ReactOS 0.4.15-dev-7942-gd23573b
ssl.h
Go to the documentation of this file.
1
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 *
10 * This file is provided under the Apache License 2.0, or the
11 * GNU General Public License v2.0 or later.
12 *
13 * **********
14 * Apache License 2.0:
15 *
16 * Licensed under the Apache License, Version 2.0 (the "License"); you may
17 * not use this file except in compliance with the License.
18 * You may obtain a copy of the License at
19 *
20 * http://www.apache.org/licenses/LICENSE-2.0
21 *
22 * Unless required by applicable law or agreed to in writing, software
23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25 * See the License for the specific language governing permissions and
26 * limitations under the License.
27 *
28 * **********
29 *
30 * **********
31 * GNU General Public License v2.0 or later:
32 *
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
37 *
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46 *
47 * **********
48 */
49#ifndef MBEDTLS_SSL_H
50#define MBEDTLS_SSL_H
51
52#if !defined(MBEDTLS_CONFIG_FILE)
53#include "config.h"
54#else
55#include MBEDTLS_CONFIG_FILE
56#endif
57
58#include "bignum.h"
59#include "ecp.h"
60
61#include "ssl_ciphersuites.h"
62
63#if defined(MBEDTLS_X509_CRT_PARSE_C)
64#include "x509_crt.h"
65#include "x509_crl.h"
66#endif
67
68#if defined(MBEDTLS_DHM_C)
69#include "dhm.h"
70#endif
71
72#if defined(MBEDTLS_ECDH_C)
73#include "ecdh.h"
74#endif
75
76#if defined(MBEDTLS_ZLIB_SUPPORT)
77
78#if defined(MBEDTLS_DEPRECATED_WARNING)
79#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
80#endif
81
82#if defined(MBEDTLS_DEPRECATED_REMOVED)
83#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
84#endif
85
86#include "zlib.h"
87#endif
88
89#if defined(MBEDTLS_HAVE_TIME)
90#include "platform_time.h"
91#endif
92
93/*
94 * SSL Error codes
95 */
96#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
97#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
98#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
99#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
100#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
101#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
102#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
103#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
104#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
105#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
106#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
107#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
108#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
109#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
110#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
111#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
112#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
113#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
114#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
115#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
116#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
117#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
118#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
119#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
120#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
121#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
122#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
123#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
124#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
125#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
126#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
127#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
128#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
129#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
130#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
131#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
132#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
133#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
134#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
135#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
136#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
137#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
138#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
139#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
140#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
141#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
142#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
143#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
144#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
145#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
146#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600
147#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
148#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
149#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
150#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
151#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
153/*
154 * Various constants
155 */
156#define MBEDTLS_SSL_MAJOR_VERSION_3 3
157#define MBEDTLS_SSL_MINOR_VERSION_0 0
158#define MBEDTLS_SSL_MINOR_VERSION_1 1
159#define MBEDTLS_SSL_MINOR_VERSION_2 2
160#define MBEDTLS_SSL_MINOR_VERSION_3 3
162#define MBEDTLS_SSL_TRANSPORT_STREAM 0
163#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
165#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
166#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255
168#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535
170/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
171 * NONE must be zero so that memset()ing structure to zero works */
172#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
173#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
174#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
175#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
176#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
177#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
179#define MBEDTLS_SSL_IS_CLIENT 0
180#define MBEDTLS_SSL_IS_SERVER 1
181
182#define MBEDTLS_SSL_IS_NOT_FALLBACK 0
183#define MBEDTLS_SSL_IS_FALLBACK 1
184
185#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
186#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
187
188#define MBEDTLS_SSL_ETM_DISABLED 0
189#define MBEDTLS_SSL_ETM_ENABLED 1
190
191#define MBEDTLS_SSL_COMPRESS_NULL 0
192#define MBEDTLS_SSL_COMPRESS_DEFLATE 1
193
194#define MBEDTLS_SSL_VERIFY_NONE 0
195#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
196#define MBEDTLS_SSL_VERIFY_REQUIRED 2
197#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
198
199#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
200#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
201
202#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
203#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
204
205#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
206#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
207
208#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
209#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
210
211#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
212#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
213#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
214
215#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
216#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
217#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
218
219#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
220#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
221
222#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
223#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
224
225#define MBEDTLS_SSL_ARC4_ENABLED 0
226#define MBEDTLS_SSL_ARC4_DISABLED 1
227
228#define MBEDTLS_SSL_PRESET_DEFAULT 0
229#define MBEDTLS_SSL_PRESET_SUITEB 2
230
231#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
232#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
233
234/*
235 * Default range for DTLS retransmission timer value, in milliseconds.
236 * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
237 */
238#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
239#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
240
249#if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
250#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
251#endif
252
253/*
254 * Maximum fragment length in bytes,
255 * determines the size of each of the two internal I/O buffers.
256 *
257 * Note: the RFC defines the default size of SSL / TLS messages. If you
258 * change the value here, other clients / servers may not be able to
259 * communicate with you anymore. Only change this value if you control
260 * both sides of the connection and have it reduced at both sides, or
261 * if you're using the Max Fragment Length extension and you know all your
262 * peers are using it too!
263 */
264#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
265#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
266#endif
267
268#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
269#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
270#endif
271
272#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
273#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
274#endif
275
276/*
277 * Maximum number of heap-allocated bytes for the purpose of
278 * DTLS handshake message reassembly and future message buffering.
279 */
280#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
281#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
282#endif
283
284/* \} name SECTION: Module settings */
285
286/*
287 * Length of the verify data for secure renegotiation
288 */
289#if defined(MBEDTLS_SSL_PROTO_SSL3)
290#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
291#else
292#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
293#endif
294
295/*
296 * Signaling ciphersuite values (SCSV)
297 */
298#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
299#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
301/*
302 * Supported Signature and Hash algorithms (For TLS 1.2)
303 * RFC 5246 section 7.4.1.4.1
304 */
305#define MBEDTLS_SSL_HASH_NONE 0
306#define MBEDTLS_SSL_HASH_MD5 1
307#define MBEDTLS_SSL_HASH_SHA1 2
308#define MBEDTLS_SSL_HASH_SHA224 3
309#define MBEDTLS_SSL_HASH_SHA256 4
310#define MBEDTLS_SSL_HASH_SHA384 5
311#define MBEDTLS_SSL_HASH_SHA512 6
312
313#define MBEDTLS_SSL_SIG_ANON 0
314#define MBEDTLS_SSL_SIG_RSA 1
315#define MBEDTLS_SSL_SIG_ECDSA 3
316
317/*
318 * Client Certificate Types
319 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
320 */
321#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
322#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
323
324/*
325 * Message, alert and handshake types
326 */
327#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
328#define MBEDTLS_SSL_MSG_ALERT 21
329#define MBEDTLS_SSL_MSG_HANDSHAKE 22
330#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
331
332#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
333#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
334
335#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
336#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
337#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
338#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
339#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
340#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
341#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
342#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
343#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
344#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
345#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
346#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
347#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
348#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
349#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
350#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
351#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
352#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
353#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
354#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
355#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
356#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
357#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
358#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
359#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
360#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
361#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
362#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
363#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
364
365#define MBEDTLS_SSL_HS_HELLO_REQUEST 0
366#define MBEDTLS_SSL_HS_CLIENT_HELLO 1
367#define MBEDTLS_SSL_HS_SERVER_HELLO 2
368#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
369#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
370#define MBEDTLS_SSL_HS_CERTIFICATE 11
371#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
372#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
373#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
374#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
375#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
376#define MBEDTLS_SSL_HS_FINISHED 20
377
378/*
379 * TLS extensions
380 */
381#define MBEDTLS_TLS_EXT_SERVERNAME 0
382#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
383
384#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
385
386#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
387
388#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
389#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
390
391#define MBEDTLS_TLS_EXT_SIG_ALG 13
392
393#define MBEDTLS_TLS_EXT_ALPN 16
394
395#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
396#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
397
398#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
399
400#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
401
402#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
403
404/*
405 * Size defines
406 */
407#if !defined(MBEDTLS_PSK_MAX_LEN)
408#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
409#endif
410
411/* Dummy type used only for its size */
413{
414#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
415 unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
416#endif
417#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
418 unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
419#endif
420#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
421 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
422 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
423 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
424 unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
425#endif
426#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
427 unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
428#endif
429#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
430 unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
431 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
432#endif
433#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
434 unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
435#endif
436#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
437 unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
438 + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
439#endif
440#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
441 unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
442#endif
443};
444
445#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
446
447#ifdef __cplusplus
448extern "C" {
449#endif
450
451/*
452 * SSL state machine
453 */
454typedef enum
455{
475}
477
495typedef int mbedtls_ssl_send_t( void *ctx,
496 const unsigned char *buf,
497 size_t len );
498
518typedef int mbedtls_ssl_recv_t( void *ctx,
519 unsigned char *buf,
520 size_t len );
521
545 unsigned char *buf,
546 size_t len,
570typedef void mbedtls_ssl_set_timer_t( void * ctx,
571 uint32_t int_ms,
572 uint32_t fin_ms );
573
585typedef int mbedtls_ssl_get_timer_t( void * ctx );
586
587/* Defined below */
591
592/* Defined in ssl_internal.h */
596#if defined(MBEDTLS_X509_CRT_PARSE_C)
598#endif
599#if defined(MBEDTLS_SSL_PROTO_DTLS)
600typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
601#endif
602
603#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
604#if defined(MBEDTLS_X509_CRT_PARSE_C)
676typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
678 mbedtls_md_type_t md_alg,
679 const unsigned char *hash,
680 size_t hash_len );
681
742typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
744 const unsigned char *input,
745 size_t input_len );
746#endif /* MBEDTLS_X509_CRT_PARSE_C */
747
790typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
791 unsigned char *output,
792 size_t *output_len,
793 size_t output_size );
794
812typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
813#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
814
815/*
816 * This structure is used for storing current session data.
817 */
819{
820#if defined(MBEDTLS_HAVE_TIME)
822#endif
825 size_t id_len;
826 unsigned char id[32];
827 unsigned char master[48];
829#if defined(MBEDTLS_X509_CRT_PARSE_C)
831#endif /* MBEDTLS_X509_CRT_PARSE_C */
834#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
835 unsigned char *ticket;
836 size_t ticket_len;
838#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
839
840#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
841 unsigned char mfl_code;
842#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
843
844#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
846#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
847
848#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
850#endif
851};
852
857{
858 /* Group items by size (largest first) to minimize padding overhead */
859
860 /*
861 * Pointers
862 */
863
864 const int *ciphersuite_list[4];
867 void (*f_dbg)(void *, int, const char *, int, const char *);
868 void *p_dbg;
871 int (*f_rng)(void *, unsigned char *, size_t);
872 void *p_rng;
878 void *p_cache;
880#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
882 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
883 void *p_sni;
884#endif
885
886#if defined(MBEDTLS_X509_CRT_PARSE_C)
889 void *p_vrfy;
890#endif
891
892#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
894 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
895 void *p_psk;
896#endif
897
898#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
900 int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
901 const unsigned char *, size_t );
903 int (*f_cookie_check)( void *, const unsigned char *, size_t,
904 const unsigned char *, size_t );
905 void *p_cookie;
906#endif
907
908#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
910 int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
911 unsigned char *, const unsigned char *, size_t *, uint32_t * );
913 int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
914 void *p_ticket;
915#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
916
917#if defined(MBEDTLS_SSL_EXPORT_KEYS)
919 int (*f_export_keys)( void *, const unsigned char *,
920 const unsigned char *, size_t, size_t, size_t );
921 void *p_export_keys;
922#endif
923
924#if defined(MBEDTLS_X509_CRT_PARSE_C)
929#endif /* MBEDTLS_X509_CRT_PARSE_C */
930
931#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
932#if defined(MBEDTLS_X509_CRT_PARSE_C)
933 mbedtls_ssl_async_sign_t *f_async_sign_start;
934 mbedtls_ssl_async_decrypt_t *f_async_decrypt_start;
935#endif /* MBEDTLS_X509_CRT_PARSE_C */
936 mbedtls_ssl_async_resume_t *f_async_resume;
937 mbedtls_ssl_async_cancel_t *f_async_cancel;
938 void *p_async_config_data;
939#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
940
941#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
942 const int *sig_hashes;
943#endif
944
945#if defined(MBEDTLS_ECP_C)
947#endif
948
949#if defined(MBEDTLS_DHM_C)
952#endif
953
954#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
955 unsigned char *psk;
958 size_t psk_len;
961 unsigned char *psk_identity;
964 size_t psk_identity_len;
967#endif
968
969#if defined(MBEDTLS_SSL_ALPN)
970 const char **alpn_list;
971#endif
972
973 /*
974 * Numerical settings (int then char)
975 */
976
979#if defined(MBEDTLS_SSL_PROTO_DTLS)
980 uint32_t hs_timeout_min;
982 uint32_t hs_timeout_max;
984#endif
985
986#if defined(MBEDTLS_SSL_RENEGOTIATION)
988 unsigned char renego_period[8];
990#endif
991
992#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
993 unsigned int badmac_limit;
994#endif
995
996#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
997 unsigned int dhm_min_bitlen;
998#endif
999
1000 unsigned char max_major_ver;
1001 unsigned char max_minor_ver;
1002 unsigned char min_major_ver;
1003 unsigned char min_minor_ver;
1005 /*
1006 * Flags (bitfields)
1007 */
1008
1009 unsigned int endpoint : 1;
1010 unsigned int transport : 1;
1011 unsigned int authmode : 2;
1012 /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
1013 unsigned int allow_legacy_renegotiation : 2 ;
1014#if defined(MBEDTLS_ARC4_C)
1015 unsigned int arc4_disabled : 1;
1016#endif
1017#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1018 unsigned int mfl_code : 3;
1019#endif
1020#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1021 unsigned int encrypt_then_mac : 1 ;
1022#endif
1023#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1024 unsigned int extended_ms : 1;
1025#endif
1026#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1027 unsigned int anti_replay : 1;
1028#endif
1029#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1030 unsigned int cbc_record_splitting : 1;
1031#endif
1032#if defined(MBEDTLS_SSL_RENEGOTIATION)
1033 unsigned int disable_renegotiation : 1;
1034#endif
1035#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1036 unsigned int trunc_hmac : 1;
1037#endif
1038#if defined(MBEDTLS_SSL_SESSION_TICKETS)
1039 unsigned int session_tickets : 1;
1040#endif
1041#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
1042 unsigned int fallback : 1;
1043#endif
1044#if defined(MBEDTLS_SSL_SRV_C)
1045 unsigned int cert_req_ca_list : 1;
1047#endif
1048};
1049
1050
1052{
1055 /*
1056 * Miscellaneous
1057 */
1058 int state;
1059#if defined(MBEDTLS_SSL_RENEGOTIATION)
1064#endif /* MBEDTLS_SSL_RENEGOTIATION */
1065
1069#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
1070 unsigned badmac_seen;
1071#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
1072
1078 void *p_bio;
1080 /*
1081 * Session layer
1082 */
1091 /*
1092 * Record layer transformations
1093 */
1099 /*
1100 * Timers
1101 */
1102 void *p_timer;
1107 /*
1108 * Record layer (incoming data)
1109 */
1110 unsigned char *in_buf;
1111 unsigned char *in_ctr;
1114 unsigned char *in_hdr;
1115 unsigned char *in_len;
1116 unsigned char *in_iv;
1117 unsigned char *in_msg;
1118 unsigned char *in_offt;
1121 size_t in_msglen;
1122 size_t in_left;
1123#if defined(MBEDTLS_SSL_PROTO_DTLS)
1124 uint16_t in_epoch;
1125 size_t next_record_offset;
1127#endif /* MBEDTLS_SSL_PROTO_DTLS */
1128#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1129 uint64_t in_window_top;
1130 uint64_t in_window;
1131#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
1132
1133 size_t in_hslen;
1140#if defined(MBEDTLS_SSL_PROTO_DTLS)
1141 uint8_t disable_datagram_packing;
1143#endif /* MBEDTLS_SSL_PROTO_DTLS */
1144
1145 /*
1146 * Record layer (outgoing data)
1147 */
1148 unsigned char *out_buf;
1149 unsigned char *out_ctr;
1150 unsigned char *out_hdr;
1151 unsigned char *out_len;
1152 unsigned char *out_iv;
1153 unsigned char *out_msg;
1156 size_t out_msglen;
1157 size_t out_left;
1159 unsigned char cur_out_ctr[8];
1161#if defined(MBEDTLS_SSL_PROTO_DTLS)
1162 uint16_t mtu;
1163#endif /* MBEDTLS_SSL_PROTO_DTLS */
1164
1165#if defined(MBEDTLS_ZLIB_SUPPORT)
1166 unsigned char *compress_buf;
1167#endif /* MBEDTLS_ZLIB_SUPPORT */
1168#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1169 signed char split_done;
1170#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1171
1172 /*
1173 * PKI layer
1174 */
1177 /*
1178 * User settings
1179 */
1180#if defined(MBEDTLS_X509_CRT_PARSE_C)
1181 char *hostname;
1183#endif /* MBEDTLS_X509_CRT_PARSE_C */
1184
1185#if defined(MBEDTLS_SSL_ALPN)
1186 const char *alpn_chosen;
1187#endif /* MBEDTLS_SSL_ALPN */
1188
1189 /*
1190 * Information for DTLS hello verify
1191 */
1192#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
1193 unsigned char *cli_id;
1194 size_t cli_id_len;
1195#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
1196
1197 /*
1198 * Secure renegotiation
1199 */
1200 /* needed to know when to send extension on server */
1203#if defined(MBEDTLS_SSL_RENEGOTIATION)
1207#endif /* MBEDTLS_SSL_RENEGOTIATION */
1208};
1209
1210#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
1211
1212#define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
1213#define MBEDTLS_SSL_CHANNEL_INBOUND 1
1214
1215extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
1216 const unsigned char *key_enc, const unsigned char *key_dec,
1217 size_t keylen,
1218 const unsigned char *iv_enc, const unsigned char *iv_dec,
1219 size_t ivlen,
1220 const unsigned char *mac_enc, const unsigned char *mac_dec,
1221 size_t maclen);
1222extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
1223extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
1224extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
1225extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
1226extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
1227#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
1228
1237const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
1238
1247int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
1248
1257
1279 const mbedtls_ssl_config *conf );
1280
1292
1300
1316
1344
1345#if defined(MBEDTLS_X509_CRT_PARSE_C)
1358 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
1359 void *p_vrfy );
1360#endif /* MBEDTLS_X509_CRT_PARSE_C */
1361
1370 int (*f_rng)(void *, unsigned char *, size_t),
1371 void *p_rng );
1372
1388 void (*f_dbg)(void *, int, const char *, int, const char *),
1389 void *p_dbg );
1390
1422 void *p_bio,
1423 mbedtls_ssl_send_t *f_send,
1424 mbedtls_ssl_recv_t *f_recv,
1425 mbedtls_ssl_recv_timeout_t *f_recv_timeout );
1426
1427#if defined(MBEDTLS_SSL_PROTO_DTLS)
1470void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
1471#endif /* MBEDTLS_SSL_PROTO_DTLS */
1472
1490
1512 void *p_timer,
1513 mbedtls_ssl_set_timer_t *f_set_timer,
1514 mbedtls_ssl_get_timer_t *f_get_timer );
1515
1535typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
1537 unsigned char *start,
1538 const unsigned char *end,
1539 size_t *tlen,
1540 uint32_t *lifetime );
1541
1542#if defined(MBEDTLS_SSL_EXPORT_KEYS)
1563typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
1564 const unsigned char *ms,
1565 const unsigned char *kb,
1566 size_t maclen,
1567 size_t keylen,
1568 size_t ivlen );
1569#endif /* MBEDTLS_SSL_EXPORT_KEYS */
1570
1594typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
1596 unsigned char *buf,
1597 size_t len );
1598
1599#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
1614void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
1615 mbedtls_ssl_ticket_write_t *f_ticket_write,
1616 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
1617 void *p_ticket );
1618#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
1619
1620#if defined(MBEDTLS_SSL_EXPORT_KEYS)
1631void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
1632 mbedtls_ssl_export_keys_t *f_export_keys,
1633 void *p_export_keys );
1634#endif /* MBEDTLS_SSL_EXPORT_KEYS */
1635
1636#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1667void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
1668 mbedtls_ssl_async_sign_t *f_async_sign,
1669 mbedtls_ssl_async_decrypt_t *f_async_decrypt,
1670 mbedtls_ssl_async_resume_t *f_async_resume,
1671 mbedtls_ssl_async_cancel_t *f_async_cancel,
1672 void *config_data );
1673
1682void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
1683
1698void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
1699
1711void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
1712 void *ctx );
1713#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1714
1730 unsigned char **p, unsigned char *end,
1731 const unsigned char *info, size_t ilen );
1732
1747 const unsigned char *cookie, size_t clen,
1748 const unsigned char *info, size_t ilen );
1749
1750#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
1779void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
1780 mbedtls_ssl_cookie_write_t *f_cookie_write,
1781 mbedtls_ssl_cookie_check_t *f_cookie_check,
1782 void *p_cookie );
1783
1803int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
1804 const unsigned char *info,
1805 size_t ilen );
1806
1807#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
1808
1809#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1825void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
1826#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
1827
1828#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
1852void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
1853#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
1854
1855#if defined(MBEDTLS_SSL_PROTO_DTLS)
1856
1885void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
1886 unsigned allow_packing );
1887
1919void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
1920#endif /* MBEDTLS_SSL_PROTO_DTLS */
1921
1922#if defined(MBEDTLS_SSL_SRV_C)
1960void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
1961 void *p_cache,
1962 int (*f_get_cache)(void *, mbedtls_ssl_session *),
1963 int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
1964#endif /* MBEDTLS_SSL_SRV_C */
1965
1966#if defined(MBEDTLS_SSL_CLI_C)
1982#endif /* MBEDTLS_SSL_CLI_C */
1983
2000 const int *ciphersuites );
2001
2022 const int *ciphersuites,
2023 int major, int minor );
2024
2025#if defined(MBEDTLS_X509_CRT_PARSE_C)
2038
2051 mbedtls_x509_crt *ca_chain,
2052 mbedtls_x509_crl *ca_crl );
2053
2091 mbedtls_x509_crt *own_cert,
2092 mbedtls_pk_context *pk_key );
2093#endif /* MBEDTLS_X509_CRT_PARSE_C */
2094
2095#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2116int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
2117 const unsigned char *psk, size_t psk_len,
2118 const unsigned char *psk_identity, size_t psk_identity_len );
2119
2120
2133int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
2134 const unsigned char *psk, size_t psk_len );
2135
2160void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
2161 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
2162 size_t),
2163 void *p_psk );
2164#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2165
2166#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
2167
2168#if !defined(MBEDTLS_DEPRECATED_REMOVED)
2169
2170#if defined(MBEDTLS_DEPRECATED_WARNING)
2171#define MBEDTLS_DEPRECATED __attribute__((deprecated))
2172#else
2173#define MBEDTLS_DEPRECATED
2174#endif
2175
2189MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
2190 const char *dhm_P,
2191 const char *dhm_G );
2192
2193#endif /* MBEDTLS_DEPRECATED_REMOVED */
2194
2208int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
2209 const unsigned char *dhm_P, size_t P_len,
2210 const unsigned char *dhm_G, size_t G_len );
2211
2221int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
2222#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
2223
2224#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
2234 unsigned int bitlen );
2235#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
2236
2237#if defined(MBEDTLS_ECP_C)
2266 const mbedtls_ecp_group_id *curves );
2267#endif /* MBEDTLS_ECP_C */
2268
2269#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
2291 const int *hashes );
2292#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
2293
2294#if defined(MBEDTLS_X509_CRT_PARSE_C)
2314#endif /* MBEDTLS_X509_CRT_PARSE_C */
2315
2316#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
2330 mbedtls_x509_crt *own_cert,
2331 mbedtls_pk_context *pk_key );
2332
2345 mbedtls_x509_crt *ca_chain,
2346 mbedtls_x509_crl *ca_crl );
2347
2359 int authmode );
2360
2385 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
2386 size_t),
2387 void *p_sni );
2388#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
2389
2390#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2408int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
2409 const unsigned char *pw,
2410 size_t pw_len );
2411#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
2412
2413#if defined(MBEDTLS_SSL_ALPN)
2426int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
2427
2438#endif /* MBEDTLS_SSL_ALPN */
2439
2457
2477
2478#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
2498void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
2499#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
2500
2501#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2514#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
2515
2516#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
2529#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
2530
2531#if defined(MBEDTLS_ARC4_C)
2548#endif /* MBEDTLS_ARC4_C */
2549
2550#if defined(MBEDTLS_SSL_SRV_C)
2560void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
2561 char cert_req_ca_list );
2562#endif /* MBEDTLS_SSL_SRV_C */
2563
2564#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2599int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
2600#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2601
2602#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2612#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
2613
2614#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
2627#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
2628
2629#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2641#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
2642
2643#if defined(MBEDTLS_SSL_RENEGOTIATION)
2662#endif /* MBEDTLS_SSL_RENEGOTIATION */
2663
2692
2693#if defined(MBEDTLS_SSL_RENEGOTIATION)
2732
2759 const unsigned char period[8] );
2760#endif /* MBEDTLS_SSL_RENEGOTIATION */
2761
2801
2818
2832
2841
2850
2865
2866#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2880#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2881
2909
2910#if defined(MBEDTLS_X509_CRT_PARSE_C)
2926#endif /* MBEDTLS_X509_CRT_PARSE_C */
2927
2928#if defined(MBEDTLS_SSL_CLI_C)
2956#endif /* MBEDTLS_SSL_CLI_C */
2957
3009
3031
3032#if defined(MBEDTLS_SSL_RENEGOTIATION)
3057#endif /* MBEDTLS_SSL_RENEGOTIATION */
3058
3129int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
3130
3191int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
3192
3210 unsigned char level,
3211 unsigned char message );
3226
3233
3245
3262 int endpoint, int transport, int preset );
3263
3270
3277
3288
3289#ifdef __cplusplus
3290}
3291#endif
3292
3293#endif /* ssl.h */
unsigned short int uint16_t
Definition: acefiex.h:54
#define MBEDTLS_DEPRECATED
Definition: aes.h:651
char * hostname
Definition: ftp.c:88
Multi-precision integer library.
#define MBEDTLS_MPI_MAX_SIZE
Definition: bignum.h:107
static LPSTR * split(LPSTR s, LPINT args)
Definition: cmdcons.c:163
This file contains Diffie-Hellman-Merkle (DHM) key exchange definitions and functions.
UINT32 uint32_t
Definition: types.h:75
UINT64 uint64_t
Definition: types.h:77
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31
__kernel_size_t size_t
Definition: linux.h:237
This file contains ECDH definitions and functions.
This file provides an API for Elliptic Curves over GF(P) (ECP).
#define MBEDTLS_ECP_MAX_BYTES
Definition: ecp.h:278
mbedtls_ecp_group_id
Definition: ecp.h:103
GLuint start
Definition: gl.h:1545
GLint level
Definition: gl.h:1546
GLuint GLuint end
Definition: gl.h:1545
GLint limit
Definition: glext.h:10326
GLenum mode
Definition: glext.h:6217
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
GLenum GLenum GLenum input
Definition: glext.h:9031
#define profile
Definition: kernel32.h:12
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
static BYTE cert[]
Definition: msg.c:1437
#define min(a, b)
Definition: monoChain.cc:55
BYTE uint8_t
Definition: msvideo1.c:66
mbed TLS Platform time abstraction
time_t mbedtls_time_t
Definition: platform_time.h:78
#define minor(rdev)
Definition: propsheet.cpp:929
#define major(rdev)
Definition: propsheet.cpp:928
#define mbedtls_ssl_free
#define mbedtls_ssl_get_max_frag_len
#define mbedtls_ssl_init
#define mbedtls_ssl_set_hostname
#define mbedtls_ssl_conf_authmode
#define mbedtls_ssl_write
#define mbedtls_ssl_conf_endpoint
#define mbedtls_ssl_config_defaults
#define mbedtls_ssl_get_ciphersuite_id
#define mbedtls_ssl_setup
#define mbedtls_ssl_set_bio
#define mbedtls_ssl_conf_rng
#define mbedtls_ssl_config_free
#define mbedtls_ssl_handshake
#define mbedtls_ssl_get_version
#define mbedtls_ssl_get_peer_cert
#define mbedtls_ssl_conf_max_version
#define mbedtls_ssl_read
#define mbedtls_ssl_conf_min_version
#define mbedtls_ssl_conf_dbg
#define mbedtls_ssl_config_init
#define mbedtls_ssl_get_ciphersuite
#define MBEDTLS_PSK_MAX_LEN
Definition: ssl.h:408
void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout)
Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)
int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
Callback type: generate and write session ticket.
Definition: ssl.h:1535
void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems)
Enable or disable Extended Master Secret negotiation. (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, const unsigned char period[8])
Set record counter threshold for periodic renegotiation. (Default: 2^48 - 1)
void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy)
Prevent or allow legacy renegotiation. (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
Reset an already initialized SSL context for re-use while retaining application-set variables,...
const char * mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl)
Get the name of the negotiated Application Layer Protocol. This function should be called after the h...
void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split)
Enable / Disable 1/n-1 record splitting (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records)
Enforce renegotiation requests. (Default: enforced, max_records = 16)
void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport)
Set the transport type (TLS or DTLS). Default: TLS.
void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer)
Set the timer callbacks (Mandatory for DTLS.)
void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
Set the data required to verify peer certificate for the current handshake.
int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len)
Callback type: send data on the network.
Definition: ssl.h:495
void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, int(*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni)
Set server side ServerName TLS extension callback (optional, server-side only).
