Lines Matching defs:ssl
17 #include "mbedtls/ssl.h"
421 * \param ssl SSL context
425 size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl);
437 * \param ssl SSL context
441 size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl);
449 * \param ssl SSL context
454 size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl);
706 enum { /* this complements ssl->state with info on intra-state operations */
1271 * \param[in] ssl SSL context
1279 int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
1292 * \param[in] ssl SSL context
1300 mbedtls_ssl_context *ssl,
1318 * \param ssl SSL context
1320 void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl);
1322 /* set inbound transform of ssl context */
1323 void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl,
1326 /* set outbound transform of ssl context */
1327 void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl,
1331 int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
1333 int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
1334 void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
1335 static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl,
1338 ssl->state = (int) state;
1342 int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
1345 int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
1349 int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl);
1353 int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
1355 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
1357 int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
1366 * \param ssl The SSL context to use.
1403 * [Currently manual adaption of ssl->in_offt pointer]
1410 * [Currently manually through decreasing ssl->in_msglen]
1436 int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
1439 int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want);
1445 int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type,
1449 int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
1452 static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
1454 return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */);
1461 int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl,
1465 int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush);
1467 int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl);
1470 int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl);
1472 int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl);
1475 int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl);
1477 int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl);
1480 int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl);
1482 int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl);
1484 void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
1491 int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
1497 int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
1504 int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl,
1523 const mbedtls_ssl_context *ssl)
1525 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
1526 return ssl->handshake->psk_opaque;
1529 if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
1530 return ssl->conf->psk_opaque;
1543 static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
1546 if (ssl->MBEDTLS_PRIVATE(handshake)->psk != NULL && ssl->MBEDTLS_PRIVATE(handshake)->psk_len > 0)
1548 *psk = ssl->MBEDTLS_PRIVATE(handshake)->psk;
1549 *psk_len = ssl->MBEDTLS_PRIVATE(handshake)->psk_len;
1550 } else if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(psk) != NULL &&
1551 ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(psk_len) > 0) {
1552 *psk = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(psk);
1553 *psk_len = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(psk_len);
1577 int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
1581 int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
1584 int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
1653 static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
1657 if (ssl->MBEDTLS_PRIVATE(handshake) != NULL && ssl->MBEDTLS_PRIVATE(handshake)->key_cert != NULL) {
1658 key_cert = ssl->MBEDTLS_PRIVATE(handshake)->key_cert;
1660 key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
1666 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
1670 if (ssl->MBEDTLS_PRIVATE(handshake) != NULL && ssl->MBEDTLS_PRIVATE(handshake)->key_cert != NULL) {
1671 key_cert = ssl->MBEDTLS_PRIVATE(handshake)->key_cert;
1673 key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
1700 static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl)
1703 ((void) ssl);
1707 if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(transport) == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1716 static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
1718 return (size_t) (ssl->MBEDTLS_PRIVATE(out_iv) - ssl->MBEDTLS_PRIVATE(out_hdr));
1721 static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
1724 if(ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(transport) == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1728 ((void) ssl);
1734 void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
1735 void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);
1737 int mbedtls_ssl_resend(mbedtls_ssl_context *ssl);
1739 int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl);
1745 int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl);
1746 void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl);
1756 int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
1768 int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
1774 int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
1779 static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
1782 if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(transport) == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1786 ((void) ssl);
1793 int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl);
1796 void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs);
1798 int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
1800 void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl);
1801 void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
1803 void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
1806 int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial);
1807 void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
1814 int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl);
1819 void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl,
1825 mbedtls_ssl_pend_fatal_alert(ssl, type, user_return_value)
1828 void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl);
1831 void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl);
1835 int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl);
1839 size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl);
1840 void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl);
1845 * ssl utils functions for checking configuration.
1898 int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl);
1900 int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl);
1901 void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl);
1907 * \param[in] ssl SSL context
1913 int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
1921 * \param ssl SSL context
1924 int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl);
1929 * \param ssl SSL context
1932 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl);
1938 static inline int mbedtls_ssl_conf_tls13_is_kex_mode_enabled(mbedtls_ssl_context *ssl,
1941 return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0;
1944 static inline int mbedtls_ssl_conf_tls13_is_psk_enabled(mbedtls_ssl_context *ssl)
1946 return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
1950 static inline int mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(mbedtls_ssl_context *ssl)
1952 return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
1956 static inline int mbedtls_ssl_conf_tls13_is_ephemeral_enabled(mbedtls_ssl_context *ssl)
1958 return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
1962 static inline int mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
1964 return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
1968 static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context *ssl)
1970 return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
1980 * \param[in] ssl SSL context
1986 static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl,
1989 return (ssl->handshake->tls13_kex_modes & kex_modes_mask) != 0;
1992 static inline int mbedtls_ssl_tls13_is_psk_supported(mbedtls_ssl_context *ssl)
1994 return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
1999 mbedtls_ssl_context *ssl)
2001 return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
2005 static inline int mbedtls_ssl_tls13_is_ephemeral_supported(mbedtls_ssl_context *ssl)
2007 return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
2011 static inline int mbedtls_ssl_tls13_is_some_ephemeral_supported(mbedtls_ssl_context *ssl)
2013 return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
2017 static inline int mbedtls_ssl_tls13_is_some_psk_supported(mbedtls_ssl_context *ssl)
2019 return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
2031 mbedtls_ssl_context *ssl,
2037 mbedtls_ssl_context *ssl, unsigned int extension_type)
2039 ssl->handshake->sent_extensions |=
2047 mbedtls_ssl_context *ssl, int kex_mask)
2049 return (ssl->handshake->key_exchange_mode & kex_mask) != 0;
2053 mbedtls_ssl_context *ssl)
2055 return mbedtls_ssl_tls13_key_exchange_mode_check(ssl,
2060 mbedtls_ssl_context *ssl)
2062 return mbedtls_ssl_tls13_key_exchange_mode_check(ssl,
2070 int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl,
2079 * \param[in] ssl SSL context
2097 mbedtls_ssl_context *ssl,
2106 int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl);
2113 int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl);
2119 int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl);
2127 int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl);
2133 int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl);
2136 int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
2141 mbedtls_ssl_context *ssl,
2149 int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
2155 int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl,
2217 int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf,
2223 int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl,
2230 int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
2239 * In future, invocations can be changed to ssl->conf->group_list
2242 * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
2244 * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
2247 static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl)
2250 return ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(group_list);
2252 if ((ssl->MBEDTLS_PRIVATE(handshake) != NULL) && (ssl->MBEDTLS_PRIVATE(handshake)->group_list != NULL)) {
2253 return ssl->MBEDTLS_PRIVATE(handshake)->group_list;
2255 return ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(group_list);
2300 const mbedtls_ssl_context *ssl, uint16_t named_group)
2302 const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
2341 * In future, invocations can be changed to ssl->conf->sig_algs when
2344 * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
2346 * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
2351 const mbedtls_ssl_context *ssl)
2356 if (ssl->MBEDTLS_PRIVATE(handshake) != NULL &&
2357 ssl->MBEDTLS_PRIVATE(handshake)->sig_algs_heap_allocated == 1 &&
2358 ssl->MBEDTLS_PRIVATE(handshake)->sig_algs != NULL) {
2359 return ssl->MBEDTLS_PRIVATE(handshake)->sig_algs;
2362 return ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(sig_algs);
2366 ((void) ssl);
2372 static inline int mbedtls_ssl_sig_alg_is_received(const mbedtls_ssl_context *ssl,
2375 const uint16_t *sig_alg = ssl->MBEDTLS_PRIVATE(handshake)->MBEDTLS_PRIVATE(received_sig_algs);
2459 static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl,
2462 const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl);
2575 const mbedtls_ssl_context *ssl,
2580 if (ssl->MBEDTLS_PRIVATE(tls_version) == MBEDTLS_SSL_VERSION_TLS1_2) {
2586 if (ssl->MBEDTLS_PRIVATE(tls_version) == MBEDTLS_SSL_VERSION_TLS1_3) {
2590 ((void) ssl);
2730 int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
2737 mbedtls_ssl_context *ssl, int cipher_suite)
2739 const int *ciphersuite_list = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ciphersuite_list);
2753 * \param ssl SSL context
2762 const mbedtls_ssl_context *ssl,
2769 int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
2779 int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl,
2784 int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl,
2792 int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
2798 int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
2806 mbedtls_ssl_context *ssl,
2817 * \param[in] ssl SSL context
2828 mbedtls_ssl_context *ssl,
2837 * \param[in] ssl SSL context
2843 mbedtls_ssl_context *ssl,
2921 int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl);