23 #ifndef MBEDTLS_SSL_INTERNAL_H
24 #define MBEDTLS_SSL_INTERNAL_H
28 #if defined(MBEDTLS_MD5_C)
32 #if defined(MBEDTLS_SHA1_C)
36 #if defined(MBEDTLS_SHA256_C)
40 #if defined(MBEDTLS_SHA512_C)
44 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
48 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
49 !defined(inline) && !defined(__cplusplus)
50 #define inline __inline
54 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
56 #if defined(MBEDTLS_SSL_PROTO_SSL3)
57 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
59 #if defined(MBEDTLS_SSL_PROTO_TLS1)
60 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
62 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
63 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
65 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
66 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
73 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
75 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
76 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
78 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
79 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
81 #if defined(MBEDTLS_SSL_PROTO_TLS1)
82 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
84 #if defined(MBEDTLS_SSL_PROTO_SSL3)
85 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
91 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
92 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1
93 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2
94 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3
104 #define MBEDTLS_SSL_RETRANS_PREPARING 0
105 #define MBEDTLS_SSL_RETRANS_SENDING 1
106 #define MBEDTLS_SSL_RETRANS_WAITING 2
107 #define MBEDTLS_SSL_RETRANS_FINISHED 3
115 #if defined(MBEDTLS_ZLIB_SUPPORT)
116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
118 #define MBEDTLS_SSL_COMPRESSION_ADD 0
121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
123 #if defined(MBEDTLS_SHA512_C)
124 #define MBEDTLS_SSL_MAC_ADD 48
125 #elif defined(MBEDTLS_SHA256_C)
126 #define MBEDTLS_SSL_MAC_ADD 32
128 #define MBEDTLS_SSL_MAC_ADD 20
132 #define MBEDTLS_SSL_MAC_ADD 16
135 #if defined(MBEDTLS_CIPHER_MODE_CBC)
136 #define MBEDTLS_SSL_PADDING_ADD 256
138 #define MBEDTLS_SSL_PADDING_ADD 0
141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
142 + MBEDTLS_SSL_COMPRESSION_ADD \
144 + MBEDTLS_SSL_MAC_ADD \
145 + MBEDTLS_SSL_PADDING_ADD \
153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
171 #if defined(MBEDTLS_DHM_C)
174 #if defined(MBEDTLS_ECDH_C)
177 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
179 #if defined(MBEDTLS_SSL_CLI_C)
180 unsigned char *ecjpake_cache;
181 size_t ecjpake_cache_len;
184 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
185 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
188 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
192 #if defined(MBEDTLS_X509_CRT_PARSE_C)
194 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
201 #if defined(MBEDTLS_SSL_PROTO_DTLS)
227 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
228 defined(MBEDTLS_SSL_PROTO_TLS1_1)
232 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
233 #if defined(MBEDTLS_SHA256_C)
236 #if defined(MBEDTLS_SHA512_C)
244 int (*
tls_prf)(
const unsigned char *, size_t,
const char *,
245 const unsigned char *, size_t,
246 unsigned char *, size_t);
259 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
262 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
287 #if defined(MBEDTLS_SSL_PROTO_SSL3)
289 unsigned char mac_enc[20];
290 unsigned char mac_dec[20];
302 #if defined(MBEDTLS_ZLIB_SUPPORT)
303 z_stream ctx_deflate;
304 z_stream ctx_inflate;
308 #if defined(MBEDTLS_X509_CRT_PARSE_C)
320 #if defined(MBEDTLS_SSL_PROTO_DTLS)
377 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
381 #if defined(MBEDTLS_PK_C)
389 #if defined(MBEDTLS_ECP_C)
393 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
398 #if defined(MBEDTLS_X509_CRT_PARSE_C)
408 return( key_cert == NULL ? NULL : key_cert->
key );
420 return( key_cert == NULL ? NULL : key_cert->
cert );
439 unsigned char ver[2] );
441 const unsigned char ver[2] );
445 #if defined(MBEDTLS_SSL_PROTO_DTLS)
456 #if defined(MBEDTLS_SSL_PROTO_DTLS)
465 #if defined(MBEDTLS_SSL_PROTO_DTLS)
472 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
481 const unsigned char *A = (
const unsigned char *) a;
482 const unsigned char *B = (
const unsigned char *) b;
483 unsigned char diff = 0;
485 for( i = 0; i < n; i++ )
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
mbedtls_sha1_context fin_sha1
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
mbedtls_ssl_key_cert * key_cert
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
unsigned char alt_out_ctr[8]
unsigned char randbytes[64]
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * cur_msg
mbedtls_sha256_context fin_sha256
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
Certificate revocation list structure.
mbedtls_ecdh_context ecdh_ctx
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
mbedtls_sha512_context fin_sha512
mbedtls_pk_type_t
Public key types.
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Curve information for use by other modules.
int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
Generic message digest context.
mbedtls_x509_crt * sni_ca_chain
void mbedtls_ssl_handshake_free(mbedtls_ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
mbedtls_md5_context fin_md5
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context *ssl)
const mbedtls_ecp_curve_info ** curves
mbedtls_ssl_transform * alt_transform_out
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * next
unsigned char retransmit_state
mbedtls_ssl_key_cert * key_cert
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
SHA-512 context structure.
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
unsigned char * verify_cookie
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
mbedtls_ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
const mbedtls_ssl_config * conf
SHA-256 context structure.
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
This structure is used for storing ciphersuite information.
uint32_t retransmit_timeout
#define MBEDTLS_PREMASTER_SIZE
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
unsigned char verify_cookie_len
mbedtls_ssl_key_cert * next
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl)
unsigned int in_flight_start_seq
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
Container for an X.509 certificate.
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
mbedtls_ssl_key_cert * sni_key_cert
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
EC J-PAKE context structure.
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
mbedtls_ssl_flight_item * flight
mbedtls_x509_crl * sni_ca_crl
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
mbedtls_dhm_context dhm_ctx
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)