ON Semiconductor
/
mbed-os
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: mbed-TFT-example-NCS36510 mbed-Accelerometer-example-NCS36510 mbed-Accelerometer-example-NCS36510
Embed:
(wiki syntax)
Show/hide line numbers
ssl_internal.h
00001 /** 00002 * \file ssl_ticket.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_SSL_INTERNAL_H 00024 #define MBEDTLS_SSL_INTERNAL_H 00025 00026 #include "ssl.h" 00027 00028 #if defined(MBEDTLS_MD5_C) 00029 #include "md5.h" 00030 #endif 00031 00032 #if defined(MBEDTLS_SHA1_C) 00033 #include "sha1.h" 00034 #endif 00035 00036 #if defined(MBEDTLS_SHA256_C) 00037 #include "sha256.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_SHA512_C) 00041 #include "sha512.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00045 #include "ecjpake.h" 00046 #endif 00047 00048 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00049 !defined(inline) && !defined(__cplusplus) 00050 #define inline __inline 00051 #endif 00052 00053 /* Determine minimum supported version */ 00054 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00055 00056 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00057 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00058 #else 00059 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00060 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00061 #else 00062 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00063 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00064 #else 00065 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00066 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00067 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00068 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00070 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00071 00072 /* Determine maximum supported version */ 00073 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00074 00075 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00076 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00077 #else 00078 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00079 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00080 #else 00081 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00082 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00083 #else 00084 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00085 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00086 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00087 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00088 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00089 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00090 00091 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00092 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00093 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00094 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00095 00096 /* 00097 * DTLS retransmission states, see RFC 6347 4.2.4 00098 * 00099 * The SENDING state is merged in PREPARING for initial sends, 00100 * but is distinct for resends. 00101 * 00102 * Note: initial state is wrong for server, but is not used anyway. 00103 */ 00104 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00105 #define MBEDTLS_SSL_RETRANS_SENDING 1 00106 #define MBEDTLS_SSL_RETRANS_WAITING 2 00107 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00108 00109 /* 00110 * Allow extra bytes for record, authentication and encryption overhead: 00111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00112 * and allow for a maximum of 1024 of compression expansion if 00113 * enabled. 00114 */ 00115 #if defined(MBEDTLS_ZLIB_SUPPORT) 00116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00117 #else 00118 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00119 #endif 00120 00121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00122 /* Ciphersuites using HMAC */ 00123 #if defined(MBEDTLS_SHA512_C) 00124 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00125 #elif defined(MBEDTLS_SHA256_C) 00126 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00127 #else 00128 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00129 #endif 00130 #else 00131 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00132 #define MBEDTLS_SSL_MAC_ADD 16 00133 #endif 00134 00135 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00136 #define MBEDTLS_SSL_PADDING_ADD 256 00137 #else 00138 #define MBEDTLS_SSL_PADDING_ADD 0 00139 #endif 00140 00141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00142 + MBEDTLS_SSL_COMPRESSION_ADD \ 00143 + 29 /* counter + header + IV */ \ 00144 + MBEDTLS_SSL_MAC_ADD \ 00145 + MBEDTLS_SSL_PADDING_ADD \ 00146 ) 00147 00148 /* 00149 * TLS extension flags (for extensions with outgoing ServerHello content 00150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00151 * of state of the renegotiation flag, so no indicator is required) 00152 */ 00153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00155 00156 #ifdef __cplusplus 00157 extern "C" { 00158 #endif 00159 00160 /* 00161 * This structure contains the parameters only needed during handshake. 00162 */ 00163 struct mbedtls_ssl_handshake_params 00164 { 00165 /* 00166 * Handshake specific crypto variables 00167 */ 00168 int sig_alg; /*!< Hash algorithm for signature */ 00169 int verify_sig_alg; /*!< Signature algorithm for verify */ 00170 #if defined(MBEDTLS_DHM_C) 00171 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00172 #endif 00173 #if defined(MBEDTLS_ECDH_C) 00174 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00175 #endif 00176 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00177 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00178 #if defined(MBEDTLS_SSL_CLI_C) 00179 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00180 size_t ecjpake_cache_len; /*!< Length of cached data */ 00181 #endif 00182 #endif 00183 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00184 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00185 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00186 #endif 00187 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00188 unsigned char *psk; /*!< PSK from the callback */ 00189 size_t psk_len; /*!< Length of PSK from callback */ 00190 #endif 00191 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00192 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00193 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00194 int sni_authmode; /*!< authmode from SNI callback */ 00195 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00196 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00197 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00198 #endif 00199 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00200 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00201 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00202 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00203 00204 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00205 Srv: unused */ 00206 unsigned char verify_cookie_len; /*!< Cli: cookie length 00207 Srv: flag for sending a cookie */ 00208 00209 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00210 00211 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00212 unsigned char retransmit_state; /*!< Retransmission state */ 00213 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00214 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00215 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00216 flight being received */ 00217 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00218 resending messages */ 00219 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00220 for resending messages */ 00221 #endif 00222 00223 /* 00224 * Checksum contexts 00225 */ 00226 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00227 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00228 mbedtls_md5_context fin_md5; 00229 mbedtls_sha1_context fin_sha1; 00230 #endif 00231 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00232 #if defined(MBEDTLS_SHA256_C) 00233 mbedtls_sha256_context fin_sha256; 00234 #endif 00235 #if defined(MBEDTLS_SHA512_C) 00236 mbedtls_sha512_context fin_sha512; 00237 #endif 00238 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00239 00240 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00241 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00242 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00243 int (*tls_prf)(const unsigned char *, size_t, const char *, 00244 const unsigned char *, size_t, 00245 unsigned char *, size_t); 00246 00247 size_t pmslen; /*!< premaster length */ 00248 00249 unsigned char randbytes[64]; /*!< random bytes */ 00250 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00251 /*!< premaster secret */ 00252 00253 int resume; /*!< session resume indicator*/ 00254 int max_major_ver; /*!< max. major version client*/ 00255 int max_minor_ver; /*!< max. minor version client*/ 00256 int cli_exts; /*!< client extension presence*/ 00257 00258 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00259 int new_session_ticket; /*!< use NewSessionTicket? */ 00260 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00261 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00262 int extended_ms; /*!< use Extended Master Secret? */ 00263 #endif 00264 }; 00265 00266 /* 00267 * This structure contains a full set of runtime transform parameters 00268 * either in negotiation or active. 00269 */ 00270 struct mbedtls_ssl_transform 00271 { 00272 /* 00273 * Session specific crypto layer 00274 */ 00275 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00276 /*!< Chosen cipersuite_info */ 00277 unsigned int keylen; /*!< symmetric key length (bytes) */ 00278 size_t minlen; /*!< min. ciphertext length */ 00279 size_t ivlen; /*!< IV length */ 00280 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00281 size_t maclen; /*!< MAC length */ 00282 00283 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00284 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00285 00286 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00287 /* Needed only for SSL v3.0 secret */ 00288 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00289 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00290 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00291 00292 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00293 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00294 00295 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00296 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00297 00298 /* 00299 * Session specific compression layer 00300 */ 00301 #if defined(MBEDTLS_ZLIB_SUPPORT) 00302 z_stream ctx_deflate; /*!< compression context */ 00303 z_stream ctx_inflate; /*!< decompression context */ 00304 #endif 00305 }; 00306 00307 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00308 /* 00309 * List of certificate + private key pairs 00310 */ 00311 struct mbedtls_ssl_key_cert 00312 { 00313 mbedtls_x509_crt *cert; /*!< cert */ 00314 mbedtls_pk_context *key; /*!< private key */ 00315 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00316 }; 00317 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00318 00319 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00320 /* 00321 * List of handshake messages kept around for resending 00322 */ 00323 struct mbedtls_ssl_flight_item 00324 { 00325 unsigned char *p; /*!< message, including handshake headers */ 00326 size_t len; /*!< length of p */ 00327 unsigned char type; /*!< type of the message: handshake or CCS */ 00328 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00329 }; 00330 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00331 00332 00333 /** 00334 * \brief Free referenced items in an SSL transform context and clear 00335 * memory 00336 * 00337 * \param transform SSL transform context 00338 */ 00339 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00340 00341 /** 00342 * \brief Free referenced items in an SSL handshake context and clear 00343 * memory 00344 * 00345 * \param handshake SSL handshake context 00346 */ 00347 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00348 00349 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00350 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00351 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00352 00353 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00354 00355 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00356 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00357 00358 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ); 00359 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); 00360 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); 00361 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); 00362 00363 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00364 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00365 00366 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00367 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00368 00369 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00370 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00371 00372 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00373 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00374 00375 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00376 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00377 00378 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00379 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00380 00381 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00382 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00383 #endif 00384 00385 #if defined(MBEDTLS_PK_C) 00386 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00387 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00388 #endif 00389 00390 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00391 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00392 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); 00393 00394 #if defined(MBEDTLS_ECP_C) 00395 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00396 #endif 00397 00398 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00399 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00400 mbedtls_md_type_t md ); 00401 #endif 00402 00403 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00404 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00405 { 00406 mbedtls_ssl_key_cert *key_cert; 00407 00408 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00409 key_cert = ssl->handshake->key_cert; 00410 else 00411 key_cert = ssl->conf->key_cert; 00412 00413 return( key_cert == NULL ? NULL : key_cert->key ); 00414 } 00415 00416 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00417 { 00418 mbedtls_ssl_key_cert *key_cert; 00419 00420 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00421 key_cert = ssl->handshake->key_cert; 00422 else 00423 key_cert = ssl->conf->key_cert; 00424 00425 return( key_cert == NULL ? NULL : key_cert->cert ); 00426 } 00427 00428 /* 00429 * Check usage of a certificate wrt extensions: 00430 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00431 * 00432 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00433 * check a cert we received from them)! 00434 * 00435 * Return 0 if everything is OK, -1 if not. 00436 */ 00437 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00438 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00439 int cert_endpoint, 00440 uint32_t *flags ); 00441 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00442 00443 void mbedtls_ssl_write_version( int major, int minor, int transport, 00444 unsigned char ver[2] ); 00445 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00446 const unsigned char ver[2] ); 00447 00448 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00449 { 00450 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00451 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00452 return( 13 ); 00453 #else 00454 ((void) ssl); 00455 #endif 00456 return( 5 ); 00457 } 00458 00459 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00460 { 00461 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00462 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00463 return( 12 ); 00464 #else 00465 ((void) ssl); 00466 #endif 00467 return( 4 ); 00468 } 00469 00470 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00471 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00472 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00473 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00474 #endif 00475 00476 /* Visible for testing purposes only */ 00477 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00478 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00479 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00480 #endif 00481 00482 /* constant-time buffer comparison */ 00483 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00484 { 00485 size_t i; 00486 const unsigned char *A = (const unsigned char *) a; 00487 const unsigned char *B = (const unsigned char *) b; 00488 unsigned char diff = 0; 00489 00490 for( i = 0; i < n; i++ ) 00491 diff |= A[i] ^ B[i]; 00492 00493 return( diff ); 00494 } 00495 00496 #ifdef __cplusplus 00497 } 00498 #endif 00499 00500 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 11:02:53 by
1.7.2