#include "polarssl/config.h"
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
#include <stdlib.h>
Go to the source code of this file.
Defines | |
#define | polarssl_malloc malloc |
#define | polarssl_free free |
#define | POLARSSL_SSL_MAX_MAC_SIZE 48 |
Functions | |
static int | ssl_session_copy (ssl_session *dst, const ssl_session *src) |
static int | ssl3_prf (const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) |
static int | tls1_prf (const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) |
static int | tls_prf_sha256 (const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) |
static int | tls_prf_sha384 (const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) |
static void | ssl_update_checksum_start (ssl_context *, const unsigned char *, size_t) |
static void | ssl_update_checksum_md5sha1 (ssl_context *, const unsigned char *, size_t) |
static void | ssl_calc_verify_ssl (ssl_context *, unsigned char *) |
static void | ssl_calc_finished_ssl (ssl_context *, unsigned char *, int) |
static void | ssl_calc_verify_tls (ssl_context *, unsigned char *) |
static void | ssl_calc_finished_tls (ssl_context *, unsigned char *, int) |
static void | ssl_update_checksum_sha256 (ssl_context *, const unsigned char *, size_t) |
static void | ssl_calc_verify_tls_sha256 (ssl_context *, unsigned char *) |
static void | ssl_calc_finished_tls_sha256 (ssl_context *, unsigned char *, int) |
static void | ssl_update_checksum_sha384 (ssl_context *, const unsigned char *, size_t) |
static void | ssl_calc_verify_tls_sha384 (ssl_context *, unsigned char *) |
static void | ssl_calc_finished_tls_sha384 (ssl_context *, unsigned char *, int) |
int | ssl_derive_keys (ssl_context *ssl) |
void | ssl_calc_verify_ssl (ssl_context *ssl, unsigned char hash[36]) |
void | ssl_calc_verify_tls (ssl_context *ssl, unsigned char hash[36]) |
void | ssl_calc_verify_tls_sha256 (ssl_context *ssl, unsigned char hash[32]) |
void | ssl_calc_verify_tls_sha384 (ssl_context *ssl, unsigned char hash[48]) |
int | ssl_psk_derive_premaster (ssl_context *ssl, key_exchange_type_t key_ex) |
static void | ssl_mac (md_context_t *md_ctx, unsigned char *secret, unsigned char *buf, size_t len, unsigned char *ctr, int type) |
static int | ssl_encrypt_buf (ssl_context *ssl) |
static int | ssl_decrypt_buf (ssl_context *ssl) |
int | ssl_fetch_input (ssl_context *ssl, size_t nb_want) |
int | ssl_flush_output (ssl_context *ssl) |
int | ssl_write_record (ssl_context *ssl) |
int | ssl_read_record (ssl_context *ssl) |
int | ssl_send_fatal_handshake_failure (ssl_context *ssl) |
int | ssl_send_alert_message (ssl_context *ssl, unsigned char level, unsigned char message) |
Send an alert message. | |
int | ssl_write_certificate (ssl_context *ssl) |
int | ssl_parse_certificate (ssl_context *ssl) |
int | ssl_write_change_cipher_spec (ssl_context *ssl) |
int | ssl_parse_change_cipher_spec (ssl_context *ssl) |
void | ssl_optimize_checksum (ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info) |
void | ssl_handshake_wrapup (ssl_context *ssl) |
int | ssl_write_finished (ssl_context *ssl) |
int | ssl_parse_finished (ssl_context *ssl) |
static int | ssl_handshake_init (ssl_context *ssl) |
int | ssl_init (ssl_context *ssl) |
Initialize an SSL context (An individual SSL context is not thread-safe). | |
int | ssl_session_reset (ssl_context *ssl) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. | |
static int | ssl_ticket_keys_init (ssl_context *ssl) |
void | ssl_set_endpoint (ssl_context *ssl, int endpoint) |
Set the current endpoint type. | |
void | ssl_set_authmode (ssl_context *ssl, int authmode) |
Set the certificate verification mode. | |
void | ssl_set_verify (ssl_context *ssl, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy) |
Set the verification callback (Optional). | |
void | ssl_set_rng (ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Set the random number generator callback. | |
void | ssl_set_dbg (ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg) |
Set the debug callback. | |
void | ssl_set_bio (ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send) |
Set the underlying BIO read and write callbacks. | |
void | ssl_set_session_cache (ssl_context *ssl, int(*f_get_cache)(void *, ssl_session *), void *p_get_cache, int(*f_set_cache)(void *, const ssl_session *), void *p_set_cache) |
Set the session cache callbacks (server-side only) If not set, no session resuming is done. | |
int | ssl_set_session (ssl_context *ssl, const ssl_session *session) |
Request resumption of session (client-side only) Session data is copied from presented session structure. | |
void | ssl_set_ciphersuites (ssl_context *ssl, const int *ciphersuites) |
Set the list of allowed ciphersuites (Overrides all version specific lists). | |
void | ssl_set_ciphersuites_for_version (ssl_context *ssl, const int *ciphersuites, int major, int minor) |
Set the list of allowed ciphersuites for a specific version of the protocol. | |
static ssl_key_cert * | ssl_add_key_cert (ssl_context *ssl) |
void | ssl_set_ca_chain (ssl_context *ssl, x509_crt *ca_chain, x509_crl *ca_crl, const char *peer_cn) |
Set the data required to verify peer certificate. | |
int | ssl_set_own_cert (ssl_context *ssl, x509_crt *own_cert, pk_context *pk_key) |
Set own certificate chain and private key. | |
int | ssl_set_own_cert_rsa (ssl_context *ssl, x509_crt *own_cert, rsa_context *rsa_key) |
Set own certificate chain and private RSA key. | |
int | ssl_set_own_cert_alt (ssl_context *ssl, x509_crt *own_cert, void *rsa_key, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len) |
Set own certificate and alternate non-PolarSSL RSA private key and handling callbacks, such as the PKCS#11 wrappers or any other external private key handler. | |
int | ssl_set_psk (ssl_context *ssl, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len) |
Set the Pre Shared Key (PSK) and the identity name connected to it. | |
void | ssl_set_psk_cb (ssl_context *ssl, int(*f_psk)(void *, ssl_context *, const unsigned char *, size_t), void *p_psk) |
Set the PSK callback (server-side only) (Optional). | |
int | ssl_set_dh_param (ssl_context *ssl, const char *dhm_P, const char *dhm_G) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]). | |
int | ssl_set_dh_param_ctx (ssl_context *ssl, dhm_context *dhm_ctx) |
Set the Diffie-Hellman public P and G values, read from existing context (server-side only). | |
int | ssl_set_hostname (ssl_context *ssl, const char *hostname) |
Set hostname for ServerName TLS extension (client-side only). | |
void | ssl_set_sni (ssl_context *ssl, int(*f_sni)(void *, ssl_context *, const unsigned char *, size_t), void *p_sni) |
Set server side ServerName TLS extension callback (optional, server-side only). | |
void | ssl_set_max_version (ssl_context *ssl, int major, int minor) |
Set the maximum supported version sent from the client side and/or accepted at the server side (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION). | |
void | ssl_set_min_version (ssl_context *ssl, int major, int minor) |
Set the minimum accepted SSL/TLS protocol version (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION). | |
int | ssl_set_max_frag_len (ssl_context *ssl, unsigned char mfl_code) |
Set the maximum fragment length to emit and/or negotiate (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake (Client: set maximum fragment length to emit *and* negotiate with the server during handshake). | |
int | ssl_set_truncated_hmac (ssl_context *ssl, int truncate) |
Activate negotiation of truncated HMAC (Client only) (Default: SSL_TRUNC_HMAC_ENABLED). | |
void | ssl_set_renegotiation (ssl_context *ssl, int renegotiation) |
Enable / Disable renegotiation support for connection when initiated by peer (Default: SSL_RENEGOTIATION_DISABLED). | |
void | ssl_legacy_renegotiation (ssl_context *ssl, int allow_legacy) |
Prevent or allow legacy renegotiation. | |
int | ssl_set_session_tickets (ssl_context *ssl, int use_tickets) |
Enable / Disable session tickets (Default: SSL_SESSION_TICKETS_ENABLED on client, SSL_SESSION_TICKETS_DISABLED on server). | |
void | ssl_set_session_ticket_lifetime (ssl_context *ssl, int lifetime) |
Set session ticket lifetime (server only) (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day)). | |
size_t | ssl_get_bytes_avail (const ssl_context *ssl) |
Return the number of data bytes available to read. | |
int | ssl_get_verify_result (const ssl_context *ssl) |
Return the result of the certificate verification. | |
const char * | ssl_get_ciphersuite (const ssl_context *ssl) |
Return the name of the current ciphersuite. | |
const char * | ssl_get_version (const ssl_context *ssl) |
Return the current SSL version (SSLv3/TLSv1/etc). | |
const x509_crt * | ssl_get_peer_cert (const ssl_context *ssl) |
Return the peer certificate from the current connection. | |
int | ssl_get_session (const ssl_context *ssl, ssl_session *dst) |
Save session in order to resume it later (client-side only) Session data is copied to presented session structure. | |
int | ssl_handshake_step (ssl_context *ssl) |
Perform a single step of the SSL handshake. | |
int | ssl_handshake (ssl_context *ssl) |
Perform the SSL handshake. | |
static int | ssl_write_hello_request (ssl_context *ssl) |
static int | ssl_start_renegotiation (ssl_context *ssl) |
int | ssl_renegotiate (ssl_context *ssl) |
Initiate an SSL renegotiation on the running connection. | |
int | ssl_read (ssl_context *ssl, unsigned char *buf, size_t len) |
Read at most 'len' application data bytes. | |
int | ssl_write (ssl_context *ssl, const unsigned char *buf, size_t len) |
Write exactly 'len' application data bytes. | |
int | ssl_close_notify (ssl_context *ssl) |
Notify the peer that the connection is being closed. | |
void | ssl_transform_free (ssl_transform *transform) |
Free referenced items in an SSL transform context and clear memory. | |
static void | ssl_key_cert_free (ssl_key_cert *key_cert) |
void | ssl_handshake_free (ssl_handshake_params *handshake) |
Free referenced items in an SSL handshake context and clear memory. | |
void | ssl_session_free (ssl_session *session) |
Free referenced items in an SSL session including the peer certificate and clear memory. | |
void | ssl_free (ssl_context *ssl) |
Free referenced items in an SSL context and clear memory. | |
unsigned char | ssl_sig_from_pk (pk_context *pk) |
pk_type_t | ssl_pk_alg_from_sig (unsigned char sig) |
md_type_t | ssl_md_alg_from_hash (unsigned char hash) |
Variables | |
static unsigned int | mfl_code_to_length [SSL_MAX_FRAG_LEN_INVALID] |
#define polarssl_free free |
#define polarssl_malloc malloc |
#define POLARSSL_SSL_MAX_MAC_SIZE 48 |
Definition at line 1311 of file ssl_tls.c.
Referenced by ssl_decrypt_buf().
static int ssl3_prf | ( | const unsigned char * | secret, | |
size_t | slen, | |||
const char * | label, | |||
const unsigned char * | random, | |||
size_t | rlen, | |||
unsigned char * | dstbuf, | |||
size_t | dlen | |||
) | [static] |
Definition at line 133 of file ssl_tls.c.
References md5(), md5_finish(), md5_starts(), md5_update(), sha1(), sha1_finish(), sha1_starts(), and sha1_update().
Referenced by ssl_derive_keys().
static ssl_key_cert* ssl_add_key_cert | ( | ssl_context * | ssl | ) | [static] |
Definition at line 3572 of file ssl_tls.c.
References _ssl_context::handshake, _ssl_handshake_params::key_cert, _ssl_context::key_cert, _ssl_key_cert::next, and polarssl_malloc.
Referenced by ssl_set_own_cert(), ssl_set_own_cert_alt(), and ssl_set_own_cert_rsa().
static void ssl_calc_finished_ssl | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
int | from | |||
) | [static] |
Definition at line 2780 of file ssl_tls.c.
References _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_context::handshake, _ssl_session::master, md5(), md5_finish(), md5_starts(), md5_update(), _ssl_context::session, _ssl_context::session_negotiate, sha1(), sha1_finish(), sha1_starts(), sha1_update(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_IS_CLIENT, sha1_context::state, and md5_context::state.
Referenced by ssl_derive_keys().
static void ssl_calc_finished_tls | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
int | from | |||
) | [static] |
Definition at line 2862 of file ssl_tls.c.
References _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_context::handshake, _ssl_session::master, md5(), md5_finish(), _ssl_context::session, _ssl_context::session_negotiate, sha1(), sha1_finish(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_IS_CLIENT, sha1_context::state, md5_context::state, and _ssl_handshake_params::tls_prf.
Referenced by ssl_derive_keys().
static void ssl_calc_finished_tls_sha256 | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
int | from | |||
) | [static] |
Definition at line 2919 of file ssl_tls.c.
References _ssl_handshake_params::fin_sha256, _ssl_context::handshake, _ssl_session::master, _ssl_context::session, _ssl_context::session_negotiate, sha256(), sha256_finish(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_IS_CLIENT, sha256_context::state, and _ssl_handshake_params::tls_prf.
Referenced by ssl_derive_keys().
static void ssl_calc_finished_tls_sha384 | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
int | from | |||
) | [static] |
Definition at line 2966 of file ssl_tls.c.
References _ssl_handshake_params::fin_sha512, _ssl_context::handshake, _ssl_session::master, _ssl_context::session, _ssl_context::session_negotiate, sha512(), sha512_finish(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_IS_CLIENT, sha512_context::state, and _ssl_handshake_params::tls_prf.
Referenced by ssl_derive_keys().
void ssl_calc_verify_ssl | ( | ssl_context * | ssl, | |
unsigned char | hash[36] | |||
) |
Definition at line 725 of file ssl_tls.c.
References _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_context::handshake, _ssl_session::master, md5(), md5_finish(), md5_starts(), md5_update(), _ssl_context::session_negotiate, sha1(), sha1_finish(), sha1_starts(), sha1_update(), SSL_DEBUG_BUF, and SSL_DEBUG_MSG.
static void ssl_calc_verify_ssl | ( | ssl_context * | , | |
unsigned char * | ||||
) | [static] |
Referenced by ssl_derive_keys().
void ssl_calc_verify_tls | ( | ssl_context * | ssl, | |
unsigned char | hash[36] | |||
) |
Definition at line 768 of file ssl_tls.c.
References _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_context::handshake, md5(), md5_finish(), sha1(), sha1_finish(), SSL_DEBUG_BUF, and SSL_DEBUG_MSG.
static void ssl_calc_verify_tls | ( | ssl_context * | , | |
unsigned char * | ||||
) | [static] |
Referenced by ssl_derive_keys().
void ssl_calc_verify_tls_sha256 | ( | ssl_context * | ssl, | |
unsigned char | hash[32] | |||
) |
Definition at line 790 of file ssl_tls.c.
References _ssl_handshake_params::fin_sha256, _ssl_context::handshake, sha256(), sha256_finish(), SSL_DEBUG_BUF, and SSL_DEBUG_MSG.
static void ssl_calc_verify_tls_sha256 | ( | ssl_context * | , | |
unsigned char * | ||||
) | [static] |
Referenced by ssl_derive_keys().
void ssl_calc_verify_tls_sha384 | ( | ssl_context * | ssl, | |
unsigned char | hash[48] | |||
) |
Definition at line 807 of file ssl_tls.c.
References _ssl_handshake_params::fin_sha512, _ssl_context::handshake, sha512(), sha512_finish(), SSL_DEBUG_BUF, and SSL_DEBUG_MSG.
static void ssl_calc_verify_tls_sha384 | ( | ssl_context * | , | |
unsigned char * | ||||
) | [static] |
Referenced by ssl_derive_keys().
int ssl_close_notify | ( | ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
ssl | SSL context |
Definition at line 4289 of file ssl_tls.c.
References SSL_ALERT_LEVEL_WARNING, SSL_ALERT_MSG_CLOSE_NOTIFY, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_flush_output(), SSL_HANDSHAKE_OVER, ssl_send_alert_message(), and _ssl_context::state.
static int ssl_decrypt_buf | ( | ssl_context * | ssl | ) | [static] |
Definition at line 1313 of file ssl_tls.c.
References _ssl_transform::cipher_ctx_dec, cipher_finish(), cipher_context_t::cipher_info, cipher_reset(), cipher_set_iv(), cipher_update(), _ssl_transform::fixed_ivlen, _ssl_context::in_ctr, _ssl_context::in_hdr, _ssl_context::in_iv, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, cipher_context_t::iv, _ssl_transform::iv_dec, _ssl_transform::ivlen, _ssl_transform::mac_dec, _ssl_transform::maclen, _ssl_context::major_ver, _ssl_transform::md_ctx_dec, md_hmac_finish(), md_hmac_reset(), md_hmac_update(), md_process(), _ssl_transform::minlen, _ssl_context::minor_ver, cipher_info_t::mode, _ssl_context::nb_zero, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_ERR_SSL_INTERNAL_ERROR, POLARSSL_ERR_SSL_INVALID_MAC, POLARSSL_MODE_CBC, POLARSSL_MODE_GCM, POLARSSL_MODE_STREAM, POLARSSL_SSL_MAX_MAC_SIZE, safer_memcmp(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_mac(), SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_2, and _ssl_context::transform_in.
Referenced by ssl_read_record().
int ssl_derive_keys | ( | ssl_context * | ssl | ) |
Definition at line 359 of file ssl_tls.c.
References _ssl_handshake_params::calc_finished, _ssl_handshake_params::calc_verify, _ssl_ciphersuite_t::cipher, _ssl_transform::cipher_ctx_dec, _ssl_transform::cipher_ctx_enc, cipher_info_from_type(), cipher_init_ctx(), cipher_setkey(), _ssl_session::ciphersuite, _ssl_transform::ciphersuite_info, _ssl_session::compression, _ssl_context::endpoint, _ssl_transform::fixed_ivlen, _ssl_context::handshake, _ssl_transform::iv_dec, _ssl_transform::iv_enc, cipher_info_t::iv_size, _ssl_transform::ivlen, cipher_info_t::key_length, _ssl_transform::keylen, _ssl_ciphersuite_t::mac, _ssl_transform::mac_dec, _ssl_transform::mac_enc, _ssl_transform::maclen, _ssl_session::master, _ssl_transform::md_ctx_dec, _ssl_transform::md_ctx_enc, md_get_size(), md_hmac_starts(), md_info_from_type(), md_init_ctx(), _ssl_transform::minlen, _ssl_context::minor_ver, cipher_info_t::mode, _ssl_handshake_params::pmslen, POLARSSL_DECRYPT, POLARSSL_ENCRYPT, POLARSSL_ERR_SSL_BAD_INPUT_DATA, POLARSSL_ERR_SSL_COMPRESSION_FAILED, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_ERR_SSL_HW_ACCEL_FAILED, POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_malloc, POLARSSL_MD_NONE, POLARSSL_MD_SHA384, POLARSSL_MODE_CBC, POLARSSL_MODE_GCM, POLARSSL_MODE_STREAM, POLARSSL_PADDING_NONE, _ssl_handshake_params::premaster, _ssl_handshake_params::randbytes, _ssl_handshake_params::resume, _ssl_context::session_negotiate, ssl3_prf(), SSL_BUFFER_LEN, ssl_calc_finished_ssl(), ssl_calc_finished_tls(), ssl_calc_finished_tls_sha256(), ssl_calc_finished_tls_sha384(), ssl_calc_verify_ssl(), ssl_calc_verify_tls(), ssl_calc_verify_tls_sha256(), ssl_calc_verify_tls_sha384(), SSL_COMPRESS_DEFLATE, SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_get_ciphersuite_name(), SSL_IS_CLIENT, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MINOR_VERSION_3, SSL_TRUNC_HMAC_ENABLED, SSL_TRUNCATED_HMAC_LEN, tls1_prf(), _ssl_handshake_params::tls_prf, tls_prf_sha256(), tls_prf_sha384(), _ssl_context::transform_negotiate, _ssl_session::trunc_hmac, and md_info_t::type.
Referenced by ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_write_client_key_exchange(), and ssl_write_server_hello().
static int ssl_encrypt_buf | ( | ssl_context * | ssl | ) | [static] |
Definition at line 970 of file ssl_tls.c.
References _ssl_transform::cipher_ctx_enc, cipher_finish(), cipher_context_t::cipher_info, cipher_reset(), cipher_set_iv(), cipher_update(), _ssl_context::f_rng, _ssl_transform::fixed_ivlen, cipher_context_t::iv, _ssl_transform::iv_enc, _ssl_transform::ivlen, _ssl_transform::mac_enc, _ssl_transform::maclen, _ssl_context::major_ver, _ssl_transform::md_ctx_enc, md_hmac_finish(), md_hmac_reset(), md_hmac_update(), _ssl_context::minor_ver, cipher_info_t::mode, _ssl_context::out_ctr, _ssl_context::out_iv, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, _ssl_context::p_rng, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_ERR_SSL_INTERNAL_ERROR, POLARSSL_MODE_CBC, POLARSSL_MODE_GCM, POLARSSL_MODE_STREAM, SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_mac(), SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MINOR_VERSION_2, and _ssl_context::transform_out.
Referenced by ssl_write_record().
int ssl_fetch_input | ( | ssl_context * | ssl, | |
size_t | nb_want | |||
) |
Definition at line 1856 of file ssl_tls.c.
References _ssl_context::f_recv, _ssl_context::in_hdr, _ssl_context::in_left, _ssl_context::p_recv, POLARSSL_ERR_SSL_CONN_EOF, SSL_DEBUG_MSG, and SSL_DEBUG_RET.
Referenced by ssl_parse_client_hello(), ssl_parse_client_hello_v2(), and ssl_read_record().
int ssl_flush_output | ( | ssl_context * | ssl | ) |
Definition at line 1889 of file ssl_tls.c.
References _ssl_context::f_send, _ssl_context::out_hdr, _ssl_context::out_left, _ssl_context::out_msglen, _ssl_context::p_send, SSL_DEBUG_MSG, and SSL_DEBUG_RET.
Referenced by ssl_close_notify(), ssl_handshake_client_step(), ssl_handshake_server_step(), ssl_write(), and ssl_write_record().
void ssl_free | ( | ssl_context * | ssl | ) |
Free referenced items in an SSL context and clear memory.
ssl | SSL context |
Definition at line 4409 of file ssl_tls.c.
References _ssl_context::dhm_G, _ssl_context::dhm_P, _ssl_context::handshake, _ssl_context::hostname, _ssl_context::hostname_len, _ssl_context::in_ctr, _ssl_context::key_cert, mpi_free(), _ssl_context::out_ctr, polarssl_free, _ssl_context::psk, _ssl_context::psk_identity, _ssl_context::psk_identity_len, _ssl_context::psk_len, _ssl_context::session, _ssl_context::session_negotiate, SSL_BUFFER_LEN, SSL_DEBUG_MSG, ssl_handshake_free(), ssl_key_cert_free(), ssl_session_free(), ssl_transform_free(), _ssl_context::ticket_keys, _ssl_context::transform, and _ssl_context::transform_negotiate.
size_t ssl_get_bytes_avail | ( | const ssl_context * | ssl | ) |
Return the number of data bytes available to read.
ssl | SSL context |
Definition at line 3872 of file ssl_tls.c.
References _ssl_context::in_msglen, and _ssl_context::in_offt.
const char* ssl_get_ciphersuite | ( | const ssl_context * | ssl | ) |
Return the name of the current ciphersuite.
ssl | SSL context |
Definition at line 3882 of file ssl_tls.c.
References _ssl_session::ciphersuite, _ssl_context::session, and ssl_get_ciphersuite_name().
const x509_crt* ssl_get_peer_cert | ( | const ssl_context * | ssl | ) |
Return the peer certificate from the current connection.
Note: Can be NULL in case no certificate was sent during the handshake. Different calls for the same connection can return the same or different pointers for the same certificate and even a different certificate altogether. The peer cert CAN change in a single connection if renegotiation is performed.
ssl | SSL context |
Definition at line 3913 of file ssl_tls.c.
References _ssl_session::peer_cert, and _ssl_context::session.
int ssl_get_session | ( | const ssl_context * | ssl, | |
ssl_session * | session | |||
) |
Save session in order to resume it later (client-side only) Session data is copied to presented session structure.
ssl | SSL context | |
session | session context |
Definition at line 3922 of file ssl_tls.c.
References _ssl_context::endpoint, POLARSSL_ERR_SSL_BAD_INPUT_DATA, _ssl_context::session, SSL_IS_CLIENT, and ssl_session_copy().
int ssl_get_verify_result | ( | const ssl_context * | ssl | ) |
Return the result of the certificate verification.
ssl | SSL context |
Definition at line 3877 of file ssl_tls.c.
References _ssl_context::session, and _ssl_session::verify_result.
const char* ssl_get_version | ( | const ssl_context * | ssl | ) |
Return the current SSL version (SSLv3/TLSv1/etc).
ssl | SSL context |
Definition at line 3890 of file ssl_tls.c.
References _ssl_context::minor_ver, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MINOR_VERSION_2, and SSL_MINOR_VERSION_3.
int ssl_handshake | ( | ssl_context * | ssl | ) |
Perform the SSL handshake.
ssl | SSL context |
Definition at line 3958 of file ssl_tls.c.
References SSL_DEBUG_MSG, SSL_HANDSHAKE_OVER, ssl_handshake_step(), and _ssl_context::state.
Referenced by ssl_read(), ssl_renegotiate(), ssl_start_renegotiation(), and ssl_write().
void ssl_handshake_free | ( | ssl_handshake_params * | handshake | ) |
Free referenced items in an SSL handshake context and clear memory.
handshake | SSL handshake context |
Definition at line 4353 of file ssl_tls.c.
References _ssl_handshake_params::curves, _ssl_handshake_params::dhm_ctx, dhm_free(), _ssl_handshake_params::ecdh_ctx, ecdh_free(), _ssl_key_cert::next, polarssl_free, and _ssl_handshake_params::sni_key_cert.
Referenced by ssl_free(), ssl_handshake_init(), and ssl_handshake_wrapup().
static int ssl_handshake_init | ( | ssl_context * | ssl | ) | [static] |
Definition at line 3224 of file ssl_tls.c.
References _ssl_handshake_params::ecdh_ctx, ecdh_init(), _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_handshake_params::fin_sha256, _ssl_handshake_params::fin_sha512, _ssl_context::handshake, _ssl_context::key_cert, _ssl_handshake_params::key_cert, md5_starts(), POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_malloc, _ssl_context::session_negotiate, sha1_starts(), sha256_starts(), sha512_starts(), _ssl_handshake_params::sig_alg, SSL_DEBUG_MSG, ssl_handshake_free(), SSL_HASH_SHA1, ssl_session_free(), ssl_transform_free(), ssl_update_checksum_start(), _ssl_context::transform_negotiate, and _ssl_handshake_params::update_checksum.
Referenced by ssl_init(), ssl_session_reset(), and ssl_start_renegotiation().
int ssl_handshake_step | ( | ssl_context * | ssl | ) |
Perform a single step of the SSL handshake.
Note: the state of the context (ssl->state) will be at the following state after execution of this function. Do not call this function if state is SSL_HANDSHAKE_OVER.
ssl | SSL context |
Definition at line 3938 of file ssl_tls.c.
References _ssl_context::endpoint, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, ssl_handshake_client_step(), ssl_handshake_server_step(), SSL_IS_CLIENT, and SSL_IS_SERVER.
Referenced by ssl_handshake().
void ssl_handshake_wrapup | ( | ssl_context * | ssl | ) |
Definition at line 3013 of file ssl_tls.c.
References _ssl_context::f_set_cache, _ssl_context::handshake, _ssl_session::length, _ssl_context::p_set_cache, polarssl_free, _ssl_context::renegotiation, _ssl_handshake_params::resume, _ssl_context::session, _ssl_context::session_negotiate, SSL_DEBUG_MSG, ssl_handshake_free(), SSL_RENEGOTIATION, SSL_RENEGOTIATION_DONE, ssl_session_free(), ssl_transform_free(), _ssl_context::state, _ssl_context::transform, and _ssl_context::transform_negotiate.
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
int ssl_init | ( | ssl_context * | ssl | ) |
Initialize an SSL context (An individual SSL context is not thread-safe).
ssl | SSL context |
Definition at line 3293 of file ssl_tls.c.
References _ssl_context::dhm_G, _ssl_context::dhm_P, _ssl_context::in_ctr, _ssl_context::in_hdr, _ssl_context::in_iv, _ssl_context::in_msg, _ssl_context::max_major_ver, _ssl_context::max_minor_ver, _ssl_context::min_major_ver, _ssl_context::min_minor_ver, mpi_read_string(), _ssl_context::out_ctr, _ssl_context::out_hdr, _ssl_context::out_iv, _ssl_context::out_msg, POLARSSL_DHM_RFC5114_MODP_1024_G, POLARSSL_DHM_RFC5114_MODP_1024_P, POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_free, polarssl_malloc, SSL_BUFFER_LEN, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_DEFAULT_TICKET_LIFETIME, ssl_handshake_init(), ssl_list_ciphersuites(), SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION, SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION, ssl_set_ciphersuites(), and _ssl_context::ticket_lifetime.
static void ssl_key_cert_free | ( | ssl_key_cert * | key_cert | ) | [static] |
Definition at line 4333 of file ssl_tls.c.
References _ssl_key_cert::key, _ssl_key_cert::key_own_alloc, _ssl_key_cert::next, pk_free(), and polarssl_free.
Referenced by ssl_free().
void ssl_legacy_renegotiation | ( | ssl_context * | ssl, | |
int | allow_legacy | |||
) |
Prevent or allow legacy renegotiation.
(Default: SSL_LEGACY_NO_RENEGOTIATION)
SSL_LEGACY_NO_RENEGOTIATION allows connections to be established even if the peer does not support secure renegotiation, but does not allow renegotiation to take place if not secure. (Interoperable and secure option)
SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations with non-upgraded peers. Allowing legacy renegotiation makes the connection vulnerable to specific man in the middle attacks. (See RFC 5746) (Most interoperable and least secure option)
SSL_LEGACY_BREAK_HANDSHAKE breaks off connections if peer does not support secure renegotiation. Results in interoperability issues with non-upgraded peers that do not support renegotiation altogether. (Most secure option, interoperability issues)
ssl | SSL context | |
allow_legacy | Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, SSL_ALLOW_LEGACY_RENEGOTIATION or SSL_LEGACY_BREAK_HANDSHAKE) |
Definition at line 3844 of file ssl_tls.c.
References _ssl_context::allow_legacy_renegotiation.
static void ssl_mac | ( | md_context_t * | md_ctx, | |
unsigned char * | secret, | |||
unsigned char * | buf, | |||
size_t | len, | |||
unsigned char * | ctr, | |||
int | type | |||
) | [static] |
Definition at line 928 of file ssl_tls.c.
References md_finish(), md_get_size(), md_get_type(), md_context_t::md_info, md_starts(), md_update(), POLARSSL_MD_MD5, POLARSSL_MD_SHA1, and POLARSSL_MD_SHA256.
Referenced by ssl_decrypt_buf(), and ssl_encrypt_buf().
md_type_t ssl_md_alg_from_hash | ( | unsigned char | hash | ) |
Definition at line 4542 of file ssl_tls.c.
References POLARSSL_MD_MD5, POLARSSL_MD_NONE, POLARSSL_MD_SHA1, POLARSSL_MD_SHA224, POLARSSL_MD_SHA256, POLARSSL_MD_SHA384, POLARSSL_MD_SHA512, SSL_HASH_MD5, SSL_HASH_SHA1, SSL_HASH_SHA224, SSL_HASH_SHA256, SSL_HASH_SHA384, and SSL_HASH_SHA512.
Referenced by ssl_parse_certificate_verify(), ssl_parse_signature_algorithm(), and ssl_write_server_key_exchange().
void ssl_optimize_checksum | ( | ssl_context * | ssl, | |
const ssl_ciphersuite_t * | ciphersuite_info | |||
) |
Definition at line 2706 of file ssl_tls.c.
References _ssl_context::handshake, _ssl_ciphersuite_t::mac, _ssl_context::minor_ver, POLARSSL_MD_SHA384, SSL_MINOR_VERSION_3, ssl_update_checksum_md5sha1(), ssl_update_checksum_sha256(), ssl_update_checksum_sha384(), and _ssl_handshake_params::update_checksum.
Referenced by ssl_parse_client_hello(), ssl_parse_client_hello_v2(), and ssl_parse_server_hello().
int ssl_parse_certificate | ( | ssl_context * | ssl | ) |
Definition at line 2472 of file ssl_tls.c.
References _ssl_context::authmode, BADCERT_MISSING, BADCERT_SKIP_VERIFY, _ssl_context::ca_chain, _ssl_context::ca_crl, _ssl_transform::ciphersuite_info, _ssl_context::endpoint, _ssl_context::f_vrfy, _ssl_context::in_hslen, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, _ssl_ciphersuite_t::key_exchange, _ssl_context::minor_ver, _ssl_context::p_vrfy, _ssl_session::peer_cert, _ssl_context::peer_cn, POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE, POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_ERR_SSL_MALLOC_FAILED, POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE, POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE, polarssl_free, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_KEY_EXCHANGE_ECDHE_PSK, POLARSSL_KEY_EXCHANGE_PSK, polarssl_malloc, _ssl_context::session_negotiate, SSL_ALERT_LEVEL_WARNING, SSL_ALERT_MSG_NO_CERT, SSL_DEBUG_CRT, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_HS_CERTIFICATE, SSL_IS_SERVER, SSL_MINOR_VERSION_0, SSL_MSG_ALERT, SSL_MSG_HANDSHAKE, ssl_read_record(), SSL_VERIFY_NONE, SSL_VERIFY_OPTIONAL, SSL_VERIFY_REQUIRED, _ssl_context::state, _ssl_context::transform_negotiate, _ssl_session::verify_result, x509_crt_free(), x509_crt_init(), x509_crt_parse_der(), and x509_crt_verify().
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
int ssl_parse_change_cipher_spec | ( | ssl_context * | ssl | ) |
Definition at line 2675 of file ssl_tls.c.
References _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC, POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_MSG_CHANGE_CIPHER_SPEC, ssl_read_record(), and _ssl_context::state.
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
int ssl_parse_finished | ( | ssl_context * | ssl | ) |
Definition at line 3137 of file ssl_tls.c.
References _ssl_handshake_params::calc_finished, _ssl_context::endpoint, _ssl_transform::fixed_ivlen, _ssl_context::handshake, _ssl_context::in_ctr, _ssl_context::in_hslen, _ssl_context::in_iv, _ssl_context::in_msg, _ssl_context::in_msgtype, _ssl_transform::ivlen, _ssl_context::minor_ver, _ssl_context::peer_verify_data, POLARSSL_ERR_SSL_BAD_HS_FINISHED, POLARSSL_ERR_SSL_HW_ACCEL_FAILED, POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE, _ssl_handshake_params::resume, safer_memcmp(), _ssl_context::session_in, _ssl_context::session_negotiate, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_HANDSHAKE_WRAPUP, SSL_HS_FINISHED, SSL_IS_CLIENT, SSL_IS_SERVER, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_2, SSL_MSG_HANDSHAKE, ssl_read_record(), _ssl_context::state, _ssl_context::transform_in, _ssl_context::transform_negotiate, and _ssl_context::verify_data_len.
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
pk_type_t ssl_pk_alg_from_sig | ( | unsigned char | sig | ) |
Definition at line 4521 of file ssl_tls.c.
References POLARSSL_PK_ECDSA, POLARSSL_PK_NONE, POLARSSL_PK_RSA, SSL_SIG_ECDSA, and SSL_SIG_RSA.
Referenced by ssl_parse_certificate_verify(), and ssl_parse_signature_algorithm().
int ssl_psk_derive_premaster | ( | ssl_context * | ssl, | |
key_exchange_type_t | key_ex | |||
) |
Definition at line 825 of file ssl_tls.c.
References dhm_calc_secret(), _ssl_handshake_params::dhm_ctx, ecdh_calc_secret(), _ssl_handshake_params::ecdh_ctx, _ssl_context::f_rng, _ssl_context::handshake, dhm_context::K, dhm_context::len, _ssl_context::p_rng, _ssl_handshake_params::pmslen, POLARSSL_ERR_SSL_BAD_INPUT_DATA, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_KEY_EXCHANGE_ECDHE_PSK, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_KEY_EXCHANGE_RSA_PSK, _ssl_handshake_params::premaster, _ssl_context::psk, _ssl_context::psk_len, SSL_DEBUG_MPI, SSL_DEBUG_MSG, SSL_DEBUG_RET, and ecdh_context::z.
Referenced by ssl_parse_client_key_exchange(), and ssl_write_client_key_exchange().
int ssl_read | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
size_t | len | |||
) |
Read at most 'len' application data bytes.
ssl | SSL context | |
buf | buffer that will hold the data | |
len | how many bytes must be read |
Definition at line 4088 of file ssl_tls.c.
References _ssl_context::allow_legacy_renegotiation, _ssl_context::disable_renegotiation, _ssl_context::endpoint, _ssl_context::in_hslen, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, _ssl_context::in_offt, _ssl_context::minor_ver, POLARSSL_ERR_NET_WANT_READ, POLARSSL_ERR_SSL_CONN_EOF, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE, _ssl_context::renegotiation, _ssl_context::secure_renegotiation, SSL_ALERT_LEVEL_WARNING, SSL_ALERT_MSG_NO_RENEGOTIATION, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_handshake(), SSL_HANDSHAKE_OVER, SSL_HS_HELLO_REQUEST, SSL_IS_CLIENT, SSL_LEGACY_NO_RENEGOTIATION, SSL_LEGACY_RENEGOTIATION, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MSG_APPLICATION_DATA, SSL_MSG_HANDSHAKE, ssl_read_record(), SSL_RENEGOTIATION_DISABLED, SSL_RENEGOTIATION_PENDING, ssl_send_alert_message(), ssl_send_fatal_handshake_failure(), ssl_start_renegotiation(), and _ssl_context::state.
int ssl_read_record | ( | ssl_context * | ssl | ) |
Subtract from error code as ssl->in_msg[1] is 7-bit positive error identifier.
Definition at line 2010 of file ssl_tls.c.
References _ssl_session::compression, _ssl_context::handshake, _ssl_context::in_hdr, _ssl_context::in_hslen, _ssl_context::in_left, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, _ssl_context::major_ver, _ssl_context::max_minor_ver, _ssl_transform::minlen, _ssl_context::minor_ver, POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE, POLARSSL_ERR_SSL_HW_ACCEL_FAILED, POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH, POLARSSL_ERR_SSL_INVALID_MAC, POLARSSL_ERR_SSL_INVALID_RECORD, POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY, _ssl_context::session_in, SSL_ALERT_LEVEL_FATAL, SSL_ALERT_LEVEL_WARNING, SSL_ALERT_MSG_BAD_RECORD_MAC, SSL_ALERT_MSG_CLOSE_NOTIFY, SSL_ALERT_MSG_UNEXPECTED_MESSAGE, SSL_COMPRESS_DEFLATE, SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_decrypt_buf(), ssl_fetch_input(), SSL_HANDSHAKE_OVER, SSL_MAX_CONTENT_LEN, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MSG_ALERT, SSL_MSG_APPLICATION_DATA, SSL_MSG_CHANGE_CIPHER_SPEC, SSL_MSG_HANDSHAKE, ssl_send_alert_message(), _ssl_context::state, _ssl_context::transform_in, and _ssl_handshake_params::update_checksum.
Referenced by ssl_parse_certificate(), ssl_parse_certificate_request(), ssl_parse_certificate_verify(), ssl_parse_change_cipher_spec(), ssl_parse_client_key_exchange(), ssl_parse_finished(), ssl_parse_new_session_ticket(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), and ssl_read().
int ssl_renegotiate | ( | ssl_context * | ssl | ) |
Initiate an SSL renegotiation on the running connection.
Client: perform the renegotiation right now. Server: request renegotiation, which will be performed during the next call to ssl_read() if honored by client.
ssl | SSL context |
Definition at line 4041 of file ssl_tls.c.
References _ssl_context::endpoint, POLARSSL_ERR_SSL_BAD_INPUT_DATA, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, _ssl_context::renegotiation, SSL_DEBUG_RET, ssl_handshake(), SSL_HANDSHAKE_OVER, SSL_IS_SERVER, SSL_RENEGOTIATION, ssl_start_renegotiation(), ssl_write_hello_request(), and _ssl_context::state.
int ssl_send_alert_message | ( | ssl_context * | ssl, | |
unsigned char | level, | |||
unsigned char | message | |||
) |
Send an alert message.
ssl | SSL context | |
level | The alert level of the message (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL) | |
message | The alert message (SSL_ALERT_MSG_*) |
Definition at line 2290 of file ssl_tls.c.
References _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_MSG_ALERT, and ssl_write_record().
Referenced by ssl_close_notify(), ssl_parse_client_hello(), ssl_parse_client_hello_v2(), ssl_parse_client_psk_identity(), ssl_parse_server_hello(), ssl_parse_servername_ext(), ssl_read(), ssl_read_record(), and ssl_send_fatal_handshake_failure().
int ssl_send_fatal_handshake_failure | ( | ssl_context * | ssl | ) |
Definition at line 2276 of file ssl_tls.c.
References SSL_ALERT_LEVEL_FATAL, SSL_ALERT_MSG_HANDSHAKE_FAILURE, and ssl_send_alert_message().
Referenced by ssl_parse_client_hello(), ssl_parse_client_hello_v2(), ssl_parse_renegotiation_info(), ssl_parse_server_hello(), and ssl_read().
static int ssl_session_copy | ( | ssl_session * | dst, | |
const ssl_session * | src | |||
) | [static] |
Definition at line 74 of file ssl_tls.c.
References _asn1_buf::len, _asn1_buf::p, _ssl_session::peer_cert, POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_free, polarssl_malloc, _x509_crt::raw, ssl_session_free(), _ssl_session::ticket, _ssl_session::ticket_len, x509_crt_init(), and x509_crt_parse().
Referenced by ssl_get_session(), and ssl_set_session().
void ssl_session_free | ( | ssl_session * | session | ) |
Free referenced items in an SSL session including the peer certificate and clear memory.
session | SSL session |
Definition at line 4389 of file ssl_tls.c.
References _ssl_session::peer_cert, polarssl_free, _ssl_session::ticket, and x509_crt_free().
Referenced by ssl_cache_free(), ssl_free(), ssl_handshake_init(), ssl_handshake_wrapup(), ssl_parse_ticket(), ssl_session_copy(), and ssl_session_reset().
int ssl_session_reset | ( | ssl_context * | ssl | ) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
ssl | SSL context |
Definition at line 3364 of file ssl_tls.c.
References _ssl_context::in_ctr, _ssl_context::in_hslen, _ssl_context::in_left, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, _ssl_context::in_offt, _ssl_context::nb_zero, _ssl_context::out_ctr, _ssl_context::out_left, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, _ssl_context::own_verify_data, _ssl_context::peer_verify_data, POLARSSL_ERR_SSL_HW_ACCEL_FAILED, polarssl_free, _ssl_context::record_read, _ssl_context::renegotiation, _ssl_context::secure_renegotiation, _ssl_context::session, SSL_BUFFER_LEN, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_handshake_init(), SSL_HELLO_REQUEST, SSL_INITIAL_HANDSHAKE, SSL_LEGACY_RENEGOTIATION, ssl_session_free(), ssl_transform_free(), _ssl_context::state, _ssl_context::transform, _ssl_context::transform_in, _ssl_context::transform_out, and _ssl_context::verify_data_len.
void ssl_set_authmode | ( | ssl_context * | ssl, | |
int | authmode | |||
) |
Set the certificate verification mode.
ssl | SSL context | |
authmode | can be: |
SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.
SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.
SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, handshake is aborted if verification failed.
Definition at line 3479 of file ssl_tls.c.
References _ssl_context::authmode.
void ssl_set_bio | ( | ssl_context * | ssl, | |
int(*)(void *, unsigned char *, size_t) | f_recv, | |||
void * | p_recv, | |||
int(*)(void *, const unsigned char *, size_t) | f_send, | |||
void * | p_send | |||
) |
Set the underlying BIO read and write callbacks.
ssl | SSL context | |
f_recv | read callback | |
p_recv | read parameter | |
f_send | write callback | |
p_send | write parameter |
Definition at line 3510 of file ssl_tls.c.
References _ssl_context::f_recv, _ssl_context::f_send, _ssl_context::p_recv, and _ssl_context::p_send.
void ssl_set_ca_chain | ( | ssl_context * | ssl, | |
x509_crt * | ca_chain, | |||
x509_crl * | ca_crl, | |||
const char * | peer_cn | |||
) |
Set the data required to verify peer certificate.
ssl | SSL context | |
ca_chain | trusted CA chain (meaning all fully trusted top-level CAs) | |
ca_crl | trusted CA CRLs | |
peer_cn | expected peer CommonName (or NULL) |
Definition at line 3599 of file ssl_tls.c.
References _ssl_context::ca_chain, _ssl_context::ca_crl, and _ssl_context::peer_cn.
void ssl_set_ciphersuites | ( | ssl_context * | ssl, | |
const int * | ciphersuites | |||
) |
Set the list of allowed ciphersuites (Overrides all version specific lists).
ssl | SSL context | |
ciphersuites | 0-terminated list of allowed ciphersuites |
Definition at line 3550 of file ssl_tls.c.
References _ssl_context::ciphersuite_list, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MINOR_VERSION_2, and SSL_MINOR_VERSION_3.
Referenced by ssl_init().
void ssl_set_ciphersuites_for_version | ( | ssl_context * | ssl, | |
const int * | ciphersuites, | |||
int | major, | |||
int | minor | |||
) |
Set the list of allowed ciphersuites for a specific version of the protocol.
(Only useful on the server side)
ssl | SSL context | |
ciphersuites | 0-terminated list of allowed ciphersuites | |
major | Major version number (only SSL_MAJOR_VERSION_3 supported) | |
minor | Minor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, SSL_MINOR_VERSION_3 supported) |
Definition at line 3558 of file ssl_tls.c.
References _ssl_context::ciphersuite_list, SSL_MAJOR_VERSION_3, and SSL_MINOR_VERSION_3.
void ssl_set_dbg | ( | ssl_context * | ssl, | |
void(*)(void *, int, const char *) | f_dbg, | |||
void * | p_dbg | |||
) |
Set the debug callback.
ssl | SSL context | |
f_dbg | debug function | |
p_dbg | debug parameter |
Definition at line 3502 of file ssl_tls.c.
References _ssl_context::f_dbg, and _ssl_context::p_dbg.
Referenced by test_suite_debug_print_crt(), and test_suite_debug_print_mpi().
int ssl_set_dh_param | ( | ssl_context * | ssl, | |
const char * | dhm_P, | |||
const char * | dhm_G | |||
) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]).
ssl | SSL context | |
dhm_P | Diffie-Hellman-Merkle modulus | |
dhm_G | Diffie-Hellman-Merkle generator |
Definition at line 3719 of file ssl_tls.c.
References _ssl_context::dhm_G, _ssl_context::dhm_P, mpi_read_string(), and SSL_DEBUG_RET.
int ssl_set_dh_param_ctx | ( | ssl_context * | ssl, | |
dhm_context * | dhm_ctx | |||
) |
Set the Diffie-Hellman public P and G values, read from existing context (server-side only).
ssl | SSL context | |
dhm_ctx | Diffie-Hellman-Merkle context |
Definition at line 3738 of file ssl_tls.c.
References _ssl_context::dhm_G, _ssl_context::dhm_P, dhm_context::G, mpi_copy(), dhm_context::P, and SSL_DEBUG_RET.
void ssl_set_endpoint | ( | ssl_context * | ssl, | |
int | endpoint | |||
) |
Set the current endpoint type.
ssl | SSL context | |
endpoint | must be SSL_IS_CLIENT or SSL_IS_SERVER |
Definition at line 3469 of file ssl_tls.c.
References _ssl_context::endpoint, _ssl_context::session_tickets, SSL_IS_CLIENT, and SSL_SESSION_TICKETS_ENABLED.
int ssl_set_hostname | ( | ssl_context * | ssl, | |
const char * | hostname | |||
) |
Set hostname for ServerName TLS extension (client-side only).
ssl | SSL context | |
hostname | the server hostname |
Definition at line 3759 of file ssl_tls.c.
References _ssl_context::hostname, _ssl_context::hostname_len, POLARSSL_ERR_SSL_BAD_INPUT_DATA, POLARSSL_ERR_SSL_MALLOC_FAILED, and polarssl_malloc.
int ssl_set_max_frag_len | ( | ssl_context * | ssl, | |
unsigned char | mfl_code | |||
) |
Set the maximum fragment length to emit and/or negotiate (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake (Client: set maximum fragment length to emit *and* negotiate with the server during handshake).
ssl | SSL context | |
mfl_code | Code for maximum fragment length (allowed values: SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024, SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096) |
Definition at line 3813 of file ssl_tls.c.
References _ssl_context::mfl_code, mfl_code_to_length, POLARSSL_ERR_SSL_BAD_INPUT_DATA, and SSL_MAX_CONTENT_LEN.
void ssl_set_max_version | ( | ssl_context * | ssl, | |
int | major, | |||
int | minor | |||
) |
Set the maximum supported version sent from the client side and/or accepted at the server side (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION).
Note: This ignores ciphersuites from 'higher' versions. Note: Input outside of the SSL_MAX_XXXXX_VERSION and SSL_MIN_XXXXX_VERSION range is ignored.
ssl | SSL context | |
major | Major version number (only SSL_MAJOR_VERSION_3 supported) | |
minor | Minor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, SSL_MINOR_VERSION_3 supported) |
Definition at line 3792 of file ssl_tls.c.
References _ssl_context::max_major_ver, _ssl_context::max_minor_ver, SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION, SSL_MIN_MAJOR_VERSION, and SSL_MIN_MINOR_VERSION.
void ssl_set_min_version | ( | ssl_context * | ssl, | |
int | major, | |||
int | minor | |||
) |
Set the minimum accepted SSL/TLS protocol version (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION).
Note: Input outside of the SSL_MAX_XXXXX_VERSION and SSL_MIN_XXXXX_VERSION range is ignored.
ssl | SSL context | |
major | Major version number (only SSL_MAJOR_VERSION_3 supported) | |
minor | Minor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, SSL_MINOR_VERSION_3 supported) |
Definition at line 3802 of file ssl_tls.c.
References _ssl_context::min_major_ver, _ssl_context::min_minor_ver, SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION, SSL_MIN_MAJOR_VERSION, and SSL_MIN_MINOR_VERSION.
int ssl_set_own_cert | ( | ssl_context * | ssl, | |
x509_crt * | own_cert, | |||
pk_context * | pk_key | |||
) |
Set own certificate chain and private key.
ssl | SSL context | |
own_cert | own public certificate chain | |
pk_key | own private key |
Definition at line 3607 of file ssl_tls.c.
References _ssl_key_cert::cert, _ssl_key_cert::key, POLARSSL_ERR_SSL_MALLOC_FAILED, and ssl_add_key_cert().
int ssl_set_own_cert_alt | ( | ssl_context * | ssl, | |
x509_crt * | own_cert, | |||
void * | rsa_key, | |||
rsa_decrypt_func | rsa_decrypt, | |||
rsa_sign_func | rsa_sign, | |||
rsa_key_len_func | rsa_key_len | |||
) |
Set own certificate and alternate non-PolarSSL RSA private key and handling callbacks, such as the PKCS#11 wrappers or any other external private key handler.
(see the respective RSA functions in rsa.h for documentation of the callback parameters, with the only change being that the rsa_context * is a void * in the callbacks)
Note: own_cert should contain IN order from the bottom up your certificate chain. The top certificate (self-signed) can be omitted.
ssl | SSL context | |
own_cert | own public certificate chain | |
rsa_key | alternate implementation private RSA key | |
rsa_decrypt | alternate implementation of rsa_pkcs1_decrypt() | |
rsa_sign | alternate implementation of rsa_pkcs1_sign() | |
rsa_key_len | function returning length of RSA key in bytes |
Definition at line 3651 of file ssl_tls.c.
References _ssl_key_cert::cert, _ssl_key_cert::key, _ssl_key_cert::key_own_alloc, pk_init(), pk_init_ctx_rsa_alt(), POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_malloc, and ssl_add_key_cert().
int ssl_set_own_cert_rsa | ( | ssl_context * | ssl, | |
x509_crt * | own_cert, | |||
rsa_context * | rsa_key | |||
) |
Set own certificate chain and private RSA key.
Note: own_cert should contain IN order from the bottom up your certificate chain. The top certificate (self-signed) can be omitted.
ssl | SSL context | |
own_cert | own public certificate chain | |
rsa_key | own private RSA key |
Definition at line 3622 of file ssl_tls.c.
References _ssl_key_cert::cert, _ssl_key_cert::key, _ssl_key_cert::key_own_alloc, pk_info_from_type(), pk_init(), pk_init_ctx(), pk_rsa, POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_malloc, POLARSSL_PK_RSA, rsa_copy(), and ssl_add_key_cert().
int ssl_set_psk | ( | ssl_context * | ssl, | |
const unsigned char * | psk, | |||
size_t | psk_len, | |||
const unsigned char * | psk_identity, | |||
size_t | psk_identity_len | |||
) |
Set the Pre Shared Key (PSK) and the identity name connected to it.
ssl | SSL context | |
psk | pointer to the pre-shared key | |
psk_len | pre-shared key length | |
psk_identity | pointer to the pre-shared key identity | |
psk_identity_len | identity key length |
Definition at line 3681 of file ssl_tls.c.
References POLARSSL_ERR_SSL_BAD_INPUT_DATA, POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_free, polarssl_malloc, _ssl_context::psk, _ssl_context::psk_identity, _ssl_context::psk_identity_len, and _ssl_context::psk_len.
void ssl_set_psk_cb | ( | ssl_context * | ssl, | |
int(*)(void *, ssl_context *, const unsigned char *, size_t) | f_psk, | |||
void * | p_psk | |||
) |
Set the PSK callback (server-side only) (Optional).
If set, the PSK callback is called for each handshake where a PSK ciphersuite was negotiated. The callback provides the identity received and wants to receive the actual PSK data and length.
The callback has the following parameters: (void *parameter, ssl_context *ssl, const unsigned char *psk_identity, size_t identity_len) If a valid PSK identity is found, the callback should use ssl_set_psk() on the ssl context to set the correct PSK and identity and return 0. Any other return value will result in a denied PSK identity.
ssl | SSL context | |
f_psk | PSK identity function | |
p_psk | PSK identity parameter |
Definition at line 3708 of file ssl_tls.c.
References _ssl_context::f_psk, and _ssl_context::p_psk.
void ssl_set_renegotiation | ( | ssl_context * | ssl, | |
int | renegotiation | |||
) |
Enable / Disable renegotiation support for connection when initiated by peer (Default: SSL_RENEGOTIATION_DISABLED).
Note: A server with support enabled is more vulnerable for a resource DoS by a malicious client. You should enable this on a client to enable server-initiated renegotiation.
ssl | SSL context | |
renegotiation | Enable or disable (SSL_RENEGOTIATION_ENABLED or SSL_RENEGOTIATION_DISABLED) |
Definition at line 3839 of file ssl_tls.c.
References _ssl_context::disable_renegotiation.
void ssl_set_rng | ( | ssl_context * | ssl, | |
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng | |||
) |
Set the random number generator callback.
ssl | SSL context | |
f_rng | RNG function | |
p_rng | RNG parameter |
Definition at line 3494 of file ssl_tls.c.
References _ssl_context::f_rng, and _ssl_context::p_rng.
int ssl_set_session | ( | ssl_context * | ssl, | |
const ssl_session * | session | |||
) |
Request resumption of session (client-side only) Session data is copied from presented session structure.
ssl | SSL context | |
session | session context |
Definition at line 3530 of file ssl_tls.c.
References _ssl_context::endpoint, _ssl_context::handshake, POLARSSL_ERR_SSL_BAD_INPUT_DATA, _ssl_handshake_params::resume, _ssl_context::session_negotiate, SSL_IS_CLIENT, and ssl_session_copy().
void ssl_set_session_cache | ( | ssl_context * | ssl, | |
int(*)(void *, ssl_session *) | f_get_cache, | |||
void * | p_get_cache, | |||
int(*)(void *, const ssl_session *) | f_set_cache, | |||
void * | p_set_cache | |||
) |
Set the session cache callbacks (server-side only) If not set, no session resuming is done.
The session cache has the responsibility to check for stale entries based on timeout. See RFC 5246 for recommendations.
Warning: session.peer_cert is cleared by the SSL/TLS layer on connection shutdown, so do not cache the pointer! Either set it to NULL or make a full copy of the certificate.
The get callback is called once during the initial handshake to enable session resuming. The get function has the following parameters: (void *parameter, ssl_session *session) If a valid entry is found, it should fill the master of the session object with the cached values and return 0, return 1 otherwise. Optionally peer_cert can be set as well if it is properly present in cache entry.
The set callback is called once during the initial handshake to enable session resuming after the entire handshake has been finished. The set function has the following parameters: (void *parameter, const ssl_session *session). The function should create a cache entry for future retrieval based on the data in the session structure and should keep in mind that the ssl_session object presented (and all its referenced data) is cleared by the SSL/TLS layer when the connection is terminated. It is recommended to add metadata to determine if an entry is still valid in the future. Return 0 if successfully cached, return 1 otherwise.
ssl | SSL context | |
f_get_cache | session get callback | |
p_get_cache | session get parameter | |
f_set_cache | session set callback | |
p_set_cache | session set parameter |
Definition at line 3520 of file ssl_tls.c.
References _ssl_context::f_get_cache, _ssl_context::f_set_cache, _ssl_context::p_get_cache, and _ssl_context::p_set_cache.
void ssl_set_session_ticket_lifetime | ( | ssl_context * | ssl, | |
int | lifetime | |||
) |
Set session ticket lifetime (server only) (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day)).
ssl | SSL context | |
lifetime | session ticket lifetime |
Definition at line 3863 of file ssl_tls.c.
References _ssl_context::ticket_lifetime.
int ssl_set_session_tickets | ( | ssl_context * | ssl, | |
int | use_tickets | |||
) |
Enable / Disable session tickets (Default: SSL_SESSION_TICKETS_ENABLED on client, SSL_SESSION_TICKETS_DISABLED on server).
ssl | SSL context | |
use_tickets | Enable or disable (SSL_SESSION_TICKETS_ENABLED or SSL_SESSION_TICKETS_DISABLED) |
Definition at line 3850 of file ssl_tls.c.
References _ssl_context::endpoint, _ssl_context::f_rng, POLARSSL_ERR_SSL_BAD_INPUT_DATA, _ssl_context::session_tickets, SSL_IS_CLIENT, and ssl_ticket_keys_init().
void ssl_set_sni | ( | ssl_context * | ssl, | |
int(*)(void *, ssl_context *, const unsigned char *, size_t) | f_sni, | |||
void * | p_sni | |||
) |
Set server side ServerName TLS extension callback (optional, server-side only).
If set, the ServerName callback is called whenever the server receives a ServerName TLS extension from the client during a handshake. The ServerName callback has the following parameters: (void *parameter, ssl_context *ssl, const unsigned char *hostname, size_t len). If a suitable certificate is found, the callback should set the certificate and key to use with ssl_set_own_cert() (and possibly adjust the CA chain as well) and return 0. The callback should return -1 to abort the handshake at this point.
ssl | SSL context | |
f_sni | verification function | |
p_sni | verification parameter |
Definition at line 3782 of file ssl_tls.c.
References _ssl_context::f_sni, and _ssl_context::p_sni.
int ssl_set_truncated_hmac | ( | ssl_context * | ssl, | |
int | truncate | |||
) |
Activate negotiation of truncated HMAC (Client only) (Default: SSL_TRUNC_HMAC_ENABLED).
ssl | SSL context | |
truncate | Enable or disable (SSL_TRUNC_HMAC_ENABLED or SSL_TRUNC_HMAC_DISABLED) |
Definition at line 3828 of file ssl_tls.c.
References _ssl_context::endpoint, POLARSSL_ERR_SSL_BAD_INPUT_DATA, SSL_IS_CLIENT, and _ssl_context::trunc_hmac.
void ssl_set_verify | ( | ssl_context * | ssl, | |
int(*)(void *, x509_crt *, int, int *) | f_vrfy, | |||
void * | p_vrfy | |||
) |
Set the verification callback (Optional).
If set, the verify callback is called for each certificate in the chain. For implementation information, please see x509parse_verify()
ssl | SSL context | |
f_vrfy | verification function | |
p_vrfy | verification parameter |
Definition at line 3485 of file ssl_tls.c.
References _ssl_context::f_vrfy, and _ssl_context::p_vrfy.
unsigned char ssl_sig_from_pk | ( | pk_context * | pk | ) |
Definition at line 4508 of file ssl_tls.c.
References pk_can_do(), POLARSSL_PK_ECDSA, POLARSSL_PK_RSA, SSL_SIG_ANON, SSL_SIG_ECDSA, and SSL_SIG_RSA.
Referenced by ssl_write_certificate_verify(), and ssl_write_server_key_exchange().
static int ssl_start_renegotiation | ( | ssl_context * | ssl | ) | [static] |
Definition at line 4014 of file ssl_tls.c.
