Lines Matching refs:ssl

26 static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,  in ssl_write_hostname_ext()  argument
36 if (ssl->hostname == NULL) { in ssl_write_hostname_ext()
42 ssl->hostname)); in ssl_write_hostname_ext()
44 hostname_len = strlen(ssl->hostname); in ssl_write_hostname_ext()
88 memcpy(p, ssl->hostname, hostname_len); in ssl_write_hostname_ext()
93 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME); in ssl_write_hostname_ext()
114 static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, in ssl_write_alpn_ext() argument
123 if (ssl->conf->alpn_list == NULL) { in ssl_write_alpn_ext()
145 for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { in ssl_write_alpn_ext()
167 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); in ssl_write_alpn_ext()
217 static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_write_supported_groups_ext() argument
226 const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); in ssl_write_supported_groups_ext()
308 ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS); in ssl_write_supported_groups_ext()
318 mbedtls_ssl_context *ssl, in ssl_write_client_hello_cipher_suites() argument
340 ciphersuite_list = ssl->conf->ciphersuite_list; in ssl_write_client_hello_cipher_suites()
356 if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_write_client_hello_cipher_suites()
357 ssl->handshake->min_tls_version, in ssl_write_client_hello_cipher_suites()
358 ssl->tls_version) != 0) { in ssl_write_client_hello_cipher_suites()
384 renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); in ssl_write_client_hello_cipher_suites()
436 static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, in ssl_write_client_hello_body() argument
443 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_hello_body()
457 (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version); in ssl_write_client_hello_body()
463 (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version); in ssl_write_client_hello_body()
472 mbedtls_ssl_write_version(p, ssl->conf->transport, in ssl_write_client_hello_body()
506 MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1); in ssl_write_client_hello_body()
507 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_write_client_hello_body()
508 memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); in ssl_write_client_hello_body()
509 p += ssl->session_negotiate->id_len; in ssl_write_client_hello_body()
511 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_write_client_hello_body()
512 ssl->session_negotiate->id_len); in ssl_write_client_hello_body()
520 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_write_client_hello_body()
544 ret = ssl_write_client_hello_cipher_suites(ssl, p, end, in ssl_write_client_hello_body()
580 ret = ssl_write_hostname_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
588 ret = ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
597 ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end, in ssl_write_client_hello_body()
612 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { in ssl_write_client_hello_body()
624 ret = ssl_write_supported_groups_ext(ssl, p, end, in ssl_write_client_hello_body()
640 (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); in ssl_write_client_hello_body()
647 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
657 ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end, in ssl_write_client_hello_body()
671 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { in ssl_write_client_hello_body()
673 ssl, p, end, &output_len, binders_len); in ssl_write_client_hello_body()
699 static int ssl_generate_random(mbedtls_ssl_context *ssl) in ssl_generate_random() argument
702 unsigned char *randbytes = ssl->handshake->randbytes; in ssl_generate_random()
717 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_generate_random()
729 ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_generate_random()
736 static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) in ssl_prepare_client_hello() argument
740 mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; in ssl_prepare_client_hello()
751 if (ssl->handshake->resume != 0 && in ssl_prepare_client_hello()
761 ssl->handshake->resume = 0; in ssl_prepare_client_hello()
772 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_prepare_client_hello()
773 ssl->handshake->min_tls_version = ssl->tls_version; in ssl_prepare_client_hello()
777 if (ssl->handshake->resume) { in ssl_prepare_client_hello()
778 ssl->tls_version = session_negotiate->tls_version; in ssl_prepare_client_hello()
779 ssl->handshake->min_tls_version = ssl->tls_version; in ssl_prepare_client_hello()
781 ssl->handshake->min_tls_version = ssl->conf->min_tls_version; in ssl_prepare_client_hello()
791 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_prepare_client_hello()
792 (ssl->handshake->cookie == NULL)) in ssl_prepare_client_hello()
796 if (!ssl->handshake->hello_retry_request_flag) in ssl_prepare_client_hello()
799 ret = ssl_generate_random(ssl); in ssl_prepare_client_hello()
816 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_prepare_client_hello()
819 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_prepare_client_hello()
821 ssl->handshake->resume == 0) { in ssl_prepare_client_hello()
832 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_prepare_client_hello()
847 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in ssl_prepare_client_hello()
871 ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_prepare_client_hello()
884 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && in ssl_prepare_client_hello()
885 ssl->handshake->resume) { in ssl_prepare_client_hello()
886 int hostname_mismatch = ssl->hostname != NULL || in ssl_prepare_client_hello()
888 if (ssl->hostname != NULL && session_negotiate->hostname != NULL) { in ssl_prepare_client_hello()
890 ssl->hostname, session_negotiate->hostname) != 0; in ssl_prepare_client_hello()
901 ssl->hostname); in ssl_prepare_client_hello()
913 int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) in mbedtls_ssl_write_client_hello() argument
921 MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl)); in mbedtls_ssl_write_client_hello()
924 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in mbedtls_ssl_write_client_hello()
927 MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf, in mbedtls_ssl_write_client_hello()
933 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_client_hello()
934 ssl->out_msglen = msg_len + 4; in mbedtls_ssl_write_client_hello()
935 mbedtls_ssl_send_flight_completed(ssl); in mbedtls_ssl_write_client_hello()
946 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in mbedtls_ssl_write_client_hello()
948 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in mbedtls_ssl_write_client_hello()
953 if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { in mbedtls_ssl_write_client_hello()
961 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in mbedtls_ssl_write_client_hello()
968 ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); in mbedtls_ssl_write_client_hello()
977 ssl, buf + msg_len - binders_len, buf + msg_len)); in mbedtls_ssl_write_client_hello()
978 ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, in mbedtls_ssl_write_client_hello()
987 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, in mbedtls_ssl_write_client_hello()
995 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in mbedtls_ssl_write_client_hello()
998 if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && in mbedtls_ssl_write_client_hello()
999 MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) { in mbedtls_ssl_write_client_hello()
1000 ret = mbedtls_ssl_tls13_finalize_client_hello(ssl); in mbedtls_ssl_write_client_hello()
1007 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); in mbedtls_ssl_write_client_hello()