TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f0ba6a479aff489c268b664ae370aa5ab301b23f / . / include / polarssl / ssl.h
blob: 84bf295b8ef783ea50d54980d8adbce2d379c5e3 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file ssl.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
5 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]6 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]7 *
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]21 */
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]22#ifndef POLARSSL_SSL_H
23#define POLARSSL_SSL_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]24
25#include <time.h>
26
Paul Bakker8e831ed2009-01-03 21:24:11 +0000[diff] [blame]27#include "polarssl/net.h"
28#include "polarssl/dhm.h"
29#include "polarssl/rsa.h"
30#include "polarssl/md5.h"
31#include "polarssl/sha1.h"
32#include "polarssl/x509.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker13e2dfe2009-07-28 07:18:38 +0000[diff] [blame]34/*
35 * SSL Error codes
36 */
Paul Bakker3391b122009-07-28 20:11:54 +0000[diff] [blame]37#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
38#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
39#define POLARSSL_ERR_SSL_INVALID_MAC -0x2000
40#define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800
41#define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
42#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
43#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
44#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
45#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
46#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
47#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
48#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
49#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
50#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
51#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
52#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
53#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
54#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
55#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
56#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
57#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
58#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
59#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
60#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
61#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
62#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
63#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]64
65/*
66 * Various constants
67 */
68#define SSL_MAJOR_VERSION_3 3
69#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
70#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
71#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
72
73#define SSL_IS_CLIENT 0
74#define SSL_IS_SERVER 1
75#define SSL_COMPRESS_NULL 0
76
77#define SSL_VERIFY_NONE 0
78#define SSL_VERIFY_OPTIONAL 1
79#define SSL_VERIFY_REQUIRED 2
80
81#define SSL_MAX_CONTENT_LEN 16384
82
83/*
84 * Allow an extra 512 bytes for the record header
85 * and encryption overhead (counter + MAC + padding).
86 */
87#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
88
89/*
90 * Supported ciphersuites
91 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]92#define SSL_RSA_RC4_128_MD5 4
93#define SSL_RSA_RC4_128_SHA 5
94#define SSL_RSA_DES_168_SHA 10
95#define SSL_EDH_RSA_DES_168_SHA 22
96#define SSL_RSA_AES_128_SHA 47
Paul Bakker77a43582010-06-15 21:32:46 +0000[diff] [blame]97#define SSL_EDH_RSA_AES_128_SHA 51
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]98#define SSL_RSA_AES_256_SHA 53
99#define SSL_EDH_RSA_AES_256_SHA 57
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]101#define SSL_RSA_CAMELLIA_128_SHA 0x41
Paul Bakker77a43582010-06-15 21:32:46 +0000[diff] [blame]102#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]103#define SSL_RSA_CAMELLIA_256_SHA 0x84
104#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]105
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]106/*
107 * Message, alert and handshake types
108 */
109#define SSL_MSG_CHANGE_CIPHER_SPEC 20
110#define SSL_MSG_ALERT 21
111#define SSL_MSG_HANDSHAKE 22
112#define SSL_MSG_APPLICATION_DATA 23
113
114#define SSL_ALERT_CLOSE_NOTIFY 0
115#define SSL_ALERT_WARNING 1
116#define SSL_ALERT_FATAL 2
117#define SSL_ALERT_NO_CERTIFICATE 41
118
119#define SSL_HS_HELLO_REQUEST 0
120#define SSL_HS_CLIENT_HELLO 1
121#define SSL_HS_SERVER_HELLO 2
122#define SSL_HS_CERTIFICATE 11
123#define SSL_HS_SERVER_KEY_EXCHANGE 12
124#define SSL_HS_CERTIFICATE_REQUEST 13
125#define SSL_HS_SERVER_HELLO_DONE 14
126#define SSL_HS_CERTIFICATE_VERIFY 15
127#define SSL_HS_CLIENT_KEY_EXCHANGE 16
128#define SSL_HS_FINISHED 20
129
130/*
131 * TLS extensions
132 */
133#define TLS_EXT_SERVERNAME 0
134#define TLS_EXT_SERVERNAME_HOSTNAME 0
135
136/*
137 * SSL state machine
138 */
139typedef enum
140{
141 SSL_HELLO_REQUEST,
142 SSL_CLIENT_HELLO,
143 SSL_SERVER_HELLO,
144 SSL_SERVER_CERTIFICATE,
145 SSL_SERVER_KEY_EXCHANGE,
146 SSL_CERTIFICATE_REQUEST,
147 SSL_SERVER_HELLO_DONE,
148 SSL_CLIENT_CERTIFICATE,
149 SSL_CLIENT_KEY_EXCHANGE,
150 SSL_CERTIFICATE_VERIFY,
151 SSL_CLIENT_CHANGE_CIPHER_SPEC,
152 SSL_CLIENT_FINISHED,
153 SSL_SERVER_CHANGE_CIPHER_SPEC,
154 SSL_SERVER_FINISHED,
155 SSL_FLUSH_BUFFERS,
156 SSL_HANDSHAKE_OVER
157}
158ssl_states;
159
160typedef struct _ssl_session ssl_session;
161typedef struct _ssl_context ssl_context;
162
163/*
164 * This structure is used for session resuming.
165 */
166struct _ssl_session
167{
168 time_t start; /*!< starting time */
169 int cipher; /*!< chosen cipher */
170 int length; /*!< session id length */
171 unsigned char id[32]; /*!< session identifier */
172 unsigned char master[48]; /*!< the master secret */
173 ssl_session *next; /*!< next session entry */
174};
175
176struct _ssl_context
177{
178 /*
179 * Miscellaneous
180 */
181 int state; /*!< SSL handshake: current state */
182
183 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
184 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
185
186 int max_major_ver; /*!< max. major version from client */
187 int max_minor_ver; /*!< max. minor version from client */
188
189 /*
190 * Callbacks (RNG, debug, I/O)
191 */
192 int (*f_rng)(void *);
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]193 void (*f_dbg)(void *, int, const char *);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]194 int (*f_recv)(void *, unsigned char *, int);
195 int (*f_send)(void *, unsigned char *, int);
196
197 void *p_rng; /*!< context for the RNG function */
198 void *p_dbg; /*!< context for the debug function */
199 void *p_recv; /*!< context for reading operations */
200 void *p_send; /*!< context for writing operations */
201
202 /*
203 * Session layer
204 */
205 int resume; /*!< session resuming flag */
206 int timeout; /*!< sess. expiration time */
207 ssl_session *session; /*!< current session data */
208 int (*s_get)(ssl_context *); /*!< (server) get callback */
209 int (*s_set)(ssl_context *); /*!< (server) set callback */
210
211 /*
212 * Record layer (incoming data)
213 */
214 unsigned char *in_ctr; /*!< 64-bit incoming message counter */
215 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
216 unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
217 unsigned char *in_offt; /*!< read offset in application data */
218
219 int in_msgtype; /*!< record header: message type */
220 int in_msglen; /*!< record header: message length */
221 int in_left; /*!< amount of data read so far */
222
223 int in_hslen; /*!< current handshake message length */
224 int nb_zero; /*!< # of 0-length encrypted messages */
225
226 /*
227 * Record layer (outgoing data)
228 */
229 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
230 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
231 unsigned char *out_msg; /*!< the message contents (out_hdr+5) */
232
233 int out_msgtype; /*!< record header: message type */
234 int out_msglen; /*!< record header: message length */
235 int out_left; /*!< amount of data not yet written */
236
237 /*
238 * PKI layer
239 */
240 rsa_context *rsa_key; /*!< own RSA private key */
241 x509_cert *own_cert; /*!< own X.509 certificate */
242 x509_cert *ca_chain; /*!< own trusted CA chain */
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]243 x509_crl *ca_crl; /*!< trusted CA CRLs */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244 x509_cert *peer_cert; /*!< peer X.509 cert chain */
Paul Bakker57b79142010-03-24 06:51:15 +0000[diff] [blame]245 const char *peer_cn; /*!< expected peer CN */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]246
247 int endpoint; /*!< 0: client, 1: server */
248 int authmode; /*!< verification mode */
249 int client_auth; /*!< flag for client auth. */
250 int verify_result; /*!< verification result */
251
252 /*
253 * Crypto layer
254 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]255 dhm_context dhm_ctx; /*!< DHM key exchange */
256 md5_context fin_md5; /*!< Finished MD5 checksum */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]257 sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
258
259 int do_crypt; /*!< en(de)cryption flag */
260 int *ciphers; /*!< allowed ciphersuites */
261 int pmslen; /*!< premaster length */
262 int keylen; /*!< symmetric key length */
263 int minlen; /*!< min. ciphertext length */
264 int ivlen; /*!< IV length */
265 int maclen; /*!< MAC length */
266
267 unsigned char randbytes[64]; /*!< random bytes */
268 unsigned char premaster[256]; /*!< premaster secret */
269
270 unsigned char iv_enc[16]; /*!< IV (encryption) */
271 unsigned char iv_dec[16]; /*!< IV (decryption) */
272
273 unsigned char mac_enc[32]; /*!< MAC (encryption) */
274 unsigned char mac_dec[32]; /*!< MAC (decryption) */
275
276 unsigned long ctx_enc[128]; /*!< encryption context */
277 unsigned long ctx_dec[128]; /*!< decryption context */
278
279 /*
280 * TLS extensions
281 */
282 unsigned char *hostname;
283 unsigned long hostname_len;
284};
285
286#ifdef __cplusplus
287extern "C" {
288#endif
289
290extern int ssl_default_ciphers[];
291
292/**
293 * \brief Initialize an SSL context
294 *
295 * \param ssl SSL context
296 *
297 * \return 0 if successful, or 1 if memory allocation failed
298 */
299int ssl_init( ssl_context *ssl );
300
301/**
302 * \brief Set the current endpoint type
303 *
304 * \param ssl SSL context
305 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
306 */
307void ssl_set_endpoint( ssl_context *ssl, int endpoint );
308
309/**
310 * \brief Set the certificate verification mode
311 *
312 * \param ssl SSL context
313 * \param mode can be:
314 *
315 * SSL_VERIFY_NONE: peer certificate is not checked (default),
316 * this is insecure and SHOULD be avoided.
317 *
318 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
319 * handshake continues even if verification failed;
320 * ssl_get_verify_result() can be called after the
321 * handshake is complete.
322 *
323 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
324 * handshake is aborted if verification failed.
325 */
326void ssl_set_authmode( ssl_context *ssl, int authmode );
327
328/**
329 * \brief Set the random number generator callback
330 *
331 * \param ssl SSL context
332 * \param f_rng RNG function
333 * \param p_rng RNG parameter
334 */
335void ssl_set_rng( ssl_context *ssl,
336 int (*f_rng)(void *),
337 void *p_rng );
338
339/**
340 * \brief Set the debug callback
341 *
342 * \param ssl SSL context
343 * \param f_dbg debug function
344 * \param p_dbg debug parameter
345 */
346void ssl_set_dbg( ssl_context *ssl,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]347 void (*f_dbg)(void *, int, const char *),
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]348 void *p_dbg );
349
350/**
351 * \brief Set the underlying BIO read and write callbacks
352 *
353 * \param ssl SSL context
354 * \param f_recv read callback
355 * \param p_recv read parameter
356 * \param f_send write callback
357 * \param p_send write parameter
358 */
359void ssl_set_bio( ssl_context *ssl,
360 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
361 int (*f_send)(void *, unsigned char *, int), void *p_send );
362
363/**
364 * \brief Set the session callbacks (server-side only)
365 *
366 * \param ssl SSL context
367 * \param s_get session get callback
368 * \param s_set session set callback
369 */
370void ssl_set_scb( ssl_context *ssl,
371 int (*s_get)(ssl_context *),
372 int (*s_set)(ssl_context *) );
373
374/**
375 * \brief Set the session resuming flag, timeout and data
376 *
377 * \param ssl SSL context
378 * \param resume if 0 (default), the session will not be resumed
379 * \param timeout session timeout in seconds, or 0 (no timeout)
380 * \param session session context
381 */
382void ssl_set_session( ssl_context *ssl, int resume, int timeout,
383 ssl_session *session );
384
385/**
386 * \brief Set the list of allowed ciphersuites
387 *
388 * \param ssl SSL context
389 * \param ciphers 0-terminated list of allowed ciphers
390 */
391void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
392
393/**
394 * \brief Set the data required to verify peer certificate
395 *
396 * \param ssl SSL context
397 * \param ca_chain trusted CA chain
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]398 * \param ca_crl trusted CA CRLs
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]399 * \param peer_cn expected peer CommonName (or NULL)
400 *
401 * \note TODO: add two more parameters: depth and crl
402 */
403void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
Paul Bakker57b79142010-03-24 06:51:15 +0000[diff] [blame]404 x509_crl *ca_crl, const char *peer_cn );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]405
406/**
407 * \brief Set own certificate and private key
408 *
409 * \param ssl SSL context
410 * \param own_cert own public certificate
411 * \param rsa_key own private RSA key
412 */
413void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
414 rsa_context *rsa_key );
415
416/**
417 * \brief Set the Diffie-Hellman public P and G values,
418 * read as hexadecimal strings (server-side only)
419 *
420 * \param ssl SSL context
421 * \param dhm_P Diffie-Hellman-Merkle modulus
422 * \param dhm_G Diffie-Hellman-Merkle generator
423 *
424 * \return 0 if successful
425 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]426int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]427
428/**
429 * \brief Set hostname for ServerName TLS Extension
430 *
431 *
432 * \param ssl SSL context
433 * \param hostname the server hostname
434 *
435 * \return 0 if successful
436 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]437int ssl_set_hostname( ssl_context *ssl, const char *hostname );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]438
439/**
440 * \brief Return the number of data bytes available to read
441 *
442 * \param ssl SSL context
443 *
444 * \return how many bytes are available in the read buffer
445 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]446int ssl_get_bytes_avail( const ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]447
448/**
449 * \brief Return the result of the certificate verification
450 *
451 * \param ssl SSL context
452 *
453 * \return 0 if successful, or a combination of:
454 * BADCERT_EXPIRED
455 * BADCERT_REVOKED
456 * BADCERT_CN_MISMATCH
457 * BADCERT_NOT_TRUSTED
458 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]459int ssl_get_verify_result( const ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]460
461/**
462 * \brief Return the name of the current cipher
463 *
464 * \param ssl SSL context
465 *
466 * \return a string containing the cipher name
467 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]468const char *ssl_get_cipher( const ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469
470/**
471 * \brief Perform the SSL handshake
472 *
473 * \param ssl SSL context
474 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]475 * \return 0 if successful, POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476 * or a specific SSL error code.
477 */
478int ssl_handshake( ssl_context *ssl );
479
480/**
481 * \brief Read at most 'len' application data bytes
482 *
483 * \param ssl SSL context
484 * \param buf buffer that will hold the data
485 * \param len how many bytes must be read
486 *
487 * \return This function returns the number of bytes read,
488 * or a negative error code.
489 */
490int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
491
492/**
493 * \brief Write exactly 'len' application data bytes
494 *
495 * \param ssl SSL context
496 * \param buf buffer holding the data
497 * \param len how many bytes must be written
498 *
499 * \return This function returns the number of bytes written,
500 * or a negative error code.
501 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]502 * \note When this function returns POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]503 * it must be called later with the *same* arguments,
504 * until it returns a positive value.
505 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]506int ssl_write( ssl_context *ssl, const unsigned char *buf, int len );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]507
508/**
509 * \brief Notify the peer that the connection is being closed
Paul Bakker13e2dfe2009-07-28 07:18:38 +0000[diff] [blame]510 *
511 * \param ssl SSL context
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]512 */
513int ssl_close_notify( ssl_context *ssl );
514
515/**
516 * \brief Free an SSL context
Paul Bakker13e2dfe2009-07-28 07:18:38 +0000[diff] [blame]517 *
518 * \param ssl SSL context
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]519 */
520void ssl_free( ssl_context *ssl );
521
522/*
523 * Internal functions (do not call directly)
524 */
525int ssl_handshake_client( ssl_context *ssl );
526int ssl_handshake_server( ssl_context *ssl );
527
528int ssl_derive_keys( ssl_context *ssl );
529void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
530
531int ssl_read_record( ssl_context *ssl );
532int ssl_fetch_input( ssl_context *ssl, int nb_want );
533
534int ssl_write_record( ssl_context *ssl );
535int ssl_flush_output( ssl_context *ssl );
536
537int ssl_parse_certificate( ssl_context *ssl );
538int ssl_write_certificate( ssl_context *ssl );
539
540int ssl_parse_change_cipher_spec( ssl_context *ssl );
541int ssl_write_change_cipher_spec( ssl_context *ssl );
542
543int ssl_parse_finished( ssl_context *ssl );
544int ssl_write_finished( ssl_context *ssl );
545
546#ifdef __cplusplus
547}
548#endif
549
550#endif /* ssl.h */