Apply clang formatting.
Executed with:
`find . -regextype posix-egrep -regex ".*\.([hc]|fmt|function)" | xargs -L1 clang-format-12 -i`
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa0e1f2..41a29ce 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -31,12 +31,12 @@
#include "mbedtls/ssl_ciphersuites.h"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
+# include "mbedtls/x509_crt.h"
+# include "mbedtls/x509_crl.h"
#endif
#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
+# include "mbedtls/dhm.h"
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
@@ -45,59 +45,61 @@
* MBEDTLS_ECDSA_C which does not seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdh.h"
+# include "mbedtls/ecdh.h"
#endif
#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+# include "mbedtls/platform_time.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+# include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* SSL Error codes
*/
/** A cryptographic operation is in progress. Try again later. */
-#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
+#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
/** The requested feature is not available. */
-#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
+#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
/** Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
/** Verification of the message MAC failed. */
-#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
+#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
/** An invalid SSL record was received. */
-#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
+#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
/** The connection indicated an EOF. */
-#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
+#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
/** A message could not be parsed due to a syntactic error. */
-#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
+#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
/* Error space gap */
/** No RNG was provided to the SSL module. */
-#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
-/** No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
-/** Client received an extended server hello containing an unsupported extension */
-#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500
+#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
+/** No client certification received from the client, but required by the
+ * authentication mode. */
+#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
+/** Client received an extended server hello containing an unsupported extension
+ */
+#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500
/** No ALPN protocols supported that the client advertises */
-#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580
+#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580
/** The own private key or pre-shared key is not set, but needed. */
-#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
+#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
/** No CA Chain is set, but required to operate. */
-#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
+#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
/** An unexpected message was received from our peer. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
/** A fatal alert message was received from our peer. */
-#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
+#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
/** No server could be identified matching the client's SNI. */
-#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800
+#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800
/** The peer notified us that the connection is going to be closed. */
-#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
+#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
/* Error space gap */
/* Error space gap */
/** Processing of the Certificate handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
+#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
/* Error space gap */
/* Error space gap */
/* Error space gap */
@@ -108,52 +110,54 @@
/* Error space gap */
/* Error space gap */
/** Memory allocation failed */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
/** Hardware acceleration function returned with error */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
/** Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
/** Handshake protocol not within min/max boundaries */
-#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80
+#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80
/** The handshake negotiation failed. */
-#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00
+#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00
/** Session ticket has expired. */
-#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
-/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
-#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
+#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
+/** Public key type mismatch (eg, asked for RSA key exchange and presented EC
+ * key) */
+#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
/** Unknown identity received (eg, PSK identity) */
-#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
+#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
/** Internal error (eg, unexpected failure in lower-level module) */
-#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
+#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
/** A counter would wrap (eg, too many messages exchanged). */
-#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
+#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
/** Unexpected message at ServerHello in renegotiation. */
-#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
+#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
/** DTLS client must retry for hello verification */
-#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
+#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
/** A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
/* Error space gap */
/** No data of requested type currently available on underlying transport. */
-#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
+#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
/** Connection requires a write call. */
-#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
+#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
/** The operation timed out. */
-#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
+#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
/** The client initiated a reconnect from the same port. */
-#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
/** Record header looks valid but is not expected. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
+#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
/** The alert message received indicates a non-fatal error. */
-#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
+#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
/** A field in a message was incorrect or inconsistent with other fields. */
-#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600
-/** Internal-only message signaling that further message-processing should be done */
-#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
+#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600
+/** Internal-only message signaling that further message-processing should be
+ * done */
+#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
/** The asynchronous operation is not completed yet. */
-#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
+#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
/** Internal-only message signaling that a message arrived early. */
-#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
+#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
/* Error space gap */
/* Error space gap */
/* Error space gap */
@@ -163,11 +167,11 @@
/* Error space gap */
/* Error space gap */
/** An encrypted DTLS-frame with an unexpected CID was received. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000
+#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000
/** An operation failed due to an unexpected version or configuration. */
-#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
+#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
/** Invalid value in SSL config */
-#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
+#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
/*
* Various constants
@@ -177,93 +181,98 @@
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1
*/
-#define MBEDTLS_SSL_MAJOR_VERSION_3 3
-#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
-#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
+#define MBEDTLS_SSL_MAJOR_VERSION_3 3
+#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
+#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
-#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
-#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
+#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
+#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
-#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
-#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN \
+ 255 /*!< Maximum host name defined in RFC 1035 */
+#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN \
+ 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 \
+ */
-#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
+#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN \
+ 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
-#define MBEDTLS_SSL_IS_CLIENT 0
-#define MBEDTLS_SSL_IS_SERVER 1
+#define MBEDTLS_SSL_IS_CLIENT 0
+#define MBEDTLS_SSL_IS_SERVER 1
-#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
-#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
+#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
+#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
-#define MBEDTLS_SSL_CID_DISABLED 0
-#define MBEDTLS_SSL_CID_ENABLED 1
+#define MBEDTLS_SSL_CID_DISABLED 0
+#define MBEDTLS_SSL_CID_ENABLED 1
-#define MBEDTLS_SSL_ETM_DISABLED 0
-#define MBEDTLS_SSL_ETM_ENABLED 1
+#define MBEDTLS_SSL_ETM_DISABLED 0
+#define MBEDTLS_SSL_ETM_ENABLED 1
-#define MBEDTLS_SSL_COMPRESS_NULL 0
+#define MBEDTLS_SSL_COMPRESS_NULL 0
-#define MBEDTLS_SSL_VERIFY_NONE 0
-#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
-#define MBEDTLS_SSL_VERIFY_REQUIRED 2
-#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
+#define MBEDTLS_SSL_VERIFY_NONE 0
+#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
+#define MBEDTLS_SSL_VERIFY_REQUIRED 2
+#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */
-#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
-#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
+#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
+#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
-#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
-#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
+#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
+#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
-#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
-#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
+#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
+#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
-#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
-#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
+#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
+#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
-#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
-#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
-#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
+#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
+#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
+#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
-#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
-#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
-#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
+#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
+#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
+#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
-#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
-#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
+#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
+#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
-#define MBEDTLS_SSL_PRESET_DEFAULT 0
-#define MBEDTLS_SSL_PRESET_SUITEB 2
+#define MBEDTLS_SSL_PRESET_DEFAULT 0
+#define MBEDTLS_SSL_PRESET_SUITEB 2
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
+#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
+#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
*/
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
* \{
*/
@@ -279,11 +288,11 @@
* peers are using it too!
*/
#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
-#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+# define MBEDTLS_SSL_IN_CONTENT_LEN 16384
#endif
#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
-#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+# define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
#endif
/*
@@ -291,22 +300,22 @@
* DTLS handshake message reassembly and future message buffering.
*/
#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
-#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+# define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
#endif
/*
* Maximum length of CIDs for incoming and outgoing messages.
*/
#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
-#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+# define MBEDTLS_SSL_CID_IN_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
-#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+# define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+# define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
/* \} name SECTION: Module settings */
@@ -320,161 +329,160 @@
* Signaling ciphersuite values (SCSV)
*/
/** renegotiation info ext */
-#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
+#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
/*
* Supported Signature and Hash algorithms (For TLS 1.2)
* RFC 5246 section 7.4.1.4.1
*/
-#define MBEDTLS_SSL_HASH_NONE 0
-#define MBEDTLS_SSL_HASH_MD5 1
-#define MBEDTLS_SSL_HASH_SHA1 2
-#define MBEDTLS_SSL_HASH_SHA224 3
-#define MBEDTLS_SSL_HASH_SHA256 4
-#define MBEDTLS_SSL_HASH_SHA384 5
-#define MBEDTLS_SSL_HASH_SHA512 6
+#define MBEDTLS_SSL_HASH_NONE 0
+#define MBEDTLS_SSL_HASH_MD5 1
+#define MBEDTLS_SSL_HASH_SHA1 2
+#define MBEDTLS_SSL_HASH_SHA224 3
+#define MBEDTLS_SSL_HASH_SHA256 4
+#define MBEDTLS_SSL_HASH_SHA384 5
+#define MBEDTLS_SSL_HASH_SHA512 6
-#define MBEDTLS_SSL_SIG_ANON 0
-#define MBEDTLS_SSL_SIG_RSA 1
-#define MBEDTLS_SSL_SIG_ECDSA 3
+#define MBEDTLS_SSL_SIG_ANON 0
+#define MBEDTLS_SSL_SIG_RSA 1
+#define MBEDTLS_SSL_SIG_ECDSA 3
/*
* Client Certificate Types
* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
*/
-#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
-#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
+#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
+#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
/*
* Message, alert and handshake types
*/
-#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
-#define MBEDTLS_SSL_MSG_ALERT 21
-#define MBEDTLS_SSL_MSG_HANDSHAKE 22
-#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
-#define MBEDTLS_SSL_MSG_CID 25
+#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
+#define MBEDTLS_SSL_MSG_ALERT 21
+#define MBEDTLS_SSL_MSG_HANDSHAKE 22
+#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
+#define MBEDTLS_SSL_MSG_CID 25
-#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
-#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
+#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
+#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
-#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
-#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
-#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
-#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
-#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
-#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
-#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
-#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
-#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
-#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
-#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
-#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
-#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
-#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
-#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
-#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
+#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
+#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
+#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
+#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
+#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
+#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
+#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
+#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
+#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
+#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
+#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
+#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
+#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
+#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
+#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
+#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
-#define MBEDTLS_SSL_HS_HELLO_REQUEST 0
-#define MBEDTLS_SSL_HS_CLIENT_HELLO 1
-#define MBEDTLS_SSL_HS_SERVER_HELLO 2
-#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
-#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
-#define MBEDTLS_SSL_HS_CERTIFICATE 11
-#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
-#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
-#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
-#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
-#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
-#define MBEDTLS_SSL_HS_FINISHED 20
+#define MBEDTLS_SSL_HS_HELLO_REQUEST 0
+#define MBEDTLS_SSL_HS_CLIENT_HELLO 1
+#define MBEDTLS_SSL_HS_SERVER_HELLO 2
+#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
+#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
+#define MBEDTLS_SSL_HS_CERTIFICATE 11
+#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
+#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
+#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
+#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
+#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
+#define MBEDTLS_SSL_HS_FINISHED 20
/*
* TLS extensions
*/
-#define MBEDTLS_TLS_EXT_SERVERNAME 0
-#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
+#define MBEDTLS_TLS_EXT_SERVERNAME 0
+#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
-#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
+#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
-#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
+#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
-#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
+#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
-#define MBEDTLS_TLS_EXT_SIG_ALG 13
+#define MBEDTLS_TLS_EXT_SIG_ALG 13
-#define MBEDTLS_TLS_EXT_USE_SRTP 14
+#define MBEDTLS_TLS_EXT_USE_SRTP 14
-#define MBEDTLS_TLS_EXT_ALPN 16
+#define MBEDTLS_TLS_EXT_ALPN 16
-#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
-#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
+#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
+#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
-#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
+#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
/* The value of the CID extension is still TBD as of
* draft-ietf-tls-dtls-connection-id-05
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
-#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
+#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
+#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
-#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
+#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
* Size defines
*/
#if !defined(MBEDTLS_PSK_MAX_LEN)
-#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
+# define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
#endif
/* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
+union mbedtls_ssl_premaster_secret {
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
+ unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
- unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
+ unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
+ unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
+ unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
+ unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE +
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
+ unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
- + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
+ unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES +
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
+ unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
#endif
};
-#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
+#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret)
#ifdef __cplusplus
extern "C" {
@@ -504,8 +512,7 @@
MBEDTLS_SSL_HANDSHAKE_OVER,
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-}
-mbedtls_ssl_states;
+} mbedtls_ssl_states;
/**
* \brief Callback type: send data on the network.
@@ -524,9 +531,7 @@
* \note The callback is allowed to send fewer bytes than requested.
* It must always return the number of bytes actually sent.
*/
-typedef int mbedtls_ssl_send_t( void *ctx,
- const unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len);
/**
* \brief Callback type: receive data from the network.
@@ -547,9 +552,7 @@
* buffer. It must always return the number of bytes actually
* received and written to the buffer.
*/
-typedef int mbedtls_ssl_recv_t( void *ctx,
- unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len);
/**
* \brief Callback type: receive data from the network, with timeout
@@ -573,10 +576,10 @@
* buffer. It must always return the number of bytes actually
* received and written to the buffer.
*/
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
- unsigned char *buf,
- size_t len,
- uint32_t timeout );
+typedef int mbedtls_ssl_recv_timeout_t(void *ctx,
+ unsigned char *buf,
+ size_t len,
+ uint32_t timeout);
/**
* \brief Callback type: set a pair of timers/delays to watch
*
@@ -599,9 +602,8 @@
* function while a timer is running must cancel it. Cancelled
* timers must not generate any event.
*/
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
- uint32_t int_ms,
- uint32_t fin_ms );
+typedef void
+mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms);
/**
* \brief Callback type: get status of timers/delays
@@ -614,12 +616,12 @@
* 1 if only the intermediate delay has passed,
* 2 if the final delay has passed.
*/
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
+typedef int mbedtls_ssl_get_timer_t(void *ctx);
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_config mbedtls_ssl_config;
+typedef struct mbedtls_ssl_config mbedtls_ssl_config;
/* Defined in library/ssl_misc.h */
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
@@ -655,10 +657,10 @@
* \return A non-zero return value on failure.
*
*/
-typedef int mbedtls_ssl_cache_get_t( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_get_t(void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ mbedtls_ssl_session *session);
/**
* \brief Callback type: server-side session cache setter
*
@@ -677,13 +679,13 @@
* \return \c 0 on success
* \return A non-zero return value on failure.
*/
-typedef int mbedtls_ssl_cache_set_t( void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- const mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_set_t(void *data,
+ unsigned char const *session_id,
+ size_t session_id_len,
+ const mbedtls_ssl_session *session);
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+# if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Callback type: start external signature operation.
*
@@ -755,11 +757,11 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- mbedtls_md_type_t md_alg,
- const unsigned char *hash,
- size_t hash_len );
+typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len);
/**
* \brief Callback type: start external decryption operation.
@@ -821,11 +823,11 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *cert,
- const unsigned char *input,
- size_t input_len );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ const unsigned char *input,
+ size_t input_len);
+# endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
* \brief Callback type: resume external operation.
@@ -869,10 +871,10 @@
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed in the documentation of this callback.
*/
-typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
- unsigned char *output,
- size_t *output_len,
- size_t output_size );
+typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ size_t *output_len,
+ size_t output_size);
/**
* \brief Callback type: cancel external operation.
@@ -891,32 +893,33 @@
* \param ssl The SSL connection instance. It should not be
* modified.
*/
-typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
+typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
-#elif defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
-#elif defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
-#else
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
+# if defined(MBEDTLS_SHA256_C)
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
+# elif defined(MBEDTLS_SHA384_C)
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
+# elif defined(MBEDTLS_SHA1_C)
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
+# define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
+# else
/* This is already checked in check_config.h, but be sure. */
-#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
+# error \
+ "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
+# endif
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && \
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
-#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4
+# define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
+# define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4
/*
* For code readability use a typedef for DTLS-SRTP profiles
*
@@ -926,25 +929,23 @@
* Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value
* must be updated too.
*/
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001)
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006)
+# define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t)0x0001)
+# define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t)0x0002)
+# define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ((uint16_t)0x0005)
+# define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ((uint16_t)0x0006)
/* This one is not iana defined, but for code readability. */
-#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000)
+# define MBEDTLS_TLS_SRTP_UNSET ((uint16_t)0x0000)
typedef uint16_t mbedtls_ssl_srtp_profile;
-typedef struct mbedtls_dtls_srtp_info_t
-{
+typedef struct mbedtls_dtls_srtp_info_t {
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
-}
-mbedtls_dtls_srtp_info;
+} mbedtls_dtls_srtp_info;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -959,49 +960,50 @@
* mbedtls_ssl_session_save() and ssl_session_load()
* ssl_session_copy()
*/
-struct mbedtls_ssl_session
-{
+struct mbedtls_ssl_session {
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
- int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
- int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
- size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
- unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
- unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
+ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
+ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
unsigned char MBEDTLS_PRIVATE(exported);
/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
- unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the session. */
+ unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the
+ session. */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+# if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
+# else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+# endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
+ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
- size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
- uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
+ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
+ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated
+ by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
+ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@@ -1010,26 +1012,25 @@
*/
typedef enum
{
- MBEDTLS_SSL_TLS_PRF_NONE,
- MBEDTLS_SSL_TLS_PRF_SHA384,
- MBEDTLS_SSL_TLS_PRF_SHA256,
- MBEDTLS_SSL_HKDF_EXPAND_SHA384,
- MBEDTLS_SSL_HKDF_EXPAND_SHA256
-}
-mbedtls_tls_prf_types;
+ MBEDTLS_SSL_TLS_PRF_NONE,
+ MBEDTLS_SSL_TLS_PRF_SHA384,
+ MBEDTLS_SSL_TLS_PRF_SHA256,
+ MBEDTLS_SSL_HKDF_EXPAND_SHA384,
+ MBEDTLS_SSL_HKDF_EXPAND_SHA256
+} mbedtls_tls_prf_types;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
typedef enum
{
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+# if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+# endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
} mbedtls_ssl_key_export_type;
/**
@@ -1047,20 +1048,19 @@
* \param tls_prf_type The identifier for the PRF used in the handshake
* to which the key belongs.
*/
-typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
- mbedtls_ssl_key_export_type type,
- const unsigned char *secret,
- size_t secret_len,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type );
+typedef void mbedtls_ssl_export_keys_t(void *p_expkey,
+ mbedtls_ssl_key_export_type type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type);
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
/**
* SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
*/
-struct mbedtls_ssl_config
-{
+struct mbedtls_ssl_config {
/* Group items by size (largest first) to minimize padding overhead */
/*
@@ -1072,129 +1072,174 @@
/** Callback for printing debug output */
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
- void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
+ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
- int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
- void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
+ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
- int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
+ int (*MBEDTLS_PRIVATE(f_sni))(void *,
+ mbedtls_ssl_context *,
+ const unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
- int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
+ int (*MBEDTLS_PRIVATE(f_psk))(void *,
+ mbedtls_ssl_context *,
+ const unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
- int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
- const unsigned char *, size_t );
+ int (*MBEDTLS_PRIVATE(f_cookie_write))(void *,
+ unsigned char **,
+ unsigned char *,
+ const unsigned char *,
+ size_t);
/** Callback to verify validity of a ClientHello cookie */
- int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
- const unsigned char *, size_t );
- void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
+ int (*MBEDTLS_PRIVATE(f_cookie_check))(void *,
+ const unsigned char *,
+ size_t,
+ const unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
- unsigned char *, const unsigned char *, size_t *, uint32_t * );
+ int (*MBEDTLS_PRIVATE(f_ticket_write))(void *,
+ const mbedtls_ssl_session *,
+ unsigned char *,
+ const unsigned char *,
+ size_t *,
+ uint32_t *);
/** Callback to parse a session ticket into a session structure */
- int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
+ int (*MBEDTLS_PRIVATE(f_ticket_parse))(void *,
+ mbedtls_ssl_session *,
+ unsigned char *,
+ size_t);
+ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
+ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS
+ records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
- mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
- mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!<
+ verification
+ profile */
+ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key
+ pair(s) */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
+# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
void *MBEDTLS_PRIVATE(p_ca_cb);
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
- void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+# if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start
+ asynchronous
+ signature
+ operation
+ */
+ mbedtls_ssl_async_decrypt_t
+ *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!<
+ start
+ asynchronous
+ decryption
+ operation
+ */
+# endif /* MBEDTLS_X509_CRT_PARSE_C */
+ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume
+ asynchronous
+ operation */
+ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel
+ asynchronous
+ operation */
+ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by
+ mbedtls_ssl_conf_async_private_cb().
+ */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
+ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves
+ */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
- mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
- * should only be set via
- * mbedtls_ssl_conf_psk_opaque().
- * If either no PSK or a raw PSK have been
- * configured, this has value \c 0.
- */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque
+ * PSK. This field should only be
+ * set via
+ * mbedtls_ssl_conf_psk_opaque().
+ * If either no PSK or a raw PSK
+ * have been configured, this has
+ * value \c 0.
+ */
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
- * only be set via mbedtls_ssl_conf_psk().
- * If either no PSK or an opaque PSK
- * have been configured, this has value NULL. */
- size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * Its value is non-zero if and only if
- * \c psk is not \c NULL. */
+ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field
+ * should only be set via
+ * mbedtls_ssl_conf_psk(). If either no
+ * PSK or an opaque PSK have been
+ * configured, this has value NULL. */
+ size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
+ * This field should only be set via
+ * mbedtls_ssl_conf_psk().
+ * Its value is non-zero if and only if
+ * \c psk is not \c NULL. */
- unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * This is set if and only if either
- * \c psk or \c psk_opaque are set. */
- size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
- * This field should only be set via
- * mbedtls_ssl_conf_psk().
- * Its value is non-zero if and only if
- * \c psk is not \c NULL or \c psk_opaque
- * is not \c 0. */
+ unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK
+ * negotiation. This field
+ * should only be set via
+ * mbedtls_ssl_conf_psk().
+ * This is set if and only
+ * if either \c psk or \c
+ * psk_opaque are set. */
+ size_t MBEDTLS_PRIVATE(psk_identity_len); /*!< The length of PSK identity.
+ * This field should only be set
+ * via mbedtls_ssl_conf_psk(). Its
+ * value is non-zero if and only
+ * if \c psk is not \c NULL or \c
+ * psk_opaque is not \c 0. */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
+ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1208,227 +1253,283 @@
* Numerical settings (int then char)
*/
- uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
+ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read
+ (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
- retransmission timeout (ms) */
- uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
- retransmission timeout (ms) */
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the
+ handshake retransmission timeout (ms) */
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the
+ handshake retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
- unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
- that triggers renegotiation */
+ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation
+ */
+ unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record
+ counters that triggers renegotiation */
#endif
- unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
+ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad
+ MAC */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
+ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the
+ DHM prime */
#endif
- unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
- unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
- unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
- unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
+ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used
+ */
+ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used
+ */
+ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used
+ */
+ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used
+ */
/*
* Flags (bitfields)
*/
- unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
- unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
- unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
+ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram
+ (DTLS) */
+ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2; /*!<
+ MBEDTLS_LEGACY_XXX
+ */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
+ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
+ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1; /*!< negotiate
+ encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
+ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended
+ master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
+ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent
+ replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
+ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable
+ renegotiation?
+ */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
+ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets?
+ */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
- Certificate Request messages? */
- unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the ciphersuite according to
- the client's preferences rather
- than ours */
+ unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA
+ list in Certificate Request messages?
+ */
+ unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the
+ ciphersuite according to the client's
+ preferences rather than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
- * record with unexpected CID
- * should lead to failure. */
+ unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines
+ * whether DTLS
+ * record with
+ * unexpected CID
+ * should lead to
+ * failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
- in the use_srtp extension */
+ unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having
+ mki_value in the use_srtp
+ extension */
#endif
};
-struct mbedtls_ssl_context
-{
- const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
+struct mbedtls_ssl_context {
+ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration
+ information */
/*
* Miscellaneous
*/
- int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
+ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
- int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
- number of retransmissions of request if
- renego_max_records is < 0 */
+ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
+ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request,
+ or with DTLS, number of retransmissions of
+ request if renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3
+ */
/* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
* Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
* to be studied whether one of them can be removed. */
- int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
- unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
+ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x
+ macros */
+ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received
+ */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
- mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
- mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send
+ */
+ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network
+ receive */
mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
- /*!< Callback for network receive with timeout */
+ /*!< Callback for network receive with timeout */
- void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
+ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
- mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data
+ (in) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session
+ data (out) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data
+ */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data
+ in negotiation
+ */
- mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
- the handshake process */
+ mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params
+ required only during the handshake
+ process */
/*
* Record layer transformations
*/
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
- mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current
+ transform params
+ (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current
+ transform params
+ (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated
+ transform params */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform
+ params in
+ negotiation
+ */
/*
* Timers
*/
- void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
+ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
- mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
- mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
+ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer
+ callback */
+ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer
+ callback */
/*
* Record layer (incoming data)
*/
- unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
- unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
- TLS: maintained by us
- DTLS: read from peer */
- unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+ unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
+ TLS: maintained by us
+ DTLS: read from peer */
+ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
- * (the end is marked by in_len). */
+ unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
+ * (the end is marked by in_len).
+ */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
- unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
- unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
- unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
+ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field
+ */
+ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen)
+ */
+ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application
+ data */
- int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
- size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
- size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
+ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
+ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
- size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
- (equal to in_left if none) */
+ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
+ size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record
+ in datagram (equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
- uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
+ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num
+ */
+ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
- size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
- including the handshake header */
- int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
+ size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
+ including the handshake header */
+ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
- int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
- on next call to record layer? */
+ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current
+ message on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
- * within a single datagram. */
+ uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing
+ * multiple records
+ * within a single
+ * datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
- unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
- unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
- unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message
+ counter */
+ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
- * (the end is marked by in_len). */
+ unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
+ * (the end is marked by in_len).
+ */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
- unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
- unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field
+ */
+ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents
+ (out_iv+ivlen) */
- int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
- size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
- size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
+ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
+ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
- unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
+ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record
+ sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
+ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing
+ messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* PKI layer
*/
- int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
+ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
- (and SNI if available) */
+ char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
+ (and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
- const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
+ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1442,20 +1543,26 @@
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
- size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
+ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the
+ client */
+ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
- int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
- secure renegotiation */
+ int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
+ secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
- char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored
+ */
+ char MBEDTLS_PRIVATE(own_verify_data)
+ [MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data
+ */
+ char MBEDTLS_PRIVATE(peer_verify_data)
+ [MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data
+ */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1465,18 +1572,21 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
- uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
- * be negotiated in the next handshake or not.
- * Possible values are #MBEDTLS_SSL_CID_ENABLED
- * and #MBEDTLS_SSL_CID_DISABLED. */
+ unsigned char MBEDTLS_PRIVATE(own_cid)[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+ uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID
+ * extension should be negotiated in
+ * the next handshake or not.
+ * Possible values are
+ * #MBEDTLS_SSL_CID_ENABLED and
+ * #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
- void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
+ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback
+ */
#endif
};
@@ -1488,7 +1598,7 @@
*
* \return a string containing the ciphersuite name
*/
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id);
/**
* \brief Return the ID of the ciphersuite associated with the
@@ -1498,7 +1608,7 @@
*
* \return the ID with the ciphersuite or 0 if not found
*/
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name);
/**
* \brief Initialize an SSL context
@@ -1507,7 +1617,7 @@
*
* \param ssl SSL context
*/
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
/**
* \brief Set up an SSL context for use
@@ -1529,8 +1639,7 @@
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
* memory allocation failed
*/
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
- const mbedtls_ssl_config *conf );
+int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf);
/**
* \brief Reset an already initialized SSL context for re-use
@@ -1541,7 +1650,7 @@
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
*/
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl);
/**
* \brief Set the current endpoint type
@@ -1549,7 +1658,7 @@
* \param conf SSL configuration
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
*/
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint);
/**
* \brief Set the transport type (TLS or DTLS).
@@ -1565,7 +1674,7 @@
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
*/
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport);
/**
* \brief Set the certificate verification mode
@@ -1588,12 +1697,13 @@
* (default on client)
*
* \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
- * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
- * the right time(s), which may not be obvious, while REQUIRED always perform
- * the verification as soon as possible. For example, REQUIRED was protecting
- * against the "triple handshake" attack even before it was found.
+ * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call
+ * mbedtls_ssl_get_verify_result() at the right time(s), which may not be
+ * obvious, while REQUIRED always perform the verification as soon as possible.
+ * For example, REQUIRED was protecting against the "triple handshake" attack
+ * even before it was found.
*/
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -1611,9 +1721,10 @@
* \param f_vrfy The verification callback to use during CRT verification.
* \param p_vrfy The opaque context to be passed to the callback.
*/
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+void mbedtls_ssl_conf_verify(
+ mbedtls_ssl_config *conf,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1623,9 +1734,9 @@
* \param f_rng RNG function (mandatory)
* \param p_rng RNG parameter
*/
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng);
/**
* \brief Set the debug callback
@@ -1641,9 +1752,10 @@
* \param f_dbg debug function
* \param p_dbg debug parameter
*/
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
- void (*f_dbg)(void *, int, const char *, int, const char *),
- void *p_dbg );
+void mbedtls_ssl_conf_dbg(
+ mbedtls_ssl_config *conf,
+ void (*f_dbg)(void *, int, const char *, int, const char *),
+ void *p_dbg);
/**
* \brief Set the underlying BIO callbacks for write, read and
@@ -1675,16 +1787,15 @@
* \c mbedtls_net_recv_timeout() that are suitable to be used
* here.
*/
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- mbedtls_ssl_send_t *f_send,
- mbedtls_ssl_recv_t *f_recv,
- mbedtls_ssl_recv_timeout_t *f_recv_timeout );
+void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
+ void *p_bio,
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
+# if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/**
* \brief Configure the use of the Connection ID (CID)
@@ -1769,10 +1880,10 @@
* applies to the next handshake.
* \return A negative error code on failure.
*/
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
- int enable,
- unsigned char const *own_cid,
- size_t own_cid_len );
+int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len);
/**
* \brief Get information about the use of the CID extension
@@ -1811,12 +1922,12 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
- int *enabled,
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
- size_t *peer_cid_len );
+int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ size_t *peer_cid_len);
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+# endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
* \brief Set the Maximum Tranport Unit (MTU).
@@ -1857,7 +1968,7 @@
* \param ssl SSL context
* \param mtu Value of the path MTU in bytes
*/
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
+void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1879,9 +1990,10 @@
* \param f_vrfy The verification callback to use during CRT verification.
* \param p_vrfy The opaque context to be passed to the callback.
*/
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy );
+void mbedtls_ssl_set_verify(
+ mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
@@ -1900,7 +2012,7 @@
* \note With non-blocking I/O, you may also skip this function
* altogether and handle timeouts at the application layer.
*/
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout);
/**
* \brief Check whether a buffer contains a valid and authentic record
@@ -1946,9 +2058,9 @@
* In this case, the SSL context becomes unusable and needs
* to be freed or reset before reuse.
*/
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
- unsigned char *buf,
- size_t buflen );
+int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t buflen);
/**
* \brief Set the timer callbacks (Mandatory for DTLS.)
@@ -1970,10 +2082,10 @@
* \note See also the "DTLS tutorial" article in our knowledge base.
* https://tls.mbed.org/kb/how-to/dtls-tutorial
*/
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
- void *p_timer,
- mbedtls_ssl_set_timer_t *f_set_timer,
- mbedtls_ssl_get_timer_t *f_get_timer );
+void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
+ void *p_timer,
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer);
/**
* \brief Callback type: generate and write session ticket
@@ -1994,12 +2106,12 @@
* \return 0 if successful, or
* a specific MBEDTLS_ERR_XXX code.
*/
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
- const mbedtls_ssl_session *session,
- unsigned char *start,
- const unsigned char *end,
- size_t *tlen,
- uint32_t *lifetime );
+typedef int mbedtls_ssl_ticket_write_t(void *p_ticket,
+ const mbedtls_ssl_session *session,
+ unsigned char *start,
+ const unsigned char *end,
+ size_t *tlen,
+ uint32_t *lifetime);
/**
* \brief Callback type: parse and load session ticket
@@ -2024,10 +2136,10 @@
* MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
* any other non-zero code for other failures.
*/
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
- mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t len );
+typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket,
+ mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t len);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2044,10 +2156,11 @@
* \param f_ticket_parse Callback for parsing a ticket
* \param p_ticket Context shared by the two callbacks
*/
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_ticket_write_t *f_ticket_write,
- mbedtls_ssl_ticket_parse_t *f_ticket_parse,
- void *p_ticket );
+void mbedtls_ssl_conf_session_tickets_cb(
+ mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
@@ -2069,9 +2182,9 @@
* \param p_export_keys The opaque context pointer to be passed to the
* callback \p f_export_keys.
*/
-void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
- mbedtls_ssl_export_keys_t *f_export_keys,
- void *p_export_keys );
+void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_export_keys_t *f_export_keys,
+ void *p_export_keys);
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -2105,12 +2218,13 @@
* mbedtls_ssl_conf_get_async_config_data(). The
* library stores this value without dereferencing it.
*/
-void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
- mbedtls_ssl_async_sign_t *f_async_sign,
- mbedtls_ssl_async_decrypt_t *f_async_decrypt,
- mbedtls_ssl_async_resume_t *f_async_resume,
- mbedtls_ssl_async_cancel_t *f_async_cancel,
- void *config_data );
+void mbedtls_ssl_conf_async_private_cb(
+ mbedtls_ssl_config *conf,
+ mbedtls_ssl_async_sign_t *f_async_sign,
+ mbedtls_ssl_async_decrypt_t *f_async_decrypt,
+ mbedtls_ssl_async_resume_t *f_async_resume,
+ mbedtls_ssl_async_cancel_t *f_async_cancel,
+ void *config_data);
/**
* \brief Retrieve the configuration data set by
@@ -2120,7 +2234,7 @@
* \return The configuration data set by
* mbedtls_ssl_conf_async_private_cb().
*/
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
+void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf);
/**
* \brief Retrieve the asynchronous operation user context.
@@ -2136,7 +2250,7 @@
* called during the current handshake, this function returns
* \c NULL.
*/
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
+void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl);
/**
* \brief Retrieve the asynchronous operation user context.
@@ -2149,8 +2263,7 @@
* Call mbedtls_ssl_get_async_operation_data() later during the
* same handshake to retrieve this value.
*/
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
- void *ctx );
+void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, void *ctx);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/**
@@ -2167,9 +2280,11 @@
* \return The callback must return 0 on success,
* or a negative error code.
*/
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
- unsigned char **p, unsigned char *end,
- const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_write_t(void *ctx,
+ unsigned char **p,
+ unsigned char *end,
+ const unsigned char *info,
+ size_t ilen);
/**
* \brief Callback type: verify a cookie
@@ -2184,9 +2299,11 @@
* \return The callback must return 0 if cookie is valid,
* or a negative error code.
*/
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
- const unsigned char *cookie, size_t clen,
- const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_check_t(void *ctx,
+ const unsigned char *cookie,
+ size_t clen,
+ const unsigned char *info,
+ size_t ilen);
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2217,10 +2334,10 @@
* \param f_cookie_check Cookie check callback
* \param p_cookie Context for both callbacks
*/
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
- mbedtls_ssl_cookie_write_t *f_cookie_write,
- mbedtls_ssl_cookie_check_t *f_cookie_check,
- void *p_cookie );
+void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
+ mbedtls_ssl_cookie_write_t *f_cookie_write,
+ mbedtls_ssl_cookie_check_t *f_cookie_check,
+ void *p_cookie);
/**
* \brief Set client's transport-level identification info.
@@ -2241,9 +2358,9 @@
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
*/
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
- const unsigned char *info,
- size_t ilen );
+int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
+ const unsigned char *info,
+ size_t ilen);
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
@@ -2263,7 +2380,7 @@
* packets and needs information about them to adjust its
* transmission strategy, then you'll want to disable this.
*/
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode);
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
/**
@@ -2289,7 +2406,8 @@
* might make us waste resources checking authentication on
* many bogus packets.
*/
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf,
+ unsigned limit);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2321,8 +2439,8 @@
* are currently always sent in separate datagrams.
*
*/
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
- unsigned allow_packing );
+void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
+ unsigned allow_packing);
/**
* \brief Set retransmit timeout values for the DTLS handshake.
@@ -2355,7 +2473,9 @@
* goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
* resend ... 5s -> give up and return a timeout error.
*/
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf,
+ uint32_t min,
+ uint32_t max);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -2396,10 +2516,10 @@
* \param f_get_cache session get callback
* \param f_set_cache session set callback
*/
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
- void *p_cache,
- mbedtls_ssl_cache_get_t *f_get_cache,
- mbedtls_ssl_cache_set_t *f_set_cache );
+void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
+ void *p_cache,
+ mbedtls_ssl_cache_get_t *f_get_cache,
+ mbedtls_ssl_cache_set_t *f_set_cache);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -2448,7 +2568,8 @@
* \sa mbedtls_ssl_get_session()
* \sa mbedtls_ssl_session_load()
*/
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_session *session);
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -2483,9 +2604,9 @@
* \return Another negative value for other kinds of errors (for
* example, unsupported features in the embedded certificate).
*/
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Save session structure as serialized data in a buffer.
@@ -2512,10 +2633,10 @@
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
*/
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
+int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
/**
* \brief Set the list of allowed ciphersuites and the preference
@@ -2535,12 +2656,12 @@
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
- const int *ciphersuites );
+void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf,
+ const int *ciphersuites);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
-#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
+# define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
+# define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
/**
* \brief Specify the length of Connection IDs for incoming
* encrypted DTLS records, as well as the behaviour
@@ -2573,8 +2694,9 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
* is too large.
*/
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
- int ignore_other_cids );
+int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf,
+ size_t len,
+ int ignore_other_cids);
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -2588,8 +2710,8 @@
* \param conf SSL configuration
* \param profile Profile to use
*/
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
- const mbedtls_x509_crt_profile *profile );
+void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf,
+ const mbedtls_x509_crt_profile *profile);
/**
* \brief Set the data required to verify peer certificate
@@ -2602,11 +2724,11 @@
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
*/
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf,
mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
+ mbedtls_x509_crl *ca_crl);
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+# if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
* \brief Set the trusted certificate callback.
*
@@ -2658,10 +2780,10 @@
* to guarantee this (for example through a mutex
* contained in the callback context pointed to by \p p_ca_cb).
*/
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
- mbedtls_x509_crt_ca_cb_t f_ca_cb,
- void *p_ca_cb );
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb);
+# endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/**
* \brief Set own certificate chain and private key
@@ -2699,9 +2821,9 @@
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
*/
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
+ mbedtls_pk_context *pk_key);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -2737,11 +2859,13 @@
* can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len );
+int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
+ const unsigned char *psk,
+ size_t psk_len,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Configure one or more opaque pre-shared keys (PSKs) and
* their identities to be used in PSK-based ciphersuites.
@@ -2779,11 +2903,11 @@
* can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
- psa_key_id_t psk,
- const unsigned char *psk_identity,
- size_t psk_identity_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
+ psa_key_id_t psk,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len);
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief Set the pre-shared Key (PSK) for the current handshake.
@@ -2801,10 +2925,11 @@
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
- const unsigned char *psk, size_t psk_len );
+int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
+ const unsigned char *psk,
+ size_t psk_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+# if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Set an opaque pre-shared Key (PSK) for the current handshake.
*
@@ -2821,13 +2946,12 @@
* PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
* use for the key derivation algorithm
* applied in the handshake.
- *
+ *
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
- psa_key_id_t psk );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, psa_key_id_t psk);
+# endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief Set the PSK callback (server-side only).
@@ -2867,10 +2991,10 @@
* \param p_psk A pointer to an opaque structure to be passed to
* the callback, for example a PSK store.
*/
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_psk );
+void mbedtls_ssl_conf_psk_cb(
+ mbedtls_ssl_config *conf,
+ int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
+ void *p_psk);
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@@ -2887,9 +3011,11 @@
*
* \return 0 if successful
*/
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
- const unsigned char *dhm_P, size_t P_len,
- const unsigned char *dhm_G, size_t G_len );
+int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
+ const unsigned char *dhm_P,
+ size_t P_len,
+ const unsigned char *dhm_G,
+ size_t G_len);
/**
* \brief Set the Diffie-Hellman public P and G values,
@@ -2900,7 +3026,8 @@
*
* \return 0 if successful
*/
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf,
+ mbedtls_dhm_context *dhm_ctx);
#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -2912,8 +3039,8 @@
* \param conf SSL configuration
* \param bitlen Minimum bit length of the DHM prime
*/
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
- unsigned int bitlen );
+void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
+ unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
@@ -2956,8 +3083,8 @@
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves );
+void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curves);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -2990,8 +3117,7 @@
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
*/
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
- const int *hashes );
+void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, const int *hashes);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -3013,7 +3139,7 @@
* when NULL). On allocation failure hostname is cleared.
* On too long input failure, old hostname is unchanged.
*/
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -3029,9 +3155,9 @@
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
*/
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *own_cert,
- mbedtls_pk_context *pk_key );
+int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *own_cert,
+ mbedtls_pk_context *pk_key);
/**
* \brief Set the data required to verify peer certificate for the
@@ -3044,9 +3170,9 @@
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
*/
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl );
+void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl);
/**
* \brief Set authmode for the current handshake.
@@ -3058,8 +3184,7 @@
* \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
* MBEDTLS_SSL_VERIFY_REQUIRED
*/
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
- int authmode );
+void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, int authmode);
/**
* \brief Set server side ServerName TLS extension callback
@@ -3084,10 +3209,10 @@
* \param f_sni verification function
* \param p_sni verification parameter
*/
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
- size_t),
- void *p_sni );
+void mbedtls_ssl_conf_sni(
+ mbedtls_ssl_config *conf,
+ int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
+ void *p_sni);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -3108,9 +3233,9 @@
*
* \return 0 on success, or a negative error code.
*/
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len );
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+ const unsigned char *pw,
+ size_t pw_len);
#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
@@ -3126,7 +3251,8 @@
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+ const char **protos);
/**
* \brief Get the name of the negotiated Application Layer Protocol.
@@ -3137,28 +3263,29 @@
*
* \return Protcol name, or NULL if no protocol was negotiated.
*/
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
+# if defined(MBEDTLS_DEBUG_C)
+static inline const char *
+mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
{
- switch( profile )
- {
+ switch (profile) {
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
- return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ;
+ return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
- return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ;
+ return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
- return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ;
+ return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
- return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ;
- default: break;
+ return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
+ default:
+ break;
}
- return "" ;
+ return "";
}
-#endif /* MBEDTLS_DEBUG_C */
+# endif /* MBEDTLS_DEBUG_C */
/**
* \brief Manage support for mki(master key id) value
* in use_srtp extension.
@@ -3172,8 +3299,8 @@
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
* or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
*/
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
- int support_mki_value );
+void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
+ int support_mki_value);
/**
* \brief Set the supported DTLS-SRTP protection profiles.
@@ -3194,9 +3321,9 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
* protection profiles is incorrect.
*/
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles
- ( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles );
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles(
+ mbedtls_ssl_config *conf,
+ const mbedtls_ssl_srtp_profile *profiles);
/**
* \brief Set the mki_value for the current DTLS-SRTP session.
@@ -3214,29 +3341,33 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
*/
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
- unsigned char *mki_value,
- uint16_t mki_len );
+int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
+ unsigned char *mki_value,
+ uint16_t mki_len);
/**
* \brief Get the negotiated DTLS-SRTP informations:
* Protection profile and MKI value.
*
* \warning This function must be called after the handshake is
* completed. The value returned by this function must
- * not be trusted or acted upon before the handshake completes.
+ * not be trusted or acted upon before the handshake
+ completes.
*
* \param ssl The SSL context to query.
* \param dtls_srtp_info The negotiated DTLS-SRTP informations:
* - Protection profile in use.
- * A direct mapping of the iana defined value for protection
+ * A direct mapping of the iana defined value for
+ protection
* profile on an uint16_t.
http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
+ * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not
+ negotiated
* or peer's Hello packet was not parsed yet.
* - mki size and value( if size is > 0 ).
*/
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
- mbedtls_dtls_srtp_info *dtls_srtp_info );
+void mbedtls_ssl_get_dtls_srtp_negotiation_result(
+ const mbedtls_ssl_context *ssl,
+ mbedtls_dtls_srtp_info *dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/**
@@ -3252,7 +3383,9 @@
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf,
+ int major,
+ int minor);
/**
* \brief Set the minimum accepted SSL/TLS protocol version
@@ -3267,7 +3400,9 @@
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf,
+ int major,
+ int minor);
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/**
@@ -3281,7 +3416,7 @@
* \param conf SSL configuration
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
*/
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm);
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@@ -3296,7 +3431,8 @@
* \param conf SSL configuration
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf,
+ char ems);
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -3309,8 +3445,8 @@
* \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
* MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
*/
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
- char cert_req_ca_list );
+void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
+ char cert_req_ca_list);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -3348,7 +3484,8 @@
*
* \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
*/
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf,
+ unsigned char mfl_code);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_SRV_C)
@@ -3361,7 +3498,7 @@
* \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
* or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
*/
-void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
+void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order);
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -3375,7 +3512,8 @@
* \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
*/
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf,
+ int use_tickets);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3396,7 +3534,8 @@
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*/
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf,
+ int renegotiation);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3426,7 +3565,8 @@
* SSL_ALLOW_LEGACY_RENEGOTIATION or
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
*/
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf,
+ int allow_legacy);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -3466,7 +3606,8 @@
* enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records.
*/
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf,
+ int max_records);
/**
* \brief Set record counter threshold for periodic renegotiation.
@@ -3493,8 +3634,8 @@
* \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
*/
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
- const unsigned char period[8] );
+void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
+ const unsigned char period[8]);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3535,7 +3676,7 @@
* that all internal data has been processed.
*
*/
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl);
/**
* \brief Return the number of application data bytes
@@ -3552,7 +3693,7 @@
* amount of data fitting into the input buffer.
*
*/
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl);
/**
* \brief Return the result of the certificate verification
@@ -3566,7 +3707,7 @@
* \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
* and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
*/
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl);
/**
* \brief Return the name of the current ciphersuite
@@ -3575,7 +3716,7 @@
*
* \return a string containing the ciphersuite name
*/
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current TLS version
@@ -3584,7 +3725,7 @@
*
* \return a string containing the TLS version
*/
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl);
/**
* \brief Return the (maximum) number of bytes added by the record
@@ -3594,7 +3735,7 @@
*
* \return Current maximum record expansion in bytes
*/
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current maximum outgoing record payload in bytes.
@@ -3621,7 +3762,7 @@
* \return Current maximum payload for an outgoing record,
* or a negative error code.
*/
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl);
/**
* \brief Return the current maximum incoming record payload in bytes.
@@ -3641,7 +3782,7 @@
* \return Current maximum payload for an outgoing record,
* or a negative error code.
*/
-int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -3674,7 +3815,8 @@
* If you want to use the certificate across API calls,
* you must make a copy.
*/
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+const mbedtls_x509_crt *
+mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -3712,8 +3854,8 @@
* \sa mbedtls_ssl_set_session()
* \sa mbedtls_ssl_session_save()
*/
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
- mbedtls_ssl_session *session );
+int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
+ mbedtls_ssl_session *session);
#endif /* MBEDTLS_SSL_CLI_C */
/**
@@ -3766,7 +3908,7 @@
* currently being processed might or might not contain further
* DTLS records.
*/
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
/**
* \brief Perform a single step of the SSL handshake
@@ -3788,7 +3930,7 @@
* re-using it for a new connection; the current connection
* must be closed.
*/
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -3814,7 +3956,7 @@
* must be closed.
*
*/
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -3894,7 +4036,7 @@
* \c mbedtls_ssl_check_pending to check for remaining records.
*
*/
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
/**
* \brief Try to write exactly 'len' application data bytes
@@ -3956,7 +4098,9 @@
* \note Attempting to write 0 bytes will result in an empty TLS
* application record being sent.
*/
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+int mbedtls_ssl_write(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len);
/**
* \brief Send an alert message
@@ -3974,9 +4118,9 @@
* call \c mbedtls_ssl_session_reset() on it before re-using it
* for a new connection; the current connection must be closed.
*/
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
- unsigned char level,
- unsigned char message );
+int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
+ unsigned char level,
+ unsigned char message);
/**
* \brief Notify the peer that the connection is being closed
*
@@ -3990,14 +4134,14 @@
* call \c mbedtls_ssl_session_reset() on it before re-using it
* for a new connection; the current connection must be closed.
*/
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
/**
* \brief Free referenced items in an SSL context and clear memory
*
* \param ssl SSL context
*/
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
/**
@@ -4048,10 +4192,10 @@
* or the connection does not use DTLS 1.2 with an AEAD
* ciphersuite, or renegotiation is enabled.
*/
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t buf_len,
- size_t *olen );
+int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen);
/**
* \brief Load serialized connection data to an SSL context.
@@ -4118,9 +4262,9 @@
* comes from a different Mbed TLS version or build.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
*/
-int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len );
+int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len);
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
/**
@@ -4133,7 +4277,7 @@
*
* \param conf SSL configuration context
*/
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_init(mbedtls_ssl_config *conf);
/**
* \brief Load reasonnable default SSL configuration values.
@@ -4150,22 +4294,24 @@
* \return 0 if successful, or
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
*/
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
- int endpoint, int transport, int preset );
+int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
+ int endpoint,
+ int transport,
+ int preset);
/**
* \brief Free an SSL configuration context
*
* \param conf SSL configuration context
*/
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_free(mbedtls_ssl_config *conf);
/**
* \brief Initialize SSL session structure
*
* \param session SSL session
*/
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_init(mbedtls_ssl_session *session);
/**
* \brief Free referenced items in an SSL session including the
@@ -4176,7 +4322,7 @@
*
* \param session SSL session
*/
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_free(mbedtls_ssl_session *session);
/**
* \brief TLS-PRF function for key derivation.
@@ -4193,11 +4339,14 @@
*
* \return 0 on success. An SSL specific error on failure.
*/
-int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
+int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
+ const unsigned char *secret,
+ size_t slen,
+ const char *label,
+ const unsigned char *random,
+ size_t rlen,
+ unsigned char *dstbuf,
+ size_t dlen);
#ifdef __cplusplus
}