PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

API Documentation (Doxygen generated)

These pages are generated with doxygen directly from the source code!

ssl_internal.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_SSL_INTERNAL_H
25 #define MBEDTLS_SSL_INTERNAL_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
32 
33 #include "ssl.h"
34 #include "cipher.h"
35 
36 #if defined(MBEDTLS_MD5_C)
37 #include "md5.h"
38 #endif
39 
40 #if defined(MBEDTLS_SHA1_C)
41 #include "sha1.h"
42 #endif
43 
44 #if defined(MBEDTLS_SHA256_C)
45 #include "sha256.h"
46 #endif
47 
48 #if defined(MBEDTLS_SHA512_C)
49 #include "sha512.h"
50 #endif
51 
52 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
53 #include "ecjpake.h"
54 #endif
55 
56 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
57  !defined(inline) && !defined(__cplusplus)
58 #define inline __inline
59 #endif
60 
61 /* Determine minimum supported version */
62 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
63 
64 #if defined(MBEDTLS_SSL_PROTO_SSL3)
65 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
66 #else
67 #if defined(MBEDTLS_SSL_PROTO_TLS1)
68 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
69 #else
70 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
71 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
72 #else
73 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
74 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
75 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
76 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
77 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
78 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
79 
80 #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
81 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
82 
83 /* Determine maximum supported version */
84 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
85 
86 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
87 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
88 #else
89 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
90 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
91 #else
92 #if defined(MBEDTLS_SSL_PROTO_TLS1)
93 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
94 #else
95 #if defined(MBEDTLS_SSL_PROTO_SSL3)
96 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
97 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
98 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
99 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
100 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
101 
102 /* Shorthand for restartable ECC */
103 #if defined(MBEDTLS_ECP_RESTARTABLE) && \
104  defined(MBEDTLS_SSL_CLI_C) && \
105  defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
106  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
107 #define MBEDTLS_SSL__ECP_RESTARTABLE
108 #endif
109 
110 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
111 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
112 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
113 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
114 
115 /*
116  * DTLS retransmission states, see RFC 6347 4.2.4
117  *
118  * The SENDING state is merged in PREPARING for initial sends,
119  * but is distinct for resends.
120  *
121  * Note: initial state is wrong for server, but is not used anyway.
122  */
123 #define MBEDTLS_SSL_RETRANS_PREPARING 0
124 #define MBEDTLS_SSL_RETRANS_SENDING 1
125 #define MBEDTLS_SSL_RETRANS_WAITING 2
126 #define MBEDTLS_SSL_RETRANS_FINISHED 3
127 
128 /*
129  * Allow extra bytes for record, authentication and encryption overhead:
130  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
131  * and allow for a maximum of 1024 of compression expansion if
132  * enabled.
133  */
134 #if defined(MBEDTLS_ZLIB_SUPPORT)
135 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
136 #else
137 #define MBEDTLS_SSL_COMPRESSION_ADD 0
138 #endif
139 
140 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
141 /* Ciphersuites using HMAC */
142 #if defined(MBEDTLS_SHA512_C)
143 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
144 #elif defined(MBEDTLS_SHA256_C)
145 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
146 #else
147 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
148 #endif
149 #else
150 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
151 #define MBEDTLS_SSL_MAC_ADD 16
152 #endif
153 
154 #if defined(MBEDTLS_CIPHER_MODE_CBC)
155 #define MBEDTLS_SSL_PADDING_ADD 256
156 #else
157 #define MBEDTLS_SSL_PADDING_ADD 0
158 #endif
159 
160 #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
161  MBEDTLS_MAX_IV_LENGTH + \
162  MBEDTLS_SSL_MAC_ADD + \
163  MBEDTLS_SSL_PADDING_ADD \
164  )
165 
166 #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
167  ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
168 
169 #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
170  ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
171 
172 /* The maximum number of buffered handshake messages. */
173 #define MBEDTLS_SSL_MAX_BUFFERED_HS 4
174 
175 /* Maximum length we can advertise as our max content length for
176  RFC 6066 max_fragment_length extension negotiation purposes
177  (the lesser of both sizes, if they are unequal.)
178  */
179 #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
180  (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
181  ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
182  : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
183  )
184 
185 /*
186  * Check that we obey the standard's message size bounds
187  */
188 
189 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
190 #error "Bad configuration - record content too large."
191 #endif
192 
193 #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
194 #error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
195 #endif
196 
197 #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
198 #error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
199 #endif
200 
201 #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
202 #error "Bad configuration - incoming protected record payload too large."
203 #endif
204 
205 #if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
206 #error "Bad configuration - outgoing protected record payload too large."
207 #endif
208 
209 /* Calculate buffer sizes */
210 
211 /* Note: Even though the TLS record header is only 5 bytes
212  long, we're internally using 8 bytes to store the
213  implicit sequence number. */
214 #define MBEDTLS_SSL_HEADER_LEN 13
215 
216 #define MBEDTLS_SSL_IN_BUFFER_LEN \
217  ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
218 
219 #define MBEDTLS_SSL_OUT_BUFFER_LEN \
220  ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
221 
222 #ifdef MBEDTLS_ZLIB_SUPPORT
223 /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
224 #define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
225  ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
226  ? MBEDTLS_SSL_IN_BUFFER_LEN \
227  : MBEDTLS_SSL_OUT_BUFFER_LEN \
228  )
229 #endif
230 
231 /*
232  * TLS extension flags (for extensions with outgoing ServerHello content
233  * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
234  * of state of the renegotiation flag, so no indicator is required)
235  */
236 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
237 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
238 
239 #ifdef __cplusplus
240 extern "C" {
241 #endif
242 
243 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
244  defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
245 /*
246  * Abstraction for a grid of allowed signature-hash-algorithm pairs.
247  */
249 {
250  /* At the moment, we only need to remember a single suitable
251  * hash algorithm per signature algorithm. As long as that's
252  * the case - and we don't need a general lookup function -
253  * we can implement the sig-hash-set as a map from signatures
254  * to hash algorithms. */
257 };
258 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
259  MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
260 
261 /*
262  * This structure contains the parameters only needed during handshake.
263  */
265 {
266  /*
267  * Handshake specific crypto variables
268  */
269 
270 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
271  defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
273 #endif
274 #if defined(MBEDTLS_DHM_C)
276 #endif
277 #if defined(MBEDTLS_ECDH_C)
279 #endif
280 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
281  mbedtls_ecjpake_context ecjpake_ctx;
282 #if defined(MBEDTLS_SSL_CLI_C)
283  unsigned char *ecjpake_cache;
284  size_t ecjpake_cache_len;
285 #endif
286 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
287 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
288  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
290 #endif
291 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
292  unsigned char *psk;
293  size_t psk_len;
294 #endif
295 #if defined(MBEDTLS_X509_CRT_PARSE_C)
297 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
302 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
303 #endif /* MBEDTLS_X509_CRT_PARSE_C */
304 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
305  int ecrs_enabled;
307  enum { /* this complements ssl->state with info on intra-state operations */
308  ssl_ecrs_none = 0,
309  ssl_ecrs_crt_verify,
310  ssl_ecrs_ske_start_processing,
311  ssl_ecrs_cke_ecdh_calc_secret,
312  ssl_ecrs_crt_vrfy_sign,
313  } ecrs_state;
314  size_t ecrs_n;
315 #endif
316 #if defined(MBEDTLS_SSL_PROTO_DTLS)
317  unsigned int out_msg_seq;
318  unsigned int in_msg_seq;
320  unsigned char *verify_cookie;
322  unsigned char verify_cookie_len;
326  unsigned char retransmit_state;
329  unsigned char *cur_msg_p;
330  unsigned int in_flight_start_seq;
334  unsigned char alt_out_ctr[8];
337  struct
338  {
342  uint8_t seen_ccs;
345  struct mbedtls_ssl_hs_buffer
346  {
347  unsigned is_valid : 1;
348  unsigned is_fragmented : 1;
349  unsigned is_complete : 1;
350  unsigned char *data;
351  size_t data_len;
353 
354  struct
355  {
356  unsigned char *data;
357  size_t len;
358  unsigned epoch;
359  } future_record;
360 
361  } buffering;
362 
363  uint16_t mtu;
364 #endif /* MBEDTLS_SSL_PROTO_DTLS */
365 
366  /*
367  * Checksum contexts
368  */
369 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
370  defined(MBEDTLS_SSL_PROTO_TLS1_1)
373 #endif
374 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
375 #if defined(MBEDTLS_SHA256_C)
377 #endif
378 #if defined(MBEDTLS_SHA512_C)
380 #endif
381 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
382 
383  void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
384  void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
385  void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
386  int (*tls_prf)(const unsigned char *, size_t, const char *,
387  const unsigned char *, size_t,
388  unsigned char *, size_t);
389 
390  size_t pmslen;
392  unsigned char randbytes[64];
396  int resume;
399  int cli_exts;
401 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
403 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
404 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
406 #endif
407 
408 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
409  unsigned int async_in_progress : 1;
410 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
411 
412 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
413 
418  void *user_async_ctx;
419 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
420 };
421 
423 
424 /*
425  * This structure contains a full set of runtime transform parameters
426  * either in negotiation or active.
