00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051 #ifndef MBEDTLS_SSL_H
00052 #define MBEDTLS_SSL_H
00053
00054 #if !defined(MBEDTLS_CONFIG_FILE)
00055 #include "config.h"
00056 #else
00057 #include MBEDTLS_CONFIG_FILE
00058 #endif
00059
00060 #include "bignum.h"
00061 #include "ecp.h"
00062
00063 #include "ssl_ciphersuites.h"
00064
00065 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00066 #include "x509_crt.h"
00067 #include "x509_crl.h"
00068 #endif
00069
00070 #if defined(MBEDTLS_DHM_C)
00071 #include "dhm.h"
00072 #endif
00073
00074 #if defined(MBEDTLS_ECDH_C)
00075 #include "ecdh.h"
00076 #endif
00077
00078 #if defined(MBEDTLS_ZLIB_SUPPORT)
00079 #include "zlib.h"
00080 #endif
00081
00082 #if defined(MBEDTLS_HAVE_TIME)
00083 #include "platform_time.h"
00084 #endif
00085
00086
00087
00088
00089 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
00090 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
00091 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
00092 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
00093 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
00094 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
00095 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
00096 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
00097 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
00098 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
00099 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
00100 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
00101 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
00102 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
00103 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
00104 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
00105 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
00106 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
00107 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
00108 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
00109 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
00110 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
00111 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
00112 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
00113 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
00114 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
00115 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
00116 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
00117 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
00118 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
00119 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
00120 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
00121 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
00122 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
00123 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
00124 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
00125 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
00126 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
00127 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
00128 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
00129 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
00130 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
00131 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
00132 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
00133 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900
00134 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
00135 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
00136 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
00137 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
00138 #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
00139 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600
00140 #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
00142
00143
00144
00145 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
00146 #define MBEDTLS_SSL_MINOR_VERSION_0 0
00147 #define MBEDTLS_SSL_MINOR_VERSION_1 1
00148 #define MBEDTLS_SSL_MINOR_VERSION_2 2
00149 #define MBEDTLS_SSL_MINOR_VERSION_3 3
00151 #define MBEDTLS_SSL_TRANSPORT_STREAM 0
00152 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
00154 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
00155 #define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255
00157 #define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535
00159
00160
00161 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
00162 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
00163 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
00164 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
00165 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
00166 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
00168 #define MBEDTLS_SSL_IS_CLIENT 0
00169 #define MBEDTLS_SSL_IS_SERVER 1
00170
00171 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
00172 #define MBEDTLS_SSL_IS_FALLBACK 1
00173
00174 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
00175 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
00176
00177 #define MBEDTLS_SSL_ETM_DISABLED 0
00178 #define MBEDTLS_SSL_ETM_ENABLED 1
00179
00180 #define MBEDTLS_SSL_COMPRESS_NULL 0
00181 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
00182
00183 #define MBEDTLS_SSL_VERIFY_NONE 0
00184 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
00185 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
00186 #define MBEDTLS_SSL_VERIFY_UNSET 3
00187
00188 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
00189 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
00190
00191 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
00192 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
00193
00194 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
00195 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
00196
00197 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
00198 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
