sandbox
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
mbedtls
by 
Christopher Haster
Embed:
(wiki syntax)
Show/hide line numbers
ssl_internal.h
00001 /** 00002 * \file ssl_ticket.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_SSL_INTERNAL_H 00024 #define MBEDTLS_SSL_INTERNAL_H 00025 00026 #include "ssl.h" 00027 00028 #if defined(MBEDTLS_MD5_C) 00029 #include "md5.h" 00030 #endif 00031 00032 #if defined(MBEDTLS_SHA1_C) 00033 #include "sha1.h" 00034 #endif 00035 00036 #if defined(MBEDTLS_SHA256_C) 00037 #include "sha256.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_SHA512_C) 00041 #include "sha512.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00045 #include "ecjpake.h" 00046 #endif 00047 00048 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00049 !defined(inline) && !defined(__cplusplus) 00050 #define inline __inline 00051 #endif 00052 00053 /* Determine minimum supported version */ 00054 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00055 00056 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00057 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00058 #else 00059 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00060 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00061 #else 00062 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00063 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00064 #else 00065 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00066 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00067 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00068 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00070 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00071 00072 /* Determine maximum supported version */ 00073 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00074 00075 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00076 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00077 #else 00078 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00079 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00080 #else 00081 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00082 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00083 #else 00084 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00085 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00086 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00087 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00088 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00089 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00090 00091 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00092 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00093 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00094 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00095 00096 /* 00097 * DTLS retransmission states, see RFC 6347 4.2.4 00098 * 00099 * The SENDING state is merged in PREPARING for initial sends, 00100 * but is distinct for resends. 00101 * 00102 * Note: initial state is wrong for server, but is not used anyway. 00103 */ 00104 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00105 #define MBEDTLS_SSL_RETRANS_SENDING 1 00106 #define MBEDTLS_SSL_RETRANS_WAITING 2 00107 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00108 00109 /* 00110 * Allow extra bytes for record, authentication and encryption overhead: 00111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00112 * and allow for a maximum of 1024 of compression expansion if 00113 * enabled. 00114 */ 00115 #if defined(MBEDTLS_ZLIB_SUPPORT) 00116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00117 #else 00118 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00119 #endif 00120 00121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00122 /* Ciphersuites using HMAC */ 00123 #if defined(MBEDTLS_SHA512_C) 00124 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00125 #elif defined(MBEDTLS_SHA256_C) 00126 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00127 #else 00128 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00129 #endif 00130 #else 00131 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00132 #define MBEDTLS_SSL_MAC_ADD 16 00133 #endif 00134 00135 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00136 #define MBEDTLS_SSL_PADDING_ADD 256 00137 #else 00138 #define MBEDTLS_SSL_PADDING_ADD 0 00139 #endif 00140 00141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00142 + MBEDTLS_SSL_COMPRESSION_ADD \ 00143 + 29 /* counter + header + IV */ \ 00144 + MBEDTLS_SSL_MAC_ADD \ 00145 + MBEDTLS_SSL_PADDING_ADD \ 00146 ) 00147 00148 /* 00149 * TLS extension flags (for extensions with outgoing ServerHello content 00150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00151 * of state of the renegotiation flag, so no indicator is required) 00152 */ 00153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00155 00156 #ifdef __cplusplus 00157 extern "C" { 00158 #endif 00159 00160 /* 00161 * This structure contains the parameters only needed during handshake. 00162 */ 00163 struct mbedtls_ssl_handshake_params 00164 { 00165 /* 00166 * Handshake specific crypto variables 00167 */ 00168 int sig_alg; /*!< Hash algorithm for signature */ 00169 int cert_type; /*!< Requested cert type */ 00170 int verify_sig_alg; /*!< Signature algorithm for verify */ 00171 #if defined(MBEDTLS_DHM_C) 00172 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00173 #endif 00174 #if defined(MBEDTLS_ECDH_C) 00175 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00176 #endif 00177 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00178 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00179 #if defined(MBEDTLS_SSL_CLI_C) 00180 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00181 size_t ecjpake_cache_len; /*!< Length of cached data */ 00182 #endif 00183 #endif 00184 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00185 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00186 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00187 #endif 00188 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00189 unsigned char *psk; /*!< PSK from the callback */ 00190 size_t psk_len; /*!< Length of PSK from callback */ 00191 #endif 00192 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00193 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00194 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00195 int sni_authmode; /*!< authmode from SNI callback */ 00196 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00197 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00198 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00199 #endif 00200 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00201 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00202 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00203 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00204 00205 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00206 Srv: unused */ 00207 unsigned char verify_cookie_len; /*!< Cli: cookie length 00208 Srv: flag for sending a cookie */ 00209 00210 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00211 00212 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00213 unsigned char retransmit_state; /*!< Retransmission state */ 00214 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00215 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00216 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00217 flight being received */ 00218 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00219 resending messages */ 00220 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00221 for resending messages */ 00222 #endif 00223 00224 /* 00225 * Checksum contexts 00226 */ 00227 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00228 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00229 mbedtls_md5_context fin_md5; 00230 mbedtls_sha1_context fin_sha1; 00231 #endif 00232 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00233 #if defined(MBEDTLS_SHA256_C) 00234 mbedtls_sha256_context fin_sha256; 00235 #endif 00236 #if defined(MBEDTLS_SHA512_C) 00237 mbedtls_sha512_context fin_sha512; 00238 #endif 00239 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00240 00241 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00242 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00243 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00244 int (*tls_prf)(const unsigned char *, size_t, const char *, 00245 const unsigned char *, size_t, 00246 unsigned char *, size_t); 00247 00248 size_t pmslen; /*!< premaster length */ 00249 00250 unsigned char randbytes[64]; /*!< random bytes */ 00251 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00252 /*!< premaster secret */ 00253 00254 int resume; /*!< session resume indicator*/ 00255 int max_major_ver; /*!< max. major version client*/ 00256 int max_minor_ver; /*!< max. minor version client*/ 00257 int cli_exts; /*!< client extension presence*/ 00258 00259 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00260 int new_session_ticket; /*!< use NewSessionTicket? */ 00261 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00262 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00263 int extended_ms; /*!< use Extended Master Secret? */ 00264 #endif 00265 }; 00266 00267 /* 00268 * This structure contains a full set of runtime transform parameters 00269 * either in negotiation or active. 00270 */ 00271 struct mbedtls_ssl_transform 00272 { 00273 /* 00274 * Session specific crypto layer 00275 */ 00276 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00277 /*!< Chosen cipersuite_info */ 00278 unsigned int keylen; /*!< symmetric key length (bytes) */ 00279 size_t minlen; /*!< min. ciphertext length */ 00280 size_t ivlen; /*!< IV length */ 00281 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00282 size_t maclen; /*!< MAC length */ 00283 00284 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00285 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00286 00287 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00288 /* Needed only for SSL v3.0 secret */ 00289 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00290 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00291 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00292 00293 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00294 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00295 00296 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00297 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00298 00299 /* 00300 * Session specific compression layer 00301 */ 00302 #if defined(MBEDTLS_ZLIB_SUPPORT) 00303 z_stream ctx_deflate; /*!< compression context */ 00304 z_stream ctx_inflate; /*!< decompression context */ 00305 #endif 00306 }; 00307 00308 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00309 /* 00310 * List of certificate + private key pairs 00311 */ 00312 struct mbedtls_ssl_key_cert 00313 { 00314 mbedtls_x509_crt *cert; /*!< cert */ 00315 mbedtls_pk_context *key; /*!< private key */ 00316 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00317 }; 00318 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00319 00320 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00321 /* 00322 * List of handshake messages kept around for resending 00323 */ 00324 struct mbedtls_ssl_flight_item 00325 { 00326 unsigned char *p; /*!< message, including handshake headers */ 00327 size_t len; /*!< length of p */ 00328 unsigned char type; /*!< type of the message: handshake or CCS */ 00329 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00330 }; 00331 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00332 00333 00334 /** 00335 * \brief Free referenced items in an SSL transform context and clear 00336 * memory 00337 * 00338 * \param transform SSL transform context 00339 */ 00340 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00341 00342 /** 00343 * \brief Free referenced items in an SSL handshake context and clear 00344 * memory 00345 * 00346 * \param handshake SSL handshake context 00347 */ 00348 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00349 00350 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00351 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00352 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00353 00354 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00355 00356 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00357 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00358 00359 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00360 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00361 00362 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00363 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00364 00365 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00366 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00367 00368 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00369 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00370 00371 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00372 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00373 00374 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00375 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00376 00377 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00378 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00379 #endif 00380 00381 #if defined(MBEDTLS_PK_C) 00382 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00383 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00384 #endif 00385 00386 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00387 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00388 00389 #if defined(MBEDTLS_ECP_C) 00390 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00391 #endif 00392 00393 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00394 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00395 mbedtls_md_type_t md ); 00396 #endif 00397 00398 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00399 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00400 { 00401 mbedtls_ssl_key_cert *key_cert; 00402 00403 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00404 key_cert = ssl->handshake->key_cert; 00405 else 00406 key_cert = ssl->conf->key_cert; 00407 00408 return( key_cert == NULL ? NULL : key_cert->key ); 00409 } 00410 00411 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00412 { 00413 mbedtls_ssl_key_cert *key_cert; 00414 00415 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00416 key_cert = ssl->handshake->key_cert; 00417 else 00418 key_cert = ssl->conf->key_cert; 00419 00420 return( key_cert == NULL ? NULL : key_cert->cert ); 00421 } 00422 00423 /* 00424 * Check usage of a certificate wrt extensions: 00425 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00426 * 00427 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00428 * check a cert we received from them)! 00429 * 00430 * Return 0 if everything is OK, -1 if not. 00431 */ 00432 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00433 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00434 int cert_endpoint, 00435 uint32_t *flags ); 00436 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00437 00438 void mbedtls_ssl_write_version( int major, int minor, int transport, 00439 unsigned char ver[2] ); 00440 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00441 const unsigned char ver[2] ); 00442 00443 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00444 { 00445 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00446 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00447 return( 13 ); 00448 #else 00449 ((void) ssl); 00450 #endif 00451 return( 5 ); 00452 } 00453 00454 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00455 { 00456 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00457 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00458 return( 12 ); 00459 #else 00460 ((void) ssl); 00461 #endif 00462 return( 4 ); 00463 } 00464 00465 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00466 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00467 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00468 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00469 #endif 00470 00471 /* Visible for testing purposes only */ 00472 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00473 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00474 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00475 #endif 00476 00477 /* constant-time buffer comparison */ 00478 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00479 { 00480 size_t i; 00481 const unsigned char *A = (const unsigned char *) a; 00482 const unsigned char *B = (const unsigned char *) b; 00483 unsigned char diff = 0; 00484 00485 for( i = 0; i < n; i++ ) 00486 diff |= A[i] ^ B[i]; 00487 00488 return( diff ); 00489 } 00490 00491 #ifdef __cplusplus 00492 } 00493 #endif 00494 00495 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 12:52:47 by
1.7.2