Lines Matching refs:ssl
25 mbedtls_ssl_context *ssl, in ssl_tls13_validate_peer_ciphersuite() argument
29 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { in ssl_tls13_validate_peer_ciphersuite()
34 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_tls13_validate_peer_ciphersuite()
35 ssl->tls_version, in ssl_tls13_validate_peer_ciphersuite()
36 ssl->tls_version) != 0)) { in ssl_tls13_validate_peer_ciphersuite()
43 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite() argument
71 ssl_tls13_validate_peer_ciphersuite(ssl, id); in ssl_tls13_select_ciphersuite()
109 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_exchange_modes_ext() argument
147 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
177 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
179 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
184 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match_ticket() argument
204 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { in ssl_tls13_offered_psks_check_identity_match_ticket()
219 ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, in ssl_tls13_offered_psks_check_identity_match_ticket()
331 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match() argument
348 ssl, identity, identity_len, obfuscated_ticket_age, session); in ssl_tls13_offered_psks_check_identity_match()
351 ret = mbedtls_ssl_set_hs_psk(ssl, in ssl_tls13_offered_psks_check_identity_match()
371 if (ssl->conf->f_psk != NULL) { in ssl_tls13_offered_psks_check_identity_match()
372 if (ssl->conf->f_psk( in ssl_tls13_offered_psks_check_identity_match()
373 ssl->conf->p_psk, ssl, identity, identity_len) == 0) { in ssl_tls13_offered_psks_check_identity_match()
381 if (ssl->conf->psk_identity != NULL && in ssl_tls13_offered_psks_check_identity_match()
382 identity_len == ssl->conf->psk_identity_len && in ssl_tls13_offered_psks_check_identity_match()
383 mbedtls_ct_memcmp(ssl->conf->psk_identity, in ssl_tls13_offered_psks_check_identity_match()
385 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); in ssl_tls13_offered_psks_check_identity_match()
406 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_binder_match() argument
424 ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), in ssl_tls13_offered_psks_check_binder_match()
430 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); in ssl_tls13_offered_psks_check_binder_match()
435 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, in ssl_tls13_offered_psks_check_binder_match()
519 mbedtls_ssl_context *ssl, in ssl_tls13_parse_pre_shared_key_ext() argument
562 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
601 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_parse_pre_shared_key_ext()
620 ssl->session_negotiate->ticket_flags = session.ticket_flags; in ssl_tls13_parse_pre_shared_key_ext()
634 ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
638 ssl_tls13_key_exchange_is_psk_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
647 ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, in ssl_tls13_parse_pre_shared_key_ext()
667 ssl, binder, binder_len, psk->type, in ssl_tls13_parse_pre_shared_key_ext()
689 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, in ssl_tls13_parse_pre_shared_key_ext()
707 ret = ssl->handshake->update_checksum( in ssl_tls13_parse_pre_shared_key_ext()
708 ssl, identities_end, (size_t) (binders_end - identities_end)); in ssl_tls13_parse_pre_shared_key_ext()
718 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
733 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_pre_shared_key_ext() argument
744 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
746 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
760 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
765 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
767 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); in ssl_tls13_write_server_pre_shared_key_ext()
780 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_versions_ext() argument
798 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); in ssl_tls13_parse_supported_versions_ext()
807 mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_parse_supported_versions_ext()
839 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_groups_ext() argument
853 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
866 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || in ssl_tls13_parse_supported_groups_ext()
868 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
877 ssl->handshake->hrr_selected_group = named_group; in ssl_tls13_parse_supported_groups_ext()
901 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_shares_ext() argument
923 ssl->handshake->offered_group_id = 0; in ssl_tls13_parse_key_shares_ext()
954 if (!mbedtls_ssl_named_group_is_offered(ssl, group) || in ssl_tls13_parse_key_shares_ext()
956 ssl->handshake->offered_group_id != 0) { in ssl_tls13_parse_key_shares_ext()
969 ssl, key_exchange - 2, key_exchange_len + 2); in ssl_tls13_parse_key_shares_ext()
980 ssl->handshake->offered_group_id = group; in ssl_tls13_parse_key_shares_ext()
984 if (ssl->handshake->offered_group_id == 0) { in ssl_tls13_parse_key_shares_ext()
993 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, in ssl_tls13_client_hello_has_exts() argument
996 int masked = ssl->handshake->received_extensions & exts_mask; in ssl_tls13_client_hello_has_exts()
1003 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange() argument
1006 ssl, in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()
1016 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_key_exchange() argument
1019 ssl, in ssl_tls13_client_hello_has_exts_for_psk_key_exchange()
1028 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange() argument
1031 ssl, in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange()
1041 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_available() argument
1044 return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1045 mbedtls_ssl_tls13_is_psk_supported(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1046 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_available()
