Go to the documentation of this file.
36 #define TlsContext struct _TlsContext
40 #define TlsEncryptionEngine struct _TlsEncryptionEngine
51 #include "tls_config.h"
80 #ifndef GPL_LICENSE_TERMS_ACCEPTED
81 #error Before compiling CycloneSSL Open, you must accept the terms of the GPL license
85 #define CYCLONE_SSL_VERSION_STRING "2.6.2"
87 #define CYCLONE_SSL_MAJOR_VERSION 2
89 #define CYCLONE_SSL_MINOR_VERSION 6
91 #define CYCLONE_SSL_REV_NUMBER 2
94 #define SSL_VERSION_3_0 0x0300
95 #define TLS_VERSION_1_0 0x0301
96 #define TLS_VERSION_1_1 0x0302
97 #define TLS_VERSION_1_2 0x0303
98 #define TLS_VERSION_1_3 0x0304
102 #define TLS_SUPPORT ENABLED
103 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
104 #error TLS_SUPPORT parameter is not valid
108 #ifndef TLS_QUIC_SUPPORT
109 #define TLS_QUIC_SUPPORT DISABLED
110 #elif (TLS_QUIC_SUPPORT != ENABLED && TLS_QUIC_SUPPORT != DISABLED)
111 #error TLS_QUIC_SUPPORT parameter is not valid
115 #ifndef TLS_CLIENT_SUPPORT
116 #define TLS_CLIENT_SUPPORT ENABLED
117 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
118 #error TLS_CLIENT_SUPPORT parameter is not valid
122 #ifndef TLS_SERVER_SUPPORT
123 #define TLS_SERVER_SUPPORT ENABLED
124 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
125 #error TLS_SERVER_SUPPORT parameter is not valid
129 #ifndef TLS_MIN_VERSION
130 #define TLS_MIN_VERSION TLS_VERSION_1_2
131 #elif (TLS_MIN_VERSION < TLS_VERSION_1_0)
132 #error TLS_MIN_VERSION parameter is not valid
136 #ifndef TLS_MAX_VERSION
137 #define TLS_MAX_VERSION TLS_VERSION_1_3
138 #elif (TLS_MAX_VERSION > TLS_VERSION_1_3 || TLS_MAX_VERSION < TLS_MIN_VERSION)
139 #error TLS_MAX_VERSION parameter is not valid
143 #ifndef TLS_RTOS_SUPPORT
144 #define TLS_RTOS_SUPPORT ENABLED
145 #elif (TLS_RTOS_SUPPORT != ENABLED && TLS_RTOS_SUPPORT != DISABLED)
146 #error TLS_RTOS_SUPPORT parameter is not valid
150 #ifndef TLS_SESSION_RESUME_SUPPORT
151 #define TLS_SESSION_RESUME_SUPPORT ENABLED
152 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
153 #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
157 #ifndef TLS_SESSION_CACHE_LIFETIME
158 #define TLS_SESSION_CACHE_LIFETIME 3600000
159 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
160 #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
164 #ifndef TLS_TICKET_SUPPORT
165 #define TLS_TICKET_SUPPORT DISABLED
166 #elif (TLS_TICKET_SUPPORT != ENABLED && TLS_TICKET_SUPPORT != DISABLED)
167 #error TLS_TICKET_SUPPORT parameter is not valid
171 #ifndef TLS_MAX_TICKET_SIZE
172 #define TLS_MAX_TICKET_SIZE 1024
173 #elif (TLS_MAX_TICKET_SIZE < 32)
174 #error TLS_MAX_TICKET_SIZE parameter is not valid
178 #ifndef TLS_TICKET_LIFETIME
179 #define TLS_TICKET_LIFETIME 3600000
180 #elif (TLS_TICKET_LIFETIME < 0)
181 #error TLS_TICKET_LIFETIME parameter is not valid
185 #ifndef TLS_SNI_SUPPORT
186 #define TLS_SNI_SUPPORT ENABLED
187 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
188 #error TLS_SNI_SUPPORT parameter is not valid
192 #ifndef TLS_MAX_FRAG_LEN_SUPPORT
193 #define TLS_MAX_FRAG_LEN_SUPPORT DISABLED
194 #elif (TLS_MAX_FRAG_LEN_SUPPORT != ENABLED && TLS_MAX_FRAG_LEN_SUPPORT != DISABLED)
195 #error TLS_MAX_FRAG_LEN_SUPPORT parameter is not valid
199 #ifndef TLS_RECORD_SIZE_LIMIT_SUPPORT
200 #define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED
201 #elif (TLS_RECORD_SIZE_LIMIT_SUPPORT != ENABLED && TLS_RECORD_SIZE_LIMIT_SUPPORT != DISABLED)
202 #error TLS_RECORD_SIZE_LIMIT_SUPPORT parameter is not valid
206 #ifndef TLS_ALPN_SUPPORT
207 #define TLS_ALPN_SUPPORT DISABLED
208 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
209 #error TLS_ALPN_SUPPORT parameter is not valid
213 #ifndef TLS_ENCRYPT_THEN_MAC_SUPPORT
214 #define TLS_ENCRYPT_THEN_MAC_SUPPORT ENABLED
215 #elif (TLS_ENCRYPT_THEN_MAC_SUPPORT != ENABLED && TLS_ENCRYPT_THEN_MAC_SUPPORT != DISABLED)
216 #error TLS_ENCRYPT_THEN_MAC_SUPPORT parameter is not valid
220 #ifndef TLS_EXT_MASTER_SECRET_SUPPORT
221 #define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED
222 #elif (TLS_EXT_MASTER_SECRET_SUPPORT != ENABLED && TLS_EXT_MASTER_SECRET_SUPPORT != DISABLED)
223 #error TLS_EXT_MASTER_SECRET_SUPPORT parameter is not valid
227 #ifndef TLS_CLIENT_HELLO_PADDING_SUPPORT
228 #define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED
229 #elif (TLS_CLIENT_HELLO_PADDING_SUPPORT != ENABLED && TLS_CLIENT_HELLO_PADDING_SUPPORT != DISABLED)
230 #error TLS_CLIENT_HELLO_PADDING_SUPPORT parameter is not valid
234 #ifndef TLS_TRUSTED_CA_KEYS_SUPPORT
235 #define TLS_TRUSTED_CA_KEYS_SUPPORT DISABLED
236 #elif (TLS_TRUSTED_CA_KEYS_SUPPORT != ENABLED && TLS_TRUSTED_CA_KEYS_SUPPORT != DISABLED)
237 #error TLS_TRUSTED_CA_KEYS_SUPPORT parameter is not valid
241 #ifndef TLS_CERT_AUTHORITIES_SUPPORT
242 #define TLS_CERT_AUTHORITIES_SUPPORT DISABLED
243 #elif (TLS_CERT_AUTHORITIES_SUPPORT != ENABLED && TLS_CERT_AUTHORITIES_SUPPORT != DISABLED)
244 #error TLS_CERT_AUTHORITIES_SUPPORT parameter is not valid
248 #ifndef TLS_SIGN_ALGOS_CERT_SUPPORT
249 #define TLS_SIGN_ALGOS_CERT_SUPPORT ENABLED
250 #elif (TLS_SIGN_ALGOS_CERT_SUPPORT != ENABLED && TLS_SIGN_ALGOS_CERT_SUPPORT != DISABLED)
251 #error TLS_SIGN_ALGOS_CERT_SUPPORT parameter is not valid
255 #ifndef TLS_RAW_PUBLIC_KEY_SUPPORT
256 #define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED
257 #elif (TLS_RAW_PUBLIC_KEY_SUPPORT != ENABLED && TLS_RAW_PUBLIC_KEY_SUPPORT != DISABLED)
258 #error TLS_RAW_PUBLIC_KEY_SUPPORT parameter is not valid
262 #ifndef TLS_SECURE_RENEGOTIATION_SUPPORT
263 #define TLS_SECURE_RENEGOTIATION_SUPPORT ENABLED
264 #elif (TLS_SECURE_RENEGOTIATION_SUPPORT != ENABLED && TLS_SECURE_RENEGOTIATION_SUPPORT != DISABLED)
265 #error TLS_SECURE_RENEGOTIATION_SUPPORT parameter is not valid
269 #ifndef TLS_FALLBACK_SCSV_SUPPORT
270 #define TLS_FALLBACK_SCSV_SUPPORT DISABLED
271 #elif (TLS_FALLBACK_SCSV_SUPPORT != ENABLED && TLS_FALLBACK_SCSV_SUPPORT != DISABLED)
272 #error TLS_FALLBACK_SCSV_SUPPORT parameter is not valid
276 #ifndef TLS_ECC_CALLBACK_SUPPORT
277 #define TLS_ECC_CALLBACK_SUPPORT DISABLED
278 #elif (TLS_ECC_CALLBACK_SUPPORT != ENABLED && TLS_ECC_CALLBACK_SUPPORT != DISABLED)
279 #error TLS_ECC_CALLBACK_SUPPORT parameter is not valid
283 #ifndef TLS_MAX_CERTIFICATES
284 #define TLS_MAX_CERTIFICATES 3
285 #elif (TLS_MAX_CERTIFICATES < 1)
286 #error TLS_MAX_CERTIFICATES parameter is not valid
290 #ifndef TLS_RSA_KE_SUPPORT
291 #define TLS_RSA_KE_SUPPORT ENABLED
292 #elif (TLS_RSA_KE_SUPPORT != ENABLED && TLS_RSA_KE_SUPPORT != DISABLED)
293 #error TLS_RSA_KE_SUPPORT parameter is not valid
297 #ifndef TLS_DHE_RSA_KE_SUPPORT
298 #define TLS_DHE_RSA_KE_SUPPORT ENABLED
299 #elif (TLS_DHE_RSA_KE_SUPPORT != ENABLED && TLS_DHE_RSA_KE_SUPPORT != DISABLED)
300 #error TLS_DHE_RSA_KE_SUPPORT parameter is not valid
304 #ifndef TLS_DHE_DSS_KE_SUPPORT
305 #define TLS_DHE_DSS_KE_SUPPORT DISABLED
306 #elif (TLS_DHE_DSS_KE_SUPPORT != ENABLED && TLS_DHE_DSS_KE_SUPPORT != DISABLED)
307 #error TLS_DHE_DSS_KE_SUPPORT parameter is not valid
311 #ifndef TLS_DH_ANON_KE_SUPPORT
312 #define TLS_DH_ANON_KE_SUPPORT DISABLED
313 #elif (TLS_DH_ANON_KE_SUPPORT != ENABLED && TLS_DH_ANON_KE_SUPPORT != DISABLED)
314 #error TLS_DH_ANON_KE_SUPPORT parameter is not valid
318 #ifndef TLS_ECDHE_RSA_KE_SUPPORT
319 #define TLS_ECDHE_RSA_KE_SUPPORT ENABLED
320 #elif (TLS_ECDHE_RSA_KE_SUPPORT != ENABLED && TLS_ECDHE_RSA_KE_SUPPORT != DISABLED)
321 #error TLS_ECDHE_RSA_KE_SUPPORT parameter is not valid
325 #ifndef TLS_ECDHE_ECDSA_KE_SUPPORT
326 #define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED
327 #elif (TLS_ECDHE_ECDSA_KE_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_KE_SUPPORT != DISABLED)
328 #error TLS_ECDHE_ECDSA_KE_SUPPORT parameter is not valid
332 #ifndef TLS_ECDH_ANON_KE_SUPPORT
333 #define TLS_ECDH_ANON_KE_SUPPORT DISABLED
334 #elif (TLS_ECDH_ANON_KE_SUPPORT != ENABLED && TLS_ECDH_ANON_KE_SUPPORT != DISABLED)
335 #error TLS_ECDH_ANON_KE_SUPPORT parameter is not valid
339 #ifndef TLS_PSK_KE_SUPPORT
340 #define TLS_PSK_KE_SUPPORT DISABLED
341 #elif (TLS_PSK_KE_SUPPORT != ENABLED && TLS_PSK_KE_SUPPORT != DISABLED)
342 #error TLS_PSK_KE_SUPPORT parameter is not valid
346 #ifndef TLS_RSA_PSK_KE_SUPPORT
347 #define TLS_RSA_PSK_KE_SUPPORT DISABLED
348 #elif (TLS_RSA_PSK_KE_SUPPORT != ENABLED && TLS_RSA_PSK_KE_SUPPORT != DISABLED)
349 #error TLS_RSA_PSK_KE_SUPPORT parameter is not valid
353 #ifndef TLS_DHE_PSK_KE_SUPPORT
354 #define TLS_DHE_PSK_KE_SUPPORT DISABLED
355 #elif (TLS_DHE_PSK_KE_SUPPORT != ENABLED && TLS_DHE_PSK_KE_SUPPORT != DISABLED)
356 #error TLS_DHE_PSK_KE_SUPPORT parameter is not valid
360 #ifndef TLS_ECDHE_PSK_KE_SUPPORT
361 #define TLS_ECDHE_PSK_KE_SUPPORT DISABLED
362 #elif (TLS_ECDHE_PSK_KE_SUPPORT != ENABLED && TLS_ECDHE_PSK_KE_SUPPORT != DISABLED)
363 #error TLS_ECDHE_PSK_KE_SUPPORT parameter is not valid
367 #ifndef TLS_RSA_SIGN_SUPPORT
368 #define TLS_RSA_SIGN_SUPPORT ENABLED
369 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
370 #error TLS_RSA_SIGN_SUPPORT parameter is not valid
374 #ifndef TLS_RSA_PSS_SIGN_SUPPORT
375 #define TLS_RSA_PSS_SIGN_SUPPORT ENABLED
376 #elif (TLS_RSA_PSS_SIGN_SUPPORT != ENABLED && TLS_RSA_PSS_SIGN_SUPPORT != DISABLED)
377 #error TLS_RSA_PSS_SIGN_SUPPORT parameter is not valid
381 #ifndef TLS_DSA_SIGN_SUPPORT
382 #define TLS_DSA_SIGN_SUPPORT DISABLED
383 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
384 #error TLS_DSA_SIGN_SUPPORT parameter is not valid
388 #ifndef TLS_ECDSA_SIGN_SUPPORT
389 #define TLS_ECDSA_SIGN_SUPPORT ENABLED
390 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
391 #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
395 #ifndef TLS_SM2_SIGN_SUPPORT
396 #define TLS_SM2_SIGN_SUPPORT DISABLED
397 #elif (TLS_SM2_SIGN_SUPPORT != ENABLED && TLS_SM2_SIGN_SUPPORT != DISABLED)
398 #error TLS_SM2_SIGN_SUPPORT parameter is not valid
402 #ifndef TLS_ED25519_SIGN_SUPPORT
403 #define TLS_ED25519_SIGN_SUPPORT DISABLED
404 #elif (TLS_ED25519_SIGN_SUPPORT != ENABLED && TLS_ED25519_SIGN_SUPPORT != DISABLED)
405 #error TLS_ED25519_SIGN_SUPPORT parameter is not valid
409 #ifndef TLS_ED448_SIGN_SUPPORT
410 #define TLS_ED448_SIGN_SUPPORT DISABLED
411 #elif (TLS_ED448_SIGN_SUPPORT != ENABLED && TLS_ED448_SIGN_SUPPORT != DISABLED)
412 #error TLS_ED448_SIGN_SUPPORT parameter is not valid
416 #ifndef TLS_NULL_CIPHER_SUPPORT
417 #define TLS_NULL_CIPHER_SUPPORT DISABLED
418 #elif (TLS_NULL_CIPHER_SUPPORT != ENABLED && TLS_NULL_CIPHER_SUPPORT != DISABLED)
419 #error TLS_NULL_CIPHER_SUPPORT parameter is not valid
423 #ifndef TLS_STREAM_CIPHER_SUPPORT
424 #define TLS_STREAM_CIPHER_SUPPORT DISABLED
425 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
426 #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
430 #ifndef TLS_CBC_CIPHER_SUPPORT
431 #define TLS_CBC_CIPHER_SUPPORT ENABLED
432 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
433 #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
437 #ifndef TLS_CCM_CIPHER_SUPPORT
438 #define TLS_CCM_CIPHER_SUPPORT DISABLED
439 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
440 #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
444 #ifndef TLS_CCM_8_CIPHER_SUPPORT
445 #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
446 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
447 #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
451 #ifndef TLS_GCM_CIPHER_SUPPORT
452 #define TLS_GCM_CIPHER_SUPPORT ENABLED
453 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
454 #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
458 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
459 #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
460 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
461 #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
465 #ifndef TLS_RC4_SUPPORT
466 #define TLS_RC4_SUPPORT DISABLED
467 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
468 #error TLS_RC4_SUPPORT parameter is not valid
472 #ifndef TLS_IDEA_SUPPORT
473 #define TLS_IDEA_SUPPORT DISABLED
474 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
475 #error TLS_IDEA_SUPPORT parameter is not valid
479 #ifndef TLS_DES_SUPPORT
480 #define TLS_DES_SUPPORT DISABLED
481 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
482 #error TLS_DES_SUPPORT parameter is not valid
486 #ifndef TLS_3DES_SUPPORT
487 #define TLS_3DES_SUPPORT DISABLED
488 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
489 #error TLS_3DES_SUPPORT parameter is not valid
493 #ifndef TLS_AES_128_SUPPORT
494 #define TLS_AES_128_SUPPORT ENABLED
495 #elif (TLS_AES_128_SUPPORT != ENABLED && TLS_AES_128_SUPPORT != DISABLED)
496 #error TLS_AES_128_SUPPORT parameter is not valid
500 #ifndef TLS_AES_256_SUPPORT
501 #define TLS_AES_256_SUPPORT ENABLED
502 #elif (TLS_AES_256_SUPPORT != ENABLED && TLS_AES_256_SUPPORT != DISABLED)
503 #error TLS_AES_256_SUPPORT parameter is not valid
507 #ifndef TLS_CAMELLIA_128_SUPPORT
508 #define TLS_CAMELLIA_128_SUPPORT DISABLED
509 #elif (TLS_CAMELLIA_128_SUPPORT != ENABLED && TLS_CAMELLIA_128_SUPPORT != DISABLED)
510 #error TLS_CAMELLIA_128_SUPPORT parameter is not valid
514 #ifndef TLS_CAMELLIA_256_SUPPORT
515 #define TLS_CAMELLIA_256_SUPPORT DISABLED
516 #elif (TLS_CAMELLIA_256_SUPPORT != ENABLED && TLS_CAMELLIA_256_SUPPORT != DISABLED)
517 #error TLS_CAMELLIA_256_SUPPORT parameter is not valid
521 #ifndef TLS_ARIA_128_SUPPORT
522 #define TLS_ARIA_128_SUPPORT DISABLED
523 #elif (TLS_ARIA_128_SUPPORT != ENABLED && TLS_ARIA_128_SUPPORT != DISABLED)
524 #error TLS_ARIA_128_SUPPORT parameter is not valid
528 #ifndef TLS_ARIA_256_SUPPORT
529 #define TLS_ARIA_256_SUPPORT DISABLED
530 #elif (TLS_ARIA_256_SUPPORT != ENABLED && TLS_ARIA_256_SUPPORT != DISABLED)
531 #error TLS_ARIA_256_SUPPORT parameter is not valid
535 #ifndef TLS_SEED_SUPPORT
536 #define TLS_SEED_SUPPORT DISABLED
537 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
538 #error TLS_SEED_SUPPORT parameter is not valid
542 #ifndef TLS_SM4_SUPPORT
543 #define TLS_SM4_SUPPORT DISABLED
544 #elif (TLS_SM4_SUPPORT != ENABLED && TLS_SM4_SUPPORT != DISABLED)
545 #error TLS_SM4_SUPPORT parameter is not valid
549 #ifndef TLS_MD5_SUPPORT
550 #define TLS_MD5_SUPPORT DISABLED
551 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
552 #error TLS_MD5_SUPPORT parameter is not valid
556 #ifndef TLS_SHA1_SUPPORT
557 #define TLS_SHA1_SUPPORT DISABLED
558 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
559 #error TLS_SHA1_SUPPORT parameter is not valid
563 #ifndef TLS_SHA224_SUPPORT
564 #define TLS_SHA224_SUPPORT DISABLED
565 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
566 #error TLS_SHA224_SUPPORT parameter is not valid
570 #ifndef TLS_SHA256_SUPPORT
571 #define TLS_SHA256_SUPPORT ENABLED
572 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
573 #error TLS_SHA256_SUPPORT parameter is not valid
577 #ifndef TLS_SHA384_SUPPORT
578 #define TLS_SHA384_SUPPORT ENABLED
579 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
580 #error TLS_SHA384_SUPPORT parameter is not valid
584 #ifndef TLS_SHA512_SUPPORT
585 #define TLS_SHA512_SUPPORT DISABLED
586 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
587 #error TLS_SHA512_SUPPORT parameter is not valid
591 #ifndef TLS_SM3_SUPPORT
592 #define TLS_SM3_SUPPORT DISABLED
593 #elif (TLS_SM3_SUPPORT != ENABLED && TLS_SM3_SUPPORT != DISABLED)
594 #error TLS_SM3_SUPPORT parameter is not valid
598 #ifndef TLS_FFDHE_SUPPORT
599 #define TLS_FFDHE_SUPPORT DISABLED
600 #elif (TLS_FFDHE_SUPPORT != ENABLED && TLS_FFDHE_SUPPORT != DISABLED)
601 #error TLS_FFDHE_SUPPORT parameter is not valid
605 #ifndef TLS_FFDHE2048_SUPPORT
606 #define TLS_FFDHE2048_SUPPORT ENABLED
607 #elif (TLS_FFDHE2048_SUPPORT != ENABLED && TLS_FFDHE2048_SUPPORT != DISABLED)
608 #error TLS_FFDHE2048_SUPPORT parameter is not valid
612 #ifndef TLS_FFDHE3072_SUPPORT
613 #define TLS_FFDHE3072_SUPPORT DISABLED
614 #elif (TLS_FFDHE3072_SUPPORT != ENABLED && TLS_FFDHE3072_SUPPORT != DISABLED)
615 #error TLS_FFDHE3072_SUPPORT parameter is not valid
619 #ifndef TLS_FFDHE4096_SUPPORT
620 #define TLS_FFDHE4096_SUPPORT DISABLED
621 #elif (TLS_FFDHE4096_SUPPORT != ENABLED && TLS_FFDHE4096_SUPPORT != DISABLED)
622 #error TLS_FFDHE4096_SUPPORT parameter is not valid
626 #ifndef TLS_SECP160K1_SUPPORT
627 #define TLS_SECP160K1_SUPPORT DISABLED
628 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
629 #error TLS_SECP160K1_SUPPORT parameter is not valid
633 #ifndef TLS_SECP160R1_SUPPORT
634 #define TLS_SECP160R1_SUPPORT DISABLED
635 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
636 #error TLS_SECP160R1_SUPPORT parameter is not valid
640 #ifndef TLS_SECP160R2_SUPPORT
641 #define TLS_SECP160R2_SUPPORT DISABLED
642 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
643 #error TLS_SECP160R2_SUPPORT parameter is not valid
647 #ifndef TLS_SECP192K1_SUPPORT
648 #define TLS_SECP192K1_SUPPORT DISABLED
649 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
650 #error TLS_SECP192K1_SUPPORT parameter is not valid
654 #ifndef TLS_SECP192R1_SUPPORT
655 #define TLS_SECP192R1_SUPPORT DISABLED
656 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
657 #error TLS_SECP192R1_SUPPORT parameter is not valid
661 #ifndef TLS_SECP224K1_SUPPORT
662 #define TLS_SECP224K1_SUPPORT DISABLED
663 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
664 #error TLS_SECP224K1_SUPPORT parameter is not valid
668 #ifndef TLS_SECP224R1_SUPPORT
669 #define TLS_SECP224R1_SUPPORT DISABLED
670 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
671 #error TLS_SECP224R1_SUPPORT parameter is not valid
675 #ifndef TLS_SECP256K1_SUPPORT
676 #define TLS_SECP256K1_SUPPORT DISABLED
677 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
678 #error TLS_SECP256K1_SUPPORT parameter is not valid
682 #ifndef TLS_SECP256R1_SUPPORT
683 #define TLS_SECP256R1_SUPPORT ENABLED
684 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
685 #error TLS_SECP256R1_SUPPORT parameter is not valid
689 #ifndef TLS_SECP384R1_SUPPORT
690 #define TLS_SECP384R1_SUPPORT ENABLED
691 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
692 #error TLS_SECP384R1_SUPPORT parameter is not valid
696 #ifndef TLS_SECP521R1_SUPPORT
697 #define TLS_SECP521R1_SUPPORT DISABLED
698 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
699 #error TLS_SECP521R1_SUPPORT parameter is not valid
703 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
704 #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
705 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
706 #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
710 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
711 #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
712 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
713 #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
717 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
718 #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
719 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
720 #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
724 #ifndef TLS_SM2_SUPPORT
725 #define TLS_SM2_SUPPORT DISABLED
726 #elif (TLS_SM2_SUPPORT != ENABLED && TLS_SM2_SUPPORT != DISABLED)
727 #error TLS_SM2_SUPPORT parameter is not valid
731 #ifndef TLS_X25519_SUPPORT
732 #define TLS_X25519_SUPPORT ENABLED
733 #elif (TLS_X25519_SUPPORT != ENABLED && TLS_X25519_SUPPORT != DISABLED)
734 #error TLS_X25519_SUPPORT parameter is not valid
738 #ifndef TLS_X448_SUPPORT
739 #define TLS_X448_SUPPORT DISABLED
740 #elif (TLS_X448_SUPPORT != ENABLED && TLS_X448_SUPPORT != DISABLED)
741 #error TLS_X448_SUPPORT parameter is not valid
745 #ifndef TLS_MLKEM512_SUPPORT
746 #define TLS_MLKEM512_SUPPORT DISABLED
747 #elif (TLS_MLKEM512_SUPPORT != ENABLED && TLS_MLKEM512_SUPPORT != DISABLED)
748 #error TLS_MLKEM512_SUPPORT parameter is not valid
752 #ifndef TLS_MLKEM768_SUPPORT
753 #define TLS_MLKEM768_SUPPORT DISABLED
754 #elif (TLS_MLKEM768_SUPPORT != ENABLED && TLS_MLKEM768_SUPPORT != DISABLED)
755 #error TLS_MLKEM768_SUPPORT parameter is not valid
759 #ifndef TLS_MLKEM1024_SUPPORT
760 #define TLS_MLKEM1024_SUPPORT DISABLED
761 #elif (TLS_MLKEM1024_SUPPORT != ENABLED && TLS_MLKEM1024_SUPPORT != DISABLED)
762 #error TLS_MLKEM1024_SUPPORT parameter is not valid
766 #ifndef TLS_CERT_KEY_USAGE_SUPPORT
767 #define TLS_CERT_KEY_USAGE_SUPPORT ENABLED
768 #elif (TLS_CERT_KEY_USAGE_SUPPORT != ENABLED && TLS_CERT_KEY_USAGE_SUPPORT != DISABLED)
769 #error TLS_CERT_KEY_USAGE_SUPPORT parameter is not valid
773 #ifndef TLS_KEY_LOG_SUPPORT
774 #define TLS_KEY_LOG_SUPPORT DISABLED
775 #elif (TLS_KEY_LOG_SUPPORT != ENABLED && TLS_KEY_LOG_SUPPORT != DISABLED)
776 #error TLS_KEY_LOG_SUPPORT parameter is not valid
780 #ifndef TLS_MAX_SERVER_NAME_LEN
781 #define TLS_MAX_SERVER_NAME_LEN 255
782 #elif (TLS_MAX_SERVER_NAME_LEN < 1)
783 #error TLS_MAX_SERVER_NAME_LEN parameter is not valid
787 #ifndef TLS_MAX_PASSWORD_LEN
788 #define TLS_MAX_PASSWORD_LEN 32
789 #elif (TLS_MAX_PASSWORD_LEN < 0)
790 #error TLS_MAX_PASSWORD_LEN parameter is not valid
794 #ifndef TLS_MIN_DH_MODULUS_SIZE
795 #define TLS_MIN_DH_MODULUS_SIZE 2048
796 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
797 #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
801 #ifndef TLS_MAX_DH_MODULUS_SIZE
802 #define TLS_MAX_DH_MODULUS_SIZE 2048
803 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
804 #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
808 #ifndef TLS_MIN_RSA_MODULUS_SIZE
809 #define TLS_MIN_RSA_MODULUS_SIZE 2048
810 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
811 #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
815 #ifndef TLS_MAX_RSA_MODULUS_SIZE
816 #define TLS_MAX_RSA_MODULUS_SIZE 4096
817 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
818 #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
822 #ifndef TLS_MIN_DSA_MODULUS_SIZE
823 #define TLS_MIN_DSA_MODULUS_SIZE 2048
824 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
825 #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
829 #ifndef TLS_MAX_DSA_MODULUS_SIZE
830 #define TLS_MAX_DSA_MODULUS_SIZE 4096
831 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
832 #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
836 #ifndef TLS_MASTER_SECRET_SIZE
837 #define TLS_MASTER_SECRET_SIZE 48
838 #elif (TLS_MASTER_SECRET_SIZE < 48)
839 #error TLS_MASTER_SECRET_SIZE parameter is not valid
843 #ifndef TLS_PREMASTER_SECRET_SIZE
844 #define TLS_PREMASTER_SECRET_SIZE (TLS_MAX_DH_MODULUS_SIZE / 8)
845 #elif (TLS_PREMASTER_SECRET_SIZE < 48)
846 #error TLS_PREMASTER_SECRET_SIZE parameter is not valid
850 #ifndef TLS_MAX_WARNING_ALERTS
851 #define TLS_MAX_WARNING_ALERTS 5
852 #elif (TLS_MAX_WARNING_ALERTS < 0)
853 #error TLS_MAX_WARNING_ALERTS parameter is not valid
857 #ifndef TLS_MAX_EMPTY_RECORDS
858 #define TLS_MAX_EMPTY_RECORDS 10
859 #elif (TLS_MAX_EMPTY_RECORDS < 0)
860 #error TLS_MAX_EMPTY_RECORDS parameter is not valid
864 #ifndef TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES
865 #define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 5
866 #elif (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES < 0)
867 #error TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES parameter is not valid
871 #ifndef TLS_MAX_KEY_UPDATE_MESSAGES
872 #define TLS_MAX_KEY_UPDATE_MESSAGES 5
873 #elif (TLS_MAX_KEY_UPDATE_MESSAGES < 0)
874 #error TLS_MAX_KEY_UPDATE_MESSAGES parameter is not valid
878 #ifndef TLS_PRIVATE_CONTEXT
879 #define TLS_PRIVATE_CONTEXT
883 #ifndef TLS_PRIVATE_ENCRYPTION_ENGINE
884 #define TLS_PRIVATE_ENCRYPTION_ENGINE
889 #define tlsAllocMem(size) osAllocMem(size)
894 #define tlsFreeMem(p) osFreeMem(p)
898 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
899 (TLS_DH_ANON_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
900 TLS_DHE_DSS_KE_SUPPORT == ENABLED || TLS_DHE_PSK_KE_SUPPORT == ENABLED))
901 #define TLS_DH_SUPPORT ENABLED
902 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
903 (TLS13_DHE_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED))
904 #define TLS_DH_SUPPORT ENABLED
906 #define TLS_DH_SUPPORT DISABLED
910 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
911 (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
912 TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
913 #define TLS_ECDH_SUPPORT ENABLED
914 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
915 (TLS13_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
916 #define TLS_ECDH_SUPPORT ENABLED
918 #define TLS_ECDH_SUPPORT DISABLED
922 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
923 (TLS13_MLKEM_KE_SUPPORT == ENABLED || TLS13_PSK_MLKEM_KE_SUPPORT == ENABLED))
924 #define TLS_MLKEM_SUPPORT ENABLED
926 #define TLS_MLKEM_SUPPORT DISABLED
930 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
931 (TLS13_HYBRID_KE_SUPPORT == ENABLED || TLS13_PSK_HYBRID_KE_SUPPORT == ENABLED))
932 #define TLS_HYBRID_SUPPORT ENABLED
934 #define TLS_HYBRID_SUPPORT DISABLED
938 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
939 (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED || \
940 TLS_RSA_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
941 TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED))
942 #define TLS_RSA_SUPPORT ENABLED
943 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
944 (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED))
945 #define TLS_RSA_SUPPORT ENABLED
947 #define TLS_RSA_SUPPORT DISABLED
951 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
952 (TLS_PSK_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED || \
953 TLS_DHE_PSK_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
954 #define TLS_PSK_SUPPORT ENABLED
955 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
956 (TLS13_PSK_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED || \
957 TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_HYBRID_KE_SUPPORT == ENABLED))
958 #define TLS_PSK_SUPPORT ENABLED
960 #define TLS_PSK_SUPPORT DISABLED
964 #if (TLS_SHA384_SUPPORT == ENABLED)
965 #define TLS_MAX_HKDF_DIGEST_SIZE 48
967 #define TLS_MAX_HKDF_DIGEST_SIZE 32
971 #if (DTLS_SUPPORT == ENABLED && TLS_MAX_VERSION >= TLS_VERSION_1_3)
972 #define TLS_MAX_ENCRYPTION_ENGINES 3
973 #elif (DTLS_SUPPORT == ENABLED && TLS_MAX_VERSION <= TLS_VERSION_1_2)
974 #define TLS_MAX_ENCRYPTION_ENGINES 2
976 #define TLS_MAX_ENCRYPTION_ENGINES 1
980 #if (DTLS_SUPPORT == ENABLED && TLS_MAX_VERSION >= TLS_VERSION_1_3)
981 #define TLS_MAX_DECRYPTION_ENGINES 2
983 #define TLS_MAX_DECRYPTION_ENGINES 1
987 #define tlsSetSocket(context, socket) tlsSetSocketCallbacks(context, \
988 (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
989 (TlsSocketHandle) socket)
992 #define TLS_MIN_RECORD_LENGTH 512
994 #define TLS_MAX_RECORD_LENGTH 16384
996 #define TLS_MAX_RECORD_OVERHEAD 512
998 #define TLS_RANDOM_SIZE 32
1001 #define TLS_SIGN_SCHEME(signAlgo, hashAlgo) \
1002 ((TlsSignatureScheme) (((hashAlgo) << 8) | (signAlgo)))
1075 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
1613 #if defined(__CCRX__)
1615 #elif defined(__CWCC__) || defined(_WIN32)
1616 #pragma pack(push, 1)
1913 uint16_t clientVersion;
1926 uint16_t serverVersion;
1953 uint8_t certificateTypesLen;
1985 uint32_t ticketLifetimeHint;
2030 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2037 #if defined(__CCRX__)
2039 #elif defined(__CWCC__) || defined(_WIN32)
2079 const char_t *selectedProtocol);
2087 const uint8_t *pskIdentity,
size_t pskIdentityLen);
2103 const uint8_t *rawPublicKey,
size_t rawPublicKeyLen);
2111 const uint8_t *plaintext,
size_t plaintextLen, uint8_t *ciphertext,
2112 size_t *ciphertextLen,
void *param);
2120 const uint8_t *ciphertext,
size_t ciphertextLen, uint8_t *plaintext,
2121 size_t *plaintextLen,
void *param);
2136 const uint8_t *digest,
size_t digestLen,
EcdsaSignature *signature);
2144 const uint8_t *digest,
size_t digestLen,
EcdsaSignature *signature);
2160 size_t keyLen,
void *param);
2223 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2230 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2238 #if (TLS_SNI_SUPPORT == ENABLED)
2286 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2289 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2292 #if (TLS_ALPN_SUPPORT == ENABLED)
2295 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2301 #if (TLS_ENCRYPT_THEN_MAC_SUPPORT == ENABLED)
2304 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2307 #if (TLS_TICKET_SUPPORT == ENABLED)
2310 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2313 #if (TLS_QUIC_SUPPORT == ENABLED)
2316 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2354 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
2358 #if (DTLS_SUPPORT == ENABLED)
2362 #if (DTLS_SUPPORT == ENABLED && DTLS_REPLAY_DETECTION_SUPPORT == ENABLED)
2365 #if (DTLS_SUPPORT == ENABLED && TLS_MAX_VERSION >= TLS_VERSION_1_3)
2370 #if (TLS_QUIC_SUPPORT == ENABLED)
2373 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2376 #if (TLS_ENCRYPT_THEN_MAC_SUPPORT == ENABLED)
2413 #if (TLS_ECC_CALLBACK_SUPPORT == ENABLED)
2491 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_0)
2492 size_t txLastRecordLen;
2495 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
2499 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2506 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2513 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2549 #if (TLS_DH_SUPPORT == ENABLED)
2553 #if (TLS_ECDH_SUPPORT == ENABLED || TLS_HYBRID_SUPPORT == ENABLED)
2558 #if (TLS_MLKEM_SUPPORT == ENABLED || TLS_HYBRID_SUPPORT == ENABLED)
2562 #if (TLS_RSA_SUPPORT == ENABLED)
2566 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
2570 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_SM2_SIGN_SUPPORT == ENABLED)
2574 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED || TLS_ED448_SIGN_SUPPORT == ENABLED)
2578 #if (TLS_PSK_SUPPORT == ENABLED)
2588 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2593 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2598 #if (TLS_ALPN_SUPPORT == ENABLED)
2605 #if (TLS_ENCRYPT_THEN_MAC_SUPPORT == ENABLED)
2609 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2613 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2621 #if (TLS_TICKET_SUPPORT == ENABLED)
2630 #if (TLS_TRUSTED_CA_KEYS_SUPPORT == ENABLED)
2634 #if (TLS_CERT_AUTHORITIES_SUPPORT == ENABLED)
2638 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2643 #if (TLS_FALLBACK_SCSV_SUPPORT == ENABLED)
2647 #if (TLS_KEY_LOG_SUPPORT == ENABLED)
2651 #if (TLS_MAX_WARNING_ALERTS > 0)
2655 #if (TLS_MAX_EMPTY_RECORDS > 0)
2659 #if (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES > 0)
2663 #if (TLS_MAX_KEY_UPDATE_MESSAGES > 0)
2667 #if (DTLS_SUPPORT == ENABLED)
2692 #if (DTLS_SUPPORT == ENABLED && TLS_MAX_VERSION >= TLS_VERSION_1_3)
2702 #if (TLS_QUIC_SUPPORT == ENABLED)
2727 uint16_t versionMax);
2744 size_t rxBufferSize);
2790 const char_t *certChain,
size_t certChainLen,
const char_t *privateKey,
2791 size_t privateKeyLen,
const char_t *password);
2825 bool_t useContextValue,
const uint8_t *contextValue,
2826 size_t contextValueLen, uint8_t *output,
size_t outputLen);
2829 uint8_t *output,
size_t *
length);
@ TLS_GROUP_X25519_MLKEM768
@ TLS_CERT_ECDSA_FIXED_ECDH
error_t tlsSetCertificateVerifyCallback(TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
Register certificate verification callback function.
TlsRpkVerifyCallback rpkVerifyCallback
Raw public key verification callback function.
@ TLS_EXT_PSK_KEY_EXCHANGE_MODES
@ TLS_GROUP_BRAINPOOLP512R1_TLS13
size_t ticketLen
Length of the session ticket.
@ TLS_EXT_MAX_FRAGMENT_LENGTH
DTLS (Datagram Transport Layer Security)
uint8_t sessionId[32]
Session identifier.
@ TLS_CERT_FORMAT_RAW_PUBLIC_KEY
X.509 common definitions.
uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]
Master secret.
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
size_t sessionIdLen
Length of the session identifier.
@ TLS_ALERT_UNEXPECTED_MESSAGE
EcPublicKey peerEcPublicKey
Peer's EC public key.
Collection of key exchange algorithms.
@ TLS_GROUP_BRAINPOOLP256R1_TLS13
bool_t ecPointFormatsExtReceived
The EcPointFormats extension has been received.
Generic hash algorithm context.
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
@ TLS_TRANSPORT_PROTOCOL_QUIC
uint8_t secret[TLS_MAX_HKDF_DIGEST_SIZE]
@ TLS_SIGN_SCHEME_MLDSA44_ECDSA_SECP256R1_SHA256
@ TLS_STATE_HELLO_RETRY_REQUEST
uint_t numSupportedGroups
Number of named groups in the list.
uint8_t encKey[48]
Encryption key.
uint16_t cipherSuite
Cipher suite identifier.
error_t tlsEnableTrustedCaKeys(TlsContext *context, bool_t enabled)
Enable TrustedCaKeys extension.
@ TLS_CA_ROOT_KEY_ID_TYPE_KEY_SHA1_HASH
@ TLS_TYPE_NEW_CONNECTION_ID
@ TLS_ALERT_CERTIFICATE_REQUIRED
error_t(* TlsTicketEncryptCallback)(TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
Ticket encryption callback function.
char_t * pskIdentity
PSK identity.
const Tls13PskKeModeList * pskKeModeList
PskKeyExchangeModes extension.
error_t tlsConnect(TlsContext *context)
Initiate the TLS handshake.
@ TLS_ALERT_NO_RENEGOTIATION
@ TLS_SIGN_ALGO_ANONYMOUS
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
void TlsServerHelloDone
ServerHelloDone message.
bool_t secureRenegoFlag
Secure renegotiation flag.
error_t(* TlsEcdsaVerifyCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature verification callback function.
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
@ TLS_SIGN_SCHEME_MLDSA65_ED25519
error_t tlsSetEcdsaSignCallback(TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
Register ECDSA signature generation callback function.
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
#define TLS_MAX_PASSWORD_LEN
@ TLS_CERT_FORMAT_OPENPGP
@ TLS_STATE_SERVER_KEY_EXCHANGE
const TlsExtension * sessionTicket
SessionTicket extension.
@ TLS_TYPE_SERVER_HELLO_DONE
size_t premasterSecretLen
Length of the premaster secret.
@ TLS_COMPRESSION_METHOD_NULL
@ TLS_SIGN_ALGO_GOSTR34102012_256
@ TLS_ALERT_ILLEGAL_PARAMETER
@ TLS_SIGN_SCHEME_MLDSA65_RSA4096_PSS_PSS_SHA384
TlsKeyExchMethod keyExchMethod
Key exchange method.
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384_LEGACY
TlsEcPointFormat
EC point formats.
uint8_t * ticket
Session ticket.
@ TLS_EARLY_DATA_REJECTED
uint32_t ticketLifetime
Lifetime of the ticket.
TlsCache * tlsInitCache(uint_t size)
Session cache initialization.
error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify)
Gracefully close TLS session.
@ TLS_ALERT_UNSUPPORTED_EXTENSION
@ TLS_TYPE_CERTIFICATE_STATUS
const Tls13PskBinderList * binderList
uint8_t clientRandom[TLS_RANDOM_SIZE]
Client random value.
size_t rxBufferSize
RX buffer size.
bool_t closeNotifySent
A closure alert has been sent.
@ TLS_EXT_SUPPORTED_VERSIONS
ECDSA (Elliptic Curve Digital Signature Algorithm)
@ TLS_SIGN_SCHEME_MLDSA44_ED25519
uint16_t versionMin
Minimum version accepted by the implementation.
bool_t maxFragLenExtReceived
The MaxFragmentLength extension has been received.
TlsState tlsGetState(TlsContext *context)
Retrieve current TLS state.
@ TLS_SIGN_SCHEME_MLDSA44
@ TLS_ALERT_RECORD_OVERFLOW
@ TLS_SIGN_SCHEME_MLDSA65_RSA3072_PSS_PSS_SHA256
#define TLS_PRIVATE_CONTEXT
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512_LEGACY
TlsTransportProtocol transportProtocol
Transport protocol (stream or datagram)
size_t txRecordPos
Current position in the TLS record.
@ TLS_EXT_EXTERNAL_ID_HASH
const TlsSignSchemeList * signAlgoList
SignatureAlgorithms extension.
TlsConnectionEnd
TLS connection end.
const TlsExtension * selectedGroup
KeyShare extension (HelloRetryRequest)
systime_t timestamp
Time stamp to manage entry lifetime.
systime_t lifetime
Lifetime of the encryption engine.
uint8_t * txBuffer
TX buffer.
TlsContext * tlsInit(void)
TLS context initialization.
error_t tlsSetStateChangeCallback(TlsContext *context, TlsStateChangeCallback stateChangeCallback)
Register TLS state change callback.
bool_t fatalAlertSent
A fatal alert message has been sent.
HashContext * transcriptHashContext
Hash context used to compute verify data.
uint8_t clientHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
@ TLS_GROUP_EXPLICIT_CHAR2_CURVE
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
TlsConnectionEnd entity
Client or server operation.
TlsCertificateFormat peerCertFormat
Peer's certificate format.
systime_t ackTimestamp
Time at which the ACK timer started.
@ TLS_STATE_CERTIFICATE_REQUEST
void * cookieParam
Opaque pointer passed to the cookie callbacks.
@ TLS_ENCRYPTION_LEVEL_INITIAL
@ TLS_TYPE_CHANGE_CIPHER_SPEC
size_t maxFragLen
Maximum plaintext fragment length.
const TlsProtocolNameList * protocolNameList
ALPN extension.
const TlsExtension * earlyDataIndication
EarlyData extension.
error_t tlsRestoreSessionState(TlsContext *context, const TlsSessionState *session)
Restore TLS session.
error_t tlsSetSupportedSignAlgos(TlsContext *context, const uint16_t *signAlgos, uint_t length)
Specify the list of allowed signature algorithms.
error_t tlsSetAlpnCallback(TlsContext *context, TlsAlpnCallback alpnCallback)
Register ALPN callback function.
Dtls13RecordNumber rxRecordNum
Epoch/sequence number pair.
#define TLS_PRIVATE_ENCRYPTION_ENGINE
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
uint8_t * remoteQuicTransportParams
Remote QUIC transport parameters.
TlsTicketDecryptCallback ticketDecryptCallback
Ticket decryption callback function.
TlsCertificateType type
End entity certificate type.
@ TLS_SIGN_SCHEME_GOSTR34102012_256A
bool_t clientCertTypeExtReceived
The ClientCertType extension has been received.
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
@ TLS_TYPE_COMPRESSED_CERTIFICATE
@ TLS_ALERT_ACCESS_DENIED
@ TLS_KEY_EXCH_SRP_SHA_RSA
@ TLS_ALERT_INSUFFICIENT_SECURITY
#define DTLS_REPLAY_WINDOW_SIZE
HmacContext * hmacContext
HMAC context.
TlsMessageType
Handshake message type.
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
TlsSocketHandle socketHandle
Socket handle.
@ TLS13_KEY_EXCH_PSK_MLKEM
Structure describing a cipher suite.
@ TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE
@ TLS_STATE_APPLICATION_DATA
@ TLS_COMPRESSION_METHOD_DEFLATE
size_t txDatagramLen
Length of the outgoing datagram, in bytes.
size_t sessionIdLen
Length of the session identifier.
size_t authTagLen
Length of the authentication tag.
@ TLS_ALERT_DECOMPRESSION_FAILURE
const TlsCertTypeList * clientCertTypeList
ClientCertType extension.
bool_t secureRenegoEnabled
Secure renegotiation enabled.
error_t tlsSetVersion(TlsContext *context, uint16_t versionMin, uint16_t versionMax)
Set minimum and maximum versions permitted.
TlsHashAlgo
Hash algorithms.
bool_t closeNotifyReceived
A closure alert has been received from the peer.
error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen)
Set maximum fragment length.
@ TLS_ALERT_CERTIFICATE_UNOBTAINABLE
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
@ TLS_ALERT_NO_CERTIFICATE
TlsAlpnCallback alpnCallback
ALPN callback function.
TlsStateChangeCallback stateChangeCallback
TLS state change callback function.
@ TLS_STATE_SERVER_APP_TRAFFIC_KEYS
@ TLS_KEY_EXCH_SRP_SHA_DSS
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
bool_t active
Operational state of the encryption engine.
void * prngContext
Pseudo-random number generator context.
TlsAlertDescription
Alert description.
error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList)
Set the list of supported ALPN protocols.
@ TLS_SIGN_SCHEME_ED25519
OsMutex mutex
Mutex preventing simultaneous access to the cache.
uint8_t clientVerifyData[64]
Client verify data.
DhContext dhContext
Diffie-Hellman context.
void * snCipherContext
Sequence number encryption context.
@ TLS_ALERT_DECRYPT_ERROR
char_t * ticketAlpn
ALPN protocol associated with the ticket.
TlsContentType txBufferType
Type of data that resides in the TX buffer.
TlsTicketEncryptCallback ticketEncryptCallback
Ticket encryption callback function.
size_t rxDatagramLen
Length of the incoming datagram, in bytes.
const TlsSupportedVersionList * supportedVersionList
SupportedVersions extension (ClientHello)
systime_t retransmitTimeout
Retransmission timeout.
size_t pskLen
Length of the pre-shared key, in bytes.
uint16_t rxMsgSeq
Next receive sequence number.
uint_t cipherSuiteTypes
Types of cipher suites proposed by the client.
@ TLS_ENCRYPTION_LEVEL_EARLY_DATA
uint8_t certificateTypes[]
uint8_t * psk
Pre-shared key.
uint_t emptyRecordCount
Count of consecutive empty records.
uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE+31)/32]
Replay window.
size_t earlyDataLen
Total amount of 0-RTT data that have been sent by the client.
@ TLS_GROUP_BRAINPOOLP256R1
bool_t wrongCookie
Invalid cookie.
@ TLS_SIGN_SCHEME_GOSTR34102012_256B
@ TLS_EXT_COMPRESS_CERTIFICATE
size_t fixedIvLen
Length of the fixed part of the IV.
@ TLS_TYPE_END_OF_EARLY_DATA
@ TLS_ENCRYPTION_LEVEL_HANDSHAKE
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
@ TLS13_KEY_EXCH_PSK_HYBRID
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
@ TLS_SIGN_SCHEME_MLDSA65_RSA3072_PKCS1_SHA256
error_t tlsAllowUnknownAlpnProtocols(TlsContext *context, bool_t allowed)
Allow unknown ALPN protocols.
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
TlsEncryptionEngine encryptionEngine[TLS_MAX_ENCRYPTION_ENGINES]
Encryption engines.
@ TLS_MAX_FRAGMENT_LENGTH_4096
error_t tlsSetTimeout(TlsContext *context, systime_t timeout)
Set timeout for blocking calls (for DTLS only)
uint16_t preferredGroup
Preferred ECDHE or FFDHE named group.
size_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
#define DTLS13_MAX_ACK_RECORDS
const Tls13Cookie * cookie
Cookie extension.
@ TLS_EXT_QUIC_TRANSPORT_PARAMETERS
TlsKeyExchMethod keyExchMethod
error_t tlsSetCache(TlsContext *context, TlsCache *cache)
Set session cache.
uint8_t serverVerifyData[64]
Server verify data.
bool_t extendedMasterSecret
Extended master secret computation.
@ TLS_SIGN_SCHEME_MLDSA65
@ TLS_ALERT_EXPORT_RESTRICTION
error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length)
Set the pre-shared key to be used.
uint8_t * rxBuffer
RX buffer.
TLS 1.3 helper functions.
const Tls13KeyShareEntry * serverShare
KeyShare extension (ServerHello)
@ TLS_SIGN_SCHEME_MLDSA44_RSA2048_PKCS1_SHA256
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
const Tls13KeyShareList * keyShareList
KeyShare extension (ClientHello)
uint8_t resumptionMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
CipherMode cipherMode
Cipher mode of operation.
@ TLS_SIGN_SCHEME_MLDSA87
error_t(* TlsAlpnCallback)(TlsContext *context, const char_t *selectedProtocol)
ALPN callback function.
@ TLS_GROUP_CURVE_SM2_MLKEM768
@ TLS_EXT_SUPPORTED_EKT_CIPHERS
@ TLS_CERT_RSA_EPHEMERAL_DH
void TlsFinished
Finished message.
@ TLS_STATE_HELLO_VERIFY_REQUEST
@ TLS_EXT_TRUSTED_CA_KEYS
error_t(* TlsRpkVerifyCallback)(TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
Raw public key verification callback function.
uint32_t ticketNonce
A per-ticket value that is unique across all tickets issued.
KemContext kemContext
KEM context.
const TlsCertTypeList * serverCertTypeList
ServerCertType extension.
size_t recordSizeLimit
Maximum record size the peer is willing to receive.
@ TLS_ALERT_LEVEL_WARNING
TlsEncryptionLevel
Encryption level.
size_t txBufferSize
TX buffer size.
uint16_t cipherSuite
Cipher suite identifier.
@ TLS_ALERT_UNKNOWN_PSK_IDENTITY
const TlsExtension * maxFragLen
MaxFragmentLength extension.
@ TLS_KEY_EXCH_ECDHE_ECDSA
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
TlsKeyLogCallback keyLogCallback
Key logging callback (for debugging purpose only)
@ TLS_CERT_FORMAT_1609DOT2
const TlsEcPointFormatList * ecPointFormatList
EcPointFormats extension.
uint16_t version
Negotiated TLS version.
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
size_t certChainLen
Length of the certificate chain.
uint_t numAckRecords
Number of records in the list.
uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]
Premaster secret.
size_t rxRecordLen
Length of the TLS record.
HmacContext hmacContext
HMAC context.
uint8_t serverHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
const char_t * trustedCaList
Trusted CA list (PEM format)
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
uint8_t * ticket
Session ticket.
@ TLS_EXT_SEQ_NUM_ENCRYPTION_ALGOS
size_t clientVerifyDataLen
Length of the client verify data.
@ TLS_SIGN_SCHEME_MLDSA44_RSA2048_PSS_PSS_SHA256
TlsCertificateFormat
Certificate formats.
@ TLS_EXT_CLIENT_CERT_TYPE
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
@ TLS_ALERT_BAD_RECORD_MAC
error_t tlsShutdown(TlsContext *context)
Gracefully close TLS session.
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
TlsSendQuicAlertMessageCallback sendAlertMessage
size_t txRecordLen
Length of the TLS record.
@ TLS_EXT_EXTENDED_MASTER_SECRET
#define TLS_MAX_DECRYPTION_ENGINES
@ TLS_CONNECTION_END_SERVER
size_t cookieLen
Length of the cookie.
void tlsFreeSessionState(TlsSessionState *session)
Properly dispose a session state.
@ TLS_GROUP_SECP256R1_MLKEM768
void(* TlsStateChangeCallback)(TlsContext *context, TlsState state)
TLS state change callback.
TlsClientAuthMode
Client authentication mode.
TlsKeyExchMethod
Key exchange methods.
@ TLS_EXT_SUPPORTED_GROUPS
bool_t fallbackScsvEnabled
Support for FALLBACK_SCSV.
@ TLS_SIGN_SCHEME_MLDSA87_ED448
error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups, uint_t length)
Specify the list of allowed ECDHE and FFDHE groups.
#define TLS_PREMASTER_SECRET_SIZE
void TlsCertificateVerify
CertificateVerify message.
uint8_t keyBlock[192]
Key material.
error_t(* TlsEcdhCallback)(TlsContext *context)
ECDH key agreement callback function.
const CipherAlgo * cipherAlgo
size_t rxBufferPos
Current position in RX buffer.
@ TLS_EXT_RENEGOTIATION_INFO
@ TLS_GROUP_EXPLICIT_PRIME_CURVE
error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode)
Set client authentication mode (for servers only)
bool_t encryptThenMac
Encrypt-then-MAC construction.
TlsCertificateFormat certFormat
Certificate format.
@ TLS_HASH_ALGO_INTRINSIC
@ TLS_KEY_EXCH_ECDH_ECDSA
const char_t * tlsGetAlpnProtocol(TlsContext *context)
Get the name of the selected ALPN protocol.
@ TLS_EXT_ENCRYPT_THEN_MAC
@ TLS_TYPE_APPLICATION_DATA
@ TLS_STATE_SERVER_FINISHED
error_t tlsEnableReplayDetection(TlsContext *context, bool_t enabled)
Enable anti-replay mechanism (for DTLS only)
@ TLS_SIGN_SCHEME_GOSTR34102012_512B
error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
Set TLS buffer size.
DTLS 1.3 (Datagram Transport Layer Security)
@ TLS_EC_CURVE_TYPE_EXPLICIT_PRIME
@ TLS_ALERT_UNSUPPORTED_CERTIFICATE
size_t serverVerifyDataLen
Length of the server verify data.
error_t tlsSetServerName(TlsContext *context, const char_t *serverName)
Set the server name.
@ TLS_TYPE_REQUEST_CONNECTION_ID
TlsEncryptionLevel level
Encryption level.
uint16_t epoch
Counter value incremented on every cipher state change.
bool_t fatalAlertReceived
A fatal alert message has been received from the peer.
error_t tlsSetCookieCallbacks(TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
Set cookie generation/verification callbacks (for DTLS only)
size_t txBufferPos
Current position in TX buffer.
TlsClientAuthMode clientAuthMode
Client authentication mode.
uint32_t ticketLifetime
Lifetime of the ticket.
@ TLS_SIGN_SCHEME_ECDSA_SHA1
uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
TlsSignatureScheme signScheme
Signature scheme used to sign the end entity certificate.
const char_t * tlsGetServerName(TlsContext *context)
Get the server name.
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
TlsSequenceNumber earlyDataSeqNum
Early data sequence number.
@ TLS_MAX_FRAGMENT_LENGTH_2048
error_t tlsSetPmtu(TlsContext *context, size_t pmtu)
Set PMTU value (for DTLS only)
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
error_t(* TlsSendQuicHandshakeMessageCallback)(TlsContext *context, TlsEncryptionLevel level, const uint8_t *data, size_t length, void *param)
Handshake message sending callback function.
@ TLS_CERT_DSS_EPHEMERAL_DH
size_t ticketLen
Length of the session ticket.
General definitions for cryptographic algorithms.
size_t remoteQuicTransportParamsLen
Length of the remote QUIC transport parameters.
uint8_t exporterMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
RSA public-key cryptography standard.
size_t rxBufferMaxLen
Maximum number of plaintext data the RX buffer can hold.
uint16_t clientVersion
Latest version supported by the client.
@ TLS_ALERT_UNRECOGNIZED_NAME
error_t tlsSaveSessionState(const TlsContext *context, TlsSessionState *session)
Save TLS session.
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
@ TLS_TYPE_CERTIFICATE_VERIFY
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
EcdhContext ecdhContext
ECDH context.
const TlsRenegoInfo * renegoInfo
RenegotiationInfo extension.
void * quicHandle
Opaque pointer passed to the QUIC-specific callbacks.
@ TLS_EXT_CLIENT_CERTIFICATE_URL
@ TLS_ALERT_MISSING_EXTENSION
#define TLS_MAX_CERTIFICATES
DsaPublicKey peerDsaPublicKey
Peer's DSA public key.
size_t recordSizeLimit
Maximum size of record in octets.
typedef __packed_struct
Sequence number.
DSA (Digital Signature Algorithm)
@ TLS_TRANSPORT_PROTOCOL_EAP
uint_t numCipherSuites
Number of cipher suites in the list.
@ TLS_STATE_SERVER_HELLO_3
TlsExtensionType
TLS extension types.
uint_t numSupportedSignAlgos
Number of signature algorithms in the list.
@ TLS_ALERT_USER_CANCELED
bool_t ackTimerRunning
The ACK timer is running.
uint8_t * localQuicTransportParams
Local QUIC transport parameters.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
@ TLS_EXT_CERTIFICATE_AUTHORITIES
@ TLS_STATE_END_OF_EARLY_DATA
const uint16_t * supportedSignAlgos
List of supported signature algorithms.
error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback)
Register ECDH key agreement callback function.
bool_t pskKeModeSupported
PSK key establishment supported by the client.
@ TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2
@ TLS_EC_POINT_FORMAT_UNCOMPRESSED
Dtls13RecordNumber ackRecords[DTLS13_MAX_ACK_RECORDS]
List of records received and processed.
error_t tlsSetTicketCallbacks(TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
Set ticket encryption/decryption callbacks.
@ TLS_SIGN_SCHEME_GOSTR34102012_512C
@ TLS_GROUP_BRAINPOOLP512R1
TlsSocketReceiveCallback socketReceiveCallback
Socket receive callback function.
error_t tlsWrite(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send application data to the remote host using TLS.
@ TLS_STATE_CLIENT_APP_TRAFFIC_KEYS
bool_t sessionTicketEnabled
Session ticket mechanism enabled.
const TlsExtension * extendedMasterSecret
ExtendedMasterSecret extension.
@ TLS_TYPE_HELLO_VERIFY_REQUEST
@ TLS_TYPE_CLIENT_KEY_EXCHANGE
uint_t keyUpdateCount
Count of consecutive KeyUpdate messages.
@ TLS_STATE_NEW_SESSION_TICKET
bool_t resume
The connection is established by resuming a session.
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
CipherMode
Cipher operation modes.
size_t clientHelloDigestLen
Length of Hash(ClientHello1)
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
@ TLS_CA_ROOT_KEY_ID_TYPE_PRE_AGREED
@ TLS_EXT_TRANSPARENCY_INFO
@ TLS_EXT_STATUS_REQUEST_V2
size_t txBufferMaxLen
Maximum number of plaintext data the TX buffer can hold.
TlsMaxFragmentLength
Maximum fragment length.
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
bool_t certAuthoritiesEnabled
Support for CertificateAuthorities extension.
error_t(* TlsCertVerifyCallback)(TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, void *param)
Certificate verification callback function.
@ TLS_ALERT_TOO_MANY_CIDS_REQUESTED
@ TLS_EXT_EC_POINT_FORMATS
TlsCompressMethod
Compression methods.
void * ticketParam
Opaque pointer passed to the ticket callbacks.
@ TLS_EXT_TLS_CERT_WITH_EXTERN_PSK
@ TLS_SIGN_ALGO_GOSTR34102012_512
@ TLS_STATE_NEW_SESSION_TICKET_2
@ TLS_ALERT_PROTOCOL_VERSION
@ TLS_ALERT_DECRYPTION_FAILED
TlsCertificateType
Certificate types.
TlsCertDesc * cert
Pointer to the currently selected certificate.
size_t encKeyLen
Length of the encryption key.
#define TLS_MASTER_SECRET_SIZE
size_t privateKeyLen
Length of the private key.
@ TLS_GROUP_BRAINPOOLP384R1_TLS13
const TlsExtension * quicTransportParams
QUIC transport parameters extension.
uint8_t secret[TLS_MASTER_SECRET_SIZE]
Master secret.
uint_t size
Maximum number of entries.
@ TLS_SIGN_SCHEME_GOSTR34102012_256C
TlsHashAlgo pskHashAlgo
Hash algorithm associated with the PSK.
@ TLS_STATE_HANDSHAKE_TRAFFIC_KEYS
Sha1Context * transcriptSha1Context
SHA-1 context used to compute verify data.
char_t * serverName
ServerName extension.
error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity)
Set operation mode (client or server)
uint32_t systime_t
System time.
@ TLS_CLIENT_AUTH_OPTIONAL
error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize)
Send the maximum amount of 0-RTT data the server can accept.
size_t ticketPskLen
Length of the PSK associated with the ticket.
TlsQuicCallbacks quicCallbacks
QUIC-specific callback functions.
uint8_t snKey[32]
Sequence number encryption key.
@ TLS_TYPE_SERVER_KEY_EXCHANGE
uint8_t clientHelloDigest[48]
Hash(ClientHello1)
DtlsCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
TlsPskCallback pskCallback
PSK callback function.
@ TLS_EC_CURVE_TYPE_NAMED_CURVE
uint32_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
const TlsExtension * selectedIdentity
PreSharedKey extension (ServerHello)
uint16_t namedGroup
ECDHE or FFDHE named group.
error_t(* TlsEcdsaSignCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation callback function.
const uint16_t * cipherSuites
List of supported cipher suites.
error_t(* TlsSendQuicAlertMessageCallback)(TlsContext *context, uint8_t description, void *param)
Alert message sending callback function.
uint16_t ticketCipherSuite
Cipher suite associated with the ticket.
uint16_t txMsgSeq
Send sequence number.
const TlsExtension * clientCertType
size_t localQuicTransportParamsLen
Length of the local QUIC transport parameters.
@ TLS_CA_ROOT_KEY_ID_TYPE_CERT_SHA1_HASH
@ TLS13_KEY_EXCH_PSK_ECDHE
@ TLS_ENCRYPTION_LEVEL_APPLICATION
@ TLS_STATE_CLIENT_HELLO_2
@ TLS_ALERT_BAD_CERTIFICATE
bool_t replayDetectionEnabled
Anti-replay mechanism enabled.
const HashAlgo * hashAlgo
TlsContentType
Content type.
@ TLS_STATE_SERVER_CERTIFICATE_VERIFY
size_t rxBufferLen
Number of bytes available for reading.
@ TLS_EXT_EXTERNAL_SESSION_ID
@ TLS_ALERT_INAPPROPRIATE_FALLBACK
@ TLS_EARLY_DATA_ACCEPTED
error_t tlsSetRpkVerifyCallback(TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
Register the raw public key verification callback function.
uint8_t macKey[48]
MAC key.
@ TLS_CA_ROOT_KEY_ID_TYPE_X509_NAME
void TlsClientKeyExchange
ClientKeyExchange message.
@ TLS_STATE_SERVER_CERTIFICATE
TlsEcCurveType
EC curve types.
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256_LEGACY
error_t tlsTick(TlsContext *context)
Handle periodic operations.
@ TLS_CLIENT_AUTH_REQUIRED
error_t tlsExportChannelBinding(TlsContext *context, const char_t *type, uint8_t *output, size_t *length)
Export channel binding value.
error_t tlsInitSessionState(TlsSessionState *session)
Initialize session state.
size_t rxFragQueueLen
Length of the reassembly queue.
TlsSetQuicEncryptionKeyCallback setEncryptionKeys
uint16_t versionMax
Maximum version accepted by the implementation.
const TlsSignSchemeList * certSignAlgoList
SignatureAlgorithmsCert extension.
@ TLS_STATE_CLIENT_KEY_EXCHANGE
const CipherAlgo * cipherAlgo
Cipher algorithm.
error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites, uint_t length)
Specify the list of allowed cipher suites.
TlsTransportProtocol
TLS transport protocols.
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
@ TLS_SIGN_SCHEME_SM2SIG_SM3
void TlsHelloRequest
HelloRequest message.
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
bool_t serverCertTypeExtReceived
The ServerCertType extension has been received.
TlsCaRootKeyIdType
CA root key identifier type.
@ TLS_STATE_CLIENT_CERTIFICATE
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
TlsCertVerifyCallback certVerifyCallback
Certificate verification callback function.
void * certVerifyParam
Opaque pointer passed to the certificate verification callback.
error_t tlsWriteEarlyData(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send early data to the remote TLS server.
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
uint_t alertCount
Count of consecutive warning alerts.
error_t tlsSetDhParameters(TlsContext *context, const char_t *params, size_t length)
Import Diffie-Hellman parameters.
@ TLS_ALERT_CERTIFICATE_EXPIRED
@ TLS_STATE_ENCRYPTED_EXTENSIONS
@ TLS_EXT_SERVER_CERT_TYPE
uint8_t * certRequestContext
Certificate request context.
Dtls13RetransmitState retransmitState
Retransmission state.
@ TLS_STATE_CLIENT_FINISHED_ACK
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
TlsSocketSendCallback socketSendCallback
Socket send callback function.
@ TLS_ALERT_NO_APPLICATION_PROTOCOL
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
@ TLS_CERT_RSA_FIXED_ECDH
TlsEncryptionEngine decryptionEngine[TLS_MAX_DECRYPTION_ENGINES]
Decryption engines.
#define TLS_MAX_HKDF_DIGEST_SIZE
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
systime_t clientHelloTimestamp
Time at which the ClientHello message was sent.
TlsSignatureAlgo
Signature algorithms.
uint8_t serverRandom[TLS_RANDOM_SIZE]
Server random value.
size_t certRequestContextLen
Length of the certificate request context.
error_t tlsSetEcdsaVerifyCallback(TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
Register ECDSA signature verification callback function.
@ TLS_CONNECTION_END_CLIENT
char_t * pskIdentityHint
PSK identity hint.
TlsCipherSuiteInfo cipherSuite
Negotiated cipher suite.
bool_t tlsIsRxReady(TlsContext *context)
Check whether some data is available in the receive buffer.
uint8_t clientAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
@ TLS_MAX_FRAGMENT_LENGTH_1024
TlsAlertLevel
Alert level.
uint_t changeCipherSpecCount
Count of consecutive ChangeCipherSpec messages.
Common interface for encryption algorithms.
@ TLS_TYPE_CERTIFICATE_REQUEST
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME
void tlsFree(TlsContext *context)
Release TLS context.
systime_t timestamp
Timestamp to manage lifetime.
error_t tlsRead(TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
Receive application data from a the remote host using TLS.
TlsCache * cache
TLS session cache.
TlsState state
TLS handshake finite state machine.
TlsContentType rxBufferType
Type of data that resides in the RX buffer.
char_t * serverName
Fully qualified DNS hostname of the server.
size_t rxRecordPos
Current position in the TLS record.
error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity)
Set the PSK identity to be used by the client.
uint16_t version
TLS protocol version.
@ TLS_TYPE_SUPPLEMENTAL_DATA
bool_t sessionTicketExtSent
The SessionTicket extension has been sent.
bool_t etmExtReceived
The EncryptThenMac extension has been received.
@ TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
const TlsExtension * recordSizeLimit
RecordSizeLimit extension.
error_t(* TlsSetQuicEncryptionKeyCallback)(TlsContext *context, TlsEncryptionLevel level, const uint8_t *txKey, const uint8_t *rxKey, size_t keyLen, void *param)
Encryption key update callback function.
bool_t clientCertRequested
This flag tells whether the client certificate is requested.
@ TLS_TRANSPORT_PROTOCOL_STREAM
uint16_t version
Negotiated TLS version.
@ TLS_SIGN_SCHEME_GOSTR34102012_256D
uint_t newSessionTicketCount
Number of NewSessionTicket messages that have been sent.
EddsaPublicKey peerEddsaPublicKey
Peer's EdDSA public key.
error_t tlsSetTransportProtocol(TlsContext *context, TlsTransportProtocol transportProtocol)
Set the transport protocol to be used.
TlsEcdhCallback ecdhCallback
bool_t earlyDataEnabled
EarlyData is enabled.
const char_t * certChain
End entity certificate chain (PEM format)
bool_t recordSizeLimitExtReceived
The RecordSizeLimit extension has been received.
RsaPublicKey peerRsaPublicKey
Peer's RSA public key.
bool_t unknownProtocolsAllowed
Unknown ALPN protocols allowed.
@ TLS_EXT_SIGNATURE_ALGORITHMS
uint32_t ticketLifetime
Lifetime of the ticket.
Common interface for hash algorithms.
char_t * selectedProtocol
Selected ALPN protocol.
error_t(* TlsPskCallback)(TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
Pre-shared key callback function.
const TlsServerNameList * serverNameList
ServerName extension.
TlsEarlyDataStatus tlsGetEarlyDataStatus(TlsContext *context)
Check whether the server has accepted or rejected the early data.
size_t trustedCaListLen
Total length of the trusted CA list.
systime_t retransmitTimestamp
Time at which the datagram was sent.
const TlsExtension * selectedVersion
SupportedVersions extension (ServerHello)
@ TLS_EXT_POST_HANDSHAKE_AUTH
TlsSequenceNumber seqNum
TLS sequence number.
error_t tlsLoadCertificate(TlsContext *context, uint_t index, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
uint8_t clientEarlyTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
void * cipherContext
Cipher context.
@ TLS_TYPE_NEW_SESSION_TICKET
TlsEcdsaSignCallback ecdsaSignCallback
@ TLS_SIGN_SCHEME_MLDSA87_ECDSA_SECP384R1_SHA384
TlsNamedGroup
Named groups.
TlsSendQuicHandshakeMessageCallback sendHandshakeMessage
bool_t earlyDataRejected
The 0-RTT data have been rejected by the server.
const char_t * privateKey
Private key (PEM format)
TlsSignatureScheme
Signature schemes.
error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint)
Set the PSK identity hint to be used by the server.
void(* TlsKeyLogCallback)(TlsContext *context, const char_t *key)
Key logging callback function (for debugging purpose only)
size_t macKeyLen
Length of the MAC key.
@ TLS_TYPE_HELLO_RETRY_REQUEST
bool_t updatedClientHelloReceived
An updated ClientHello message has been received.
bool_t tlsIsTxReady(TlsContext *context)
Check whether some data is ready for transmission.
GcmContext * gcmContext
GCM context.
error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group)
Specify the preferred ECDHE or FFDHE group.
TlsFlags
Flags used by read and write functions.
@ TLS_ALERT_CERTIFICATE_REVOKED
error_t tlsEnableSecureRenegotiation(TlsContext *context, bool_t enabled)
Enable secure renegotiation.
size_t txBufferLen
Number of bytes that are pending to be sent.
uint_t retransmitCount
Retransmission counter.
uint16_t rxRecordVersion
Version of the incoming record.
@ TLS_STATE_SERVER_HELLO_DONE
size_t recordIvLen
Length of the IV.
@ TLS_STATE_SERVER_HELLO_2
@ TLS_ALERT_HANDSHAKE_FAILURE
@ TLS_SIGN_SCHEME_MLDSA65_RSA4096_PKCS1_SHA384
@ TLS_STATE_CLIENT_FINISHED
int_t selectedIdentity
Selected PSK identity.
uint8_t iv[48]
Initialization vector.
@ TLS_STATE_KEY_UPDATE_ACK
DtlsCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
#define TLS_MAX_ENCRYPTION_ENGINES
@ TLS_ALERT_INTERNAL_ERROR
const uint16_t * supportedGroups
List of supported named groups.
error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled)
Perform fallback retry (for clients only)
const TlsExtension * encryptThenMac
EncryptThenMac extension.
TlsCertDesc certs[TLS_MAX_CERTIFICATES]
End entity certificates (PEM format)
error_t(* TlsTicketDecryptCallback)(TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
Ticket decryption callback function.
TlsSignatureScheme signScheme
Signature scheme to be used.
bool_t trustedCaKeysEnabled
Support for TrustedCaKeys extension.
error_t tlsEnableSessionTickets(TlsContext *context, bool_t enabled)
Enable session ticket mechanism.
#define TlsEncryptionEngine
uint16_t pskCipherSuite
Cipher suite associated with the PSK.
bool_t wrongKeyShare
Invalid key share.
bool_t extendedMasterSecret
Extended master secret computation.
@ TLS_SIGN_SCHEME_MLDSA65_ECDSA_SECP384R1_SHA384
error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList, size_t length)
Import a trusted CA list.
void TlsServerKeyExchange
ServerKeyExchange message.
bool_t earlyDataExtReceived
The EarlyData extension has been received.
const HashAlgo * prfHashAlgo
uint8_t serverAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
const TlsSupportedGroupList * supportedGroupList
SupportedGroups extension.
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
systime_t timeout
Timeout for blocking calls.
TlsEcdsaVerifyCallback ecdsaVerifyCallback
const TlsExtension * serverCertType
TlsCertificateType peerCertType
Peer's certificate type.
@ TLS_EXT_RECORD_SIZE_LIMIT
HMAC (Keyed-Hashing for Message Authentication)
@ TLS_STATE_NEW_SESSION_TICKET_ACK
error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback)
Register PSK callback function.
bool_t sessionTicketExtReceived
The SessionTicket extension has been received.
@ TLS_SIGN_SCHEME_GOSTR34102012_512A
error_t tlsExportKeyingMaterial(TlsContext *context, const char_t *label, bool_t useContextValue, const uint8_t *contextValue, size_t contextValueLen, uint8_t *output, size_t outputLen)
Export keying material per RFC 5705 standard.
void * TlsSocketHandle
Socket handle.
TlsEarlyDataStatus
Early data status.
@ TLS_GROUP_BRAINPOOLP384R1
@ TLS_EXT_SIGNED_CERT_TIMESTAMP
char_t * ticketAlpn
ALPN protocol associated with the ticket.
@ TLS_MAX_FRAGMENT_LENGTH_512
error_t tlsSetKeyLogCallback(TlsContext *context, TlsKeyLogCallback keyLogCallback)
Register key logging callback function (for debugging purpose only)
@ TLS_ALERT_CERTIFICATE_UNKNOWN
bool_t emsExtReceived
The ExtendedMasterSecret extension has been received.
void TlsCertificate
Certificate message.
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2
const TlsCertAuthorities * certAuthorities
CertificateAuthorities extension.
error_t tlsEnableCertAuthorities(TlsContext *context, bool_t enabled)
Enable CertificateAuthorities extension.
@ TLS_GROUP_SECP384R1_MLKEM1024
const Tls13PskIdentityList * identityList
PreSharedKey extension (ClientHello)
char_t * protocolList
List of supported ALPN protocols.
@ TLS_TYPE_CERTIFICATE_URL
void tlsFreeCache(TlsCache *cache)
Properly dispose a session cache.
