ReactOS  0.4.15-dev-3294-ge98684e
ssl_internal.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  *
10  * This file is provided under the Apache License 2.0, or the
11  * GNU General Public License v2.0 or later.
12  *
13  * **********
14  * Apache License 2.0:
15  *
16  * Licensed under the Apache License, Version 2.0 (the "License"); you may
17  * not use this file except in compliance with the License.
18  * You may obtain a copy of the License at
19  *
20  * http://www.apache.org/licenses/LICENSE-2.0
21  *
22  * Unless required by applicable law or agreed to in writing, software
23  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25  * See the License for the specific language governing permissions and
26  * limitations under the License.
27  *
28  * **********
29  *
30  * **********
31  * GNU General Public License v2.0 or later:
32  *
33  * This program is free software; you can redistribute it and/or modify
34  * it under the terms of the GNU General Public License as published by
35  * the Free Software Foundation; either version 2 of the License, or
36  * (at your option) any later version.
37  *
38  * This program is distributed in the hope that it will be useful,
39  * but WITHOUT ANY WARRANTY; without even the implied warranty of
40  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41  * GNU General Public License for more details.
42  *
43  * You should have received a copy of the GNU General Public License along
44  * with this program; if not, write to the Free Software Foundation, Inc.,
45  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46  *
47  * **********
48  */
49 #ifndef MBEDTLS_SSL_INTERNAL_H
50 #define MBEDTLS_SSL_INTERNAL_H
51 
52 #if !defined(MBEDTLS_CONFIG_FILE)
53 #include "config.h"
54 #else
55 #include MBEDTLS_CONFIG_FILE
56 #endif
57 
58 #include "ssl.h"
59 #include "cipher.h"
60 
61 #if defined(MBEDTLS_MD5_C)
62 #include "md5.h"
63 #endif
64 
65 #if defined(MBEDTLS_SHA1_C)
66 #include "sha1.h"
67 #endif
68 
69 #if defined(MBEDTLS_SHA256_C)
70 #include "sha256.h"
71 #endif
72 
73 #if defined(MBEDTLS_SHA512_C)
74 #include "sha512.h"
75 #endif
76 
77 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
78 #include "ecjpake.h"
79 #endif
80 
81 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
82  !defined(inline) && !defined(__cplusplus)
83 #define inline __inline
84 #endif
85 
86 /* Determine minimum supported version */
87 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
88 
89 #if defined(MBEDTLS_SSL_PROTO_SSL3)
90 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
91 #else
92 #if defined(MBEDTLS_SSL_PROTO_TLS1)
93 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
94 #else
95 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
96 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
97 #else
98 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
99 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
100 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
101 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
102 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
103 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
104 
105 #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
106 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
107 
108 /* Determine maximum supported version */
109 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
110 
111 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
112 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
113 #else
114 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
115 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
116 #else
117 #if defined(MBEDTLS_SSL_PROTO_TLS1)
118 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
119 #else
120 #if defined(MBEDTLS_SSL_PROTO_SSL3)
121 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
122 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
123 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
124 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
125 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
126 
127 /* Shorthand for restartable ECC */
128 #if defined(MBEDTLS_ECP_RESTARTABLE) && \
129  defined(MBEDTLS_SSL_CLI_C) && \
130  defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
131  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
132 #define MBEDTLS_SSL__ECP_RESTARTABLE
133 #endif
134 
135 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
136 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
137 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
138 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
139 
140 /*
141  * DTLS retransmission states, see RFC 6347 4.2.4
142  *
143  * The SENDING state is merged in PREPARING for initial sends,
144  * but is distinct for resends.
145  *
146  * Note: initial state is wrong for server, but is not used anyway.
