Modified mbed TLS headers for AES functionality only to reduce build size
Dependents: BLE_Gateway_Linker_fix BLE_Gateway
Fork of mbedtls by
mbedtls/ssl_internal.h@5:f09f5ed830ca, 2017-07-10 (annotated)
- Committer:
- electronichamsters
- Date:
- Mon Jul 10 04:00:25 2017 +0000
- Revision:
- 5:f09f5ed830ca
- Parent:
- 1:24750b9ad5ef
working gateway
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
Christopher Haster |
1:24750b9ad5ef | 1 | /** |
Christopher Haster |
1:24750b9ad5ef | 2 | * \file ssl_ticket.h |
Christopher Haster |
1:24750b9ad5ef | 3 | * |
Christopher Haster |
1:24750b9ad5ef | 4 | * \brief Internal functions shared by the SSL modules |
Christopher Haster |
1:24750b9ad5ef | 5 | * |
Christopher Haster |
1:24750b9ad5ef | 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
Christopher Haster |
1:24750b9ad5ef | 7 | * SPDX-License-Identifier: Apache-2.0 |
Christopher Haster |
1:24750b9ad5ef | 8 | * |
Christopher Haster |
1:24750b9ad5ef | 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
Christopher Haster |
1:24750b9ad5ef | 10 | * not use this file except in compliance with the License. |
Christopher Haster |
1:24750b9ad5ef | 11 | * You may obtain a copy of the License at |
Christopher Haster |
1:24750b9ad5ef | 12 | * |
Christopher Haster |
1:24750b9ad5ef | 13 | * http://www.apache.org/licenses/LICENSE-2.0 |
Christopher Haster |
1:24750b9ad5ef | 14 | * |
Christopher Haster |
1:24750b9ad5ef | 15 | * Unless required by applicable law or agreed to in writing, software |
Christopher Haster |
1:24750b9ad5ef | 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
Christopher Haster |
1:24750b9ad5ef | 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
Christopher Haster |
1:24750b9ad5ef | 18 | * See the License for the specific language governing permissions and |
Christopher Haster |
1:24750b9ad5ef | 19 | * limitations under the License. |
Christopher Haster |
1:24750b9ad5ef | 20 | * |
Christopher Haster |
1:24750b9ad5ef | 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
Christopher Haster |
1:24750b9ad5ef | 22 | */ |
Christopher Haster |
1:24750b9ad5ef | 23 | #ifndef MBEDTLS_SSL_INTERNAL_H |
Christopher Haster |
1:24750b9ad5ef | 24 | #define MBEDTLS_SSL_INTERNAL_H |
Christopher Haster |
1:24750b9ad5ef | 25 | |
Christopher Haster |
1:24750b9ad5ef | 26 | #include "ssl.h" |
Christopher Haster |
1:24750b9ad5ef | 27 | |
Christopher Haster |
1:24750b9ad5ef | 28 | #if defined(MBEDTLS_MD5_C) |
Christopher Haster |
1:24750b9ad5ef | 29 | #include "md5.h" |
Christopher Haster |
1:24750b9ad5ef | 30 | #endif |
Christopher Haster |
1:24750b9ad5ef | 31 | |
Christopher Haster |
1:24750b9ad5ef | 32 | #if defined(MBEDTLS_SHA1_C) |
Christopher Haster |
1:24750b9ad5ef | 33 | #include "sha1.h" |
Christopher Haster |
1:24750b9ad5ef | 34 | #endif |
Christopher Haster |
1:24750b9ad5ef | 35 | |
Christopher Haster |
1:24750b9ad5ef | 36 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 37 | #include "sha256.h" |
Christopher Haster |
1:24750b9ad5ef | 38 | #endif |
Christopher Haster |
1:24750b9ad5ef | 39 | |
Christopher Haster |
1:24750b9ad5ef | 40 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 41 | #include "sha512.h" |
Christopher Haster |
1:24750b9ad5ef | 42 | #endif |
Christopher Haster |
1:24750b9ad5ef | 43 | |
Christopher Haster |
1:24750b9ad5ef | 44 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 45 | #include "ecjpake.h" |
Christopher Haster |
1:24750b9ad5ef | 46 | #endif |
Christopher Haster |
1:24750b9ad5ef | 47 | |
Christopher Haster |
1:24750b9ad5ef | 48 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ |
Christopher Haster |
1:24750b9ad5ef | 49 | !defined(inline) && !defined(__cplusplus) |
Christopher Haster |
1:24750b9ad5ef | 50 | #define inline __inline |
Christopher Haster |
1:24750b9ad5ef | 51 | #endif |
Christopher Haster |
1:24750b9ad5ef | 52 | |
Christopher Haster |
1:24750b9ad5ef | 53 | /* Determine minimum supported version */ |
Christopher Haster |
1:24750b9ad5ef | 54 | #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Christopher Haster |
1:24750b9ad5ef | 55 | |
Christopher Haster |
1:24750b9ad5ef | 56 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 57 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 |
Christopher Haster |
1:24750b9ad5ef | 58 | #else |
Christopher Haster |
1:24750b9ad5ef | 59 | #if defined(MBEDTLS_SSL_PROTO_TLS1) |
Christopher Haster |
1:24750b9ad5ef | 60 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 |
Christopher Haster |
