41#if defined(SONAME_LIBMBEDTLS) && !defined(HAVE_SECURITY_SECURITY_H) && !defined(SONAME_LIBGNUTLS)
51#define ROS_SCHAN_IS_BLOCKING(read_len) ((read_len & 0xFFF00000) == 0xCCC00000)
52#define ROS_SCHAN_IS_BLOCKING_MARSHALL(read_len) ((read_len & 0x000FFFFF) | 0xCCC00000)
53#define ROS_SCHAN_IS_BLOCKING_RETRIEVE(read_len) (read_len & 0x000FFFFF)
67 #define _countof(a) (sizeof(a)/sizeof(*(a)))
78} MBEDTLS_SESSION, *PMBEDTLS_SESSION;
82static int schan_pull_adapter(
void *
session,
unsigned char *
buff,
size_t buff_len)
85 size_t requested = buff_len;
88 TRACE(
"MBEDTLS schan_pull_adapter: (%p/%p, %p, %u)\n",
s,
s->transport,
buff, buff_len);
92 TRACE(
"MBEDTLS schan_pull_adapter: (%p/%p, %p, %u) status: %#x\n",
s,
s->transport,
buff, buff_len,
status);
99 TRACE(
"Connection closed\n");
103 else if (buff_len < requested)
105 TRACE(
"Pulled %u bytes before would block\n", buff_len);
106 return ROS_SCHAN_IS_BLOCKING_MARSHALL(buff_len);
110 TRACE(
"Pulled %u bytes\n", buff_len);
116 TRACE(
"Would block before being able to pull anything, passing buff_len=%u\n", buff_len);
117 return ROS_SCHAN_IS_BLOCKING_MARSHALL(buff_len);
121 ERR(
"Unknown status code from schan_pull: %d\n",
status);
131static int schan_push_adapter(
void *
session,
const unsigned char *
buff,
size_t buff_len)
136 TRACE(
"MBEDTLS schan_push_adapter: (%p/%p, %p, %u)\n",
s,
s->transport,
buff, buff_len);
140 TRACE(
"MBEDTLS schan_push_adapter: (%p/%p, %p, %u) status: %#x\n",
s,
s->transport,
buff, buff_len,
status);
144 TRACE(
"Pushed %u bytes\n", buff_len);
149 TRACE(
"Would block before being able to push anything. passing %u\n", buff_len);
150 return ROS_SCHAN_IS_BLOCKING_MARSHALL(buff_len);
154 ERR(
"Unknown status code from schan_push: %d\n",
status);
165 TRACE(
"MBEDTLS schan_imp_enabled_protocols()\n");
168#ifdef MBEDTLS_SSL_PROTO_SSL3
171#ifdef MBEDTLS_SSL_PROTO_TLS1
174#ifdef MBEDTLS_SSL_PROTO_TLS1_1
177#ifdef MBEDTLS_SSL_PROTO_TLS1_2
183static void schan_imp_debug(
void *
ctx,
int level,
const char *
file,
int line,
const char *
str)
196 ERR(
"Not enough memory to create session\n");
200 TRACE(
"MBEDTLS init entropy\n");
203 TRACE(
"MBEDTLS init random - change static entropy private data\n");
207 WARN(
"MBEDTLS init ssl\n");
210 WARN(
"MBEDTLS init conf\n");
215 TRACE(
"MBEDTLS set BIO callbacks\n");
222 TRACE(
"MBEDTLS set authmode\n");
225 TRACE(
"MBEDTLS set rng\n");
228 TRACE(
"MBEDTLS set dbg\n");
231 TRACE(
"MBEDTLS setup\n");
234 TRACE(
"MBEDTLS schan_imp_create_session END!\n");
240 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
241 WARN(
"MBEDTLS schan_imp_dispose_session: %p\n",
session);
258 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
260 TRACE(
"MBEDTLS schan_imp_set_session_transport: %p %p\n",
session,
t);
267 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
269 TRACE(
"MBEDTLS schan_imp_set_session_target: sess: %p hostname: %s\n",
session,
target);
280 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
286 if (ROS_SCHAN_IS_BLOCKING(
err))
288 TRACE(
"Received ERR_NET_WANT_READ/WRITE... let's try again!\n");
293 ERR(
"schan_imp_handshake: SSL Feature unavailable...\n");
298 ERR(
"schan_imp_handshake: Oops! mbedtls_ssl_handshake returned the following error code: -%#x...\n", -
err);
302 WARN(
"schan_imp_handshake: Handshake completed!\n");
308static unsigned int schannel_get_cipher_key_size(
int ciphersuite_id)
313 unsigned int key_bitlen = cipher_info->
key_bitlen;
315 TRACE(
"MBEDTLS schannel_get_cipher_key_size: Unknown cipher %#x, returning %u\n", ciphersuite_id, key_bitlen);
320static unsigned int schannel_get_mac_key_size(
int ciphersuite_id)
327 TRACE(
"MBEDTLS schannel_get_mac_key_size: returning %i\n", md_size);
342 TRACE(
"MBEDTLS schannel_get_kx_key_size: Unknown kx %#x, returning 0\n", ssl_ciphersuite->
key_exchange);
373 FIXME(
"MBEDTLS schannel_get_protocol: unknown protocol %d\n", ssl->
minor_ver);
379static ALG_ID schannel_get_cipher_algid(
int ciphersuite_id)
383 switch (cipher_suite->
cipher)
408#ifdef MBEDTLS_BLOWFISH_C
418#ifdef MBEDTLS_CAMELLIA_C
475 FIXME(
"MBEDTLS schannel_get_cipher_algid: unknown algorithm %d\n", ciphersuite_id);
481static ALG_ID schannel_get_mac_algid(
int ciphersuite_id)
485 switch (cipher_suite->
mac)
500 FIXME(
"MBEDTLS schannel_get_mac_algid: unknown algorithm %d\n", cipher_suite->
mac);
506static ALG_ID schannel_get_kx_algid(
int ciphersuite_id)
535 FIXME(
"MBEDTLS schannel_get_kx_algid: unknown algorithm %d\n", cipher_suite->
key_exchange);
543 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
547 TRACE(
"MBEDTLS schan_imp_get_session_cipher_block_size %p returning %u.\n",
session, cipher_block_size);
549 return cipher_block_size;
554 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
558 TRACE(
"MBEDTLS schan_imp_get_max_message_size %p returning %u.\n",
session, max_frag_len);
566 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
572 info->dwProtocol = schannel_get_protocol(&
s->ssl, &
s->conf);
573 info->aiCipher = schannel_get_cipher_algid(ciphersuite_id);
574 info->dwCipherStrength = schannel_get_cipher_key_size(ciphersuite_id);
575 info->aiHash = schannel_get_mac_algid(ciphersuite_id);
576 info->dwHashStrength = schannel_get_mac_key_size(ciphersuite_id);
577 info->aiExch = schannel_get_kx_algid(ciphersuite_id);
578 info->dwExchStrength = schannel_get_kx_key_size(&
s->ssl, &
s->conf, ciphersuite_id);
586 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
597 for (next_cert = peer_cert; next_cert !=
NULL; next_cert = next_cert->
next)
602 if (next_cert != peer_cert)
615 MBEDTLS_SESSION *
s = (MBEDTLS_SESSION *)
session;
624 TRACE(
"MBEDTLS schan_imp_send: ret=%i.\n",
ret);
628 else if (ROS_SCHAN_IS_BLOCKING(
ret))
630 *
length = ROS_SCHAN_IS_BLOCKING_RETRIEVE(
ret);
634 TRACE(
"MBEDTLS schan_imp_send: ret=MBEDTLS_ERR_NET_WANT_WRITE -> SEC_I_CONTINUE_NEEDED; len=%lu", *
length);
639 TRACE(
"MBEDTLS schan_imp_send: ret=MBEDTLS_ERR_NET_WANT_WRITE -> SEC_E_OK; len=%lu", *
length);
645 ERR(
"MBEDTLS schan_imp_send: mbedtls_ssl_write failed with -%x\n", -
ret);
655 PMBEDTLS_SESSION