427  */
429 {
430  /*
431  * Session specific crypto layer
432  */
435  unsigned int keylen;
436  size_t minlen;
437  size_t ivlen;
438  size_t fixed_ivlen;
439  size_t maclen;
441  unsigned char iv_enc[16];
442  unsigned char iv_dec[16];
444 #if defined(MBEDTLS_SSL_PROTO_SSL3)
445  /* Needed only for SSL v3.0 secret */
446  unsigned char mac_enc[20];
447  unsigned char mac_dec[20];
448 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
449 
456  /*
457  * Session specific compression layer
458  */
459 #if defined(MBEDTLS_ZLIB_SUPPORT)
460  z_stream ctx_deflate;
461  z_stream ctx_inflate;
462 #endif
463 };
464 
465 #if defined(MBEDTLS_X509_CRT_PARSE_C)
466 /*
467  * List of certificate + private key pairs
468  */
470 {
474 };
475 #endif /* MBEDTLS_X509_CRT_PARSE_C */
476 
477 #if defined(MBEDTLS_SSL_PROTO_DTLS)
478 /*
479  * List of handshake messages kept around for resending
480  */
482 {
483  unsigned char *p;
484  size_t len;
485  unsigned char type;
487 };
488 #endif /* MBEDTLS_SSL_PROTO_DTLS */
489 
490 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
491  defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
492 
493 /* Find an entry in a signature-hash set matching a given hash algorithm. */
495  mbedtls_pk_type_t sig_alg );
496 /* Add a signature-hash-pair to a signature-hash set */
498  mbedtls_pk_type_t sig_alg,
499  mbedtls_md_type_t md_alg );
500 /* Allow exactly one hash algorithm for each signature. */
502  mbedtls_md_type_t md_alg );
503 
504 /* Setup an empty signature-hash set */
506 {
508 }
509 
510 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
511  MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
512 
520 
528 
532 
534 
537 
541 
619  unsigned update_hs_digest );
620 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
621 
623 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
625 
628 
631 
634 
636  const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
637 
638 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
640 #endif
641 
642 #if defined(MBEDTLS_PK_C)
643 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
644 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
646 #endif
647 
648 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
649 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
651 
652 #if defined(MBEDTLS_ECP_C)
654 #endif
655 
656 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
659 #endif
660 
661 #if defined(MBEDTLS_X509_CRT_PARSE_C)
663 {
664  mbedtls_ssl_key_cert *key_cert;
665 
666  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
667  key_cert = ssl->handshake->key_cert;
668  else
669  key_cert = ssl->conf->key_cert;
670 
671  return( key_cert == NULL ? NULL : key_cert->key );
672 }
673 
675 {
676  mbedtls_ssl_key_cert *key_cert;
677 
678  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
679  key_cert = ssl->handshake->key_cert;
680  else
681  key_cert = ssl->conf->key_cert;
682 
683  return( key_cert == NULL ? NULL : key_cert->cert );
684 }
685 
686 /*
687  * Check usage of a certificate wrt extensions:
688  * keyUsage, extendedKeyUsage (later), and nSCertType (later).
689  *
690  * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
691  * check a cert we received from them)!
692  *
693  * Return 0 if everything is OK, -1 if not.
694  */
696  const mbedtls_ssl_ciphersuite_t *ciphersuite,
697  int cert_endpoint,
698  uint32_t *flags );
699 #endif /* MBEDTLS_X509_CRT_PARSE_C */
700 
701 void mbedtls_ssl_write_version( int major, int minor, int transport,
702  unsigned char ver[2] );
703 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
704  const unsigned char ver[2] );
705 
706 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
707 {
708 #if defined(MBEDTLS_SSL_PROTO_DTLS)
710  return( 13 );
711 #else
712  ((void) ssl);
713 #endif
714  return( 5 );
715 }
716 
717 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
718 {
719 #if defined(MBEDTLS_SSL_PROTO_DTLS)
721  return( 12 );
722 #else
723  ((void) ssl);
724 #endif
725  return( 4 );
726 }
727 
728 #if defined(MBEDTLS_SSL_PROTO_DTLS)
733 #endif
734 
735 /* Visible for testing purposes only */
736 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
739 #endif
740 
741 /* constant-time buffer comparison */
742 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
743 {
744  size_t i;
745  volatile const unsigned char *A = (volatile const unsigned char *) a;
746  volatile const unsigned char *B = (volatile const unsigned char *) b;
747  volatile unsigned char diff = 0;
748 
749  for( i = 0; i < n; i++ )
750  {
751  /* Read volatile data in order before computing diff.
752  * This avoids IAR compiler warning:
753  * 'the order of volatile accesses is undefined ..' */
754  unsigned char x = A[i], y = B[i];
755  diff |= x ^ y;
756  }
757 
758  return( diff );
759 }
760 
761 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
762  defined(MBEDTLS_SSL_PROTO_TLS1_1)
764  unsigned char *output,
765  unsigned char *data, size_t data_len );
766 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
767  MBEDTLS_SSL_PROTO_TLS1_1 */
768 
769 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
770  defined(MBEDTLS_SSL_PROTO_TLS1_2)
772  unsigned char *hash, size_t *hashlen,
773  unsigned char *data, size_t data_len,
774  mbedtls_md_type_t md_alg );
775 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
776  MBEDTLS_SSL_PROTO_TLS1_2 */
777 
778 #ifdef __cplusplus
779 }
780 #endif
781 
782 #endif /* ssl_internal.h */
void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
Free referenced items in an SSL handshake context and clear memory.
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
unsigned int transport
Definition: ssl.h:981
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
Definition: ssl_internal.h:383
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
Public key container.
Definition: pk.h:130
mbedtls_sha1_context fin_sha1
Definition: ssl_internal.h:372
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
mbedtls_md_type_t rsa
Definition: ssl_internal.h:255
struct mbedtls_ssl_handshake_params::@1 buffering
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
Definition: ssl_internal.h:385
mbedtls_ssl_key_cert * key_cert
Definition: ssl_internal.h:296
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
unsigned char alt_out_ctr[8]
Definition: ssl_internal.h:334
unsigned char randbytes[64]
Definition: ssl_internal.h:392
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
mbedtls_ssl_flight_item * cur_msg
Definition: ssl_internal.h:328
mbedtls_sha256_context fin_sha256
Definition: ssl_internal.h:376
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
Certificate revocation list structure.
Definition: x509_crl.h:70
mbedtls_ecdh_context ecdh_ctx
Definition: ssl_internal.h:278
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
Generic cipher context.
Definition: cipher.h:284
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl_internal.h:742
struct mbedtls_ssl_handshake_params::@1::@2 future_record
mbedtls_sha512_context fin_sha512
Definition: ssl_internal.h:379
mbedtls_pk_type_t
Public key types.
Definition: pk.h:78
int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
Configuration options (set of defines)
struct mbedtls_ssl_handshake_params::@1::mbedtls_ssl_hs_buffer hs[MBEDTLS_SSL_MAX_BUFFERED_HS]
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg)
mbedtls_cipher_context_t cipher_ctx_enc
Definition: ssl_internal.h:453
Elliptic curve J-PAKE.
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:717
void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg, mbedtls_md_type_t md_alg)
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Definition: ssl.h:137
Curve information, for use by other modules.
Definition: ecp.h:105
int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
static void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set)
Definition: ssl_internal.h:505
The generic message-digest context.
Definition: md.h:85
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
Definition: ssl_internal.h:386
mbedtls_x509_crt * sni_ca_chain
Definition: ssl_internal.h:300
mbedtls_md_context_t md_ctx_dec
Definition: ssl_internal.h:451
const mbedtls_ssl_ciphersuite_t * ciphersuite_info
Definition: ssl_internal.h:433
mbedtls_md5_context fin_md5
Definition: ssl_internal.h:371
unsigned char iv_dec[16]
Definition: ssl_internal.h:442
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:1059
int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context *ssl)
const mbedtls_ecp_curve_info ** curves
Definition: ssl_internal.h:289
int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg)
void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
mbedtls_ssl_transform * alt_transform_out
Definition: ssl_internal.h:332
unsigned char iv_enc[16]
Definition: ssl_internal.h:441
mbedtls_ssl_flight_item * next
Definition: ssl_internal.h:486
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:897
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
The SHA-512 context structure.
Definition: sha512.h:57
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer
Definition: ssl_internal.h:422
#define MBEDTLS_SSL_MAX_BUFFERED_HS
Definition: ssl_internal.h:173
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:199
int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, unsigned char *output, unsigned char *data, size_t data_len)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
Definition: ssl_internal.h:384
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, unsigned update_hs_digest)
Update record layer.
mbedtls_ssl_sig_hash_set_t hash_algs
Definition: ssl_internal.h:272
unsigned char * verify_cookie
Definition: ssl_internal.h:320
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:674
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_ecp_group_id
Domain-parameter identifiers: curve, subgroup, and generator.
Definition: ecp.h:77
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush)
The DHM context structure.
Definition: dhm.h:102
const mbedtls_ssl_config * conf
Definition: ssl.h:1024
The SHA-256 context structure.
Definition: sha256.h:58
void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
The ECDH context structure.
Definition: ecdh.h:110
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl)
This structure is used for storing ciphersuite information.
#define MBEDTLS_PREMASTER_SIZE
Definition: ssl.h:416
int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
mbedtls_cipher_context_t cipher_ctx_dec
Definition: ssl_internal.h:454
mbedtls_ssl_key_cert * next
Definition: ssl_internal.h:473
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
This file contains SHA-1 definitions and functions.
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
MD5 context structure.
Definition: md5.h:59
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
Container for an X.509 certificate.
Definition: x509_crt.h:53
mbedtls_md_type_t ecdsa
Definition: ssl_internal.h:256
The SHA-1 context structure.
Definition: sha1.h:63
This file contains SHA-384 and SHA-512 definitions and functions.
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
mbedtls_ssl_key_cert * sni_key_cert
Definition: ssl_internal.h:299
SSL/TLS functions.
mbedtls_pk_context * key
Definition: ssl_internal.h:472
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
EC J-PAKE context structure.
Definition: ecjpake.h:76
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
Definition: ssl_internal.h:393
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * flight
Definition: ssl_internal.h:327
mbedtls_x509_crl * sni_ca_crl
Definition: ssl_internal.h:301
void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
mbedtls_md_type_t
Supported message digests.
Definition: md.h:58
mbedtls_md_context_t md_ctx_enc
Definition: ssl_internal.h:450
#define md
Definition: compat-1.3.h:1988
MD5 message digest algorithm (hash function)
This file contains SHA-224 and SHA-256 definitions and functions.
mbedtls_x509_crt * cert
Definition: ssl_internal.h:471
mbedtls_dhm_context dhm_ctx
Definition: ssl_internal.h:275
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:662
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:706
None.
Definition: md.h:59