Lines Matching refs:ssl
62 static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) in ssl_ep_len() argument
65 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_ep_len()
68 ((void) ssl); in ssl_ep_len()
77 static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) in ssl_set_timer() argument
79 if( ssl->f_set_timer == NULL ) in ssl_set_timer()
83 ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); in ssl_set_timer()
89 static int ssl_check_timer( mbedtls_ssl_context *ssl ) in ssl_check_timer() argument
91 if( ssl->f_get_timer == NULL ) in ssl_check_timer()
94 if( ssl->f_get_timer( ssl->p_timer ) == 2 ) in ssl_check_timer()
108 static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) in ssl_double_retransmit_timeout() argument
112 if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) in ssl_double_retransmit_timeout()
115 new_timeout = 2 * ssl->handshake->retransmit_timeout; in ssl_double_retransmit_timeout()
118 if( new_timeout < ssl->handshake->retransmit_timeout || in ssl_double_retransmit_timeout()
119 new_timeout > ssl->conf->hs_timeout_max ) in ssl_double_retransmit_timeout()
121 new_timeout = ssl->conf->hs_timeout_max; in ssl_double_retransmit_timeout()
124 ssl->handshake->retransmit_timeout = new_timeout; in ssl_double_retransmit_timeout()
126 ssl->handshake->retransmit_timeout ) ); in ssl_double_retransmit_timeout()
131 static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) in ssl_reset_retransmit_timeout() argument
133 ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; in ssl_reset_retransmit_timeout()
135 ssl->handshake->retransmit_timeout ) ); in ssl_reset_retransmit_timeout()
201 int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
208 int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
209 int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
210 int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
211 int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
212 int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
484 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) in mbedtls_ssl_derive_keys() argument
497 mbedtls_ssl_session *session = ssl->session_negotiate; in mbedtls_ssl_derive_keys()
498 mbedtls_ssl_transform *transform = ssl->transform_negotiate; in mbedtls_ssl_derive_keys()
499 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_derive_keys()
523 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_derive_keys()
532 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) in mbedtls_ssl_derive_keys()
542 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && in mbedtls_ssl_derive_keys()
552 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in mbedtls_ssl_derive_keys()
582 if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) in mbedtls_ssl_derive_keys()
589 ssl->handshake->calc_verify( ssl, session_hash ); in mbedtls_ssl_derive_keys()
592 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in mbedtls_ssl_derive_keys()
595 if( ssl->transform_negotiate->ciphersuite_info->mac == in mbedtls_ssl_derive_keys()
745 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || in mbedtls_ssl_derive_keys()
746 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) in mbedtls_ssl_derive_keys()
751 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || in mbedtls_ssl_derive_keys()
752 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in mbedtls_ssl_derive_keys()
773 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_derive_keys()
793 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_derive_keys()
818 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_derive_keys()
833 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) in mbedtls_ssl_derive_keys()
852 if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, in mbedtls_ssl_derive_keys()
865 if( ssl->conf->f_export_keys != NULL ) in mbedtls_ssl_derive_keys()
867 ssl->conf->f_export_keys( ssl->conf->p_export_keys, in mbedtls_ssl_derive_keys()
930 if( ssl->compress_buf == NULL ) in mbedtls_ssl_derive_keys()
933 ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN ); in mbedtls_ssl_derive_keys()
934 if( ssl->compress_buf == NULL ) in mbedtls_ssl_derive_keys()
963 void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) in ssl_calc_verify_ssl() argument
975 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); in ssl_calc_verify_ssl()
976 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); in ssl_calc_verify_ssl()
981 mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); in ssl_calc_verify_ssl()
986 mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); in ssl_calc_verify_ssl()
991 mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); in ssl_calc_verify_ssl()
996 mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); in ssl_calc_verify_ssl()
1012 void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) in ssl_calc_verify_tls() argument
1022 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); in ssl_calc_verify_tls()
1023 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); in ssl_calc_verify_tls()
1040 void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) in ssl_calc_verify_tls_sha256() argument
1048 mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); in ssl_calc_verify_tls_sha256()
1061 void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) in ssl_calc_verify_tls_sha384() argument
1069 mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); in ssl_calc_verify_tls_sha384()
1083 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) in mbedtls_ssl_psk_derive_premaster() argument
1085 unsigned char *p = ssl->handshake->premaster; in mbedtls_ssl_psk_derive_premaster()
1086 unsigned char *end = p + sizeof( ssl->handshake->premaster ); in mbedtls_ssl_psk_derive_premaster()
1087 const unsigned char *psk = ssl->conf->psk; in mbedtls_ssl_psk_derive_premaster()
1088 size_t psk_len = ssl->conf->psk_len; in mbedtls_ssl_psk_derive_premaster()
1091 if( ssl->handshake->psk != NULL ) in mbedtls_ssl_psk_derive_premaster()
1093 psk = ssl->handshake->psk; in mbedtls_ssl_psk_derive_premaster()
1094 psk_len = ssl->handshake->psk_len; in mbedtls_ssl_psk_derive_premaster()
1141 if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, in mbedtls_ssl_psk_derive_premaster()
1143 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in mbedtls_ssl_psk_derive_premaster()
1152 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); in mbedtls_ssl_psk_derive_premaster()
1162 if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, in mbedtls_ssl_psk_derive_premaster()
1164 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in mbedtls_ssl_psk_derive_premaster()
1174 MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); in mbedtls_ssl_psk_derive_premaster()
1196 ssl->handshake->pmslen = p - ssl->handshake->premaster; in mbedtls_ssl_psk_derive_premaster()
1253 static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) in ssl_encrypt_buf() argument
1260 if( ssl->session_out == NULL || ssl->transform_out == NULL ) in ssl_encrypt_buf()
1266 mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); in ssl_encrypt_buf()
1269 ssl->out_msg, ssl->out_msglen ); in ssl_encrypt_buf()
1278 && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED in ssl_encrypt_buf()
1283 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_encrypt_buf()
1285 ssl_mac( &ssl->transform_out->md_ctx_enc, in ssl_encrypt_buf()
1286 ssl->transform_out->mac_enc, in ssl_encrypt_buf()
1287 ssl->out_msg, ssl->out_msglen, in ssl_encrypt_buf()
1288 ssl->out_ctr, ssl->out_msgtype ); in ssl_encrypt_buf()
1294 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) in ssl_encrypt_buf()
1296 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); in ssl_encrypt_buf()
1297 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); in ssl_encrypt_buf()
1298 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); in ssl_encrypt_buf()
1299 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, in ssl_encrypt_buf()
1300 ssl->out_msg, ssl->out_msglen ); in ssl_encrypt_buf()
1301 mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, in ssl_encrypt_buf()
1302 ssl->out_msg + ssl->out_msglen ); in ssl_encrypt_buf()
1303 mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); in ssl_encrypt_buf()
1313 ssl->out_msg + ssl->out_msglen, in ssl_encrypt_buf()
1314 ssl->transform_out->maclen ); in ssl_encrypt_buf()
1316 ssl->out_msglen += ssl->transform_out->maclen; in ssl_encrypt_buf()
1332 ssl->out_msglen, 0 ) ); in ssl_encrypt_buf()
1334 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, in ssl_encrypt_buf()
1335 ssl->transform_out->iv_enc, in ssl_encrypt_buf()
1336 ssl->transform_out->ivlen, in ssl_encrypt_buf()
1337 ssl->out_msg, ssl->out_msglen, in ssl_encrypt_buf()
1338 ssl->out_msg, &olen ) ) != 0 ) in ssl_encrypt_buf()
1344 if( ssl->out_msglen != olen ) in ssl_encrypt_buf()
1360 unsigned char taglen = ssl->transform_out->ciphersuite_info->flags & in ssl_encrypt_buf()
1363 memcpy( add_data, ssl->out_ctr, 8 ); in ssl_encrypt_buf()
1364 add_data[8] = ssl->out_msgtype; in ssl_encrypt_buf()
1365 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, in ssl_encrypt_buf()
1366 ssl->conf->transport, add_data + 9 ); in ssl_encrypt_buf()
1367 add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; in ssl_encrypt_buf()
1368 add_data[12] = ssl->out_msglen & 0xFF; in ssl_encrypt_buf()
1376 if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 ) in ssl_encrypt_buf()
1383 memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, in ssl_encrypt_buf()
1384 ssl->out_ctr, 8 ); in ssl_encrypt_buf()
1385 memcpy( ssl->out_iv, ssl->out_ctr, 8 ); in ssl_encrypt_buf()
1387 MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, in ssl_encrypt_buf()
1388 ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); in ssl_encrypt_buf()
1393 enc_msg = ssl->out_msg; in ssl_encrypt_buf()
1394 enc_msglen = ssl->out_msglen; in ssl_encrypt_buf()
1395 ssl->out_msglen += ssl->transform_out->ivlen - in ssl_encrypt_buf()
1396 ssl->transform_out->fixed_ivlen; in ssl_encrypt_buf()
1400 ssl->out_msglen, 0 ) ); in ssl_encrypt_buf()
1405 if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc, in ssl_encrypt_buf()
1406 ssl->transform_out->iv_enc, in ssl_encrypt_buf()
1407 ssl->transform_out->ivlen, in ssl_encrypt_buf()
1423 ssl->out_msglen += taglen; in ssl_encrypt_buf()
1438 padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % in ssl_encrypt_buf()
1439 ssl->transform_out->ivlen; in ssl_encrypt_buf()
1440 if( padlen == ssl->transform_out->ivlen ) in ssl_encrypt_buf()
1444 ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; in ssl_encrypt_buf()
1446 ssl->out_msglen += padlen + 1; in ssl_encrypt_buf()
1448 enc_msglen = ssl->out_msglen; in ssl_encrypt_buf()
1449 enc_msg = ssl->out_msg; in ssl_encrypt_buf()
1456 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) in ssl_encrypt_buf()
1461 ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, in ssl_encrypt_buf()
1462 ssl->transform_out->ivlen ); in ssl_encrypt_buf()
1466 memcpy( ssl->out_iv, ssl->transform_out->iv_enc, in ssl_encrypt_buf()
1467 ssl->transform_out->ivlen ); in ssl_encrypt_buf()
1472 enc_msg = ssl->out_msg; in ssl_encrypt_buf()
1473 enc_msglen = ssl->out_msglen; in ssl_encrypt_buf()
1474 ssl->out_msglen += ssl->transform_out->ivlen; in ssl_encrypt_buf()
1480 ssl->out_msglen, ssl->transform_out->ivlen, in ssl_encrypt_buf()
1483 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, in ssl_encrypt_buf()
1484 ssl->transform_out->iv_enc, in ssl_encrypt_buf()
1485 ssl->transform_out->ivlen, in ssl_encrypt_buf()
1500 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) in ssl_encrypt_buf()
1505 memcpy( ssl->transform_out->iv_enc, in ssl_encrypt_buf()
1506 ssl->transform_out->cipher_ctx_enc.iv, in ssl_encrypt_buf()
1507 ssl->transform_out->ivlen ); in ssl_encrypt_buf()
1526 memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); in ssl_encrypt_buf()
1527 memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); in ssl_encrypt_buf()
1528 pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); in ssl_encrypt_buf()
1529 pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); in ssl_encrypt_buf()
1533 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); in ssl_encrypt_buf()
1534 mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, in ssl_encrypt_buf()
1535 ssl->out_iv, ssl->out_msglen ); in ssl_encrypt_buf()
1536 mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, in ssl_encrypt_buf()
1537 ssl->out_iv + ssl->out_msglen ); in ssl_encrypt_buf()
1538 mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); in ssl_encrypt_buf()
1540 ssl->out_msglen += ssl->transform_out->maclen; in ssl_encrypt_buf()
1567 static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) in ssl_decrypt_buf() argument
1578 if( ssl->session_in == NULL || ssl->transform_in == NULL ) in ssl_decrypt_buf()
1584 mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); in ssl_decrypt_buf()
1586 if( ssl->in_msglen < ssl->transform_in->minlen ) in ssl_decrypt_buf()
1589 ssl->in_msglen, ssl->transform_in->minlen ) ); in ssl_decrypt_buf()
1601 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, in ssl_decrypt_buf()
1602 ssl->transform_in->iv_dec, in ssl_decrypt_buf()
1603 ssl->transform_in->ivlen, in ssl_decrypt_buf()
1604 ssl->in_msg, ssl->in_msglen, in ssl_decrypt_buf()
1605 ssl->in_msg, &olen ) ) != 0 ) in ssl_decrypt_buf()
1611 if( ssl->in_msglen != olen ) in ssl_decrypt_buf()
1628 unsigned char taglen = ssl->transform_in->ciphersuite_info->flags & in ssl_decrypt_buf()
1630 size_t explicit_iv_len = ssl->transform_in->ivlen - in ssl_decrypt_buf()
1631 ssl->transform_in->fixed_ivlen; in ssl_decrypt_buf()
1633 if( ssl->in_msglen < explicit_iv_len + taglen ) in ssl_decrypt_buf()
1636 "+ taglen (%d)", ssl->in_msglen, in ssl_decrypt_buf()
1640 dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; in ssl_decrypt_buf()
1642 dec_msg = ssl->in_msg; in ssl_decrypt_buf()
1643 dec_msg_result = ssl->in_msg; in ssl_decrypt_buf()
1644 ssl->in_msglen = dec_msglen; in ssl_decrypt_buf()
1646 memcpy( add_data, ssl->in_ctr, 8 ); in ssl_decrypt_buf()
1647 add_data[8] = ssl->in_msgtype; in ssl_decrypt_buf()
1648 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, in ssl_decrypt_buf()
1649 ssl->conf->transport, add_data + 9 ); in ssl_decrypt_buf()
1650 add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; in ssl_decrypt_buf()
1651 add_data[12] = ssl->in_msglen & 0xFF; in ssl_decrypt_buf()
1656 memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, in ssl_decrypt_buf()
1657 ssl->in_iv, in ssl_decrypt_buf()
1658 ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); in ssl_decrypt_buf()
1660 MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, in ssl_decrypt_buf()
1661 ssl->transform_in->ivlen ); in ssl_decrypt_buf()
1667 if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, in ssl_decrypt_buf()
1668 ssl->transform_in->iv_dec, in ssl_decrypt_buf()
1669 ssl->transform_in->ivlen, in ssl_decrypt_buf()
1710 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) in ssl_decrypt_buf()
1711 minlen += ssl->transform_in->ivlen; in ssl_decrypt_buf()
1714 if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || in ssl_decrypt_buf()
1715 ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) in ssl_decrypt_buf()
1718 "+ 1 ) ( + expl IV )", ssl->in_msglen, in ssl_decrypt_buf()
1719 ssl->transform_in->ivlen, in ssl_decrypt_buf()
1720 ssl->transform_in->maclen ) ); in ssl_decrypt_buf()
1724 dec_msglen = ssl->in_msglen; in ssl_decrypt_buf()
1725 dec_msg = ssl->in_msg; in ssl_decrypt_buf()
1726 dec_msg_result = ssl->in_msg; in ssl_decrypt_buf()
1732 if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) in ssl_decrypt_buf()
1739 dec_msglen -= ssl->transform_in->maclen; in ssl_decrypt_buf()
1740 ssl->in_msglen -= ssl->transform_in->maclen; in ssl_decrypt_buf()
1742 memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); in ssl_decrypt_buf()
1743 memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); in ssl_decrypt_buf()
1744 pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); in ssl_decrypt_buf()
1745 pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); in ssl_decrypt_buf()
1749 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); in ssl_decrypt_buf()
1750 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, in ssl_decrypt_buf()
1751 ssl->in_iv, ssl->in_msglen ); in ssl_decrypt_buf()
1752 mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); in ssl_decrypt_buf()
