Rough and ready port of axTLS
ssl/tls1.h@0:5a29fd060ac8, 2013-05-13 (annotated)
- Committer:
- ashleymills
- Date:
- Mon May 13 18:15:18 2013 +0000
- Revision:
- 0:5a29fd060ac8
initial commit
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ashleymills | 0:5a29fd060ac8 | 1 | /* |
ashleymills | 0:5a29fd060ac8 | 2 | * Copyright (c) 2007, Cameron Rich |
ashleymills | 0:5a29fd060ac8 | 3 | * |
ashleymills | 0:5a29fd060ac8 | 4 | * All rights reserved. |
ashleymills | 0:5a29fd060ac8 | 5 | * |
ashleymills | 0:5a29fd060ac8 | 6 | * Redistribution and use in source and binary forms, with or without |
ashleymills | 0:5a29fd060ac8 | 7 | * modification, are permitted provided that the following conditions are met: |
ashleymills | 0:5a29fd060ac8 | 8 | * |
ashleymills | 0:5a29fd060ac8 | 9 | * * Redistributions of source code must retain the above copyright notice, |
ashleymills | 0:5a29fd060ac8 | 10 | * this list of conditions and the following disclaimer. |
ashleymills | 0:5a29fd060ac8 | 11 | * * Redistributions in binary form must reproduce the above copyright notice, |
ashleymills | 0:5a29fd060ac8 | 12 | * this list of conditions and the following disclaimer in the documentation |
ashleymills | 0:5a29fd060ac8 | 13 | * and/or other materials provided with the distribution. |
ashleymills | 0:5a29fd060ac8 | 14 | * * Neither the name of the axTLS project nor the names of its contributors |
ashleymills | 0:5a29fd060ac8 | 15 | * may be used to endorse or promote products derived from this software |
ashleymills | 0:5a29fd060ac8 | 16 | * without specific prior written permission. |
ashleymills | 0:5a29fd060ac8 | 17 | * |
ashleymills | 0:5a29fd060ac8 | 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
ashleymills | 0:5a29fd060ac8 | 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
ashleymills | 0:5a29fd060ac8 | 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
ashleymills | 0:5a29fd060ac8 | 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
ashleymills | 0:5a29fd060ac8 | 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
ashleymills | 0:5a29fd060ac8 | 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
ashleymills | 0:5a29fd060ac8 | 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
ashleymills | 0:5a29fd060ac8 | 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
ashleymills | 0:5a29fd060ac8 | 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
ashleymills | 0:5a29fd060ac8 | 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
ashleymills | 0:5a29fd060ac8 | 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
ashleymills | 0:5a29fd060ac8 | 29 | */ |
ashleymills | 0:5a29fd060ac8 | 30 | |
ashleymills | 0:5a29fd060ac8 | 31 | /** |
ashleymills | 0:5a29fd060ac8 | 32 | * @file tls1.h |
ashleymills | 0:5a29fd060ac8 | 33 | * |
ashleymills | 0:5a29fd060ac8 | 34 | * @brief The definitions for the TLS library. |
ashleymills | 0:5a29fd060ac8 | 35 | */ |
ashleymills | 0:5a29fd060ac8 | 36 | #ifndef HEADER_SSL_LIB_H |
ashleymills | 0:5a29fd060ac8 | 37 | #define HEADER_SSL_LIB_H |
ashleymills | 0:5a29fd060ac8 | 38 | |
ashleymills | 0:5a29fd060ac8 | 39 | #ifdef __cplusplus |
ashleymills | 0:5a29fd060ac8 | 40 | extern "C" { |
ashleymills | 0:5a29fd060ac8 | 41 | #endif |
ashleymills | 0:5a29fd060ac8 | 42 | |
ashleymills | 0:5a29fd060ac8 | 43 | #include "version.h" |