s = (PMBEDTLS_SESSION)
session;
666 TRACE(
"MBEDTLS schan_imp_recv: ret == %i.\n",
ret);
670 else if (ROS_SCHAN_IS_BLOCKING(
ret))
672 *
length = ROS_SCHAN_IS_BLOCKING_RETRIEVE(
ret);
676 TRACE(
"MBEDTLS schan_imp_recv: ret=MBEDTLS_ERR_NET_WANT_WRITE -> SEC_I_CONTINUE_NEEDED; len=%lu", *
length);
681 TRACE(
"MBEDTLS schan_imp_recv: ret=MBEDTLS_ERR_NET_WANT_WRITE -> SEC_E_OK; len=%lu", *
length);
688 TRACE(
"MBEDTLS schan_imp_recv: ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -> SEC_E_OK\n");
693 ERR(
"MBEDTLS schan_imp_recv: mbedtls_ssl_read failed with -%x\n", -
ret);
702 TRACE(
"MBEDTLS schan_imp_allocate_certificate_credentials %p %p %d\n",
c,
c->credentials,
c->credential_use);
705 c->credentials =
NULL;
711 TRACE(
"MBEDTLS schan_imp_free_certificate_credentials %p %p %d\n",
c,
c->credentials,
c->credential_use);
716 TRACE(
"Schannel MBEDTLS schan_imp_init\n");
722 WARN(
"Schannel MBEDTLS schan_imp_deinit\n");
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
@ MBEDTLS_CIPHER_AES_128_ECB
@ MBEDTLS_CIPHER_CAMELLIA_128_GCM
@ MBEDTLS_CIPHER_DES_EDE3_CBC
@ MBEDTLS_CIPHER_AES_128_CBC
@ MBEDTLS_CIPHER_AES_192_GCM
@ MBEDTLS_CIPHER_BLOWFISH_CTR
@ MBEDTLS_CIPHER_CAMELLIA_256_GCM
@ MBEDTLS_CIPHER_DES_EDE_ECB
@ MBEDTLS_CIPHER_BLOWFISH_CFB64
@ MBEDTLS_CIPHER_CAMELLIA_192_CBC
@ MBEDTLS_CIPHER_CAMELLIA_192_GCM
@ MBEDTLS_CIPHER_AES_256_ECB
@ MBEDTLS_CIPHER_AES_256_CTR
@ MBEDTLS_CIPHER_AES_192_CCM
@ MBEDTLS_CIPHER_AES_128_CFB128
@ MBEDTLS_CIPHER_CAMELLIA_192_CFB128
@ MBEDTLS_CIPHER_AES_128_CTR
@ MBEDTLS_CIPHER_AES_192_CFB128
@ MBEDTLS_CIPHER_AES_256_GCM
@ MBEDTLS_CIPHER_CAMELLIA_128_CFB128
@ MBEDTLS_CIPHER_CAMELLIA_128_CBC
@ MBEDTLS_CIPHER_AES_256_CCM
@ MBEDTLS_CIPHER_CAMELLIA_256_CFB128
@ MBEDTLS_CIPHER_BLOWFISH_CBC
@ MBEDTLS_CIPHER_CAMELLIA_256_ECB
@ MBEDTLS_CIPHER_AES_128_GCM
@ MBEDTLS_CIPHER_CAMELLIA_192_ECB
@ MBEDTLS_CIPHER_AES_256_CFB128
@ MBEDTLS_CIPHER_CAMELLIA_128_ECB
@ MBEDTLS_CIPHER_AES_192_CBC
@ MBEDTLS_CIPHER_AES_192_CTR
@ MBEDTLS_CIPHER_AES_128_CCM
@ MBEDTLS_CIPHER_DES_EDE_CBC
@ MBEDTLS_CIPHER_CAMELLIA_128_CTR
@ MBEDTLS_CIPHER_BLOWFISH_ECB
@ MBEDTLS_CIPHER_AES_256_CBC
@ MBEDTLS_CIPHER_ARC4_128
@ MBEDTLS_CIPHER_CAMELLIA_192_CTR
@ MBEDTLS_CIPHER_AES_192_ECB
@ MBEDTLS_CIPHER_DES_EDE3_ECB
@ MBEDTLS_CIPHER_CAMELLIA_256_CTR
@ MBEDTLS_CIPHER_CAMELLIA_256_CBC
static unsigned int mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
This function returns the block size of the given cipher.
This file contains definitions and functions for the CTR_DRBG pseudorandom generator.
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
#define HeapFree(x, y, z)
Entropy accumulator implementation.
static unsigned char buff[32768]
GLuint GLsizei GLsizei * length
struct mbedtls_x509_crt * next
Network sockets abstraction layer to integrate Mbed TLS into a BSD-style sockets API.
#define MBEDTLS_ERR_NET_RECV_FAILED
#define MBEDTLS_ERR_NET_CONNECT_FAILED
#define MBEDTLS_ERR_NET_SEND_FAILED
static size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
Get the length in bytes of the underlying key.
