OpenVPN
ssl_mbedtls.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifndef SSL_MBEDTLS_H_
30 #define SSL_MBEDTLS_H_
31 
32 #include "syshead.h"
33 
34 #include <mbedtls/ssl.h>
35 #include <mbedtls/x509_crt.h>
36 
37 #if defined(ENABLE_PKCS11)
38 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
39 #endif
40 
41 typedef struct _buffer_entry buffer_entry;
42 
43 struct _buffer_entry {
44  size_t length;
47 };
48 
49 typedef struct {
50  size_t data_start;
54 
55 typedef struct {
58 } bio_ctx;
59 
74  void *sign_ctx, const void *src, size_t src_size,
75  void *dst, size_t dst_size);
76 
81  void *sign_ctx;
82 };
83 
90 struct tls_root_ctx {
91  bool initialised;
93  int endpoint;
95  mbedtls_dhm_context *dhm_ctx;
96  mbedtls_x509_crt *crt_chain;
97  mbedtls_x509_crt *ca_chain;
98  mbedtls_pk_context *priv_key;
99  mbedtls_x509_crl *crl;
100  time_t crl_last_mtime;
102 #ifdef ENABLE_PKCS11
103  pkcs11h_certificate_t pkcs11_cert;
104 #endif
105  struct external_context external_key;
107  mbedtls_x509_crt_profile cert_profile;
108 };
109 
111  mbedtls_ssl_config ssl_config;
112  mbedtls_ssl_context *ctx;
114 };
115 
127  external_sign_func sign_func,
128  void *sign_ctx);
129 
130 #endif /* SSL_MBEDTLS_H_ */
uint8_t * data
Definition: ssl_mbedtls.h:45
bool initialised
True if the context has been initialised.
Definition: ssl_mbedtls.h:91
buffer_entry * last_block
Definition: ssl_mbedtls.h:52
mbedtls_x509_crt * crt_chain
Local Certificate chain.
Definition: ssl_mbedtls.h:96
external_sign_func sign
Definition: ssl_mbedtls.h:80
endless_buffer out
Definition: ssl_mbedtls.h:57
buffer_entry * next_block
Definition: ssl_mbedtls.h:46
mbedtls_ssl_context * ctx
mbedTLS connection context
Definition: ssl_mbedtls.h:112
time_t crl_last_mtime
CRL last modification time.
Definition: ssl_mbedtls.h:100
mbedtls_pk_context * priv_key
Local private key.
Definition: ssl_mbedtls.h:98
int * allowed_ciphers
List of allowed ciphers for this connection.
Definition: ssl_mbedtls.h:106
buffer_entry * first_block
Definition: ssl_mbedtls.h:51
Context used by external_pkcs1_sign()
Definition: ssl_mbedtls.h:78
off_t crl_last_size
size of last loaded CRL
Definition: ssl_mbedtls.h:101
mbedtls_x509_crt * ca_chain
CA chain for remote verification.
Definition: ssl_mbedtls.h:97
mbedtls_x509_crl * crl
Certificate Revocation List.
Definition: ssl_mbedtls.h:99
bool(* external_sign_func)(void *sign_ctx, const void *src, size_t src_size, void *dst, size_t dst_size)
External signing function prototype.
Definition: ssl_mbedtls.h:73
mbedtls_ssl_config ssl_config
mbedTLS global ssl config
Definition: ssl_mbedtls.h:111
int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx)
Call the supplied signing function to create a TLS signature during the TLS handshake.
unsigned __int8 uint8_t
Definition: config-msvc.h:123
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:90
mbedtls_dhm_context * dhm_ctx
Diffie-Helmann-Merkle context.
Definition: ssl_mbedtls.h:95
bio_ctx bio_ctx
Definition: ssl_mbedtls.h:113
int endpoint
Whether or not this is a server or a client.
Definition: ssl_mbedtls.h:93
Definition: ssl_mbedtls.h:43
#define bool
Definition: simple.c:61
Definition: buffer.h:1104
size_t length
Definition: ssl_mbedtls.h:44
char * dst
Definition: compat-lz4.h:455
size_t signature_length
Definition: ssl_mbedtls.h:79
size_t data_start
Definition: ssl_mbedtls.h:50
endless_buffer in
Definition: ssl_mbedtls.h:56
mbedtls_x509_crt_profile cert_profile
Allowed certificate types.
Definition: ssl_mbedtls.h:107