mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 10:45:44 +01:00
Move some structures to ssl_internal.h
This commit is contained in:
parent
5e94ddebbc
commit
cd4fcc6c8b
@ -554,8 +554,12 @@ typedef enum
|
||||
}
|
||||
mbedtls_ssl_states;
|
||||
|
||||
/* Defined below */
|
||||
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
|
||||
typedef struct mbedtls_ssl_context mbedtls_ssl_context;
|
||||
typedef struct mbedtls_ssl_config mbedtls_ssl_config;
|
||||
|
||||
/* Defined in ssl_internal.h */
|
||||
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
|
||||
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
@ -603,174 +607,10 @@ struct mbedtls_ssl_session
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
* This structure contains a full set of runtime transform parameters
|
||||
* either in negotiation or active.
|
||||
*/
|
||||
struct mbedtls_ssl_transform
|
||||
{
|
||||
/*
|
||||
* Session specific crypto layer
|
||||
*/
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
/*!< Chosen cipersuite_info */
|
||||
unsigned int keylen; /*!< symmetric key length */
|
||||
size_t minlen; /*!< min. ciphertext length */
|
||||
size_t ivlen; /*!< IV length */
|
||||
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
|
||||
size_t maclen; /*!< MAC length */
|
||||
|
||||
unsigned char iv_enc[16]; /*!< IV (encryption) */
|
||||
unsigned char iv_dec[16]; /*!< IV (decryption) */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
/* Needed only for SSL v3.0 secret */
|
||||
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
|
||||
unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
||||
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
||||
|
||||
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
||||
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
||||
|
||||
/*
|
||||
* Session specific compression layer
|
||||
*/
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
z_stream ctx_deflate; /*!< compression context */
|
||||
z_stream ctx_inflate; /*!< decompression context */
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
* This structure contains the parameters only needed during handshake.
|
||||
*/
|
||||
struct mbedtls_ssl_handshake_params
|
||||
{
|
||||
/*
|
||||
* Handshake specific crypto variables
|
||||
*/
|
||||
int sig_alg; /*!< Hash algorithm for signature */
|
||||
int cert_type; /*!< Requested cert type */
|
||||
int verify_sig_alg; /*!< Signature algorithm for verify */
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
unsigned char *psk; /*!< PSK from the callback */
|
||||
size_t psk_len; /*!< Length of PSK from callback */
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
||||
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
|
||||
|
||||
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
|
||||
Srv: unused */
|
||||
unsigned char verify_cookie_len; /*!< Cli: cookie length
|
||||
Srv: flag for sending a cookie */
|
||||
|
||||
unsigned char *hs_msg; /*!< Reassembled handshake message */
|
||||
|
||||
uint32_t retransmit_timeout; /*!< Current value of timeout */
|
||||
unsigned char retransmit_state; /*!< Retransmission state */
|
||||
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
||||
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
||||
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
||||
flight being received */
|
||||
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
||||
resending messages */
|
||||
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
||||
for resending messages */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Checksum contexts
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_context fin_md5;
|
||||
mbedtls_sha1_context fin_sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
mbedtls_sha256_context fin_sha256;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
mbedtls_sha512_context fin_sha512;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
|
||||
void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
|
||||
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
|
||||
int (*tls_prf)(const unsigned char *, size_t, const char *,
|
||||
const unsigned char *, size_t,
|
||||
unsigned char *, size_t);
|
||||
|
||||
size_t pmslen; /*!< premaster length */
|
||||
|
||||
unsigned char randbytes[64]; /*!< random bytes */
|
||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||
/*!< premaster secret */
|
||||
|
||||
int resume; /*!< session resume indicator*/
|
||||
int max_major_ver; /*!< max. major version client*/
|
||||
int max_minor_ver; /*!< max. minor version client*/
|
||||
int cli_exts; /*!< client extension presence*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
int new_session_ticket; /*!< use NewSessionTicket? */
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
int extended_ms; /*!< use Extended Master Secret? */
|
||||
#endif
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/*
|
||||
* List of certificate + private key pairs
|
||||
*/
|
||||
struct mbedtls_ssl_key_cert
|
||||
{
|
||||
mbedtls_x509_crt *cert; /*!< cert */
|
||||
mbedtls_pk_context *key; /*!< private key */
|
||||
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
|
||||
};
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
/*
|
||||
* List of handshake messages kept around for resending
|
||||
*/
|
||||
struct mbedtls_ssl_flight_item
|
||||
{
|
||||
unsigned char *p; /*!< message, including handshake headers */
|
||||
size_t len; /*!< length of p */
|
||||
unsigned char type; /*!< type of the message: handshake or CCS */
|
||||
mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
/**
|
||||
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
|
||||
*/
|
||||
typedef struct
|
||||
struct mbedtls_ssl_config
|
||||
{
|
||||
/* Group items by size (largest first) to minimize padding overhead */
|
||||
|
||||
@ -924,8 +764,8 @@ typedef struct
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned int fallback : 1; /*!< is this a fallback? */
|
||||
#endif
|
||||
}
|
||||
mbedtls_ssl_config;
|
||||
};
|
||||
|
||||
|
||||
struct mbedtls_ssl_context
|
||||
{
|
||||
@ -2409,22 +2249,6 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
|
||||
*/
|
||||
void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL transform context and clear
|
||||
* memory
|
||||
*
|
||||
* \param transform SSL transform context
|
||||
*/
|
||||
void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL handshake context and clear
|
||||
* memory
|
||||
*
|
||||
* \param handshake SSL handshake context
|
||||
*/
|
||||
void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -30,6 +30,187 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This structure contains the parameters only needed during handshake.
|
||||
*/
|
||||
struct mbedtls_ssl_handshake_params
|
||||
{
|
||||
/*
|
||||
* Handshake specific crypto variables
|
||||
*/
|
||||
int sig_alg; /*!< Hash algorithm for signature */
|
||||
int cert_type; /*!< Requested cert type */
|
||||
int verify_sig_alg; /*!< Signature algorithm for verify */
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
unsigned char *psk; /*!< PSK from the callback */
|
||||
size_t psk_len; /*!< Length of PSK from callback */
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
||||
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
|
||||
|
||||
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
|
||||
Srv: unused */
|
||||
unsigned char verify_cookie_len; /*!< Cli: cookie length
|
||||
Srv: flag for sending a cookie */
|
||||
|
||||
unsigned char *hs_msg; /*!< Reassembled handshake message */
|
||||
|
||||
uint32_t retransmit_timeout; /*!< Current value of timeout */
|
||||
unsigned char retransmit_state; /*!< Retransmission state */
|
||||
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
||||
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
||||
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
||||
flight being received */
|
||||
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
||||
resending messages */
|
||||
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
||||
for resending messages */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Checksum contexts
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_context fin_md5;
|
||||
mbedtls_sha1_context fin_sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
mbedtls_sha256_context fin_sha256;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
mbedtls_sha512_context fin_sha512;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
|
||||
void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
|
||||
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
|
||||
int (*tls_prf)(const unsigned char *, size_t, const char *,
|
||||
const unsigned char *, size_t,
|
||||
unsigned char *, size_t);
|
||||
|
||||
size_t pmslen; /*!< premaster length */
|
||||
|
||||
unsigned char randbytes[64]; /*!< random bytes */
|
||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||
/*!< premaster secret */
|
||||
|
||||
int resume; /*!< session resume indicator*/
|
||||
int max_major_ver; /*!< max. major version client*/
|
||||
int max_minor_ver; /*!< max. minor version client*/
|
||||
int cli_exts; /*!< client extension presence*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
int new_session_ticket; /*!< use NewSessionTicket? */
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
int extended_ms; /*!< use Extended Master Secret? */
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
* This structure contains a full set of runtime transform parameters
|
||||
* either in negotiation or active.
|
||||
*/
|
||||
struct mbedtls_ssl_transform
|
||||
{
|
||||
/*
|
||||
* Session specific crypto layer
|
||||
*/
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
/*!< Chosen cipersuite_info */
|
||||
unsigned int keylen; /*!< symmetric key length */
|
||||
size_t minlen; /*!< min. ciphertext length */
|
||||
size_t ivlen; /*!< IV length */
|
||||
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
|
||||
size_t maclen; /*!< MAC length */
|
||||
|
||||
unsigned char iv_enc[16]; /*!< IV (encryption) */
|
||||
unsigned char iv_dec[16]; /*!< IV (decryption) */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
/* Needed only for SSL v3.0 secret */
|
||||
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
|
||||
unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
||||
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
||||
|
||||
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
||||
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
||||
|
||||
/*
|
||||
* Session specific compression layer
|
||||
*/
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
z_stream ctx_deflate; /*!< compression context */
|
||||
z_stream ctx_inflate; /*!< decompression context */
|
||||
#endif
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/*
|
||||
* List of certificate + private key pairs
|
||||
*/
|
||||
struct mbedtls_ssl_key_cert
|
||||
{
|
||||
mbedtls_x509_crt *cert; /*!< cert */
|
||||
mbedtls_pk_context *key; /*!< private key */
|
||||
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
|
||||
};
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
/*
|
||||
* List of handshake messages kept around for resending
|
||||
*/
|
||||
struct mbedtls_ssl_flight_item
|
||||
{
|
||||
unsigned char *p; /*!< message, including handshake headers */
|
||||
size_t len; /*!< length of p */
|
||||
unsigned char type; /*!< type of the message: handshake or CCS */
|
||||
mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL transform context and clear
|
||||
* memory
|
||||
*
|
||||
* \param transform SSL transform context
|
||||
*/
|
||||
void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL handshake context and clear
|
||||
* memory
|
||||
*
|
||||
* \param handshake SSL handshake context
|
||||
*/
|
||||
void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
|
||||
|
||||
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
||||
|
Loading…
Reference in New Issue
Block a user