147  */
148 #define MBEDTLS_SSL_RETRANS_PREPARING 0
149 #define MBEDTLS_SSL_RETRANS_SENDING 1
150 #define MBEDTLS_SSL_RETRANS_WAITING 2
151 #define MBEDTLS_SSL_RETRANS_FINISHED 3
152 
153 /* This macro determines whether CBC is supported. */
154 #if defined(MBEDTLS_CIPHER_MODE_CBC) && \
155  ( defined(MBEDTLS_AES_C) || \
156  defined(MBEDTLS_CAMELLIA_C) || \
157  defined(MBEDTLS_ARIA_C) || \
158  defined(MBEDTLS_DES_C) )
159 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
160 #endif
161 
162 /* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
163  * opposed to the very different CBC construct used in SSLv3) is supported. */
164 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
165  ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
166  defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
167  defined(MBEDTLS_SSL_PROTO_TLS1_2) )
168 #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
169 #endif
170 
171 /*
172  * Allow extra bytes for record, authentication and encryption overhead:
173  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
174  * and allow for a maximum of 1024 of compression expansion if
175  * enabled.
176  */
177 #if defined(MBEDTLS_ZLIB_SUPPORT)
178 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
179 #else
180 #define MBEDTLS_SSL_COMPRESSION_ADD 0
181 #endif
182 
183 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
184 /* Ciphersuites using HMAC */
185 #if defined(MBEDTLS_SHA512_C)
186 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
187 #elif defined(MBEDTLS_SHA256_C)
188 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
189 #else
190 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
191 #endif
192 #else
193 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
194 #define MBEDTLS_SSL_MAC_ADD 16
195 #endif
196 
197 #if defined(MBEDTLS_CIPHER_MODE_CBC)
198 #define MBEDTLS_SSL_PADDING_ADD 256
199 #else
200 #define MBEDTLS_SSL_PADDING_ADD 0
201 #endif
202 
203 #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
204  MBEDTLS_MAX_IV_LENGTH + \
205  MBEDTLS_SSL_MAC_ADD + \
206  MBEDTLS_SSL_PADDING_ADD \
207  )
208 
209 #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
210  ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
211 
212 #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
213  ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
214 
215 /* The maximum number of buffered handshake messages. */
216 #define MBEDTLS_SSL_MAX_BUFFERED_HS 4
217 
218 /* Maximum length we can advertise as our max content length for
219  RFC 6066 max_fragment_length extension negotiation purposes
220  (the lesser of both sizes, if they are unequal.)
221  */
222 #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
223  (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
224  ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
225  : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
226  )
227 
228 /* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
229 #define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
230 
231 /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
232 #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
233 
234 /*
235  * Check that we obey the standard's message size bounds
236  */
237 
238 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
239 #error "Bad configuration - record content too large."
240 #endif
241 
242 #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
243 #error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
244 #endif
245 
246 #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
247 #error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
248 #endif
249 
250 #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
251 #error "Bad configuration - incoming protected record payload too large."
252 #endif
253 
254 #if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
255 #error "Bad configuration - outgoing protected record payload too large."
256 #endif
257 
258 /* Calculate buffer sizes */
259 
260 /* Note: Even though the TLS record header is only 5 bytes
261  long, we're internally using 8 bytes to store the
262  implicit sequence number. */
263 #define MBEDTLS_SSL_HEADER_LEN 13
264 
265 #define MBEDTLS_SSL_IN_BUFFER_LEN \
266  ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
267 
268 #define MBEDTLS_SSL_OUT_BUFFER_LEN \
269  ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
270 
271 #ifdef MBEDTLS_ZLIB_SUPPORT
272 /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
273 #define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
274  ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
275  ? MBEDTLS_SSL_IN_BUFFER_LEN \
276  : MBEDTLS_SSL_OUT_BUFFER_LEN \
277  )
278 #endif
279 
280 /*
281  * TLS extension flags (for extensions with outgoing ServerHello content
282  * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
283  * of state of the renegotiation flag, so no indicator is required)
284  */
285 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
286 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
287 
299 static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
300  const uint8_t *end, size_t need )
301 {
302  return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
303 }
304 
315 #define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
316  do { \
317  if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
318  { \
319  return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
320  } \
321  } while( 0 )
322 
323 #ifdef __cplusplus
324 extern "C" {
325 #endif
326 
327 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
328  defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
329 /*
330  * Abstraction for a grid of allowed signature-hash-algorithm pairs.
331  */
333 {
334  /* At the moment, we only need to remember a single suitable
335  * hash algorithm per signature algorithm. As long as that's
336  * the case - and we don't need a general lookup function -
337  * we can implement the sig-hash-set as a map from signatures
338  * to hash algorithms. */
341 };
342 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
343  MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
344 
345 /*
346  * This structure contains the parameters only needed during handshake.
347  */
349 {
350  /*
351  * Handshake specific crypto variables
352  */
353 
354 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
355  defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
357 #endif
358 #if defined(MBEDTLS_DHM_C)
360 #endif
361 #if defined(MBEDTLS_ECDH_C)
363 #endif
364 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
365  mbedtls_ecjpake_context ecjpake_ctx;
366 #if defined(MBEDTLS_SSL_CLI_C)
367  unsigned char *ecjpake_cache;
368  size_t ecjpake_cache_len;
369 #endif
370 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
371 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
372  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
374 #endif
375 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
376  unsigned char *psk;
377  size_t psk_len;
378 #endif
379 #if defined(MBEDTLS_X509_CRT_PARSE_C)
381 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
386 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
387 #endif /* MBEDTLS_X509_CRT_PARSE_C */
388 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
389  int ecrs_enabled;
391  enum { /* this complements ssl->state with info on intra-state operations */
392  ssl_ecrs_none = 0,
393  ssl_ecrs_crt_verify,
394  ssl_ecrs_ske_start_processing,
395  ssl_ecrs_cke_ecdh_calc_secret,
396  ssl_ecrs_crt_vrfy_sign,
397  } ecrs_state;
398  size_t ecrs_n;
399 #endif
400 #if defined(MBEDTLS_SSL_PROTO_DTLS)
401  unsigned int out_msg_seq;
402  unsigned int in_msg_seq;
404  unsigned char *verify_cookie;
406  unsigned char verify_cookie_len;
409  uint32_t retransmit_timeout;
410  unsigned char retransmit_state;
411  mbedtls_ssl_flight_item *flight;
412  mbedtls_ssl_flight_item *cur_msg;
413  unsigned char *cur_msg_p;
414  unsigned int in_flight_start_seq;
416  mbedtls_ssl_transform *alt_transform_out;
418  unsigned char alt_out_ctr[8];
421  struct
422  {
423  size_t total_bytes_buffered;
426  uint8_t seen_ccs;
429  struct mbedtls_ssl_hs_buffer
430  {
431  unsigned is_valid : 1;
432  unsigned is_fragmented : 1;
433  unsigned is_complete : 1;
434  unsigned char *data;
435  size_t data_len;
437 
438  struct
439  {
440  unsigned char *data;
441  size_t len;
442  unsigned epoch;
443  } future_record;
444 
445  } buffering;
446 
447  uint16_t mtu;
448 #endif /* MBEDTLS_SSL_PROTO_DTLS */
449 
450  /*
451  * Checksum contexts
452  */
453 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
454  defined(MBEDTLS_SSL_PROTO_TLS1_1)
457 #endif
458 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
459 #if defined(MBEDTLS_SHA256_C)
461 #endif
462 #if defined(MBEDTLS_SHA512_C)
464 #endif
465 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
466 
467  void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
468  void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
469  void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
470  int (*tls_prf)(const unsigned char *, size_t, const char *,
471  const unsigned char *, size_t,
472  unsigned char *, size_t);
473 
474  size_t pmslen;
476  unsigned char randbytes[64];
480  int resume;
483  int cli_exts;
485 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
487 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
488 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
490 #endif
491 
492 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
493  unsigned int async_in_progress : 1;
494 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
495 
496 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
497 
502  void *user_async_ctx;
503 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
504 };
505 
507 
508 /*
509  * This structure contains a full set of runtime transform parameters
510  * either in negotiation or active.
511  */
513 {
514  /*
515  * Session specific crypto layer
516  */
519  unsigned int keylen;
520  size_t minlen;
521  size_t ivlen;
522  size_t fixed_ivlen;
523  size_t maclen;
525  unsigned char iv_enc[16];
526  unsigned char iv_dec[16];
528 #if defined(MBEDTLS_SSL_PROTO_SSL3)
529  /* Needed only for SSL v3.0 secret */
530  unsigned char mac_enc[20];
531  unsigned char mac_dec[20];
532 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
533 
540  /*
541  * Session specific compression layer
542  */
543 #if defined(MBEDTLS_ZLIB_SUPPORT)
544  z_stream ctx_deflate;
545  z_stream ctx_inflate;
546 #endif
547 };
548 
549 #if defined(MBEDTLS_X509_CRT_PARSE_C)
550 /*
551  * List of certificate + private key pairs
552  */
554 {
558 };
559 #endif /* MBEDTLS_X509_CRT_PARSE_C */
560 
561 #if defined(MBEDTLS_SSL_PROTO_DTLS)
562 /*
563  * List of handshake messages kept around for resending
564  */
565 struct mbedtls_ssl_flight_item
566 {
567  unsigned char *p;
568  size_t len;
569  unsigned char type;
570  mbedtls_ssl_flight_item *next;
571 };
572 #endif /* MBEDTLS_SSL_PROTO_DTLS */
573 
574 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
575  defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
576 
577 /* Find an entry in a signature-hash set matching a given hash algorithm. */
579  mbedtls_pk_type_t sig_alg );
580 /* Add a signature-hash-pair to a signature-hash set */
582  mbedtls_pk_type_t sig_alg,
583  mbedtls_md_type_t md_alg );
584 /* Allow exactly one hash algorithm for each signature. */
586  mbedtls_md_type_t md_alg );
587 
588 /* Setup an empty signature-hash set */
590 {
592 }
593 
594 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
595  MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
596 
604 
612 
616 
618 
621 
625 
703  unsigned update_hs_digest );
704 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
705 
707 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
709 
712 
715 
718 
720  const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
721 
722 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
723 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
724 #endif
725 
726 #if defined(MBEDTLS_PK_C)
727 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
730 #endif
731 
733 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
735 
736 #if defined(MBEDTLS_ECP_C)
738 #endif
739 
740 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
743 #endif
744 
745 #if defined(MBEDTLS_X509_CRT_PARSE_C)
747 {
748  mbedtls_ssl_key_cert *key_cert;
749 
750  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
751  key_cert = ssl->handshake->key_cert;
752  else
753  key_cert = ssl->conf->key_cert;
754 
755  return( key_cert == NULL ? NULL : key_cert->key );
756 }
757 
759 {
760  mbedtls_ssl_key_cert *key_cert;
761 
762  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
763  key_cert = ssl->handshake->key_cert;
764  else
765  key_cert = ssl->conf->key_cert;
766 
767  return( key_cert == NULL ? NULL : key_cert->cert );
768 }
769 
770 /*
771  * Check usage of a certificate wrt extensions:
772  * keyUsage, extendedKeyUsage (later), and nSCertType (later).
773  *
774  * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
775  * check a cert we received from them)!
776  *
777  * Return 0 if everything is OK, -1 if not.
778  */
780  const mbedtls_ssl_ciphersuite_t *ciphersuite,
781  int cert_endpoint,
782  uint32_t *flags );
783 #endif /* MBEDTLS_X509_CRT_PARSE_C */
784 
785 void mbedtls_ssl_write_version( int major, int minor, int transport,
786  unsigned char ver[2] );
787 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
788  const unsigned char ver[2] );
789 
790 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
791 {
792 #if defined(MBEDTLS_SSL_PROTO_DTLS)
794  return( 13 );
795 #else
796  ((void) ssl);
797 #endif
798  return( 5 );
799 }
800 
801 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
802 {
803 #if defined(MBEDTLS_SSL_PROTO_DTLS)
805  return( 12 );
806 #else
807  ((void) ssl);
808 #endif
809  return( 4 );
810 }
811 
812 #if defined(MBEDTLS_SSL_PROTO_DTLS)
813 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
814 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
815 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
816 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
817 #endif
818 
819 /* Visible for testing purposes only */
820 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
821 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
822 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
823 #endif
824 
825 /* constant-time buffer comparison */
826 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
827 {
828  size_t i;
829  volatile const unsigned char *A = (volatile const unsigned char *) a;
830  volatile const unsigned char *B = (volatile const unsigned char *) b;
831  volatile unsigned char diff = 0;
832 
833  for( i = 0; i < n; i++ )
834  {
835  /* Read volatile data in order before computing diff.
836  * This avoids IAR compiler warning:
837  * 'the order of volatile accesses is undefined ..' */
838  unsigned char x = A[i], y = B[i];
839  diff |= x ^ y;
840  }
841 
842  return( diff );
843 }
844 
845 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
846  defined(MBEDTLS_SSL_PROTO_TLS1_1)
848  unsigned char *output,
849  unsigned char *data, size_t data_len );
850 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
851  MBEDTLS_SSL_PROTO_TLS1_1 */
852 
853 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
854  defined(MBEDTLS_SSL_PROTO_TLS1_2)
856  unsigned char *hash, size_t *hashlen,
857  unsigned char *data, size_t data_len,
858  mbedtls_md_type_t md_alg );
859 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
860  MBEDTLS_SSL_PROTO_TLS1_2 */
861 
862 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
863 
899  const unsigned char *add_data, size_t add_data_len,
900  const unsigned char *data, size_t data_len_secret,
901  size_t min_data_len, size_t max_data_len,
902  unsigned char *output );
903 
922 void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst,
923  const unsigned char *src_base,
924  size_t offset_secret,
925  size_t offset_min, size_t offset_max,
926  size_t len );
927 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
928 
929 #ifdef __cplusplus
930 }
931 #endif
932 
933 #endif /* ssl_internal.h */
void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
Free referenced items in an SSL handshake context and clear memory.
int mbedtls_ssl_cf_hmac(mbedtls_md_context_t *ctx, const unsigned char *add_data, size_t add_data_len, const unsigned char *data, size_t data_len_secret, size_t min_data_len, size_t max_data_len, unsigned char *output)
Compute the HMAC of variable-length data with constant flow.
unsigned int transport
Definition: ssl.h:1010
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
Public key container.
Definition: pk.h:155
mbedtls_sha1_context fin_sha1
Definition: ssl_internal.h:456
Definition: ehthrow.cxx:53
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
Definition: ssl_internal.h:467
static UCHAR ULONG UCHAR ULONG UCHAR * output
Definition: bcrypt.c:29
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
mbedtls_md_type_t rsa
Definition: ssl_internal.h:339
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
mbedtls_ssl_key_cert * key_cert
Definition: ssl_internal.h:380
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
void mbedtls_ssl_cf_memcpy_offset(unsigned char *dst, const unsigned char *src_base, size_t offset_secret, size_t offset_min, size_t offset_max, size_t len)
Copy data from a secret position with constant flow.
unsigned char randbytes[64]
Definition: ssl_internal.h:476
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
static BOOL is_valid(HIMAGELIST himl)
Definition: imagelist.c:3998
mbedtls_sha256_context fin_sha256
Definition: ssl_internal.h:460
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
mbedtls_ecdh_context ecdh_ctx
Definition: ssl_internal.h:362
GLdouble n
Definition: glext.h:7729
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl_internal.h:826
GLint GLint GLint GLint GLint x
Definition: gl.h:1548
mbedtls_sha512_context fin_sha512
Definition: ssl_internal.h:463
mbedtls_pk_type_t
Public key types.
Definition: pk.h:103
unsigned short int uint16_t
Definition: acefiex.h:54
int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
Definition: ehthrow.cxx:92
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg)
static int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, const uint8_t *end, size_t need)
This function checks if the remaining size in a buffer is greater or equal than a needed space.
Definition: ssl_internal.h:299
mbedtls_cipher_context_t cipher_ctx_enc
Definition: ssl_internal.h:537
Elliptic curve J-PAKE.
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:801
void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg, mbedtls_md_type_t md_alg)
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Definition: ssl.h:163
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
static void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set)
Definition: ssl_internal.h:589
mbedtls_x509_crt * sni_ca_chain
Definition: ssl_internal.h:384
mbedtls_md_context_t md_ctx_dec
Definition: ssl_internal.h:535
const mbedtls_ssl_ciphersuite_t * ciphersuite_info
Definition: ssl_internal.h:517
mbedtls_md5_context fin_md5
Definition: ssl_internal.h:455
unsigned char iv_dec[16]
Definition: ssl_internal.h:526
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1088
ULONG major
const mbedtls_ecp_curve_info ** curves
Definition: ssl_internal.h:373
int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg)
void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
static BYTE cert[]
Definition: msg.c:1437
unsigned char iv_enc[16]
Definition: ssl_internal.h:525
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:926
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
The SHA-512 context structure.
Definition: sha512.h:82
__kernel_size_t size_t
Definition: linux.h:237
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer
Definition: ssl_internal.h:506
#define MBEDTLS_SSL_MAX_BUFFERED_HS
Definition: ssl_internal.h:216
GLboolean GLboolean GLboolean b
Definition: glext.h:6204
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
Definition: ssl_internal.h:468
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, unsigned update_hs_digest)
Update record layer.
mbedtls_ssl_sig_hash_set_t hash_algs
Definition: ssl_internal.h:356
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:758
GLbitfield flags
Definition: glext.h:7161
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
GLuint GLuint end
Definition: gl.h:1545
mbedtls_ecp_group_id
Definition: ecp.h:102
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush)
The DHM context structure.
Definition: dhm.h:127
const mbedtls_ssl_config * conf
Definition: ssl.h:1053
The SHA-256 context structure.
Definition: sha256.h:83
void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
The ECDH context structure.
Definition: ecdh.h:135
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
GLenum GLsizei len
Definition: glext.h:6722
BYTE uint8_t
Definition: msvideo1.c:66
This structure is used for storing ciphersuite information.
#define MBEDTLS_PREMASTER_SIZE
Definition: ssl.h:445
int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
FxCollectionEntry * cur
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
mbedtls_cipher_context_t cipher_ctx_dec
Definition: ssl_internal.h:538
static unsigned __int64 next
Definition: rand_nt.c:6
mbedtls_ssl_key_cert * next
Definition: ssl_internal.h:557
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
MD5 context structure.
Definition: md5.h:84
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
GLenum GLenum dst
Definition: glext.h:6340
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
mbedtls_md_type_t ecdsa
Definition: ssl_internal.h:340
#define NULL
Definition: types.h:112
The SHA-1 context structure.
Definition: sha1.h:88
This file contains SHA-384 and SHA-512 definitions and functions.
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
GLint GLint GLint GLint GLint GLint y
Definition: gl.h:1548
UINT32 uint32_t
Definition: types.h:75
mbedtls_ssl_key_cert * sni_key_cert
Definition: ssl_internal.h:383
SSL/TLS functions.
mbedtls_pk_context * key
Definition: ssl_internal.h:556
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
Definition: ssl_internal.h:477
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
Definition: ssl_internal.h:469
GLuint GLenum GLenum transform
Definition: glext.h:9407
static int add_data(struct Vector *v, const BYTE *pData, int size)
Definition: filtermapper.c:146
mbedtls_x509_crl * sni_ca_crl
Definition: ssl_internal.h:385
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
Definition: ssl_internal.h:470
GLboolean GLboolean GLboolean GLboolean a
Definition: glext.h:6204
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
GLfloat GLfloat p
Definition: glext.h:8902
mbedtls_md_context_t md_ctx_enc
Definition: ssl_internal.h:534
#define md
Definition: compat-1.3.h:2013
This file contains SHA-224 and SHA-256 definitions and functions.
Definition: _hash_fun.h:40
Definition: _set.h:46
mbedtls_x509_crt * cert
Definition: ssl_internal.h:555
mbedtls_dhm_context dhm_ctx
Definition: ssl_internal.h:359
ULONG minor
static UINT PSTR DWORD UINT * need
Definition: parser.c:36
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:746
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:790
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31