|
BearSSL
|
Decryption engine for SSL. More...
Data Fields | |
| size_t | context_size |
| Context size (in bytes). More... | |
| int(* | check_length )(const br_sslrec_in_class *const *ctx, size_t record_len) |
| Test validity of the incoming record length. More... | |
| unsigned char *(* | decrypt )(const br_sslrec_in_class **ctx, int record_type, unsigned version, void *payload, size_t *len) |
| Decrypt the incoming record. More... | |
Decryption engine for SSL.
When processing incoming records, the SSL engine will use a decryption engine that uses a specific context structure, and has a set of methods (a vtable) that follows this template.
The decryption engine is responsible for applying decryption, verifying MAC, and keeping track of the record sequence number.
| int(* br_sslrec_in_class::check_length) (const br_sslrec_in_class *const *ctx, size_t record_len) |
Test validity of the incoming record length.
This function returns 1 if the announced length for an incoming record is valid, 0 otherwise,
| ctx | decryption engine context. |
| record_len | incoming record length. |
| size_t br_sslrec_in_class::context_size |
Context size (in bytes).
| unsigned char*(* br_sslrec_in_class::decrypt) (const br_sslrec_in_class **ctx, int record_type, unsigned version, void *payload, size_t *len) |
Decrypt the incoming record.
This function may assume that the record length is valid (it has been previously tested with check_length()). Decryption is done in place; *len is updated with the cleartext length, and the address of the first plaintext byte is returned. If the record is correct but empty, then *len is set to 0 and a non-NULL pointer is returned.
On decryption/MAC error, NULL is returned.
| ctx | decryption engine context. |
| record_type | record type (23 for application data, etc). |
| version | record version. |
| payload | address of encrypted payload. |
| len | pointer to payload length (updated). |
NULL on error.
1.8.13