1 /**
2  * \file ssl_ticket.h
3  *
4  * \brief Internal functions shared by the SSL modules
5  *
6  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  *
21  *  This file is part of mbed TLS (https://tls.mbed.org)
22  */
23 #ifndef MBEDTLS_SSL_INTERNAL_H
24 #define MBEDTLS_SSL_INTERNAL_H
25 
26 #include "ssl.h"
27 
28 #if defined(MBEDTLS_MD5_C)
29 #include "md5.h"
30 #endif
31 
32 #if defined(MBEDTLS_SHA1_C)
33 #include "sha1.h"
34 #endif
35 
36 #if defined(MBEDTLS_SHA256_C)
37 #include "sha256.h"
38 #endif
39 
40 #if defined(MBEDTLS_SHA512_C)
41 #include "sha512.h"
42 #endif
43 
44 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
45 #include "ecjpake.h"
46 #endif
47 
48 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
49     !defined(inline) && !defined(__cplusplus)
50 #define inline __inline
51 #endif
52 
53 /* Determine minimum supported version */
54 #define MBEDTLS_SSL_MIN_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
55 
56 #if defined(MBEDTLS_SSL_PROTO_SSL3)
57 #define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
58 #else
59 #if defined(MBEDTLS_SSL_PROTO_TLS1)
60 #define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
61 #else
62 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
63 #define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
64 #else
65 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
66 #define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
67 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
68 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
69 #endif /* MBEDTLS_SSL_PROTO_TLS1   */
70 #endif /* MBEDTLS_SSL_PROTO_SSL3   */
71 
72 /* Determine maximum supported version */
73 #define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
74 
75 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
76 #define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
77 #else
78 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
79 #define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
80 #else
81 #if defined(MBEDTLS_SSL_PROTO_TLS1)
82 #define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
83 #else
84 #if defined(MBEDTLS_SSL_PROTO_SSL3)
85 #define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
86 #endif /* MBEDTLS_SSL_PROTO_SSL3   */
87 #endif /* MBEDTLS_SSL_PROTO_TLS1   */
88 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
89 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
90 
91 #define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
92 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
93 #define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
94 #define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
95 
96 /*
97  * DTLS retransmission states, see RFC 6347 4.2.4
98  *
99  * The SENDING state is merged in PREPARING for initial sends,
100  * but is distinct for resends.
101  *
102  * Note: initial state is wrong for server, but is not used anyway.
103  */
104 #define MBEDTLS_SSL_RETRANS_PREPARING       0
105 #define MBEDTLS_SSL_RETRANS_SENDING         1
106 #define MBEDTLS_SSL_RETRANS_WAITING         2
107 #define MBEDTLS_SSL_RETRANS_FINISHED        3
108 
109 /*
110  * Allow extra bytes for record, authentication and encryption overhead:
111  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
112  * and allow for a maximum of 1024 of compression expansion if
113  * enabled.
114  */
115 #if defined(MBEDTLS_ZLIB_SUPPORT)
116 #define MBEDTLS_SSL_COMPRESSION_ADD          1024
117 #else
118 #define MBEDTLS_SSL_COMPRESSION_ADD             0
119 #endif
120 
121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
122 /* Ciphersuites using HMAC */
123 #if defined(MBEDTLS_SHA512_C)
124 #define MBEDTLS_SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
125 #elif defined(MBEDTLS_SHA256_C)
126 #define MBEDTLS_SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
127 #else
128 #define MBEDTLS_SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
129 #endif
130 #else
131 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
132 #define MBEDTLS_SSL_MAC_ADD                 16
133 #endif
134 
135 #if defined(MBEDTLS_CIPHER_MODE_CBC)
136 #define MBEDTLS_SSL_PADDING_ADD            256
137 #else
138 #define MBEDTLS_SSL_PADDING_ADD              0
139 #endif
140 
141 #define MBEDTLS_SSL_BUFFER_LEN  ( MBEDTLS_SSL_MAX_CONTENT_LEN               \
142                         + MBEDTLS_SSL_COMPRESSION_ADD               \
143                         + 29 /* counter + header + IV */    \
144                         + MBEDTLS_SSL_MAC_ADD                       \
145                         + MBEDTLS_SSL_PADDING_ADD                   \
146                         )
147 
148 /*
149  * TLS extension flags (for extensions with outgoing ServerHello content
150  * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
151  * of state of the renegotiation flag, so no indicator is required)
152  */
153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK                 (1 << 1)
155 
156 #ifdef __cplusplus
157 extern "C" {
158 #endif
159 
160 /*
161  * This structure contains the parameters only needed during handshake.
162  */
163 struct mbedtls_ssl_handshake_params
164 {
165     /*
166      * Handshake specific crypto variables
167      */
168     int sig_alg;                        /*!<  Hash algorithm for signature   */
169     int verify_sig_alg;                 /*!<  Signature algorithm for verify */
170 #if defined(MBEDTLS_DHM_C)
171     mbedtls_dhm_context dhm_ctx;                /*!<  DHM key exchange        */
172 #endif
173 #if defined(MBEDTLS_ECDH_C)
174     mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
175 #endif
176 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
177     mbedtls_ecjpake_context ecjpake_ctx;        /*!< EC J-PAKE key exchange */
178 #if defined(MBEDTLS_SSL_CLI_C)
179     unsigned char *ecjpake_cache;               /*!< Cache for ClientHello ext */
180     size_t ecjpake_cache_len;                   /*!< Length of cached data */
181 #endif
182 #endif
183 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
184     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
185     const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
186 #endif
187 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
188     unsigned char *psk;                 /*!<  PSK from the callback         */
189     size_t psk_len;                     /*!<  Length of PSK from callback   */
190 #endif
191 #if defined(MBEDTLS_X509_CRT_PARSE_C)
192     mbedtls_ssl_key_cert *key_cert;     /*!< chosen key/cert pair (server)  */
193 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
194     int sni_authmode;                   /*!< authmode from SNI callback     */
195     mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
196     mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
197     mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
198 #endif
199 #endif /* MBEDTLS_X509_CRT_PARSE_C */
200 #if defined(MBEDTLS_SSL_PROTO_DTLS)
201     unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
202     unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
203 
204     unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
205                                               Srv: unused                    */
206     unsigned char verify_cookie_len;    /*!<  Cli: cookie length
207                                               Srv: flag for sending a cookie */
208 
209     unsigned char *hs_msg;              /*!<  Reassembled handshake message  */
210 
211     uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
212     unsigned char retransmit_state;     /*!<  Retransmission state           */
213     mbedtls_ssl_flight_item *flight;            /*!<  Current outgoing flight        */
214     mbedtls_ssl_flight_item *cur_msg;           /*!<  Current message in flight      */
215     unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
216                                               flight being received          */
217     mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
218                                               resending messages             */
219     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
220                                               for resending messages         */
221 #endif
222 
223     /*
224      * Checksum contexts
225      */
226 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
227     defined(MBEDTLS_SSL_PROTO_TLS1_1)
228        mbedtls_md5_context fin_md5;
229       mbedtls_sha1_context fin_sha1;
230 #endif
231 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
232 #if defined(MBEDTLS_SHA256_C)
233     mbedtls_sha256_context fin_sha256;
234 #endif
235 #if defined(MBEDTLS_SHA512_C)
236     mbedtls_sha512_context fin_sha512;
237 #endif
238 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
239 
240     void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
241     void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
242     void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
243     int  (*tls_prf)(const unsigned char *, size_t, const char *,
244                     const unsigned char *, size_t,
245                     unsigned char *, size_t);
246 
247     size_t pmslen;                      /*!<  premaster length        */
248 
249     unsigned char randbytes[64];        /*!<  random bytes            */
250     unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
251                                         /*!<  premaster secret        */
252 
253     int resume;                         /*!<  session resume indicator*/
254     int max_major_ver;                  /*!< max. major version client*/
255     int max_minor_ver;                  /*!< max. minor version client*/
256     int cli_exts;                       /*!< client extension presence*/
257 
258 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
259     int new_session_ticket;             /*!< use NewSessionTicket?    */
260 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
261 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
262     int extended_ms;                    /*!< use Extended Master Secret? */
263 #endif
264 };
265 
266 /*
267  * This structure contains a full set of runtime transform parameters
268  * either in negotiation or active.
269  */
270 struct mbedtls_ssl_transform
271 {
272     /*
273      * Session specific crypto layer
274      */
275     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
276                                         /*!<  Chosen cipersuite_info  */
277     unsigned int keylen;                /*!<  symmetric key length (bytes)  */
278     size_t minlen;                      /*!<  min. ciphertext length  */
279     size_t ivlen;                       /*!<  IV length               */
280     size_t fixed_ivlen;                 /*!<  Fixed part of IV (AEAD) */
281     size_t maclen;                      /*!<  MAC length              */
282 
283     unsigned char iv_enc[16];           /*!<  IV (encryption)         */
284     unsigned char iv_dec[16];           /*!<  IV (decryption)         */
285 
286 #if defined(MBEDTLS_SSL_PROTO_SSL3)
287     /* Needed only for SSL v3.0 secret */
288     unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
289     unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
290 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
291 
292     mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
293     mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
294 
295     mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
296     mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */
297 
298     /*
299      * Session specific compression layer
300      */
301 #if defined(MBEDTLS_ZLIB_SUPPORT)
302     z_stream ctx_deflate;               /*!<  compression context     */
303     z_stream ctx_inflate;               /*!<  decompression context   */
304 #endif
305 };
306 
307 #if defined(MBEDTLS_X509_CRT_PARSE_C)
308 /*
309  * List of certificate + private key pairs
310  */
311 struct mbedtls_ssl_key_cert
312 {
313     mbedtls_x509_crt *cert;                 /*!< cert                       */
314     mbedtls_pk_context *key;                /*!< private key                */
315     mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
316 };
317 #endif /* MBEDTLS_X509_CRT_PARSE_C */
318 
319 #if defined(MBEDTLS_SSL_PROTO_DTLS)
320 /*
321  * List of handshake messages kept around for resending
322  */
323 struct mbedtls_ssl_flight_item
324 {
325     unsigned char *p;       /*!< message, including handshake headers   */
326     size_t len;             /*!< length of p                            */
327     unsigned char type;     /*!< type of the message: handshake or CCS  */
328     mbedtls_ssl_flight_item *next;  /*!< next handshake message(s)              */
329 };
330 #endif /* MBEDTLS_SSL_PROTO_DTLS */
331 
332 
333 /**
334  * \brief           Free referenced items in an SSL transform context and clear
335  *                  memory
336  *
337  * \param transform SSL transform context
338  */
339 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
340 
341 /**
342  * \brief           Free referenced items in an SSL handshake context and clear
343  *                  memory
344  *
345  * \param handshake SSL handshake context
346  */
347 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
348 
349 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
350 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
351 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
352 
353 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
354 
355 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
356 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
357 
358 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
359 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
360 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
361 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
362 
363 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
364 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
365 
366 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
367 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
368 
369 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
370 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
371 
372 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
373 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
374 
375 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
376 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
377 
378 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
379                             const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
380 
381 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
382 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
383 #endif
384 
385 #if defined(MBEDTLS_PK_C)
386 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
387 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
388 #endif
389 
390 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
391 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
392 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
393 
394 #if defined(MBEDTLS_ECP_C)
395 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
396 #endif
397 
398 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
399 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
400                                 mbedtls_md_type_t md );
401 #endif
402 
403 #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_own_key(mbedtls_ssl_context * ssl)404 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
405 {
406     mbedtls_ssl_key_cert *key_cert;
407 
408     if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
409         key_cert = ssl->handshake->key_cert;
410     else
411         key_cert = ssl->conf->key_cert;
412 
413     return( key_cert == NULL ? NULL : key_cert->key );
414 }
415 
mbedtls_ssl_own_cert(mbedtls_ssl_context * ssl)416 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
417 {
418     mbedtls_ssl_key_cert *key_cert;
419 
420     if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
421         key_cert = ssl->handshake->key_cert;
422     else
423         key_cert = ssl->conf->key_cert;
424 
425     return( key_cert == NULL ? NULL : key_cert->cert );
426 }
427 
428 /*
429  * Check usage of a certificate wrt extensions:
430  * keyUsage, extendedKeyUsage (later), and nSCertType (later).
431  *
432  * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
433  * check a cert we received from them)!
434  *
435  * Return 0 if everything is OK, -1 if not.
436  */
437 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
438                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
439                           int cert_endpoint,
440                           uint32_t *flags );
441 #endif /* MBEDTLS_X509_CRT_PARSE_C */
442 
443 void mbedtls_ssl_write_version( int major, int minor, int transport,
444                         unsigned char ver[2] );
445 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
446                        const unsigned char ver[2] );
447 
mbedtls_ssl_hdr_len(const mbedtls_ssl_context * ssl)448 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
449 {
450 #if defined(MBEDTLS_SSL_PROTO_DTLS)
451     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
452         return( 13 );
453 #else
454     ((void) ssl);
455 #endif
456     return( 5 );
457 }
458 
mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context * ssl)459 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
460 {
461 #if defined(MBEDTLS_SSL_PROTO_DTLS)
462     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
463         return( 12 );
464 #else
465     ((void) ssl);
466 #endif
467     return( 4 );
468 }
469 
470 #if defined(MBEDTLS_SSL_PROTO_DTLS)
471 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
472 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
473 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
474 #endif
475 
476 /* Visible for testing purposes only */
477 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
478 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
479 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
480 #endif
481 
482 /* constant-time buffer comparison */
mbedtls_ssl_safer_memcmp(const void * a,const void * b,size_t n)483 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
484 {
485     size_t i;
486     const unsigned char *A = (const unsigned char *) a;
487     const unsigned char *B = (const unsigned char *) b;
488     unsigned char diff = 0;
489 
490     for( i = 0; i < n; i++ )
491         diff |= A[i] ^ B[i];
492 
493     return( diff );
494 }
495 
496 #ifdef __cplusplus
497 }
498 #endif
499 
500 #endif /* ssl_internal.h */
501