Detailed Description

SSL/TLS functions.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This file is part of mbed TLS (https://tls.mbed.org)

Definition in file ssl.h.

#include <config-sl-crypto-all-acceleration.h>
#include "bignum.h"
#include "ecp.h"
#include "ssl_ciphersuites.h"

Include dependency graph for ssl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
union	mbedtls_ssl_premaster_secret

struct	mbedtls_ssl_session

struct	mbedtls_ssl_config
	SSL/TLS configuration to be shared between mbedtls_ssl_context structures. More...

struct	mbedtls_ssl_context

Macros
#define	MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
	The requested feature is not available. More...

#define	MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
	Bad input parameters to function. More...

#define	MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
	Verification of the message MAC failed. More...

#define	MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
	An invalid SSL record was received. More...

#define	MBEDTLS_ERR_SSL_CONN_EOF -0x7280
	The connection indicated an EOF. More...

#define	MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
	An unknown cipher was received. More...

#define	MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
	The server has no ciphersuites in common with the client. More...

#define	MBEDTLS_ERR_SSL_NO_RNG -0x7400
	No RNG was provided to the SSL module. More...

#define	MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
	No client certification received from the client, but required by the authentication mode. More...

#define	MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
	Our own certificate(s) is/are too large to send in an SSL message. More...

#define	MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
	The own certificate is not set, but needed by the server. More...

#define	MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
	The own private key or pre-shared key is not set, but needed. More...

#define	MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
	No CA Chain is set, but required to operate. More...

#define	MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
	An unexpected message was received from our peer. More...

#define	MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
	A fatal alert message was received from our peer. More...

#define	MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
	Verification of our peer failed. More...

#define	MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
	The peer notified us that the connection is going to be closed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
	Processing of the ClientHello handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
	Processing of the ServerHello handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
	Processing of the Certificate handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
	Processing of the CertificateRequest handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
	Processing of the ServerKeyExchange handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
	Processing of the ServerHelloDone handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
	Processing of the ClientKeyExchange handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
	Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
	Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
	Processing of the CertificateVerify handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
	Processing of the ChangeCipherSpec handshake message failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
	Processing of the Finished handshake message failed. More...

#define	MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
	Memory allocation failed. More...

#define	MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
	Hardware acceleration function returned with error. More...

#define	MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
	Hardware acceleration function skipped / left alone data. More...

#define	MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
	Processing of the compression / decompression failed. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
	Handshake protocol not within min/max boundaries. More...

#define	MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
	Processing of the NewSessionTicket handshake message failed. More...

#define	MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
	Session ticket has expired. More...

#define	MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
	Public key type mismatch (eg, asked for RSA key exchange and presented EC key) More...

#define	MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
	Unknown identity received (eg, PSK identity) More...

#define	MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
	Internal error (eg, unexpected failure in lower-level module) More...

#define	MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
	A counter would wrap (eg, too many messages exchanged). More...

#define	MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
	Unexpected message at ServerHello in renegotiation. More...

#define	MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
	DTLS client must retry for hello verification. More...

#define	MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
	A buffer is too small to receive or write a message. More...

#define	MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
	None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). More...

#define	MBEDTLS_ERR_SSL_WANT_READ -0x6900
	Connection requires a read call. More...

#define	MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
	Connection requires a write call. More...

#define	MBEDTLS_ERR_SSL_TIMEOUT -0x6800
	The operation timed out. More...

#define	MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
	The client initiated a reconnect from the same port. More...

#define	MBEDTLS_SSL_MAJOR_VERSION_3 3

#define	MBEDTLS_SSL_MINOR_VERSION_0 0

#define	MBEDTLS_SSL_MINOR_VERSION_1 1

#define	MBEDTLS_SSL_MINOR_VERSION_2 2

#define	MBEDTLS_SSL_MINOR_VERSION_3 3

#define	MBEDTLS_SSL_TRANSPORT_STREAM 0

#define	MBEDTLS_SSL_TRANSPORT_DATAGRAM 1

#define	MBEDTLS_SSL_MAX_HOST_NAME_LEN 255

#define	MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0

#define	MBEDTLS_SSL_MAX_FRAG_LEN_512 1

#define	MBEDTLS_SSL_MAX_FRAG_LEN_1024 2

#define	MBEDTLS_SSL_MAX_FRAG_LEN_2048 3

#define	MBEDTLS_SSL_MAX_FRAG_LEN_4096 4

#define	MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5

#define	MBEDTLS_SSL_IS_CLIENT 0

#define	MBEDTLS_SSL_IS_SERVER 1

#define	MBEDTLS_SSL_IS_NOT_FALLBACK 0

#define	MBEDTLS_SSL_IS_FALLBACK 1

#define	MBEDTLS_SSL_EXTENDED_MS_DISABLED 0

#define	MBEDTLS_SSL_EXTENDED_MS_ENABLED 1

#define	MBEDTLS_SSL_ETM_DISABLED 0

#define	MBEDTLS_SSL_ETM_ENABLED 1

#define	MBEDTLS_SSL_COMPRESS_NULL 0

#define	MBEDTLS_SSL_COMPRESS_DEFLATE 1

#define	MBEDTLS_SSL_VERIFY_NONE 0

#define	MBEDTLS_SSL_VERIFY_OPTIONAL 1

#define	MBEDTLS_SSL_VERIFY_REQUIRED 2

#define	MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */

#define	MBEDTLS_SSL_LEGACY_RENEGOTIATION 0

#define	MBEDTLS_SSL_SECURE_RENEGOTIATION 1

#define	MBEDTLS_SSL_RENEGOTIATION_DISABLED 0

#define	MBEDTLS_SSL_RENEGOTIATION_ENABLED 1

#define	MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0

#define	MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1

#define	MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1

#define	MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16

#define	MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0

#define	MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1

#define	MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2

#define	MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0

#define	MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1

#define	MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */

#define	MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0

#define	MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1

#define	MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0

#define	MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1

#define	MBEDTLS_SSL_ARC4_ENABLED 0

#define	MBEDTLS_SSL_ARC4_DISABLED 1

#define	MBEDTLS_SSL_PRESET_DEFAULT 0

#define	MBEDTLS_SSL_PRESET_SUITEB 2

#define	MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000

#define	MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000

#define	MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12

#define	MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
	renegotiation info ext More...

#define	MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
	draft-ietf-tls-downgrade-scsv-00 More...

#define	MBEDTLS_SSL_HASH_NONE 0

#define	MBEDTLS_SSL_HASH_MD5 1

#define	MBEDTLS_SSL_HASH_SHA1 2

#define	MBEDTLS_SSL_HASH_SHA224 3

#define	MBEDTLS_SSL_HASH_SHA256 4

#define	MBEDTLS_SSL_HASH_SHA384 5

#define	MBEDTLS_SSL_HASH_SHA512 6

#define	MBEDTLS_SSL_SIG_ANON 0

#define	MBEDTLS_SSL_SIG_RSA 1

#define	MBEDTLS_SSL_SIG_ECDSA 3

#define	MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1

#define	MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64

#define	MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20

#define	MBEDTLS_SSL_MSG_ALERT 21

#define	MBEDTLS_SSL_MSG_HANDSHAKE 22

#define	MBEDTLS_SSL_MSG_APPLICATION_DATA 23

#define	MBEDTLS_SSL_ALERT_LEVEL_WARNING 1

#define	MBEDTLS_SSL_ALERT_LEVEL_FATAL 2

#define	MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */

#define	MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */

#define	MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */

#define	MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */

#define	MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */

#define	MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */

#define	MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */

#define	MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */

#define	MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */

#define	MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */

#define	MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */

#define	MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */

#define	MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */

#define	MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */

#define	MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */

#define	MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */

#define	MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */

#define	MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */

#define	MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */

#define	MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */

#define	MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */

#define	MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */

#define	MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */

#define	MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */

#define	MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */

#define	MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */

#define	MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */

#define	MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */

#define	MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */

#define	MBEDTLS_SSL_HS_HELLO_REQUEST 0

#define	MBEDTLS_SSL_HS_CLIENT_HELLO 1

#define	MBEDTLS_SSL_HS_SERVER_HELLO 2

#define	MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3

#define	MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4

#define	MBEDTLS_SSL_HS_CERTIFICATE 11

#define	MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12

#define	MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13

#define	MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14

#define	MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15

#define	MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16

#define	MBEDTLS_SSL_HS_FINISHED 20

#define	MBEDTLS_TLS_EXT_SERVERNAME 0

#define	MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0

#define	MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1

#define	MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4

#define	MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10

#define	MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11

#define	MBEDTLS_TLS_EXT_SIG_ALG 13

#define	MBEDTLS_TLS_EXT_ALPN 16

#define	MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */

#define	MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */

#define	MBEDTLS_TLS_EXT_SESSION_TICKET 35

#define	MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */

#define	MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01

#define	MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */

#define	MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )

SECTION: Module settings
The configuration options you can set for this module are in this section. Either change them in config.h or define them on the compiler command line.
#define	MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
	Lifetime of session tickets (if enabled) More...

#define	MBEDTLS_SSL_MAX_CONTENT_LEN 16384
	Size of the input / output buffer. More...

Typedefs
typedef struct mbedtls_ssl_session	mbedtls_ssl_session

typedef struct mbedtls_ssl_context	mbedtls_ssl_context

typedef struct mbedtls_ssl_config	mbedtls_ssl_config

typedef struct mbedtls_ssl_transform	mbedtls_ssl_transform

typedef struct mbedtls_ssl_handshake_params	mbedtls_ssl_handshake_params

typedef int	mbedtls_ssl_ticket_write_t(void p_ticket, const mbedtls_ssl_session session, unsigned char start, const unsigned char end, size_t tlen, uint32_t lifetime)
	Callback type: generate and write session ticket. More...

typedef int	mbedtls_ssl_ticket_parse_t(void p_ticket, mbedtls_ssl_session session, unsigned char *buf, size_t len)
	Callback type: parse and load session ticket. More...

typedef int	mbedtls_ssl_cookie_write_t(void ctx, unsigned char p, unsigned char end, const unsigned char *info, size_t ilen)
	Callback type: generate a cookie. More...

typedef int	mbedtls_ssl_cookie_check_t(void ctx, const unsigned char cookie, size_t clen, const unsigned char *info, size_t ilen)
	Callback type: verify a cookie. More...

Functions
const int *	mbedtls_ssl_list_ciphersuites (void)
	Returns the list of ciphersuites supported by the SSL/TLS module. More...

const char *	mbedtls_ssl_get_ciphersuite_name (const int ciphersuite_id)
	Return the name of the ciphersuite associated with the given ID. More...

int	mbedtls_ssl_get_ciphersuite_id (const char *ciphersuite_name)
	Return the ID of the ciphersuite associated with the given name. More...

void	mbedtls_ssl_init (mbedtls_ssl_context *ssl)
	Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free() More...

int	mbedtls_ssl_setup (mbedtls_ssl_context ssl, const mbedtls_ssl_config conf)
	Set up an SSL context for use. More...

int	mbedtls_ssl_session_reset (mbedtls_ssl_context *ssl)
	Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. More...

void	mbedtls_ssl_conf_endpoint (mbedtls_ssl_config *conf, int endpoint)
	Set the current endpoint type. More...

void	mbedtls_ssl_conf_transport (mbedtls_ssl_config *conf, int transport)
	Set the transport type (TLS or DTLS). More...

void	mbedtls_ssl_conf_authmode (mbedtls_ssl_config *conf, int authmode)
	Set the certificate verification mode Default: NONE on server, REQUIRED on client. More...

void	mbedtls_ssl_conf_rng (mbedtls_ssl_config conf, int(f_rng)(void , unsigned char , size_t), void *p_rng)
	Set the random number generator callback. More...

