Lines Matching refs:conf
83 int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_cid() argument
96 conf->ignore_unexpected_cid = ignore_other_cid; in mbedtls_ssl_conf_cid()
97 conf->cid_len = len; in mbedtls_ssl_conf_cid()
106 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_set_cid()
118 if (own_cid_len != ssl->conf->cid_len) { in mbedtls_ssl_set_cid()
121 (unsigned) ssl->conf->cid_len)); in mbedtls_ssl_set_cid()
140 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_get_own_cid()
170 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in mbedtls_ssl_get_peer_cid()
1141 ssl->conf->new_session_tickets_count; in ssl_handshake_init()
1145 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_handshake_init()
1148 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_handshake_init()
1166 if (ssl->conf->curve_list != NULL) { in ssl_handshake_init()
1168 const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; in ssl_handshake_init()
1194 ssl->handshake->group_list = ssl->conf->group_list; in ssl_handshake_init()
1205 if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && in ssl_handshake_init()
1206 ssl->conf->sig_hashes != NULL) { in ssl_handshake_init()
1208 const int *sig_hashes = ssl->conf->sig_hashes; in ssl_handshake_init()
1311 const mbedtls_ssl_config *conf = ssl->conf; in ssl_conf_version_check() local
1314 if (mbedtls_ssl_conf_is_tls13_only(conf)) { in ssl_conf_version_check()
1315 if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_conf_version_check()
1326 if (mbedtls_ssl_conf_is_tls12_only(conf)) { in ssl_conf_version_check()
1333 if (mbedtls_ssl_conf_is_hybrid_tls12_tls13(conf)) { in ssl_conf_version_check()
1334 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_conf_version_check()
1357 if (ssl->conf->f_rng == NULL) { in ssl_conf_check()
1372 const mbedtls_ssl_config *conf) in mbedtls_ssl_setup() argument
1378 ssl->conf = conf; in mbedtls_ssl_setup()
1383 ssl->tls_version = ssl->conf->max_tls_version; in mbedtls_ssl_setup()
1428 ssl->conf = NULL; in mbedtls_ssl_setup()
1546 ssl->tls_version = ssl->conf->max_tls_version; in mbedtls_ssl_session_reset_int()
1604 void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint) in mbedtls_ssl_conf_endpoint() argument
1606 conf->endpoint = endpoint; in mbedtls_ssl_conf_endpoint()
1609 void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport) in mbedtls_ssl_conf_transport() argument
1611 conf->transport = transport; in mbedtls_ssl_conf_transport()
1615 void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode) in mbedtls_ssl_conf_dtls_anti_replay() argument
1617 conf->anti_replay = mode; in mbedtls_ssl_conf_dtls_anti_replay()
1621 void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit) in mbedtls_ssl_conf_dtls_badmac_limit() argument
1623 conf->badmac_limit = limit; in mbedtls_ssl_conf_dtls_badmac_limit()
1634 void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_handshake_timeout() argument
1637 conf->hs_timeout_min = min; in mbedtls_ssl_conf_handshake_timeout()
1638 conf->hs_timeout_max = max; in mbedtls_ssl_conf_handshake_timeout()
1642 void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode) in mbedtls_ssl_conf_authmode() argument
1644 conf->authmode = authmode; in mbedtls_ssl_conf_authmode()
1648 void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_verify() argument
1652 conf->f_vrfy = f_vrfy; in mbedtls_ssl_conf_verify()
1653 conf->p_vrfy = p_vrfy; in mbedtls_ssl_conf_verify()
1657 void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_rng() argument
1661 conf->f_rng = f_rng; in mbedtls_ssl_conf_rng()
1662 conf->p_rng = p_rng; in mbedtls_ssl_conf_rng()
1665 void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dbg() argument
1669 conf->f_dbg = f_dbg; in mbedtls_ssl_conf_dbg()
1670 conf->p_dbg = p_dbg; in mbedtls_ssl_conf_dbg()
1692 void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout) in mbedtls_ssl_conf_read_timeout() argument
1694 conf->read_timeout = timeout; in mbedtls_ssl_conf_read_timeout()
1711 void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_session_cache() argument
1716 conf->p_cache = p_cache; in mbedtls_ssl_conf_session_cache()
1717 conf->f_get_cache = f_get_cache; in mbedtls_ssl_conf_session_cache()
1718 conf->f_set_cache = f_set_cache; in mbedtls_ssl_conf_session_cache()
1730 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_set_session()
1773 void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_ciphersuites() argument
1776 conf->ciphersuite_list = ciphersuites; in mbedtls_ssl_conf_ciphersuites()
1780 void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_tls13_key_exchange_modes() argument
1783 conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; in mbedtls_ssl_conf_tls13_key_exchange_modes()
1787 void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_early_data() argument
1790 conf->early_data_enabled = early_data_enabled; in mbedtls_ssl_conf_early_data()
1795 mbedtls_ssl_config *conf, uint32_t max_early_data_size) in mbedtls_ssl_conf_max_early_data_size() argument
1797 conf->max_early_data_size = max_early_data_size; in mbedtls_ssl_conf_max_early_data_size()
1805 void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_cert_profile() argument
1808 conf->cert_profile = profile; in mbedtls_ssl_conf_cert_profile()
1860 int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_own_cert() argument
1864 return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key); in mbedtls_ssl_conf_own_cert()
1867 void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_ca_chain() argument
1871 conf->ca_chain = ca_chain; in mbedtls_ssl_conf_ca_chain()
1872 conf->ca_crl = ca_crl; in mbedtls_ssl_conf_ca_chain()
1877 conf->f_ca_cb = NULL; in mbedtls_ssl_conf_ca_chain()
1878 conf->p_ca_cb = NULL; in mbedtls_ssl_conf_ca_chain()
1883 void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_ca_cb() argument
1887 conf->f_ca_cb = f_ca_cb; in mbedtls_ssl_conf_ca_cb()
1888 conf->p_ca_cb = p_ca_cb; in mbedtls_ssl_conf_ca_cb()
1892 conf->ca_chain = NULL; in mbedtls_ssl_conf_ca_cb()
1893 conf->ca_crl = NULL; in mbedtls_ssl_conf_ca_cb()
1975 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_hs_ecjpake_password_common()
2014 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password()
2049 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password_opaque()
2072 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password()
2081 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_hs_ecjpake_password()
2097 int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) in mbedtls_ssl_conf_has_static_psk() argument
2099 if (conf->psk_identity == NULL || in mbedtls_ssl_conf_has_static_psk()
2100 conf->psk_identity_len == 0) { in mbedtls_ssl_conf_has_static_psk()
2105 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in mbedtls_ssl_conf_has_static_psk()
2110 if (conf->psk != NULL && conf->psk_len != 0) { in mbedtls_ssl_conf_has_static_psk()
2117 static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) in ssl_conf_remove_psk() argument
2121 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in ssl_conf_remove_psk()
2124 conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in ssl_conf_remove_psk()
2127 if (conf->psk != NULL) { in ssl_conf_remove_psk()
2128 mbedtls_zeroize_and_free(conf->psk, conf->psk_len); in ssl_conf_remove_psk()
2129 conf->psk = NULL; in ssl_conf_remove_psk()
2130 conf->psk_len = 0; in ssl_conf_remove_psk()
2134 if (conf->psk_identity != NULL) { in ssl_conf_remove_psk()
2135 mbedtls_free(conf->psk_identity); in ssl_conf_remove_psk()
2136 conf->psk_identity = NULL; in ssl_conf_remove_psk()
2137 conf->psk_identity_len = 0; in ssl_conf_remove_psk()
2146 static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf, in ssl_conf_set_psk_identity() argument
2158 conf->psk_identity = mbedtls_calloc(1, psk_identity_len); in ssl_conf_set_psk_identity()
2159 if (conf->psk_identity == NULL) { in ssl_conf_set_psk_identity()
2163 conf->psk_identity_len = psk_identity_len; in ssl_conf_set_psk_identity()
2164 memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); in ssl_conf_set_psk_identity()
2169 int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_psk() argument
2176 if (mbedtls_ssl_conf_has_static_psk(conf)) { in mbedtls_ssl_conf_psk()
2191 if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { in mbedtls_ssl_conf_psk()
2194 conf->psk_len = psk_len; in mbedtls_ssl_conf_psk()
2195 memcpy(conf->psk, psk, conf->psk_len); in mbedtls_ssl_conf_psk()
2198 ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); in mbedtls_ssl_conf_psk()
2200 ssl_conf_remove_psk(conf); in mbedtls_ssl_conf_psk()
2292 int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_psk_opaque() argument
2300 if (mbedtls_ssl_conf_has_static_psk(conf)) { in mbedtls_ssl_conf_psk_opaque()
2308 conf->psk_opaque = psk; in mbedtls_ssl_conf_psk_opaque()
2311 ret = ssl_conf_set_psk_identity(conf, psk_identity, in mbedtls_ssl_conf_psk_opaque()
2314 ssl_conf_remove_psk(conf); in mbedtls_ssl_conf_psk_opaque()
2335 void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_psk_cb() argument
2340 conf->f_psk = f_psk; in mbedtls_ssl_conf_psk_cb()
2341 conf->p_psk = p_psk; in mbedtls_ssl_conf_psk_cb()
2655 int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dh_param_bin() argument
2661 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_bin()
2662 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_bin()
2664 if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || in mbedtls_ssl_conf_dh_param_bin()
2665 (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { in mbedtls_ssl_conf_dh_param_bin()
2666 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_bin()
2667 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_bin()
2674 int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) in mbedtls_ssl_conf_dh_param_ctx() argument
2678 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_ctx()
2679 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_ctx()
2682 &conf->dhm_P)) != 0 || in mbedtls_ssl_conf_dh_param_ctx()
2684 &conf->dhm_G)) != 0) { in mbedtls_ssl_conf_dh_param_ctx()
2685 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_ctx()
2686 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_ctx()
2698 void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dhm_min_bitlen() argument
2701 conf->dhm_min_bitlen = bitlen; in mbedtls_ssl_conf_dhm_min_bitlen()
2710 void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_sig_hashes() argument
2713 conf->sig_hashes = hashes; in mbedtls_ssl_conf_sig_hashes()
2718 void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_sig_algs() argument
2722 conf->sig_hashes = NULL; in mbedtls_ssl_conf_sig_algs()
2724 conf->sig_algs = sig_algs; in mbedtls_ssl_conf_sig_algs()
2738 void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_curves() argument
2741 conf->curve_list = curve_list; in mbedtls_ssl_conf_curves()
2742 conf->group_list = NULL; in mbedtls_ssl_conf_curves()
2750 void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_groups() argument
2754 conf->curve_list = NULL; in mbedtls_ssl_conf_groups()
2756 conf->group_list = group_list; in mbedtls_ssl_conf_groups()
2802 void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_sni() argument
2807 conf->f_sni = f_sni; in mbedtls_ssl_conf_sni()
2808 conf->p_sni = p_sni; in mbedtls_ssl_conf_sni()
2813 int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) in mbedtls_ssl_conf_alpn_protocols() argument
2835 conf->alpn_list = protos; in mbedtls_ssl_conf_alpn_protocols()
2847 void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_srtp_mki_value_supported() argument
2850 conf->dtls_srtp_mki_support = support_mki_value; in mbedtls_ssl_conf_srtp_mki_value_supported()
2861 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { in mbedtls_ssl_dtls_srtp_set_mki_value()
2870 int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dtls_srtp_protection_profiles() argument
2890 conf->dtls_srtp_profile_list = NULL; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2891 conf->dtls_srtp_profile_list_len = 0; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2895 conf->dtls_srtp_profile_list = profiles; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2896 conf->dtls_srtp_profile_list_len = list_size; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2917 void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) in mbedtls_ssl_conf_max_version() argument
2919 conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); in mbedtls_ssl_conf_max_version()
2922 void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) in mbedtls_ssl_conf_min_version() argument
2924 conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); in mbedtls_ssl_conf_min_version()
2929 void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_cert_req_ca_list() argument
2932 conf->cert_req_ca_list = cert_req_ca_list; in mbedtls_ssl_conf_cert_req_ca_list()
2937 void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm) in mbedtls_ssl_conf_encrypt_then_mac() argument
2939 conf->encrypt_then_mac = etm; in mbedtls_ssl_conf_encrypt_then_mac()
2944 void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems) in mbedtls_ssl_conf_extended_master_secret() argument
2946 conf->extended_ms = ems; in mbedtls_ssl_conf_extended_master_secret()
2951 int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code) in mbedtls_ssl_conf_max_frag_len() argument
2958 conf->mfl_code = mfl_code; in mbedtls_ssl_conf_max_frag_len()
2964 void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy) in mbedtls_ssl_conf_legacy_renegotiation() argument
2966 conf->allow_legacy_renegotiation = allow_legacy; in mbedtls_ssl_conf_legacy_renegotiation()
2970 void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation) in mbedtls_ssl_conf_renegotiation() argument
2972 conf->disable_renegotiation = renegotiation; in mbedtls_ssl_conf_renegotiation()
2975 void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records) in mbedtls_ssl_conf_renegotiation_enforced() argument
2977 conf->renego_max_records = max_records; in mbedtls_ssl_conf_renegotiation_enforced()
2980 void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_renegotiation_period() argument
2983 memcpy(conf->renego_period, period, 8); in mbedtls_ssl_conf_renegotiation_period()
2990 void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) in mbedtls_ssl_conf_session_tickets() argument
2992 conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK; in mbedtls_ssl_conf_session_tickets()
2993 conf->session_tickets |= (use_tickets != 0) << in mbedtls_ssl_conf_session_tickets()
2999 mbedtls_ssl_config *conf, int signal_new_session_tickets) in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() argument
3001 conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK; in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()
3002 conf->session_tickets |= (signal_new_session_tickets != 0) << in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()
3011 void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_new_session_tickets() argument
3014 conf->new_session_tickets_count = num_tickets; in mbedtls_ssl_conf_new_session_tickets()
3018 void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_session_tickets_cb() argument
3023 conf->f_ticket_write = f_ticket_write; in mbedtls_ssl_conf_session_tickets_cb()
3024 conf->f_ticket_parse = f_ticket_parse; in mbedtls_ssl_conf_session_tickets_cb()
3025 conf->p_ticket = p_ticket; in mbedtls_ssl_conf_session_tickets_cb()
3040 mbedtls_ssl_config *conf, in mbedtls_ssl_conf_async_private_cb() argument
3047 conf->f_async_sign_start = f_async_sign; in mbedtls_ssl_conf_async_private_cb()
3048 conf->f_async_decrypt_start = f_async_decrypt; in mbedtls_ssl_conf_async_private_cb()
3049 conf->f_async_resume = f_async_resume; in mbedtls_ssl_conf_async_private_cb()
3050 conf->f_async_cancel = f_async_cancel; in mbedtls_ssl_conf_async_private_cb()
3051 conf->p_async_config_data = async_config_data; in mbedtls_ssl_conf_async_private_cb()
3054 void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf) in mbedtls_ssl_conf_get_async_config_data() argument
3056 return conf->p_async_config_data; in mbedtls_ssl_conf_get_async_config_data()
3114 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_get_version()
3167 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_get_input_max_frag_len()
3169 return ssl_mfl_code_to_length(ssl->conf->mfl_code); in mbedtls_ssl_get_input_max_frag_len()
3199 max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); in mbedtls_ssl_get_output_max_frag_len()
3221 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_get_current_mtu()
3355 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_get_session()
4487 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_prepare_handshake_step()
4503 ssl->conf == NULL || in mbedtls_ssl_handshake_step()
4524 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_handshake_step()
4555 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_handshake_step()
4593 if (ssl == NULL || ssl->conf == NULL) { in mbedtls_ssl_handshake()
4598 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake()
4671 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_start_renegotiation()
4673 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_start_renegotiation()
4702 if (ssl == NULL || ssl->conf == NULL) { in mbedtls_ssl_renegotiate()
4708 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_renegotiate()
4782 if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { in mbedtls_ssl_handshake_free()
4783 ssl->conf->f_async_cancel(ssl); in mbedtls_ssl_handshake_free()
5076 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_context_save()
5092 if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { in mbedtls_ssl_context_save()
5263 ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || in ssl_context_load()
5265 ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_context_load()
5266 ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || in ssl_context_load()
5267 ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 in ssl_context_load()
5349 ssl->conf->endpoint, in ssl_context_load()
5438 if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { in ssl_context_load()
5440 for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { in ssl_context_load()
5592 void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) in mbedtls_ssl_config_init() argument
5594 memset(conf, 0, sizeof(mbedtls_ssl_config)); in mbedtls_ssl_config_init()
5828 int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, in mbedtls_ssl_config_defaults() argument
5861 mbedtls_ssl_conf_endpoint(conf, endpoint); in mbedtls_ssl_config_defaults()
5862 mbedtls_ssl_conf_transport(conf, transport); in mbedtls_ssl_config_defaults()
5869 conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; in mbedtls_ssl_config_defaults()
5871 mbedtls_ssl_conf_session_tickets(conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED); in mbedtls_ssl_config_defaults()
5896 conf, MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED); in mbedtls_ssl_config_defaults()
5903 conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in mbedtls_ssl_config_defaults()
5907 conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in mbedtls_ssl_config_defaults()
5911 conf->f_cookie_write = ssl_cookie_write_dummy; in mbedtls_ssl_config_defaults()
5912 conf->f_cookie_check = ssl_cookie_check_dummy; in mbedtls_ssl_config_defaults()
5916 conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; in mbedtls_ssl_config_defaults()
5920 conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; in mbedtls_ssl_config_defaults()
5921 conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; in mbedtls_ssl_config_defaults()
5925 conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; in mbedtls_ssl_config_defaults()
5926 conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; in mbedtls_ssl_config_defaults()
5930 conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; in mbedtls_ssl_config_defaults()
5931 memset(conf->renego_period, 0x00, 2); in mbedtls_ssl_config_defaults()
5932 memset(conf->renego_period + 2, 0xFF, 6); in mbedtls_ssl_config_defaults()
5942 if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, in mbedtls_ssl_config_defaults()
5953 mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); in mbedtls_ssl_config_defaults()
5955 mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); in mbedtls_ssl_config_defaults()
5961 conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS); in mbedtls_ssl_config_defaults()
5966 conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; in mbedtls_ssl_config_defaults()
5971 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
5972 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
5978 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
5979 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
5981 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
5982 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
5984 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
5985 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6000 conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; in mbedtls_ssl_config_defaults()
6003 conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; in mbedtls_ssl_config_defaults()
6008 if (mbedtls_ssl_conf_is_tls12_only(conf)) { in mbedtls_ssl_config_defaults()
6009 conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; in mbedtls_ssl_config_defaults()
6012 conf->sig_algs = ssl_preset_suiteb_sig_algs; in mbedtls_ssl_config_defaults()
6016 conf->curve_list = NULL; in mbedtls_ssl_config_defaults()
6018 conf->group_list = ssl_preset_suiteb_groups; in mbedtls_ssl_config_defaults()
6026 conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); in mbedtls_ssl_config_defaults()
6029 conf->cert_profile = &mbedtls_x509_crt_profile_default; in mbedtls_ssl_config_defaults()
6034 if (mbedtls_ssl_conf_is_tls12_only(conf)) { in mbedtls_ssl_config_defaults()
6035 conf->sig_algs = ssl_tls12_preset_default_sig_algs; in mbedtls_ssl_config_defaults()
6038 conf->sig_algs = ssl_preset_default_sig_algs; in mbedtls_ssl_config_defaults()
6042 conf->curve_list = NULL; in mbedtls_ssl_config_defaults()
6044 conf->group_list = ssl_preset_default_groups; in mbedtls_ssl_config_defaults()
6047 conf->dhm_min_bitlen = 1024; in mbedtls_ssl_config_defaults()
6057 void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) in mbedtls_ssl_config_free() argument
6059 if (conf == NULL) { in mbedtls_ssl_config_free()
6064 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_config_free()
6065 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_config_free()
6070 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in mbedtls_ssl_config_free()
6071 conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_config_free()
6074 if (conf->psk != NULL) { in mbedtls_ssl_config_free()
6075 mbedtls_zeroize_and_free(conf->psk, conf->psk_len); in mbedtls_ssl_config_free()
6076 conf->psk = NULL; in mbedtls_ssl_config_free()
6077 conf->psk_len = 0; in mbedtls_ssl_config_free()
6080 if (conf->psk_identity != NULL) { in mbedtls_ssl_config_free()
6081 mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); in mbedtls_ssl_config_free()
6082 conf->psk_identity = NULL; in mbedtls_ssl_config_free()
6083 conf->psk_identity_len = 0; in mbedtls_ssl_config_free()
6088 ssl_key_cert_free(conf->key_cert); in mbedtls_ssl_config_free()
6091 mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); in mbedtls_ssl_config_free()
7074 ssl->conf->psk, ssl->conf->psk_len, in ssl_compute_master()
7211 ssl->conf->endpoint, in mbedtls_ssl_derive_keys()
7423 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in mbedtls_ssl_psk_derive_premaster()
7440 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in mbedtls_ssl_psk_derive_premaster()
7487 if (ssl->conf->renego_max_records < 0) { in mbedtls_ssl_resend_hello_request()
7488 uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; in mbedtls_ssl_resend_hello_request()
7566 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_write_certificate()
7575 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_write_certificate()
7778 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in ssl_parse_certificate_chain()
7842 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_srv_check_client_no_crt_notification()
7877 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_parse_certificate_coordinate()
7955 : ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
7957 const int authmode = ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
8273 if (ssl->conf->f_set_cache != NULL && in mbedtls_ssl_handshake_wrapup()
8276 if (ssl->conf->f_set_cache(ssl->conf->p_cache, in mbedtls_ssl_handshake_wrapup()
8285 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake_wrapup()
8311 ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); in mbedtls_ssl_write_finished()
8339 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_write_finished()
8344 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_write_finished()
8359 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_finished()
8391 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_finished()
8402 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_write_finished()
8424 ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); in mbedtls_ssl_parse_finished()
8473 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_parse_finished()
8478 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_parse_finished()
8487 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_parse_finished()
9310 mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in mbedtls_ssl_validate_ciphersuite()
9478 if (ssl->conf->f_sni == NULL) { in mbedtls_ssl_parse_server_name_ext()
9481 ret = ssl->conf->f_sni(ssl->conf->p_sni, in mbedtls_ssl_parse_server_name_ext()
9512 if (ssl->conf->alpn_list == NULL) { in mbedtls_ssl_parse_alpn_ext()
9554 for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { in mbedtls_ssl_parse_alpn_ext()
9808 f_vrfy = ssl->conf->f_vrfy; in mbedtls_ssl_verify_certificate()
9809 p_vrfy = ssl->conf->p_vrfy; in mbedtls_ssl_verify_certificate()
9815 if (ssl->conf->f_ca_cb != NULL) { in mbedtls_ssl_verify_certificate()
9822 ssl->conf->f_ca_cb, in mbedtls_ssl_verify_certificate()
9823 ssl->conf->p_ca_cb, in mbedtls_ssl_verify_certificate()
9824 ssl->conf->cert_profile, in mbedtls_ssl_verify_certificate()
9840 ca_chain = ssl->conf->ca_chain; in mbedtls_ssl_verify_certificate()
9841 ca_crl = ssl->conf->ca_crl; in mbedtls_ssl_verify_certificate()
9851 ssl->conf->cert_profile, in mbedtls_ssl_verify_certificate()
9895 ssl->conf->endpoint, in mbedtls_ssl_verify_certificate()