1 | /**
|
---|
2 | * \file ssl_internal.h
|
---|
3 | *
|
---|
4 | * \brief Internal functions shared by the SSL modules
|
---|
5 | */
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
8 | * SPDX-License-Identifier: Apache-2.0
|
---|
9 | *
|
---|
10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
11 | * not use this file except in compliance with the License.
|
---|
12 | * You may obtain a copy of the License at
|
---|
13 | *
|
---|
14 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
15 | *
|
---|
16 | * Unless required by applicable law or agreed to in writing, software
|
---|
17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
19 | * See the License for the specific language governing permissions and
|
---|
20 | * limitations under the License.
|
---|
21 | *
|
---|
22 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
23 | */
|
---|
24 | #ifndef MBEDTLS_SSL_INTERNAL_H
|
---|
25 | #define MBEDTLS_SSL_INTERNAL_H
|
---|
26 |
|
---|
27 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
28 | #include "config.h"
|
---|
29 | #else
|
---|
30 | #include MBEDTLS_CONFIG_FILE
|
---|
31 | #endif
|
---|
32 |
|
---|
33 | #include "ssl.h"
|
---|
34 | #include "cipher.h"
|
---|
35 |
|
---|
36 | #if defined(MBEDTLS_MD5_C)
|
---|
37 | #include "md5.h"
|
---|
38 | #endif
|
---|
39 |
|
---|
40 | #if defined(MBEDTLS_SHA1_C)
|
---|
41 | #include "sha1.h"
|
---|
42 | #endif
|
---|
43 |
|
---|
44 | #if defined(MBEDTLS_SHA256_C)
|
---|
45 | #include "sha256.h"
|
---|
46 | #endif
|
---|
47 |
|
---|
48 | #if defined(MBEDTLS_SHA512_C)
|
---|
49 | #include "sha512.h"
|
---|
50 | #endif
|
---|
51 |
|
---|
52 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
---|
53 | #include "ecjpake.h"
|
---|
54 | #endif
|
---|
55 |
|
---|
56 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
---|
57 | !defined(inline) && !defined(__cplusplus)
|
---|
58 | #define inline __inline
|
---|
59 | #endif
|
---|
60 |
|
---|
61 | /* Determine minimum supported version */
|
---|
62 | #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
---|
63 |
|
---|
64 | #if defined(MBEDTLS_SSL_PROTO_SSL3)
|
---|
65 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
---|
66 | #else
|
---|
67 | #if defined(MBEDTLS_SSL_PROTO_TLS1)
|
---|
68 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
---|
69 | #else
|
---|
70 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
71 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
---|
72 | #else
|
---|
73 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
74 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
---|
75 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
76 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
---|
77 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
---|
78 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
---|
79 |
|
---|
80 | #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
---|
81 | #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
---|
82 |
|
---|
83 | /* Determine maximum supported version */
|
---|
84 | #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
---|
85 |
|
---|
86 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
87 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
---|
88 | #else
|
---|
89 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
90 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
---|
91 | #else
|
---|
92 | #if defined(MBEDTLS_SSL_PROTO_TLS1)
|
---|
93 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
---|
94 | #else
|
---|
95 | #if defined(MBEDTLS_SSL_PROTO_SSL3)
|
---|
96 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
---|
97 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
---|
98 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
---|
99 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
---|
100 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
101 |
|
---|
102 | /* Shorthand for restartable ECC */
|
---|
103 | #if defined(MBEDTLS_ECP_RESTARTABLE) && \
|
---|
104 | defined(MBEDTLS_SSL_CLI_C) && \
|
---|
105 | defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
106 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
---|
107 | #define MBEDTLS_SSL__ECP_RESTARTABLE
|
---|
108 | #endif
|
---|
109 |
|
---|
110 | #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
|
---|
111 | #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
|
---|
112 | #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
|
---|
113 | #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
|
---|
114 |
|
---|
115 | /*
|
---|
116 | * DTLS retransmission states, see RFC 6347 4.2.4
|
---|
117 | *
|
---|
118 | * The SENDING state is merged in PREPARING for initial sends,
|
---|
119 | * but is distinct for resends.
|
---|
120 | *
|
---|
121 | * Note: initial state is wrong for server, but is not used anyway.
|
---|
122 | */
|
---|
123 | #define MBEDTLS_SSL_RETRANS_PREPARING 0
|
---|
124 | #define MBEDTLS_SSL_RETRANS_SENDING 1
|
---|
125 | #define MBEDTLS_SSL_RETRANS_WAITING 2
|
---|
126 | #define MBEDTLS_SSL_RETRANS_FINISHED 3
|
---|
127 |
|
---|
128 | /*
|
---|
129 | * Allow extra bytes for record, authentication and encryption overhead:
|
---|
130 | * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
|
---|
131 | * and allow for a maximum of 1024 of compression expansion if
|
---|
132 | * enabled.
|
---|
133 | */
|
---|
134 | #if defined(MBEDTLS_ZLIB_SUPPORT)
|
---|
135 | #define MBEDTLS_SSL_COMPRESSION_ADD 1024
|
---|
136 | #else
|
---|
137 | #define MBEDTLS_SSL_COMPRESSION_ADD 0
|
---|
138 | #endif
|
---|
139 |
|
---|
140 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
|
---|
141 | /* Ciphersuites using HMAC */
|
---|
142 | #if defined(MBEDTLS_SHA512_C)
|
---|
143 | #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
|
---|
144 | #elif defined(MBEDTLS_SHA256_C)
|
---|
145 | #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
|
---|
146 | #else
|
---|
147 | #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
|
---|
148 | #endif
|
---|
149 | #else
|
---|
150 | /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
|
---|
151 | #define MBEDTLS_SSL_MAC_ADD 16
|
---|
152 | #endif
|
---|
153 |
|
---|
154 | #if defined(MBEDTLS_CIPHER_MODE_CBC)
|
---|
155 | #define MBEDTLS_SSL_PADDING_ADD 256
|
---|
156 | #else
|
---|
157 | #define MBEDTLS_SSL_PADDING_ADD 0
|
---|
158 | #endif
|
---|
159 |
|
---|
160 | #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
|
---|
161 | MBEDTLS_MAX_IV_LENGTH + \
|
---|
162 | MBEDTLS_SSL_MAC_ADD + \
|
---|
163 | MBEDTLS_SSL_PADDING_ADD \
|
---|
164 | )
|
---|
165 |
|
---|
166 | #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
---|
167 | ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
|
---|
168 |
|
---|
169 | #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
|
---|
170 | ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
|
---|
171 |
|
---|
172 | /* The maximum number of buffered handshake messages. */
|
---|
173 | #define MBEDTLS_SSL_MAX_BUFFERED_HS 4
|
---|
174 |
|
---|
175 | /* Maximum length we can advertise as our max content length for
|
---|
176 | RFC 6066 max_fragment_length extension negotiation purposes
|
---|
177 | (the lesser of both sizes, if they are unequal.)
|
---|
178 | */
|
---|
179 | #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
|
---|
180 | (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
|
---|
181 | ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
|
---|
182 | : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
|
---|
183 | )
|
---|
184 |
|
---|
185 | /*
|
---|
186 | * Check that we obey the standard's message size bounds
|
---|
187 | */
|
---|
188 |
|
---|
189 | #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
|
---|
190 | #error "Bad configuration - record content too large."
|
---|
191 | #endif
|
---|
192 |
|
---|
193 | #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
|
---|
194 | #error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
|
---|
195 | #endif
|
---|
196 |
|
---|
197 | #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
|
---|
198 | #error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
|
---|
199 | #endif
|
---|
200 |
|
---|
201 | #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
|
---|
202 | #error "Bad configuration - incoming protected record payload too large."
|
---|
203 | #endif
|
---|
204 |
|
---|
205 | #if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
|
---|
206 | #error "Bad configuration - outgoing protected record payload too large."
|
---|
207 | #endif
|
---|
208 |
|
---|
209 | /* Calculate buffer sizes */
|
---|
210 |
|
---|
211 | /* Note: Even though the TLS record header is only 5 bytes
|
---|
212 | long, we're internally using 8 bytes to store the
|
---|
213 | implicit sequence number. */
|
---|
214 | #define MBEDTLS_SSL_HEADER_LEN 13
|
---|
215 |
|
---|
216 | #define MBEDTLS_SSL_IN_BUFFER_LEN \
|
---|
217 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
|
---|
218 |
|
---|
219 | #define MBEDTLS_SSL_OUT_BUFFER_LEN \
|
---|
220 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
|
---|
221 |
|
---|
222 | #ifdef MBEDTLS_ZLIB_SUPPORT
|
---|
223 | /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
|
---|
224 | #define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
|
---|
225 | ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
|
---|
226 | ? MBEDTLS_SSL_IN_BUFFER_LEN \
|
---|
227 | : MBEDTLS_SSL_OUT_BUFFER_LEN \
|
---|
228 | )
|
---|
229 | #endif
|
---|
230 |
|
---|
231 | /*
|
---|
232 | * TLS extension flags (for extensions with outgoing ServerHello content
|
---|
233 | * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
|
---|
234 | * of state of the renegotiation flag, so no indicator is required)
|
---|
235 | */
|
---|
236 | #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
|
---|
237 | #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
|
---|
238 |
|
---|
239 | #ifdef __cplusplus
|
---|
240 | extern "C" {
|
---|
241 | #endif
|
---|
242 |
|
---|
243 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
244 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
245 | /*
|
---|
246 | * Abstraction for a grid of allowed signature-hash-algorithm pairs.
|
---|
247 | */
|
---|
248 | struct mbedtls_ssl_sig_hash_set_t
|
---|
249 | {
|
---|
250 | /* At the moment, we only need to remember a single suitable
|
---|
251 | * hash algorithm per signature algorithm. As long as that's
|
---|
252 | * the case - and we don't need a general lookup function -
|
---|
253 | * we can implement the sig-hash-set as a map from signatures
|
---|
254 | * to hash algorithms. */
|
---|
255 | mbedtls_md_type_t rsa;
|
---|
256 | mbedtls_md_type_t ecdsa;
|
---|
257 | };
|
---|
258 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
---|
259 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
---|
260 |
|
---|
261 | /*
|
---|
262 | * This structure contains the parameters only needed during handshake.
|
---|
263 | */
|
---|
264 | struct mbedtls_ssl_handshake_params
|
---|
265 | {
|
---|
266 | /*
|
---|
267 | * Handshake specific crypto variables
|
---|
268 | */
|
---|
269 |
|
---|
270 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
271 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
272 | mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
|
---|
273 | #endif
|
---|
274 | #if defined(MBEDTLS_DHM_C)
|
---|
275 | mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
---|
276 | #endif
|
---|
277 | #if defined(MBEDTLS_ECDH_C)
|
---|
278 | mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
---|
279 | #endif
|
---|
280 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
---|
281 | mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
---|
282 | #if defined(MBEDTLS_SSL_CLI_C)
|
---|
283 | unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
|
---|
284 | size_t ecjpake_cache_len; /*!< Length of cached data */
|
---|
285 | #endif
|
---|
286 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
---|
287 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
---|
288 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
---|
289 | const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
---|
290 | #endif
|
---|
291 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
---|
292 | unsigned char *psk; /*!< PSK from the callback */
|
---|
293 | size_t psk_len; /*!< Length of PSK from callback */
|
---|
294 | #endif
|
---|
295 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
296 | mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
---|
297 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
---|
298 | int sni_authmode; /*!< authmode from SNI callback */
|
---|
299 | mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
---|
300 | mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
---|
301 | mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
---|
302 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
---|
303 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|
304 | #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
---|
305 | int ecrs_enabled; /*!< Handshake supports EC restart? */
|
---|
306 | mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
---|
307 | enum { /* this complements ssl->state with info on intra-state operations */
|
---|
308 | ssl_ecrs_none = 0, /*!< nothing going on (yet) */
|
---|
309 | ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */
|
---|
310 | ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */
|
---|
311 | ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */
|
---|
312 | ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */
|
---|
313 | } ecrs_state; /*!< current (or last) operation */
|
---|
314 | size_t ecrs_n; /*!< place for saving a length */
|
---|
315 | #endif
|
---|
316 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
317 | unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
---|
318 | unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
|
---|
319 |
|
---|
320 | unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
|
---|
321 | Srv: unused */
|
---|
322 | unsigned char verify_cookie_len; /*!< Cli: cookie length
|
---|
323 | Srv: flag for sending a cookie */
|
---|
324 |
|
---|
325 | uint32_t retransmit_timeout; /*!< Current value of timeout */
|
---|
326 | unsigned char retransmit_state; /*!< Retransmission state */
|
---|
327 | mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
---|
328 | mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
---|
329 | unsigned char *cur_msg_p; /*!< Position in current message */
|
---|
330 | unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
---|
331 | flight being received */
|
---|
332 | mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
---|
333 | resending messages */
|
---|
334 | unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
---|
335 | for resending messages */
|
---|
336 |
|
---|
337 | struct
|
---|
338 | {
|
---|
339 | size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
|
---|
340 | * buffers used for message buffering. */
|
---|
341 |
|
---|
342 | uint8_t seen_ccs; /*!< Indicates if a CCS message has
|
---|
343 | * been seen in the current flight. */
|
---|
344 |
|
---|
345 | struct mbedtls_ssl_hs_buffer
|
---|
346 | {
|
---|
347 | unsigned is_valid : 1;
|
---|
348 | unsigned is_fragmented : 1;
|
---|
349 | unsigned is_complete : 1;
|
---|
350 | unsigned char *data;
|
---|
351 | size_t data_len;
|
---|
352 | } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
|
---|
353 |
|
---|
354 | struct
|
---|
355 | {
|
---|
356 | unsigned char *data;
|
---|
357 | size_t len;
|
---|
358 | unsigned epoch;
|
---|
359 | } future_record;
|
---|
360 |
|
---|
361 | } buffering;
|
---|
362 |
|
---|
363 | uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
---|
364 | #endif /* MBEDTLS_SSL_PROTO_DTLS */
|
---|
365 |
|
---|
366 | /*
|
---|
367 | * Checksum contexts
|
---|
368 | */
|
---|
369 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
---|
370 | defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
371 | mbedtls_md5_context fin_md5;
|
---|
372 | mbedtls_sha1_context fin_sha1;
|
---|
373 | #endif
|
---|
374 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
375 | #if defined(MBEDTLS_SHA256_C)
|
---|
376 | mbedtls_sha256_context fin_sha256;
|
---|
377 | #endif
|
---|
378 | #if defined(MBEDTLS_SHA512_C)
|
---|
379 | mbedtls_sha512_context fin_sha512;
|
---|
380 | #endif
|
---|
381 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
382 |
|
---|
383 | void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
|
---|
384 | void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
|
---|
385 | void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
|
---|
386 | int (*tls_prf)(const unsigned char *, size_t, const char *,
|
---|
387 | const unsigned char *, size_t,
|
---|
388 | unsigned char *, size_t);
|
---|
389 |
|
---|
390 | size_t pmslen; /*!< premaster length */
|
---|
391 |
|
---|
392 | unsigned char randbytes[64]; /*!< random bytes */
|
---|
393 | unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
---|
394 | /*!< premaster secret */
|
---|
395 |
|
---|
396 | int resume; /*!< session resume indicator*/
|
---|
397 | int max_major_ver; /*!< max. major version client*/
|
---|
398 | int max_minor_ver; /*!< max. minor version client*/
|
---|
399 | int cli_exts; /*!< client extension presence*/
|
---|
400 |
|
---|
401 | #if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
---|
402 | int new_session_ticket; /*!< use NewSessionTicket? */
|
---|
403 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
---|
404 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
---|
405 | int extended_ms; /*!< use Extended Master Secret? */
|
---|
406 | #endif
|
---|
407 |
|
---|
408 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
---|
409 | unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */
|
---|
410 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
---|
411 |
|
---|
412 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
---|
413 | /** Asynchronous operation context. This field is meant for use by the
|
---|
414 | * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start,
|
---|
415 | * mbedtls_ssl_config::f_async_decrypt_start,
|
---|
416 | * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel).
|
---|
417 | * The library does not use it internally. */
|
---|
418 | void *user_async_ctx;
|
---|
419 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
---|
420 | };
|
---|
421 |
|
---|
422 | typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
---|
423 |
|
---|
424 | /*
|
---|
425 | * This structure contains a full set of runtime transform parameters
|
---|
426 | * either in negotiation or active.
|
---|
427 | */
|
---|
428 | struct mbedtls_ssl_transform
|
---|
429 | {
|
---|
430 | /*
|
---|
431 | * Session specific crypto layer
|
---|
432 | */
|
---|
433 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
---|
434 | /*!< Chosen cipersuite_info */
|
---|
435 | unsigned int keylen; /*!< symmetric key length (bytes) */
|
---|
436 | size_t minlen; /*!< min. ciphertext length */
|
---|
437 | size_t ivlen; /*!< IV length */
|
---|
438 | size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
|
---|
439 | size_t maclen; /*!< MAC length */
|
---|
440 |
|
---|
441 | unsigned char iv_enc[16]; /*!< IV (encryption) */
|
---|
442 | unsigned char iv_dec[16]; /*!< IV (decryption) */
|
---|
443 |
|
---|
444 | #if defined(MBEDTLS_SSL_PROTO_SSL3)
|
---|
445 | /* Needed only for SSL v3.0 secret */
|
---|
446 | unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
|
---|
447 | unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
|
---|
448 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
---|
449 |
|
---|
450 | mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
---|
451 | mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
---|
452 |
|
---|
453 | mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
---|
454 | mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
---|
455 |
|
---|
456 | /*
|
---|
457 | * Session specific compression layer
|
---|
458 | */
|
---|
459 | #if defined(MBEDTLS_ZLIB_SUPPORT)
|
---|
460 | z_stream ctx_deflate; /*!< compression context */
|
---|
461 | z_stream ctx_inflate; /*!< decompression context */
|
---|
462 | #endif
|
---|
463 | };
|
---|
464 |
|
---|
465 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
466 | /*
|
---|
467 | * List of certificate + private key pairs
|
---|
468 | */
|
---|
469 | struct mbedtls_ssl_key_cert
|
---|
470 | {
|
---|
471 | mbedtls_x509_crt *cert; /*!< cert */
|
---|
472 | mbedtls_pk_context *key; /*!< private key */
|
---|
473 | mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
|
---|
474 | };
|
---|
475 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|
476 |
|
---|
477 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
478 | /*
|
---|
479 | * List of handshake messages kept around for resending
|
---|
480 | */
|
---|
481 | struct mbedtls_ssl_flight_item
|
---|
482 | {
|
---|
483 | unsigned char *p; /*!< message, including handshake headers */
|
---|
484 | size_t len; /*!< length of p */
|
---|
485 | unsigned char type; /*!< type of the message: handshake or CCS */
|
---|
486 | mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
|
---|
487 | };
|
---|
488 | #endif /* MBEDTLS_SSL_PROTO_DTLS */
|
---|
489 |
|
---|
490 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
---|
491 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
492 |
|
---|
493 | /* Find an entry in a signature-hash set matching a given hash algorithm. */
|
---|
494 | mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
|
---|
495 | mbedtls_pk_type_t sig_alg );
|
---|
496 | /* Add a signature-hash-pair to a signature-hash set */
|
---|
497 | void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
|
---|
498 | mbedtls_pk_type_t sig_alg,
|
---|
499 | mbedtls_md_type_t md_alg );
