00001
00023 #ifndef MBEDTLS_SSL_H
00024 #define MBEDTLS_SSL_H
00025
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031
00032 #include "bignum.h"
00033 #include "ecp.h"
00034
00035 #include "ssl_ciphersuites.h"
00036
00037 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00038 #include "x509_crt.h"
00039 #include "x509_crl.h"
00040 #endif
00041
00042 #if defined(MBEDTLS_DHM_C)
00043 #include "dhm.h"
00044 #endif
00045
00046 #if defined(MBEDTLS_ECDH_C)
00047 #include "ecdh.h"
00048 #endif
00049
00050 #if defined(MBEDTLS_ZLIB_SUPPORT)
00051 #include "zlib.h"
00052 #endif
00053
00054 #if defined(MBEDTLS_HAVE_TIME)
00055 #include <time.h>
00056 #endif
00057
00058
00059
00060
00061 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
00062 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
00063 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
00064 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
00065 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
00066 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
00067 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
00068 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
00069 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
00070 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
00071 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
00072 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
00073 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
00074 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
00075 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
00076 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
00077 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
00078 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
00079 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
00080 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
00081 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
00082 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
00083 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
00084 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
00085 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
00086 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
00087 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
00088 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
00089 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
00090 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
00091 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
00092 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
00093 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
00094 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
00095 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
00096 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
00097 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
00098 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
00099 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
00100 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
00101 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
00102 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
00103 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
00104 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
00105 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900
00106 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
00107 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
00108 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
00109 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
00111
00112
00113
00114 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
00115 #define MBEDTLS_SSL_MINOR_VERSION_0 0
00116 #define MBEDTLS_SSL_MINOR_VERSION_1 1
00117 #define MBEDTLS_SSL_MINOR_VERSION_2 2
00118 #define MBEDTLS_SSL_MINOR_VERSION_3 3
00120 #define MBEDTLS_SSL_TRANSPORT_STREAM 0
00121 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
00123 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
00125
00126
00127 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
00128 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
00129 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
00130 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
00131 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
00132 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
00134 #define MBEDTLS_SSL_IS_CLIENT 0
00135 #define MBEDTLS_SSL_IS_SERVER 1
00136
00137 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
00138 #define MBEDTLS_SSL_IS_FALLBACK 1
00139
00140 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
00141 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
00142
00143 #define MBEDTLS_SSL_ETM_DISABLED 0
00144 #define MBEDTLS_SSL_ETM_ENABLED 1
00145
00146 #define MBEDTLS_SSL_COMPRESS_NULL 0
00147 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
00148
00149 #define MBEDTLS_SSL_VERIFY_NONE 0
00150 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
00151 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
00152 #define MBEDTLS_SSL_VERIFY_UNSET 3
00153
00154 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
00155 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
00156
00157 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
00158 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
00159
00160 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
00161 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
00162
00163 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
00164 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
00165
00166 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
00167 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
00168 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
00169
00170 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
