Mbed OS Reference
Loading...
Searching...
No Matches
ssl.h File Reference

SSL/TLS functions. More...

#include "mbedtls/config.h"
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#include "mbedtls/ssl_ciphersuites.h"

Go to the source code of this file.

Data Structures

union  mbedtls_ssl_premaster_secret
 
struct  mbedtls_ssl_session
 
struct  mbedtls_ssl_config
 SSL/TLS configuration to be shared between mbedtls_ssl_context structures. More...
 
struct  mbedtls_ssl_context
 

Macros

#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE   -0x7080
 The requested feature is not available. More...
 
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA   -0x7100
 Bad input parameters to function. More...
 
#define MBEDTLS_ERR_SSL_INVALID_MAC   -0x7180
 Verification of the message MAC failed. More...
 
#define MBEDTLS_ERR_SSL_INVALID_RECORD   -0x7200
 An invalid SSL record was received. More...
 
#define MBEDTLS_ERR_SSL_CONN_EOF   -0x7280
 The connection indicated an EOF. More...
 
#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER   -0x7300
 An unknown cipher was received. More...
 
#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN   -0x7380
 The server has no ciphersuites in common with the client. More...
 
#define MBEDTLS_ERR_SSL_NO_RNG   -0x7400
 No RNG was provided to the SSL module. More...
 
#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE   -0x7480
 No client certification received from the client, but required by the authentication mode. More...
 
#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE   -0x7500
 Our own certificate(s) is/are too large to send in an SSL message. More...
 
#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED   -0x7580
 The own certificate is not set, but needed by the server. More...
 
#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED   -0x7600
 The own private key or pre-shared key is not set, but needed. More...
 
#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED   -0x7680
 No CA Chain is set, but required to operate. More...
 
#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE   -0x7700
 An unexpected message was received from our peer. More...
 
#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE   -0x7780
 A fatal alert message was received from our peer. More...
 
#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED   -0x7800
 Verification of our peer failed. More...
 
#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY   -0x7880
 The peer notified us that the connection is going to be closed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO   -0x7900
 Processing of the ClientHello handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO   -0x7980
 Processing of the ServerHello handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE   -0x7A00
 Processing of the Certificate handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST   -0x7A80
 Processing of the CertificateRequest handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE   -0x7B00
 Processing of the ServerKeyExchange handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE   -0x7B80
 Processing of the ServerHelloDone handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE   -0x7C00
 Processing of the ClientKeyExchange handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP   -0x7C80
 Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS   -0x7D00
 Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY   -0x7D80
 Processing of the CertificateVerify handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC   -0x7E00
 Processing of the ChangeCipherSpec handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED   -0x7E80
 Processing of the Finished handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_ALLOC_FAILED   -0x7F00
 Memory allocation failed. More...
 
#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED   -0x7F80
 Hardware acceleration function returned with error. More...
 
#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH   -0x6F80
 Hardware acceleration function skipped / left alone data. More...
 
#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED   -0x6F00
 Processing of the compression / decompression failed. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION   -0x6E80
 Handshake protocol not within min/max boundaries. More...
 
#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET   -0x6E00
 Processing of the NewSessionTicket handshake message failed. More...
 
#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED   -0x6D80
 Session ticket has expired. More...
 
#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH   -0x6D00
 Public key type mismatch (eg, asked for RSA key exchange and presented EC key) More...
 
#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY   -0x6C80
 Unknown identity received (eg, PSK identity) More...
 
#define MBEDTLS_ERR_SSL_INTERNAL_ERROR   -0x6C00
 Internal error (eg, unexpected failure in lower-level module) More...
 
#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING   -0x6B80
 A counter would wrap (eg, too many messages exchanged). More...
 
#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO   -0x6B00
 Unexpected message at ServerHello in renegotiation. More...
 
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED   -0x6A80
 DTLS client must retry for hello verification. More...
 
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL   -0x6A00
 A buffer is too small to receive or write a message. More...
 
#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE   -0x6980
 None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). More...
 
#define MBEDTLS_ERR_SSL_WANT_READ   -0x6900
 No data of requested type currently available on underlying transport. More...
 
#define MBEDTLS_ERR_SSL_WANT_WRITE   -0x6880
 Connection requires a write call. More...
 
#define MBEDTLS_ERR_SSL_TIMEOUT   -0x6800
 The operation timed out. More...
 
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT   -0x6780
 The client initiated a reconnect from the same port. More...
 
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD   -0x6700
 Record header looks valid but is not expected. More...
 
#define MBEDTLS_ERR_SSL_NON_FATAL   -0x6680
 The alert message received indicates a non-fatal error. More...
 
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH   -0x6600
 Couldn't set the hash for verifying CertificateVerify. More...
 
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING   -0x6580
 Internal-only message signaling that further message-processing should be done. More...
 
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS   -0x6500
 The asynchronous operation is not completed yet. More...
 
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE   -0x6480
 Internal-only message signaling that a message arrived early. More...
 
#define MBEDTLS_ERR_SSL_UNEXPECTED_CID   -0x6000
 An encrypted DTLS-frame with an unexpected CID was received. More...
 
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH   -0x5F00
 An operation failed due to an unexpected version or configuration. More...
 
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS   -0x7000
 A cryptographic operation is in progress. More...
 
#define MBEDTLS_ERR_SSL_BAD_CONFIG   -0x5E80
 Invalid value in SSL config. More...
 
#define MBEDTLS_SSL_MINOR_VERSION_0   0
 
#define MBEDTLS_SSL_MINOR_VERSION_1   1
 
#define MBEDTLS_SSL_MINOR_VERSION_2   2
 
#define MBEDTLS_SSL_MINOR_VERSION_3   3
 
#define MBEDTLS_SSL_MINOR_VERSION_4   4
 
#define MBEDTLS_SSL_TRANSPORT_STREAM   0
 
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM   1
 
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN   255
 
#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN   255
 
#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN   65535
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE   0
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_512   1
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_1024   2
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_2048   3
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_4096   4
 
#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID   5
 
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO   0xFF
 renegotiation info ext More...
 
#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE   0x5600
 RFC 7507 section 2. More...
 
SECTION: Module settings

The configuration options you can set for this module are in this section.

Either change them in config.h or define them on the compiler command line.

#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME   86400
 Lifetime of session tickets (if enabled) More...
 
#define MBEDTLS_SSL_MAX_CONTENT_LEN   16384
 Size of the input / output buffer. More...
 
#define MBEDTLS_SSL_IN_CONTENT_LEN   MBEDTLS_SSL_MAX_CONTENT_LEN
 
#define MBEDTLS_SSL_OUT_CONTENT_LEN   MBEDTLS_SSL_MAX_CONTENT_LEN
 
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING   32768
 
#define MBEDTLS_SSL_CID_IN_LEN_MAX   32
 
#define MBEDTLS_SSL_CID_OUT_LEN_MAX   32
 
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY   16
 
#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY   1
 

Typedefs

typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len)
 Callback type: send data on the network. More...
 
typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len)
 Callback type: receive data from the network. More...
 
typedef int mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)
 Callback type: receive data from the network, with timeout. More...
 
typedef void mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms)
 Callback type: set a pair of timers/delays to watch. More...
 
typedef int mbedtls_ssl_get_timer_t(void *ctx)
 Callback type: get status of timers/delays. More...
 
typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
 Callback type: generate and write session ticket. More...
 
typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
 Callback type: parse and load session ticket. More...
 
typedef int mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen)
 Callback type: generate a cookie. More...
 
typedef int mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen)
 Callback type: verify a cookie. More...
 

Functions

const char * mbedtls_ssl_get_ciphersuite_name (const int ciphersuite_id)
 Return the name of the ciphersuite associated with the given ID. More...
 
int mbedtls_ssl_get_ciphersuite_id (const char *ciphersuite_name)
 Return the ID of the ciphersuite associated with the given name. More...
 
void mbedtls_ssl_init (mbedtls_ssl_context *ssl)
 Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free() More...
 
int mbedtls_ssl_setup (mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf)
 Set up an SSL context for use. More...
 
int mbedtls_ssl_session_reset (mbedtls_ssl_context *ssl)
 Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. More...
 
void mbedtls_ssl_conf_endpoint (mbedtls_ssl_config *conf, int endpoint)
 Set the current endpoint type. More...
 
void mbedtls_ssl_conf_transport (mbedtls_ssl_config *conf, int transport)
 Set the transport type (TLS or DTLS). More...
 
void mbedtls_ssl_conf_authmode (mbedtls_ssl_config *conf, int authmode)
 Set the certificate verification mode Default: NONE on server, REQUIRED on client. More...
 
void mbedtls_ssl_conf_rng (mbedtls_ssl_config *conf, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Set the random number generator callback. More...
 
void mbedtls_ssl_conf_dbg (mbedtls_ssl_config *conf, void(*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg)
 Set the debug callback. More...
 
void mbedtls_ssl_set_bio (mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout)
 Set the underlying BIO callbacks for write, read and read-with-timeout. More...
 
void mbedtls_ssl_conf_read_timeout (mbedtls_ssl_config *conf, uint32_t timeout)
 Set the timeout period for mbedtls_ssl_read() (Default: no timeout.) More...
 
void mbedtls_ssl_set_timer_cb (mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer)
 Set the timer callbacks (Mandatory for DTLS.) More...
 
int mbedtls_ssl_session_load (mbedtls_ssl_session *session, const unsigned char *buf, size_t len)
 Load serialized session data into a session structure. More...
 
int mbedtls_ssl_session_save (const mbedtls_ssl_session *session, unsigned char *buf, size_t buf_len, size_t *olen)
 Save session structure as serialized data in a buffer. More...
 
const mbedtls_ssl_sessionmbedtls_ssl_get_session_pointer (const mbedtls_ssl_context *ssl)
 Get a pointer to the current session structure, for example to serialize it. More...
 
void mbedtls_ssl_conf_ciphersuites (mbedtls_ssl_config *conf, const int *ciphersuites)
 Set the list of allowed ciphersuites and the preference order. More...
 
void mbedtls_ssl_conf_ciphersuites_for_version (mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor)
 Set the list of allowed ciphersuites and the preference order for a specific version of the protocol. More...
 
void mbedtls_ssl_conf_max_version (mbedtls_ssl_config *conf, int major, int minor)
 Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) More...
 
void mbedtls_ssl_conf_min_version (mbedtls_ssl_config *conf, int major, int minor)
 Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0) More...
 
void mbedtls_ssl_conf_legacy_renegotiation (mbedtls_ssl_config *conf, int allow_legacy)
 Prevent or allow legacy renegotiation. More...
 
int mbedtls_ssl_check_pending (const mbedtls_ssl_context *ssl)
 Check if there is data already read from the underlying transport but not yet processed. More...
 
size_t mbedtls_ssl_get_bytes_avail (const mbedtls_ssl_context *ssl)
 Return the number of application data bytes remaining to be read from the current record. More...
 
uint32_t mbedtls_ssl_get_verify_result (const mbedtls_ssl_context *ssl)
 Return the result of the certificate verification. More...
 
const char * mbedtls_ssl_get_ciphersuite (const mbedtls_ssl_context *ssl)
 Return the name of the current ciphersuite. More...
 
const char * mbedtls_ssl_get_version (const mbedtls_ssl_context *ssl)
 Return the current SSL version (SSLv3/TLSv1/etc) More...
 
int mbedtls_ssl_get_record_expansion (const mbedtls_ssl_context *ssl)
 Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. More...
 
int mbedtls_ssl_get_max_out_record_payload (const mbedtls_ssl_context *ssl)
 Return the current maximum outgoing record payload in bytes. More...
 
int mbedtls_ssl_handshake (mbedtls_ssl_context *ssl)
 Perform the SSL handshake. More...
 
int mbedtls_ssl_handshake_step (mbedtls_ssl_context *ssl)
 Perform a single step of the SSL handshake. More...
 
int mbedtls_ssl_read (mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
 Read at most 'len' application data bytes. More...
 
int mbedtls_ssl_write (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
 Try to write exactly 'len' application data bytes. More...
 
int mbedtls_ssl_send_alert_message (mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
 Send an alert message. More...
 
int mbedtls_ssl_close_notify (mbedtls_ssl_context *ssl)
 Notify the peer that the connection is being closed. More...
 
void mbedtls_ssl_free (mbedtls_ssl_context *ssl)
 Free referenced items in an SSL context and clear memory. More...
 
void mbedtls_ssl_config_init (mbedtls_ssl_config *conf)
 Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). More...
 
int mbedtls_ssl_config_defaults (mbedtls_ssl_config *conf, int endpoint, int transport, int preset)
 Load reasonnable default SSL configuration values. More...
 
void mbedtls_ssl_config_free (mbedtls_ssl_config *conf)
 Free an SSL configuration context. More...
 
void mbedtls_ssl_session_init (mbedtls_ssl_session *session)
 Initialize SSL session structure. More...
 
void mbedtls_ssl_session_free (mbedtls_ssl_session *session)
 Free referenced items in an SSL session including the peer certificate and clear memory. More...
 
int mbedtls_ssl_tls_prf (const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen)
 TLS-PRF function for key derivation. More...
 

Detailed Description

SSL/TLS functions.

Definition in file ssl.h.