ashleymills | 0:5a29fd060ac8 | 44 | #include "os_int.h" |
ashleymills | 0:5a29fd060ac8 | 45 | #include "crypto.h" |
ashleymills | 0:5a29fd060ac8 | 46 | #include "crypto_misc.h" |
ashleymills | 0:5a29fd060ac8 | 47 | |
ashleymills | 0:5a29fd060ac8 | 48 | #include "config.h" |
ashleymills | 0:5a29fd060ac8 | 49 | |
ashleymills | 0:5a29fd060ac8 | 50 | #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */ |
ashleymills | 0:5a29fd060ac8 | 51 | #define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */ |
ashleymills | 0:5a29fd060ac8 | 52 | #define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */ |
ashleymills | 0:5a29fd060ac8 | 53 | #define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */ |
ashleymills | 0:5a29fd060ac8 | 54 | #define SSL_RANDOM_SIZE 32 |
ashleymills | 0:5a29fd060ac8 | 55 | #define SSL_SECRET_SIZE 48 |
ashleymills | 0:5a29fd060ac8 | 56 | #define SSL_FINISHED_HASH_SIZE 12 |
ashleymills | 0:5a29fd060ac8 | 57 | #define SSL_RECORD_SIZE 5 |
ashleymills | 0:5a29fd060ac8 | 58 | #define SSL_SERVER_READ 0 |
ashleymills | 0:5a29fd060ac8 | 59 | #define SSL_SERVER_WRITE 1 |
ashleymills | 0:5a29fd060ac8 | 60 | #define SSL_CLIENT_READ 2 |
ashleymills | 0:5a29fd060ac8 | 61 | #define SSL_CLIENT_WRITE 3 |
ashleymills | 0:5a29fd060ac8 | 62 | #define SSL_HS_HDR_SIZE 4 |
ashleymills | 0:5a29fd060ac8 | 63 | |
ashleymills | 0:5a29fd060ac8 | 64 | /* the flags we use while establishing a connection */ |
ashleymills | 0:5a29fd060ac8 | 65 | #define SSL_NEED_RECORD 0x0001 |
ashleymills | 0:5a29fd060ac8 | 66 | #define SSL_TX_ENCRYPTED 0x0002 |
ashleymills | 0:5a29fd060ac8 | 67 | #define SSL_RX_ENCRYPTED 0x0004 |
ashleymills | 0:5a29fd060ac8 | 68 | #define SSL_SESSION_RESUME 0x0008 |
ashleymills | 0:5a29fd060ac8 | 69 | #define SSL_IS_CLIENT 0x0010 |
ashleymills | 0:5a29fd060ac8 | 70 | #define SSL_HAS_CERT_REQ 0x0020 |
ashleymills | 0:5a29fd060ac8 | 71 | #define SSL_SENT_CLOSE_NOTIFY 0x0040 |
ashleymills | 0:5a29fd060ac8 | 72 | |
ashleymills | 0:5a29fd060ac8 | 73 | /* some macros to muck around with flag bits */ |
ashleymills | 0:5a29fd060ac8 | 74 | #define SET_SSL_FLAG(A) (ssl->flag |= A) |
ashleymills | 0:5a29fd060ac8 | 75 | #define CLR_SSL_FLAG(A) (ssl->flag &= ~A) |
ashleymills | 0:5a29fd060ac8 | 76 | #define IS_SET_SSL_FLAG(A) (ssl->flag & A) |
ashleymills | 0:5a29fd060ac8 | 77 | |
ashleymills | 0:5a29fd060ac8 | 78 | #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */ |
ashleymills | 0:5a29fd060ac8 | 79 | #define RT_MAX_PLAIN_LENGTH 2048//16384 |
ashleymills | 0:5a29fd060ac8 | 80 | #define RT_EXTRA 512//1024 |
ashleymills | 0:5a29fd060ac8 | 81 | #define BM_RECORD_OFFSET 5 |
ashleymills | 0:5a29fd060ac8 | 82 | |
ashleymills | 0:5a29fd060ac8 | 83 | #ifdef CONFIG_SSL_SKELETON_MODE |
ashleymills | 0:5a29fd060ac8 | 84 | #define NUM_PROTOCOLS 1 |
ashleymills | 0:5a29fd060ac8 | 85 | #else |
ashleymills | 0:5a29fd060ac8 | 86 | #define NUM_PROTOCOLS 4 |
ashleymills | 0:5a29fd060ac8 | 87 | #endif |
ashleymills | 0:5a29fd060ac8 | 88 | |
ashleymills | 0:5a29fd060ac8 | 89 | #define PARANOIA_CHECK(A, B) if (A < B) { \ |
ashleymills | 0:5a29fd060ac8 | 90 | ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } |
ashleymills | 0:5a29fd060ac8 | 91 | |
ashleymills | 0:5a29fd060ac8 | 92 | /* protocol types */ |
ashleymills | 0:5a29fd060ac8 | 93 | enum |
ashleymills | 0:5a29fd060ac8 | 94 | { |
ashleymills | 0:5a29fd060ac8 | 95 | PT_CHANGE_CIPHER_SPEC = 20, |
ashleymills | 0:5a29fd060ac8 | 96 | PT_ALERT_PROTOCOL, |
ashleymills | 0:5a29fd060ac8 | 97 | PT_HANDSHAKE_PROTOCOL, |
ashleymills | 0:5a29fd060ac8 | 98 | PT_APP_PROTOCOL_DATA |
ashleymills | 0:5a29fd060ac8 | 99 | }; |
ashleymills | 0:5a29fd060ac8 | 100 | |
ashleymills | 0:5a29fd060ac8 | 101 | /* handshaking types */ |
ashleymills | 0:5a29fd060ac8 | 102 | enum |
ashleymills | 0:5a29fd060ac8 | 103 | { |
ashleymills | 0:5a29fd060ac8 | 104 | HS_HELLO_REQUEST, |
ashleymills | 0:5a29fd060ac8 | 105 | HS_CLIENT_HELLO, |
ashleymills | 0:5a29fd060ac8 | 106 | HS_SERVER_HELLO, |
ashleymills | 0:5a29fd060ac8 | 107 | HS_CERTIFICATE = 11, |
ashleymills | 0:5a29fd060ac8 | 108 | HS_SERVER_KEY_XCHG, |
ashleymills | 0:5a29fd060ac8 | 109 | HS_CERT_REQ, |
ashleymills | 0:5a29fd060ac8 | 110 | HS_SERVER_HELLO_DONE, |
ashleymills | 0:5a29fd060ac8 | 111 | HS_CERT_VERIFY, |
ashleymills | 0:5a29fd060ac8 | 112 | HS_CLIENT_KEY_XCHG, |
ashleymills | 0:5a29fd060ac8 | 113 | HS_FINISHED = 20 |
ashleymills | 0:5a29fd060ac8 | 114 | }; |
ashleymills | 0:5a29fd060ac8 | 115 | |
ashleymills | 0:5a29fd060ac8 | 116 | typedef struct |
ashleymills | 0:5a29fd060ac8 | 117 | { |
ashleymills | 0:5a29fd060ac8 | 118 | uint8_t cipher; |
ashleymills | 0:5a29fd060ac8 | 119 | uint8_t key_size; |
ashleymills | 0:5a29fd060ac8 | 120 | uint8_t iv_size; |
ashleymills | 0:5a29fd060ac8 | 121 | uint8_t key_block_size; |
ashleymills | 0:5a29fd060ac8 | 122 | uint8_t padding_size; |
ashleymills | 0:5a29fd060ac8 | 123 | uint8_t digest_size; |
ashleymills | 0:5a29fd060ac8 | 124 | hmac_func hmac; |
ashleymills | 0:5a29fd060ac8 | 125 | crypt_func encrypt; |
ashleymills | 0:5a29fd060ac8 | 126 | crypt_func decrypt; |
ashleymills | 0:5a29fd060ac8 | 127 | } cipher_info_t; |
ashleymills | 0:5a29fd060ac8 | 128 | |
ashleymills | 0:5a29fd060ac8 | 129 | struct _SSLObjLoader |
ashleymills | 0:5a29fd060ac8 | 130 | { |
ashleymills | 0:5a29fd060ac8 | 131 | uint8_t *buf; |
ashleymills | 0:5a29fd060ac8 | 132 | int len; |
ashleymills | 0:5a29fd060ac8 | 133 | }; |
ashleymills | 0:5a29fd060ac8 | 134 | |
ashleymills | 0:5a29fd060ac8 | 135 | typedef struct _SSLObjLoader SSLObjLoader; |
ashleymills | 0:5a29fd060ac8 | 136 | |
ashleymills | 0:5a29fd060ac8 | 137 | typedef struct |
ashleymills | 0:5a29fd060ac8 | 138 | { |
ashleymills | 0:5a29fd060ac8 | 139 | time_t conn_time; |
ashleymills | 0:5a29fd060ac8 | 140 | uint8_t session_id[SSL_SESSION_ID_SIZE]; |
ashleymills | 0:5a29fd060ac8 | 141 | uint8_t master_secret[SSL_SECRET_SIZE]; |
ashleymills | 0:5a29fd060ac8 | 142 | } SSL_SESSION; |
ashleymills | 0:5a29fd060ac8 | 143 | |
ashleymills | 0:5a29fd060ac8 | 144 | typedef struct |
ashleymills | 0:5a29fd060ac8 | 145 | { |
ashleymills | 0:5a29fd060ac8 | 146 | uint8_t *buf; |
ashleymills | 0:5a29fd060ac8 | 147 | int size; |
ashleymills | 0:5a29fd060ac8 | 148 | } SSL_CERT; |
ashleymills | 0:5a29fd060ac8 | 149 | |
ashleymills | 0:5a29fd060ac8 | 150 | typedef struct |
ashleymills | 0:5a29fd060ac8 | 151 | { |
ashleymills | 0:5a29fd060ac8 | 152 | MD5_CTX md5_ctx; |
ashleymills | 0:5a29fd060ac8 | 153 | SHA1_CTX sha1_ctx; |
ashleymills | 0:5a29fd060ac8 | 154 | uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE]; |
ashleymills | 0:5a29fd060ac8 | 155 | uint8_t *key_block; |
ashleymills | 0:5a29fd060ac8 | 156 | uint8_t master_secret[SSL_SECRET_SIZE]; |
ashleymills | 0:5a29fd060ac8 | 157 | uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ |
ashleymills | 0:5a29fd060ac8 | 158 | uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ |
ashleymills | 0:5a29fd060ac8 | 159 | uint16_t bm_proc_index; |
ashleymills | 0:5a29fd060ac8 | 160 | } DISPOSABLE_CTX; |
ashleymills | 0:5a29fd060ac8 | 161 | |
ashleymills | 0:5a29fd060ac8 | 162 | struct _SSL |
ashleymills | 0:5a29fd060ac8 | 163 | { |
ashleymills | 0:5a29fd060ac8 | 164 | uint32_t flag; |
ashleymills | 0:5a29fd060ac8 | 165 | uint16_t need_bytes; |
ashleymills | 0:5a29fd060ac8 | 166 | uint16_t got_bytes; |
ashleymills | 0:5a29fd060ac8 | 167 | uint8_t record_type; |
ashleymills | 0:5a29fd060ac8 | 168 | uint8_t cipher; |
ashleymills | 0:5a29fd060ac8 | 169 | uint8_t sess_id_size; |
ashleymills | 0:5a29fd060ac8 | 170 | uint8_t version; |
ashleymills | 0:5a29fd060ac8 | 171 | uint8_t client_version; |
ashleymills | 0:5a29fd060ac8 | 172 | int16_t next_state; |
ashleymills | 0:5a29fd060ac8 | 173 | int16_t hs_status; |
ashleymills | 0:5a29fd060ac8 | 174 | DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */ |
ashleymills | 0:5a29fd060ac8 | 175 | int client_fd; |
ashleymills | 0:5a29fd060ac8 | 176 | const cipher_info_t *cipher_info; |
ashleymills | 0:5a29fd060ac8 | 177 | void *encrypt_ctx; |
ashleymills | 0:5a29fd060ac8 | 178 | void *decrypt_ctx; |
ashleymills | 0:5a29fd060ac8 | 179 | uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA]; |
ashleymills | 0:5a29fd060ac8 | 180 | uint8_t *bm_data; |
ashleymills | 0:5a29fd060ac8 | 181 | uint16_t bm_index; |
ashleymills | 0:5a29fd060ac8 | 182 | uint16_t bm_read_index; |
ashleymills | 0:5a29fd060ac8 | 183 | struct _SSL *next; /* doubly linked list */ |
ashleymills | 0:5a29fd060ac8 | 184 | struct _SSL *prev; |
ashleymills | 0:5a29fd060ac8 | 185 | struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ |
ashleymills | 0:5a29fd060ac8 | 186 | #ifndef CONFIG_SSL_SKELETON_MODE |
ashleymills | 0:5a29fd060ac8 | 187 | uint16_t session_index; |
ashleymills | 0:5a29fd060ac8 | 188 | SSL_SESSION *session; |
ashleymills | 0:5a29fd060ac8 | 189 | #endif |
ashleymills | 0:5a29fd060ac8 | 190 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
ashleymills | 0:5a29fd060ac8 | 191 | X509_CTX *x509_ctx; |
ashleymills | 0:5a29fd060ac8 | 192 | #endif |
ashleymills | 0:5a29fd060ac8 | 193 | |
ashleymills | 0:5a29fd060ac8 | 194 | uint8_t session_id[SSL_SESSION_ID_SIZE]; |
ashleymills | 0:5a29fd060ac8 | 195 | uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */ |
ashleymills | 0:5a29fd060ac8 | 196 | uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */ |
ashleymills | 0:5a29fd060ac8 | 197 | uint8_t read_sequence[8]; /* 64 bit sequence number */ |
ashleymills | 0:5a29fd060ac8 | 198 | uint8_t write_sequence[8]; /* 64 bit sequence number */ |
ashleymills | 0:5a29fd060ac8 | 199 | uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ |
ashleymills | 0:5a29fd060ac8 | 200 | }; |
ashleymills | 0:5a29fd060ac8 | 201 | |
ashleymills | 0:5a29fd060ac8 | 202 | typedef struct _SSL SSL; |
ashleymills | 0:5a29fd060ac8 | 203 | |
ashleymills | 0:5a29fd060ac8 | 204 | struct _SSL_CTX |
ashleymills | 0:5a29fd060ac8 | 205 | { |
ashleymills | 0:5a29fd060ac8 | 206 | uint32_t options; |
ashleymills | 0:5a29fd060ac8 | 207 | uint8_t chain_length; |
ashleymills | 0:5a29fd060ac8 | 208 | RSA_CTX *rsa_ctx; |
ashleymills | 0:5a29fd060ac8 | 209 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
ashleymills | 0:5a29fd060ac8 | 210 | CA_CERT_CTX *ca_cert_ctx; |
ashleymills | 0:5a29fd060ac8 | 211 | #endif |
ashleymills | 0:5a29fd060ac8 | 212 | SSL *head; |
ashleymills | 0:5a29fd060ac8 | 213 | SSL *tail; |
ashleymills | 0:5a29fd060ac8 | 214 | SSL_CERT certs[CONFIG_SSL_MAX_CERTS]; |
ashleymills | 0:5a29fd060ac8 | 215 | #ifndef CONFIG_SSL_SKELETON_MODE |
ashleymills | 0:5a29fd060ac8 | 216 | uint16_t num_sessions; |
ashleymills | 0:5a29fd060ac8 | 217 | SSL_SESSION **ssl_sessions; |
ashleymills | 0:5a29fd060ac8 | 218 | #endif |
ashleymills | 0:5a29fd060ac8 | 219 | #ifdef CONFIG_SSL_CTX_MUTEXING |
ashleymills | 0:5a29fd060ac8 | 220 | SSL_CTX_MUTEX_TYPE mutex; |
ashleymills | 0:5a29fd060ac8 | 221 | #endif |
ashleymills | 0:5a29fd060ac8 | 222 | #ifdef CONFIG_OPENSSL_COMPATIBLE |
ashleymills | 0:5a29fd060ac8 | 223 | void *bonus_attr; |
ashleymills | 0:5a29fd060ac8 | 224 | #endif |
ashleymills | 0:5a29fd060ac8 | 225 | }; |
ashleymills | 0:5a29fd060ac8 | 226 | |
ashleymills | 0:5a29fd060ac8 | 227 | typedef struct _SSL_CTX SSL_CTX; |
ashleymills | 0:5a29fd060ac8 | 228 | |
ashleymills | 0:5a29fd060ac8 | 229 | /* backwards compatibility */ |
ashleymills | 0:5a29fd060ac8 | 230 | typedef struct _SSL_CTX SSLCTX; |
ashleymills | 0:5a29fd060ac8 | 231 | |
ashleymills | 0:5a29fd060ac8 | 232 | extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; |
ashleymills | 0:5a29fd060ac8 | 233 | |
ashleymills | 0:5a29fd060ac8 | 234 | SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); |
ashleymills | 0:5a29fd060ac8 | 235 | void disposable_new(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 236 | void disposable_free(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 237 | int send_packet(SSL *ssl, uint8_t protocol, |
ashleymills | 0:5a29fd060ac8 | 238 | const uint8_t *in, int length); |
ashleymills | 0:5a29fd060ac8 | 239 | int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); |
ashleymills | 0:5a29fd060ac8 | 240 | int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); |
ashleymills | 0:5a29fd060ac8 | 241 | int process_finished(SSL *ssl, uint8_t *buf, int hs_len); |
ashleymills | 0:5a29fd060ac8 | 242 | int process_sslv23_client_hello(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 243 | int send_alert(SSL *ssl, int error_code); |
ashleymills | 0:5a29fd060ac8 | 244 | int send_finished(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 245 | int send_certificate(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 246 | int basic_read(SSL *ssl, uint8_t **in_data); |
ashleymills | 0:5a29fd060ac8 | 247 | int send_change_cipher_spec(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 248 | void finished_digest(SSL *ssl, const char *label, uint8_t *digest); |
ashleymills | 0:5a29fd060ac8 | 249 | void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); |
ashleymills | 0:5a29fd060ac8 | 250 | void add_packet(SSL *ssl, const uint8_t *pkt, int len); |
ashleymills | 0:5a29fd060ac8 | 251 | int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); |
ashleymills | 0:5a29fd060ac8 | 252 | int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); |
ashleymills | 0:5a29fd060ac8 | 253 | void ssl_obj_free(SSLObjLoader *ssl_obj); |
ashleymills | 0:5a29fd060ac8 | 254 | int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); |
ashleymills | 0:5a29fd060ac8 | 255 | int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); |
ashleymills | 0:5a29fd060ac8 | 256 | int load_key_certs(SSL_CTX *ssl_ctx); |
ashleymills | 0:5a29fd060ac8 | 257 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
ashleymills | 0:5a29fd060ac8 | 258 | int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); |
ashleymills | 0:5a29fd060ac8 | 259 | void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); |
ashleymills | 0:5a29fd060ac8 | 260 | #endif |
ashleymills | 0:5a29fd060ac8 | 261 | #ifdef CONFIG_SSL_ENABLE_CLIENT |
ashleymills | 0:5a29fd060ac8 | 262 | int do_client_connect(SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 263 | #endif |
ashleymills | 0:5a29fd060ac8 | 264 | |
ashleymills | 0:5a29fd060ac8 | 265 | #ifdef CONFIG_SSL_FULL_MODE |
ashleymills | 0:5a29fd060ac8 | 266 | void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok); |
ashleymills | 0:5a29fd060ac8 | 267 | void DISPLAY_BYTES(SSL *ssl, const char *format, |
ashleymills | 0:5a29fd060ac8 | 268 | const uint8_t *data, int size, ...); |
ashleymills | 0:5a29fd060ac8 | 269 | void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx); |
ashleymills | 0:5a29fd060ac8 | 270 | void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx); |
ashleymills | 0:5a29fd060ac8 | 271 | void DISPLAY_ALERT(SSL *ssl, int alert); |
ashleymills | 0:5a29fd060ac8 | 272 | #else |
ashleymills | 0:5a29fd060ac8 | 273 | #define DISPLAY_STATE(A,B,C,D) |
ashleymills | 0:5a29fd060ac8 | 274 | #define DISPLAY_CERT(A,B) |
ashleymills | 0:5a29fd060ac8 | 275 | #define DISPLAY_RSA(A,B) |
ashleymills | 0:5a29fd060ac8 | 276 | #define DISPLAY_ALERT(A, B) |
ashleymills | 0:5a29fd060ac8 | 277 | #ifdef WIN32 |
ashleymills | 0:5a29fd060ac8 | 278 | void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ |
ashleymills | 0:5a29fd060ac8 | 279 | const uint8_t *data, int size, ...); |
ashleymills | 0:5a29fd060ac8 | 280 | #else |
ashleymills | 0:5a29fd060ac8 | 281 | #define DISPLAY_BYTES(A,B,C,D,...) |
ashleymills | 0:5a29fd060ac8 | 282 | #endif |
ashleymills | 0:5a29fd060ac8 | 283 | #endif |
ashleymills | 0:5a29fd060ac8 | 284 | |
ashleymills | 0:5a29fd060ac8 | 285 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
ashleymills | 0:5a29fd060ac8 | 286 | int process_certificate(SSL *ssl, X509_CTX **x509_ctx); |
ashleymills | 0:5a29fd060ac8 | 287 | #endif |
ashleymills | 0:5a29fd060ac8 | 288 | |
ashleymills | 0:5a29fd060ac8 | 289 | SSL_SESSION *ssl_session_update(int max_sessions, |
ashleymills | 0:5a29fd060ac8 | 290 | SSL_SESSION *ssl_sessions[], SSL *ssl, |
ashleymills | 0:5a29fd060ac8 | 291 | const uint8_t *session_id); |
ashleymills | 0:5a29fd060ac8 | 292 | void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl); |
ashleymills | 0:5a29fd060ac8 | 293 | |
ashleymills | 0:5a29fd060ac8 | 294 | #ifdef __cplusplus |
ashleymills | 0:5a29fd060ac8 | 295 | } |
ashleymills | 0:5a29fd060ac8 | 296 | #endif |
ashleymills | 0:5a29fd060ac8 | 297 | |
ashleymills | 0:5a29fd060ac8 | 298 | #endif |