuites[] = {
9165#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
9166static int ssl_preset_suiteb_hashes[] = {
9173#if defined(MBEDTLS_ECP_C)
9175#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
9178#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
9189 int endpoint,
int transport,
int preset )
9191#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
9203#if defined(MBEDTLS_SSL_CLI_C)
9207#if defined(MBEDTLS_SSL_SESSION_TICKETS)
9213#if defined(MBEDTLS_ARC4_C)
9217#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
9221#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
9225#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
9229#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
9230 conf->f_cookie_write = ssl_cookie_write_dummy;
9231 conf->f_cookie_check = ssl_cookie_check_dummy;
9234#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
9238#if defined(MBEDTLS_SSL_SRV_C)
9242#if defined(MBEDTLS_SSL_PROTO_DTLS)
9247#if defined(MBEDTLS_SSL_RENEGOTIATION)
9253#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
9256 const unsigned char dhm_p[] =
9258 const unsigned char dhm_g[] =
9261 if ( (
ret = mbedtls_ssl_conf_dh_param_bin( conf,
9262 dhm_p,
sizeof( dhm_p ),
9263 dhm_g,
sizeof( dhm_g ) ) ) != 0 )
9288 ssl_preset_suiteb_ciphersuites;
9290#if defined(MBEDTLS_X509_CRT_PARSE_C)
9294#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
9298#if defined(MBEDTLS_ECP_C)
9318#if defined(MBEDTLS_SSL_PROTO_DTLS)
9329#if defined(MBEDTLS_X509_CRT_PARSE_C)
9333#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
9334 conf->
sig_hashes = ssl_preset_default_hashes;
9337#if defined(MBEDTLS_ECP_C)
9341#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
9354#if defined(MBEDTLS_DHM_C)
9359#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
9360 if( conf->psk !=
NULL )
9368 if( conf->psk_identity !=
NULL )
9372 conf->psk_identity =
NULL;
9373 conf->psk_identity_len = 0;
9377#if defined(MBEDTLS_X509_CRT_PARSE_C)
9378 ssl_key_cert_free( conf->
key_cert );
9384#if defined(MBEDTLS_PK_C) && \
9385 ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
9391#if defined(MBEDTLS_RSA_C)
9395#if defined(MBEDTLS_ECDSA_C)
9419#if defined(MBEDTLS_RSA_C)
9423#if defined(MBEDTLS_ECDSA_C)
9433#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
9434 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
9445 return(
set->ecdsa );
9465 set->ecdsa = md_alg;
9478 set->ecdsa = md_alg;
9491#if defined(MBEDTLS_MD5_C)
9495#if defined(MBEDTLS_SHA1_C)
9499#if defined(MBEDTLS_SHA256_C)
9505#if defined(MBEDTLS_SHA512_C)
9523#if defined(MBEDTLS_MD5_C)
9527#if defined(MBEDTLS_SHA1_C)
9531#if defined(MBEDTLS_SHA256_C)
9537#if defined(MBEDTLS_SHA512_C)
9548#if defined(MBEDTLS_ECP_C)
9561 if( *gid == grp_id )
9568#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
9582 if( *
cur == (
int)
md )
9589#if defined(MBEDTLS_X509_CRT_PARSE_C)
9596#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
9599#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
9600 const char *ext_oid;
9604#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \
9605 !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
9607 ((
void) cert_endpoint);
9611#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
9654 ((
void) ciphersuite);
9657#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
9690 unsigned char ver[2] )
9692#if defined(MBEDTLS_SSL_PROTO_DTLS)
9698 ver[0] = (
unsigned char)( 255 - (
major - 2 ) );
9699 ver[1] = (
unsigned char)( 255 - (
minor - 1 ) );
9712 const unsigned char ver[2] )
9714#if defined(MBEDTLS_SSL_PROTO_DTLS)
9717 *
major = 255 - ver[0] + 2;
9718 *
minor = 255 - ver[1] + 1;
9735#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
9741#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
9742#if defined(MBEDTLS_MD5_C)
9746#if defined(MBEDTLS_SHA1_C)
9752#if defined(MBEDTLS_SHA512_C)
9757#if defined(MBEDTLS_SHA256_C)
9775#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
9776 defined(MBEDTLS_SSL_PROTO_TLS1_1)
9778 unsigned char *output,
9779 unsigned char *
data,
size_t data_len )
9841 output + 16 ) ) != 0 )
9861#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
9862 defined(MBEDTLS_SSL_PROTO_TLS1_2)
9864 unsigned char *
hash,
size_t *hashlen,
9865 unsigned char *
data,
size_t data_len,
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
ACPI_SIZE strlen(const char *String)
unsigned short int uint16_t
struct outqueuenode * head
int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)
Import an MPI from an ASCII string.
int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
Make a copy of an MPI.
int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)
Import an MPI from unsigned big endian binary data.
void mbedtls_mpi_free(mbedtls_mpi *X)
This function frees the components of an MPI context.
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes and fills the cipher-context structure with the appropriate values....
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.
int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
The generic autenticated encryption (AEAD) function.
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED
int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
The generic autenticated decryption (AEAD) function.
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a cipher_context as NONE.
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
static mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.
@ MBEDTLS_MODE_CHACHAPOLY
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode)
This function sets the padding mode, for cipher modes that use padding.
static LPSTR * split(LPSTR s, LPINT args)
void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
This function frees and clears the components of a DHM context.
#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN
void mbedtls_dhm_init(mbedtls_dhm_context *ctx)
This function initializes the DHM context.
int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function derives and exports the shared secret (G^Y)^X mod P.
#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN
static int add_data(struct Vector *v, const BYTE *pData, int size)
int inflate(z_streamp strm, int flush)
int inflateEnd(z_streamp strm)
int deflate(z_streamp strm, int flush) DECLSPEC_HIDDEN
int deflateEnd(z_streamp strm) DECLSPEC_HIDDEN
#define Z_DEFAULT_COMPRESSION
static void cleanup(void)
static BOOL tls1_prf(HCRYPTPROV hProv, HCRYPTPROV hSecret, const PCRYPT_DATA_BLOB pblobLabel, const PCRYPT_DATA_BLOB pblobSeed, BYTE *pbBuffer, DWORD dwBufferLen)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
__kernel_ptrdiff_t ptrdiff_t
int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function derives and exports the shared secret.
void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
This function frees a context.
void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx)
This function initializes an ECDH context.
int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, size_t len)
Set up an ECJPAKE context for use.
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
Initialize an ECJPAKE context.
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
This clears an ECJPAKE context and frees any embedded data structure.
GLuint GLuint GLsizei GLenum type
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
GLuint GLenum GLenum transform
GLenum GLuint GLenum GLsizei const GLchar * buf
GLuint64EXT GLuint GLuint GLenum GLenum GLuint GLuint GLenum GLuint GLuint key1
GLsizeiptr const GLvoid GLenum usage
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
#define MBEDTLS_OID_SIZE(x)
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY
#define MBEDTLS_X509_BADCERT_KEY_USAGE
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
#define MBEDTLS_X509_BADCERT_EXPIRED
#define MBEDTLS_X509_BADCERT_CN_MISMATCH
#define MBEDTLS_X509_BADCERT_OTHER
#define MBEDTLS_X509_BADCERT_MISSING
#define MBEDTLS_X509_BADCERT_BAD_PK
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
#define MBEDTLS_X509_KU_KEY_AGREEMENT
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
struct mbedtls_x509_crt * next
#define MBEDTLS_ERR_X509_ALLOC_FAILED
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define MBEDTLS_X509_BADCERT_REVOKED
#define MBEDTLS_X509_BADCERT_BAD_KEY
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
static DWORD block_size(DWORD block)
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.
mbedtls_md_type_t
Supported message digests.
int mbedtls_md_starts(mbedtls_md_context_t *ctx)
This function starts a message-digest computation.
int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
This function prepares to authenticate a new message with the same key as the previous HMAC operation...
int mbedtls_md_clone(mbedtls_md_context_t *dst, const mbedtls_md_context_t *src)
This function clones the state of an message-digest context.
mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
This function extracts the message-digest type from the message-digest information structure.
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the HMAC operation, and writes the result to the output buffer.
int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing message-digest computation.
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing HMAC computation.
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
This function sets the HMAC key and prepares to authenticate a new message.
#define MBEDTLS_MD_MAX_SIZE
void mbedtls_md_init(mbedtls_md_context_t *ctx)
This function initializes a message-digest context without binding it to a particular message-digest ...
int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the digest operation, and writes the result to the output buffer.
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...
#define memcpy(s1, s2, n)
#define memmove(s1, s2, n)
static const WCHAR label[]
static DATA_BLOB CRYPTPROTECT_PROMPTSTRUCT DATA_BLOB *static LPWSTR DATA_BLOB CRYPTPROTECT_PROMPTSTRUCT DATA_BLOB *static char secret[]
static const DWORD padding[]
Object Identifier (OID) database.
#define MBEDTLS_OID_CLIENT_AUTH
#define MBEDTLS_ERR_OID_NOT_FOUND
#define MBEDTLS_OID_SERVER_AUTH
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
Tell if a context can do the operation given by type.
mbedtls_pk_type_t
Public key types.
static mbedtls_ecp_keypair * mbedtls_pk_ec(const mbedtls_pk_context pk)
static unsigned __int64 next
#define mbedtls_ssl_get_max_frag_len
#define mbedtls_md_info_from_type
#define mbedtls_ssl_set_hostname
#define mbedtls_ssl_conf_authmode
#define mbedtls_ssl_write
#define mbedtls_ssl_conf_endpoint
#define mbedtls_cipher_info_from_type
#define mbedtls_ssl_config_defaults
#define mbedtls_ssl_setup
#define mbedtls_ssl_set_bio
#define mbedtls_ssl_conf_rng
#define mbedtls_ssl_config_free
#define mbedtls_ssl_handshake
#define mbedtls_ssl_get_version
#define mbedtls_ssl_get_peer_cert
#define mbedtls_ssl_conf_max_version
#define mbedtls_ssl_conf_min_version
#define mbedtls_ssl_conf_dbg
#define mbedtls_ssl_config_init
#define mbedtls_ssl_get_ciphersuite
Configuration options (set of defines)
#define MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
Functions for controlling and providing debug output from the library.
#define MBEDTLS_SSL_DEBUG_RET(level, text, ret)
#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr)
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt)
#define MBEDTLS_SSL_DEBUG_MSG(level, args)
#define MBEDTLS_SSL_DEBUG_MPI(level, text, X)
#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len)
const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list(void)
This function retrieves the list of internal group identifiers of all supported curves in the order o...
#define MBEDTLS_ERR_ECP_IN_PROGRESS
@ MBEDTLS_ECP_DP_SECP384R1
@ MBEDTLS_ECP_DP_SECP256R1
void mbedtls_md5_clone(mbedtls_md5_context *dst, const mbedtls_md5_context *src)
Clone (the state of) an MD5 context.
MBEDTLS_DEPRECATED void mbedtls_md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
void mbedtls_md5_free(mbedtls_md5_context *ctx)
Clear MD5 context.
int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx)
MD5 context setup.
void mbedtls_md5_init(mbedtls_md5_context *ctx)
Initialize MD5 context.
int mbedtls_md5_update_ret(mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen)
MD5 process buffer.
int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx, unsigned char output[16])
MD5 final digest.
void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
This function clears a SHA-1 context.
void mbedtls_sha1_clone(mbedtls_sha1_context *dst, const mbedtls_sha1_context *src)
This function clones the state of a SHA-1 context.
int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing SHA-1 checksum calculation.
int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx)
This function starts a SHA-1 checksum calculation.
MBEDTLS_DEPRECATED void mbedtls_sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
This function calculates the SHA-1 checksum of a buffer.
int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, unsigned char output[20])
This function finishes the SHA-1 operation, and writes the result to the output buffer.
void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
This function initializes a SHA-1 context.
#define inflateInit(strm)
#define deflateInit(strm, level)
void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
This function clears a SHA-256 context.
void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
This function initializes a SHA-256 context.
void mbedtls_sha256_clone(mbedtls_sha256_context *dst, const mbedtls_sha256_context *src)
This function clones the state of a SHA-256 context.
int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, unsigned char output[32])
This function finishes the SHA-256 operation, and writes the result to the output buffer.
int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224)
This function starts a SHA-224 or SHA-256 checksum calculation.
int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing SHA-256 checksum calculation.
void mbedtls_sha512_clone(mbedtls_sha512_context *dst, const mbedtls_sha512_context *src)
This function clones the state of a SHA-512 context.
void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
This function clears a SHA-512 context.
int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384)
This function starts a SHA-384 or SHA-512 checksum calculation.
int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing SHA-512 checksum calculation.
int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, unsigned char output[64])
This function finishes the SHA-512 operation, and writes the result to the output buffer.
void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
This function initializes a SHA-512 context.
#define MBEDTLS_PSK_MAX_LEN
#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
#define MBEDTLS_SSL_MAX_FRAG_LEN_2048
#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout)
Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)
#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED
#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
Callback type: generate and write session ticket.
#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems)
Enable or disable Extended Master Secret negotiation. (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
#define MBEDTLS_SSL_MAX_FRAG_LEN_512
#define MBEDTLS_ERR_SSL_NON_FATAL
#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN
void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, const unsigned char period[8])
Set record counter threshold for periodic renegotiation. (Default: 2^48 - 1)
#define MBEDTLS_SSL_ARC4_DISABLED
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy)
Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
#define MBEDTLS_SSL_VERIFY_NONE
#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
#define MBEDTLS_SSL_IS_CLIENT
int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
Reset an already initialized SSL context for re-use while retaining application-set variables,...
#define MBEDTLS_SSL_ALERT_LEVEL_WARNING
#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED
const char * mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl)
Get the name of the negotiated Application Layer Protocol. This function should be called after the h...
#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED
#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN
#define MBEDTLS_SSL_MINOR_VERSION_0
#define MBEDTLS_SSL_SIG_RSA
#define MBEDTLS_SSL_HASH_SHA1
void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split)
Enable / Disable 1/n-1 record splitting (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records)
Enforce renegotiation requests. (Default: enforced, max_records = 16)
void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport)
Set the transport type (TLS or DTLS). Default: TLS.
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING
#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN
#define MBEDTLS_ERR_SSL_TIMEOUT
#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED
#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer)
Set the timer callbacks (Mandatory for DTLS.)
void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
Set the data required to verify peer certificate for the current handshake.
#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED
#define MBEDTLS_SSL_MINOR_VERSION_1
int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len)
Callback type: send data on the network.
void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, int(*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni)
Set server side ServerName TLS extension callback (optional, server-side only).
@ MBEDTLS_SSL_HANDSHAKE_OVER
@ MBEDTLS_SSL_SERVER_FINISHED
@ MBEDTLS_SSL_SERVER_HELLO
@ MBEDTLS_SSL_CLIENT_HELLO
@ MBEDTLS_SSL_CLIENT_FINISHED
@ MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
@ MBEDTLS_SSL_HANDSHAKE_WRAPUP
@ MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
@ MBEDTLS_SSL_HELLO_REQUEST
#define MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_HASH_NONE
int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl)
Check if there is data already read from the underlying transport but not yet processed.
int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
#define MBEDTLS_SSL_MSG_APPLICATION_DATA
int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
Callback type: parse and load session ticket.
int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl)
Initiate an SSL renegotiation on the running connection. Client: perform the renegotiation right now....
int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
Set own certificate chain and private key.
#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl)
Return the result of the certificate verification.
int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)
Callback type: generate a cookie.
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING
int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
Return the current maximum outgoing record payload in bytes. This takes into account the config....
#define MBEDTLS_SSL_HASH_SHA224
void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms)
Callback type: set a pair of timers/delays to watch.
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS
#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA
#define MBEDTLS_SSL_HASH_SHA256
#define MBEDTLS_SSL_COMPRESS_NULL
#define MBEDTLS_ERR_SSL_WANT_READ
#define MBEDTLS_SSL_HS_FINISHED
int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)
Callback type: receive data from the network, with timeout.
#define MBEDTLS_SSL_IS_SERVER
#define MBEDTLS_SSL_LEGACY_RENEGOTIATION
#define MBEDTLS_ERR_SSL_ALLOC_FAILED
#define MBEDTLS_SSL_HS_HELLO_REQUEST
#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED
#define MBEDTLS_SSL_ALERT_MSG_NO_CERT
void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, const int *hashes)
Set the allowed hashes for signatures during the handshake. (Default: all SHA-2 hashes,...
void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate)
Activate negotiation of truncated HMAC (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, const mbedtls_x509_crt_profile *profile)
Set the X.509 security profile used for verification.
#define MBEDTLS_SSL_VERIFY_OPTIONAL
void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
Initialize SSL session structure.
#define MBEDTLS_SSL_HASH_MD5
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, int authmode)
Set authmode for the current handshake.
void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
Set the data required to verify peer certificate.
#define MBEDTLS_SSL_PRESET_SUITEB
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL
#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
#define MBEDTLS_SSL_MSG_ALERT
#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
Request resumption of session (client-side only) Session data is copied from presented session struct...
#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl)
Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc...
#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE
void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets)
Enable / Disable session tickets (client only). (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED....
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)
Callback type: verify a cookie.
#define MBEDTLS_SSL_MAJOR_VERSION_3
void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, unsigned int bitlen)
Set the minimum length for Diffie-Hellman parameters. (Client-side only.) (Default: 1024 bits....
void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4)
Disable or enable support for RC4 (Default: MBEDTLS_SSL_ARC4_DISABLED)
#define MBEDTLS_SSL_MINOR_VERSION_2
int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
Set own certificate and key for the current handshake.
#define MBEDTLS_SSL_HS_CERTIFICATE
void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor)
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol....
#define MBEDTLS_SSL_SIG_ECDSA
#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
#define MBEDTLS_SSL_IN_CONTENT_LEN
int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
Perform a single step of the SSL handshake.
#define MBEDTLS_ERR_SSL_INVALID_RECORD
void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation)
Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RE...
#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
#define MBEDTLS_SSL_RENEGOTIATION_DISABLED
const char * mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
#define MBEDTLS_SSL_ETM_ENABLED
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
#define MBEDTLS_ERR_SSL_CONN_EOF
#define MBEDTLS_SSL_ETM_DISABLED
#define MBEDTLS_SSL_HASH_SHA384
#define MBEDTLS_SSL_COMPRESS_DEFLATE
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len)
Callback type: receive data from the network.
void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
Free referenced items in an SSL session including the peer certificate and clear memory.
#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl)
Notify the peer that the connection is being closed.
#define MBEDTLS_SSL_SIG_ANON
#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code)
Set the maximum fragment length to emit and/or negotiate. (Typical: the smaller of MBEDTLS_SSL_IN_CON...
#define MBEDTLS_ERR_SSL_INVALID_MAC
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, const int *ciphersuites)
Set the list of allowed ciphersuites and the preference order. First in the list has the highest pref...
#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
#define MBEDTLS_SSL_VERIFY_REQUIRED
#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
#define MBEDTLS_SSL_MAX_FRAG_LEN_1024
size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl)
Return the number of application data bytes remaining to be read from the current record.
int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session)
Save session in order to resume it later (client-side only) Session data is copied to presented sessi...
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
int mbedtls_ssl_get_timer_t(void *ctx)
Callback type: get status of timers/delays.
#define MBEDTLS_SSL_MAX_FRAG_LEN_4096
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves)
Set the allowed curves in order of preference. (Default: all defined curves in order of decreasing si...
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
Set the supported Application Layer Protocols.
#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT
#define MBEDTLS_SSL_OUT_CONTENT_LEN
#define MBEDTLS_SSL_HS_CLIENT_HELLO
#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING
#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
#define MBEDTLS_SSL_HASH_SHA512
#define MBEDTLS_SSL_VERIFY_UNSET
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN
#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
#define MBEDTLS_ERR_SSL_INTERNAL_ERROR
#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT
#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
#define MBEDTLS_SSL_MSG_HANDSHAKE
void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm)
Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED)
void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Set the verification callback (Optional).
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE
const int * mbedtls_ssl_list_ciphersuites(void)
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define MBEDTLS_CIPHERSUITE_SHORT_TAG
mbedtls_key_exchange_type_t
@ MBEDTLS_KEY_EXCHANGE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
@ MBEDTLS_KEY_EXCHANGE_DHE_PSK
@ MBEDTLS_KEY_EXCHANGE_DHE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
@ MBEDTLS_KEY_EXCHANGE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECJPAKE
@ MBEDTLS_KEY_EXCHANGE_RSA_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
@ MBEDTLS_KEY_EXCHANGE_NONE
Internal functions shared by the SSL modules.
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_cf_memcpy_offset(unsigned char *dst, const unsigned char *src_base, size_t offset_secret, size_t offset_min, size_t offset_max, size_t len)
Copy data from a secret position with constant flow.
#define MBEDTLS_SSL_MAX_BUFFERED_HS
void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
Free referenced items in an SSL handshake context and clear memory.
#define MBEDTLS_SSL_INITIAL_HANDSHAKE
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
#define MBEDTLS_SSL_RENEGOTIATION_PENDING
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION
#define MBEDTLS_SSL_MAX_MAJOR_VERSION
unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg)
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_IN_BUFFER_LEN
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
#define MBEDTLS_SSL_MIN_MINOR_VERSION
#define MBEDTLS_SSL_OUT_BUFFER_LEN
#define MBEDTLS_SSL_RENEGOTIATION_DONE
#define MBEDTLS_SSL_RETRANS_SENDING
#define MBEDTLS_SSL_RETRANS_PREPARING
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
static void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set)
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
#define MBEDTLS_SSL_RETRANS_WAITING
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_MAX_MINOR_VERSION
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg, mbedtls_md_type_t md_alg)
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, unsigned update_hs_digest)
Update record layer.
int mbedtls_ssl_cf_hmac(mbedtls_md_context_t *ctx, const unsigned char *add_data, size_t add_data_len, const unsigned char *data, size_t data_len_secret, size_t min_data_len, size_t max_data_len, unsigned char *output)
Compute the HMAC of variable-length data with constant flow.
int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg)
int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len)
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_MAC_ADD
#define MBEDTLS_SSL_RETRANS_FINISHED
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_MIN_MAJOR_VERSION
unsigned char iv[MBEDTLS_MAX_IV_LENGTH]
mbedtls_cipher_mode_t mode
The DHM context structure.
const mbedtls_md_info_t * md_info
The SHA-1 context structure.
The SHA-256 context structure.
The SHA-512 context structure.
This structure is used for storing ciphersuite information.
mbedtls_key_exchange_type_t key_exchange
int(* f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
unsigned int cbc_record_splitting
unsigned char max_major_ver
const int * ciphersuite_list[4]
unsigned int session_tickets
int(* f_set_cache)(void *, const mbedtls_ssl_session *)
mbedtls_x509_crl * ca_crl
const mbedtls_ecp_group_id * curve_list
mbedtls_x509_crt * ca_chain
unsigned char max_minor_ver
unsigned char min_minor_ver
unsigned int arc4_disabled
const mbedtls_x509_crt_profile * cert_profile
unsigned int encrypt_then_mac
int(* f_rng)(void *, unsigned char *, size_t)
int(* f_get_cache)(void *, mbedtls_ssl_session *)
unsigned int disable_renegotiation
void(* f_dbg)(void *, int, const char *, int, const char *)
unsigned char renego_period[8]
int(* f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)
unsigned int dhm_min_bitlen
unsigned char min_major_ver
mbedtls_ssl_key_cert * key_cert
unsigned int allow_legacy_renegotiation
mbedtls_ssl_transform * transform_out
mbedtls_ssl_session * session_in
mbedtls_ssl_set_timer_t * f_set_timer
mbedtls_ssl_session * session
unsigned char cur_out_ctr[8]
mbedtls_ssl_get_timer_t * f_get_timer
mbedtls_ssl_transform * transform
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
mbedtls_ssl_send_t * f_send
mbedtls_ssl_session * session_negotiate
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
mbedtls_ssl_session * session_out
mbedtls_ssl_recv_t * f_recv
mbedtls_ssl_recv_timeout_t * f_recv_timeout
mbedtls_ssl_transform * transform_in
mbedtls_ssl_handshake_params * handshake
mbedtls_ssl_transform * transform_negotiate
const mbedtls_ssl_config * conf
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
mbedtls_sha256_context fin_sha256
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
mbedtls_x509_crt * sni_ca_chain
const mbedtls_ecp_curve_info ** curves
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
unsigned char randbytes[64]
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
mbedtls_ssl_sig_hash_set_t hash_algs
mbedtls_sha512_context fin_sha512
mbedtls_dhm_context dhm_ctx
mbedtls_ssl_key_cert * sni_key_cert
mbedtls_ecdh_context ecdh_ctx
mbedtls_sha1_context fin_sha1
mbedtls_x509_crl * sni_ca_crl
mbedtls_md5_context fin_md5
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
mbedtls_ssl_key_cert * next
mbedtls_x509_crt * peer_cert
wchar_t tm const _CrtWcstime_Writes_and_advances_ptr_ count wchar_t ** out