ReactOS 0.4.15-dev-8119-g4fb2fdb
ssl_internal.h
Go to the documentation of this file.
1
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 *
10 * This file is provided under the Apache License 2.0, or the
11 * GNU General Public License v2.0 or later.
12 *
13 * **********
14 * Apache License 2.0:
15 *
16 * Licensed under the Apache License, Version 2.0 (the "License"); you may
17 * not use this file except in compliance with the License.
18 * You may obtain a copy of the License at
19 *
20 * http://www.apache.org/licenses/LICENSE-2.0
21 *
22 * Unless required by applicable law or agreed to in writing, software
23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25 * See the License for the specific language governing permissions and
26 * limitations under the License.
27 *
28 * **********
29 *
30 * **********
31 * GNU General Public License v2.0 or later:
32 *
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
37 *
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46 *
47 * **********
48 */
49#ifndef MBEDTLS_SSL_INTERNAL_H
50#define MBEDTLS_SSL_INTERNAL_H
51
52#if !defined(MBEDTLS_CONFIG_FILE)
53#include "config.h"
54#else
55#include MBEDTLS_CONFIG_FILE
56#endif
57
58#include "ssl.h"
59#include "cipher.h"
60
61#if defined(MBEDTLS_MD5_C)
62#include "md5.h"
63#endif
64
65#if defined(MBEDTLS_SHA1_C)
66#include "sha1.h"
67#endif
68
69#if defined(MBEDTLS_SHA256_C)
70#include "sha256.h"
71#endif
72
73#if defined(MBEDTLS_SHA512_C)
74#include "sha512.h"
75#endif
76
77#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
78#include "ecjpake.h"
79#endif
80
81#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
82 !defined(inline) && !defined(__cplusplus)
83#define inline __inline
84#endif
85
86/* Determine minimum supported version */
87#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
88
89#if defined(MBEDTLS_SSL_PROTO_SSL3)
90#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
91#else
92#if defined(MBEDTLS_SSL_PROTO_TLS1)
93#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
94#else
95#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
96#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
97#else
98#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
99#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
100#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
101#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
102#endif /* MBEDTLS_SSL_PROTO_TLS1 */
103#endif /* MBEDTLS_SSL_PROTO_SSL3 */
104
105#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
106#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
107
108/* Determine maximum supported version */
109#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
110
111#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
112#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
113#else
114#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
115#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
116#else
117#if defined(MBEDTLS_SSL_PROTO_TLS1)
118#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
119#else
120#if defined(MBEDTLS_SSL_PROTO_SSL3)
121#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
122#endif /* MBEDTLS_SSL_PROTO_SSL3 */
123#endif /* MBEDTLS_SSL_PROTO_TLS1 */
124#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
125#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
126
127/* Shorthand for restartable ECC */
128#if defined(MBEDTLS_ECP_RESTARTABLE) && \
129 defined(MBEDTLS_SSL_CLI_C) && \
130 defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
131 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
132#define MBEDTLS_SSL__ECP_RESTARTABLE
133#endif
134
135#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
136#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
137#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
138#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
139
140/*
141 * DTLS retransmission states, see RFC 6347 4.2.4
142 *
143 * The SENDING state is merged in PREPARING for initial sends,
144 * but is distinct for resends.
145 *
146 * Note: initial state is wrong for server, but is not used anyway.
147 */
148#define MBEDTLS_SSL_RETRANS_PREPARING 0
149#define MBEDTLS_SSL_RETRANS_SENDING 1
150#define MBEDTLS_SSL_RETRANS_WAITING 2
151#define MBEDTLS_SSL_RETRANS_FINISHED 3
152
153/* This macro determines whether CBC is supported. */
154#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
155 ( defined(MBEDTLS_AES_C) || \
156 defined(MBEDTLS_CAMELLIA_C) || \
157 defined(MBEDTLS_ARIA_C) || \
158 defined(MBEDTLS_DES_C) )
159#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
160#endif
161
162/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
163 * opposed to the very different CBC construct used in SSLv3) is supported. */
164#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
165 ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
166 defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
167 defined(MBEDTLS_SSL_PROTO_TLS1_2) )
168#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
169#endif
170
171/*
172 * Allow extra bytes for record, authentication and encryption overhead:
173 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
174 * and allow for a maximum of 1024 of compression expansion if
175 * enabled.
176 */
177#if defined(MBEDTLS_ZLIB_SUPPORT)
178#define MBEDTLS_SSL_COMPRESSION_ADD 1024
179#else
180#define MBEDTLS_SSL_COMPRESSION_ADD 0
181#endif
182
183#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
184/* Ciphersuites using HMAC */
185#if defined(MBEDTLS_SHA512_C)
186#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
187#elif defined(MBEDTLS_SHA256_C)
188#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
189#else
190#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
191#endif
192#else
193/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
194#define MBEDTLS_SSL_MAC_ADD 16
195#endif
196
197#if defined(MBEDTLS_CIPHER_MODE_CBC)
198#define MBEDTLS_SSL_PADDING_ADD 256
199#else
200#define MBEDTLS_SSL_PADDING_ADD 0
201#endif
202
203#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
204 MBEDTLS_MAX_IV_LENGTH + \
205 MBEDTLS_SSL_MAC_ADD + \
206 MBEDTLS_SSL_PADDING_ADD \
207 )
208
209#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
210 ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
211
212#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
213 ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
214
215/* The maximum number of buffered handshake messages. */
216#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
217
218/* Maximum length we can advertise as our max content length for
219 RFC 6066 max_fragment_length extension negotiation purposes
220 (the lesser of both sizes, if they are unequal.)
221 */
222#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
223 (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
224 ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
225 : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
226 )
227
228/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
229#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
230
231/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
232#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
233
234/*
235 * Check that we obey the standard's message size bounds
236 */
237
238#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
239#error "Bad configuration - record content too large."
240#endif
241
242#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
243#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
244#endif
245
246#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
247#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
248#endif
249
250#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
251#error "Bad configuration - incoming protected record payload too large."
252#endif
253
254#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
255#error "Bad configuration - outgoing protected record payload too large."
256#endif
257
258/* Calculate buffer sizes */
259
260/* Note: Even though the TLS record header is only 5 bytes
261 long, we're internally using 8 bytes to store the
262 implicit sequence number. */
263#define MBEDTLS_SSL_HEADER_LEN 13
264
265#define MBEDTLS_SSL_IN_BUFFER_LEN \
266 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
267
268#define MBEDTLS_SSL_OUT_BUFFER_LEN \
269 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
270
271#ifdef MBEDTLS_ZLIB_SUPPORT
272/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
273#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
274 ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
275 ? MBEDTLS_SSL_IN_BUFFER_LEN \
276 : MBEDTLS_SSL_OUT_BUFFER_LEN \
277 )
278#endif
279
280/*
281 * TLS extension flags (for extensions with outgoing ServerHello content
282 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
283 * of state of the renegotiation flag, so no indicator is required)
284 */
285#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
286#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
287
299static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
300 const uint8_t *end, size_t need )
301{
302 return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
303}
304
315#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
316 do { \
317 if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
318 { \
319 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
320 } \
321 } while( 0 )
322
323#ifdef __cplusplus
324extern "C" {
325#endif
326
327#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
328 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
329/*
330 * Abstraction for a grid of allowed signature-hash-algorithm pairs.
331 */
333{
334 /* At the moment, we only need to remember a single suitable
335 * hash algorithm per signature algorithm. As long as that's
336 * the case - and we don't need a general lookup function -
337 * we can implement the sig-hash-set as a map from signatures
338 * to hash algorithms. */
341};
342#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
343 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
344
345/*
346 * This structure contains the parameters only needed during handshake.
347 */
349{
350 /*
351 * Handshake specific crypto variables
352 */
353
354#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
355 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
357#endif
358#if defined(MBEDTLS_DHM_C)
360#endif
361#if defined(MBEDTLS_ECDH_C)
363#endif
364#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
365 mbedtls_ecjpake_context ecjpake_ctx;
366#if defined(MBEDTLS_SSL_CLI_C)
367 unsigned char *ecjpake_cache;
368 size_t ecjpake_cache_len;
369#endif
370#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
371#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
372 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
374#endif
375#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
376 unsigned char *psk;
377 size_t psk_len;
378#endif
379#if defined(MBEDTLS_X509_CRT_PARSE_C)
381#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
386#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
387#endif /* MBEDTLS_X509_CRT_PARSE_C */
388#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
389 int ecrs_enabled;
391 enum { /* this complements ssl->state with info on intra-state operations */
392 ssl_ecrs_none = 0,
393 ssl_ecrs_crt_verify,
394 ssl_ecrs_ske_start_processing,
395 ssl_ecrs_cke_ecdh_calc_secret,
396 ssl_ecrs_crt_vrfy_sign,
397 } ecrs_state;
398 size_t ecrs_n;
399#endif
400#if defined(MBEDTLS_SSL_PROTO_DTLS)
401 unsigned int out_msg_seq;
402 unsigned int in_msg_seq;
404 unsigned char *verify_cookie;
406 unsigned char verify_cookie_len;
409 uint32_t retransmit_timeout;
410 unsigned char retransmit_state;
411 mbedtls_ssl_flight_item *flight;
412 mbedtls_ssl_flight_item *cur_msg;
413 unsigned char *cur_msg_p;
414 unsigned int in_flight_start_seq;
416 mbedtls_ssl_transform *alt_transform_out;
418 unsigned char alt_out_ctr[8];
421 struct
422 {
423 size_t total_bytes_buffered;
426 uint8_t seen_ccs;
430 {
431 unsigned is_valid : 1;
432 unsigned is_fragmented : 1;
433 unsigned is_complete : 1;
434 unsigned char *data;
435 size_t data_len;
437
438 struct
439 {
440 unsigned char *data;
441 size_t len;
442 unsigned epoch;
443 } future_record;
444
445 } buffering;
446
447 uint16_t mtu;
448#endif /* MBEDTLS_SSL_PROTO_DTLS */
449
450 /*
451 * Checksum contexts
452 */
453#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
454 defined(MBEDTLS_SSL_PROTO_TLS1_1)
457#endif
458#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
459#if defined(MBEDTLS_SHA256_C)
461#endif
462#if defined(MBEDTLS_SHA512_C)
464#endif
465#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
466
467 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
468 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
469 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
470 int (*tls_prf)(const unsigned char *, size_t, const char *,
471 const unsigned char *, size_t,
472 unsigned char *, size_t);
473
474 size_t pmslen;
476 unsigned char randbytes[64];
480 int resume;
485#if defined(MBEDTLS_SSL_SESSION_TICKETS)
487#endif /* MBEDTLS_SSL_SESSION_TICKETS */
488#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
490#endif
491
492#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
493 unsigned int async_in_progress : 1;
494#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
495
496#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
502 void *user_async_ctx;
503#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
504};
505
507
508/*
509 * This structure contains a full set of runtime transform parameters
510 * either in negotiation or active.
