ReactOS  0.4.15-dev-3181-g4acf100
ssl_internal.h File Reference

Internal functions shared by the SSL modules. More...

#include "config.h"
#include "ssl.h"
#include "cipher.h"
#include "md5.h"
#include "sha1.h"
#include "sha256.h"
#include "sha512.h"
Include dependency graph for ssl_internal.h:

Go to the source code of this file.

Classes

struct  mbedtls_ssl_sig_hash_set_t
 
struct  mbedtls_ssl_handshake_params
 
struct  mbedtls_ssl_transform
 
struct  mbedtls_ssl_key_cert
 

Macros

#define MBEDTLS_SSL_MIN_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3
 
#define MBEDTLS_SSL_MIN_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_1
 
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_1
 
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3
 
#define MBEDTLS_SSL_MAX_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3
 
#define MBEDTLS_SSL_MAX_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_3
 
#define MBEDTLS_SSL_INITIAL_HANDSHAKE   0
 
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1 /* In progress */
 
#define MBEDTLS_SSL_RENEGOTIATION_DONE   2 /* Done or aborted */
 
#define MBEDTLS_SSL_RENEGOTIATION_PENDING   3 /* Requested (server only) */
 
#define MBEDTLS_SSL_RETRANS_PREPARING   0
 
#define MBEDTLS_SSL_RETRANS_SENDING   1
 
#define MBEDTLS_SSL_RETRANS_WAITING   2
 
#define MBEDTLS_SSL_RETRANS_FINISHED   3
 
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
 
#define MBEDTLS_SSL_COMPRESSION_ADD   0
 
#define MBEDTLS_SSL_MAC_ADD   48 /* SHA-384 used for HMAC */
 
#define MBEDTLS_SSL_PADDING_ADD   256
 
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD
 
#define MBEDTLS_SSL_IN_PAYLOAD_LEN
 
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN
 
#define MBEDTLS_SSL_MAX_BUFFERED_HS   4
 
#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN
 
#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN   65534
 
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN   65535
 
#define MBEDTLS_SSL_HEADER_LEN   13
 
#define MBEDTLS_SSL_IN_BUFFER_LEN   ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
 
#define MBEDTLS_SSL_OUT_BUFFER_LEN   ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
 
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT   (1 << 0)
 
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK   (1 << 1)
 
#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need)
 This macro checks if the remaining size in a buffer is greater or equal than a needed space. If it is not the case, it returns an SSL_BUFFER_TOO_SMALL error. More...
 

Typedefs

typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer
 

Functions

static int mbedtls_ssl_chk_buf_ptr (const uint8_t *cur, const uint8_t *end, size_t need)
 This function checks if the remaining size in a buffer is greater or equal than a needed space. More...
 
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find (mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg)
 
void mbedtls_ssl_sig_hash_set_add (mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg, mbedtls_md_type_t md_alg)
 
void mbedtls_ssl_sig_hash_set_const_hash (mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
 
static void mbedtls_ssl_sig_hash_set_init (mbedtls_ssl_sig_hash_set_t *set)
 
void mbedtls_ssl_transform_free (mbedtls_ssl_transform *transform)
 Free referenced items in an SSL transform context and clear memory. More...
 
void mbedtls_ssl_handshake_free (mbedtls_ssl_context *ssl)
 Free referenced items in an SSL handshake context and clear memory. More...
 
int mbedtls_ssl_handshake_client_step (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_handshake_server_step (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_handshake_wrapup (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_send_fatal_handshake_failure (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_reset_checksum (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_derive_keys (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_handle_message_type (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_prepare_handshake_record (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_update_handshake_status (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_read_record (mbedtls_ssl_context *ssl, unsigned update_hs_digest)
 Update record layer. More...
 
int mbedtls_ssl_fetch_input (mbedtls_ssl_context *ssl, size_t nb_want)
 
int mbedtls_ssl_write_handshake_msg (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_record (mbedtls_ssl_context *ssl, uint8_t force_flush)
 
int mbedtls_ssl_flush_output (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_parse_certificate (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_certificate (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_parse_change_cipher_spec (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_change_cipher_spec (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_parse_finished (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_finished (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_optimize_checksum (mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
 
unsigned char mbedtls_ssl_sig_from_pk (mbedtls_pk_context *pk)
 
unsigned char mbedtls_ssl_sig_from_pk_alg (mbedtls_pk_type_t type)
 
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig (unsigned char sig)
 
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash (unsigned char hash)
 
unsigned char mbedtls_ssl_hash_from_md_alg (int md)
 
int mbedtls_ssl_set_calc_verify_md (mbedtls_ssl_context *ssl, int md)
 
int mbedtls_ssl_check_curve (const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
 
int mbedtls_ssl_check_sig_hash (const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
 
static mbedtls_pk_contextmbedtls_ssl_own_key (mbedtls_ssl_context *ssl)
 
static mbedtls_x509_crtmbedtls_ssl_own_cert (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_check_cert_usage (const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
 
void mbedtls_ssl_write_version (int major, int minor, int transport, unsigned char ver[2])
 
void mbedtls_ssl_read_version (int *major, int *minor, int transport, const unsigned char ver[2])
 
static size_t mbedtls_ssl_hdr_len (const mbedtls_ssl_context *ssl)
 
static size_t mbedtls_ssl_hs_hdr_len (const mbedtls_ssl_context *ssl)
 
static int mbedtls_ssl_safer_memcmp (const void *a, const void *b, size_t n)
 
int mbedtls_ssl_get_key_exchange_md_ssl_tls (mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len)
 
int mbedtls_ssl_get_key_exchange_md_tls1_2 (mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg)
 
int mbedtls_ssl_cf_hmac (mbedtls_md_context_t *ctx, const unsigned char *add_data, size_t add_data_len, const unsigned char *data, size_t data_len_secret, size_t min_data_len, size_t max_data_len, unsigned char *output)
 Compute the HMAC of variable-length data with constant flow. More...
 
void mbedtls_ssl_cf_memcpy_offset (unsigned char *dst, const unsigned char *src_base, size_t offset_secret, size_t offset_min, size_t offset_max, size_t len)
 Copy data from a secret position with constant flow. More...
 

Detailed Description

Internal functions shared by the SSL modules.

Definition in file ssl_internal.h.

Macro Definition Documentation

◆ MBEDTLS_SSL_CHK_BUF_PTR

#define MBEDTLS_SSL_CHK_BUF_PTR (   cur,
  end,
  need 
)
Value:
do { \
if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
{ \
} \
} while( 0 )
static int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, const uint8_t *end, size_t need)
This function checks if the remaining size in a buffer is greater or equal than a needed space.
Definition: ssl_internal.h:299
GLuint GLuint end
Definition: gl.h:1545
FxCollectionEntry * cur
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
Definition: ssl.h:138
static UINT PSTR DWORD UINT * need
Definition: parser.c:36

This macro checks if the remaining size in a buffer is greater or equal than a needed space. If it is not the case, it returns an SSL_BUFFER_TOO_SMALL error.

Parameters
curPointer to the current position in the buffer.
endPointer to one past the end of the buffer.
needNeeded space in bytes.

Definition at line 315 of file ssl_internal.h.

◆ MBEDTLS_SSL_COMPRESSION_ADD

#define MBEDTLS_SSL_COMPRESSION_ADD   0

Definition at line 180 of file ssl_internal.h.

◆ MBEDTLS_SSL_HEADER_LEN

#define MBEDTLS_SSL_HEADER_LEN   13

Definition at line 263 of file ssl_internal.h.

◆ MBEDTLS_SSL_IN_BUFFER_LEN

#define MBEDTLS_SSL_IN_BUFFER_LEN   ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )

Definition at line 265 of file ssl_internal.h.

◆ MBEDTLS_SSL_IN_PAYLOAD_LEN

#define MBEDTLS_SSL_IN_PAYLOAD_LEN
Value:
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD
Definition: ssl_internal.h:203
#define MBEDTLS_SSL_IN_CONTENT_LEN
Definition: ssl.h:269

Definition at line 209 of file ssl_internal.h.

◆ MBEDTLS_SSL_INITIAL_HANDSHAKE

#define MBEDTLS_SSL_INITIAL_HANDSHAKE   0

Definition at line 135 of file ssl_internal.h.

◆ MBEDTLS_SSL_MAC_ADD

#define MBEDTLS_SSL_MAC_ADD   48 /* SHA-384 used for HMAC */

Definition at line 186 of file ssl_internal.h.

◆ MBEDTLS_SSL_MAX_BUFFERED_HS

#define MBEDTLS_SSL_MAX_BUFFERED_HS   4

Definition at line 216 of file ssl_internal.h.

◆ MBEDTLS_SSL_MAX_CURVE_LIST_LEN

#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN   65535

Definition at line 232 of file ssl_internal.h.

◆ MBEDTLS_SSL_MAX_MAJOR_VERSION

#define MBEDTLS_SSL_MAX_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3

Definition at line 109 of file ssl_internal.h.

◆ MBEDTLS_SSL_MAX_MINOR_VERSION

#define MBEDTLS_SSL_MAX_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_3

Definition at line 112 of file ssl_internal.h.

◆ MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN

#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN   65534

Definition at line 229 of file ssl_internal.h.

◆ MBEDTLS_SSL_MIN_MAJOR_VERSION

#define MBEDTLS_SSL_MIN_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3

Definition at line 87 of file ssl_internal.h.

◆ MBEDTLS_SSL_MIN_MINOR_VERSION

#define MBEDTLS_SSL_MIN_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_1

Definition at line 93 of file ssl_internal.h.

◆ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION

#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3

Definition at line 106 of file ssl_internal.h.

◆ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION

#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_1

Definition at line 105 of file ssl_internal.h.

◆ MBEDTLS_SSL_OUT_BUFFER_LEN

#define MBEDTLS_SSL_OUT_BUFFER_LEN   ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )

Definition at line 268 of file ssl_internal.h.

◆ MBEDTLS_SSL_OUT_PAYLOAD_LEN

#define MBEDTLS_SSL_OUT_PAYLOAD_LEN
Value:
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD
Definition: ssl_internal.h:203
#define MBEDTLS_SSL_OUT_CONTENT_LEN
Definition: ssl.h:273

Definition at line 212 of file ssl_internal.h.

◆ MBEDTLS_SSL_PADDING_ADD

#define MBEDTLS_SSL_PADDING_ADD   256

Definition at line 198 of file ssl_internal.h.

◆ MBEDTLS_SSL_PAYLOAD_OVERHEAD

#define MBEDTLS_SSL_PAYLOAD_OVERHEAD
Value:
MBEDTLS_MAX_IV_LENGTH + \
MBEDTLS_SSL_MAC_ADD + \
MBEDTLS_SSL_PADDING_ADD \
)
#define MBEDTLS_SSL_COMPRESSION_ADD
Definition: ssl_internal.h:180

Definition at line 203 of file ssl_internal.h.

◆ MBEDTLS_SSL_RENEGOTIATION_DONE

#define MBEDTLS_SSL_RENEGOTIATION_DONE   2 /* Done or aborted */

Definition at line 137 of file ssl_internal.h.

◆ MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS

#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1 /* In progress */

Definition at line 136 of file ssl_internal.h.

◆ MBEDTLS_SSL_RENEGOTIATION_PENDING

#define MBEDTLS_SSL_RENEGOTIATION_PENDING   3 /* Requested (server only) */

Definition at line 138 of file ssl_internal.h.

◆ MBEDTLS_SSL_RETRANS_FINISHED

#define MBEDTLS_SSL_RETRANS_FINISHED   3

Definition at line 151 of file ssl_internal.h.

◆ MBEDTLS_SSL_RETRANS_PREPARING

#define MBEDTLS_SSL_RETRANS_PREPARING   0

Definition at line 148 of file ssl_internal.h.

◆ MBEDTLS_SSL_RETRANS_SENDING

#define MBEDTLS_SSL_RETRANS_SENDING   1

Definition at line 149 of file ssl_internal.h.

