2009-01-03 22:22:43 +01:00
/**
* \ file ssl . h
2009-01-04 17:27:10 +01:00
*
2011-01-06 13:28:03 +01:00
* \ brief SSL / TLS functions .
2018-01-05 16:33:17 +01:00
*/
/*
2015-07-27 11:11:48 +02:00
* Copyright ( C ) 2006 - 2015 , ARM Limited , All Rights Reserved
2015-09-04 14:21:07 +02:00
* SPDX - License - Identifier : Apache - 2.0
2010-07-18 22:36:00 +02:00
*
2015-09-04 14:21:07 +02:00
* Licensed under the Apache License , Version 2.0 ( the " License " ) ; you may
* not use this file except in compliance with the License .
* You may obtain a copy of the License at
2009-01-04 17:27:10 +01:00
*
2015-09-04 14:21:07 +02:00
* http : //www.apache.org/licenses/LICENSE-2.0
2009-01-04 17:27:10 +01:00
*
2015-09-04 14:21:07 +02:00
* Unless required by applicable law or agreed to in writing , software
* distributed under the License is distributed on an " AS IS " BASIS , WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
* See the License for the specific language governing permissions and
* limitations under the License .
2009-01-04 17:27:10 +01:00
*
2015-09-04 14:21:07 +02:00
* This file is part of mbed TLS ( https : //tls.mbed.org)
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
# ifndef MBEDTLS_SSL_H
# define MBEDTLS_SSL_H
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# if !defined(MBEDTLS_CONFIG_FILE)
2013-04-18 22:46:23 +02:00
# include "config.h"
2014-04-29 12:39:06 +02:00
# else
2015-04-08 12:49:31 +02:00
# include MBEDTLS_CONFIG_FILE
2014-04-29 12:39:06 +02:00
# endif
2014-11-04 19:52:10 +01:00
2013-04-18 22:46:23 +02:00
# include "bignum.h"
2014-07-03 16:12:50 +02:00
# include "ecp.h"
2013-04-18 22:46:23 +02:00
2013-08-27 21:19:20 +02:00
# include "ssl_ciphersuites.h"
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2013-09-16 13:49:26 +02:00
# include "x509_crt.h"
# include "x509_crl.h"
2013-09-23 14:46:13 +02:00
# endif
2013-04-18 22:46:23 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_DHM_C)
2012-09-16 21:57:18 +02:00
# include "dhm.h"
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_ECDH_C)
2013-03-20 14:39:14 +01:00
# include "ecdh.h"
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_ZLIB_SUPPORT)
2018-03-08 14:26:12 +01:00
# if defined(MBEDTLS_DEPRECATED_WARNING)
# warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
# endif
# if defined(MBEDTLS_DEPRECATED_REMOVED)
# error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
# endif
2012-07-03 15:30:23 +02:00
# include "zlib.h"
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_HAVE_TIME)
2017-05-14 15:17:33 +02:00
# include "platform_time.h"
2013-07-03 15:31:03 +02:00
# endif
2018-10-22 16:31:03 +02:00
# if defined(MBEDTLS_USE_PSA_CRYPTO)
# include "psa/crypto.h"
# endif /* MBEDTLS_USE_PSA_CRYPTO */
2009-07-28 09:18:38 +02:00
/*
* SSL Error codes
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
# define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
# define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
# define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
# define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
# define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
# define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
# define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
# define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
# define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */
# define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
# define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
# define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
# define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
# define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
# define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
# define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
# define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
2015-05-28 09:33:39 +02:00
# define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */
2015-04-08 12:49:31 +02:00
# define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
# define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
# define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
# define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
# define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
# define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
# define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
# define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
# define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
# define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
# define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
# define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
# define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
# define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
2017-10-10 11:35:08 +02:00
# define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */
2015-05-06 17:19:31 +02:00
# define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
# define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
2015-09-08 11:21:21 +02:00
# define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
2015-12-03 16:13:17 +01:00
# define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */
2016-10-13 18:21:01 +02:00
# define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
# define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
2017-10-10 11:35:08 +02:00
# define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
Merge branch 'mbedtls_ssl_get_key_exchange_md_ssl_tls-return_hashlen' into tls_async_server-2.9
Conflict resolution:
* ChangeLog: put the new entry from my branch in the proper place.
* include/mbedtls/error.h: counted high-level module error codes again.
* include/mbedtls/ssl.h: picked different numeric codes for the
concurrently added errors; made the new error a full sentence per
current standards.
* library/error.c: ran scripts/generate_errors.pl.
* library/ssl_srv.c:
* ssl_prepare_server_key_exchange "DHE key exchanges": the conflict
was due to style corrections in development
(4cb1f4d49cff999d0c853bc696ad7eea68888c35) which I merged with
my refactoring.
* ssl_prepare_server_key_exchange "For key exchanges involving the
server signing", first case, variable declarations: merged line
by line:
* dig_signed_len: added in async
* signature_len: removed in async
* hashlen: type changed to size_t in development
* hash: size changed to MBEDTLS_MD_MAX_SIZE in async
* ret: added in async
* ssl_prepare_server_key_exchange "For key exchanges involving the
server signing", first cae comment: the conflict was due to style
corrections in development (4cb1f4d49cff999d0c853bc696ad7eea68888c35)
which I merged with my comment changes made as part of refactoring
the function.
* ssl_prepare_server_key_exchange "Compute the hash to be signed" if
`md_alg != MBEDTLS_MD_NONE`: conflict between
ebd652fe2dfc2c82d774bfd334398279d9027492
"ssl_write_server_key_exchange: calculate hashlen explicitly" and
46f5a3e9b4d5db3cacfe2ba33480a27317c62d46 "Check return codes from
MD in ssl code". I took the code from commit
ca1d74290439ec9e2723a911657fd96aa320e219 made on top of development
which makes mbedtls_ssl_get_key_exchange_md_ssl_tls return the
hash length.
* programs/ssl/ssl_server2.c: multiple conflicts between the introduction
of MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and new auxiliary functions and
definitions for async support, and the introduction of idle().
* definitions before main: concurrent additions, kept both.
* main, just after `handshake:`: in the loop around
mbedtls_ssl_handshake(), merge the addition of support for
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and SSL_ASYNC_INJECT_ERROR_CANCEL
with the addition of the idle() call.
* main, if `opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM`: take the
code from development and add a check for
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS.
* main, loop around mbedtls_ssl_read() in the datagram case:
take the code from development and add a check for
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
* main, loop around mbedtls_ssl_write() in the datagram case:
take the code from development and add a check for
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
2018-04-24 12:18:19 +02:00
# define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
2018-08-15 15:48:01 +02:00
# define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
2018-09-11 11:08:12 +02:00
# define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
2009-01-03 22:22:43 +01:00
/*
* Various constants
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_MAJOR_VERSION_3 3
# define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
# define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
# define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
# define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
# define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
2014-02-06 13:04:16 +01:00
2015-09-28 20:22:33 +02:00
# define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
2015-09-27 23:50:49 +02:00
2013-07-18 12:32:27 +02:00
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
2013-07-19 12:47:00 +02:00
* NONE must be zero so that memset ( ) ing structure to zero works */
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
# define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
2013-07-16 12:45:26 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_IS_CLIENT 0
# define MBEDTLS_SSL_IS_SERVER 1
2014-08-19 11:16:35 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_IS_NOT_FALLBACK 0
# define MBEDTLS_SSL_IS_FALLBACK 1
2014-10-20 13:34:59 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
# define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
2014-10-20 18:40:56 +02:00
2019-04-09 16:12:56 +02:00
# define MBEDTLS_SSL_CID_DISABLED 0
# define MBEDTLS_SSL_CID_ENABLED 1
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_ETM_DISABLED 0
# define MBEDTLS_SSL_ETM_ENABLED 1
2014-10-27 13:57:03 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_COMPRESS_NULL 0
# define MBEDTLS_SSL_COMPRESS_DEFLATE 1
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_VERIFY_NONE 0
# define MBEDTLS_SSL_VERIFY_OPTIONAL 1
# define MBEDTLS_SSL_VERIFY_REQUIRED 2
2015-06-19 12:16:31 +02:00
# define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
# define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
2012-09-16 21:57:18 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
# define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
2012-09-16 21:57:18 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
# define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
2014-09-24 14:41:11 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
# define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
2014-07-03 19:29:16 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
# define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
# define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
2012-09-16 21:57:18 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
# define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
# define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
2013-07-19 11:08:52 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
# define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
2013-08-03 13:02:31 +02:00
2015-05-05 17:34:53 +02:00
# define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
# define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
2015-01-07 14:50:54 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_ARC4_ENABLED 0
# define MBEDTLS_SSL_ARC4_DISABLED 1
2015-01-12 13:43:29 +01:00
2015-06-17 13:53:47 +02:00
# define MBEDTLS_SSL_PRESET_DEFAULT 0
# define MBEDTLS_SSL_PRESET_SUITEB 2
2017-04-10 13:42:31 +02:00
# define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
# define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
2014-09-30 22:21:31 +02:00
/*
* Default range for DTLS retransmission timer value , in milliseconds .
* RFC 6347 4.2 .4 .1 says from 1 second to 60 seconds .
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
# define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
2014-09-30 22:21:31 +02:00
2014-04-25 11:11:10 +02:00
/**
* \ name SECTION : Module settings
*
* The configuration options you can set for this module are in this section .
* Either change them in config . h or define them on the compiler command line .
* \ {
*/
2015-04-08 12:49:31 +02:00
# if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
# define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2014-04-25 11:11:10 +02:00
# endif
2013-08-14 16:52:14 +02:00
2013-06-24 19:31:17 +02:00
/*
2016-05-25 12:56:48 +02:00
* Maximum fragment length in bytes ,
2015-08-31 12:46:01 +02:00
* determines the size of each of the two internal I / O buffers .
*
2013-06-24 19:31:17 +02:00
* Note : the RFC defines the default size of SSL / TLS messages . If you
* change the value here , other clients / servers may not be able to
* communicate with you anymore . Only change this value if you control
2014-06-30 17:27:49 +02:00
* both sides of the connection and have it reduced at both sides , or
* if you ' re using the Max Fragment Length extension and you know all your
* peers are using it too !
2013-06-24 19:31:17 +02:00
*/
2015-04-08 12:49:31 +02:00
# if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
# define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
2014-04-25 11:11:10 +02:00
# endif
2016-05-25 12:56:48 +02:00
# if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
# define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
# endif
# if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
# define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
# endif
2018-08-28 10:46:44 +02:00
/*
* Maximum number of heap - allocated bytes for the purpose of
* DTLS handshake message reassembly and future message buffering .
*/
2018-08-21 16:51:03 +02:00
# if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
2018-08-28 10:46:44 +02:00
# define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
2018-08-21 16:51:03 +02:00
# endif
2019-04-09 16:12:56 +02:00
/*
* Maximum length of CIDs for incoming and outgoing messages .
*/
# if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
# define MBEDTLS_SSL_CID_IN_LEN_MAX 32
# endif
# if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
# define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
# endif
2014-04-25 11:11:10 +02:00
/* \} name SECTION: Module settings */
2009-01-03 22:22:43 +01:00
2014-11-04 13:05:42 +01:00
/*
* Length of the verify data for secure renegotiation
*/
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_PROTO_SSL3)
# define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
2014-11-04 13:05:42 +01:00
# else
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
2014-11-04 13:05:42 +01:00
# endif
2014-06-30 17:27:49 +02:00
/*
* Signaling ciphersuite values ( SCSV )
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
2016-06-17 16:40:41 +02:00
# define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */
2012-09-16 21:57:18 +02:00
2012-04-11 14:09:53 +02:00
/*
* Supported Signature and Hash algorithms ( For TLS 1.2 )
2013-08-17 13:01:41 +02:00
* RFC 5246 section 7.4 .1 .4 .1
2012-04-11 14:09:53 +02:00
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_HASH_NONE 0
# define MBEDTLS_SSL_HASH_MD5 1
# define MBEDTLS_SSL_HASH_SHA1 2
# define MBEDTLS_SSL_HASH_SHA224 3
# define MBEDTLS_SSL_HASH_SHA256 4
# define MBEDTLS_SSL_HASH_SHA384 5
# define MBEDTLS_SSL_HASH_SHA512 6
2012-04-11 14:09:53 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_SIG_ANON 0
# define MBEDTLS_SSL_SIG_RSA 1
# define MBEDTLS_SSL_SIG_ECDSA 3
2012-04-11 14:09:53 +02:00
2012-11-23 13:38:07 +01:00
/*
* Client Certificate Types
2013-08-17 13:01:41 +02:00
* RFC 5246 section 7.4 .4 plus RFC 4492 section 5.5
2012-11-23 13:38:07 +01:00
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
# define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
2012-11-23 13:38:07 +01:00
2009-01-03 22:22:43 +01:00
/*
* Message , alert and handshake types
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
# define MBEDTLS_SSL_MSG_ALERT 21
# define MBEDTLS_SSL_MSG_HANDSHAKE 22
# define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
2019-04-29 18:31:37 +02:00
# define MBEDTLS_SSL_MSG_CID 25
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
# define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
# define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
# define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
# define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
# define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
# define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
# define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
# define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
# define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
# define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
# define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
# define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
# define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
# define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
# define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
# define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
# define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
# define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
# define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
# define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
# define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
# define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
# define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
# define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
# define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
# define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
# define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
# define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
# define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
# define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
# define MBEDTLS_SSL_HS_HELLO_REQUEST 0
# define MBEDTLS_SSL_HS_CLIENT_HELLO 1
# define MBEDTLS_SSL_HS_SERVER_HELLO 2
# define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
# define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
# define MBEDTLS_SSL_HS_CERTIFICATE 11
# define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
# define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
# define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
# define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
# define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
# define MBEDTLS_SSL_HS_FINISHED 20
2009-01-03 22:22:43 +01:00
/*
* TLS extensions
*/
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_SERVERNAME 0
# define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
2013-03-20 14:39:14 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
2013-07-17 10:25:37 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
2013-07-19 11:41:43 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
# define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_SIG_ALG 13
2012-04-11 18:11:49 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_ALPN 16
2014-04-07 10:57:45 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
# define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
2014-10-20 18:40:56 +02:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_SESSION_TICKET 35
2013-08-02 14:44:54 +02:00
2019-04-25 17:24:57 +02:00
/* The value of the CID extension is still TBD as of
* https : //tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04. */
2019-05-03 13:42:13 +02:00
# define MBEDTLS_TLS_EXT_CID 254 /* TBD */
2019-04-25 17:24:57 +02:00
2015-09-15 16:55:05 +02:00
# define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
2015-04-08 12:49:31 +02:00
# define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
2012-09-16 21:57:18 +02:00
2013-04-18 22:46:23 +02:00
/*
* Size defines
*/
2015-04-08 12:49:31 +02:00
# if !defined(MBEDTLS_PSK_MAX_LEN)
# define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
2014-07-03 16:12:50 +02:00
# endif
/* Dummy type used only for its size */
2015-05-27 20:27:06 +02:00
union mbedtls_ssl_premaster_secret
2014-07-03 16:12:50 +02:00
{
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
2014-07-03 16:12:50 +02:00
unsigned char _pms_rsa [ 48 ] ; /* RFC 5246 8.1.1 */
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
unsigned char _pms_dhm [ MBEDTLS_MPI_MAX_SIZE ] ; /* RFC 5246 8.1.2 */
2014-07-03 16:12:50 +02:00
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED )
unsigned char _pms_ecdh [ MBEDTLS_ECP_MAX_BYTES ] ; /* RFC 4492 5.10 */
2013-04-18 22:46:23 +02:00
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
unsigned char _pms_psk [ 4 + 2 * MBEDTLS_PSK_MAX_LEN ] ; /* RFC 4279 2 */
2014-07-03 16:12:50 +02:00
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_dhe_psk [ 4 + MBEDTLS_MPI_MAX_SIZE
+ MBEDTLS_PSK_MAX_LEN ] ; /* RFC 4279 3 */
2014-07-03 16:12:50 +02:00
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
unsigned char _pms_rsa_psk [ 52 + MBEDTLS_PSK_MAX_LEN ] ; /* RFC 4279 4 */
2014-07-03 16:12:50 +02:00
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk [ 4 + MBEDTLS_ECP_MAX_BYTES
+ MBEDTLS_PSK_MAX_LEN ] ; /* RFC 5489 2 */
2014-07-03 16:12:50 +02:00
# endif
2015-09-15 17:53:32 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
unsigned char _pms_ecjpake [ 32 ] ; /* Thread spec: SHA-256 output */
# endif
2014-07-03 16:12:50 +02:00
} ;
2015-05-27 20:27:06 +02:00
# define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
2013-04-18 22:46:23 +02:00
2013-06-27 14:29:21 +02:00
# ifdef __cplusplus
extern " C " {
# endif
2009-01-03 22:22:43 +01:00
/*
* SSL state machine
*/
typedef enum
{
2015-04-08 12:49:31 +02:00
MBEDTLS_SSL_HELLO_REQUEST ,
MBEDTLS_SSL_CLIENT_HELLO ,
MBEDTLS_SSL_SERVER_HELLO ,
MBEDTLS_SSL_SERVER_CERTIFICATE ,
MBEDTLS_SSL_SERVER_KEY_EXCHANGE ,
MBEDTLS_SSL_CERTIFICATE_REQUEST ,
MBEDTLS_SSL_SERVER_HELLO_DONE ,
MBEDTLS_SSL_CLIENT_CERTIFICATE ,
MBEDTLS_SSL_CLIENT_KEY_EXCHANGE ,
MBEDTLS_SSL_CERTIFICATE_VERIFY ,
MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ,
MBEDTLS_SSL_CLIENT_FINISHED ,
MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ,
MBEDTLS_SSL_SERVER_FINISHED ,
MBEDTLS_SSL_FLUSH_BUFFERS ,
MBEDTLS_SSL_HANDSHAKE_WRAPUP ,
MBEDTLS_SSL_HANDSHAKE_OVER ,
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET ,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT ,
2009-01-03 22:22:43 +01:00
}
2015-04-08 12:49:31 +02:00
mbedtls_ssl_states ;
2009-01-03 22:22:43 +01:00
2019-05-12 13:54:30 +02:00
/*
* The tls_prf function types .
*/
typedef enum
{
MBEDTLS_SSL_TLS_PRF_NONE ,
MBEDTLS_SSL_TLS_PRF_SSL3 ,
MBEDTLS_SSL_TLS_PRF_TLS1 ,
MBEDTLS_SSL_TLS_PRF_SHA384 ,
MBEDTLS_SSL_TLS_PRF_SHA256
}
mbedtls_tls_prf_types ;
2016-03-01 18:31:49 +01:00
/**
* \ brief Callback type : send data on the network .
*
* \ note That callback may be either blocking or non - blocking .
*
* \ param ctx Context for the send callback ( typically a file descriptor )
2016-03-09 21:19:21 +01:00
* \ param buf Buffer holding the data to send
2016-03-01 18:31:49 +01:00
* \ param len Length of the data to send
*
* \ return The callback must return the number of bytes sent if any ,
* or a non - zero error code .
* If performing non - blocking I / O , \ c MBEDTLS_ERR_SSL_WANT_WRITE
* must be returned when the operation would block .
*
2016-03-09 21:19:21 +01:00
* \ note The callback is allowed to send fewer bytes than requested .
2016-03-01 18:31:49 +01:00
* It must always return the number of bytes actually sent .
*/
typedef int mbedtls_ssl_send_t ( void * ctx ,
const unsigned char * buf ,
size_t len ) ;
/**
* \ brief Callback type : receive data from the network .
*
* \ note That callback may be either blocking or non - blocking .
*
* \ param ctx Context for the receive callback ( typically a file
* descriptor )
* \ param buf Buffer to write the received data to
* \ param len Length of the receive buffer
*
* \ return The callback must return the number of bytes received ,
* or a non - zero error code .
* If performing non - blocking I / O , \ c MBEDTLS_ERR_SSL_WANT_READ
* must be returned when the operation would block .
*
2016-03-09 21:19:21 +01:00
* \ note The callback may receive fewer bytes than the length of the
2016-03-01 18:31:49 +01:00
* buffer . It must always return the number of bytes actually
* received and written to the buffer .
*/
typedef int mbedtls_ssl_recv_t ( void * ctx ,
unsigned char * buf ,
size_t len ) ;
/**
* \ brief Callback type : receive data from the network , with timeout
*
* \ note That callback must block until data is received , or the
* timeout delay expires , or the operation is interrupted by a
* signal .
*
* \ param ctx Context for the receive callback ( typically a file descriptor )
* \ param buf Buffer to write the received data to
* \ param len Length of the receive buffer
* \ param timeout Maximum nomber of millisecondes to wait for data
2016-06-17 16:40:41 +02:00
* 0 means no timeout ( potentially waiting forever )
2016-03-01 18:31:49 +01:00
*
* \ return The callback must return the number of bytes received ,
* or a non - zero error code :
* \ c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out ,
* \ c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal .
*
2016-03-09 21:19:21 +01:00
* \ note The callback may receive fewer bytes than the length of the
2016-03-01 18:31:49 +01:00
* buffer . It must always return the number of bytes actually
* received and written to the buffer .
*/
typedef int mbedtls_ssl_recv_timeout_t ( void * ctx ,
unsigned char * buf ,
size_t len ,
uint32_t timeout ) ;
/**
* \ brief Callback type : set a pair of timers / delays to watch
*
* \ param ctx Context pointer
* \ param int_ms Intermediate delay in milliseconds
* \ param fin_ms Final delay in milliseconds
* 0 cancels the current timer .
*
* \ note This callback must at least store the necessary information
* for the associated \ c mbedtls_ssl_get_timer_t callback to
* return correct information .
*
* \ note If using a event - driven style of programming , an event must
* be generated when the final delay is passed . The event must
* cause a call to \ c mbedtls_ssl_handshake ( ) with the proper
* SSL context to be scheduled . Care must be taken to ensure
* that at most one such call happens at a time .
*
* \ note Only one timer at a time must be running . Calling this
* function while a timer is running must cancel it . Cancelled
* timers must not generate any event .
