23 #ifndef MBEDTLS_SSL_INTERNAL_H
24 #define MBEDTLS_SSL_INTERNAL_H
28 #if defined(MBEDTLS_MD5_C)
32 #if defined(MBEDTLS_SHA1_C)
36 #if defined(MBEDTLS_SHA256_C)
40 #if defined(MBEDTLS_SHA512_C)
44 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
45 !defined(inline) && !defined(__cplusplus)
46 #define inline __inline
50 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
52 #if defined(MBEDTLS_SSL_PROTO_SSL3)
53 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
55 #if defined(MBEDTLS_SSL_PROTO_TLS1)
56 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
58 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
59 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
61 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
62 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
69 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
71 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
72 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
74 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
75 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
77 #if defined(MBEDTLS_SSL_PROTO_TLS1)
78 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
80 #if defined(MBEDTLS_SSL_PROTO_SSL3)
81 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
87 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
88 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1
89 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2
90 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3
100 #define MBEDTLS_SSL_RETRANS_PREPARING 0
101 #define MBEDTLS_SSL_RETRANS_SENDING 1
102 #define MBEDTLS_SSL_RETRANS_WAITING 2
103 #define MBEDTLS_SSL_RETRANS_FINISHED 3
111 #if defined(MBEDTLS_ZLIB_SUPPORT)
112 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
114 #define MBEDTLS_SSL_COMPRESSION_ADD 0
117 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
119 #if defined(MBEDTLS_SHA512_C)
120 #define MBEDTLS_SSL_MAC_ADD 48
121 #elif defined(MBEDTLS_SHA256_C)
122 #define MBEDTLS_SSL_MAC_ADD 32
124 #define MBEDTLS_SSL_MAC_ADD 20
128 #define MBEDTLS_SSL_MAC_ADD 16
131 #if defined(MBEDTLS_CIPHER_MODE_CBC)
132 #define MBEDTLS_SSL_PADDING_ADD 256
134 #define MBEDTLS_SSL_PADDING_ADD 0
137 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
138 + MBEDTLS_SSL_COMPRESSION_ADD \
140 + MBEDTLS_SSL_MAC_ADD \
141 + MBEDTLS_SSL_PADDING_ADD \
149 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
166 #if defined(MBEDTLS_DHM_C)
169 #if defined(MBEDTLS_ECDH_C)
172 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
175 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
179 #if defined(MBEDTLS_X509_CRT_PARSE_C)
181 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
188 #if defined(MBEDTLS_SSL_PROTO_DTLS)
214 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
215 defined(MBEDTLS_SSL_PROTO_TLS1_1)
219 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
220 #if defined(MBEDTLS_SHA256_C)
223 #if defined(MBEDTLS_SHA512_C)
231 int (*
tls_prf)(
const unsigned char *, size_t,
const char *,
232 const unsigned char *, size_t,
233 unsigned char *, size_t);
246 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
249 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
274 #if defined(MBEDTLS_SSL_PROTO_SSL3)
276 unsigned char mac_enc[20];
277 unsigned char mac_dec[20];
289 #if defined(MBEDTLS_ZLIB_SUPPORT)
290 z_stream ctx_deflate;
291 z_stream ctx_inflate;
295 #if defined(MBEDTLS_X509_CRT_PARSE_C)
307 #if defined(MBEDTLS_SSL_PROTO_DTLS)
364 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
368 #if defined(MBEDTLS_PK_C)
376 #if defined(MBEDTLS_ECP_C)
380 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
385 #if defined(MBEDTLS_X509_CRT_PARSE_C)
395 return( key_cert == NULL ? NULL : key_cert->
key );
407 return( key_cert == NULL ? NULL : key_cert->
cert );
426 unsigned char ver[2] );
428 const unsigned char ver[2] );
432 #if defined(MBEDTLS_SSL_PROTO_DTLS)
443 #if defined(MBEDTLS_SSL_PROTO_DTLS)
452 #if defined(MBEDTLS_SSL_PROTO_DTLS)
459 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
468 const unsigned char *A = (
const unsigned char *) a;
469 const unsigned char *B = (
const unsigned char *) b;
470 unsigned char diff = 0;
472 for( i = 0; i < n; i++ )
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
mbedtls_sha1_context fin_sha1
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
mbedtls_ssl_key_cert * key_cert
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
unsigned char alt_out_ctr[8]
unsigned char randbytes[64]
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * cur_msg
mbedtls_sha256_context fin_sha256
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
Certificate revocation list structure.
mbedtls_ecdh_context ecdh_ctx
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
mbedtls_sha512_context fin_sha512
mbedtls_pk_type_t
Public key types.
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Curve information for use by other modules.
int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
Generic message digest context.
mbedtls_x509_crt * sni_ca_chain
void mbedtls_ssl_handshake_free(mbedtls_ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
mbedtls_md5_context fin_md5
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context *ssl)
const mbedtls_ecp_curve_info ** curves
mbedtls_ssl_transform * alt_transform_out
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * next
unsigned char retransmit_state
mbedtls_ssl_key_cert * key_cert
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
SHA-512 context structure.
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
unsigned char * verify_cookie
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
mbedtls_ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
const mbedtls_ssl_config * conf
SHA-256 context structure.
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
This structure is used for storing ciphersuite information.
uint32_t retransmit_timeout
#define MBEDTLS_PREMASTER_SIZE
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
unsigned char verify_cookie_len
mbedtls_ssl_key_cert * next
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl)
unsigned int in_flight_start_seq
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
Container for an X.509 certificate.
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
mbedtls_ssl_key_cert * sni_key_cert
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
mbedtls_ssl_flight_item * flight
mbedtls_x509_crl * sni_ca_crl
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
mbedtls_dhm_context dhm_ctx
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)