1:24750b9ad5ef | 61 | #else |
Christopher Haster |
1:24750b9ad5ef | 62 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 63 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 |
Christopher Haster |
1:24750b9ad5ef | 64 | #else |
Christopher Haster |
1:24750b9ad5ef | 65 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 66 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 |
Christopher Haster |
1:24750b9ad5ef | 67 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 68 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ |
Christopher Haster |
1:24750b9ad5ef | 69 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */ |
Christopher Haster |
1:24750b9ad5ef | 70 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 71 | |
Christopher Haster |
1:24750b9ad5ef | 72 | /* Determine maximum supported version */ |
Christopher Haster |
1:24750b9ad5ef | 73 | #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Christopher Haster |
1:24750b9ad5ef | 74 | |
Christopher Haster |
1:24750b9ad5ef | 75 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 76 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 |
Christopher Haster |
1:24750b9ad5ef | 77 | #else |
Christopher Haster |
1:24750b9ad5ef | 78 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 79 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 |
Christopher Haster |
1:24750b9ad5ef | 80 | #else |
Christopher Haster |
1:24750b9ad5ef | 81 | #if defined(MBEDTLS_SSL_PROTO_TLS1) |
Christopher Haster |
1:24750b9ad5ef | 82 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 |
Christopher Haster |
1:24750b9ad5ef | 83 | #else |
Christopher Haster |
1:24750b9ad5ef | 84 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 85 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 |
Christopher Haster |
1:24750b9ad5ef | 86 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 87 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */ |
Christopher Haster |
1:24750b9ad5ef | 88 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ |
Christopher Haster |
1:24750b9ad5ef | 89 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 90 | |
Christopher Haster |
1:24750b9ad5ef | 91 | #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 |
Christopher Haster |
1:24750b9ad5ef | 92 | #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ |
Christopher Haster |
1:24750b9ad5ef | 93 | #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ |
Christopher Haster |
1:24750b9ad5ef | 94 | #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ |
Christopher Haster |
1:24750b9ad5ef | 95 | |
Christopher Haster |
1:24750b9ad5ef | 96 | /* |
Christopher Haster |
1:24750b9ad5ef | 97 | * DTLS retransmission states, see RFC 6347 4.2.4 |
Christopher Haster |
1:24750b9ad5ef | 98 | * |
Christopher Haster |
1:24750b9ad5ef | 99 | * The SENDING state is merged in PREPARING for initial sends, |
Christopher Haster |
1:24750b9ad5ef | 100 | * but is distinct for resends. |
Christopher Haster |
1:24750b9ad5ef | 101 | * |
Christopher Haster |
1:24750b9ad5ef | 102 | * Note: initial state is wrong for server, but is not used anyway. |
Christopher Haster |
1:24750b9ad5ef | 103 | */ |
Christopher Haster |
1:24750b9ad5ef | 104 | #define MBEDTLS_SSL_RETRANS_PREPARING 0 |
Christopher Haster |
1:24750b9ad5ef | 105 | #define MBEDTLS_SSL_RETRANS_SENDING 1 |
Christopher Haster |
1:24750b9ad5ef | 106 | #define MBEDTLS_SSL_RETRANS_WAITING 2 |
Christopher Haster |
1:24750b9ad5ef | 107 | #define MBEDTLS_SSL_RETRANS_FINISHED 3 |
Christopher Haster |
1:24750b9ad5ef | 108 | |
Christopher Haster |
1:24750b9ad5ef | 109 | /* |
Christopher Haster |
1:24750b9ad5ef | 110 | * Allow extra bytes for record, authentication and encryption overhead: |
Christopher Haster |
1:24750b9ad5ef | 111 | * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) |
Christopher Haster |
1:24750b9ad5ef | 112 | * and allow for a maximum of 1024 of compression expansion if |
Christopher Haster |
1:24750b9ad5ef | 113 | * enabled. |
Christopher Haster |
1:24750b9ad5ef | 114 | */ |
Christopher Haster |
1:24750b9ad5ef | 115 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 116 | #define MBEDTLS_SSL_COMPRESSION_ADD 1024 |
Christopher Haster |
1:24750b9ad5ef | 117 | #else |
Christopher Haster |
1:24750b9ad5ef | 118 | #define MBEDTLS_SSL_COMPRESSION_ADD 0 |
Christopher Haster |
1:24750b9ad5ef | 119 | #endif |
Christopher Haster |
1:24750b9ad5ef | 120 | |
Christopher Haster |
1:24750b9ad5ef | 121 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) |
Christopher Haster |
1:24750b9ad5ef | 122 | /* Ciphersuites using HMAC */ |
Christopher Haster |
1:24750b9ad5ef | 123 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 124 | #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ |
Christopher Haster |
1:24750b9ad5ef | 125 | #elif defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 126 | #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ |
Christopher Haster |
1:24750b9ad5ef | 127 | #else |
Christopher Haster |
1:24750b9ad5ef | 128 | #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ |
Christopher Haster |
1:24750b9ad5ef | 129 | #endif |
Christopher Haster |
1:24750b9ad5ef | 130 | #else |
Christopher Haster |
1:24750b9ad5ef | 131 | /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ |
Christopher Haster |
1:24750b9ad5ef | 132 | #define MBEDTLS_SSL_MAC_ADD 16 |
Christopher Haster |
1:24750b9ad5ef | 133 | #endif |
Christopher Haster |
1:24750b9ad5ef | 134 | |
Christopher Haster |
1:24750b9ad5ef | 135 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
Christopher Haster |
1:24750b9ad5ef | 136 | #define MBEDTLS_SSL_PADDING_ADD 256 |
Christopher Haster |
1:24750b9ad5ef | 137 | #else |
Christopher Haster |
1:24750b9ad5ef | 138 | #define MBEDTLS_SSL_PADDING_ADD 0 |
Christopher Haster |
1:24750b9ad5ef | 139 | #endif |
Christopher Haster |
1:24750b9ad5ef | 140 | |
Christopher Haster |
1:24750b9ad5ef | 141 | #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ |
Christopher Haster |
1:24750b9ad5ef | 142 | + MBEDTLS_SSL_COMPRESSION_ADD \ |
Christopher Haster |
1:24750b9ad5ef | 143 | + 29 /* counter + header + IV */ \ |
Christopher Haster |
1:24750b9ad5ef | 144 | + MBEDTLS_SSL_MAC_ADD \ |
Christopher Haster |
1:24750b9ad5ef | 145 | + MBEDTLS_SSL_PADDING_ADD \ |
Christopher Haster |
1:24750b9ad5ef | 146 | ) |
Christopher Haster |
1:24750b9ad5ef | 147 | |
Christopher Haster |
1:24750b9ad5ef | 148 | /* |
Christopher Haster |
1:24750b9ad5ef | 149 | * TLS extension flags (for extensions with outgoing ServerHello content |
Christopher Haster |
1:24750b9ad5ef | 150 | * that need it (e.g. for RENEGOTIATION_INFO the server already knows because |
Christopher Haster |
1:24750b9ad5ef | 151 | * of state of the renegotiation flag, so no indicator is required) |
Christopher Haster |
1:24750b9ad5ef | 152 | */ |
Christopher Haster |
1:24750b9ad5ef | 153 | #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) |
Christopher Haster |
1:24750b9ad5ef | 154 | #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) |
Christopher Haster |
1:24750b9ad5ef | 155 | |
Christopher Haster |
1:24750b9ad5ef | 156 | #ifdef __cplusplus |
Christopher Haster |
1:24750b9ad5ef | 157 | extern "C" { |
Christopher Haster |
1:24750b9ad5ef | 158 | #endif |
Christopher Haster |
1:24750b9ad5ef | 159 | |
Christopher Haster |
1:24750b9ad5ef | 160 | /* |
Christopher Haster |
1:24750b9ad5ef | 161 | * This structure contains the parameters only needed during handshake. |
Christopher Haster |
1:24750b9ad5ef | 162 | */ |
Christopher Haster |
1:24750b9ad5ef | 163 | struct mbedtls_ssl_handshake_params |
Christopher Haster |
1:24750b9ad5ef | 164 | { |
Christopher Haster |
1:24750b9ad5ef | 165 | /* |
Christopher Haster |
1:24750b9ad5ef | 166 | * Handshake specific crypto variables |
Christopher Haster |
1:24750b9ad5ef | 167 | */ |
Christopher Haster |
1:24750b9ad5ef | 168 | int sig_alg; /*!< Hash algorithm for signature */ |
Christopher Haster |
1:24750b9ad5ef | 169 | int cert_type; /*!< Requested cert type */ |
Christopher Haster |
1:24750b9ad5ef | 170 | int verify_sig_alg; /*!< Signature algorithm for verify */ |
Christopher Haster |
1:24750b9ad5ef | 171 | #if defined(MBEDTLS_DHM_C) |
Christopher Haster |
1:24750b9ad5ef | 172 | mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ |
Christopher Haster |
1:24750b9ad5ef | 173 | #endif |
Christopher Haster |
1:24750b9ad5ef | 174 | #if defined(MBEDTLS_ECDH_C) |
Christopher Haster |
1:24750b9ad5ef | 175 | mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ |
Christopher Haster |
1:24750b9ad5ef | 176 | #endif |
Christopher Haster |
1:24750b9ad5ef | 177 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 178 | mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ |
Christopher Haster |
1:24750b9ad5ef | 179 | #if defined(MBEDTLS_SSL_CLI_C) |
Christopher Haster |
1:24750b9ad5ef | 180 | unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ |
Christopher Haster |
1:24750b9ad5ef | 181 | size_t ecjpake_cache_len; /*!< Length of cached data */ |
Christopher Haster |
1:24750b9ad5ef | 182 | #endif |
Christopher Haster |
1:24750b9ad5ef | 183 | #endif |
Christopher Haster |
1:24750b9ad5ef | 184 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
Christopher Haster |
1:24750b9ad5ef | 185 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 186 | const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ |
Christopher Haster |
1:24750b9ad5ef | 187 | #endif |
Christopher Haster |
1:24750b9ad5ef | 188 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 189 | unsigned char *psk; /*!< PSK from the callback */ |
Christopher Haster |
1:24750b9ad5ef | 190 | size_t psk_len; /*!< Length of PSK from callback */ |
Christopher Haster |
1:24750b9ad5ef | 191 | #endif |
Christopher Haster |
1:24750b9ad5ef | 192 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 193 | mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ |
Christopher Haster |
1:24750b9ad5ef | 194 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Christopher Haster |
1:24750b9ad5ef | 195 | int sni_authmode; /*!< authmode from SNI callback */ |
Christopher Haster |
1:24750b9ad5ef | 196 | mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ |
Christopher Haster |
1:24750b9ad5ef | 197 | mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ |
Christopher Haster |
1:24750b9ad5ef | 198 | mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ |
Christopher Haster |
1:24750b9ad5ef | 199 | #endif |
Christopher Haster |
1:24750b9ad5ef | 200 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 201 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 202 | unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ |
Christopher Haster |
1:24750b9ad5ef | 203 | unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ |
Christopher Haster |
1:24750b9ad5ef | 204 | |
Christopher Haster |
1:24750b9ad5ef | 205 | unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie |
Christopher Haster |
1:24750b9ad5ef | 206 | Srv: unused */ |
Christopher Haster |
1:24750b9ad5ef | 207 | unsigned char verify_cookie_len; /*!< Cli: cookie length |
Christopher Haster |
1:24750b9ad5ef | 208 | Srv: flag for sending a cookie */ |
Christopher Haster |
1:24750b9ad5ef | 209 | |
Christopher Haster |
1:24750b9ad5ef | 210 | unsigned char *hs_msg; /*!< Reassembled handshake message */ |
Christopher Haster |
1:24750b9ad5ef | 211 | |
Christopher Haster |
1:24750b9ad5ef | 212 | uint32_t retransmit_timeout; /*!< Current value of timeout */ |
Christopher Haster |
1:24750b9ad5ef | 213 | unsigned char retransmit_state; /*!< Retransmission state */ |
Christopher Haster |
1:24750b9ad5ef | 214 | mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ |
Christopher Haster |
1:24750b9ad5ef | 215 | mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ |
Christopher Haster |
1:24750b9ad5ef | 216 | unsigned int in_flight_start_seq; /*!< Minimum message sequence in the |
Christopher Haster |
1:24750b9ad5ef | 217 | flight being received */ |
Christopher Haster |
1:24750b9ad5ef | 218 | mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for |
Christopher Haster |
1:24750b9ad5ef | 219 | resending messages */ |
Christopher Haster |
1:24750b9ad5ef | 220 | unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter |
Christopher Haster |
1:24750b9ad5ef | 221 | for resending messages */ |
Christopher Haster |
1:24750b9ad5ef | 222 | #endif |
Christopher Haster |
1:24750b9ad5ef | 223 | |
Christopher Haster |
1:24750b9ad5ef | 224 | /* |
Christopher Haster |
1:24750b9ad5ef | 225 | * Checksum contexts |
Christopher Haster |
1:24750b9ad5ef | 226 | */ |
Christopher Haster |
1:24750b9ad5ef | 227 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
Christopher Haster |
1:24750b9ad5ef | 228 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
Christopher Haster |
1:24750b9ad5ef | 229 | mbedtls_md5_context fin_md5; |
Christopher Haster |
1:24750b9ad5ef | 230 | mbedtls_sha1_context fin_sha1; |
Christopher Haster |
1:24750b9ad5ef | 231 | #endif |
Christopher Haster |
1:24750b9ad5ef | 232 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Christopher Haster |
1:24750b9ad5ef | 233 | #if defined(MBEDTLS_SHA256_C) |
Christopher Haster |
1:24750b9ad5ef | 234 | mbedtls_sha256_context fin_sha256; |
Christopher Haster |
1:24750b9ad5ef | 235 | #endif |
Christopher Haster |
1:24750b9ad5ef | 236 | #if defined(MBEDTLS_SHA512_C) |
Christopher Haster |
1:24750b9ad5ef | 237 | mbedtls_sha512_context fin_sha512; |
Christopher Haster |
1:24750b9ad5ef | 238 | #endif |
Christopher Haster |
1:24750b9ad5ef | 239 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Christopher Haster |
1:24750b9ad5ef | 240 | |
Christopher Haster |
1:24750b9ad5ef | 241 | void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); |
Christopher Haster |
1:24750b9ad5ef | 242 | void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); |
Christopher Haster |
1:24750b9ad5ef | 243 | void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); |
Christopher Haster |
1:24750b9ad5ef | 244 | int (*tls_prf)(const unsigned char *, size_t, const char *, |
Christopher Haster |
1:24750b9ad5ef | 245 | const unsigned char *, size_t, |
Christopher Haster |
1:24750b9ad5ef | 246 | unsigned char *, size_t); |
Christopher Haster |
1:24750b9ad5ef | 247 | |
Christopher Haster |
1:24750b9ad5ef | 248 | size_t pmslen; /*!< premaster length */ |
Christopher Haster |
1:24750b9ad5ef | 249 | |
Christopher Haster |
1:24750b9ad5ef | 250 | unsigned char randbytes[64]; /*!< random bytes */ |
Christopher Haster |
1:24750b9ad5ef | 251 | unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; |
Christopher Haster |
1:24750b9ad5ef | 252 | /*!< premaster secret */ |
Christopher Haster |
1:24750b9ad5ef | 253 | |
Christopher Haster |
1:24750b9ad5ef | 254 | int resume; /*!< session resume indicator*/ |
Christopher Haster |
1:24750b9ad5ef | 255 | int max_major_ver; /*!< max. major version client*/ |
Christopher Haster |
1:24750b9ad5ef | 256 | int max_minor_ver; /*!< max. minor version client*/ |
Christopher Haster |
1:24750b9ad5ef | 257 | int cli_exts; /*!< client extension presence*/ |
Christopher Haster |
1:24750b9ad5ef | 258 | |
Christopher Haster |
1:24750b9ad5ef | 259 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Christopher Haster |
1:24750b9ad5ef | 260 | int new_session_ticket; /*!< use NewSessionTicket? */ |
Christopher Haster |
1:24750b9ad5ef | 261 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
Christopher Haster |
1:24750b9ad5ef | 262 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
Christopher Haster |
1:24750b9ad5ef | 263 | int extended_ms; /*!< use Extended Master Secret? */ |
Christopher Haster |
1:24750b9ad5ef | 264 | #endif |
Christopher Haster |
1:24750b9ad5ef | 265 | }; |
Christopher Haster |
1:24750b9ad5ef | 266 | |
Christopher Haster |
1:24750b9ad5ef | 267 | /* |
Christopher Haster |
1:24750b9ad5ef | 268 | * This structure contains a full set of runtime transform parameters |
Christopher Haster |
1:24750b9ad5ef | 269 | * either in negotiation or active. |
Christopher Haster |
1:24750b9ad5ef | 270 | */ |
Christopher Haster |
1:24750b9ad5ef | 271 | struct mbedtls_ssl_transform |
Christopher Haster |
1:24750b9ad5ef | 272 | { |
Christopher Haster |
1:24750b9ad5ef | 273 | /* |
Christopher Haster |
1:24750b9ad5ef | 274 | * Session specific crypto layer |
Christopher Haster |
1:24750b9ad5ef | 275 | */ |
Christopher Haster |
1:24750b9ad5ef | 276 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info; |
Christopher Haster |
1:24750b9ad5ef | 277 | /*!< Chosen cipersuite_info */ |
Christopher Haster |
1:24750b9ad5ef | 278 | unsigned int keylen; /*!< symmetric key length (bytes) */ |
Christopher Haster |
1:24750b9ad5ef | 279 | size_t minlen; /*!< min. ciphertext length */ |
Christopher Haster |
1:24750b9ad5ef | 280 | size_t ivlen; /*!< IV length */ |
Christopher Haster |
1:24750b9ad5ef | 281 | size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ |
Christopher Haster |
1:24750b9ad5ef | 282 | size_t maclen; /*!< MAC length */ |
Christopher Haster |
1:24750b9ad5ef | 283 | |
Christopher Haster |
1:24750b9ad5ef | 284 | unsigned char iv_enc[16]; /*!< IV (encryption) */ |
Christopher Haster |
1:24750b9ad5ef | 285 | unsigned char iv_dec[16]; /*!< IV (decryption) */ |
Christopher Haster |
1:24750b9ad5ef | 286 | |
Christopher Haster |
1:24750b9ad5ef | 287 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Christopher Haster |
1:24750b9ad5ef | 288 | /* Needed only for SSL v3.0 secret */ |
Christopher Haster |
1:24750b9ad5ef | 289 | unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ |
Christopher Haster |
1:24750b9ad5ef | 290 | unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ |
Christopher Haster |
1:24750b9ad5ef | 291 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Christopher Haster |
1:24750b9ad5ef | 292 | |
Christopher Haster |
1:24750b9ad5ef | 293 | mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ |
Christopher Haster |
1:24750b9ad5ef | 294 | mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ |
Christopher Haster |
1:24750b9ad5ef | 295 | |
Christopher Haster |
1:24750b9ad5ef | 296 | mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ |
Christopher Haster |
1:24750b9ad5ef | 297 | mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ |
Christopher Haster |
1:24750b9ad5ef | 298 | |
Christopher Haster |
1:24750b9ad5ef | 299 | /* |
Christopher Haster |
1:24750b9ad5ef | 300 | * Session specific compression layer |
Christopher Haster |
1:24750b9ad5ef | 301 | */ |
Christopher Haster |
1:24750b9ad5ef | 302 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Christopher Haster |
1:24750b9ad5ef | 303 | z_stream ctx_deflate; /*!< compression context */ |
Christopher Haster |
1:24750b9ad5ef | 304 | z_stream ctx_inflate; /*!< decompression context */ |
Christopher Haster |
1:24750b9ad5ef | 305 | #endif |
Christopher Haster |
1:24750b9ad5ef | 306 | }; |
Christopher Haster |
1:24750b9ad5ef | 307 | |
Christopher Haster |
1:24750b9ad5ef | 308 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 309 | /* |
Christopher Haster |
1:24750b9ad5ef | 310 | * List of certificate + private key pairs |
Christopher Haster |
1:24750b9ad5ef | 311 | */ |
Christopher Haster |
1:24750b9ad5ef | 312 | struct mbedtls_ssl_key_cert |
Christopher Haster |
1:24750b9ad5ef | 313 | { |
Christopher Haster |
1:24750b9ad5ef | 314 | mbedtls_x509_crt *cert; /*!< cert */ |
Christopher Haster |
1:24750b9ad5ef | 315 | mbedtls_pk_context *key; /*!< private key */ |
Christopher Haster |
1:24750b9ad5ef | 316 | mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ |
Christopher Haster |
1:24750b9ad5ef | 317 | }; |
Christopher Haster |
1:24750b9ad5ef | 318 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 319 | |
Christopher Haster |
1:24750b9ad5ef | 320 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 321 | /* |
Christopher Haster |
1:24750b9ad5ef | 322 | * List of handshake messages kept around for resending |
Christopher Haster |
1:24750b9ad5ef | 323 | */ |
Christopher Haster |
1:24750b9ad5ef | 324 | struct mbedtls_ssl_flight_item |
Christopher Haster |
1:24750b9ad5ef | 325 | { |
Christopher Haster |
1:24750b9ad5ef | 326 | unsigned char *p; /*!< message, including handshake headers */ |
Christopher Haster |
1:24750b9ad5ef | 327 | size_t len; /*!< length of p */ |
Christopher Haster |
1:24750b9ad5ef | 328 | unsigned char type; /*!< type of the message: handshake or CCS */ |
Christopher Haster |
1:24750b9ad5ef | 329 | mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ |
Christopher Haster |
1:24750b9ad5ef | 330 | }; |
Christopher Haster |
1:24750b9ad5ef | 331 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Christopher Haster |
1:24750b9ad5ef | 332 | |
Christopher Haster |
1:24750b9ad5ef | 333 | |
Christopher Haster |
1:24750b9ad5ef | 334 | /** |
Christopher Haster |
1:24750b9ad5ef | 335 | * \brief Free referenced items in an SSL transform context and clear |
Christopher Haster |
1:24750b9ad5ef | 336 | * memory |
Christopher Haster |
1:24750b9ad5ef | 337 | * |
Christopher Haster |
1:24750b9ad5ef | 338 | * \param transform SSL transform context |
Christopher Haster |
1:24750b9ad5ef | 339 | */ |
Christopher Haster |
1:24750b9ad5ef | 340 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); |
Christopher Haster |
1:24750b9ad5ef | 341 | |
Christopher Haster |
1:24750b9ad5ef | 342 | /** |
Christopher Haster |
1:24750b9ad5ef | 343 | * \brief Free referenced items in an SSL handshake context and clear |
Christopher Haster |
1:24750b9ad5ef | 344 | * memory |
Christopher Haster |
1:24750b9ad5ef | 345 | * |
Christopher Haster |
1:24750b9ad5ef | 346 | * \param handshake SSL handshake context |
Christopher Haster |
1:24750b9ad5ef | 347 | */ |
Christopher Haster |
1:24750b9ad5ef | 348 | void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); |
Christopher Haster |
1:24750b9ad5ef | 349 | |
Christopher Haster |
1:24750b9ad5ef | 350 | int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 351 | int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 352 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 353 | |
Christopher Haster |
1:24750b9ad5ef | 354 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 355 | |
Christopher Haster |
1:24750b9ad5ef | 356 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 357 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 358 | |
Christopher Haster |