511 */
513{
514 /*
515 * Session specific crypto layer
516 */
519 unsigned int keylen;
520 size_t minlen;
521 size_t ivlen;
522 size_t fixed_ivlen;
523 size_t maclen;
525 unsigned char iv_enc[16];
526 unsigned char iv_dec[16];
528#if defined(MBEDTLS_SSL_PROTO_SSL3)
529 /* Needed only for SSL v3.0 secret */
530 unsigned char mac_enc[20];
531 unsigned char mac_dec[20];
532#endif /* MBEDTLS_SSL_PROTO_SSL3 */
533
540 /*
541 * Session specific compression layer
542 */
543#if defined(MBEDTLS_ZLIB_SUPPORT)
544 z_stream ctx_deflate;
545 z_stream ctx_inflate;
546#endif
547};
548
549#if defined(MBEDTLS_X509_CRT_PARSE_C)
550/*
551 * List of certificate + private key pairs
552 */
554{
558};
559#endif /* MBEDTLS_X509_CRT_PARSE_C */
560
561#if defined(MBEDTLS_SSL_PROTO_DTLS)
562/*
563 * List of handshake messages kept around for resending
564 */
565struct mbedtls_ssl_flight_item
566{
567 unsigned char *p;
568 size_t len;
569 unsigned char type;
570 mbedtls_ssl_flight_item *next;
571};
572#endif /* MBEDTLS_SSL_PROTO_DTLS */
573
574#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
575 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
576
577/* Find an entry in a signature-hash set matching a given hash algorithm. */
579 mbedtls_pk_type_t sig_alg );
580/* Add a signature-hash-pair to a signature-hash set */
582 mbedtls_pk_type_t sig_alg,
583 mbedtls_md_type_t md_alg );
584/* Allow exactly one hash algorithm for each signature. */
586 mbedtls_md_type_t md_alg );
587
588/* Setup an empty signature-hash set */
590{
592}
593
594#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
595 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
596
604
612
616
618
621
625
703 unsigned update_hs_digest );
705
709
712
715
718
720 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
721
722#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
723int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
724#endif
725
726#if defined(MBEDTLS_PK_C)
730#endif
731
733unsigned char mbedtls_ssl_hash_from_md_alg( int md );
735
736#if defined(MBEDTLS_ECP_C)
738#endif
739
740#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
743#endif
744
745#if defined(MBEDTLS_X509_CRT_PARSE_C)
747{
748 mbedtls_ssl_key_cert *key_cert;
749
750 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
751 key_cert = ssl->handshake->key_cert;
752 else
753 key_cert = ssl->conf->key_cert;
754
755 return( key_cert == NULL ? NULL : key_cert->key );
756}
757
759{
760 mbedtls_ssl_key_cert *key_cert;
761
762 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
763 key_cert = ssl->handshake->key_cert;
764 else
765 key_cert = ssl->conf->key_cert;
766
767 return( key_cert == NULL ? NULL : key_cert->cert );
768}
769
770/*
771 * Check usage of a certificate wrt extensions:
772 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
773 *
774 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
775 * check a cert we received from them)!
776 *
777 * Return 0 if everything is OK, -1 if not.
778 */
780 const mbedtls_ssl_ciphersuite_t *ciphersuite,
781 int cert_endpoint,
782 uint32_t *flags );
783#endif /* MBEDTLS_X509_CRT_PARSE_C */
784
785void mbedtls_ssl_write_version( int major, int minor, int transport,
786 unsigned char ver[2] );
787void mbedtls_ssl_read_version( int *major, int *minor, int transport,
788 const unsigned char ver[2] );
789
790static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
791{
792#if defined(MBEDTLS_SSL_PROTO_DTLS)
794 return( 13 );
795#else
796 ((void) ssl);
797#endif
798 return( 5 );
799}
800
801static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
802{
803#if defined(MBEDTLS_SSL_PROTO_DTLS)
805 return( 12 );
806#else
807 ((void) ssl);
808#endif
809 return( 4 );
810}
811
812#if defined(MBEDTLS_SSL_PROTO_DTLS)
813void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
814void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
815int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
816int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
817#endif
818
819/* Visible for testing purposes only */
820#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
821int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
822void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
823#endif
824
825/* constant-time buffer comparison */
826static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
827{
828 size_t i;
829 volatile const unsigned char *A = (volatile const unsigned char *) a;
830 volatile const unsigned char *B = (volatile const unsigned char *) b;
831 volatile unsigned char diff = 0;
832
833 for( i = 0; i < n; i++ )
834 {
835 /* Read volatile data in order before computing diff.
836 * This avoids IAR compiler warning:
837 * 'the order of volatile accesses is undefined ..' */
838 unsigned char x = A[i], y = B[i];
839 diff |= x ^ y;
840 }
841
842 return( diff );
843}
844
845#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
846 defined(MBEDTLS_SSL_PROTO_TLS1_1)
848 unsigned char *output,
849 unsigned char *data, size_t data_len );
850#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
851 MBEDTLS_SSL_PROTO_TLS1_1 */
852
853#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
854 defined(MBEDTLS_SSL_PROTO_TLS1_2)
856 unsigned char *hash, size_t *hashlen,
857 unsigned char *data, size_t data_len,
858 mbedtls_md_type_t md_alg );
859#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
860 MBEDTLS_SSL_PROTO_TLS1_2 */
861
862#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
899 const unsigned char *add_data, size_t add_data_len,
900 const unsigned char *data, size_t data_len_secret,
901 size_t min_data_len, size_t max_data_len,
902 unsigned char *output );
903
923 const unsigned char *src_base,
924 size_t offset_secret,
925 size_t offset_min, size_t offset_max,
926 size_t len );
927#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
928
929#ifdef __cplusplus
930}
931#endif
932
933#endif /* ssl_internal.h */
unsigned short int uint16_t
Definition: acefiex.h:54
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
Definition: ehthrow.cxx:93
Definition: ehthrow.cxx:54
Definition: _set.h:50
#define md
Definition: compat-1.3.h:2013
#define NULL
Definition: types.h:112
UINT32 uint32_t
Definition: types.h:75
static int add_data(struct Vector *v, const BYTE *pData, int size)
Definition: filtermapper.c:146
static BOOL is_valid(HIMAGELIST himl)
Definition: imagelist.c:3998
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31
__kernel_size_t size_t
Definition: linux.h:237
Elliptic curve J-PAKE.
mbedtls_ecp_group_id
Definition: ecp.h:103
FxCollectionEntry * cur
GLint GLint GLint GLint GLint x
Definition: gl.h:1548
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
GLint GLint GLint GLint GLint GLint y
Definition: gl.h:1548
GLuint GLuint end
Definition: gl.h:1545
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
GLdouble n
Definition: glext.h:7729
GLuint GLenum GLenum transform
Definition: glext.h:9407
GLboolean GLboolean GLboolean b
Definition: glext.h:6204
GLenum GLenum dst
Definition: glext.h:6340
GLbitfield flags
Definition: glext.h:7161
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
GLboolean GLboolean GLboolean GLboolean a
Definition: glext.h:6204
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
@ MBEDTLS_MD_NONE
Definition: md.h:84
static BYTE cert[]
Definition: msg.c:1437
static UINT PSTR DWORD UINT * need
Definition: parser.c:36
BYTE uint8_t
Definition: msvideo1.c:66
mbedtls_pk_type_t
Public key types.
Definition: pk.h:103
#define minor(rdev)
Definition: propsheet.cpp:929
#define major(rdev)
Definition: propsheet.cpp:928
static unsigned __int64 next
Definition: rand_nt.c:6
This file contains SHA-224 and SHA-256 definitions and functions.
This file contains SHA-384 and SHA-512 definitions and functions.
SSL/TLS functions.
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Definition: ssl.h:163
#define MBEDTLS_PREMASTER_SIZE
Definition: ssl.h:445
mbedtls_key_exchange_type_t
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl_internal.h:826
void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_cf_memcpy_offset(unsigned char *dst, const unsigned char *src_base, size_t offset_secret, size_t offset_min, size_t offset_max, size_t len)
Copy data from a secret position with constant flow.
#define MBEDTLS_SSL_MAX_BUFFERED_HS
Definition: ssl_internal.h:216
void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
Free referenced items in an SSL handshake context and clear memory.
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:746
unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg)
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
static void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set)
Definition: ssl_internal.h:589
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:801
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg, mbedtls_md_type_t md_alg)
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:758
int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, unsigned update_hs_digest)
Update record layer.
int mbedtls_ssl_cf_hmac(mbedtls_md_context_t *ctx, const unsigned char *add_data, size_t add_data_len, const unsigned char *data, size_t data_len_secret, size_t min_data_len, size_t max_data_len, unsigned char *output)
Compute the HMAC of variable-length data with constant flow.
int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg)
int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len)
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
static int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, const uint8_t *end, size_t need)
This function checks if the remaining size in a buffer is greater or equal than a needed space.
Definition: ssl_internal.h:299
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer
Definition: ssl_internal.h:506
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:790
Definition: _hash_fun.h:40
The DHM context structure.
Definition: dhm.h:128
The ECDH context structure.
Definition: ecdh.h:136
MD5 context structure.
Definition: md5.h:85
Public key container.
Definition: pk.h:156
The SHA-1 context structure.
Definition: sha1.h:89
The SHA-256 context structure.
Definition: sha256.h:84
The SHA-512 context structure.
Definition: sha512.h:83
This structure is used for storing ciphersuite information.
unsigned int transport
Definition: ssl.h:1010
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:926
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1088
const mbedtls_ssl_config * conf
Definition: ssl.h:1053
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
Definition: ssl_internal.h:467
mbedtls_ssl_key_cert * key_cert
Definition: ssl_internal.h:380
mbedtls_sha256_context fin_sha256
Definition: ssl_internal.h:460
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
Definition: ssl_internal.h:477
mbedtls_x509_crt * sni_ca_chain
Definition: ssl_internal.h:384
const mbedtls_ecp_curve_info ** curves
Definition: ssl_internal.h:373
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
Definition: ssl_internal.h:469
unsigned char randbytes[64]
Definition: ssl_internal.h:476
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
Definition: ssl_internal.h:470
mbedtls_ssl_sig_hash_set_t hash_algs
Definition: ssl_internal.h:356
mbedtls_sha512_context fin_sha512
Definition: ssl_internal.h:463
mbedtls_dhm_context dhm_ctx
Definition: ssl_internal.h:359
mbedtls_ssl_key_cert * sni_key_cert
Definition: ssl_internal.h:383
mbedtls_ecdh_context ecdh_ctx
Definition: ssl_internal.h:362
mbedtls_sha1_context fin_sha1
Definition: ssl_internal.h:456
mbedtls_x509_crl * sni_ca_crl
Definition: ssl_internal.h:385
mbedtls_md5_context fin_md5
Definition: ssl_internal.h:455
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
Definition: ssl_internal.h:468
mbedtls_pk_context * key
Definition: ssl_internal.h:556
mbedtls_x509_crt * cert
Definition: ssl_internal.h:555
mbedtls_ssl_key_cert * next
Definition: ssl_internal.h:557
mbedtls_md_type_t rsa
Definition: ssl_internal.h:339
mbedtls_md_type_t ecdsa
Definition: ssl_internal.h:340
mbedtls_md_context_t md_ctx_enc
Definition: ssl_internal.h:534
mbedtls_cipher_context_t cipher_ctx_enc
Definition: ssl_internal.h:537
unsigned char iv_enc[16]
Definition: ssl_internal.h:525
const mbedtls_ssl_ciphersuite_t * ciphersuite_info
Definition: ssl_internal.h:517
mbedtls_cipher_context_t cipher_ctx_dec
Definition: ssl_internal.h:538
mbedtls_md_context_t md_ctx_dec
Definition: ssl_internal.h:535
unsigned char iv_dec[16]
Definition: ssl_internal.h:526