Lines Matching refs:ssl
40 int mbedtls_ssl_tls13_crypto_init(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_crypto_init() argument
44 (void) ssl; // unused when debugging is disabled in mbedtls_ssl_tls13_crypto_init()
57 int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_fetch_handshake_msg() argument
64 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in mbedtls_ssl_tls13_fetch_handshake_msg()
69 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in mbedtls_ssl_tls13_fetch_handshake_msg()
70 ssl->in_msg[0] != hs_type) { in mbedtls_ssl_tls13_fetch_handshake_msg()
85 *buf = ssl->in_msg + 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
86 *buf_len = ssl->in_hslen - 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
94 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts() argument
222 static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, in ssl_tls13_parse_certificate_verify() argument
270 if (!mbedtls_ssl_sig_alg_is_offered(ssl, algorithm)) { in ssl_tls13_parse_certificate_verify()
294 if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) { in ssl_tls13_parse_certificate_verify()
326 &ssl->session_negotiate->peer_cert->pk, in ssl_tls13_parse_certificate_verify()
346 int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_certificate_verify() argument
362 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len)); in mbedtls_ssl_tls13_process_certificate_verify()
369 ssl, in mbedtls_ssl_tls13_process_certificate_verify()
370 (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in mbedtls_ssl_tls13_process_certificate_verify()
387 (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ? in mbedtls_ssl_tls13_process_certificate_verify()
393 ssl, buf, buf + buf_len, in mbedtls_ssl_tls13_process_certificate_verify()
397 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_process_certificate_verify()
406 ((void) ssl); in mbedtls_ssl_tls13_process_certificate_verify()
450 int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_certificate() argument
459 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_parse_certificate()
478 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_parse_certificate()
479 mbedtls_x509_crt_free(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
480 mbedtls_free(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
485 ssl->session_negotiate->peer_cert = NULL; in mbedtls_ssl_tls13_parse_certificate()
490 if ((ssl->session_negotiate->peer_cert = in mbedtls_ssl_tls13_parse_certificate()
499 mbedtls_x509_crt_init(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
524 ret = mbedtls_x509_crt_parse_der(ssl->session_negotiate->peer_cert, in mbedtls_ssl_tls13_parse_certificate()
583 ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, in mbedtls_ssl_tls13_parse_certificate()
614 ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
621 int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_certificate() argument
625 ((void) ssl); in mbedtls_ssl_tls13_parse_certificate()
637 static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_validate_certificate() argument
641 const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET in ssl_tls13_validate_certificate()
642 ? ssl->handshake->sni_authmode in ssl_tls13_validate_certificate()
643 : ssl->conf->authmode; in ssl_tls13_validate_certificate()
645 const int authmode = ssl->conf->authmode; in ssl_tls13_validate_certificate()
655 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_tls13_validate_certificate()
659 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_validate_certificate()
664 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; in ssl_tls13_validate_certificate()
682 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_validate_certificate()
690 return mbedtls_ssl_verify_certificate(ssl, authmode, in ssl_tls13_validate_certificate()
691 ssl->session_negotiate->peer_cert, in ssl_tls13_validate_certificate()
696 static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_validate_certificate() argument
698 ((void) ssl); in ssl_tls13_validate_certificate()
704 int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_certificate() argument
714 ssl, MBEDTLS_SSL_HS_CERTIFICATE, in mbedtls_ssl_tls13_process_certificate()
718 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_parse_certificate(ssl, buf, in mbedtls_ssl_tls13_process_certificate()
721 MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); in mbedtls_ssl_tls13_process_certificate()
724 ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); in mbedtls_ssl_tls13_process_certificate()
728 (void) ssl; in mbedtls_ssl_tls13_process_certificate()
760 static int ssl_tls13_write_certificate_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_body() argument
765 const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert(ssl); in ssl_tls13_write_certificate_body()
768 ssl->handshake->certificate_request_context; in ssl_tls13_write_certificate_body()
770 ssl->handshake->certificate_request_context_len; in ssl_tls13_write_certificate_body()
819 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_body()
824 int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_certificate() argument
833 ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len)); in mbedtls_ssl_tls13_write_certificate()
835 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl, in mbedtls_ssl_tls13_write_certificate()
841 ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); in mbedtls_ssl_tls13_write_certificate()
844 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_certificate()
899 static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_verify_body() argument
913 uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_write_certificate_verify_body()
918 own_key = mbedtls_ssl_own_key(ssl); in ssl_tls13_write_certificate_verify_body()
925 ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in ssl_tls13_write_certificate_verify_body()
937 ssl->conf->endpoint); in ssl_tls13_write_certificate_verify_body()
958 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_write_certificate_verify_body()
991 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_tls13_write_certificate_verify_body()
1025 int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_certificate_verify() argument
1034 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_write_certificate_verify()
1038 ssl, buf, buf + buf_len, &msg_len)); in mbedtls_ssl_tls13_write_certificate_verify()
1041 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_write_certificate_verify()
1045 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_certificate_verify()
1064 static int ssl_tls13_preprocess_finished_message(mbedtls_ssl_context *ssl) in ssl_tls13_preprocess_finished_message() argument
1069 ssl, in ssl_tls13_preprocess_finished_message()
1070 ssl->handshake->state_local.finished_in.digest, in ssl_tls13_preprocess_finished_message()
1071 sizeof(ssl->handshake->state_local.finished_in.digest), in ssl_tls13_preprocess_finished_message()
1072 &ssl->handshake->state_local.finished_in.digest_len, in ssl_tls13_preprocess_finished_message()
1073 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ? in ssl_tls13_preprocess_finished_message()
1084 static int ssl_tls13_parse_finished_message(mbedtls_ssl_context *ssl, in ssl_tls13_parse_finished_message() argument
1094 ssl->handshake->state_local.finished_in.digest; in ssl_tls13_parse_finished_message()
1096 ssl->handshake->state_local.finished_in.digest_len; in ssl_tls13_parse_finished_message()
1125 int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_finished_message() argument
1134 ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1137 MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl)); in mbedtls_ssl_tls13_process_finished_message()
1140 ssl, buf, buf + buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1143 ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1161 static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_finished_message() argument
1166 ret = mbedtls_ssl_tls13_calculate_verify_data(ssl, in ssl_tls13_prepare_finished_message()
1167 ssl->handshake->state_local.finished_out.digest, in ssl_tls13_prepare_finished_message()
1168 sizeof(ssl->handshake->state_local.finished_out. in ssl_tls13_prepare_finished_message()
1170 … &ssl->handshake->state_local.finished_out.digest_len, in ssl_tls13_prepare_finished_message()
1171 ssl->conf->endpoint); in ssl_tls13_prepare_finished_message()
1182 static int ssl_tls13_write_finished_message_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_finished_message_body() argument
1187 size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; in ssl_tls13_write_finished_message_body()
1195 memcpy(buf, ssl->handshake->state_local.finished_out.digest, in ssl_tls13_write_finished_message_body()
1203 int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_finished_message() argument
1211 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_finished_message(ssl)); in mbedtls_ssl_tls13_write_finished_message()
1213 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in mbedtls_ssl_tls13_write_finished_message()
1217 ssl, buf, buf + buf_len, &msg_len)); in mbedtls_ssl_tls13_write_finished_message()
1219 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, in mbedtls_ssl_tls13_write_finished_message()
1223 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_finished_message()
1230 void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_wrapup() argument
1236 mbedtls_ssl_set_inbound_transform(ssl, ssl->transform_application); in mbedtls_ssl_tls13_handshake_wrapup()
1239 mbedtls_ssl_set_outbound_transform(ssl, ssl->transform_application); in mbedtls_ssl_tls13_handshake_wrapup()
1244 if (ssl->session) { in mbedtls_ssl_tls13_handshake_wrapup()
1245 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1246 mbedtls_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1248 ssl->session = ssl->session_negotiate; in mbedtls_ssl_tls13_handshake_wrapup()
1249 ssl->session_negotiate = NULL; in mbedtls_ssl_tls13_handshake_wrapup()
1261 static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_change_cipher_spec_body() argument
1266 ((void) ssl); in ssl_tls13_write_change_cipher_spec_body()
1275 int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_change_cipher_spec() argument
1282 if (ssl->handshake->ccs_sent) { in mbedtls_ssl_tls13_write_change_cipher_spec()
1289 ssl, ssl->out_msg, in mbedtls_ssl_tls13_write_change_cipher_spec()
1290 ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, in mbedtls_ssl_tls13_write_change_cipher_spec()
1291 &ssl->out_msglen)); in mbedtls_ssl_tls13_write_change_cipher_spec()
1293 ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; in mbedtls_ssl_tls13_write_change_cipher_spec()
1296 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); in mbedtls_ssl_tls13_write_change_cipher_spec()
1298 ssl->handshake->ccs_sent = 1; in mbedtls_ssl_tls13_write_change_cipher_spec()
1319 int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_write_early_data_ext() argument
1343 MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); in mbedtls_ssl_tls13_write_early_data_ext()
1346 (unsigned int) ssl->conf->max_early_data_size)); in mbedtls_ssl_tls13_write_early_data_ext()
1352 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); in mbedtls_ssl_tls13_write_early_data_ext()
1358 int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_check_early_data_len() argument
1366 if (ssl->session_negotiate == NULL) { in mbedtls_ssl_tls13_check_early_data_len()
1380 (ssl->session_negotiate->max_early_data_size - in mbedtls_ssl_tls13_check_early_data_len()
1381 ssl->total_early_data_size)) { in mbedtls_ssl_tls13_check_early_data_len()
1386 (unsigned long) ssl->total_early_data_size, in mbedtls_ssl_tls13_check_early_data_len()
1388 (unsigned long) ssl->session_negotiate->max_early_data_size)); in mbedtls_ssl_tls13_check_early_data_len()
1401 ssl->total_early_data_size += (uint32_t) early_data_len; in mbedtls_ssl_tls13_check_early_data_len()
1419 int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) in mbedtls_ssl_reset_transcript_for_hrr() argument
1425 ssl->handshake->ciphersuite_info; in mbedtls_ssl_reset_transcript_for_hrr()
1429 ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, in mbedtls_ssl_reset_transcript_for_hrr()
1449 ret = mbedtls_ssl_reset_checksum(ssl); in mbedtls_ssl_reset_transcript_for_hrr()
1454 ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); in mbedtls_ssl_reset_transcript_for_hrr()
1465 int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_read_public_xxdhe_share() argument
1471 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_read_public_xxdhe_share()
1536 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange() argument
1546 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange()
1577 ssl->handshake->xxdh_psa_bits = bits; in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange()
1620 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_check_received_extension() argument
1640 ssl->handshake->received_extensions |= extension_mask; in mbedtls_ssl_tls13_check_received_extension()
1651 if ((ssl->handshake->sent_extensions & extension_mask) != 0) { in mbedtls_ssl_tls13_check_received_extension()
1676 int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_record_size_limit_ext() argument
1717 ssl->session_negotiate->record_size_limit = record_size_limit; in mbedtls_ssl_tls13_parse_record_size_limit_ext()
1723 int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_write_record_size_limit_ext() argument
1747 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); in mbedtls_ssl_tls13_write_record_size_limit_ext()