◆ MBEDTLS_SSL_RETRANS_WAITING

#define MBEDTLS_SSL_RETRANS_WAITING   2

Definition at line 150 of file ssl_internal.h.

◆ MBEDTLS_SSL_SOME_SUITES_USE_CBC

#define MBEDTLS_SSL_SOME_SUITES_USE_CBC

Definition at line 159 of file ssl_internal.h.

◆ MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC

#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC

Definition at line 168 of file ssl_internal.h.

◆ MBEDTLS_TLS_EXT_ADV_CONTENT_LEN

#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN
Value:
( \
)
#define MBEDTLS_SSL_OUT_CONTENT_LEN
Definition: ssl.h:273
#define MBEDTLS_SSL_IN_CONTENT_LEN
Definition: ssl.h:269

Definition at line 222 of file ssl_internal.h.

◆ MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK

#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK   (1 << 1)

Definition at line 286 of file ssl_internal.h.

◆ MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT

#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT   (1 << 0)

Definition at line 285 of file ssl_internal.h.

Typedef Documentation

◆ mbedtls_ssl_hs_buffer

Function Documentation

◆ mbedtls_ssl_cf_hmac()

int mbedtls_ssl_cf_hmac ( mbedtls_md_context_t ctx,
const unsigned char add_data,
size_t  add_data_len,
const unsigned char data,
size_t  data_len_secret,
size_t  min_data_len,
size_t  max_data_len,
unsigned char output 
)

Compute the HMAC of variable-length data with constant flow.

This function computes the HMAC of the concatenation of add_data and data, and does with a code flow and memory access pattern that does not depend on data_len_secret, but only on min_data_len and max_data_len. In particular, this function always reads exactly max_data_len bytes from data.

Parameters
ctxThe HMAC context. It must have keys configured with mbedtls_md_hmac_starts() and use one of the following hashes: SHA-384, SHA-256, SHA-1 or MD-5. It is reset using mbedtls_md_hmac_reset() after the computation is complete to prepare for the next computation.
add_dataThe additional data prepended to data. This must point to a readable buffer of add_data_len bytes.
add_data_lenThe length of add_data in bytes.
dataThe data appended to add_data. This must point to a readable buffer of max_data_len bytes.
data_len_secretThe length of the data to process in data. This must be no less than min_data_len and no greater than max_data_len.
min_data_lenThe minimal length of data in bytes.
max_data_lenThe maximal length of data in bytes.
outputThe HMAC will be written here. This must point to a writable buffer of sufficient size to hold the HMAC value.
Return values
0Success.
MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILEDThe hardware accelerator failed.

◆ mbedtls_ssl_cf_memcpy_offset()

void mbedtls_ssl_cf_memcpy_offset ( unsigned char dst,
const unsigned char src_base,
size_t  offset_secret,
size_t  offset_min,
size_t  offset_max,
size_t  len 
)

Copy data from a secret position with constant flow.

This function copies len bytes from src_base + offset_secret to dst, with a code flow and memory access pattern that does not depend on offset_secret, but only on offset_min, offset_max and len.

Parameters
dstThe destination buffer. This must point to a writable buffer of at least len bytes.
src_baseThe base of the source buffer. This must point to a readable buffer of at least offset_max + len bytes.
offset_secretThe offset in the source buffer from which to copy. This must be no less than offset_min and no greater than offset_max.
offset_minThe minimal value of offset_secret.
offset_maxThe maximal value of offset_secret.
lenThe number of bytes to copy.

◆ mbedtls_ssl_check_cert_usage()

int mbedtls_ssl_check_cert_usage ( const mbedtls_x509_crt cert,
const mbedtls_ssl_ciphersuite_t ciphersuite,
int  cert_endpoint,
uint32_t flags 
)

◆ mbedtls_ssl_check_curve()

int mbedtls_ssl_check_curve ( const mbedtls_ssl_context ssl,
mbedtls_ecp_group_id  grp_id 
)

◆ mbedtls_ssl_check_sig_hash()

int mbedtls_ssl_check_sig_hash ( const mbedtls_ssl_context ssl,
mbedtls_md_type_t  md 
)

◆ mbedtls_ssl_chk_buf_ptr()

static int mbedtls_ssl_chk_buf_ptr ( const uint8_t cur,
const uint8_t end,
size_t  need 
)
inlinestatic

This function checks if the remaining size in a buffer is greater or equal than a needed space.

Parameters
curPointer to the current position in the buffer.
endPointer to one past the end of the buffer.
needNeeded space in bytes.
Returns
Zero if the needed space is available in the buffer, non-zero otherwise.

Definition at line 299 of file ssl_internal.h.

301 {
302  return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
303 }
GLuint GLuint end
Definition: gl.h:1545
FxCollectionEntry * cur
static UINT PSTR DWORD UINT * need
Definition: parser.c:36

◆ mbedtls_ssl_derive_keys()

int mbedtls_ssl_derive_keys ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_fetch_input()

int mbedtls_ssl_fetch_input ( mbedtls_ssl_context ssl,
size_t  nb_want 
)

◆ mbedtls_ssl_flush_output()

int mbedtls_ssl_flush_output ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_get_key_exchange_md_ssl_tls()

int mbedtls_ssl_get_key_exchange_md_ssl_tls ( mbedtls_ssl_context ssl,
unsigned char output,
unsigned char data,
size_t  data_len 
)

◆ mbedtls_ssl_get_key_exchange_md_tls1_2()

int mbedtls_ssl_get_key_exchange_md_tls1_2 ( mbedtls_ssl_context ssl,
unsigned char hash,
size_t hashlen,
unsigned char data,
size_t  data_len,
mbedtls_md_type_t  md_alg 
)

◆ mbedtls_ssl_handle_message_type()

int mbedtls_ssl_handle_message_type ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_handshake_client_step()

int mbedtls_ssl_handshake_client_step ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_handshake_free()

void mbedtls_ssl_handshake_free ( mbedtls_ssl_context ssl)

Free referenced items in an SSL handshake context and clear memory.

Parameters
sslSSL context

◆ mbedtls_ssl_handshake_server_step()

int mbedtls_ssl_handshake_server_step ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_handshake_wrapup()

void mbedtls_ssl_handshake_wrapup ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_hash_from_md_alg()

unsigned char mbedtls_ssl_hash_from_md_alg ( int  md)

◆ mbedtls_ssl_hdr_len()

static size_t mbedtls_ssl_hdr_len ( const mbedtls_ssl_context ssl)
inlinestatic

Definition at line 790 of file ssl_internal.h.

791 {
792 #if defined(MBEDTLS_SSL_PROTO_DTLS)
794  return( 13 );
795 #else
796  ((void) ssl);
797 #endif
798  return( 5 );
799 }
unsigned int transport
Definition: ssl.h:1010
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Definition: ssl.h:163
const mbedtls_ssl_config * conf
Definition: ssl.h:1053

◆ mbedtls_ssl_hs_hdr_len()

static size_t mbedtls_ssl_hs_hdr_len ( const mbedtls_ssl_context ssl)
inlinestatic

Definition at line 801 of file ssl_internal.h.

802 {
803 #if defined(MBEDTLS_SSL_PROTO_DTLS)
805  return( 12 );
806 #else
807  ((void) ssl);
808 #endif
809  return( 4 );
810 }
unsigned int transport
Definition: ssl.h:1010
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Definition: ssl.h:163
const mbedtls_ssl_config * conf
Definition: ssl.h:1053

◆ mbedtls_ssl_md_alg_from_hash()

mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash ( unsigned char  hash)

◆ mbedtls_ssl_optimize_checksum()

void mbedtls_ssl_optimize_checksum ( mbedtls_ssl_context ssl,
const mbedtls_ssl_ciphersuite_t ciphersuite_info 
)

◆ mbedtls_ssl_own_cert()

static mbedtls_x509_crt* mbedtls_ssl_own_cert ( mbedtls_ssl_context ssl)
inlinestatic

Definition at line 758 of file ssl_internal.h.

759 {
760  mbedtls_ssl_key_cert *key_cert;
761 
762  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
763  key_cert = ssl->handshake->key_cert;
764  else
765  key_cert = ssl->conf->key_cert;
766 
767  return( key_cert == NULL ? NULL : key_cert->cert );
768 }
mbedtls_ssl_key_cert * key_cert
Definition: ssl_internal.h:380
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1088
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:926
const mbedtls_ssl_config * conf
Definition: ssl.h:1053
#define NULL
Definition: types.h:112
mbedtls_x509_crt * cert
Definition: ssl_internal.h:555

◆ mbedtls_ssl_own_key()

static mbedtls_pk_context* mbedtls_ssl_own_key ( mbedtls_ssl_context ssl)
inlinestatic

Definition at line 746 of file ssl_internal.h.

747 {
748  mbedtls_ssl_key_cert *key_cert;
749 
750  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
751  key_cert = ssl->handshake->key_cert;
752  else
753  key_cert = ssl->conf->key_cert;
754 
755  return( key_cert == NULL ? NULL : key_cert->key );
756 }
mbedtls_ssl_key_cert * key_cert
Definition: ssl_internal.h:380
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1088
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:926
const mbedtls_ssl_config * conf
Definition: ssl.h:1053
#define NULL
Definition: types.h:112
mbedtls_pk_context * key
Definition: ssl_internal.h:556

◆ mbedtls_ssl_parse_certificate()

int mbedtls_ssl_parse_certificate ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_parse_change_cipher_spec()

int mbedtls_ssl_parse_change_cipher_spec ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_parse_finished()

int mbedtls_ssl_parse_finished ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_pk_alg_from_sig()

mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig ( unsigned char  sig)

◆ mbedtls_ssl_prepare_handshake_record()

int mbedtls_ssl_prepare_handshake_record ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_read_record()

int mbedtls_ssl_read_record ( mbedtls_ssl_context ssl,
unsigned  update_hs_digest 
)

Update record layer.

         This function roughly separates the implementation
         of the logic of (D)TLS from the implementation
         of the secure transport.
Parameters
sslThe SSL context to use.
update_hs_digestThis indicates if the handshake digest should be automatically updated in case a handshake message is found.
Returns
0 or non-zero error code.
Note
A clarification on what is called 'record layer' here is in order, as many sensible definitions are possible:

The record layer takes as input an untrusted underlying transport (stream or datagram) and transforms it into a serially multiplexed, secure transport, which conceptually provides the following:

(1) Three datagram based, content-agnostic transports for handshake, alert and CCS messages. (2) One stream- or datagram-based transport for application data. (3) Functionality for changing the underlying transform securing the contents.

The interface to this functionality is given as follows:

a Updating [Currently implemented by mbedtls_ssl_read_record]

Check if and on which of the four 'ports' data is pending: Nothing, a controlling datagram of type (1), or application data (2). In any case data is present, internal buffers provide access to the data for the user to process it. Consumption of type (1) datagrams is done automatically on the next update, invalidating that the internal buffers for previous datagrams, while consumption of application data (2) is user-controlled.

b Reading of application data [Currently manual adaption of ssl->in_offt pointer]

As mentioned in the last paragraph, consumption of data is different from the automatic consumption of control datagrams (1) because application data is treated as a stream.

c Tracking availability of application data [Currently manually through decreasing ssl->in_msglen]

For efficiency and to retain datagram semantics for application data in case of DTLS, the record layer provides functionality for checking how much application data is still available in the internal buffer.

d Changing the transformation securing the communication.

Given an opaque implementation of the record layer in the above sense, it should be possible to implement the logic of (D)TLS on top of it without the need to know anything about the record layer's internals. This is done e.g. in all the handshake handling functions, and in the application data reading function mbedtls_ssl_read.

Note
The above tries to give a conceptual picture of the record layer, but the current implementation deviates from it in some places. For example, our implementation of the update functionality through mbedtls_ssl_read_record discards datagrams depending on the current state, which wouldn't fall under the record layer's responsibility following the above definition.

◆ mbedtls_ssl_read_version()

void mbedtls_ssl_read_version ( int major,
int minor,
int  transport,
const unsigned char  ver[2] 
)

◆ mbedtls_ssl_reset_checksum()

void mbedtls_ssl_reset_checksum ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_safer_memcmp()

static int mbedtls_ssl_safer_memcmp ( const void a,
const void b,
size_t  n 
)
inlinestatic

Definition at line 826 of file ssl_internal.h.

827 {
828  size_t i;
829  volatile const unsigned char *A = (volatile const unsigned char *) a;
830  volatile const unsigned char *B = (volatile const unsigned char *) b;
831  volatile unsigned char diff = 0;
832 
833  for( i = 0; i < n; i++ )
834  {
835  /* Read volatile data in order before computing diff.
836  * This avoids IAR compiler warning:
837  * 'the order of volatile accesses is undefined ..' */
838  unsigned char x = A[i], y = B[i];
839  diff |= x ^ y;
840  }
841 
842  return( diff );
843 }
Definition: ehthrow.cxx:53
GLdouble n
Definition: glext.h:7729
GLint GLint GLint GLint GLint x
Definition: gl.h:1548
Definition: ehthrow.cxx:92
GLboolean GLboolean GLboolean b
Definition: glext.h:6204
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
GLint GLint GLint GLint GLint GLint y
Definition: gl.h:1548
GLboolean GLboolean GLboolean GLboolean a
Definition: glext.h:6204

◆ mbedtls_ssl_send_fatal_handshake_failure()

int mbedtls_ssl_send_fatal_handshake_failure ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_set_calc_verify_md()

int mbedtls_ssl_set_calc_verify_md ( mbedtls_ssl_context ssl,
int  md 
)

◆ mbedtls_ssl_sig_from_pk()

unsigned char mbedtls_ssl_sig_from_pk ( mbedtls_pk_context pk)

◆ mbedtls_ssl_sig_from_pk_alg()

unsigned char mbedtls_ssl_sig_from_pk_alg ( mbedtls_pk_type_t  type)

◆ mbedtls_ssl_sig_hash_set_add()

void mbedtls_ssl_sig_hash_set_add ( mbedtls_ssl_sig_hash_set_t set,
mbedtls_pk_type_t  sig_alg,
mbedtls_md_type_t  md_alg 
)

◆ mbedtls_ssl_sig_hash_set_const_hash()

void mbedtls_ssl_sig_hash_set_const_hash ( mbedtls_ssl_sig_hash_set_t set,
mbedtls_md_type_t  md_alg 
)

◆ mbedtls_ssl_sig_hash_set_find()

mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find ( mbedtls_ssl_sig_hash_set_t set,
mbedtls_pk_type_t  sig_alg 
)

◆ mbedtls_ssl_sig_hash_set_init()

static void mbedtls_ssl_sig_hash_set_init ( mbedtls_ssl_sig_hash_set_t set)
inlinestatic

Definition at line 589 of file ssl_internal.h.

590 {
592 }
void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
Definition: _set.h:46

◆ mbedtls_ssl_transform_free()

void mbedtls_ssl_transform_free ( mbedtls_ssl_transform transform)

Free referenced items in an SSL transform context and clear memory.

Parameters
transformSSL transform context

◆ mbedtls_ssl_update_handshake_status()

void mbedtls_ssl_update_handshake_status ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_write_certificate()

int mbedtls_ssl_write_certificate ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_write_change_cipher_spec()

int mbedtls_ssl_write_change_cipher_spec ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_write_finished()

int mbedtls_ssl_write_finished ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_write_handshake_msg()

int mbedtls_ssl_write_handshake_msg ( mbedtls_ssl_context ssl)

◆ mbedtls_ssl_write_record()

int mbedtls_ssl_write_record ( mbedtls_ssl_context ssl,
uint8_t  force_flush 
)

◆ mbedtls_ssl_write_version()

void mbedtls_ssl_write_version ( int  major,
int  minor,
int  transport,
unsigned char  ver[2] 
)