1:24750b9ad5ef | 359 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 360 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); |
Christopher Haster |
1:24750b9ad5ef | 361 | |
Christopher Haster |
1:24750b9ad5ef | 362 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 363 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 364 | |
Christopher Haster |
1:24750b9ad5ef | 365 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 366 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 367 | |
Christopher Haster |
1:24750b9ad5ef | 368 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 369 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 370 | |
Christopher Haster |
1:24750b9ad5ef | 371 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 372 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 373 | |
Christopher Haster |
1:24750b9ad5ef | 374 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 375 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); |
Christopher Haster |
1:24750b9ad5ef | 376 | |
Christopher Haster |
1:24750b9ad5ef | 377 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 378 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); |
Christopher Haster |
1:24750b9ad5ef | 379 | #endif |
Christopher Haster |
1:24750b9ad5ef | 380 | |
Christopher Haster |
1:24750b9ad5ef | 381 | #if defined(MBEDTLS_PK_C) |
Christopher Haster |
1:24750b9ad5ef | 382 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); |
Christopher Haster |
1:24750b9ad5ef | 383 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); |
Christopher Haster |
1:24750b9ad5ef | 384 | #endif |
Christopher Haster |
1:24750b9ad5ef | 385 | |
Christopher Haster |
1:24750b9ad5ef | 386 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); |
Christopher Haster |
1:24750b9ad5ef | 387 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ); |
Christopher Haster |
1:24750b9ad5ef | 388 | |
Christopher Haster |
1:24750b9ad5ef | 389 | #if defined(MBEDTLS_ECP_C) |
Christopher Haster |
1:24750b9ad5ef | 390 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); |
Christopher Haster |
1:24750b9ad5ef | 391 | #endif |
Christopher Haster |
1:24750b9ad5ef | 392 | |
Christopher Haster |
1:24750b9ad5ef | 393 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
Christopher Haster |
1:24750b9ad5ef | 394 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, |
Christopher Haster |
1:24750b9ad5ef | 395 | mbedtls_md_type_t md ); |
Christopher Haster |
1:24750b9ad5ef | 396 | #endif |
Christopher Haster |
1:24750b9ad5ef | 397 | |
Christopher Haster |
1:24750b9ad5ef | 398 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Christopher Haster |
1:24750b9ad5ef | 399 | static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 400 | { |
Christopher Haster |
1:24750b9ad5ef | 401 | mbedtls_ssl_key_cert *key_cert; |
Christopher Haster |
1:24750b9ad5ef | 402 | |
Christopher Haster |
1:24750b9ad5ef | 403 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 404 | key_cert = ssl->handshake->key_cert; |
Christopher Haster |
1:24750b9ad5ef | 405 | else |
Christopher Haster |
1:24750b9ad5ef | 406 | key_cert = ssl->conf->key_cert; |
Christopher Haster |
1:24750b9ad5ef | 407 | |
Christopher Haster |
1:24750b9ad5ef | 408 | return( key_cert == NULL ? NULL : key_cert->key ); |
Christopher Haster |
1:24750b9ad5ef | 409 | } |
Christopher Haster |
1:24750b9ad5ef | 410 | |
Christopher Haster |
1:24750b9ad5ef | 411 | static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 412 | { |
Christopher Haster |
1:24750b9ad5ef | 413 | mbedtls_ssl_key_cert *key_cert; |
Christopher Haster |
1:24750b9ad5ef | 414 | |
Christopher Haster |
1:24750b9ad5ef | 415 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
Christopher Haster |
1:24750b9ad5ef | 416 | key_cert = ssl->handshake->key_cert; |
Christopher Haster |
1:24750b9ad5ef | 417 | else |
Christopher Haster |
1:24750b9ad5ef | 418 | key_cert = ssl->conf->key_cert; |
Christopher Haster |
1:24750b9ad5ef | 419 | |
Christopher Haster |
1:24750b9ad5ef | 420 | return( key_cert == NULL ? NULL : key_cert->cert ); |
Christopher Haster |
1:24750b9ad5ef | 421 | } |
Christopher Haster |
1:24750b9ad5ef | 422 | |
Christopher Haster |
1:24750b9ad5ef | 423 | /* |
Christopher Haster |
1:24750b9ad5ef | 424 | * Check usage of a certificate wrt extensions: |
Christopher Haster |
1:24750b9ad5ef | 425 | * keyUsage, extendedKeyUsage (later), and nSCertType (later). |
Christopher Haster |
1:24750b9ad5ef | 426 | * |
Christopher Haster |
1:24750b9ad5ef | 427 | * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we |
Christopher Haster |
1:24750b9ad5ef | 428 | * check a cert we received from them)! |
Christopher Haster |
1:24750b9ad5ef | 429 | * |
Christopher Haster |
1:24750b9ad5ef | 430 | * Return 0 if everything is OK, -1 if not. |
Christopher Haster |
1:24750b9ad5ef | 431 | */ |
Christopher Haster |
1:24750b9ad5ef | 432 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
Christopher Haster |
1:24750b9ad5ef | 433 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
Christopher Haster |
1:24750b9ad5ef | 434 | int cert_endpoint, |
Christopher Haster |
1:24750b9ad5ef | 435 | uint32_t *flags ); |
Christopher Haster |
1:24750b9ad5ef | 436 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Christopher Haster |
1:24750b9ad5ef | 437 | |
Christopher Haster |
1:24750b9ad5ef | 438 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
Christopher Haster |
1:24750b9ad5ef | 439 | unsigned char ver[2] ); |
Christopher Haster |
1:24750b9ad5ef | 440 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
Christopher Haster |
1:24750b9ad5ef | 441 | const unsigned char ver[2] ); |
Christopher Haster |
1:24750b9ad5ef | 442 | |
Christopher Haster |
1:24750b9ad5ef | 443 | static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 444 | { |
Christopher Haster |
1:24750b9ad5ef | 445 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 446 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 447 | return( 13 ); |
Christopher Haster |
1:24750b9ad5ef | 448 | #else |
Christopher Haster |
1:24750b9ad5ef | 449 | ((void) ssl); |
Christopher Haster |
1:24750b9ad5ef | 450 | #endif |
Christopher Haster |
1:24750b9ad5ef | 451 | return( 5 ); |
Christopher Haster |
1:24750b9ad5ef | 452 | } |
Christopher Haster |
1:24750b9ad5ef | 453 | |
Christopher Haster |
1:24750b9ad5ef | 454 | static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) |
Christopher Haster |
1:24750b9ad5ef | 455 | { |
Christopher Haster |
1:24750b9ad5ef | 456 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 457 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Christopher Haster |
1:24750b9ad5ef | 458 | return( 12 ); |
Christopher Haster |
1:24750b9ad5ef | 459 | #else |
Christopher Haster |
1:24750b9ad5ef | 460 | ((void) ssl); |
Christopher Haster |
1:24750b9ad5ef | 461 | #endif |
Christopher Haster |
1:24750b9ad5ef | 462 | return( 4 ); |
Christopher Haster |
1:24750b9ad5ef | 463 | } |
Christopher Haster |
1:24750b9ad5ef | 464 | |
Christopher Haster |
1:24750b9ad5ef | 465 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Christopher Haster |
1:24750b9ad5ef | 466 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 467 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 468 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 469 | #endif |
Christopher Haster |
1:24750b9ad5ef | 470 | |
Christopher Haster |
1:24750b9ad5ef | 471 | /* Visible for testing purposes only */ |
Christopher Haster |
1:24750b9ad5ef | 472 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Christopher Haster |
1:24750b9ad5ef | 473 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 474 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); |
Christopher Haster |
1:24750b9ad5ef | 475 | #endif |
Christopher Haster |
1:24750b9ad5ef | 476 | |
Christopher Haster |
1:24750b9ad5ef | 477 | /* constant-time buffer comparison */ |
Christopher Haster |
1:24750b9ad5ef | 478 | static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) |
Christopher Haster |
1:24750b9ad5ef | 479 | { |
Christopher Haster |
1:24750b9ad5ef | 480 | size_t i; |
Christopher Haster |
1:24750b9ad5ef | 481 | const unsigned char *A = (const unsigned char *) a; |
Christopher Haster |
1:24750b9ad5ef | 482 | const unsigned char *B = (const unsigned char *) b; |
Christopher Haster |
1:24750b9ad5ef | 483 | unsigned char diff = 0; |
Christopher Haster |
1:24750b9ad5ef | 484 | |
Christopher Haster |
1:24750b9ad5ef | 485 | for( i = 0; i < n; i++ ) |
Christopher Haster |
1:24750b9ad5ef | 486 | diff |= A[i] ^ B[i]; |
Christopher Haster |
1:24750b9ad5ef | 487 | |
Christopher Haster |
1:24750b9ad5ef | 488 | return( diff ); |
Christopher Haster |
1:24750b9ad5ef | 489 | } |
Christopher Haster |
1:24750b9ad5ef | 490 | |
Christopher Haster |
1:24750b9ad5ef | 491 | #ifdef __cplusplus |
Christopher Haster |
1:24750b9ad5ef | 492 | } |
Christopher Haster |
1:24750b9ad5ef | 493 | #endif |
Christopher Haster |
1:24750b9ad5ef | 494 | |
Christopher Haster |
1:24750b9ad5ef | 495 | #endif /* ssl_internal.h */ |