References _ssl_context::renegotiation, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_handshake(), ssl_handshake_init(), SSL_HELLO_REQUEST, SSL_RENEGOTIATION, and _ssl_context::state.
Referenced by ssl_read(), and ssl_renegotiate().
static int ssl_ticket_keys_init | ( | ssl_context * | ssl | ) | [static] |
Definition at line 3434 of file ssl_tls.c.
References aes_setkey_dec(), aes_setkey_enc(), _ssl_ticket_keys::dec, _ssl_ticket_keys::enc, _ssl_context::f_rng, _ssl_ticket_keys::key_name, _ssl_ticket_keys::mac_key, _ssl_context::p_rng, POLARSSL_ERR_SSL_MALLOC_FAILED, polarssl_malloc, and _ssl_context::ticket_keys.
Referenced by ssl_set_session_tickets().
void ssl_transform_free | ( | ssl_transform * | transform | ) |
Free referenced items in an SSL transform context and clear memory.
transform | SSL transform context |
Definition at line 4316 of file ssl_tls.c.
References _ssl_transform::cipher_ctx_dec, _ssl_transform::cipher_ctx_enc, cipher_free_ctx(), _ssl_transform::md_ctx_dec, _ssl_transform::md_ctx_enc, and md_free_ctx().
Referenced by ssl_free(), ssl_handshake_init(), ssl_handshake_wrapup(), and ssl_session_reset().
static void ssl_update_checksum_md5sha1 | ( | ssl_context * | ssl, | |
const unsigned char * | buf, | |||
size_t | len | |||
) | [static] |
Definition at line 2753 of file ssl_tls.c.
References _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_context::handshake, md5_update(), and sha1_update().
Referenced by ssl_optimize_checksum().
static void ssl_update_checksum_sha256 | ( | ssl_context * | ssl, | |
const unsigned char * | buf, | |||
size_t | len | |||
) | [static] |
Definition at line 2763 of file ssl_tls.c.
References _ssl_handshake_params::fin_sha256, _ssl_context::handshake, and sha256_update().
Referenced by ssl_optimize_checksum().
static void ssl_update_checksum_sha384 | ( | ssl_context * | ssl, | |
const unsigned char * | buf, | |||
size_t | len | |||
) | [static] |
Definition at line 2771 of file ssl_tls.c.
References _ssl_handshake_params::fin_sha512, _ssl_context::handshake, and sha512_update().
Referenced by ssl_optimize_checksum().
static void ssl_update_checksum_start | ( | ssl_context * | ssl, | |
const unsigned char * | buf, | |||
size_t | len | |||
) | [static] |
Definition at line 2733 of file ssl_tls.c.
References _ssl_handshake_params::fin_md5, _ssl_handshake_params::fin_sha1, _ssl_handshake_params::fin_sha256, _ssl_handshake_params::fin_sha512, _ssl_context::handshake, md5_update(), sha1_update(), sha256_update(), and sha512_update().
Referenced by ssl_handshake_init().
int ssl_write | ( | ssl_context * | ssl, | |
const unsigned char * | buf, | |||
size_t | len | |||
) |
Write exactly 'len' application data bytes.
ssl | SSL context | |
buf | buffer holding the data | |
len | how many bytes must be written |
Definition at line 4225 of file ssl_tls.c.
References _ssl_session::mfl_code, _ssl_context::mfl_code, mfl_code_to_length, _ssl_context::out_left, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, _ssl_context::session_out, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_flush_output(), ssl_handshake(), SSL_HANDSHAKE_OVER, SSL_MAX_CONTENT_LEN, SSL_MSG_APPLICATION_DATA, ssl_write_record(), and _ssl_context::state.
int ssl_write_certificate | ( | ssl_context * | ssl | ) |
Definition at line 2361 of file ssl_tls.c.
References _ssl_transform::ciphersuite_info, _ssl_context::client_auth, _ssl_context::endpoint, _ssl_ciphersuite_t::key_exchange, _asn1_buf::len, _ssl_context::minor_ver, _x509_crt::next, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, _asn1_buf::p, POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED, POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE, POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_KEY_EXCHANGE_ECDHE_PSK, POLARSSL_KEY_EXCHANGE_PSK, _x509_crt::raw, SSL_ALERT_LEVEL_WARNING, SSL_ALERT_MSG_NO_CERT, SSL_DEBUG_CRT, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_HS_CERTIFICATE, SSL_IS_CLIENT, SSL_MAX_CONTENT_LEN, SSL_MINOR_VERSION_0, SSL_MSG_ALERT, SSL_MSG_HANDSHAKE, ssl_own_cert(), ssl_write_record(), _ssl_context::state, and _ssl_context::transform_negotiate.
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
int ssl_write_change_cipher_spec | ( | ssl_context * | ssl | ) |
Definition at line 2652 of file ssl_tls.c.
References _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_MSG_CHANGE_CIPHER_SPEC, ssl_write_record(), and _ssl_context::state.
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
int ssl_write_finished | ( | ssl_context * | ssl | ) |
Definition at line 3064 of file ssl_tls.c.
References _ssl_handshake_params::calc_finished, _ssl_context::endpoint, _ssl_transform::fixed_ivlen, _ssl_context::handshake, _ssl_transform::ivlen, _ssl_context::minor_ver, _ssl_context::out_ctr, _ssl_context::out_iv, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, _ssl_context::own_verify_data, POLARSSL_ERR_SSL_HW_ACCEL_FAILED, _ssl_handshake_params::resume, _ssl_context::session_negotiate, _ssl_context::session_out, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_HANDSHAKE_WRAPUP, SSL_HS_FINISHED, SSL_IS_CLIENT, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_2, SSL_MSG_HANDSHAKE, ssl_write_record(), _ssl_context::state, _ssl_context::transform_negotiate, _ssl_context::transform_out, and _ssl_context::verify_data_len.
Referenced by ssl_handshake_client_step(), and ssl_handshake_server_step().
static int ssl_write_hello_request | ( | ssl_context * | ssl | ) | [static] |
Definition at line 3981 of file ssl_tls.c.
References _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, _ssl_context::renegotiation, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_HS_HELLO_REQUEST, SSL_MSG_HANDSHAKE, SSL_RENEGOTIATION_PENDING, and ssl_write_record().
Referenced by ssl_renegotiate().
int ssl_write_record | ( | ssl_context * | ssl | ) |
Definition at line 1920 of file ssl_tls.c.
References _ssl_session::compression, _ssl_context::handshake, _ssl_context::major_ver, _ssl_context::minor_ver, _ssl_context::out_hdr, _ssl_context::out_left, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, POLARSSL_ERR_SSL_HW_ACCEL_FAILED, POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH, _ssl_context::session_out, SSL_COMPRESS_DEFLATE, SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_encrypt_buf(), ssl_flush_output(), SSL_HS_HELLO_REQUEST, SSL_MSG_HANDSHAKE, _ssl_context::transform_out, and _ssl_handshake_params::update_checksum.
Referenced by ssl_send_alert_message(), ssl_write(), ssl_write_certificate(), ssl_write_certificate_request(), ssl_write_certificate_verify(), ssl_write_change_cipher_spec(), ssl_write_client_hello(), ssl_write_client_key_exchange(), ssl_write_finished(), ssl_write_hello_request(), ssl_write_new_session_ticket(), ssl_write_server_hello(), ssl_write_server_hello_done(), and ssl_write_server_key_exchange().
static int tls1_prf | ( | const unsigned char * | secret, | |
size_t | slen, | |||
const char * | label, | |||
const unsigned char * | random, | |||
size_t | rlen, | |||
unsigned char * | dstbuf, | |||
size_t | dlen | |||
) | [static] |
Definition at line 180 of file ssl_tls.c.
References md5_hmac(), POLARSSL_ERR_SSL_BAD_INPUT_DATA, S1, S2, and sha1_hmac().
Referenced by ssl_derive_keys().
static int tls_prf_sha256 | ( | const unsigned char * | secret, | |
size_t | slen, | |||
const char * | label, | |||
const unsigned char * | random, | |||
size_t | rlen, | |||
unsigned char * | dstbuf, | |||
size_t | dlen | |||
) | [static] |
Definition at line 244 of file ssl_tls.c.
References POLARSSL_ERR_SSL_BAD_INPUT_DATA, and sha256_hmac().
Referenced by ssl_derive_keys().
static int tls_prf_sha384 | ( | const unsigned char * | secret, | |
size_t | slen, | |||
const char * | label, | |||
const unsigned char * | random, | |||
size_t | rlen, | |||
unsigned char * | dstbuf, | |||
size_t | dlen | |||
) | [static] |
Definition at line 286 of file ssl_tls.c.
References POLARSSL_ERR_SSL_BAD_INPUT_DATA, and sha512_hmac().
Referenced by ssl_derive_keys().
unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] [static] |
{ SSL_MAX_CONTENT_LEN, 512, 1024, 2048, 4096, }
Definition at line 64 of file ssl_tls.c.
Referenced by ssl_set_max_frag_len(), and ssl_write().