00171 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
00172 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10
00173
00174 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
00175 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
00176
00177 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
00178 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
00179
00180 #define MBEDTLS_SSL_ARC4_ENABLED 0
00181 #define MBEDTLS_SSL_ARC4_DISABLED 1
00182
00183 #define MBEDTLS_SSL_PRESET_DEFAULT 0
00184 #define MBEDTLS_SSL_PRESET_SUITEB 2
00185
00186
00187
00188
00189
00190 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
00191 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
00192
00201 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
00202 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
00203 #endif
00204
00205
00206
00207
00208
00209
00210
00211
00212
00213
00214
00215
00216 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
00217 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
00218 #endif
00219
00220
00221
00222
00223
00224
00225 #if defined(MBEDTLS_SSL_PROTO_SSL3)
00226 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
00227 #else
00228 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
00229 #endif
00230
00231
00232
00233
00234 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
00235 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
00237
00238
00239
00240
00241 #define MBEDTLS_SSL_HASH_NONE 0
00242 #define MBEDTLS_SSL_HASH_MD5 1
00243 #define MBEDTLS_SSL_HASH_SHA1 2
00244 #define MBEDTLS_SSL_HASH_SHA224 3
00245 #define MBEDTLS_SSL_HASH_SHA256 4
00246 #define MBEDTLS_SSL_HASH_SHA384 5
00247 #define MBEDTLS_SSL_HASH_SHA512 6
00248
00249 #define MBEDTLS_SSL_SIG_ANON 0
00250 #define MBEDTLS_SSL_SIG_RSA 1
00251 #define MBEDTLS_SSL_SIG_ECDSA 3
00252
00253
00254
00255
00256
00257 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
00258 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
00259
00260
00261
00262
00263 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
00264 #define MBEDTLS_SSL_MSG_ALERT 21
00265 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
00266 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
00267
00268 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
00269 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
00270
00271 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0
00272 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
00273 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20
00274 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21
00275 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22
00276 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
00277 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
00278 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41
00279 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42
00280 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43
00281 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44
00282 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45
00283 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46
00284 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
00285 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48
00286 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49
00287 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50
00288 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51
00289 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60
00290 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70
00291 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
00292 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80
00293 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86
00294 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90
00295 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100
00296 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110
00297 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112
00298 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115
00299 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120
00300
00301 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
00302 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
00303 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
00304 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
00305 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
00306 #define MBEDTLS_SSL_HS_CERTIFICATE 11
00307 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
00308 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
00309 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
00310 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
00311 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
00312 #define MBEDTLS_SSL_HS_FINISHED 20
00313
00314
00315
00316
00317 #define MBEDTLS_TLS_EXT_SERVERNAME 0
00318 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
00319
00320 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
00321
00322 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
00323
00324 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
00325 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
00326
00327 #define MBEDTLS_TLS_EXT_SIG_ALG 13
00328
00329 #define MBEDTLS_TLS_EXT_ALPN 16
00330
00331 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22
00332 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017
00333
00334 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
00335
00336 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256
00337
00338 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
00339
00340
00341
00342
00343 #if !defined(MBEDTLS_PSK_MAX_LEN)
00344 #define MBEDTLS_PSK_MAX_LEN 32
00345 #endif
00346
00347
00348 union mbedtls_ssl_premaster_secret
00349 {
00350 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
00351 unsigned char _pms_rsa[48];
00352 #endif
00353 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
00354 unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];
00355 #endif
00356 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
00357 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
00358 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
00359 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
00360 unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];
00361 #endif
00362 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
00363 unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];
00364 #endif
00365 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
00366 unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
00367 + MBEDTLS_PSK_MAX_LEN];
00368 #endif
00369 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
00370 unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];
00371 #endif
00372 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00373 unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
00374 + MBEDTLS_PSK_MAX_LEN];
00375 #endif
00376 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
00377 unsigned char _pms_ecjpake[32];
00378 #endif
00379 };
00380
00381 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
00382
00383 #ifdef __cplusplus
00384 extern "C" {
00385 #endif
00386
00387
00388
00389
00390 typedef enum
00391 {
00392 MBEDTLS_SSL_HELLO_REQUEST,
00393 MBEDTLS_SSL_CLIENT_HELLO,
00394 MBEDTLS_SSL_SERVER_HELLO,
00395 MBEDTLS_SSL_SERVER_CERTIFICATE,
00396 MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
00397 MBEDTLS_SSL_CERTIFICATE_REQUEST,
00398 MBEDTLS_SSL_SERVER_HELLO_DONE,
00399 MBEDTLS_SSL_CLIENT_CERTIFICATE,
00400 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
00401 MBEDTLS_SSL_CERTIFICATE_VERIFY,
00402 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
00403 MBEDTLS_SSL_CLIENT_FINISHED,
00404 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
00405 MBEDTLS_SSL_SERVER_FINISHED,
00406 MBEDTLS_SSL_FLUSH_BUFFERS,
00407 MBEDTLS_SSL_HANDSHAKE_WRAPUP,
00408 MBEDTLS_SSL_HANDSHAKE_OVER,
00409 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
00410 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
00411 }
00412 mbedtls_ssl_states;
00413
00431 typedef int mbedtls_ssl_send_t( void *ctx,
00432 const unsigned char *buf,
00433 size_t len );
00434
00454 typedef int mbedtls_ssl_recv_t( void *ctx,
00455 unsigned char *buf,
00456 size_t len );
00457
00480 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
00481 unsigned char *buf,
00482 size_t len,
00483 uint32_t timeout );
00506 typedef void mbedtls_ssl_set_timer_t( void * ctx,
00507 uint32_t int_ms,
00508 uint32_t fin_ms );
00509
00521 typedef int mbedtls_ssl_get_timer_t( void * ctx );
00522
00523
00524
00525 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
00526 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
00527 typedef struct mbedtls_ssl_config mbedtls_ssl_config;
00528
00529
00530 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
00531 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
00532 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00533 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
00534 #endif
00535 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00536 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
00537 #endif
00538
00539
00540
00541
00542 struct mbedtls_ssl_session
00543 {
00544 #if defined(MBEDTLS_HAVE_TIME)
00545 mbedtls_time_t start;
00546 #endif
00547 int ciphersuite;
00548 int compression;
00549 size_t id_len;
00550 unsigned char id[32];
00551 unsigned char master[48];
00553 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00554 mbedtls_x509_crt *peer_cert;
00555 #endif
00556 uint32_t verify_result;
00558 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
00559 unsigned char *ticket;
00560 size_t ticket_len;
00561 uint32_t ticket_lifetime;
00562 #endif
00563
00564 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00565 unsigned char mfl_code;
00566 #endif
00567
00568 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00569 int trunc_hmac;
00570 #endif
00571
00572 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00573 int encrypt_then_mac;
00574 #endif
00575 };
00576
00580 struct mbedtls_ssl_config
00581 {
00582
00583
00584
00585
00586
00587
00588 const int *ciphersuite_list[4];
00591 void (*f_dbg)(void *, int, const char *, int, const char *);
00592 void *p_dbg;
00595 int (*f_rng)(void *, unsigned char *, size_t);
00596 void *p_rng;
00599 int (*f_get_cache)(void *, mbedtls_ssl_session *);
00601 int (*f_set_cache)(void *, const mbedtls_ssl_session *);
00602 void *p_cache;
00604 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
00605
00606 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00607 void *p_sni;
00608 #endif
00609
00610 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00611
00612 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
00613 void *p_vrfy;
00614 #endif
00615
00616 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00617
00618 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00619 void *p_psk;
00620 #endif
00621
00622 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00623
00624 int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
00625 const unsigned char *, size_t );
00627 int (*f_cookie_check)( void *, const unsigned char *, size_t,
00628 const unsigned char *, size_t );
00629 void *p_cookie;
00630 #endif
00631
00632 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
00633
00634 int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
00635 unsigned char *, const unsigned char *, size_t *, uint32_t * );
00637 int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
00638 void *p_ticket;
00639 #endif
00640
00641 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
00642
00643 int (*f_export_keys)( void *, const unsigned char *,
00644 const unsigned char *, size_t, size_t, size_t );
00645 void *p_export_keys;
00646 #endif
00647
00648 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00649 const mbedtls_x509_crt_profile *cert_profile;
00650 mbedtls_ssl_key_cert *key_cert;
00651 mbedtls_x509_crt *ca_chain;
00652 mbedtls_x509_crl *ca_crl;
00653 #endif
00654
00655 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
00656 const int *sig_hashes;
00657 #endif
00658
00659 #if defined(MBEDTLS_ECP_C)
00660 const mbedtls_ecp_group_id *curve_list;
00661 #endif
00662
00663 #if defined(MBEDTLS_DHM_C)
00664 mbedtls_mpi dhm_P;
00665 mbedtls_mpi dhm_G;
00666 #endif
00667
00668 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00669 unsigned char *psk;
00670 size_t psk_len;
00671 unsigned char *psk_identity;
00672 size_t psk_identity_len;
00673 #endif
00674
00675 #if defined(MBEDTLS_SSL_ALPN)
00676 const char **alpn_list;
00677 #endif
00678
00679
00680
00681
00682
00683 uint32_t read_timeout;
00685 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00686 uint32_t hs_timeout_min;
00688 uint32_t hs_timeout_max;
00690 #endif
00691
00692 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00693 int renego_max_records;
00694 unsigned char renego_period[8];
00696 #endif
00697
00698 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00699 unsigned int badmac_limit;
00700 #endif
00701
00702 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
00703 unsigned int dhm_min_bitlen;
00704 #endif
00705
00706 unsigned char max_major_ver;
00707 unsigned char max_minor_ver;
00708 unsigned char min_major_ver;
00709 unsigned char min_minor_ver;
00711
00712
00713
00714
00715 unsigned int endpoint : 1;
00716 unsigned int transport : 1;
00717 unsigned int authmode : 2;
00718
00719 unsigned int allow_legacy_renegotiation : 2 ;
00720 #if defined(MBEDTLS_ARC4_C)
00721 unsigned int arc4_disabled : 1;
00722 #endif
00723 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00724 unsigned int mfl_code : 3;
00725 #endif
00726 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00727 unsigned int encrypt_then_mac : 1 ;
00728 #endif
00729 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
00730 unsigned int extended_ms : 1;
00731 #endif
00732 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00733 unsigned int anti_replay : 1;
00734 #endif
00735 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00736 unsigned int cbc_record_splitting : 1;
00737 #endif
00738 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00739 unsigned int disable_renegotiation : 1;
00740 #endif
00741 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00742 unsigned int trunc_hmac : 1;
00743 #endif
00744 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
00745 unsigned int session_tickets : 1;
00746 #endif
00747 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
00748 unsigned int fallback : 1;
00749 #endif
00750 };
00751
00752
00753 struct mbedtls_ssl_context
00754 {
00755 const mbedtls_ssl_config *conf;
00757
00758
00759
00760 int state;
00761 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00762 int renego_status;
00763 int renego_records_seen;
00766 #endif
00767
00768 int major_ver;
00769 int minor_ver;
00771 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00772 unsigned badmac_seen;
00773 #endif
00774
00775 mbedtls_ssl_send_t *f_send;
00776 mbedtls_ssl_recv_t *f_recv;
00777 mbedtls_ssl_recv_timeout_t *f_recv_timeout;
00780 void *p_bio;
00782
00783
00784
00785 mbedtls_ssl_session *session_in;
00786 mbedtls_ssl_session *session_out;
00787 mbedtls_ssl_session *session;
00788 mbedtls_ssl_session *session_negotiate;
00790 mbedtls_ssl_handshake_params *handshake;
00793
00794
00795
00796 mbedtls_ssl_transform *transform_in;
00797 mbedtls_ssl_transform *transform_out;
00798 mbedtls_ssl_transform *transform;
00799 mbedtls_ssl_transform *transform_negotiate;
00801
00802
00803
00804 void *p_timer;
00806 mbedtls_ssl_set_timer_t *f_set_timer;
00807 mbedtls_ssl_get_timer_t *f_get_timer;
00809
00810
00811
00812 unsigned char *in_buf;
00813 unsigned char *in_ctr;
00816 unsigned char *in_hdr;
00817 unsigned char *in_len;
00818 unsigned char *in_iv;
00819 unsigned char *in_msg;
00820 unsigned char *in_offt;
00822 int in_msgtype;
00823 size_t in_msglen;
00824 size_t in_left;
00825 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00826 uint16_t in_epoch;
00827 size_t next_record_offset;
00829 #endif
00830 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00831 uint64_t in_window_top;
00832 uint64_t in_window;
00833 #endif
00834
00835 size_t in_hslen;
00837 int nb_zero;
00838 int record_read;
00840
00841
00842
00843 unsigned char *out_buf;
00844 unsigned char *out_ctr;
00845 unsigned char *out_hdr;
00846 unsigned char *out_len;
00847 unsigned char *out_iv;
00848 unsigned char *out_msg;
00850 int out_msgtype;
00851 size_t out_msglen;
00852 size_t out_left;
00854 #if defined(MBEDTLS_ZLIB_SUPPORT)
00855 unsigned char *compress_buf;
00856 #endif
00857 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00858 signed char split_done;
00859 #endif
00860
00861
00862
00863
00864 int client_auth;
00866
00867
00868
00869 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00870 char *hostname;
00872 #endif
00873
00874 #if defined(MBEDTLS_SSL_ALPN)
00875 const char *alpn_chosen;
00876 #endif
00877
00878
00879
00880
00881 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00882 unsigned char *cli_id;
00883 size_t cli_id_len;
00884 #endif
00885
00886
00887
00888
00889
00890 int secure_renegotiation;
00892 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00893 size_t verify_data_len;
00894 char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00895 char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00896 #endif
00897 };
00898
00899 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
00900
00901 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
00902 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
00903
00904 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
00905 const unsigned char *key_enc, const unsigned char *key_dec,
00906 size_t keylen,
00907 const unsigned char *iv_enc, const unsigned char *iv_dec,
00908 size_t ivlen,
00909 const unsigned char *mac_enc, const unsigned char *mac_dec,
00910 size_t maclen);
00911 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
00912 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
00913 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
00914 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
00915 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
00916 #endif
00917
00924 const int *mbedtls_ssl_list_ciphersuites( void );
00925
00934 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
00935
00944 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
00945
00953 void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
00954
00970 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
00971 const mbedtls_ssl_config *conf );
00972
00983 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
00984
00991 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
00992
01007 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
01008
01035 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
01036
01037 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01038
01049 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
01050 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
01051 void *p_vrfy );
01052 #endif
01053
01061 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
01062 int (*f_rng)(void *, unsigned char *, size_t),
01063 void *p_rng );
01064
01079 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
01080 void (*f_dbg)(void *, int, const char *, int, const char *),
01081 void *p_dbg );
01082
01112 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
01113 void *p_bio,
01114 mbedtls_ssl_send_t *f_send,
01115 mbedtls_ssl_recv_t *f_recv,
01116 mbedtls_ssl_recv_timeout_t *f_recv_timeout );
01117
01134 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
01135
01156 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
01157 void *p_timer,
01158 mbedtls_ssl_set_timer_t *f_set_timer,
01159 mbedtls_ssl_get_timer_t *f_get_timer );
01160
01180 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
01181 const mbedtls_ssl_session *session,
01182 unsigned char *start,
01183 const unsigned char *end,
01184 size_t *tlen,
01185 uint32_t *lifetime );
01186
01187 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01188
01208 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
01209 const unsigned char *ms,
01210 const unsigned char *kb,
01211 size_t maclen,
01212 size_t keylen,
01213 size_t ivlen );
01214 #endif
01215
01239 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
01240 mbedtls_ssl_session *session,
01241 unsigned char *buf,
01242 size_t len );
01243
01244 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
01245
01259 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
01260 mbedtls_ssl_ticket_write_t *f_ticket_write,
01261 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
01262 void *p_ticket );
01263 #endif
01264
01265 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01266
01276 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
01277 mbedtls_ssl_export_keys_t *f_export_keys,
01278 void *p_export_keys );
01279 #endif
01280
01295 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
01296 unsigned char **p, unsigned char *end,
01297 const unsigned char *info, size_t ilen );
01298
01312 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
01313 const unsigned char *cookie, size_t clen,
01314 const unsigned char *info, size_t ilen );
01315
01316 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
01317
01345 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
01346 mbedtls_ssl_cookie_write_t *f_cookie_write,
01347 mbedtls_ssl_cookie_check_t *f_cookie_check,
01348 void *p_cookie );
01349
01369 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
01370 const unsigned char *info,
01371 size_t ilen );
01372
01373 #endif
01374
01375 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
01376
01391 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
01392 #endif
01393
01394 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
01395
01418 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
01419 #endif
01420
01421 #if defined(MBEDTLS_SSL_PROTO_DTLS)
01422
01453 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
01454 #endif
01455
01456 #if defined(MBEDTLS_SSL_SRV_C)
01457
01494 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
01495 void *p_cache,
01496 int (*f_get_cache)(void *, mbedtls_ssl_session *),
01497 int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
01498 #endif
01499
01500 #if defined(MBEDTLS_SSL_CLI_C)
01501
01515 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
01516 #endif
01517
01533 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
01534 const int *ciphersuites );
01535
01555 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
01556 const int *ciphersuites,
01557 int major, int minor );
01558
01559 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01560
01570 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
01571 const mbedtls_x509_crt_profile *profile );
01572
01580 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
01581 mbedtls_x509_crt *ca_chain,
01582 mbedtls_x509_crl *ca_crl );
01583
01612 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
01613 mbedtls_x509_crt *own_cert,
01614 mbedtls_pk_context *pk_key );
01615 #endif
01616
01617 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
01618
01638 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
01639 const unsigned char *psk, size_t psk_len,
01640 const unsigned char *psk_identity, size_t psk_identity_len );
01641
01642
01655 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
01656 const unsigned char *psk, size_t psk_len );
01657
01682 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
01683 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
01684 size_t),
01685 void *p_psk );
01686 #endif
01687
01688 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
01689
01700 int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
01701
01711 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
01712 #endif
01713
01714 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
01715
01723 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
01724 unsigned int bitlen );
01725 #endif
01726
01727 #if defined(MBEDTLS_ECP_C)
01728
01755 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
01756 const mbedtls_ecp_group_id *curves );
01757 #endif
01758
01759 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
01760
01778 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
01779 const int *hashes );
01780 #endif
01781
01782 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01783
01794 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
01795 #endif
01796
01797 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
01798
01810 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
01811 mbedtls_x509_crt *own_cert,
01812 mbedtls_pk_context *pk_key );
01813
01825 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
01826 mbedtls_x509_crt *ca_chain,
01827 mbedtls_x509_crl *ca_crl );
01828
01839 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
01840 int authmode );
01841
01865 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
01866 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
01867 size_t),
01868 void *p_sni );
01869 #endif
01870
01871 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
01872
01889 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
01890 const unsigned char *pw,
01891 size_t pw_len );
01892 #endif
01893
01894 #if defined(MBEDTLS_SSL_ALPN)
01895
01907 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
01908
01918 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
01919 #endif
01920
01937 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
01938
01957 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
01958
01959 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
01960
01979 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
01980 #endif
01981
01982 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
01983
01994 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
01995 #endif
01996
01997 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
01998
02009 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
02010 #endif
02011
02012 #if defined(MBEDTLS_ARC4_C)
02013
02028 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
02029 #endif
02030
02031 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02032
02047 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
02048 #endif
02049
02050 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
02051
02059 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
02060 #endif
02061
02062 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
02063
02074 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
02075 #endif
02076
02077 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
02078
02088 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
02089 #endif
02090
02091 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02092
02109 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
02110 #endif
02111
02139 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
02140
02141 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02142
02179 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
02180
02198 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
02199 const unsigned char period[8] );
02200 #endif
02201
02209 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
02210
02222 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
02223
02231 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
02232
02240 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
02241
02252 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
02253
02254 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02255
02271 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
02272 #endif
02273
02274 #if defined(MBEDTLS_X509_CRT_PARSE_C)
02275
02289 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
02290 #endif
02291
02292 #if defined(MBEDTLS_SSL_CLI_C)
02293
02309 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
02310 #endif
02311
02333 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
02334
02354 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
02355
02356 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02357
02375 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
02376 #endif
02377
02412 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
02413
02449 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
02450
02467 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
02468 unsigned char level,
02469 unsigned char message );
02483 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
02484
02490 void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
02491
02502 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
02503
02520 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
02521 int endpoint, int transport, int preset );
02522
02528 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
02529
02535 void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
02536
02543 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
02544
02545 #ifdef __cplusplus
02546 }
02547 #endif
02548
02549 #endif