00001
00023 #ifndef MBEDTLS_SSL_H
00024 #define MBEDTLS_SSL_H
00025
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031
00032 #include "bignum.h"
00033 #include "ecp.h"
00034
00035 #include "ssl_ciphersuites.h"
00036
00037 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00038 #include "x509_crt.h"
00039 #include "x509_crl.h"
00040 #endif
00041
00042 #if defined(MBEDTLS_DHM_C)
00043 #include "dhm.h"
00044 #endif
00045
00046 #if defined(MBEDTLS_ECDH_C)
00047 #include "ecdh.h"
00048 #endif
00049
00050 #if defined(MBEDTLS_ZLIB_SUPPORT)
00051 #include "zlib.h"
00052 #endif
00053
00054 #if defined(MBEDTLS_HAVE_TIME)
00055 #include "mbedtls/platform_time.h"
00056 #endif
00057
00058
00059
00060
00061 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
00062 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
00063 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
00064 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
00065 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
00066 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300
00067 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
00068 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
00069 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
00070 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
00071 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
00072 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
00073 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
00074 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
00075 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
00076 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800
00077 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
00078 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
00079 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
00080 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
00081 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
00082 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
00083 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
00084 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
00085 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
00086 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
00087 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
00088 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
00089 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80
00090 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
00091 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
00092 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
00093 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00
00094 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
00095 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
00096 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
00097 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
00098 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
00099 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
00100 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
00101 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
00102 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
00103 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
00104 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980
00105 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900
00106 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
00107 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
00108 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
00109 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
00110 #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
00111 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600
00113
00114
00115
00116 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
00117 #define MBEDTLS_SSL_MINOR_VERSION_0 0
00118 #define MBEDTLS_SSL_MINOR_VERSION_1 1
00119 #define MBEDTLS_SSL_MINOR_VERSION_2 2
00120 #define MBEDTLS_SSL_MINOR_VERSION_3 3
00122 #define MBEDTLS_SSL_TRANSPORT_STREAM 0
00123 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1
00125 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255
00127
00128
00129 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0
00130 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1
00131 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2
00132 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3
00133 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4
00134 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5
00136 #define MBEDTLS_SSL_IS_CLIENT 0
00137 #define MBEDTLS_SSL_IS_SERVER 1
00138
00139 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
00140 #define MBEDTLS_SSL_IS_FALLBACK 1
00141
00142 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
00143 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
00144
00145 #define MBEDTLS_SSL_ETM_DISABLED 0
00146 #define MBEDTLS_SSL_ETM_ENABLED 1
00147
00148 #define MBEDTLS_SSL_COMPRESS_NULL 0
00149 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
00150
00151 #define MBEDTLS_SSL_VERIFY_NONE 0
00152 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
00153 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
00154 #define MBEDTLS_SSL_VERIFY_UNSET 3
00155
00156 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
00157 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
00158
00159 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
00160 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
00161
00162 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
00163 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
00164
00165 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
00166 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
00167
00168 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
