[398] | 1 | /**
|
---|
| 2 | * \file ssl_internal.h
|
---|
| 3 | *
|
---|
| 4 | * \brief Internal functions shared by the SSL modules
|
---|
| 5 | */
|
---|
| 6 | /*
|
---|
| 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
| 8 | * SPDX-License-Identifier: Apache-2.0
|
---|
| 9 | *
|
---|
| 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
| 11 | * not use this file except in compliance with the License.
|
---|
| 12 | * You may obtain a copy of the License at
|
---|
| 13 | *
|
---|
| 14 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
| 15 | *
|
---|
| 16 | * Unless required by applicable law or agreed to in writing, software
|
---|
| 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
| 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
| 19 | * See the License for the specific language governing permissions and
|
---|
| 20 | * limitations under the License.
|
---|
| 21 | *
|
---|
| 22 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
| 23 | */
|
---|
| 24 | #ifndef MBEDTLS_SSL_INTERNAL_H
|
---|
| 25 | #define MBEDTLS_SSL_INTERNAL_H
|
---|
| 26 |
|
---|
| 27 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
| 28 | #include "config.h"
|
---|
| 29 | #else
|
---|
| 30 | #include MBEDTLS_CONFIG_FILE
|
---|
| 31 | #endif
|
---|
| 32 |
|
---|
| 33 | #include "ssl.h"
|
---|
| 34 | #include "cipher.h"
|
---|
| 35 |
|
---|
| 36 | #if defined(MBEDTLS_MD5_C)
|
---|
| 37 | #include "md5.h"
|
---|
| 38 | #endif
|
---|
| 39 |
|
---|
| 40 | #if defined(MBEDTLS_SHA1_C)
|
---|
| 41 | #include "sha1.h"
|
---|
| 42 | #endif
|
---|
| 43 |
|
---|
| 44 | #if defined(MBEDTLS_SHA256_C)
|
---|
| 45 | #include "sha256.h"
|
---|
| 46 | #endif
|
---|
| 47 |
|
---|
| 48 | #if defined(MBEDTLS_SHA512_C)
|
---|
| 49 | #include "sha512.h"
|
---|
| 50 | #endif
|
---|
| 51 |
|
---|
| 52 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
---|
| 53 | #include "ecjpake.h"
|
---|
| 54 | #endif
|
---|
| 55 |
|
---|
| 56 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
---|
| 57 | !defined(inline) && !defined(__cplusplus)
|
---|
| 58 | #define inline __inline
|
---|
| 59 | #endif
|
---|
| 60 |
|
---|
| 61 | /* Determine minimum supported version */
|
---|
| 62 | #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
---|
| 63 |
|
---|
| 64 | #if defined(MBEDTLS_SSL_PROTO_SSL3)
|
---|
| 65 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
---|
| 66 | #else
|
---|
| 67 | #if defined(MBEDTLS_SSL_PROTO_TLS1)
|
---|
| 68 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
---|
| 69 | #else
|
---|
| 70 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
| 71 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
---|
| 72 | #else
|
---|
| 73 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
| 74 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
---|
| 75 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
| 76 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
---|
| 77 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
---|
| 78 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
---|
| 79 |
|
---|
| 80 | #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
---|
| 81 | #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
---|
| 82 |
|
---|
| 83 | /* Determine maximum supported version */
|
---|
| 84 | #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
---|
| 85 |
|
---|
| 86 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
| 87 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
---|
| 88 | #else
|
---|
| 89 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
| 90 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
---|
| 91 | #else
|
---|
| 92 | #if defined(MBEDTLS_SSL_PROTO_TLS1)
|
---|
| 93 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
---|
| 94 | #else
|
---|
| 95 | #if defined(MBEDTLS_SSL_PROTO_SSL3)
|
---|
| 96 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
---|
| 97 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
---|
| 98 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
---|
| 99 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
---|
| 100 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
| 101 |
|
---|
| 102 | /* Shorthand for restartable ECC */
|
---|
| 103 | #if defined(MBEDTLS_ECP_RESTARTABLE) && \
|
---|
| 104 | defined(MBEDTLS_SSL_CLI_C) && \
|
---|
| 105 | defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
| 106 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
---|
| 107 | #define MBEDTLS_SSL__ECP_RESTARTABLE
|
---|
| 108 | #endif
|
---|
| 109 |
|
---|
| 110 | #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
|
---|
| 111 | #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
|
---|
| 112 | #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
|
---|
| 113 | #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
|
---|
| 114 |
|
---|
| 115 | /*
|
---|
| 116 | * DTLS retransmission states, see RFC 6347 4.2.4
|
---|
| 117 | *
|
---|
| 118 | * The SENDING state is merged in PREPARING for initial sends,
|
---|
| 119 | * but is distinct for resends.
|
---|
| 120 | *
|
---|
| 121 | * Note: initial state is wrong for server, but is not used anyway.
|
---|
| 122 | */
|
---|
| 123 | #define MBEDTLS_SSL_RETRANS_PREPARING 0
|
---|
| 124 | #define MBEDTLS_SSL_RETRANS_SENDING 1
|
---|
| 125 | #define MBEDTLS_SSL_RETRANS_WAITING 2
|
---|
| 126 | #define MBEDTLS_SSL_RETRANS_FINISHED 3
|
---|
| 127 |
|
---|
| 128 | /*
|
---|
| 129 | * Allow extra bytes for record, authentication and encryption overhead:
|
---|
| 130 | * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
|
---|
| 131 | * and allow for a maximum of 1024 of compression expansion if
|
---|
| 132 | * enabled.
|
---|
| 133 | */
|
---|
| 134 | #if defined(MBEDTLS_ZLIB_SUPPORT)
|
---|
| 135 | #define MBEDTLS_SSL_COMPRESSION_ADD 1024
|
---|
| 136 | #else
|
---|
| 137 | #define MBEDTLS_SSL_COMPRESSION_ADD 0
|
---|
| 138 | #endif
|
---|
| 139 |
|
---|
| 140 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
|
---|
| 141 | /* Ciphersuites using HMAC */
|
---|
| 142 | #if defined(MBEDTLS_SHA512_C)
|
---|
| 143 | #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
|
---|
| 144 | #elif defined(MBEDTLS_SHA256_C)
|
---|
| 145 | #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
|
---|
| 146 | #else
|
---|
| 147 | #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
|
---|
| 148 | #endif
|
---|
| 149 | #else
|
---|
| 150 | /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
|
---|
| 151 | #define MBEDTLS_SSL_MAC_ADD 16
|
---|
| 152 | #endif
|
---|
| 153 |
|
---|
| 154 | #if defined(MBEDTLS_CIPHER_MODE_CBC)
|
---|
| 155 | #define MBEDTLS_SSL_PADDING_ADD 256
|
---|
| 156 | #else
|
---|
| 157 | #define MBEDTLS_SSL_PADDING_ADD 0
|
---|
| 158 | #endif
|
---|
| 159 |
|
---|
| 160 | #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
|
---|
| 161 | MBEDTLS_MAX_IV_LENGTH + \
|
---|
| 162 | MBEDTLS_SSL_MAC_ADD + \
|
---|
| 163 | MBEDTLS_SSL_PADDING_ADD \
|
---|
| 164 | )
|
---|
| 165 |
|
---|
| 166 | #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
---|
| 167 | ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
|
---|
| 168 |
|
---|
| 169 | #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
---|
| 170 | ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
|
---|
| 171 |
|
---|
| 172 | /* The maximum number of buffered handshake messages. */
|
---|
| 173 | #define MBEDTLS_SSL_MAX_BUFFERED_HS 4
|
---|
| 174 |
|
---|
| 175 | /* Maximum length we can advertise as our max content length for
|
---|
| 176 | RFC 6066 max_fragment_length extension negotiation purposes
|
---|
| 177 | (the lesser of both sizes, if they are unequal.)
|
---|
| 178 | */
|
---|
| 179 | #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
|
---|
| 180 | (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
|
---|
| 181 | ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
|
---|
| 182 | : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
|
---|
| 183 | )
|
---|
| 184 |
|
---|
| 185 | /*
|
---|
| 186 | * Check that we obey the standard's message size bounds
|
---|
| 187 | */
|
---|
| 188 |
|
---|
| 189 | #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
|
---|
| 190 | #error "Bad configuration - record content too large."
|
---|
| 191 | #endif
|
---|
| 192 |
|
---|
| 193 | #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
|
---|
| 194 | #error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
|
---|
| 195 | #endif
|
---|
| 196 |
|
---|
| 197 | #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
|
---|
| 198 | #error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
|
---|
| 199 | #endif
|
---|
| 200 |
|
---|
| 201 | #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
|
---|
| 202 | #error "Bad configuration - incoming protected record payload too large."
|
---|
| 203 | #endif
|
---|
| 204 |
|
---|
| 205 | #if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
|
---|
| 206 | #error "Bad configuration - outgoing protected record payload too large."
|
---|
| 207 | #endif
|
---|
| 208 |
|
---|
| 209 | /* Calculate buffer sizes */
|
---|
| 210 |
|
---|
| 211 | /* Note: Even though the TLS record header is only 5 bytes
|
---|
| 212 | long, we're internally using 8 bytes to store the
|
---|
| 213 | implicit sequence number. */
|
---|
| 214 | #define MBEDTLS_SSL_HEADER_LEN 13
|
---|
| 215 |
|
---|
| 216 | #define MBEDTLS_SSL_IN_BUFFER_LEN \
|
---|
| 217 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
|
---|
| 218 |
|
---|
| 219 | #define MBEDTLS_SSL_OUT_BUFFER_LEN \
|
---|
| 220 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
|
---|
| 221 |
|
---|
| 222 | #ifdef MBEDTLS_ZLIB_SUPPORT
|
---|
| 223 | /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
|
---|
| 224 | #define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
|
---|
| 225 | ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
|
---|
| 226 | ? MBEDTLS_SSL_IN_BUFFER_LEN \
|
---|
| 227 | : MBEDTLS_SSL_OUT_BUFFER_LEN \
|
---|
| 228 | )
|
---|
| 229 | #endif
|
---|
| 230 |
|
---|
| 231 | /*
|
---|
| 232 | * TLS extension flags (for extensions with outgoing ServerHello content
|
---|
| 233 | * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
|
---|
| 234 | * of state of the renegotiation flag, so no indicator is required)
|
---|
| 235 | */
|
---|
| 236 | #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
|
---|
| 237 | #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
|
---|
| 238 |
|
---|
| 239 | #ifdef __cplusplus
|
---|
| 240 | extern "C" {
|
---|
| 241 | #endif
|
---|
| 242 |
|
---|
| 243 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
| 244 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
| 245 | /*
|
---|
| 246 | * Abstraction for a grid of allowed signature-hash-algorithm pairs.
|
---|
| 247 | */
|
---|
| 248 | struct mbedtls_ssl_sig_hash_set_t
|
---|
| 249 | {
|
---|
| 250 | /* At the moment, we only need to remember a single suitable
|
---|
| 251 | * hash algorithm per signature algorithm. As long as that's
|
---|
| 252 | * the case - and we don't need a general lookup function -
|
---|
| 253 | * we can implement the sig-hash-set as a map from signatures
|
---|
| 254 | * to hash algorithms. */
|
---|
| 255 | mbedtls_md_type_t rsa;
|
---|
| 256 | mbedtls_md_type_t ecdsa;
|
---|
| 257 | };
|
---|
| 258 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
---|
| 259 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
---|
| 260 |
|
---|
| 261 | /*
|
---|
| 262 | * This structure contains the parameters only needed during handshake.
