lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Run MBEDTLS_PRIVATE wrapping script on the library.

Browse Source 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk
2021-05-19 19:44:07 +02:00
parent 0d41abbde6
commit 846f021de2
55 changed files with 751 additions and 696 deletions
Download Patch File Download Diff File Expand all files Collapse all files

327
include/mbedtls/ssl.h
View File

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -912,11 +913,11 @@ typedef uint16_t mbedtls_ssl_srtp_profile;
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
uint16_t mki_len;
uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
}
mbedtls_dtls_srtp_info;
@ -936,17 +937,17 @@ mbedtls_dtls_srtp_info;
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t start; /*!< starting time */
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
int ciphersuite; /*!< chosen ciphersuite */
int compression; /*!< chosen compression */
size_t id_len; /*!< session id length */
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
@ -955,24 +956,24 @@ struct mbedtls_ssl_session
mbedtls_md_type_t peer_cert_digest_type;
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t verify_result; /*!< verification result */
uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
unsigned char *ticket; /*!< RFC 5077 session ticket */
size_t ticket_len; /*!< session ticket length */
uint32_t ticket_lifetime; /*!< ticket lifetime hint */
unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< flag for truncated hmac activation */
int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@ -990,114 +991,114 @@ struct mbedtls_ssl_config
/** Allowed ciphersuites per version. To access list's elements, please use
* \c mbedtls_ssl_get_protocol_version_ciphersuites
*/
const int *ciphersuite_list[3];
const int *MBEDTLS_PRIVATE(ciphersuite_list)[3];
/** Callback for printing debug output */
void (*f_dbg)(void *, int, const char *, int, const char *);
void *p_dbg; /*!< context for the debug function */
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *f_get_cache;
mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
mbedtls_ssl_cache_set_t *f_set_cache;
void *p_cache; /*!< context for cache callbacks */
mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_sni; /*!< context for SNI callback */
int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_psk; /*!< context for PSK callback */
int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */
int (*f_cookie_check)( void *, const unsigned char *, size_t,
int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
void *p_cookie; /*!< context for the cookie callbacks */
void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */
int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *p_ticket; /*!< context for the ticket callbacks */
int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
int (*f_export_keys)( void *, const unsigned char *,
int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
int (*f_export_keys_ext)( void *, const unsigned char *,
int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
mbedtls_x509_crt_ca_cb_t f_ca_cb;
void *p_ca_cb;
mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
mbedtls_mpi dhm_G; /*!< generator for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@ -1105,22 +1106,22 @@ struct mbedtls_ssl_config
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< The raw pre-shared key. This field should
unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
* have been configured, this has value NULL. */
size_t psk_len; /*!< The length of the raw pre-shared key.
size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
* \c psk is not \c NULL. */
unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* This is set if and only if either
* \c psk or \c psk_opaque are set. */
size_t psk_identity_len;/*!< The length of PSK identity.
size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
@ -1129,279 +1130,279 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
const char **alpn_list; /*!< ordered list of protocols */
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */
size_t dtls_srtp_profile_list_len;
size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
*/
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min; /*!< initial value of the handshake
uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */
uint32_t hs_timeout_max; /*!< maximum value of the handshake
uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records; /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters
int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
unsigned char max_major_ver; /*!< max. major version used */
unsigned char max_minor_ver; /*!< max. minor version used */
unsigned char min_major_ver; /*!< min. major version used */
unsigned char min_minor_ver; /*!< min. minor version used */
unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
unsigned int endpoint : 1; /*!< 0: client, 1: server */
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int mfl_code : 3; /*!< desired fragment length */
unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1; /*!< detect and prevent replay? */
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */
unsigned int MBEDTLS_PRIVATE(cbc_record_splitting) : 1; /*!< do cbc record splitting */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int session_tickets : 1; /*!< use session tickets? */
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
unsigned int fallback : 1; /*!< is this a fallback? */
unsigned int MBEDTLS_PRIVATE(fallback) : 1; /*!< is this a fallback? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context
{
const mbedtls_ssl_config *conf; /*!< configuration information */
const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/*
* Miscellaneous
*/
int state; /*!< SSL handshake: current state */
int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned badmac_seen; /*!< records with a bad MAC received */
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify callback */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */
void *p_bio; /*!< context for I/O operations */
void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
mbedtls_ssl_session *session_in; /*!< current session data (in) */
mbedtls_ssl_session *session_out; /*!< current session data (out) */
mbedtls_ssl_session *session; /*!< negotiated session data */
mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
mbedtls_ssl_handshake_params *handshake; /*!< params required only during
mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
mbedtls_ssl_transform *transform; /*!< negotiated transform params */
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/*
* Timers
*/
void *p_timer; /*!< context for the timer callbacks */
void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/*
* Record layer (incoming data)
*/
unsigned char *in_buf; /*!< input buffer */
unsigned char *in_ctr; /*!< 64-bit incoming message counter
unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us
DTLS: read from peer */
unsigned char *in_hdr; /*!< start of record header */
unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *in_cid; /*!< The start of the CID;
unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *in_len; /*!< two-bytes message length field */
unsigned char *in_iv; /*!< ivlen-byte IV */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
unsigned char *in_offt; /*!< read offset in application data */
unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
int in_msgtype; /*!< record header: message type */
size_t in_msglen; /*!< record header: message length */
size_t in_left; /*!< amount of data read so far */
int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len; /*!< length of input buffer */
size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t in_epoch; /*!< DTLS epoch for incoming records */
size_t next_record_offset; /*!< offset of the next record in datagram
uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top; /*!< last validated record seq_num */
uint64_t in_window; /*!< bitmask for replay detection */
uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
size_t in_hslen; /*!< current handshake message length,
size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
int nb_zero; /*!< # of 0-length encrypted messages */
int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
int keep_current_message; /*!< drop or reuse current message
int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint8_t disable_datagram_packing; /*!< Disable packing multiple records
uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
unsigned char *out_buf; /*!< output buffer */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< start of record header */
unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *out_cid; /*!< The start of the CID;
unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *out_len; /*!< two-bytes message length field */
unsigned char *out_iv; /*!< ivlen-byte IV */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
int out_msgtype; /*!< record header: message type */
size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */
int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len; /*!< length of output buffer */
size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
signed char split_done; /*!< current record already splitted? */
signed char MBEDTLS_PRIVATE(split_done); /*!< current record already splitted? */
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
/*
* PKI layer
*/
int client_auth; /*!< flag for client auth. */
int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
char *hostname; /*!< expected peer CN for verification
char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_chosen; /*!< negotiated protocol */
const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
mbedtls_dtls_srtp_info dtls_srtp_info;
mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */
unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
int secure_renegotiation; /*!< does peer support legacy or
int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
size_t verify_data_len; /*!< length of verify data stored */
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -1411,9 +1412,9 @@ struct mbedtls_ssl_context
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
uint8_t own_cid_len; /*!< The length of \c own_cid. */
uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */