SSL/TLS functions. More...

#include <time.h>
#include "net.h"
#include "dhm.h"
#include "rsa.h"
#include "md5.h"
#include "sha1.h"
#include "x509.h"
#include "config.h"

Include dependency graph for ssl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	_ssl_session
struct	_ssl_context
Defines
#define	POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
	The requested feature is not available.
#define	POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100
	Bad input parameters to function.
#define	POLARSSL_ERR_SSL_INVALID_MAC -0x7180
	Verification of the message MAC failed.
#define	POLARSSL_ERR_SSL_INVALID_RECORD -0x7200
	An invalid SSL record was received.
#define	POLARSSL_ERR_SSL_CONN_EOF -0x7280
	The connection indicated an EOF.
#define	POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300
	An unknown cipher was received.
#define	POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
	The server has no ciphersuites in common with the client.
#define	POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400
	No session to recover was found.
#define	POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
	No client certification received from the client, but required by the authentication mode.
#define	POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
	Our own certificate(s) is/are too large to send in an SSL message.
#define	POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
	The own certificate is not set, but needed by the server.
#define	POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
	The own private key is not set, but needed.
#define	POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
	No CA Chain is set, but required to operate.
#define	POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
	An unexpected message was received from our peer.
#define	POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
	A fatal alert message was received from our peer.
#define	POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800
	Verification of our peer failed.
#define	POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
	The peer notified us that the connection is going to be closed.
#define	POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
	Processing of the ClientHello handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
	Processing of the ServerHello handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
	Processing of the Certificate handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
	Processing of the CertificateRequest handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
	Processing of the ServerKeyExchange handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
	Processing of the ServerHelloDone handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
	Processing of the ClientKeyExchange handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80
	Processing of the ClientKeyExchange handshake message failed in DHM Read Public.
#define	POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00
	Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret.
#define	POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
	Processing of the CertificateVerify handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
	Processing of the ChangeCipherSpec handshake message failed.
#define	POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80
	Processing of the Finished handshake message failed.
#define	POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00
	Memory allocation failed.
#define	SSL_MAJOR_VERSION_3 3
#define	SSL_MINOR_VERSION_0 0
#define	SSL_MINOR_VERSION_1 1
#define	SSL_MINOR_VERSION_2 2
#define	SSL_IS_CLIENT 0
#define	SSL_IS_SERVER 1
#define	SSL_COMPRESS_NULL 0
#define	SSL_VERIFY_NONE 0
#define	SSL_VERIFY_OPTIONAL 1
#define	SSL_VERIFY_REQUIRED 2
#define	SSL_MAX_CONTENT_LEN 16384
#define	SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
#define	SSL_RSA_RC4_128_MD5 0x04
#define	SSL_RSA_RC4_128_SHA 0x05
#define	SSL_RSA_DES_168_SHA 0x0A
#define	SSL_EDH_RSA_DES_168_SHA 0x16
#define	SSL_RSA_AES_128_SHA 0x2F
#define	SSL_EDH_RSA_AES_128_SHA 0x33
#define	SSL_RSA_AES_256_SHA 0x35
#define	SSL_EDH_RSA_AES_256_SHA 0x39
#define	SSL_RSA_CAMELLIA_128_SHA 0x41
#define	SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
#define	SSL_RSA_CAMELLIA_256_SHA 0x84
#define	SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
#define	SSL_MSG_CHANGE_CIPHER_SPEC 20
#define	SSL_MSG_ALERT 21
#define	SSL_MSG_HANDSHAKE 22
#define	SSL_MSG_APPLICATION_DATA 23
#define	SSL_ALERT_LEVEL_WARNING 1
#define	SSL_ALERT_LEVEL_FATAL 2
#define	SSL_ALERT_MSG_CLOSE_NOTIFY 0
#define	SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
#define	SSL_ALERT_MSG_BAD_RECORD_MAC 20
#define	SSL_ALERT_MSG_DECRYPTION_FAILED 21
#define	SSL_ALERT_MSG_RECORD_OVERFLOW 22
#define	SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
#define	SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
#define	SSL_ALERT_MSG_NO_CERT 41
#define	SSL_ALERT_MSG_BAD_CERT 42
#define	SSL_ALERT_MSG_UNSUPPORTED_CERT 43
#define	SSL_ALERT_MSG_CERT_REVOKED 44
#define	SSL_ALERT_MSG_CERT_EXPIRED 45
#define	SSL_ALERT_MSG_CERT_UNKNOWN 46
#define	SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
#define	SSL_ALERT_MSG_UNKNOWN_CA 48
#define	SSL_ALERT_MSG_ACCESS_DENIED 49
#define	SSL_ALERT_MSG_DECODE_ERROR 50
#define	SSL_ALERT_MSG_DECRYPT_ERROR 51
#define	SSL_ALERT_MSG_EXPORT_RESTRICTION 60
#define	SSL_ALERT_MSG_PROTOCOL_VERSION 70
#define	SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
#define	SSL_ALERT_MSG_INTERNAL_ERROR 80
#define	SSL_ALERT_MSG_USER_CANCELED 90
#define	SSL_ALERT_MSG_NO_RENEGOTIATION 100
#define	SSL_HS_HELLO_REQUEST 0
#define	SSL_HS_CLIENT_HELLO 1
#define	SSL_HS_SERVER_HELLO 2
#define	SSL_HS_CERTIFICATE 11
#define	SSL_HS_SERVER_KEY_EXCHANGE 12
#define	SSL_HS_CERTIFICATE_REQUEST 13
#define	SSL_HS_SERVER_HELLO_DONE 14
#define	SSL_HS_CERTIFICATE_VERIFY 15
#define	SSL_HS_CLIENT_KEY_EXCHANGE 16
#define	SSL_HS_FINISHED 20
#define	TLS_EXT_SERVERNAME 0
#define	TLS_EXT_SERVERNAME_HOSTNAME 0
Typedefs
typedef struct _ssl_session	ssl_session
typedef struct _ssl_context	ssl_context
Enumerations
enum	ssl_states { SSL_HELLO_REQUEST, SSL_CLIENT_HELLO, SSL_SERVER_HELLO, SSL_SERVER_CERTIFICATE, SSL_SERVER_KEY_EXCHANGE, SSL_CERTIFICATE_REQUEST, SSL_SERVER_HELLO_DONE, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_KEY_EXCHANGE, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_FLUSH_BUFFERS, SSL_HANDSHAKE_OVER }
Functions
static const int *	ssl_list_ciphersuites (void)
	Returns the list of ciphersuites supported by the SSL/TLS module.
const char *	ssl_get_ciphersuite_name (const int ciphersuite_id)
	Return the name of the ciphersuite associated with the given ID.
int	ssl_get_ciphersuite_id (const char *ciphersuite_name)
	Return the ID of the ciphersuite associated with the given name.
int	ssl_init (ssl_context *ssl)
	Initialize an SSL context.
void	ssl_session_reset (ssl_context *ssl)
	Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.
void	ssl_set_endpoint (ssl_context *ssl, int endpoint)
	Set the current endpoint type.
void	ssl_set_authmode (ssl_context *ssl, int authmode)
	Set the certificate verification mode.
void	ssl_set_verify (ssl_context ssl, int(f_vrfy)(void , x509_cert , int, int), void *p_vrfy)
	Set the verification callback (Optional).
void	ssl_set_rng (ssl_context ssl, int(f_rng)(void , unsigned char , size_t), void *p_rng)
	Set the random number generator callback.
void	ssl_set_dbg (ssl_context ssl, void(f_dbg)(void , int, const char ), void *p_dbg)
	Set the debug callback.
void	ssl_set_bio (ssl_context ssl, int(f_recv)(void , unsigned char , size_t), void p_recv, int(f_send)(void , const unsigned char , size_t), void *p_send)
	Set the underlying BIO read and write callbacks.
void	ssl_set_scb (ssl_context ssl, int(s_get)(ssl_context ), int(s_set)(ssl_context *))
	Set the session callbacks (server-side only)
void	ssl_set_session (ssl_context ssl, int resume, int timeout, ssl_session session)
	Set the session resuming flag, timeout and data.
void	ssl_set_ciphersuites (ssl_context ssl, int ciphersuites)
	Set the list of allowed ciphersuites.
void	ssl_set_ca_chain (ssl_context ssl, x509_cert ca_chain, x509_crl ca_crl, const char peer_cn)
	Set the data required to verify peer certificate.
void	ssl_set_own_cert (ssl_context ssl, x509_cert own_cert, rsa_context *rsa_key)
	Set own certificate and private key.
int	ssl_set_dh_param (ssl_context ssl, const char dhm_P, const char *dhm_G)
	Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)
int	ssl_set_dh_param_ctx (ssl_context ssl, dhm_context dhm_ctx)
	Set the Diffie-Hellman public P and G values, read from existing context (server-side only)
int	ssl_set_hostname (ssl_context ssl, const char hostname)
	Set hostname for ServerName TLS Extension.
void	ssl_set_max_version (ssl_context *ssl, int major, int minor)
	Set the maximum supported version sent from the client side.
size_t	ssl_get_bytes_avail (const ssl_context *ssl)
	Return the number of data bytes available to read.
int	ssl_get_verify_result (const ssl_context *ssl)
	Return the result of the certificate verification.
const char *	ssl_get_ciphersuite (const ssl_context *ssl)
	Return the name of the current ciphersuite.
const char *	ssl_get_version (const ssl_context *ssl)
	Return the current SSL version (SSLv3/TLSv1/etc)
int	ssl_handshake (ssl_context *ssl)
	Perform the SSL handshake.
int	ssl_read (ssl_context ssl, unsigned char buf, size_t len)
	Read at most 'len' application data bytes.
int	ssl_write (ssl_context ssl, const unsigned char buf, size_t len)
	Write exactly 'len' application data bytes.
int	ssl_close_notify (ssl_context *ssl)
	Notify the peer that the connection is being closed.
void	ssl_free (ssl_context *ssl)
	Free an SSL context.
int	ssl_handshake_client (ssl_context *ssl)
int	ssl_handshake_server (ssl_context *ssl)
int	ssl_derive_keys (ssl_context *ssl)
void	ssl_calc_verify (ssl_context *ssl, unsigned char hash[36])
int	ssl_read_record (ssl_context *ssl)
int	ssl_fetch_input (ssl_context *ssl, size_t nb_want)
int	ssl_write_record (ssl_context *ssl)
int	ssl_flush_output (ssl_context *ssl)
int	ssl_parse_certificate (ssl_context *ssl)
int	ssl_write_certificate (ssl_context *ssl)
int	ssl_parse_change_cipher_spec (ssl_context *ssl)
int	ssl_write_change_cipher_spec (ssl_context *ssl)
int	ssl_parse_finished (ssl_context *ssl)
int	ssl_write_finished (ssl_context *ssl)
Variables
int	ssl_default_ciphersuites []

Detailed Description

SSL/TLS functions.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file ssl.h.

Define Documentation

#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00

Processing of the Certificate handshake message failed.

Definition at line 74 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80

Processing of the CertificateRequest handshake message failed.

Definition at line 75 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80

Processing of the CertificateVerify handshake message failed.

Definition at line 81 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00

Processing of the ChangeCipherSpec handshake message failed.

Definition at line 82 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900

Processing of the ClientHello handshake message failed.

Definition at line 72 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00

Processing of the ClientKeyExchange handshake message failed.

Definition at line 78 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00

Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret.

Definition at line 80 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80

Processing of the ClientKeyExchange handshake message failed in DHM Read Public.

Definition at line 79 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80

Processing of the Finished handshake message failed.

Definition at line 83 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980

Processing of the ServerHello handshake message failed.

Definition at line 73 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80

Processing of the ServerHelloDone handshake message failed.

Definition at line 77 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00

Processing of the ServerKeyExchange handshake message failed.

Definition at line 76 of file ssl.h.

#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100

Bad input parameters to function.

Definition at line 56 of file ssl.h.

#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680

No CA Chain is set, but required to operate.

Definition at line 67 of file ssl.h.

#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580

The own certificate is not set, but needed by the server.

Definition at line 65 of file ssl.h.

#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500

Our own certificate(s) is/are too large to send in an SSL message.

Definition at line 64 of file ssl.h.

#define POLARSSL_ERR_SSL_CONN_EOF -0x7280

The connection indicated an EOF.

Definition at line 59 of file ssl.h.

#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780

A fatal alert message was received from our peer.

Definition at line 69 of file ssl.h.

#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080

The requested feature is not available.

Definition at line 55 of file ssl.h.

#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180

Verification of the message MAC failed.

Definition at line 57 of file ssl.h.

#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200

An invalid SSL record was received.

Definition at line 58 of file ssl.h.

#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00

Memory allocation failed.

Definition at line 84 of file ssl.h.

#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380

The server has no ciphersuites in common with the client.

Definition at line 61 of file ssl.h.

#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480

No client certification received from the client, but required by the authentication mode.

Definition at line 63 of file ssl.h.

#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400

No session to recover was found.

Definition at line 62 of file ssl.h.

#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880

The peer notified us that the connection is going to be closed.

Definition at line 71 of file ssl.h.

#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800

Verification of our peer failed.

Definition at line 70 of file ssl.h.

#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600

The own private key is not set, but needed.

Definition at line 66 of file ssl.h.

#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700

An unexpected message was received from our peer.

Definition at line 68 of file ssl.h.

#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300

An unknown cipher was received.

Definition at line 60 of file ssl.h.

#define SSL_ALERT_LEVEL_FATAL 2

Definition at line 136 of file ssl.h.

#define SSL_ALERT_LEVEL_WARNING 1

Definition at line 135 of file ssl.h.

#define SSL_ALERT_MSG_ACCESS_DENIED 49

Definition at line 153 of file ssl.h.

#define SSL_ALERT_MSG_BAD_CERT 42

Definition at line 146 of file ssl.h.

#define SSL_ALERT_MSG_BAD_RECORD_MAC 20

Definition at line 140 of file ssl.h.

#define SSL_ALERT_MSG_CERT_EXPIRED 45

Definition at line 149 of file ssl.h.

#define SSL_ALERT_MSG_CERT_REVOKED 44

Definition at line 148 of file ssl.h.

#define SSL_ALERT_MSG_CERT_UNKNOWN 46

Definition at line 150 of file ssl.h.

#define SSL_ALERT_MSG_CLOSE_NOTIFY 0

Definition at line 138 of file ssl.h.

#define SSL_ALERT_MSG_DECODE_ERROR 50

Definition at line 154 of file ssl.h.

#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30

Definition at line 143 of file ssl.h.

#define SSL_ALERT_MSG_DECRYPT_ERROR 51

Definition at line 155 of file ssl.h.

#define SSL_ALERT_MSG_DECRYPTION_FAILED 21

Definition at line 141 of file ssl.h.

#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60

Definition at line 156 of file ssl.h.

#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40

Definition at line 144 of file ssl.h.

#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47

Definition at line 151 of file ssl.h.

#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71

Definition at line 158 of file ssl.h.

#define SSL_ALERT_MSG_INTERNAL_ERROR 80

Definition at line 159 of file ssl.h.

#define SSL_ALERT_MSG_NO_CERT 41

Definition at line 145 of file ssl.h.

#define SSL_ALERT_MSG_NO_RENEGOTIATION 100

Definition at line 161 of file ssl.h.

#define SSL_ALERT_MSG_PROTOCOL_VERSION 70

Definition at line 157 of file ssl.h.

#define SSL_ALERT_MSG_RECORD_OVERFLOW 22

Definition at line 142 of file ssl.h.

#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10

Definition at line 139 of file ssl.h.

#define SSL_ALERT_MSG_UNKNOWN_CA 48

Definition at line 152 of file ssl.h.

#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43

Definition at line 147 of file ssl.h.

#define SSL_ALERT_MSG_USER_CANCELED 90

Definition at line 160 of file ssl.h.

#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)

Definition at line 108 of file ssl.h.

#define SSL_COMPRESS_NULL 0

Definition at line 96 of file ssl.h.

#define SSL_EDH_RSA_AES_128_SHA 0x33

Definition at line 118 of file ssl.h.

#define SSL_EDH_RSA_AES_256_SHA 0x39

Definition at line 120 of file ssl.h.

#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45

Definition at line 123 of file ssl.h.

#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88

Definition at line 125 of file ssl.h.

#define SSL_EDH_RSA_DES_168_SHA 0x16

Definition at line 116 of file ssl.h.

#define SSL_HS_CERTIFICATE 11

Definition at line 166 of file ssl.h.

#define SSL_HS_CERTIFICATE_REQUEST 13

Definition at line 168 of file ssl.h.

#define SSL_HS_CERTIFICATE_VERIFY 15

Definition at line 170 of file ssl.h.

#define SSL_HS_CLIENT_HELLO 1

Definition at line 164 of file ssl.h.

#define SSL_HS_CLIENT_KEY_EXCHANGE 16

Definition at line 171 of file ssl.h.

#define SSL_HS_FINISHED 20

Definition at line 172 of file ssl.h.

#define SSL_HS_HELLO_REQUEST 0

Definition at line 163 of file ssl.h.

#define SSL_HS_SERVER_HELLO 2

Definition at line 165 of file ssl.h.

#define SSL_HS_SERVER_HELLO_DONE 14

Definition at line 169 of file ssl.h.

#define SSL_HS_SERVER_KEY_EXCHANGE 12

Definition at line 167 of file ssl.h.

#define SSL_IS_CLIENT 0

Definition at line 94 of file ssl.h.

#define SSL_IS_SERVER 1

Definition at line 95 of file ssl.h.

#define SSL_MAJOR_VERSION_3 3

Definition at line 89 of file ssl.h.

#define SSL_MAX_CONTENT_LEN 16384

Definition at line 102 of file ssl.h.

#define SSL_MINOR_VERSION_0 0

SSL v3.0

Definition at line 90 of file ssl.h.

#define SSL_MINOR_VERSION_1 1

TLS v1.0

Definition at line 91 of file ssl.h.

#define SSL_MINOR_VERSION_2 2

TLS v1.1

Definition at line 92 of file ssl.h.

#define SSL_MSG_ALERT 21

Definition at line 131 of file ssl.h.

#define SSL_MSG_APPLICATION_DATA 23

Definition at line 133 of file ssl.h.

#define SSL_MSG_CHANGE_CIPHER_SPEC 20

Definition at line 130 of file ssl.h.

#define SSL_MSG_HANDSHAKE 22

Definition at line 132 of file ssl.h.

#define SSL_RSA_AES_128_SHA 0x2F

Definition at line 117 of file ssl.h.

#define SSL_RSA_AES_256_SHA 0x35

Definition at line 119 of file ssl.h.

#define SSL_RSA_CAMELLIA_128_SHA 0x41

Definition at line 122 of file ssl.h.

#define SSL_RSA_CAMELLIA_256_SHA 0x84

Definition at line 124 of file ssl.h.

#define SSL_RSA_DES_168_SHA 0x0A

Definition at line 115 of file ssl.h.

#define SSL_RSA_RC4_128_MD5 0x04

Definition at line 113 of file ssl.h.

#define SSL_RSA_RC4_128_SHA 0x05

Definition at line 114 of file ssl.h.

#define SSL_VERIFY_NONE 0

Definition at line 98 of file ssl.h.

#define SSL_VERIFY_OPTIONAL 1

Definition at line 99 of file ssl.h.

#define SSL_VERIFY_REQUIRED 2

Definition at line 100 of file ssl.h.

#define TLS_EXT_SERVERNAME 0

Definition at line 177 of file ssl.h.

#define TLS_EXT_SERVERNAME_HOSTNAME 0

Definition at line 178 of file ssl.h.

Typedef Documentation

typedef struct _ssl_context ssl_context

Definition at line 205 of file ssl.h.

typedef struct _ssl_session ssl_session

Definition at line 204 of file ssl.h.

Enumeration Type Documentation

enum ssl_states

Enumerator:

SSL_HELLO_REQUEST
SSL_CLIENT_HELLO
SSL_SERVER_HELLO
SSL_SERVER_CERTIFICATE
SSL_SERVER_KEY_EXCHANGE
SSL_CERTIFICATE_REQUEST
SSL_SERVER_HELLO_DONE
SSL_CLIENT_CERTIFICATE
SSL_CLIENT_KEY_EXCHANGE
SSL_CERTIFICATE_VERIFY
SSL_CLIENT_CHANGE_CIPHER_SPEC
SSL_CLIENT_FINISHED
SSL_SERVER_CHANGE_CIPHER_SPEC
SSL_SERVER_FINISHED
SSL_FLUSH_BUFFERS
SSL_HANDSHAKE_OVER

Definition at line 183 of file ssl.h.

Function Documentation

void ssl_calc_verify	(	ssl_context *	ssl,
		unsigned char	hash[36]
	)

int ssl_close_notify ( ssl_context * ssl )

Notify the peer that the connection is being closed.

Parameters:

ssl	SSL context

int ssl_derive_keys ( ssl_context * ssl )

int ssl_fetch_input	(	ssl_context *	ssl,
		size_t	nb_want
	)

Returns:: 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or another negative error code.

int ssl_flush_output ( ssl_context * ssl )

void ssl_free ( ssl_context * ssl )

Free an SSL context.

Parameters:

ssl	SSL context

size_t ssl_get_bytes_avail ( const ssl_context * ssl )

Return the number of data bytes available to read.

Parameters:

ssl	SSL context

Returns:: how many bytes are available in the read buffer

const char* ssl_get_ciphersuite ( const ssl_context * ssl )

Return the name of the current ciphersuite.

Parameters:

ssl	SSL context

Returns:: a string containing the ciphersuite name

int ssl_get_ciphersuite_id ( const char * ciphersuite_name )

Return the ID of the ciphersuite associated with the given name.

Parameters:

ciphersuite_name SSL ciphersuite name

Returns:: the ID with the ciphersuite or 0 if not found

const char* ssl_get_ciphersuite_name ( const int ciphersuite_id )

Return the name of the ciphersuite associated with the given ID.

Parameters:

ciphersuite_id SSL ciphersuite ID

Returns:: a string containing the ciphersuite name

int ssl_get_verify_result ( const ssl_context * ssl )

Return the result of the certificate verification.

Parameters:

ssl	SSL context

Returns:: 0 if successful, or a combination of: BADCERT_EXPIRED BADCERT_REVOKED BADCERT_CN_MISMATCH BADCERT_NOT_TRUSTED

const char* ssl_get_version ( const ssl_context * ssl )

Return the current SSL version (SSLv3/TLSv1/etc)

Parameters:

ssl	SSL context

Returns:: a string containing the SSL version

int ssl_handshake ( ssl_context * ssl )

Perform the SSL handshake.

Parameters:

ssl	SSL context

Returns:: 0 if successful, POLARSSL_ERR_NET_WANT_READ, POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.

int ssl_handshake_client ( ssl_context * ssl )

int ssl_handshake_server ( ssl_context * ssl )

int ssl_init ( ssl_context * ssl )

Initialize an SSL context.

Parameters:

ssl	SSL context

Returns:: 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed

static const int* ssl_list_ciphersuites ( void ) [inline, static]

Returns the list of ciphersuites supported by the SSL/TLS module.

Returns:: a statically allocated array of ciphersuites, the last entry is 0.

Definition at line 347 of file ssl.h.

int ssl_parse_certificate ( ssl_context * ssl )

int ssl_parse_change_cipher_spec ( ssl_context * ssl )

int ssl_parse_finished ( ssl_context * ssl )

int ssl_read	(	ssl_context *	ssl,
		unsigned char *	buf,
		size_t	len
	)

Read at most 'len' application data bytes.

Parameters:

ssl	SSL context
buf	buffer that will hold the data
len	how many bytes must be read

Returns:: This function returns the number of bytes read, 0 for EOF, or a negative error code.

int ssl_read_record ( ssl_context * ssl )

void ssl_session_reset ( ssl_context * ssl )

Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data.

Parameters:

ssl	SSL context

void ssl_set_authmode	(	ssl_context *	ssl,
		int	authmode
	)

Set the certificate verification mode.

Parameters:

ssl	SSL context
authmode	can be:

SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.

SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.

SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed.

void ssl_set_bio	(	ssl_context *	ssl,
		int()(void , unsigned char *, size_t)	f_recv,
		void *	p_recv,
		int()(void , const unsigned char *, size_t)	f_send,
		void *	p_send
	)

Set the underlying BIO read and write callbacks.

Parameters:

ssl	SSL context
f_recv	read callback
p_recv	read parameter
f_send	write callback
p_send	write parameter

void ssl_set_ca_chain	(	ssl_context *	ssl,
		x509_cert *	ca_chain,
		x509_crl *	ca_crl,
		const char *	peer_cn
	)

Set the data required to verify peer certificate.

Parameters:

ssl	SSL context
ca_chain	trusted CA chain
ca_crl	trusted CA CRLs
peer_cn	expected peer CommonName (or NULL)

Note:: TODO: add two more parameters: depth and crl

void ssl_set_ciphersuites	(	ssl_context *	ssl,
		int *	ciphersuites
	)

Set the list of allowed ciphersuites.

Parameters:

ssl	SSL context
ciphersuites	0-terminated list of allowed ciphersuites

void ssl_set_dbg	(	ssl_context *	ssl,
		void()(void , int, const char *)	f_dbg,
		void *	p_dbg
	)

Set the debug callback.

Parameters:

ssl	SSL context
f_dbg	debug function
p_dbg	debug parameter

int ssl_set_dh_param	(	ssl_context *	ssl,
		const char *	dhm_P,
		const char *	dhm_G
	)

Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)

Parameters:

ssl	SSL context
dhm_P	Diffie-Hellman-Merkle modulus
dhm_G	Diffie-Hellman-Merkle generator

Returns:: 0 if successful

int ssl_set_dh_param_ctx	(	ssl_context *	ssl,
		dhm_context *	dhm_ctx
	)

Set the Diffie-Hellman public P and G values, read from existing context (server-side only)

Parameters:

ssl	SSL context
dhm_ctx	Diffie-Hellman-Merkle context

Returns:: 0 if successful

void ssl_set_endpoint	(	ssl_context *	ssl,
		int	endpoint
	)

Set the current endpoint type.

Parameters:

ssl	SSL context
endpoint	must be SSL_IS_CLIENT or SSL_IS_SERVER

int ssl_set_hostname	(	ssl_context *	ssl,
		const char *	hostname
	)

Set hostname for ServerName TLS Extension.

Parameters:

ssl	SSL context
hostname	the server hostname

Returns:: 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED

void ssl_set_max_version	(	ssl_context *	ssl,
		int	major,
		int	minor
	)

Set the maximum supported version sent from the client side.

Parameters:

ssl	SSL context
major	Major version number (only SSL_MAJOR_VERSION_3 supported)
minor	Minor version number (SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)

void ssl_set_own_cert	(	ssl_context *	ssl,
		x509_cert *	own_cert,
		rsa_context *	rsa_key
	)

Set own certificate and private key.

Parameters:

ssl	SSL context
own_cert	own public certificate
rsa_key	own private RSA key

void ssl_set_rng	(	ssl_context *	ssl,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Set the random number generator callback.

Parameters:

ssl	SSL context
f_rng	RNG function
p_rng	RNG parameter

void ssl_set_scb	(	ssl_context *	ssl,
		int()(ssl_context )	s_get,
		int()(ssl_context )	s_set
	)

Set the session callbacks (server-side only)

Parameters:

ssl	SSL context
s_get	session get callback
s_set	session set callback

void ssl_set_session	(	ssl_context *	ssl,
		int	resume,
		int	timeout,
		ssl_session *	session
	)

Set the session resuming flag, timeout and data.

Parameters:

ssl	SSL context
resume	if 0 (default), the session will not be resumed
timeout	session timeout in seconds, or 0 (no timeout)
session	session context

void ssl_set_verify	(	ssl_context *	ssl,
		int()(void , x509_cert *, int, int)	f_vrfy,
		void *	p_vrfy
	)

Set the verification callback (Optional).

            If set, the verification callback is called once for every
            certificate in the chain. The verification function has the
            following parameter: (void *parameter, x509_cert certificate,
            int certifcate_depth, int preverify_ok). It should
            return 0 on SUCCESS.

Parameters:

ssl	SSL context
f_vrfy	verification function
p_vrfy	verification parameter

int ssl_write	(	ssl_context *	ssl,
		const unsigned char *	buf,
		size_t	len
	)

Write exactly 'len' application data bytes.

Parameters:

ssl	SSL context
buf	buffer holding the data
len	how many bytes must be written

Returns:: This function returns the number of bytes written, or a negative error code.

Note:: When this function returns POLARSSL_ERR_NET_WANT_WRITE, it must be called later with the same arguments, until it returns a positive value.

int ssl_write_certificate ( ssl_context * ssl )

int ssl_write_change_cipher_spec ( ssl_context * ssl )

int ssl_write_finished ( ssl_context * ssl )

int ssl_write_record ( ssl_context * ssl )

Variable Documentation

int ssl_default_ciphersuites[]

Data Structures

Defines

Typedefs

Enumerations

Functions

Variables

Detailed Description

Define Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation