4 * \brief SSL/TLS functions.
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * This file is part of mbed TLS (https://tls.mbed.org)
26 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include MBEDTLS_CONFIG_FILE
35 #include "ssl_ciphersuites.h"
37 #if defined(MBEDTLS_X509_CRT_PARSE_C)
42 #if defined(MBEDTLS_DHM_C)
46 #if defined(MBEDTLS_ECDH_C)
50 #if defined(MBEDTLS_ZLIB_SUPPORT)
54 #if defined(MBEDTLS_HAVE_TIME)
58 /* For convenience below and in programs */
59 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
60 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
61 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
62 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
63 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
66 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
67 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
68 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
69 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
72 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
73 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
74 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
75 #define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
81 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
82 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
83 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
84 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
85 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
86 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
87 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
88 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
89 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
90 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */
91 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
92 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
93 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
94 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
95 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
96 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
97 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
98 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
99 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
100 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
101 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
102 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
103 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
104 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
105 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
106 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
107 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
108 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
109 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
110 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */
111 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
112 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
113 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
114 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
115 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
116 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
117 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
118 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
119 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
120 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
121 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
122 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
123 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
124 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
125 #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */
126 #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
127 #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
128 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
133 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
134 #define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
135 #define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
136 #define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
137 #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
139 #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
140 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
142 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
144 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
145 * NONE must be zero so that memset()ing structure to zero works */
146 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
147 #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
148 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
149 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
150 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
151 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
153 #define MBEDTLS_SSL_IS_CLIENT 0
154 #define MBEDTLS_SSL_IS_SERVER 1
156 #define MBEDTLS_SSL_IS_NOT_FALLBACK 0
157 #define MBEDTLS_SSL_IS_FALLBACK 1
159 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
160 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
162 #define MBEDTLS_SSL_ETM_DISABLED 0
163 #define MBEDTLS_SSL_ETM_ENABLED 1
165 #define MBEDTLS_SSL_COMPRESS_NULL 0
166 #define MBEDTLS_SSL_COMPRESS_DEFLATE 1
168 #define MBEDTLS_SSL_VERIFY_NONE 0
169 #define MBEDTLS_SSL_VERIFY_OPTIONAL 1
170 #define MBEDTLS_SSL_VERIFY_REQUIRED 2
171 #define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
173 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
174 #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
176 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
177 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
179 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
180 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
182 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
183 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
185 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
186 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
187 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
189 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
190 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
191 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
193 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
194 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
196 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
197 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
199 #define MBEDTLS_SSL_ARC4_ENABLED 0
200 #define MBEDTLS_SSL_ARC4_DISABLED 1
202 #define MBEDTLS_SSL_PRESET_DEFAULT 0
203 #define MBEDTLS_SSL_PRESET_SUITEB 2
206 * Default range for DTLS retransmission timer value, in milliseconds.
207 * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
209 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
210 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
213 * \name SECTION: Module settings
215 * The configuration options you can set for this module are in this section.
216 * Either change them in config.h or define them on the compiler command line.
220 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
221 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
225 * Maxium fragment length in bytes,
226 * determines the size of each of the two internal I/O buffers.
228 * Note: the RFC defines the default size of SSL / TLS messages. If you
229 * change the value here, other clients / servers may not be able to
230 * communicate with you anymore. Only change this value if you control
231 * both sides of the connection and have it reduced at both sides, or
232 * if you're using the Max Fragment Length extension and you know all your
233 * peers are using it too!
235 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
236 #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
239 /* \} name SECTION: Module settings */
242 * Length of the verify data for secure renegotiation
244 #if defined(MBEDTLS_SSL_PROTO_SSL3)
245 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
247 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
251 * Signaling ciphersuite values (SCSV)
253 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
254 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
257 * Supported Signature and Hash algorithms (For TLS 1.2)
258 * RFC 5246 section 7.4.1.4.1
260 #define MBEDTLS_SSL_HASH_NONE 0
261 #define MBEDTLS_SSL_HASH_MD5 1
262 #define MBEDTLS_SSL_HASH_SHA1 2
263 #define MBEDTLS_SSL_HASH_SHA224 3
264 #define MBEDTLS_SSL_HASH_SHA256 4
265 #define MBEDTLS_SSL_HASH_SHA384 5
266 #define MBEDTLS_SSL_HASH_SHA512 6
268 #define MBEDTLS_SSL_SIG_ANON 0
269 #define MBEDTLS_SSL_SIG_RSA 1
270 #define MBEDTLS_SSL_SIG_ECDSA 3
273 * Client Certificate Types
274 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
276 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
277 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
280 * Message, alert and handshake types
282 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
283 #define MBEDTLS_SSL_MSG_ALERT 21
284 #define MBEDTLS_SSL_MSG_HANDSHAKE 22
285 #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
287 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
288 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
290 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
291 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
292 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
293 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
294 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
295 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
296 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
297 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
298 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
299 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
300 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
301 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
302 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
303 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
304 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
305 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
306 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
307 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
308 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
309 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
310 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
311 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
312 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
313 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
314 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
315 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
316 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
317 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
318 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
320 #define MBEDTLS_SSL_HS_HELLO_REQUEST 0
321 #define MBEDTLS_SSL_HS_CLIENT_HELLO 1
322 #define MBEDTLS_SSL_HS_SERVER_HELLO 2
323 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
324 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
325 #define MBEDTLS_SSL_HS_CERTIFICATE 11
326 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
327 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
328 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
329 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
330 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
331 #define MBEDTLS_SSL_HS_FINISHED 20
336 #define MBEDTLS_TLS_EXT_SERVERNAME 0
337 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
339 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
341 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
343 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
344 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
346 #define MBEDTLS_TLS_EXT_SIG_ALG 13
348 #define MBEDTLS_TLS_EXT_ALPN 16
350 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
351 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
353 #define MBEDTLS_TLS_EXT_SESSION_TICKET 35
355 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
360 #if !defined(MBEDTLS_PSK_MAX_LEN)
361 #define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
364 /* Dummy type used only for its size */
365 union mbedtls_ssl_premaster_secret
367 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
368 unsigned char _pms_rsa
[48]; /* RFC 5246 8.1.1 */
370 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
371 unsigned char _pms_dhm
[MBEDTLS_MPI_MAX_SIZE
]; /* RFC 5246 8.1.2 */
373 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
374 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
375 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
376 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
377 unsigned char _pms_ecdh
[MBEDTLS_ECP_MAX_BYTES
]; /* RFC 4492 5.10 */
379 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
380 unsigned char _pms_psk
[4 + 2 * MBEDTLS_PSK_MAX_LEN
]; /* RFC 4279 2 */
382 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
383 unsigned char _pms_dhe_psk
[4 + MBEDTLS_MPI_MAX_SIZE
384 + MBEDTLS_PSK_MAX_LEN
]; /* RFC 4279 3 */
386 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
387 unsigned char _pms_rsa_psk
[52 + MBEDTLS_PSK_MAX_LEN
]; /* RFC 4279 4 */
389 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
390 unsigned char _pms_ecdhe_psk
[4 + MBEDTLS_ECP_MAX_BYTES
391 + MBEDTLS_PSK_MAX_LEN
]; /* RFC 5489 2 */
395 #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
406 MBEDTLS_SSL_HELLO_REQUEST
,
407 MBEDTLS_SSL_CLIENT_HELLO
,
408 MBEDTLS_SSL_SERVER_HELLO
,
409 MBEDTLS_SSL_SERVER_CERTIFICATE
,
410 MBEDTLS_SSL_SERVER_KEY_EXCHANGE
,
411 MBEDTLS_SSL_CERTIFICATE_REQUEST
,
412 MBEDTLS_SSL_SERVER_HELLO_DONE
,
413 MBEDTLS_SSL_CLIENT_CERTIFICATE
,
414 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
,
415 MBEDTLS_SSL_CERTIFICATE_VERIFY
,
416 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
,
417 MBEDTLS_SSL_CLIENT_FINISHED
,
418 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
,
419 MBEDTLS_SSL_SERVER_FINISHED
,
420 MBEDTLS_SSL_FLUSH_BUFFERS
,
421 MBEDTLS_SSL_HANDSHAKE_WRAPUP
,
422 MBEDTLS_SSL_HANDSHAKE_OVER
,
423 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
,
424 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
,
429 typedef struct mbedtls_ssl_session mbedtls_ssl_session
;
430 typedef struct mbedtls_ssl_context mbedtls_ssl_context
;
431 typedef struct mbedtls_ssl_config mbedtls_ssl_config
;
433 /* Defined in ssl_internal.h */
434 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform
;
435 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params
;
436 #if defined(MBEDTLS_X509_CRT_PARSE_C)
437 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert
;
439 #if defined(MBEDTLS_SSL_PROTO_DTLS)
440 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item
;
444 * This structure is used for storing current session data.
