Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: mbed Socket lwip-eth lwip-sys lwip
Fork of 6_songs-from-the-cloud by
ssl_internal.h
00001 /** 00002 * \file ssl_ticket.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_SSL_INTERNAL_H 00024 #define MBEDTLS_SSL_INTERNAL_H 00025 00026 #include "ssl.h" 00027 00028 #if defined(MBEDTLS_MD5_C) 00029 #include "md5.h" 00030 #endif 00031 00032 #if defined(MBEDTLS_SHA1_C) 00033 #include "sha1.h" 00034 #endif 00035 00036 #if defined(MBEDTLS_SHA256_C) 00037 #include "sha256.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_SHA512_C) 00041 #include "sha512.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00045 #include "ecjpake.h" 00046 #endif 00047 00048 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00049 !defined(inline) && !defined(__cplusplus) 00050 #define inline __inline 00051 #endif 00052 00053 /* Determine minimum supported version */ 00054 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00055 00056 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00057 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00058 #else 00059 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00060 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00061 #else 00062 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00063 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00064 #else 00065 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00066 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00067 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00068 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00070 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00071 00072 /* Determine maximum supported version */ 00073 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00074 00075 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00076 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00077 #else 00078 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00079 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00080 #else 00081 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00082 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00083 #else 00084 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00085 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00086 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00087 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00088 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00089 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00090 00091 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00092 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00093 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00094 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00095 00096 /* 00097 * DTLS retransmission states, see RFC 6347 4.2.4 00098 * 00099 * The SENDING state is merged in PREPARING for initial sends, 00100 * but is distinct for resends. 00101 * 00102 * Note: initial state is wrong for server, but is not used anyway. 00103 */ 00104 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00105 #define MBEDTLS_SSL_RETRANS_SENDING 1 00106 #define MBEDTLS_SSL_RETRANS_WAITING 2 00107 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00108 00109 /* 00110 * Allow extra bytes for record, authentication and encryption overhead: 00111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00112 * and allow for a maximum of 1024 of compression expansion if 00113 * enabled. 00114 */ 00115 #if defined(MBEDTLS_ZLIB_SUPPORT) 00116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00117 #else 00118 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00119 #endif 00120 00121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00122 /* Ciphersuites using HMAC */ 00123 #if defined(MBEDTLS_SHA512_C) 00124 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00125 #elif defined(MBEDTLS_SHA256_C) 00126 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00127 #else 00128 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00129 #endif 00130 #else 00131 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00132 #define MBEDTLS_SSL_MAC_ADD 16 00133 #endif 00134 00135 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00136 #define MBEDTLS_SSL_PADDING_ADD 256 00137 #else 00138 #define MBEDTLS_SSL_PADDING_ADD 0 00139 #endif 00140 00141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00142 + MBEDTLS_SSL_COMPRESSION_ADD \ 00143 + 29 /* counter + header + IV */ \ 00144 + MBEDTLS_SSL_MAC_ADD \ 00145 + MBEDTLS_SSL_PADDING_ADD \ 00146 ) 00147 00148 /* 00149 * TLS extension flags (for extensions with outgoing ServerHello content 00150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00151 * of state of the renegotiation flag, so no indicator is required) 00152 */ 00153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00155 00156 #ifdef __cplusplus 00157 extern "C" { 00158 #endif 00159 00160 /* 00161 * This structure contains the parameters only needed during handshake. 00162 */ 00163 struct mbedtls_ssl_handshake_params 00164 { 00165 /* 00166 * Handshake specific crypto variables 00167 */ 00168 int sig_alg; /*!< Hash algorithm for signature */ 00169 int cert_type; /*!< Requested cert type */ 00170 int verify_sig_alg; /*!< Signature algorithm for verify */ 00171 #if defined(MBEDTLS_DHM_C) 00172 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00173 #endif 00174 #if defined(MBEDTLS_ECDH_C) 00175 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00176 #endif 00177 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00178 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00179 #if defined(MBEDTLS_SSL_CLI_C) 00180 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00181 size_t ecjpake_cache_len; /*!< Length of cached data */ 00182 #endif 00183 #endif 00184 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00185 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00186 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00187 #endif 00188 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00189 unsigned char *psk; /*!< PSK from the callback */ 00190 size_t psk_len; /*!< Length of PSK from callback */ 00191 #endif 00192 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00193 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00194 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00195 int sni_authmode; /*!< authmode from SNI callback */ 00196 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00197 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00198 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00199 #endif 00200 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00201 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00202 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00203 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00204 00205 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00206 Srv: unused */ 00207 unsigned char verify_cookie_len; /*!< Cli: cookie length 00208 Srv: flag for sending a cookie */ 00209 00210 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00211 00212 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00213 unsigned char retransmit_state; /*!< Retransmission state */ 00214 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00215 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00216 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00217 flight being received */ 00218 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00219 resending messages */ 00220 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00221 for resending messages */ 00222 #endif 00223 00224 /* 00225 * Checksum contexts 00226 */ 00227 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00228 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00229 mbedtls_md5_context fin_md5; 00230 mbedtls_sha1_context fin_sha1; 00231 #endif 00232 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00233 #if defined(MBEDTLS_SHA256_C) 00234 mbedtls_sha256_context fin_sha256; 00235 #endif 00236 #if defined(MBEDTLS_SHA512_C) 00237 mbedtls_sha512_context fin_sha512; 00238 #endif 00239 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00240 00241 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00242 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00243 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00244 int (*tls_prf)(const unsigned char *, size_t, const char *, 00245 const unsigned char *, size_t, 00246 unsigned char *, size_t); 00247 00248 size_t pmslen; /*!< premaster length */ 00249 00250 unsigned char randbytes[64]; /*!< random bytes */ 00251 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00252 /*!< premaster secret */ 00253 00254 int resume; /*!< session resume indicator*/ 00255 int max_major_ver; /*!< max. major version client*/ 00256 int max_minor_ver; /*!< max. minor version client*/ 00257 int cli_exts; /*!< client extension presence*/ 00258 00259 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00260 int new_session_ticket; /*!< use NewSessionTicket? */ 00261 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00262 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00263 int extended_ms; /*!< use Extended Master Secret? */ 00264 #endif 00265 }; 00266 00267 /* 00268 * This structure contains a full set of runtime transform parameters 00269 * either in negotiation or active. 00270 */ 00271 struct mbedtls_ssl_transform 00272 { 00273 /* 00274 * Session specific crypto layer 00275 */ 00276 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00277 /*!< Chosen cipersuite_info */ 00278 unsigned int keylen; /*!< symmetric key length (bytes) */ 00279 size_t minlen; /*!< min. ciphertext length */ 00280 size_t ivlen; /*!< IV length */ 00281 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00282 size_t maclen; /*!< MAC length */ 00283 00284 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00285 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00286 00287 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00288 /* Needed only for SSL v3.0 secret */ 00289 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00290 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00291 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00292 00293 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00294 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00295 00296 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00297 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00298 00299 /* 00300 * Session specific compression layer 00301 */ 00302 #if defined(MBEDTLS_ZLIB_SUPPORT) 00303 z_stream ctx_deflate; /*!< compression context */ 00304 z_stream ctx_inflate; /*!< decompression context */ 00305 #endif 00306 }; 00307 00308 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00309 /* 00310 * List of certificate + private key pairs 00311 */ 00312 struct mbedtls_ssl_key_cert 00313 { 00314 mbedtls_x509_crt *cert; /*!< cert */ 00315 mbedtls_pk_context *key; /*!< private key */ 00316 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00317 }; 00318 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00319 00320 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00321 /* 00322 * List of handshake messages kept around for resending 00323 */ 00324 struct mbedtls_ssl_flight_item 00325 { 00326 unsigned char *p; /*!< message, including handshake headers */ 00327 size_t len; /*!< length of p */ 00328 unsigned char type; /*!< type of the message: handshake or CCS */ 00329 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00330 }; 00331 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00332 00333 00334 /** 00335 * \brief Free referenced items in an SSL transform context and clear 00336 * memory 00337 * 00338 * \param transform SSL transform context 00339 */ 00340 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00341 00342 /** 00343 * \brief Free referenced items in an SSL handshake context and clear 00344 * memory 00345 * 00346 * \param handshake SSL handshake context 00347 */ 00348 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00349 00350 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00351 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00352 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00353 00354 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00355 00356 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00357 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00358 00359 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00360 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00361 00362 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00363 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00364 00365 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00366 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00367 00368 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00369 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00370 00371 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00372 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00373 00374 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00375 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00376 00377 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00378 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00379 #endif 00380 00381 #if defined(MBEDTLS_PK_C) 00382 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00383 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00384 #endif 00385 00386 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00387 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00388 00389 #if defined(MBEDTLS_ECP_C) 00390 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00391 #endif 00392 00393 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00394 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00395 mbedtls_md_type_t md ); 00396 #endif 00397 00398 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00399 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00400 { 00401 mbedtls_ssl_key_cert *key_cert; 00402 00403 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00404 key_cert = ssl->handshake->key_cert; 00405 else 00406 key_cert = ssl->conf->key_cert; 00407 00408 return( key_cert == NULL ? NULL : key_cert->key ); 00409 } 00410 00411 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00412 { 00413 mbedtls_ssl_key_cert *key_cert; 00414 00415 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00416 key_cert = ssl->handshake->key_cert; 00417 else 00418 key_cert = ssl->conf->key_cert; 00419 00420 return( key_cert == NULL ? NULL : key_cert->cert ); 00421 } 00422 00423 /* 00424 * Check usage of a certificate wrt extensions: 00425 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00426 * 00427 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00428 * check a cert we received from them)! 00429 * 00430 * Return 0 if everything is OK, -1 if not. 00431 */ 00432 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00433 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00434 int cert_endpoint, 00435 uint32_t *flags ); 00436 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00437 00438 void mbedtls_ssl_write_version( int major, int minor, int transport, 00439 unsigned char ver[2] ); 00440 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00441 const unsigned char ver[2] ); 00442 00443 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00444 { 00445 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00446 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00447 return( 13 ); 00448 #else 00449 ((void) ssl); 00450 #endif 00451 return( 5 ); 00452 } 00453 00454 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00455 { 00456 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00457 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00458 return( 12 ); 00459 #else 00460 ((void) ssl); 00461 #endif 00462 return( 4 ); 00463 } 00464 00465 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00466 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00467 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00468 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00469 #endif 00470 00471 /* Visible for testing purposes only */ 00472 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00473 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00474 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00475 #endif 00476 00477 /* constant-time buffer comparison */ 00478 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00479 { 00480 size_t i; 00481 const unsigned char *A = (const unsigned char *) a; 00482 const unsigned char *B = (const unsigned char *) b; 00483 unsigned char diff = 0; 00484 00485 for( i = 0; i < n; i++ ) 00486 diff |= A[i] ^ B[i]; 00487 00488 return( diff ); 00489 } 00490 00491 #ifdef __cplusplus 00492 } 00493 #endif 00494 00495 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 12:47:50 by