00169 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
00170 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
00171
00172 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
00173 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
00174 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10
00175
00176 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
00177 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
00178
00179 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
00180 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
00181
00182 #define MBEDTLS_SSL_ARC4_ENABLED 0
00183 #define MBEDTLS_SSL_ARC4_DISABLED 1
00184
00185 #define MBEDTLS_SSL_PRESET_DEFAULT 0
00186 #define MBEDTLS_SSL_PRESET_SUITEB 2
00187
00188
00189
00190
00191
00192 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
00193 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
00194
00203 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
00204 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400
00205 #endif
00206
00207
00208
00209
00210
00211
00212
00213
00214
00215
00216
00217
00218 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
00219 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
00220 #endif
00221
00222
00223
00224
00225
00226
00227 #if defined(MBEDTLS_SSL_PROTO_SSL3)
00228 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
00229 #else
00230 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
00231 #endif
00232
00233
00234
00235
00236 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
00237 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600
00239
00240
00241
00242
00243 #define MBEDTLS_SSL_HASH_NONE 0
00244 #define MBEDTLS_SSL_HASH_MD5 1
00245 #define MBEDTLS_SSL_HASH_SHA1 2
00246 #define MBEDTLS_SSL_HASH_SHA224 3
00247 #define MBEDTLS_SSL_HASH_SHA256 4
00248 #define MBEDTLS_SSL_HASH_SHA384 5
00249 #define MBEDTLS_SSL_HASH_SHA512 6
00250
00251 #define MBEDTLS_SSL_SIG_ANON 0
00252 #define MBEDTLS_SSL_SIG_RSA 1
00253 #define MBEDTLS_SSL_SIG_ECDSA 3
00254
00255
00256
00257
00258
00259 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
00260 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
00261
00262
00263
00264
00265 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
00266 #define MBEDTLS_SSL_MSG_ALERT 21
00267 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
00268 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
00269
00270 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
00271 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
00272
00273 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0
00274 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
00275 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20
00276 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21
00277 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22
00278 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
00279 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
00280 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41
00281 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42
00282 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43
00283 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44
00284 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45
00285 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46
00286 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
00287 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48
00288 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49
00289 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50
00290 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51
00291 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60
00292 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70
00293 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
00294 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80
00295 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86
00296 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90
00297 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100
00298 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110
00299 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112
00300 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115
00301 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120
00302
00303 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
00304 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
00305 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
00306 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
00307 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
00308 #define MBEDTLS_SSL_HS_CERTIFICATE 11
00309 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
00310 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
00311 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
00312 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
00313 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
00314 #define MBEDTLS_SSL_HS_FINISHED 20
00315
00316
00317
00318
00319 #define MBEDTLS_TLS_EXT_SERVERNAME 0
00320 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
00321
00322 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
00323
00324 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
00325
00326 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
00327 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
00328
00329 #define MBEDTLS_TLS_EXT_SIG_ALG 13
00330
00331 #define MBEDTLS_TLS_EXT_ALPN 16
00332
00333 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22
00334 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017
00335
00336 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
00337
00338 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256
00339
00340 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
00341
00342
00343
00344
00345 #if !defined(MBEDTLS_PSK_MAX_LEN)
00346 #define MBEDTLS_PSK_MAX_LEN 32
00347 #endif
00348
00349
00350 union mbedtls_ssl_premaster_secret
00351 {
00352 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
00353 unsigned char _pms_rsa[48];
00354 #endif
00355 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
00356 unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];
00357 #endif
00358 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
00359 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
00360 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
00361 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
00362 unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];
00363 #endif
00364 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
00365 unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];
00366 #endif
00367 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
00368 unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
00369 + MBEDTLS_PSK_MAX_LEN];
00370 #endif
00371 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
00372 unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];
00373 #endif
00374 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00375 unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
00376 + MBEDTLS_PSK_MAX_LEN];
00377 #endif
00378 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
00379 unsigned char _pms_ecjpake[32];
00380 #endif
00381 };
00382
00383 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
00384
00385 #ifdef __cplusplus
00386 extern "C" {
00387 #endif
00388
00389
00390
00391
00392 typedef enum
00393 {
00394 MBEDTLS_SSL_HELLO_REQUEST,
00395 MBEDTLS_SSL_CLIENT_HELLO,
00396 MBEDTLS_SSL_SERVER_HELLO,
00397 MBEDTLS_SSL_SERVER_CERTIFICATE,
00398 MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
00399 MBEDTLS_SSL_CERTIFICATE_REQUEST,
00400 MBEDTLS_SSL_SERVER_HELLO_DONE,
00401 MBEDTLS_SSL_CLIENT_CERTIFICATE,
00402 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
00403 MBEDTLS_SSL_CERTIFICATE_VERIFY,
00404 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
00405 MBEDTLS_SSL_CLIENT_FINISHED,
00406 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
00407 MBEDTLS_SSL_SERVER_FINISHED,
00408 MBEDTLS_SSL_FLUSH_BUFFERS,
00409 MBEDTLS_SSL_HANDSHAKE_WRAPUP,
00410 MBEDTLS_SSL_HANDSHAKE_OVER,
00411 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
00412 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
00413 }
00414 mbedtls_ssl_states;
00415
00433 typedef int mbedtls_ssl_send_t( void *ctx,
00434 const unsigned char *buf,
00435 size_t len );
00436
00456 typedef int mbedtls_ssl_recv_t( void *ctx,
00457 unsigned char *buf,
00458 size_t len );
00459
00482 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
00483 unsigned char *buf,
00484 size_t len,
00485 uint32_t timeout );
00508 typedef void mbedtls_ssl_set_timer_t( void * ctx,
00509 uint32_t int_ms,
00510 uint32_t fin_ms );
00511
00523 typedef int mbedtls_ssl_get_timer_t( void * ctx );
00524
00525
00526
00527 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
00528 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
00529 typedef struct mbedtls_ssl_config mbedtls_ssl_config;
00530
00531
00532 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
00533 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
00534 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00535 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
00536 #endif
00537 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00538 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
00539 #endif
00540
00541
00542
00543
00544 struct mbedtls_ssl_session
00545 {
00546 #if defined(MBEDTLS_HAVE_TIME)
00547 mbedtls_time_t start;
00548 #endif
00549 int ciphersuite;
00550 int compression;
00551 size_t id_len;
00552 unsigned char id[32];
00553 unsigned char master[48];
00555 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00556 mbedtls_x509_crt *peer_cert;
00557 #endif
00558 uint32_t verify_result;
00560 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
00561 unsigned char *ticket;
00562 size_t ticket_len;
00563 uint32_t ticket_lifetime;
00564 #endif
00565
00566 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00567 unsigned char mfl_code;
00568 #endif
00569
00570 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00571 int trunc_hmac;
00572 #endif
00573
00574 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00575 int encrypt_then_mac;
00576 #endif
00577 };
00578
00582 struct mbedtls_ssl_config
00583 {
00584
00585
00586
00587
00588
00589
00590 const int *ciphersuite_list[4];
00593 void (*f_dbg)(void *, int, const char *, int, const char *);
00594 void *p_dbg;
00597 int (*f_rng)(void *, unsigned char *, size_t);
00598 void *p_rng;
00601 int (*f_get_cache)(void *, mbedtls_ssl_session *);
00603 int (*f_set_cache)(void *, const mbedtls_ssl_session *);
00604 void *p_cache;
00606 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
00607
00608 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00609 void *p_sni;
00610 #endif
00611
00612 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00613
00614 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
00615 void *p_vrfy;
00616 #endif
00617
00618 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00619
00620 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00621 void *p_psk;
00622 #endif
00623
00624 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00625
00626 int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
00627 const unsigned char *, size_t );
00629 int (*f_cookie_check)( void *, const unsigned char *, size_t,
00630 const unsigned char *, size_t );
00631 void *p_cookie;
00632 #endif
00633
00634 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
00635
00636 int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
00637 unsigned char *, const unsigned char *, size_t *, uint32_t * );
00639 int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
00640 void *p_ticket;
00641 #endif
00642
00643 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
00644
00645 int (*f_export_keys)( void *, const unsigned char *,
00646 const unsigned char *, size_t, size_t, size_t );
00647 void *p_export_keys;
00648 #endif
00649
00650 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00651 const mbedtls_x509_crt_profile *cert_profile;
00652 mbedtls_ssl_key_cert *key_cert;
00653 mbedtls_x509_crt *ca_chain;
00654 mbedtls_x509_crl *ca_crl;
00655 #endif
00656
00657 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
00658 const int *sig_hashes;
00659 #endif
00660
00661 #if defined(MBEDTLS_ECP_C)
00662 const mbedtls_ecp_group_id *curve_list;
00663 #endif
00664
00665 #if defined(MBEDTLS_DHM_C)
00666 mbedtls_mpi dhm_P;
00667 mbedtls_mpi dhm_G;
00668 #endif
00669
00670 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00671 unsigned char *psk;
00672 size_t psk_len;
00673 unsigned char *psk_identity;
00674 size_t psk_identity_len;
00675 #endif
00676
00677 #if defined(MBEDTLS_SSL_ALPN)
00678 const char **alpn_list;
00679 #endif
00680
00681
00682
00683
00684
00685 uint32_t read_timeout;
00687 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00688 uint32_t hs_timeout_min;
00690 uint32_t hs_timeout_max;
00692 #endif
00693
00694 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00695 int renego_max_records;
00696 unsigned char renego_period[8];
00698 #endif
00699
00700 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00701 unsigned int badmac_limit;
00702 #endif
00703
00704 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
00705 unsigned int dhm_min_bitlen;
00706 #endif
00707
00708 unsigned char max_major_ver;
00709 unsigned char max_minor_ver;
00710 unsigned char min_major_ver;
00711 unsigned char min_minor_ver;
00713
00714
00715
00716
00717 unsigned int endpoint : 1;
00718 unsigned int transport : 1;
00719 unsigned int authmode : 2;
00720
00721 unsigned int allow_legacy_renegotiation : 2 ;
00722 #if defined(MBEDTLS_ARC4_C)
00723 unsigned int arc4_disabled : 1;
00724 #endif
00725 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00726 unsigned int mfl_code : 3;
00727 #endif
00728 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00729 unsigned int encrypt_then_mac : 1 ;
00730 #endif
00731 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
00732 unsigned int extended_ms : 1;
00733 #endif
00734 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00735 unsigned int anti_replay : 1;
00736 #endif
00737 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00738 unsigned int cbc_record_splitting : 1;
00739 #endif
00740 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00741 unsigned int disable_renegotiation : 1;
00742 #endif
00743 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00744 unsigned int trunc_hmac : 1;
00745 #endif
00746 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
00747 unsigned int session_tickets : 1;
00748 #endif
00749 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
00750 unsigned int fallback : 1;
00751 #endif
00752 };
00753
00754
00755 struct mbedtls_ssl_context
00756 {
00757 const mbedtls_ssl_config *conf;
00759
00760
00761
00762 int state;
00763 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00764 int renego_status;
00765 int renego_records_seen;
00768 #endif
00769
00770 int major_ver;
00771 int minor_ver;
00773 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00774 unsigned badmac_seen;
00775 #endif
00776
00777 mbedtls_ssl_send_t *f_send;
00778 mbedtls_ssl_recv_t *f_recv;
00779 mbedtls_ssl_recv_timeout_t *f_recv_timeout;
00782 void *p_bio;
00784
00785
00786
00787 mbedtls_ssl_session *session_in;
00788 mbedtls_ssl_session *session_out;
00789 mbedtls_ssl_session *session;
00790 mbedtls_ssl_session *session_negotiate;
00792 mbedtls_ssl_handshake_params *handshake;
00795
00796
00797
00798 mbedtls_ssl_transform *transform_in;
00799 mbedtls_ssl_transform *transform_out;
00800 mbedtls_ssl_transform *transform;
00801 mbedtls_ssl_transform *transform_negotiate;
00803
00804
00805
00806 void *p_timer;
00808 mbedtls_ssl_set_timer_t *f_set_timer;
00809 mbedtls_ssl_get_timer_t *f_get_timer;
00811
00812
00813
00814 unsigned char *in_buf;
00815 unsigned char *in_ctr;
00818 unsigned char *in_hdr;
00819 unsigned char *in_len;
00820 unsigned char *in_iv;
00821 unsigned char *in_msg;
00822 unsigned char *in_offt;
00824 int in_msgtype;
00825 size_t in_msglen;
00826 size_t in_left;
00827 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00828 uint16_t in_epoch;
00829 size_t next_record_offset;
00831 #endif
00832 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00833 uint64_t in_window_top;
00834 uint64_t in_window;
00835 #endif
00836
00837 size_t in_hslen;
00839 int nb_zero;
00840 int record_read;
00842
00843
00844
00845 unsigned char *out_buf;
00846 unsigned char *out_ctr;
00847 unsigned char *out_hdr;
00848 unsigned char *out_len;
00849 unsigned char *out_iv;
00850 unsigned char *out_msg;
00852 int out_msgtype;
00853 size_t out_msglen;
00854 size_t out_left;
00856 #if defined(MBEDTLS_ZLIB_SUPPORT)
00857 unsigned char *compress_buf;
00858 #endif
00859 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00860 signed char split_done;
00861 #endif
00862
00863
00864
00865
00866 int client_auth;
00868
00869
00870
00871 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00872 char *hostname;
00874 #endif
00875
00876 #if defined(MBEDTLS_SSL_ALPN)
00877 const char *alpn_chosen;
00878 #endif
00879
00880
00881
00882
00883 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00884 unsigned char *cli_id;
00885 size_t cli_id_len;
00886 #endif
00887
00888
00889
00890
00891
00892 int secure_renegotiation;
00894 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00895 size_t verify_data_len;
00896 char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00897 char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN];
00898 #endif
00899 };
00900
00901 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
00902
00903 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
00904 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
00905
00906 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
00907 const unsigned char *key_enc, const unsigned char *key_dec,
00908 size_t keylen,
00909 const unsigned char *iv_enc, const unsigned char *iv_dec,
00910 size_t ivlen,
00911 const unsigned char *mac_enc, const unsigned char *mac_dec,
00912 size_t maclen);
00913 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
00914 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
00915 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
00916 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
00917 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
00918 #endif
00919
00926 const int *mbedtls_ssl_list_ciphersuites( void );
00927
00936 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
00937
00946 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
00947
00955 void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
00956
00972 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
00973 const mbedtls_ssl_config *conf );
00974
00985 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
00986
00993 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
00994
01009 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
01010
01037 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
01038
01039 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01040
01051 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
01052 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
01053 void *p_vrfy );
01054 #endif
01055
01063 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
01064 int (*f_rng)(void *, unsigned char *, size_t),
01065 void *p_rng );
01066
01081 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
01082 void (*f_dbg)(void *, int, const char *, int, const char *),
01083 void *p_dbg );
01084
01115 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
01116 void *p_bio,
01117 mbedtls_ssl_send_t *f_send,
01118 mbedtls_ssl_recv_t *f_recv,
01119 mbedtls_ssl_recv_timeout_t *f_recv_timeout );
01120
01137 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
01138
01159 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
01160 void *p_timer,
01161 mbedtls_ssl_set_timer_t *f_set_timer,
01162 mbedtls_ssl_get_timer_t *f_get_timer );
01163
01183 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
01184 const mbedtls_ssl_session *session,
01185 unsigned char *start,
01186 const unsigned char *end,
01187 size_t *tlen,
01188 uint32_t *lifetime );
01189
01190 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01191
01211 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
01212 const unsigned char *ms,
01213 const unsigned char *kb,
01214 size_t maclen,
01215 size_t keylen,
01216 size_t ivlen );
01217 #endif
01218
01242 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
01243 mbedtls_ssl_session *session,
01244 unsigned char *buf,
01245 size_t len );
01246
01247 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
01248
01262 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
01263 mbedtls_ssl_ticket_write_t *f_ticket_write,
01264 mbedtls_ssl_ticket_parse_t *f_ticket_parse,
01265 void *p_ticket );
01266 #endif
01267
01268 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01269
01279 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
01280 mbedtls_ssl_export_keys_t *f_export_keys,
01281 void *p_export_keys );
01282 #endif
01283
01298 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
01299 unsigned char **p, unsigned char *end,
01300 const unsigned char *info, size_t ilen );
01301
01315 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
01316 const unsigned char *cookie, size_t clen,
01317 const unsigned char *info, size_t ilen );
01318
01319 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
01320
01348 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
01349 mbedtls_ssl_cookie_write_t *f_cookie_write,
01350 mbedtls_ssl_cookie_check_t *f_cookie_check,
01351 void *p_cookie );
01352
01372 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
01373 const unsigned char *info,
01374 size_t ilen );
01375
01376 #endif
01377
01378 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
01379
01394 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
01395 #endif
01396
01397 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
01398
01421 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
01422 #endif
01423
01424 #if defined(MBEDTLS_SSL_PROTO_DTLS)
01425
01456 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
01457 #endif
01458
01459 #if defined(MBEDTLS_SSL_SRV_C)
01460
01497 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
01498 void *p_cache,
01499 int (*f_get_cache)(void *, mbedtls_ssl_session *),
01500 int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
01501 #endif
01502
01503 #if defined(MBEDTLS_SSL_CLI_C)
01504
01518 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
01519 #endif
01520
01536 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
01537 const int *ciphersuites );
01538
01558 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
01559 const int *ciphersuites,
01560 int major, int minor );
01561
01562 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01563
01573 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
01574 const mbedtls_x509_crt_profile *profile );
01575
01583 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
01584 mbedtls_x509_crt *ca_chain,
01585 mbedtls_x509_crl *ca_crl );
01586
01615 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
01616 mbedtls_x509_crt *own_cert,
01617 mbedtls_pk_context *pk_key );
01618 #endif
01619
01620 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
01621
01641 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
01642 const unsigned char *psk, size_t psk_len,
01643 const unsigned char *psk_identity, size_t psk_identity_len );
01644
01645
01658 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
01659 const unsigned char *psk, size_t psk_len );
01660
01685 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
01686 int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
01687 size_t),
01688 void *p_psk );
01689 #endif
01690
01691 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
01692
01703 int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
01704
01714 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
01715 #endif
01716
01717 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
01718
01726 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
01727 unsigned int bitlen );
01728 #endif
01729
01730 #if defined(MBEDTLS_ECP_C)
01731
01758 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
01759 const mbedtls_ecp_group_id *curves );
01760 #endif
01761
01762 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
01763
01781 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
01782 const int *hashes );
01783 #endif
01784
01785 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01786
01797 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
01798 #endif
01799
01800 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
01801
01813 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
01814 mbedtls_x509_crt *own_cert,
01815 mbedtls_pk_context *pk_key );
01816
01828 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
01829 mbedtls_x509_crt *ca_chain,
01830 mbedtls_x509_crl *ca_crl );
01831
01842 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
01843 int authmode );
01844
01868 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
01869 int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
01870 size_t),
01871 void *p_sni );
01872 #endif
01873
01874 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
01875
01892 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
01893 const unsigned char *pw,
01894 size_t pw_len );
01895 #endif
01896
01897 #if defined(MBEDTLS_SSL_ALPN)
01898
01910 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
01911
01921 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
01922 #endif
01923
01940 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
01941
01960 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
01961
01962 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
01963
01982 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
01983 #endif
01984
01985 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
01986
01997 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
01998 #endif
01999
02000 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
02001
02012 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
02013 #endif
02014
02015 #if defined(MBEDTLS_ARC4_C)
02016
02031 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
02032 #endif
02033
02034 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02035
02050 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
02051 #endif
02052
02053 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
02054
02062 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
02063 #endif
02064
02065 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
02066
02077 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
02078 #endif
02079
02080 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
02081
02091 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
02092 #endif
02093
02094 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02095
02112 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
02113 #endif
02114
02142 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
02143
02144 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02145
02182 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
02183
02209 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
02210 const unsigned char period[8] );
02211 #endif
02212
02220 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
02221
02233 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
02234
02242 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
02243
02251 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
02252
02263 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
02264
02265 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02266
02282 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
02283 #endif
02284
02285 #if defined(MBEDTLS_X509_CRT_PARSE_C)
02286
02300 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
02301 #endif
02302
02303 #if defined(MBEDTLS_SSL_CLI_C)
02304
02320 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
02321 #endif
02322
02344 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
02345
02365 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
02366
02367 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02368
02386 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
02387 #endif
02388
02423 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
02424
02460 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
02461
02478 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
02479 unsigned char level,
02480 unsigned char message );
02494 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
02495
02501 void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
02502
02513 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
02514
02530 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
02531 int endpoint, int transport, int preset );
02532
02538 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
02539
02545 void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
02546
02553 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
02554
02555 #ifdef __cplusplus
02556 }
02557 #endif
02558
02559 #endif