00199
00200 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
00201 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
00202 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
00203
00204 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
00205 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
00206 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10
00207
00208 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
00209 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
00210
00211 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
00212 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
00213
00214 #define MBEDTLS_SSL_ARC4_ENABLED 0
00215 #define MBEDTLS_SSL_ARC4_DISABLED 1
00216
00217 #define MBEDTLS_SSL_PRESET_DEFAULT 0
00218 #define MBEDTLS_SSL_PRESET_SUITEB 2
00219
00220 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
00221 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
00222
00223
00224
00225
00226
00227 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
00228 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
00229
00238 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
00239 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
00240 #endif
00241
00242
00243
00244
00245
00246
00247
00248
00249
00250
00251
00252
00253 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
00254 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
00255 #endif
00256
00257
00258
00259
00260
00261
00262 #if defined(MBEDTLS_SSL_PROTO_SSL3)
00263 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
00264 #else
00265 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
00266 #endif
00267
00268
00269
00270
00271 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
00272 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
00274
00275
00276
00277
00278 #define MBEDTLS_SSL_HASH_NONE 0
00279 #define MBEDTLS_SSL_HASH_MD5 1
00280 #define MBEDTLS_SSL_HASH_SHA1 2
00281 #define MBEDTLS_SSL_HASH_SHA224 3
00282 #define MBEDTLS_SSL_HASH_SHA256 4
00283 #define MBEDTLS_SSL_HASH_SHA384 5
00284 #define MBEDTLS_SSL_HASH_SHA512 6
00285
00286 #define MBEDTLS_SSL_SIG_ANON 0
00287 #define MBEDTLS_SSL_SIG_RSA 1
00288 #define MBEDTLS_SSL_SIG_ECDSA 3
00289
00290
00291
00292
00293
00294 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
00295 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
00296
00297
00298
00299
00300 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
00301 #define MBEDTLS_SSL_MSG_ALERT 21
00302 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
00303 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
00304
00305 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
00306 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
00307
00308 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0
00309 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
00310 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20
00311 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21
00312 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22
00313 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
00314 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
00315 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41
00316 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42
00317 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43
00318 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44
00319 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45
00320 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46
00321 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
00322 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48
00323 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49
00324 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50
00325 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51
00326 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60
00327 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70
00328 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
00329 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80
00330 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86
00331 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90
00332 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100
00333 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110
00334 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112
00335 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115
00336 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120
00337
00338 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
00339 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
00340 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
00341 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
00342 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
00343 #define MBEDTLS_SSL_HS_CERTIFICATE 11
00344 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
00345 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
00346 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
00347 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
00348 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
00349 #define MBEDTLS_SSL_HS_FINISHED 20
00350
00351
00352
00353
00354 #define MBEDTLS_TLS_EXT_SERVERNAME 0
00355 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
00356
00357 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
00358
00359 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
00360
00361 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
00362 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
00363
00364 #define MBEDTLS_TLS_EXT_SIG_ALG 13
00365
00366 #define MBEDTLS_TLS_EXT_ALPN 16
00367
00368 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22
00369 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017
00370
00371 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
00372
00373 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256
00374
00375 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
00376
00377
00378
00379
