00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049 #ifndef MBEDTLS_SSL_H
00050 #define MBEDTLS_SSL_H
00051
00052 #if !defined(MBEDTLS_CONFIG_FILE)
00053 #include "config.h"
00054 #else
00055 #include MBEDTLS_CONFIG_FILE
00056 #endif
00057
00058 #include "bignum.h"
00059 #include "ecp.h"
00060
00061 #include "ssl_ciphersuites.h"
00062
00063 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00064 #include "x509_crt.h"
00065 #include "x509_crl.h"
00066 #endif
00067
00068 #if defined(MBEDTLS_DHM_C)
00069 #include "dhm.h"
00070 #endif
00071
00072 #if defined(MBEDTLS_ECDH_C)
00073 #include "ecdh.h"
00074 #endif
00075
00076 #if defined(MBEDTLS_ZLIB_SUPPORT)
00077 #include "zlib.h"
00078 #endif
00079
00080 #if defined(MBEDTLS_HAVE_TIME)
00081 #include "platform_time.h"
00082 #endif
00083
00084
00085
00086
00087 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
00088 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
00089 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
00090 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
00091 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
00092 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
00093 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
00094 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
00095 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
00096 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
00097 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
00098 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
00099 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
00100 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
00101 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
00102 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
00103 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
00104 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
00105 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
00106 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
00107 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
00108 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
00109 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
00110 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
00111 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
00112 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
00113 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
00114 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
00115 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
00116 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
00117 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
00118 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
00119 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
00120 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
00121 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
00122 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
00123 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
00124 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
00125 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
00126 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
00127 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
00128 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
00129 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
00130 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
00131 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900
00132 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
00133 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
00134 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
00135 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
00136 #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
00137 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600
00138 #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
00140
00141
00142
00143 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
00144 #define MBEDTLS_SSL_MINOR_VERSION_0 0
00145 #define MBEDTLS_SSL_MINOR_VERSION_1 1
00146 #define MBEDTLS_SSL_MINOR_VERSION_2 2
00147 #define MBEDTLS_SSL_MINOR_VERSION_3 3
00149 #define MBEDTLS_SSL_TRANSPORT_STREAM 0
00150 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
00152 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
00153 #define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255
00155 #define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535
00157
00158
00159 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
00160 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
00161 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
00162 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
00163 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
00164 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
00166 #define MBEDTLS_SSL_IS_CLIENT 0
00167 #define MBEDTLS_SSL_IS_SERVER 1
00168
00169 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
00170 #define MBEDTLS_SSL_IS_FALLBACK 1
00171
00172 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
00173 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
00174
00175 #define MBEDTLS_SSL_ETM_DISABLED 0
00176 #define MBEDTLS_SSL_ETM_ENABLED 1
00177
00178 #define MBEDTLS_SSL_COMPRESS_NULL 0
00179 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
00180
00181 #define MBEDTLS_SSL_VERIFY_NONE 0
00182 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
00183 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
00184 #define MBEDTLS_SSL_VERIFY_UNSET 3
00185
00186 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
00187 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
00188
00189 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
00190 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
00191
00192 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
00193 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
00194
00195 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
00196 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
00197
00198 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
00199 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
00200 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
00201
00202 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
00203 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
00204 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10
00205
00206 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
00207 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
00208
00209 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
00210 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
00211
00212 #define MBEDTLS_SSL_ARC4_ENABLED 0
00213 #define MBEDTLS_SSL_ARC4_DISABLED 1
00214
00215 #define MBEDTLS_SSL_PRESET_DEFAULT 0
00216 #define MBEDTLS_SSL_PRESET_SUITEB 2
00217
00218 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
00219 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
00220
00221
00222
00223
00224
00225 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
00226 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
00227
00236 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
00237 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
00238 #endif
00239
00240
00241
00242
00243
00244
00245
00246
00247
00248
00249
00250
00251 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
00252 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
00253 #endif
00254
00255
00256
00257
00258
00259
00260 #if defined(MBEDTLS_SSL_PROTO_SSL3)
00261 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
00262 #else
00263 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
00264 #endif
00265
00266
00267
00268
00269 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
00270 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
00272
00273
00274
00275
00276 #define MBEDTLS_SSL_HASH_NONE 0
00277 #define MBEDTLS_SSL_HASH_MD5 1
00278 #define MBEDTLS_SSL_HASH_SHA1 2
00279 #define MBEDTLS_SSL_HASH_SHA224 3
00280 #define MBEDTLS_SSL_HASH_SHA256 4
00281 #define MBEDTLS_SSL_HASH_SHA384 5
00282 #define MBEDTLS_SSL_HASH_SHA512 6
00283
00284 #define MBEDTLS_SSL_SIG_ANON 0
00285 #define MBEDTLS_SSL_SIG_RSA 1
00286 #define MBEDTLS_SSL_SIG_ECDSA 3
00287
00288
00289
00290
00291
00292 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
00293 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
00294
00295
00296
00297
00298 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
00299 #define MBEDTLS_SSL_MSG_ALERT 21
00300 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
00301 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
00302
00303 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
00304 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
00305
00306 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0
00307 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
00308 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20
00309 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21
00310 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22
00311 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
00312 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
00313 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41
00314 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42
00315 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43
00316 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44
00317 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45
00318 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46
00319 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
00320 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48
00321 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49
00322 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50
00323 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51
00324 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60
00325 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70
00326 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
00327 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80
00328 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86
00329 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90
00330 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100
00331 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110
00332 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112
00333 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115
00334 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120
00335
00336 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
00337 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
00338 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
00339 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
00340 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
00341 #define MBEDTLS_SSL_HS_CERTIFICATE 11
00342 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
00343 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
00344 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
00345 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
00346 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
00347 #define MBEDTLS_SSL_HS_FINISHED 20
00348
00349
00350
00351
00352 #define MBEDTLS_TLS_EXT_SERVERNAME 0
00353 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
00354
00355 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
00356
00357 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
00358
00359 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
00360 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
00361
00362 #define MBEDTLS_TLS_EXT_SIG_ALG 13
00363
00364 #define MBEDTLS_TLS_EXT_ALPN 16
00365
00366 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22
00367 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017
00368
00369 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
00370
00371 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256
00372
00373 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
00374
00375
00376
00377
00378 #if !defined(MBEDTLS_PSK_MAX_LEN)
00379 #define MBEDTLS_PSK_MAX_LEN 32
00380 #endif
00381
00382
00383 union mbedtls_ssl_premaster_secret
00384 {
00385 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
00386 unsigned char _pms_rsa[48];
00387 #endif
00388 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
00389 unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];
00390 #endif
00391 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
00392 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
00393 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
00394 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
00395 unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];
00396 #endif
00397 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
00398 unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];
00399 #endif
00400 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
00401 unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
00402 + MBEDTLS_PSK_MAX_LEN];
00403 #endif
00404 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
00405 unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];
00406 #endif
00407 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00408 unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
00409 + MBEDTLS_PSK_MAX_LEN];
00410 #endif
00411 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
00412 unsigned char _pms_ecjpake[32];
00413 #endif
00414 };
00415
00416 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
00417
00418 #ifdef __cplusplus
00419 extern "C" {
00420 #endif
00421
00422
00423
00424
00425 typedef enum
00426 {
00427 MBEDTLS_SSL_HELLO_REQUEST,
00428 MBEDTLS_SSL_CLIENT_HELLO,
00429 MBEDTLS_SSL_SERVER_HELLO,
00430 MBEDTLS_SSL_SERVER_CERTIFICATE,
00431 MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
00432 MBEDTLS_SSL_CERTIFICATE_REQUEST,
00433 MBEDTLS_SSL_SERVER_HELLO_DONE,
00434 MBEDTLS_SSL_CLIENT_CERTIFICATE,
00435 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
00436 MBEDTLS_SSL_CERTIFICATE_VERIFY,
00437 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
00438 MBEDTLS_SSL_CLIENT_FINISHED,
00439 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
00440 MBEDTLS_SSL_SERVER_FINISHED,
00441 MBEDTLS_SSL_FLUSH_BUFFERS,
00442 MBEDTLS_SSL_HANDSHAKE_WRAPUP,
00443 MBEDTLS_SSL_HANDSHAKE_OVER,
00444 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
00445 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
00446 }
00447 mbedtls_ssl_states;
00448
00466 typedef int mbedtls_ssl_send_t( void *ctx,
00467 const unsigned char *buf,
00468 size_t len );
00469
00489 typedef int mbedtls_ssl_recv_t( void *ctx,
00490 unsigned char *buf,
00491 size_t len );
00492
00515 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
00516 unsigned char *buf,
00517 size_t len,
00518 uint32_t timeout );
00541 typedef void mbedtls_ssl_set_timer_t( void * ctx,
00542 uint32_t int_ms,
00543 uint32_t fin_ms );
00544
00556 typedef int mbedtls_ssl_get_timer_t( void * ctx );
00557
00558
00559
00560 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
00561 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
00562 typedef struct mbedtls_ssl_config mbedtls_ssl_config;
00563
00564
00565 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
00566 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
00567 typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
00568 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00569 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
00570 #endif
00571 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00572 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
00573 #endif
00574
00575
00576
00577
00578 struct mbedtls_ssl_session
00579 {
00580 #if defined(MBEDTLS_HAVE_TIME)
00581 mbedtls_time_t start;
00582 #endif
00583 int ciphersuite;
00584 int compression;
00585 size_t id_len;
00586 unsigned char id[32];
00587 unsigned char master[48];
00589 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00590 mbedtls_x509_crt *peer_cert;
00591 #endif
00592 uint32_t verify_result;
00594 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
00595 unsigned char *ticket;
00596 size_t ticket_len;
00597 uint32_t ticket_lifetime;
00598 #endif
00599
00600 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00601 unsigned char mfl_code;
00602 #endif
00603
00604 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00605 int trunc_hmac;
00606 #endif
00607
00608 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00609 int encrypt_then_mac;
00610 #endif
00611 };
00612
00616 struct mbedtls_ssl_config
00617 {
00618
00619
00620
00621
00622
00623
00624 const int *ciphersuite_list[4];
00627 void (*f_dbg)(void *, int, const char *, int, const char *);
00628 void *p_dbg;
00631 int (*f_rng)(void *, unsigned char *, size_t);
00632 void *p_rng;
00635 int (*f_get_cache)(void *, mbedtls_ssl_session *);
00637 int (*f_set_cache)(void *, const mbedtls_ssl_session *);
00638 void *p_cache;
00640 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
00641
00642 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00643 void *p_sni;
00644 #endif
00645
00646 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00647
00648 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
00649 void *p_vrfy;
00650 #endif
00651
00652 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00653
00654 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00655 void *p_psk;
00656 #endif
00657
00658 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00659
00660 int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
00661 const unsigned char *, size_t );
00663 int (*f_cookie_check)( void *, const unsigned char *, size_t,
00664 const unsigned char *, size_t );
00665 void *p_cookie;
00666 #endif
00667
00668 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
00669
00670 int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
00671 unsigned char *, const unsigned char *, size_t *, uint32_t * );
00673 int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
00674 void *p_ticket;
00675 #endif
00676
00677 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
00678
00679 int (*f_export_keys)( void *, const unsigned char *,
00680 const unsigned char *, size_t, size_t, size_t );
00681 void *p_export_keys;
00682 #endif
00683
00684 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00685 const mbedtls_x509_crt_profile *cert_profile;
00686 mbedtls_ssl_key_cert *key_cert;
00687 mbedtls_x509_crt *ca_chain;
00688 mbedtls_x509_crl *ca_crl;
00689 #endif
00690
00691 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
00692 const int *sig_hashes;
00693 #endif
00694
00695 #if defined(MBEDTLS_ECP_C)
00696 const mbedtls_ecp_group_id *curve_list;
00697 #endif
00698
00699 #if defined(MBEDTLS_DHM_C)
00700 mbedtls_mpi dhm_P;
00701 mbedtls_mpi dhm_G;
00702 #endif
00703
00704 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00705 unsigned char *psk;
00706 size_t psk_len;
00707 unsigned char *psk_identity;
00708 size_t psk_identity_len;
00709 #endif
00710
00711 #if defined(MBEDTLS_SSL_ALPN)
00712 const char **alpn_list;
00713 #endif
00714
00715
00716
00717
00718
00719 uint32_t read_timeout;
00721 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00722 uint32_t hs_timeout_min;
00724 uint32_t hs_timeout_max;
00726 #endif
00727
00728 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00729 int renego_max_records;
00730 unsigned char renego_period[8];
00732 #endif
00733
00734 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00735 unsigned int badmac_limit;
00736 #endif
00737
00738 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
00739 unsigned int dhm_min_bitlen;
00740 #endif
00741
00742 unsigned char max_major_ver;
00743 unsigned char max_minor_ver;
00744 unsigned char min_major_ver;
00745 unsigned char min_minor_ver;
00747
00748
00749
00750
00751 unsigned int endpoint : 1;
00752 unsigned int transport : 1;
00753 unsigned int authmode : 2;
00754
00755 unsigned int allow_legacy_renegotiation : 2 ;
00756 #if defined(MBEDTLS_ARC4_C)
00757 unsigned int arc4_disabled : 1;
00758 #endif
00759 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00760 unsigned int mfl_code : 3;
00761 #endif
00762 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00763 unsigned int encrypt_then_mac : 1 ;
00764 #endif
00765 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
00766 unsigned int extended_ms : 1;
00767 #endif
00768 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00769 unsigned int anti_replay : 1;
00770 #endif
00771 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00772 unsigned int cbc_record_splitting : 1;
00773 #endif
00774 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00775 unsigned int disable_renegotiation : 1;
00776 #endif
00777 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00778 unsigned int trunc_hmac : 1;
00779 #endif
00780 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
00781 unsigned int session_tickets : 1;
00782 #endif
00783 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
00784 unsigned int fallback : 1;
00785 #endif
00786 #if defined(MBEDTLS_SSL_SRV_C)
00787 unsigned int cert_req_ca_list : 1;
00789 #endif
00790 };
00791
00792
00793 struct mbedtls_ssl_context
00794 {
00795 const mbedtls_ssl_config *conf;
00797
00798
00799
00800 int state;
00801 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00802 int renego_status;
00803 int renego_records_seen;
00806 #endif
00807
00808 int major_ver;
00809 int minor_ver;
00811 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00812 unsigned badmac_seen;
00813 #endif
00814
00815 mbedtls_ssl_send_t *f_send;
00816 mbedtls_ssl_recv_t *f_recv;
00817 mbedtls_ssl_recv_timeout_t *f_recv_timeout;
00820 void *p_bio;
00822
00823
00824
00825 mbedtls_ssl_session *session_in;
00826 mbedtls_ssl_session *session_out;
00827 mbedtls_ssl_session *session;
00828 mbedtls_ssl_session *session_negotiate;
00830 mbedtls_ssl_handshake_params *handshake;
00833
00834
00835
00836 mbedtls_ssl_transform *transform_in;
00837 mbedtls_ssl_transform *transform_out;
00838 mbedtls_ssl_transform *transform;
00839 mbedtls_ssl_transform *transform_negotiate;
00841
00842
00843
00844 void *p_timer;
00846 mbedtls_ssl_set_timer_t *f_set_timer;
00847 mbedtls_ssl_get_timer_t *f_get_timer;
00849
00850
00851
00852 unsigned char *in_buf;
00853 unsigned char *in_ctr;
00856 unsigned char *in_hdr;
00857 unsigned char *in_len;
00858 unsigned char *in_iv;
00859 unsigned char *in_msg;
00860 unsigned char *in_offt;
00862 int in_msgtype;
00863 size_t in_msglen;
00864 size_t in_left;
00865 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00866 uint16_t in_epoch;
00867 size_t next_record_offset;
00869 #endif
00870 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00871 uint64_t in_window_top;
00872 uint64_t in_window;
00873 #endif
00874
00875 size_t in_hslen;
00877 int nb_zero;
00879 int keep_current_message;
00882
00883
00884
00885 unsigned char *out_buf;
00886 unsigned char *out_ctr;
00887 unsigned char *out_hdr;
00888 unsigned char *out_len;
00889 unsigned char *out_iv;
00890 unsigned char *out_msg;
00892 int out_msgtype;
00893 size_t out_msglen;
00894 size_t out_left;
00896 #if defined(MBEDTLS_ZLIB_SUPPORT)
00897 unsigned char *compress_buf;
00898 #endif
00899 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00900 signed char split_done;
00901 #endif
00902
00903
00904
00905
00906 int client_auth;
00908
00909
00910
00911 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00912 char *hostname;
00914 #endif
00915
00916 #if defined(MBEDTLS_SSL_ALPN)
00917 const char *alpn_chosen;
00918 #endif
00919
00920
00921
00922
00923 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00924 unsigned char *cli_id;
00925 size_t cli_id_len;
00926 #endif
00927
00928
00929
00930
00931
00932 int secure_renegotiation;
00934 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00935 size_t verify_data_len;
00936 char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00937 char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00938 #endif
00939 };
00940
00941 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
00942
00943 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
00944 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
00945
00946 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
00947 const unsigned char *key_enc, const unsigned char *key_dec,
00948 size_t keylen,
00949 const unsigned char *iv_enc, const unsigned char *iv_dec,
00950 size_t ivlen,
00951 const unsigned char *mac_enc, const unsigned char *mac_dec,
00952 size_t maclen);
00953 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
00954 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
00955 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
00956 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
00957 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
00958 #endif
00959
00968 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
00969
00978 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
00979
00987 void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
00988
01009 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
01010 const mbedtls_ssl_config *conf );
01011
01022 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
01023
01030 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
01031
01046 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
01047
01074 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
01075
01076 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01077
01088 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
01089 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
01090 void *p_vrfy );
01091 #endif
01092
01100 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
01101 int (*f_rng)(void *, unsigned char *, size_t),
01102 void *p_rng );
01103
01118 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
01119 void (*f_dbg)(void *, int, const char *, int, const char *),
01120 void *p_dbg );
01121
01152 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
01153 void *p_bio,
01154 mbedtls_ssl_send_t *f_send,
01155 mbedtls_ssl_recv_t *f_recv,
01156 mbedtls_ssl_recv_timeout_t *f_recv_timeout );
01157
01174 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
01175
01196 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
01197 void *p_timer,
01198 mbedtls_ssl_set_timer_t *f_set_timer,
01199 mbedtls_ssl_get_timer_t *f_get_timer );
01200
01220 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
01221 const mbedtls_ssl_session *session,
01222 unsigned char *start,
01223 const unsigned char *end,
01224 size_t *tlen,
01225 uint32_t *lifetime );
01226
01227 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01228
01248 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
01249 const unsigned char *ms,
01250 const unsigned char *kb,
01251 size_t maclen,
01252 size_t keylen,
01253 size_t ivlen );
01254 #endif
01255
01279 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
01280 mbedtls_ssl_session *session,
01281 unsigned char *buf,
01282 size_t len );
01283
01284 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
01285
01299 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
01300 mbedtls_ssl_ticket_write_t *f_ticket_write,
01301 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
01302 void *p_ticket );
01303 #endif
01304
01305 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01306
01316 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
01317 mbedtls_ssl_export_keys_t *f_export_keys,
01318 void *p_export_keys );
01319 #endif
01320
01335 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
01336 unsigned char **p, unsigned char *end,
01337 const unsigned char *info, size_t ilen );
01338
01352 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
01353 const unsigned char *cookie, size_t clen,
01354 const unsigned char *info, size_t ilen );
01355
01356 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
01357
01385 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
01386 mbedtls_ssl_cookie_write_t *f_cookie_write,
01387 mbedtls_ssl_cookie_check_t *f_cookie_check,
01388 void *p_cookie );
01389
01409 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
01410 const unsigned char *info,
01411 size_t ilen );
01412
01413 #endif
01414
01415 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
01416
01431 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
01432 #endif
01433
01434 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
01435
01458 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
01459 #endif
01460
01461 #if defined(MBEDTLS_SSL_PROTO_DTLS)
01462
01493 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
01494 #endif
01495
01496 #if defined(MBEDTLS_SSL_SRV_C)
01497
01534 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
01535 void *p_cache,
01536 int (*f_get_cache)(void *, mbedtls_ssl_session *),
01537 int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
01538 #endif
01539
01540 #if defined(MBEDTLS_SSL_CLI_C)
01541
01555 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
01556 #endif
01557
01573 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
01574 const int *ciphersuites );
01575
01595 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
01596 const int *ciphersuites,
01597 int major, int minor );
01598
01599 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01600
01610 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
01611 const mbedtls_x509_crt_profile *profile );
01612
01624 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
01625 mbedtls_x509_crt *ca_chain,
01626 mbedtls_x509_crl *ca_crl );
01627
01664 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
01665 mbedtls_x509_crt *own_cert,
01666 mbedtls_pk_context *pk_key );
01667 #endif
01668
01669 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
01670
01690 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
01691 const unsigned char *psk, size_t psk_len,
01692 const unsigned char *psk_identity, size_t psk_identity_len );
01693
01694
01707 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
01708 const unsigned char *psk, size_t psk_len );
01709
01734 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
01735 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
01736 size_t),
01737 void *p_psk );
01738 #endif
01739
01740 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
01741
01742 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
01743
01744 #if defined(MBEDTLS_DEPRECATED_WARNING)
01745 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
01746 #else
01747 #define MBEDTLS_DEPRECATED
01748 #endif
01749
01763 MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
01764 const char *dhm_P,
01765 const char *dhm_G );
01766
01767 #endif
01768
01782 int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
01783 const unsigned char *dhm_P, size_t P_len,
01784 const unsigned char *dhm_G, size_t G_len );
01785
01795 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
01796 #endif
01797
01798 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
01799
01807 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
01808 unsigned int bitlen );
01809 #endif
01810
01811 #if defined(MBEDTLS_ECP_C)
01812
01839 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
01840 const mbedtls_ecp_group_id *curves );
01841 #endif
01842
01843 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
01844
01862 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
01863 const int *hashes );
01864 #endif
01865
01866 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01867
01885 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
01886 #endif
01887
01888 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
01889
01901 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
01902 mbedtls_x509_crt *own_cert,
01903 mbedtls_pk_context *pk_key );
01904
01916 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
01917 mbedtls_x509_crt *ca_chain,
01918 mbedtls_x509_crl *ca_crl );
01919
01930 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
01931 int authmode );
01932
01956 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
01957 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
01958 size_t),
01959 void *p_sni );
01960 #endif
01961
01962 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
01963
01980 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
01981 const unsigned char *pw,
01982 size_t pw_len );
01983 #endif
01984
01985 #if defined(MBEDTLS_SSL_ALPN)
01986
01998 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
01999
02009 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
02010 #endif
02011
02028 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
02029
02048 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
02049
02050 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
02051
02070 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
02071 #endif
02072
02073 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
02074
02085 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
02086 #endif
02087
02088 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
02089
02100 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
02101 #endif
02102
02103 #if defined(MBEDTLS_ARC4_C)
02104
02119 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
02120 #endif
02121
02122 #if defined(MBEDTLS_SSL_SRV_C)
02123
02132 void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
02133 char cert_req_ca_list );
02134 #endif
02135
02136 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02137
02167 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
02168 #endif
02169
02170 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
02171
02179 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
02180 #endif
02181
02182 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
02183
02194 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
02195 #endif
02196
02197 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
02198
02208 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
02209 #endif
02210
02211 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02212
02229 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
02230 #endif
02231
02259 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
02260
02261 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02262
02299 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
02300
02326 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
02327 const unsigned char period[8] );
02328 #endif
02329
02337 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
02338
02351 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
02352
02360 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
02361
02369 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
02370
02381 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
02382
02383 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02384
02400 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
02401 #endif
02402
02403 #if defined(MBEDTLS_X509_CRT_PARSE_C)
02404
02418 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
02419 #endif
02420
02421 #if defined(MBEDTLS_SSL_CLI_C)
02422
02448 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
02449 #endif
02450
02472 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
02473
02493 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
02494
02495 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02496
02514 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
02515 #endif
02516
02551 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
02552
02595 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
02596
02613 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
02614 unsigned char level,
02615 unsigned char message );
02629 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
02630
02636 void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
02637
02648 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
02649
02665 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
02666 int endpoint, int transport, int preset );
02667
02673 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
02674
02680 void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
02681
02691 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
02692
02693 #ifdef __cplusplus
02694 }
02695 #endif
02696
02697 #endif