jli  Linuxx86_641.10.3v1.10.30b4590a5507d3f3046e5bafc007cacbbfc9b310b GMbedTLSAQ)smsp205L0/opt/julia/packages/MbedTLS/Vaaz8/src/MbedTLS.jlWXA\Y_ɢ?Randomސݗ1V$ bdSockets_AX 3MbedTLS_jll#Yr!.V m`MozillaCACerts_jll,䬩C0YWNetworkOptions2/opt/julia/packages/MbedTLS/Vaaz8/src/constants.jlWXA./opt/julia/packages/MbedTLS/Vaaz8/src/error.jlA+/opt/julia/packages/MbedTLS/Vaaz8/src/md.jlA//opt/julia/packages/MbedTLS/Vaaz8/src/cipher.jlWXA,/opt/julia/packages/MbedTLS/Vaaz8/src/rsa.jlA0/opt/julia/packages/MbedTLS/Vaaz8/src/entropy.jlA1/opt/julia/packages/MbedTLS/Vaaz8/src/ctr_drbg.jlWXA+/opt/julia/packages/MbedTLS/Vaaz8/src/pk.jlA1/opt/julia/packages/MbedTLS/Vaaz8/src/x509_crt.jlA,/opt/julia/packages/MbedTLS/Vaaz8/src/ssl.jlA./opt/julia/packages/MbedTLS/Vaaz8/src/debug.jlAj2 EY8pDatesL CoremуJ5Basemу]J5MainmуJ5ArgToolsBń x(mуF K5 Artifactsmr-V3|mу K5Base64UlD*_mу> K5CRC32c\y.jmуj K5 FileWatchingXzsy`{,zmуh& K5LibdluVW59˗,mу-" K5LoggingT{VhUXM=mуrU" K5MmapP~:xg,Omу|' K5NetworkOptionsC0YW,mуʠ, K5SHAQ<$!<%mу1 K5 Serialization [)*k1mу-G K5Sockets1V$ bdސݗmуYBY K5UnicodeP>I>Nrmуeszo K5 LinearAlgebraSm7̏mуuux K5 OpenBLAS_jll[(Śb6EcQ FmуDux K5libblastrampoline_jllLSۆ }lxӠmу^} K5MarkdownZPn7z`smу/Ed~ K5Printfg^cX׸QDmу;h K5Random_ɢ?\Ymу? K5TarOi>աmу!t, K5DatesEY8pj2 mуX K5FuturebS;3{I xVMmуsD K5InteractiveUtilsWL ~@'ZmуVg K5LibGit2Z[&RPTv3EКRmу8J K5 LibGit2_jll YXg}]$mуD K5 MbedTLS_jllAX 3ȡ_mу- K5 LibSSH2_jlloTZk)߆ MbedTLS.SSLConfig("self-signed-certificate.pem", "keyfile.pem") MbedTLS.SSLConfig() ``` """ # already defined SSLConfig and SSLContext types in ssl.jl function SSLConfig(cert_file, key_file) ssl_cert = MbedTLS.crt_parse_file(cert_file) key = MbedTLS.parse_keyfile(key_file) conf = MbedTLS.SSLConfig() entropy = MbedTLS.Entropy() rng = MbedTLS.CtrDrbg() MbedTLS.config_defaults!(conf, endpoint=MbedTLS.MBEDTLS_SSL_IS_SERVER) MbedTLS.seed!(rng, entropy) MbedTLS.rng!(conf, rng) MbedTLS.own_cert!(conf, ssl_cert, key) MbedTLS.dbg!(conf, tls_dbg) return conf end """ SSLConfig(verify::Bool; log_secrets=nothing) Initialise a client SSLConfig for connecting to a server. If `verify` is false, do not check that certificates are valid. If `log_secrets` is a string, save connection secrets to a file with that name. This is useful for decrypting traffic captured with Wireshark when debugging. """ function SSLConfig(verify::Bool; log_secrets=nothing) conf = MbedTLS.SSLConfig() MbedTLS.config_defaults!(conf) entropy = MbedTLS.Entropy() rng = MbedTLS.CtrDrbg() MbedTLS.seed!(rng, entropy) MbedTLS.rng!(conf, rng) MbedTLS.authmode!(conf, verify ? MbedTLS.MBEDTLS_SSL_VERIFY_REQUIRED : MbedTLS.MBEDTLS_SSL_VERIFY_NONE) if log_secrets !== nothing global secrets_log_file = log_secrets set_dbg_level(4) MbedTLS.dbg!(conf, tls_dbg_log_secrets) else MbedTLS.dbg!(conf, tls_dbg) end MbedTLS.ca_chain!(conf) conf end # already defined setup! in ssl.jl associate!(tls::SSLContext, tcp::TCPSocket) = set_bio!(tls, tcp) handshake!(tls::SSLContext) = handshake(tls) end # module 2/opt/julia/packages/MbedTLS/Vaaz8/src/constants.jlm# Auto-generated by gen_constants.jl on 6/9/2015 const MBEDTLS_ASN1_PRINTABLE_STRING=19 const MBEDTLS_X509_BADCERT_CN_MISMATCH=4 const MBEDTLS_ERR_NET_INVALID_CONTEXT=-69 const MBEDTLS_ERR_PK_SIG_LEN_MISMATCH=-14592 const MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT=86400 const MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE=-5120 const MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED=-30336 const MBEDTLS_ERR_MD_FILE_IO_ERROR=-20992 const MBEDTLS_CIPHER_VARIABLE_KEY_LEN=2 const MBEDTLS_TLS_EXT_SIG_ALG=13 const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256=49304 const MBEDTLS_PADLOCK_ACE=192 const MBEDTLS_ASN1_GENERALIZED_TIME=24 const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256=184 const MBEDTLS_HMAC_DRBG_RESEED_INTERVAL=10000 const MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL=-20224 const MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME=0 const MBEDTLS_SSL_TRUNC_HMAC_ENABLED=1 const MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL=120 const MBEDTLS_ERR_PK_ALLOC_FAILED=-16256 const MBEDTLS_ERR_X509_BUFFER_TOO_SMALL=-10624 const MBEDTLS_SSL_TRUNCATED_HMAC_LEN=10 const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA=49205 const MBEDTLS_CTR_DRBG_RESEED_INTERVAL=10000 const MBEDTLS_SSL_MINOR_VERSION_0=0 const MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED=-12928 const MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE=-20608 const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA=49167 const MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED=-64 const MBEDTLS_SSL_ANTI_REPLAY_DISABLED=0 const MBEDTLS_ERR_CCM_BAD_INPUT=-13 const MBEDTLS_PSK_MAX_LEN=32 const MBEDTLS_SSL_VERIFY_OPTIONAL=1 const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384=49208 const MBEDTLS_BLOWFISH_ENCRYPT=1 const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX=60000 const MBEDTLS_SSL_VERIFY_DATA_MAX_LEN=12 const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384=49307 const MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC=22 const MBEDTLS_ERR_DHM_CALC_SECRET_FAILED=-13056 const MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH=-2 const MBEDTLS_ERR_SSL_CONN_EOF=-29312 const MBEDTLS_ERR_BASE64_INVALID_CHARACTER=-44 const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256=49189 const MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE=-2 const MBEDTLS_ERR_PEM_PASSWORD_REQUIRED=-4864 const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384=181 const MBEDTLS_CTR_DRBG_KEYSIZE=32 const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256=49197 const MBEDTLS_ERR_RSA_RNG_FAILED=-17536 const MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES=10 const MBEDTLS_ERR_RSA_INVALID_PADDING=-16640 const MBEDTLS_ERR_SSL_COMPRESSION_FAILED=-28416 const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256=49274 const MBEDTLS_ERR_NET_RECV_FAILED=-76 const MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE=-29952 const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA=49171 const MBEDTLS_ERR_NET_SOCKET_FAILED=-66 const MBEDTLS_ERR_SSL_TIMEOUT=-26624 const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256=49272 const MBEDTLS_ERR_SSL_INVALID_RECORD=-29184 const MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR=-58 const MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED=-30208 const MBEDTLS_X509_BADCERT_MISSING=64 const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384=49291 const MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR=80 const MBEDTLS_CIPHERSUITE_WEAK=1 const MBEDTLS_SSL_VERIFY_REQUIRED=2 const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384=179 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8=49327 const MBEDTLS_PKCS12_DERIVE_KEY=1 const MBEDTLS_SSL_HASH_SHA512=6 const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256=49201 const MBEDTLS_CTR_DRBG_MAX_REQUEST=1024 const MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION=0 const MBEDTLS_ERR_PK_PASSWORD_REQUIRED=-15360 const MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA=139 const MBEDTLS_ECP_DP_MAX=12 const MBEDTLS_CAMELLIA_DECRYPT=0 const MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE=-26 const MBEDTLS_SSL_COMPRESS_DEFLATE=1 const MBEDTLS_X509_BADCRL_EXPIRED=32 const MBEDTLS_HMAC_DRBG_PR_ON=1 const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384=49295 const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA=46 const MBEDTLS_ERR_SSL_INTERNAL_ERROR=-27648 const MBEDTLS_VERSION_PATCH=0 const MBEDTLS_CTR_DRBG_ENTROPY_LEN=32 const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA=65 const MBEDTLS_ERR_X509_INVALID_SIGNATURE=-9344 const MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK=86 const MBEDTLS_X509_BADCERT_EXPIRED=1 const MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR=51 const MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE=-29824 const MBEDTLS_SSL_SESSION_TICKETS_ENABLED=1 const MBEDTLS_X509_BADCERT_FUTURE=512 const MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384=169 const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA=149 const MBEDTLS_SSL_RETRANS_FINISHED=3 const MBEDTLS_SSL_RENEGOTIATION_PENDING=3 const MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE=-30464 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA=49159 const MBEDTLS_SSL_HS_CERTIFICATE=11 const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8=49314 const MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED=0 const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA=48 const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256=49268 const MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL=-42 const MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE=-17408 const MBEDTLS_ERR_ECP_RANDOM_FAILED=-19712 const MBEDTLS_DES_DECRYPT=0 const MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY=0 const MBEDTLS_GCM_ENCRYPT=1 const MBEDTLS_ERR_ASN1_UNEXPECTED_TAG=-98 const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA=49172 const MBEDTLS_SSL_HASH_SHA224=3 const MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO=255 const MBEDTLS_SSL_EXTENDED_MS_DISABLED=0 const MBEDTLS_SSL_VERIFY_UNSET=3 const MBEDTLS_PADLOCK_RNG=12 const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256=158 const MBEDTLS_ERR_ECP_BAD_INPUT_DATA=-20352 const MBEDTLS_MEMORY_ALIGN_MULTIPLE=4 const MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET=23 const MBEDTLS_ERR_ASN1_ALLOC_FAILED=-106 const MBEDTLS_ERR_ASN1_OUT_OF_DATA=-96 const MBEDTLS_ASN1_BOOLEAN=1 const MBEDTLS_ERR_SSL_INVALID_MAC=-29056 const MBEDTLS_TLS_RSA_WITH_AES_128_CCM=49308 const MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA=146 const MBEDTLS_ERR_PK_FILE_IO_ERROR=-15872 const MBEDTLS_ERR_DHM_INVALID_FORMAT=-13184 const MBEDTLS_ERR_SSL_ALLOC_FAILED=-32512 const MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS=11 const MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED=-1 const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM=49310 const MBEDTLS_PKCS12_DERIVE_MAC_KEY=3 const MBEDTLS_ECP_FIXED_POINT_OPTIM=1 const MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT=-10112 const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256=49300 const MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC=20 const MBEDTLS_ERR_X509_INVALID_ALG=-8960 const MBEDTLS_ECP_PF_UNCOMPRESSED=0 const MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN=32 const MBEDTLS_ERR_OID_BUF_TOO_SMALL=-11 const MBEDTLS_ERR_DHM_READ_PARAMS_FAILED=-12544 const MBEDTLS_ERR_PK_KEY_INVALID_FORMAT=-15616 const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA=49209 const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256=49270 const MBEDTLS_X509_RFC5280_UTC_TIME_LEN=15 const MBEDTLS_BLOWFISH_MIN_KEY_BITS=32 const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256=49306 const MBEDTLS_ERR_ENTROPY_MAX_SOURCES=-62 const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384=171 const MBEDTLS_ASN1_UTC_TIME=23 const MBEDTLS_ECP_MAX_BITS=521 const MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH=-27904 const MBEDTLS_SSL_PRESET_SUITEB=2 const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256=49294 const MBEDTLS_SSL_PRESET_DEFAULT=0 const MBEDTLS_ERR_X509_INVALID_VERSION=-8704 const MBEDTLS_SSL_COOKIE_TIMEOUT=60 const MBEDTLS_NET_PROTO_TCP=0 const MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA=49163 const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT=110 const MBEDTLS_NET_LISTEN_BACKLOG=10 const _CRT_SECURE_NO_DEPRECATE=1 const MBEDTLS_PKCS5_ENCRYPT=1 const MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED=-30720 const MBEDTLS_ERR_NET_SEND_FAILED=-78 const MBEDTLS_SSL_SECURE_RENEGOTIATION=1 const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384=49289 const MBEDTLS_SSL_MAJOR_VERSION_3=3 const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256=49290 const MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE=-28800 const MBEDTLS_X509_CRT_VERSION_1=0 const MBEDTLS_ERR_THREADING_BAD_INPUT_DATA=-28 const MBEDTLS_ERR_PK_BAD_INPUT_DATA=-16000 const MBEDTLS_SSL_HS_CERTIFICATE_VERIFY=15 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384=49188 const MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION=100 const MBEDTLS_SSL_SIG_RSA=1 const MBEDTLS_DES_KEY_SIZE=8 const MBEDTLS_TLS_RSA_WITH_RC4_128_SHA=5 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256=49187 const MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION=1 const MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT=384 const MBEDTLS_SSL_RETRANS_PREPARING=0 const MBEDTLS_SSL_COMPRESS_NULL=0 const MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE=-7936 const MBEDTLS_TLS_EXT_TRUNCATED_HMAC=4 const MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL=-8 const MBEDTLS_SSL_IS_NOT_FALLBACK=0 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA=49158 const MBEDTLS_SSL_ALERT_MSG_NO_CERT=41 const MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH=-19456 const MBEDTLS_SSL_MINOR_VERSION_2=2 const MBEDTLS_SSL_ALERT_LEVEL_FATAL=2 const MBEDTLS_ERR_RSA_VERIFY_FAILED=-17280 const MBEDTLS_X509_BADCERT_BAD_MD=16384 const MBEDTLS_ASN1_SET=17 const MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA=142 const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384=173 const MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH=-24 const MBEDTLS_ASN1_UTF8_STRING=12 const MBEDTLS_SSL_SIG_ANON=0 const MBEDTLS_ERR_CIPHER_AUTH_FAILED=-25344 const MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE=10 const MBEDTLS_ERR_ENTROPY_SOURCE_FAILED=-60 const MBEDTLS_CIPHERSUITE_NODTLS=4 const MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE=30 const MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA=49164 const MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256=156 const MBEDTLS_X509_MAX_DN_NAME_SIZE=256 const MBEDTLS_ERR_MPI_NOT_ACCEPTABLE=-14 const MBEDTLS_SSL_MAX_FRAG_LEN_INVALID=5 const MBEDTLS_SSL_HS_FINISHED=20 const MBEDTLS_MPI_MAX_SIZE=1024 const MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8=49313 const MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT=16 const MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED=-12800 const MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED=-28032 const MBEDTLS_ENTROPY_MIN_HARDWARE=32 const MBEDTLS_X509_BADCERT_KEY_USAGE=2048 const MBEDTLS_ASN1_INTEGER=2 const MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE=16 const MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH=-28544 const MBEDTLS_PKCS12_PBE_ENCRYPT=1 const MBEDTLS_ENTROPY_SOURCE_STRONG=1 const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256=49191 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA=49162 const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA=45 const MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY=71 const MBEDTLS_ERR_NET_ACCEPT_FAILED=-74 const MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY=-32128 const MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA=49204 const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256=170 const MBEDTLS_SSL_HS_SERVER_HELLO=2 const MBEDTLS_RSA_PRIVATE=1 const MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG=-54 const MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH=-38 const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256=49292 const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA=136 const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA=148 const MBEDTLS_SSL_ARC4_DISABLED=1 const MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE=-31616 const MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384=157 const MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN=-29568 const MBEDTLS_ENTROPY_MAX_GATHER=128 const MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA=21 const MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA=49203 const MBEDTLS_SSL_HS_NEW_SESSION_TICKET=4 const MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED=21 const MBEDTLS_CAMELLIA_ENCRYPT=1 const MBEDTLS_TLS_RSA_WITH_NULL_MD5=1 const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384=49305 const MBEDTLS_X509_BADCRL_FUTURE=1024 const MBEDTLS_ERR_X509_INVALID_FORMAT=-8576 const MBEDTLS_ERR_ASN1_INVALID_LENGTH=-100 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384=49267 const MBEDTLS_HMAC_DRBG_MAX_INPUT=256 const MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED=1 const MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET=-28160 const MBEDTLS_VERSION_MAJOR=2 const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384=49277 const MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE=-14848 const MBEDTLS_ERR_MPI_BAD_INPUT_DATA=-4 const MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA=49168 const MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL=-27136 const MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER=47 const MBEDTLS_X509_BADCERT_REVOKED=2 const MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT=-7808 const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8=49322 const MBEDTLS_SSL_CHANNEL_OUTBOUND=0 const MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG=-5 const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA=144 const MBEDTLS_SSL_CERT_TYPE_RSA_SIGN=1 const MBEDTLS_RSA_CRYPT=2 const MBEDTLS_AES_ENCRYPT=1 const MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE=-31744 const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8=49315 const MBEDTLS_ERR_MPI_NEGATIVE_VALUE=-10 const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA=132 const MBEDTLS_AESNI_AES=33554432 const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384=183 const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA=49206 const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256=49288 const MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION=-28288 const MBEDTLS_SSL_IS_CLIENT=0 const MBEDTLS_ERR_X509_CERT_VERIFY_FAILED=-9984 const MBEDTLS_ERR_PEM_INVALID_ENC_IV=-4608 const MBEDTLS_MEMORY_VERIFY_NONE=0 const MBEDTLS_ERR_NET_LISTEN_FAILED=-72 const MBEDTLS_SSL_COMPRESSION_ADD=0 const MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE=2 const MBEDTLS_SSL_RETRANS_WAITING=2 const MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME=112 const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256=49302 const MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED=-48 const MBEDTLS_CIPHERSUITE_SHORT_TAG=2 const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA=49156 const MBEDTLS_ERR_RSA_KEY_GEN_FAILED=-16768 const MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH=-22 const MBEDTLS_ERR_NET_CONN_RESET=-80 const MBEDTLS_ERR_PK_INVALID_PUBKEY=-15104 const MBEDTLS_SSL_ETM_ENABLED=1 const MBEDTLS_ASN1_OCTET_STRING=4 const MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE=40 const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA=140 const MBEDTLS_ERR_SSL_WANT_READ=-26880 const MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE=-20096 const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT=43 const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384=49202 const MBEDTLS_ASN1_CONSTRUCTED=32 const MBEDTLS_CTR_DRBG_BLOCKSIZE=16 const MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR=-63 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256=49195 const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384=49200 const MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED=-27264 const MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE=-31488 const MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA=22 const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256=49296 const MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST=-31360 const MBEDTLS_MPI_MAX_LIMBS=10000 const MBEDTLS_SSL_TRUNC_HMAC_DISABLED=0 const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256=182 const MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE=12 const MBEDTLS_PKCS12_PBE_DECRYPT=0 const MBEDTLS_PKCS5_DECRYPT=0 const MBEDTLS_TLS_PSK_WITH_RC4_128_SHA=138 const MBEDTLS_TLS_PSK_WITH_AES_128_CCM=49316 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384=49287 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256=49266 const MBEDTLS_X509_MAX_INTERMEDIATE_CA=8 const MBEDTLS_ERR_DHM_FILE_IO_ERROR=-13440 const MBEDTLS_ERR_OID_NOT_FOUND=-46 const MBEDTLS_ENTROPY_MAX_SOURCES=20 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256=49286 const MBEDTLS_SSL_ETM_DISABLED=0 const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256=49207 const MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST=3 const MBEDTLS_ENTROPY_MIN_HARDCLOCK=4 const MBEDTLS_ERR_MPI_FILE_IO_ERROR=-2 const MBEDTLS_MAX_BLOCK_LENGTH=16 const MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256=168 const MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC=20 const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384=49301 const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256=49199 const MBEDTLS_BLOWFISH_DECRYPT=0 const MBEDTLS_SSL_SIG_ECDSA=3 const MBEDTLS_ERR_SSL_BAD_INPUT_DATA=-28928 const MBEDTLS_SSL_ALERT_MSG_USER_CANCELED=90 const MBEDTLS_X509_BADCRL_BAD_PK=262144 const MBEDTLS_ERR_X509_UNKNOWN_OID=-8448 const MBEDTLS_SSL_FALLBACK_SCSV_VALUE=22016 const MBEDTLS_ERR_SSL_NO_RNG=-29696 const MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME=86400 const MBEDTLS_SSL_ARC4_ENABLED=0 const MBEDTLS_SSL_HASH_SHA1=2 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA=49161 const MBEDTLS_NET_PROTO_UDP=1 const MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8=49321 const MBEDTLS_BLOWFISH_MAX_KEY_BITS=448 const MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED=45 const MBEDTLS_ERR_NET_BUFFER_TOO_SMALL=-67 const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384=185 const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384=49303 const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256=180 const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384=49297 const MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG=-9728 const MBEDTLS_SSL_IS_FALLBACK=1 const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256=49276 const MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED=49 const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256=172 const MBEDTLS_ENTROPY_MIN_PLATFORM=32 const MBEDTLS_ERR_RSA_PUBLIC_FAILED=-17024 const MBEDTLS_ERR_GCM_BAD_INPUT=-20 const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM=49319 const MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH=-7680 const MBEDTLS_X509_BADCRL_BAD_MD=131072 const MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED=-52 const MBEDTLS_ERR_MD_ALLOC_FAILED=-20864 const MBEDTLS_X509_BADCERT_EXT_KEY_USAGE=4096 const MBEDTLS_ERR_MD_BAD_INPUT_DATA=-20736 const MBEDTLS_ASN1_BMP_STRING=30 const MBEDTLS_BLOWFISH_BLOCKSIZE=8 const MBEDTLS_SSL_HASH_SHA256=4 const MBEDTLS_ERR_DHM_BAD_INPUT_DATA=-12416 const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384=49198 const MBEDTLS_ENTROPY_SOURCE_WEAK=0 const MBEDTLS_SSL_MAX_FRAG_LEN_4096=4 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8=49326 const MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED=-25216 const MBEDTLS_ERR_ECP_VERIFY_FAILED=-19968 const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA=47 const MBEDTLS_SSL_HS_CLIENT_HELLO=1 const MBEDTLS_ERR_NET_UNKNOWN_HOST=-82 const MBEDTLS_SSL_HS_CERTIFICATE_REQUEST=13 const MBEDTLS_SSL_HS_HELLO_REQUEST=0 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM=49325 const MBEDTLS_RSA_SIGN=1 const MBEDTLS_SSL_MINOR_VERSION_3=3 const MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS=-32000 const MBEDTLS_TLS_PSK_WITH_NULL_SHA384=177 const MBEDTLS_ENTROPY_MAX_SEED_SIZE=1024 const MBEDTLS_ERR_PEM_INVALID_DATA=-4352 const MBEDTLS_MAX_IV_LENGTH=16 const MBEDTLS_ERR_CIPHER_ALLOC_FAILED=-24960 const MBEDTLS_X509_BADCERT_OTHER=256 const MBEDTLS_ERR_X509_INVALID_DATE=-9216 const MBEDTLS_SSL_MAX_FRAG_LEN_2048=3 const MBEDTLS_ERR_NET_BIND_FAILED=-70 const MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW=22 const MBEDTLS_CTR_DRBG_PR_OFF=0 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384=49196 const MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS=1 const MBEDTLS_SSL_HASH_MD5=1 const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8=49323 const MBEDTLS_ERR_AES_INVALID_KEY_LENGTH=-32 const MBEDTLS_ASN1_SEQUENCE=16 const MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA=-2 const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA=145 const MBEDTLS_X509_BADCERT_NS_CERT_TYPE=8192 const MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED=-12672 const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA=49157 const MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG=-56 const MBEDTLS_ERR_CCM_AUTH_FAILED=-15 const MBEDTLS_SSL_TRANSPORT_DATAGRAM=1 const MBEDTLS_ASN1_NULL=5 const MBEDTLS_SSL_EXTENDED_MS_ENABLED=1 const MBEDTLS_TLS_EXT_ALPN=16 const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA=69 const MBEDTLS_ERR_RSA_PRIVATE_FAILED=-17152 const MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA=49170 const MBEDTLS_ERR_ASN1_LENGTH_MISMATCH=-102 const MBEDTLS_ERR_SSL_BAD_HS_FINISHED=-32384 const MBEDTLS_ERR_PK_TYPE_MISMATCH=-16128 const MBEDTLS_TLS_RSA_WITH_NULL_SHA256=59 const MBEDTLS_PKCS12_DERIVE_IV=2 const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256=174 const MBEDTLS_ASN1_T61_STRING=20 const MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA=49169 const MBEDTLS_ERR_ECP_INVALID_KEY=-19584 const MBEDTLS_ERR_X509_UNKNOWN_VERSION=-9600 const MBEDTLS_ERR_PKCS5_INVALID_FORMAT=-2 const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256=192 const MBEDTLS_X509_FORMAT_PEM=2 const MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH=1 const MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA=49155 const MBEDTLS_ASN1_BIT_STRING=3 const MBEDTLS_SSL_RETRANS_SENDING=1 const MBEDTLS_TLS_RSA_WITH_NULL_SHA=2 const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256=196 const MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA=9 const MBEDTLS_X509_BADCRL_BAD_KEY=524288 const MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE=-24704 const MBEDTLS_TLS_PSK_WITH_AES_256_CCM=49317 const MBEDTLS_XTEA_ENCRYPT=1 const MBEDTLS_X509_BADCRL_NOT_TRUSTED=16 const MBEDTLS_ERR_PK_INVALID_ALG=-14976 const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256=49210 const MBEDTLS_SSL_SESSION_TICKETS_DISABLED=0 const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM=49318 const MBEDTLS_SSL_ALERT_LEVEL_WARNING=1 const MBEDTLS_SSL_PADDING_ADD=0 const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA=57 const MBEDTLS_TLS_PSK_WITH_NULL_SHA256=176 const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384=159 const MBEDTLS_ERR_MPI_DIVISION_BY_ZERO=-12 const MBEDTLS_SSL_MSG_APPLICATION_DATA=23 const MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO=-31104 const MBEDTLS_TLS_EXT_SERVERNAME=0 const MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE=-31232 const MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT=-4224 const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384=49190 const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256=103 const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY=115 const MBEDTLS_SSL_LEGACY_RENEGOTIATION=0 const MBEDTLS_ERR_ASN1_INVALID_DATA=-104 const MBEDTLS_ERR_NET_CONNECT_FAILED=-68 const MBEDTLS_X509_BADCERT_SKIP_VERIFY=128 const MBEDTLS_ERR_SSL_HW_ACCEL_FAILED=-32640 const MBEDTLS_ERR_X509_INVALID_EXTENSIONS=-9472 const MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH=-40 const MBEDTLS_TLS_RSA_WITH_RC4_128_MD5=4 const MBEDTLS_ERR_PEM_PASSWORD_MISMATCH=-4992 const MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA=49154 const MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED=44 const MBEDTLS_ERR_THREADING_MUTEX_ERROR=-30 const MBEDTLS_ERR_ASN1_BUF_TOO_SMALL=-108 const MBEDTLS_GCM_DECRYPT=0 const MBEDTLS_CTR_DRBG_MAX_INPUT=256 const MBEDTLS_RSA_PKCS_V15=0 const MBEDTLS_SSL_ANTI_REPLAY_ENABLED=1 const MBEDTLS_MD_MAX_SIZE=32 const MBEDTLS_HAVEGE_COLLECT_SIZE=1024 const MBEDTLS_ERR_GCM_AUTH_FAILED=-18 const MBEDTLS_AESNI_CLMUL=2 const MBEDTLS_CTR_DRBG_PR_ON=1 const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256=186 const MBEDTLS_ECP_TLS_NAMED_CURVE=3 const MBEDTLS_ERR_RSA_BAD_INPUT_DATA=-16512 const MBEDTLS_CIPHER_VARIABLE_IV_LEN=1 const MBEDTLS_PADLOCK_PMM=12288 const MBEDTLS_X509_BADCERT_BAD_PK=32768 const MBEDTLS_ERR_PK_KEY_INVALID_VERSION=-15744 const MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED=-9 const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256=61 const MBEDTLS_ENTROPY_BLOCK_SIZE=32 const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA=141 const MBEDTLS_X509_BADCERT_BAD_KEY=65536 const MBEDTLS_HMAC_DRBG_MAX_REQUEST=1024 const MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR=-7 const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384=49271 const MBEDTLS_TLS_EXT_RENEGOTIATION_INFO=65281 const MBEDTLS_MPI_WINDOW_SIZE=6 const MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR=50 const MBEDTLS_DES_ENCRYPT=1 const MBEDTLS_PADLOCK_PHE=3072 const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256=49193 const MBEDTLS_ERR_PEM_ALLOC_FAILED=-4480 const MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE=-30592 const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA=53 const MBEDTLS_TLS_PSK_WITH_NULL_SHA=44 const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384=49211 const MBEDTLS_ECP_WINDOW_SIZE=6 const MBEDTLS_BLOWFISH_ROUNDS=16 const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384=175 const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384=49275 const MBEDTLS_TLS_RSA_WITH_AES_256_CCM=49309 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM=49324 const MBEDTLS_ERR_SSL_WANT_WRITE=-26752 const MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH=-50 const MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO=-27392 const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA=51 const MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH=-34 const MBEDTLS_ERR_SSL_UNKNOWN_CIPHER=-29440 const MBEDTLS_ERR_X509_INVALID_SERIAL=-8832 const MBEDTLS_SSL_MAX_FRAG_LEN_1024=2 const MBEDTLS_X509_BADCERT_NOT_TRUSTED=8 const MBEDTLS_ERR_RSA_KEY_CHECK_FAILED=-16896 const MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY=-30848 const MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES=50 const MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC=-32256 const MBEDTLS_XTEA_DECRYPT=0 const MBEDTLS_ERR_PK_PASSWORD_MISMATCH=-15232 const MBEDTLS_ERR_X509_FILE_IO_ERROR=-10496 const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384=49293 const MBEDTLS_RSA_SALT_LEN_ANY=-1 const MBEDTLS_ERR_PK_UNKNOWN_PK_ALG=-15488 const MBEDTLS_X509_FORMAT_DER=1 const MBEDTLS_SSL_ALERT_MSG_BAD_CERT=42 const MBEDTLS_SSL_HASH_NONE=0 const MBEDTLS_X509_CRT_VERSION_2=1 const MBEDTLS_ERR_X509_BAD_INPUT_DATA=-10240 const MBEDTLS_SSL_MAC_ADD=16 const MBEDTLS_ASN1_IA5_STRING=22 const MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION=60 const MBEDTLS_VERSION_MINOR=1 const MBEDTLS_ERR_ECP_ALLOC_FAILED=-19840 const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM=49311 const MBEDTLS_ERR_X509_SIG_MISMATCH=-9856 const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384=49192 const MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY=-27776 const MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP=-31872 const MBEDTLS_ENTROPY_MIN_HAVEGE=32 const MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO=-30976 const MBEDTLS_SSL_HASH_SHA384=5 const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384=49273 