00380 #if !defined(MBEDTLS_PSK_MAX_LEN)
00381 #define MBEDTLS_PSK_MAX_LEN 32
00382 #endif
00383
00384
00385 union mbedtls_ssl_premaster_secret
00386 {
00387 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
00388 unsigned char _pms_rsa[48];
00389 #endif
00390 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
00391 unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];
00392 #endif
00393 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
00394 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
00395 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
00396 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
00397 unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];
00398 #endif
00399 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
00400 unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];
00401 #endif
00402 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
00403 unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
00404 + MBEDTLS_PSK_MAX_LEN];
00405 #endif
00406 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
00407 unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];
00408 #endif
00409 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00410 unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
00411 + MBEDTLS_PSK_MAX_LEN];
00412 #endif
00413 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
00414 unsigned char _pms_ecjpake[32];
00415 #endif
00416 };
00417
00418 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
00419
00420 #ifdef __cplusplus
00421 extern "C" {
00422 #endif
00423
00424
00425
00426
00427 typedef enum
00428 {
00429 MBEDTLS_SSL_HELLO_REQUEST,
00430 MBEDTLS_SSL_CLIENT_HELLO,
00431 MBEDTLS_SSL_SERVER_HELLO,
00432 MBEDTLS_SSL_SERVER_CERTIFICATE,
00433 MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
00434 MBEDTLS_SSL_CERTIFICATE_REQUEST,
00435 MBEDTLS_SSL_SERVER_HELLO_DONE,
00436 MBEDTLS_SSL_CLIENT_CERTIFICATE,
00437 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
00438 MBEDTLS_SSL_CERTIFICATE_VERIFY,
00439 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
00440 MBEDTLS_SSL_CLIENT_FINISHED,
00441 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
00442 MBEDTLS_SSL_SERVER_FINISHED,
00443 MBEDTLS_SSL_FLUSH_BUFFERS,
00444 MBEDTLS_SSL_HANDSHAKE_WRAPUP,
00445 MBEDTLS_SSL_HANDSHAKE_OVER,
00446 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
00447 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
00448 }
00449 mbedtls_ssl_states;
00450
00468 typedef int mbedtls_ssl_send_t( void *ctx,
00469 const unsigned char *buf,
00470 size_t len );
00471
00491 typedef int mbedtls_ssl_recv_t( void *ctx,
00492 unsigned char *buf,
00493 size_t len );
00494
00517 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
00518 unsigned char *buf,
00519 size_t len,
00520 uint32_t timeout );
00543 typedef void mbedtls_ssl_set_timer_t( void * ctx,
00544 uint32_t int_ms,
00545 uint32_t fin_ms );
00546
00558 typedef int mbedtls_ssl_get_timer_t( void * ctx );
00559
00560
00561
00562 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
00563 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
00564 typedef struct mbedtls_ssl_config mbedtls_ssl_config;
00565
00566
00567 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
00568 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
00569 typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
00570 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00571 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
00572 #endif
00573 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00574 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
00575 #endif
00576
00577
00578
00579
00580 struct mbedtls_ssl_session
00581 {
00582 #if defined(MBEDTLS_HAVE_TIME)
00583 mbedtls_time_t start;
00584 #endif
00585 int ciphersuite;
00586 int compression;
00587 size_t id_len;
00588 unsigned char id[32];
00589 unsigned char master[48];
00591 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00592 mbedtls_x509_crt *peer_cert;
00593 #endif
00594 uint32_t verify_result;
00596 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
00597 unsigned char *ticket;
00598 size_t ticket_len;
00599 uint32_t ticket_lifetime;
00600 #endif
00601
00602 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00603 unsigned char mfl_code;
00604 #endif
00605
00606 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00607 int trunc_hmac;
00608 #endif
00609
00610 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00611 int encrypt_then_mac;
00612 #endif
00613 };
00614
00618 struct mbedtls_ssl_config
00619 {
00620
00621
00622
00623
00624
00625
00626 const int *ciphersuite_list[4];
00629 void (*f_dbg)(void *, int, const char *, int, const char *);
00630 void *p_dbg;
00633 int (*f_rng)(void *, unsigned char *, size_t);
00634 void *p_rng;
00637 int (*f_get_cache)(void *, mbedtls_ssl_session *);
00639 int (*f_set_cache)(void *, const mbedtls_ssl_session *);
00640 void *p_cache;
00642 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
00643
00644 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00645 void *p_sni;
00646 #endif
00647
00648 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00649
00650 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
00651 void *p_vrfy;
00652 #endif
00653
00654 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00655
00656 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00657 void *p_psk;
00658 #endif
00659
00660 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00661
00662 int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
00663 const unsigned char *, size_t );
00665 int (*f_cookie_check)( void *, const unsigned char *, size_t,
00666 const unsigned char *, size_t );
00667 void *p_cookie;
00668 #endif
00669
00670 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
00671
00672 int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
00673 unsigned char *, const unsigned char *, size_t *, uint32_t * );
00675 int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
00676 void *p_ticket;
00677 #endif
00678
00679 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
00680
00681 int (*f_export_keys)( void *, const unsigned char *,
00682 const unsigned char *, size_t, size_t, size_t );
00683 void *p_export_keys;
00684 #endif
00685
00686 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00687 const mbedtls_x509_crt_profile *cert_profile;
00688 mbedtls_ssl_key_cert *key_cert;
00689 mbedtls_x509_crt *ca_chain;
00690 mbedtls_x509_crl *ca_crl;
00691 #endif
00692
00693 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
00694 const int *sig_hashes;
00695 #endif
00696
00697 #if defined(MBEDTLS_ECP_C)
00698 const mbedtls_ecp_group_id *curve_list;
00699 #endif
00700
00701 #if defined(MBEDTLS_DHM_C)
00702 mbedtls_mpi dhm_P;
00703 mbedtls_mpi dhm_G;
00704 #endif
00705
00706 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00707 unsigned char *psk;
00708 size_t psk_len;
00709 unsigned char *psk_identity;
00710 size_t psk_identity_len;
00711 #endif
00712
00713 #if defined(MBEDTLS_SSL_ALPN)
00714 const char **alpn_list;
00715 #endif
00716
00717
00718
00719
00720
00721 uint32_t read_timeout;
00723 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00724 uint32_t hs_timeout_min;
00726 uint32_t hs_timeout_max;
00728 #endif
00729
00730 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00731 int renego_max_records;
00732 unsigned char renego_period[8];
00734 #endif
00735
00736 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00737 unsigned int badmac_limit;
00738 #endif
00739
00740 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
00741 unsigned int dhm_min_bitlen;
00742 #endif
00743
00744 unsigned char max_major_ver;
00745 unsigned char max_minor_ver;
00746 unsigned char min_major_ver;
00747 unsigned char min_minor_ver;
00749
00750
00751
00752
00753 unsigned int endpoint : 1;
00754 unsigned int transport : 1;
00755 unsigned int authmode : 2;
00756
00757 unsigned int allow_legacy_renegotiation : 2 ;
00758 #if defined(MBEDTLS_ARC4_C)
00759 unsigned int arc4_disabled : 1;
00760 #endif
00761 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00762 unsigned int mfl_code : 3;
00763 #endif
00764 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00765 unsigned int encrypt_then_mac : 1 ;
00766 #endif
00767 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
00768 unsigned int extended_ms : 1;
00769 #endif
00770 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00771 unsigned int anti_replay : 1;
00772 #endif
00773 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00774 unsigned int cbc_record_splitting : 1;
00775 #endif
00776 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00777 unsigned int disable_renegotiation : 1;
00778 #endif
00779 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00780 unsigned int trunc_hmac : 1;
00781 #endif
00782 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
00783 unsigned int session_tickets : 1;
00784 #endif
00785 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
00786 unsigned int fallback : 1;
00787 #endif
00788 #if defined(MBEDTLS_SSL_SRV_C)
00789 unsigned int cert_req_ca_list : 1;
00791 #endif
00792 };
00793
00794
00795 struct mbedtls_ssl_context
00796 {
00797 const mbedtls_ssl_config *conf;
00799
00800
00801
00802 int state;
00803 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00804 int renego_status;
00805 int renego_records_seen;
00808 #endif
00809
00810 int major_ver;
00811 int minor_ver;
00813 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00814 unsigned badmac_seen;
00815 #endif
00816
00817 mbedtls_ssl_send_t *f_send;
00818 mbedtls_ssl_recv_t *f_recv;
00819 mbedtls_ssl_recv_timeout_t *f_recv_timeout;
00822 void *p_bio;
00824
00825
00826
00827 mbedtls_ssl_session *session_in;
00828 mbedtls_ssl_session *session_out;
00829 mbedtls_ssl_session *session;
00830 mbedtls_ssl_session *session_negotiate;
00832 mbedtls_ssl_handshake_params *handshake;
00835
00836
00837
00838 mbedtls_ssl_transform *transform_in;
00839 mbedtls_ssl_transform *transform_out;
00840 mbedtls_ssl_transform *transform;
00841 mbedtls_ssl_transform *transform_negotiate;
00843
00844
00845
00846 void *p_timer;
00848 mbedtls_ssl_set_timer_t *f_set_timer;
00849 mbedtls_ssl_get_timer_t *f_get_timer;
00851
00852
00853
00854 unsigned char *in_buf;
00855 unsigned char *in_ctr;
00858 unsigned char *in_hdr;
00859 unsigned char *in_len;
00860 unsigned char *in_iv;
00861 unsigned char *in_msg;
00862 unsigned char *in_offt;
00864 int in_msgtype;
00865 size_t in_msglen;
00866 size_t in_left;
00867 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00868 uint16_t in_epoch;
00869 size_t next_record_offset;
00871 #endif
00872 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00873 uint64_t in_window_top;
00874 uint64_t in_window;
00875 #endif
00876
00877 size_t in_hslen;
00879 int nb_zero;
00881 int keep_current_message;
00884
00885
00886
00887 unsigned char *out_buf;
00888 unsigned char *out_ctr;
00889 unsigned char *out_hdr;
00890 unsigned char *out_len;
00891 unsigned char *out_iv;
00892 unsigned char *out_msg;
00894 int out_msgtype;
00895 size_t out_msglen;
00896 size_t out_left;
00898 #if defined(MBEDTLS_ZLIB_SUPPORT)
00899 unsigned char *compress_buf;
00900 #endif
00901 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00902 signed char split_done;
00903 #endif
00904
00905
00906
00907
00908 int client_auth;
00910
00911
00912
00913 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00914 char *hostname;
00916 #endif
00917
00918 #if defined(MBEDTLS_SSL_ALPN)
00919 const char *alpn_chosen;
00920 #endif
00921
00922
00923
00924
00925 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00926 unsigned char *cli_id;
00927 size_t cli_id_len;
00928 #endif
00929
00930
00931
00932
00933
00934 int secure_renegotiation;
00936 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00937 size_t verify_data_len;
00938 char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00939 char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00940 #endif
00941 };
00942
00943 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
00944
00945 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
00946 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
00947
00948 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
00949 const unsigned char *key_enc, const unsigned char *key_dec,
00950 size_t keylen,
00951 const unsigned char *iv_enc, const unsigned char *iv_dec,
00952 size_t ivlen,
00953 const unsigned char *mac_enc, const unsigned char *mac_dec,
00954 size_t maclen);
00955 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
00956 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
00957 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
00958 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
00959 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
00960 #endif
00961
00970 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
00971
00980 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
00981
00989 void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
00990
01011 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
01012 const mbedtls_ssl_config *conf );
01013
01024 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
01025
01032 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
01033
01048 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
01049
01076 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
01077
01078 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01079
01090 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
01091 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
01092 void *p_vrfy );
01093 #endif
01094
01102 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
01103 int (*f_rng)(void *, unsigned char *, size_t),
01104 void *p_rng );
01105
01120 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
01121 void (*f_dbg)(void *, int, const char *, int, const char *),
01122 void *p_dbg );
01123
01154 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
01155 void *p_bio,
01156 mbedtls_ssl_send_t *f_send,
01157 mbedtls_ssl_recv_t *f_recv,
01158 mbedtls_ssl_recv_timeout_t *f_recv_timeout );
01159
01176 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
01177
01198 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
01199 void *p_timer,
01200 mbedtls_ssl_set_timer_t *f_set_timer,
01201 mbedtls_ssl_get_timer_t *f_get_timer );
01202
01222 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
01223 const mbedtls_ssl_session *session,
01224 unsigned char *start,
01225 const unsigned char *end,
01226 size_t *tlen,
01227 uint32_t *lifetime );
01228
01229 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01230
01250 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
01251 const unsigned char *ms,
01252 const unsigned char *kb,
01253 size_t maclen,
01254 size_t keylen,
01255 size_t ivlen );
01256 #endif
01257
01281 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
01282 mbedtls_ssl_session *session,
01283 unsigned char *buf,
01284 size_t len );
01285
01286 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
01287
01301 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
01302 mbedtls_ssl_ticket_write_t *f_ticket_write,
01303 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
01304 void *p_ticket );
01305 #endif
01306
01307 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01308
01318 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
01319 mbedtls_ssl_export_keys_t *f_export_keys,
01320 void *p_export_keys );
01321 #endif
01322
01337 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
01338 unsigned char **p, unsigned char *end,
01339 const unsigned char *info, size_t ilen );
01340
01354 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
01355 const unsigned char *cookie, size_t clen,
01356 const unsigned char *info, size_t ilen );
01357
01358 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
01359
01387 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
01388 mbedtls_ssl_cookie_write_t *f_cookie_write,
01389 mbedtls_ssl_cookie_check_t *f_cookie_check,
01390 void *p_cookie );
01391
01411 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
01412 const unsigned char *info,
01413 size_t ilen );
01414
01415 #endif
01416
01417 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
01418
01433 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
01434 #endif
01435
01436 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
01437
01460 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
01461 #endif
01462
01463 #if defined(MBEDTLS_SSL_PROTO_DTLS)
01464
01495 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
01496 #endif
01497
01498 #if defined(MBEDTLS_SSL_SRV_C)
01499
01536 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
01537 void *p_cache,
01538 int (*f_get_cache)(void *, mbedtls_ssl_session *),
01539 int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
01540 #endif
01541
01542 #if defined(MBEDTLS_SSL_CLI_C)
01543
01557 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
01558 #endif
01559
01575 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
01576 const int *ciphersuites );
01577
01597 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
01598 const int *ciphersuites,
01599 int major, int minor );
01600
01601 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01602
01612 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
01613 const mbedtls_x509_crt_profile *profile );
01614
01626 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
01627 mbedtls_x509_crt *ca_chain,
01628 mbedtls_x509_crl *ca_crl );
01629
01666 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
01667 mbedtls_x509_crt *own_cert,
01668 mbedtls_pk_context *pk_key );
01669 #endif
01670
01671 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
01672
01692 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
01693 const unsigned char *psk, size_t psk_len,
01694 const unsigned char *psk_identity, size_t psk_identity_len );
01695
01696
01709 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
01710 const unsigned char *psk, size_t psk_len );
01711
01736 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
01737 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
01738 size_t),
01739 void *p_psk );
01740 #endif
01741
01742 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
01743
01744 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
01745
01746 #if defined(MBEDTLS_DEPRECATED_WARNING)
01747 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
01748 #else
01749 #define MBEDTLS_DEPRECATED
01750 #endif
01751
01765 MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
01766 const char *dhm_P,
01767 const char *dhm_G );
01768
01769 #endif
01770
01784 int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
01785 const unsigned char *dhm_P, size_t P_len,
01786 const unsigned char *dhm_G, size_t G_len );
01787
01797 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
01798 #endif
01799
01800 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
01801
01809 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
01810 unsigned int bitlen );
01811 #endif
01812
01813 #if defined(MBEDTLS_ECP_C)
01814
01841 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
01842 const mbedtls_ecp_group_id *curves );
01843 #endif
01844
01845 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
01846
01864 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
01865 const int *hashes );
01866 #endif
01867
01868 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01869
01887 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
01888 #endif
01889
01890 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
01891
01903 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
01904 mbedtls_x509_crt *own_cert,
01905 mbedtls_pk_context *pk_key );
01906
01918 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
01919 mbedtls_x509_crt *ca_chain,
01920 mbedtls_x509_crl *ca_crl );
01921
01932 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
01933 int authmode );
01934
01958 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
01959 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
01960 size_t),
01961 void *p_sni );
01962 #endif
01963
01964 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
01965
01982 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
01983 const unsigned char *pw,
01984 size_t pw_len );
01985 #endif
01986
01987 #if defined(MBEDTLS_SSL_ALPN)
01988
02000 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
02001
02011 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
02012 #endif
02013
02030 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
02031
02050 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
02051
02052 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
02053
02072 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
02073 #endif
02074
02075 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
02076
02087 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
02088 #endif
02089
02090 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
02091
02102 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
02103 #endif
02104
02105 #if defined(MBEDTLS_ARC4_C)
02106
02121 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
02122 #endif
02123
02124 #if defined(MBEDTLS_SSL_SRV_C)
02125
02134 void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
02135 char cert_req_ca_list );
02136 #endif
02137
02138 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02139
02169 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
02170 #endif
02171
02172 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
02173
02181 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
02182 #endif
02183
02184 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
02185
02196 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
02197 #endif
02198
02199 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
02200
02210 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
02211 #endif
02212
02213 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02214
02231 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
02232 #endif
02233
02261 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
02262
02263 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02264
02301 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
02302
02328 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
02329 const unsigned char period[8] );
02330 #endif
02331
02339 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
02340
02353 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
02354
02362 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
02363
02371 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
02372
02383 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
02384
02385 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02386
02402 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
02403 #endif
02404
02405 #if defined(MBEDTLS_X509_CRT_PARSE_C)
02406
02420 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
02421 #endif
02422
02423 #if defined(MBEDTLS_SSL_CLI_C)
02424
02450 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
02451 #endif
02452
02474 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
02475
02495 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
02496
02497 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02498
02516 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
02517 #endif
02518
02553 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
02554
02597 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
02598
02615 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
02616 unsigned char level,
02617 unsigned char message );
02631 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
02632
02638 void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
02639
02650 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
02651
02667 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
02668 int endpoint, int transport, int preset );
02669
02675 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
02676
02682 void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
02683
02693 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
02694
02695 #ifdef __cplusplus
02696 }
02697 #endif
02698
02699 #endif