Lines Matching full:if
10 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
24 #if defined(MBEDTLS_USE_PSA_CRYPTO)
27 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
39 #if defined(MBEDTLS_ECP_C)
43 #if defined(MBEDTLS_HAVE_TIME)
47 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
52 if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_client_transport_id()
58 if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) { in mbedtls_ssl_set_client_transport_id()
79 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
83 if (conf->f_psk != NULL) { in ssl_conf_has_psk_or_cb()
87 if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) { in ssl_conf_has_psk_or_cb()
92 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_conf_has_psk_or_cb()
93 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in ssl_conf_has_psk_or_cb()
98 if (conf->psk != NULL && conf->psk_len != 0) { in ssl_conf_has_psk_or_cb()
111 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_renegotiation_info()
112 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_renegotiation_info()
114 if (len != 1 + ssl->verify_data_len || in ssl_parse_renegotiation_info()
126 if (len != 1 || buf[0] != 0x0) { in ssl_parse_renegotiation_info()
139 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
189 if (len < 2) { in ssl_parse_supported_groups_ext()
196 if (list_size + 2 != len || in ssl_parse_supported_groups_ext()
205 if (ssl->handshake->curves_tls_id != NULL) { in ssl_parse_supported_groups_ext()
215 if (our_size > MBEDTLS_ECP_DP_MAX) { in ssl_parse_supported_groups_ext()
219 if ((curves_tls_id = mbedtls_calloc(our_size, in ssl_parse_supported_groups_ext()
232 if (mbedtls_ssl_get_ecp_group_id_from_tls_id(curr_tls_id) != in ssl_parse_supported_groups_ext()
253 if (len == 0 || (size_t) (buf[0] + 1) != len) { in ssl_parse_supported_point_formats()
263 if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || in ssl_parse_supported_point_formats()
265 #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ in ssl_parse_supported_point_formats()
269 #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ in ssl_parse_supported_point_formats()
288 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
296 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_ecjpake_kkpp()
297 if (ssl->handshake->psa_pake_ctx_is_ok != 1) in ssl_parse_ecjpake_kkpp()
299 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) in ssl_parse_ecjpake_kkpp()
306 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_ecjpake_kkpp()
307 if ((ret = mbedtls_psa_ecjpake_read_round( in ssl_parse_ecjpake_kkpp()
322 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
338 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
344 if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) { in ssl_parse_max_fragment_length_ext()
357 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
366 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_cid_ext()
379 if (len < 1) { in ssl_parse_cid_ext()
389 if (len != peer_cid_len) { in ssl_parse_cid_ext()
396 /* Ignore CID if the user has disabled its use. */ in ssl_parse_cid_ext()
397 if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in ssl_parse_cid_ext()
404 if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { in ssl_parse_cid_ext()
422 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
428 if (len != 0) { in ssl_parse_encrypt_then_mac_ext()
437 if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { in ssl_parse_encrypt_then_mac_ext()
445 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
451 if (len != 0) { in ssl_parse_extended_ms_ext()
460 if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { in ssl_parse_extended_ms_ext()
468 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
479 if (ssl->conf->f_ticket_parse == NULL || in ssl_parse_session_ticket_ext()
489 if (len == 0) { in ssl_parse_session_ticket_ext()
493 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_session_ticket_ext()
494 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_session_ticket_ext()
503 if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, in ssl_parse_session_ticket_ext()
507 if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { in ssl_parse_session_ticket_ext()
509 } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) { in ssl_parse_session_ticket_ext()
542 #if defined(MBEDTLS_SSL_DTLS_SRTP)
555 /* If use_srtp is not configured, just ignore the extension */ in ssl_parse_use_srtp_ext()
556 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_parse_use_srtp_ext()
579 if (len < size_of_lengths) { in ssl_parse_use_srtp_ext()
592 if (profile_length > len - size_of_lengths || in ssl_parse_use_srtp_ext()
606 if (client_protection != MBEDTLS_TLS_SRTP_UNSET) { in ssl_parse_use_srtp_ext()
613 /* check if suggested profile is in our list */ in ssl_parse_use_srtp_ext()
615 if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { in ssl_parse_use_srtp_ext()
623 if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) { in ssl_parse_use_srtp_ext()
631 if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || in ssl_parse_use_srtp_ext()
638 /* Parse the mki only if present and mki is supported locally */ in ssl_parse_use_srtp_ext()
639 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && in ssl_parse_use_srtp_ext()
657 #if defined(MBEDTLS_X509_CRT_PARSE_C)
659 * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
661 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
672 if (curr_grp_id == grp_id) { in ssl_check_key_curve()
691 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_pick_cert()
702 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) in ssl_pick_cert()
703 if (ssl->handshake->sni_key_cert != NULL) { in ssl_pick_cert()
710 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_pick_cert()
715 if (pk_alg_is_none) { in ssl_pick_cert()
721 if (list == NULL) { in ssl_pick_cert()
732 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_pick_cert()
733 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) in ssl_pick_cert()
745 if (!key_type_matches) { in ssl_pick_cert()
755 * different uses based on keyUsage, eg if they want to avoid signing in ssl_pick_cert()
758 if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, in ssl_pick_cert()
765 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) in ssl_pick_cert()
766 if (pk_alg == MBEDTLS_PK_ECDSA && in ssl_pick_cert()
774 /* If we get there, we got a winner */ in ssl_pick_cert()
779 if (cur != NULL) { in ssl_pick_cert()
791 * Check if a given ciphersuite is suitable for use with our config/keys/etc
792 * Sets ciphersuite_info only if the suite matches.
800 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) in ssl_ciphersuite_match()
805 if (suite_info == NULL) { in ssl_ciphersuite_match()
813 if (suite_info->min_tls_version > ssl->tls_version || in ssl_ciphersuite_match()
819 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) in ssl_ciphersuite_match()
820 if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && in ssl_ciphersuite_match()
829 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ in ssl_ciphersuite_match()
831 if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && in ssl_ciphersuite_match()
840 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) in ssl_ciphersuite_match()
841 /* If the ciphersuite requires a pre-shared key and we don't in ssl_ciphersuite_match()
843 if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && in ssl_ciphersuite_match()
850 #if defined(MBEDTLS_X509_CRT_PARSE_C) in ssl_ciphersuite_match()
852 * Final check: if ciphersuite requires us to have a in ssl_ciphersuite_match()
854 * - select the appropriate certificate if we have one, or in ssl_ciphersuite_match()
855 * - try the next ciphersuite if we don't in ssl_ciphersuite_match()
858 if (ssl_pick_cert(ssl, suite_info) != 0) { in ssl_ciphersuite_match()
865 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) in ssl_ciphersuite_match()
866 /* If the ciphersuite requires signing, check whether in ssl_ciphersuite_match()
869 if (sig_type != MBEDTLS_PK_NONE && in ssl_ciphersuite_match()
893 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_parse_client_hello()
897 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
904 /* If there is no signature-algorithm extension present, in ssl_parse_client_hello()
907 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) in ssl_parse_client_hello()
915 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) in ssl_parse_client_hello()
919 * If renegotiating, then the input was read with mbedtls_ssl_read_record(), in ssl_parse_client_hello()
927 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
930 if (!renegotiating && !ssl->keep_current_message) { in ssl_parse_client_hello()
931 if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { in ssl_parse_client_hello()
954 if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_client_hello()
965 /* For DTLS if this is the initial handshake, remember the client sequence in ssl_parse_client_hello()
967 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_parse_client_hello()
968 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM in ssl_parse_client_hello()
969 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
974 if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { in ssl_parse_client_hello()
982 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) in ssl_parse_client_hello()
983 if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { in ssl_parse_client_hello()
998 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
999 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_client_hello()
1005 if (ssl->keep_current_message) { in ssl_parse_client_hello()
1008 if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) { in ssl_parse_client_hello()
1013 if ((ret = mbedtls_ssl_fetch_input(ssl, in ssl_parse_client_hello()
1020 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_parse_client_hello()
1021 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1034 if (0 != ret) { in ssl_parse_client_hello()
1047 if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_client_hello()
1054 if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { in ssl_parse_client_hello()
1065 if (buf[1] != 0) { in ssl_parse_client_hello()
1072 if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) { in ssl_parse_client_hello()
1081 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_parse_client_hello()
1082 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1087 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
1088 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_client_hello()
1091 if (cli_msg_seq != ssl->handshake->in_msg_seq) { in ssl_parse_client_hello()
1119 if (fragment_offset != 0 || length != fragment_length) { in ssl_parse_client_hello()
1151 if (msg_len < 38) { in ssl_parse_client_hello()
1165 if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_parse_client_hello()
1184 if (sess_len > sizeof(ssl->session_negotiate->id) || in ssl_parse_client_hello()
1203 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_parse_client_hello()
1204 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1208 if (cookie_offset + 1 + cookie_len + 2 > msg_len) { in ssl_parse_client_hello()
1218 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) in ssl_parse_client_hello()
1219 if (ssl->conf->f_cookie_check != NULL in ssl_parse_client_hello()
1220 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
1224 if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, in ssl_parse_client_hello()
1237 if (cookie_len != 0) { in ssl_parse_client_hello()
1257 if (ciph_len < 2 || in ssl_parse_client_hello()
1279 if (comp_len < 1 || in ssl_parse_client_hello()
1295 if (msg_len > ext_offset) { in ssl_parse_client_hello()
1296 if (msg_len < ext_offset + 2) { in ssl_parse_client_hello()
1306 if (msg_len != ext_offset + 2 + ext_len) { in ssl_parse_client_hello()
1322 if (ext_len < 4) { in ssl_parse_client_hello()
1331 if (ext_size + 4 > ext_len) { in ssl_parse_client_hello()
1338 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) in ssl_parse_client_hello()
1343 if (ret != 0) { in ssl_parse_client_hello()
1351 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
1356 if (ret != 0) { in ssl_parse_client_hello()
1361 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) in ssl_parse_client_hello()
1366 if (ret != 0) { in ssl_parse_client_hello()
1374 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ in ssl_parse_client_hello()
1381 if (ret != 0) { in ssl_parse_client_hello()
1391 if (ret != 0) { in ssl_parse_client_hello()
1399 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) in ssl_parse_client_hello()
1404 if (ret != 0) { in ssl_parse_client_hello()
1410 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) in ssl_parse_client_hello()
1415 if (ret != 0) { in ssl_parse_client_hello()
1421 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) in ssl_parse_client_hello()
1426 if (ret != 0) { in ssl_parse_client_hello()
1432 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) in ssl_parse_client_hello()
1437 if (ret != 0) { in ssl_parse_client_hello()
1443 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) in ssl_parse_client_hello()
1448 if (ret != 0) { in ssl_parse_client_hello()
1454 #if defined(MBEDTLS_SSL_SESSION_TICKETS) in ssl_parse_client_hello()
1459 if (ret != 0) { in ssl_parse_client_hello()
1465 #if defined(MBEDTLS_SSL_ALPN) in ssl_parse_client_hello()
1471 if (ret != 0) { in ssl_parse_client_hello()
1477 #if defined(MBEDTLS_SSL_DTLS_SRTP) in ssl_parse_client_hello()
1482 if (ret != 0) { in ssl_parse_client_hello()
1497 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) in ssl_parse_client_hello()
1500 * Try to fall back to default hash SHA1 if the client in ssl_parse_client_hello()
1503 if (!sig_hash_alg_ext_present) { in ssl_parse_client_hello()
1506 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) in ssl_parse_client_hello()
1510 #if defined(MBEDTLS_RSA_C) in ssl_parse_client_hello()
1530 if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { in ssl_parse_client_hello()
1532 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
1533 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_client_hello()
1549 if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_client_hello()
1554 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_parse_client_hello()
1555 else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1560 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1565 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1573 if (handshake_failure == 1) { in ssl_parse_client_hello()
1582 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_parse_client_hello()
1586 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) in ssl_parse_client_hello()
1601 if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) { in ssl_parse_client_hello()
1604 if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { in ssl_parse_client_hello()
1610 if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], in ssl_parse_client_hello()
1615 if (ciphersuite_info != NULL) { in ssl_parse_client_hello()
1623 if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { in ssl_parse_client_hello()
1629 if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], in ssl_parse_client_hello()
1634 if (ciphersuite_info != NULL) { in ssl_parse_client_hello()
1641 if (got_common_suite) { in ssl_parse_client_hello()
1662 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_parse_client_hello()
1663 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1669 #if defined(MBEDTLS_DEBUG_C) && \ in ssl_parse_client_hello()
1672 if (sig_alg != MBEDTLS_PK_NONE) { in ssl_parse_client_hello()
1688 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1699 /* Skip writing the extension if we don't want to use it or if in ssl_write_cid_ext()
1701 if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) { in ssl_write_cid_ext()
1707 if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) { in ssl_write_cid_ext()
1732 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
1741 * RFC 7366: "If a server receives an encrypt-then-MAC request extension in ssl_write_encrypt_then_mac_ext()
1748 if (suite == NULL) { in ssl_write_encrypt_then_mac_ext()
1756 if (ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM) { in ssl_write_encrypt_then_mac_ext()
1761 if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { in ssl_write_encrypt_then_mac_ext()
1778 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1785 if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { in ssl_write_extended_ms_ext()
1803 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1810 if (ssl->handshake->new_session_ticket == 0) { in ssl_write_session_ticket_ext()
1833 if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) { in ssl_write_renegotiation_ext()
1843 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_write_renegotiation_ext()
1844 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_write_renegotiation_ext()
1864 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1871 if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { in ssl_write_max_fragment_length_ext()
1890 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
1900 if ((ssl->handshake->cli_exts & in ssl_write_supported_point_formats_ext()
1923 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1935 /* Skip costly computation if not needed */ in ssl_write_ecjpake_kkpp_ext()
1936 if (ssl->handshake->ciphersuite_info->key_exchange != in ssl_write_ecjpake_kkpp_ext()
1943 if (end - p < 4) { in ssl_write_ecjpake_kkpp_ext()
1951 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_write_ecjpake_kkpp_ext()
1955 if (ret != 0) { in ssl_write_ecjpake_kkpp_ext()
1965 if (ret != 0) { in ssl_write_ecjpake_kkpp_ext()
1978 #if defined(MBEDTLS_SSL_DTLS_SRTP) && defined(MBEDTLS_SSL_PROTO_DTLS)
1989 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_write_use_srtp_ext()
1996 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { in ssl_write_use_srtp_ext()
2008 if ((size_t) (end - buf) < mki_len + 9) { in ssl_write_use_srtp_ext()
2027 if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { in ssl_write_use_srtp_ext()
2041 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
2064 /* If we get here, f_cookie_check is not null */ in ssl_write_hello_verify_request()
2065 if (ssl->conf->f_cookie_write == NULL) { in ssl_write_hello_verify_request()
2073 if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie, in ssl_write_hello_verify_request()
2090 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_hello_verify_request()
2095 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_write_hello_verify_request()
2096 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_hello_verify_request()
2117 if (ssl->handshake->resume == 1) { in ssl_handle_id_based_session_resumption()
2120 if (session->id_len == 0) { in ssl_handle_id_based_session_resumption()
2123 if (ssl->conf->f_get_cache == NULL) { in ssl_handle_id_based_session_resumption()
2126 #if defined(MBEDTLS_SSL_RENEGOTIATION) in ssl_handle_id_based_session_resumption()
2127 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_handle_id_based_session_resumption()
2138 if (ret != 0) { in ssl_handle_id_based_session_resumption()
2142 if (session->ciphersuite != session_tmp.ciphersuite) { in ssl_handle_id_based_session_resumption()
2163 #if defined(MBEDTLS_HAVE_TIME) in ssl_write_server_hello()
2172 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) in ssl_write_server_hello()
2173 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_server_hello()
2182 if (ssl->conf->f_rng == NULL) { in ssl_write_server_hello()
2203 #if defined(MBEDTLS_HAVE_TIME) in ssl_write_server_hello()
2211 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { in ssl_write_server_hello()
2218 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { in ssl_write_server_hello()
2223 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) in ssl_write_server_hello()
2231 if (mbedtls_ssl_conf_is_tls13_enabled(ssl->conf)) { in ssl_write_server_hello()
2244 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { in ssl_write_server_hello()
2256 if (ssl->handshake->resume == 0) { in ssl_write_server_hello()
2263 #if defined(MBEDTLS_HAVE_TIME) in ssl_write_server_hello()
2267 #if defined(MBEDTLS_SSL_SESSION_TICKETS) in ssl_write_server_hello()
2268 if (ssl->handshake->new_session_ticket != 0) { in ssl_write_server_hello()
2275 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, in ssl_write_server_hello()
2287 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_write_server_hello()
2325 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) in ssl_write_server_hello()
2330 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) in ssl_write_server_hello()
2335 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) in ssl_write_server_hello()
2340 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) in ssl_write_server_hello()
2345 #if defined(MBEDTLS_SSL_SESSION_TICKETS) in ssl_write_server_hello()
2350 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ in ssl_write_server_hello()
2355 if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) { in ssl_write_server_hello()
2361 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) in ssl_write_server_hello()
2366 #if defined(MBEDTLS_SSL_ALPN) in ssl_write_server_hello()
2368 if ((ret = mbedtls_ssl_write_alpn_ext(ssl, p + 2 + ext_len, end, &olen)) in ssl_write_server_hello()
2376 #if defined(MBEDTLS_SSL_DTLS_SRTP) in ssl_write_server_hello()
2384 if (ext_len > 0) { in ssl_write_server_hello()
2400 #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
2409 if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { in ssl_write_certificate_request()
2436 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) in ssl_write_certificate_request()
2437 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_write_certificate_request()
2443 if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) || in ssl_write_certificate_request()
2472 #if defined(MBEDTLS_RSA_C) in ssl_write_certificate_request()
2475 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) in ssl_write_certificate_request()
2498 if (sig_alg == NULL) { in ssl_write_certificate_request()
2505 if (mbedtls_ssl_set_calc_verify_md(ssl, hash)) { in ssl_write_certificate_request()
2508 if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) { in ssl_write_certificate_request()
2533 if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) { in ssl_write_certificate_request()
2534 /* NOTE: If trusted certificates are provisioned in ssl_write_certificate_request()
2539 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) in ssl_write_certificate_request()
2540 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) in ssl_write_certificate_request()
2541 if (ssl->handshake->dn_hints != NULL) { in ssl_write_certificate_request()
2545 if (ssl->conf->dn_hints != NULL) { in ssl_write_certificate_request()
2549 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) in ssl_write_certificate_request()
2550 if (ssl->handshake->sni_ca_chain != NULL) { in ssl_write_certificate_request()
2561 if (end < p || (size_t) (end - p) < 2 + (size_t) dn_size) { in ssl_write_certificate_request()
2591 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
2602 #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) in ssl_get_ecdh_params_from_cert()
2613 if (pk == NULL) { in ssl_get_ecdh_params_from_cert()
2621 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) in ssl_get_ecdh_params_from_cert()
2626 if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { in ssl_get_ecdh_params_from_cert()
2637 if (status != PSA_SUCCESS) { in ssl_get_ecdh_params_from_cert()
2649 #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) in ssl_get_ecdh_params_from_cert()
2655 if (grp_id == MBEDTLS_ECP_DP_NONE) { in ssl_get_ecdh_params_from_cert()
2659 if (tls_id == 0) { in ssl_get_ecdh_params_from_cert()
2664 /* If the above conversion to TLS ID was fine, then also this one will in ssl_get_ecdh_params_from_cert()
2680 if (ret != 0) { in ssl_get_ecdh_params_from_cert()
2687 if (status != PSA_SUCCESS) { in ssl_get_ecdh_params_from_cert()
2711 if (private_key == NULL) { in ssl_get_ecdh_params_from_cert()
2716 if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_ECKEY)) { in ssl_get_ecdh_params_from_cert()
2721 if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, in ssl_get_ecdh_params_from_cert()
2733 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
2749 if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { in ssl_resume_server_key_exchange()
2760 * calculating the signature if any, but excluding formatting the
2769 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) in ssl_prepare_server_key_exchange()
2770 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_prepare_server_key_exchange()
2776 #if !defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_prepare_server_key_exchange()
2780 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_prepare_server_key_exchange()
2781 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) in ssl_prepare_server_key_exchange()
2799 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) in ssl_prepare_server_key_exchange()
2800 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { in ssl_prepare_server_key_exchange()
2802 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_prepare_server_key_exchange()
2819 if (tls_id == 0) { in ssl_prepare_server_key_exchange()
2830 if (ret != 0) { in ssl_prepare_server_key_exchange()
2847 if (ret != 0) { in ssl_prepare_server_key_exchange()
2862 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ in ssl_prepare_server_key_exchange()
2864 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || in ssl_prepare_server_key_exchange()
2875 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) in ssl_prepare_server_key_exchange()
2876 if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) { in ssl_prepare_server_key_exchange()
2880 if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) { in ssl_prepare_server_key_exchange()
2894 if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx, in ssl_prepare_server_key_exchange()
2901 if ((ret = mbedtls_dhm_make_params( in ssl_prepare_server_key_exchange()
2910 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_prepare_server_key_exchange()
2926 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) in ssl_prepare_server_key_exchange()
2927 if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) { in ssl_prepare_server_key_exchange()
2942 if ((group_list == NULL) || (curr_tls_id == NULL)) { in ssl_prepare_server_key_exchange()
2948 if (*curr_tls_id == *group_list) { in ssl_prepare_server_key_exchange()
2955 if (*curr_tls_id == 0) { in ssl_prepare_server_key_exchange()
2963 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_prepare_server_key_exchange()
2977 if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id, in ssl_prepare_server_key_exchange()
3008 if (status != PSA_SUCCESS) { in ssl_prepare_server_key_exchange()
3032 if (status != PSA_SUCCESS) { in ssl_prepare_server_key_exchange()
3049 if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, in ssl_prepare_server_key_exchange()
3055 if ((ret = mbedtls_ecdh_make_params( in ssl_prepare_server_key_exchange()
3068 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_prepare_server_key_exchange()
3082 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_prepare_server_key_exchange()
3083 if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { in ssl_prepare_server_key_exchange()
3084 if (dig_signed == NULL) { in ssl_prepare_server_key_exchange()
3112 if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) { in ssl_prepare_server_key_exchange()
3115 * only if there is a matching hash.) */ in ssl_prepare_server_key_exchange()
3124 if (md_alg != MBEDTLS_MD_NONE) { in ssl_prepare_server_key_exchange()
3129 if (ret != 0) { in ssl_prepare_server_key_exchange()
3161 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) in ssl_prepare_server_key_exchange()
3162 if (ssl->conf->f_async_sign_start != NULL) { in ssl_prepare_server_key_exchange()
3168 /* act as if f_async_sign was null */ in ssl_prepare_server_key_exchange()
3183 if (mbedtls_ssl_own_key(ssl) == NULL) { in ssl_prepare_server_key_exchange()
3193 if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), in ssl_prepare_server_key_exchange()
3211 * way, if successful, move on to the next step in the SSL state
3218 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) in ssl_write_server_key_exchange()
3225 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) in ssl_write_server_key_exchange()
3226 /* Extract static ECDH parameters and abort if ServerKeyExchange in ssl_write_server_key_exchange()
3228 if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { in ssl_write_server_key_exchange()
3231 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) in ssl_write_server_key_exchange()
3232 if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { in ssl_write_server_key_exchange()
3234 if (ret != 0) { in ssl_write_server_key_exchange()
3249 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ in ssl_write_server_key_exchange()
3251 /* If we have already prepared the message and there is an ongoing in ssl_write_server_key_exchange()
3253 if (ssl->handshake->async_in_progress != 0) { in ssl_write_server_key_exchange()
3264 if (ret != 0) { in ssl_write_server_key_exchange()
3265 /* If we're starting to write a new message, set ssl->out_msglen in ssl_write_server_key_exchange()
3266 * to 0. But if we're resuming after an asynchronous message, in ssl_write_server_key_exchange()
3269 if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { in ssl_write_server_key_exchange()
3277 /* If there is a signature, write its length. in ssl_write_server_key_exchange()
3280 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) in ssl_write_server_key_exchange()
3281 if (signature_len != 0) { in ssl_write_server_key_exchange()
3300 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_server_key_exchange()
3322 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_write_server_hello_done()
3323 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_write_server_hello_done()
3328 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_server_hello_done()
3333 #if defined(MBEDTLS_SSL_PROTO_DTLS) in ssl_write_server_hello_done()
3334 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_server_hello_done()
3346 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
3358 if (*p + 2 > end) { in ssl_parse_client_dh_public()
3366 if (*p + n > end) { in ssl_parse_client_dh_public()
3371 if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) { in ssl_parse_client_dh_public()
3385 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
3388 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
3397 if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { in ssl_resume_decrypt_pms()
3417 if (own_cert == NULL) { in ssl_decrypt_encrypted_pms()
3425 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) in ssl_decrypt_encrypted_pms()
3426 /* If we have already started decoding the message and there is an ongoing in ssl_decrypt_encrypted_pms()
3428 if (ssl->handshake->async_in_progress != 0) { in ssl_decrypt_encrypted_pms()
3438 if (p + 2 > end) { in ssl_decrypt_encrypted_pms()
3442 if (*p++ != MBEDTLS_BYTE_1(len) || in ssl_decrypt_encrypted_pms()
3448 if (p + len != end) { in ssl_decrypt_encrypted_pms()
3456 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) in ssl_decrypt_encrypted_pms()
3457 if (ssl->conf->f_async_decrypt_start != NULL) { in ssl_decrypt_encrypted_pms()
3463 /* act as if f_async_decrypt_start was null */ in ssl_decrypt_encrypted_pms()
3481 if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { in ssl_decrypt_encrypted_pms()
3511 * even if it's an unsigned char). */ in ssl_parse_encrypted_pms()
3520 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) in ssl_parse_encrypted_pms()
3521 if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { in ssl_parse_encrypted_pms()
3547 if (ret != 0) { in ssl_parse_encrypted_pms()
3553 #if defined(MBEDTLS_SSL_DEBUG_ALL) in ssl_parse_encrypted_pms()
3554 if (diff != MBEDTLS_CT_FALSE) { in ssl_parse_encrypted_pms()
3559 if (sizeof(ssl->handshake->premaster) < pms_offset || in ssl_parse_encrypted_pms()
3575 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
3583 if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) { in ssl_parse_client_psk_identity()
3591 if (end - *p < 2) { in ssl_parse_client_psk_identity()
3599 if (n == 0 || n > end - *p) { in ssl_parse_client_psk_identity()
3604 if (ssl->conf->f_psk != NULL) { in ssl_parse_client_psk_identity()
3605 if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) { in ssl_parse_client_psk_identity()
3611 if (n != ssl->conf->psk_identity_len || in ssl_parse_client_psk_identity()
3617 if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { in ssl_parse_client_psk_identity()
3641 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ in ssl_parse_client_key_exchange()
3644 if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || in ssl_parse_client_key_exchange()
3653 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_client_key_exchange()
3661 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_client_key_exchange()
3666 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) { in ssl_parse_client_key_exchange()
3671 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) in ssl_parse_client_key_exchange()
3672 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { in ssl_parse_client_key_exchange()
3673 if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3678 if (p != end) { in ssl_parse_client_key_exchange()
3683 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_parse_client_key_exchange()
3695 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ in ssl_parse_client_key_exchange()
3699 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || in ssl_parse_client_key_exchange()
3703 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_client_key_exchange()
3714 if (buf_len < 2) { in ssl_parse_client_key_exchange()
3720 if (data_len < 1 || data_len > buf_len) { in ssl_parse_client_key_exchange()
3728 if (data_len > sizeof(handshake->xxdh_psa_peerkey)) { in ssl_parse_client_key_exchange()
3744 if (status != PSA_SUCCESS) { in ssl_parse_client_key_exchange()
3747 if (handshake->xxdh_psa_privkey_is_external == 0) { in ssl_parse_client_key_exchange()
3754 if (handshake->xxdh_psa_privkey_is_external == 0) { in ssl_parse_client_key_exchange()
3757 if (status != PSA_SUCCESS) { in ssl_parse_client_key_exchange()
3765 if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3774 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3791 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) in ssl_parse_client_key_exchange()
3792 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { in ssl_parse_client_key_exchange()
3793 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3798 if (p != end) { in ssl_parse_client_key_exchange()
3803 #if !defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_client_key_exchange()
3804 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3813 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) in ssl_parse_client_key_exchange()
3814 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { in ssl_parse_client_key_exchange()
3815 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) in ssl_parse_client_key_exchange()
3816 if (ssl->handshake->async_in_progress != 0) { in ssl_parse_client_key_exchange()
3826 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3831 if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) { in ssl_parse_client_key_exchange()
3836 #if !defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_client_key_exchange()
3837 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3846 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) in ssl_parse_client_key_exchange()
3847 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { in ssl_parse_client_key_exchange()
3848 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3852 if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3857 if (p != end) { in ssl_parse_client_key_exchange()
3862 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_client_key_exchange()
3868 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_parse_client_key_exchange()
3879 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3888 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) in ssl_parse_client_key_exchange()
3889 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { in ssl_parse_client_key_exchange()
3890 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_client_key_exchange()
3897 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3905 if (p >= end) { in ssl_parse_client_key_exchange()
3912 if ((size_t) (end - p) < ecpoint_len) { in ssl_parse_client_key_exchange()
3922 #if !defined(PSA_WANT_ALG_FFDH) in ssl_parse_client_key_exchange()
3923 if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { in ssl_parse_client_key_exchange()
3962 if (status != PSA_SUCCESS) { in ssl_parse_client_key_exchange()
3964 } else if (destruction_status != PSA_SUCCESS) { in ssl_parse_client_key_exchange()
3973 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3978 if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3987 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3996 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) in ssl_parse_client_key_exchange()
3997 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { in ssl_parse_client_key_exchange()
3998 if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { in ssl_parse_client_key_exchange()
4004 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) in ssl_parse_client_key_exchange()
4005 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { in ssl_parse_client_key_exchange()
4006 #if defined(MBEDTLS_USE_PSA_CRYPTO) in ssl_parse_client_key_exchange()
4007 if ((ret = mbedtls_psa_ecjpake_read_round( in ssl_parse_client_key_exchange()
4019 if (ret != 0) { in ssl_parse_client_key_exchange()
4027 if (ret != 0) { in ssl_parse_client_key_exchange()
4039 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_parse_client_key_exchange()
4051 #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
4060 if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { in ssl_parse_certificate_verify()
4086 if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { in ssl_parse_certificate_verify()
4092 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) in ssl_parse_certificate_verify()
4093 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_parse_certificate_verify()
4099 if (ssl->session_negotiate->peer_cert_digest == NULL) { in ssl_parse_certificate_verify()
4108 if (0 != ret) { in ssl_parse_certificate_verify()
4116 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in ssl_parse_certificate_verify()
4124 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) in ssl_parse_certificate_verify()
4127 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_parse_certificate_verify()
4140 if (i + 2 > ssl->in_hslen) { in ssl_parse_certificate_verify()
4150 if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) { in ssl_parse_certificate_verify()
4156 #if !defined(MBEDTLS_MD_SHA1) in ssl_parse_certificate_verify()
4157 if (MBEDTLS_MD_SHA1 == md_alg) { in ssl_parse_certificate_verify()
4170 if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) in ssl_parse_certificate_verify()
4180 if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { in ssl_parse_certificate_verify()
4187 if (i + 2 > ssl->in_hslen) { in ssl_parse_certificate_verify()
4195 if (i + sig_len != ssl->in_hslen) { in ssl_parse_certificate_verify()
4204 if (0 != ret) { in ssl_parse_certificate_verify()
4210 if ((ret = mbedtls_pk_verify(peer_pk, in ssl_parse_certificate_verify()
4218 if (0 != ret) { in ssl_parse_certificate_verify()
4229 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
4253 if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_write_new_session_ticket()
4272 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_new_session_ticket()
4304 #if defined(MBEDTLS_SSL_PROTO_DTLS) in mbedtls_ssl_handshake_server_step()
4369 #if defined(MBEDTLS_SSL_SESSION_TICKETS) in mbedtls_ssl_handshake_server_step()
4370 if (ssl->handshake->new_session_ticket != 0) { in mbedtls_ssl_handshake_server_step()