446 struct mbedtls_ssl_session
448 #if defined(MBEDTLS_HAVE_TIME)
449 time_t start
; /*!< starting time */
451 int ciphersuite
; /*!< chosen ciphersuite */
452 int compression
; /*!< chosen compression */
453 size_t id_len
; /*!< session id length */
454 unsigned char id
[32]; /*!< session identifier */
455 unsigned char master
[48]; /*!< the master secret */
457 #if defined(MBEDTLS_X509_CRT_PARSE_C)
458 mbedtls_x509_crt
*peer_cert
; /*!< peer X.509 cert chain */
459 #endif /* MBEDTLS_X509_CRT_PARSE_C */
460 uint32_t verify_result
; /*!< verification result */
462 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
463 unsigned char *ticket
; /*!< RFC 5077 session ticket */
464 size_t ticket_len
; /*!< session ticket length */
465 uint32_t ticket_lifetime
; /*!< ticket lifetime hint */
466 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
468 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
469 unsigned char mfl_code
; /*!< MaxFragmentLength negotiated by peer */
470 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
472 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
473 int trunc_hmac
; /*!< flag for truncated hmac activation */
474 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
476 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
477 int encrypt_then_mac
; /*!< flag for EtM activation */
482 * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
484 struct mbedtls_ssl_config
486 /* Group items by size (largest first) to minimize padding overhead */
492 const int *ciphersuite_list
[4]; /*!< allowed ciphersuites per version */
494 /** Callback for printing debug output */
495 void (*f_dbg
)(void *, int, const char *, int, const char *);
496 void *p_dbg
; /*!< context for the debug function */
498 /** Callback for getting (pseudo-)random numbers */
499 int (*f_rng
)(void *, unsigned char *, size_t);
500 void *p_rng
; /*!< context for the RNG function */
502 /** Callback to retrieve a session from the cache */
503 int (*f_get_cache
)(void *, mbedtls_ssl_session
*);
504 /** Callback to store a session into the cache */
505 int (*f_set_cache
)(void *, const mbedtls_ssl_session
*);
506 void *p_cache
; /*!< context for cache callbacks */
508 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
509 /** Callback for setting cert according to SNI extension */
510 int (*f_sni
)(void *, mbedtls_ssl_context
*, const unsigned char *, size_t);
511 void *p_sni
; /*!< context for SNI callback */
514 #if defined(MBEDTLS_X509_CRT_PARSE_C)
515 /** Callback to customize X.509 certificate chain verification */
516 int (*f_vrfy
)(void *, mbedtls_x509_crt
*, int, uint32_t *);
517 void *p_vrfy
; /*!< context for X.509 verify calllback */
520 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
521 /** Callback to retrieve PSK key from identity */
522 int (*f_psk
)(void *, mbedtls_ssl_context
*, const unsigned char *, size_t);
523 void *p_psk
; /*!< context for PSK callback */
526 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
527 /** Callback to create & write a cookie for ClientHello veirifcation */
528 int (*f_cookie_write
)( void *, unsigned char **, unsigned char *,
529 const unsigned char *, size_t );
530 /** Callback to verify validity of a ClientHello cookie */
531 int (*f_cookie_check
)( void *, const unsigned char *, size_t,
532 const unsigned char *, size_t );
533 void *p_cookie
; /*!< context for the cookie callbacks */
536 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
537 /** Callback to create & write a session ticket */
538 int (*f_ticket_write
)( void *, const mbedtls_ssl_session
*,
539 unsigned char *, const unsigned char *, size_t *, uint32_t * );
540 /** Callback to parse a session ticket into a session structure */
541 int (*f_ticket_parse
)( void *, mbedtls_ssl_session
*, unsigned char *, size_t);
542 void *p_ticket
; /*!< context for the ticket callbacks */
543 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
545 #if defined(MBEDTLS_X509_CRT_PARSE_C)
546 const mbedtls_x509_crt_profile
*cert_profile
; /*!< verification profile */
547 mbedtls_ssl_key_cert
*key_cert
; /*!< own certificate/key pair(s) */
548 mbedtls_x509_crt
*ca_chain
; /*!< trusted CAs */
549 mbedtls_x509_crl
*ca_crl
; /*!< trusted CAs CRLs */
550 #endif /* MBEDTLS_X509_CRT_PARSE_C */
552 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
553 const int *sig_hashes
; /*!< allowed signature hashes */
556 #if defined(MBEDTLS_ECP_C)
557 const mbedtls_ecp_group_id
*curve_list
; /*!< allowed curves */
560 #if defined(MBEDTLS_DHM_C)
561 mbedtls_mpi dhm_P
; /*!< prime modulus for DHM */
562 mbedtls_mpi dhm_G
; /*!< generator for DHM */
565 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
566 unsigned char *psk
; /*!< pre-shared key */
567 size_t psk_len
; /*!< length of the pre-shared key */
568 unsigned char *psk_identity
; /*!< identity for PSK negotiation */
569 size_t psk_identity_len
;/*!< length of identity */
572 #if defined(MBEDTLS_SSL_ALPN)
573 const char **alpn_list
; /*!< ordered list of protocols */
577 * Numerical settings (int then char)
580 uint32_t read_timeout
; /*!< timeout for mbedtls_ssl_read (ms) */
582 #if defined(MBEDTLS_SSL_PROTO_DTLS)
583 uint32_t hs_timeout_min
; /*!< initial value of the handshake
584 retransmission timeout (ms) */
585 uint32_t hs_timeout_max
; /*!< maximum value of the handshake
586 retransmission timeout (ms) */
589 #if defined(MBEDTLS_SSL_RENEGOTIATION)
590 int renego_max_records
; /*!< grace period for renegotiation */
591 unsigned char renego_period
[8]; /*!< value of the record counters
592 that triggers renegotiation */
595 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
596 unsigned int badmac_limit
; /*!< limit of records with a bad MAC */
599 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
600 unsigned int dhm_min_bitlen
; /*!< min. bit length of the DHM prime */
603 unsigned char max_major_ver
; /*!< max. major version used */
604 unsigned char max_minor_ver
; /*!< max. minor version used */
605 unsigned char min_major_ver
; /*!< min. major version used */
606 unsigned char min_minor_ver
; /*!< min. minor version used */
612 unsigned int endpoint
: 1; /*!< 0: client, 1: server */
613 unsigned int transport
: 1; /*!< stream (TLS) or datagram (DTLS) */
614 unsigned int authmode
: 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
615 /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
616 unsigned int allow_legacy_renegotiation
: 2 ; /*!< MBEDTLS_LEGACY_XXX */
617 #if defined(MBEDTLS_ARC4_C)
618 unsigned int arc4_disabled
: 1; /*!< blacklist RC4 ciphersuites? */
620 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
621 unsigned int mfl_code
: 3; /*!< desired fragment length */
623 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
624 unsigned int encrypt_then_mac
: 1 ; /*!< negotiate encrypt-then-mac? */
626 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
627 unsigned int extended_ms
: 1; /*!< negotiate extended master secret? */
629 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
630 unsigned int anti_replay
: 1; /*!< detect and prevent replay? */
632 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
633 unsigned int cbc_record_splitting
: 1; /*!< do cbc record splitting */
635 #if defined(MBEDTLS_SSL_RENEGOTIATION)
636 unsigned int disable_renegotiation
: 1; /*!< disable renegotiation? */
638 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
639 unsigned int trunc_hmac
: 1; /*!< negotiate truncated hmac? */
641 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
642 unsigned int session_tickets
: 1; /*!< use session tickets? */
644 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
645 unsigned int fallback
: 1; /*!< is this a fallback? */
650 struct mbedtls_ssl_context
652 const mbedtls_ssl_config
*conf
; /*!< configuration information */
657 int state
; /*!< SSL handshake: current state */
658 #if defined(MBEDTLS_SSL_RENEGOTIATION)
659 int renego_status
; /*!< Initial, in progress, pending? */
660 int renego_records_seen
; /*!< Records since renego request, or with DTLS,
661 number of retransmissions of request if
662 renego_max_records is < 0 */
665 int major_ver
; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
666 int minor_ver
; /*!< either 0 (SSL3) or 1 (TLS1.0) */
668 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
669 unsigned badmac_seen
; /*!< records with a bad MAC received */
675 int (*f_send
)(void *, const unsigned char *, size_t);
676 int (*f_recv
)(void *, unsigned char *, size_t);
677 int (*f_recv_timeout
)(void *, unsigned char *, size_t, uint32_t);
678 void *p_bio
; /*!< context for I/O operations */
683 mbedtls_ssl_session
*session_in
; /*!< current session data (in) */
684 mbedtls_ssl_session
*session_out
; /*!< current session data (out) */
685 mbedtls_ssl_session
*session
; /*!< negotiated session data */
686 mbedtls_ssl_session
*session_negotiate
; /*!< session data in negotiation */
688 mbedtls_ssl_handshake_params
*handshake
; /*!< params required only during
689 the handshake process */
692 * Record layer transformations
694 mbedtls_ssl_transform
*transform_in
; /*!< current transform params (in) */
695 mbedtls_ssl_transform
*transform_out
; /*!< current transform params (in) */
696 mbedtls_ssl_transform
*transform
; /*!< negotiated transform params */
697 mbedtls_ssl_transform
*transform_negotiate
; /*!< transform params in negotiation */
702 void *p_timer
; /*!< context for the timer callbacks */
703 void (*f_set_timer
)(void *, uint32_t, uint32_t); /*!< set timer callback */
704 int (*f_get_timer
)(void *); /*!< get timer callback */
707 * Record layer (incoming data)
709 unsigned char *in_buf
; /*!< input buffer */
710 unsigned char *in_ctr
; /*!< 64-bit incoming message counter
711 TLS: maintained by us
712 DTLS: read from peer */
713 unsigned char *in_hdr
; /*!< start of record header */
714 unsigned char *in_len
; /*!< two-bytes message length field */
715 unsigned char *in_iv
; /*!< ivlen-byte IV */
716 unsigned char *in_msg
; /*!< message contents (in_iv+ivlen) */
717 unsigned char *in_offt
; /*!< read offset in application data */
719 int in_msgtype
; /*!< record header: message type */
720 size_t in_msglen
; /*!< record header: message length */
721 size_t in_left
; /*!< amount of data read so far */
722 #if defined(MBEDTLS_SSL_PROTO_DTLS)
723 uint16_t in_epoch
; /*!< DTLS epoch for incoming records */
724 size_t next_record_offset
; /*!< offset of the next record in datagram
725 (equal to in_left if none) */
727 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
728 uint64_t in_window_top
; /*!< last validated record seq_num */
729 uint64_t in_window
; /*!< bitmask for replay detection */
732 size_t in_hslen
; /*!< current handshake message length,
733 including the handshake header */
734 int nb_zero
; /*!< # of 0-length encrypted messages */
735 int record_read
; /*!< record is already present */
738 * Record layer (outgoing data)
740 unsigned char *out_buf
; /*!< output buffer */
741 unsigned char *out_ctr
; /*!< 64-bit outgoing message counter */
742 unsigned char *out_hdr
; /*!< start of record header */
743 unsigned char *out_len
; /*!< two-bytes message length field */
744 unsigned char *out_iv
; /*!< ivlen-byte IV */
745 unsigned char *out_msg
; /*!< message contents (out_iv+ivlen) */
747 int out_msgtype
; /*!< record header: message type */
748 size_t out_msglen
; /*!< record header: message length */
749 size_t out_left
; /*!< amount of data not yet written */
751 #if defined(MBEDTLS_ZLIB_SUPPORT)
752 unsigned char *compress_buf
; /*!< zlib data buffer */
754 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
755 signed char split_done
; /*!< current record already splitted? */
761 int client_auth
; /*!< flag for client auth. */
766 #if defined(MBEDTLS_X509_CRT_PARSE_C)
767 char *hostname
; /*!< expected peer CN for verification
768 (and SNI if available) */
771 #if defined(MBEDTLS_SSL_ALPN)
772 const char *alpn_chosen
; /*!< negotiated protocol */
776 * Information for DTLS hello verify
778 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
779 unsigned char *cli_id
; /*!< transport-level ID of the client */
780 size_t cli_id_len
; /*!< length of cli_id */
784 * Secure renegotiation
786 /* needed to know when to send extension on server */
787 int secure_renegotiation
; /*!< does peer support legacy or
788 secure renegotiation */
789 #if defined(MBEDTLS_SSL_RENEGOTIATION)
790 size_t verify_data_len
; /*!< length of verify data stored */
791 char own_verify_data
[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
]; /*!< previous handshake verify data */
792 char peer_verify_data
[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
]; /*!< previous handshake verify data */
796 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
798 #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
799 #define MBEDTLS_SSL_CHANNEL_INBOUND 1
801 extern int (*mbedtls_ssl_hw_record_init
)(mbedtls_ssl_context
*ssl
,
802 const unsigned char *key_enc
, const unsigned char *key_dec
,
804 const unsigned char *iv_enc
, const unsigned char *iv_dec
,
806 const unsigned char *mac_enc
, const unsigned char *mac_dec
,
808 extern int (*mbedtls_ssl_hw_record_activate
)(mbedtls_ssl_context
*ssl
, int direction
);
809 extern int (*mbedtls_ssl_hw_record_reset
)(mbedtls_ssl_context
*ssl
);
810 extern int (*mbedtls_ssl_hw_record_write
)(mbedtls_ssl_context
*ssl
);
811 extern int (*mbedtls_ssl_hw_record_read
)(mbedtls_ssl_context
*ssl
);
812 extern int (*mbedtls_ssl_hw_record_finish
)(mbedtls_ssl_context
*ssl
);
813 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
816 * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
818 * \return a statically allocated array of ciphersuites, the last
821 const int *mbedtls_ssl_list_ciphersuites( void );
824 * \brief Return the name of the ciphersuite associated with the
827 * \param ciphersuite_id SSL ciphersuite ID
829 * \return a string containing the ciphersuite name
831 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id
);
834 * \brief Return the ID of the ciphersuite associated with the
837 * \param ciphersuite_name SSL ciphersuite name
839 * \return the ID with the ciphersuite or 0 if not found
841 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name
);
844 * \brief Initialize an SSL context
845 * Just makes the context ready for mbedtls_ssl_setup() or
848 * \param ssl SSL context
850 void mbedtls_ssl_init( mbedtls_ssl_context
*ssl
);
853 * \brief Set up an SSL context for use
855 * \note No copy of the configuration context is made, it can be
856 * shared by many mbedtls_ssl_context structures.
858 * \warning Modifying the conf structure after is has been used in this
859 * function is unsupported!
861 * \param ssl SSL context
862 * \param conf SSL configuration to use
864 * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
865 * memory allocation failed
867 int mbedtls_ssl_setup( mbedtls_ssl_context
*ssl
,
868 const mbedtls_ssl_config
*conf
);
871 * \brief Reset an already initialized SSL context for re-use
872 * while retaining application-set variables, function
875 * \param ssl SSL context
876 * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
877 MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
878 * MBEDTLS_ERR_SSL_COMPRESSION_FAILED
880 int mbedtls_ssl_session_reset( mbedtls_ssl_context
*ssl
);
883 * \brief Set the current endpoint type
885 * \param conf SSL configuration
886 * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
888 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config
*conf
, int endpoint
);
891 * \brief Set the transport type (TLS or DTLS).
894 * \note For DTLS, you must either provide a recv callback that
895 * doesn't block, or one that handles timeouts, see
896 * \c mbedtls_ssl_set_bio(). You also need to provide timer
897 * callbacks with \c mbedtls_ssl_set_timer_cb().
899 * \param conf SSL configuration
900 * \param transport transport type:
901 * MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
902 * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
904 void mbedtls_ssl_conf_transport( mbedtls_ssl_config
*conf
, int transport
);
907 * \brief Set the certificate verification mode
908 * Default: NONE on server, REQUIRED on client
910 * \param conf SSL configuration
911 * \param authmode can be:
913 * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked
914 * (default on server)
915 * (insecure on client)
917 * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
918 * handshake continues even if verification failed;
919 * mbedtls_ssl_get_verify_result() can be called after the
920 * handshake is complete.
922 * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
923 * handshake is aborted if verification failed.
925 * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
926 * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
927 * the right time(s), which may not be obvious, while REQUIRED always perform
928 * the verification as soon as possible. For example, REQUIRED was protecting
929 * against the "triple handshake" attack even before it was found.
931 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config
*conf
, int authmode
);
933 #if defined(MBEDTLS_X509_CRT_PARSE_C)
935 * \brief Set the verification callback (Optional).
937 * If set, the verify callback is called for each
938 * certificate in the chain. For implementation
939 * information, please see \c x509parse_verify()
941 * \param conf SSL configuration
942 * \param f_vrfy verification function
943 * \param p_vrfy verification parameter
945 void mbedtls_ssl_conf_verify( mbedtls_ssl_config
*conf
,
946 int (*f_vrfy
)(void *, mbedtls_x509_crt
*, int, uint32_t *),
948 #endif /* MBEDTLS_X509_CRT_PARSE_C */
951 * \brief Set the random number generator callback
953 * \param conf SSL configuration
954 * \param f_rng RNG function
955 * \param p_rng RNG parameter
957 void mbedtls_ssl_conf_rng( mbedtls_ssl_config
*conf
,
958 int (*f_rng
)(void *, unsigned char *, size_t),
962 * \brief Set the debug callback
964 * The callback has the following argument:
965 * void * opaque context for the callback
967 * const char * file name
969 * const char * message
971 * \param conf SSL configuration
972 * \param f_dbg debug function
973 * \param p_dbg debug parameter
975 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config
*conf
,
976 void (*f_dbg
)(void *, int, const char *, int, const char *),
980 * \brief Set the underlying BIO callbacks for write, read and
983 * \param ssl SSL context
984 * \param p_bio parameter (context) shared by BIO callbacks
985 * \param f_send write callback
986 * \param f_recv read callback
987 * \param f_recv_timeout blocking read callback with timeout.
988 * The last argument is the timeout in milliseconds,
989 * 0 means no timeout (block forever until a message comes)
991 * \note One of f_recv or f_recv_timeout can be NULL, in which case
992 * the other is used. If both are non-NULL, f_recv_timeout is
993 * used and f_recv is ignored (as if it were NULL).
995 * \note The two most common use cases are:
996 * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
997 * - blocking I/O, f_recv == NULL, f_recv_timout != NULL
999 * \note For DTLS, you need to provide either a non-NULL
1000 * f_recv_timeout callback, or a f_recv that doesn't block.
1002 void mbedtls_ssl_set_bio( mbedtls_ssl_context
*ssl
,
1004 int (*f_send
)(void *, const unsigned char *, size_t),
1005 int (*f_recv
)(void *, unsigned char *, size_t),
1006 int (*f_recv_timeout
)(void *, unsigned char *, size_t, uint32_t) );
1009 * \brief Set the timeout period for mbedtls_ssl_read()
1010 * (Default: no timeout.)
1012 * \param conf SSL configuration context
1013 * \param timeout Timeout value in milliseconds.
1014 * Use 0 for no timeout (default).
1016 * \note With blocking I/O, this will only work if a non-NULL
1017 * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
1018 * With non-blocking I/O, this will only work if timer
1019 * callbacks were set with \c mbedtls_ssl_set_timer_cb().
1021 * \note With non-blocking I/O, you may also skip this function
1022 * altogether and handle timeouts at the application layer.
1024 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config
*conf
, uint32_t timeout
);
1027 * \brief Set the timer callbacks
1028 * (Mandatory for DTLS.)
1030 * \param ssl SSL context
1031 * \param p_timer parameter (context) shared by timer callback
1032 * \param f_set_timer set timer callback
1033 * Accepts an intermediate and a final delay in milliseconcs
1034 * If the final delay is 0, cancels the running timer.
1035 * \param f_get_timer get timer callback. Must return:
1037 * 0 if none of the delays is expired
1038 * 1 if the intermediate delay only is expired
1039 * 2 if the final delay is expired
1041 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context
*ssl
,
1043 void (*f_set_timer
)(void *, uint32_t int_ms
, uint32_t fin_ms
),
1044 int (*f_get_timer
)(void *) );
1047 * \brief Callback type: generate and write session ticket
1049 * \note This describes what a callback implementation should do.
1050 * This callback should generate and encrypted and
1051 * authenticated ticket for the session and write it to the
1052 * output buffer. Here, ticket means the opaque ticket part
1053 * of the NewSessionTicket structure of RFC 5077.
1055 * \param p_ticket Context for the callback
1056 * \param session SSL session to bo written in the ticket
1057 * \param start Start of the outpur buffer
1058 * \param end End of the output buffer
1059 * \param tlen On exit, holds the length written
1060 * \param lifetime On exit, holds the lifetime of the ticket in seconds
1062 * \return 0 if successful, or
1063 * a specific MBEDTLS_ERR_XXX code.
1065 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket
,
1066 const mbedtls_ssl_session
*session
,
1067 unsigned char *start
,
1068 const unsigned char *end
,
1070 uint32_t *lifetime
);
1073 * \brief Callback type: parse and load session ticket
1075 * \note This describes what a callback implementation should do.
1076 * This callback should parse a session ticket as generated
1077 * by the corresponding mbedtls_ssl_ticket_write_t function,
1078 * and, if the ticket is authentic and valid, load the
1081 * \note The implementation is allowed to modify the first len
1082 * bytes of the input buffer, eg to use it as a temporary
1083 * area for the decrypted ticket contents.
1085 * \param p_ticket Context for the callback
1086 * \param session SSL session to be loaded
1087 * \param buf Start of the buffer containing the ticket
1088 * \param len Length of the ticket.
1090 * \return 0 if successful, or
1091 * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
1092 * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
1093 * any other non-zero code for other failures.
1095 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket
,
1096 mbedtls_ssl_session
*session
,
1100 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
1102 * \brief Configure SSL session ticket callbacks (server only).
1105 * \note On server, session tickets are enabled by providing
1106 * non-NULL callbacks.
1108 * \note On client, use \c mbedtls_ssl_conf_session_tickets().
1110 * \param conf SSL configuration context
1111 * \param f_ticket_write Callback for writing a ticket
1112 * \param f_ticket_parse Callback for parsing a ticket
1113 * \param p_ticket Context shared by the two callbacks
1115 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config
*conf
,
1116 mbedtls_ssl_ticket_write_t
*f_ticket_write
,
1117 mbedtls_ssl_ticket_parse_t
*f_ticket_parse
,
1119 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
1122 * \brief Callback type: generate a cookie
1124 * \param ctx Context for the callback
1125 * \param p Buffer to write to,
1126 * must be updated to point right after the cookie
1127 * \param end Pointer to one past the end of the output buffer
1128 * \param info Client ID info that was passed to
1129 * \c mbedtls_ssl_set_client_transport_id()
1130 * \param ilen Length of info in bytes
1132 * \return The callback must return 0 on success,
1133 * or a negative error code.
1135 typedef int mbedtls_ssl_cookie_write_t( void *ctx
,
1136 unsigned char **p
, unsigned char *end
,
1137 const unsigned char *info
, size_t ilen
);
1140 * \brief Callback type: verify a cookie
1142 * \param ctx Context for the callback
1143 * \param cookie Cookie to verify
1144 * \param clen Length of cookie
1145 * \param info Client ID info that was passed to
1146 * \c mbedtls_ssl_set_client_transport_id()
1147 * \param ilen Length of info in bytes
1149 * \return The callback must return 0 if cookie is valid,
1150 * or a negative error code.
1152 typedef int mbedtls_ssl_cookie_check_t( void *ctx
,
1153 const unsigned char *cookie
, size_t clen
,
1154 const unsigned char *info
, size_t ilen
);
1156 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
1158 * \brief Register callbacks for DTLS cookies
1159 * (Server only. DTLS only.)
1161 * Default: dummy callbacks that fail, in order to force you to
1162 * register working callbacks (and initialize their context).
1164 * To disable HelloVerifyRequest, register NULL callbacks.
1166 * \warning Disabling hello verification allows your server to be used
1167 * for amplification in DoS attacks against other hosts.
1168 * Only disable if you known this can't happen in your
1169 * particular environment.
1171 * \note See comments on \c mbedtls_ssl_handshake() about handling
1172 * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
1173 * on the first handshake attempt when this is enabled.
1175 * \note This is also necessary to handle client reconnection from
1176 * the same port as described in RFC 6347 section 4.2.8 (only
1177 * the variant with cookies is supported currently). See
1178 * comments on \c mbedtls_ssl_read() for details.
1180 * \param conf SSL configuration
1181 * \param f_cookie_write Cookie write callback
1182 * \param f_cookie_check Cookie check callback
1183 * \param p_cookie Context for both callbacks
1185 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config
*conf
,
1186 mbedtls_ssl_cookie_write_t
*f_cookie_write
,
1187 mbedtls_ssl_cookie_check_t
*f_cookie_check
,
1191 * \brief Set client's transport-level identification info.
1192 * (Server only. DTLS only.)
1194 * This is usually the IP address (and port), but could be
1195 * anything identify the client depending on the underlying
1196 * network stack. Used for HelloVerifyRequest with DTLS.
1197 * This is *not* used to route the actual packets.
1199 * \param ssl SSL context
1200 * \param info Transport-level info identifying the client (eg IP + port)
1201 * \param ilen Length of info in bytes
1203 * \note An internal copy is made, so the info buffer can be reused.
1205 * \return 0 on success,
1206 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
1207 * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
1209 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context
*ssl
,
1210 const unsigned char *info
,
1213 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
1215 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
1217 * \brief Enable or disable anti-replay protection for DTLS.
1218 * (DTLS only, no effect on TLS.)
1221 * \param conf SSL configuration
1222 * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
1224 * \warning Disabling this is a security risk unless the application
1225 * protocol handles duplicated packets in a safe way. You
1226 * should not disable this without careful consideration.
1227 * However, if your application already detects duplicated
1228 * packets and needs information about them to adjust its
1229 * transmission strategy, then you'll want to disable this.
1231 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config
*conf
, char mode
);
1232 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
1234 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
1236 * \brief Set a limit on the number of records with a bad MAC
1237 * before terminating the connection.
1238 * (DTLS only, no effect on TLS.)
1239 * Default: 0 (disabled).
1241 * \param conf SSL configuration
1242 * \param limit Limit, or 0 to disable.
1244 * \note If the limit is N, then the connection is terminated when
1245 * the Nth non-authentic record is seen.
1247 * \note Records with an invalid header are not counted, only the
1248 * ones going through the authentication-decryption phase.
1250 * \note This is a security trade-off related to the fact that it's
1251 * often relatively easy for an active attacker ot inject UDP
1252 * datagrams. On one hand, setting a low limit here makes it
1253 * easier for such an attacker to forcibly terminated a
1254 * connection. On the other hand, a high limit or no limit
1255 * might make us waste resources checking authentication on
1256 * many bogus packets.
1258 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config
*conf
, unsigned limit
);
1259 #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
1261 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1263 * \brief Set retransmit timeout values for the DTLS handshale.
1264 * (DTLS only, no effect on TLS.)
1266 * \param conf SSL configuration
1267 * \param min Initial timeout value in milliseconds.
1268 * Default: 1000 (1 second).
1269 * \param max Maximum timeout value in milliseconds.
1270 * Default: 60000 (60 seconds).
1272 * \note Default values are from RFC 6347 section 4.2.4.1.
1274 * \note Higher values for initial timeout may increase average
1275 * handshake latency. Lower values may increase the risk of
1276 * network congestion by causing more retransmissions.
1278 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config
*conf
, uint32_t min
, uint32_t max
);
1279 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1281 #if defined(MBEDTLS_SSL_SRV_C)
1283 * \brief Set the session cache callbacks (server-side only)
1284 * If not set, no session resuming is done (except if session
1285 * tickets are enabled too).
1287 * The session cache has the responsibility to check for stale
1288 * entries based on timeout. See RFC 5246 for recommendations.
1290 * Warning: session.peer_cert is cleared by the SSL/TLS layer on
1291 * connection shutdown, so do not cache the pointer! Either set
1292 * it to NULL or make a full copy of the certificate.
1294 * The get callback is called once during the initial handshake
1295 * to enable session resuming. The get function has the
1296 * following parameters: (void *parameter, mbedtls_ssl_session *session)
1297 * If a valid entry is found, it should fill the master of
1298 * the session object with the cached values and return 0,
1299 * return 1 otherwise. Optionally peer_cert can be set as well
1300 * if it is properly present in cache entry.
1302 * The set callback is called once during the initial handshake
1303 * to enable session resuming after the entire handshake has
1304 * been finished. The set function has the following parameters:
1305 * (void *parameter, const mbedtls_ssl_session *session). The function
1306 * should create a cache entry for future retrieval based on
1307 * the data in the session structure and should keep in mind
1308 * that the mbedtls_ssl_session object presented (and all its referenced
1309 * data) is cleared by the SSL/TLS layer when the connection is
1310 * terminated. It is recommended to add metadata to determine if
1311 * an entry is still valid in the future. Return 0 if
1312 * successfully cached, return 1 otherwise.
1314 * \param conf SSL configuration
1315 * \param p_cache parmater (context) for both callbacks
1316 * \param f_get_cache session get callback
1317 * \param f_set_cache session set callback
1319 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config
*conf
,
1321 int (*f_get_cache
)(void *, mbedtls_ssl_session
*),
1322 int (*f_set_cache
)(void *, const mbedtls_ssl_session
*) );
1323 #endif /* MBEDTLS_SSL_SRV_C */
1325 #if defined(MBEDTLS_SSL_CLI_C)
1327 * \brief Request resumption of session (client-side only)
1328 * Session data is copied from presented session structure.
1330 * \param ssl SSL context
1331 * \param session session context
1333 * \return 0 if successful,
1334 * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
1335 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
1336 * arguments are otherwise invalid
1338 * \sa mbedtls_ssl_get_session()
1340 int mbedtls_ssl_set_session( mbedtls_ssl_context
*ssl
, const mbedtls_ssl_session
*session
);
1341 #endif /* MBEDTLS_SSL_CLI_C */
1344 * \brief Set the list of allowed ciphersuites and the preference
1345 * order. First in the list has the highest preference.
1346 * (Overrides all version specific lists)
1348 * The ciphersuites array is not copied, and must remain
1349 * valid for the lifetime of the ssl_config.
1351 * Note: The server uses its own preferences
1352 * over the preference of the client unless
1353 * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
1355 * \param conf SSL configuration
1356 * \param ciphersuites 0-terminated list of allowed ciphersuites
1358 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config
*conf
,
1359 const int *ciphersuites
);
1362 * \brief Set the list of allowed ciphersuites and the
1363 * preference order for a specific version of the protocol.
1364 * (Only useful on the server side)
1366 * The ciphersuites array is not copied, and must remain
1367 * valid for the lifetime of the ssl_config.
1369 * \param conf SSL configuration
1370 * \param ciphersuites 0-terminated list of allowed ciphersuites
1371 * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
1373 * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
1374 * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
1375 * MBEDTLS_SSL_MINOR_VERSION_3 supported)
1377 * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
1378 * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
1380 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config
*conf
,
1381 const int *ciphersuites
,
1382 int major
, int minor
);
1384 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1386 * \brief Set the X.509 security profile used for verification
1388 * \param conf SSL configuration
1389 * \param profile Profile to use
1391 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config
*conf
,
1392 const mbedtls_x509_crt_profile
*profile
);
1395 * \brief Set the data required to verify peer certificate
1397 * \param conf SSL configuration
1398 * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
1399 * \param ca_crl trusted CA CRLs
1401 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config
*conf
,
1402 mbedtls_x509_crt
*ca_chain
,
1403 mbedtls_x509_crl
*ca_crl
);
1406 * \brief Set own certificate chain and private key
1408 * \note own_cert should contain in order from the bottom up your
1409 * certificate chain. The top certificate (self-signed)
1412 * \note On server, this function can be called multiple times to
1413 * provision more than one cert/key pair (eg one ECDSA, one
1414 * RSA with SHA-256, one RSA with SHA-1). An adequate
1415 * certificate will be selected according to the client's
1416 * advertised capabilities. In case mutliple certificates are
1417 * adequate, preference is given to the one set by the first
1418 * call to this function, then second, etc.
1420 * \note On client, only the first call has any effect.
1422 * \param conf SSL configuration
1423 * \param own_cert own public certificate chain
1424 * \param pk_key own private key
1426 * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
1428 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config
*conf
,
1429 mbedtls_x509_crt
*own_cert
,
1430 mbedtls_pk_context
*pk_key
);
1431 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1433 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1435 * \brief Set the Pre Shared Key (PSK) and the expected identity name
1437 * \note This is mainly useful for clients. Servers will usually
1438 * want to use \c mbedtls_ssl_conf_psk_cb() instead.
1440 * \param conf SSL configuration
1441 * \param psk pointer to the pre-shared key
1442 * \param psk_len pre-shared key length
1443 * \param psk_identity pointer to the pre-shared key identity
1444 * \param psk_identity_len identity key length
1446 * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
1448 int mbedtls_ssl_conf_psk( mbedtls_ssl_config
*conf
,
1449 const unsigned char *psk
, size_t psk_len
,
1450 const unsigned char *psk_identity
, size_t psk_identity_len
);
1454 * \brief Set the Pre Shared Key (PSK) for the current handshake
1456 * \note This should only be called inside the PSK callback,
1457 * ie the function passed to \c mbedtls_ssl_conf_psk_cb().
1459 * \param ssl SSL context
1460 * \param psk pointer to the pre-shared key
1461 * \param psk_len pre-shared key length
1463 * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
1465 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context
*ssl
,
1466 const unsigned char *psk
, size_t psk_len
);
1469 * \brief Set the PSK callback (server-side only).
1471 * If set, the PSK callback is called for each
1472 * handshake where a PSK ciphersuite was negotiated.
1473 * The caller provides the identity received and wants to
1474 * receive the actual PSK data and length.
1476 * The callback has the following parameters: (void *parameter,
1477 * mbedtls_ssl_context *ssl, const unsigned char *psk_identity,
1478 * size_t identity_len)
1479 * If a valid PSK identity is found, the callback should use
1480 * \c mbedtls_ssl_set_hs_psk() on the ssl context to set the
1481 * correct PSK and return 0.
1482 * Any other return value will result in a denied PSK identity.
1484 * \note If you set a PSK callback using this function, then you
1485 * don't need to set a PSK key and identity using
1486 * \c mbedtls_ssl_conf_psk().
1488 * \param conf SSL configuration
1489 * \param f_psk PSK identity function
1490 * \param p_psk PSK identity parameter
1492 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config
*conf
,
1493 int (*f_psk
)(void *, mbedtls_ssl_context
*, const unsigned char *,
1496 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
1498 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
1500 * \brief Set the Diffie-Hellman public P and G values,
1501 * read as hexadecimal strings (server-side only)
1502 * (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
1504 * \param conf SSL configuration
1505 * \param dhm_P Diffie-Hellman-Merkle modulus
1506 * \param dhm_G Diffie-Hellman-Merkle generator
1508 * \return 0 if successful
1510 int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config
*conf
, const char *dhm_P
, const char *dhm_G
);
1513 * \brief Set the Diffie-Hellman public P and G values,
1514 * read from existing context (server-side only)
1516 * \param conf SSL configuration
1517 * \param dhm_ctx Diffie-Hellman-Merkle context
1519 * \return 0 if successful
1521 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config
*conf
, mbedtls_dhm_context
*dhm_ctx
);
1522 #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
1524 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
1526 * \brief Set the minimum length for Diffie-Hellman parameters.
1527 * (Client-side only.)
1528 * (Default: 1024 bits.)
1530 * \param conf SSL configuration
1531 * \param bitlen Minimum bit length of the DHM prime
1533 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config
*conf
,
1534 unsigned int bitlen
);
1535 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
1537 #if defined(MBEDTLS_ECP_C)
1539 * \brief Set the allowed curves in order of preference.
1540 * (Default: all defined curves.)
1542 * On server: this only affects selection of the ECDHE curve;
1543 * the curves used for ECDH and ECDSA are determined by the
1544 * list of available certificates instead.
1546 * On client: this affects the list of curves offered for any
1547 * use. The server can override our preference order.
1549 * Both sides: limits the set of curves used by peer to the
1550 * listed curves for any use ECDHE and the end-entity
1553 * \note This has no influence on which curve are allowed inside the
1554 * certificate chains, see \c mbedtls_ssl_conf_cert_profile()
1555 * for that. For example, if the peer's certificate chain is
1556 * EE -> CA_int -> CA_root, then the allowed curves for EE are
1557 * controlled by \c mbedtls_ssl_conf_curves() but for CA_int
1558 * and CA_root it's \c mbedtls_ssl_conf_cert_profile().
1560 * \note This list should be ordered by decreasing preference
1561 * (preferred curve first).
1563 * \param conf SSL configuration
1564 * \param curves Ordered list of allowed curves,
1565 * terminated by MBEDTLS_ECP_DP_NONE.
1567 void mbedtls_ssl_conf_curves( mbedtls_ssl_config
*conf
,
1568 const mbedtls_ecp_group_id
*curves
);
1569 #endif /* MBEDTLS_ECP_C */
1571 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
1573 * \brief Set the allowed hashes for signatures during the handshake.
1574 * (Default: all available hashes.)
1576 * \note This only affects which hashes are offered and can be used
1577 * for signatures during the handshake. Hashes for message
1578 * authentication and the TLS PRF are controlled by the
1579 * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
1580 * used for certificate signature are controlled by the
1581 * verification profile, see \c mbedtls_ssl_conf_cert_profile().
1583 * \note This list should be ordered by decreasing preference
1584 * (preferred hash first).
1586 * \param conf SSL configuration
1587 * \param hashes Ordered list of allowed signature hashes,
1588 * terminated by \c MBEDTLS_MD_NONE.
1590 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config
*conf
,
1591 const int *hashes
);
1592 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
1594 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1596 * \brief Set hostname for ServerName TLS extension
1597 * (client-side only)
1600 * \param ssl SSL context
1601 * \param hostname the server hostname
1603 * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
1605 int mbedtls_ssl_set_hostname( mbedtls_ssl_context
*ssl
, const char *hostname
);
1606 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1608 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
1610 * \brief Set own certificate and key for the current handshake
1612 * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within
1615 * \param ssl SSL context
1616 * \param own_cert own public certificate chain
1617 * \param pk_key own private key
1619 * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
1621 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context
*ssl
,
1622 mbedtls_x509_crt
*own_cert
,
1623 mbedtls_pk_context
*pk_key
);
1626 * \brief Set the data required to verify peer certificate for the
1629 * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within
1632 * \param ssl SSL context
1633 * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
1634 * \param ca_crl trusted CA CRLs
1636 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context
*ssl
,
1637 mbedtls_x509_crt
*ca_chain
,
1638 mbedtls_x509_crl
*ca_crl
);
1641 * \brief Set authmode for the current handshake.
1643 * \note Same as \c mbedtls_ssl_conf_authmode() but for use within
1646 * \param ssl SSL context
1647 * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
1648 * MBEDTLS_SSL_VERIFY_REQUIRED
1650 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context
*ssl
,
1654 * \brief Set server side ServerName TLS extension callback
1655 * (optional, server-side only).
1657 * If set, the ServerName callback is called whenever the
1658 * server receives a ServerName TLS extension from the client
1659 * during a handshake. The ServerName callback has the
1660 * following parameters: (void *parameter, mbedtls_ssl_context *ssl,
1661 * const unsigned char *hostname, size_t len). If a suitable
1662 * certificate is found, the callback must set the
1663 * certificate(s) and key(s) to use with \c
1664 * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
1665 * and may optionally adjust the CA and associated CRL with \c
1666 * mbedtls_ssl_set_hs_ca_chain() as well as the client
1667 * authentication mode with \c mbedtls_ssl_set_hs_authmode(),
1668 * then must return 0. If no matching name is found, the
1669 * callback must either set a default cert, or
1670 * return non-zero to abort the handshake at this point.
1672 * \param conf SSL configuration
1673 * \param f_sni verification function
1674 * \param p_sni verification parameter
1676 void mbedtls_ssl_conf_sni( mbedtls_ssl_config
*conf
,
1677 int (*f_sni
)(void *, mbedtls_ssl_context
*, const unsigned char *,
1680 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
1682 #if defined(MBEDTLS_SSL_ALPN)
1684 * \brief Set the supported Application Layer Protocols.
1686 * \param conf SSL configuration
1687 * \param protos NULL-terminated list of supported protocols,
1688 * in decreasing preference order.
1690 * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
1692 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config
*conf
, const char **protos
);
1695 * \brief Get the name of the negotiated Application Layer Protocol.
1696 * This function should be called after the handshake is
1699 * \param ssl SSL context
1701 * \return Protcol name, or NULL if no protocol was negotiated.
1703 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context
*ssl
);
1704 #endif /* MBEDTLS_SSL_ALPN */
1707 * \brief Set the maximum supported version sent from the client side
1708 * and/or accepted at the server side
1709 * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
1711 * \note This ignores ciphersuites from higher versions.
1713 * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
1714 * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
1716 * \param conf SSL configuration
1717 * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
1718 * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
1719 * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
1720 * MBEDTLS_SSL_MINOR_VERSION_3 supported)
1722 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config
*conf
, int major
, int minor
);
1725 * \brief Set the minimum accepted SSL/TLS protocol version
1726 * (Default: TLS 1.0)
1728 * \note Input outside of the SSL_MAX_XXXXX_VERSION and
1729 * SSL_MIN_XXXXX_VERSION range is ignored.
1731 * \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
1733 * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
1734 * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
1736 * \param conf SSL configuration
1737 * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
1738 * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
1739 * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
1740 * MBEDTLS_SSL_MINOR_VERSION_3 supported)
1742 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config
*conf
, int major
, int minor
);
1744 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
1746 * \brief Set the fallback flag (client-side only).
1747 * (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
1749 * \note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
1750 * connection, that is a connection with max_version set to a
1751 * lower value than the value you're willing to use. Such
1752 * fallback connections are not recommended but are sometimes
1753 * necessary to interoperate with buggy (version-intolerant)
1756 * \warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
1757 * non-fallback connections! This would appear to work for a
1758 * while, then cause failures when the server is upgraded to
1759 * support a newer TLS version.
1761 * \param conf SSL configuration
1762 * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
1764 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config
*conf
, char fallback
);
1765 #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
1767 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1769 * \brief Enable or disable Encrypt-then-MAC
1770 * (Default: MBEDTLS_SSL_ETM_ENABLED)
1772 * \note This should always be enabled, it is a security
1773 * improvement, and should not cause any interoperability
1774 * issue (used only if the peer supports it too).
1776 * \param conf SSL configuration
1777 * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
1779 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config
*conf
, char etm
);
1780 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
1782 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1784 * \brief Enable or disable Extended Master Secret negotiation.
1785 * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
1787 * \note This should always be enabled, it is a security fix to the
1788 * protocol, and should not cause any interoperability issue
1789 * (used only if the peer supports it too).
1791 * \param conf SSL configuration
1792 * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
1794 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config
*conf
, char ems
);
1795 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
1797 #if defined(MBEDTLS_ARC4_C)
1799 * \brief Disable or enable support for RC4
1800 * (Default: MBEDTLS_SSL_ARC4_DISABLED)
1802 * \warning Use of RC4 in (D)TLS has been prohibited by RFC ????
1803 * for security reasons. Use at your own risks.
1805 * \note This function will likely be removed in future versions as
1806 * RC4 will then be disabled by default at compile time.
1808 * \param conf SSL configuration
1809 * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
1811 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config
*conf
, char arc4
);
1812 #endif /* MBEDTLS_ARC4_C */
1814 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1816 * \brief Set the maximum fragment length to emit and/or negotiate
1817 * (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
1818 * (Server: set maximum fragment length to emit,
1819 * usually negotiated by the client during handshake
1820 * (Client: set maximum fragment length to emit *and*
1821 * negotiate with the server during handshake)
1823 * \param conf SSL configuration
1824 * \param mfl_code Code for maximum fragment length (allowed values:
1825 * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024,
1826 * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
1828 * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
1830 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config
*conf
, unsigned char mfl_code
);
1831 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1833 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1835 * \brief Activate negotiation of truncated HMAC
1836 * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
1838 * \param conf SSL configuration
1839 * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
1840 * MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
1842 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config
*conf
, int truncate
);
1843 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
1845 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1847 * \brief Enable / Disable 1/n-1 record splitting
1848 * (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
1850 * \note Only affects SSLv3 and TLS 1.0, not higher versions.
1851 * Does not affect non-CBC ciphersuites in any version.
1853 * \param conf SSL configuration
1854 * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
1855 * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
1857 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config
*conf
, char split
);
1858 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
1860 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
1862 * \brief Enable / Disable session tickets (client only).
1863 * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
1865 * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb().
1867 * \param conf SSL configuration
1868 * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
1869 * MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
1871 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config
*conf
, int use_tickets
);
1872 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
1874 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1876 * \brief Enable / Disable renegotiation support for connection when
1878 * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
1880 * \warning It is recommended to always disable renegotation unless you
1881 * know you need it and you know what you're doing. In the
1882 * past, there has been several issues associated with
1883 * renegotiation or a poor understanding of its properties.
1885 * \note Server-side, enabling renegotiation also makes the server
1886 * susceptible to a resource DoS by a malicious client.
1888 * \param conf SSL configuration
1889 * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
1890 * MBEDTLS_SSL_RENEGOTIATION_DISABLED)
1892 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config
*conf
, int renegotiation
);
1893 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1896 * \brief Prevent or allow legacy renegotiation.
1897 * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
1899 * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
1900 * be established even if the peer does not support
1901 * secure renegotiation, but does not allow renegotiation
1902 * to take place if not secure.
1903 * (Interoperable and secure option)
1905 * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
1906 * with non-upgraded peers. Allowing legacy renegotiation
1907 * makes the connection vulnerable to specific man in the
1908 * middle attacks. (See RFC 5746)
1909 * (Most interoperable and least secure option)
1911 * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
1912 * if peer does not support secure renegotiation. Results
1913 * in interoperability issues with non-upgraded peers
1914 * that do not support renegotiation altogether.
1915 * (Most secure option, interoperability issues)
1917 * \param conf SSL configuration
1918 * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
1919 * SSL_ALLOW_LEGACY_RENEGOTIATION or
1920 * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
1922 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config
*conf
, int allow_legacy
);
1924 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1926 * \brief Enforce renegotiation requests.
1927 * (Default: enforced, max_records = 16)
1929 * When we request a renegotiation, the peer can comply or
1930 * ignore the request. This function allows us to decide
1931 * whether to enforce our renegotiation requests by closing
1932 * the connection if the peer doesn't comply.
1934 * However, records could already be in transit from the peer
1935 * when the request is emitted. In order to increase
1936 * reliability, we can accept a number of records before the
1937 * expected handshake records.
1939 * The optimal value is highly dependent on the specific usage
1942 * \note With DTLS and server-initiated renegotiation, the
1943 * HelloRequest is retransmited every time mbedtls_ssl_read() times
1944 * out or receives Application Data, until:
1945 * - max_records records have beens seen, if it is >= 0, or
1946 * - the number of retransmits that would happen during an
1947 * actual handshake has been reached.
1948 * Please remember the request might be lost a few times
1949 * if you consider setting max_records to a really low value.
1951 * \warning On client, the grace period can only happen during
1952 * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
1953 * which always behave as if max_record was 0. The reason is,
1954 * if we receive application data from the server, we need a
1955 * place to write it, which only happens during mbedtls_ssl_read().
1957 * \param conf SSL configuration
1958 * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
1959 * enforce renegotiation, or a non-negative value to enforce
1960 * it but allow for a grace period of max_records records.
1962 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config
*conf
, int max_records
);
1965 * \brief Set record counter threshold for periodic renegotiation.
1966 * (Default: 2^64 - 256.)
1968 * Renegotiation is automatically triggered when a record
1969 * counter (outgoing or ingoing) crosses the defined
1970 * threshold. The default value is meant to prevent the
1971 * connection from being closed when the counter is about to
1972 * reached its maximal value (it is not allowed to wrap).
1974 * Lower values can be used to enforce policies such as "keys
1975 * must be refreshed every N packets with cipher X".
1977 * \param conf SSL configuration
1978 * \param period The threshold value: a big-endian 64-bit number.
1979 * Set to 2^64 - 1 to disable periodic renegotiation
1981 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config
*conf
,
1982 const unsigned char period
[8] );
1983 #endif /* MBEDTLS_SSL_RENEGOTIATION */
1986 * \brief Return the number of data bytes available to read
1988 * \param ssl SSL context
1990 * \return how many bytes are available in the read buffer
1992 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context
*ssl
);
1995 * \brief Return the result of the certificate verification
1997 * \param ssl SSL context
1999 * \return 0 if successful,
2000 * -1 if result is not available (eg because the handshake was
2001 * aborted too early), or
2002 * a combination of BADCERT_xxx and BADCRL_xxx flags, see
2005 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context
*ssl
);
2008 * \brief Return the name of the current ciphersuite
2010 * \param ssl SSL context
2012 * \return a string containing the ciphersuite name
2014 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context
*ssl
);
2017 * \brief Return the current SSL version (SSLv3/TLSv1/etc)
2019 * \param ssl SSL context
2021 * \return a string containing the SSL version
2023 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context
*ssl
);
2026 * \brief Return the (maximum) number of bytes added by the record
2027 * layer: header + encryption/MAC overhead (inc. padding)
2029 * \param ssl SSL context
2031 * \return Current maximum record expansion in bytes, or
2032 * MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
2033 * enabled, which makes expansion much less predictable
2035 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context
*ssl
);
2037 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2039 * \brief Return the maximum fragment length (payload, in bytes).
2040 * This is the value negotiated with peer if any,
2041 * or the locally configured value.
2043 * \note With DTLS, \c mbedtls_ssl_write() will return an error if
2044 * called with a larger length value.
2045 * With TLS, \c mbedtls_ssl_write() will fragment the input if
2046 * necessary and return the number of bytes written; it is up
2047 * to the caller to call \c mbedtls_ssl_write() again in
2048 * order to send the remaining bytes if any.
2050 * \param ssl SSL context
2052 * \return Current maximum fragment length.
2054 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context
*ssl
);
2055 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2057 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2059 * \brief Return the peer certificate from the current connection
2061 * Note: Can be NULL in case no certificate was sent during
2062 * the handshake. Different calls for the same connection can
2063 * return the same or different pointers for the same
2064 * certificate and even a different certificate altogether.
2065 * The peer cert CAN change in a single connection if
2066 * renegotiation is performed.
2068 * \param ssl SSL context
2070 * \return the current peer certificate
2072 const mbedtls_x509_crt
*mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context
*ssl
);
2073 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2075 #if defined(MBEDTLS_SSL_CLI_C)
2077 * \brief Save session in order to resume it later (client-side only)
2078 * Session data is copied to presented session structure.
2080 * \warning Currently, peer certificate is lost in the operation.
2082 * \param ssl SSL context
2083 * \param session session context
2085 * \return 0 if successful,
2086 * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
2087 * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
2088 * arguments are otherwise invalid
2090 * \sa mbedtls_ssl_set_session()
2092 int mbedtls_ssl_get_session( const mbedtls_ssl_context
*ssl
, mbedtls_ssl_session
*session
);
2093 #endif /* MBEDTLS_SSL_CLI_C */
2096 * \brief Perform the SSL handshake
2098 * \param ssl SSL context
2100 * \return 0 if successful, or
2101 * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
2102 * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
2103 * a specific SSL error code.
2105 * \note If this function returns something other than 0 or
2106 * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
2107 * becomes unusable, and you should either free it or call
2108 * \c mbedtls_ssl_session_reset() on it before re-using it.
2110 * \note If DTLS is in use, then you may choose to handle
2111 * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
2112 * purposes, as it is an expected return value rather than an
2113 * actual error, but you still need to reset/free the context.
2115 int mbedtls_ssl_handshake( mbedtls_ssl_context
*ssl
);
2118 * \brief Perform a single step of the SSL handshake
2120 * \note The state of the context (ssl->state) will be at
2121 * the following state after execution of this function.
2122 * Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
2124 * \param ssl SSL context
2126 * \return 0 if successful, or
2127 * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
2128 * a specific SSL error code.
2130 int mbedtls_ssl_handshake_step( mbedtls_ssl_context
*ssl
);
2132 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2134 * \brief Initiate an SSL renegotiation on the running connection.
2135 * Client: perform the renegotiation right now.
2136 * Server: request renegotiation, which will be performed
2137 * during the next call to mbedtls_ssl_read() if honored by client.
2139 * \param ssl SSL context
2141 * \return 0 if successful, or any mbedtls_ssl_handshake() return value.
2143 int mbedtls_ssl_renegotiate( mbedtls_ssl_context
*ssl
);
2144 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2147 * \brief Read at most 'len' application data bytes
2149 * \param ssl SSL context
2150 * \param buf buffer that will hold the data
2151 * \param len maximum number of bytes to read
2153 * \return the number of bytes read, or
2155 * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
2156 * MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
2157 * another negative error code.
2159 * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
2160 * (which can only happen server-side), it means that a client
2161 * is initiating a new connection using the same source port.
2162 * You can either treat that as a connection close and wait
2163 * for the client to resend a ClientHello, or directly
2164 * continue with \c mbedtls_ssl_handshake() with the same
2165 * context (as it has beeen reset internally). Either way, you
2166 * should make sure this is seen by the application as a new
2167 * connection: application state, if any, should be reset, and
2168 * most importantly the identity of the client must be checked
2169 * again. WARNING: not validating the identity of the client
2170 * again, or not transmitting the new identity to the
2171 * application layer, would allow authentication bypass!
2173 int mbedtls_ssl_read( mbedtls_ssl_context
*ssl
, unsigned char *buf
, size_t len
);
2176 * \brief Try to write exactly 'len' application data bytes
2178 * \warning This function will do partial writes in some cases. If the
2179 * return value is non-negative but less than length, the
2180 * function must be called again with updated arguments:
2181 * buf + ret, len - ret (if ret is the return value) until
2182 * it returns a value equal to the last 'len' argument.
2184 * \param ssl SSL context
2185 * \param buf buffer holding the data
2186 * \param len how many bytes must be written
2188 * \return the number of bytes actually written (may be less than len),
2189 * or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
2190 * or another negative error code.
2192 * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
2193 * it must be called later with the *same* arguments,
2194 * until it returns a positive value.
2196 * \note If the requested length is greater than the maximum
2197 * fragment length (either the built-in limit or the one set
2198 * or negotiated with the peer), then:
2199 * - with TLS, less bytes than requested are written.
2200 * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
2201 * \c mbedtls_ssl_get_max_frag_len() may be used to query the
2202 * active maximum fragment length.
2204 int mbedtls_ssl_write( mbedtls_ssl_context
*ssl
, const unsigned char *buf
, size_t len
);
2207 * \brief Send an alert message
2209 * \param ssl SSL context
2210 * \param level The alert level of the message
2211 * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
2212 * \param message The alert message (SSL_ALERT_MSG_*)
2214 * \return 0 if successful, or a specific SSL error code.
2216 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context
*ssl
,
2217 unsigned char level
,
2218 unsigned char message
);
2220 * \brief Notify the peer that the connection is being closed
2222 * \param ssl SSL context
2224 int mbedtls_ssl_close_notify( mbedtls_ssl_context
*ssl
);
2227 * \brief Free referenced items in an SSL context and clear memory
2229 * \param ssl SSL context
2231 void mbedtls_ssl_free( mbedtls_ssl_context
*ssl
);
2234 * \brief Initialize an SSL configuration context
2235 * Just makes the context ready for
2236 * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
2238 * \note You need to call mbedtls_ssl_config_defaults() unless you
2239 * manually set all of the relevent fields yourself.
2241 * \param conf SSL configuration context
2243 void mbedtls_ssl_config_init( mbedtls_ssl_config
*conf
);
2246 * \brief Load reasonnable default SSL configuration values.
2247 * (You need to call mbedtls_ssl_config_init() first.)
2249 * \param conf SSL configuration context
2250 * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
2251 * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
2252 * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
2253 * \param preset a MBEDTLS_SSL_PRESET_XXX value
2254 * (currently unused).
2256 * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS.
2258 * \return 0 if successful, or
2259 * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
2261 int mbedtls_ssl_config_defaults( mbedtls_ssl_config
*conf
,
2262 int endpoint
, int transport
, int preset
);
2265 * \brief Free an SSL configuration context
2267 * \param conf SSL configuration context
2269 void mbedtls_ssl_config_free( mbedtls_ssl_config
*conf
);
2272 * \brief Initialize SSL session structure
2274 * \param session SSL session
2276 void mbedtls_ssl_session_init( mbedtls_ssl_session
*session
);
2279 * \brief Free referenced items in an SSL session including the
2280 * peer certificate and clear memory
2282 * \param session SSL session
2284 void mbedtls_ssl_session_free( mbedtls_ssl_session
*session
);