Lines Matching refs:ssl
35 mbedtls_ssl_context *ssl, in ssl_tls13_validate_peer_ciphersuite() argument
39 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { in ssl_tls13_validate_peer_ciphersuite()
44 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_tls13_validate_peer_ciphersuite()
45 ssl->tls_version, in ssl_tls13_validate_peer_ciphersuite()
46 ssl->tls_version) != 0)) { in ssl_tls13_validate_peer_ciphersuite()
61 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_exchange_modes_ext() argument
99 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
110 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match_ticket() argument
129 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { in ssl_tls13_offered_psks_check_identity_match_ticket()
145 if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, in ssl_tls13_offered_psks_check_identity_match_ticket()
176 ssl, in ssl_tls13_offered_psks_check_identity_match_ticket()
254 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match() argument
268 ssl->handshake->resume = 0; in ssl_tls13_offered_psks_check_identity_match()
272 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_offered_psks_check_identity_match()
274 ssl->handshake->resume = 1; in ssl_tls13_offered_psks_check_identity_match()
276 ret = mbedtls_ssl_set_hs_psk(ssl, in ssl_tls13_offered_psks_check_identity_match()
294 if (ssl->conf->f_psk != NULL) { in ssl_tls13_offered_psks_check_identity_match()
295 if (ssl->conf->f_psk( in ssl_tls13_offered_psks_check_identity_match()
296 ssl->conf->p_psk, ssl, identity, identity_len) == 0) { in ssl_tls13_offered_psks_check_identity_match()
304 if (ssl->conf->psk_identity != NULL && in ssl_tls13_offered_psks_check_identity_match()
305 identity_len == ssl->conf->psk_identity_len && in ssl_tls13_offered_psks_check_identity_match()
306 mbedtls_ct_memcmp(ssl->conf->psk_identity, in ssl_tls13_offered_psks_check_identity_match()
308 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); in ssl_tls13_offered_psks_check_identity_match()
320 static int ssl_tls13_offered_psks_check_binder_match(mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_binder_match() argument
336 ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg), in ssl_tls13_offered_psks_check_binder_match()
342 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); in ssl_tls13_offered_psks_check_binder_match()
347 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, in ssl_tls13_offered_psks_check_binder_match()
374 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite_for_psk() argument
401 ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl, in ssl_tls13_select_ciphersuite_for_psk()
423 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite_for_resumption() argument
441 ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl, in ssl_tls13_select_ciphersuite_for_resumption()
493 static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_pre_shared_key_ext() argument
535 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
575 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_parse_pre_shared_key_ext()
585 ssl, ciphersuites, ciphersuites_end, in ssl_tls13_parse_pre_shared_key_ext()
591 ssl, ciphersuites, ciphersuites_end, &session, in ssl_tls13_parse_pre_shared_key_ext()
614 ssl, binder, binder_len, psk_type, in ssl_tls13_parse_pre_shared_key_ext()
635 ssl->handshake->ciphersuite_info = ciphersuite_info; in ssl_tls13_parse_pre_shared_key_ext()
636 ssl->session_negotiate->ciphersuite = cipher_suite; in ssl_tls13_parse_pre_shared_key_ext()
641 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, in ssl_tls13_parse_pre_shared_key_ext()
659 ret = ssl->handshake->update_checksum(ssl, in ssl_tls13_parse_pre_shared_key_ext()
671 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
686 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_pre_shared_key_ext() argument
697 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
699 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
713 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
718 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
720 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); in ssl_tls13_write_server_pre_shared_key_ext()
733 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_versions_ext() argument
751 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); in ssl_tls13_parse_supported_versions_ext()
787 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_groups_ext() argument
801 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
814 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || in ssl_tls13_parse_supported_groups_ext()
816 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
825 ssl->handshake->hrr_selected_group = named_group; in ssl_tls13_parse_supported_groups_ext()
848 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_shares_ext() argument
870 ssl->handshake->offered_group_id = 0; in ssl_tls13_parse_key_shares_ext()
901 if (!mbedtls_ssl_named_group_is_offered(ssl, group) || in ssl_tls13_parse_key_shares_ext()
903 ssl->handshake->offered_group_id != 0) { in ssl_tls13_parse_key_shares_ext()
915 ssl, key_exchange - 2, key_exchange_len + 2); in ssl_tls13_parse_key_shares_ext()
926 ssl->handshake->offered_group_id = group; in ssl_tls13_parse_key_shares_ext()
930 if (ssl->handshake->offered_group_id == 0) { in ssl_tls13_parse_key_shares_ext()
939 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, in ssl_tls13_client_hello_has_exts() argument
942 int masked = ssl->handshake->received_extensions & exts_mask; in ssl_tls13_client_hello_has_exts()
949 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange() argument
952 ssl, in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()
962 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_key_exchange() argument
965 ssl, in ssl_tls13_client_hello_has_exts_for_psk_key_exchange()
974 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange() argument
977 ssl, in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange()
986 static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) in ssl_tls13_check_ephemeral_key_exchange() argument
989 return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && in ssl_tls13_check_ephemeral_key_exchange()
990 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); in ssl_tls13_check_ephemeral_key_exchange()
992 ((void) ssl); in ssl_tls13_check_ephemeral_key_exchange()
998 static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) in ssl_tls13_check_psk_key_exchange() argument
1001 return mbedtls_ssl_conf_tls13_psk_enabled(ssl) && in ssl_tls13_check_psk_key_exchange()
1002 mbedtls_ssl_tls13_psk_enabled(ssl) && in ssl_tls13_check_psk_key_exchange()
1003 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); in ssl_tls13_check_psk_key_exchange()
1005 ((void) ssl); in ssl_tls13_check_psk_key_exchange()
1011 static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl) in ssl_tls13_check_psk_ephemeral_key_exchange() argument
1014 return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && in ssl_tls13_check_psk_ephemeral_key_exchange()
1015 mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && in ssl_tls13_check_psk_ephemeral_key_exchange()
1016 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); in ssl_tls13_check_psk_ephemeral_key_exchange()
1018 ((void) ssl); in ssl_tls13_check_psk_ephemeral_key_exchange()
1023 static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl) in ssl_tls13_determine_key_exchange_mode() argument
1040 ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; in ssl_tls13_determine_key_exchange_mode()
1042 if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { in ssl_tls13_determine_key_exchange_mode()
1043 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1047 if (ssl_tls13_check_ephemeral_key_exchange(ssl)) { in ssl_tls13_determine_key_exchange_mode()
1048 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1052 if (ssl_tls13_check_psk_key_exchange(ssl)) { in ssl_tls13_determine_key_exchange_mode()
1053 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1105 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) in ssl_tls13_pick_key_cert() argument
1108 const uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_pick_key_cert()
1111 if (ssl->handshake->sni_key_cert != NULL) { in ssl_tls13_pick_key_cert()
1112 key_cert_list = ssl->handshake->sni_key_cert; in ssl_tls13_pick_key_cert()
1115 key_cert_list = ssl->conf->key_cert; in ssl_tls13_pick_key_cert()
1123 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_pick_key_cert()
1171 ssl->handshake->key_cert = key_cert; in ssl_tls13_pick_key_cert()
1180 ssl->handshake->key_cert->cert); in ssl_tls13_pick_key_cert()
1238 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_parse_client_hello() argument
1249 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_parse_client_hello()
1285 if (mbedtls_ssl_read_version(p, ssl->conf->transport) != in ssl_tls13_parse_client_hello()
1297 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1301 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1302 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_tls13_parse_client_hello()
1324 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { in ssl_tls13_parse_client_hello()
1329 ssl->session_negotiate->id_len = legacy_session_id_len; in ssl_tls13_parse_client_hello()
1338 memcpy(&ssl->session_negotiate->id[0], p, legacy_session_id_len); in ssl_tls13_parse_client_hello()
1389 ssl, cipher_suite); in ssl_tls13_parse_client_hello()
1394 ssl->session_negotiate->ciphersuite = cipher_suite; in ssl_tls13_parse_client_hello()
1469 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, in ssl_tls13_parse_client_hello()
1479 ret = mbedtls_ssl_parse_server_name_ext(ssl, p, in ssl_tls13_parse_client_hello()
1500 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1522 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1541 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1554 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1587 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1601 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1616 ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1638 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in ssl_tls13_parse_client_hello()
1652 if (mbedtls_ssl_tls13_some_psk_enabled(ssl) && in ssl_tls13_parse_client_hello()
1653 mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && in ssl_tls13_parse_client_hello()
1655 ret = handshake->update_checksum(ssl, buf, in ssl_tls13_parse_client_hello()
1661 ret = ssl_tls13_parse_pre_shared_key_ext(ssl, in ssl_tls13_parse_client_hello()
1676 ret = handshake->update_checksum(ssl, buf, p - buf); in ssl_tls13_parse_client_hello()
1683 ret = ssl_tls13_determine_key_exchange_mode(ssl); in ssl_tls13_parse_client_hello()
1688 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); in ssl_tls13_parse_client_hello()
1696 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_postprocess_client_hello() argument
1703 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_tls13_postprocess_client_hello()
1708 ssl->handshake->sni_name = NULL; in ssl_tls13_postprocess_client_hello()
1709 ssl->handshake->sni_name_len = 0; in ssl_tls13_postprocess_client_hello()
1712 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); in ssl_tls13_postprocess_client_hello()
1728 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_hello() argument
1739 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in ssl_tls13_process_client_hello()
1742 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, in ssl_tls13_process_client_hello()
1750 MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl)); in ssl_tls13_process_client_hello()
1753 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in ssl_tls13_process_client_hello()
1755 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); in ssl_tls13_process_client_hello()
1768 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_server_hello() argument
1772 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; in ssl_tls13_prepare_server_hello()
1773 if (ssl->conf->f_rng == NULL) { in ssl_tls13_prepare_server_hello()
1778 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, in ssl_tls13_prepare_server_hello()
1788 ssl->session_negotiate->start = time(NULL); in ssl_tls13_prepare_server_hello()
1803 mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_supported_versions_ext() argument
1824 ssl->conf->transport, in ssl_tls13_write_server_hello_supported_versions_ext()
1825 ssl->tls_version); in ssl_tls13_write_server_hello_supported_versions_ext()
1828 ssl->tls_version)); in ssl_tls13_write_server_hello_supported_versions_ext()
1833 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); in ssl_tls13_write_server_hello_supported_versions_ext()
1843 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, in ssl_tls13_generate_and_write_key_share() argument
1856 ssl, named_group, buf, end, out_len); in ssl_tls13_generate_and_write_key_share()
1867 ((void) ssl); in ssl_tls13_generate_and_write_key_share()
1891 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_key_share_ext() argument
1898 uint16_t group = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
1924 ssl, group, server_share + 4, end, &key_exchange_length); in ssl_tls13_write_key_share_ext()
1936 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_key_share_ext()
1942 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_hrr_key_share_ext() argument
1947 uint16_t selected_group = ssl->handshake->hrr_selected_group; in ssl_tls13_write_hrr_key_share_ext()
1967 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_hrr_key_share_ext()
1973 if (ssl->handshake->offered_group_id != 0) { in ssl_tls13_write_hrr_key_share_ext()
2001 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_hrr_key_share_ext()
2019 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_body() argument
2031 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_server_hello_body()
2054 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], in ssl_tls13_write_server_hello_body()
2065 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2066 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2067 if (ssl->session_negotiate->id_len > 0) { in ssl_tls13_write_server_hello_body()
2068 memcpy(p, &ssl->session_negotiate->id[0], in ssl_tls13_write_server_hello_body()
2069 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2070 p += ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2072 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_tls13_write_server_hello_body()
2073 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2083 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_tls13_write_server_hello_body()
2088 ssl->session_negotiate->ciphersuite), in ssl_tls13_write_server_hello_body()
2089 ssl->session_negotiate->ciphersuite)); in ssl_tls13_write_server_hello_body()
2111 ssl, p, end, &output_len)) != 0) { in ssl_tls13_write_server_hello_body()
2118 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_server_hello_body()
2120 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2122 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2131 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_server_hello_body()
2132 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2154 ssl->handshake->sent_extensions); in ssl_tls13_write_server_hello_body()
2160 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_finalize_server_hello() argument
2163 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); in ssl_tls13_finalize_server_hello()
2175 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_hello() argument
2183 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); in ssl_tls13_write_server_hello()
2185 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in ssl_tls13_write_server_hello()
2189 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_server_hello()
2195 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_server_hello()
2198 ssl, buf_len, msg_len)); in ssl_tls13_write_server_hello()
2200 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); in ssl_tls13_write_server_hello()
2208 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); in ssl_tls13_write_server_hello()
2210 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in ssl_tls13_write_server_hello()
2224 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_hello_retry_request() argument
