ReactOS  0.4.15-dev-3316-g067ca88
ssl.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  *
10  * This file is provided under the Apache License 2.0, or the
11  * GNU General Public License v2.0 or later.
12  *
13  * **********
14  * Apache License 2.0:
15  *
16  * Licensed under the Apache License, Version 2.0 (the "License"); you may
17  * not use this file except in compliance with the License.
18  * You may obtain a copy of the License at
19  *
20  * http://www.apache.org/licenses/LICENSE-2.0
21  *
22  * Unless required by applicable law or agreed to in writing, software
23  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25  * See the License for the specific language governing permissions and
26  * limitations under the License.
27  *
28  * **********
29  *
30  * **********
31  * GNU General Public License v2.0 or later:
32  *
33  * This program is free software; you can redistribute it and/or modify
34  * it under the terms of the GNU General Public License as published by
35  * the Free Software Foundation; either version 2 of the License, or
36  * (at your option) any later version.
37  *
38  * This program is distributed in the hope that it will be useful,
39  * but WITHOUT ANY WARRANTY; without even the implied warranty of
40  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41  * GNU General Public License for more details.
42  *
43  * You should have received a copy of the GNU General Public License along
44  * with this program; if not, write to the Free Software Foundation, Inc.,
45  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46  *
47  * **********
48  */
49 #ifndef MBEDTLS_SSL_H
50 #define MBEDTLS_SSL_H
51 
52 #if !defined(MBEDTLS_CONFIG_FILE)
53 #include "config.h"
54 #else
55 #include MBEDTLS_CONFIG_FILE
56 #endif
57 
58 #include "bignum.h"
59 #include "ecp.h"
60 
61 #include "ssl_ciphersuites.h"
62 
63 #if defined(MBEDTLS_X509_CRT_PARSE_C)
64 #include "x509_crt.h"
65 #include "x509_crl.h"
66 #endif
67 
68 #if defined(MBEDTLS_DHM_C)
69 #include "dhm.h"
70 #endif
71 
72 #if defined(MBEDTLS_ECDH_C)
73 #include "ecdh.h"
74 #endif
75 
76 #if defined(MBEDTLS_ZLIB_SUPPORT)
77 
78 #if defined(MBEDTLS_DEPRECATED_WARNING)
79 #warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
80 #endif
81 
82 #if defined(MBEDTLS_DEPRECATED_REMOVED)
83 #error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
84 #endif
85 
86 #include "zlib.h"
87 #endif
88 
89 #if defined(MBEDTLS_HAVE_TIME)
90 #include "platform_time.h"
91 #endif
92 
93 /*
94  * SSL Error codes
95  */
96 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
97 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
98 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
99 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
100 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
101 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
102 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
103 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
104 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
105 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
106 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
107 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
108 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
109 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
110 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
111 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
112 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
113 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
114 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
115 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
116 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
117 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
118 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
119 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
120 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
121 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
122 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
123 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
124 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
125 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
126 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
127 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
128 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
129 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
130 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
131 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
132 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
133 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
134 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
135 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
136 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
137 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
138 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
139 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
140 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900
141 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
142 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
143 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
144 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
145 #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
146 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600
147 #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
148 #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
149 #define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
150 #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
151 #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
153 /*
154  * Various constants
155  */
156 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
157 #define MBEDTLS_SSL_MINOR_VERSION_0 0
158 #define MBEDTLS_SSL_MINOR_VERSION_1 1
159 #define MBEDTLS_SSL_MINOR_VERSION_2 2
160 #define MBEDTLS_SSL_MINOR_VERSION_3 3
162 #define MBEDTLS_SSL_TRANSPORT_STREAM 0
163 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
165 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
166 #define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255
168 #define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535
170 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
171  * NONE must be zero so that memset()ing structure to zero works */
172 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
173 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
174 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
175 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
176 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
177 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
179 #define MBEDTLS_SSL_IS_CLIENT 0
180 #define MBEDTLS_SSL_IS_SERVER 1
181 
182 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
183 #define MBEDTLS_SSL_IS_FALLBACK 1
184 
185 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
186 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
187 
188 #define MBEDTLS_SSL_ETM_DISABLED 0
189 #define MBEDTLS_SSL_ETM_ENABLED 1
190 
191 #define MBEDTLS_SSL_COMPRESS_NULL 0
192 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
193 
194 #define MBEDTLS_SSL_VERIFY_NONE 0
195 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
196 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
197 #define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
198 
199 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
200 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
201 
202 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
203 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
204 
205 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
206 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
207 
208 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
209 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
210 
211 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
212 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
213 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
214 
215 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
216 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
217 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
218 
219 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
220 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
221 
222 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
223 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
224 
225 #define MBEDTLS_SSL_ARC4_ENABLED 0
226 #define MBEDTLS_SSL_ARC4_DISABLED 1
227 
228 #define MBEDTLS_SSL_PRESET_DEFAULT 0
229 #define MBEDTLS_SSL_PRESET_SUITEB 2
230 
231 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
232 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
233 
234 /*
235  * Default range for DTLS retransmission timer value, in milliseconds.
236  * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
237  */
238 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
239 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
240 
249 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
250 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
251 #endif
252 
253 /*
254  * Maximum fragment length in bytes,
255  * determines the size of each of the two internal I/O buffers.
256  *
257  * Note: the RFC defines the default size of SSL / TLS messages. If you
258  * change the value here, other clients / servers may not be able to
259  * communicate with you anymore. Only change this value if you control
260  * both sides of the connection and have it reduced at both sides, or
261  * if you're using the Max Fragment Length extension and you know all your
262  * peers are using it too!
263  */
264 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
265 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
266 #endif
267 
268 #if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
269 #define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
270 #endif
271 
272 #if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
273 #define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
274 #endif
275 
276 /*
277  * Maximum number of heap-allocated bytes for the purpose of
278  * DTLS handshake message reassembly and future message buffering.
279  */
280 #if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
281 #define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
282 #endif
283 
284 /* \} name SECTION: Module settings */
285 
286 /*
287  * Length of the verify data for secure renegotiation
288  */
289 #if defined(MBEDTLS_SSL_PROTO_SSL3)
290 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
291 #else
292 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
293 #endif
294 
295 /*
296  * Signaling ciphersuite values (SCSV)
297  */
298 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
299 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
301 /*
302  * Supported Signature and Hash algorithms (For TLS 1.2)
303  * RFC 5246 section 7.4.1.4.1
304  */
305 #define MBEDTLS_SSL_HASH_NONE 0
306 #define MBEDTLS_SSL_HASH_MD5 1
307 #define MBEDTLS_SSL_HASH_SHA1 2
308 #define MBEDTLS_SSL_HASH_SHA224 3
309 #define MBEDTLS_SSL_HASH_SHA256 4
310 #define MBEDTLS_SSL_HASH_SHA384 5
311 #define MBEDTLS_SSL_HASH_SHA512 6
312 
313 #define MBEDTLS_SSL_SIG_ANON 0
314 #define MBEDTLS_SSL_SIG_RSA 1
315 #define MBEDTLS_SSL_SIG_ECDSA 3
316 
317 /*
318  * Client Certificate Types
319  * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
320  */
321 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
322 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
323 
324 /*
325  * Message, alert and handshake types
326  */
327 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
328 #define MBEDTLS_SSL_MSG_ALERT 21
329 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
330 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
331 
332 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
333 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
334 
335 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
336 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
337 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
338 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
339 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
340 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
341 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
342 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
343 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
344 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
345 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
346 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
347 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
348 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
349 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
350 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
351 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
352 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
353 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
354 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
355 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
356 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
357 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
358 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
359 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
360 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
361 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
362 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
363 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
364 
365 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
366 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
367 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
368 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
369 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
370 #define MBEDTLS_SSL_HS_CERTIFICATE 11
371 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
372 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
373 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
374 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
375 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
376 #define MBEDTLS_SSL_HS_FINISHED 20
377 
378 /*
379  * TLS extensions
380  */
381 #define MBEDTLS_TLS_EXT_SERVERNAME 0
382 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
383 
384 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
385 
386 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
387 
388 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
389 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
390 
391 #define MBEDTLS_TLS_EXT_SIG_ALG 13
392 
393 #define MBEDTLS_TLS_EXT_ALPN 16
394 
395 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
396 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
397 
398 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
399 
400 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
401 
402 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
403 
404 /*
405  * Size defines
406  */
407 #if !defined(MBEDTLS_PSK_MAX_LEN)
408 #define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
409 #endif
410 
411 /* Dummy type used only for its size */
413 {
414 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
415  unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
416 #endif
417 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
418  unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
419 #endif
420 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
421  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
422  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
423  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
424  unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
425 #endif
426 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
427  unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
428 #endif
429 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
430  unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
431  + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
432 #endif
433 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
434  unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
435 #endif
436 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
437  unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
438  + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
439 #endif
440 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
441  unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
442 #endif
443 };
444 
445 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
446 
447 #ifdef __cplusplus
448 extern "C" {
449 #endif
450 
451 /*
452  * SSL state machine
453  */
454 typedef enum
455 {
475 }
477 
495 typedef int mbedtls_ssl_send_t( void *ctx,
496  const unsigned char *buf,
497  size_t len );
498 
518 typedef int mbedtls_ssl_recv_t( void *ctx,
519  unsigned char *buf,
520  size_t len );
521 
544 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
545  unsigned char *buf,
546  size_t len,
547  uint32_t timeout );
570 typedef void mbedtls_ssl_set_timer_t( void * ctx,
571  uint32_t int_ms,
572  uint32_t fin_ms );
573 
585 typedef int mbedtls_ssl_get_timer_t( void * ctx );
586 
587 /* Defined below */
591 
592 /* Defined in ssl_internal.h */
596 #if defined(MBEDTLS_X509_CRT_PARSE_C)
598 #endif
599 #if defined(MBEDTLS_SSL_PROTO_DTLS)
600 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
601 #endif
602 
603 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
604 #if defined(MBEDTLS_X509_CRT_PARSE_C)
605 
676 typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
678  mbedtls_md_type_t md_alg,
679  const unsigned char *hash,
680  size_t hash_len );
681 
742 typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
744  const unsigned char *input,
745  size_t input_len );
746 #endif /* MBEDTLS_X509_CRT_PARSE_C */
747 
790 typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
791  unsigned char *output,
792  size_t *output_len,
793  size_t output_size );
794 
812 typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
813 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
814 
815 /*
816  * This structure is used for storing current session data.
817  */
819 {
820 #if defined(MBEDTLS_HAVE_TIME)
822 #endif
825  size_t id_len;
826  unsigned char id[32];
827  unsigned char master[48];
829 #if defined(MBEDTLS_X509_CRT_PARSE_C)
831 #endif /* MBEDTLS_X509_CRT_PARSE_C */
834 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
835  unsigned char *ticket;
836  size_t ticket_len;
838 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
839 
840 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
841  unsigned char mfl_code;
842 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
843 
844 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
846 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
847 
848 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
850 #endif
851 };
852 
857 {
858  /* Group items by size (largest first) to minimize padding overhead */
859 
860  /*
861  * Pointers
862  */
863 
864  const int *ciphersuite_list[4];
867  void (*f_dbg)(void *, int, const char *, int, const char *);
868  void *p_dbg;
871  int (*f_rng)(void *, unsigned char *, size_t);
872  void *p_rng;
877  int (*f_set_cache)(void *, const mbedtls_ssl_session *);
878  void *p_cache;
880 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
881 
882  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
883  void *p_sni;
884 #endif
885 
886 #if defined(MBEDTLS_X509_CRT_PARSE_C)
887 
889  void *p_vrfy;
890 #endif
891 
892 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
893 
894  int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
895  void *p_psk;
896 #endif
897 
898 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
899 
900  int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
901  const unsigned char *, size_t );
903  int (*f_cookie_check)( void *, const unsigned char *, size_t,
904  const unsigned char *, size_t );
905  void *p_cookie;
906 #endif
907 
908 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
909 
910  int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
911  unsigned char *, const unsigned char *, size_t *, uint32_t * );
913  int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
914  void *p_ticket;
915 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
916 
917 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
918 
919  int (*f_export_keys)( void *, const unsigned char *,
920  const unsigned char *, size_t, size_t, size_t );
921  void *p_export_keys;
922 #endif
923 
924 #if defined(MBEDTLS_X509_CRT_PARSE_C)
929 #endif /* MBEDTLS_X509_CRT_PARSE_C */
930 
931 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
932 #if defined(MBEDTLS_X509_CRT_PARSE_C)
933  mbedtls_ssl_async_sign_t *f_async_sign_start;
934  mbedtls_ssl_async_decrypt_t *f_async_decrypt_start;
935 #endif /* MBEDTLS_X509_CRT_PARSE_C */
936  mbedtls_ssl_async_resume_t *f_async_resume;
937  mbedtls_ssl_async_cancel_t *f_async_cancel;
938  void *p_async_config_data;
939 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
940 
941 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
942  const int *sig_hashes;
943 #endif
944 
945 #if defined(MBEDTLS_ECP_C)
947 #endif
948 
949 #if defined(MBEDTLS_DHM_C)
952 #endif
953 
954 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
955  unsigned char *psk;
958  size_t psk_len;
961  unsigned char *psk_identity;
964  size_t psk_identity_len;
967 #endif
968 
969 #if defined(MBEDTLS_SSL_ALPN)
970  const char **alpn_list;
971 #endif
972 
973  /*
974  * Numerical settings (int then char)
975  */
976 
979 #if defined(MBEDTLS_SSL_PROTO_DTLS)
980  uint32_t hs_timeout_min;
982  uint32_t hs_timeout_max;
984 #endif
985 
986 #if defined(MBEDTLS_SSL_RENEGOTIATION)
988  unsigned char renego_period[8];
990 #endif
991 
992 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
993  unsigned int badmac_limit;
994 #endif
995 
996 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
997  unsigned int dhm_min_bitlen;
998 #endif
999 
1000  unsigned char max_major_ver;
1001  unsigned char max_minor_ver;
1002  unsigned char min_major_ver;
1003  unsigned char min_minor_ver;
1005  /*
1006  * Flags (bitfields)
1007  */
1008 
1009  unsigned int endpoint : 1;
1010  unsigned int transport : 1;
1011  unsigned int authmode : 2;
1012  /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
1013  unsigned int allow_legacy_renegotiation : 2 ;
1014 #if defined(MBEDTLS_ARC4_C)
1015  unsigned int arc4_disabled : 1;
1016 #endif
1017 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1018  unsigned int mfl_code : 3;
1019 #endif
1020 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1021  unsigned int encrypt_then_mac : 1 ;
1022 #endif
1023 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1024  unsigned int extended_ms : 1;
1025 #endif
1026 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1027  unsigned int anti_replay : 1;
1028 #endif
1029 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1030  unsigned int cbc_record_splitting : 1;
1031 #endif
1032 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1033  unsigned int disable_renegotiation : 1;
1034 #endif
1035 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1036  unsigned int trunc_hmac : 1;
1037 #endif
1038 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1039  unsigned int session_tickets : 1;
1040 #endif
1041 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
1042  unsigned int fallback : 1;
1043 #endif
1044 #if defined(MBEDTLS_SSL_SRV_C)
1045  unsigned int cert_req_ca_list : 1;
1047 #endif
1048 };
1049 
1050 
1052 {
1055  /*
1056  * Miscellaneous
1057  */
1058  int state;
1059 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1064 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1065 
1069 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
1070  unsigned badmac_seen;
1071 #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
1072 
1078  void *p_bio;
1080  /*
1081  * Session layer
1082  */
1091  /*
1092  * Record layer transformations
1093  */
1099  /*
1100  * Timers
1101  */
1102  void *p_timer;
1107  /*
1108  * Record layer (incoming data)
1109  */
1110  unsigned char *in_buf;
1111  unsigned char *in_ctr;
1114  unsigned char *in_hdr;
1115  unsigned char *in_len;
1116  unsigned char *in_iv;
1117  unsigned char *in_msg;
1118  unsigned char *in_offt;
1121  size_t in_msglen;