void	mbedtls_ssl_conf_dbg (mbedtls_ssl_config conf, void(f_dbg)(void , int, const char , int, const char ), void p_dbg)
	Set the debug callback. More...

void	mbedtls_ssl_set_bio (mbedtls_ssl_context ssl, void p_bio, int(f_send)(void , const unsigned char , size_t), int(f_recv)(void , unsigned char , size_t), int(f_recv_timeout)(void , unsigned char *, size_t, uint32_t))
	Set the underlying BIO callbacks for write, read and read-with-timeout. More...

void	mbedtls_ssl_conf_read_timeout (mbedtls_ssl_config *conf, uint32_t timeout)
	Set the timeout period for mbedtls_ssl_read() (Default: no timeout.) More...

void	mbedtls_ssl_set_timer_cb (mbedtls_ssl_context ssl, void p_timer, void(f_set_timer)(void , uint32_t int_ms, uint32_t fin_ms), int(f_get_timer)(void ))
	Set the timer callbacks (Mandatory for DTLS.) More...

void	mbedtls_ssl_conf_ciphersuites (mbedtls_ssl_config conf, const int ciphersuites)
	Set the list of allowed ciphersuites and the preference order. More...

void	mbedtls_ssl_conf_ciphersuites_for_version (mbedtls_ssl_config conf, const int ciphersuites, int major, int minor)
	Set the list of allowed ciphersuites and the preference order for a specific version of the protocol. More...

void	mbedtls_ssl_conf_max_version (mbedtls_ssl_config *conf, int major, int minor)
	Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) More...

void	mbedtls_ssl_conf_min_version (mbedtls_ssl_config *conf, int major, int minor)
	Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0) More...

void	mbedtls_ssl_conf_legacy_renegotiation (mbedtls_ssl_config *conf, int allow_legacy)
	Prevent or allow legacy renegotiation. More...

size_t	mbedtls_ssl_get_bytes_avail (const mbedtls_ssl_context *ssl)
	Return the number of data bytes available to read. More...

uint32_t	mbedtls_ssl_get_verify_result (const mbedtls_ssl_context *ssl)
	Return the result of the certificate verification. More...

const char *	mbedtls_ssl_get_ciphersuite (const mbedtls_ssl_context *ssl)
	Return the name of the current ciphersuite. More...

const char *	mbedtls_ssl_get_version (const mbedtls_ssl_context *ssl)
	Return the current SSL version (SSLv3/TLSv1/etc) More...

int	mbedtls_ssl_get_record_expansion (const mbedtls_ssl_context *ssl)
	Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. More...

int	mbedtls_ssl_handshake (mbedtls_ssl_context *ssl)
	Perform the SSL handshake. More...

int	mbedtls_ssl_handshake_step (mbedtls_ssl_context *ssl)
	Perform a single step of the SSL handshake. More...

int	mbedtls_ssl_read (mbedtls_ssl_context ssl, unsigned char buf, size_t len)
	Read at most 'len' application data bytes. More...

int	mbedtls_ssl_write (mbedtls_ssl_context ssl, const unsigned char buf, size_t len)
	Try to write exactly 'len' application data bytes. More...

int	mbedtls_ssl_send_alert_message (mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
	Send an alert message. More...

int	mbedtls_ssl_close_notify (mbedtls_ssl_context *ssl)
	Notify the peer that the connection is being closed. More...

void	mbedtls_ssl_free (mbedtls_ssl_context *ssl)
	Free referenced items in an SSL context and clear memory. More...

void	mbedtls_ssl_config_init (mbedtls_ssl_config *conf)
	Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). More...

int	mbedtls_ssl_config_defaults (mbedtls_ssl_config *conf, int endpoint, int transport, int preset)
	Load reasonnable default SSL configuration values. More...

void	mbedtls_ssl_config_free (mbedtls_ssl_config *conf)
	Free an SSL configuration context. More...

void	mbedtls_ssl_session_init (mbedtls_ssl_session *session)
	Initialize SSL session structure. More...

void	mbedtls_ssl_session_free (mbedtls_ssl_session *session)
	Free referenced items in an SSL session including the peer certificate and clear memory. More...

Macro Definition Documentation

#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00

Memory allocation failed.

Definition at line 90 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00

Processing of the Certificate handshake message failed.

Definition at line 80 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80

Processing of the CertificateRequest handshake message failed.

Definition at line 81 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80

Processing of the CertificateVerify handshake message failed.

Definition at line 87 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00

Processing of the ChangeCipherSpec handshake message failed.

Definition at line 88 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900

Processing of the ClientHello handshake message failed.

Definition at line 78 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00

Processing of the ClientKeyExchange handshake message failed.

Definition at line 84 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00

Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret.

Definition at line 86 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80

Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public.

Definition at line 85 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80

Processing of the Finished handshake message failed.

Definition at line 89 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00

Processing of the NewSessionTicket handshake message failed.

Definition at line 95 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80

Handshake protocol not within min/max boundaries.

Definition at line 94 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980

Processing of the ServerHello handshake message failed.

Definition at line 79 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80

Processing of the ServerHelloDone handshake message failed.

Definition at line 83 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00

Processing of the ServerKeyExchange handshake message failed.

Definition at line 82 of file ssl.h.

#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100

Bad input parameters to function.

Definition at line 62 of file ssl.h.

#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00

A buffer is too small to receive or write a message.

Definition at line 103 of file ssl.h.

#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680

No CA Chain is set, but required to operate.

Definition at line 73 of file ssl.h.

#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580

The own certificate is not set, but needed by the server.

Definition at line 71 of file ssl.h.

#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500

Our own certificate(s) is/are too large to send in an SSL message.

Definition at line 70 of file ssl.h.

#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780

The client initiated a reconnect from the same port.

Definition at line 108 of file ssl.h.

#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00

Processing of the compression / decompression failed.

Definition at line 93 of file ssl.h.

#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280

The connection indicated an EOF.

Definition at line 65 of file ssl.h.

#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80

A counter would wrap (eg, too many messages exchanged).

Definition at line 100 of file ssl.h.

#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780

A fatal alert message was received from our peer.

Definition at line 75 of file ssl.h.

#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080

The requested feature is not available.

Definition at line 61 of file ssl.h.

#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80

DTLS client must retry for hello verification.

Definition at line 102 of file ssl.h.

#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80

Hardware acceleration function returned with error.

Definition at line 91 of file ssl.h.

#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80

Hardware acceleration function skipped / left alone data.

Definition at line 92 of file ssl.h.

#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00

Internal error (eg, unexpected failure in lower-level module)

Definition at line 99 of file ssl.h.

#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180

Verification of the message MAC failed.

Definition at line 63 of file ssl.h.

#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200

An invalid SSL record was received.

Definition at line 64 of file ssl.h.

#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380

The server has no ciphersuites in common with the client.

Definition at line 67 of file ssl.h.

#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480

No client certification received from the client, but required by the authentication mode.

Definition at line 69 of file ssl.h.

#define MBEDTLS_ERR_SSL_NO_RNG -0x7400

No RNG was provided to the SSL module.

Definition at line 68 of file ssl.h.

#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980

None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages).

Definition at line 104 of file ssl.h.

#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880

The peer notified us that the connection is going to be closed.

Definition at line 77 of file ssl.h.

#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800

Verification of our peer failed.

Definition at line 76 of file ssl.h.

#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00

Public key type mismatch (eg, asked for RSA key exchange and presented EC key)

Definition at line 97 of file ssl.h.

#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600

The own private key or pre-shared key is not set, but needed.

Definition at line 72 of file ssl.h.

#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80

Session ticket has expired.

Definition at line 96 of file ssl.h.

#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800

The operation timed out.

Definition at line 107 of file ssl.h.

#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700

An unexpected message was received from our peer.

Definition at line 74 of file ssl.h.

#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300

An unknown cipher was received.

Definition at line 66 of file ssl.h.

#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80

Unknown identity received (eg, PSK identity)

Definition at line 98 of file ssl.h.

#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00

Unexpected message at ServerHello in renegotiation.

Definition at line 101 of file ssl.h.

#define MBEDTLS_ERR_SSL_WANT_READ -0x6900

Connection requires a read call.

Definition at line 105 of file ssl.h.

#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880

Connection requires a write call.

Definition at line 106 of file ssl.h.

#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )

Definition at line 380 of file ssl.h.

#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */

Definition at line 343 of file ssl.h.

#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2

Definition at line 268 of file ssl.h.

#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1

Definition at line 267 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */

Definition at line 285 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */

Definition at line 278 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */

Definition at line 272 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */

Definition at line 281 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */

Definition at line 280 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */

Definition at line 282 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */

Definition at line 270 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */

Definition at line 286 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */

Definition at line 275 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */

Definition at line 287 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */

Definition at line 273 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */

Definition at line 288 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */

Definition at line 276 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */

Definition at line 283 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */

Definition at line 292 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */

Definition at line 290 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */

Definition at line 291 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */

Definition at line 298 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */

Definition at line 277 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */

Definition at line 294 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */

Definition at line 289 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */

Definition at line 274 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */

Definition at line 271 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */

Definition at line 284 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */

Definition at line 297 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */

Definition at line 296 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */

Definition at line 279 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */

Definition at line 295 of file ssl.h.

#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */

Definition at line 293 of file ssl.h.

#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0

Definition at line 159 of file ssl.h.

#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1

Definition at line 160 of file ssl.h.

#define MBEDTLS_SSL_ARC4_DISABLED 1

Definition at line 180 of file ssl.h.

#define MBEDTLS_SSL_ARC4_ENABLED 0

Definition at line 179 of file ssl.h.

#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0

Definition at line 176 of file ssl.h.

#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1

Definition at line 177 of file ssl.h.

#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64

Definition at line 257 of file ssl.h.

#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1

Definition at line 256 of file ssl.h.

#define MBEDTLS_SSL_COMPRESS_DEFLATE 1

Definition at line 146 of file ssl.h.

#define MBEDTLS_SSL_COMPRESS_NULL 0

Definition at line 145 of file ssl.h.

#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400

Lifetime of session tickets (if enabled)

Definition at line 201 of file ssl.h.

#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000

Definition at line 190 of file ssl.h.

#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000

Definition at line 189 of file ssl.h.

#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF

renegotiation info ext

Definition at line 233 of file ssl.h.

#define MBEDTLS_SSL_ETM_DISABLED 0

Definition at line 142 of file ssl.h.

#define MBEDTLS_SSL_ETM_ENABLED 1

Definition at line 143 of file ssl.h.

#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0

Definition at line 139 of file ssl.h.

#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1

Definition at line 140 of file ssl.h.

#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600

draft-ietf-tls-downgrade-scsv-00

Definition at line 234 of file ssl.h.

#define MBEDTLS_SSL_HASH_MD5 1

Definition at line 241 of file ssl.h.

#define MBEDTLS_SSL_HASH_NONE 0

Definition at line 240 of file ssl.h.

#define MBEDTLS_SSL_HASH_SHA1 2

Definition at line 242 of file ssl.h.

#define MBEDTLS_SSL_HASH_SHA224 3

Definition at line 243 of file ssl.h.

#define MBEDTLS_SSL_HASH_SHA256 4

Definition at line 244 of file ssl.h.

#define MBEDTLS_SSL_HASH_SHA384 5

Definition at line 245 of file ssl.h.

#define MBEDTLS_SSL_HASH_SHA512 6

Definition at line 246 of file ssl.h.

#define MBEDTLS_SSL_HS_CERTIFICATE 11

Definition at line 305 of file ssl.h.

#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13

Definition at line 307 of file ssl.h.

#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15

Definition at line 309 of file ssl.h.

#define MBEDTLS_SSL_HS_CLIENT_HELLO 1

Definition at line 301 of file ssl.h.