|
---|
| 263 | */
|
---|
| 264 | struct mbedtls_ssl_handshake_params
|
---|
| 265 | {
|
---|
| 266 | /*
|
---|
| 267 | * Handshake specific crypto variables
|
---|
| 268 | */
|
---|
| 269 |
|
---|
| 270 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
| 271 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
| 272 | mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
|
---|
| 273 | #endif
|
---|
| 274 | #if defined(MBEDTLS_DHM_C)
|
---|
| 275 | mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
---|
| 276 | #endif
|
---|
| 277 | #if defined(MBEDTLS_ECDH_C)
|
---|
| 278 | mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
---|
| 279 | #endif
|
---|
| 280 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
---|
| 281 | mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
---|
| 282 | #if defined(MBEDTLS_SSL_CLI_C)
|
---|
| 283 | unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
|
---|
| 284 | size_t ecjpake_cache_len; /*!< Length of cached data */
|
---|
| 285 | #endif
|
---|
| 286 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
---|
| 287 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
---|
| 288 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
---|
| 289 | const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
---|
| 290 | #endif
|
---|
| 291 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
---|
| 292 | unsigned char *psk; /*!< PSK from the callback */
|
---|
| 293 | size_t psk_len; /*!< Length of PSK from callback */
|
---|
| 294 | #endif
|
---|
| 295 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
| 296 | mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
---|
| 297 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
---|
| 298 | int sni_authmode; /*!< authmode from SNI callback */
|
---|
| 299 | mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
---|
| 300 | mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
---|
| 301 | mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
---|
| 302 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
---|
| 303 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|
| 304 | #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
---|
| 305 | int ecrs_enabled; /*!< Handshake supports EC restart? */
|
---|
| 306 | mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
---|
| 307 | enum { /* this complements ssl->state with info on intra-state operations */
|
---|
| 308 | ssl_ecrs_none = 0, /*!< nothing going on (yet) */
|
---|
| 309 | ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */
|
---|
| 310 | ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */
|
---|
| 311 | ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */
|
---|
| 312 | ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */
|
---|
| 313 | } ecrs_state; /*!< current (or last) operation */
|
---|
| 314 | size_t ecrs_n; /*!< place for saving a length */
|
---|
| 315 | #endif
|
---|
| 316 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
| 317 | unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
---|
| 318 | unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
|
---|
| 319 |
|
---|
| 320 | unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
|
---|
| 321 | Srv: unused */
|
---|
| 322 | unsigned char verify_cookie_len; /*!< Cli: cookie length
|
---|
| 323 | Srv: flag for sending a cookie */
|
---|
| 324 |
|
---|
| 325 | uint32_t retransmit_timeout; /*!< Current value of timeout */
|
---|
| 326 | unsigned char retransmit_state; /*!< Retransmission state */
|
---|
| 327 | mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
---|
| 328 | mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
---|
| 329 | unsigned char *cur_msg_p; /*!< Position in current message */
|
---|
| 330 | unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
---|
| 331 | flight being received */
|
---|
| 332 | mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
---|
| 333 | resending messages */
|
---|
| 334 | unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
---|
| 335 | for resending messages */
|
---|
| 336 |
|
---|
| 337 | struct
|
---|
| 338 | {
|
---|
| 339 | size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
|
---|
| 340 | * buffers used for message buffering. */
|
---|
| 341 |
|
---|
| 342 | uint8_t seen_ccs; /*!< Indicates if a CCS message has
|
---|
| 343 | * been seen in the current flight. */
|
---|
| 344 |
|
---|
| 345 | struct mbedtls_ssl_hs_buffer
|
---|
| 346 | {
|
---|
| 347 | unsigned is_valid : 1;
|
---|
| 348 | unsigned is_fragmented : 1;
|
---|
| 349 | unsigned is_complete : 1;
|
---|
| 350 | unsigned char *data;
|
---|
| 351 | size_t data_len;
|
---|
| 352 | } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
|
---|
| 353 |
|
---|
| 354 | struct
|
---|
| 355 | {
|
---|
| 356 | unsigned char *data;
|
---|
| 357 | size_t len;
|
---|
| 358 | unsigned epoch;
|
---|
| 359 | } future_record;
|
---|
| 360 |
|
---|
| 361 | } buffering;
|
---|
| 362 |
|
---|
| 363 | uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
---|
| 364 | #endif /* MBEDTLS_SSL_PROTO_DTLS */
|
---|
| 365 |
|
---|
| 366 | /*
|
---|
| 367 | * Checksum contexts
|
---|
| 368 | */
|
---|
| 369 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
---|
| 370 | defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
| 371 | mbedtls_md5_context fin_md5;
|
---|
| 372 | mbedtls_sha1_context fin_sha1;
|
---|
| 373 | #endif
|
---|
| 374 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
| 375 | #if defined(MBEDTLS_SHA256_C)
|
---|
| 376 | mbedtls_sha256_context fin_sha256;
|
---|
| 377 | #endif
|
---|
| 378 | #if defined(MBEDTLS_SHA512_C)
|
---|
| 379 | mbedtls_sha512_context fin_sha512;
|
---|
| 380 | #endif
|
---|
| 381 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
| 382 |
|
---|
| 383 | void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
|
---|
| 384 | void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
|
---|
| 385 | void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
|
---|
| 386 | int (*tls_prf)(const unsigned char *, size_t, const char *,
|
---|
| 387 | const unsigned char *, size_t,
|
---|
| 388 | unsigned char *, size_t);
|
---|
| 389 |
|
---|
| 390 | size_t pmslen; /*!< premaster length */
|
---|
| 391 |
|
---|
| 392 | unsigned char randbytes[64]; /*!< random bytes */
|
---|
| 393 | unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
---|
| 394 | /*!< premaster secret */
|
---|
| 395 |
|
---|
| 396 | int resume; /*!< session resume indicator*/
|
---|
| 397 | int max_major_ver; /*!< max. major version client*/
|
---|
| 398 | int max_minor_ver; /*!< max. minor version client*/
|
---|
| 399 | int cli_exts; /*!< client extension presence*/
|
---|
| 400 |
|
---|
| 401 | #if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
---|
| 402 | int new_session_ticket; /*!< use NewSessionTicket? */
|
---|
| 403 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
---|
| 404 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
---|
| 405 | int extended_ms; /*!< use Extended Master Secret? */
|
---|
| 406 | #endif
|
---|
| 407 |
|
---|
| 408 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
---|
| 409 | unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */
|
---|
| 410 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
---|
| 411 |
|
---|
| 412 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
---|
| 413 | /** Asynchronous operation context. This field is meant for use by the
|
---|
| 414 | * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start,
|
---|
| 415 | * mbedtls_ssl_config::f_async_decrypt_start,
|
---|
| 416 | * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel).
|
---|
| 417 | * The library does not use it internally. */
|
---|
| 418 | void *user_async_ctx;
|
---|
| 419 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
---|
| 420 | };
|
---|
| 421 |
|
---|
| 422 | typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
---|
| 423 |
|
---|
| 424 | /*
|
---|
| 425 | * This structure contains a full set of runtime transform parameters
|
---|
| 426 | * either in negotiation or active.
|
---|
| 427 | */
|
---|
| 428 | struct mbedtls_ssl_transform
|
---|
| 429 | {
|
---|
| 430 | /*
|
---|
| 431 | * Session specific crypto layer
|
---|
| 432 | */
|
---|
| 433 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
---|
| 434 | /*!< Chosen cipersuite_info */
|
---|
| 435 | unsigned int keylen; /*!< symmetric key length (bytes) */
|
---|
| 436 | size_t minlen; /*!< min. ciphertext length */
|
---|
| 437 | size_t ivlen; /*!< IV length */
|
---|
| 438 | size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
|
---|
| 439 | size_t maclen; /*!< MAC length */
|
---|
| 440 |
|
---|
| 441 | unsigned char iv_enc[16]; /*!< IV (encryption) */
|
---|
| 442 | unsigned char iv_dec[16]; /*!< IV (decryption) */
|
---|
| 443 |
|
---|
| 444 | #if defined(MBEDTLS_SSL_PROTO_SSL3)
|
---|
| 445 | /* Needed only for SSL v3.0 secret */
|
---|
| 446 | unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
|
---|
| 447 | unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
|
---|
| 448 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
---|
| 449 |
|
---|
| 450 | mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
---|
| 451 | mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
---|
| 452 |
|
---|
| 453 | mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
---|
| 454 | mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
---|
| 455 |
|
---|
| 456 | /*
|
---|
| 457 | * Session specific compression layer
|
---|
| 458 | */
|
---|
| 459 | #if defined(MBEDTLS_ZLIB_SUPPORT)
|
---|
| 460 | z_stream ctx_deflate; /*!< compression context */
|
---|
| 461 | z_stream ctx_inflate; /*!< decompression context */
|
---|
| 462 | #endif
|
---|
| 463 | };
|
---|
| 464 |
|
---|
| 465 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
| 466 | /*
|
---|
| 467 | * List of certificate + private key pairs
|
---|
| 468 | */
|
---|
| 469 | struct mbedtls_ssl_key_cert
|
---|
| 470 | {
|
---|
| 471 | mbedtls_x509_crt *cert; /*!< cert */
|
---|
| 472 | mbedtls_pk_context *key; /*!< private key */
|
---|
| 473 | mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
|
---|
| 474 | };
|
---|
| 475 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|
| 476 |
|
---|
| 477 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
| 478 | /*
|
---|
| 479 | * List of handshake messages kept around for resending
|
---|
| 480 | */
|
---|
| 481 | struct mbedtls_ssl_flight_item
|
---|
| 482 | {
|
---|
| 483 | unsigned char *p; /*!< message, including handshake headers */
|
---|
| 484 | size_t len; /*!< length of p */
|
---|
| 485 | unsigned char type; /*!< type of the message: handshake or CCS */
|
---|
| 486 | mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
|
---|
| 487 | };
|
---|
| 488 | #endif /* MBEDTLS_SSL_PROTO_DTLS */
|
---|
| 489 |
|
---|
| 490 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
| 491 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
| 492 |
|
---|
| 493 | /* Find an entry in a signature-hash set matching a given hash algorithm. */
|
---|
| 494 | mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
|
---|
| 495 | mbedtls_pk_type_t sig_alg );
|
---|
| 496 | /* Add a signature-hash-pair to a signature-hash set */
|
---|
| 497 | void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
|
---|
| 498 | mbedtls_pk_type_t sig_alg,
|
---|
| 499 | mbedtls_md_type_t md_alg );