*/
typedef void mbedtls_ssl_set_timer_t ( void * ctx ,
uint32_t int_ms ,
uint32_t fin_ms ) ;
/**
* \ brief Callback type : get status of timers / delays
*
* \ param ctx Context pointer
*
* \ return This callback must return :
* - 1 if cancelled ( fin_ms = = 0 ) ,
2016-06-17 16:40:41 +02:00
* 0 if none of the delays have passed ,
* 1 if only the intermediate delay has passed ,
* 2 if the final delay has passed .
2016-03-01 18:31:49 +01:00
*/
typedef int mbedtls_ssl_get_timer_t ( void * ctx ) ;
2015-05-26 12:11:48 +02:00
/* Defined below */
2015-04-08 12:49:31 +02:00
typedef struct mbedtls_ssl_session mbedtls_ssl_session ;
typedef struct mbedtls_ssl_context mbedtls_ssl_context ;
2015-05-26 12:11:48 +02:00
typedef struct mbedtls_ssl_config mbedtls_ssl_config ;
/* Defined in ssl_internal.h */
2015-04-08 12:49:31 +02:00
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform ;
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params ;
2017-04-28 18:15:26 +02:00
typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t ;
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert ;
2013-09-23 14:46:13 +02:00
# endif
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item ;
2014-09-19 11:18:57 +02:00
# endif
2009-01-03 22:22:43 +01:00
2018-04-24 13:09:22 +02:00
# if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2018-01-05 21:11:53 +01:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
2018-04-26 00:19:16 +02:00
* \ brief Callback type : start external signature operation .
2018-01-05 21:11:53 +01:00
*
2018-04-26 00:19:16 +02:00
* This callback is called during an SSL handshake to start
* a signature decryption operation using an
2018-04-26 07:28:44 +02:00
* external processor . The parameter \ p cert contains
2018-01-05 21:11:53 +01:00
* the public key ; it is up to the callback function to
2018-04-26 00:19:16 +02:00
* determine how to access the associated private key .
2018-01-05 21:11:53 +01:00
*
2018-04-26 00:19:16 +02:00
* This function typically sends or enqueues a request , and
* does not wait for the operation to complete . This allows
* the handshake step to be non - blocking .
2018-01-05 21:11:53 +01:00
*
2018-04-30 11:54:14 +02:00
* The parameters \ p ssl and \ p cert are guaranteed to remain
* valid throughout the handshake . On the other hand , this
2018-04-26 07:28:44 +02:00
* function must save the contents of \ p hash if the value
* is needed for later processing , because the \ p hash buffer
2018-04-26 00:19:16 +02:00
* is no longer valid after this function returns .
2018-01-05 21:11:53 +01:00
*
2018-04-30 11:54:39 +02:00
* This function may call mbedtls_ssl_set_async_operation_data ( )
* to store an operation context for later retrieval
2018-04-30 13:57:45 +02:00
* by the resume or cancel callback .
2018-04-25 20:39:48 +02:00
*
2018-04-26 06:23:59 +02:00
* \ note For RSA signatures , this function must produce output
* that is consistent with PKCS # 1 v1 .5 in the same way as
* mbedtls_rsa_pkcs1_sign ( ) . Before the private key operation ,
* apply the padding steps described in RFC 8017 , section 9.2
* " EMSA-PKCS1-v1_5 " as follows .
* - If \ p md_alg is # MBEDTLS_MD_NONE , apply the PKCS # 1 v1 .5
* encoding , treating \ p hash as the DigestInfo to be
* padded . In other words , apply EMSA - PKCS1 - v1_5 starting
* from step 3 , with ` T = hash ` and ` tLen = hash_len ` .
2018-04-30 11:54:14 +02:00
* - If ` md_alg ! = MBEDTLS_MD_NONE ` , apply the PKCS # 1 v1 .5
2018-04-26 06:23:59 +02:00
* encoding , treating \ p hash as the hash to be encoded and
* padded . In other words , apply EMSA - PKCS1 - v1_5 starting
* from step 2 , with ` digestAlgorithm ` obtained by calling
* mbedtls_oid_get_oid_by_md ( ) on \ p md_alg .
*
2018-04-26 17:57:37 +02:00
* \ note For ECDSA signatures , the output format is the DER encoding
* ` Ecdsa - Sig - Value ` defined in
* [ RFC 4492 section 5.4 ] ( https : //tools.ietf.org/html/rfc4492#section-5.4).
*
2018-04-26 00:19:16 +02:00
* \ param ssl The SSL connection instance . It should not be
2018-04-30 11:54:39 +02:00
* modified other than via
* mbedtls_ssl_set_async_operation_data ( ) .
2018-04-26 00:19:16 +02:00
* \ param cert Certificate containing the public key .
2018-04-30 10:30:49 +02:00
* In simple cases , this is one of the pointers passed to
2018-04-26 17:57:37 +02:00
* mbedtls_ssl_conf_own_cert ( ) when configuring the SSL
2018-04-30 10:30:49 +02:00
* connection . However , if other callbacks are used , this
* property may not hold . For example , if an SNI callback
* is registered with mbedtls_ssl_conf_sni ( ) , then
* this callback determines what certificate is used .
2018-04-26 00:19:16 +02:00
* \ param md_alg Hash algorithm .
2018-01-05 21:11:53 +01:00
* \ param hash Buffer containing the hash . This buffer is
* no longer valid when the function returns .
2018-04-26 00:19:16 +02:00
* \ param hash_len Size of the \ c hash buffer in bytes .
2018-01-05 21:11:53 +01:00
*
2018-04-26 07:28:44 +02:00
* \ return 0 if the operation was started successfully and the SSL
* stack should call the resume callback immediately .
* \ return # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
* was started successfully and the SSL stack should return
* immediately without calling the resume callback yet .
* \ return # MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
* processor does not support this key . The SSL stack will
* use the private key object instead .
* \ return Any other error indicates a fatal failure and is
2018-04-26 11:50:07 +02:00
* propagated up the call chain . The callback should
* use \ c MBEDTLS_ERR_PK_xxx error codes , and < b > must not < / b >
* use \ c MBEDTLS_ERR_SSL_xxx error codes except as
2018-04-30 16:37:03 +02:00
* directed in the documentation of this callback .
2018-01-05 21:11:53 +01:00
*/
2018-04-26 11:46:10 +02:00
typedef int mbedtls_ssl_async_sign_t ( mbedtls_ssl_context * ssl ,
2018-01-05 21:11:53 +01:00
mbedtls_x509_crt * cert ,
mbedtls_md_type_t md_alg ,
const unsigned char * hash ,
size_t hash_len ) ;
/**
2018-04-26 00:19:16 +02:00
* \ brief Callback type : start external decryption operation .
2018-01-05 21:11:53 +01:00
*
2018-04-26 00:19:16 +02:00
* This callback is called during an SSL handshake to start
* an RSA decryption operation using an
2018-04-26 07:28:44 +02:00
* external processor . The parameter \ p cert contains
2018-01-05 21:11:53 +01:00
* the public key ; it is up to the callback function to
2018-04-26 00:19:16 +02:00
* determine how to access the associated private key .
2018-01-05 21:11:53 +01:00
*
2018-04-26 00:19:16 +02:00
* This function typically sends or enqueues a request , and
* does not wait for the operation to complete . This allows
* the handshake step to be non - blocking .
2018-01-05 21:11:53 +01:00
*
2018-04-30 11:54:14 +02:00
* The parameters \ p ssl and \ p cert are guaranteed to remain
* valid throughout the handshake . On the other hand , this
2018-04-26 07:28:44 +02:00
* function must save the contents of \ p input if the value
* is needed for later processing , because the \ p input buffer
2018-04-26 00:19:16 +02:00
* is no longer valid after this function returns .
2018-01-05 21:11:53 +01:00
*
2018-04-30 11:54:39 +02:00
* This function may call mbedtls_ssl_set_async_operation_data ( )
* to store an operation context for later retrieval
2018-04-30 13:57:45 +02:00
* by the resume or cancel callback .
2018-04-25 20:39:48 +02:00
*
2018-04-26 17:57:37 +02:00
* \ warning RSA decryption as used in TLS is subject to a potential
* timing side channel attack first discovered by Bleichenbacher
* in 1998. This attack can be remotely exploitable
* in practice . To avoid this attack , you must ensure that
* if the callback performs an RSA decryption , the time it
* takes to execute and return the result does not depend
* on whether the RSA decryption succeeded or reported
* invalid padding .
*
2018-04-26 00:19:16 +02:00
* \ param ssl The SSL connection instance . It should not be
2018-04-30 11:54:39 +02:00
* modified other than via
* mbedtls_ssl_set_async_operation_data ( ) .
2018-04-26 00:19:16 +02:00
* \ param cert Certificate containing the public key .
2018-04-30 10:30:49 +02:00
* In simple cases , this is one of the pointers passed to
2018-04-26 17:57:37 +02:00
* mbedtls_ssl_conf_own_cert ( ) when configuring the SSL
2018-04-30 10:30:49 +02:00
* connection . However , if other callbacks are used , this
* property may not hold . For example , if an SNI callback
* is registered with mbedtls_ssl_conf_sni ( ) , then
* this callback determines what certificate is used .
2018-01-05 21:11:53 +01:00
* \ param input Buffer containing the input ciphertext . This buffer
* is no longer valid when the function returns .
2018-04-26 07:28:44 +02:00
* \ param input_len Size of the \ p input buffer in bytes .
*
* \ return 0 if the operation was started successfully and the SSL
* stack should call the resume callback immediately .
* \ return # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
* was started successfully and the SSL stack should return
* immediately without calling the resume callback yet .
* \ return # MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
* processor does not support this key . The SSL stack will
* use the private key object instead .
* \ return Any other error indicates a fatal failure and is
2018-04-26 11:50:07 +02:00
* propagated up the call chain . The callback should
* use \ c MBEDTLS_ERR_PK_xxx error codes , and < b > must not < / b >
* use \ c MBEDTLS_ERR_SSL_xxx error codes except as
2018-04-30 16:37:03 +02:00
* directed in the documentation of this callback .
2018-01-05 21:11:53 +01:00
*/
2018-04-26 11:46:10 +02:00
typedef int mbedtls_ssl_async_decrypt_t ( mbedtls_ssl_context * ssl ,
2018-01-05 21:11:53 +01:00
mbedtls_x509_crt * cert ,
const unsigned char * input ,
size_t input_len ) ;
# endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
2018-04-26 00:19:16 +02:00
* \ brief Callback type : resume external operation .
2018-01-05 21:11:53 +01:00
*
2018-04-26 00:19:16 +02:00
* This callback is called during an SSL handshake to resume
* an external operation started by the
2018-04-26 07:28:44 +02:00
* : : mbedtls_ssl_async_sign_t or
* : : mbedtls_ssl_async_decrypt_t callback .
2018-04-26 00:19:16 +02:00
*
* This function typically checks the status of a pending
* request or causes the request queue to make progress , and
* does not wait for the operation to complete . This allows
* the handshake step to be non - blocking .
2018-01-05 21:11:53 +01:00
*
2018-04-30 11:54:39 +02:00
* This function may call mbedtls_ssl_get_async_operation_data ( )
* to retrieve an operation context set by the start callback .
* It may call mbedtls_ssl_set_async_operation_data ( ) to modify
* this context .
2018-04-25 20:39:48 +02:00
*
2018-04-30 13:57:45 +02:00
* Note that when this function returns a status other than
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS , it must free any
* resources associated with the operation .
*
2018-04-26 00:19:16 +02:00
* \ param ssl The SSL connection instance . It should not be
2018-04-30 11:54:39 +02:00
* modified other than via
* mbedtls_ssl_set_async_operation_data ( ) .
2018-04-26 00:19:16 +02:00
* \ param output Buffer containing the output ( signature or decrypted
* data ) on success .
2018-04-26 07:28:44 +02:00
* \ param output_len On success , number of bytes written to \ p output .
* \ param output_size Size of the \ p output buffer in bytes .
*
* \ return 0 if output of the operation is available in the
* \ p output buffer .
* \ return # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
* is still in progress . Subsequent requests for progress
* on the SSL connection will call the resume callback
* again .
* \ return Any other error means that the operation is aborted .
2018-04-26 11:50:07 +02:00
* The SSL handshake is aborted . The callback should
* use \ c MBEDTLS_ERR_PK_xxx error codes , and < b > must not < / b >
* use \ c MBEDTLS_ERR_SSL_xxx error codes except as
2018-04-30 16:37:03 +02:00
* directed in the documentation of this callback .
2018-01-05 21:11:53 +01:00
*/
2018-04-26 11:46:10 +02:00
typedef int mbedtls_ssl_async_resume_t ( mbedtls_ssl_context * ssl ,
2018-01-05 21:11:53 +01:00
unsigned char * output ,
size_t * output_len ,
size_t output_size ) ;
/**
2018-04-26 00:19:16 +02:00
* \ brief Callback type : cancel external operation .
2018-01-05 21:11:53 +01:00
*
2018-04-26 00:19:16 +02:00
* This callback is called if an SSL connection is closed
2018-04-30 13:57:45 +02:00
* while an asynchronous operation is in progress . Note that
* this callback is not called if the
* : : mbedtls_ssl_async_resume_t callback has run and has
* returned a value other than
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS , since in that case
* the asynchronous operation has already completed .
2018-01-05 21:11:53 +01:00
*
2018-04-30 11:54:39 +02:00
* This function may call mbedtls_ssl_get_async_operation_data ( )
* to retrieve an operation context set by the start callback .
2018-04-25 20:39:48 +02:00
*
2018-04-26 00:19:16 +02:00
* \ param ssl The SSL connection instance . It should not be
* modified .
2018-01-05 21:11:53 +01:00
*/
2018-04-26 11:46:10 +02:00
typedef void mbedtls_ssl_async_cancel_t ( mbedtls_ssl_context * ssl ) ;
2018-04-24 13:09:22 +02:00
# endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2016-03-01 18:31:49 +01:00
2019-02-26 12:43:09 +01:00
# if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
! defined ( MBEDTLS_SSL_KEEP_PEER_CERTIFICATE )
2019-02-05 18:00:50 +01:00
# define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
# if defined(MBEDTLS_SHA256_C)
# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
# elif defined(MBEDTLS_SHA512_C)
# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
# elif defined(MBEDTLS_SHA1_C)
# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
# else
2019-02-26 12:43:09 +01:00
/* This is already checked in check_config.h, but be sure. */
2019-02-05 18:00:50 +01:00
# error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
# endif
2019-02-26 12:43:09 +01:00
# endif / * MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
! MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2019-02-05 18:00:50 +01:00
2009-01-03 22:22:43 +01:00
/*
2012-09-25 23:55:46 +02:00
* This structure is used for storing current session data .
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
struct mbedtls_ssl_session
2009-01-03 22:22:43 +01:00
{
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_HAVE_TIME)
2016-04-26 08:43:27 +02:00
mbedtls_time_t start ; /*!< starting time */
2013-07-03 15:31:03 +02:00
# endif
2011-01-27 18:40:50 +01:00
int ciphersuite ; /*!< chosen ciphersuite */
2012-07-03 15:30:23 +02:00
int compression ; /*!< chosen compression */
2015-06-18 15:50:37 +02:00
size_t id_len ; /*!< session id length */
2009-01-03 22:22:43 +01:00
unsigned char id [ 32 ] ; /*!< session identifier */
unsigned char master [ 48 ] ; /*!< the master secret */
2013-04-18 22:46:23 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2019-02-07 14:29:55 +01:00
# if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
2019-02-05 18:00:50 +01:00
mbedtls_x509_crt * peer_cert ; /*!< peer X.509 cert chain */
2019-02-07 14:29:55 +01:00
# else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2019-02-05 18:00:50 +01:00
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation , mitigating the triple handshake attack . */
unsigned char * peer_cert_digest ;
size_t peer_cert_digest_len ;
mbedtls_md_type_t peer_cert_digest_type ;
2019-02-07 14:29:55 +01:00
# endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2015-05-11 19:54:43 +02:00
uint32_t verify_result ; /*!< verification result */
2013-07-18 14:07:09 +02:00
2015-05-20 10:45:29 +02:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2013-08-02 14:44:04 +02:00
unsigned char * ticket ; /*!< RFC 5077 session ticket */
size_t ticket_len ; /*!< session ticket length */
2013-07-31 12:58:16 +02:00
uint32_t ticket_lifetime ; /*!< ticket lifetime hint */
2015-05-20 10:45:29 +02:00
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
2013-08-02 14:44:04 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2013-07-18 14:07:09 +02:00
unsigned char mfl_code ; /*!< MaxFragmentLength negotiated by peer */
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2013-08-15 13:33:48 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2013-07-19 11:41:43 +02:00
int trunc_hmac ; /*!< flag for truncated hmac activation */
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
2014-10-27 13:57:03 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2014-10-27 13:57:03 +01:00
int encrypt_then_mac ; /*!< flag for EtM activation */
# endif
2009-01-03 22:22:43 +01:00
} ;
2015-04-30 18:03:08 +02:00
/**
2015-05-11 09:50:24 +02:00
* SSL / TLS configuration to be shared between mbedtls_ssl_context structures .
2015-04-30 18:03:08 +02:00
*/
2015-05-26 12:11:48 +02:00
struct mbedtls_ssl_config
2015-04-30 18:03:08 +02:00
{
/* Group items by size (largest first) to minimize padding overhead */
/*
* Pointers
*/
2015-05-07 13:35:38 +02:00
const int * ciphersuite_list [ 4 ] ; /*!< allowed ciphersuites per version */
2015-04-30 18:03:08 +02:00
/** Callback for printing debug output */
2015-06-23 16:34:24 +02:00
void ( * f_dbg ) ( void * , int , const char * , int , const char * ) ;
2015-04-30 18:03:08 +02:00
void * p_dbg ; /*!< context for the debug function */
2015-05-07 13:35:38 +02:00
/** Callback for getting (pseudo-)random numbers */
int ( * f_rng ) ( void * , unsigned char * , size_t ) ;
void * p_rng ; /*!< context for the RNG function */
2015-04-30 18:03:08 +02:00
/** Callback to retrieve a session from the cache */
int ( * f_get_cache ) ( void * , mbedtls_ssl_session * ) ;
/** Callback to store a session into the cache */
int ( * f_set_cache ) ( void * , const mbedtls_ssl_session * ) ;
2015-05-06 19:06:26 +02:00
void * p_cache ; /*!< context for cache callbacks */
2015-04-30 18:03:08 +02:00
# if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
int ( * f_sni ) ( void * , mbedtls_ssl_context * , const unsigned char * , size_t ) ;
void * p_sni ; /*!< context for SNI callback */
# endif
# if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
2015-05-11 19:54:43 +02:00
int ( * f_vrfy ) ( void * , mbedtls_x509_crt * , int , uint32_t * ) ;
2015-04-30 18:03:08 +02:00
void * p_vrfy ; /*!< context for X.509 verify calllback */
# endif
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
int ( * f_psk ) ( void * , mbedtls_ssl_context * , const unsigned char * , size_t ) ;
void * p_psk ; /*!< context for PSK callback */
# endif
2015-05-20 10:59:43 +02:00
# if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
2015-04-30 18:03:08 +02:00
/** Callback to create & write a cookie for ClientHello veirifcation */
int ( * f_cookie_write ) ( void * , unsigned char * * , unsigned char * ,
const unsigned char * , size_t ) ;
/** Callback to verify validity of a ClientHello cookie */
int ( * f_cookie_check ) ( void * , const unsigned char * , size_t ,
const unsigned char * , size_t ) ;
2015-05-07 13:35:38 +02:00
void * p_cookie ; /*!< context for the cookie callbacks */
2015-04-30 18:03:08 +02:00
# endif
2015-05-20 10:45:29 +02:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
2015-05-19 15:28:00 +02:00
/** Callback to create & write a session ticket */
int ( * f_ticket_write ) ( void * , const mbedtls_ssl_session * ,
unsigned char * , const unsigned char * , size_t * , uint32_t * ) ;
/** Callback to parse a session ticket into a session structure */
int ( * f_ticket_parse ) ( void * , mbedtls_ssl_session * , unsigned char * , size_t ) ;
void * p_ticket ; /*!< context for the ticket callbacks */
2015-05-20 10:45:29 +02:00
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
2015-05-19 15:28:00 +02:00
2015-10-02 14:33:37 +02:00
# if defined(MBEDTLS_SSL_EXPORT_KEYS)
2015-10-19 13:52:53 +02:00
/** Callback to export key block and master secret */
2015-10-02 14:33:37 +02:00
int ( * f_export_keys ) ( void * , const unsigned char * ,
const unsigned char * , size_t , size_t , size_t ) ;
2019-05-07 17:33:40 +02:00
/** Callback to export key block, master secret,
* tls_prf and random bytes . Should replace f_export_keys */
int ( * f_export_keys_ext ) ( void * , const unsigned char * ,
const unsigned char * , size_t , size_t , size_t ,
2019-05-12 13:54:30 +02:00
unsigned char [ 32 ] , unsigned char [ 32 ] , mbedtls_tls_prf_types ) ;
2015-10-02 14:33:37 +02:00
void * p_export_keys ; /*!< context for key export callback */
# endif
2015-04-30 18:03:08 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2015-06-17 12:43:26 +02:00
const mbedtls_x509_crt_profile * cert_profile ; /*!< verification profile */
2015-04-30 18:03:08 +02:00
mbedtls_ssl_key_cert * key_cert ; /*!< own certificate/key pair(s) */
mbedtls_x509_crt * ca_chain ; /*!< trusted CAs */
mbedtls_x509_crl * ca_crl ; /*!< trusted CAs CRLs */
2019-03-27 17:54:37 +01:00
# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
mbedtls_x509_crt_ca_cb_t f_ca_cb ;
void * p_ca_cb ;
# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
2015-04-30 18:03:08 +02:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2018-04-24 13:09:22 +02:00
# if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2018-01-05 21:11:53 +01:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t * f_async_sign_start ; /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t * f_async_decrypt_start ; /*!< start asynchronous decryption operation */
# endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_async_resume_t * f_async_resume ; /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t * f_async_cancel ; /*!< cancel asynchronous operation */
2018-04-26 11:46:10 +02:00
void * p_async_config_data ; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
2018-04-24 13:09:22 +02:00
# endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2018-01-05 21:11:53 +01:00
2015-10-22 17:01:15 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
2015-06-17 12:43:26 +02:00
const int * sig_hashes ; /*!< allowed signature hashes */
# endif
2015-06-17 11:43:30 +02:00
# if defined(MBEDTLS_ECP_C)
2015-05-07 13:35:38 +02:00
const mbedtls_ecp_group_id * curve_list ; /*!< allowed curves */
2015-04-30 18:03:08 +02:00
# endif
# if defined(MBEDTLS_DHM_C)
mbedtls_mpi dhm_P ; /*!< prime modulus for DHM */
mbedtls_mpi dhm_G ; /*!< generator for DHM */
# endif
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2018-10-22 16:31:03 +02:00
# if defined(MBEDTLS_USE_PSA_CRYPTO)
2019-01-08 15:36:01 +01:00
psa_key_handle_t psk_opaque ; /*!< PSA key slot holding opaque PSK.
* This field should only be set via
* mbedtls_ssl_conf_psk_opaque ( ) .
* If either no PSK or a raw PSK have
* been configured , this has value \ c 0. */
2018-10-22 16:31:03 +02:00
# endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char * psk ; /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk ( ) .
* If either no PSK or an opaque PSK
* have been configured , this has value NULL . */
size_t psk_len ; /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk ( ) .
* Its value is non - zero if and only if
* \ c psk is not \ c NULL . */
unsigned char * psk_identity ; /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk ( ) .
* This is set if and only if either
* \ c psk or \ c psk_opaque are set . */
size_t psk_identity_len ; /*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk ( ) .
* Its value is non - zero if and only if
* \ c psk is not \ c NULL or \ c psk_opaque
* is not \ c 0. */
# endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2015-04-30 18:03:08 +02:00
# if defined(MBEDTLS_SSL_ALPN)
const char * * alpn_list ; /*!< ordered list of protocols */
# endif
/*
* Numerical settings ( int then char )
*/
2015-05-04 10:55:58 +02:00
uint32_t read_timeout ; /*!< timeout for mbedtls_ssl_read (ms) */
2015-04-30 18:03:08 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min ; /*!< initial value of the handshake
2015-05-04 10:55:58 +02:00
retransmission timeout ( ms ) */
2015-04-30 18:03:08 +02:00
uint32_t hs_timeout_max ; /*!< maximum value of the handshake
2015-05-04 10:55:58 +02:00
retransmission timeout ( ms ) */
2015-04-30 18:03:08 +02:00
# endif
# if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records ; /*!< grace period for renegotiation */
unsigned char renego_period [ 8 ] ; /*!< value of the record counters
that triggers renegotiation */
# endif
# if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned int badmac_limit ; /*!< limit of records with a bad MAC */
# endif
2015-06-11 14:49:42 +02:00
# if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen ; /*!< min. bit length of the DHM prime */
# endif
2015-04-30 18:03:08 +02:00
unsigned char max_major_ver ; /*!< max. major version used */
unsigned char max_minor_ver ; /*!< max. minor version used */
unsigned char min_major_ver ; /*!< min. major version used */
unsigned char min_minor_ver ; /*!< min. minor version used */
/*
* Flags ( bitfields )
*/
unsigned int endpoint : 1 ; /*!< 0: client, 1: server */
unsigned int transport : 1 ; /*!< stream (TLS) or datagram (DTLS) */
unsigned int authmode : 2 ; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
2015-05-14 12:28:21 +02:00
# if defined(MBEDTLS_ARC4_C)
unsigned int arc4_disabled : 1 ; /*!< blacklist RC4 ciphersuites? */
# endif
2015-05-06 10:33:13 +02:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int mfl_code : 3 ; /*!< desired fragment length */
# endif
2015-04-30 18:03:08 +02:00
# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
# endif
# if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1 ; /*!< negotiate extended master secret? */
# endif
# if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1 ; /*!< detect and prevent replay? */
# endif
# if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
unsigned int cbc_record_splitting : 1 ; /*!< do cbc record splitting */
# endif
# if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int disable_renegotiation : 1 ; /*!< disable renegotiation? */
# endif
# if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
unsigned int trunc_hmac : 1 ; /*!< negotiate truncated hmac? */
# endif
# if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int session_tickets : 1 ; /*!< use session tickets? */
# endif
2015-05-06 10:27:31 +02:00
# if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
unsigned int fallback : 1 ; /*!< is this a fallback? */
# endif
2017-04-10 13:42:31 +02:00
# if defined(MBEDTLS_SSL_SRV_C)
unsigned int cert_req_ca_list : 1 ; /*!< enable sending CA list in
Certificate Request messages ? */
# endif
2015-05-26 12:11:48 +02:00
} ;
2015-04-30 18:03:08 +02:00
2015-04-08 12:49:31 +02:00
struct mbedtls_ssl_context
2009-01-03 22:22:43 +01:00
{
2015-05-10 23:27:38 +02:00
const mbedtls_ssl_config * conf ; /*!< configuration information */
2015-05-04 10:55:58 +02:00
2009-01-03 22:22:43 +01:00
/*
* Miscellaneous
*/
int state ; /*!< SSL handshake: current state */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2015-03-19 17:15:20 +01:00
int renego_status ; /*!< Initial, in progress, pending? */
2014-10-15 15:07:45 +02:00
int renego_records_seen ; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
int major_ver ; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
2009-01-03 22:22:43 +01:00
int minor_ver ; /*!< either 0 (SSL3) or 1 (TLS1.0) */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
2014-10-14 18:30:36 +02:00
unsigned badmac_seen ; /*!< records with a bad MAC received */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
2014-10-14 18:30:36 +02:00
2019-04-03 13:52:50 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int ( * f_vrfy ) ( void * , mbedtls_x509_crt * , int , uint32_t * ) ;
2019-04-04 13:49:44 +02:00
void * p_vrfy ; /*!< context for X.509 verify callback */
2019-04-03 13:52:50 +02:00
# endif
2016-03-01 18:31:49 +01:00
mbedtls_ssl_send_t * f_send ; /*!< Callback for network send */
mbedtls_ssl_recv_t * f_recv ; /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t * f_recv_timeout ;
/*!< Callback for network receive with timeout */
2014-09-17 11:34:57 +02:00
void * p_bio ; /*!< context for I/O operations */
2013-09-18 17:29:31 +02:00
2009-01-03 22:22:43 +01:00
/*
* Session layer
*/
2015-04-08 12:49:31 +02:00
mbedtls_ssl_session * session_in ; /*!< current session data (in) */
mbedtls_ssl_session * session_out ; /*!< current session data (out) */
mbedtls_ssl_session * session ; /*!< negotiated session data */
mbedtls_ssl_session * session_negotiate ; /*!< session data in negotiation */
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
mbedtls_ssl_handshake_params * handshake ; /*!< params required only during
2012-09-16 21:57:18 +02:00
the handshake process */
/*
* Record layer transformations
*/
2015-04-08 12:49:31 +02:00
mbedtls_ssl_transform * transform_in ; /*!< current transform params (in) */
mbedtls_ssl_transform * transform_out ; /*!< current transform params (in) */
mbedtls_ssl_transform * transform ; /*!< negotiated transform params */
mbedtls_ssl_transform * transform_negotiate ; /*!< transform params in negotiation */
2012-09-16 21:57:18 +02:00
2014-09-29 14:04:42 +02:00
/*
2014-10-14 20:03:35 +02:00
* Timers
2014-09-29 14:04:42 +02:00
*/
2015-05-12 20:55:41 +02:00
void * p_timer ; /*!< context for the timer callbacks */
2016-03-01 18:31:49 +01:00
mbedtls_ssl_set_timer_t * f_set_timer ; /*!< set timer callback */
mbedtls_ssl_get_timer_t * f_get_timer ; /*!< get timer callback */
2014-10-01 12:03:55 +02:00
2009-01-03 22:22:43 +01:00
/*
* Record layer ( incoming data )
*/
2014-02-13 10:54:07 +01:00
unsigned char * in_buf ; /*!< input buffer */
2014-09-24 13:56:09 +02:00
unsigned char * in_ctr ; /*!< 64-bit incoming message counter
TLS : maintained by us
DTLS : read from peer */
2014-02-13 10:54:07 +01:00
unsigned char * in_hdr ; /*!< start of record header */
unsigned char * in_len ; /*!< two-bytes message length field */
unsigned char * in_iv ; /*!< ivlen-byte IV */
2013-01-02 17:30:03 +01:00
unsigned char * in_msg ; /*!< message contents (in_iv+ivlen) */
2009-01-03 22:22:43 +01:00
unsigned char * in_offt ; /*!< read offset in application data */
int in_msgtype ; /*!< record header: message type */
2011-04-24 10:57:21 +02:00
size_t in_msglen ; /*!< record header: message length */
size_t in_left ; /*!< amount of data read so far */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
2014-09-24 13:56:09 +02:00
uint16_t in_epoch ; /*!< DTLS epoch for incoming records */
2014-09-02 13:39:16 +02:00
size_t next_record_offset ; /*!< offset of the next record in datagram
( equal to in_left if none ) */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_PROTO_DTLS */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2014-09-24 10:52:58 +02:00
uint64_t in_window_top ; /*!< last validated record seq_num */
uint64_t in_window ; /*!< bitmask for replay detection */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
2009-01-03 22:22:43 +01:00
2014-09-03 11:01:14 +02:00
size_t in_hslen ; /*!< current handshake message length,
including the handshake header */
2009-01-03 22:22:43 +01:00
int nb_zero ; /*!< # of 0-length encrypted messages */
2017-05-24 10:16:26 +02:00
int keep_current_message ; /*!< drop or reuse current message
on next call to record layer ? */
2009-01-03 22:22:43 +01:00
2018-08-14 14:22:10 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
uint8_t disable_datagram_packing ; /*!< Disable packing multiple records
* within a single datagram . */
# endif /* MBEDTLS_SSL_PROTO_DTLS */
2009-01-03 22:22:43 +01:00
/*
* Record layer ( outgoing data )
*/
2014-02-13 10:54:07 +01:00
unsigned char * out_buf ; /*!< output buffer */
2009-01-03 22:22:43 +01:00
unsigned char * out_ctr ; /*!< 64-bit outgoing message counter */
2014-02-13 10:54:07 +01:00
unsigned char * out_hdr ; /*!< start of record header */
unsigned char * out_len ; /*!< two-bytes message length field */
unsigned char * out_iv ; /*!< ivlen-byte IV */
2013-01-02 17:30:03 +01:00
unsigned char * out_msg ; /*!< message contents (out_iv+ivlen) */
2009-01-03 22:22:43 +01:00
int out_msgtype ; /*!< record header: message type */
2011-04-24 10:57:21 +02:00
size_t out_msglen ; /*!< record header: message length */
size_t out_left ; /*!< amount of data not yet written */
2009-01-03 22:22:43 +01:00
2018-08-06 10:40:20 +02:00
unsigned char cur_out_ctr [ 8 ] ; /*!< Outgoing record sequence number. */
2018-08-20 10:37:23 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
2018-08-20 11:09:26 +02:00
uint16_t mtu ; /*!< path mtu, used to fragment outgoing messages */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_PROTO_DTLS */
2018-08-20 10:37:23 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_ZLIB_SUPPORT)
2013-10-11 09:59:44 +02:00
unsigned char * compress_buf ; /*!< zlib data buffer */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_ZLIB_SUPPORT */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
2015-05-05 17:34:53 +02:00
signed char split_done ; /*!< current record already splitted? */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
2013-07-16 12:45:26 +02:00
2009-01-03 22:22:43 +01:00
/*
* PKI layer
*/
int client_auth ; /*!< flag for client auth. */
2013-04-16 18:05:29 +02:00
/*
2015-05-04 10:55:58 +02:00
* User settings
2013-04-16 18:05:29 +02:00
*/
2015-05-06 12:14:19 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
char * hostname ; /*!< expected peer CN for verification
( and SNI if available ) */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2012-09-16 21:57:18 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_ALPN)
2014-04-04 16:08:41 +02:00
const char * alpn_chosen ; /*!< negotiated protocol */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_ALPN */
2014-04-04 16:08:41 +02:00
2014-07-22 17:32:01 +02:00
/*
2014-07-23 14:56:15 +02:00
* Information for DTLS hello verify
2014-07-22 17:32:01 +02:00
*/
2015-05-20 10:59:43 +02:00
# if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
2014-07-22 17:32:01 +02:00
unsigned char * cli_id ; /*!< transport-level ID of the client */
size_t cli_id_len ; /*!< length of cli_id */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
2014-07-22 17:32:01 +02:00
2012-09-16 21:57:18 +02:00
/*
* Secure renegotiation
*/
2015-03-10 14:20:49 +01:00
/* needed to know when to send extension on server */
2012-09-16 21:57:18 +02:00
int secure_renegotiation ; /*!< does peer support legacy or
secure renegotiation */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2012-09-16 21:57:18 +02:00
size_t verify_data_len ; /*!< length of verify data stored */
2015-04-08 12:49:31 +02:00
char own_verify_data [ MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ] ; /*!< previous handshake verify data */
char peer_verify_data [ MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ] ; /*!< previous handshake verify data */
2018-08-28 11:13:29 +02:00
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2019-04-25 16:46:59 +02:00
# if defined(MBEDTLS_SSL_CID)
/* CID configuration to use in subsequent handshakes. */
/*! The next incoming CID, chosen by the user and applying to
* all subsequent handshakes . This may be different from the
* CID currently used in case the user has re - configured the CID
* after an initial handshake . */
unsigned char own_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ] ;
uint8_t own_cid_len ; /*!< The length of \c own_cid. */
uint8_t negotiate_cid ; /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not .
* Possible values are # MBEDTLS_SSL_CID_ENABLED
* and # MBEDTLS_SSL_CID_DISABLED . */
# endif /* MBEDTLS_SSL_CID */
2009-01-03 22:22:43 +01:00
} ;
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
2012-12-19 14:42:06 +01:00
2015-04-08 12:49:31 +02:00
# define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
# define MBEDTLS_SSL_CHANNEL_INBOUND 1
2012-12-19 14:42:06 +01:00
2015-04-08 12:49:31 +02:00
extern int ( * mbedtls_ssl_hw_record_init ) ( mbedtls_ssl_context * ssl ,
2012-05-08 11:17:57 +02:00
const unsigned char * key_enc , const unsigned char * key_dec ,
2012-12-19 14:42:06 +01:00
size_t keylen ,
2012-05-08 11:17:57 +02:00
const unsigned char * iv_enc , const unsigned char * iv_dec ,
2012-12-19 14:42:06 +01:00
size_t ivlen ,
const unsigned char * mac_enc , const unsigned char * mac_dec ,
size_t maclen ) ;
2015-04-08 12:49:31 +02:00
extern int ( * mbedtls_ssl_hw_record_activate ) ( mbedtls_ssl_context * ssl , int direction ) ;
extern int ( * mbedtls_ssl_hw_record_reset ) ( mbedtls_ssl_context * ssl ) ;
extern int ( * mbedtls_ssl_hw_record_write ) ( mbedtls_ssl_context * ssl ) ;
extern int ( * mbedtls_ssl_hw_record_read ) ( mbedtls_ssl_context * ssl ) ;
extern int ( * mbedtls_ssl_hw_record_finish ) ( mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
2012-05-08 11:17:57 +02:00
2011-01-16 22:27:44 +01:00
/**
2014-05-01 14:18:25 +02:00
* \ brief Return the name of the ciphersuite associated with the
* given ID
2011-01-16 22:27:44 +01:00
*
2011-01-27 18:40:50 +01:00
* \ param ciphersuite_id SSL ciphersuite ID
2011-01-16 22:27:44 +01:00
*
2011-01-27 18:40:50 +01:00
* \ return a string containing the ciphersuite name
2011-01-16 22:27:44 +01:00
*/
2015-04-08 12:49:31 +02:00
const char * mbedtls_ssl_get_ciphersuite_name ( const int ciphersuite_id ) ;
2011-01-27 18:40:50 +01:00
/**
2014-05-01 14:18:25 +02:00
* \ brief Return the ID of the ciphersuite associated with the
* given name
2011-01-27 18:40:50 +01:00
*
* \ param ciphersuite_name SSL ciphersuite name
*
* \ return the ID with the ciphersuite or 0 if not found
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_get_ciphersuite_id ( const char * ciphersuite_name ) ;
2011-01-16 22:27:44 +01:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Initialize an SSL context
2015-09-25 04:27:22 +02:00
* Just makes the context ready for mbedtls_ssl_setup ( ) or
2015-04-29 00:48:22 +02:00
* mbedtls_ssl_free ( )
*
* \ param ssl SSL context
*/
void mbedtls_ssl_init ( mbedtls_ssl_context * ssl ) ;
/**
* \ brief Set up an SSL context for use
2009-01-03 22:22:43 +01:00
*
2015-05-11 11:25:46 +02:00
* \ note No copy of the configuration context is made , it can be
2015-05-14 13:55:51 +02:00
* shared by many mbedtls_ssl_context structures .
2015-05-11 11:25:46 +02:00
*
2017-05-26 11:59:29 +02:00
* \ warning The conf structure will be accessed during the session .
* It must not be modified or freed as long as the session
* is active .
*
* \ warning This function must be called exactly once per context .
* Calling mbedtls_ssl_setup again is not supported , even
* if no session is active .
2015-05-11 11:25:46 +02:00
*
2009-01-03 22:22:43 +01:00
* \ param ssl SSL context
2015-05-04 14:56:36 +02:00
* \ param conf SSL configuration to use
2009-01-03 22:22:43 +01:00
*
2015-05-28 09:33:39 +02:00
* \ return 0 if successful , or MBEDTLS_ERR_SSL_ALLOC_FAILED if
2011-12-10 22:55:01 +01:00
* memory allocation failed
2009-01-03 22:22:43 +01:00
*/
2015-05-04 14:56:36 +02:00
int mbedtls_ssl_setup ( mbedtls_ssl_context * ssl ,
2015-05-10 23:27:38 +02:00
const mbedtls_ssl_config * conf ) ;
2009-01-03 22:22:43 +01:00
2011-10-06 14:37:39 +02:00
/**
* \ brief Reset an already initialized SSL context for re - use
* while retaining application - set variables , function
* pointers and data .
*
* \ param ssl SSL context
2016-05-02 11:06:47 +02:00
* \ return 0 if successful , or MBEDTLS_ERR_SSL_ALLOC_FAILED ,
2015-04-08 12:49:31 +02:00
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
* MBEDTLS_ERR_SSL_COMPRESSION_FAILED
2011-10-06 14:37:39 +02:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_session_reset ( mbedtls_ssl_context * ssl ) ;
2011-10-06 14:37:39 +02:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the current endpoint type
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
2009-01-03 22:22:43 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_endpoint ( mbedtls_ssl_config * conf , int endpoint ) ;
2009-01-03 22:22:43 +01:00
2014-02-06 13:04:16 +01:00
/**
2014-09-17 10:47:43 +02:00
* \ brief Set the transport type ( TLS or DTLS ) .
* Default : TLS
2014-02-06 13:04:16 +01:00
*
2015-05-11 10:11:56 +02:00
* \ note For DTLS , you must either provide a recv callback that
* doesn ' t block , or one that handles timeouts , see
2015-05-13 10:21:19 +02:00
* \ c mbedtls_ssl_set_bio ( ) . You also need to provide timer
* callbacks with \ c mbedtls_ssl_set_timer_cb ( ) .
2015-05-11 10:11:56 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2014-02-06 13:04:16 +01:00
* \ param transport transport type :
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS ,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS .
2014-02-06 13:04:16 +01:00
*/
2015-05-11 10:11:56 +02:00
void mbedtls_ssl_conf_transport ( mbedtls_ssl_config * conf , int transport ) ;
2014-02-06 13:04:16 +01:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the certificate verification mode
2015-05-05 10:45:39 +02:00
* Default : NONE on server , REQUIRED on client
2009-01-03 22:22:43 +01:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2011-01-06 13:28:03 +01:00
* \ param authmode can be :
2009-01-03 22:22:43 +01:00
*
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_VERIFY_NONE : peer certificate is not checked
2015-03-27 17:52:25 +01:00
* ( default on server )
* ( insecure on client )
2009-01-03 22:22:43 +01:00
*
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_VERIFY_OPTIONAL : peer certificate is checked , however the
2009-01-03 22:22:43 +01:00
* handshake continues even if verification failed ;
2015-04-08 12:49:31 +02:00
* mbedtls_ssl_get_verify_result ( ) can be called after the
2009-01-03 22:22:43 +01:00
* handshake is complete .
*
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_VERIFY_REQUIRED : peer * must * present a valid certificate ,
2009-01-03 22:22:43 +01:00
* handshake is aborted if verification failed .
2016-06-17 16:40:41 +02:00
* ( default on client )
2014-03-11 10:50:48 +01:00
*
2015-04-08 12:49:31 +02:00
* \ note On client , MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode .
* With MBEDTLS_SSL_VERIFY_OPTIONAL , the user needs to call mbedtls_ssl_get_verify_result ( ) at
2014-03-11 10:50:48 +01:00
* the right time ( s ) , which may not be obvious , while REQUIRED always perform
* the verification as soon as possible . For example , REQUIRED was protecting
* against the " triple handshake " attack even before it was found .
2009-01-03 22:22:43 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_authmode ( mbedtls_ssl_config * conf , int authmode ) ;
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2011-01-13 18:54:59 +01:00
/**
* \ brief Set the verification callback ( Optional ) .
*
2019-04-03 13:52:21 +02:00
* If set , the provided verify callback is called for each
* certificate in the peer ' s CRT chain , including the trusted
* root . For more information , please see the documentation of
* \ c mbedtls_x509_crt_verify ( ) .
2011-01-13 18:54:59 +01:00
*
2019-04-03 13:52:21 +02:00
* \ note For per context callbacks and contexts , please use
* mbedtls_ssl_set_verify ( ) instead .
*
* \ param conf The SSL configuration to use .
* \ param f_vrfy The verification callback to use during CRT verification .
* \ param p_vrfy The opaque context to be passed to the callback .
2011-01-13 18:54:59 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_verify ( mbedtls_ssl_config * conf ,
2015-05-11 19:54:43 +02:00
int ( * f_vrfy ) ( void * , mbedtls_x509_crt * , int , uint32_t * ) ,
2011-01-13 18:54:59 +01:00
void * p_vrfy ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2011-01-13 18:54:59 +01:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the random number generator callback
*
2015-05-07 13:35:38 +02:00
* \ param conf SSL configuration
2009-01-03 22:22:43 +01:00
* \ param f_rng RNG function
* \ param p_rng RNG parameter
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_rng ( mbedtls_ssl_config * conf ,
2011-11-27 22:07:34 +01:00
int ( * f_rng ) ( void * , unsigned char * , size_t ) ,
2009-01-03 22:22:43 +01:00
void * p_rng ) ;
/**
* \ brief Set the debug callback
*
2015-06-23 16:34:24 +02:00
* The callback has the following argument :
* void * opaque context for the callback
* int debug level
* const char * file name
* int line number
* const char * message
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2009-01-03 22:22:43 +01:00
* \ param f_dbg debug function
* \ param p_dbg debug parameter
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_dbg ( mbedtls_ssl_config * conf ,
2015-06-23 16:34:24 +02:00
void ( * f_dbg ) ( void * , int , const char * , int , const char * ) ,
2009-01-03 22:22:43 +01:00
void * p_dbg ) ;
2014-09-17 10:47:43 +02:00
/**
* \ brief Set the underlying BIO callbacks for write , read and
* read - with - timeout .
*
* \ param ssl SSL context
* \ param p_bio parameter ( context ) shared by BIO callbacks
* \ param f_send write callback
* \ param f_recv read callback
2015-05-06 17:19:31 +02:00
* \ param f_recv_timeout blocking read callback with timeout .
2014-09-17 10:47:43 +02:00
*
2015-05-13 10:21:19 +02:00
* \ note One of f_recv or f_recv_timeout can be NULL , in which case
* the other is used . If both are non - NULL , f_recv_timeout is
* used and f_recv is ignored ( as if it were NULL ) .
2014-09-17 10:47:43 +02:00
*
2015-05-13 10:21:19 +02:00
* \ note The two most common use cases are :
* - non - blocking I / O , f_recv ! = NULL , f_recv_timeout = = NULL
* - blocking I / O , f_recv = = NULL , f_recv_timout ! = NULL
*
* \ note For DTLS , you need to provide either a non - NULL
* f_recv_timeout callback , or a f_recv that doesn ' t block .
2016-02-22 09:33:52 +01:00
*
* \ note See the documentations of \ c mbedtls_ssl_sent_t ,
* \ c mbedtls_ssl_recv_t and \ c mbedtls_ssl_recv_timeout_t for
2016-03-09 21:19:21 +01:00
* the conventions those callbacks must follow .
2016-02-22 09:33:52 +01:00
*
2016-09-14 15:32:09 +02:00
* \ note On some platforms , net_sockets . c provides
* \ c mbedtls_net_send ( ) , \ c mbedtls_net_recv ( ) and
* \ c mbedtls_net_recv_timeout ( ) that are suitable to be used
* here .
2014-09-17 10:47:43 +02:00
*/
2015-05-06 16:54:23 +02:00
void mbedtls_ssl_set_bio ( mbedtls_ssl_context * ssl ,
2016-02-22 09:33:52 +01:00
void * p_bio ,
mbedtls_ssl_send_t * f_send ,
mbedtls_ssl_recv_t * f_recv ,
mbedtls_ssl_recv_timeout_t * f_recv_timeout ) ;
2015-05-06 16:38:52 +02:00
2018-08-20 10:37:23 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
2019-04-09 16:12:56 +02:00
# if defined(MBEDTLS_SSL_CID)
/**
2019-04-23 13:01:20 +02:00
* \ brief ( STUB ) Configure the use of the Connection ID ( CID )
* extension in the next handshake .
2019-04-09 16:12:56 +02:00
*
* Reference :
* https : //tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
*
* The DTLS CID extension allows to reliably associate
* DTLS records to DTLS connections across changes in the
* underlying transport ( changed IP + Port metadata ) by adding
* explicit connection identifiers ( CIDs ) to the headers of
* encrypted DTLS records . The desired CIDs are configured
* by the application layer and are exchanged in new
* ` ClientHello ` / ` ServerHello ` extensions during the
* handshake , where each side indicates the CID it wants the
* peer to use when writing encrypted messages . The CIDs are
* put to use once records get encrypted : the stack discards
* any incoming records that don ' t include the configured CID
* in their header , and adds the peer ' s requested CID to the
* headers of outgoing messages .
*
* This API allows to enable / disable the use of the CID
* extension in the next handshake and to set the value of
* the CID to be used for incoming messages .
*
2019-04-23 13:01:20 +02:00
* \ warning The current implementation of this API does nothing !
* It is included solely to allow review and coding against
* the new Connection CID API .
* The actual implementation will be added in the future .
*
2019-04-09 16:12:56 +02:00
* \ param ssl The SSL context to configure . This must be initialized .
* \ param enable This value determines whether the CID extension should
* be used or not . Possible values are :
* - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID .
2019-04-23 12:37:38 +02:00
* - MBEDTLS_SSL_CID_DISABLED ( default ) to disable the use
* of the CID .
2019-04-09 16:12:56 +02:00
* \ param own_cid The address of the readable buffer holding the CID we want
* the peer to use when sending encrypted messages to us .
* This may be \ c NULL if \ p own_cid_len is \ c 0.
* This parameter is unused if \ p enabled is set to
* MBEDTLS_SSL_CID_DISABLED .
* \ param own_cid_len The length of \ p own_cid .
* This parameter is unused if \ p enabled is set to
* MBEDTLS_SSL_CID_DISABLED .
*
2019-04-23 12:38:47 +02:00
* \ note This CID configuration applies to subsequent handshakes
2019-04-09 16:12:56 +02:00
* performed on the SSL context \ p ssl , but does not trigger
* one . You still have to call ` mbedtls_ssl_handshake ( ) `
* ( for the initial handshake ) or ` mbedtls_ssl_renegotiate ( ) `
* ( for a renegotiation handshake ) explicitly after a
* successful call to this function to run the handshake .
*
* \ note This call cannot guarantee that the use of the CID
* will be successfully negotiated in the next handshake ,
* because the peer might not support it . Specifically :
* - On the Client , enabling the use of the CID through
* this call implies that the ` ClientHello ` in the next
* handshake will include the CID extension , thereby
* offering the use of the CID to the server . Only if
* the ` ServerHello ` contains the CID extension , too ,
* the CID extension will actually be put to use .
* - On the Server , enabling the use of the CID through
* this call implies that that the server will look for
* the CID extension in a ` ClientHello ` from the client ,
* and , if present , reply with a CID extension in its
* ` ServerHello ` .
*
* \ note To check whether the use of the CID was negotiated
* after the subsequent handshake has completed , please
* use the API mbedtls_ssl_get_peer_cid ( ) .
*
* \ warning If the use of the CID extension is enabled in this call
* and the subsequent handshake negotiates its use , Mbed TLS
* will silently drop every packet whose CID does not match
* the CID configured in \ p own_cid . It is the responsibility
* of the user to adapt the underlying transport to take care
* of CID - based demultiplexing before handing datagrams to
* Mbed TLS .
*
* \ return \ c 0 on success . In this case , the CID configuration
* applies to the next handshake .
* \ return A negative error code on failure .
*/
int mbedtls_ssl_set_cid ( mbedtls_ssl_context * ssl ,
int enable ,
unsigned char const * own_cid ,
size_t own_cid_len ) ;
/**
2019-04-23 13:01:20 +02:00
* \ brief ( STUB ) Get information about the current use of the
2019-04-09 16:12:56 +02:00
* CID extension .
*
2019-04-23 13:01:20 +02:00
* \ warning The current implementation of this API does nothing
* except setting ` * enabled ` to MBEDTLS_SSL_CID_DISABLED !
* It is included solely to allow review and coding against
* the new Connection CID API .
* The actual implementation will be added in the future .
*
2019-04-09 16:12:56 +02:00
* \ param ssl The SSL context to query .
* \ param enabled The address at which to store whether the CID extension
* is currently in use or not . If the CID is in use ,
* ` * enabled ` is set to MBEDTLS_SSL_CID_ENABLED ;
* otherwise , it is set to MBEDTLS_SSL_CID_DISABLED .
* \ param peer_cid The address of the buffer in which to store the CID
* chosen by the peer ( if the CID extension is used ) .
* \ param peer_cid_len The address at which to store the size of the CID
* chosen by the peer ( if the CID extension is used ) .
* This is also the number of Bytes in \ p peer_cid that
* have been written .
*
* \ note This applies to the state of the CID negotiated in
* the last complete handshake . If a handshake is in
* progress , this function will attempt to complete
* the handshake first .
*
2019-05-03 13:54:52 +02:00
* \ note If CID extensions have been exchanged but both client
* and server chose to use an empty CID , this function
* sets ` * enabled ` to # MBEDTLS_SSL_CID_DISABLED
* ( the rationale for this is that the resulting
* communication is the same as if the CID extensions
* hadn ' t been used ) .
*
2019-04-09 16:12:56 +02:00
* \ return \ c 0 on success .
* \ return A negative error code on failure .
*/
int mbedtls_ssl_get_peer_cid ( mbedtls_ssl_context * ssl ,
int * enabled ,
unsigned char peer_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ] ,
size_t * peer_cid_len ) ;
# endif /* MBEDTLS_SSL_CID */
2018-08-20 10:37:23 +02:00
/**
* \ brief Set the Maximum Tranport Unit ( MTU ) .
* Special value : 0 means unset ( no limit ) .
* This represents the maximum size of a datagram payload
* handled by the transport layer ( usually UDP ) as determined
* by the network link and stack . In practice , this controls
* the maximum size datagram the DTLS layer will pass to the
* \ c f_send ( ) callback set using \ c mbedtls_ssl_set_bio ( ) .
*
2018-08-21 11:55:40 +02:00
* \ note The limit on datagram size is converted to a limit on
* record payload by subtracting the current overhead of
* encapsulation and encryption / authentication if any .
*
2018-08-20 10:37:23 +02:00
* \ note This can be called at any point during the connection , for
2018-08-28 11:29:17 +02:00
* example when a Path Maximum Transfer Unit ( PMTU )
* estimate becomes available from other sources ,
* such as lower ( or higher ) protocol layers .
2018-08-20 10:37:23 +02:00
*
2018-08-21 09:53:22 +02:00
* \ note This setting only controls the size of the packets we send ,
* and does not restrict the size of the datagrams we ' re
2018-08-22 10:24:31 +02:00
* willing to receive . Client - side , you can request the
2018-08-21 09:53:22 +02:00
* server to use smaller records with \ c
* mbedtls_ssl_conf_max_frag_len ( ) .
2018-08-20 10:37:23 +02:00
*
* \ note If both a MTU and a maximum fragment length have been
2018-08-20 11:16:40 +02:00
* configured ( or negotiated with the peer ) , the resulting
2018-08-21 11:55:40 +02:00
* lower limit on record payload ( see first note ) is used .
2018-08-20 10:37:23 +02:00
*
2018-08-20 11:16:40 +02:00
* \ note This can only be used to decrease the maximum size
2018-08-21 11:55:40 +02:00
* of datagrams ( hence records , see first note ) sent . It
* cannot be used to increase the maximum size of records over
* the limit set by # MBEDTLS_SSL_OUT_CONTENT_LEN .
2018-08-20 11:16:40 +02:00
*
* \ note Values lower than the current record layer expansion will
* result in an error when trying to send data .
*
* \ note Using record compression together with a non - zero MTU value
* will result in an error when trying to send data .
2018-08-20 10:37:23 +02:00
*
* \ param ssl SSL context
* \ param mtu Value of the path MTU in bytes
*/
void mbedtls_ssl_set_mtu ( mbedtls_ssl_context * ssl , uint16_t mtu ) ;
# endif /* MBEDTLS_SSL_PROTO_DTLS */
2019-04-03 13:52:35 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \ brief Set a connection - specific verification callback ( optional ) .
*
* If set , the provided verify callback is called for each
* certificate in the peer ' s CRT chain , including the trusted
* root . For more information , please see the documentation of
* \ c mbedtls_x509_crt_verify ( ) .
*
* \ note This call is analogous to mbedtls_ssl_conf_verify ( ) but
* binds the verification callback and context to an SSL context
* as opposed to an SSL configuration .
* If mbedtls_ssl_conf_verify ( ) and mbedtls_ssl_set_verify ( )
* are both used , mbedtls_ssl_set_verify ( ) takes precedence .
*
2019-04-03 14:43:15 +02:00
* \ param ssl The SSL context to use .
2019-04-03 13:52:35 +02:00
* \ param f_vrfy The verification callback to use during CRT verification .
* \ param p_vrfy The opaque context to be passed to the callback .
*/
void mbedtls_ssl_set_verify ( mbedtls_ssl_context * ssl ,
int ( * f_vrfy ) ( void * , mbedtls_x509_crt * , int , uint32_t * ) ,
void * p_vrfy ) ;
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2015-05-06 16:38:52 +02:00
/**
* \ brief Set the timeout period for mbedtls_ssl_read ( )
* ( Default : no timeout . )
*
* \ param conf SSL configuration context
* \ param timeout Timeout value in milliseconds .
* Use 0 for no timeout ( default ) .
*
* \ note With blocking I / O , this will only work if a non - NULL
2015-05-06 16:54:23 +02:00
* \ c f_recv_timeout was set with \ c mbedtls_ssl_set_bio ( ) .
2015-05-13 10:21:19 +02:00
* With non - blocking I / O , this will only work if timer
* callbacks were set with \ c mbedtls_ssl_set_timer_cb ( ) .
*
* \ note With non - blocking I / O , you may also skip this function
* altogether and handle timeouts at the application layer .
2015-05-06 16:38:52 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_read_timeout ( mbedtls_ssl_config * conf , uint32_t timeout ) ;
2014-09-17 10:47:43 +02:00
2016-02-22 09:33:52 +01:00
/**
* \ brief Set the timer callbacks ( Mandatory for DTLS . )
2015-05-12 20:55:41 +02:00
*
* \ param ssl SSL context
2016-02-22 09:33:52 +01:00
* \ param p_timer parameter ( context ) shared by timer callbacks
2015-05-12 20:55:41 +02:00
* \ param f_set_timer set timer callback
* \ param f_get_timer get timer callback . Must return :
2016-02-22 09:33:52 +01:00
*
* \ note See the documentation of \ c mbedtls_ssl_set_timer_t and
* \ c mbedtls_ssl_get_timer_t for the conventions this pair of
2017-01-09 10:07:46 +01:00
* callbacks must follow .
2016-02-22 09:33:52 +01:00
*
* \ note On some platforms , timing . c provides
* \ c mbedtls_timing_set_delay ( ) and
* \ c mbedtls_timing_get_delay ( ) that are suitable for using
* here , except if using an event - driven style .
*
* \ note See also the " DTLS tutorial " article in our knowledge base .
2016-02-22 17:42:51 +01:00
* https : //tls.mbed.org/kb/how-to/dtls-tutorial
2015-05-12 20:55:41 +02:00
*/
void mbedtls_ssl_set_timer_cb ( mbedtls_ssl_context * ssl ,
void * p_timer ,
2016-02-22 09:33:52 +01:00
mbedtls_ssl_set_timer_t * f_set_timer ,
mbedtls_ssl_get_timer_t * f_get_timer ) ;
2015-05-12 20:55:41 +02:00
2015-05-19 15:28:00 +02:00
/**
* \ brief Callback type : generate and write session ticket
*
* \ note This describes what a callback implementation should do .
2016-06-17 16:40:41 +02:00
* This callback should generate an encrypted and
2015-05-19 15:28:00 +02:00
* authenticated ticket for the session and write it to the
* output buffer . Here , ticket means the opaque ticket part
* of the NewSessionTicket structure of RFC 5077.
*
* \ param p_ticket Context for the callback
2016-06-17 16:40:41 +02:00
* \ param session SSL session to be written in the ticket
* \ param start Start of the output buffer
2015-05-19 15:28:00 +02:00
* \ param end End of the output buffer
* \ param tlen On exit , holds the length written
* \ param lifetime On exit , holds the lifetime of the ticket in seconds
*
* \ return 0 if successful , or
* a specific MBEDTLS_ERR_XXX code .
*/
typedef int mbedtls_ssl_ticket_write_t ( void * p_ticket ,
const mbedtls_ssl_session * session ,
unsigned char * start ,
const unsigned char * end ,
size_t * tlen ,
uint32_t * lifetime ) ;
2015-10-02 14:33:37 +02:00
# if defined(MBEDTLS_SSL_EXPORT_KEYS)
/**
2015-10-19 13:52:53 +02:00
* \ brief Callback type : Export key block and master secret
2015-10-02 14:33:37 +02:00
*
* \ note This is required for certain uses of TLS , e . g . EAP - TLS
2015-10-19 13:52:53 +02:00
* ( RFC 5216 ) and Thread . The key pointers are ephemeral and
* therefore must not be stored . The master secret and keys
* should not be used directly except as an input to a key
* derivation function .
2015-10-02 14:33:37 +02:00
*
* \ param p_expkey Context for the callback
2015-10-19 13:52:53 +02:00
* \ param ms Pointer to master secret ( fixed length : 48 bytes )
* \ param kb Pointer to key block , see RFC 5246 section 6.3
* ( variable length : 2 * maclen + 2 * keylen + 2 * ivlen ) .
2015-10-02 14:33:37 +02:00
* \ param maclen MAC length
* \ param keylen Key length
* \ param ivlen IV length
*
* \ return 0 if successful , or
* a specific MBEDTLS_ERR_XXX code .
*/
typedef int mbedtls_ssl_export_keys_t ( void * p_expkey ,
2015-10-19 13:52:53 +02:00
const unsigned char * ms ,
2015-10-02 14:33:37 +02:00
const unsigned char * kb ,
size_t maclen ,
size_t keylen ,
size_t ivlen ) ;
2019-05-07 17:33:40 +02:00
/**
* \ brief Callback type : Export key block , master secret ,
* handshake randbytes and the tls_prf function
* used to derive keys .
*
* \ note This is required for certain uses of TLS , e . g . EAP - TLS
* ( RFC 5216 ) and Thread . The key pointers are ephemeral and
* therefore must not be stored . The master secret and keys
* should not be used directly except as an input to a key
* derivation function .
*
* \ param p_expkey Context for the callback .
* \ param ms Pointer to master secret ( fixed length : 48 bytes ) .
* \ param kb Pointer to key block , see RFC 5246 section 6.3 .
* ( variable length : 2 * maclen + 2 * keylen + 2 * ivlen ) .
* \ param maclen MAC length .
* \ param keylen Key length .
* \ param ivlen IV length .
* \ param client_random The client random bytes .
* \ param server_random The server random bytes .
2019-05-12 13:54:30 +02:00
* \ param tls_prf_type The tls_prf enum type .
2019-05-07 17:33:40 +02:00
*
* \ return 0 if successful , or
* a specific MBEDTLS_ERR_XXX code .
*/
typedef int mbedtls_ssl_export_keys_ext_t ( void * p_expkey ,
const unsigned char * ms ,
const unsigned char * kb ,
size_t maclen ,
size_t keylen ,
size_t ivlen ,
unsigned char client_random [ 32 ] ,
2019-05-12 13:54:30 +02:00
unsigned char server_random [ 32 ] ,
mbedtls_tls_prf_types tls_prf_type ) ;
2015-10-02 14:33:37 +02:00
# endif /* MBEDTLS_SSL_EXPORT_KEYS */
2015-10-19 13:52:53 +02:00
2015-05-19 15:28:00 +02:00
/**
* \ brief Callback type : parse and load session ticket
*
* \ note This describes what a callback implementation should do .
* This callback should parse a session ticket as generated
* by the corresponding mbedtls_ssl_ticket_write_t function ,
* and , if the ticket is authentic and valid , load the
* session .
*
* \ note The implementation is allowed to modify the first len
2015-05-20 10:45:29 +02:00
* bytes of the input buffer , eg to use it as a temporary
* area for the decrypted ticket contents .
2015-05-19 15:28:00 +02:00
*
* \ param p_ticket Context for the callback
* \ param session SSL session to be loaded
* \ param buf Start of the buffer containing the ticket
* \ param len Length of the ticket .
*
* \ return 0 if successful , or
* MBEDTLS_ERR_SSL_INVALID_MAC if not authentic , or
* MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired , or
* any other non - zero code for other failures .
*/
typedef int mbedtls_ssl_ticket_parse_t ( void * p_ticket ,
mbedtls_ssl_session * session ,
unsigned char * buf ,
size_t len ) ;
2015-05-20 10:45:29 +02:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
2015-05-19 15:28:00 +02:00
/**
2015-05-20 10:45:29 +02:00
* \ brief Configure SSL session ticket callbacks ( server only ) .
* ( Default : none . )
*
* \ note On server , session tickets are enabled by providing
* non - NULL callbacks .
*
2015-06-11 13:29:15 +02:00
* \ note On client , use \ c mbedtls_ssl_conf_session_tickets ( ) .
2015-05-19 15:28:00 +02:00
*
* \ param conf SSL configuration context
* \ param f_ticket_write Callback for writing a ticket
* \ param f_ticket_parse Callback for parsing a ticket
* \ param p_ticket Context shared by the two callbacks
*/
void mbedtls_ssl_conf_session_tickets_cb ( mbedtls_ssl_config * conf ,
mbedtls_ssl_ticket_write_t * f_ticket_write ,
mbedtls_ssl_ticket_parse_t * f_ticket_parse ,
void * p_ticket ) ;
2015-05-20 10:45:29 +02:00
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
2015-05-19 15:28:00 +02:00
2015-10-02 14:33:37 +02:00
# if defined(MBEDTLS_SSL_EXPORT_KEYS)
/**
* \ brief Configure key export callback .
* ( Default : none . )
*
2015-10-19 13:52:53 +02:00
* \ note See \ c mbedtls_ssl_export_keys_t .
2015-10-02 14:33:37 +02:00
*
* \ param conf SSL configuration context
* \ param f_export_keys Callback for exporting keys
2015-10-19 13:52:53 +02:00
* \ param p_export_keys Context for the callback
2015-10-02 14:33:37 +02:00
*/
void mbedtls_ssl_conf_export_keys_cb ( mbedtls_ssl_config * conf ,
mbedtls_ssl_export_keys_t * f_export_keys ,
void * p_export_keys ) ;
2019-05-07 17:33:40 +02:00
/**
* \ brief Configure extended key export callback .
* ( Default : none . )
*
* \ note See \ c mbedtls_ssl_export_keys_ext_t .
*
* \ param conf SSL configuration context
* \ param f_export_keys_ext Callback for exporting keys
* \ param p_export_keys Context for the callback
*/
void mbedtls_ssl_conf_export_keys_ext_cb ( mbedtls_ssl_config * conf ,
mbedtls_ssl_export_keys_ext_t * f_export_keys_ext ,
void * p_export_keys ) ;
2015-10-02 14:33:37 +02:00
# endif /* MBEDTLS_SSL_EXPORT_KEYS */
2018-04-24 13:09:22 +02:00
# if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2018-01-05 21:11:53 +01:00
/**
* \ brief Configure asynchronous private key operation callbacks .
*
* \ param conf SSL configuration context
* \ param f_async_sign Callback to start a signature operation . See
2018-04-26 07:28:44 +02:00
* the description of : : mbedtls_ssl_async_sign_t
* for more information . This may be \ c NULL if the
2018-04-24 13:05:39 +02:00
* external processor does not support any signature
2018-01-05 21:11:53 +01:00
* operation ; in this case the private key object
* associated with the certificate will be used .
* \ param f_async_decrypt Callback to start a decryption operation . See
2018-04-26 07:28:44 +02:00
* the description of : : mbedtls_ssl_async_decrypt_t
* for more information . This may be \ c NULL if the
2018-04-24 13:05:39 +02:00
* external processor does not support any decryption
2018-01-05 21:11:53 +01:00
* operation ; in this case the private key object
* associated with the certificate will be used .
* \ param f_async_resume Callback to resume an asynchronous operation . See
2018-04-26 07:28:44 +02:00
* the description of : : mbedtls_ssl_async_resume_t
2018-04-26 00:19:16 +02:00
* for more information . This may not be \ c NULL unless
* \ p f_async_sign and \ p f_async_decrypt are both
* \ c NULL .
2018-01-05 21:11:53 +01:00
* \ param f_async_cancel Callback to cancel an asynchronous operation . See
2018-04-26 07:28:44 +02:00
* the description of : : mbedtls_ssl_async_cancel_t
2018-04-26 00:19:16 +02:00
* for more information . This may be \ c NULL if
* no cleanup is needed .
2018-04-26 11:46:10 +02:00
* \ param config_data A pointer to configuration data which can be
* retrieved with
* mbedtls_ssl_conf_get_async_config_data ( ) . The
* library stores this value without dereferencing it .
2018-01-05 21:11:53 +01:00
*/
void mbedtls_ssl_conf_async_private_cb ( mbedtls_ssl_config * conf ,
mbedtls_ssl_async_sign_t * f_async_sign ,
mbedtls_ssl_async_decrypt_t * f_async_decrypt ,
mbedtls_ssl_async_resume_t * f_async_resume ,
mbedtls_ssl_async_cancel_t * f_async_cancel ,
2018-04-25 20:39:48 +02:00
void * config_data ) ;
2018-04-26 11:46:10 +02:00
/**
* \ brief Retrieve the configuration data set by
* mbedtls_ssl_conf_async_private_cb ( ) .
*
* \ param conf SSL configuration context
* \ return The configuration data set by
* mbedtls_ssl_conf_async_private_cb ( ) .
*/
void * mbedtls_ssl_conf_get_async_config_data ( const mbedtls_ssl_config * conf ) ;
2018-04-25 20:39:48 +02:00
/**
* \ brief Retrieve the asynchronous operation user context .
*
* \ note This function may only be called while a handshake
* is in progress .
*
* \ param ssl The SSL context to access .
*
* \ return The asynchronous operation user context that was last
2018-04-30 11:54:39 +02:00
* set during the current handshake . If
* mbedtls_ssl_set_async_operation_data ( ) has not yet been
* called during the current handshake , this function returns
* \ c NULL .
2018-04-25 20:39:48 +02:00
*/
2018-04-30 11:54:39 +02:00
void * mbedtls_ssl_get_async_operation_data ( const mbedtls_ssl_context * ssl ) ;
2018-04-25 20:39:48 +02:00
/**
* \ brief Retrieve the asynchronous operation user context .
*
* \ note This function may only be called while a handshake
* is in progress .
*
* \ param ssl The SSL context to access .
* \ param ctx The new value of the asynchronous operation user context .
2018-04-30 11:54:39 +02:00
* Call mbedtls_ssl_get_async_operation_data ( ) later during the
* same handshake to retrieve this value .
2018-04-25 20:39:48 +02:00
*/
2018-04-30 11:54:39 +02:00
void mbedtls_ssl_set_async_operation_data ( mbedtls_ssl_context * ssl ,
2018-04-25 20:39:48 +02:00
void * ctx ) ;
2018-04-24 13:09:22 +02:00
# endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2018-01-05 21:11:53 +01:00
2014-07-23 14:56:15 +02:00
/**
* \ brief Callback type : generate a cookie
*
* \ param ctx Context for the callback
* \ param p Buffer to write to ,
* must be updated to point right after the cookie
* \ param end Pointer to one past the end of the output buffer
* \ param info Client ID info that was passed to
2015-04-08 12:49:31 +02:00
* \ c mbedtls_ssl_set_client_transport_id ( )
2014-07-23 14:56:15 +02:00
* \ param ilen Length of info in bytes
*
* \ return The callback must return 0 on success ,
* or a negative error code .
*/
2015-04-08 12:49:31 +02:00
typedef int mbedtls_ssl_cookie_write_t ( void * ctx ,
2014-07-23 14:56:15 +02:00
unsigned char * * p , unsigned char * end ,
const unsigned char * info , size_t ilen ) ;
/**
* \ brief Callback type : verify a cookie
*
* \ param ctx Context for the callback
* \ param cookie Cookie to verify
* \ param clen Length of cookie
* \ param info Client ID info that was passed to
2015-04-08 12:49:31 +02:00
* \ c mbedtls_ssl_set_client_transport_id ( )
2014-07-23 14:56:15 +02:00
* \ param ilen Length of info in bytes
*
* \ return The callback must return 0 if cookie is valid ,
* or a negative error code .
*/
2015-04-08 12:49:31 +02:00
typedef int mbedtls_ssl_cookie_check_t ( void * ctx ,
2014-07-23 14:56:15 +02:00
const unsigned char * cookie , size_t clen ,
const unsigned char * info , size_t ilen ) ;
2015-05-20 10:59:43 +02:00
# if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
2014-07-23 14:56:15 +02:00
/**
* \ brief Register callbacks for DTLS cookies
* ( Server only . DTLS only . )
*
2015-05-28 15:24:25 +02:00
* Default : dummy callbacks that fail , in order to force you to
2014-07-23 17:52:09 +02:00
* register working callbacks ( and initialize their context ) .
*
* To disable HelloVerifyRequest , register NULL callbacks .
*
* \ warning Disabling hello verification allows your server to be used
* for amplification in DoS attacks against other hosts .
* Only disable if you known this can ' t happen in your
* particular environment .
*
2015-05-28 15:24:25 +02:00
* \ note See comments on \ c mbedtls_ssl_handshake ( ) about handling
* the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
* on the first handshake attempt when this is enabled .
*
2015-09-08 15:36:09 +02:00
* \ note This is also necessary to handle client reconnection from
* the same port as described in RFC 6347 section 4.2 .8 ( only
* the variant with cookies is supported currently ) . See
* comments on \ c mbedtls_ssl_read ( ) for details .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2014-07-23 14:56:15 +02:00
* \ param f_cookie_write Cookie write callback
* \ param f_cookie_check Cookie check callback
* \ param p_cookie Context for both callbacks
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_dtls_cookies ( mbedtls_ssl_config * conf ,
2015-04-08 12:49:31 +02:00
mbedtls_ssl_cookie_write_t * f_cookie_write ,
mbedtls_ssl_cookie_check_t * f_cookie_check ,
2014-07-23 14:56:15 +02:00
void * p_cookie ) ;
2015-05-20 10:59:43 +02:00
/**
* \ brief Set client ' s transport - level identification info .
* ( Server only . DTLS only . )
*
* This is usually the IP address ( and port ) , but could be
* anything identify the client depending on the underlying
* network stack . Used for HelloVerifyRequest with DTLS .
* This is * not * used to route the actual packets .
*
* \ param ssl SSL context
* \ param info Transport - level info identifying the client ( eg IP + port )
* \ param ilen Length of info in bytes
*
* \ note An internal copy is made , so the info buffer can be reused .
*
* \ return 0 on success ,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client ,
2015-05-28 09:33:39 +02:00
* MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory .
2015-05-20 10:59:43 +02:00
*/
int mbedtls_ssl_set_client_transport_id ( mbedtls_ssl_context * ssl ,
const unsigned char * info ,
size_t ilen ) ;
# endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
2014-07-22 17:32:01 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2014-09-24 14:41:11 +02:00
/**
* \ brief Enable or disable anti - replay protection for DTLS .
* ( DTLS only , no effect on TLS . )
2014-10-13 18:15:52 +02:00
* Default : enabled .
2014-09-24 14:41:11 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED .
2014-10-13 18:15:52 +02:00
*
* \ warning Disabling this is a security risk unless the application
* protocol handles duplicated packets in a safe way . You
* should not disable this without careful consideration .
* However , if your application already detects duplicated
* packets and needs information about them to adjust its
* transmission strategy , then you ' ll want to disable this .
2014-09-24 14:41:11 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_dtls_anti_replay ( mbedtls_ssl_config * conf , char mode ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
2014-09-24 14:41:11 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
2014-10-14 18:30:36 +02:00
/**
* \ brief Set a limit on the number of records with a bad MAC
* before terminating the connection .
* ( DTLS only , no effect on TLS . )
* Default : 0 ( disabled ) .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2014-10-14 18:30:36 +02:00
* \ param limit Limit , or 0 to disable .
*
* \ note If the limit is N , then the connection is terminated when
* the Nth non - authentic record is seen .
*
* \ note Records with an invalid header are not counted , only the
* ones going through the authentication - decryption phase .
*
* \ note This is a security trade - off related to the fact that it ' s
* often relatively easy for an active attacker ot inject UDP
* datagrams . On one hand , setting a low limit here makes it
* easier for such an attacker to forcibly terminated a
* connection . On the other hand , a high limit or no limit
* might make us waste resources checking authentication on
* many bogus packets .
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_dtls_badmac_limit ( mbedtls_ssl_config * conf , unsigned limit ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
2014-10-14 18:30:36 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
2018-08-14 14:22:10 +02:00
/**
* \ brief Allow or disallow packing of multiple handshake records
* within a single datagram .
*
* \ param ssl The SSL context to configure .
* \ param allow_packing This determines whether datagram packing may
* be used or not . A value of \ c 0 means that every
* record will be sent in a separate datagram ; a
* value of \ c 1 means that , if space permits ,
* multiple handshake messages ( including CCS ) belonging to
* a single flight may be packed within a single datagram .
*
* \ note This is enabled by default and should only be disabled
* for test purposes , or if datagram packing causes
* interoperability issues with peers that don ' t support it .
*
* \ note Allowing datagram packing reduces the network load since
* there ' s less overhead if multiple messages share the same
* datagram . Also , it increases the handshake efficiency
* since messages belonging to a single datagram will not
* be reordered in transit , and so future message buffering
* or flight retransmission ( if no buffering is used ) as
* means to deal with reordering are needed less frequently .
*
2018-08-24 12:28:35 +02:00
* \ note Application records are not affected by this option and
2018-08-14 14:22:10 +02:00
* are currently always sent in separate datagrams .
*
*/
2018-08-24 12:13:57 +02:00
void mbedtls_ssl_set_datagram_packing ( mbedtls_ssl_context * ssl ,
unsigned allow_packing ) ;
2018-08-14 14:22:10 +02:00
2014-10-01 12:03:55 +02:00
/**
2016-06-17 16:40:41 +02:00
* \ brief Set retransmit timeout values for the DTLS handshake .
2014-10-01 12:03:55 +02:00
* ( DTLS only , no effect on TLS . )
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2014-10-01 12:03:55 +02:00
* \ param min Initial timeout value in milliseconds .
* Default : 1000 ( 1 second ) .
* \ param max Maximum timeout value in milliseconds .
* Default : 60000 ( 60 seconds ) .
*
* \ note Default values are from RFC 6347 section 4.2 .4 .1 .
*
2016-01-29 16:05:55 +01:00
* \ note The ' min ' value should typically be slightly above the
* expected round - trip time to your peer , plus whatever time
* it takes for the peer to process the message . For example ,
* if your RTT is about 600 ms and you peer needs up to 1 s to
* do the cryptographic operations in the handshake , then you
* should set ' min ' slightly above 1600. Lower values of ' min '
* might cause spurious resends which waste network resources ,
* while larger value of ' min ' will increase overall latency
* on unreliable network links .
*
* \ note The more unreliable your network connection is , the larger
* your max / min ratio needs to be in order to achieve
* reliable handshakes .
*
* \ note Messages are retransmitted up to log2 ( ceil ( max / min ) ) times .
* For example , if min = 1 s and max = 5 s , the retransmit plan
* goes : send . . . 1 s - > resend . . . 2 s - > resend . . . 4 s - >
* resend . . . 5 s - > give up and return a timeout error .
2014-10-01 12:03:55 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_handshake_timeout ( mbedtls_ssl_config * conf , uint32_t min , uint32_t max ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_PROTO_DTLS */
2014-09-24 14:41:11 +02:00
2015-05-06 15:53:09 +02:00
# if defined(MBEDTLS_SSL_SRV_C)
2009-01-03 22:22:43 +01:00
/**
2012-09-25 23:55:46 +02:00
* \ brief Set the session cache callbacks ( server - side only )
2014-11-20 18:29:41 +01:00
* If not set , no session resuming is done ( except if session
* tickets are enabled too ) .
2009-01-03 22:22:43 +01:00
*
2012-09-25 23:55:46 +02:00
* The session cache has the responsibility to check for stale
* entries based on timeout . See RFC 5246 for recommendations .
*
* Warning : session . peer_cert is cleared by the SSL / TLS layer on
* connection shutdown , so do not cache the pointer ! Either set
* it to NULL or make a full copy of the certificate .
*
* The get callback is called once during the initial handshake
* to enable session resuming . The get function has the
2015-04-08 12:49:31 +02:00
* following parameters : ( void * parameter , mbedtls_ssl_session * session )
2012-09-25 23:55:46 +02:00
* If a valid entry is found , it should fill the master of
* the session object with the cached values and return 0 ,
* return 1 otherwise . Optionally peer_cert can be set as well
* if it is properly present in cache entry .
*
* The set callback is called once during the initial handshake
* to enable session resuming after the entire handshake has
* been finished . The set function has the following parameters :
2015-04-08 12:49:31 +02:00
* ( void * parameter , const mbedtls_ssl_session * session ) . The function
2012-09-25 23:55:46 +02:00
* should create a cache entry for future retrieval based on
* the data in the session structure and should keep in mind
2015-04-08 12:49:31 +02:00
* that the mbedtls_ssl_session object presented ( and all its referenced
2012-09-25 23:55:46 +02:00
* data ) is cleared by the SSL / TLS layer when the connection is
* terminated . It is recommended to add metadata to determine if
* an entry is still valid in the future . Return 0 if
2012-11-02 11:59:36 +01:00
* successfully cached , return 1 otherwise .
2012-09-25 23:55:46 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-05-06 19:06:26 +02:00
* \ param p_cache parmater ( context ) for both callbacks
2012-09-25 23:55:46 +02:00
* \ param f_get_cache session get callback
* \ param f_set_cache session set callback
2009-01-03 22:22:43 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_session_cache ( mbedtls_ssl_config * conf ,
2015-05-06 19:06:26 +02:00
void * p_cache ,
int ( * f_get_cache ) ( void * , mbedtls_ssl_session * ) ,
int ( * f_set_cache ) ( void * , const mbedtls_ssl_session * ) ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_SRV_C */
2009-01-03 22:22:43 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_CLI_C)
2009-01-03 22:22:43 +01:00
/**
2012-09-25 23:55:46 +02:00
* \ brief Request resumption of session ( client - side only )
* Session data is copied from presented session structure .
*
2009-01-03 22:22:43 +01:00
* \ param ssl SSL context
* \ param session session context
2013-07-30 12:41:56 +02:00
*
2013-08-02 15:34:52 +02:00
* \ return 0 if successful ,
2015-05-28 09:33:39 +02:00
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed ,
2015-04-08 12:49:31 +02:00
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server - side or
2013-08-02 15:34:52 +02:00
* arguments are otherwise invalid
*
2015-04-08 12:49:31 +02:00
* \ sa mbedtls_ssl_get_session ( )
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_set_session ( mbedtls_ssl_context * ssl , const mbedtls_ssl_session * session ) ;
# endif /* MBEDTLS_SSL_CLI_C */
2009-01-03 22:22:43 +01:00
/**
2014-01-14 14:08:13 +01:00
* \ brief Set the list of allowed ciphersuites and the preference
* order . First in the list has the highest preference .
2016-06-17 16:40:41 +02:00
* ( Overrides all version - specific lists )
2009-01-03 22:22:43 +01:00
*
2015-05-12 12:56:41 +02:00
* The ciphersuites array is not copied , and must remain
* valid for the lifetime of the ssl_config .
*
2015-01-22 17:11:05 +01:00
* Note : The server uses its own preferences
* over the preference of the client unless
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined !
2014-01-14 14:08:13 +01:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2011-01-27 18:40:50 +01:00
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
2009-01-03 22:22:43 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_ciphersuites ( mbedtls_ssl_config * conf ,
2015-05-05 10:45:39 +02:00
const int * ciphersuites ) ;
2009-01-03 22:22:43 +01:00
2013-04-15 15:09:54 +02:00
/**
2014-01-14 14:08:13 +01:00
* \ brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol .
2013-04-15 15:09:54 +02:00
* ( Only useful on the server side )
*
2015-05-12 12:56:41 +02:00
* The ciphersuites array is not copied , and must remain
* valid for the lifetime of the ssl_config .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2013-04-15 15:09:54 +02:00
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
2015-04-08 12:49:31 +02:00
* \ param major Major version number ( only MBEDTLS_SSL_MAJOR_VERSION_3
2013-04-15 15:09:54 +02:00
* supported )
2015-04-08 12:49:31 +02:00
* \ param minor Minor version number ( MBEDTLS_SSL_MINOR_VERSION_0 ,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2 ,
* MBEDTLS_SSL_MINOR_VERSION_3 supported )
2014-02-10 13:43:33 +01:00
*
2015-04-08 12:49:31 +02:00
* \ note With DTLS , use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
2013-04-15 15:09:54 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_ciphersuites_for_version ( mbedtls_ssl_config * conf ,
2013-04-15 15:09:54 +02:00
const int * ciphersuites ,
int major , int minor ) ;
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2015-06-17 10:58:20 +02:00
/**
* \ brief Set the X .509 security profile used for verification
*
2015-10-23 14:08:48 +02:00
* \ note The restrictions are enforced for all certificates in the
* chain . However , signatures in the handshake are not covered
* by this setting but by \ b mbedtls_ssl_conf_sig_hashes ( ) .
*
2015-06-17 10:58:20 +02:00
* \ param conf SSL configuration
* \ param profile Profile to use
*/
void mbedtls_ssl_conf_cert_profile ( mbedtls_ssl_config * conf ,
2015-09-08 17:53:18 +02:00
const mbedtls_x509_crt_profile * profile ) ;
2015-06-17 10:58:20 +02:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the data required to verify peer certificate
*
2017-08-21 10:57:57 +02:00
* \ note See \ c mbedtls_x509_crt_verify ( ) for notes regarding the
2017-06-21 09:35:44 +02:00
* parameters ca_chain ( maps to trust_ca for that function )
* and ca_crl .
*
2015-05-06 12:14:19 +02:00
* \ param conf SSL configuration
2012-11-20 10:30:55 +01:00
* \ param ca_chain trusted CA chain ( meaning all fully trusted top - level CAs )
2009-05-03 12:18:48 +02:00
* \ param ca_crl trusted CA CRLs
2009-01-03 22:22:43 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_ca_chain ( mbedtls_ssl_config * conf ,
2015-05-06 12:14:19 +02:00
mbedtls_x509_crt * ca_chain ,
mbedtls_x509_crl * ca_crl ) ;
2009-01-03 22:22:43 +01:00
2019-03-27 12:01:30 +01:00
# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
* \ brief Set the trusted certificate callback .
*
* This API allows to register the set of trusted certificates
* through a callback , instead of a linked list as configured
* by mbedtls_ssl_conf_ca_chain ( ) .
*
* This is useful for example in contexts where a large number
* of CAs are used , and the inefficiency of maintaining them
* in a linked list cannot be tolerated . It is also useful when
* the set of trusted CAs needs to be modified frequently .
*
* See the documentation of ` mbedtls_x509_crt_ca_cb_t ` for
* more information .
*
* \ param conf The SSL configuration to register the callback with .
* \ param f_ca_cb The trusted certificate callback to use when verifying
* certificate chains .
* \ param p_ca_cb The context to be passed to \ p f_ca_cb ( for example ,
* a reference to a trusted CA database ) .
*
* \ note This API is incompatible with mbedtls_ssl_conf_ca_chain ( ) :
* Any call to this function overwrites the values set through
* earlier calls to mbedtls_ssl_conf_ca_chain ( ) or
* mbedtls_ssl_conf_ca_cb ( ) .
*
* \ note This API is incompatible with CA indication in
* CertificateRequest messages : A server - side SSL context which
* is bound to an SSL configuration that uses a CA callback
* configured via mbedtls_ssl_conf_ca_cb ( ) , and which requires
* client authentication , will send an empty CA list in the
* corresponding CertificateRequest message .
*
* \ note This API is incompatible with mbedtls_ssl_set_hs_ca_chain ( ) :
* If an SSL context is bound to an SSL configuration which uses
* CA callbacks configured via mbedtls_ssl_conf_ca_cb ( ) , then
* calls to mbedtls_ssl_set_hs_ca_chain ( ) have no effect .
*
* \ note The use of this API disables the use of restartable ECC
* during X .509 CRT signature verification ( but doesn ' t affect
* other uses ) .
*
* \ warning This API is incompatible with the use of CRLs . Any call to
* mbedtls_ssl_conf_ca_cb ( ) unsets CRLs configured through
* earlier calls to mbedtls_ssl_conf_ca_chain ( ) .
*
* \ warning In multi - threaded environments , the callback \ p f_ca_cb
* must be thread - safe , and it is the user ' s responsibility
2019-04-05 15:52:17 +02:00
* to guarantee this ( for example through a mutex
2019-03-27 12:01:30 +01:00
* contained in the callback context pointed to by \ p p_ca_cb ) .
*/
void mbedtls_ssl_conf_ca_cb ( mbedtls_ssl_config * conf ,
mbedtls_x509_crt_ca_cb_t f_ca_cb ,
void * p_ca_cb ) ;
# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
2009-01-03 22:22:43 +01:00
/**
2012-11-20 10:30:55 +01:00
* \ brief Set own certificate chain and private key
*
2013-09-23 14:46:13 +02:00
* \ note own_cert should contain in order from the bottom up your
* certificate chain . The top certificate ( self - signed )
2012-11-20 10:30:55 +01:00
* can be omitted .
2009-01-03 22:22:43 +01:00
*
2015-05-11 08:46:37 +02:00
* \ note On server , this function can be called multiple times to
* provision more than one cert / key pair ( eg one ECDSA , one
* RSA with SHA - 256 , one RSA with SHA - 1 ) . An adequate
* certificate will be selected according to the client ' s
2019-01-23 15:24:37 +01:00
* advertised capabilities . In case multiple certificates are
2015-05-11 08:46:37 +02:00
* adequate , preference is given to the one set by the first
* call to this function , then second , etc .
*
2016-02-24 15:13:22 +01:00
* \ note On client , only the first call has any effect . That is ,
* only one client certificate can be provisioned . The
* server ' s preferences in its CertficateRequest message will
* be ignored and our only cert will be sent regardless of
* whether it matches those preferences - the server can then
* decide what it wants to do with it .
2013-09-23 14:46:13 +02:00
*
2019-01-31 14:20:20 +01:00
* \ note The provided \ p pk_key needs to match the public key in the
* first certificate in \ p own_cert , or all handshakes using
* that certificate will fail . It is your responsibility
* to ensure that ; this function will not perform any check .
* You may use mbedtls_pk_check_pair ( ) in order to perform
* this check yourself , but be aware that this function can
* be computationally expensive on some key types .
*
2015-05-10 23:17:17 +02:00
* \ param conf SSL configuration
2012-11-20 10:30:55 +01:00
* \ param own_cert own public certificate chain
2013-08-19 14:10:16 +02:00
* \ param pk_key own private key
2013-09-23 14:46:13 +02:00
*
2015-05-28 09:33:39 +02:00
* \ return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
2009-01-03 22:22:43 +01:00
*/
2015-05-11 09:50:24 +02:00
int mbedtls_ssl_conf_own_cert ( mbedtls_ssl_config * conf ,
2015-05-10 21:13:36 +02:00
mbedtls_x509_crt * own_cert ,
mbedtls_pk_context * pk_key ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2011-01-18 16:27:19 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2013-04-16 18:05:29 +02:00
/**
2018-10-22 16:28:02 +02:00
* \ brief Configure a pre - shared key ( PSK ) and identity
* to be used in PSK - based ciphersuites .
2015-05-07 16:59:54 +02:00
*
* \ note This is mainly useful for clients . Servers will usually
2015-05-11 09:50:24 +02:00
* want to use \ c mbedtls_ssl_conf_psk_cb ( ) instead .
2013-04-16 18:05:29 +02:00
*
2018-10-22 16:28:02 +02:00
* \ warning Currently , clients can only register a single pre - shared key .
2018-11-15 14:18:25 +01:00
* Calling this function or mbedtls_ssl_conf_psk_opaque ( ) more
2018-10-22 16:28:02 +02:00
* than once will overwrite values configured in previous calls .
2016-03-01 14:16:57 +01:00
* Support for setting multiple PSKs on clients and selecting
2018-10-22 16:28:02 +02:00
* one based on the identity hint is not a planned feature ,
* but feedback is welcomed .
2016-02-22 11:10:14 +01:00
*
2018-10-22 16:28:02 +02:00
* \ param conf The SSL configuration to register the PSK with .
* \ param psk The pointer to the pre - shared key to use .
* \ param psk_len The length of the pre - shared key in bytes .
* \ param psk_identity The pointer to the pre - shared key identity .
* \ param psk_identity_len The length of the pre - shared key identity
* in bytes .
*
* \ note The PSK and its identity are copied internally and
* hence need not be preserved by the caller for the lifetime
* of the SSL configuration .
2013-09-18 17:29:31 +02:00
*
2018-10-22 16:28:02 +02:00
* \ return \ c 0 if successful .
* \ return An \ c MBEDTLS_ERR_SSL_XXX error code on failure .
2013-04-16 18:05:29 +02:00
*/
2015-05-11 09:50:24 +02:00
int mbedtls_ssl_conf_psk ( mbedtls_ssl_config * conf ,
2015-05-07 16:59:54 +02:00
const unsigned char * psk , size_t psk_len ,
const unsigned char * psk_identity , size_t psk_identity_len ) ;
2018-10-22 16:28:02 +02:00
# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \ brief Configure an opaque pre - shared key ( PSK ) and identity
* to be used in PSK - based ciphersuites .
*
* \ note This is mainly useful for clients . Servers will usually
* want to use \ c mbedtls_ssl_conf_psk_cb ( ) instead .
*
* \ warning Currently , clients can only register a single pre - shared key .
* Calling this function or mbedtls_ssl_conf_psk ( ) more than
* once will overwrite values configured in previous calls .
* Support for setting multiple PSKs on clients and selecting
* one based on the identity hint is not a planned feature ,
* but feedback is welcomed .
*
* \ param conf The SSL configuration to register the PSK with .
* \ param psk The identifier of the key slot holding the PSK .
* Until \ p conf is destroyed or this function is successfully
2018-11-05 13:44:15 +01:00
* called again , the key slot \ p psk must be populated with a
2019-01-22 12:29:45 +01:00
* key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy
2018-11-05 13:44:15 +01:00
* allows its use for the key derivation algorithm applied
* in the handshake .
2018-10-22 16:28:02 +02:00
* \ param psk_identity The pointer to the pre - shared key identity .
* \ param psk_identity_len The length of the pre - shared key identity
* in bytes .
*
* \ note The PSK identity hint is copied internally and hence need
* not be preserved by the caller for the lifetime of the
* SSL configuration .
*
* \ return \ c 0 if successful .
* \ return An \ c MBEDTLS_ERR_SSL_XXX error code on failure .
*/
int mbedtls_ssl_conf_psk_opaque ( mbedtls_ssl_config * conf ,
2019-01-08 15:36:01 +01:00
psa_key_handle_t psk ,
2018-10-22 16:28:02 +02:00
const unsigned char * psk_identity ,
size_t psk_identity_len ) ;
# endif /* MBEDTLS_USE_PSA_CRYPTO */
2013-09-18 17:29:31 +02:00
/**
2018-10-22 16:28:02 +02:00
* \ brief Set the pre - shared Key ( PSK ) for the current handshake .
2015-05-07 16:59:54 +02:00
*
* \ note This should only be called inside the PSK callback ,
2018-10-22 16:28:02 +02:00
* i . e . the function passed to \ c mbedtls_ssl_conf_psk_cb ( ) .
2015-05-07 16:59:54 +02:00
*
2018-10-22 16:28:02 +02:00
* \ param ssl The SSL context to configure a PSK for .
* \ param psk The pointer to the pre - shared key .
* \ param psk_len The length of the pre - shared key in bytes .
2015-05-07 16:59:54 +02:00
*
2018-10-22 16:28:02 +02:00
* \ return \ c 0 if successful .
* \ return An \ c MBEDTLS_ERR_SSL_XXX error code on failure .
2015-05-07 16:59:54 +02:00
*/
int mbedtls_ssl_set_hs_psk ( mbedtls_ssl_context * ssl ,
const unsigned char * psk , size_t psk_len ) ;
2018-10-22 16:28:02 +02:00
# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \ brief Set an opaque pre - shared Key ( PSK ) for the current handshake .
*
* \ note This should only be called inside the PSK callback ,
* i . e . the function passed to \ c mbedtls_ssl_conf_psk_cb ( ) .
*
* \ param ssl The SSL context to configure a PSK for .
* \ param psk The identifier of the key slot holding the PSK .
* For the duration of the current handshake , the key slot
* must be populated with a key of type
2019-01-22 12:29:45 +01:00
* PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
2018-10-22 16:28:02 +02:00
* use for the key derivation algorithm
* applied in the handshake .
*
* \ return \ c 0 if successful .
* \ return An \ c MBEDTLS_ERR_SSL_XXX error code on failure .
*/
int mbedtls_ssl_set_hs_psk_opaque ( mbedtls_ssl_context * ssl ,
2019-01-08 15:36:01 +01:00
psa_key_handle_t psk ) ;
2018-10-22 16:28:02 +02:00
# endif /* MBEDTLS_USE_PSA_CRYPTO */
2015-05-07 16:59:54 +02:00
/**
* \ brief Set the PSK callback ( server - side only ) .
2013-09-18 17:29:31 +02:00
*
* If set , the PSK callback is called for each
2018-10-22 16:28:02 +02:00
* handshake where a PSK - based ciphersuite was negotiated .
2014-02-25 13:08:08 +01:00
* The caller provides the identity received and wants to
2013-09-18 17:29:31 +02:00
* receive the actual PSK data and length .
*
2018-10-22 16:28:02 +02:00
* The callback has the following parameters :
* - \ c void * : The opaque pointer \ p p_psk .
* - \ c mbedtls_ssl_context * : The SSL context to which
* the operation applies .
* - \ c const unsigned char * : The PSK identity
* selected by the client .
* - \ c size_t : The length of the PSK identity
* selected by the client .
*
2013-09-18 17:29:31 +02:00
* If a valid PSK identity is found , the callback should use
2018-10-22 16:28:02 +02:00
* \ c mbedtls_ssl_set_hs_psk ( ) or
* \ c mbedtls_ssl_set_hs_psk_opaque ( )
* on the SSL context to set the correct PSK and return \ c 0.
2013-09-18 17:29:31 +02:00
* Any other return value will result in a denied PSK identity .
*
2015-05-07 16:59:54 +02:00
* \ note If you set a PSK callback using this function , then you
* don ' t need to set a PSK key and identity using
2015-05-11 09:50:24 +02:00
* \ c mbedtls_ssl_conf_psk ( ) .
2015-05-07 16:59:54 +02:00
*
2018-10-22 16:28:02 +02:00
* \ param conf The SSL configuration to register the callback with .
* \ param f_psk The callback for selecting and setting the PSK based
* in the PSK identity chosen by the client .
* \ param p_psk A pointer to an opaque structure to be passed to
* the callback , for example a PSK store .
2013-09-18 17:29:31 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_psk_cb ( mbedtls_ssl_config * conf ,
2015-04-08 12:49:31 +02:00
int ( * f_psk ) ( void * , mbedtls_ssl_context * , const unsigned char * ,
2013-09-18 17:29:31 +02:00
size_t ) ,
void * p_psk ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2013-04-16 18:05:29 +02:00
2015-05-06 18:33:07 +02:00
# if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
2017-10-04 16:28:46 +02:00
# if !defined(MBEDTLS_DEPRECATED_REMOVED)
# if defined(MBEDTLS_DEPRECATED_WARNING)
# define MBEDTLS_DEPRECATED __attribute__((deprecated))
# else
# define MBEDTLS_DEPRECATED
# endif
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read as hexadecimal strings ( server - side only )
2017-10-04 14:32:12 +02:00
* ( Default values : MBEDTLS_DHM_RFC3526_MODP_2048_ [ PG ] )
2009-01-03 22:22:43 +01:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2009-01-03 22:22:43 +01:00
* \ param dhm_P Diffie - Hellman - Merkle modulus
* \ param dhm_G Diffie - Hellman - Merkle generator
*
2017-10-04 16:28:46 +02:00
* \ deprecated Superseded by \ c mbedtls_ssl_conf_dh_param_bin .
*
2009-01-03 22:22:43 +01:00
* \ return 0 if successful
*/
2017-10-04 16:28:46 +02:00
MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param ( mbedtls_ssl_config * conf ,
const char * dhm_P ,
const char * dhm_G ) ;
2009-01-03 22:22:43 +01:00
2017-10-04 16:28:46 +02:00
# endif /* MBEDTLS_DEPRECATED_REMOVED */
2017-10-04 16:29:08 +02:00
/**
* \ brief Set the Diffie - Hellman public P and G values
* from big - endian binary presentations .
* ( Default values : MBEDTLS_DHM_RFC3526_MODP_2048_ [ PG ] _BIN )
*
* \ param conf SSL configuration
* \ param dhm_P Diffie - Hellman - Merkle modulus in big - endian binary form
* \ param P_len Length of DHM modulus
* \ param dhm_G Diffie - Hellman - Merkle generator in big - endian binary form
* \ param G_len Length of DHM generator
*
2009-01-03 22:22:43 +01:00
* \ return 0 if successful
*/
2017-10-04 16:29:08 +02:00
int mbedtls_ssl_conf_dh_param_bin ( mbedtls_ssl_config * conf ,
const unsigned char * dhm_P , size_t P_len ,
const unsigned char * dhm_G , size_t G_len ) ;
2009-01-03 22:22:43 +01:00
2011-01-06 16:48:19 +01:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read from existing context ( server - side only )
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2011-01-06 16:48:19 +01:00
* \ param dhm_ctx Diffie - Hellman - Merkle context
*
* \ return 0 if successful
*/
2015-05-11 09:50:24 +02:00
int mbedtls_ssl_conf_dh_param_ctx ( mbedtls_ssl_config * conf , mbedtls_dhm_context * dhm_ctx ) ;
2015-05-20 10:35:51 +02:00
# endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
2011-01-06 16:48:19 +01:00
2015-06-11 14:49:42 +02:00
# if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
/**
* \ brief Set the minimum length for Diffie - Hellman parameters .
* ( Client - side only . )
* ( Default : 1024 bits . )
*
* \ param conf SSL configuration
* \ param bitlen Minimum bit length of the DHM prime
*/
void mbedtls_ssl_conf_dhm_min_bitlen ( mbedtls_ssl_config * conf ,
unsigned int bitlen ) ;
# endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
2015-06-17 11:43:30 +02:00
# if defined(MBEDTLS_ECP_C)
2014-01-19 21:48:42 +01:00
/**
2014-02-04 15:14:13 +01:00
* \ brief Set the allowed curves in order of preference .
2014-02-03 15:56:49 +01:00
* ( Default : all defined curves . )
2014-01-19 21:48:42 +01:00
*
2014-02-04 15:14:13 +01:00
* On server : this only affects selection of the ECDHE curve ;
* the curves used for ECDH and ECDSA are determined by the
* list of available certificates instead .
*
* On client : this affects the list of curves offered for any
2014-02-04 16:18:07 +01:00
* use . The server can override our preference order .
*
2015-10-23 14:08:48 +02:00
* Both sides : limits the set of curves accepted for use in
* ECDHE and in the peer ' s end - entity certificate .
2015-06-17 11:49:39 +02:00
*
2015-10-23 14:08:48 +02:00
* \ note This has no influence on which curves are allowed inside the
2015-06-17 11:49:39 +02:00
* certificate chains , see \ c mbedtls_ssl_conf_cert_profile ( )
2015-10-23 14:08:48 +02:00
* for that . For the end - entity certificate however , the key
* will be accepted only if it is allowed both by this list
* and by the cert profile .
2014-01-19 21:48:42 +01:00
*
2015-06-17 12:43:26 +02:00
* \ note This list should be ordered by decreasing preference
* ( preferred curve first ) .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2014-02-04 15:14:13 +01:00
* \ param curves Ordered list of allowed curves ,
2015-04-08 12:49:31 +02:00
* terminated by MBEDTLS_ECP_DP_NONE .
2014-01-19 21:48:42 +01:00
*/
2015-06-17 12:43:26 +02:00
void mbedtls_ssl_conf_curves ( mbedtls_ssl_config * conf ,
const mbedtls_ecp_group_id * curves ) ;
2015-06-17 11:43:30 +02:00
# endif /* MBEDTLS_ECP_C */
2014-01-19 21:48:42 +01:00
2015-10-22 17:01:15 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
2015-06-17 12:43:26 +02:00
/**
* \ brief Set the allowed hashes for signatures during the handshake .
2015-12-04 15:02:56 +01:00
* ( Default : all available hashes except MD5 . )
2015-06-17 12:43:26 +02:00
*
* \ note This only affects which hashes are offered and can be used
* for signatures during the handshake . Hashes for message
* authentication and the TLS PRF are controlled by the
* ciphersuite , see \ c mbedtls_ssl_conf_ciphersuites ( ) . Hashes
* used for certificate signature are controlled by the
* verification profile , see \ c mbedtls_ssl_conf_cert_profile ( ) .
*
* \ note This list should be ordered by decreasing preference
* ( preferred hash first ) .
*
* \ param conf SSL configuration
* \ param hashes Ordered list of allowed signature hashes ,
* terminated by \ c MBEDTLS_MD_NONE .
*/
void mbedtls_ssl_conf_sig_hashes ( mbedtls_ssl_config * conf ,
const int * hashes ) ;
2015-10-22 17:01:15 +02:00
# endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
2015-06-17 12:43:26 +02:00
2015-05-06 12:14:19 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2009-01-03 22:22:43 +01:00
/**
2018-03-13 16:22:58 +01:00
* \ brief Set or reset the hostname to check against the received
* server certificate . It sets the ServerName TLS extension ,
2017-04-07 13:59:32 +02:00
* too , if that extension is enabled . ( client - side only )
2013-09-18 17:29:31 +02:00
*
2009-01-03 22:22:43 +01:00
* \ param ssl SSL context
2017-04-07 13:59:32 +02:00
* \ param hostname the server hostname , may be NULL to clear hostname
2018-03-13 16:22:58 +01:00
2017-04-07 13:59:32 +02:00
* \ note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN .
2009-01-03 22:22:43 +01:00
*
2018-03-13 16:22:58 +01:00
* \ return 0 if successful , MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure , MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
2017-04-07 13:59:32 +02:00
* too long input hostname .
*
2017-04-07 14:02:16 +02:00
* Hostname set to the one provided on success ( cleared
2018-03-13 16:22:58 +01:00
* when NULL ) . On allocation failure hostname is cleared .
2017-04-07 13:59:32 +02:00
* On too long input failure , old hostname is unchanged .
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_set_hostname ( mbedtls_ssl_context * ssl , const char * hostname ) ;
2015-05-06 12:14:19 +02:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2009-01-03 22:22:43 +01:00
2015-05-06 12:14:19 +02:00
# if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
2015-05-10 23:10:37 +02:00
/**
* \ brief Set own certificate and key for the current handshake
*
2015-05-11 09:50:24 +02:00
* \ note Same as \ c mbedtls_ssl_conf_own_cert ( ) but for use within
2015-05-10 23:10:37 +02:00
* the SNI callback .
*
* \ param ssl SSL context
* \ param own_cert own public certificate chain
* \ param pk_key own private key
*
2015-05-28 09:33:39 +02:00
* \ return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
2015-05-10 23:10:37 +02:00
*/
int mbedtls_ssl_set_hs_own_cert ( mbedtls_ssl_context * ssl ,
mbedtls_x509_crt * own_cert ,
mbedtls_pk_context * pk_key ) ;
2015-05-11 08:46:37 +02:00
/**
* \ brief Set the data required to verify peer certificate for the
* current handshake
*
2015-05-11 09:50:24 +02:00
* \ note Same as \ c mbedtls_ssl_conf_ca_chain ( ) but for use within
2015-05-11 08:46:37 +02:00
* the SNI callback .
*
* \ param ssl SSL context
* \ param ca_chain trusted CA chain ( meaning all fully trusted top - level CAs )
* \ param ca_crl trusted CA CRLs
*/
void mbedtls_ssl_set_hs_ca_chain ( mbedtls_ssl_context * ssl ,
mbedtls_x509_crt * ca_chain ,
mbedtls_x509_crl * ca_crl ) ;
2015-06-19 12:16:31 +02:00
/**
* \ brief Set authmode for the current handshake .
*
* \ note Same as \ c mbedtls_ssl_conf_authmode ( ) but for use within
* the SNI callback .
*
* \ param ssl SSL context
* \ param authmode MBEDTLS_SSL_VERIFY_NONE , MBEDTLS_SSL_VERIFY_OPTIONAL or
* MBEDTLS_SSL_VERIFY_REQUIRED
*/
void mbedtls_ssl_set_hs_authmode ( mbedtls_ssl_context * ssl ,
int authmode ) ;
2012-09-27 23:49:42 +02:00
/**
* \ brief Set server side ServerName TLS extension callback
* ( optional , server - side only ) .
*
* If set , the ServerName callback is called whenever the
* server receives a ServerName TLS extension from the client
* during a handshake . The ServerName callback has the
2015-04-08 12:49:31 +02:00
* following parameters : ( void * parameter , mbedtls_ssl_context * ssl ,
2012-09-27 23:49:42 +02:00
* const unsigned char * hostname , size_t len ) . If a suitable
2015-06-19 12:16:31 +02:00
* certificate is found , the callback must set the
2015-05-11 08:46:37 +02:00
* certificate ( s ) and key ( s ) to use with \ c
* mbedtls_ssl_set_hs_own_cert ( ) ( can be called repeatedly ) ,
2015-06-19 12:16:31 +02:00
* and may optionally adjust the CA and associated CRL with \ c
* mbedtls_ssl_set_hs_ca_chain ( ) as well as the client
* authentication mode with \ c mbedtls_ssl_set_hs_authmode ( ) ,
* then must return 0. If no matching name is found , the
* callback must either set a default cert , or
* return non - zero to abort the handshake at this point .
2012-09-27 23:49:42 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2012-09-27 23:49:42 +02:00
* \ param f_sni verification function
* \ param p_sni verification parameter
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_sni ( mbedtls_ssl_config * conf ,
2015-04-08 12:49:31 +02:00
int ( * f_sni ) ( void * , mbedtls_ssl_context * , const unsigned char * ,
2012-09-27 23:49:42 +02:00
size_t ) ,
void * p_sni ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
2012-09-27 23:49:42 +02:00
2015-09-16 10:05:04 +02:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2015-09-15 12:43:43 +02:00
/**
* \ brief Set the EC J - PAKE password for current handshake .
*
* \ note An internal copy is made , and destroyed as soon as the
* handshake is completed , or when the SSL context is reset or
* freed .
*
* \ note The SSL context needs to be already set up . The right place
* to call this function is between \ c mbedtls_ssl_setup ( ) or
* \ c mbedtls_ssl_reset ( ) and \ c mbedtls_ssl_handshake ( ) .
*
* \ param ssl SSL context
* \ param pw EC J - PAKE password ( pre - shared secret )
* \ param pw_len length of pw in bytes
*
* \ return 0 on success , or a negative error code .
*/
int mbedtls_ssl_set_hs_ecjpake_password ( mbedtls_ssl_context * ssl ,
const unsigned char * pw ,
size_t pw_len ) ;
2015-09-16 10:05:04 +02:00
# endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
2015-09-15 12:43:43 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_ALPN)
2014-04-04 16:08:41 +02:00
/**
* \ brief Set the supported Application Layer Protocols .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2016-02-14 00:19:04 +01:00
* \ param protos Pointer to a NULL - terminated list of supported protocols ,
* in decreasing preference order . The pointer to the list is
* recorded by the library for later reference as required , so
2016-06-17 16:40:41 +02:00
* the lifetime of the table must be atleast as long as the
* lifetime of the SSL configuration structure .
2014-04-07 10:57:45 +02:00
*
2015-04-08 12:49:31 +02:00
* \ return 0 on success , or MBEDTLS_ERR_SSL_BAD_INPUT_DATA .
2014-04-04 16:08:41 +02:00
*/
2015-05-11 09:50:24 +02:00
int mbedtls_ssl_conf_alpn_protocols ( mbedtls_ssl_config * conf , const char * * protos ) ;
2014-04-04 16:08:41 +02:00
/**
* \ brief Get the name of the negotiated Application Layer Protocol .
* This function should be called after the handshake is
* completed .
*
* \ param ssl SSL context
*
* \ return Protcol name , or NULL if no protocol was negotiated .
*/
2015-04-08 12:49:31 +02:00
const char * mbedtls_ssl_get_alpn_protocol ( const mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_ALPN */
2014-04-04 16:08:41 +02:00
2011-10-06 15:04:09 +02:00
/**
* \ brief Set the maximum supported version sent from the client side
2013-06-29 16:01:15 +02:00
* and / or accepted at the server side
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_MAX_MAJOR_VERSION , MBEDTLS_SSL_MAX_MINOR_VERSION )
2013-08-27 21:19:20 +02:00
*
2015-05-11 10:11:56 +02:00
* \ note This ignores ciphersuites from higher versions .
*
* \ note With DTLS , use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
2013-06-29 16:01:15 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param major Major version number ( only MBEDTLS_SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( MBEDTLS_SSL_MINOR_VERSION_0 ,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2 ,
* MBEDTLS_SSL_MINOR_VERSION_3 supported )
2011-10-06 15:04:09 +02:00
*/
2015-05-11 10:11:56 +02:00
void mbedtls_ssl_conf_max_version ( mbedtls_ssl_config * conf , int major , int minor ) ;
2011-10-06 15:04:09 +02:00
2012-09-28 15:28:45 +02:00
/**
* \ brief Set the minimum accepted SSL / TLS protocol version
2015-03-31 14:21:11 +02:00
* ( Default : TLS 1.0 )
2013-08-27 21:19:20 +02:00
*
2015-01-12 11:40:14 +01:00
* \ note Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored .
*
2015-04-08 12:49:31 +02:00
* \ note MBEDTLS_SSL_MINOR_VERSION_0 ( SSL v3 ) should be avoided .
2012-09-28 15:28:45 +02:00
*
2015-05-11 10:11:56 +02:00
* \ note With DTLS , use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param major Major version number ( only MBEDTLS_SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( MBEDTLS_SSL_MINOR_VERSION_0 ,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2 ,
* MBEDTLS_SSL_MINOR_VERSION_3 supported )
2012-09-28 15:28:45 +02:00
*/
2015-05-11 10:11:56 +02:00
void mbedtls_ssl_conf_min_version ( mbedtls_ssl_config * conf , int major , int minor ) ;
2012-09-28 15:28:45 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
2014-10-20 13:34:59 +02:00
/**
* \ brief Set the fallback flag ( client - side only ) .
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_IS_NOT_FALLBACK ) .
2014-10-20 13:34:59 +02:00
*
2015-04-08 12:49:31 +02:00
* \ note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
2014-10-20 13:34:59 +02:00
* connection , that is a connection with max_version set to a
* lower value than the value you ' re willing to use . Such
* fallback connections are not recommended but are sometimes
* necessary to interoperate with buggy ( version - intolerant )
* servers .
*
2015-04-08 12:49:31 +02:00
* \ warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
2014-10-20 13:34:59 +02:00
* non - fallback connections ! This would appear to work for a
* while , then cause failures when the server is upgraded to
* support a newer TLS version .
*
2015-05-06 10:27:31 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
2014-10-20 13:34:59 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_fallback ( mbedtls_ssl_config * conf , char fallback ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
2014-10-20 13:34:59 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2014-10-27 13:57:03 +01:00
/**
* \ brief Enable or disable Encrypt - then - MAC
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_ETM_ENABLED )
2014-10-27 13:57:03 +01:00
*
* \ note This should always be enabled , it is a security
* improvement , and should not cause any interoperability
* issue ( used only if the peer supports it too ) .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
2014-10-27 13:57:03 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_encrypt_then_mac ( mbedtls_ssl_config * conf , char etm ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
2014-10-27 13:57:03 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
2014-10-20 18:40:56 +02:00
/**
* \ brief Enable or disable Extended Master Secret negotiation .
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_EXTENDED_MS_ENABLED )
2014-10-20 18:40:56 +02:00
*
* \ note This should always be enabled , it is a security fix to the
* protocol , and should not cause any interoperability issue
* ( used only if the peer supports it too ) .
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
2014-10-20 18:40:56 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_extended_master_secret ( mbedtls_ssl_config * conf , char ems ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
2014-10-20 18:40:56 +02:00
2015-05-14 12:28:21 +02:00
# if defined(MBEDTLS_ARC4_C)
2015-01-12 13:43:29 +01:00
/**
* \ brief Disable or enable support for RC4
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_ARC4_DISABLED )
2015-01-12 13:43:29 +01:00
*
2016-06-17 16:40:41 +02:00
* \ warning Use of RC4 in DTLS / TLS has been prohibited by RFC 7465
2016-02-13 23:44:49 +01:00
* for security reasons . Use at your own risk .
2015-01-12 13:43:29 +01:00
*
2016-02-13 23:44:49 +01:00
* \ note This function is deprecated and will likely be removed in
* a future version of the library .
* RC4 is disabled by default at compile time and needs to be
* actively enabled for use with legacy systems .
2015-01-12 13:43:29 +01:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
2015-01-12 13:43:29 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_arc4_support ( mbedtls_ssl_config * conf , char arc4 ) ;
2015-05-14 12:28:21 +02:00
# endif /* MBEDTLS_ARC4_C */
2015-01-12 13:43:29 +01:00
2017-04-10 13:42:31 +02:00
# if defined(MBEDTLS_SSL_SRV_C)
/**
* \ brief Whether to send a list of acceptable CAs in
* CertificateRequest messages .
* ( Default : do send )
*
* \ param conf SSL configuration
* \ param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
* MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
*/
void mbedtls_ssl_conf_cert_req_ca_list ( mbedtls_ssl_config * conf ,
char cert_req_ca_list ) ;
# endif /* MBEDTLS_SSL_SRV_C */
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2013-07-16 12:45:26 +02:00
/**
2019-02-08 17:03:33 +01:00
* \ brief Set the maximum fragment length to emit and / or negotiate .
* ( Typical : the smaller of # MBEDTLS_SSL_IN_CONTENT_LEN and
* # MBEDTLS_SSL_OUT_CONTENT_LEN , usually ` 2 ^ 14 ` bytes )
2013-07-16 12:45:26 +02:00
* ( Server : set maximum fragment length to emit ,
2019-02-04 10:43:40 +01:00
* usually negotiated by the client during handshake )
2013-07-16 12:45:26 +02:00
* ( Client : set maximum fragment length to emit * and *
* negotiate with the server during handshake )
2019-04-25 16:07:37 +02:00
* ( Default : # MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
2013-07-16 12:45:26 +02:00
*
2019-02-08 17:03:33 +01:00
* \ note On the client side , the maximum fragment length extension
* * will not * be used , unless the maximum fragment length has
* been set via this function to a value different than
* # MBEDTLS_SSL_MAX_FRAG_LEN_NONE .
2013-07-16 12:45:26 +02:00
*
2017-09-21 13:15:27 +02:00
* \ note With TLS , this currently only affects ApplicationData ( sent
* with \ c mbedtls_ssl_read ( ) ) , not handshake messages .
* With DTLS , this affects both ApplicationData and handshake .
*
2018-08-13 12:45:26 +02:00
* \ note This sets the maximum length for a record ' s payload ,
2017-09-21 13:15:27 +02:00
* excluding record overhead that will be added to it , see
* \ c mbedtls_ssl_get_record_expansion ( ) .
*
* \ note For DTLS , it is also possible to set a limit for the total
* size of daragrams passed to the transport layer , including
2018-08-20 10:37:23 +02:00
* record overhead , see \ c mbedtls_ssl_set_mtu ( ) .
2017-09-21 13:15:27 +02:00
*
2015-05-05 18:01:57 +02:00
* \ param conf SSL configuration
2013-09-10 16:16:50 +02:00
* \ param mfl_code Code for maximum fragment length ( allowed values :
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_MAX_FRAG_LEN_512 , MBEDTLS_SSL_MAX_FRAG_LEN_1024 ,
* MBEDTLS_SSL_MAX_FRAG_LEN_2048 , MBEDTLS_SSL_MAX_FRAG_LEN_4096 )
2013-07-16 12:45:26 +02:00
*
2015-05-12 12:56:41 +02:00
* \ return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
2013-07-16 12:45:26 +02:00
*/
2015-05-11 09:50:24 +02:00
int mbedtls_ssl_conf_max_frag_len ( mbedtls_ssl_config * conf , unsigned char mfl_code ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2013-07-16 12:45:26 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2013-07-19 11:08:52 +02:00
/**
2015-01-09 12:39:35 +01:00
* \ brief Activate negotiation of truncated HMAC
2015-05-06 18:39:23 +02:00
* ( Default : MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
2013-07-19 11:08:52 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param truncate Enable or disable ( MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
2013-07-19 11:08:52 +02:00
*/
2015-05-11 10:11:56 +02:00
void mbedtls_ssl_conf_truncated_hmac ( mbedtls_ssl_config * conf , int truncate ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
2013-07-19 11:08:52 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
2015-01-07 14:50:54 +01:00
/**
* \ brief Enable / Disable 1 / n - 1 record splitting
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED )
2015-01-07 14:50:54 +01:00
*
* \ note Only affects SSLv3 and TLS 1.0 , not higher versions .
* Does not affect non - CBC ciphersuites in any version .
*
2015-05-05 17:34:53 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
* MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
2015-01-07 14:50:54 +01:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_cbc_record_splitting ( mbedtls_ssl_config * conf , char split ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
2015-01-07 14:50:54 +01:00
2015-05-20 10:45:29 +02:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2013-08-03 13:02:31 +02:00
/**
2015-05-20 10:45:29 +02:00
* \ brief Enable / Disable session tickets ( client only ) .
* ( Default : MBEDTLS_SSL_SESSION_TICKETS_ENABLED . )
2013-08-03 13:02:31 +02:00
*
2015-05-20 10:45:29 +02:00
* \ note On server , use \ c mbedtls_ssl_conf_session_tickets_cb ( ) .
2013-08-03 13:02:31 +02:00
*
2015-05-06 11:05:11 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param use_tickets Enable or disable ( MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
2013-08-03 13:02:31 +02:00
*/
2015-05-20 10:45:29 +02:00
void mbedtls_ssl_conf_session_tickets ( mbedtls_ssl_config * conf , int use_tickets ) ;
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
2013-08-03 13:02:31 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2012-09-16 21:57:18 +02:00
/**
2012-10-23 13:54:56 +02:00
* \ brief Enable / Disable renegotiation support for connection when
* initiated by peer
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_RENEGOTIATION_DISABLED )
2012-10-23 13:54:56 +02:00
*
2015-05-28 15:13:30 +02:00
* \ warning It is recommended to always disable renegotation unless you
* know you need it and you know what you ' re doing . In the
2016-06-17 16:40:41 +02:00
* past , there have been several issues associated with
2015-05-28 15:13:30 +02:00
* renegotiation or a poor understanding of its properties .
*
* \ note Server - side , enabling renegotiation also makes the server
* susceptible to a resource DoS by a malicious client .
2012-09-16 21:57:18 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param renegotiation Enable or disable ( MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED )
2012-09-16 21:57:18 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_renegotiation ( mbedtls_ssl_config * conf , int renegotiation ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2012-09-16 21:57:18 +02:00
/**
* \ brief Prevent or allow legacy renegotiation .
2015-04-08 12:49:31 +02:00
* ( Default : MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
2014-05-01 13:03:14 +02:00
*
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
2012-09-17 11:18:12 +02:00
* be established even if the peer does not support
* secure renegotiation , but does not allow renegotiation
* to take place if not secure .
* ( Interoperable and secure option )
*
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
2012-09-17 11:18:12 +02:00
* with non - upgraded peers . Allowing legacy renegotiation
* makes the connection vulnerable to specific man in the
* middle attacks . ( See RFC 5746 )
* ( Most interoperable and least secure option )
*
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
2012-09-17 11:18:12 +02:00
* if peer does not support secure renegotiation . Results
* in interoperability issues with non - upgraded peers
* that do not support renegotiation altogether .
* ( Most secure option , interoperability issues )
2012-09-16 21:57:18 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2012-11-07 20:46:27 +01:00
* \ param allow_legacy Prevent or allow ( SSL_NO_LEGACY_RENEGOTIATION ,
* SSL_ALLOW_LEGACY_RENEGOTIATION or
2015-04-08 12:49:31 +02:00
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
2012-09-16 21:57:18 +02:00
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_legacy_renegotiation ( mbedtls_ssl_config * conf , int allow_legacy ) ;
2012-09-16 21:57:18 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2014-07-03 19:29:16 +02:00
/**
2014-10-15 15:07:45 +02:00
* \ brief Enforce renegotiation requests .
2014-07-03 19:29:16 +02:00
* ( Default : enforced , max_records = 16 )
*
2014-08-19 13:58:40 +02:00
* When we request a renegotiation , the peer can comply or
* ignore the request . This function allows us to decide
* whether to enforce our renegotiation requests by closing
* the connection if the peer doesn ' t comply .
2014-07-03 19:29:16 +02:00
*
2014-08-19 13:58:40 +02:00
* However , records could already be in transit from the peer
* when the request is emitted . In order to increase
* reliability , we can accept a number of records before the
* expected handshake records .
2014-07-03 19:29:16 +02:00
*
* The optimal value is highly dependent on the specific usage
* scenario .
*
2014-10-15 15:07:45 +02:00
* \ note With DTLS and server - initiated renegotiation , the
2015-04-08 12:49:31 +02:00
* HelloRequest is retransmited every time mbedtls_ssl_read ( ) times
2014-10-15 15:07:45 +02:00
* out or receives Application Data , until :
* - max_records records have beens seen , if it is > = 0 , or
* - the number of retransmits that would happen during an
* actual handshake has been reached .
* Please remember the request might be lost a few times
* if you consider setting max_records to a really low value .
*
2014-08-19 13:58:40 +02:00
* \ warning On client , the grace period can only happen during
2015-04-08 12:49:31 +02:00
* mbedtls_ssl_read ( ) , as opposed to mbedtls_ssl_write ( ) and mbedtls_ssl_renegotiate ( )
2014-08-19 13:58:40 +02:00
* which always behave as if max_record was 0. The reason is ,
* if we receive application data from the server , we need a
2015-04-08 12:49:31 +02:00
* place to write it , which only happens during mbedtls_ssl_read ( ) .
2014-08-19 13:58:40 +02:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2015-04-08 12:49:31 +02:00
* \ param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don ' t want to
2014-07-03 19:29:16 +02:00
* enforce renegotiation , or a non - negative value to enforce
* it but allow for a grace period of max_records records .
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_renegotiation_enforced ( mbedtls_ssl_config * conf , int max_records ) ;
2014-07-03 19:29:16 +02:00
2014-11-05 13:58:53 +01:00
/**
* \ brief Set record counter threshold for periodic renegotiation .
2016-12-15 18:01:16 +01:00
* ( Default : 2 ^ 48 - 1 )
2014-11-05 13:58:53 +01:00
*
* Renegotiation is automatically triggered when a record
2019-05-03 13:55:51 +02:00
* counter ( outgoing or incoming ) crosses the defined
2014-11-05 13:58:53 +01:00
* threshold . The default value is meant to prevent the
* connection from being closed when the counter is about to
* reached its maximal value ( it is not allowed to wrap ) .
*
* Lower values can be used to enforce policies such as " keys
* must be refreshed every N packets with cipher X " .
*
2017-02-03 01:21:28 +01:00
* The renegotiation period can be disabled by setting
* conf - > disable_renegotiation to
* MBEDTLS_SSL_RENEGOTIATION_DISABLED .
*
* \ note When the configured transport is
* MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
* period is 2 ^ 48 - 1 , and for MBEDTLS_SSL_TRANSPORT_STREAM ,
* the maximum renegotiation period is 2 ^ 64 - 1.
2016-12-15 18:01:16 +01:00
*
2015-05-05 10:45:39 +02:00
* \ param conf SSL configuration
2014-11-05 13:58:53 +01:00
* \ param period The threshold value : a big - endian 64 - bit number .
*/
2015-05-11 09:50:24 +02:00
void mbedtls_ssl_conf_renegotiation_period ( mbedtls_ssl_config * conf ,
2014-11-05 13:58:53 +01:00
const unsigned char period [ 8 ] ) ;
2015-04-08 12:49:31 +02:00
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2014-07-03 19:29:16 +02:00
2009-01-03 22:22:43 +01:00
/**
2017-10-10 12:51:19 +02:00
* \ brief Check if there is data already read from the
* underlying transport but not yet processed .
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
*
2017-10-10 12:51:19 +02:00
* \ return 0 if nothing ' s pending , 1 otherwise .
*
* \ note This is different in purpose and behaviour from
* \ c mbedtls_ssl_get_bytes_avail in that it considers
* any kind of unprocessed data , not only unread
* application data . If \ c mbedtls_ssl_get_bytes
* returns a non - zero value , this function will
* also signal pending data , but the converse does
* not hold . For example , in DTLS there might be
* further records waiting to be processed from
* the current underlying transport ' s datagram .
*
2017-10-31 14:00:14 +01:00
* \ note If this function returns 1 ( data pending ) , this
2017-10-10 12:51:19 +02:00
* does not imply that a subsequent call to
* \ c mbedtls_ssl_read will provide any data ;
* e . g . , the unprocessed data might turn out
* to be an alert or a handshake message .
2017-10-31 14:00:14 +01:00
*
* \ note This function is useful in the following situation :
* If the SSL / TLS module successfully returns from an
* operation - e . g . a handshake or an application record
* read - and you ' re awaiting incoming data next , you
* must not immediately idle on the underlying transport
* to have data ready , but you need to check the value
* of this function first . The reason is that the desired
* data might already be read but not yet processed .
* If , in contrast , a previous call to the SSL / TLS module
* returned MBEDTLS_ERR_SSL_WANT_READ , it is not necessary
* to call this function , as the latter error code entails
* that all internal data has been processed .
*
2017-10-10 12:51:19 +02:00
*/
int mbedtls_ssl_check_pending ( const mbedtls_ssl_context * ssl ) ;
/**
* \ brief Return the number of application data bytes
* remaining to be read from the current record .
*
* \ param ssl SSL context
*
* \ return How many bytes are available in the application
* data record read buffer .
*
* \ note When working over a datagram transport , this is
* useful to detect the current datagram ' s boundary
* in case \ c mbedtls_ssl_read has written the maximal
* amount of data fitting into the input buffer .
*
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
size_t mbedtls_ssl_get_bytes_avail ( const mbedtls_ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Return the result of the certificate verification
*
2018-10-23 11:28:01 +02:00
* \ param ssl The SSL context to use .
*
* \ return \ c 0 if the certificate verification was successful .
* \ return \ c - 1u if the result is not available . This may happen
* e . g . if the handshake aborts early , or a verification
* callback returned a fatal error .
* \ return A bitwise combination of \ c MBEDTLS_X509_BADCERT_XXX
* and \ c MBEDTLS_X509_BADCRL_XXX failure flags ; see x509 . h .
2009-01-03 22:22:43 +01:00
*/
2015-05-11 19:54:43 +02:00
uint32_t mbedtls_ssl_get_verify_result ( const mbedtls_ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
/**
2011-01-27 18:40:50 +01:00
* \ brief Return the name of the current ciphersuite
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
*
2011-01-27 18:40:50 +01:00
* \ return a string containing the ciphersuite name
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
const char * mbedtls_ssl_get_ciphersuite ( const mbedtls_ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
2011-01-15 18:35:19 +01:00
/**
* \ brief Return the current SSL version ( SSLv3 / TLSv1 / etc )
*
* \ param ssl SSL context
*
* \ return a string containing the SSL version
*/
2015-04-08 12:49:31 +02:00
const char * mbedtls_ssl_get_version ( const mbedtls_ssl_context * ssl ) ;
2011-01-15 18:35:19 +01:00
2014-10-14 17:47:31 +02:00
/**
* \ brief Return the ( maximum ) number of bytes added by the record
* layer : header + encryption / MAC overhead ( inc . padding )
*
2017-09-21 13:49:50 +02:00
* \ note This function is not available ( always returns an error )
* when record compression is enabled .
*
2014-10-14 17:47:31 +02:00
* \ param ssl SSL context
*
* \ return Current maximum record expansion in bytes , or
2015-04-08 12:49:31 +02:00
* MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
2015-04-03 16:37:14 +02:00
* enabled , which makes expansion much less predictable
2014-10-14 17:47:31 +02:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_get_record_expansion ( const mbedtls_ssl_context * ssl ) ;
2014-10-14 17:47:31 +02:00
2015-08-31 18:30:52 +02:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
* \ brief Return the maximum fragment length ( payload , in bytes ) .
* This is the value negotiated with peer if any ,
* or the locally configured value .
*
2017-09-21 13:49:50 +02:00
* \ sa mbedtls_ssl_conf_max_frag_len ( )
* \ sa mbedtls_ssl_get_max_record_payload ( )
*
* \ param ssl SSL context
*
* \ return Current maximum fragment length .
*/
size_t mbedtls_ssl_get_max_frag_len ( const mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
/**
* \ brief Return the current maximum outgoing record payload in bytes .
* This takes into account the config . h setting \ c
* MBEDTLS_SSL_OUT_CONTENT_LEN , the configured and negotiated
* max fragment length extension if used , and for DTLS the
* path MTU as configured and current record expansion .
*
2015-08-31 18:30:52 +02:00
* \ note With DTLS , \ c mbedtls_ssl_write ( ) will return an error if
* called with a larger length value .
* With TLS , \ c mbedtls_ssl_write ( ) will fragment the input if
* necessary and return the number of bytes written ; it is up
* to the caller to call \ c mbedtls_ssl_write ( ) again in
* order to send the remaining bytes if any .
*
2017-09-21 13:49:50 +02:00
* \ note This function is not available ( always returns an error )
* when record compression is enabled .
*
2018-08-20 10:37:23 +02:00
* \ sa mbedtls_ssl_set_mtu ( )
2017-09-21 13:49:50 +02:00
* \ sa mbedtls_ssl_get_max_frag_len ( )
* \ sa mbedtls_ssl_get_record_expansion ( )
*
2015-08-31 18:30:52 +02:00
* \ param ssl SSL context
*
2017-09-21 13:49:50 +02:00
* \ return Current maximum payload for an outgoing record ,
* or a negative error code .
2015-08-31 18:30:52 +02:00
*/
2017-09-21 13:49:50 +02:00
int mbedtls_ssl_get_max_out_record_payload ( const mbedtls_ssl_context * ssl ) ;
2015-08-31 18:30:52 +02:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2012-10-30 08:51:03 +01:00
/**
2019-02-05 12:33:12 +01:00
* \ brief Return the peer certificate from the current connection .
*
* \ param ssl The SSL context to use . This must be initialized and setup .
*
2019-02-25 11:13:43 +01:00
* \ return The current peer certificate , if available .
* The returned certificate is owned by the SSL context and
* is valid only until the next call to the SSL API .
* \ return \ c NULL if no peer certificate is available . This might
* be because the chosen ciphersuite doesn ' t use CRTs
* ( PSK - based ciphersuites , for example ) , or because
* # MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled ,
* allowing the stack to free the peer ' s CRT to save memory .
2019-02-05 12:33:12 +01:00
*
* \ note For one - time inspection of the peer ' s certificate during
* the handshake , consider registering an X .509 CRT verification
* callback through mbedtls_ssl_conf_verify ( ) instead of calling
* this function . Using mbedtls_ssl_conf_verify ( ) also comes at
* the benefit of allowing you to influence the verification
* process , for example by masking expected and tolerated
* verification failures .
*
* \ warning You must not use the pointer returned by this function
* after any further call to the SSL API , including
* mbedtls_ssl_read ( ) and mbedtls_ssl_write ( ) ; this is
* because the pointer might change during renegotiation ,
* which happens transparently to the user .
* If you want to use the certificate across API calls ,
* you must make a copy .
2012-10-30 08:51:03 +01:00
*/
2015-04-08 12:49:31 +02:00
const mbedtls_x509_crt * mbedtls_ssl_get_peer_cert ( const mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2012-10-30 08:51:03 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_CLI_C)
2013-07-30 12:41:56 +02:00
/**
* \ brief Save session in order to resume it later ( client - side only )
* Session data is copied to presented session structure .
*
*
* \ param ssl SSL context
* \ param session session context
*
* \ return 0 if successful ,
2015-05-28 09:33:39 +02:00
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed ,
2015-04-08 12:49:31 +02:00
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server - side or
2018-07-04 16:42:47 +02:00
* arguments are otherwise invalid .
2013-07-30 12:41:56 +02:00
*
2018-07-17 10:21:50 +02:00
* \ note Only the server certificate is copied , and not the full chain ,
* so you should not attempt to validate the certificate again
* by calling \ c mbedtls_x509_crt_verify ( ) on it .
* Instead , you should use the results from the verification
* in the original handshake by calling \ c mbedtls_ssl_get_verify_result ( )
* after loading the session again into a new SSL context
* using \ c mbedtls_ssl_set_session ( ) .
*
* \ note Once the session object is not needed anymore , you should
* free it by calling \ c mbedtls_ssl_session_free ( ) .
2013-07-30 12:41:56 +02:00
*
2015-04-08 12:49:31 +02:00
* \ sa mbedtls_ssl_set_session ( )
2013-07-30 12:41:56 +02:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_get_session ( const mbedtls_ssl_context * ssl , mbedtls_ssl_session * session ) ;
# endif /* MBEDTLS_SSL_CLI_C */
2013-07-30 12:41:56 +02:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Perform the SSL handshake
*
* \ param ssl SSL context
*
2018-10-15 13:29:21 +02:00
* \ return \ c 0 if successful .
* \ return # MBEDTLS_ERR_SSL_WANT_READ or # MBEDTLS_ERR_SSL_WANT_WRITE
2018-10-23 10:41:11 +02:00
* if the handshake is incomplete and waiting for data to
2018-10-22 09:56:53 +02:00
* be available for reading from or writing to the underlying
2018-10-15 13:29:21 +02:00
* transport - in this case you must call this function again
* when the underlying transport is ready for the operation .
* \ return # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
* operation is in progress ( see
* mbedtls_ssl_conf_async_private_cb ( ) ) - in this case you
* must call this function again when the operation is ready .
* \ return # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
* operation is in progress ( see mbedtls_ecp_set_max_ops ( ) ) -
* in this case you must call this function again to complete
* the handshake when you ' re done attending other tasks .
* \ return # MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
* and the client did not demonstrate reachability yet - in
* this case you must stop using the context ( see below ) .
* \ return Another SSL error code - in this case you must stop using
* the context ( see below ) .
*
* \ warning If this function returns something other than
* \ c 0 ,
* # MBEDTLS_ERR_SSL_WANT_READ ,
* # MBEDTLS_ERR_SSL_WANT_WRITE ,
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
* # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ,
* you must stop using the SSL context for reading or writing ,
* and either free it or call \ c mbedtls_ssl_session_reset ( )
* on it before re - using it for a new connection ; the current
* connection must be closed .
2015-05-28 15:24:25 +02:00
*
2018-10-15 13:29:21 +02:00
* \ note If DTLS is in use , then you may choose to handle
* # MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
* purposes , as it is an expected return value rather than an
* actual error , but you still need to reset / free the context .
2017-10-10 11:35:08 +02:00
*
* \ note Remarks regarding event - driven DTLS :
2018-10-22 09:56:53 +02:00
* If the function returns # MBEDTLS_ERR_SSL_WANT_READ , no datagram
2017-10-10 11:35:08 +02:00
* from the underlying transport layer is currently being processed ,
* and it is safe to idle until the timer or the underlying transport
* signal a new event . This is not true for a successful handshake ,
2017-10-23 14:17:42 +02:00
* in which case the datagram of the underlying transport that is
* currently being processed might or might not contain further
* DTLS records .
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_handshake ( mbedtls_ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
2013-01-25 14:49:24 +01:00
/**
* \ brief Perform a single step of the SSL handshake
*
2015-09-08 15:43:59 +02:00
* \ note The state of the context ( ssl - > state ) will be at
2018-10-15 13:29:21 +02:00
* the next state after this function returns \ c 0. Do not
2016-06-17 16:40:41 +02:00
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER .
2013-01-25 14:49:24 +01:00
*
* \ param ssl SSL context
*
2018-10-15 13:29:21 +02:00
* \ return See mbedtls_ssl_handshake ( ) .
*
* \ warning If this function returns something other than \ c 0 ,
* # MBEDTLS_ERR_SSL_WANT_READ , # MBEDTLS_ERR_SSL_WANT_WRITE ,
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
* # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS , you must stop using
* the SSL context for reading or writing , and either free it
* or call \ c mbedtls_ssl_session_reset ( ) on it before
* re - using it for a new connection ; the current connection
* must be closed .
2013-01-25 14:49:24 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_handshake_step ( mbedtls_ssl_context * ssl ) ;
2013-01-25 14:49:24 +01:00
2015-04-08 12:49:31 +02:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2012-09-16 21:57:18 +02:00
/**
2013-10-30 16:41:21 +01:00
* \ brief Initiate an SSL renegotiation on the running connection .
* Client : perform the renegotiation right now .
* Server : request renegotiation , which will be performed
2016-06-17 16:40:41 +02:00
* during the next call to mbedtls_ssl_read ( ) if honored by
* client .
2012-09-16 21:57:18 +02:00
*
* \ param ssl SSL context
*
2016-06-17 16:40:41 +02:00
* \ return 0 if successful , or any mbedtls_ssl_handshake ( ) return
2018-10-15 13:29:21 +02:00
* value except # MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can ' t
* happen during a renegotiation .
*
* \ warning If this function returns something other than \ c 0 ,
* # MBEDTLS_ERR_SSL_WANT_READ , # MBEDTLS_ERR_SSL_WANT_WRITE ,
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
* # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS , you must stop using
* the SSL context for reading or writing , and either free it
* or call \ c mbedtls_ssl_session_reset ( ) on it before
* re - using it for a new connection ; the current connection
* must be closed .
2015-12-10 13:57:27 +01:00
*
2012-09-16 21:57:18 +02:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_renegotiate ( mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2012-09-16 21:57:18 +02:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Read at most ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer that will hold the data
2014-09-24 11:13:11 +02:00
* \ param len maximum number of bytes to read
2009-01-03 22:22:43 +01:00
*
2018-10-15 13:29:21 +02:00
* \ return The ( positive ) number of bytes read if successful .
2018-10-23 10:41:11 +02:00
* \ return \ c 0 if the read end of the underlying transport was closed
2018-10-15 13:29:21 +02:00
* - in this case you must stop using the context ( see below ) .
* \ return # MBEDTLS_ERR_SSL_WANT_READ or # MBEDTLS_ERR_SSL_WANT_WRITE
2018-10-23 10:41:11 +02:00
* if the handshake is incomplete and waiting for data to
2018-10-22 09:56:53 +02:00
* be available for reading from or writing to the underlying
2018-10-15 13:29:21 +02:00
* transport - in this case you must call this function again
* when the underlying transport is ready for the operation .
* \ return # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
* operation is in progress ( see
* mbedtls_ssl_conf_async_private_cb ( ) ) - in this case you
* must call this function again when the operation is ready .
* \ return # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
* operation is in progress ( see mbedtls_ecp_set_max_ops ( ) ) -
* in this case you must call this function again to complete
* the handshake when you ' re done attending other tasks .
* \ return # MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we ' re at the server
* side of a DTLS connection and the client is initiating a
2018-10-22 09:56:53 +02:00
* new connection using the same source port . See below .
2018-10-15 13:29:21 +02:00
* \ return Another SSL error code - in this case you must stop using
* the context ( see below ) .
*
* \ warning If this function returns something other than
* a positive value ,
* # MBEDTLS_ERR_SSL_WANT_READ ,
* # MBEDTLS_ERR_SSL_WANT_WRITE ,
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ,
* # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
* # MBEDTLS_ERR_SSL_CLIENT_RECONNECT ,
* you must stop using the SSL context for reading or writing ,
* and either free it or call \ c mbedtls_ssl_session_reset ( )
* on it before re - using it for a new connection ; the current
* connection must be closed .
2015-12-10 13:57:27 +01:00
*
2018-10-22 09:56:53 +02:00
* \ note When this function returns # MBEDTLS_ERR_SSL_CLIENT_RECONNECT
2015-09-08 15:36:09 +02:00
* ( which can only happen server - side ) , it means that a client
* is initiating a new connection using the same source port .
* You can either treat that as a connection close and wait
* for the client to resend a ClientHello , or directly
* continue with \ c mbedtls_ssl_handshake ( ) with the same
2018-10-15 13:29:21 +02:00
* context ( as it has been reset internally ) . Either way , you
* must make sure this is seen by the application as a new
2015-09-08 15:36:09 +02:00
* connection : application state , if any , should be reset , and
* most importantly the identity of the client must be checked
* again . WARNING : not validating the identity of the client
* again , or not transmitting the new identity to the
* application layer , would allow authentication bypass !
2017-10-10 11:35:08 +02:00
*
* \ note Remarks regarding event - driven DTLS :
2018-10-22 09:56:53 +02:00
* - If the function returns # MBEDTLS_ERR_SSL_WANT_READ , no datagram
2017-10-10 11:35:08 +02:00
* from the underlying transport layer is currently being processed ,
* and it is safe to idle until the timer or the underlying transport
* signal a new event .
2017-10-23 14:17:42 +02:00
* - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
* initially available on the underlying transport , as this data may have
* been only e . g . duplicated messages or a renegotiation request .
* Therefore , you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
* when reacting to an incoming - data event from the underlying transport .
* - On success , the datagram of the underlying transport that is currently
* being processed may contain further DTLS records . You should call
* \ c mbedtls_ssl_check_pending to check for remaining records .
2017-10-10 11:35:08 +02:00
*
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_read ( mbedtls_ssl_context * ssl , unsigned char * buf , size_t len ) ;
2009-01-03 22:22:43 +01:00
/**
2015-08-31 20:44:12 +02:00
* \ brief Try to write exactly ' len ' application data bytes
*
* \ warning This function will do partial writes in some cases . If the
* return value is non - negative but less than length , the
* function must be called again with updated arguments :
* buf + ret , len - ret ( if ret is the return value ) until
* it returns a value equal to the last ' len ' argument .
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
* \ param buf buffer holding the data
* \ param len how many bytes must be written
*
2018-10-15 13:29:21 +02:00
* \ return The ( non - negative ) number of bytes actually written if
2018-10-22 09:56:53 +02:00
* successful ( may be less than \ p len ) .
2018-10-15 13:29:21 +02:00
* \ return # MBEDTLS_ERR_SSL_WANT_READ or # MBEDTLS_ERR_SSL_WANT_WRITE
2018-10-23 10:41:11 +02:00
* if the handshake is incomplete and waiting for data to
2018-10-22 09:56:53 +02:00
* be available for reading from or writing to the underlying
2018-10-15 13:29:21 +02:00
* transport - in this case you must call this function again
* when the underlying transport is ready for the operation .
* \ return # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
* operation is in progress ( see
* mbedtls_ssl_conf_async_private_cb ( ) ) - in this case you
* must call this function again when the operation is ready .
* \ return # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
* operation is in progress ( see mbedtls_ecp_set_max_ops ( ) ) -
* in this case you must call this function again to complete
* the handshake when you ' re done attending other tasks .
* \ return Another SSL error code - in this case you must stop using
* the context ( see below ) .
*
* \ warning If this function returns something other than
* a non - negative value ,
* # MBEDTLS_ERR_SSL_WANT_READ ,
* # MBEDTLS_ERR_SSL_WANT_WRITE ,
* # MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
* # MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ,
* you must stop using the SSL context for reading or writing ,
* and either free it or call \ c mbedtls_ssl_session_reset ( )
* on it before re - using it for a new connection ; the current
* connection must be closed .
2015-12-10 13:57:27 +01:00
*
2018-10-22 09:56:53 +02:00
* \ note When this function returns # MBEDTLS_ERR_SSL_WANT_WRITE / READ ,
2009-01-03 22:22:43 +01:00
* it must be called later with the * same * arguments ,
2017-07-11 17:15:54 +02:00
* until it returns a value greater that or equal to 0. When
2018-10-22 09:56:53 +02:00
* the function returns # MBEDTLS_ERR_SSL_WANT_WRITE there may be
2017-07-11 17:15:54 +02:00
* some partial data in the output buffer , however this is not
* yet sent .
2014-10-13 17:55:52 +02:00
*
2015-01-21 14:37:08 +01:00
* \ note If the requested length is greater than the maximum
* fragment length ( either the built - in limit or the one set
* or negotiated with the peer ) , then :
2015-08-31 20:44:12 +02:00
* - with TLS , less bytes than requested are written .
2015-04-08 12:49:31 +02:00
* - with DTLS , MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned .
2015-08-31 20:44:12 +02:00
* \ c mbedtls_ssl_get_max_frag_len ( ) may be used to query the
* active maximum fragment length .
2017-07-11 17:15:54 +02:00
*
* \ note Attempting to write 0 bytes will result in an empty TLS
* application record being sent .
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_write ( mbedtls_ssl_context * ssl , const unsigned char * buf , size_t len ) ;
2009-01-03 22:22:43 +01:00
2012-04-16 08:46:41 +02:00
/**
* \ brief Send an alert message
*
* \ param ssl SSL context
* \ param level The alert level of the message
2015-04-08 12:49:31 +02:00
* ( MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL )
2012-04-16 08:46:41 +02:00
* \ param message The alert message ( SSL_ALERT_MSG_ * )
*
2012-11-07 20:46:27 +01:00
* \ return 0 if successful , or a specific SSL error code .
2015-12-10 13:57:27 +01:00
*
* \ note If this function returns something other than 0 or
2017-11-06 11:45:26 +01:00
* MBEDTLS_ERR_SSL_WANT_READ / WRITE , you must stop using
* the SSL context for reading or writing , and either free it or
* call \ c mbedtls_ssl_session_reset ( ) on it before re - using it
* for a new connection ; the current connection must be closed .
2012-04-16 08:46:41 +02:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_send_alert_message ( mbedtls_ssl_context * ssl ,
2012-04-16 08:46:41 +02:00
unsigned char level ,
unsigned char message ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Notify the peer that the connection is being closed
2009-07-28 09:18:38 +02:00
*
* \ param ssl SSL context
2015-12-10 13:57:27 +01:00
*
* \ return 0 if successful , or a specific SSL error code .
*
* \ note If this function returns something other than 0 or
2017-11-06 11:45:26 +01:00
* MBEDTLS_ERR_SSL_WANT_READ / WRITE , you must stop using
* the SSL context for reading or writing , and either free it or
* call \ c mbedtls_ssl_session_reset ( ) on it before re - using it
* for a new connection ; the current connection must be closed .
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
int mbedtls_ssl_close_notify ( mbedtls_ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
/**
2012-09-16 21:57:18 +02:00
* \ brief Free referenced items in an SSL context and clear memory
2009-07-28 09:18:38 +02:00
*
* \ param ssl SSL context
2009-01-03 22:22:43 +01:00
*/
2015-04-08 12:49:31 +02:00
void mbedtls_ssl_free ( mbedtls_ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
2015-05-04 13:35:39 +02:00
/**
* \ brief Initialize an SSL configuration context
* Just makes the context ready for
2015-06-11 13:29:15 +02:00
* mbedtls_ssl_config_defaults ( ) or mbedtls_ssl_config_free ( ) .
2015-05-04 13:35:39 +02:00
*
* \ note You need to call mbedtls_ssl_config_defaults ( ) unless you
2019-01-23 15:24:37 +01:00
* manually set all of the relevant fields yourself .
2015-05-04 13:35:39 +02:00
*
* \ param conf SSL configuration context
*/
void mbedtls_ssl_config_init ( mbedtls_ssl_config * conf ) ;
/**
* \ brief Load reasonnable default SSL configuration values .
* ( You need to call mbedtls_ssl_config_init ( ) first . )
*
* \ param conf SSL configuration context
2015-06-11 13:29:15 +02:00
* \ param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
* \ param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS , or
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
2015-06-17 13:53:47 +02:00
* \ param preset a MBEDTLS_SSL_PRESET_XXX value
2015-05-04 13:35:39 +02:00
*
2015-05-11 09:50:24 +02:00
* \ note See \ c mbedtls_ssl_conf_transport ( ) for notes on DTLS .
2015-05-06 15:42:06 +02:00
*
2015-05-04 13:35:39 +02:00
* \ return 0 if successful , or
2015-06-11 13:29:15 +02:00
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error .
2015-05-04 13:35:39 +02:00
*/
2015-05-04 19:32:36 +02:00
int mbedtls_ssl_config_defaults ( mbedtls_ssl_config * conf ,
2015-06-17 13:53:47 +02:00
int endpoint , int transport , int preset ) ;
2015-05-04 13:35:39 +02:00
/**
* \ brief Free an SSL configuration context
*
* \ param conf SSL configuration context
*/
void mbedtls_ssl_config_free ( mbedtls_ssl_config * conf ) ;
2014-06-26 13:37:14 +02:00
/**
* \ brief Initialize SSL session structure
*
* \ param session SSL session
*/
2015-04-08 12:49:31 +02:00
void mbedtls_ssl_session_init ( mbedtls_ssl_session * session ) ;
2014-06-26 13:37:14 +02:00
2012-09-16 21:57:18 +02:00
/**
2012-09-25 23:55:46 +02:00
* \ brief Free referenced items in an SSL session including the
* peer certificate and clear memory
2012-09-16 21:57:18 +02:00
*
2018-07-17 10:21:50 +02:00
* \ note A session object can be freed even if the SSL context
* that was used to retrieve the session is still in use .
*
2012-09-16 21:57:18 +02:00
* \ param session SSL session
*/
2015-04-08 12:49:31 +02:00
void mbedtls_ssl_session_free ( mbedtls_ssl_session * session ) ;
2012-09-16 21:57:18 +02:00
2019-05-12 13:54:30 +02:00
/**
* \ brief TLS - PRF function for key derivation .
*
* \ param prf The tls_prf type funtion type to be used .
* \ param secret Secret for the key derivation function .
* \ param slen Length of the secret .
* \ param label String label for the key derivation function ,
* terminated with null character .
* \ param random Random bytes .
* \ param rlen Length of the random bytes buffer .
* \ param dstbuf The buffer holding the derived key .
* \ param dlen Length of the output buffer .
*
* \ return 0 on sucess . An SSL specific error on failure .
*/
int mbedtls_ssl_tls_prf ( const mbedtls_tls_prf_types prf ,
const unsigned char * secret , size_t slen ,
const char * label ,
const unsigned char * random , size_t rlen ,
unsigned char * dstbuf , size_t dlen ) ;
2009-01-03 22:22:43 +01:00
# ifdef __cplusplus
}
# endif
# endif /* ssl.h */