#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16

Definition at line 310 of file ssl.h.

#define MBEDTLS_SSL_HS_FINISHED 20

Definition at line 311 of file ssl.h.

#define MBEDTLS_SSL_HS_HELLO_REQUEST 0

Definition at line 300 of file ssl.h.

#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3

Definition at line 303 of file ssl.h.

#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4

Definition at line 304 of file ssl.h.

#define MBEDTLS_SSL_HS_SERVER_HELLO 2

Definition at line 302 of file ssl.h.

#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14

Definition at line 308 of file ssl.h.

#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12

Definition at line 306 of file ssl.h.

#define MBEDTLS_SSL_IS_CLIENT 0

Definition at line 133 of file ssl.h.

#define MBEDTLS_SSL_IS_FALLBACK 1

Definition at line 137 of file ssl.h.

#define MBEDTLS_SSL_IS_NOT_FALLBACK 0

Definition at line 136 of file ssl.h.

#define MBEDTLS_SSL_IS_SERVER 1

Definition at line 134 of file ssl.h.

#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1

Definition at line 166 of file ssl.h.

#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2

Definition at line 167 of file ssl.h.

#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0

Definition at line 165 of file ssl.h.

#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0

Definition at line 153 of file ssl.h.

#define MBEDTLS_SSL_MAJOR_VERSION_3 3

Definition at line 113 of file ssl.h.

#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384

Size of the input / output buffer.

Definition at line 216 of file ssl.h.

#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2

MaxFragmentLength 2^10

Definition at line 128 of file ssl.h.

#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3

MaxFragmentLength 2^11

Definition at line 129 of file ssl.h.

#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4

MaxFragmentLength 2^12

Definition at line 130 of file ssl.h.

#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1

MaxFragmentLength 2^9

Definition at line 127 of file ssl.h.

#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5

first invalid value

Definition at line 131 of file ssl.h.

#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0

don't use this extension

Definition at line 126 of file ssl.h.

#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255

Maximum host name defined in RFC 1035

Definition at line 122 of file ssl.h.

#define MBEDTLS_SSL_MINOR_VERSION_0 0

SSL v3.0

Definition at line 114 of file ssl.h.

#define MBEDTLS_SSL_MINOR_VERSION_1 1

TLS v1.0

Definition at line 115 of file ssl.h.

#define MBEDTLS_SSL_MINOR_VERSION_2 2

TLS v1.1

Definition at line 116 of file ssl.h.

#define MBEDTLS_SSL_MINOR_VERSION_3 3

TLS v1.2

Definition at line 117 of file ssl.h.

#define MBEDTLS_SSL_MSG_ALERT 21

Definition at line 263 of file ssl.h.

#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23

Definition at line 265 of file ssl.h.

#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20

Definition at line 262 of file ssl.h.

#define MBEDTLS_SSL_MSG_HANDSHAKE 22

Definition at line 264 of file ssl.h.

#define MBEDTLS_SSL_PRESET_DEFAULT 0

Definition at line 182 of file ssl.h.

#define MBEDTLS_SSL_PRESET_SUITEB 2

Definition at line 183 of file ssl.h.

#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16

Definition at line 163 of file ssl.h.

#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0

Definition at line 156 of file ssl.h.

#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1

Definition at line 157 of file ssl.h.

#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1

Definition at line 162 of file ssl.h.

#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1

Definition at line 154 of file ssl.h.

#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0

Definition at line 173 of file ssl.h.

#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1

Definition at line 174 of file ssl.h.

#define MBEDTLS_SSL_SIG_ANON 0

Definition at line 248 of file ssl.h.

#define MBEDTLS_SSL_SIG_ECDSA 3

Definition at line 250 of file ssl.h.

#define MBEDTLS_SSL_SIG_RSA 1

Definition at line 249 of file ssl.h.

#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1

DTLS

Definition at line 120 of file ssl.h.

Referenced by mbedtls_ssl_hdr_len(), and mbedtls_ssl_hs_hdr_len().

#define MBEDTLS_SSL_TRANSPORT_STREAM 0

TLS

Definition at line 119 of file ssl.h.

#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0

Definition at line 169 of file ssl.h.

#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1

Definition at line 170 of file ssl.h.

#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */

Definition at line 171 of file ssl.h.

#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12

Definition at line 227 of file ssl.h.

#define MBEDTLS_SSL_VERIFY_NONE 0

Definition at line 148 of file ssl.h.

#define MBEDTLS_SSL_VERIFY_OPTIONAL 1

Definition at line 149 of file ssl.h.

#define MBEDTLS_SSL_VERIFY_REQUIRED 2

Definition at line 150 of file ssl.h.

#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */

Definition at line 151 of file ssl.h.

#define MBEDTLS_TLS_EXT_ALPN 16

Definition at line 328 of file ssl.h.

#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */

Definition at line 335 of file ssl.h.

#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */

Definition at line 330 of file ssl.h.

#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */

Definition at line 331 of file ssl.h.

#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1

Definition at line 319 of file ssl.h.

#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01

Definition at line 337 of file ssl.h.

#define MBEDTLS_TLS_EXT_SERVERNAME 0

Definition at line 316 of file ssl.h.

#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0

Definition at line 317 of file ssl.h.

#define MBEDTLS_TLS_EXT_SESSION_TICKET 35

Definition at line 333 of file ssl.h.

#define MBEDTLS_TLS_EXT_SIG_ALG 13

Definition at line 326 of file ssl.h.

#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10

Definition at line 323 of file ssl.h.

#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11

Definition at line 324 of file ssl.h.

#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4

Definition at line 321 of file ssl.h.

Typedef Documentation

typedef struct mbedtls_ssl_config mbedtls_ssl_config

Definition at line 416 of file ssl.h.

typedef struct mbedtls_ssl_context mbedtls_ssl_context

Definition at line 415 of file ssl.h.

typedef int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)

Callback type: verify a cookie.

Parameters

ctx	Context for the callback
cookie	Cookie to verify
clen	Length of cookie
info	Client ID info that was passed to `mbedtls_ssl_set_client_transport_id()`
ilen	Length of info in bytes

Returns: The callback must return 0 if cookie is valid, or a negative error code.

Definition at line 1189 of file ssl.h.

typedef int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)

Callback type: generate a cookie.

Parameters

ctx	Context for the callback
p	Buffer to write to, must be updated to point right after the cookie
end	Pointer to one past the end of the output buffer
info	Client ID info that was passed to `mbedtls_ssl_set_client_transport_id()`
ilen	Length of info in bytes

Returns: The callback must return 0 on success, or a negative error code.

Definition at line 1172 of file ssl.h.

typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params

Definition at line 420 of file ssl.h.

typedef struct mbedtls_ssl_session mbedtls_ssl_session

Definition at line 414 of file ssl.h.

typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)

Callback type: parse and load session ticket.

Note: This describes what a callback implementation should do. This callback should parse a session ticket as generated by the corresponding mbedtls_ssl_ticket_write_t function, and, if the ticket is authentic and valid, load the session.; The implementation is allowed to modify the first len bytes of the input buffer, eg to use it as a temporary area for the decrypted ticket contents.

Parameters

p_ticket	Context for the callback
session	SSL session to be loaded
buf	Start of the buffer containing the ticket
len	Length of the ticket.

Returns: 0 if successful, or MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or any other non-zero code for other failures.

Definition at line 1116 of file ssl.h.

typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)

Callback type: generate and write session ticket.

Note: This describes what a callback implementation should do. This callback should generate and encrypted and authenticated ticket for the session and write it to the output buffer. Here, ticket means the opaque ticket part of the NewSessionTicket structure of RFC 5077.

Parameters

p_ticket	Context for the callback
session	SSL session to bo written in the ticket
start	Start of the outpur buffer
end	End of the output buffer
tlen	On exit, holds the length written
lifetime	On exit, holds the lifetime of the ticket in seconds

Returns: 0 if successful, or a specific MBEDTLS_ERR_XXX code.

Definition at line 1057 of file ssl.h.

typedef struct mbedtls_ssl_transform mbedtls_ssl_transform

Definition at line 419 of file ssl.h.

Enumeration Type Documentation

enum mbedtls_ssl_states

Enumerator
MBEDTLS_SSL_HELLO_REQUEST
MBEDTLS_SSL_CLIENT_HELLO
MBEDTLS_SSL_SERVER_HELLO
MBEDTLS_SSL_SERVER_CERTIFICATE
MBEDTLS_SSL_SERVER_KEY_EXCHANGE
MBEDTLS_SSL_CERTIFICATE_REQUEST
MBEDTLS_SSL_SERVER_HELLO_DONE
MBEDTLS_SSL_CLIENT_CERTIFICATE
MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
MBEDTLS_SSL_CERTIFICATE_VERIFY
MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
MBEDTLS_SSL_CLIENT_FINISHED
MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
MBEDTLS_SSL_SERVER_FINISHED
MBEDTLS_SSL_FLUSH_BUFFERS
MBEDTLS_SSL_HANDSHAKE_WRAPUP
MBEDTLS_SSL_HANDSHAKE_OVER
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT

Definition at line 389 of file ssl.h.

Function Documentation

int mbedtls_ssl_close_notify ( mbedtls_ssl_context * ssl )

Notify the peer that the connection is being closed.

Parameters

ssl	SSL context

void mbedtls_ssl_conf_authmode	(	mbedtls_ssl_config *	conf,
		int	authmode
	)

Set the certificate verification mode Default: NONE on server, REQUIRED on client.

Parameters

conf	SSL configuration
authmode	can be:

MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked (default on server) (insecure on client)

MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; mbedtls_ssl_get_verify_result() can be called after the handshake is complete.

MBEDTLS_SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed.

Note: On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at the right time(s), which may not be obvious, while REQUIRED always perform the verification as soon as possible. For example, REQUIRED was protecting against the "triple handshake" attack even before it was found.

void mbedtls_ssl_conf_ciphersuites	(	mbedtls_ssl_config *	conf,
		const int *	ciphersuites
	)

Set the list of allowed ciphersuites and the preference order.

First in the list has the highest preference. (Overrides all version specific lists)

The ciphersuites array is not copied, and must remain valid for the lifetime of the ssl_config.

Note: The server uses its own preferences over the preference of the client unless MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!

Parameters

conf	SSL configuration
ciphersuites	0-terminated list of allowed ciphersuites

void mbedtls_ssl_conf_ciphersuites_for_version	(	mbedtls_ssl_config *	conf,
		const int *	ciphersuites,
		int	major,
		int	minor
	)

Set the list of allowed ciphersuites and the preference order for a specific version of the protocol.

(Only useful on the server side)

The ciphersuites array is not copied, and must remain valid for the lifetime of the ssl_config.

Parameters

conf	SSL configuration
ciphersuites	0-terminated list of allowed ciphersuites
major	Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
minor	Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported)

Note: With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2

void mbedtls_ssl_conf_dbg	(	mbedtls_ssl_config *	conf,
		void()(void , int, const char , int, const char )	f_dbg,
		void *	p_dbg
	)

Set the debug callback.

The callback has the following argument: void * opaque context for the callback int debug level const char * file name int line number const char * message

Parameters

conf	SSL configuration
f_dbg	debug function
p_dbg	debug parameter

void mbedtls_ssl_conf_endpoint	(	mbedtls_ssl_config *	conf,
		int	endpoint
	)

Set the current endpoint type.

Parameters

conf	SSL configuration
endpoint	must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER

void mbedtls_ssl_conf_legacy_renegotiation	(	mbedtls_ssl_config *	conf,
		int	allow_legacy
	)

Prevent or allow legacy renegotiation.

(Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)

MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to be established even if the peer does not support secure renegotiation, but does not allow renegotiation to take place if not secure. (Interoperable and secure option)

MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations with non-upgraded peers. Allowing legacy renegotiation makes the connection vulnerable to specific man in the middle attacks. (See RFC 5746) (Most interoperable and least secure option)

MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections if peer does not support secure renegotiation. Results in interoperability issues with non-upgraded peers that do not support renegotiation altogether. (Most secure option, interoperability issues)

Parameters

conf	SSL configuration
allow_legacy	Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)

void mbedtls_ssl_conf_max_version	(	mbedtls_ssl_config *	conf,
		int	major,
		int	minor
	)

Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)

Note: This ignores ciphersuites from higher versions.; With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2

Parameters

conf	SSL configuration
major	Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
minor	Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported)

void mbedtls_ssl_conf_min_version	(	mbedtls_ssl_config *	conf,
		int	major,
		int	minor
	)

Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0)

Note: Input outside of the SSL_MAX_XXXXX_VERSION and SSL_MIN_XXXXX_VERSION range is ignored.; MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.; With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2

Parameters

conf	SSL configuration
major	Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
minor	Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_MINOR_VERSION_3 supported)

void mbedtls_ssl_conf_read_timeout	(	mbedtls_ssl_config *	conf,
		uint32_t	timeout
	)

Set the timeout period for mbedtls_ssl_read() (Default: no timeout.)

Parameters

conf	SSL configuration context
timeout	Timeout value in milliseconds. Use 0 for no timeout (default).

Note: With blocking I/O, this will only work if a non-NULL f_recv_timeout was set with mbedtls_ssl_set_bio(). With non-blocking I/O, this will only work if timer callbacks were set with mbedtls_ssl_set_timer_cb().; With non-blocking I/O, you may also skip this function altogether and handle timeouts at the application layer.

void mbedtls_ssl_conf_rng	(	mbedtls_ssl_config *	conf,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Set the random number generator callback.

Parameters

conf	SSL configuration
f_rng	RNG function
p_rng	RNG parameter

void mbedtls_ssl_conf_transport	(	mbedtls_ssl_config *	conf,
		int	transport
	)

Set the transport type (TLS or DTLS).

Default: TLS

Note: For DTLS, you must either provide a recv callback that doesn't block, or one that handles timeouts, see mbedtls_ssl_set_bio(). You also need to provide timer callbacks with mbedtls_ssl_set_timer_cb().

Parameters

conf	SSL configuration
transport	transport type: MBEDTLS_SSL_TRANSPORT_STREAM for TLS, MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.

int mbedtls_ssl_config_defaults	(	mbedtls_ssl_config *	conf,
		int	endpoint,
		int	transport,
		int	preset
	)

Load reasonnable default SSL configuration values.

(You need to call mbedtls_ssl_config_init() first.)

Parameters

conf	SSL configuration context
endpoint	MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
transport	MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
preset	a MBEDTLS_SSL_PRESET_XXX value (currently unused).

Note: See mbedtls_ssl_conf_transport() for notes on DTLS.

Returns: 0 if successful, or MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.

void mbedtls_ssl_config_free ( mbedtls_ssl_config * conf )

Free an SSL configuration context.

Parameters

conf	SSL configuration context

void mbedtls_ssl_config_init ( mbedtls_ssl_config * conf )

Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().

Note: You need to call mbedtls_ssl_config_defaults() unless you manually set all of the relevent fields yourself.

Parameters

conf	SSL configuration context

void mbedtls_ssl_free ( mbedtls_ssl_context * ssl )

Free referenced items in an SSL context and clear memory.

Parameters

ssl	SSL context

size_t mbedtls_ssl_get_bytes_avail ( const mbedtls_ssl_context * ssl )

Return the number of data bytes available to read.

Parameters

ssl	SSL context

Returns: how many bytes are available in the read buffer

const char* mbedtls_ssl_get_ciphersuite ( const mbedtls_ssl_context * ssl )

Return the name of the current ciphersuite.

Parameters

ssl	SSL context

Returns: a string containing the ciphersuite name

int mbedtls_ssl_get_ciphersuite_id ( const char * ciphersuite_name )

Return the ID of the ciphersuite associated with the given name.

Parameters

ciphersuite_name SSL ciphersuite name

Returns: the ID with the ciphersuite or 0 if not found

const char* mbedtls_ssl_get_ciphersuite_name ( const int ciphersuite_id )

Return the name of the ciphersuite associated with the given ID.

Parameters

ciphersuite_id SSL ciphersuite ID

Returns: a string containing the ciphersuite name

int mbedtls_ssl_get_record_expansion ( const mbedtls_ssl_context * ssl )

Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc.

padding)

Parameters

ssl	SSL context

Returns: Current maximum record expansion in bytes, or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is enabled, which makes expansion much less predictable

uint32_t mbedtls_ssl_get_verify_result ( const mbedtls_ssl_context * ssl )

Return the result of the certificate verification.

Parameters

ssl	SSL context

Returns: 0 if successful, -1 if result is not available (eg because the handshake was aborted too early), or a combination of BADCERT_xxx and BADCRL_xxx flags, see x509.h

const char* mbedtls_ssl_get_version ( const mbedtls_ssl_context * ssl )

Return the current SSL version (SSLv3/TLSv1/etc)

Parameters

ssl	SSL context

Returns: a string containing the SSL version

int mbedtls_ssl_handshake ( mbedtls_ssl_context * ssl )

Perform the SSL handshake.

Parameters

ssl	SSL context

Returns: 0 if successful, or MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or a specific SSL error code.

Note: If this function returns something other than 0 or MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context becomes unusable, and you should either free it or call mbedtls_ssl_session_reset() on it before re-using it.; If DTLS is in use, then you may choose to handle MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging purposes, as it is an expected return value rather than an actual error, but you still need to reset/free the context.

int mbedtls_ssl_handshake_step ( mbedtls_ssl_context * ssl )

Perform a single step of the SSL handshake.

Note: The state of the context (ssl->state) will be at the following state after execution of this function. Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.