|
---|
500 | /* Allow exactly one hash algorithm for each signature. */
|
---|
501 | void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
|
---|
502 | mbedtls_md_type_t md_alg );
|
---|
503 |
|
---|
504 | /* Setup an empty signature-hash set */
|
---|
505 | static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
|
---|
506 | {
|
---|
507 | mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
|
---|
508 | }
|
---|
509 |
|
---|
510 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
|
---|
511 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
---|
512 |
|
---|
513 | /**
|
---|
514 | * \brief Free referenced items in an SSL transform context and clear
|
---|
515 | * memory
|
---|
516 | *
|
---|
517 | * \param transform SSL transform context
|
---|
518 | */
|
---|
519 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
---|
520 |
|
---|
521 | /**
|
---|
522 | * \brief Free referenced items in an SSL handshake context and clear
|
---|
523 | * memory
|
---|
524 | *
|
---|
525 | * \param ssl SSL context
|
---|
526 | */
|
---|
527 | void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
|
---|
528 |
|
---|
529 | int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
---|
530 | int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
---|
531 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
---|
532 |
|
---|
533 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
---|
534 |
|
---|
535 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
|
---|
536 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
|
---|
537 |
|
---|
538 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
|
---|
539 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
|
---|
540 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
---|
541 |
|
---|
542 | /**
|
---|
543 | * \brief Update record layer
|
---|
544 | *
|
---|
545 | * This function roughly separates the implementation
|
---|
546 | * of the logic of (D)TLS from the implementation
|
---|
547 | * of the secure transport.
|
---|
548 | *
|
---|
549 | * \param ssl The SSL context to use.
|
---|
550 | * \param update_hs_digest This indicates if the handshake digest
|
---|
551 | * should be automatically updated in case
|
---|
552 | * a handshake message is found.
|
---|
553 | *
|
---|
554 | * \return 0 or non-zero error code.
|
---|
555 | *
|
---|
556 | * \note A clarification on what is called 'record layer' here
|
---|
557 | * is in order, as many sensible definitions are possible:
|
---|
558 | *
|
---|
559 | * The record layer takes as input an untrusted underlying
|
---|
560 | * transport (stream or datagram) and transforms it into
|
---|
561 | * a serially multiplexed, secure transport, which
|
---|
562 | * conceptually provides the following:
|
---|
563 | *
|
---|
564 | * (1) Three datagram based, content-agnostic transports
|
---|
565 | * for handshake, alert and CCS messages.
|
---|
566 | * (2) One stream- or datagram-based transport
|
---|
567 | * for application data.
|
---|
568 | * (3) Functionality for changing the underlying transform
|
---|
569 | * securing the contents.
|
---|
570 | *
|
---|
571 | * The interface to this functionality is given as follows:
|
---|
572 | *
|
---|
573 | * a Updating
|
---|
574 | * [Currently implemented by mbedtls_ssl_read_record]
|
---|
575 | *
|
---|
576 | * Check if and on which of the four 'ports' data is pending:
|
---|
577 | * Nothing, a controlling datagram of type (1), or application
|
---|
578 | * data (2). In any case data is present, internal buffers
|
---|
579 | * provide access to the data for the user to process it.
|
---|
580 | * Consumption of type (1) datagrams is done automatically
|
---|
581 | * on the next update, invalidating that the internal buffers
|
---|
582 | * for previous datagrams, while consumption of application
|
---|
583 | * data (2) is user-controlled.
|
---|
584 | *
|
---|
585 | * b Reading of application data
|
---|
586 | * [Currently manual adaption of ssl->in_offt pointer]
|
---|
587 | *
|
---|
588 | * As mentioned in the last paragraph, consumption of data
|
---|
589 | * is different from the automatic consumption of control
|
---|
590 | * datagrams (1) because application data is treated as a stream.
|
---|
591 | *
|
---|
592 | * c Tracking availability of application data
|
---|
593 | * [Currently manually through decreasing ssl->in_msglen]
|
---|
594 | *
|
---|
595 | * For efficiency and to retain datagram semantics for
|
---|
596 | * application data in case of DTLS, the record layer
|
---|
597 | * provides functionality for checking how much application
|
---|
598 | * data is still available in the internal buffer.
|
---|
599 | *
|
---|
600 | * d Changing the transformation securing the communication.
|
---|
601 | *
|
---|
602 | * Given an opaque implementation of the record layer in the
|
---|
603 | * above sense, it should be possible to implement the logic
|
---|
604 | * of (D)TLS on top of it without the need to know anything
|
---|
605 | * about the record layer's internals. This is done e.g.
|
---|
606 | * in all the handshake handling functions, and in the
|
---|
607 | * application data reading function mbedtls_ssl_read.
|
---|
608 | *
|
---|
609 | * \note The above tries to give a conceptual picture of the
|
---|
610 | * record layer, but the current implementation deviates
|
---|
611 | * from it in some places. For example, our implementation of
|
---|
612 | * the update functionality through mbedtls_ssl_read_record
|
---|
613 | * discards datagrams depending on the current state, which
|
---|
614 | * wouldn't fall under the record layer's responsibility
|
---|
615 | * following the above definition.
|
---|
616 | *
|
---|
617 | */
|
---|
618 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
---|
619 | unsigned update_hs_digest );
|
---|
620 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
---|
621 |
|
---|
622 | int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
---|
623 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
---|
624 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
---|
625 |
|
---|
626 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
|
---|
627 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
|
---|
628 |
|
---|
629 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
|
---|
630 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
|
---|
631 |
|
---|
632 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
|
---|
633 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
|
---|
634 |
|
---|
635 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
---|
636 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
|
---|
637 |
|
---|
638 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
---|
639 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
|
---|
640 | #endif
|
---|
641 |
|
---|
642 | #if defined(MBEDTLS_PK_C)
|
---|
643 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
|
---|
644 | unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
|
---|
645 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
|
---|
646 | #endif
|
---|
647 |
|
---|
648 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
|
---|
649 | unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
---|
650 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
|
---|
651 |
|
---|
652 | #if defined(MBEDTLS_ECP_C)
|
---|
653 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
---|
654 | #endif
|
---|
655 |
|
---|
656 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
---|
657 | int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
---|
658 | mbedtls_md_type_t md );
|
---|
659 | #endif
|
---|
660 |
|
---|
661 | #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
---|
662 | static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
|
---|
663 | {
|
---|
664 | mbedtls_ssl_key_cert *key_cert;
|
---|
665 |
|
---|
666 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
---|
667 | key_cert = ssl->handshake->key_cert;
|
---|
668 | else
|
---|
669 | key_cert = ssl->conf->key_cert;
|
---|
670 |
|
---|
671 | return( key_cert == NULL ? NULL : key_cert->key );
|
---|
672 | }
|
---|
673 |
|
---|
674 | static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
|
---|
675 | {
|
---|
676 | mbedtls_ssl_key_cert *key_cert;
|
---|
677 |
|
---|
678 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
---|
679 | key_cert = ssl->handshake->key_cert;
|
---|
680 | else
|
---|
681 | key_cert = ssl->conf->key_cert;
|
---|
682 |
|
---|
683 | return( key_cert == NULL ? NULL : key_cert->cert );
|
---|
684 | }
|
---|
685 |
|
---|
686 | /*
|
---|
687 | * Check usage of a certificate wrt extensions:
|
---|
688 | * keyUsage, extendedKeyUsage (later), and nSCertType (later).
|
---|
689 | *
|
---|
690 | * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
|
---|
691 | * check a cert we received from them)!
|
---|
692 | *
|
---|
693 | * Return 0 if everything is OK, -1 if not.
|
---|
694 | */
|
---|
695 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
---|
696 | const mbedtls_ssl_ciphersuite_t *ciphersuite,
|
---|
697 | int cert_endpoint,
|
---|
698 | uint32_t *flags );
|
---|
699 | #endif /* MBEDTLS_X509_CRT_PARSE_C */
|
---|
700 |
|
---|
701 | void mbedtls_ssl_write_version( int major, int minor, int transport,
|
---|
702 | unsigned char ver[2] );
|
---|
703 | void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
---|
704 | const unsigned char ver[2] );
|
---|
705 |
|
---|
706 | static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
---|
707 | {
|
---|
708 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
709 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
---|
710 | return( 13 );
|
---|
711 | #else
|
---|
712 | ((void) ssl);
|
---|
713 | #endif
|
---|
714 | return( 5 );
|
---|
715 | }
|
---|
716 |
|
---|
717 | static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
---|
718 | {
|
---|
719 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
720 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
---|
721 | return( 12 );
|
---|
722 | #else
|
---|
723 | ((void) ssl);
|
---|
724 | #endif
|
---|
725 | return( 4 );
|
---|
726 | }
|
---|
727 |
|
---|
728 | #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
---|
729 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
|
---|
730 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
|
---|
731 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
|
---|
732 | int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
|
---|
733 | #endif
|
---|
734 |
|
---|
735 | /* Visible for testing purposes only */
|
---|
736 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
---|
737 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
|
---|
738 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
---|
739 | #endif
|
---|
740 |
|
---|
741 | /* constant-time buffer comparison */
|
---|
742 | static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
---|
743 | {
|
---|
744 | size_t i;
|
---|
745 | volatile const unsigned char *A = (volatile const unsigned char *) a;
|
---|
746 | volatile const unsigned char *B = (volatile const unsigned char *) b;
|
---|
747 | volatile unsigned char diff = 0;
|
---|
748 |
|
---|
749 | for( i = 0; i < n; i++ )
|
---|
750 | {
|
---|
751 | /* Read volatile data in order before computing diff.
|
---|
752 | * This avoids IAR compiler warning:
|
---|
753 | * 'the order of volatile accesses is undefined ..' */
|
---|
754 | unsigned char x = A[i], y = B[i];
|
---|
755 | diff |= x ^ y;
|
---|
756 | }
|
---|
757 |
|
---|
758 | return( diff );
|
---|
759 | }
|
---|
760 |
|
---|
761 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
---|
762 | defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
---|
763 | int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
---|
764 | unsigned char *output,
|
---|
765 | unsigned char *data, size_t data_len );
|
---|
766 | #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
---|
767 | MBEDTLS_SSL_PROTO_TLS1_1 */
|
---|
768 |
|
---|
769 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
---|
770 | defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
---|
771 | int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
---|
772 | unsigned char *hash, size_t *hashlen,
|
---|
773 | unsigned char *data, size_t data_len,
|
---|
774 | mbedtls_md_type_t md_alg );
|
---|
775 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
---|
776 | MBEDTLS_SSL_PROTO_TLS1_2 */
|
---|
777 |
|
---|
778 | #ifdef __cplusplus
|
---|
779 | }
|
---|
780 | #endif
|
---|
781 |
|
---|
782 | #endif /* ssl_internal.h */
|
---|