23 #ifndef MBEDTLS_SSL_INTERNAL_H
24 #define MBEDTLS_SSL_INTERNAL_H
28 #if defined(MBEDTLS_MD5_C)
32 #if defined(MBEDTLS_SHA1_C)
36 #if defined(MBEDTLS_SHA256_C)
40 #if defined(MBEDTLS_SHA512_C)
44 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
48 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
49 !defined(inline) && !defined(__cplusplus)
50 #define inline __inline
54 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
56 #if defined(MBEDTLS_SSL_PROTO_SSL3)
57 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
59 #if defined(MBEDTLS_SSL_PROTO_TLS1)
60 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
62 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
63 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
65 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
66 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
73 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
75 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
76 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
78 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
79 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
81 #if defined(MBEDTLS_SSL_PROTO_TLS1)
82 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
84 #if defined(MBEDTLS_SSL_PROTO_SSL3)
85 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
91 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
92 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1
93 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2
94 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3
104 #define MBEDTLS_SSL_RETRANS_PREPARING 0
105 #define MBEDTLS_SSL_RETRANS_SENDING 1
106 #define MBEDTLS_SSL_RETRANS_WAITING 2
107 #define MBEDTLS_SSL_RETRANS_FINISHED 3
115 #if defined(MBEDTLS_ZLIB_SUPPORT)
116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
118 #define MBEDTLS_SSL_COMPRESSION_ADD 0
121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
123 #if defined(MBEDTLS_SHA512_C)
124 #define MBEDTLS_SSL_MAC_ADD 48
125 #elif defined(MBEDTLS_SHA256_C)
126 #define MBEDTLS_SSL_MAC_ADD 32
128 #define MBEDTLS_SSL_MAC_ADD 20
132 #define MBEDTLS_SSL_MAC_ADD 16
135 #if defined(MBEDTLS_CIPHER_MODE_CBC)
136 #define MBEDTLS_SSL_PADDING_ADD 256
138 #define MBEDTLS_SSL_PADDING_ADD 0
141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
142 + MBEDTLS_SSL_COMPRESSION_ADD \
144 + MBEDTLS_SSL_MAC_ADD \
145 + MBEDTLS_SSL_PADDING_ADD \
153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
171 #if defined(MBEDTLS_DHM_C)
174 #if defined(MBEDTLS_ECDH_C)
177 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
179 #if defined(MBEDTLS_SSL_CLI_C)
180 unsigned char *ecjpake_cache;
181 size_t ecjpake_cache_len;
184 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
185 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
188 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
192 #if defined(MBEDTLS_X509_CRT_PARSE_C)
193 mbedtls_ssl_key_cert *key_cert;
194 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
196 mbedtls_ssl_key_cert *sni_key_cert;
201 #if defined(MBEDTLS_SSL_PROTO_DTLS)
202 unsigned int out_msg_seq;
203 unsigned int in_msg_seq;
205 unsigned char *verify_cookie;
207 unsigned char verify_cookie_len;
210 unsigned char *hs_msg;
212 uint32_t retransmit_timeout;
213 unsigned char retransmit_state;
214 mbedtls_ssl_flight_item *flight;
215 mbedtls_ssl_flight_item *cur_msg;
216 unsigned int in_flight_start_seq;
220 unsigned char alt_out_ctr[8];
227 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
228 defined(MBEDTLS_SSL_PROTO_TLS1_1)
232 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
233 #if defined(MBEDTLS_SHA256_C)
236 #if defined(MBEDTLS_SHA512_C)
244 int (*
tls_prf)(
const unsigned char *, size_t,
const char *,
245 const unsigned char *, size_t,
246 unsigned char *, size_t);
259 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
260 int new_session_ticket;
262 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
287 #if defined(MBEDTLS_SSL_PROTO_SSL3)
289 unsigned char mac_enc[20];
290 unsigned char mac_dec[20];
302 #if defined(MBEDTLS_ZLIB_SUPPORT)
303 z_stream ctx_deflate;
304 z_stream ctx_inflate;
308 #if defined(MBEDTLS_X509_CRT_PARSE_C)
312 struct mbedtls_ssl_key_cert
316 mbedtls_ssl_key_cert *next;
320 #if defined(MBEDTLS_SSL_PROTO_DTLS)
324 struct mbedtls_ssl_flight_item
329 mbedtls_ssl_flight_item *next;
377 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
381 #if defined(MBEDTLS_PK_C)
389 #if defined(MBEDTLS_ECP_C)
393 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
398 #if defined(MBEDTLS_X509_CRT_PARSE_C)
401 mbedtls_ssl_key_cert *key_cert;
406 key_cert = ssl->
conf->key_cert;
408 return( key_cert == NULL ? NULL : key_cert->key );
413 mbedtls_ssl_key_cert *key_cert;
418 key_cert = ssl->
conf->key_cert;
420 return( key_cert == NULL ? NULL : key_cert->cert );
439 unsigned char ver[2] );
441 const unsigned char ver[2] );
445 #if defined(MBEDTLS_SSL_PROTO_DTLS)
456 #if defined(MBEDTLS_SSL_PROTO_DTLS)
465 #if defined(MBEDTLS_SSL_PROTO_DTLS)
472 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
481 const unsigned char *A = (
const unsigned char *) a;
482 const unsigned char *B = (
const unsigned char *) b;
483 unsigned char diff = 0;
485 for( i = 0; i < n; i++ )
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
unsigned char randbytes[64]
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
Certificate revocation list structure.
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
mbedtls_pk_type_t
Public key types.
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Curve information for use by other modules.
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
Generic message digest context.
void mbedtls_ssl_handshake_free(mbedtls_ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl)
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
SHA-512 context structure.
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
mbedtls_ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
const mbedtls_ssl_config * conf
SHA-256 context structure.
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
This structure is used for storing ciphersuite information.
#define MBEDTLS_PREMASTER_SIZE
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
SHA-1 cryptographic hash function.
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl)
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
Container for an X.509 certificate.
SHA-384 and SHA-512 cryptographic hash function.
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
EC J-PAKE context structure.
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
MD5 message digest algorithm (hash function)
SHA-224 and SHA-256 cryptographic hash function.
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)