00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #ifndef MBEDTLS_SSL_H
00025 #define MBEDTLS_SSL_H
00026
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032
00033 #include "bignum.h"
00034 #include "ecp.h"
00035
00036 #include "ssl_ciphersuites.h"
00037
00038 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00039 #include "x509_crt.h"
00040 #include "x509_crl.h"
00041 #endif
00042
00043 #if defined(MBEDTLS_DHM_C)
00044 #include "dhm.h"
00045 #endif
00046
00047 #if defined(MBEDTLS_ECDH_C)
00048 #include "ecdh.h"
00049 #endif
00050
00051 #if defined(MBEDTLS_ZLIB_SUPPORT)
00052 #include "zlib.h"
00053 #endif
00054
00055 #if defined(MBEDTLS_HAVE_TIME)
00056 #include "platform_time.h"
00057 #endif
00058
00059
00060
00061
00062 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
00063 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
00064 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
00065 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
00066 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
00067 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
00068 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
00069 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
00070 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
00071 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
00072 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
00073 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
00074 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
00075 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
00076 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
00077 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
00078 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
00079 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
00080 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
00081 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
00082 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
00083 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
00084 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
00085 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
00086 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
00087 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
00088 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
00089 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
00090 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
00091 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
00092 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
00093 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
00094 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
00095 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
00096 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
00097 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
00098 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
00099 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
00100 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
00101 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
00102 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
00103 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
00104 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
00105 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
00106 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900
00107 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
00108 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
00109 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
00110 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
00111 #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
00112 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600
00114
00115
00116
00117 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
00118 #define MBEDTLS_SSL_MINOR_VERSION_0 0
00119 #define MBEDTLS_SSL_MINOR_VERSION_1 1
00120 #define MBEDTLS_SSL_MINOR_VERSION_2 2
00121 #define MBEDTLS_SSL_MINOR_VERSION_3 3
00123 #define MBEDTLS_SSL_TRANSPORT_STREAM 0
00124 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
00126 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
00128
00129
00130 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
00131 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
00132 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
00133 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
00134 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
00135 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
00137 #define MBEDTLS_SSL_IS_CLIENT 0
00138 #define MBEDTLS_SSL_IS_SERVER 1
00139
00140 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
00141 #define MBEDTLS_SSL_IS_FALLBACK 1
00142
00143 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
00144 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
00145
00146 #define MBEDTLS_SSL_ETM_DISABLED 0
00147 #define MBEDTLS_SSL_ETM_ENABLED 1
00148
00149 #define MBEDTLS_SSL_COMPRESS_NULL 0
00150 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
00151
00152 #define MBEDTLS_SSL_VERIFY_NONE 0
00153 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
00154 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
00155 #define MBEDTLS_SSL_VERIFY_UNSET 3
00156
00157 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
00158 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
00159
00160 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
00161 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
00162
00163 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
00164 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
00165
00166 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
00167 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
00168
00169 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
00170 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
00171 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
00172
00173 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
00174 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
00175 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10
00176
00177 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
00178 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
00179
00180 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
00181 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
00182
00183 #define MBEDTLS_SSL_ARC4_ENABLED 0
00184 #define MBEDTLS_SSL_ARC4_DISABLED 1
00185
00186 #define MBEDTLS_SSL_PRESET_DEFAULT 0
00187 #define MBEDTLS_SSL_PRESET_SUITEB 2
00188
00189 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
00190 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
00191
00192
00193
00194
00195
00196 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
00197 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
00198
00207 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
00208 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
00209 #endif
00210
00211
00212
00213
00214
00215
00216
00217
00218
00219
00220
00221
00222 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
00223 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
00224 #endif
00225
00226
00227
00228
00229
00230
00231 #if defined(MBEDTLS_SSL_PROTO_SSL3)
00232 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
00233 #else
00234 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
00235 #endif
00236
00237
00238
00239
00240 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
00241 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
00243
00244
00245
00246
00247 #define MBEDTLS_SSL_HASH_NONE 0
00248 #define MBEDTLS_SSL_HASH_MD5 1
00249 #define MBEDTLS_SSL_HASH_SHA1 2
00250 #define MBEDTLS_SSL_HASH_SHA224 3
00251 #define MBEDTLS_SSL_HASH_SHA256 4
00252 #define MBEDTLS_SSL_HASH_SHA384 5
00253 #define MBEDTLS_SSL_HASH_SHA512 6
00254
00255 #define MBEDTLS_SSL_SIG_ANON 0
00256 #define MBEDTLS_SSL_SIG_RSA 1
00257 #define MBEDTLS_SSL_SIG_ECDSA 3
00258
00259
00260
00261
00262
00263 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
00264 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
00265
00266
00267
00268
00269 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
00270 #define MBEDTLS_SSL_MSG_ALERT 21
00271 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
00272 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
00273
00274 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
00275 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
00276
00277 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0
00278 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
00279 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20
00280 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21
00281 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22
00282 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
00283 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
00284 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41
00285 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42
00286 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43
00287 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44
00288 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45
00289 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46
00290 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
00291 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48
00292 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49
00293 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50
00294 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51
00295 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60
00296 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70
00297 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
00298 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80
00299 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86
00300 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90
00301 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100
00302 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110
00303 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112
00304 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115
00305 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120
00306
00307 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
00308 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
00309 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
00310 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
00311 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
00312 #define MBEDTLS_SSL_HS_CERTIFICATE 11
00313 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
00314 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
00315 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
00316 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
00317 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
00318 #define MBEDTLS_SSL_HS_FINISHED 20
00319
00320
00321
00322
00323 #define MBEDTLS_TLS_EXT_SERVERNAME 0
00324 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
00325
00326 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
00327
00328 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
00329
00330 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
00331 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
00332
00333 #define MBEDTLS_TLS_EXT_SIG_ALG 13
00334
00335 #define MBEDTLS_TLS_EXT_ALPN 16
00336
00337 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22
00338 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017
00339
00340 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
00341
00342 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256
00343
00344 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
00345
00346
00347
00348
00349 #if !defined(MBEDTLS_PSK_MAX_LEN)
00350 #define MBEDTLS_PSK_MAX_LEN 32
00351 #endif
00352
00353
00354 union mbedtls_ssl_premaster_secret
00355 {
00356 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
00357 unsigned char _pms_rsa[48];
00358 #endif
00359 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
00360 unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];
00361 #endif
00362 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
00363 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
00364 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
00365 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
00366 unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];
00367 #endif
00368 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
00369 unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];
00370 #endif
00371 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
00372 unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
00373 + MBEDTLS_PSK_MAX_LEN];
00374 #endif
00375 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
00376 unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];
00377 #endif
00378 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00379 unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
00380 + MBEDTLS_PSK_MAX_LEN];
00381 #endif
00382 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
00383 unsigned char _pms_ecjpake[32];
00384 #endif
00385 };
00386
00387 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
00388
00389 #ifdef __cplusplus
00390 extern "C" {
00391 #endif
00392
00393
00394
00395
00396 typedef enum
00397 {
00398 MBEDTLS_SSL_HELLO_REQUEST,
00399 MBEDTLS_SSL_CLIENT_HELLO,
00400 MBEDTLS_SSL_SERVER_HELLO,
00401 MBEDTLS_SSL_SERVER_CERTIFICATE,
00402 MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
00403 MBEDTLS_SSL_CERTIFICATE_REQUEST,
00404 MBEDTLS_SSL_SERVER_HELLO_DONE,
00405 MBEDTLS_SSL_CLIENT_CERTIFICATE,
00406 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
00407 MBEDTLS_SSL_CERTIFICATE_VERIFY,
00408 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
00409 MBEDTLS_SSL_CLIENT_FINISHED,
00410 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
00411 MBEDTLS_SSL_SERVER_FINISHED,
00412 MBEDTLS_SSL_FLUSH_BUFFERS,
00413 MBEDTLS_SSL_HANDSHAKE_WRAPUP,
00414 MBEDTLS_SSL_HANDSHAKE_OVER,
00415 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
00416 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
00417 }
00418 mbedtls_ssl_states;
00419
00437 typedef int mbedtls_ssl_send_t( void *ctx,
00438 const unsigned char *buf,
00439 size_t len );
00440
00460 typedef int mbedtls_ssl_recv_t( void *ctx,
00461 unsigned char *buf,
00462 size_t len );
00463
00486 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
00487 unsigned char *buf,
00488 size_t len,
00489 uint32_t timeout );
00512 typedef void mbedtls_ssl_set_timer_t( void * ctx,
00513 uint32_t int_ms,
00514 uint32_t fin_ms );
00515
00527 typedef int mbedtls_ssl_get_timer_t( void * ctx );
00528
00529
00530
00531 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
00532 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
00533 typedef struct mbedtls_ssl_config mbedtls_ssl_config;
00534
00535
00536 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
00537 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
00538 typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
00539 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00540 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
00541 #endif
00542 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00543 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
00544 #endif
00545
00546
00547
00548
00549 struct mbedtls_ssl_session
00550 {
00551 #if defined(MBEDTLS_HAVE_TIME)
00552 mbedtls_time_t start;
00553 #endif
00554 int ciphersuite;
00555 int compression;
00556 size_t id_len;
00557 unsigned char id[32];
00558 unsigned char master[48];
00560 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00561 mbedtls_x509_crt *peer_cert;
00562 #endif
00563 uint32_t verify_result;
00565 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
00566 unsigned char *ticket;
00567 size_t ticket_len;
00568 uint32_t ticket_lifetime;
00569 #endif
00570
00571 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00572 unsigned char mfl_code;
00573 #endif
00574
00575 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00576 int trunc_hmac;
00577 #endif
00578
00579 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00580 int encrypt_then_mac;
00581 #endif
00582 };
00583
00587 struct mbedtls_ssl_config
00588 {
00589
00590
00591
00592
00593
00594
00595 const int *ciphersuite_list[4];
00598 void (*f_dbg)(void *, int, const char *, int, const char *);
00599 void *p_dbg;
00602 int (*f_rng)(void *, unsigned char *, size_t);
00603 void *p_rng;
00606 int (*f_get_cache)(void *, mbedtls_ssl_session *);
00608 int (*f_set_cache)(void *, const mbedtls_ssl_session *);
00609 void *p_cache;
00611 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
00612
00613 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00614 void *p_sni;
00615 #endif
00616
00617 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00618
00619 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
00620 void *p_vrfy;
00621 #endif
00622
00623 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00624
00625 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00626 void *p_psk;
00627 #endif
00628
00629 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00630
00631 int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
00632 const unsigned char *, size_t );
00634 int (*f_cookie_check)( void *, const unsigned char *, size_t,
00635 const unsigned char *, size_t );
00636 void *p_cookie;
00637 #endif
00638
00639 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
00640
00641 int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
00642 unsigned char *, const unsigned char *, size_t *, uint32_t * );
00644 int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
00645 void *p_ticket;
00646 #endif
00647
00648 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
00649
00650 int (*f_export_keys)( void *, const unsigned char *,
00651 const unsigned char *, size_t, size_t, size_t );
00652 void *p_export_keys;
00653 #endif
00654
00655 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00656 const mbedtls_x509_crt_profile *cert_profile;
00657 mbedtls_ssl_key_cert *key_cert;
00658 mbedtls_x509_crt *ca_chain;
00659 mbedtls_x509_crl *ca_crl;
00660 #endif
00661
00662 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
00663 const int *sig_hashes;
00664 #endif
00665
00666 #if defined(MBEDTLS_ECP_C)
00667 const mbedtls_ecp_group_id *curve_list;
00668 #endif
00669
00670 #if defined(MBEDTLS_DHM_C)
00671 mbedtls_mpi dhm_P;
00672 mbedtls_mpi dhm_G;
00673 #endif
00674
00675 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00676 unsigned char *psk;
00677 size_t psk_len;
00678 unsigned char *psk_identity;
00679 size_t psk_identity_len;
00680 #endif
00681
00682 #if defined(MBEDTLS_SSL_ALPN)
00683 const char **alpn_list;
00684 #endif
00685
00686
00687
00688
00689
00690 uint32_t read_timeout;
00692 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00693 uint32_t hs_timeout_min;
00695 uint32_t hs_timeout_max;
00697 #endif
00698
00699 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00700 int renego_max_records;
00701 unsigned char renego_period[8];
00703 #endif
00704
00705 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00706 unsigned int badmac_limit;
00707 #endif
00708
00709 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
00710 unsigned int dhm_min_bitlen;
00711 #endif
00712
00713 unsigned char max_major_ver;
00714 unsigned char max_minor_ver;
00715 unsigned char min_major_ver;
00716 unsigned char min_minor_ver;
00718
00719
00720
00721
00722 unsigned int endpoint : 1;
00723 unsigned int transport : 1;
00724 unsigned int authmode : 2;
00725
00726 unsigned int allow_legacy_renegotiation : 2 ;
00727 #if defined(MBEDTLS_ARC4_C)
00728 unsigned int arc4_disabled : 1;
00729 #endif
00730 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00731 unsigned int mfl_code : 3;
00732 #endif
00733 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00734 unsigned int encrypt_then_mac : 1 ;
00735 #endif
00736 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
00737 unsigned int extended_ms : 1;
00738 #endif
00739 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00740 unsigned int anti_replay : 1;
00741 #endif
00742 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00743 unsigned int cbc_record_splitting : 1;
00744 #endif
00745 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00746 unsigned int disable_renegotiation : 1;
00747 #endif
00748 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00749 unsigned int trunc_hmac : 1;
00750 #endif
00751 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
00752 unsigned int session_tickets : 1;
00753 #endif
00754 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
00755 unsigned int fallback : 1;
00756 #endif
00757 #if defined(MBEDTLS_SSL_SRV_C)
00758 unsigned int cert_req_ca_list : 1;
00760 #endif
00761 };
00762
00763
00764 struct mbedtls_ssl_context
00765 {
00766 const mbedtls_ssl_config *conf;
00768
00769
00770
00771 int state;
00772 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00773 int renego_status;
00774 int renego_records_seen;
00777 #endif
00778
00779 int major_ver;
00780 int minor_ver;
00782 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00783 unsigned badmac_seen;
00784 #endif
00785
00786 mbedtls_ssl_send_t *f_send;
00787 mbedtls_ssl_recv_t *f_recv;
00788 mbedtls_ssl_recv_timeout_t *f_recv_timeout;
00791 void *p_bio;
00793
00794
00795
00796 mbedtls_ssl_session *session_in;
00797 mbedtls_ssl_session *session_out;
00798 mbedtls_ssl_session *session;
00799 mbedtls_ssl_session *session_negotiate;
00801 mbedtls_ssl_handshake_params *handshake;
00804
00805
00806
00807 mbedtls_ssl_transform *transform_in;
00808 mbedtls_ssl_transform *transform_out;
00809 mbedtls_ssl_transform *transform;
00810 mbedtls_ssl_transform *transform_negotiate;
00812
00813
00814
00815 void *p_timer;
00817 mbedtls_ssl_set_timer_t *f_set_timer;
00818 mbedtls_ssl_get_timer_t *f_get_timer;
00820
00821
00822
00823 unsigned char *in_buf;
00824 unsigned char *in_ctr;
00827 unsigned char *in_hdr;
00828 unsigned char *in_len;
00829 unsigned char *in_iv;
00830 unsigned char *in_msg;
00831 unsigned char *in_offt;
00833 int in_msgtype;
00834 size_t in_msglen;
00835 size_t in_left;
00836 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00837 uint16_t in_epoch;
00838 size_t next_record_offset;
00840 #endif
00841 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00842 uint64_t in_window_top;
00843 uint64_t in_window;
00844 #endif
00845
00846 size_t in_hslen;
00848 int nb_zero;
00850 int keep_current_message;
00853
00854
00855
00856 unsigned char *out_buf;
00857 unsigned char *out_ctr;
00858 unsigned char *out_hdr;
00859 unsigned char *out_len;
00860 unsigned char *out_iv;
00861 unsigned char *out_msg;
00863 int out_msgtype;
00864 size_t out_msglen;
00865 size_t out_left;
00867 #if defined(MBEDTLS_ZLIB_SUPPORT)
00868 unsigned char *compress_buf;
00869 #endif
00870 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00871 signed char split_done;
00872 #endif
00873
00874
00875
00876
00877 int client_auth;
00879
00880
00881
00882 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00883 char *hostname;
00885 #endif
00886
00887 #if defined(MBEDTLS_SSL_ALPN)
00888 const char *alpn_chosen;
00889 #endif
00890
00891
00892
00893
00894 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00895 unsigned char *cli_id;
00896 size_t cli_id_len;
00897 #endif
00898
00899
00900
00901
00902
00903 int secure_renegotiation;
00905 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00906 size_t verify_data_len;
00907 char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00908 char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00909 #endif
00910 };
00911
00912 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
00913
00914 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
00915 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
00916
00917 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
00918 const unsigned char *key_enc, const unsigned char *key_dec,
00919 size_t keylen,
00920 const unsigned char *iv_enc, const unsigned char *iv_dec,
00921 size_t ivlen,
00922 const unsigned char *mac_enc, const unsigned char *mac_dec,
00923 size_t maclen);
00924 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
00925 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
00926 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
00927 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
00928 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
00929 #endif
00930
00939 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
00940
00949 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
00950
00958 void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
00959
00980 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
00981 const mbedtls_ssl_config *conf );
00982
00993 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
00994
01001 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
01002
01017 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
01018
01045 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
01046
01047 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01048
01059 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
01060 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
01061 void *p_vrfy );
01062 #endif
01063
01071 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
01072 int (*f_rng)(void *, unsigned char *, size_t),
01073 void *p_rng );
01074
01089 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
01090 void (*f_dbg)(void *, int, const char *, int, const char *),
01091 void *p_dbg );
01092
01123 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
01124 void *p_bio,
01125 mbedtls_ssl_send_t *f_send,
01126 mbedtls_ssl_recv_t *f_recv,
01127 mbedtls_ssl_recv_timeout_t *f_recv_timeout );
01128
01145 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
01146
01167 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
01168 void *p_timer,
01169 mbedtls_ssl_set_timer_t *f_set_timer,
01170 mbedtls_ssl_get_timer_t *f_get_timer );
01171
01191 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
01192 const mbedtls_ssl_session *session,
01193 unsigned char *start,
01194 const unsigned char *end,
01195 size_t *tlen,
01196 uint32_t *lifetime );
01197
01198 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01199
01219 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
01220 const unsigned char *ms,
01221 const unsigned char *kb,
01222 size_t maclen,
01223 size_t keylen,
01224 size_t ivlen );
01225 #endif
01226
01250 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
01251 mbedtls_ssl_session *session,
01252 unsigned char *buf,
01253 size_t len );
01254
01255 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
01256
01270 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
01271 mbedtls_ssl_ticket_write_t *f_ticket_write,
01272 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
01273 void *p_ticket );
01274 #endif
01275
01276 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01277
01287 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
01288 mbedtls_ssl_export_keys_t *f_export_keys,
01289 void *p_export_keys );
01290 #endif
01291
01306 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
01307 unsigned char **p, unsigned char *end,
01308 const unsigned char *info, size_t ilen );
01309
01323 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
01324 const unsigned char *cookie, size_t clen,
01325 const unsigned char *info, size_t ilen );
01326
01327 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
01328
01356 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
01357 mbedtls_ssl_cookie_write_t *f_cookie_write,
01358 mbedtls_ssl_cookie_check_t *f_cookie_check,
01359 void *p_cookie );
01360
01380 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
01381 const unsigned char *info,
01382 size_t ilen );
01383
01384 #endif
01385
01386 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
01387
01402 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
01403 #endif
01404
01405 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
01406
01429 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
01430 #endif
01431
01432 #if defined(MBEDTLS_SSL_PROTO_DTLS)
01433
01464 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
01465 #endif
01466
01467 #if defined(MBEDTLS_SSL_SRV_C)
01468
01505 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
01506 void *p_cache,
01507 int (*f_get_cache)(void *, mbedtls_ssl_session *),
01508 int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
01509 #endif
01510
01511 #if defined(MBEDTLS_SSL_CLI_C)
01512
01526 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
01527 #endif
01528
01544 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
01545 const int *ciphersuites );
01546
01566 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
01567 const int *ciphersuites,
01568 int major, int minor );
01569
01570 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01571
01581 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
01582 const mbedtls_x509_crt_profile *profile );
01583
01595 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
01596 mbedtls_x509_crt *ca_chain,
01597 mbedtls_x509_crl *ca_crl );
01598
01635 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
01636 mbedtls_x509_crt *own_cert,
01637 mbedtls_pk_context *pk_key );
01638 #endif
01639
01640 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
01641
01661 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
01662 const unsigned char *psk, size_t psk_len,
01663 const unsigned char *psk_identity, size_t psk_identity_len );
01664
01665
01678 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
01679 const unsigned char *psk, size_t psk_len );
01680
01705 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
01706 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
01707 size_t),
01708 void *p_psk );
01709 #endif
01710
01711 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
01712
01713 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
01714
01715 #if defined(MBEDTLS_DEPRECATED_WARNING)
01716 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
01717 #else
01718 #define MBEDTLS_DEPRECATED
01719 #endif
01720
01734 MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
01735 const char *dhm_P,
01736 const char *dhm_G );
01737
01738 #endif
01739
01753 int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
01754 const unsigned char *dhm_P, size_t P_len,
01755 const unsigned char *dhm_G, size_t G_len );
01756
01766 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
01767 #endif
01768
01769 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
01770
01778 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
01779 unsigned int bitlen );
01780 #endif
01781
01782 #if defined(MBEDTLS_ECP_C)
01783
01810 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
01811 const mbedtls_ecp_group_id *curves );
01812 #endif
01813
01814 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
01815
01833 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
01834 const int *hashes );
01835 #endif
01836
01837 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01838
01856 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
01857 #endif
01858
01859 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
01860
01872 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
01873 mbedtls_x509_crt *own_cert,
01874 mbedtls_pk_context *pk_key );
01875
01887 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
01888 mbedtls_x509_crt *ca_chain,
01889 mbedtls_x509_crl *ca_crl );
01890
01901 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
01902 int authmode );
01903
01927 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
01928 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
01929 size_t),
01930 void *p_sni );
01931 #endif
01932
01933 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
01934
01951 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
01952 const unsigned char *pw,
01953 size_t pw_len );
01954 #endif
01955
01956 #if defined(MBEDTLS_SSL_ALPN)
01957
01969 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
01970
01980 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
01981 #endif
01982
01999 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
02000
02019 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
02020
02021 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
02022
02041 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
02042 #endif
02043
02044 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
02045
02056 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
02057 #endif
02058
02059 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
02060
02071 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
02072 #endif
02073
02074 #if defined(MBEDTLS_ARC4_C)
02075
02090 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
02091 #endif
02092
02093 #if defined(MBEDTLS_SSL_SRV_C)
02094
02103 void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
02104 char cert_req_ca_list );
02105 #endif
02106
02107 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02108
02138 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
02139 #endif
02140
02141 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
02142
02150 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
02151 #endif
02152
02153 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
02154
02165 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
02166 #endif
02167
02168 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
02169
02179 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
02180 #endif
02181
02182 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02183
02200 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
02201 #endif
02202
02230 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
02231
02232 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02233
02270 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
02271
02297 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
02298 const unsigned char period[8] );
02299 #endif
02300
02308 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
02309
02322 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
02323
02331 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
02332
02340 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
02341
02352 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
02353
02354 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02355
02371 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
02372 #endif
02373
02374 #if defined(MBEDTLS_X509_CRT_PARSE_C)
02375
02389 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
02390 #endif
02391
02392 #if defined(MBEDTLS_SSL_CLI_C)
02393
02419 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
02420 #endif
02421
02443 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
02444
02464 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
02465
02466 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02467
02485 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
02486 #endif
02487
02522 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
02523
02566 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
02567
02584 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
02585 unsigned char level,
02586 unsigned char message );
02600 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
02601
02607 void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
02608
02619 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
02620
02636 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
02637 int endpoint, int transport, int preset );
02638
02644 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
02645
02651 void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
02652
02662 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
02663
02664 #ifdef __cplusplus
02665 }
02666 #endif
02667
02668 #endif