const MBEDTLS_ERR_MPI_ALLOC_FAILED=-16 const MBEDTLS_ASN1_PRIMITIVE=0 const MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE=-8320 const MBEDTLS_HMAC_DRBG_PR_OFF=0 const MBEDTLS_ERR_X509_INVALID_NAME=-9088 const MBEDTLS_SSL_MINOR_VERSION_1=1 const MBEDTLS_SSL_MAX_FRAG_LEN_512=1 const MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED=-30080 const MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA=10 const MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA=49165 const MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA=143 const MBEDTLS_X509_CRT_VERSION_3=2 const MBEDTLS_SSL_HS_SERVER_HELLO_DONE=14 const MBEDTLS_ASN1_OID=6 const MBEDTLS_ASN1_UNIVERSAL_STRING=28 const MBEDTLS_RSA_PKCS_V21=1 const MBEDTLS_TLS_EXT_SESSION_TICKET=35 const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN=1000 const MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION=70 const MBEDTLS_AES_DECRYPT=0 const MBEDTLS_ERR_PEM_BAD_INPUT_DATA=-5248 const MBEDTLS_SSL_TRANSPORT_STREAM=0 const MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA=-24832 const MBEDTLS_ERR_CIPHER_INVALID_PADDING=-25088 const MBEDTLS_ECP_PF_COMPRESSED=1 const MBEDTLS_SSL_CHANNEL_INBOUND=1 const MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN=64 const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256=107 const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256=60 const MBEDTLS_SSL_MAX_FRAG_LEN_NONE=0 const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384=49269 const MBEDTLS_VERSION_NUMBER=33619968 const MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE=-61 const MBEDTLS_ERR_DHM_ALLOC_FAILED=-13312 const MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA=49153 const MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE=-14720 const MBEDTLS_SSL_INITIAL_HANDSHAKE=0 const MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA=-8064 const MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA=49160 const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA=49166 const MBEDTLS_SSL_RENEGOTIATION_DONE=2 const MBEDTLS_SSL_RENEGOTIATION_DISABLED=0 const MBEDTLS_SSL_MSG_ALERT=21 const MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH=-36 const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256=49298 const MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE=-27008 const MBEDTLS_ERR_X509_ALLOC_FAILED=-10368 const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256=190 const MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8=49312 const MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG=-3 const MBEDTLS_ERR_SSL_COUNTER_WRAPPING=-27520 const MBEDTLS_SSL_IS_SERVER=1 const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384=49194 const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256=178 const MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN=46 const MBEDTLS_SSL_MAX_CONTENT_LEN=16384 const MBEDTLS_SSL_VERIFY_NONE=0 const MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8=49320 const MBEDTLS_RSA_PUBLIC=0 const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384=49299 const MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA=147 const MBEDTLS_SSL_RENEGOTIATION_ENABLED=1 const MBEDTLS_LN_2_DIV_LN_10_SCALE100=332 const MBEDTLS_ASN1_CONTEXT_SPECIFIC=128 const MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG=-4736 const MBEDTLS_SSL_MSG_HANDSHAKE=22 const MBEDTLS_PK_DEBUG_MAX_ITEMS=3 const MBEDTLS_ERR_MPI_INVALID_CHARACTER=-6 const MBEDTLS_CTR_DRBG_MAX_SEED_INPUT=384 ./opt/julia/packages/MbedTLS/Vaaz8/src/error.jlmacro err_check(expr) quote ret = $(esc(expr)) ret == 0 || mbed_err(ret) ret end end struct MbedException <: Exception ret::Cint end function show(io::IO, err::MbedException) print(io, "MbedTLS error code $(err.ret): $(strerror(err.ret))") end mbed_err(ret) = throw(MbedException(ret)) mbed_ioerr(ret) = throw(Base.IOError(strerror(ret), ret)) function strerror(ret, bufsize=1000) buf = Base.StringVector(bufsize) ccall((:mbedtls_strerror, libmbedcrypto), Cvoid, (Cint, Ptr{Cvoid}, Csize_t), ret, buf, bufsize) resize!(buf, something(findfirst(iszero, buf), length(buf) + 1) - 1) s = String(buf) if ret == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE s *= " (You may need to enable `ssl_conf_renegotiation!`. See " * "https://github.com/JuliaWeb/HTTP.jl/issues/342#issuecomment-432921180)" end return s end +/opt/julia/packages/MbedTLS/Vaaz8/src/md.jl# Message digest constants from mbedtls_md_type_t enum in md.h @enum(MDKind, MD_NONE=0, MD_MD2, MD_MD4, MD_MD5, MD_SHA1, MD_SHA224, MD_SHA256, MD_SHA384, MD_SHA) mutable struct MDInfo data::Ptr{Cvoid} end mutable struct MD{IsHMAC} <: IO data::Ptr{Cvoid} info::MDInfo function MD{IsHMAC}() where IsHMAC ctx = new{IsHMAC}() ctx.data = Libc.malloc(50) # 24 ccall((:mbedtls_md_init, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) finalizer(ctx->begin ccall((:mbedtls_md_free, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end, ctx) ctx end end function MDInfo(kind::MDKind) ret = ccall((:mbedtls_md_info_from_type, libmbedcrypto), Ptr{Cvoid}, (Cint,), Int(kind)) if ret == C_NULL error("Could not find MD type for kind $kind") end MDInfo(ret) end function MDInfo(kind::AbstractString) ret = ccall((:mbedtls_md_info_from_string, libmbedcrypto), Ptr{Cvoid}, (Cstring,), String(kind)) MDInfo(ret) end function get_name(info::MDInfo) ret = ccall((:mbedtls_md_get_name, libmbedcrypto), Ptr{UInt8}, (Ptr{Cvoid},), info.data) unsafe_string(ret) end get_name(md::MD) = get_name(md.info) function Base.show(io::IO, info::MDInfo) print(io, "Message digest $(get_name(info))") end function Base.show(io::IO, md::MD{true}) print(io, "HMAC with hash $(get_name(md))") end function Base.show(io::IO, md::MD{false}) print(io, "Digest with hash $(get_name(md))") end function MD(kind::MDKind) ctx = MD{false}() ctx.info = MDInfo(kind) @err_check ccall((:mbedtls_md_setup, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Cint), ctx.data, ctx.info.data, 0) @err_check ccall((:mbedtls_md_starts, libmbedcrypto), Cint, (Ptr{Cvoid},), ctx.data) ctx end function MD(kind::MDKind, key) ctx = MD{true}() ctx.info = MDInfo(kind) @err_check ccall((:mbedtls_md_setup, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Cint), ctx.data, ctx.info.data, 1) @err_check ccall((:mbedtls_md_hmac_starts, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t), ctx.data, key, sizeof(key)) ctx end function Base.copy(md::MD) new_md = MD() @err_check ccall((:mbedtls_md_clone, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}), new_md.data, md.data) new_md.info = md.info new_md end """ `get_size(kind::MDKind) -> Int` Returns the size of the digest in bytes that the given digest type requires. For example, ```julia get_size(MD_SHA256) == 32 ``` """ function get_size(info::MDInfo) ret = ccall((:mbedtls_md_get_size, libmbedcrypto), Cuchar, (Ptr{Cvoid},), info.data) Int(ret) end get_size(md::MD) = get_size(md.info) get_size(kind::MDKind) = get_size(MDInfo(kind)) function _write(ctx::MD{false}, buf, size) @err_check ccall((:mbedtls_md_update, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Csize_t), ctx.data, buf, size) end function _write(ctx::MD{true}, buf, size) @err_check ccall((:mbedtls_md_hmac_update, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Csize_t), ctx.data, buf, size) end function Base.write(ctx::MD, buf::Vector) isbitstype(eltype(buf)) || error("Expected a vector of bits types got $(typeof(buf))") _write(ctx, buf, sizeof(buf)) end # To avoid ambiguity warnings Base.write(ctx::MD, buf::Vector{UInt8}) = _write(ctx, buf, sizeof(buf)) function Base.write(ctx::MD, i::Union{Float16,Float32,Float64,Int128,Int16,Int32,Int64,UInt128,UInt16,UInt32,UInt64}) _write(ctx, Ref(i), sizeof(i)) end Base.write(ctx::MD, i::UInt8) = _write(ctx, Ref(i), sizeof(i)) Base.write(ctx::MD, i::Int8) = _write(ctx, Ref(i), sizeof(i)) function finish!(ctx::MD{false}, buf) @err_check ccall((:mbedtls_md_finish, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}), ctx.data, buf) end function finish!(ctx::MD{true}, buf) @err_check ccall((:mbedtls_md_hmac_finish, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}), ctx.data, buf) end function finish!(ctx::MD) buf = Vector{UInt8}(undef, get_size(ctx)) finish!(ctx, buf) buf end function reset!(ctx::MD{true}) @err_check ccall((:mbedtls_md_hmac_reset, libmbedcrypto), Cint, (Ptr{Cvoid},), ctx.data) end function digest!(kind::MDKind, msg, buf) @err_check ccall((:mbedtls_md, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t, Ptr{UInt8}), MDInfo(kind).data, msg, sizeof(msg), buf) end """ `digest(kind::MDKind, msg::Vector{UInt8}, [key::Vector{UInt8}]) -> Vector{UInt8}` Perform a digest of the given type on the given message (a byte array), return a byte array with the digest. If an optional key is given, perform an HMAC digest. """ function digest end """ `digest!(kind::MDKind, msg::Vector{UInt8}, [key::Vector{UInt8}, ], buffer::Vector{UInt8})` In-place version of `digest` that stores the digest to `buffer`. It is the user's responsibility to ensure that buffer is long enough to contain the digest. `get_size(kind::MDKind)` returns the appropriate size. """ function digest! end function digest(kind::MDKind, msg) buf = Vector{UInt8}(undef, get_size(kind)) digest!(kind, msg, buf) buf end function digest!(kind::MDKind, msg, key, buf) @err_check ccall((:mbedtls_md_hmac, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t, Ptr{UInt8}, Csize_t, Ptr{UInt8}), MDInfo(kind).data, key, sizeof(key), msg, sizeof(msg), buf) end function digest(kind::MDKind, msg, key) buf = Vector{UInt8}(undef, get_size(kind)) digest!(kind, msg, key, buf) buf end //opt/julia/packages/MbedTLS/Vaaz8/src/cipher.jlT'@enum(CipherID, CIPHER_ID_NONE=0, CIPHER_ID_NULL, CIPHER_AES, CIPHER_DES, CIPHER_3DES, CIPHER_CAMELLIA, CIPHER_BLOWFISH, CIPHER_ARC4) @enum(CipherKind, CIPHER_NONE = 0, CIPHER_NULL, CIPHER_AES_128_ECB, CIPHER_AES_192_ECB, CIPHER_AES_256_ECB, CIPHER_AES_128_CBC, CIPHER_AES_192_CBC, CIPHER_AES_256_CBC, CIPHER_AES_128_CFB128, CIPHER_AES_192_CFB128, CIPHER_AES_256_CFB128, CIPHER_AES_128_CTR, CIPHER_AES_192_CTR, CIPHER_AES_256_CTR, CIPHER_AES_128_GCM, CIPHER_AES_192_GCM, CIPHER_AES_256_GCM, CIPHER_CAMELLIA_128_ECB, CIPHER_CAMELLIA_192_ECB, CIPHER_CAMELLIA_256_ECB, CIPHER_CAMELLIA_128_CBC, CIPHER_CAMELLIA_192_CBC, CIPHER_CAMELLIA_256_CBC, CIPHER_CAMELLIA_128_CFB128, CIPHER_CAMELLIA_192_CFB128, CIPHER_CAMELLIA_256_CFB128, CIPHER_CAMELLIA_128_CTR, CIPHER_CAMELLIA_192_CTR, CIPHER_CAMELLIA_256_CTR, CIPHER_CAMELLIA_128_GCM, CIPHER_CAMELLIA_192_GCM, CIPHER_CAMELLIA_256_GCM, CIPHER_DES_ECB, CIPHER_DES_CBC, CIPHER_DES_EDE_ECB, CIPHER_DES_EDE_CBC, CIPHER_DES_EDE3_ECB, CIPHER_DES_EDE3_CBC, CIPHER_BLOWFISH_ECB, CIPHER_BLOWFISH_CBC, CIPHER_BLOWFISH_CFB64, CIPHER_BLOWFISH_CTR, CIPHER_ARC4_128, CIPHER_AES_128_CCM, CIPHER_AES_192_CCM, CIPHER_AES_256_CCM, CIPHER_CAMELLIA_128_CCM, CIPHER_CAMELLIA_192_CCM, CIPHER_CAMELLIA_256_CCM) @enum(CipherMode, CIPHER_MODE_NONE = 0, CIPHER_MODE_ECB, CIPHER_MODE_CBC, CIPHER_MODE_CFB, CIPHER_MODE_OFB, CIPHER_MODE_CTR, CIPHER_MODE_GCM, CIPHER_MODE_STREAM, CIPHER_MODE_CCM) @enum(Padding, PADDING_PKCS7 = 0, PADDING_ONE_AND_ZEROS, PADDING_ZEROS_AND_LEN, PADDING_ZEROS, PADDING_NONE) @enum(Operation, OPERATION_NONE = -1, DECRYPT = 0, ENCRYPT) mutable struct CipherInfo data::Ptr{Cvoid} end mutable struct Cipher data::Ptr{Cvoid} function Cipher() ctx = new() ctx.data = Libc.malloc(200) # 88 ccall((:mbedtls_cipher_init, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) finalizer(ctx->begin ccall((:mbedtls_cipher_free, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end, ctx) ctx end end function CipherInfo(name::AbstractString) ptr = ccall((:mbedtls_cipher_info_from_string, libmbedcrypto), Ptr{Cvoid}, (Cstring,), String(name)) ptr == C_NULL && error("No cipher for $name found") CipherInfo(ptr) end function CipherInfo(kind::CipherKind) ptr = ccall((:mbedtls_cipher_info_from_type, libmbedcrypto), Ptr{Cvoid}, (Cint,), Int(kind)) ptr == C_NULL && error("No cipher for $kind found") CipherInfo(ptr) end """ `CipherInfo(id::CipherID, key_bitlength, mode::CipherMode) -> CipherInfo` Construct a custom cipher info object. - `id`: A CipherID, such as CIPHER_AES of CIPHER_BLOWFIHS - `key_bitlength`: The bit length of the secret key. Available options depend on the specific cipher id. - `mode`: Either `Encrypt` or `Decrypt` to indicate which cipher operation will be performed with this cipher info. """ function CipherInfo(id::CipherID, key_bitlen, mode::CipherMode) ptr = ccall((:mbedtls_cipher_info_from_values, libmbedcrypto), Ptr{Cvoid}, (Cint, Cint, Cint), Int(id), key_bitlen, Int(mode)) ptr == C_NULL && error("No cipher for ($id, $(key_bitlen), $mode) found") CipherInfo(ptr) end """ `CipherInfo(id::CipherID) -> CipherInfo` Build a CipherInfo for the given cipher id using the strongest available key size and the CBC block mode. *Warning*: In CBC block mode, it is imperative that you use a unique IV (initial value) for each encryption operation to maintain security. """ function CipherInfo(id::CipherID) canonical_map = Dict( CIPHER_AES => CIPHER_AES_256_CBC, CIPHER_DES => CIPHER_DES_CBC, CIPHER_CAMELLIA => CIPHER_CAMELLIA_256_CBC, CIPHER_BLOWFISH => CIPHER_BLOWFISH_CBC, CIPHER_ARC4 => CIPHER_ARC4_128 ) if haskey(canonical_map, id) canonical_map[id] else error("No default cipher found for $id. Use the three-argument constructor of CipherInfo to explicitly create a cipher info object.") end end function Cipher(info::CipherInfo) cipher = Cipher() @err_check ccall((:mbedtls_cipher_setup, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}), cipher.data, info.data) cipher end """ `Cipher(info::Union{CipherID, CipherKind}) -> Cipher` Construct a cipher object and set it to use the specified cipher algorithm. The algorithm can either be specific (ie, `CIPHER_AES_256_CBC`), or general (ie, `CIPHER_AES`). In the latter case, a default choice of specific cipher will be used. See `?CipherInfo` for more details. """ Cipher(info::Union{CipherID, CipherKind}) = Cipher(CipherInfo(info)) function Base.show(io::IO, cipher::Cipher) print(io, "Cipher($(cipher.data)") end function get_key_bitlen(cipher::Cipher) ret = ccall((:mbedtls_cipher_get_key_bitlen, libmbedcrypto), Cint, (Ptr{Cvoid},), cipher.data) Int(ret) end tobytes(x::Vector{UInt8}) = x tobytes(x::Base.CodeUnits) = x tobytes(x) = codeunits(x) function set_key!(cipher::Cipher, key, op::Operation) key_b = tobytes(key) keysize = 8 * sizeof(key_b) # Convert key size from bytes to bits @err_check ccall((:mbedtls_cipher_setkey, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Cint, Cint), cipher.data, key_b, keysize, Int(op)) key end function set_padding_mode!(cipher::Cipher, padding::Padding) @err_check ccall((:mbedtls_cipher_set_padding_mode, libmbedcrypto), Cint, (Ptr{Cvoid}, Cint), cipher.data, Int(padding)) end function set_iv!(cipher::Cipher, iv) iv_b = tobytes(iv) @err_check ccall((:mbedtls_cipher_set_iv, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t), cipher.data, iv_b, sizeof(iv_b)) end """ `update!(cipher::Cipher, buf_in, buf_out::Vector{UInt8}) -> Int` Run the given cipher on `buf_in` (a String or `Vector{UInt8}`) and store the result of the cipher in `buf_out` (a `Vector{UInt8}`). It is your responsibility to ensure that `buf_out` is at least as large as necessary to hold the result. It should be at least as big as the size of `buf_in` plus the block size associated with `cipher`. """ function update!(cipher::Cipher, buf_in, buf_out) buf_in_b = tobytes(buf_in) out_ref = Ref{Csize_t}(sizeof(buf_out)) @err_check ccall((:mbedtls_cipher_update, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Csize_t, Ptr{Cvoid}, Ptr{Csize_t}), cipher.data, buf_in, sizeof(buf_in), buf_out, out_ref) Int(out_ref[]) end function finish!(cipher::Cipher, buf_out) out_ref = Ref{Csize_t}(sizeof(buf_out)) @err_check ccall((:mbedtls_cipher_finish, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Csize_t}), cipher.data, buf_out, out_ref) Int(out_ref[]) end function process_iv(iv, cipher) if isempty(iv) process_iv(nothing) else iv_b = tobytes(iv) iv_b, sizeof(iv_b) end end function process_iv(iv::Nothing, cipher) # todo: Don't hard-code a block size (this assumes 128-bit, as for AES) # todo: Think about what appropriate default (if any) should be used here zeros(Int8, 16), 16 end function crypt!(cipher::Cipher, iv, buf_in, buf_out) olen_ref = Ref{Csize_t}(sizeof(buf_out)) iv_b, iv_size = process_iv(iv, cipher) buf_in_b = tobytes(buf_in) @err_check ccall((:mbedtls_cipher_crypt, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t, Ptr{UInt8}, Csize_t, Ptr{UInt8}, Ptr{Csize_t}), cipher.data, iv_b, iv_size, buf_in_b, sizeof(buf_in_b), buf_out, olen_ref) Int(olen_ref[]) end crypt!(cipher::Cipher, buf_in, buf_out) = crypt!(cipher, C_NULL, buf_in, buf_out) function crypt(cipher_info, op::Operation, key, iv, msg) max_block_size = 256 # todo: obtain this dynamically from mbedtls buf = tobytes(msg) cipher = Cipher(cipher_info) set_key!(cipher, key, op) buf_out = Vector{UInt8}(undef, sizeof(buf) + max_block_size) olen = crypt!(cipher, iv, buf, buf_out) resize!(buf_out, olen) buf_out end """ `encrypt(cipher, key, msg, [iv]) -> Vector{UInt8}` Encrypt a message using the given cipher. The cipher can be specified as - a generic cipher (like CIPHER_AES) - a specific cipher (like CIPHER_AES_256_CBC) - a Cipher object `key` is the symmetric key used for cryptography, given as either a String or a `Vector{UInt8}`. It must be the right length for the chosen cipher; for example, CIPHER_AES_256_CBC requires a 32-byte (256-bit) key. `msg` is the message to be encoded. It should either be convertible to a String or be a `Vector{UInt8}`. `iv` is the initialization vector, whose size must match the block size of the cipher (eg, 16 bytes for AES). By default, it will be set to all zeros, which is not secure. For security reasons, it should be set to a different value for each encryption operation. """ encrypt(cipher, key, msg, iv=nothing) = crypt(cipher, ENCRYPT, key, iv, msg) """ `decrypt(cipher, key, msg, [iv]) -> Vector{UInt8}` Decrypt a message using the given cipher. The cipher can be specified as - a generic cipher (like CIPHER_AES) - a specific cipher (like CIPHER_AES_256_CBC) - a Cipher object `key` is the symmetric key used for cryptography, given as either a String or a `Vector{UInt8}`. It must be the right length for the chosen cipher; for example, CIPHER_AES_256_CBC requires a 32-byte (256-bit) key. `msg` is the message to be encoded. It should either be convertible to a String or be a `Vector{UInt8}`. `iv` is the initialization vector, whose size must match the block size of the cipher (eg, 16 bytes for AES) and correspond to the iv used by the encryptor. By default, it will be set to all zeros. """ decrypt(cipher, key, msg, iv=nothing) = crypt(cipher, DECRYPT, key, iv, msg) ,/opt/julia/packages/MbedTLS/Vaaz8/src/rsa.jl%struct mbedtls_mpi s::Cint n::Csize_t p::Ptr{Cuint} end struct mbedtls_rsa_context ver::Cint len::Csize_t N::mbedtls_mpi E::mbedtls_mpi D::mbedtls_mpi P::mbedtls_mpi Q::mbedtls_mpi # More fields follow, but omitted here, since they # are not required for this wrapper end mutable struct RSA data::Ptr{mbedtls_rsa_context} function RSA(padding=MBEDTLS_RSA_PKCS_V21, hash_id=MD_MD5) ctx = new() ctx.data = Libc.malloc(1000) ccall((:mbedtls_rsa_init, libmbedcrypto), Cvoid, (Ptr{Cvoid}, Cint, Cint), ctx.data, padding, hash_id) finalizer(ctx->begin ccall((:mbedtls_rsa_free, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end, ctx) ctx end end function mpi_import!(mpi::Ptr{mbedtls_mpi}, b::BigInt) # Export from GMP size = ndigits(b, base=2) nbytes = div(size+8-1,8) data = Vector{UInt8}(undef, nbytes) count = Ref{Csize_t}(0) # TODO Replace `Any` with `Ref{BigInt}` when 0.6 support is dropped. ccall((:__gmpz_export,:libgmp), Ptr{Cvoid}, (Ptr{Cvoid}, Ptr{Csize_t}, Cint, Csize_t, Cint, Csize_t, Any), data, count, 1, 1, 1, 0, b) @assert count[] == nbytes # Import into mbedtls @err_check ccall((:mbedtls_mpi_read_binary, libmbedcrypto), Cint, (Ptr{mbedtls_mpi}, Ptr{UInt8}, Csize_t), mpi, data, nbytes) end function mpi_size(mpi::Ptr{mbedtls_mpi}) ccall((:mbedtls_mpi_size, libmbedcrypto), Csize_t, (Ptr{mbedtls_mpi},), mpi) end function pubkey_from_vals!(ctx::RSA, e::BigInt, n::BigInt) Nptr = Ptr{mbedtls_mpi}(ctx.data+fieldoffset(mbedtls_rsa_context,3 #= :N =#)) mpi_import!(Nptr, n) mpi_import!(Ptr{mbedtls_mpi}(ctx.data+fieldoffset(mbedtls_rsa_context,4 #= :E =#)), e) nptr_size = mpi_size(Nptr) unsafe_store!(Ptr{Csize_t}(ctx.data+fieldoffset(mbedtls_rsa_context,2 #=:len =#)), nptr_size) @err_check ccall((:mbedtls_rsa_check_pubkey, libmbedcrypto), Cint, (Ptr{Cvoid},), ctx.data) ctx end function verify(ctx::RSA, hash_alg::MDKind, hash, signature, rng = nothing; using_public=true) (!using_public && rng == nothing) && error("Private key verification requires the rng") # All errors, including validation errors throw @err_check ccall((:mbedtls_rsa_pkcs1_verify, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Any, Cint, Cint, Csize_t, Ptr{UInt8}, Ptr{UInt8}), ctx.data, rng == nothing ? C_NULL : c_rng[], rng == nothing ? Ref{Any}() : rng, using_public ? 0 : 1, hash_alg, sizeof(hash), hash, signature) end function gen_key!(ctx::RSA, f_rng, rng, nbits, exponent) @err_check ccall((:mbedtls_rsa_gen_key, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Any, Cint, Cint), ctx.data, f_rng, rng, nbits, exponent) ctx end function gen_key(rng::AbstractRNG, nbits=2048, exponent=65537) ctx = RSA() gen_key!(ctx, c_rng[], rng, nbits, exponent) ctx end function public(ctx::RSA, input, output) @err_check ccall((:mbedtls_rsa_public, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}), ctx.data, input, output) output end function private(ctx::RSA, f_rng, rng, input, output) @err_check ccall((:mbedtls_rsa_private, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Any, Ptr{Cvoid}, Ptr{Cvoid}), ctx.data, f_rng, rng, input, output) output end function private(ctx::RSA, rng::AbstractRNG, input, output) private(ctx, c_rng[], rng, input, output) end 0/opt/julia/packages/MbedTLS/Vaaz8/src/entropy.jlmutable struct Entropy data::Ptr{Cvoid} sources::Vector{Any} function Entropy() ctx = new() ctx.data = Libc.malloc(100000) # Exact byte count is 75088; playing it safe with some buffer ctx.sources = Any[] ccall((:mbedtls_entropy_init, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) finalizer(ctx->begin ccall((:mbedtls_entropy_free, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end, ctx) ctx end end function add_source!(ctx::Entropy, f_source::Ptr, f, threshold, strong) ret = ccall((:mbedtls_entropy_add_source, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Any, Csize_t, Cint), ctx.data, f_source, f, threshold, strong) Int(ret) end function jl_entropy(f, output, len, olen) output_jl = unsafe_wrap(Array, convert(Ptr{UInt8}, output), len) sz = f(output_jl) unsafe_store!(convert(Ptr{Csize_t}, olen), Csize_t(sz)) return Cint(0) end function add_source!(ctx::Entropy, f::Function, threshold, strong) push!(ctx.sources, f) add_source!(ctx, c_entropy[], f, threshold, strong ? 1 : 0) end const c_entropy = Ref{Ptr{Cvoid}}(C_NULL) function __entropyinit__() c_entropy[] = @cfunction(jl_entropy, Cint, (Any, Ptr{Cvoid}, Csize_t, Ptr{Cvoid})) end function gather(ctx::Entropy) @err_check ccall((:mbedtls_entropy_gather, libmbedcrypto), Cint, (Ptr{Cvoid},), ctx.data) end function update_manual(ctx::Entropy, data::Vector{UInt8}) @err_check ccall((:mbedtls_entropy_update_manual, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t), ctx.data, data, length(data)) end 1/opt/julia/packages/MbedTLS/Vaaz8/src/ctr_drbg.jlmutable struct CtrDrbg <: AbstractRNG data::Ptr{Cvoid} entropy::Union{Cvoid, Entropy} function CtrDrbg() ctx = new() ctx.data = Libc.malloc(1000) # 344 ccall((:mbedtls_ctr_drbg_init, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) finalizer(ctx->begin ccall((:mbedtls_ctr_drbg_free, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end, ctx) ctx end CrtDrbg(data) = new(data) end function f_rng(rng, c_buf, sz) jl_buf = unsafe_wrap(Array, c_buf, sz) rand!(rng, jl_buf) MBED_SUCCESS end function seed!(rng::CtrDrbg, entropy, pdata) rng.entropy = entropy entropy_func = cglobal((:mbedtls_entropy_func, libmbedcrypto)) @err_check ccall((:mbedtls_ctr_drbg_seed, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}, Csize_t), rng.data, entropy_func, entropy.data, pdata, sizeof(pdata)) rng end seed!(rng::CtrDrbg, entropy) = seed!(rng, entropy, UInt8[]) function Random.rand!(rng::CtrDrbg, buf::Array) @err_check ccall((:mbedtls_ctr_drbg_random, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Csize_t), rng.data, buf, sizeof(buf)) buf end function Random.rand(rng::CtrDrbg, size::Integer) buf = Vector{UInt8}(undef, size) rand!(rng, buf) end const c_rng = Ref{Ptr{Cvoid}}(C_NULL) function __ctr_drbg__init__() c_rng[] = @cfunction(f_rng, Cint, (Any, Ptr{UInt8}, Csize_t)) end+/opt/julia/packages/MbedTLS/Vaaz8/src/pk.jl`mutable struct PKContext data::Ptr{Cvoid} function PKContext() ctx = new() ctx.data = Libc.malloc(32) ccall((:mbedtls_pk_init, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) finalizer(ctx->begin ccall((:mbedtls_pk_free, libmbedcrypto), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end, ctx) ctx end end const MBEDTLSLOCK = ReentrantLock() function parse_keyfile!(ctx::PKContext, path, password="") @err_check ccall((:mbedtls_pk_parse_keyfile, libmbedcrypto), Cint, (Ptr{Cvoid}, Cstring, Cstring), ctx.data, path, password) end function parse_keyfile(path, password="") ctx = PKContext() parse_keyfile!(ctx, path, password) ctx end function parse_public_keyfile!(ctx::PKContext, path) @err_check ccall((:mbedtls_pk_parse_public_keyfile, libmbedcrypto), Cint, (Ptr{Cvoid}, Cstring), ctx.data, path) end function parse_public_keyfile(path) ctx = PKContext() parse_public_keyfile!(ctx, path) ctx end function parse_public_key!(ctx::PKContext, key) key_bs = String(key) @err_check ccall((:mbedtls_pk_parse_public_key, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cuchar}, Csize_t), ctx.data, key_bs, sizeof(key_bs) + 1) end function parse_key!(ctx::PKContext, key, maybe_pw = nothing) key_bs = String(key) if maybe_pw === nothing pw = C_NULL pw_size = 0 else pw = String(maybe_pw) pw_size = sizeof(pw) # Might be off-by-one end @err_check ccall((:mbedtls_pk_parse_key, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{Cuchar}, Csize_t, Ptr{Cuchar}, Csize_t), ctx.data, key_bs, sizeof(key_bs) + 1, pw, pw_size) end function bitlength(ctx::PKContext) sz = ccall((:mbedtls_pk_get_bitlen, libmbedcrypto), Csize_t, (Ptr{Cvoid},), ctx.data) sz >= 0 || mbed_err(sz) Int(sz) end function decrypt!(ctx::PKContext, input, output, rng) outlen_ref = Ref{Cint}(0) Base.@lock MBEDTLSLOCK begin @err_check ccall((:mbedtls_pk_decrypt, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t, Ptr{Cvoid}, Ref{Cint}, Csize_t, Ptr{Cvoid}, Any), ctx.data, input, sizeof(input), output, outlen_ref, sizeof(output), c_rng[], rng) end outlen = outlen_ref[] Int(outlen) end function encrypt!(ctx::PKContext, input, output, rng) outlen_ref = Ref{Cint}(0) Base.@lock MBEDTLSLOCK begin @err_check ccall((:mbedtls_pk_encrypt, libmbedcrypto), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t, Ptr{Cvoid}, Ref{Cint}, Csize_t, Ptr{Cvoid}, Any), ctx.data, input, sizeof(input), output, outlen_ref, sizeof(output), c_rng[], rng) end outlen = outlen_ref[] Int(outlen) end function sign!(ctx::PKContext, hash_alg::MDKind, hash, output, rng) outlen_ref = Ref{Csize_t}(sizeof(output)) Base.@lock MBEDTLSLOCK begin @err_check ccall((:mbedtls_pk_sign, libmbedcrypto), Cint, (Ptr{Cvoid}, Cint, Ptr{UInt8}, Csize_t, Ptr{UInt8}, Ref{Csize_t}, Ptr{Cvoid}, Any), ctx.data, hash_alg, hash, sizeof(hash), output, outlen_ref, c_rng[], rng) end outlen = outlen_ref[] Int(outlen) end function sign(ctx::PKContext, hash_alg::MDKind, hash, rng) n = Int64(ceil(bitlength(ctx) / 8)) output = Vector{UInt8}(undef, n) @assert sign!(ctx, hash_alg, hash, output, rng) == n output end function verify(ctx::PKContext, hash_alg::MDKind, hash, signature) @err_check ccall((:mbedtls_pk_verify, libmbedcrypto), Cint, (Ptr{Cvoid}, Cint, Ptr{UInt8}, Csize_t, Ptr{UInt8}, Csize_t), ctx.data, hash_alg, hash, sizeof(hash), signature, sizeof(signature)) end function get_name(ctx::PKContext) ptr = ccall((:mbedtls_pk_get_name, libmbedcrypto), Ptr{Cchar}, (Ptr{Cvoid},), ctx.data) unsafe_string(convert(Ptr{UInt8}, ptr)) end 1/opt/julia/packages/MbedTLS/Vaaz8/src/x509_crt.jlmutable struct CRT data::Ptr{Cvoid} function CRT() c = new() c.data = Libc.malloc(1000) # 552 ccall((:mbedtls_x509_crt_init, libmbedx509), Cvoid, (Ptr{Cvoid},), c.data) finalizer(c->begin ccall((:mbedtls_x509_crt_free, libmbedx509), Cvoid, (Ptr{Cvoid},), c.data) Libc.free(c.data) end, c) c end end show(io::IO, crt::CRT) = print(io, crt_info(crt)) function crt_info(crt::CRT) buf = Base.StringVector(1000) ret = ccall((:mbedtls_x509_crt_info, libmbedx509), Cint, (Ptr{Cvoid}, Csize_t, Cstring, Ptr{Cvoid}), buf, length(buf), "", crt.data) ret >= 0 || mbed_err(ret) resize!(buf, ret) return String(buf) end function crt_parse!(chain, buf::String) ret = ccall((:mbedtls_x509_crt_parse, libmbedx509), Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t), chain.data, buf, sizeof(buf)+1) ret == 0 || mbed_err(ret) chain end crt_parse!(chain, buf::IOStream) = crt_parse!(chain, String(read(buf))) crt_parse_file(path) = crt_parse(String(read(path))) function crt_parse(buf) crt = CRT() crt_parse!(crt, String(buf)) crt end ,/opt/julia/packages/MbedTLS/Vaaz8/src/ssl.jlninclude("debug.jl") # Data Structures mutable struct SSLConfig data::Ptr{Cvoid} rng chain::CRT dbg cert key alpn_protos function SSLConfig() conf = new() conf.data = Libc.malloc(1000) # 360 ccall((:mbedtls_ssl_config_init, libmbedtls), Cvoid, (Ptr{Cvoid},), conf.data) finalizer(x->begin data = x.data @async begin ccall((:mbedtls_ssl_config_free, libmbedtls), Cvoid, (Ptr{Cvoid},), data) Libc.free(data) end end, conf) conf end end Base.show(io::IO, c::SSLConfig) = print(io, "MbedTLS.SSLConfig()") mutable struct SSLContext <: IO data::Ptr{Cvoid} datalock::ReentrantLock waitlock::ReentrantLock config::SSLConfig isreadable::Bool bytesavailable::Int close_notify_sent::Bool bio function SSLContext() ctx = new() ctx.data = Libc.malloc(1000) # 488 ctx.datalock = ReentrantLock() ctx.waitlock = ReentrantLock() ctx.isreadable = false ctx.bytesavailable = -1 ctx.close_notify_sent = false ccall((:mbedtls_ssl_init, libmbedtls), Cvoid, (Ptr{Cvoid},), ctx.data) finalizer(x->begin data = x.data @async begin ccall((:mbedtls_ssl_free, libmbedtls), Cvoid, (Ptr{Cvoid},), ctx.data) Libc.free(ctx.data) end end, ctx) ctx end end # Handshake function handshake(ctx::SSLContext) ctx.isreadable && throw(ArgumentError("handshake() already done!")) ;@😬 "🤝 ..." while true n = ssl_handshake(ctx) if n == 0 break elseif n == MBEDTLS_ERR_SSL_WANT_READ ;@😬 "🤝 ⌛️" if eof(ctx.bio) throw(EOFError()) ;@💀 "🤝 🛑" end else ssl_abandon(ctx) ;@💀 "🤝 💥" mbed_ioerr(n) end end ;@😬 "🤝 ✅" ctx.isreadable = true ctx.bytesavailable = 0 ctx.close_notify_sent = false nothing end # Fatal Errors """ The documentation for `ssl_read`, `ssl_write` and `ssl_close_notify` all say: > If this function returns something other than 0 or > MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using the SSL context > for reading or writing, and either free it or call This function ensures that the `SSLContext` is won't be used again. """ function ssl_abandon(ctx::SSLContext) ;@💀 "ssl_abandon 💥" ctx.isreadable = false ctx.bytesavailable = 0 ctx.close_notify_sent = true close(ctx.bio) n = ssl_session_reset(ctx) n == 0 || mbed_ioerr(n) nothing end # Base ::IO Connection State Methods Sockets.getsockname(ctx::SSLContext) = Sockets.getsockname(ctx.bio) """ isreadable(ctx::SSLContext) True unless: - TLS `close_notify` was received, or - the peer closed the connection (and the TLS buffer is empty), or - an un-handled exception occurred while reading. """ function Base.isreadable(ctx::SSLContext) ctx.isreadable || return false # It's possible we received the shutdown, but didn't process it yet - if so, # do that now. if bytesavailable(ctx.bio) > 0 || ssl_check_pending(ctx) ssl_unsafe_read(ctx, Ptr{UInt8}(C_NULL), UInt(0)) end return ctx.isreadable end """ iswritable(ctx::SSLContext) True unless: - `close(::SSLContext)` is called, or - `closewrite(::SSLContext)` is called, or - the peer closed the connection. """ Base.iswritable(ctx::SSLContext) = !ctx.close_notify_sent && isopen(ctx.bio) """ isopen(ctx::SSLContext) Same as `iswritable(ctx)`. > "...a closed stream may still have data to read in its buffer, > use eof to check for the ability to read data." [?Base.isopen] """ Base.isopen(ctx::SSLContext) = iswritable(ctx) @static if isdefined(Base, :bytesavailable) """ bytesavailable(ctx::SSLContext) Number of decrypted bytes waiting in the TLS buffer. """ Base.bytesavailable(ctx::SSLContext) = ctx.bytesavailable else Base.nb_available(ctx::SSLContext) = ctx.bytesavailable end """ close(ctx::SSLContext) Send a TLS `close_notify` message to the peer. """ function Base.close(ctx::SSLContext) ;@💀 "close iswritable=$(iswritable(ctx))" if iswritable(ctx) closewrite(ctx) end @static if Sys.iswindows() && VERSION < v"1.9.0" # work-around for a libuv regression where we check the wrong flags during closing # introduced by https://github.com/libuv/libuv/pull/3036 in v1.42.0 # fixed by https://github.com/libuv/libuv/pull/3584 in v1.44.2 ctx.bio isa TCPSocket && isreadable(ctx.bio) && Base.start_reading(ctx.bio) end close(ctx.bio) nothing end if isdefined(Base, :closewrite) # Julia v1.7 VERSION const closewrite = Base.closewrite end """ closewrite(ctx::SSLContext) Send a TLS `close_notify` message to the peer. """ function closewrite(ctx::SSLContext) ;@💀 "close iswritable=$(iswritable(ctx))" n = ssl_close_notify(ctx) ctx.close_notify_sent = true ;@💀 "close 🗣" if n == MBEDTLS_ERR_SSL_WANT_READ || n == MBEDTLS_ERR_SSL_WANT_WRITE ;@💀 "close ⌛️" @assert false "Should not get to here because `f_send` " * "never returns ...WANT_READ/WRITE." elseif n != 0 ssl_abandon(ctx) mbed_ioerr(n) elseif !ctx.isreadable # already seen EOF, so we can go ahead and destroy this now immediately close(ctx.bio) end @assert !iswritable(ctx) nothing end # Sending Data """ Copy `nbytes` from `buf` to `ctx`. The TLS library function `ssl_write` is called as many times as needed to send all the data. The TLS library encrypts the data and passes it to the `f_send` function which sends it to the underlying connection (`ctx.bio`). See `f_send` and `set_bio!` below. """ function ssl_unsafe_write(ctx::SSLContext, buf::Ptr{UInt8}, nbytes::UInt) ctx.close_notify_sent && throw(Base.IOError("`unsafe_write` requires `!ctx.close_notify_sent`", 0)) nwritten = 0 ;@🤖 "ssl_write ➡️ $nbytes" while nwritten < nbytes n = ssl_write(ctx, buf + nwritten, nbytes - nwritten) if n == MBEDTLS_ERR_SSL_WANT_READ || n == MBEDTLS_ERR_SSL_WANT_WRITE ;@💀 "ssl_write ⌛️" @assert false "Should not get to here because `f_send` " * "never returns ...WANT_READ/WRITE." yield() continue elseif n < 0 ssl_abandon(ctx) ;@🤖 "ssl_write 💥" mbed_ioerr(n) end nwritten += n end return Int(nwritten) end # Sending Encrypted Data """ Copy `nbytes` of encrypted data from `buf` to the underlying `bio` connection. """ function f_send(c_bio, buf, nbytes) ;@🤖 "f_send ➡️ $nbytes" bio = unsafe_pointer_to_objref(c_bio) if !isopen(bio) || bio.status == Base.StatusClosing return Cint(MBEDTLS_ERR_NET_CONN_RESET) end try return Cint(unsafe_write(bio, buf, nbytes)) catch ex ex isa Base.IOError && return Cint(MBEDTLS_ERR_NET_SEND_FAILED) rethrow() # this may corrupt memory, lead to undefined behavior, or (hopefully) just be badly fatal end end """ Connect `f_send` and `f_recv` callback functions to `SSLContext`. """ function set_bio!(ctx::SSLContext, bio::T) where {T<:IO} isopen(bio) || throw(ArgumentError("`set_bio!` requires `isopen(bio)`")) ctx.bio = bio ssl_set_bio(ctx, pointer_from_objref(bio), c_send[], c_recv[]) nothing end # Receiving Data """ eof(ctx::SSLContext) True if not `isreadable` and there are no more `bytesavailable` to read. """ function Base.eof(ctx::SSLContext) ctx.bytesavailable > 0 && return false # While there are no decrypted bytes available but the connection is readable: # - If the TLS buffer has no pending (unprocessed) data, wait for # more encrypted data to arrive on the underlying connection. # - Run a zero-byte read to allow the library to process its internal buffer, # and/or read from the underlying connection. # - `ssl_unsafe_read` updates the `isreadable` and `bytesavailable` state. lock(ctx.waitlock) try while ctx.isreadable && ctx.bytesavailable <= 0 if !ssl_check_pending(ctx) ;@🤖 "wait_for_encrypted_data ⌛️"; eof(ctx.bio) end ssl_unsafe_read(ctx, Ptr{UInt8}(C_NULL), UInt(0)) ;@🤖 "wait_for_decrypted_data 📥 $(ctx.bytesavailable)" end finally unlock(ctx.waitlock) end # note that the following are racy when there are multiple concurrent # users of an `SSLContext`, but we're at least not going to return # true until ctx.isreadable is false, which means we received a # close_notify, the underlying connection was closed, or some # other fatal ssl error occurred ctx.bytesavailable > 0 && return false return !ctx.isreadable end """ ssl_unsafe_read(::SSLContext, buf, nbytes) Copies at most `nbytes` of decrypted data into `buf`. Never blocks to wait for more data to arrive. Returns number of bytes copied into `buf` (`<= nbytes`). Updates `ctx.bytesavailable` with the number of decrypted bytes remaining in the TLS buffer. Stops when: - `nbytes` have been copied, or - there are no more decrypted bytes available in the TLS buffer, or - a TLS `close_notify` message is received. When TLS `close_notify` is received: - `isreadable` is set to false [RFC5246 7.2.1]: "Any data received after a closure alert is ignored." - the number of bytes read before the `close_notify` is returned as usual. Throws a `IOError` if `ssl_read` returns an unhandled error code. When an unhandled exception occurs `isreadable` is set to false. """ function ssl_unsafe_read(ctx::SSLContext, buf::Ptr{UInt8}, nbytes::UInt) ctx.isreadable || throw(Base.IOError("`ssl_unsafe_read` requires `isreadable(::SSLContext)`", 0)) nread::UInt = 0 try while true n = ssl_read(ctx, buf + nread, nbytes - nread) ;@😬 "ssl_read ⬅️ $n $(n == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ? "(CLOSE_NOTIFY)" : n == MBEDTLS_ERR_SSL_CONN_EOF ? "(CONN_EOF)" : n == MBEDTLS_ERR_NET_CONN_RESET ? "(CONN_RESET)" : n == MBEDTLS_ERR_SSL_WANT_READ ? "(WANT_READ)" : "")" if n == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY || n == MBEDTLS_ERR_SSL_CONN_EOF || n == 0 if n == nbytes == 0 # caller just wanted us to update bytesavilable ctx.bytesavailable = ssl_get_bytes_avail(ctx) ;@🤖 "ssl_read ⬅️ $nread, 📥 $(ctx.bytesavailable)" else ctx.bytesavailable = 0 end ctx.isreadable = ctx.bytesavailable > 0 if !ctx.isreadable && ctx.close_notify_sent # already called closewrite, so we can go ahead and destroy this fully immediately close(ctx.bio) end return nread elseif n == MBEDTLS_ERR_SSL_WANT_READ ctx.bytesavailable = 0 ;@😬 "ssl_read ⌛️ $nread" return nread elseif n < 0 ssl_abandon(ctx) mbed_ioerr(n) end nread += n @assert nread <= nbytes if nread == nbytes ctx.bytesavailable = ssl_get_bytes_avail(ctx) ;@🤖 "ssl_read ⬅️ $nread, 📥 $(ctx.bytesavailable)" return nread end end catch ;@💀 "ssl_read 💥" ssl_abandon(ctx) rethrow() end @assert false "unreachable" end """ Copy at most `nbytes` of encrypted data to `buf` from the `bio` connection. If no encrypted bytes are available return: - `MBEDTLS_ERR_SSL_WANT_READ` if the connection is still open, or - `MBEDTLS_ERR_SSL_CONN_EOF` if it is closed. - `MBEDTLS_ERR_NET_RECV_FAILED` if it is errored. """ function f_recv(c_bio, buf, nbytes) # (Ptr{Cvoid}, Ptr{UInt8}, Csize_t) @assert nbytes > 0 bio = unsafe_pointer_to_objref(c_bio) n = bytesavailable(bio) if n == 0 # TODO: we should be able to forward this value directly from wait_for_encrypted_data isreadable(bio) && ( @🤖 "f_recv WANT_READ"; return Cint(MBEDTLS_ERR_SSL_WANT_READ)) try eof(bio) && ( @🤖 "f_recv CONN_EOF"; return Cint(MBEDTLS_ERR_SSL_CONN_EOF)) catch ex ;@🤖 "f_recv RECV_FAILED" ex isa Base.IOError && return Cint(MBEDTLS_ERR_NET_RECV_FAILED) rethrow() end end n = min(nbytes, n) ;@🤖 "f_recv ⬅️ $n" unsafe_read(bio, buf, n) return Cint(n) end # Base ::IO Write Methods -- wrappers for `ssl_unsafe_write` Base.unsafe_write(ctx::SSLContext, msg::Ptr{UInt8}, N::UInt) = ssl_unsafe_write(ctx, msg, N) Base.write(ctx::SSLContext, msg::UInt8) = write(ctx, Ref(msg)) # Base ::IO Read Methods -- wrappers for `ssl_unsafe_read` """ unsafe_read(ctx::SSLContext, buf::Ptr{UInt8}, nbytes::UInt) Copy `nbytes` of decrypted data from `ctx` into `buf`. Wait for sufficient decrypted data to be available. Throw `EOFError` if the peer sends TLS `close_notify` or closes the connection before `nbytes` have been copied. """ function Base.unsafe_read(ctx::SSLContext, buf::Ptr{UInt8}, nbytes::UInt) nread = 0 while nread < nbytes if eof(ctx) ;@💀 "unsafe_read 🛑" throw(EOFError()) end nread += ssl_unsafe_read(ctx, buf + nread, nbytes - nread) end ;@😬 "unsafe_read ⬅️ $nread" nothing end """ readbytes!(ctx::SSLContext, buf::Vector{UInt8}, nbytes=length(buf); kw...) Copy at most `nbytes` of decrypted data from `ctx` into `buf`. If `all=true`: wait for sufficient decrypted data to be available. Less than `nbytes` may be copied if the peer sends TLS `close_notify` or closes the connection. Returns number of bytes copied into `buf` (`<= nbytes`). """ Base.readbytes!(ctx::SSLContext, buf::Vector{UInt8}, nbytes=length(buf); kw...) = readbytes!(ctx, buf, UInt(nbytes); kw...) function Base.readbytes!(ctx::SSLContext, buf::Vector{UInt8}, nbytes::UInt; all::Bool=true) nbytes <= length(buf) || throw(ArgumentError("`buf` too small!")) nread = 0 GC.@preserve buf while nread < nbytes nread += ssl_unsafe_read(ctx, pointer(buf) + nread, nbytes - nread) if (nread == nbytes) || !all || eof(ctx) break end end ;@😬 "readbytes! ⬅️ $nread" return nread end """ readavailable(ctx::SSLContext) Read available decrypted data from `ctx`, but don't wait for more data to arrive. The amount of decrypted data that can be read at once is limited by `MBEDTLS_SSL_MAX_CONTENT_LEN`. """ function Base.readavailable(ctx::SSLContext) n = UInt(MBEDTLS_SSL_MAX_CONTENT_LEN) buf = Vector{UInt8}(undef, n) GC.@preserve buf n = ssl_unsafe_read(ctx, pointer(buf), n) ;@😬 "readavailable ⬅️ $n" return resize!(buf, n) end # Configuration function config_defaults!(config::SSLConfig; endpoint=MBEDTLS_SSL_IS_CLIENT, transport=MBEDTLS_SSL_TRANSPORT_STREAM, preset=MBEDTLS_SSL_PRESET_DEFAULT) @err_check ccall((:mbedtls_ssl_config_defaults, libmbedtls), Cint, (Ptr{Cvoid}, Cint, Cint, Cint), config.data, endpoint, transport, preset) end function authmode!(config::SSLConfig, auth) ccall((:mbedtls_ssl_conf_authmode, libmbedtls), Cvoid, (Ptr{Cvoid}, Cint), config.data, auth) end function rng!(config::SSLConfig, f_rng::Ptr{Cvoid}, rng) ccall((:mbedtls_ssl_conf_rng, libmbedtls), Cvoid, (Ptr{Cvoid}, Ptr{Cvoid}, Any), config.data, f_rng, rng) end function rng!(config::SSLConfig, rng::AbstractRNG) config.rng = rng rng!(config, c_rng[], rng) end function ca_chain!(config::SSLConfig, chain=crt_parse(DEFAULT_CERT[])) config.chain = chain ccall((:mbedtls_ssl_conf_ca_chain, libmbedtls), Cvoid, (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}), config.data, chain.data, C_NULL) end """ Enable / Disable renegotiation support for connection when initiated by peer (MBEDTLS_SSL_RENEGOTIATION_ENABLED or MBEDTLS_SSL_RENEGOTIATION_DISABLED). See: https://tls.mbed.org/api/ssl_8h.html#aad4f50fc1c0a018fd5eb18fd9621d0d3 """ function ssl_conf_renegotiation!(config::SSLConfig, renegotiation) ccall((:mbedtls_ssl_conf_renegotiation, libmbedtls), Cvoid, (Ptr{Cvoid}, Cint), config.data, renegotiation) end function own_cert!(config::SSLConfig, cert::CRT, key::PKContext) config.cert = cert config.key = key @err_check ccall((:mbedtls_ssl_conf_own_cert, libmbedtls), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}), config.data, cert.data, key.data) end function setup!(ctx::SSLContext, conf::SSLConfig) ctx.config = conf ssl_setup(ctx, conf) end function dbg!(conf::SSLConfig, f::Ptr{Cvoid}, p) ccall((:mbedtls_ssl_conf_dbg, libmbedtls), Cvoid, (Ptr{Cvoid}, Ptr{Cvoid}, Any), conf.data, f, p) end function f_dbg(f, level, filename, number, msg) f(level, unsafe_string(filename), number, unsafe_string(msg)) nothing end function dbg!(conf::SSLConfig, f) conf.dbg = f dbg!(conf, c_dbg[], f) nothing end @enum(DebugThreshold, NONE = 0, ERROR, STATE_CHANGE, INFO, VERBOSE) function set_dbg_level(level) ccall((:mbedtls_debug_set_threshold, libmbedtls), Cvoid, (Cint,), Cint(level)) nothing end function set_alpn!(conf::SSLConfig, protos) conf.alpn_protos = protos @err_check ccall((:mbedtls_ssl_conf_alpn_protocols, libmbedtls), Cint, (Ptr{Cvoid}, Ptr{Ptr{Cchar}}), conf.data, protos) nothing end function alpn_proto(ctx::SSLContext) rv = ccall((:mbedtls_ssl_get_alpn_protocol, libmbedtls), Ptr{Cchar}, (Ptr{Cvoid},), ctx.data) unsafe_string(rv) end # C API macro lockdata(ctx, expr) esc(quote lock($ctx.datalock) @assert $ctx.datalock.reentrancy_cnt == 1 try $expr finally unlock($ctx.datalock) end end) end function get_peer_cert(ctx::SSLContext) data = ccall((:mbedtls_ssl_get_peer_cert, libmbedtls), Ptr{Cvoid}, (Ptr{Cvoid},), ctx.data) return CRT(data) end function get_version(ctx::SSLContext) if isdefined(ctx, :config) data = ccall((:mbedtls_ssl_get_version, libmbedtls), Ptr{UInt8}, (Ptr{Cvoid},), ctx.data) return unsafe_string(data) else throw(ArgumentError("`ctx` hasn't been initialized with an MbedTLS.SSLConfig; run `MbedTLS.setup!(ctx, conf)`")) end end function get_ciphersuite(ctx::SSLContext) data = ccall((:mbedtls_ssl_get_ciphersuite, libmbedtls), Ptr{UInt8}, (Ptr{Cvoid},), ctx.data) return unsafe_string(data) end function ssl_setup(ctx::SSLContext, conf::SSLConfig) @lockdata ctx begin @err_check ccall((:mbedtls_ssl_setup, libmbedtls), Cint, (Ptr{Cvoid}, Ptr{Cvoid}), ctx.data, conf.data) end end function ssl_handshake(ctx::SSLContext) n = @lockdata ctx begin ccall((:mbedtls_ssl_handshake, libmbedtls), Cint, (Ptr{Cvoid},), ctx.data) end end """ Return the number of application data bytes remaining to be read from the current record. https://tls.mbed.org/api/ssl_8h.html#ad43142085f3182e9b0dc967ec582032b: """ function ssl_get_bytes_avail(ctx::SSLContext)::Int @lockdata ctx begin return ccall((:mbedtls_ssl_get_bytes_avail, libmbedtls), Csize_t, (Ptr{Cvoid},), ctx.data) end end """ ssl_check_pending(::SSLContext)::Bool Check if there is data already read from the underlying transport but not yet processed. If the SSL/TLS module successfully returns from an operation - e.g. a handshake or an application record read - and you're awaiting incoming data next, you must not immediately idle on the underlying transport to have data ready, but you need to check the value of this function first. The reason is that the desired data might already be read but not yet processed. If, in contrast, a previous call to the SSL/TLS module returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary to call this function, as the latter error code entails that all internal data has been processed. https://tls.mbed.org/api/ssl_8h.html#a4075f7de9877fd667bcfa2e819e33426 """ function ssl_check_pending(ctx::SSLContext)::Bool @lockdata ctx begin return ccall((:mbedtls_ssl_check_pending, libmbedtls), Cint, (Ptr{Cvoid},), ctx.data) > 0 end end function ssl_set_bio(ctx::SSLContext, bio, f_send::Ptr{Cvoid}, f_recv::Ptr{Cvoid}) @lockdata ctx begin ccall((:mbedtls_ssl_set_bio, libmbedtls), Cvoid, (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}), ctx.data, bio, f_send, f_recv, C_NULL) end end """ ssl_read(::SSLContext, ptr, n) Returns One of the following: 0 if the read end of the underlying transport was closed, the (positive) number of bytes read, or a negative error code on failure. If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data is available from the underlying transport. In this case, the function needs to be called again at some later stage. If this function returns something other than a positive value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed. https://tls.mbed.org/api/ssl_8h.html#aa2c29eeb1deaf5ad9f01a7515006ede5 """ function ssl_read(ctx::SSLContext, ptr, n)::Int ret = 0 @lockdata ctx begin # We want to allow GC to run while this thread is in the `ccall`. # When https://github.com/JuliaLang/julia/pull/49933 is completed # and lands, this should be changed to what is required by that. ccd = Base.cconvert(Ptr{Cvoid}, ctx.data) cptr = Base.cconvert(Ptr{Cvoid}, ptr) GC.@preserve ccd cptr begin ucd = Base.unsafe_convert(Ptr{Cvoid}, ccd)::Ptr{Cvoid} ucptr = Base.unsafe_convert(Ptr{Cvoid}, cptr)::Ptr{Cvoid} gc_state = @ccall(jl_gc_safe_enter()::Int8) ret = ccall((:mbedtls_ssl_read, libmbedtls), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Csize_t), ucd, ucptr, n) @ccall(jl_gc_safe_leave(gc_state::Int8)::Cvoid) end end return ret end """ ssl_write(::SSLContext, ptr, n) When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, it must be called later with the same arguments, until it returns a value greater that or equal to 0. When the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial data in the output buffer, however this is not yet sent. If this function returns something other than 0, a positive value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed. https://tls.mbed.org/api/ssl_8h.html#a5bbda87d484de82df730758b475f32e5 """ function ssl_write(ctx::SSLContext, ptr, n)::Int ret = 0 @lockdata ctx begin # We want to allow GC to run while this thread is in the `ccall`. # When https://github.com/JuliaLang/julia/pull/49933 is completed # and lands, this should be changed to what is required by that. ccd = Base.cconvert(Ptr{Cvoid}, ctx.data) cptr = Base.cconvert(Ptr{Cvoid}, ptr) GC.@preserve ccd cptr begin ucd = Base.unsafe_convert(Ptr{Cvoid}, ccd)::Ptr{Cvoid} ucptr = Base.unsafe_convert(Ptr{Cvoid}, cptr)::Ptr{Cvoid} gc_state = @ccall(jl_gc_safe_enter()::Int8) ret = ccall((:mbedtls_ssl_write, libmbedtls), Cint, (Ptr{Cvoid}, Ptr{Cvoid}, Csize_t), ucd, ucptr, n) @ccall(jl_gc_safe_leave(gc_state::Int8)::Cvoid) end end return ret end """ ssl_close_notify(::SSLContext) Notify the peer that the connection is being closed. 0 if successful, or a specific SSL error code. If this function returns something other than 0 or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using the SSL context for reading or writing, and either free it or call mbedtls_ssl_session_reset() on it before re-using it for a new connection; the current connection must be closed. https://tls.mbed.org/api/ssl_8h.html#ac2c1b17128ead2df3082e27b603deb4c """ function ssl_close_notify(ctx::SSLContext) @lockdata ctx begin return ccall((:mbedtls_ssl_close_notify, libmbedtls), Cint, (Ptr{Cvoid},), ctx.data) end end """ Reset an already initialized SSL context for re-use while retaining application-set variables, function pointers and data. """ function ssl_session_reset(ctx::SSLContext) @lockdata ctx begin return ccall((:mbedtls_ssl_session_reset, libmbedtls), Cint, (Ptr{Cvoid},), ctx.data) end end function hostname!(ctx::SSLContext, hostname) @err_check ccall((:mbedtls_ssl_set_hostname, libmbedtls), Cint, (Ptr{Cvoid}, Cstring), ctx.data, hostname) end const c_send = Ref{Ptr{Cvoid}}(C_NULL) const c_recv = Ref{Ptr{Cvoid}}(C_NULL) const c_dbg = Ref{Ptr{Cvoid}}(C_NULL) const DEFAULT_CERT = Ref{String}() function __sslinit__() c_send[] = @cfunction(f_send, Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t)) c_recv[] = @cfunction(f_recv, Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t)) c_dbg[] = @cfunction(f_dbg, Cvoid, (Any, Cint, Ptr{UInt8}, Cint, Ptr{UInt8})) # Note: `MozillaCACerts_jll.cacert` is filled by `__init__` if haskey(ENV, "MBEDTLSJL_CERT_PEM_FILE") fallback = abspath(ENV["MBEDTLSJL_CERT_PEM_FILE"]) DEFAULT_CERT[] = read(fallback, String) elseif haskey(ENV, "MBEDTLSJL_CERT_PEM_DIR") fallback = abspath(joinpath(ENV["MBEDTLSJL_CERT_PEM_DIR"], "cert.pem")) DEFAULT_CERT[] = read(fallback, String) elseif NetworkOptions.ca_roots() !== nothing && isfile(NetworkOptions.ca_roots()) DEFAULT_CERT[] = read(NetworkOptions.ca_roots(), String) elseif isfile(MozillaCACerts_jll.cacert) DEFAULT_CERT[] = read(MozillaCACerts_jll.cacert, String) else fallback = abspath(joinpath(Sys.BINDIR, "..", "share", "julia", "cert.pem")) DEFAULT_CERT[] = read(fallback, String) end return end ./opt/julia/packages/MbedTLS/Vaaz8/src/debug.jlusing Dates const DEBUG_LEVEL = 0 taskid(t=current_task()) = string(hash(t) & 0xffff, base=16, pad=4) debug_header() = string("MBTLS: ", rpad(Dates.now(), 24), taskid(), " ") macro debug(n::Int, s) DEBUG_LEVEL >= n ? :(println(debug_header(), $(esc(s)))) : :() end macro 💀(s) :( @debug 1 $(esc(s)) ) end macro 😬(s) :( @debug 2 $(esc(s)) ) end macro 🤖(s) :( @debug 3 $(esc(s)) ) end 9cu