ReactOS 0.4.16-dev-602-ge302bac
|
SSL/TLS functions. More...
#include "config.h"
#include "bignum.h"
#include "ecp.h"
#include "ssl_ciphersuites.h"
#include "x509_crt.h"
#include "x509_crl.h"
#include "dhm.h"
#include "ecdh.h"
Go to the source code of this file.
Classes | |
union | mbedtls_ssl_premaster_secret |
struct | mbedtls_ssl_session |
struct | mbedtls_ssl_config |
struct | mbedtls_ssl_context |
SSL/TLS functions.
Definition in file ssl.h.
#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 |
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 |
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 |
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 |
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 |
#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 |
#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 |
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 |
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 |
#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 |
#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 |
#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 |
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 |
#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 |
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 |
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 |
#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 |
#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 |
#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 |
#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 |
#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 |
#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 |
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 |
#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
#define MBEDTLS_ERR_SSL_NO_RNG -0x7400 |
#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 |
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 |
#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 |
#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 |
#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 |
#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 |
#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 |
#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 |
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 |
#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 |
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) |
#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ |
#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ |
#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ |
#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ |
#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ |
#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ |
#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ |
#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ |
#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 |
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 |
Maximum number of heap-allocated bytes for the purpose of DTLS handshake message reassembly and future message buffering.
This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN to account for a reassembled handshake message of maximum size, together with its reassembly bitmap.
A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) should be sufficient for all practical situations as it allows to reassembly a large handshake message (such as a certificate) while buffering multiple smaller handshake messages.
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF |
#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 |
#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
Maximum length (in bytes) of incoming plaintext fragments.
This determines the size of the incoming TLS I/O buffer in such a way that it is capable of holding the specified amount of plaintext data, regardless of the protection mechanism used.
If this option is undefined, it inherits its value from MBEDTLS_SSL_MAX_CONTENT_LEN.
Uncomment to set the maximum plaintext size of the incoming I/O buffer independently of the outgoing I/O buffer.
#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 |
#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 |
#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 |
This macro is invoked by the library when an invalid parameter is detected that is only checked with #MBEDTLS_CHECK_PARAMS (see the documentation of that option for context).
When you leave this undefined here, the library provides a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT is defined, the default definition is assert(cond)
, otherwise the default definition calls a function mbedtls_param_failed(). This function is declared in platform_util.h
for the benefit of the library, but you need to define in your application.
When you define this here, this replaces the default definition in platform_util.h (which no longer declares the function mbedtls_param_failed()) and it is your responsibility to make sure this macro expands to something suitable (in particular, that all the necessary declarations are visible from within the library - you can ensure that by providing them in this file next to the macro definition). If you define this macro to call assert
, also define #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files include <assert.h>
.
Note that you may define this macro to expand to nothing, in which case you don't have to worry about declarations or definitions. However, you will then be notified about invalid parameters only in non-void functions, and void function will just silently return early on invalid parameters, which partially negates the benefits of enabling #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
cond | The expression that should evaluate to true, but doesn't. |
Maximum length (in bytes) of incoming and outgoing plaintext fragments.
This determines the size of both the incoming and outgoing TLS I/O buffers in such a way that both are capable of holding the specified amount of plaintext data, regardless of the protection mechanism used.
To configure incoming and outgoing I/O buffers separately, use MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN, which overwrite the value set by this option.
Uncomment to set the maximum plaintext size of both incoming and outgoing I/O buffers.
Size of the input / output buffer
#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 |
#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 |
#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 |
#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 |
#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 |
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 |
#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
Maximum length (in bytes) of outgoing plaintext fragments.
This determines the size of the outgoing TLS I/O buffer in such a way that it is capable of holding the specified amount of plaintext data, regardless of the protection mechanism used.
If this option undefined, it inherits its value from MBEDTLS_SSL_MAX_CONTENT_LEN.
It is possible to save RAM by setting a smaller outward buffer, while keeping the default inward 16384 byte buffer to conform to the TLS specification.
The minimum required outward buffer size is determined by the handshake protocol's usage. Handshaking will fail if the outward buffer is too small. The specific size requirement depends on the configured ciphers and any certificate data which is sent during the handshake.
Uncomment to set the maximum plaintext size of the outgoing I/O buffer independently of the incoming I/O buffer.
#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ |
typedef int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen) |
typedef int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen) |
Callback type: generate a cookie.
ctx | Context for the callback |
p | Buffer to write to, must be updated to point right after the cookie |
end | Pointer to one past the end of the output buffer |
info | Client ID info that was passed to mbedtls_ssl_set_client_transport_id() |
ilen | Length of info in bytes |
Callback type: receive data from the network.
ctx | Context for the receive callback (typically a file descriptor) |
buf | Buffer to write the received data to |
len | Length of the receive buffer |
MBEDTLS_ERR_SSL_WANT_READ
must be returned when the operation would block.Callback type: receive data from the network, with timeout.
ctx | Context for the receive callback (typically a file descriptor) |
buf | Buffer to write the received data to |
len | Length of the receive buffer |
timeout | Maximum nomber of millisecondes to wait for data 0 means no timeout (potentially waiting forever) |
MBEDTLS_ERR_SSL_TIMEOUT
if the operation timed out, MBEDTLS_ERR_SSL_WANT_READ
if interrupted by a signal.Callback type: send data on the network.
ctx | Context for the send callback (typically a file descriptor) |
buf | Buffer holding the data to send |
len | Length of the data to send |
MBEDTLS_ERR_SSL_WANT_WRITE
must be returned when the operation would block.Callback type: set a pair of timers/delays to watch.
ctx | Context pointer |
int_ms | Intermediate delay in milliseconds |
fin_ms | Final delay in milliseconds 0 cancels the current timer. |
mbedtls_ssl_get_timer_t
callback to return correct information.mbedtls_ssl_handshake()
with the proper SSL context to be scheduled. Care must be taken to ensure that at most one such call happens at a time.typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len) |
Callback type: parse and load session ticket.
p_ticket | Context for the callback |
session | SSL session to be loaded |
buf | Start of the buffer containing the ticket |
len | Length of the ticket. |
typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime) |
Callback type: generate and write session ticket.
p_ticket | Context for the callback |
session | SSL session to be written in the ticket |
start | Start of the output buffer |
end | End of the output buffer |
tlen | On exit, holds the length written |
lifetime | On exit, holds the lifetime of the ticket in seconds |
int mbedtls_ssl_check_pending | ( | const mbedtls_ssl_context * | ssl | ) |
Check if there is data already read from the underlying transport but not yet processed.
ssl | SSL context |
mbedtls_ssl_get_bytes_avail
in that it considers any kind of unprocessed data, not only unread application data. If mbedtls_ssl_get_bytes
returns a non-zero value, this function will also signal pending data, but the converse does not hold. For example, in DTLS there might be further records waiting to be processed from the current underlying transport's datagram.mbedtls_ssl_read
will provide any data; e.g., the unprocessed data might turn out to be an alert or a handshake message.int mbedtls_ssl_close_notify | ( | mbedtls_ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
ssl | SSL context |
mbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed. int mbedtls_ssl_conf_alpn_protocols | ( | mbedtls_ssl_config * | conf, |
const char ** | protos | ||
) |
Set the supported Application Layer Protocols.
conf | SSL configuration |
protos | Pointer to a NULL-terminated list of supported protocols, in decreasing preference order. The pointer to the list is recorded by the library for later reference as required, so the lifetime of the table must be atleast as long as the lifetime of the SSL configuration structure. |
void mbedtls_ssl_conf_arc4_support | ( | mbedtls_ssl_config * | conf, |
char | arc4 | ||
) |
Disable or enable support for RC4 (Default: MBEDTLS_SSL_ARC4_DISABLED)
conf | SSL configuration |
arc4 | MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED |
void mbedtls_ssl_conf_authmode | ( | mbedtls_ssl_config * | conf, |
int | authmode | ||
) |
Set the certificate verification mode Default: NONE on server, REQUIRED on client.
conf | SSL configuration |
authmode | can be: |
MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked (default on server) (insecure on client)
MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; mbedtls_ssl_get_verify_result() can be called after the handshake is complete.
MBEDTLS_SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed. (default on client)
void mbedtls_ssl_conf_ca_chain | ( | mbedtls_ssl_config * | conf, |
mbedtls_x509_crt * | ca_chain, | ||
mbedtls_x509_crl * | ca_crl | ||
) |
Set the data required to verify peer certificate.
mbedtls_x509_crt_verify()
for notes regarding the parameters ca_chain (maps to trust_ca for that function) and ca_crl.conf | SSL configuration |
ca_chain | trusted CA chain (meaning all fully trusted top-level CAs) |
ca_crl | trusted CA CRLs |
void mbedtls_ssl_conf_cbc_record_splitting | ( | mbedtls_ssl_config * | conf, |
char | split | ||
) |
Enable / Disable 1/n-1 record splitting (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
conf | SSL configuration |
split | MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED |
void mbedtls_ssl_conf_cert_profile | ( | mbedtls_ssl_config * | conf, |
const mbedtls_x509_crt_profile * | profile | ||
) |
Set the X.509 security profile used for verification.
conf | SSL configuration |
profile | Profile to use |
void mbedtls_ssl_conf_ciphersuites | ( | mbedtls_ssl_config * | conf, |
const int * | ciphersuites | ||
) |
Set the list of allowed ciphersuites and the preference order. First in the list has the highest preference. (Overrides all version-specific lists)
The ciphersuites array is not copied, and must remain valid for the lifetime of the ssl_config.
Note: The server uses its own preferences over the preference of the client unless MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
conf | SSL configuration |
ciphersuites | 0-terminated list of allowed ciphersuites |
void mbedtls_ssl_conf_ciphersuites_for_version | ( | mbedtls_ssl_config * | conf, |
const int * | ciphersuites, | ||
int | major, | ||
int | minor | ||
) |
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol. (Only useful on the server side)
The ciphersuites array is not copied, and must remain valid for the lifetime of the ssl_config.
conf | SSL configuration |
ciphersuites | 0-terminated list of allowed ciphersuites |
major | Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
minor | Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported) |
void mbedtls_ssl_conf_curves | ( | mbedtls_ssl_config * | conf, |
const mbedtls_ecp_group_id * | curves | ||
) |
Set the allowed curves in order of preference. (Default: all defined curves in order of decreasing size.)
On server: this only affects selection of the ECDHE curve; the curves used for ECDH and ECDSA are determined by the list of available certificates instead.
On client: this affects the list of curves offered for any use. The server can override our preference order.
Both sides: limits the set of curves accepted for use in ECDHE and in the peer's end-entity certificate.
mbedtls_ssl_conf_cert_profile()
for that. For the end-entity certificate however, the key will be accepted only if it is allowed both by this list and by the cert profile.conf | SSL configuration |
curves | Ordered list of allowed curves, terminated by MBEDTLS_ECP_DP_NONE. |
void mbedtls_ssl_conf_dbg | ( | mbedtls_ssl_config * | conf, |
void(*)(void *, int, const char *, int, const char *) | f_dbg, | ||
void * | p_dbg | ||
) |
Set the debug callback.