#define SECPKG_CRED_INBOUND
#define SP_PROT_TLS1_0_SERVER
#define SP_PROT_TLS1_1_SERVER
#define SP_PROT_TLS1_2_SERVER
#define SP_PROT_SSL3_SERVER
#define SP_PROT_TLS1_1_CLIENT
#define SP_PROT_TLS1_0_CLIENT
#define SP_PROT_TLS1_2_CLIENT
#define SP_PROT_SSL3_CLIENT
#define mbedtls_ssl_get_max_frag_len
#define mbedtls_md_info_from_type
#define mbedtls_ssl_set_hostname
#define mbedtls_ctr_drbg_seed
#define mbedtls_ctr_drbg_random
#define mbedtls_entropy_free
#define mbedtls_ctr_drbg_init
#define mbedtls_entropy_init
#define mbedtls_ssl_conf_authmode
#define mbedtls_entropy_func
#define mbedtls_ssl_write
#define mbedtls_ssl_conf_endpoint
#define mbedtls_cipher_info_from_type
#define mbedtls_ssl_config_defaults
#define mbedtls_ssl_get_ciphersuite_id
#define mbedtls_ssl_setup
#define mbedtls_ssl_set_bio
#define mbedtls_ssl_conf_rng
#define mbedtls_ssl_config_free
#define mbedtls_ssl_handshake
#define mbedtls_ssl_get_version
#define mbedtls_ssl_get_peer_cert
#define mbedtls_ctr_drbg_free
#define mbedtls_ssl_ciphersuite_from_id
#define mbedtls_ssl_conf_dbg
#define mbedtls_ssl_config_init
#define mbedtls_ssl_get_ciphersuite
SECURITY_STATUS schan_imp_handshake(schan_imp_session session) DECLSPEC_HIDDEN
int schan_pull(struct schan_transport *t, void *buff, size_t *buff_len) DECLSPEC_HIDDEN
struct schan_imp_session_opaque * schan_imp_session
SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer, SIZE_T *length) DECLSPEC_HIDDEN
void schan_imp_set_session_transport(schan_imp_session session, struct schan_transport *t) DECLSPEC_HIDDEN
SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session, HCERTSTORE, PCCERT_CONTEXT *cert) DECLSPEC_HIDDEN
SECURITY_STATUS schan_imp_send(schan_imp_session session, const void *buffer, SIZE_T *length) DECLSPEC_HIDDEN
DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN
BOOL schan_imp_allocate_certificate_credentials(schan_credentials *) DECLSPEC_HIDDEN
unsigned int schan_imp_get_max_message_size(schan_imp_session session) DECLSPEC_HIDDEN
void schan_imp_free_certificate_credentials(schan_credentials *) DECLSPEC_HIDDEN
int schan_push(struct schan_transport *t, const void *buff, size_t *buff_len) DECLSPEC_HIDDEN
void schan_imp_set_session_target(schan_imp_session session, const char *target) DECLSPEC_HIDDEN
void schan_imp_dispose_session(schan_imp_session session) DECLSPEC_HIDDEN
SECURITY_STATUS schan_imp_get_connection_info(schan_imp_session session, SecPkgContext_ConnectionInfo *info) DECLSPEC_HIDDEN
unsigned int schan_imp_get_session_cipher_block_size(schan_imp_session session) DECLSPEC_HIDDEN
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred) DECLSPEC_HIDDEN
#define MBEDTLS_SSL_VERIFY_NONE
#define MBEDTLS_SSL_IS_CLIENT
#define MBEDTLS_SSL_MINOR_VERSION_0
#define MBEDTLS_SSL_MINOR_VERSION_1
#define MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_IS_SERVER
#define MBEDTLS_SSL_MINOR_VERSION_2
#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
#define MBEDTLS_SSL_TRANSPORT_STREAM
#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
#define MBEDTLS_SSL_PRESET_DEFAULT
@ MBEDTLS_KEY_EXCHANGE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
@ MBEDTLS_KEY_EXCHANGE_DHE_PSK
@ MBEDTLS_KEY_EXCHANGE_DHE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
@ MBEDTLS_KEY_EXCHANGE_RSA
@ MBEDTLS_KEY_EXCHANGE_RSA_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
@ MBEDTLS_KEY_EXCHANGE_NONE
Internal functions shared by the SSL modules.
The CTR_DRBG context structure.
Entropy context structure.
This structure is used for storing ciphersuite information.
mbedtls_key_exchange_type_t key_exchange
mbedtls_cipher_type_t cipher
mbedtls_x509_crt * ca_chain
DWORD WINAPI GetLastError(void)
#define CERT_STORE_ADD_REPLACE_EXISTING
#define ALG_SID_RIPEMD160
#define X509_ASN_ENCODING
#define SEC_E_INTERNAL_ERROR
#define SEC_E_UNSUPPORTED_FUNCTION
#define SEC_I_CONTINUE_NEEDED