1122  size_t in_left;
1123 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1124  uint16_t in_epoch;
1125  size_t next_record_offset;
1127 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1128 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1129  uint64_t in_window_top;
1130  uint64_t in_window;
1131 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
1132 
1133  size_t in_hslen;
1135  int nb_zero;
1140 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1141  uint8_t disable_datagram_packing;
1143 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1144 
1145  /*
1146  * Record layer (outgoing data)
1147  */
1148  unsigned char *out_buf;
1149  unsigned char *out_ctr;
1150  unsigned char *out_hdr;
1151  unsigned char *out_len;
1152  unsigned char *out_iv;
1153  unsigned char *out_msg;
1156  size_t out_msglen;
1157  size_t out_left;
1159  unsigned char cur_out_ctr[8];
1161 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1162  uint16_t mtu;
1163 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1164 
1165 #if defined(MBEDTLS_ZLIB_SUPPORT)
1166  unsigned char *compress_buf;
1167 #endif /* MBEDTLS_ZLIB_SUPPORT */
1168 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1169  signed char split_done;
1170 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1171 
1172  /*
1173  * PKI layer
1174  */
1177  /*
1178  * User settings
1179  */
1180 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1181  char *hostname;
1183 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1184 
1185 #if defined(MBEDTLS_SSL_ALPN)
1186  const char *alpn_chosen;
1187 #endif /* MBEDTLS_SSL_ALPN */
1188 
1189  /*
1190  * Information for DTLS hello verify
1191  */
1192 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
1193  unsigned char *cli_id;
1194  size_t cli_id_len;
1195 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
1196 
1197  /*
1198  * Secure renegotiation
1199  */
1200  /* needed to know when to send extension on server */
1203 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1207 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1208 };
1209 
1210 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
1211 
1212 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
1213 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
1214 
1215 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
1216  const unsigned char *key_enc, const unsigned char *key_dec,
1217  size_t keylen,
1218  const unsigned char *iv_enc, const unsigned char *iv_dec,
1219  size_t ivlen,
1220  const unsigned char *mac_enc, const unsigned char *mac_dec,
1221  size_t maclen);
1222 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
1223 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
1224 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
1225 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
1226 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
1227 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
1228 
1237 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
1238 
1247 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
1248 
1257 
1279  const mbedtls_ssl_config *conf );
1280 
1292 
1300 
1315 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
1316 
1343 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
1344 
1345 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1346 
1358  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
1359  void *p_vrfy );
1360 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1361 
1370  int (*f_rng)(void *, unsigned char *, size_t),
1371  void *p_rng );
1372 
1388  void (*f_dbg)(void *, int, const char *, int, const char *),
1389  void *p_dbg );
1390 
1422  void *p_bio,
1423  mbedtls_ssl_send_t *f_send,
1424  mbedtls_ssl_recv_t *f_recv,
1425  mbedtls_ssl_recv_timeout_t *f_recv_timeout );
1426 
1427 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1428 
1470 void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
1471 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1472 
1490 
1512  void *p_timer,
1513  mbedtls_ssl_set_timer_t *f_set_timer,
1514  mbedtls_ssl_get_timer_t *f_get_timer );
1515 
1535 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
1537  unsigned char *start,
1538  const unsigned char *end,
1539  size_t *tlen,
1540  uint32_t *lifetime );
1541 
1542 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
1543 
1563 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
1564  const unsigned char *ms,
1565  const unsigned char *kb,
1566  size_t maclen,
1567  size_t keylen,
1568  size_t ivlen );
1569 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
1570 
1594 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
1596  unsigned char *buf,
1597  size_t len );
1598 
1599 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
1600 
1614 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
1615  mbedtls_ssl_ticket_write_t *f_ticket_write,
1616  mbedtls_ssl_ticket_parse_t *f_ticket_parse,
1617  void *p_ticket );
1618 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
1619 
1620 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
1621 
1631 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
1632  mbedtls_ssl_export_keys_t *f_export_keys,
1633  void *p_export_keys );
1634 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
1635 
1636 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1637 
1667 void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
1668  mbedtls_ssl_async_sign_t *f_async_sign,
1669  mbedtls_ssl_async_decrypt_t *f_async_decrypt,
1670  mbedtls_ssl_async_resume_t *f_async_resume,
1671  mbedtls_ssl_async_cancel_t *f_async_cancel,
1672  void *config_data );
1673 
1682 void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
1683 
1698 void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
1699 
1711 void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
1712  void *ctx );
1713 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1714 
1729 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
1730  unsigned char **p, unsigned char *end,
1731  const unsigned char *info, size_t ilen );
1732 
1746 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
1747  const unsigned char *cookie, size_t clen,