2227 if (ssl->handshake->hello_retry_request_count > 0) { in ssl_tls13_prepare_hello_retry_request()
2238 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); in ssl_tls13_prepare_hello_retry_request()
2243 mbedtls_ssl_session_reset_msg_layer(ssl, 0); in ssl_tls13_prepare_hello_retry_request()
2249 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_hello_retry_request() argument
2257 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); in ssl_tls13_write_hello_retry_request()
2260 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, in ssl_tls13_write_hello_retry_request()
2263 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_hello_retry_request()
2268 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_hello_retry_request()
2271 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, in ssl_tls13_write_hello_retry_request()
2274 ssl->handshake->hello_retry_request_count++; in ssl_tls13_write_hello_retry_request()
2282 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); in ssl_tls13_write_hello_retry_request()
2284 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in ssl_tls13_write_hello_retry_request()
2303 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_encrypted_extensions_body() argument
2320 ((void) ssl); in ssl_tls13_write_encrypted_extensions_body()
2325 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2340 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); in ssl_tls13_write_encrypted_extensions_body()
2346 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) in ssl_tls13_write_encrypted_extensions() argument
2352 mbedtls_ssl_set_outbound_transform(ssl, in ssl_tls13_write_encrypted_extensions()
2353 ssl->handshake->transform_handshake); in ssl_tls13_write_encrypted_extensions()
2359 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in ssl_tls13_write_encrypted_extensions()
2364 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_encrypted_extensions()
2367 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len)); in ssl_tls13_write_encrypted_extensions()
2370 ssl, buf_len, msg_len)); in ssl_tls13_write_encrypted_extensions()
2373 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_encrypted_extensions()
2374 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2376 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); in ssl_tls13_write_encrypted_extensions()
2379 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2400 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_certificate_request_coordinate() argument
2405 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_certificate_request_coordinate()
2406 authmode = ssl->handshake->sni_authmode; in ssl_tls13_certificate_request_coordinate()
2409 authmode = ssl->conf->authmode; in ssl_tls13_certificate_request_coordinate()
2412 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in ssl_tls13_certificate_request_coordinate()
2416 ssl->handshake->certificate_request_sent = 1; in ssl_tls13_certificate_request_coordinate()
2429 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_request_body() argument
2463 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_tls13_write_certificate_request_body()
2474 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_request_body()
2480 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_request() argument
2486 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); in ssl_tls13_write_certificate_request()
2492 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in ssl_tls13_write_certificate_request()
2497 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_certificate_request()
2500 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len)); in ssl_tls13_write_certificate_request()
2503 ssl, buf_len, msg_len)); in ssl_tls13_write_certificate_request()
2513 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); in ssl_tls13_write_certificate_request()
2524 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_certificate() argument
2529 if ((ssl_tls13_pick_key_cert(ssl) != 0) || in ssl_tls13_write_server_certificate()
2530 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_tls13_write_server_certificate()
2538 ret = mbedtls_ssl_tls13_write_certificate(ssl); in ssl_tls13_write_server_certificate()
2542 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); in ssl_tls13_write_server_certificate()
2550 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_verify() argument
2552 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); in ssl_tls13_write_certificate_verify()
2556 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_certificate_verify()
2565 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_finished() argument
2569 ret = mbedtls_ssl_tls13_write_finished_message(ssl); in ssl_tls13_write_server_finished()
2574 ret = mbedtls_ssl_tls13_compute_application_transform(ssl); in ssl_tls13_write_server_finished()
2583 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); in ssl_tls13_write_server_finished()
2585 if (ssl->handshake->certificate_request_sent) { in ssl_tls13_write_server_finished()
2586 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); in ssl_tls13_write_server_finished()
2590 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); in ssl_tls13_write_server_finished()
2600 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_finished() argument
2604 ret = mbedtls_ssl_tls13_process_finished_message(ssl); in ssl_tls13_process_client_finished()
2609 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); in ssl_tls13_process_client_finished()
2615 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in ssl_tls13_process_client_finished()
2623 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in ssl_tls13_handshake_wrapup() argument
2627 mbedtls_ssl_tls13_handshake_wrapup(ssl); in ssl_tls13_handshake_wrapup()
2636 if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) { in ssl_tls13_handshake_wrapup()
2637 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in ssl_tls13_handshake_wrapup()
2641 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_handshake_wrapup()
2652 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket_coordinate() argument
2655 if (ssl->conf->f_ticket_write == NULL) { in ssl_tls13_write_new_session_ticket_coordinate()
2660 if (ssl->conf->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
2666 if (ssl->handshake->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
2677 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, in ssl_tls13_prepare_new_session_ticket() argument
2682 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_prepare_new_session_ticket()
2698 session, ssl->handshake->tls13_kex_modes); in ssl_tls13_prepare_new_session_ticket()
2703 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_tls13_prepare_new_session_ticket()
2713 ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); in ssl_tls13_prepare_new_session_ticket()
2722 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; in ssl_tls13_prepare_new_session_ticket()
2791 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_new_session_ticket_body() argument
2800 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_write_new_session_ticket_body()
2816 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_tls13_write_new_session_ticket_body()
2867 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_new_session_ticket_body()
2878 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); in ssl_tls13_write_new_session_ticket_body()
2886 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket() argument
2890 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); in ssl_tls13_write_new_session_ticket()
2898 ssl, ticket_nonce, sizeof(ticket_nonce))); in ssl_tls13_write_new_session_ticket()
2900 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in ssl_tls13_write_new_session_ticket()
2905 ssl, buf, buf + buf_len, &msg_len, in ssl_tls13_write_new_session_ticket()
2909 ssl, buf_len, msg_len)); in ssl_tls13_write_new_session_ticket()
2915 if (ssl->handshake->resume == 1) { in ssl_tls13_write_new_session_ticket()
2916 ssl->handshake->new_session_tickets_count = 0; in ssl_tls13_write_new_session_ticket()
2918 ssl->handshake->new_session_tickets_count--; in ssl_tls13_write_new_session_ticket()
2922 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); in ssl_tls13_write_new_session_ticket()
2924 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_write_new_session_ticket()
2936 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_server_step() argument
2940 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { in mbedtls_ssl_tls13_handshake_server_step()
2945 mbedtls_ssl_states_str(ssl->state), in mbedtls_ssl_tls13_handshake_server_step()
2946 ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()
2948 switch (ssl->state) { in mbedtls_ssl_tls13_handshake_server_step()
2951 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
2956 ret = ssl_tls13_process_client_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
2963 ret = ssl_tls13_write_hello_retry_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
2971 ret = ssl_tls13_write_server_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
2975 ret = ssl_tls13_write_encrypted_extensions(ssl); in mbedtls_ssl_tls13_handshake_server_step()
2984 ret = ssl_tls13_write_certificate_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
2988 ret = ssl_tls13_write_server_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
2992 ret = ssl_tls13_write_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3001 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3003 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3008 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3010 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in mbedtls_ssl_tls13_handshake_server_step()
3016 ret = ssl_tls13_write_server_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3020 ret = ssl_tls13_process_client_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3024 ret = ssl_tls13_handshake_wrapup(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3029 ret = mbedtls_ssl_tls13_process_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3031 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3033 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); in mbedtls_ssl_tls13_handshake_server_step()
3037 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3043 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3046 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3053 ret = ssl_tls13_write_new_session_ticket(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3067 if (ssl->handshake->new_session_tickets_count == 0) { in mbedtls_ssl_tls13_handshake_server_step()
3068 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in mbedtls_ssl_tls13_handshake_server_step()
3070 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in mbedtls_ssl_tls13_handshake_server_step()
3077 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()