Lines Matching refs:session
451 static int ssl_tls12_session_load(mbedtls_ssl_session *session,
495 static void ssl_clear_peer_cert(mbedtls_ssl_session *session) in ssl_clear_peer_cert() argument
498 if (session->peer_cert != NULL) { in ssl_clear_peer_cert()
499 mbedtls_x509_crt_free(session->peer_cert); in ssl_clear_peer_cert()
500 mbedtls_free(session->peer_cert); in ssl_clear_peer_cert()
501 session->peer_cert = NULL; in ssl_clear_peer_cert()
504 if (session->peer_cert_digest != NULL) { in ssl_clear_peer_cert()
506 mbedtls_free(session->peer_cert_digest); in ssl_clear_peer_cert()
507 session->peer_cert_digest = NULL; in ssl_clear_peer_cert()
508 session->peer_cert_digest_type = MBEDTLS_MD_NONE; in ssl_clear_peer_cert()
509 session->peer_cert_digest_len = 0; in ssl_clear_peer_cert()
1043 void mbedtls_ssl_session_init(mbedtls_ssl_session *session) in mbedtls_ssl_session_init() argument
1045 memset(session, 0, sizeof(mbedtls_ssl_session)); in mbedtls_ssl_session_init()
1563 if (ssl->session) { in mbedtls_ssl_session_reset_int()
1564 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_session_reset_int()
1565 mbedtls_free(ssl->session); in mbedtls_ssl_session_reset_int()
1566 ssl->session = NULL; in mbedtls_ssl_session_reset_int()
1723 int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) in mbedtls_ssl_set_session() argument
1728 session == NULL || in mbedtls_ssl_set_session()
1739 if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_set_session()
1742 mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); in mbedtls_ssl_set_session()
1748 session->ciphersuite)); in mbedtls_ssl_set_session()
1763 session)) != 0) { in mbedtls_ssl_set_session()
3082 if (ssl->session != NULL) { in mbedtls_ssl_get_verify_result()
3083 return ssl->session->verify_result; in mbedtls_ssl_get_verify_result()
3095 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_ciphersuite_id_from_ssl()
3099 return ssl->session->ciphersuite; in mbedtls_ssl_get_ciphersuite_id_from_ssl()
3104 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_ciphersuite()
3108 return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); in mbedtls_ssl_get_ciphersuite()
3141 if (ssl->session != NULL && in mbedtls_ssl_get_output_record_size_limit()
3142 ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && in mbedtls_ssl_get_output_record_size_limit()
3143 ssl->session->record_size_limit < max_len) { in mbedtls_ssl_get_output_record_size_limit()
3144 record_size_limit = ssl->session->record_size_limit; in mbedtls_ssl_get_output_record_size_limit()
3334 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_peer_cert()
3339 return ssl->session->peer_cert; in mbedtls_ssl_get_peer_cert()
3354 ssl->session == NULL || in mbedtls_ssl_get_session()
3370 if (ssl->session->exported == 1) { in mbedtls_ssl_get_session()
3374 ret = mbedtls_ssl_session_copy(dst, ssl->session); in mbedtls_ssl_get_session()
3380 ssl->session->exported = 1; in mbedtls_ssl_get_session()
3391 static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, in ssl_tls12_session_save() argument
3414 start = (uint64_t) session->start; in ssl_tls12_session_save()
3425 + sizeof(session->id) in ssl_tls12_session_save()
3426 + sizeof(session->master) in ssl_tls12_session_save()
3430 *p++ = MBEDTLS_BYTE_0(session->id_len); in ssl_tls12_session_save()
3431 memcpy(p, session->id, 32); in ssl_tls12_session_save()
3434 memcpy(p, session->master, 48); in ssl_tls12_session_save()
3437 MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); in ssl_tls12_session_save()
3446 if (session->peer_cert == NULL) { in ssl_tls12_session_save()
3449 cert_len = session->peer_cert->raw.len; in ssl_tls12_session_save()
3459 if (session->peer_cert != NULL) { in ssl_tls12_session_save()
3460 memcpy(p, session->peer_cert->raw.p, cert_len); in ssl_tls12_session_save()
3465 if (session->peer_cert_digest != NULL) { in ssl_tls12_session_save()
3466 used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; in ssl_tls12_session_save()
3468 *p++ = (unsigned char) session->peer_cert_digest_type; in ssl_tls12_session_save()
3469 *p++ = (unsigned char) session->peer_cert_digest_len; in ssl_tls12_session_save()
3470 memcpy(p, session->peer_cert_digest, in ssl_tls12_session_save()
3471 session->peer_cert_digest_len); in ssl_tls12_session_save()
3472 p += session->peer_cert_digest_len; in ssl_tls12_session_save()
3489 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls12_session_save()
3490 used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ in ssl_tls12_session_save()
3493 *p++ = MBEDTLS_BYTE_2(session->ticket_len); in ssl_tls12_session_save()
3494 *p++ = MBEDTLS_BYTE_1(session->ticket_len); in ssl_tls12_session_save()
3495 *p++ = MBEDTLS_BYTE_0(session->ticket_len); in ssl_tls12_session_save()
3497 if (session->ticket != NULL) { in ssl_tls12_session_save()
3498 memcpy(p, session->ticket, session->ticket_len); in ssl_tls12_session_save()
3499 p += session->ticket_len; in ssl_tls12_session_save()
3502 MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); in ssl_tls12_session_save()
3508 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls12_session_save()
3512 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); in ssl_tls12_session_save()
3526 *p++ = session->mfl_code; in ssl_tls12_session_save()
3534 *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); in ssl_tls12_session_save()
3542 static int ssl_tls12_session_load(mbedtls_ssl_session *session, in ssl_tls12_session_load() argument
3569 session->start = (time_t) start; in ssl_tls12_session_load()
3579 session->id_len = *p++; in ssl_tls12_session_load()
3580 memcpy(session->id, p, 32); in ssl_tls12_session_load()
3583 memcpy(session->master, p, 48); in ssl_tls12_session_load()
3586 session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls12_session_load()
3593 session->peer_cert = NULL; in ssl_tls12_session_load()
3595 session->peer_cert_digest = NULL; in ssl_tls12_session_load()
3599 session->ticket = NULL; in ssl_tls12_session_load()
3622 session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in ssl_tls12_session_load()
3624 if (session->peer_cert == NULL) { in ssl_tls12_session_load()
3628 mbedtls_x509_crt_init(session->peer_cert); in ssl_tls12_session_load()
3630 if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, in ssl_tls12_session_load()
3632 mbedtls_x509_crt_free(session->peer_cert); in ssl_tls12_session_load()
3633 mbedtls_free(session->peer_cert); in ssl_tls12_session_load()
3634 session->peer_cert = NULL; in ssl_tls12_session_load()
3646 session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; in ssl_tls12_session_load()
3647 session->peer_cert_digest_len = (size_t) *p++; in ssl_tls12_session_load()
3649 if (session->peer_cert_digest_len != 0) { in ssl_tls12_session_load()
3651 mbedtls_md_info_from_type(session->peer_cert_digest_type); in ssl_tls12_session_load()
3655 if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { in ssl_tls12_session_load()
3659 if (session->peer_cert_digest_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3663 session->peer_cert_digest = in ssl_tls12_session_load()
3664 mbedtls_calloc(1, session->peer_cert_digest_len); in ssl_tls12_session_load()
3665 if (session->peer_cert_digest == NULL) { in ssl_tls12_session_load()
3669 memcpy(session->peer_cert_digest, p, in ssl_tls12_session_load()
3670 session->peer_cert_digest_len); in ssl_tls12_session_load()
3671 p += session->peer_cert_digest_len; in ssl_tls12_session_load()
3681 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls12_session_load()
3686 session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); in ssl_tls12_session_load()
3689 if (session->ticket_len != 0) { in ssl_tls12_session_load()
3690 if (session->ticket_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3694 session->ticket = mbedtls_calloc(1, session->ticket_len); in ssl_tls12_session_load()
3695 if (session->ticket == NULL) { in ssl_tls12_session_load()
3699 memcpy(session->ticket, p, session->ticket_len); in ssl_tls12_session_load()
3700 p += session->ticket_len; in ssl_tls12_session_load()
3707 session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls12_session_load()
3712 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls12_session_load()
3716 session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls12_session_load()
3730 session->mfl_code = *p++; in ssl_tls12_session_load()
3738 session->encrypt_then_mac = *p++; in ssl_tls12_session_load()
3758 static int ssl_tls13_session_save(const mbedtls_ssl_session *session, in ssl_tls13_session_save() argument
3766 size_t hostname_len = (session->hostname == NULL) ? in ssl_tls13_session_save()
3767 0 : strlen(session->hostname) + 1; in ssl_tls13_session_save()
3772 const size_t alpn_len = (session->ticket_alpn == NULL) ? in ssl_tls13_session_save()
3773 0 : strlen(session->ticket_alpn) + 1; in ssl_tls13_session_save()
3781 if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { in ssl_tls13_session_save()
3784 needed += session->resumption_key_len; /* resumption_key */ in ssl_tls13_session_save()
3798 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_save()
3807 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_save()
3817 if (session->ticket_len > SIZE_MAX - needed) { in ssl_tls13_session_save()
3821 needed += session->ticket_len; /* ticket */ in ssl_tls13_session_save()
3830 MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 0); in ssl_tls13_session_save()
3831 p[4] = session->ticket_flags; in ssl_tls13_session_save()
3834 p[5] = session->resumption_key_len; in ssl_tls13_session_save()
3836 memcpy(p, session->resumption_key, session->resumption_key_len); in ssl_tls13_session_save()
3837 p += session->resumption_key_len; in ssl_tls13_session_save()
3840 MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); in ssl_tls13_session_save()
3844 MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); in ssl_tls13_session_save()
3849 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_save()
3851 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); in ssl_tls13_session_save()
3861 memcpy(p, session->ticket_alpn, alpn_len); in ssl_tls13_session_save()
3869 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_save()
3875 memcpy(p, session->hostname, hostname_len); in ssl_tls13_session_save()
3881 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); in ssl_tls13_session_save()
3884 MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); in ssl_tls13_session_save()
3887 MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); in ssl_tls13_session_save()
3890 if (session->ticket != NULL && session->ticket_len > 0) { in ssl_tls13_session_save()
3891 memcpy(p, session->ticket, session->ticket_len); in ssl_tls13_session_save()
3892 p += session->ticket_len; in ssl_tls13_session_save()
3900 static int ssl_tls13_session_load(mbedtls_ssl_session *session, in ssl_tls13_session_load() argument
3910 session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
3911 session->ticket_flags = p[4]; in ssl_tls13_session_load()
3914 session->resumption_key_len = p[5]; in ssl_tls13_session_load()
3917 if (end - p < session->resumption_key_len) { in ssl_tls13_session_load()
3921 if (sizeof(session->resumption_key) < session->resumption_key_len) { in ssl_tls13_session_load()
3924 memcpy(session->resumption_key, p, session->resumption_key_len); in ssl_tls13_session_load()
3925 p += session->resumption_key_len; in ssl_tls13_session_load()
3931 session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
3938 session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_tls13_session_load()
3943 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_load()
3948 session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls13_session_load()
3967 int ret = mbedtls_ssl_session_set_ticket_alpn(session, (char *) p); in ssl_tls13_session_load()
3978 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_load()
3992 session->hostname = mbedtls_calloc(1, hostname_len); in ssl_tls13_session_load()
3993 if (session->hostname == NULL) { in ssl_tls13_session_load()
3996 memcpy(session->hostname, p, hostname_len); in ssl_tls13_session_load()
4005 session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls13_session_load()
4011 session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
4017 session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_tls13_session_load()
4020 if (end - p < (long int) session->ticket_len) { in ssl_tls13_session_load()
4023 if (session->ticket_len > 0) { in ssl_tls13_session_load()
4024 session->ticket = mbedtls_calloc(1, session->ticket_len); in ssl_tls13_session_load()
4025 if (session->ticket == NULL) { in ssl_tls13_session_load()
4028 memcpy(session->ticket, p, session->ticket_len); in ssl_tls13_session_load()
4029 p += session->ticket_len; in ssl_tls13_session_load()
4039 static int ssl_tls13_session_save(const mbedtls_ssl_session *session, in ssl_tls13_session_save() argument
4044 ((void) session); in ssl_tls13_session_save()
4051 static int ssl_tls13_session_load(const mbedtls_ssl_session *session, in ssl_tls13_session_load() argument
4055 ((void) session); in ssl_tls13_session_load()
4292 static int ssl_session_save(const mbedtls_ssl_session *session, in ssl_session_save() argument
4305 if (session == NULL) { in ssl_session_save()
4329 *p++ = MBEDTLS_BYTE_0(session->tls_version); in ssl_session_save()
4330 *p++ = session->endpoint; in ssl_session_save()
4331 MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); in ssl_session_save()
4337 switch (session->tls_version) { in ssl_session_save()
4340 used += ssl_tls12_session_save(session, p, remaining_len); in ssl_session_save()
4346 ret = ssl_tls13_session_save(session, p, remaining_len, &out_len); in ssl_session_save()
4369 int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, in mbedtls_ssl_session_save() argument
4374 return ssl_session_save(session, 0, buf, buf_len, olen); in mbedtls_ssl_session_save()
4384 static int ssl_session_load(mbedtls_ssl_session *session, in ssl_session_load() argument
4394 if (session == NULL) { in ssl_session_load()
4420 session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); in ssl_session_load()
4421 session->endpoint = *p++; in ssl_session_load()
4422 session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_session_load()
4427 switch (session->tls_version) { in ssl_session_load()
4430 return ssl_tls12_session_load(session, p, remaining_len); in ssl_session_load()
4435 return ssl_tls13_session_load(session, p, remaining_len); in ssl_session_load()
4446 int mbedtls_ssl_session_load(mbedtls_ssl_session *session, in mbedtls_ssl_session_load() argument
4450 int ret = ssl_session_load(session, 0, buf, len); in mbedtls_ssl_session_load()
4453 mbedtls_ssl_session_free(session); in mbedtls_ssl_session_load()
4921 void mbedtls_ssl_session_free(mbedtls_ssl_session *session) in mbedtls_ssl_session_free() argument
4923 if (session == NULL) { in mbedtls_ssl_session_free()
4928 ssl_clear_peer_cert(session); in mbedtls_ssl_session_free()
4934 mbedtls_free(session->hostname); in mbedtls_ssl_session_free()
4936 mbedtls_free(session->ticket); in mbedtls_ssl_session_free()
4941 mbedtls_free(session->ticket_alpn); in mbedtls_ssl_session_free()
4944 mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); in mbedtls_ssl_session_free()
5062 if (ssl->transform == NULL || ssl->session == NULL) { in mbedtls_ssl_context_save()
5112 ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); in mbedtls_ssl_context_save()
5122 ret = ssl_session_save(ssl->session, 1, in mbedtls_ssl_context_save()
5253 ssl->session != NULL) { in ssl_context_load()
5299 ssl->session = ssl->session_negotiate; in ssl_context_load()
5300 ssl->session_in = ssl->session; in ssl_context_load()
5301 ssl->session_out = ssl->session; in ssl_context_load()
5308 ret = ssl_session_load(ssl->session, 1, p, session_len); in ssl_context_load()
5310 mbedtls_ssl_session_free(ssl->session); in ssl_context_load()
5330 prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite); in ssl_context_load()
5341 ssl->session->ciphersuite, in ssl_context_load()
5342 ssl->session->master, in ssl_context_load()
5344 ssl->session->encrypt_then_mac, in ssl_context_load()
5568 if (ssl->session) { in mbedtls_ssl_free()
5569 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_free()
5570 mbedtls_free(ssl->session); in mbedtls_ssl_free()
7643 mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; in ssl_check_peer_crt_unchanged()
7663 ssl->session->peer_cert_digest; in ssl_check_peer_crt_unchanged()
7665 ssl->session->peer_cert_digest_type; in ssl_check_peer_crt_unchanged()
7796 ssl_clear_peer_cert(ssl->session); in ssl_parse_certificate_chain()
8118 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_tls_generic() local
8119 if (!session) { in ssl_calc_finished_tls_generic()
8120 session = ssl->session; in ssl_calc_finished_tls_generic()
8165 ssl->handshake->tls_prf(session->master, 48, sender, in ssl_calc_finished_tls_generic()
8257 if (ssl->session) { in mbedtls_ssl_handshake_wrapup()
8261 ssl->session->encrypt_then_mac; in mbedtls_ssl_handshake_wrapup()
8264 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_handshake_wrapup()
8265 mbedtls_free(ssl->session); in mbedtls_ssl_handshake_wrapup()
8267 ssl->session = ssl->session_negotiate; in mbedtls_ssl_handshake_wrapup()
8274 ssl->session->id_len != 0 && in mbedtls_ssl_handshake_wrapup()
8277 ssl->session->id, in mbedtls_ssl_handshake_wrapup()
8278 ssl->session->id_len, in mbedtls_ssl_handshake_wrapup()
8279 ssl->session) != 0) { in mbedtls_ssl_handshake_wrapup()
9625 int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, in mbedtls_ssl_session_set_hostname() argument
9643 if (session->hostname != NULL) { in mbedtls_ssl_session_set_hostname()
9644 mbedtls_zeroize_and_free(session->hostname, in mbedtls_ssl_session_set_hostname()
9645 strlen(session->hostname)); in mbedtls_ssl_session_set_hostname()
9650 session->hostname = NULL; in mbedtls_ssl_session_set_hostname()
9652 session->hostname = mbedtls_calloc(1, hostname_len + 1); in mbedtls_ssl_session_set_hostname()
9653 if (session->hostname == NULL) { in mbedtls_ssl_session_set_hostname()
9657 memcpy(session->hostname, hostname, hostname_len); in mbedtls_ssl_session_set_hostname()
9669 int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session, in mbedtls_ssl_session_set_ticket_alpn() argument
9682 if (session->ticket_alpn != NULL) { in mbedtls_ssl_session_set_ticket_alpn()
9683 mbedtls_zeroize_and_free(session->ticket_alpn, in mbedtls_ssl_session_set_ticket_alpn()
9684 strlen(session->ticket_alpn)); in mbedtls_ssl_session_set_ticket_alpn()
9685 session->ticket_alpn = NULL; in mbedtls_ssl_session_set_ticket_alpn()
9689 session->ticket_alpn = mbedtls_calloc(alpn_len + 1, 1); in mbedtls_ssl_session_set_ticket_alpn()
9690 if (session->ticket_alpn == NULL) { in mbedtls_ssl_session_set_ticket_alpn()
9693 memcpy(session->ticket_alpn, alpn, alpn_len); in mbedtls_ssl_session_set_ticket_alpn()