1748  const unsigned char *info, size_t ilen );
1749 
1750 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
1751 
1779 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
1780  mbedtls_ssl_cookie_write_t *f_cookie_write,
1781  mbedtls_ssl_cookie_check_t *f_cookie_check,
1782  void *p_cookie );
1783 
1803 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
1804  const unsigned char *info,
1805  size_t ilen );
1806 
1807 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
1808 
1809 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1810 
1825 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
1826 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
1827 
1828 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
1829 
1852 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
1853 #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
1854 
1855 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1856 
1885 void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
1886  unsigned allow_packing );
1887 
1919 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
1920 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1921 
1922 #if defined(MBEDTLS_SSL_SRV_C)
1923 
1960 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
1961  void *p_cache,
1962  int (*f_get_cache)(void *, mbedtls_ssl_session *),
1963  int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
1964 #endif /* MBEDTLS_SSL_SRV_C */
1965 
1966 #if defined(MBEDTLS_SSL_CLI_C)
1967 
1982 #endif /* MBEDTLS_SSL_CLI_C */
1983 
2000  const int *ciphersuites );
2001 
2022  const int *ciphersuites,
2023  int major, int minor );
2024 
2025 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2026 
2038 
2051  mbedtls_x509_crt *ca_chain,
2052  mbedtls_x509_crl *ca_crl );
2053 
2091  mbedtls_x509_crt *own_cert,
2092  mbedtls_pk_context *pk_key );
2093 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2094 
2095 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2096 
2116 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
2117  const unsigned char *psk, size_t psk_len,
2118  const unsigned char *psk_identity, size_t psk_identity_len );
2119 
2120 
2133 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
2134  const unsigned char *psk, size_t psk_len );
2135 
2160 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
2161  int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
2162  size_t),
2163  void *p_psk );
2164 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2165 
2166 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
2167 
2168 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
2169 
2170 #if defined(MBEDTLS_DEPRECATED_WARNING)
2171 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
2172 #else
2173 #define MBEDTLS_DEPRECATED
2174 #endif
2175 
2189 MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
2190  const char *dhm_P,
2191  const char *dhm_G );
2192 
2193 #endif /* MBEDTLS_DEPRECATED_REMOVED */
2194 
2208 int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
2209  const unsigned char *dhm_P, size_t P_len,
2210  const unsigned char *dhm_G, size_t G_len );
2211 
2221 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
2222 #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
2223 
2224 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
2225 
2234  unsigned int bitlen );
2235 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
2236 
2237 #if defined(MBEDTLS_ECP_C)
2238 
2266  const mbedtls_ecp_group_id *curves );
2267 #endif /* MBEDTLS_ECP_C */
2268 
2269 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
2270 
2291  const int *hashes );
2292 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
2293 
2294 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2295 
2313 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
2314 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2315 
2316 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
2317 
2330  mbedtls_x509_crt *own_cert,
2331  mbedtls_pk_context *pk_key );
2332 
2345  mbedtls_x509_crt *ca_chain,
2346  mbedtls_x509_crl *ca_crl );
2347 
2359  int authmode );
2360 
2385  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
2386  size_t),
2387  void *p_sni );
2388 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
2389 
2390 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2391 
2408 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
2409  const unsigned char *pw,
2410  size_t pw_len );
2411 #endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
2412 
2413 #if defined(MBEDTLS_SSL_ALPN)
2414 
2426 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
2427 
2437 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
2438 #endif /* MBEDTLS_SSL_ALPN */
2439 
2457 
2477 
2478 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
2479 
2498 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
2499 #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
2500 
2501 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2502 
2514 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
2515 
2516 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
2517 
2529 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
2530 
2531 #if defined(MBEDTLS_ARC4_C)
2532 
2547 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
2548 #endif /* MBEDTLS_ARC4_C */
2549 
2550 #if defined(MBEDTLS_SSL_SRV_C)
2551 
2560 void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
2561  char cert_req_ca_list );
2562 #endif /* MBEDTLS_SSL_SRV_C */
2563 
2564 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2565 
2599 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
2600 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2601 
2602 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2603 
2611 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
2612 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
2613 
2614 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
2615 
2627 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
2628 
2629 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2630 
2640 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
2641 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
2642 
2643 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2644 
2661 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
2662 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2663 
2691 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
2692 
2693 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2694 
2731 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
2732 
2759  const unsigned char period[8] );
2760 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2761 
2801 
2818 
2832 
2840 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
2841 
2849 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
2850 
2865 
2866 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2867 
2880 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2881 
2909 
2910 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2911 
2926 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2927 
2928 #if defined(MBEDTLS_SSL_CLI_C)
2929 
2956 #endif /* MBEDTLS_SSL_CLI_C */
2957 
3009 
3031 
3032 #if defined(MBEDTLS_SSL_RENEGOTIATION)
3033 
3057 #endif /* MBEDTLS_SSL_RENEGOTIATION */
3058 
3129 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
3130 
3191 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
3192 
3210  unsigned char level,
3211  unsigned char message );
3226 
3233 
3245 
3262  int endpoint, int transport, int preset );
3263 
3270 
3277 
3288 
3289 #ifdef __cplusplus
3290 }
3291 #endif
3292 
3293 #endif /* ssl.h */
mbedtls_ssl_send_t * f_send
Definition: ssl.h:1073
void * p_rng
Definition: ssl.h:872
const char ** alpn_list
Definition: ssl.h:970
unsigned int transport
Definition: ssl.h:1010
unsigned char * in_ctr
Definition: ssl.h:1111
mbedtls_x509_crt * peer_cert
Definition: ssl.h:830
unsigned char * out_msg
Definition: ssl.h:1153
GLint level
Definition: gl.h:1546
unsigned char master[48]
Definition: ssl.h:827
unsigned int trunc_hmac
Definition: ssl.h:1036
unsigned char * in_len
Definition: ssl.h:1115
#define max(a, b)
Definition: svc.c:63
unsigned char * in_buf
Definition: ssl.h:1110
unsigned int endpoint
Definition: ssl.h:1009
Definition: tftpd.h:59
Public key container.
Definition: pk.h:155
void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
Set the data required to verify peer certificate for the current handshake.
int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
Callback type: parse and load session ticket.
Definition: ssl.h:1594
mbedtls_mpi dhm_P
Definition: ssl.h:950
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
Definition: ssl.h:1206
static UCHAR ULONG UCHAR ULONG UCHAR * output
Definition: bcrypt.c:29
unsigned char max_minor_ver
Definition: ssl.h:1001
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
const char * mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm)
Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED)
unsigned char min_minor_ver
Definition: ssl.h:1003
int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)
Callback type: generate a cookie.
Definition: ssl.h:1729
unsigned char * in_hdr
Definition: ssl.h:1114
unsigned int dhm_min_bitlen
Definition: ssl.h:997
int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)
Callback type: verify a cookie.
Definition: ssl.h:1746
void * p_sni
Definition: ssl.h:883
void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer)
Set the timer callbacks (Mandatory for DTLS.)
unsigned char * ticket
Definition: ssl.h:835
size_t ticket_len
Definition: ssl.h:836
void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems)
Enable or disable Extended Master Secret negotiation. (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
unsigned char * out_iv
Definition: ssl.h:1152
mbedtls_ssl_transform * transform_in
Definition: ssl.h:1094
size_t in_left
Definition: ssl.h:1122
unsigned int authmode
Definition: ssl.h:1011
int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len)
Callback type: send data on the network.
Definition: ssl.h:495
#define MBEDTLS_DEPRECATED
Definition: aes.h:651
int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len)
Callback type: receive data from the network.
Definition: ssl.h:518
const mbedtls_ecp_group_id * curve_list
Definition: ssl.h:946
This file provides an API for Elliptic Curves over GF(P) (ECP).
void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split)
Enable / Disable 1/n-1 record splitting (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
int(* f_get_cache)(void *, mbedtls_ssl_session *)
Definition: ssl.h:875
unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]
Definition: ssl.h:418
void(* f_dbg)(void *, int, const char *, int, const char *)
Definition: ssl.h:867
void * p_cache
Definition: ssl.h:878
int(* f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Definition: ssl.h:882
void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Set the verification callback (Optional).
unsigned char _pms_rsa[48]
Definition: ssl.h:415
unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]
Definition: ssl.h:424
unsigned char renego_period[8]
Definition: ssl.h:988
uint32_t ticket_lifetime
Definition: ssl.h:837
int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
Return the current maximum outgoing record payload in bytes. This takes into account the config....
void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation)
Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RE...
mbedtls_ssl_session * session_in
Definition: ssl.h:1083
Definition: dhcpd.h:245
mbedtls_ssl_get_timer_t * f_get_timer
Definition: ssl.h:1105
unsigned short int uint16_t
Definition: acefiex.h:54
void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor)
Set the maximum supported version sent from the client side and/or accepted at the server side (Defau...
uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl)
Return the result of the certificate verification.
mbedtls_x509_crl * ca_crl
Definition: ssl.h:928
int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl)
Check if there is data already read from the underlying transport but not yet processed.
mbedtls_ssl_session * session_out
Definition: ssl.h:1084
const mbedtls_x509_crt * mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl)
Return the peer certificate from the current connection.
int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)
Callback type: receive data from the network, with timeout.
Definition: ssl.h:544
GLint limit
Definition: glext.h:10326
char * hostname
Definition: ftp.c:88
SSL Ciphersuites for mbed TLS.
mbedtls_ssl_transform * transform_out
Definition: ssl.h:1095
unsigned char mfl_code
Definition: ssl.h:841
void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, const unsigned char period[8])
Set record counter threshold for periodic renegotiation. (Default: 2^48 - 1)
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
unsigned int mfl_code
Definition: ssl.h:1018
int(* f_set_cache)(void *, const mbedtls_ssl_session *)
Definition: ssl.h:877
Multi-precision integer library.
int encrypt_then_mac
Definition: ssl.h:849
size_t in_hslen
Definition: ssl.h:1133
int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code)
Set the maximum fragment length to emit and/or negotiate. (Typical: the smaller of MBEDTLS_SSL_IN_CON...
time_t mbedtls_time_t
Definition: platform_time.h:78
int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
Try to write exactly 'len' application data bytes.
void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor)
Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0)
int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl)
Notify the peer that the connection is being closed.
void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets)
Enable / Disable session tickets (client only). (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED....
void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor)
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol....
mbedtls_ssl_transform * transform
Definition: ssl.h:1096
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1088
void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
Free referenced items in an SSL context and clear memory.
void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint)
Set the current endpoint type.
ULONG major
size_t out_left
Definition: ssl.h:1157
void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
Free referenced items in an SSL session including the peer certificate and clear memory.
void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4)
Disable or enable support for RC4 (Default: MBEDTLS_SSL_ARC4_DISABLED)
unsigned char * in_msg
Definition: ssl.h:1117
void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, const int *hashes)
Set the allowed hashes for signatures during the handshake. (Default: all SHA-2 hashes,...
unsigned char min_major_ver
Definition: ssl.h:1002
static BYTE cert[]
Definition: msg.c:1437
mbedtls_ssl_set_timer_t * f_set_timer
Definition: ssl.h:1104
const char * mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl)
Get the name of the negotiated Application Layer Protocol. This function should be called after the h...
const int * ciphersuite_list[4]
Definition: ssl.h:864
int(* f_rng)(void *, unsigned char *, size_t)
Definition: ssl.h:871
void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, unsigned int bitlen)
Set the minimum length for Diffie-Hellman parameters. (Client-side only.) (Default: 1024 bits....
WDF_DMA_PROFILE profile
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:926
mbedtls_ssl_recv_t * f_recv
Definition: ssl.h:1074
__kernel_size_t size_t
Definition: linux.h:237
int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Return the ID of the ciphersuite associated with the given name.
void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport)
Set the transport type (TLS or DTLS). Default: TLS.
mbedtls_ssl_session * session_negotiate
Definition: ssl.h:1086
mbedtls_ssl_states
Definition: ssl.h:454
void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, int(*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni)
Set server side ServerName TLS extension callback (optional, server-side only).
const int * sig_hashes
Definition: ssl.h:942
void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records)
Enforce renegotiation requests. (Default: enforced, max_records = 16)
void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout)
Set the underlying BIO callbacks for write, read and read-with-timeout.
size_t id_len
Definition: ssl.h:825
unsigned int encrypt_then_mac
Definition: ssl.h:1021
void * p_bio
Definition: ssl.h:1078
static LPSTR * split(LPSTR s, LPINT args)
Definition: cmdcons.c:163
unsigned int cbc_record_splitting
Definition: ssl.h:1030
void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Set the random number generator callback.
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
Set the supported Application Layer Protocols.
void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, const mbedtls_x509_crt_profile *profile)
Set the X.509 security profile used for verification.
void * p_vrfy
Definition: ssl.h:889
const mbedtls_x509_crt_profile * cert_profile
Definition: ssl.h:925
void * p_timer
Definition: ssl.h:1102
This file contains Diffie-Hellman-Merkle (DHM) key exchange definitions and functions.
X.509 certificate parsing and writing.
#define MBEDTLS_PSK_MAX_LEN
Definition: ssl.h:408
unsigned int session_tickets
Definition: ssl.h:1039
void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate)
Activate negotiation of truncated HMAC (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
mbedtls_ssl_session * session
Definition: ssl.h:1085
unsigned char * in_iv
Definition: ssl.h:1116
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
Definition: ssl.h:1205
void mbedtls_ssl_init(mbedtls_ssl_context *ssl)
Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free()
mbedtls_ssl_transform * transform_negotiate
Definition: ssl.h:1097
const char * mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl)
Return the name of the current ciphersuite.
GLuint GLuint end
Definition: gl.h:1545
mbedtls_ecp_group_id
Definition: ecp.h:102
unsigned char * out_ctr
Definition: ssl.h:1149
int secure_renegotiation
Definition: ssl.h:1201
int mbedtls_ssl_get_timer_t(void *ctx)
Callback type: get status of timers/delays.
Definition: ssl.h:585
The DHM context structure.
Definition: dhm.h:127
const mbedtls_ssl_config * conf
Definition: ssl.h:1053
void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, void(*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg)
Set the debug callback.
unsigned char * in_offt
Definition: ssl.h:1118
unsigned int extended_ms
Definition: ssl.h:1024
unsigned char max_major_ver
Definition: ssl.h:1000
void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults(...
int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl)
Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc...
const char * alpn_chosen
Definition: ssl.h:1186
This file contains ECDH definitions and functions.
mbedtls_mpi dhm_G
Definition: ssl.h:951
GLenum GLsizei len
Definition: glext.h:6722
int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
Request resumption of session (client-side only) Session data is copied from presented session struct...
#define MBEDTLS_MPI_MAX_SIZE
Definition: bignum.h:107
unsigned int disable_renegotiation
Definition: ssl.h:1033
GLenum mode
Definition: glext.h:6217
char * hostname
Definition: ssl.h:1181
BYTE uint8_t
Definition: msvideo1.c:66
int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
Set own certificate and key for the current handshake.
int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
Set own certificate chain and private key.
int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf)
Set up an SSL context for use.
size_t out_msglen
Definition: ssl.h:1156
uint32_t read_timeout
Definition: ssl.h:977
void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy)
Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
Definition: nis.h:10
UINT64 uint64_t
Definition: types.h:77
GLenum GLenum GLenum input
Definition: glext.h:9031
int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl)
Initiate an SSL renegotiation on the running connection. Client: perform the renegotiation right now....
unsigned char * out_len
Definition: ssl.h:1151
GLuint start
Definition: gl.h:1545
int(* f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)
Definition: ssl.h:888
unsigned int arc4_disabled
Definition: ssl.h:1015
MPI structure.
Definition: bignum.h:210
X.509 certificate revocation list parsing.
Definition: cookie.c:33
#define min(a, b)
Definition: monoChain.cc:55
int renego_max_records
Definition: ssl.h:987
mbedtls_ssl_recv_timeout_t * f_recv_timeout
Definition: ssl.h:1075
mbedtls_x509_crt * ca_chain
Definition: ssl.h:927
void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout)
Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)
size_t verify_data_len
Definition: ssl.h:1204
void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
Free an SSL configuration context.
UINT32 uint32_t
Definition: types.h:75
int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
Read at most 'len' application data bytes.
void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms)
Callback type: set a pair of timers/delays to watch.
Definition: ssl.h:570
size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl)
Return the number of application data bytes remaining to be read from the current record.
unsigned char * out_buf
Definition: ssl.h:1148
void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
Initialize SSL session structure.
void * p_dbg
Definition: ssl.h:868
int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
Callback type: generate and write session ticket.
Definition: ssl.h:1535
mbed TLS Platform time abstraction
int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, int endpoint, int transport, int preset)
Load reasonnable default SSL configuration values. (You need to call mbedtls_ssl_config_init() first....
void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
Set the data required to verify peer certificate.
void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves)
Set the allowed curves in order of preference. (Default: all defined curves in order of decreasing si...
int renego_records_seen
Definition: ssl.h:1061
unsigned char * out_hdr
Definition: ssl.h:1150
uint32_t verify_result
Definition: ssl.h:832
int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl)
Perform the SSL handshake.
void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, int authmode)
Set authmode for the current handshake.
unsigned int allow_legacy_renegotiation
Definition: ssl.h:1013
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
int keep_current_message
Definition: ssl.h:1137
GLfloat GLfloat p
Definition: glext.h:8902
signed char split_done
Definition: ssl.h:1169
int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
Perform a single step of the SSL handshake.
unsigned char cur_out_ctr[8]
Definition: ssl.h:1159
const char * mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl)
Return the current SSL version (SSLv3/TLSv1/etc)
Definition: _hash_fun.h:40
void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode)
Set the certificate verification mode Default: NONE on server, REQUIRED on client.
int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
Reset an already initialized SSL context for re-use while retaining application-set variables,...
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
Set or reset the hostname to check against the received server certificate. It sets the ServerName TL...
#define MBEDTLS_ECP_MAX_BYTES
Definition: ecp.h:278
ULONG minor
int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session)
Save session in order to resume it later (client-side only) Session data is copied to presented sessi...
void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, const int *ciphersuites)
Set the list of allowed ciphersuites and the preference order. First in the list has the highest pref...
size_t mbedtls_ssl_get_max_frag_len(const mbedtls_ssl_context *ssl)
Return the maximum fragment length (payload, in bytes). This is the value negotiated with peer if any...
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
Definition: ssl.h:292
size_t in_msglen
Definition: ssl.h:1121
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31