Copyright (C) 2006-2010, Brainspark B.V.
This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#include <time.h>#include "polarssl/net.h"#include "polarssl/dhm.h"#include "polarssl/rsa.h"#include "polarssl/md5.h"#include "polarssl/sha1.h"#include "polarssl/x509.h"Data Structures | |
| struct | _ssl_context |
| struct | _ssl_session |
Typedefs | |
| typedef struct _ssl_context | ssl_context |
| typedef struct _ssl_session | ssl_session |
Functions | |
| void | ssl_calc_verify (ssl_context *ssl, unsigned char hash[36]) |
| int | ssl_close_notify (ssl_context *ssl) |
| Notify the peer that the connection is being closed. More... | |
| int | ssl_derive_keys (ssl_context *ssl) |
| int | ssl_fetch_input (ssl_context *ssl, int nb_want) |
| int | ssl_flush_output (ssl_context *ssl) |
| void | ssl_free (ssl_context *ssl) |
| Free an SSL context. More... | |
| int | ssl_get_bytes_avail (const ssl_context *ssl) |
| Return the number of data bytes available to read. More... | |
| const char * | ssl_get_cipher (const ssl_context *ssl) |
| Return the name of the current cipher. More... | |
| int | ssl_get_verify_result (const ssl_context *ssl) |
| Return the result of the certificate verification. More... | |
| int | ssl_handshake (ssl_context *ssl) |
| Perform the SSL handshake. More... | |
| int | ssl_handshake_client (ssl_context *ssl) |
| int | ssl_handshake_server (ssl_context *ssl) |
| int | ssl_init (ssl_context *ssl) |
| Initialize an SSL context. More... | |
| int | ssl_parse_certificate (ssl_context *ssl) |
| int | ssl_parse_change_cipher_spec (ssl_context *ssl) |
| int | ssl_parse_finished (ssl_context *ssl) |
| int | ssl_read (ssl_context *ssl, unsigned char *buf, int len) |
| Read at most 'len' application data bytes. More... | |
| int | ssl_read_record (ssl_context *ssl) |
| void | ssl_set_authmode (ssl_context *ssl, int authmode) |
| Set the certificate verification mode. More... | |
| void | ssl_set_bio (ssl_context *ssl, int(*f_recv)(void *, unsigned char *, int), void *p_recv, int(*f_send)(void *, unsigned char *, int), void *p_send) |
| Set the underlying BIO read and write callbacks. More... | |
| void | ssl_set_ca_chain (ssl_context *ssl, x509_cert *ca_chain, x509_crl *ca_crl, const char *peer_cn) |
| Set the data required to verify peer certificate. More... | |
| void | ssl_set_ciphers (ssl_context *ssl, int *ciphers) |
| Set the list of allowed ciphersuites. More... | |
| void | ssl_set_dbg (ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg) |
| Set the debug callback. More... | |
| int | ssl_set_dh_param (ssl_context *ssl, const char *dhm_P, const char *dhm_G) |
| Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) More... | |
| void | ssl_set_endpoint (ssl_context *ssl, int endpoint) |
| Set the current endpoint type. More... | |
| int | ssl_set_hostname (ssl_context *ssl, const char *hostname) |
| Set hostname for ServerName TLS Extension. More... | |
| void | ssl_set_own_cert (ssl_context *ssl, x509_cert *own_cert, rsa_context *rsa_key) |
| Set own certificate and private key. More... | |
| void | ssl_set_rng (ssl_context *ssl, int(*f_rng)(void *), void *p_rng) |
| Set the random number generator callback. More... | |
| void | ssl_set_scb (ssl_context *ssl, int(*s_get)(ssl_context *), int(*s_set)(ssl_context *)) |
| Set the session callbacks (server-side only) More... | |
| void | ssl_set_session (ssl_context *ssl, int resume, int timeout, ssl_session *session) |
| Set the session resuming flag, timeout and data. More... | |
| int | ssl_write (ssl_context *ssl, const unsigned char *buf, int len) |
| Write exactly 'len' application data bytes. More... | |
| int | ssl_write_certificate (ssl_context *ssl) |
| int | ssl_write_change_cipher_spec (ssl_context *ssl) |
| int | ssl_write_finished (ssl_context *ssl) |
| int | ssl_write_record (ssl_context *ssl) |
Variables | |
| int | ssl_default_ciphers [] |
| #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800 |
| #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000 |
| #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000 |
| #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800 |
| #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800 |
| #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800 |
| #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000 |
| #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000 |
| #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000 |
| #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800 |
| #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800 |
| #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000 |
| #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000 |
| #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800 |
| #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000 |
| #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000 |
| #define POLARSSL_ERR_SSL_INVALID_MAC -0x2000 |
| #define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000 |
| #define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800 |
| #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000 |
| #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000 |
| #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800 |
| #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000 |
| #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800 |
| #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800 |
| #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800 |
| #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800 |
| #define SSL_ALERT_LEVEL_FATAL 2 |
| #define SSL_ALERT_LEVEL_WARNING 1 |
| #define SSL_ALERT_MSG_ACCESS_DENIED 49 |
| #define SSL_ALERT_MSG_BAD_CERT 42 |
| #define SSL_ALERT_MSG_BAD_RECORD_MAD 20 |
| #define SSL_ALERT_MSG_CERT_EXPIRED 45 |
| #define SSL_ALERT_MSG_CERT_REVOKED 44 |
| #define SSL_ALERT_MSG_CERT_UNKNOWN 46 |
| #define SSL_ALERT_MSG_CLOSE_NOTIFY 0 |
| #define SSL_ALERT_MSG_DECODE_ERROR 50 |
| #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 |
| #define SSL_ALERT_MSG_DECRYPT_ERROR 51 |
| #define SSL_ALERT_MSG_DECRYPTION_FAILED 21 |
| #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 |
| #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 |
| #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 |
| #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 |
| #define SSL_ALERT_MSG_INTERNAL_ERROR 80 |
| #define SSL_ALERT_MSG_NO_CERT 41 |
| #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 |
| #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 |
| #define SSL_ALERT_MSG_RECORD_OVERFLOW 22 |
| #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 |
| #define SSL_ALERT_MSG_UNKNOWN_CA 48 |
| #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 |
| #define SSL_ALERT_MSG_USER_CANCELED 90 |
| #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) |
| #define SSL_COMPRESS_NULL 0 |
| #define SSL_EDH_RSA_AES_128_SHA 0x33 |
| #define SSL_EDH_RSA_AES_256_SHA 0x39 |
| #define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45 |
| #define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 |
| #define SSL_EDH_RSA_DES_168_SHA 0x16 |
| #define SSL_HS_CERTIFICATE 11 |
| #define SSL_HS_CERTIFICATE_REQUEST 13 |
| #define SSL_HS_CERTIFICATE_VERIFY 15 |
| #define SSL_HS_CLIENT_HELLO 1 |
| #define SSL_HS_CLIENT_KEY_EXCHANGE 16 |
| #define SSL_HS_FINISHED 20 |
| #define SSL_HS_HELLO_REQUEST 0 |
| #define SSL_HS_SERVER_HELLO 2 |
| #define SSL_HS_SERVER_HELLO_DONE 14 |
| #define SSL_HS_SERVER_KEY_EXCHANGE 12 |
| #define SSL_IS_CLIENT 0 |
| #define SSL_IS_SERVER 1 |
| #define SSL_MAJOR_VERSION_3 3 |
| #define SSL_MAX_CONTENT_LEN 16384 |
| #define SSL_MINOR_VERSION_0 0 |
SSL v3.0
| #define SSL_MINOR_VERSION_1 1 |
TLS v1.0
| #define SSL_MINOR_VERSION_2 2 |
TLS v1.1
| #define SSL_MSG_ALERT 21 |
| #define SSL_MSG_APPLICATION_DATA 23 |
| #define SSL_MSG_CHANGE_CIPHER_SPEC 20 |
| #define SSL_MSG_HANDSHAKE 22 |
| #define SSL_RSA_AES_128_SHA 0x2F |
| #define SSL_RSA_AES_256_SHA 0x35 |
| #define SSL_RSA_CAMELLIA_128_SHA 0x41 |
| #define SSL_RSA_CAMELLIA_256_SHA 0x84 |
| #define SSL_RSA_DES_168_SHA 0x0A |
| #define SSL_RSA_RC4_128_MD5 0x04 |
| #define SSL_RSA_RC4_128_SHA 0x05 |
| #define SSL_VERIFY_NONE 0 |
| #define SSL_VERIFY_OPTIONAL 1 |
| #define SSL_VERIFY_REQUIRED 2 |
| #define TLS_EXT_SERVERNAME 0 |
| #define TLS_EXT_SERVERNAME_HOSTNAME 0 |
| typedef struct _ssl_context ssl_context |
| typedef struct _ssl_session ssl_session |
| enum ssl_states |
| void ssl_calc_verify | ( | ssl_context * | ssl, |
| unsigned char | hash[36] | ||
| ) |
| int ssl_close_notify | ( | ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
| ssl | SSL context |
| int ssl_derive_keys | ( | ssl_context * | ssl | ) |
| int ssl_fetch_input | ( | ssl_context * | ssl, |
| int | nb_want | ||
| ) |
| int ssl_flush_output | ( | ssl_context * | ssl | ) |
| void ssl_free | ( | ssl_context * | ssl | ) |
Free an SSL context.
| ssl | SSL context |
| int ssl_get_bytes_avail | ( | const ssl_context * | ssl | ) |
Return the number of data bytes available to read.
| ssl | SSL context |
| const char* ssl_get_cipher | ( | const ssl_context * | ssl | ) |
Return the name of the current cipher.
| ssl | SSL context |
| int ssl_get_verify_result | ( | const ssl_context * | ssl | ) |
Return the result of the certificate verification.
| ssl | SSL context |
| int ssl_handshake | ( | ssl_context * | ssl | ) |
Perform the SSL handshake.
| ssl | SSL context |
| int ssl_handshake_client | ( | ssl_context * | ssl | ) |
| int ssl_handshake_server | ( | ssl_context * | ssl | ) |
| int ssl_init | ( | ssl_context * | ssl | ) |
Initialize an SSL context.
| ssl | SSL context |
| int ssl_parse_certificate | ( | ssl_context * | ssl | ) |
| int ssl_parse_change_cipher_spec | ( | ssl_context * | ssl | ) |
| int ssl_parse_finished | ( | ssl_context * | ssl | ) |
| int ssl_read | ( | ssl_context * | ssl, |
| unsigned char * | buf, | ||
| int | len | ||
| ) |
Read at most 'len' application data bytes.
| ssl | SSL context |
| buf | buffer that will hold the data |
| len | how many bytes must be read |
| int ssl_read_record | ( | ssl_context * | ssl | ) |
| void ssl_set_authmode | ( | ssl_context * | ssl, |
| int | authmode | ||
| ) |
Set the certificate verification mode.
| ssl | SSL context |
| mode | can be: |
SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.
SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.
SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed.
| void ssl_set_bio | ( | ssl_context * | ssl, |
| int(*)(void *, unsigned char *, int) | f_recv, | ||
| void * | p_recv, | ||
| int(*)(void *, unsigned char *, int) | f_send, | ||
| void * | p_send | ||
| ) |
Set the underlying BIO read and write callbacks.
| ssl | SSL context |
| f_recv | read callback |
| p_recv | read parameter |
| f_send | write callback |
| p_send | write parameter |
| void ssl_set_ca_chain | ( | ssl_context * | ssl, |
| x509_cert * | ca_chain, | ||
| x509_crl * | ca_crl, | ||
| const char * | peer_cn | ||
| ) |
Set the data required to verify peer certificate.
| ssl | SSL context |
| ca_chain | trusted CA chain |
| ca_crl | trusted CA CRLs |
| peer_cn | expected peer CommonName (or NULL) |
| void ssl_set_ciphers | ( | ssl_context * | ssl, |
| int * | ciphers | ||
| ) |
Set the list of allowed ciphersuites.
| ssl | SSL context |
| ciphers | 0-terminated list of allowed ciphers |
| void ssl_set_dbg | ( | ssl_context * | ssl, |
| void(*)(void *, int, const char *) | f_dbg, | ||
| void * | p_dbg | ||
| ) |
Set the debug callback.
| ssl | SSL context |
| f_dbg | debug function |
| p_dbg | debug parameter |
| int ssl_set_dh_param | ( | ssl_context * | ssl, |
| const char * | dhm_P, | ||
| const char * | dhm_G | ||
| ) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only)
| ssl | SSL context |
| dhm_P | Diffie-Hellman-Merkle modulus |
| dhm_G | Diffie-Hellman-Merkle generator |
| void ssl_set_endpoint | ( | ssl_context * | ssl, |
| int | endpoint | ||
| ) |
Set the current endpoint type.
| ssl | SSL context |
| endpoint | must be SSL_IS_CLIENT or SSL_IS_SERVER |
| int ssl_set_hostname | ( | ssl_context * | ssl, |
| const char * | hostname | ||
| ) |
Set hostname for ServerName TLS Extension.
| ssl | SSL context |
| hostname | the server hostname |
| void ssl_set_own_cert | ( | ssl_context * | ssl, |
| x509_cert * | own_cert, | ||
| rsa_context * | rsa_key | ||
| ) |
Set own certificate and private key.
| ssl | SSL context |
| own_cert | own public certificate |
| rsa_key | own private RSA key |
| void ssl_set_rng | ( | ssl_context * | ssl, |
| int(*)(void *) | f_rng, | ||
| void * | p_rng | ||
| ) |
Set the random number generator callback.
| ssl | SSL context |
| f_rng | RNG function |
| p_rng | RNG parameter |
| void ssl_set_scb | ( | ssl_context * | ssl, |
| int(*)(ssl_context *) | s_get, | ||
| int(*)(ssl_context *) | s_set | ||
| ) |
Set the session callbacks (server-side only)
| ssl | SSL context |
| s_get | session get callback |
| s_set | session set callback |
| void ssl_set_session | ( | ssl_context * | ssl, |
| int | resume, | ||
| int | timeout, | ||
| ssl_session * | session | ||
| ) |
Set the session resuming flag, timeout and data.
| ssl | SSL context |
| resume | if 0 (default), the session will not be resumed |
| timeout | session timeout in seconds, or 0 (no timeout) |
| session | session context |
| int ssl_write | ( | ssl_context * | ssl, |
| const unsigned char * | buf, | ||
| int | len | ||
| ) |
Write exactly 'len' application data bytes.
| ssl | SSL context |
| buf | buffer holding the data |
| len | how many bytes must be written |
| int ssl_write_certificate | ( | ssl_context * | ssl | ) |
| int ssl_write_change_cipher_spec | ( | ssl_context * | ssl | ) |
| int ssl_write_finished | ( | ssl_context * | ssl | ) |
| int ssl_write_record | ( | ssl_context * | ssl | ) |
| int ssl_default_ciphers[] |
1.8.5