|
---|
| 500 | /* Allow exactly one hash algorithm for each signature. */
|
---|
| 501 | void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
|
---|
| 502 | mbedtls_md_type_t md_alg );
|
---|
| 503 |
|
---|
| 504 | /* Setup an empty signature-hash set */
|
---|
| 505 | static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
|
---|
| 506 | {
|
---|
| 507 | mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
|
---|
| 508 | }
|
---|
| 509 |
|
---|
| 510 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
|
---|
| 511 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
---|
| 512 |
|
---|
| 513 | /**
|
---|
| 514 | * \brief Free referenced items in an SSL transform context and clear
|
---|
| 515 | * memory
|
---|
| 516 | *
|
---|
| 517 | * \param transform SSL transform context
|
---|
| 518 | */
|
---|
| 519 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
---|
| 520 |
|
---|
| 521 | /**
|
---|
| 522 | * \brief Free referenced items in an SSL handshake context and clear
|
---|
| 523 | * memory
|
---|
| 524 | *
|
---|
| 525 | * \param ssl SSL context
|
---|
| 526 | */
|
---|
| 527 | void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
|
---|
| 528 |
|
---|
| 529 | int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
---|
| 530 | int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
---|
| 531 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
---|
| 532 |
|
---|
| 533 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
---|
| 534 |
|
---|
| 535 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
|
---|
| 536 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
|
---|
| 537 |
|
---|
| 538 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
|
---|
| 539 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
|
---|
| 540 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
---|
| 541 |
|
---|
| 542 | /**
|
---|
| 543 | * \brief Update record layer
|
---|
| 544 | *
|
---|
| 545 | * This function roughly separates the implementation
|
---|
| 546 | * of the logic of (D)TLS from the implementation
|
---|
| 547 | * of the secure transport.
|
---|
| 548 | *
|
---|
| 549 | * \param ssl The SSL context to use.
|
---|
| 550 | * \param update_hs_digest This indicates if the handshake digest
|
---|
| 551 | * should be automatically updated in case
|
---|
| 552 | * a handshake message is found.
|
---|
| 553 | *
|
---|
| 554 | * \return 0 or non-zero error code.
|
---|
| 555 | *
|
---|
| 556 | * \note A clarification on what is called 'record layer' here
|
---|
| 557 | * is in order, as many sensible definitions are possible:
|
---|
| 558 | *
|
---|
| 559 | * The record layer takes as input an untrusted underlying
|
---|
| 560 | * transport (stream or datagram) and transforms it into
|
---|
| 561 | * a serially multiplexed, secure transport, which
|
---|
| 562 | * conceptually provides the following:
|
---|
| 563 | *
|
---|
| 564 | * (1) Three datagram based, content-agnostic transports
|
---|
| 565 | * for handshake, alert and CCS messages.
|
---|
| 566 | * (2) One stream- or datagram-based transport
|
---|
| 567 | * for application data.
|
---|
| 568 | * (3) Functionality for changing the underlying transform
|
---|
| 569 | * securing the contents.
|
---|
| 570 | *
|
---|
| 571 | * The interface to this functionality is given as follows:
|
---|
| 572 | *
|
---|
| 573 | * a Updating
|
---|
| 574 | * [Currently implemented by mbedtls_ssl_read_record]
|
---|
| 575 | *
|
---|
| 576 | * Check if and on which of the four 'ports' data is pending:
|
---|
| 577 | * Nothing, a controlling datagram of type (1), or application
|
---|
| 578 | * data (2). In any case data is present, internal buffers
|
---|
| 579 | * provide access to the data for the user to process it.
|
---|
| 580 | * Consumption of type (1) datagrams is done automatically
|
---|
| 581 | * on the next update, invalidating that the internal buffers
|
---|
| 582 | * for previous datagrams, while consumption of application
|
---|
| 583 | * data (2) is user-controlled.
|
---|
| 584 | *
|
---|
| 585 | * b Reading of application data
|
---|
| 586 | * [Currently manual adaption of ssl->in_offt pointer]
|
---|
| 587 | *
|
---|
| 588 | * As mentioned in the last paragraph, consumption of data
|
---|
| 589 | * is different from the automatic consumption of control
|
---|
| 590 | * datagrams (1) because application data is treated as a stream.
|
---|
| 591 | *
|
---|
| 592 | * c Tracking availability of application data
|
---|
| 593 | * [Currently manually through decreasing ssl->in_msglen]
|
---|
| 594 | *
|
---|
| 595 | * For efficiency and to retain datagram semantics for
|
---|
| 596 | * application data in case of DTLS, the record layer
|
---|
| 597 | * provides functionality for checking how much application
|
---|
| 598 | * data is still available in the internal buffer.
|
---|
| 599 | *
|
---|
| 600 | * d Changing the transformation securing the communication.
|
---|
| 601 | *
|
---|
| 602 | * Given an opaque implementation of the record layer in the
|
---|
| 603 | * above sense, it should be possible to implement the logic
|
---|
| 604 | * of (D)TLS on top of it without the need to know anything
|
---|
| 605 | * about the record layer's internals. This is done e.g.
|
---|
| 606 | * in all the handshake handling functions, and in the
|
---|
| 607 | * application data reading function mbedtls_ssl_read.
|
---|
| 608 | *
|
---|
| 609 | * \note The above tries to give a conceptual picture of the
|
---|
| 610 | * record layer, but the current implementation deviates
|
---|
| 611 | * from it in some places. For example, our implementation of
|
---|
| 612 | * the update functionality through mbedtls_ssl_read_record
|
---|
| 613 | * discards datagrams depending on the current state, which
|
---|
| 614 | * wouldn't fall under the record layer's responsibility
|
---|
| 615 | * following the above definition.
|
---|
| 616 | *
|
---|
| 617 | */
|
---|
| 618 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
---|
| 619 | unsigned update_hs_digest );
|
---|
| 620 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
---|
| 621 |
|
---|
| 622 | int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
---|
| 623 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
---|
| 624 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
---|
| 625 |
|
---|
| 626 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
|
---|
| 627 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
|
---|
| 628 |
|
---|
| 629 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
|
---|
| 630 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
|
---|
| 631 |
|
---|
| 632 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
|
---|
| 633 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
|
---|
| 634 |
|
---|
| 635 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
---|
| 636 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
|
---|
| 637 |
|
---|
| 638 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
---|
| 639 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
|
---|
| 640 | #endif
|
---|
| 641 |
|
---|
| 642 | #if defined(MBEDTLS_PK_C)
|
---|
| 643 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
|
---|
| 644 | unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
|
---|
| 645 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
|
---|
| 646 | #endif
|
---|
| 647 |
|
---|
| 648 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
|
---|
| 649 | unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
---|
| 650 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
|
---|
| 651 |
|
---|
| 652 | #if defined(MBEDTLS_ECP_C)
|
---|
| 653 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
---|
| 654 | #endif
|
---|
| 655 |
|
---|
| 656 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
| 657 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
---|
| 658 | mbedtls_md_type_t md );
|
---|
| 659 | #endif
|
---|
| 660 |
|
---|
| 661 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
| 662 | static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
|
---|
| 663 | {
|
---|
| 664 | mbedtls_ssl_key_cert *key_cert;
|
---|
| 665 |
|
---|
| 666 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
---|
| 667 | key_cert = ssl->handshake->key_cert;
|
---|
| 668 | else
|
---|
| 669 | key_cert = ssl->conf->key_cert;
|
---|
| 670 |
|
---|
| 671 | return( key_cert == NULL ? NULL : key_cert->key );
|
---|
| 672 | }
|
---|
| 673 |
|
---|
| 674 | static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
|
---|
| 675 | {
|
---|
| 676 | mbedtls_ssl_key_cert *key_cert;
|
---|
| 677 |
|
---|
| 678 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
---|
| 679 | key_cert = ssl->handshake->key_cert;
|
---|
| 680 | else
|
---|
| 681 | key_cert = ssl->conf->key_cert;
|
---|
| 682 |
|
---|
| 683 | return( key_cert == NULL ? NULL : key_cert->cert );
|
---|
| 684 | }
|
---|
| 685 |
|
---|
| 686 | /*
|
---|
| 687 | * Check usage of a certificate wrt extensions:
|
---|
| 688 | * keyUsage, extendedKeyUsage (later), and nSCertType (later).
|
---|
| 689 | *
|
---|
| 690 | * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
|
---|
| 691 | * check a cert we received from them)!
|
---|
| 692 | *
|
---|
| 693 | * Return 0 if everything is OK, -1 if not.
|
---|
| 694 | */
|
---|
| 695 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
---|
| 696 | const mbedtls_ssl_ciphersuite_t *ciphersuite,
|
---|
| 697 | int cert_endpoint,
|
---|
| 698 | uint32_t *flags );
|
---|
| 699 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|
| 700 |
|
---|
| 701 | void mbedtls_ssl_write_version( int major, int minor, int transport,
|
---|
| 702 | unsigned char ver[2] );
|
---|
| 703 | void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
---|
| 704 | const unsigned char ver[2] );
|
---|
| 705 |
|
---|
| 706 | static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
---|
| 707 | {
|
---|
| 708 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
| 709 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
---|
| 710 | return( 13 );
|
---|
| 711 | #else
|
---|
| 712 | ((void) ssl);
|
---|
| 713 | #endif
|
---|
| 714 | return( 5 );
|
---|
| 715 | }
|
---|
| 716 |
|
---|
| 717 | static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
---|
| 718 | {
|
---|
| 719 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
| 720 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
---|
| 721 | return( 12 );
|
---|
| 722 | #else
|
---|
| 723 | ((void) ssl);
|
---|
| 724 | #endif
|
---|
| 725 | return( 4 );
|
---|
| 726 | }
|
---|
| 727 |
|
---|
| 728 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
| 729 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
|
---|
| 730 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
|
---|
| 731 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
|
---|
| 732 | int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
|
---|
| 733 | #endif
|
---|
| 734 |
|
---|
| 735 | /* Visible for testing purposes only */
|
---|
| 736 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
---|
| 737 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
|
---|
| 738 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
---|
| 739 | #endif
|
---|
| 740 |
|
---|
| 741 | /* constant-time buffer comparison */
|
---|
| 742 | static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
---|
| 743 | {
|
---|
| 744 | size_t i;
|
---|
| 745 | volatile const unsigned char *A = (volatile const unsigned char *) a;
|
---|
| 746 | volatile const unsigned char *B = (volatile const unsigned char *) b;
|
---|
| 747 | volatile unsigned char diff = 0;
|
---|
| 748 |
|
---|
| 749 | for( i = 0; i < n; i++ )
|
---|
| 750 | {
|
---|
| 751 | /* Read volatile data in order before computing diff.
|
---|
| 752 | * This avoids IAR compiler warning:
|
---|
| 753 | * 'the order of volatile accesses is undefined ..' */
|
---|
| 754 | unsigned char x = A[i], y = B[i];
|
---|
| 755 | diff |= x ^ y;
|
---|
| 756 | }
|
---|
| 757 |
|
---|
| 758 | return( diff );
|
---|
| 759 | }
|
---|
| 760 |
|
---|
| 761 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
---|
| 762 | defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
| 763 | int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
---|
| 764 | unsigned char *output,
|
---|
| 765 | unsigned char *data, size_t data_len );
|
---|
| 766 | #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
---|
| 767 | MBEDTLS_SSL_PROTO_TLS1_1 */
|
---|
| 768 |
|
---|
| 769 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
---|
| 770 | defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
| 771 | int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
---|
| 772 | unsigned char *hash, size_t *hashlen,
|
---|
| 773 | unsigned char *data, size_t data_len,
|
---|
| 774 | mbedtls_md_type_t md_alg );
|
---|
| 775 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
---|
| 776 | MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
| 777 |
|
---|
| 778 | #ifdef __cplusplus
|
---|
| 779 | }
|
---|
| 780 | #endif
|
---|
| 781 |
|
---|
| 782 | #endif /* ssl_internal.h */
|
---|