The callback has the following argument: void * opaque context for the callback int debug level const char * file name int line number const char * message
conf | SSL configuration |
f_dbg | debug function |
p_dbg | debug parameter |
void mbedtls_ssl_conf_dhm_min_bitlen | ( | mbedtls_ssl_config * | conf, |
unsigned int | bitlen | ||
) |
Set the minimum length for Diffie-Hellman parameters. (Client-side only.) (Default: 1024 bits.)
conf | SSL configuration |
bitlen | Minimum bit length of the DHM prime |
void mbedtls_ssl_conf_encrypt_then_mac | ( | mbedtls_ssl_config * | conf, |
char | etm | ||
) |
Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED)
conf | SSL configuration |
etm | MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED |
void mbedtls_ssl_conf_endpoint | ( | mbedtls_ssl_config * | conf, |
int | endpoint | ||
) |
Set the current endpoint type.
conf | SSL configuration |
endpoint | must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER |
void mbedtls_ssl_conf_extended_master_secret | ( | mbedtls_ssl_config * | conf, |
char | ems | ||
) |
Enable or disable Extended Master Secret negotiation. (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
conf | SSL configuration |
ems | MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED |
void mbedtls_ssl_conf_legacy_renegotiation | ( | mbedtls_ssl_config * | conf, |
int | allow_legacy | ||
) |
Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to be established even if the peer does not support secure renegotiation, but does not allow renegotiation to take place if not secure. (Interoperable and secure option)
MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations with non-upgraded peers. Allowing legacy renegotiation makes the connection vulnerable to specific man in the middle attacks. (See RFC 5746) (Most interoperable and least secure option)
MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections if peer does not support secure renegotiation. Results in interoperability issues with non-upgraded peers that do not support renegotiation altogether. (Most secure option, interoperability issues)
conf | SSL configuration |
allow_legacy | Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) |
int mbedtls_ssl_conf_max_frag_len | ( | mbedtls_ssl_config * | conf, |
unsigned char | mfl_code | ||
) |
Set the maximum fragment length to emit and/or negotiate. (Typical: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14
bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake) (Client: set maximum fragment length to emit and negotiate with the server during handshake) (Default: MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
mbedtls_ssl_get_record_expansion()
.mbedtls_ssl_read()
), not handshake messages. With DTLS, this affects both ApplicationData and handshake.mbedtls_ssl_set_mtu()
.conf | SSL configuration |
mfl_code | Code for maximum fragment length (allowed values: MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) |
void mbedtls_ssl_conf_max_version | ( | mbedtls_ssl_config * | conf, |
int | major, | ||
int | minor | ||
) |
Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
conf | SSL configuration |
major | Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
minor | Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported) |
void mbedtls_ssl_conf_min_version | ( | mbedtls_ssl_config * | conf, |
int | major, | ||
int | minor | ||
) |
Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0)
conf | SSL configuration |
major | Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
minor | Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported) |
int mbedtls_ssl_conf_own_cert | ( | mbedtls_ssl_config * | conf, |
mbedtls_x509_crt * | own_cert, | ||
mbedtls_pk_context * | pk_key | ||
) |
Set own certificate chain and private key.
pk_key
needs to match the public key in the first certificate in own_cert
, or all handshakes using that certificate will fail. It is your responsibility to ensure that; this function will not perform any check. You may use mbedtls_pk_check_pair() in order to perform this check yourself, but be aware that this function can be computationally expensive on some key types.conf | SSL configuration |
own_cert | own public certificate chain |
pk_key | own private key |
void mbedtls_ssl_conf_read_timeout | ( | mbedtls_ssl_config * | conf, |
uint32_t | timeout | ||
) |
Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)
conf | SSL configuration context |
timeout | Timeout value in milliseconds. Use 0 for no timeout (default). |
f_recv_timeout
was set with mbedtls_ssl_set_bio()
. With non-blocking I/O, this will only work if timer callbacks were set with mbedtls_ssl_set_timer_cb()
.void mbedtls_ssl_conf_renegotiation | ( | mbedtls_ssl_config * | conf, |
int | renegotiation | ||
) |
Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
conf | SSL configuration |
renegotiation | Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or MBEDTLS_SSL_RENEGOTIATION_DISABLED) |
void mbedtls_ssl_conf_renegotiation_enforced | ( | mbedtls_ssl_config * | conf, |
int | max_records | ||
) |
Enforce renegotiation requests. (Default: enforced, max_records = 16)
When we request a renegotiation, the peer can comply or ignore the request. This function allows us to decide whether to enforce our renegotiation requests by closing the connection if the peer doesn't comply.
However, records could already be in transit from the peer when the request is emitted. In order to increase reliability, we can accept a number of records before the expected handshake records.
The optimal value is highly dependent on the specific usage scenario.
conf | SSL configuration |
max_records | Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to enforce renegotiation, or a non-negative value to enforce it but allow for a grace period of max_records records. |
void mbedtls_ssl_conf_renegotiation_period | ( | mbedtls_ssl_config * | conf, |
const unsigned char | period[8] | ||
) |
Set record counter threshold for periodic renegotiation. (Default: 2^48 - 1)
Renegotiation is automatically triggered when a record counter (outgoing or ingoing) crosses the defined threshold. The default value is meant to prevent the connection from being closed when the counter is about to reached its maximal value (it is not allowed to wrap).
Lower values can be used to enforce policies such as "keys must be refreshed every N packets with cipher X".
The renegotiation period can be disabled by setting conf->disable_renegotiation to MBEDTLS_SSL_RENEGOTIATION_DISABLED.
conf | SSL configuration |
period | The threshold value: a big-endian 64-bit number. |
void mbedtls_ssl_conf_rng | ( | mbedtls_ssl_config * | conf, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Set the random number generator callback.
conf | SSL configuration |
f_rng | RNG function |
p_rng | RNG parameter |
void mbedtls_ssl_conf_session_tickets | ( | mbedtls_ssl_config * | conf, |
int | use_tickets | ||
) |
Enable / Disable session tickets (client only). (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
mbedtls_ssl_conf_session_tickets_cb()
.conf | SSL configuration |
use_tickets | Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or MBEDTLS_SSL_SESSION_TICKETS_DISABLED) |
void mbedtls_ssl_conf_sig_hashes | ( | mbedtls_ssl_config * | conf, |
const int * | hashes | ||
) |
Set the allowed hashes for signatures during the handshake. (Default: all SHA-2 hashes, largest first. Also SHA-1 if the compile-time option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
is enabled.)
mbedtls_ssl_conf_ciphersuites()
. Hashes used for certificate signature are controlled by the verification profile, see mbedtls_ssl_conf_cert_profile()
.conf | SSL configuration |
hashes | Ordered list of allowed signature hashes, terminated by MBEDTLS_MD_NONE . |
void mbedtls_ssl_conf_sni | ( | mbedtls_ssl_config * | conf, |
int(*)(void *, mbedtls_ssl_context *, const unsigned char *, size_t) | f_sni, | ||
void * | p_sni | ||
) |
Set server side ServerName TLS extension callback (optional, server-side only).
If set, the ServerName callback is called whenever the server receives a ServerName TLS extension from the client during a handshake. The ServerName callback has the following parameters: (void *parameter, mbedtls_ssl_context *ssl, const unsigned char *hostname, size_t len). If a suitable certificate is found, the callback must set the certificate(s) and key(s) to use with mbedtls_ssl_set_hs_own_cert()
(can be called repeatedly), and may optionally adjust the CA and associated CRL with mbedtls_ssl_set_hs_ca_chain()
as well as the client authentication mode with mbedtls_ssl_set_hs_authmode()
, then must return 0. If no matching name is found, the callback must either set a default cert, or return non-zero to abort the handshake at this point.
conf | SSL configuration |
f_sni | verification function |
p_sni | verification parameter |
void mbedtls_ssl_conf_transport | ( | mbedtls_ssl_config * | conf, |
int | transport | ||
) |
Set the transport type (TLS or DTLS). Default: TLS.
mbedtls_ssl_set_bio()
. You also need to provide timer callbacks with mbedtls_ssl_set_timer_cb()
.conf | SSL configuration |
transport | transport type: MBEDTLS_SSL_TRANSPORT_STREAM for TLS, MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. |
void mbedtls_ssl_conf_truncated_hmac | ( | mbedtls_ssl_config * | conf, |
int | truncate | ||
) |
Activate negotiation of truncated HMAC (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
conf | SSL configuration |
truncate | Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or MBEDTLS_SSL_TRUNC_HMAC_DISABLED) |
void mbedtls_ssl_conf_verify | ( | mbedtls_ssl_config * | conf, |
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *) | f_vrfy, | ||
void * | p_vrfy | ||
) |
Set the verification callback (Optional).
If set, the verify callback is called for each certificate in the chain. For implementation information, please see \c mbedtls_x509_crt_verify()
conf | SSL configuration |
f_vrfy | verification function |
p_vrfy | verification parameter |
int mbedtls_ssl_config_defaults | ( | mbedtls_ssl_config * | conf, |
int | endpoint, | ||
int | transport, | ||
int | preset | ||
) |
Load reasonnable default SSL configuration values. (You need to call mbedtls_ssl_config_init() first.)
conf | SSL configuration context |
endpoint | MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER |
transport | MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS |
preset | a MBEDTLS_SSL_PRESET_XXX value |
mbedtls_ssl_conf_transport()
for notes on DTLS.void mbedtls_ssl_config_free | ( | mbedtls_ssl_config * | conf | ) |
Free an SSL configuration context.
conf | SSL configuration context |
void mbedtls_ssl_config_init | ( | mbedtls_ssl_config * | conf | ) |
Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
conf | SSL configuration context |
void mbedtls_ssl_free | ( | mbedtls_ssl_context * | ssl | ) |
Free referenced items in an SSL context and clear memory.
ssl | SSL context |
const char * mbedtls_ssl_get_alpn_protocol | ( | const mbedtls_ssl_context * | ssl | ) |
size_t mbedtls_ssl_get_bytes_avail | ( | const mbedtls_ssl_context * | ssl | ) |
Return the number of application data bytes remaining to be read from the current record.
ssl | SSL context |
mbedtls_ssl_read
has written the maximal amount of data fitting into the input buffer. const char * mbedtls_ssl_get_ciphersuite | ( | const mbedtls_ssl_context * | ssl | ) |
Return the name of the current ciphersuite.
ssl | SSL context |
Return the ID of the ciphersuite associated with the given name.
ciphersuite_name | SSL ciphersuite name |
Return the name of the ciphersuite associated with the given ID.
ciphersuite_id | SSL ciphersuite ID |
size_t mbedtls_ssl_get_max_frag_len | ( | const mbedtls_ssl_context * | ssl | ) |
Return the maximum fragment length (payload, in bytes). This is the value negotiated with peer if any, or the locally configured value.
ssl | SSL context |
int mbedtls_ssl_get_max_out_record_payload | ( | const mbedtls_ssl_context * | ssl | ) |
Return the current maximum outgoing record payload in bytes. This takes into account the config.h setting MBEDTLS_SSL_OUT_CONTENT_LEN
, the configured and negotiated max fragment length extension if used, and for DTLS the path MTU as configured and current record expansion.
mbedtls_ssl_write()
will return an error if called with a larger length value. With TLS, mbedtls_ssl_write()
will fragment the input if necessary and return the number of bytes written; it is up to the caller to call mbedtls_ssl_write()
again in order to send the remaining bytes if any.ssl | SSL context |
const mbedtls_x509_crt * mbedtls_ssl_get_peer_cert | ( | const mbedtls_ssl_context * | ssl | ) |
Return the peer certificate from the current connection.
Note: Can be NULL in case no certificate was sent during the handshake. Different calls for the same connection can return the same or different pointers for the same certificate and even a different certificate altogether. The peer cert CAN change in a single connection if renegotiation is performed.
ssl | SSL context |
int mbedtls_ssl_get_record_expansion | ( | const mbedtls_ssl_context * | ssl | ) |
Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. padding)
ssl | SSL context |
int mbedtls_ssl_get_session | ( | const mbedtls_ssl_context * | ssl, |
mbedtls_ssl_session * | session | ||
) |
Save session in order to resume it later (client-side only) Session data is copied to presented session structure.
ssl | SSL context |
session | session context |
mbedtls_x509_crt_verify()
on it. Instead, you should use the results from the verification in the original handshake by calling mbedtls_ssl_get_verify_result()
after loading the session again into a new SSL context using mbedtls_ssl_set_session()
.mbedtls_ssl_session_free()
.uint32_t mbedtls_ssl_get_verify_result | ( | const mbedtls_ssl_context * | ssl | ) |
Return the result of the certificate verification.
ssl | The SSL context to use. |
0
if the certificate verification was successful. -1u
if the result is not available. This may happen e.g. if the handshake aborts early, or a verification callback returned a fatal error. MBEDTLS_X509_BADCERT_XXX
and MBEDTLS_X509_BADCRL_XXX
failure flags; see x509.h. const char * mbedtls_ssl_get_version | ( | const mbedtls_ssl_context * | ssl | ) |
Return the current SSL version (SSLv3/TLSv1/etc)
ssl | SSL context |
int mbedtls_ssl_handshake | ( | mbedtls_ssl_context * | ssl | ) |
Perform the SSL handshake.
ssl | SSL context |
0
if successful. 0
, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed.int mbedtls_ssl_handshake_step | ( | mbedtls_ssl_context * | ssl | ) |
Perform a single step of the SSL handshake.
0
. Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.ssl | SSL context |
0
, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed. void mbedtls_ssl_init | ( | mbedtls_ssl_context * | ssl | ) |
Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free()
ssl | SSL context |
int mbedtls_ssl_read | ( | mbedtls_ssl_context * | ssl, |
unsigned char * | buf, | ||
size_t | len | ||
) |
Read at most 'len' application data bytes.
ssl | SSL context |
buf | buffer that will hold the data |
len | maximum number of bytes to read |
0
if the read end of the underlying transport was closedmbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed.mbedtls_ssl_handshake()
with the same context (as it has been reset internally). Either way, you must make sure this is seen by the application as a new connection: application state, if any, should be reset, and most importantly the identity of the client must be checked again. WARNING: not validating the identity of the client again, or not transmitting the new identity to the application layer, would allow authentication bypass!mbedtls_ssl_check_pending
to check for remaining records. int mbedtls_ssl_renegotiate | ( | mbedtls_ssl_context * | ssl | ) |
Initiate an SSL renegotiation on the running connection. Client: perform the renegotiation right now. Server: request renegotiation, which will be performed during the next call to mbedtls_ssl_read() if honored by client.
ssl | SSL context |
0
, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed. int mbedtls_ssl_send_alert_message | ( | mbedtls_ssl_context * | ssl, |
unsigned char | level, | ||
unsigned char | message | ||
) |
Send an alert message.
ssl | SSL context |
level | The alert level of the message (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) |
message | The alert message (SSL_ALERT_MSG_*) |
mbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed. void mbedtls_ssl_session_free | ( | mbedtls_ssl_session * | session | ) |
Free referenced items in an SSL session including the peer certificate and clear memory.
session | SSL session |
void mbedtls_ssl_session_init | ( | mbedtls_ssl_session * | session | ) |
Initialize SSL session structure.
session | SSL session |
int mbedtls_ssl_session_reset | ( | mbedtls_ssl_context * | ssl | ) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
ssl | SSL context |
void mbedtls_ssl_set_bio | ( | mbedtls_ssl_context * | ssl, |
void * | p_bio, | ||
mbedtls_ssl_send_t * | f_send, | ||
mbedtls_ssl_recv_t * | f_recv, | ||
mbedtls_ssl_recv_timeout_t * | f_recv_timeout | ||
) |
Set the underlying BIO callbacks for write, read and read-with-timeout.
ssl | SSL context |
p_bio | parameter (context) shared by BIO callbacks |
f_send | write callback |
f_recv | read callback |
f_recv_timeout | blocking read callback with timeout. |
mbedtls_ssl_send_t
, mbedtls_ssl_recv_t
and mbedtls_ssl_recv_timeout_t
for the conventions those callbacks must follow.mbedtls_net_send()
, mbedtls_net_recv()
and mbedtls_net_recv_timeout()
that are suitable to be used here. int mbedtls_ssl_set_hostname | ( | mbedtls_ssl_context * | ssl, |
const char * | hostname | ||
) |
Set or reset the hostname to check against the received server certificate. It sets the ServerName TLS extension, too, if that extension is enabled. (client-side only)
ssl | SSL context |
hostname | the server hostname, may be NULL to clear hostname |
Hostname set to the one provided on success (cleared when NULL). On allocation failure hostname is cleared. On too long input failure, old hostname is unchanged.
void mbedtls_ssl_set_hs_authmode | ( | mbedtls_ssl_context * | ssl, |
int | authmode | ||
) |
Set authmode for the current handshake.
mbedtls_ssl_conf_authmode()
but for use within the SNI callback.ssl | SSL context |
authmode | MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_REQUIRED |
void mbedtls_ssl_set_hs_ca_chain | ( | mbedtls_ssl_context * | ssl, |
mbedtls_x509_crt * | ca_chain, | ||
mbedtls_x509_crl * | ca_crl | ||
) |
Set the data required to verify peer certificate for the current handshake.
mbedtls_ssl_conf_ca_chain()
but for use within the SNI callback.ssl | SSL context |
ca_chain | trusted CA chain (meaning all fully trusted top-level CAs) |
ca_crl | trusted CA CRLs |
int mbedtls_ssl_set_hs_own_cert | ( | mbedtls_ssl_context * | ssl, |
mbedtls_x509_crt * | own_cert, | ||
mbedtls_pk_context * | pk_key | ||
) |
Set own certificate and key for the current handshake.
mbedtls_ssl_conf_own_cert()
but for use within the SNI callback.ssl | SSL context |
own_cert | own public certificate chain |
pk_key | own private key |
int mbedtls_ssl_set_session | ( | mbedtls_ssl_context * | ssl, |
const mbedtls_ssl_session * | session | ||
) |
Request resumption of session (client-side only) Session data is copied from presented session structure.
ssl | SSL context |
session | session context |
void mbedtls_ssl_set_timer_cb | ( | mbedtls_ssl_context * | ssl, |
void * | p_timer, | ||
mbedtls_ssl_set_timer_t * | f_set_timer, | ||
mbedtls_ssl_get_timer_t * | f_get_timer | ||
) |
Set the timer callbacks (Mandatory for DTLS.)
ssl | SSL context |
p_timer | parameter (context) shared by timer callbacks |
f_set_timer | set timer callback |
f_get_timer | get timer callback. Must return: |
mbedtls_ssl_set_timer_t
and mbedtls_ssl_get_timer_t
for the conventions this pair of callbacks must follow.mbedtls_timing_set_delay()
and mbedtls_timing_get_delay()
that are suitable for using here, except if using an event-driven style.int mbedtls_ssl_setup | ( | mbedtls_ssl_context * | ssl, |
const mbedtls_ssl_config * | conf | ||
) |
Set up an SSL context for use.
ssl | SSL context |
conf | SSL configuration to use |
Try to write exactly 'len' application data bytes.
ssl | SSL context |
buf | buffer holding the data |
len | how many bytes must be written |
len
). mbedtls_ssl_session_reset()
on it before re-using it for a new connection; the current connection must be closed.mbedtls_ssl_get_max_frag_len()
may be used to query the active maximum fragment length.