1048 ((void) ssl); in ssl_tls13_key_exchange_is_psk_available()
1054 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_ephemeral_available() argument
1057 return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1058 mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1059 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1061 ((void) ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1068 static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_ephemeral_available() argument
1071 return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_ephemeral_available()
1072 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1074 ((void) ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1115 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) in ssl_tls13_pick_key_cert() argument
1118 const uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_pick_key_cert()
1121 if (ssl->handshake->sni_key_cert != NULL) { in ssl_tls13_pick_key_cert()
1122 key_cert_list = ssl->handshake->sni_key_cert; in ssl_tls13_pick_key_cert()
1125 key_cert_list = ssl->conf->key_cert; in ssl_tls13_pick_key_cert()
1133 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_pick_key_cert()
1181 ssl->handshake->key_cert = key_cert; in ssl_tls13_pick_key_cert()
1190 ssl->handshake->key_cert->cert); in ssl_tls13_pick_key_cert()
1249 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_parse_client_hello() argument
1265 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_parse_client_hello()
1303 if (mbedtls_ssl_read_version(p, ssl->conf->transport) != in ssl_tls13_parse_client_hello()
1374 ssl, p + 1 + p[0], end, in ssl_tls13_parse_client_hello()
1387 ret = ssl_tls13_parse_supported_versions_ext(ssl, in ssl_tls13_parse_client_hello()
1411 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1412 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1413 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_tls13_parse_client_hello()
1416 ret = mbedtls_ssl_tls13_crypto_init(ssl); in ssl_tls13_parse_client_hello()
1430 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { in ssl_tls13_parse_client_hello()
1434 ssl->session_negotiate->id_len = legacy_session_id_len; in ssl_tls13_parse_client_hello()
1437 memcpy(&ssl->session_negotiate->id[0], in ssl_tls13_parse_client_hello()
1446 ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, in ssl_tls13_parse_client_hello()
1454 ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1495 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_parse_client_hello()
1525 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, in ssl_tls13_parse_client_hello()
1535 ret = mbedtls_ssl_parse_server_name_ext(ssl, p, in ssl_tls13_parse_client_hello()
1556 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1578 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1603 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1636 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1650 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1664 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1686 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in ssl_tls13_parse_client_hello()
1703 ret = handshake->update_checksum(ssl, buf, in ssl_tls13_parse_client_hello()
1709 ret = ssl_tls13_parse_pre_shared_key_ext(ssl, in ssl_tls13_parse_client_hello()
1725 ret = handshake->update_checksum(ssl, buf, p - buf); in ssl_tls13_parse_client_hello()
1755 if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { in ssl_tls13_parse_client_hello()
1781 ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1798 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); in ssl_tls13_parse_client_hello()
1804 static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) in ssl_tls13_check_early_data_requirements() argument
1806 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_check_early_data_requirements()
1808 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { in ssl_tls13_check_early_data_requirements()
1847 ssl->session_negotiate->ciphersuite) { in ssl_tls13_check_early_data_requirements()
1855 if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { in ssl_tls13_check_early_data_requirements()
1864 const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl); in ssl_tls13_check_early_data_requirements()
1867 if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) { in ssl_tls13_check_early_data_requirements()
1876 ssl->session_negotiate->ticket_alpn == NULL || in ssl_tls13_check_early_data_requirements()
1877 alpn_len != strlen(ssl->session_negotiate->ticket_alpn) || in ssl_tls13_check_early_data_requirements()
1878 (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) { in ssl_tls13_check_early_data_requirements()
1892 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_postprocess_client_hello() argument
1900 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_tls13_postprocess_client_hello()
1905 ssl->handshake->sni_name = NULL; in ssl_tls13_postprocess_client_hello()
1906 ssl->handshake->sni_name_len = 0; in ssl_tls13_postprocess_client_hello()
1909 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); in ssl_tls13_postprocess_client_hello()
1917 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { in ssl_tls13_postprocess_client_hello()
1918 ssl->handshake->early_data_accepted = in ssl_tls13_postprocess_client_hello()
1919 (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); in ssl_tls13_postprocess_client_hello()
1921 if (ssl->handshake->early_data_accepted) { in ssl_tls13_postprocess_client_hello()
1922 ret = mbedtls_ssl_tls13_compute_early_transform(ssl); in ssl_tls13_postprocess_client_hello()
1929 ssl->discard_early_data_record = in ssl_tls13_postprocess_client_hello()
1947 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_hello() argument
1958 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in ssl_tls13_process_client_hello()
1961 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, in ssl_tls13_process_client_hello()
1978 if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_process_client_hello()
1986 ssl->keep_current_message = 1; in ssl_tls13_process_client_hello()
1987 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in ssl_tls13_process_client_hello()
1992 ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == in ssl_tls13_process_client_hello()
1996 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in ssl_tls13_process_client_hello()
1998 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); in ssl_tls13_process_client_hello()
2011 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_server_hello() argument
2015 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; in ssl_tls13_prepare_server_hello()
2017 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, in ssl_tls13_prepare_server_hello()
2027 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_tls13_prepare_server_hello()
2042 mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_supported_versions_ext() argument
2063 ssl->conf->transport, in ssl_tls13_write_server_hello_supported_versions_ext()
2064 ssl->tls_version); in ssl_tls13_write_server_hello_supported_versions_ext()
2067 ssl->tls_version)); in ssl_tls13_write_server_hello_supported_versions_ext()
2072 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); in ssl_tls13_write_server_hello_supported_versions_ext()
2082 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, in ssl_tls13_generate_and_write_key_share() argument
2096 ssl, named_group, buf, end, out_len); in ssl_tls13_generate_and_write_key_share()
2107 ((void) ssl); in ssl_tls13_generate_and_write_key_share()
2131 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_key_share_ext() argument
2138 uint16_t group = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
2164 ssl, group, server_share + 4, end, &key_exchange_length); in ssl_tls13_write_key_share_ext()
2176 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_key_share_ext()
2182 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_hrr_key_share_ext() argument
2187 uint16_t selected_group = ssl->handshake->hrr_selected_group; in ssl_tls13_write_hrr_key_share_ext()
2207 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_hrr_key_share_ext()
2213 if (ssl->handshake->offered_group_id != 0) { in ssl_tls13_write_hrr_key_share_ext()
2241 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_hrr_key_share_ext()
2259 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_body() argument
2271 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_server_hello_body()
2294 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], in ssl_tls13_write_server_hello_body()
2305 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2306 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2307 if (ssl->session_negotiate->id_len > 0) { in ssl_tls13_write_server_hello_body()
2308 memcpy(p, &ssl->session_negotiate->id[0], in ssl_tls13_write_server_hello_body()
2309 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2310 p += ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2312 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_tls13_write_server_hello_body()
2313 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2323 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_tls13_write_server_hello_body()
2328 ssl->session_negotiate->ciphersuite), in ssl_tls13_write_server_hello_body()
2329 ssl->session_negotiate->ciphersuite)); in ssl_tls13_write_server_hello_body()
2351 ssl, p, end, &output_len)) != 0) { in ssl_tls13_write_server_hello_body()
2358 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_server_hello_body()
2360 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2362 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2371 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_server_hello_body()
2372 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2394 ssl->handshake->sent_extensions); in ssl_tls13_write_server_hello_body()
2400 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_finalize_server_hello() argument
2403 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); in ssl_tls13_finalize_server_hello()
2415 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_hello() argument
2423 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); in ssl_tls13_write_server_hello()
2426 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); in ssl_tls13_write_server_hello()
2428 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_server_hello()
2434 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_server_hello()
2437 ssl, buf_len, msg_len)); in ssl_tls13_write_server_hello()
2439 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); in ssl_tls13_write_server_hello()
2447 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); in ssl_tls13_write_server_hello()
2449 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in ssl_tls13_write_server_hello()
2463 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_hello_retry_request() argument
2466 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_prepare_hello_retry_request()
2477 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); in ssl_tls13_prepare_hello_retry_request()
2482 mbedtls_ssl_session_reset_msg_layer(ssl, 0); in ssl_tls13_prepare_hello_retry_request()
2488 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_hello_retry_request() argument
2496 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); in ssl_tls13_write_hello_retry_request()
2499 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, in ssl_tls13_write_hello_retry_request()
2502 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_hello_retry_request()
2507 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_hello_retry_request()
2510 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, in ssl_tls13_write_hello_retry_request()
2513 ssl->handshake->hello_retry_request_flag = 1; in ssl_tls13_write_hello_retry_request()
2521 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); in ssl_tls13_write_hello_retry_request()
2523 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in ssl_tls13_write_hello_retry_request()
2542 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_encrypted_extensions_body() argument
2559 ((void) ssl); in ssl_tls13_write_encrypted_extensions_body()
2564 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2572 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_encrypted_extensions_body()
2574 ssl, 0, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2583 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { in ssl_tls13_write_encrypted_extensions_body()
2585 ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2601 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); in ssl_tls13_write_encrypted_extensions_body()
2607 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) in ssl_tls13_write_encrypted_extensions() argument
2613 mbedtls_ssl_set_outbound_transform(ssl, in ssl_tls13_write_encrypted_extensions()
2614 ssl->handshake->transform_handshake); in ssl_tls13_write_encrypted_extensions()
2621 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2625 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_encrypted_extensions()
2628 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2632 ssl, buf_len, msg_len)); in ssl_tls13_write_encrypted_extensions()
2635 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_encrypted_extensions()
2636 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2638 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); in ssl_tls13_write_encrypted_extensions()
2641 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2662 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_certificate_request_coordinate() argument
2667 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_certificate_request_coordinate()
2668 authmode = ssl->handshake->sni_authmode; in ssl_tls13_certificate_request_coordinate()
2671 authmode = ssl->conf->authmode; in ssl_tls13_certificate_request_coordinate()
2674 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in ssl_tls13_certificate_request_coordinate()
2678 ssl->handshake->certificate_request_sent = 1; in ssl_tls13_certificate_request_coordinate()
2691 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_request_body() argument
2725 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_tls13_write_certificate_request_body()
2736 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_request_body()
2742 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_request() argument
2748 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); in ssl_tls13_write_certificate_request()
2755 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2759 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_certificate_request()
2762 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2766 ssl, buf_len, msg_len)); in ssl_tls13_write_certificate_request()
2776 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); in ssl_tls13_write_certificate_request()
2787 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_certificate() argument
2792 if ((ssl_tls13_pick_key_cert(ssl) != 0) || in ssl_tls13_write_server_certificate()
2793 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_tls13_write_server_certificate()
2801 ret = mbedtls_ssl_tls13_write_certificate(ssl); in ssl_tls13_write_server_certificate()
2805 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); in ssl_tls13_write_server_certificate()
2813 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_verify() argument
2815 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); in ssl_tls13_write_certificate_verify()
2819 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_certificate_verify()
2865 mbedtls_ssl_context *ssl) in ssl_tls13_prepare_for_handshake_second_flight() argument
2867 if (ssl->handshake->certificate_request_sent) { in ssl_tls13_prepare_for_handshake_second_flight()
2868 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); in ssl_tls13_prepare_for_handshake_second_flight()
2873 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); in ssl_tls13_prepare_for_handshake_second_flight()
2881 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_finished() argument
2885 ret = mbedtls_ssl_tls13_write_finished_message(ssl); in ssl_tls13_write_server_finished()
2890 ret = mbedtls_ssl_tls13_compute_application_transform(ssl); in ssl_tls13_write_server_finished()
2899 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_server_finished()
2905 ssl, ssl->handshake->transform_earlydata); in ssl_tls13_write_server_finished()
2906 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); in ssl_tls13_write_server_finished()
2913 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); in ssl_tls13_write_server_finished()
2915 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_write_server_finished()
2935 static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_end_of_early_data_coordinate() argument
2939 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in ssl_tls13_end_of_early_data_coordinate()
2943 ssl->keep_current_message = 1; in ssl_tls13_end_of_early_data_coordinate()
2945 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_tls13_end_of_early_data_coordinate()
2946 ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2951 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2952 if (ssl->in_offt == NULL) { in ssl_tls13_end_of_early_data_coordinate()
2955 ssl->in_offt = ssl->in_msg; in ssl_tls13_end_of_early_data_coordinate()
2956 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); in ssl_tls13_end_of_early_data_coordinate()
2970 static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, in ssl_tls13_parse_end_of_early_data() argument
3024 static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) in ssl_tls13_process_end_of_early_data() argument
3030 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); in ssl_tls13_process_end_of_early_data()
3037 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3041 ssl, buf, buf + buf_len)); in ssl_tls13_process_end_of_early_data()
3047 ssl, ssl->handshake->transform_handshake); in ssl_tls13_process_end_of_early_data()
3050 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3053 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_process_end_of_early_data()
3074 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_finished() argument
3078 ret = mbedtls_ssl_tls13_process_finished_message(ssl); in ssl_tls13_process_client_finished()
3083 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); in ssl_tls13_process_client_finished()
3089 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in ssl_tls13_process_client_finished()
3097 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in ssl_tls13_handshake_wrapup() argument
3101 mbedtls_ssl_tls13_handshake_wrapup(ssl); in ssl_tls13_handshake_wrapup()
3110 if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { in ssl_tls13_handshake_wrapup()
3112 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in ssl_tls13_handshake_wrapup()
3116 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_handshake_wrapup()
3128 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket_coordinate() argument
3131 if (ssl->conf->f_ticket_write == NULL) { in ssl_tls13_write_new_session_ticket_coordinate()
3136 if (ssl->conf->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3142 if (ssl->handshake->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3152 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, in ssl_tls13_prepare_new_session_ticket() argument
3157 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_prepare_new_session_ticket()
3169 session, ssl->handshake->tls13_kex_modes); in ssl_tls13_prepare_new_session_ticket()
3173 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && in ssl_tls13_prepare_new_session_ticket()
3174 ssl->conf->max_early_data_size > 0) { in ssl_tls13_prepare_new_session_ticket()
3177 session->max_early_data_size = ssl->conf->max_early_data_size; in ssl_tls13_prepare_new_session_ticket()
3185 ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen); in ssl_tls13_prepare_new_session_ticket()
3193 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_tls13_prepare_new_session_ticket()
3203 ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); in ssl_tls13_prepare_new_session_ticket()
3212 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; in ssl_tls13_prepare_new_session_ticket()
3282 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_new_session_ticket_body() argument
3291 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_write_new_session_ticket_body()
3311 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_tls13_write_new_session_ticket_body()
3362 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_new_session_ticket_body()
3373 ssl, 1, p, end, &output_len)) != 0) { in ssl_tls13_write_new_session_ticket_body()
3394 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); in ssl_tls13_write_new_session_ticket_body()
3402 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket() argument
3406 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); in ssl_tls13_write_new_session_ticket()
3414 ssl, ticket_nonce, sizeof(ticket_nonce))); in ssl_tls13_write_new_session_ticket()
3417 ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, in ssl_tls13_write_new_session_ticket()
3421 ssl, buf, buf + buf_len, &msg_len, in ssl_tls13_write_new_session_ticket()
3425 ssl, buf_len, msg_len)); in ssl_tls13_write_new_session_ticket()
3431 if (ssl->handshake->resume == 1) { in ssl_tls13_write_new_session_ticket()
3432 ssl->handshake->new_session_tickets_count = 0; in ssl_tls13_write_new_session_ticket()
3434 ssl->handshake->new_session_tickets_count--; in ssl_tls13_write_new_session_ticket()
3438 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); in ssl_tls13_write_new_session_ticket()
3440 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_write_new_session_ticket()
3452 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_server_step() argument
3456 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3461 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), in mbedtls_ssl_tls13_handshake_server_step()
3462 ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()
3464 switch (ssl->state) { in mbedtls_ssl_tls13_handshake_server_step()
3467 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3472 ret = ssl_tls13_process_client_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3479 ret = ssl_tls13_write_hello_retry_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3487 ret = ssl_tls13_write_server_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3491 ret = ssl_tls13_write_encrypted_extensions(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3500 ret = ssl_tls13_write_certificate_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3504 ret = ssl_tls13_write_server_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3508 ret = ssl_tls13_write_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3517 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3519 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3524 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3528 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in mbedtls_ssl_tls13_handshake_server_step()
3533 ret = ssl_tls13_write_server_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3538 ret = ssl_tls13_process_end_of_early_data(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3543 ret = ssl_tls13_process_client_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3547 ret = ssl_tls13_handshake_wrapup(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3552 ret = mbedtls_ssl_tls13_process_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3554 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3556 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); in mbedtls_ssl_tls13_handshake_server_step()
3560 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3566 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3569 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3576 ret = ssl_tls13_write_new_session_ticket(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3590 if (ssl->handshake->new_session_tickets_count == 0) { in mbedtls_ssl_tls13_handshake_server_step()
3591 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in mbedtls_ssl_tls13_handshake_server_step()
3594 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in mbedtls_ssl_tls13_handshake_server_step()
3601 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()