Lines Matching refs:ssl
51 static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, in ssl_write_renegotiation_ext() argument
63 if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_write_renegotiation_ext()
70 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len); in ssl_write_renegotiation_ext()
79 *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1); in ssl_write_renegotiation_ext()
80 *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len); in ssl_write_renegotiation_ext()
82 memcpy(p, ssl->own_verify_data, ssl->verify_data_len); in ssl_write_renegotiation_ext()
84 *olen = 5 + ssl->verify_data_len; in ssl_write_renegotiation_ext()
95 static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, in ssl_write_supported_point_formats_ext() argument
101 (void) ssl; /* ssl used for debugging only */ in ssl_write_supported_point_formats_ext()
128 static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, in ssl_write_ecjpake_kkpp_ext() argument
141 if (ssl->handshake->psa_pake_ctx_is_ok != 1) { in ssl_write_ecjpake_kkpp_ext()
145 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { in ssl_write_ecjpake_kkpp_ext()
163 if (ssl->handshake->ecjpake_cache == NULL || in ssl_write_ecjpake_kkpp_ext()
164 ssl->handshake->ecjpake_cache_len == 0) { in ssl_write_ecjpake_kkpp_ext()
168 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_ecjpake_kkpp_ext()
172 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_ecjpake_kkpp_ext()
173 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_ecjpake_kkpp_ext()
178 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
180 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_ecjpake_kkpp_ext()
188 ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
189 if (ssl->handshake->ecjpake_cache == NULL) { in ssl_write_ecjpake_kkpp_ext()
194 memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
195 ssl->handshake->ecjpake_cache_len = kkpp_len; in ssl_write_ecjpake_kkpp_ext()
199 kkpp_len = ssl->handshake->ecjpake_cache_len; in ssl_write_ecjpake_kkpp_ext()
202 memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
216 static int ssl_write_cid_ext(mbedtls_ssl_context *ssl, in ssl_write_cid_ext() argument
231 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_write_cid_ext()
232 ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in ssl_write_cid_ext()
239 MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5)); in ssl_write_cid_ext()
244 ext_len = (size_t) ssl->own_cid_len + 1; in ssl_write_cid_ext()
248 *p++ = (uint8_t) ssl->own_cid_len; in ssl_write_cid_ext()
249 memcpy(p, ssl->own_cid, ssl->own_cid_len); in ssl_write_cid_ext()
251 *olen = ssl->own_cid_len + 5; in ssl_write_cid_ext()
259 static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, in ssl_write_max_fragment_length_ext() argument
268 if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { in ssl_write_max_fragment_length_ext()
283 *p++ = ssl->conf->mfl_code; in ssl_write_max_fragment_length_ext()
293 static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, in ssl_write_encrypt_then_mac_ext() argument
302 if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { in ssl_write_encrypt_then_mac_ext()
325 static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, in ssl_write_extended_ms_ext() argument
334 if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { in ssl_write_extended_ms_ext()
357 static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, in ssl_write_session_ticket_ext() argument
363 size_t tlen = ssl->session_negotiate->ticket_len; in ssl_write_session_ticket_ext()
367 if (mbedtls_ssl_conf_get_session_tickets(ssl->conf) == in ssl_write_session_ticket_ext()
386 if (ssl->session_negotiate->ticket == NULL || tlen == 0) { in ssl_write_session_ticket_ext()
393 memcpy(p, ssl->session_negotiate->ticket, tlen); in ssl_write_session_ticket_ext()
403 static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, in ssl_write_use_srtp_ext() argument
414 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_write_use_srtp_ext()
415 (ssl->conf->dtls_srtp_profile_list == NULL) || in ssl_write_use_srtp_ext()
416 (ssl->conf->dtls_srtp_profile_list_len == 0)) { in ssl_write_use_srtp_ext()
429 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { in ssl_write_use_srtp_ext()
430 mki_len = ssl->dtls_srtp_info.mki_len; in ssl_write_use_srtp_ext()
436 ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len; in ssl_write_use_srtp_ext()
461 *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len); in ssl_write_use_srtp_ext()
464 protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; in ssl_write_use_srtp_ext()
467 (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]); in ssl_write_use_srtp_ext()
481 ssl->conf->dtls_srtp_profile_list[protection_profiles_index] in ssl_write_use_srtp_ext()
490 memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len); in ssl_write_use_srtp_ext()
495 MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value, in ssl_write_use_srtp_ext()
496 ssl->dtls_srtp_info.mki_len); in ssl_write_use_srtp_ext()
513 int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls12_write_client_hello_exts() argument
523 (void) ssl; in mbedtls_ssl_tls12_write_client_hello_exts()
534 if ((ret = ssl_write_renegotiation_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
545 if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, in mbedtls_ssl_tls12_write_client_hello_exts()
555 if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
563 if ((ret = ssl_write_cid_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
571 if ((ret = ssl_write_max_fragment_length_ext(ssl, p, end, in mbedtls_ssl_tls12_write_client_hello_exts()
580 if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
588 if ((ret = ssl_write_extended_ms_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
596 if ((ret = ssl_write_use_srtp_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
604 if ((ret = ssl_write_session_ticket_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
617 static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, in ssl_parse_renegotiation_info() argument
622 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_renegotiation_info()
624 if (len != 1 + ssl->verify_data_len * 2 || in ssl_parse_renegotiation_info()
625 buf[0] != ssl->verify_data_len * 2 || in ssl_parse_renegotiation_info()
627 ssl->own_verify_data, ssl->verify_data_len) != 0 || in ssl_parse_renegotiation_info()
628 mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len, in ssl_parse_renegotiation_info()
629 ssl->peer_verify_data, ssl->verify_data_len) != 0) { in ssl_parse_renegotiation_info()
632 ssl, in ssl_parse_renegotiation_info()
644 ssl, in ssl_parse_renegotiation_info()
650 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_renegotiation_info()
658 static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, in ssl_parse_max_fragment_length_ext() argument
666 if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || in ssl_parse_max_fragment_length_ext()
668 buf[0] != ssl->conf->mfl_code) { in ssl_parse_max_fragment_length_ext()
672 ssl, in ssl_parse_max_fragment_length_ext()
684 static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, in ssl_parse_cid_ext() argument
691 ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_parse_cid_ext()
693 ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in ssl_parse_cid_ext()
695 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
702 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
712 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
719 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
724 ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; in ssl_parse_cid_ext()
725 ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; in ssl_parse_cid_ext()
726 memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); in ssl_parse_cid_ext()
737 static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, in ssl_parse_encrypt_then_mac_ext() argument
741 if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || in ssl_parse_encrypt_then_mac_ext()
746 ssl, in ssl_parse_encrypt_then_mac_ext()
754 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in ssl_parse_encrypt_then_mac_ext()
762 static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, in ssl_parse_extended_ms_ext() argument
766 if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || in ssl_parse_extended_ms_ext()
771 ssl, in ssl_parse_extended_ms_ext()
779 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in ssl_parse_extended_ms_ext()
787 static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, in ssl_parse_session_ticket_ext() argument
791 if ((mbedtls_ssl_conf_get_session_tickets(ssl->conf) == in ssl_parse_session_ticket_ext()
797 ssl, in ssl_parse_session_ticket_ext()
805 ssl->handshake->new_session_ticket = 1; in ssl_parse_session_ticket_ext()
815 static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, in ssl_parse_supported_point_formats_ext() argument
824 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats_ext()
836 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats_ext()
840 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, in ssl_parse_supported_point_formats_ext()
852 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats_ext()
862 static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, in ssl_parse_ecjpake_kkpp() argument
868 if (ssl->handshake->ciphersuite_info->key_exchange != in ssl_parse_ecjpake_kkpp()
875 mbedtls_free(ssl->handshake->ecjpake_cache); in ssl_parse_ecjpake_kkpp()
876 ssl->handshake->ecjpake_cache = NULL; in ssl_parse_ecjpake_kkpp()
877 ssl->handshake->ecjpake_cache_len = 0; in ssl_parse_ecjpake_kkpp()
881 &ssl->handshake->psa_pake_ctx, buf, len, in ssl_parse_ecjpake_kkpp()
883 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_ecjpake_kkpp()
884 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_ecjpake_kkpp()
888 ssl, in ssl_parse_ecjpake_kkpp()
896 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
900 ssl, in ssl_parse_ecjpake_kkpp()
913 static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, in ssl_parse_alpn_ext() argument
920 if (ssl->conf->alpn_list == NULL) { in ssl_parse_alpn_ext()
923 ssl, in ssl_parse_alpn_ext()
941 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
948 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
955 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
961 for (p = ssl->conf->alpn_list; *p != NULL; p++) { in ssl_parse_alpn_ext()
964 ssl->alpn_chosen = *p; in ssl_parse_alpn_ext()
970 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
978 static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, in ssl_parse_use_srtp_ext() argument
987 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_parse_use_srtp_ext()
988 (ssl->conf->dtls_srtp_profile_list == NULL) || in ssl_parse_use_srtp_ext()
989 (ssl->conf->dtls_srtp_profile_list_len == 0)) { in ssl_parse_use_srtp_ext()
1004 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { in ssl_parse_use_srtp_ext()
1005 mki_len = ssl->dtls_srtp_info.mki_len; in ssl_parse_use_srtp_ext()
1039 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; in ssl_parse_use_srtp_ext()
1044 for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { in ssl_parse_use_srtp_ext()
1045 if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { in ssl_parse_use_srtp_ext()
1046 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; in ssl_parse_use_srtp_ext()
1055 if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { in ssl_parse_use_srtp_ext()
1056 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
1064 ssl->dtls_srtp_info.mki_len = 0; in ssl_parse_use_srtp_ext()
1074 (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) { in ssl_parse_use_srtp_ext()
1075 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
1081 MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value, in ssl_parse_use_srtp_ext()
1082 ssl->dtls_srtp_info.mki_len); in ssl_parse_use_srtp_ext()
1094 static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) in ssl_parse_hello_verify_request() argument
1097 const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_hello_verify_request()
1112 if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) { in ssl_parse_hello_verify_request()
1115 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1138 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1145 if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) { in ssl_parse_hello_verify_request()
1148 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1154 mbedtls_free(ssl->handshake->cookie); in ssl_parse_hello_verify_request()
1156 ssl->handshake->cookie = mbedtls_calloc(1, cookie_len); in ssl_parse_hello_verify_request()
1157 if (ssl->handshake->cookie == NULL) { in ssl_parse_hello_verify_request()
1162 memcpy(ssl->handshake->cookie, p, cookie_len); in ssl_parse_hello_verify_request()
1163 ssl->handshake->cookie_len = cookie_len; in ssl_parse_hello_verify_request()
1166 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in ssl_parse_hello_verify_request()
1167 ret = mbedtls_ssl_reset_checksum(ssl); in ssl_parse_hello_verify_request()
1173 mbedtls_ssl_recv_flight_completed(ssl); in ssl_parse_hello_verify_request()
1182 static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) in ssl_parse_server_hello() argument
1197 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_server_hello()
1203 buf = ssl->in_msg; in ssl_parse_server_hello()
1205 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_server_hello()
1207 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_server_hello()
1208 ssl->renego_records_seen++; in ssl_parse_server_hello()
1210 if (ssl->conf->renego_max_records >= 0 && in ssl_parse_server_hello()
1211 ssl->renego_records_seen > ssl->conf->renego_max_records) { in ssl_parse_server_hello()
1220 ssl->keep_current_message = 1; in ssl_parse_server_hello()
1227 ssl, in ssl_parse_server_hello()
1234 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_server_hello()
1238 return ssl_parse_hello_verify_request(ssl); in ssl_parse_server_hello()
1241 mbedtls_free(ssl->handshake->cookie); in ssl_parse_server_hello()
1242 ssl->handshake->cookie = NULL; in ssl_parse_server_hello()
1243 ssl->handshake->cookie_len = 0; in ssl_parse_server_hello()
1248 if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) || in ssl_parse_server_hello()
1251 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1267 buf += mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_server_hello()
1270 ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, in ssl_parse_server_hello()
1271 … ssl->conf->transport); in ssl_parse_server_hello()
1272 ssl->session_negotiate->tls_version = ssl->tls_version; in ssl_parse_server_hello()
1273 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_parse_server_hello()
1275 if (ssl->tls_version < ssl->conf->min_tls_version || in ssl_parse_server_hello()
1276 ssl->tls_version > ssl->conf->max_tls_version) { in ssl_parse_server_hello()
1280 (unsigned) ssl->conf->min_tls_version, in ssl_parse_server_hello()
1281 (unsigned) ssl->tls_version, in ssl_parse_server_hello()
1282 (unsigned) ssl->conf->max_tls_version)); in ssl_parse_server_hello()
1284 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1296 memcpy(ssl->handshake->randbytes + 32, buf + 2, 32); in ssl_parse_server_hello()
1304 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1309 if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { in ssl_parse_server_hello()
1313 ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { in ssl_parse_server_hello()
1316 ssl, in ssl_parse_server_hello()
1321 } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) { in ssl_parse_server_hello()
1325 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1342 ssl, in ssl_parse_server_hello()
1351 ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i); in ssl_parse_server_hello()
1352 if (ssl->handshake->ciphersuite_info == NULL) { in ssl_parse_server_hello()
1355 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1360 mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info); in ssl_parse_server_hello()
1368 if (ssl->handshake->resume == 0 || n == 0 || in ssl_parse_server_hello()
1370 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_parse_server_hello()
1372 ssl->session_negotiate->ciphersuite != i || in ssl_parse_server_hello()
1373 ssl->session_negotiate->id_len != n || in ssl_parse_server_hello()
1374 memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { in ssl_parse_server_hello()
1375 ssl->state++; in ssl_parse_server_hello()
1376 ssl->handshake->resume = 0; in ssl_parse_server_hello()
1378 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_parse_server_hello()
1380 ssl->session_negotiate->ciphersuite = i; in ssl_parse_server_hello()
1381 ssl->session_negotiate->id_len = n; in ssl_parse_server_hello()
1382 memcpy(ssl->session_negotiate->id, buf + 35, n); in ssl_parse_server_hello()
1384 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_parse_server_hello()
1388 ssl->handshake->resume ? "a" : "no")); in ssl_parse_server_hello()
1399 if (ssl->conf->ciphersuite_list[i] == 0) { in ssl_parse_server_hello()
1402 ssl, in ssl_parse_server_hello()
1408 if (ssl->conf->ciphersuite_list[i++] == in ssl_parse_server_hello()
1409 ssl->session_negotiate->ciphersuite) { in ssl_parse_server_hello()
1415 ssl->session_negotiate->ciphersuite); in ssl_parse_server_hello()
1416 if (mbedtls_ssl_validate_ciphersuite(ssl, suite_info, ssl->tls_version, in ssl_parse_server_hello()
1417 ssl->tls_version) != 0) { in ssl_parse_server_hello()
1420 ssl, in ssl_parse_server_hello()
1431 ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_parse_server_hello()
1432 ssl->handshake->ecrs_enabled = 1; in ssl_parse_server_hello()
1439 ssl, in ssl_parse_server_hello()
1458 ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1470 if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4, in ssl_parse_server_hello()
1482 if ((ret = ssl_parse_max_fragment_length_ext(ssl, in ssl_parse_server_hello()
1494 if ((ret = ssl_parse_cid_ext(ssl, in ssl_parse_server_hello()
1507 if ((ret = ssl_parse_encrypt_then_mac_ext(ssl, in ssl_parse_server_hello()
1520 if ((ret = ssl_parse_extended_ms_ext(ssl, in ssl_parse_server_hello()
1532 if ((ret = ssl_parse_session_ticket_ext(ssl, in ssl_parse_server_hello()
1547 if ((ret = ssl_parse_supported_point_formats_ext(ssl, in ssl_parse_server_hello()
1561 if ((ret = ssl_parse_ecjpake_kkpp(ssl, in ssl_parse_server_hello()
1573 if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) { in ssl_parse_server_hello()
1584 if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) { in ssl_parse_server_hello()
1610 if (ssl->handshake->resume) { in ssl_parse_server_hello()
1611 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_parse_server_hello()
1614 ssl, in ssl_parse_server_hello()
1624 if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1625 ssl->conf->allow_legacy_renegotiation == in ssl_parse_server_hello()
1632 else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1633 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_server_hello()
1638 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1639 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1640 ssl->conf->allow_legacy_renegotiation == in ssl_parse_server_hello()
1644 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1645 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1655 ssl, in ssl_parse_server_hello()
1669 static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, in ssl_parse_server_dh_params() argument
1685 if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx, in ssl_parse_server_dh_params()
1691 dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx); in ssl_parse_server_dh_params()
1692 if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) { in ssl_parse_server_dh_params()
1695 ssl->conf->dhm_min_bitlen)); in ssl_parse_server_dh_params()
1699 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); in ssl_parse_server_dh_params()
1700 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); in ssl_parse_server_dh_params()
1701 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); in ssl_parse_server_dh_params()
1713 static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, in ssl_parse_server_ecdh_params() argument
1719 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_parse_server_ecdh_params()
1748 if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) { in ssl_parse_server_ecdh_params()
1789 static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) in ssl_check_server_ecdh_params() argument
1794 grp_id = ssl->handshake->ecdh_ctx.grp.id; in ssl_check_server_ecdh_params()
1796 grp_id = ssl->handshake->ecdh_ctx.grp_id; in ssl_check_server_ecdh_params()
1808 if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { in ssl_check_server_ecdh_params()
1812 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_check_server_ecdh_params()
1828 static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, in ssl_parse_server_ecdh_params() argument
1842 if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx, in ssl_parse_server_ecdh_params()
1853 if (ssl_check_server_ecdh_params(ssl) != 0) { in ssl_parse_server_ecdh_params()
1867 static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, in ssl_parse_server_psk_hint() argument
1873 ((void) ssl); in ssl_parse_server_psk_hint()
1912 static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, in ssl_write_encrypted_pms() argument
1918 unsigned char *p = ssl->handshake->premaster + pms_offset; in ssl_write_encrypted_pms()
1933 mbedtls_ssl_write_version(p, ssl->conf->transport, in ssl_write_encrypted_pms()
1936 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { in ssl_write_encrypted_pms()
1941 ssl->handshake->pmslen = 48; in ssl_write_encrypted_pms()
1944 peer_pk = &ssl->handshake->peer_pubkey; in ssl_write_encrypted_pms()
1946 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_write_encrypted_pms()
1951 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_write_encrypted_pms()
1963 p, ssl->handshake->pmslen, in ssl_write_encrypted_pms()
1964 ssl->out_msg + offset + len_bytes, olen, in ssl_write_encrypted_pms()
1966 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_encrypted_pms()
1972 MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); in ssl_write_encrypted_pms()
1988 static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) in ssl_get_ecdh_params_from_cert() argument
1994 peer_pk = &ssl->handshake->peer_pubkey; in ssl_get_ecdh_params_from_cert()
1996 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_get_ecdh_params_from_cert()
2001 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_get_ecdh_params_from_cert()
2020 if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { in ssl_get_ecdh_params_from_cert()
2035 &ssl->handshake->xxdh_psa_bits); in ssl_get_ecdh_params_from_cert()
2037 ssl->handshake->xxdh_psa_type = key_type; in ssl_get_ecdh_params_from_cert()
2041 memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); in ssl_get_ecdh_params_from_cert()
2042 ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; in ssl_get_ecdh_params_from_cert()
2048 ssl->handshake->xxdh_psa_peerkey, in ssl_get_ecdh_params_from_cert()
2049 sizeof(ssl->handshake->xxdh_psa_peerkey)); in ssl_get_ecdh_params_from_cert()
2055 ssl->handshake->xxdh_psa_peerkey_len = olen; in ssl_get_ecdh_params_from_cert()
2058 if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, in ssl_get_ecdh_params_from_cert()
2064 if (ssl_check_server_ecdh_params(ssl) != 0) { in ssl_get_ecdh_params_from_cert()
2082 static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) in ssl_parse_server_key_exchange() argument
2086 ssl->handshake->ciphersuite_info; in ssl_parse_server_key_exchange()
2094 ssl->state++; in ssl_parse_server_key_exchange()
2105 if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { in ssl_parse_server_key_exchange()
2108 ssl, in ssl_parse_server_key_exchange()
2115 ssl->state++; in ssl_parse_server_key_exchange()
2124 if (ssl->handshake->ecrs_enabled && in ssl_parse_server_key_exchange()
2125 ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { in ssl_parse_server_key_exchange()
2130 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_server_key_exchange()
2135 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_server_key_exchange()
2138 ssl, in ssl_parse_server_key_exchange()
2148 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { in ssl_parse_server_key_exchange()
2153 ssl->keep_current_message = 1; in ssl_parse_server_key_exchange()
2160 ssl, in ssl_parse_server_key_exchange()
2168 if (ssl->handshake->ecrs_enabled) { in ssl_parse_server_key_exchange()
2169 ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; in ssl_parse_server_key_exchange()
2174 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_server_key_exchange()
2175 end = ssl->in_msg + ssl->in_hslen; in ssl_parse_server_key_exchange()
2183 if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { in ssl_parse_server_key_exchange()
2186 ssl, in ssl_parse_server_key_exchange()
2206 if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { in ssl_parse_server_key_exchange()
2209 ssl, in ssl_parse_server_key_exchange()
2223 if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) { in ssl_parse_server_key_exchange()
2226 ssl, in ssl_parse_server_key_exchange()
2262 &ssl->handshake->psa_pake_ctx, p, end - p, in ssl_parse_server_key_exchange()
2264 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_server_key_exchange()
2265 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_server_key_exchange()
2269 ssl, in ssl_parse_server_key_exchange()
2275 ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, in ssl_parse_server_key_exchange()
2280 ssl, in ssl_parse_server_key_exchange()
2300 unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_server_key_exchange()
2308 peer_pk = &ssl->handshake->peer_pubkey; in ssl_parse_server_key_exchange()
2310 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_parse_server_key_exchange()
2315 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_parse_server_key_exchange()
2325 !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && in ssl_parse_server_key_exchange()
2326 !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { in ssl_parse_server_key_exchange()
2330 ssl, in ssl_parse_server_key_exchange()
2341 ssl, in ssl_parse_server_key_exchange()
2354 ssl, in ssl_parse_server_key_exchange()
2365 ssl, in ssl_parse_server_key_exchange()
2377 ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, in ssl_parse_server_key_exchange()
2396 ssl, in ssl_parse_server_key_exchange()
2403 if (ssl->handshake->ecrs_enabled) { in ssl_parse_server_key_exchange()
2404 rs_ctx = &ssl->handshake->ecrs_ctx.pk; in ssl_parse_server_key_exchange()
2434 ssl, in ssl_parse_server_key_exchange()
2457 ssl->state++; in ssl_parse_server_key_exchange()
2466 static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) in ssl_parse_certificate_request() argument
2469 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_request()
2475 ssl->state++; in ssl_parse_certificate_request()
2484 static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) in ssl_parse_certificate_request() argument
2491 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_request()
2502 ssl->state++; in ssl_parse_certificate_request()
2506 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_certificate_request()
2511 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_certificate_request()
2514 ssl, in ssl_parse_certificate_request()
2520 ssl->state++; in ssl_parse_certificate_request()
2521 ssl->handshake->client_auth = in ssl_parse_certificate_request()
2522 (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); in ssl_parse_certificate_request()
2525 ssl->handshake->client_auth ? "a" : "no")); in ssl_parse_certificate_request()
2527 if (ssl->handshake->client_auth == 0) { in ssl_parse_certificate_request()
2529 ssl->keep_current_message = 1; in ssl_parse_certificate_request()
2557 buf = ssl->in_msg; in ssl_parse_certificate_request()
2560 if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_certificate_request()
2562 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2566 cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)]; in ssl_parse_certificate_request()
2579 if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) { in ssl_parse_certificate_request()
2581 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2587 sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); in ssl_parse_certificate_request()
2601 if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 3 + n + sig_alg_len) { in ssl_parse_certificate_request()
2604 ssl, in ssl_parse_certificate_request()
2611 sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n; in ssl_parse_certificate_request()
2622 dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); in ssl_parse_certificate_request()
2625 if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { in ssl_parse_certificate_request()
2627 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2633 dn = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n - dn_len; in ssl_parse_certificate_request()
2647 ssl, in ssl_parse_certificate_request()
2667 static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) in ssl_parse_server_hello_done() argument
2673 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_server_hello_done()
2678 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_server_hello_done()
2683 if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) || in ssl_parse_server_hello_done()
2684 ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) { in ssl_parse_server_hello_done()
2686 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello_done()
2691 ssl->state++; in ssl_parse_server_hello_done()
2694 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_server_hello_done()
2695 mbedtls_ssl_recv_flight_completed(ssl); in ssl_parse_server_hello_done()
2705 static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) in ssl_write_client_key_exchange() argument
2712 ssl->handshake->ciphersuite_info; in ssl_write_client_key_exchange()
2721 content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); in ssl_write_client_key_exchange()
2723 MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4); in ssl_write_client_key_exchange()
2726 ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
2727 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), in ssl_write_client_key_exchange()
2728 &ssl->out_msg[header_len], content_len, in ssl_write_client_key_exchange()
2729 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
2735 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); in ssl_write_client_key_exchange()
2736 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); in ssl_write_client_key_exchange()
2738 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
2739 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2741 &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
2742 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_client_key_exchange()
2747 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in ssl_write_client_key_exchange()
2763 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_key_exchange()
2796 unsigned char *own_pubkey = ssl->out_msg + header_len + 1; in ssl_write_client_key_exchange()
2797 unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_client_key_exchange()
2810 ssl->out_msg[header_len] = (unsigned char) own_pubkey_len; in ssl_write_client_key_exchange()
2820 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2821 sizeof(ssl->handshake->premaster), in ssl_write_client_key_exchange()
2822 &ssl->handshake->pmslen); in ssl_write_client_key_exchange()
2837 if (ssl->handshake->ecrs_enabled) { in ssl_write_client_key_exchange()
2838 if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) { in ssl_write_client_key_exchange()
2842 mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx); in ssl_write_client_key_exchange()
2846 ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2848 &ssl->out_msg[header_len], 1000, in ssl_write_client_key_exchange()
2849 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
2860 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2864 if (ssl->handshake->ecrs_enabled) { in ssl_write_client_key_exchange()
2865 ssl->handshake->ecrs_n = content_len; in ssl_write_client_key_exchange()
2866 ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; in ssl_write_client_key_exchange()
2870 if (ssl->handshake->ecrs_enabled) { in ssl_write_client_key_exchange()
2871 content_len = ssl->handshake->ecrs_n; in ssl_write_client_key_exchange()
2874 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2875 &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
2876 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2878 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_client_key_exchange()
2888 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2903 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_key_exchange()
2908 if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in ssl_write_client_key_exchange()
2920 if (header_len + content_len_size + ssl->conf->psk_identity_len in ssl_write_client_key_exchange()
2927 unsigned char *p = ssl->out_msg + header_len; in ssl_write_client_key_exchange()
2929 *p++ = MBEDTLS_BYTE_1(ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
2930 *p++ = MBEDTLS_BYTE_0(ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
2933 memcpy(p, ssl->conf->psk_identity, in ssl_write_client_key_exchange()
2934 ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
2935 p += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
2937 header_len += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
2969 unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_client_key_exchange()
2991 unsigned char *pms = ssl->handshake->premaster; in ssl_write_client_key_exchange()
2993 sizeof(ssl->handshake->premaster); in ssl_write_client_key_exchange()
3027 if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in ssl_write_client_key_exchange()
3035 content_len = ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
3043 ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); in ssl_write_client_key_exchange()
3044 ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); in ssl_write_client_key_exchange()
3046 memcpy(ssl->out_msg + header_len, in ssl_write_client_key_exchange()
3047 ssl->conf->psk_identity, in ssl_write_client_key_exchange()
3048 ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
3049 header_len += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
3058 if ((ret = ssl_write_encrypted_pms(ssl, header_len, in ssl_write_client_key_exchange()
3069 content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); in ssl_write_client_key_exchange()
3078 ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); in ssl_write_client_key_exchange()
3079 ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); in ssl_write_client_key_exchange()
3081 ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
3082 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), in ssl_write_client_key_exchange()
3083 &ssl->out_msg[header_len], content_len, in ssl_write_client_key_exchange()
3084 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3091 unsigned char *pms = ssl->handshake->premaster; in ssl_write_client_key_exchange()
3092 unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); in ssl_write_client_key_exchange()
3096 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
3098 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_client_key_exchange()
3105 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in ssl_write_client_key_exchange()
3115 ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
3117 &ssl->out_msg[header_len], in ssl_write_client_key_exchange()
3119 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3125 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
3135 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_write_client_key_exchange()
3148 if ((ret = ssl_write_encrypted_pms(ssl, header_len, in ssl_write_client_key_exchange()
3159 unsigned char *out_p = ssl->out_msg + header_len; in ssl_write_client_key_exchange()
3160 unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - in ssl_write_client_key_exchange()
3162 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_client_key_exchange()
3166 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_client_key_exchange()
3167 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_client_key_exchange()
3172 ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx, in ssl_write_client_key_exchange()
3173 ssl->out_msg + header_len, in ssl_write_client_key_exchange()
3176 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3182 ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, in ssl_write_client_key_exchange()
3183 ssl->handshake->premaster, 32, &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
3184 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3198 ssl->out_msglen = header_len + content_len; in ssl_write_client_key_exchange()
3199 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_client_key_exchange()
3200 ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; in ssl_write_client_key_exchange()
3202 ssl->state++; in ssl_write_client_key_exchange()
3204 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_client_key_exchange()
3216 static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_write_certificate_verify() argument
3219 ssl->handshake->ciphersuite_info; in ssl_write_certificate_verify()
3224 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_write_certificate_verify()
3231 ssl->state++; in ssl_write_certificate_verify()
3240 static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_write_certificate_verify() argument
3244 ssl->handshake->ciphersuite_info; in ssl_write_certificate_verify()
3252 size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); in ssl_write_certificate_verify()
3254 size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); in ssl_write_certificate_verify()
3260 if (ssl->handshake->ecrs_enabled && in ssl_write_certificate_verify()
3261 ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) { in ssl_write_certificate_verify()
3266 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_write_certificate_verify()
3273 ssl->state++; in ssl_write_certificate_verify()
3277 if (ssl->handshake->client_auth == 0 || in ssl_write_certificate_verify()
3278 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_write_certificate_verify()
3280 ssl->state++; in ssl_write_certificate_verify()
3284 if (mbedtls_ssl_own_key(ssl) == NULL) { in ssl_write_certificate_verify()
3293 if (ssl->handshake->ecrs_enabled) { in ssl_write_certificate_verify()
3294 ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; in ssl_write_certificate_verify()
3300 ret = ssl->handshake->calc_verify(ssl, hash, &hashlen); in ssl_write_certificate_verify()
3322 if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { in ssl_write_certificate_verify()
3324 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; in ssl_write_certificate_verify()
3327 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; in ssl_write_certificate_verify()
3329 ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl)); in ssl_write_certificate_verify()
3336 if (ssl->handshake->ecrs_enabled) { in ssl_write_certificate_verify()
3337 rs_ctx = &ssl->handshake->ecrs_ctx.pk; in ssl_write_certificate_verify()
3341 if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), in ssl_write_certificate_verify()
3343 ssl->out_msg + 6 + offset, in ssl_write_certificate_verify()
3346 ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { in ssl_write_certificate_verify()
3356 MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4); in ssl_write_certificate_verify()
3358 ssl->out_msglen = 6 + n + offset; in ssl_write_certificate_verify()
3359 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_certificate_verify()
3360 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; in ssl_write_certificate_verify()
3362 ssl->state++; in ssl_write_certificate_verify()
3364 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_certificate_verify()
3377 static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_parse_new_session_ticket() argument
3387 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_new_session_ticket()
3392 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_new_session_ticket()
3395 ssl, in ssl_parse_new_session_ticket()
3411 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || in ssl_parse_new_session_ticket()
3412 ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_new_session_ticket()
3414 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3419 msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_new_session_ticket()
3425 if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { in ssl_parse_new_session_ticket()
3427 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3435 ssl->handshake->new_session_ticket = 0; in ssl_parse_new_session_ticket()
3436 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_parse_new_session_ticket()
3446 if (ssl->session != NULL && ssl->session->ticket != NULL) { in ssl_parse_new_session_ticket()
3447 mbedtls_zeroize_and_free(ssl->session->ticket, in ssl_parse_new_session_ticket()
3448 ssl->session->ticket_len); in ssl_parse_new_session_ticket()
3449 ssl->session->ticket = NULL; in ssl_parse_new_session_ticket()
3450 ssl->session->ticket_len = 0; in ssl_parse_new_session_ticket()
3453 mbedtls_zeroize_and_free(ssl->session_negotiate->ticket, in ssl_parse_new_session_ticket()
3454 ssl->session_negotiate->ticket_len); in ssl_parse_new_session_ticket()
3455 ssl->session_negotiate->ticket = NULL; in ssl_parse_new_session_ticket()
3456 ssl->session_negotiate->ticket_len = 0; in ssl_parse_new_session_ticket()
3460 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3467 ssl->session_negotiate->ticket = ticket; in ssl_parse_new_session_ticket()
3468 ssl->session_negotiate->ticket_len = ticket_len; in ssl_parse_new_session_ticket()
3469 ssl->session_negotiate->ticket_lifetime = lifetime; in ssl_parse_new_session_ticket()
3477 ssl->session_negotiate->id_len = 0; in ssl_parse_new_session_ticket()
3488 int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_handshake_client_step() argument
3495 if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && in mbedtls_ssl_handshake_client_step()
3496 ssl->handshake->new_session_ticket != 0) { in mbedtls_ssl_handshake_client_step()
3497 ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; in mbedtls_ssl_handshake_client_step()
3501 switch (ssl->state) { in mbedtls_ssl_handshake_client_step()
3503 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in mbedtls_ssl_handshake_client_step()
3510 ret = mbedtls_ssl_write_client_hello(ssl); in mbedtls_ssl_handshake_client_step()
3521 ret = ssl_parse_server_hello(ssl); in mbedtls_ssl_handshake_client_step()
3525 ret = mbedtls_ssl_parse_certificate(ssl); in mbedtls_ssl_handshake_client_step()
3529 ret = ssl_parse_server_key_exchange(ssl); in mbedtls_ssl_handshake_client_step()
3533 ret = ssl_parse_certificate_request(ssl); in mbedtls_ssl_handshake_client_step()
3537 ret = ssl_parse_server_hello_done(ssl); in mbedtls_ssl_handshake_client_step()
3548 ret = mbedtls_ssl_write_certificate(ssl); in mbedtls_ssl_handshake_client_step()
3552 ret = ssl_write_client_key_exchange(ssl); in mbedtls_ssl_handshake_client_step()
3556 ret = ssl_write_certificate_verify(ssl); in mbedtls_ssl_handshake_client_step()
3560 ret = mbedtls_ssl_write_change_cipher_spec(ssl); in mbedtls_ssl_handshake_client_step()
3564 ret = mbedtls_ssl_write_finished(ssl); in mbedtls_ssl_handshake_client_step()
3574 ret = ssl_parse_new_session_ticket(ssl); in mbedtls_ssl_handshake_client_step()
3579 ret = mbedtls_ssl_parse_change_cipher_spec(ssl); in mbedtls_ssl_handshake_client_step()
3583 ret = mbedtls_ssl_parse_finished(ssl); in mbedtls_ssl_handshake_client_step()
3588 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; in mbedtls_ssl_handshake_client_step()
3592 mbedtls_ssl_handshake_wrapup(ssl); in mbedtls_ssl_handshake_client_step()
3596 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_handshake_client_step()