23 #ifndef MBEDTLS_SSL_INTERNAL_H 24 #define MBEDTLS_SSL_INTERNAL_H 28 #if defined(MBEDTLS_MD5_C) 32 #if defined(MBEDTLS_SHA1_C) 36 #if defined(MBEDTLS_SHA256_C) 40 #if defined(MBEDTLS_SHA512_C) 44 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 48 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 49 !defined(inline) && !defined(__cplusplus) 50 #define inline __inline 54 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 56 #if defined(MBEDTLS_SSL_PROTO_SSL3) 57 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 59 #if defined(MBEDTLS_SSL_PROTO_TLS1) 60 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 62 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 63 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 65 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 66 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 73 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 75 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 76 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 78 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 79 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 81 #if defined(MBEDTLS_SSL_PROTO_TLS1) 82 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 84 #if defined(MBEDTLS_SSL_PROTO_SSL3) 85 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 91 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 92 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 93 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 94 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 104 #define MBEDTLS_SSL_RETRANS_PREPARING 0 105 #define MBEDTLS_SSL_RETRANS_SENDING 1 106 #define MBEDTLS_SSL_RETRANS_WAITING 2 107 #define MBEDTLS_SSL_RETRANS_FINISHED 3 115 #if defined(MBEDTLS_ZLIB_SUPPORT) 116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 118 #define MBEDTLS_SSL_COMPRESSION_ADD 0 121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 123 #if defined(MBEDTLS_SHA512_C) 124 #define MBEDTLS_SSL_MAC_ADD 48 125 #elif defined(MBEDTLS_SHA256_C) 126 #define MBEDTLS_SSL_MAC_ADD 32 128 #define MBEDTLS_SSL_MAC_ADD 20 132 #define MBEDTLS_SSL_MAC_ADD 16 135 #if defined(MBEDTLS_CIPHER_MODE_CBC) 136 #define MBEDTLS_SSL_PADDING_ADD 256 138 #define MBEDTLS_SSL_PADDING_ADD 0 141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 142 + MBEDTLS_SSL_COMPRESSION_ADD \ 144 + MBEDTLS_SSL_MAC_ADD \ 145 + MBEDTLS_SSL_PADDING_ADD \ 153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 171 #if defined(MBEDTLS_DHM_C) 174 #if defined(MBEDTLS_ECDH_C) 177 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 179 #if defined(MBEDTLS_SSL_CLI_C) 184 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 185 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 188 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 192 #if defined(MBEDTLS_X509_CRT_PARSE_C) 194 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 201 #if defined(MBEDTLS_SSL_PROTO_DTLS) 227 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 228 defined(MBEDTLS_SSL_PROTO_TLS1_1) 232 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 233 #if defined(MBEDTLS_SHA256_C) 236 #if defined(MBEDTLS_SHA512_C) 244 int (*
tls_prf)(
const unsigned char *, size_t,
const char *,
245 const unsigned char *, size_t,
246 unsigned char *, size_t);
259 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 262 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 284 unsigned char iv_enc[16];
285 unsigned char iv_dec[16];
287 #if defined(MBEDTLS_SSL_PROTO_SSL3) 289 unsigned char mac_enc[20];
290 unsigned char mac_dec[20];
302 #if defined(MBEDTLS_ZLIB_SUPPORT) 308 #if defined(MBEDTLS_X509_CRT_PARSE_C) 320 #if defined(MBEDTLS_SSL_PROTO_DTLS) 377 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 381 #if defined(MBEDTLS_PK_C) 389 #if defined(MBEDTLS_ECP_C) 393 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 398 #if defined(MBEDTLS_X509_CRT_PARSE_C) 408 return( key_cert == NULL ? NULL : key_cert->
key );
420 return( key_cert == NULL ? NULL : key_cert->
cert );
439 unsigned char ver[2] );
441 const unsigned char ver[2] );
445 #if defined(MBEDTLS_SSL_PROTO_DTLS) 456 #if defined(MBEDTLS_SSL_PROTO_DTLS) 465 #if defined(MBEDTLS_SSL_PROTO_DTLS) 472 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 481 const unsigned char *A = (
const unsigned char *) a;
482 const unsigned char *B = (
const unsigned char *) b;
483 unsigned char diff = 0;
485 for( i = 0; i < n; i++ )
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
mbedtls_sha1_context fin_sha1
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
mbedtls_ssl_key_cert * key_cert
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
unsigned char alt_out_ctr[8]
unsigned char randbytes[64]
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * cur_msg
mbedtls_sha256_context fin_sha256
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
Certificate revocation list structure.
mbedtls_ecdh_context ecdh_ctx
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
mbedtls_sha512_context fin_sha512
mbedtls_pk_type_t
Public key types.
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Curve information for use by other modules.
int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
Generic message digest context.
mbedtls_x509_crt * sni_ca_chain
void mbedtls_ssl_handshake_free(mbedtls_ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
mbedtls_md5_context fin_md5
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context *ssl)
const mbedtls_ecp_curve_info ** curves
mbedtls_ssl_transform * alt_transform_out
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * next
unsigned char retransmit_state
mbedtls_ssl_key_cert * key_cert
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
unsigned char * verify_cookie
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
mbedtls_ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
unsigned char * ecjpake_cache
const mbedtls_ssl_config * conf
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
mbedtls_ecjpake_context ecjpake_ctx
This structure is used for storing ciphersuite information.
uint32_t retransmit_timeout
#define MBEDTLS_PREMASTER_SIZE
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
unsigned char verify_cookie_len
mbedtls_ssl_key_cert * next
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
SHA-1 cryptographic hash function.
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl)
unsigned int in_flight_start_seq
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
Container for an X.509 certificate.
SHA-384 and SHA-512 cryptographic hash function.
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
mbedtls_ssl_key_cert * sni_key_cert
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
EC J-PAKE context structure.
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
mbedtls_ssl_flight_item * flight
mbedtls_x509_crl * sni_ca_crl
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
MD5 message digest algorithm (hash function)
SHA-224 and SHA-256 cryptographic hash function.
mbedtls_dhm_context dhm_ctx
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)