mbedtls_ssl_states
Definition: ssl.h:455
@ MBEDTLS_SSL_CERTIFICATE_VERIFY
Definition: ssl.h:465
@ MBEDTLS_SSL_HANDSHAKE_OVER
Definition: ssl.h:472
@ MBEDTLS_SSL_SERVER_HELLO_DONE
Definition: ssl.h:462
@ MBEDTLS_SSL_SERVER_FINISHED
Definition: ssl.h:469
@ MBEDTLS_SSL_SERVER_KEY_EXCHANGE
Definition: ssl.h:460
@ MBEDTLS_SSL_SERVER_HELLO
Definition: ssl.h:458
@ MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
Definition: ssl.h:464
@ MBEDTLS_SSL_CLIENT_HELLO
Definition: ssl.h:457
@ MBEDTLS_SSL_SERVER_CERTIFICATE
Definition: ssl.h:459
@ MBEDTLS_SSL_CERTIFICATE_REQUEST
Definition: ssl.h:461
@ MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
Definition: ssl.h:473
@ MBEDTLS_SSL_CLIENT_FINISHED
Definition: ssl.h:467
@ MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
Definition: ssl.h:468
@ MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
Definition: ssl.h:474
@ MBEDTLS_SSL_HANDSHAKE_WRAPUP
Definition: ssl.h:471
@ MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
Definition: ssl.h:466
@ MBEDTLS_SSL_HELLO_REQUEST
Definition: ssl.h:456
@ MBEDTLS_SSL_CLIENT_CERTIFICATE
Definition: ssl.h:463
@ MBEDTLS_SSL_FLUSH_BUFFERS
Definition: ssl.h:470
int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl)
Check if there is data already read from the underlying transport but not yet processed.
int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
Callback type: parse and load session ticket.
Definition: ssl.h:1594
int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl)
Initiate an SSL renegotiation on the running connection. Client: perform the renegotiation right now....
int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
Set own certificate chain and private key.
uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl)
Return the result of the certificate verification.
int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)
Callback type: generate a cookie.
Definition: ssl.h:1729
int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
Return the current maximum outgoing record payload in bytes. This takes into account the config....
void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms)
Callback type: set a pair of timers/delays to watch.
Definition: ssl.h:570
int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)
Callback type: receive data from the network, with timeout.
Definition: ssl.h:544
void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, const int *hashes)
Set the allowed hashes for signatures during the handshake. (Default: all SHA-2 hashes,...
void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate)
Activate negotiation of truncated HMAC (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, const mbedtls_x509_crt_profile *profile)
Set the X.509 security profile used for verification.
void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
Initialize SSL session structure.
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
Definition: ssl.h:292
void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, int authmode)
Set authmode for the current handshake.
void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl)
Set the data required to verify peer certificate.
int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
Request resumption of session (client-side only) Session data is copied from presented session struct...
int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl)
Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc...
void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets)
Enable / Disable session tickets (client only). (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED....
int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)
Callback type: verify a cookie.
Definition: ssl.h:1746
void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, unsigned int bitlen)
Set the minimum length for Diffie-Hellman parameters. (Client-side only.) (Default: 1024 bits....
void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4)
Disable or enable support for RC4 (Default: MBEDTLS_SSL_ARC4_DISABLED)
int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, mbedtls_pk_context *pk_key)
Set own certificate and key for the current handshake.
void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor)
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol....
int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
Perform a single step of the SSL handshake.
void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation)
Enable / Disable renegotiation support for connection when initiated by peer (Default: MBEDTLS_SSL_RE...
const char * mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len)
Callback type: receive data from the network.
Definition: ssl.h:518
void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
Free referenced items in an SSL session including the peer certificate and clear memory.
int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl)
Notify the peer that the connection is being closed.
int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code)
Set the maximum fragment length to emit and/or negotiate. (Typical: the smaller of MBEDTLS_SSL_IN_CON...
void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, const int *ciphersuites)
Set the list of allowed ciphersuites and the preference order. First in the list has the highest pref...
size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl)
Return the number of application data bytes remaining to be read from the current record.
int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session)
Save session in order to resume it later (client-side only) Session data is copied to presented sessi...
int mbedtls_ssl_get_timer_t(void *ctx)
Callback type: get status of timers/delays.
Definition: ssl.h:585
void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves)
Set the allowed curves in order of preference. (Default: all defined curves in order of decreasing si...
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
Set the supported Application Layer Protocols.
void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm)
Enable or disable Encrypt-then-MAC (Default: MBEDTLS_SSL_ETM_ENABLED)
void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Set the verification callback (Optional).
SSL Ciphersuites for mbed TLS.
Definition: cookie.c:34
Definition: nis.h:10
Definition: _hash_fun.h:40
The DHM context structure.
Definition: dhm.h:128
MPI structure.
Definition: bignum.h:211
Public key container.
Definition: pk.h:156
int(* f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t)
Definition: ssl.h:882
unsigned int cbc_record_splitting
Definition: ssl.h:1030
unsigned int authmode
Definition: ssl.h:1011
int renego_max_records
Definition: ssl.h:987
unsigned char max_major_ver
Definition: ssl.h:1000
const int * ciphersuite_list[4]
Definition: ssl.h:864
void * p_sni
Definition: ssl.h:883
unsigned int session_tickets
Definition: ssl.h:1039
void * p_rng
Definition: ssl.h:872
unsigned int trunc_hmac
Definition: ssl.h:1036
int(* f_set_cache)(void *, const mbedtls_ssl_session *)
Definition: ssl.h:877
mbedtls_x509_crl * ca_crl
Definition: ssl.h:928
const mbedtls_ecp_group_id * curve_list
Definition: ssl.h:946
mbedtls_x509_crt * ca_chain
Definition: ssl.h:927
unsigned char max_minor_ver
Definition: ssl.h:1001
unsigned char min_minor_ver
Definition: ssl.h:1003
unsigned int transport
Definition: ssl.h:1010
unsigned int mfl_code
Definition: ssl.h:1018
unsigned int arc4_disabled
Definition: ssl.h:1015
const mbedtls_x509_crt_profile * cert_profile
Definition: ssl.h:925
unsigned int endpoint
Definition: ssl.h:1009
const int * sig_hashes
Definition: ssl.h:942
uint32_t read_timeout
Definition: ssl.h:977
unsigned int encrypt_then_mac
Definition: ssl.h:1021
int(* f_rng)(void *, unsigned char *, size_t)
Definition: ssl.h:871
int(* f_get_cache)(void *, mbedtls_ssl_session *)
Definition: ssl.h:875
unsigned int disable_renegotiation
Definition: ssl.h:1033
void(* f_dbg)(void *, int, const char *, int, const char *)
Definition: ssl.h:867
unsigned char renego_period[8]
Definition: ssl.h:988
int(* f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)
Definition: ssl.h:888
unsigned int dhm_min_bitlen
Definition: ssl.h:997
const char ** alpn_list
Definition: ssl.h:970
void * p_vrfy
Definition: ssl.h:889
void * p_cache
Definition: ssl.h:878
unsigned int extended_ms
Definition: ssl.h:1024
void * p_dbg
Definition: ssl.h:868
unsigned char min_major_ver
Definition: ssl.h:1002
mbedtls_mpi dhm_G
Definition: ssl.h:951
mbedtls_mpi dhm_P
Definition: ssl.h:950
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:926
unsigned int allow_legacy_renegotiation
Definition: ssl.h:1013
unsigned char * out_hdr
Definition: ssl.h:1150
size_t verify_data_len
Definition: ssl.h:1204
mbedtls_ssl_transform * transform_out
Definition: ssl.h:1095
signed char split_done
Definition: ssl.h:1169
mbedtls_ssl_session * session_in
Definition: ssl.h:1083
mbedtls_ssl_set_timer_t * f_set_timer
Definition: ssl.h:1104
mbedtls_ssl_session * session
Definition: ssl.h:1085
char * hostname
Definition: ssl.h:1181
unsigned char cur_out_ctr[8]
Definition: ssl.h:1159
unsigned char * out_len
Definition: ssl.h:1151
mbedtls_ssl_get_timer_t * f_get_timer
Definition: ssl.h:1105
mbedtls_ssl_transform * transform
Definition: ssl.h:1096
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
Definition: ssl.h:1205
mbedtls_ssl_send_t * f_send
Definition: ssl.h:1073
unsigned char * out_msg
Definition: ssl.h:1153
mbedtls_ssl_session * session_negotiate
Definition: ssl.h:1086
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
Definition: ssl.h:1206
unsigned char * in_iv
Definition: ssl.h:1116
unsigned char * out_buf
Definition: ssl.h:1148
unsigned char * in_buf
Definition: ssl.h:1110
const char * alpn_chosen
Definition: ssl.h:1186
size_t out_left
Definition: ssl.h:1157
size_t in_hslen
Definition: ssl.h:1133
mbedtls_ssl_session * session_out
Definition: ssl.h:1084
unsigned char * in_msg
Definition: ssl.h:1117
size_t out_msglen
Definition: ssl.h:1156
mbedtls_ssl_recv_t * f_recv
Definition: ssl.h:1074
int renego_records_seen
Definition: ssl.h:1061
unsigned char * out_ctr
Definition: ssl.h:1149
unsigned char * out_iv
Definition: ssl.h:1152
unsigned char * in_ctr
Definition: ssl.h:1111
mbedtls_ssl_recv_timeout_t * f_recv_timeout
Definition: ssl.h:1075
unsigned char * in_hdr
Definition: ssl.h:1114
mbedtls_ssl_transform * transform_in
Definition: ssl.h:1094
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1088
int secure_renegotiation
Definition: ssl.h:1201
mbedtls_ssl_transform * transform_negotiate
Definition: ssl.h:1097
size_t in_msglen
Definition: ssl.h:1121
void * p_timer
Definition: ssl.h:1102
size_t in_left
Definition: ssl.h:1122
void * p_bio
Definition: ssl.h:1078
unsigned char * in_offt
Definition: ssl.h:1118
unsigned char * in_len
Definition: ssl.h:1115
const mbedtls_ssl_config * conf
Definition: ssl.h:1053
int keep_current_message
Definition: ssl.h:1137
uint32_t ticket_lifetime
Definition: ssl.h:837
mbedtls_x509_crt * peer_cert
Definition: ssl.h:830
size_t ticket_len
Definition: ssl.h:836
uint32_t verify_result
Definition: ssl.h:832
unsigned char mfl_code
Definition: ssl.h:841
int encrypt_then_mac
Definition: ssl.h:849
size_t id_len
Definition: ssl.h:825
unsigned char * ticket
Definition: ssl.h:835
unsigned char master[48]
Definition: ssl.h:827
Definition: tftpd.h:60
Definition: dhcpd.h:245
#define max(a, b)
Definition: svc.c:63
unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]
Definition: ssl.h:418
unsigned char _pms_rsa[48]
Definition: ssl.h:415
unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]
Definition: ssl.h:424
X.509 certificate revocation list parsing.
X.509 certificate parsing and writing.