Parameters

ssl	SSL context

Returns: 0 if successful, or MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or a specific SSL error code.

void mbedtls_ssl_init ( mbedtls_ssl_context * ssl )

Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free()

Parameters

ssl	SSL context

const int* mbedtls_ssl_list_ciphersuites ( void )

Returns the list of ciphersuites supported by the SSL/TLS module.

Returns: a statically allocated array of ciphersuites, the last entry is 0.

int mbedtls_ssl_read	(	mbedtls_ssl_context *	ssl,
		unsigned char *	buf,
		size_t	len
	)

Read at most 'len' application data bytes.

Parameters

ssl	SSL context
buf	buffer that will hold the data
len	maximum number of bytes to read

Returns: the number of bytes read, or 0 for EOF, or MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or another negative error code.

Note: When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT (which can only happen server-side), it means that a client is initiating a new connection using the same source port. You can either treat that as a connection close and wait for the client to resend a ClientHello, or directly continue with mbedtls_ssl_handshake() with the same context (as it has beeen reset internally). Either way, you should make sure this is seen by the application as a new connection: application state, if any, should be reset, and most importantly the identity of the client must be checked again. WARNING: not validating the identity of the client again, or not transmitting the new identity to the application layer, would allow authentication bypass!

int mbedtls_ssl_send_alert_message	(	mbedtls_ssl_context *	ssl,
		unsigned char	level,
		unsigned char	message
	)

Send an alert message.

Parameters

ssl	SSL context
level	The alert level of the message (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
message	The alert message (SSL_ALERT_MSG_*)

Returns: 0 if successful, or a specific SSL error code.

void mbedtls_ssl_session_free ( mbedtls_ssl_session * session )

Free referenced items in an SSL session including the peer certificate and clear memory.

Parameters

session SSL session

void mbedtls_ssl_session_init ( mbedtls_ssl_session * session )

Initialize SSL session structure.

Parameters

session SSL session

int mbedtls_ssl_session_reset ( mbedtls_ssl_context * ssl )

Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.

Parameters

ssl	SSL context

Returns: 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED, MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or MBEDTLS_ERR_SSL_COMPRESSION_FAILED

void mbedtls_ssl_set_bio	(	mbedtls_ssl_context *	ssl,
		void *	p_bio,
		int()(void , const unsigned char *, size_t)	f_send,
		int()(void , unsigned char *, size_t)	f_recv,
		int()(void , unsigned char *, size_t, uint32_t)	f_recv_timeout
	)

Set the underlying BIO callbacks for write, read and read-with-timeout.

Parameters

ssl	SSL context
p_bio	parameter (context) shared by BIO callbacks
f_send	write callback
f_recv	read callback
f_recv_timeout	blocking read callback with timeout. The last argument is the timeout in milliseconds, 0 means no timeout (block forever until a message comes)

Note

One of f_recv or f_recv_timeout can be NULL, in which case the other is used. If both are non-NULL, f_recv_timeout is used and f_recv is ignored (as if it were NULL).

The two most common use cases are:

non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
blocking I/O, f_recv == NULL, f_recv_timout != NULL

For DTLS, you need to provide either a non-NULL f_recv_timeout callback, or a f_recv that doesn't block.

void mbedtls_ssl_set_timer_cb	(	mbedtls_ssl_context *	ssl,
		void *	p_timer,
		void()(void , uint32_t int_ms, uint32_t fin_ms)	f_set_timer,
		int()(void )	f_get_timer
	)

Set the timer callbacks (Mandatory for DTLS.)

Parameters

ssl	SSL context
p_timer	parameter (context) shared by timer callback
f_set_timer	set timer callback Accepts an intermediate and a final delay in milliseconcs If the final delay is 0, cancels the running timer.
f_get_timer	get timer callback. Must return: -1 if cancelled 0 if none of the delays is expired 1 if the intermediate delay only is expired 2 if the final delay is expired

int mbedtls_ssl_setup	(	mbedtls_ssl_context *	ssl,
		const mbedtls_ssl_config *	conf
	)

Set up an SSL context for use.

Note: No copy of the configuration context is made, it can be shared by many mbedtls_ssl_context structures.

Warning: Modifying the conf structure after is has been used in this function is unsupported!

Parameters

ssl	SSL context
conf	SSL configuration to use

Returns: 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed

int mbedtls_ssl_write	(	mbedtls_ssl_context *	ssl,
		const unsigned char *	buf,
		size_t	len
	)

Try to write exactly 'len' application data bytes.

Warning: This function will do partial writes in some cases. If the return value is non-negative but less than length, the function must be called again with updated arguments: buf + ret, len - ret (if ret is the return value) until it returns a value equal to the last 'len' argument.

Parameters

ssl	SSL context
buf	buffer holding the data
len	how many bytes must be written

Returns: the number of bytes actually written (may be less than len), or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ, or another negative error code.

Note

When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, it must be called later with the same arguments, until it returns a positive value.

If the requested length is greater than the maximum fragment length (either the built-in limit or the one set or negotiated with the peer), then:

with TLS, less bytes than requested are written.
with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. mbedtls_ssl_get_max_frag_len() may be used to query the active maximum fragment length.

Enumerations
enum	mbedtls_ssl_states { MBEDTLS_SSL_HELLO_REQUEST, MBEDTLS_SSL_CLIENT_HELLO, MBEDTLS_SSL_SERVER_HELLO, MBEDTLS_SSL_SERVER_CERTIFICATE, MBEDTLS_SSL_SERVER_KEY_EXCHANGE, MBEDTLS_SSL_CERTIFICATE_REQUEST, MBEDTLS_SSL_SERVER_HELLO_DONE, MBEDTLS_SSL_CLIENT_CERTIFICATE, MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, MBEDTLS_SSL_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, MBEDTLS_SSL_CLIENT_FINISHED, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, MBEDTLS_SSL_SERVER_FINISHED, MBEDTLS_SSL_FLUSH_BUFFERS, MBEDTLS_SSL_HANDSHAKE_WRAPUP, MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT }

Detailed Description

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation