Mbed OS Reference
|
SSL/TLS functions. More...
#include "mbedtls/config.h"
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#include "mbedtls/ssl_ciphersuites.h"
Go to the source code of this file.
Data Structures | |
union | mbedtls_ssl_premaster_secret |
struct | mbedtls_ssl_session |
struct | mbedtls_ssl_config |
SSL/TLS configuration to be shared between mbedtls_ssl_context structures. More... | |
struct | mbedtls_ssl_context |
Macros | |
#define | MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 |
The requested feature is not available. More... | |
#define | MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 |
Bad input parameters to function. More... | |
#define | MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 |
Verification of the message MAC failed. More... | |
#define | MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 |
An invalid SSL record was received. More... | |
#define | MBEDTLS_ERR_SSL_CONN_EOF -0x7280 |
The connection indicated an EOF. More... | |
#define | MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 |
An unknown cipher was received. More... | |
#define | MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 |
The server has no ciphersuites in common with the client. More... | |
#define | MBEDTLS_ERR_SSL_NO_RNG -0x7400 |
No RNG was provided to the SSL module. More... | |
#define | MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 |
No client certification received from the client, but required by the authentication mode. More... | |
#define | MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 |
Our own certificate(s) is/are too large to send in an SSL message. More... | |
#define | MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 |
The own certificate is not set, but needed by the server. More... | |
#define | MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 |
The own private key or pre-shared key is not set, but needed. More... | |
#define | MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 |
No CA Chain is set, but required to operate. More... | |
#define | MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 |
An unexpected message was received from our peer. More... | |
#define | MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 |
A fatal alert message was received from our peer. More... | |
#define | MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 |
Verification of our peer failed. More... | |
#define | MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 |
The peer notified us that the connection is going to be closed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 |
Processing of the ClientHello handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 |
Processing of the ServerHello handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 |
Processing of the Certificate handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 |
Processing of the CertificateRequest handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 |
Processing of the ServerKeyExchange handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 |
Processing of the ServerHelloDone handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 |
Processing of the ClientKeyExchange handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 |
Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 |
Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 |
Processing of the CertificateVerify handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 |
Processing of the ChangeCipherSpec handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 |
Processing of the Finished handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 |
Memory allocation failed. More... | |
#define | MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 |
Hardware acceleration function returned with error. More... | |
#define | MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 |
Hardware acceleration function skipped / left alone data. More... | |
#define | MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 |
Processing of the compression / decompression failed. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 |
Handshake protocol not within min/max boundaries. More... | |
#define | MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 |
Processing of the NewSessionTicket handshake message failed. More... | |
#define | MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 |
Session ticket has expired. More... | |
#define | MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 |
Public key type mismatch (eg, asked for RSA key exchange and presented EC key) More... | |
#define | MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 |
Unknown identity received (eg, PSK identity) More... | |
#define | MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 |
Internal error (eg, unexpected failure in lower-level module) More... | |
#define | MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 |
A counter would wrap (eg, too many messages exchanged). More... | |
#define | MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 |
Unexpected message at ServerHello in renegotiation. More... | |
#define | MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 |
DTLS client must retry for hello verification. More... | |
#define | MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 |
A buffer is too small to receive or write a message. More... | |
#define | MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 |
None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). More... | |
#define | MBEDTLS_ERR_SSL_WANT_READ -0x6900 |
No data of requested type currently available on underlying transport. More... | |
#define | MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 |
Connection requires a write call. More... | |
#define | MBEDTLS_ERR_SSL_TIMEOUT -0x6800 |
The operation timed out. More... | |
#define | MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 |
The client initiated a reconnect from the same port. More... | |
#define | MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 |
Record header looks valid but is not expected. More... | |
#define | MBEDTLS_ERR_SSL_NON_FATAL -0x6680 |
The alert message received indicates a non-fatal error. More... | |
#define | MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 |
Couldn't set the hash for verifying CertificateVerify. More... | |
#define | MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 |
Internal-only message signaling that further message-processing should be done. More... | |
#define | MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 |
The asynchronous operation is not completed yet. More... | |
#define | MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 |
Internal-only message signaling that a message arrived early. More... | |
#define | MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 |
An encrypted DTLS-frame with an unexpected CID was received. More... | |
#define | MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 |
An operation failed due to an unexpected version or configuration. More... | |
#define | MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 |
A cryptographic operation is in progress. More... | |
#define | MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 |
Invalid value in SSL config. More... | |
#define | MBEDTLS_SSL_MINOR_VERSION_0 0 |
#define | MBEDTLS_SSL_MINOR_VERSION_1 1 |
#define | MBEDTLS_SSL_MINOR_VERSION_2 2 |
#define | MBEDTLS_SSL_MINOR_VERSION_3 3 |
#define | MBEDTLS_SSL_MINOR_VERSION_4 4 |
#define | MBEDTLS_SSL_TRANSPORT_STREAM 0 |
#define | MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 |
#define | MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 |
#define | MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 |
#define | MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 |
#define | MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 |
#define | MBEDTLS_SSL_MAX_FRAG_LEN_512 1 |
#define | MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 |
#define | MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 |
#define | MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 |
#define | MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 |
#define | MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF |
renegotiation info ext More... | |
#define | MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 |
RFC 7507 section 2. More... | |
SECTION: Module settings | |
The configuration options you can set for this module are in this section. Either change them in config.h or define them on the compiler command line. | |
#define | MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 |
Lifetime of session tickets (if enabled) More... | |
#define | MBEDTLS_SSL_MAX_CONTENT_LEN 16384 |
Size of the input / output buffer. More... | |
#define | MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
#define | MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN |
#define | MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 |
#define | MBEDTLS_SSL_CID_IN_LEN_MAX 32 |
#define | MBEDTLS_SSL_CID_OUT_LEN_MAX 32 |
#define | MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 |
#define | MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1 |
Typedefs | |
typedef int | mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len) |
Callback type: send data on the network. More... | |
typedef int | mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len) |
Callback type: receive data from the network. More... | |
typedef int | mbedtls_ssl_recv_timeout_t(void *ctx, unsigned char *buf, size_t len, uint32_t timeout) |
Callback type: receive data from the network, with timeout. More... | |
typedef void | mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms) |
Callback type: set a pair of timers/delays to watch. More... | |
typedef int | mbedtls_ssl_get_timer_t(void *ctx) |
Callback type: get status of timers/delays. More... | |
typedef int | mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime) |
Callback type: generate and write session ticket. More... | |
typedef int | mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len) |
Callback type: parse and load session ticket. More... | |
typedef int | mbedtls_ssl_cookie_write_t(void *ctx, unsigned char **p, unsigned char *end, const unsigned char *info, size_t ilen) |
Callback type: generate a cookie. More... | |
typedef int | mbedtls_ssl_cookie_check_t(void *ctx, const unsigned char *cookie, size_t clen, const unsigned char *info, size_t ilen) |
Callback type: verify a cookie. More... | |
Functions | |
const char * | mbedtls_ssl_get_ciphersuite_name (const int ciphersuite_id) |
Return the name of the ciphersuite associated with the given ID. More... | |
int | mbedtls_ssl_get_ciphersuite_id (const char *ciphersuite_name) |
Return the ID of the ciphersuite associated with the given name. More... | |
void | mbedtls_ssl_init (mbedtls_ssl_context *ssl) |
Initialize an SSL context Just makes the context ready for mbedtls_ssl_setup() or mbedtls_ssl_free() More... | |
int | mbedtls_ssl_setup (mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf) |
Set up an SSL context for use. More... | |
int | mbedtls_ssl_session_reset (mbedtls_ssl_context *ssl) |
Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. More... | |
void | mbedtls_ssl_conf_endpoint (mbedtls_ssl_config *conf, int endpoint) |
Set the current endpoint type. More... | |
void | mbedtls_ssl_conf_transport (mbedtls_ssl_config *conf, int transport) |
Set the transport type (TLS or DTLS). More... | |
void | mbedtls_ssl_conf_authmode (mbedtls_ssl_config *conf, int authmode) |
Set the certificate verification mode Default: NONE on server, REQUIRED on client. More... | |
void | mbedtls_ssl_conf_rng (mbedtls_ssl_config *conf, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Set the random number generator callback. More... | |
void | mbedtls_ssl_conf_dbg (mbedtls_ssl_config *conf, void(*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg) |
Set the debug callback. More... | |
void | mbedtls_ssl_set_bio (mbedtls_ssl_context *ssl, void *p_bio, mbedtls_ssl_send_t *f_send, mbedtls_ssl_recv_t *f_recv, mbedtls_ssl_recv_timeout_t *f_recv_timeout) |
Set the underlying BIO callbacks for write, read and read-with-timeout. More... | |
void | mbedtls_ssl_conf_read_timeout (mbedtls_ssl_config *conf, uint32_t timeout) |
Set the timeout period for mbedtls_ssl_read() (Default: no timeout.) More... | |
void | mbedtls_ssl_set_timer_cb (mbedtls_ssl_context *ssl, void *p_timer, mbedtls_ssl_set_timer_t *f_set_timer, mbedtls_ssl_get_timer_t *f_get_timer) |
Set the timer callbacks (Mandatory for DTLS.) More... | |
int | mbedtls_ssl_session_load (mbedtls_ssl_session *session, const unsigned char *buf, size_t len) |
Load serialized session data into a session structure. More... | |
int | mbedtls_ssl_session_save (const mbedtls_ssl_session *session, unsigned char *buf, size_t buf_len, size_t *olen) |
Save session structure as serialized data in a buffer. More... | |
const mbedtls_ssl_session * | mbedtls_ssl_get_session_pointer (const mbedtls_ssl_context *ssl) |
Get a pointer to the current session structure, for example to serialize it. More... | |
void | mbedtls_ssl_conf_ciphersuites (mbedtls_ssl_config *conf, const int *ciphersuites) |
Set the list of allowed ciphersuites and the preference order. More... | |
void | mbedtls_ssl_conf_ciphersuites_for_version (mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor) |
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol. More... | |
void | mbedtls_ssl_conf_max_version (mbedtls_ssl_config *conf, int major, int minor) |
Set the maximum supported version sent from the client side and/or accepted at the server side (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) More... | |
void | mbedtls_ssl_conf_min_version (mbedtls_ssl_config *conf, int major, int minor) |
Set the minimum accepted SSL/TLS protocol version (Default: TLS 1.0) More... | |
void | mbedtls_ssl_conf_legacy_renegotiation (mbedtls_ssl_config *conf, int allow_legacy) |
Prevent or allow legacy renegotiation. More... | |
int | mbedtls_ssl_check_pending (const mbedtls_ssl_context *ssl) |
Check if there is data already read from the underlying transport but not yet processed. More... | |
size_t | mbedtls_ssl_get_bytes_avail (const mbedtls_ssl_context *ssl) |
Return the number of application data bytes remaining to be read from the current record. More... | |
uint32_t | mbedtls_ssl_get_verify_result (const mbedtls_ssl_context *ssl) |
Return the result of the certificate verification. More... | |
const char * | mbedtls_ssl_get_ciphersuite (const mbedtls_ssl_context *ssl) |
Return the name of the current ciphersuite. More... | |
const char * | mbedtls_ssl_get_version (const mbedtls_ssl_context *ssl) |
Return the current SSL version (SSLv3/TLSv1/etc) More... | |
int | mbedtls_ssl_get_record_expansion (const mbedtls_ssl_context *ssl) |
Return the (maximum) number of bytes added by the record layer: header + encryption/MAC overhead (inc. More... | |
int | mbedtls_ssl_get_max_out_record_payload (const mbedtls_ssl_context *ssl) |
Return the current maximum outgoing record payload in bytes. More... | |
int | mbedtls_ssl_handshake (mbedtls_ssl_context *ssl) |
Perform the SSL handshake. More... | |
int | mbedtls_ssl_handshake_step (mbedtls_ssl_context *ssl) |
Perform a single step of the SSL handshake. More... | |
int | mbedtls_ssl_read (mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) |
Read at most 'len' application data bytes. More... | |
int | mbedtls_ssl_write (mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) |
Try to write exactly 'len' application data bytes. More... | |
int | mbedtls_ssl_send_alert_message (mbedtls_ssl_context *ssl, unsigned char level, unsigned char message) |
Send an alert message. More... | |
int | mbedtls_ssl_close_notify (mbedtls_ssl_context *ssl) |
Notify the peer that the connection is being closed. More... | |
void | mbedtls_ssl_free (mbedtls_ssl_context *ssl) |
Free referenced items in an SSL context and clear memory. More... | |
void | mbedtls_ssl_config_init (mbedtls_ssl_config *conf) |
Initialize an SSL configuration context Just makes the context ready for mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). More... | |
int | mbedtls_ssl_config_defaults (mbedtls_ssl_config *conf, int endpoint, int transport, int preset) |
Load reasonnable default SSL configuration values. More... | |
void | mbedtls_ssl_config_free (mbedtls_ssl_config *conf) |
Free an SSL configuration context. More... | |
void | mbedtls_ssl_session_init (mbedtls_ssl_session *session) |
Initialize SSL session structure. More... | |
void | mbedtls_ssl_session_free (mbedtls_ssl_session *session) |
Free referenced items in an SSL session including the peer certificate and clear memory. More... | |
int | mbedtls_ssl_tls_prf (const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) |
TLS-PRF function for key derivation. More... | |
SSL/TLS functions.
Definition in file ssl.h.