1753 mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); in ssl_decrypt_buf()
1755 MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, in ssl_decrypt_buf()
1756 ssl->transform_in->maclen ); in ssl_decrypt_buf()
1758 ssl->transform_in->maclen ); in ssl_decrypt_buf()
1760 if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, in ssl_decrypt_buf()
1761 ssl->transform_in->maclen ) != 0 ) in ssl_decrypt_buf()
1774 if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) in ssl_decrypt_buf()
1777 ssl->in_msglen, ssl->transform_in->ivlen ) ); in ssl_decrypt_buf()
1785 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) in ssl_decrypt_buf()
1787 dec_msglen -= ssl->transform_in->ivlen; in ssl_decrypt_buf()
1788 ssl->in_msglen -= ssl->transform_in->ivlen; in ssl_decrypt_buf()
1790 for( i = 0; i < ssl->transform_in->ivlen; i++ ) in ssl_decrypt_buf()
1791 ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; in ssl_decrypt_buf()
1795 if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, in ssl_decrypt_buf()
1796 ssl->transform_in->iv_dec, in ssl_decrypt_buf()
1797 ssl->transform_in->ivlen, in ssl_decrypt_buf()
1812 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) in ssl_decrypt_buf()
1817 memcpy( ssl->transform_in->iv_dec, in ssl_decrypt_buf()
1818 ssl->transform_in->cipher_ctx_dec.iv, in ssl_decrypt_buf()
1819 ssl->transform_in->ivlen ); in ssl_decrypt_buf()
1823 padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; in ssl_decrypt_buf()
1825 if( ssl->in_msglen < ssl->transform_in->maclen + padlen && in ssl_decrypt_buf()
1830 ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); in ssl_decrypt_buf()
1837 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_decrypt_buf()
1839 if( padlen > ssl->transform_in->ivlen ) in ssl_decrypt_buf()
1844 padlen, ssl->transform_in->ivlen ) ); in ssl_decrypt_buf()
1853 if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_decrypt_buf()
1860 size_t padding_idx = ssl->in_msglen - padlen - 1; in ssl_decrypt_buf()
1872 correct &= ( ssl->in_msglen >= padlen + 1 ); in ssl_decrypt_buf()
1874 ssl->transform_in->maclen ); in ssl_decrypt_buf()
1882 ( ssl->in_msg[padding_idx + i] == padlen - 1 ); in ssl_decrypt_buf()
1901 ssl->in_msglen -= padlen; in ssl_decrypt_buf()
1912 ssl->in_msg, ssl->in_msglen ); in ssl_decrypt_buf()
1923 ssl->in_msglen -= ssl->transform_in->maclen; in ssl_decrypt_buf()
1925 ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); in ssl_decrypt_buf()
1926 ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); in ssl_decrypt_buf()
1928 memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); in ssl_decrypt_buf()
1931 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_decrypt_buf()
1933 ssl_mac( &ssl->transform_in->md_ctx_dec, in ssl_decrypt_buf()
1934 ssl->transform_in->mac_dec, in ssl_decrypt_buf()
1935 ssl->in_msg, ssl->in_msglen, in ssl_decrypt_buf()
1936 ssl->in_ctr, ssl->in_msgtype ); in ssl_decrypt_buf()
1942 if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_decrypt_buf()
1958 extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - in ssl_decrypt_buf()
1959 ( 13 + ssl->in_msglen + 8 ) / 64; in ssl_decrypt_buf()
1963 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); in ssl_decrypt_buf()
1964 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); in ssl_decrypt_buf()
1965 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); in ssl_decrypt_buf()
1966 mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, in ssl_decrypt_buf()
1967 ssl->in_msglen ); in ssl_decrypt_buf()
1968 mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, in ssl_decrypt_buf()
1969 ssl->in_msg + ssl->in_msglen ); in ssl_decrypt_buf()
1972 mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); in ssl_decrypt_buf()
1974 mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); in ssl_decrypt_buf()
1984 MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); in ssl_decrypt_buf()
1985 MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, in ssl_decrypt_buf()
1986 ssl->transform_in->maclen ); in ssl_decrypt_buf()
1988 if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, in ssl_decrypt_buf()
1989 ssl->transform_in->maclen ) != 0 ) in ssl_decrypt_buf()
2013 if( ssl->in_msglen == 0 ) in ssl_decrypt_buf()
2015 ssl->nb_zero++; in ssl_decrypt_buf()
2021 if( ssl->nb_zero > 3 ) in ssl_decrypt_buf()
2029 ssl->nb_zero = 0; in ssl_decrypt_buf()
2032 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_decrypt_buf()
2039 for( i = 8; i > ssl_ep_len( ssl ); i-- ) in ssl_decrypt_buf()
2040 if( ++ssl->in_ctr[i - 1] != 0 ) in ssl_decrypt_buf()
2044 if( i == ssl_ep_len( ssl ) ) in ssl_decrypt_buf()
2064 static int ssl_compress_buf( mbedtls_ssl_context *ssl ) in ssl_compress_buf() argument
2067 unsigned char *msg_post = ssl->out_msg; in ssl_compress_buf()
2068 size_t len_pre = ssl->out_msglen; in ssl_compress_buf()
2069 unsigned char *msg_pre = ssl->compress_buf; in ssl_compress_buf()
2076 memcpy( msg_pre, ssl->out_msg, len_pre ); in ssl_compress_buf()
2079 ssl->out_msglen ) ); in ssl_compress_buf()
2082 ssl->out_msg, ssl->out_msglen ); in ssl_compress_buf()
2084 ssl->transform_out->ctx_deflate.next_in = msg_pre; in ssl_compress_buf()
2085 ssl->transform_out->ctx_deflate.avail_in = len_pre; in ssl_compress_buf()
2086 ssl->transform_out->ctx_deflate.next_out = msg_post; in ssl_compress_buf()
2087 ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; in ssl_compress_buf()
2089 ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); in ssl_compress_buf()
2096 ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - in ssl_compress_buf()
2097 ssl->transform_out->ctx_deflate.avail_out; in ssl_compress_buf()
2100 ssl->out_msglen ) ); in ssl_compress_buf()
2103 ssl->out_msg, ssl->out_msglen ); in ssl_compress_buf()
2110 static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) in ssl_decompress_buf() argument
2113 unsigned char *msg_post = ssl->in_msg; in ssl_decompress_buf()
2114 size_t len_pre = ssl->in_msglen; in ssl_decompress_buf()
2115 unsigned char *msg_pre = ssl->compress_buf; in ssl_decompress_buf()
2122 memcpy( msg_pre, ssl->in_msg, len_pre ); in ssl_decompress_buf()
2125 ssl->in_msglen ) ); in ssl_decompress_buf()
2128 ssl->in_msg, ssl->in_msglen ); in ssl_decompress_buf()
2130 ssl->transform_in->ctx_inflate.next_in = msg_pre; in ssl_decompress_buf()
2131 ssl->transform_in->ctx_inflate.avail_in = len_pre; in ssl_decompress_buf()
2132 ssl->transform_in->ctx_inflate.next_out = msg_post; in ssl_decompress_buf()
2133 ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_decompress_buf()
2135 ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); in ssl_decompress_buf()
2142 ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - in ssl_decompress_buf()
2143 ssl->transform_in->ctx_inflate.avail_out; in ssl_decompress_buf()
2146 ssl->in_msglen ) ); in ssl_decompress_buf()
2149 ssl->in_msg, ssl->in_msglen ); in ssl_decompress_buf()
2158 static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
2161 static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) in ssl_resend_hello_request() argument
2165 if( ssl->conf->renego_max_records < 0 ) in ssl_resend_hello_request()
2167 uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; in ssl_resend_hello_request()
2176 if( ++ssl->renego_records_seen > doublings ) in ssl_resend_hello_request()
2183 return( ssl_write_hello_request( ssl ) ); in ssl_resend_hello_request()
2203 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) in mbedtls_ssl_fetch_input() argument
2210 if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) in mbedtls_ssl_fetch_input()
2217 if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) ) in mbedtls_ssl_fetch_input()
2224 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_fetch_input()
2229 if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) in mbedtls_ssl_fetch_input()
2246 if( ssl->next_record_offset != 0 ) in mbedtls_ssl_fetch_input()
2248 if( ssl->in_left < ssl->next_record_offset ) in mbedtls_ssl_fetch_input()
2254 ssl->in_left -= ssl->next_record_offset; in mbedtls_ssl_fetch_input()
2256 if( ssl->in_left != 0 ) in mbedtls_ssl_fetch_input()
2259 ssl->next_record_offset ) ); in mbedtls_ssl_fetch_input()
2260 memmove( ssl->in_hdr, in mbedtls_ssl_fetch_input()
2261 ssl->in_hdr + ssl->next_record_offset, in mbedtls_ssl_fetch_input()
2262 ssl->in_left ); in mbedtls_ssl_fetch_input()
2265 ssl->next_record_offset = 0; in mbedtls_ssl_fetch_input()
2269 ssl->in_left, nb_want ) ); in mbedtls_ssl_fetch_input()
2274 if( nb_want <= ssl->in_left) in mbedtls_ssl_fetch_input()
2285 if( ssl->in_left != 0 ) in mbedtls_ssl_fetch_input()
2296 if( ssl_check_timer( ssl ) != 0 ) in mbedtls_ssl_fetch_input()
2300 len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); in mbedtls_ssl_fetch_input()
2302 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_fetch_input()
2303 timeout = ssl->handshake->retransmit_timeout; in mbedtls_ssl_fetch_input()
2305 timeout = ssl->conf->read_timeout; in mbedtls_ssl_fetch_input()
2309 if( ssl->f_recv_timeout != NULL ) in mbedtls_ssl_fetch_input()
2310 ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, in mbedtls_ssl_fetch_input()
2313 ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); in mbedtls_ssl_fetch_input()
2324 ssl_set_timer( ssl, 0 ); in mbedtls_ssl_fetch_input()
2326 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_fetch_input()
2328 if( ssl_double_retransmit_timeout( ssl ) != 0 ) in mbedtls_ssl_fetch_input()
2334 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) in mbedtls_ssl_fetch_input()
2343 else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_fetch_input()
2344 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) in mbedtls_ssl_fetch_input()
2346 if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) in mbedtls_ssl_fetch_input()
2360 ssl->in_left = ret; in mbedtls_ssl_fetch_input()
2366 ssl->in_left, nb_want ) ); in mbedtls_ssl_fetch_input()
2368 while( ssl->in_left < nb_want ) in mbedtls_ssl_fetch_input()
2370 len = nb_want - ssl->in_left; in mbedtls_ssl_fetch_input()
2372 if( ssl_check_timer( ssl ) != 0 ) in mbedtls_ssl_fetch_input()
2376 if( ssl->f_recv_timeout != NULL ) in mbedtls_ssl_fetch_input()
2378 ret = ssl->f_recv_timeout( ssl->p_bio, in mbedtls_ssl_fetch_input()
2379 ssl->in_hdr + ssl->in_left, len, in mbedtls_ssl_fetch_input()
2380 ssl->conf->read_timeout ); in mbedtls_ssl_fetch_input()
2384 ret = ssl->f_recv( ssl->p_bio, in mbedtls_ssl_fetch_input()
2385 ssl->in_hdr + ssl->in_left, len ); in mbedtls_ssl_fetch_input()
2390 ssl->in_left, nb_want ) ); in mbedtls_ssl_fetch_input()
2399 ssl->in_left += ret; in mbedtls_ssl_fetch_input()
2411 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) in mbedtls_ssl_flush_output() argument
2418 if( ssl->f_send == NULL ) in mbedtls_ssl_flush_output()
2426 if( ssl->out_left == 0 ) in mbedtls_ssl_flush_output()
2432 while( ssl->out_left > 0 ) in mbedtls_ssl_flush_output()
2435 mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); in mbedtls_ssl_flush_output()
2437 buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) + in mbedtls_ssl_flush_output()
2438 ssl->out_msglen - ssl->out_left; in mbedtls_ssl_flush_output()
2439 ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); in mbedtls_ssl_flush_output()
2446 ssl->out_left -= ret; in mbedtls_ssl_flush_output()
2449 for( i = 8; i > ssl_ep_len( ssl ); i-- ) in mbedtls_ssl_flush_output()
2450 if( ++ssl->out_ctr[i - 1] != 0 ) in mbedtls_ssl_flush_output()
2454 if( i == ssl_ep_len( ssl ) ) in mbedtls_ssl_flush_output()
2472 static int ssl_flight_append( mbedtls_ssl_context *ssl ) in ssl_flight_append() argument
2484 if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) in ssl_flight_append()
2486 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) ); in ssl_flight_append()
2492 memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); in ssl_flight_append()
2493 msg->len = ssl->out_msglen; in ssl_flight_append()
2494 msg->type = ssl->out_msgtype; in ssl_flight_append()
2498 if( ssl->handshake->flight == NULL ) in ssl_flight_append()
2499 ssl->handshake->flight = msg; in ssl_flight_append()
2502 mbedtls_ssl_flight_item *cur = ssl->handshake->flight; in ssl_flight_append()
2531 static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
2537 static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) in ssl_swap_epochs() argument
2542 if( ssl->transform_out == ssl->handshake->alt_transform_out ) in ssl_swap_epochs()
2551 tmp_transform = ssl->transform_out; in ssl_swap_epochs()
2552 ssl->transform_out = ssl->handshake->alt_transform_out; in ssl_swap_epochs()
2553 ssl->handshake->alt_transform_out = tmp_transform; in ssl_swap_epochs()
2556 memcpy( tmp_out_ctr, ssl->out_ctr, 8 ); in ssl_swap_epochs()
2557 memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 ); in ssl_swap_epochs()
2558 memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); in ssl_swap_epochs()
2561 if( ssl->transform_out != NULL && in ssl_swap_epochs()
2562 ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) in ssl_swap_epochs()
2564 ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen - in ssl_swap_epochs()
2565 ssl->transform_out->fixed_ivlen; in ssl_swap_epochs()
2568 ssl->out_msg = ssl->out_iv; in ssl_swap_epochs()
2573 if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) in ssl_swap_epochs()
2589 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) in mbedtls_ssl_resend() argument
2593 if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) in mbedtls_ssl_resend()
2597 ssl->handshake->cur_msg = ssl->handshake->flight; in mbedtls_ssl_resend()
2598 ssl_swap_epochs( ssl ); in mbedtls_ssl_resend()
2600 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; in mbedtls_ssl_resend()
2603 while( ssl->handshake->cur_msg != NULL ) in mbedtls_ssl_resend()
2606 mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg; in mbedtls_ssl_resend()
2614 ssl_swap_epochs( ssl ); in mbedtls_ssl_resend()
2617 memcpy( ssl->out_msg, cur->p, cur->len ); in mbedtls_ssl_resend()
2618 ssl->out_msglen = cur->len; in mbedtls_ssl_resend()
2619 ssl->out_msgtype = cur->type; in mbedtls_ssl_resend()
2621 ssl->handshake->cur_msg = cur->next; in mbedtls_ssl_resend()
2623 MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 ); in mbedtls_ssl_resend()
2625 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in mbedtls_ssl_resend()
2632 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_resend()
2633 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; in mbedtls_ssl_resend()
2636 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; in mbedtls_ssl_resend()
2637 ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); in mbedtls_ssl_resend()
2648 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) in mbedtls_ssl_recv_flight_completed() argument
2651 ssl_flight_free( ssl->handshake->flight ); in mbedtls_ssl_recv_flight_completed()
2652 ssl->handshake->flight = NULL; in mbedtls_ssl_recv_flight_completed()
2653 ssl->handshake->cur_msg = NULL; in mbedtls_ssl_recv_flight_completed()
2656 ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; in mbedtls_ssl_recv_flight_completed()
2659 ssl_set_timer( ssl, 0 ); in mbedtls_ssl_recv_flight_completed()
2661 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in mbedtls_ssl_recv_flight_completed()
2662 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) in mbedtls_ssl_recv_flight_completed()
2664 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; in mbedtls_ssl_recv_flight_completed()
2667 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; in mbedtls_ssl_recv_flight_completed()
2673 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) in mbedtls_ssl_send_flight_completed() argument
2675 ssl_reset_retransmit_timeout( ssl ); in mbedtls_ssl_send_flight_completed()
2676 ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); in mbedtls_ssl_send_flight_completed()
2678 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in mbedtls_ssl_send_flight_completed()
2679 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) in mbedtls_ssl_send_flight_completed()
2681 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; in mbedtls_ssl_send_flight_completed()
2684 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; in mbedtls_ssl_send_flight_completed()
2696 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) in mbedtls_ssl_write_record() argument
2699 size_t len = ssl->out_msglen; in mbedtls_ssl_write_record()
2704 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_write_record()
2705 ssl->handshake != NULL && in mbedtls_ssl_write_record()
2706 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) in mbedtls_ssl_write_record()
2712 if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) in mbedtls_ssl_write_record()
2714 out_msg_type = ssl->out_msg[0]; in mbedtls_ssl_write_record()
2717 ssl->handshake == NULL ) in mbedtls_ssl_write_record()
2723 ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); in mbedtls_ssl_write_record()
2724 ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); in mbedtls_ssl_write_record()
2725 ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); in mbedtls_ssl_write_record()
2735 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_write_record()
2738 memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); in mbedtls_ssl_write_record()
2739 ssl->out_msglen += 8; in mbedtls_ssl_write_record()
2745 ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; in mbedtls_ssl_write_record()
2746 ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; in mbedtls_ssl_write_record()
2747 ++( ssl->handshake->out_msg_seq ); in mbedtls_ssl_write_record()
2751 ssl->out_msg[4] = 0; in mbedtls_ssl_write_record()
2752 ssl->out_msg[5] = 0; in mbedtls_ssl_write_record()
2756 memset( ssl->out_msg + 6, 0x00, 3 ); in mbedtls_ssl_write_record()
2757 memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); in mbedtls_ssl_write_record()
2762 ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); in mbedtls_ssl_write_record()
2767 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_write_record()
2768 ssl->handshake != NULL && in mbedtls_ssl_write_record()
2769 ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING && in mbedtls_ssl_write_record()
2770 ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC || in mbedtls_ssl_write_record()
2771 ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) ) in mbedtls_ssl_write_record()
2773 if( ( ret = ssl_flight_append( ssl ) ) != 0 ) in mbedtls_ssl_write_record()
2782 if( ssl->transform_out != NULL && in mbedtls_ssl_write_record()
2783 ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) in mbedtls_ssl_write_record()
2785 if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) in mbedtls_ssl_write_record()
2791 len = ssl->out_msglen; in mbedtls_ssl_write_record()
2800 ret = mbedtls_ssl_hw_record_write( ssl ); in mbedtls_ssl_write_record()
2813 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; in mbedtls_ssl_write_record()
2814 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, in mbedtls_ssl_write_record()
2815 ssl->conf->transport, ssl->out_hdr + 1 ); in mbedtls_ssl_write_record()
2817 ssl->out_len[0] = (unsigned char)( len >> 8 ); in mbedtls_ssl_write_record()
2818 ssl->out_len[1] = (unsigned char)( len ); in mbedtls_ssl_write_record()
2820 if( ssl->transform_out != NULL ) in mbedtls_ssl_write_record()
2822 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) in mbedtls_ssl_write_record()
2828 len = ssl->out_msglen; in mbedtls_ssl_write_record()
2829 ssl->out_len[0] = (unsigned char)( len >> 8 ); in mbedtls_ssl_write_record()
2830 ssl->out_len[1] = (unsigned char)( len ); in mbedtls_ssl_write_record()
2833 ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen; in mbedtls_ssl_write_record()
2837 ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], in mbedtls_ssl_write_record()
2838 ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) ); in mbedtls_ssl_write_record()
2841 ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen ); in mbedtls_ssl_write_record()
2844 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) in mbedtls_ssl_write_record()
2925 static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) in ssl_reassemble_dtls_handshake() argument
2929 size_t msg_len = ssl->in_hslen - 12; /* Without headers */ in ssl_reassemble_dtls_handshake()
2931 if( ssl->handshake == NULL ) in ssl_reassemble_dtls_handshake()
2940 if( ssl->handshake->hs_msg == NULL ) in ssl_reassemble_dtls_handshake()
2947 if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN ) in ssl_reassemble_dtls_handshake()
2956 ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len ); in ssl_reassemble_dtls_handshake()
2957 if( ssl->handshake->hs_msg == NULL ) in ssl_reassemble_dtls_handshake()
2965 memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 ); in ssl_reassemble_dtls_handshake()
2966 memset( ssl->handshake->hs_msg + 6, 0, 3 ); in ssl_reassemble_dtls_handshake()
2967 memcpy( ssl->handshake->hs_msg + 9, in ssl_reassemble_dtls_handshake()
2968 ssl->handshake->hs_msg + 1, 3 ); in ssl_reassemble_dtls_handshake()
2973 if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 ) in ssl_reassemble_dtls_handshake()
2980 msg = ssl->handshake->hs_msg + 12; in ssl_reassemble_dtls_handshake()
2986 frag_off = ( ssl->in_msg[6] << 16 ) | in ssl_reassemble_dtls_handshake()
2987 ( ssl->in_msg[7] << 8 ) | in ssl_reassemble_dtls_handshake()
2988 ssl->in_msg[8]; in ssl_reassemble_dtls_handshake()
2989 frag_len = ( ssl->in_msg[9] << 16 ) | in ssl_reassemble_dtls_handshake()
2990 ( ssl->in_msg[10] << 8 ) | in ssl_reassemble_dtls_handshake()
2991 ssl->in_msg[11]; in ssl_reassemble_dtls_handshake()
3000 if( frag_len + 12 > ssl->in_msglen ) in ssl_reassemble_dtls_handshake()
3003 frag_len, ssl->in_msglen ) ); in ssl_reassemble_dtls_handshake()
3010 memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); in ssl_reassemble_dtls_handshake()
3025 if( frag_len + 12 < ssl->in_msglen ) in ssl_reassemble_dtls_handshake()
3036 if( ssl->in_left > ssl->next_record_offset ) in ssl_reassemble_dtls_handshake()
3043 unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset; in ssl_reassemble_dtls_handshake()
3044 unsigned char *new_remain = ssl->in_msg + ssl->in_hslen; in ssl_reassemble_dtls_handshake()
3045 size_t remain_len = ssl->in_left - ssl->next_record_offset; in ssl_reassemble_dtls_handshake()
3048 ssl->next_record_offset = new_remain - ssl->in_hdr; in ssl_reassemble_dtls_handshake()
3049 ssl->in_left = ssl->next_record_offset + remain_len; in ssl_reassemble_dtls_handshake()
3051 if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN - in ssl_reassemble_dtls_handshake()
3052 (size_t)( ssl->in_hdr - ssl->in_buf ) ) in ssl_reassemble_dtls_handshake()
3061 memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); in ssl_reassemble_dtls_handshake()
3063 mbedtls_free( ssl->handshake->hs_msg ); in ssl_reassemble_dtls_handshake()
3064 ssl->handshake->hs_msg = NULL; in ssl_reassemble_dtls_handshake()
3067 ssl->in_msg, ssl->in_hslen ); in ssl_reassemble_dtls_handshake()
3073 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) in mbedtls_ssl_prepare_handshake_record() argument
3075 if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) in mbedtls_ssl_prepare_handshake_record()
3078 ssl->in_msglen ) ); in mbedtls_ssl_prepare_handshake_record()
3082 ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ( in mbedtls_ssl_prepare_handshake_record()
3083 ( ssl->in_msg[1] << 16 ) | in mbedtls_ssl_prepare_handshake_record()
3084 ( ssl->in_msg[2] << 8 ) | in mbedtls_ssl_prepare_handshake_record()
3085 ssl->in_msg[3] ); in mbedtls_ssl_prepare_handshake_record()
3089 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); in mbedtls_ssl_prepare_handshake_record()
3092 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_prepare_handshake_record()
3095 unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; in mbedtls_ssl_prepare_handshake_record()
3098 if( ssl->handshake != NULL && in mbedtls_ssl_prepare_handshake_record()
3099 recv_msg_seq != ssl->handshake->in_msg_seq ) in mbedtls_ssl_prepare_handshake_record()
3104 if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && in mbedtls_ssl_prepare_handshake_record()
3105 ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) in mbedtls_ssl_prepare_handshake_record()
3110 ssl->handshake->in_flight_start_seq ) ); in mbedtls_ssl_prepare_handshake_record()
3112 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) in mbedtls_ssl_prepare_handshake_record()
3123 ssl->handshake->in_msg_seq ) ); in mbedtls_ssl_prepare_handshake_record()
3132 if( ssl->in_msglen < ssl->in_hslen || in mbedtls_ssl_prepare_handshake_record()
3133 memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || in mbedtls_ssl_prepare_handshake_record()
3134 memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 || in mbedtls_ssl_prepare_handshake_record()
3135 ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) ) in mbedtls_ssl_prepare_handshake_record()
3139 if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 ) in mbedtls_ssl_prepare_handshake_record()
3149 if( ssl->in_msglen < ssl->in_hslen ) in mbedtls_ssl_prepare_handshake_record()
3158 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) in mbedtls_ssl_update_handshake_status() argument
3161 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && in mbedtls_ssl_update_handshake_status()
3162 ssl->handshake != NULL ) in mbedtls_ssl_update_handshake_status()
3164 ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); in mbedtls_ssl_update_handshake_status()
3169 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_update_handshake_status()
3170 ssl->handshake != NULL ) in mbedtls_ssl_update_handshake_status()
3172 ssl->handshake->in_msg_seq++; in mbedtls_ssl_update_handshake_status()
3188 static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) in ssl_dtls_replay_reset() argument
3190 ssl->in_window_top = 0; in ssl_dtls_replay_reset()
3191 ssl->in_window = 0; in ssl_dtls_replay_reset()
3207 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) in mbedtls_ssl_dtls_replay_check() argument
3209 uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); in mbedtls_ssl_dtls_replay_check()
3212 if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) in mbedtls_ssl_dtls_replay_check()
3215 if( rec_seqnum > ssl->in_window_top ) in mbedtls_ssl_dtls_replay_check()
3218 bit = ssl->in_window_top - rec_seqnum; in mbedtls_ssl_dtls_replay_check()
3223 if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) in mbedtls_ssl_dtls_replay_check()
3232 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) in mbedtls_ssl_dtls_replay_update() argument
3234 uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); in mbedtls_ssl_dtls_replay_update()
3236 if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) in mbedtls_ssl_dtls_replay_update()
3239 if( rec_seqnum > ssl->in_window_top ) in mbedtls_ssl_dtls_replay_update()
3242 uint64_t shift = rec_seqnum - ssl->in_window_top; in mbedtls_ssl_dtls_replay_update()
3245 ssl->in_window = 1; in mbedtls_ssl_dtls_replay_update()
3248 ssl->in_window <<= shift; in mbedtls_ssl_dtls_replay_update()
3249 ssl->in_window |= 1; in mbedtls_ssl_dtls_replay_update()
3252 ssl->in_window_top = rec_seqnum; in mbedtls_ssl_dtls_replay_update()
3257 uint64_t bit = ssl->in_window_top - rec_seqnum; in mbedtls_ssl_dtls_replay_update()
3260 ssl->in_window |= (uint64_t) 1 << bit; in mbedtls_ssl_dtls_replay_update()
3267 static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
3414 static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) in ssl_handle_possible_reconnect() argument
3420 ssl->conf->f_cookie_write, in ssl_handle_possible_reconnect()
3421 ssl->conf->f_cookie_check, in ssl_handle_possible_reconnect()
3422 ssl->conf->p_cookie, in ssl_handle_possible_reconnect()
3423 ssl->cli_id, ssl->cli_id_len, in ssl_handle_possible_reconnect()
3424 ssl->in_buf, ssl->in_left, in ssl_handle_possible_reconnect()
3425 ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len ); in ssl_handle_possible_reconnect()
3434 (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); in ssl_handle_possible_reconnect()
3442 if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) in ssl_handle_possible_reconnect()
3474 static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) in ssl_parse_record_header() argument
3479 MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) ); in ssl_parse_record_header()
3481 ssl->in_msgtype = ssl->in_hdr[0]; in ssl_parse_record_header()
3482 ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; in ssl_parse_record_header()
3483 mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); in ssl_parse_record_header()
3487 ssl->in_msgtype, in ssl_parse_record_header()
3488 major_ver, minor_ver, ssl->in_msglen ) ); in ssl_parse_record_header()
3491 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_parse_record_header()
3492 ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && in ssl_parse_record_header()
3493 ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && in ssl_parse_record_header()
3494 ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) in ssl_parse_record_header()
3498 if( ( ret = mbedtls_ssl_send_alert_message( ssl, in ssl_parse_record_header()
3509 if( major_ver != ssl->major_ver ) in ssl_parse_record_header()
3515 if( minor_ver > ssl->conf->max_minor_ver ) in ssl_parse_record_header()
3522 if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN in ssl_parse_record_header()
3523 - (size_t)( ssl->in_msg - ssl->in_buf ) ) in ssl_parse_record_header()
3530 if( ssl->transform_in == NULL ) in ssl_parse_record_header()
3532 if( ssl->in_msglen < 1 || in ssl_parse_record_header()
3533 ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) in ssl_parse_record_header()
3541 if( ssl->in_msglen < ssl->transform_in->minlen ) in ssl_parse_record_header()
3548 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && in ssl_parse_record_header()
3549 ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) in ssl_parse_record_header()
3560 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && in ssl_parse_record_header()
3561 ssl->in_msglen > ssl->transform_in->minlen + in ssl_parse_record_header()
3577 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_record_header()
3579 unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; in ssl_parse_record_header()
3582 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && in ssl_parse_record_header()
3583 ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && in ssl_parse_record_header()
3584 ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) in ssl_parse_record_header()
3592 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && in ssl_parse_record_header()
3593 ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER in ssl_parse_record_header()
3595 && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_record_header()
3596 ssl->state == MBEDTLS_SSL_SERVER_HELLO ) in ssl_parse_record_header()
3605 if( rec_epoch != ssl->in_epoch ) in ssl_parse_record_header()
3609 ssl->in_epoch, rec_epoch ) ); in ssl_parse_record_header()
3618 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in ssl_parse_record_header()
3619 ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && in ssl_parse_record_header()
3621 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_parse_record_header()
3622 ssl->in_left > 13 && in ssl_parse_record_header()
3623 ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) in ssl_parse_record_header()
3627 return( ssl_handle_possible_reconnect( ssl ) ); in ssl_parse_record_header()
3636 if( rec_epoch == ssl->in_epoch && in ssl_parse_record_header()
3637 mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) in ssl_parse_record_header()
3652 static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) in ssl_prepare_record_content() argument
3657 ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ); in ssl_prepare_record_content()
3664 ret = mbedtls_ssl_hw_record_read( ssl ); in ssl_prepare_record_content()
3675 if( !done && ssl->transform_in != NULL ) in ssl_prepare_record_content()
3677 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) in ssl_prepare_record_content()
3684 ssl->in_msg, ssl->in_msglen ); in ssl_prepare_record_content()
3686 if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) in ssl_prepare_record_content()
3694 if( ssl->transform_in != NULL && in ssl_prepare_record_content()
3695 ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) in ssl_prepare_record_content()
3697 if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) in ssl_prepare_record_content()
3706 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_prepare_record_content()
3708 mbedtls_ssl_dtls_replay_update( ssl ); in ssl_prepare_record_content()
3715 static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
3724 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) in mbedtls_ssl_read_record() argument
3732 if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) in mbedtls_ssl_read_record()
3738 ret = mbedtls_ssl_handle_message_type( ssl ); in mbedtls_ssl_read_record()
3748 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) in mbedtls_ssl_read_record()
3750 mbedtls_ssl_update_handshake_status( ssl ); in mbedtls_ssl_read_record()
3758 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) in mbedtls_ssl_read_record_layer() argument
3762 if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen ) in mbedtls_ssl_read_record_layer()
3767 ssl->in_msglen -= ssl->in_hslen; in mbedtls_ssl_read_record_layer()
3769 memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, in mbedtls_ssl_read_record_layer()
3770 ssl->in_msglen ); in mbedtls_ssl_read_record_layer()
3773 ssl->in_msg, ssl->in_msglen ); in mbedtls_ssl_read_record_layer()
3778 ssl->in_hslen = 0; in mbedtls_ssl_read_record_layer()
3787 if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) in mbedtls_ssl_read_record_layer()
3793 if( ( ret = ssl_parse_record_header( ssl ) ) != 0 ) in mbedtls_ssl_read_record_layer()
3796 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_read_record_layer()
3802 ssl->next_record_offset = ssl->in_msglen in mbedtls_ssl_read_record_layer()
3803 + mbedtls_ssl_hdr_len( ssl ); in mbedtls_ssl_read_record_layer()
3811 ssl->next_record_offset = 0; in mbedtls_ssl_read_record_layer()
3812 ssl->in_left = 0; in mbedtls_ssl_read_record_layer()
3828 if( ( ret = mbedtls_ssl_fetch_input( ssl, in mbedtls_ssl_read_record_layer()
3829 mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) in mbedtls_ssl_read_record_layer()
3837 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_read_record_layer()
3838 ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); in mbedtls_ssl_read_record_layer()
3841 ssl->in_left = 0; in mbedtls_ssl_read_record_layer()
3843 if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) in mbedtls_ssl_read_record_layer()
3846 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_read_record_layer()
3855 if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || in mbedtls_ssl_read_record_layer()
3856 ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) in mbedtls_ssl_read_record_layer()
3861 mbedtls_ssl_send_alert_message( ssl, in mbedtls_ssl_read_record_layer()
3870 if( ssl->conf->badmac_limit != 0 && in mbedtls_ssl_read_record_layer()
3871 ++ssl->badmac_seen >= ssl->conf->badmac_limit ) in mbedtls_ssl_read_record_layer()
3891 mbedtls_ssl_send_alert_message( ssl, in mbedtls_ssl_read_record_layer()
3916 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_read_record_layer()
3917 ssl->handshake != NULL && in mbedtls_ssl_read_record_layer()
3918 ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_read_record_layer()
3920 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in mbedtls_ssl_read_record_layer()
3921 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) in mbedtls_ssl_read_record_layer()
3925 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) in mbedtls_ssl_read_record_layer()
3935 ssl_handshake_wrapup_free_hs_transform( ssl ); in mbedtls_ssl_read_record_layer()
3943 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) in mbedtls_ssl_handle_message_type() argument
3950 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) in mbedtls_ssl_handle_message_type()
3952 if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) in mbedtls_ssl_handle_message_type()
3958 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) in mbedtls_ssl_handle_message_type()
3961 ssl->in_msg[0], ssl->in_msg[1] ) ); in mbedtls_ssl_handle_message_type()
3966 if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) in mbedtls_ssl_handle_message_type()
3969 ssl->in_msg[1] ) ); in mbedtls_ssl_handle_message_type()
3973 if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && in mbedtls_ssl_handle_message_type()
3974 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) in mbedtls_ssl_handle_message_type()
3981 if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && in mbedtls_ssl_handle_message_type()
3982 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) in mbedtls_ssl_handle_message_type()
3991 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && in mbedtls_ssl_handle_message_type()
3992 ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_handle_message_type()
3993 ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && in mbedtls_ssl_handle_message_type()
3994 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) in mbedtls_ssl_handle_message_type()
4009 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) in mbedtls_ssl_send_fatal_handshake_failure() argument
4013 if( ( ret = mbedtls_ssl_send_alert_message( ssl, in mbedtls_ssl_send_fatal_handshake_failure()
4023 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, in mbedtls_ssl_send_alert_message() argument
4029 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_send_alert_message()
4034 ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; in mbedtls_ssl_send_alert_message()
4035 ssl->out_msglen = 2; in mbedtls_ssl_send_alert_message()
4036 ssl->out_msg[0] = level; in mbedtls_ssl_send_alert_message()
4037 ssl->out_msg[1] = message; in mbedtls_ssl_send_alert_message()
4039 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in mbedtls_ssl_send_alert_message()
4060 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) in mbedtls_ssl_write_certificate() argument
4062 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; in mbedtls_ssl_write_certificate()
4072 ssl->state++; in mbedtls_ssl_write_certificate()
4080 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) in mbedtls_ssl_parse_certificate() argument
4082 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; in mbedtls_ssl_parse_certificate()
4092 ssl->state++; in mbedtls_ssl_parse_certificate()
4100 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) in mbedtls_ssl_write_certificate() argument
4105 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; in mbedtls_ssl_write_certificate()
4115 ssl->state++; in mbedtls_ssl_write_certificate()
4120 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_write_certificate()
4122 if( ssl->client_auth == 0 ) in mbedtls_ssl_write_certificate()
4125 ssl->state++; in mbedtls_ssl_write_certificate()
4134 if( mbedtls_ssl_own_cert( ssl ) == NULL && in mbedtls_ssl_write_certificate()
4135 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_write_certificate()
4137 ssl->out_msglen = 2; in mbedtls_ssl_write_certificate()
4138 ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; in mbedtls_ssl_write_certificate()
4139 ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; in mbedtls_ssl_write_certificate()
4140 ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; in mbedtls_ssl_write_certificate()
4149 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_write_certificate()
4151 if( mbedtls_ssl_own_cert( ssl ) == NULL ) in mbedtls_ssl_write_certificate()
4159 MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); in mbedtls_ssl_write_certificate()
4171 crt = mbedtls_ssl_own_cert( ssl ); in mbedtls_ssl_write_certificate()
4183 ssl->out_msg[i ] = (unsigned char)( n >> 16 ); in mbedtls_ssl_write_certificate()
4184 ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); in mbedtls_ssl_write_certificate()
4185 ssl->out_msg[i + 2] = (unsigned char)( n ); in mbedtls_ssl_write_certificate()
4187 i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); in mbedtls_ssl_write_certificate()
4191 ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); in mbedtls_ssl_write_certificate()
4192 ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); in mbedtls_ssl_write_certificate()
4193 ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); in mbedtls_ssl_write_certificate()
4195 ssl->out_msglen = i; in mbedtls_ssl_write_certificate()
4196 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in mbedtls_ssl_write_certificate()
4197 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; in mbedtls_ssl_write_certificate()
4203 ssl->state++; in mbedtls_ssl_write_certificate()
4205 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in mbedtls_ssl_write_certificate()
4216 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) in mbedtls_ssl_parse_certificate() argument
4220 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; in mbedtls_ssl_parse_certificate()
4221 int authmode = ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
4231 ssl->state++; in mbedtls_ssl_parse_certificate()
4236 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_parse_certificate()
4240 ssl->state++; in mbedtls_ssl_parse_certificate()
4245 if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) in mbedtls_ssl_parse_certificate()
4246 authmode = ssl->handshake->sni_authmode; in mbedtls_ssl_parse_certificate()
4249 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_parse_certificate()
4252 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in mbedtls_ssl_parse_certificate()
4254 ssl->state++; in mbedtls_ssl_parse_certificate()
4259 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) in mbedtls_ssl_parse_certificate()
4265 ssl->state++; in mbedtls_ssl_parse_certificate()
4272 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_parse_certificate()
4273 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_parse_certificate()
4275 if( ssl->in_msglen == 2 && in mbedtls_ssl_parse_certificate()
4276 ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && in mbedtls_ssl_parse_certificate()
4277 ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && in mbedtls_ssl_parse_certificate()
4278 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) in mbedtls_ssl_parse_certificate()
4282 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; in mbedtls_ssl_parse_certificate()
4293 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_parse_certificate()
4294 ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_parse_certificate()
4296 if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && in mbedtls_ssl_parse_certificate()
4297 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in mbedtls_ssl_parse_certificate()
4298 ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && in mbedtls_ssl_parse_certificate()
4299 memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) in mbedtls_ssl_parse_certificate()
4303 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; in mbedtls_ssl_parse_certificate()
4314 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in mbedtls_ssl_parse_certificate()
4320 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || in mbedtls_ssl_parse_certificate()
4321 ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) in mbedtls_ssl_parse_certificate()
4327 i = mbedtls_ssl_hs_hdr_len( ssl ); in mbedtls_ssl_parse_certificate()
4332 n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; in mbedtls_ssl_parse_certificate()
4334 if( ssl->in_msg[i] != 0 || in mbedtls_ssl_parse_certificate()
4335 ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) in mbedtls_ssl_parse_certificate()
4342 if( ssl->session_negotiate->peer_cert != NULL ) in mbedtls_ssl_parse_certificate()
4344 mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); in mbedtls_ssl_parse_certificate()
4345 mbedtls_free( ssl->session_negotiate->peer_cert ); in mbedtls_ssl_parse_certificate()
4348 if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1, in mbedtls_ssl_parse_certificate()
4356 mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); in mbedtls_ssl_parse_certificate()
4360 while( i < ssl->in_hslen ) in mbedtls_ssl_parse_certificate()
4362 if( ssl->in_msg[i] != 0 ) in mbedtls_ssl_parse_certificate()
4368 n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) in mbedtls_ssl_parse_certificate()
4369 | (unsigned int) ssl->in_msg[i + 2]; in mbedtls_ssl_parse_certificate()
4372 if( n < 128 || i + n > ssl->in_hslen ) in mbedtls_ssl_parse_certificate()
4378 ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, in mbedtls_ssl_parse_certificate()
4379 ssl->in_msg + i, n ); in mbedtls_ssl_parse_certificate()
4389 MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); in mbedtls_ssl_parse_certificate()
4396 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_parse_certificate()
4397 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in mbedtls_ssl_parse_certificate()
4399 if( ssl->session->peer_cert == NULL ) in mbedtls_ssl_parse_certificate()
4405 if( ssl->session->peer_cert->raw.len != in mbedtls_ssl_parse_certificate()
4406 ssl->session_negotiate->peer_cert->raw.len || in mbedtls_ssl_parse_certificate()
4407 memcmp( ssl->session->peer_cert->raw.p, in mbedtls_ssl_parse_certificate()
4408 ssl->session_negotiate->peer_cert->raw.p, in mbedtls_ssl_parse_certificate()
4409 ssl->session->peer_cert->raw.len ) != 0 ) in mbedtls_ssl_parse_certificate()
4423 if( ssl->handshake->sni_ca_chain != NULL ) in mbedtls_ssl_parse_certificate()
4425 ca_chain = ssl->handshake->sni_ca_chain; in mbedtls_ssl_parse_certificate()
4426 ca_crl = ssl->handshake->sni_ca_crl; in mbedtls_ssl_parse_certificate()
4431 ca_chain = ssl->conf->ca_chain; in mbedtls_ssl_parse_certificate()
4432 ca_crl = ssl->conf->ca_crl; in mbedtls_ssl_parse_certificate()
4445 ssl->session_negotiate->peer_cert, in mbedtls_ssl_parse_certificate()
4447 ssl->conf->cert_profile, in mbedtls_ssl_parse_certificate()
4448 ssl->hostname, in mbedtls_ssl_parse_certificate()
4449 &ssl->session_negotiate->verify_result, in mbedtls_ssl_parse_certificate()
4450 ssl->conf->f_vrfy, ssl->conf->p_vrfy ); in mbedtls_ssl_parse_certificate()
4463 const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk; in mbedtls_ssl_parse_certificate()
4467 mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) in mbedtls_ssl_parse_certificate()
4476 if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, in mbedtls_ssl_parse_certificate()
4478 ! ssl->conf->endpoint, in mbedtls_ssl_parse_certificate()
4479 &ssl->session_negotiate->verify_result ) != 0 ) in mbedtls_ssl_parse_certificate()
4502 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) in mbedtls_ssl_write_change_cipher_spec() argument
4508 ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; in mbedtls_ssl_write_change_cipher_spec()
4509 ssl->out_msglen = 1; in mbedtls_ssl_write_change_cipher_spec()
4510 ssl->out_msg[0] = 1; in mbedtls_ssl_write_change_cipher_spec()
4512 ssl->state++; in mbedtls_ssl_write_change_cipher_spec()
4514 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in mbedtls_ssl_write_change_cipher_spec()
4525 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) in mbedtls_ssl_parse_change_cipher_spec() argument
4531 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) in mbedtls_ssl_parse_change_cipher_spec()
4537 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) in mbedtls_ssl_parse_change_cipher_spec()
4543 if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) in mbedtls_ssl_parse_change_cipher_spec()
4554 ssl->transform_in = ssl->transform_negotiate; in mbedtls_ssl_parse_change_cipher_spec()
4555 ssl->session_in = ssl->session_negotiate; in mbedtls_ssl_parse_change_cipher_spec()
4558 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_parse_change_cipher_spec()
4561 ssl_dtls_replay_reset( ssl ); in mbedtls_ssl_parse_change_cipher_spec()
4565 if( ++ssl->in_epoch == 0 ) in mbedtls_ssl_parse_change_cipher_spec()
4573 memset( ssl->in_ctr, 0, 8 ); in mbedtls_ssl_parse_change_cipher_spec()
4578 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) in mbedtls_ssl_parse_change_cipher_spec()
4580 ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen - in mbedtls_ssl_parse_change_cipher_spec()
4581 ssl->transform_negotiate->fixed_ivlen; in mbedtls_ssl_parse_change_cipher_spec()
4584 ssl->in_msg = ssl->in_iv; in mbedtls_ssl_parse_change_cipher_spec()
4589 if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) in mbedtls_ssl_parse_change_cipher_spec()
4597 ssl->state++; in mbedtls_ssl_parse_change_cipher_spec()
4604 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, in mbedtls_ssl_optimize_checksum() argument
4611 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) in mbedtls_ssl_optimize_checksum()
4612 ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; in mbedtls_ssl_optimize_checksum()
4618 ssl->handshake->update_checksum = ssl_update_checksum_sha384; in mbedtls_ssl_optimize_checksum()
4623 ssl->handshake->update_checksum = ssl_update_checksum_sha256; in mbedtls_ssl_optimize_checksum()
4633 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) in mbedtls_ssl_reset_checksum() argument
4637 mbedtls_md5_starts( &ssl->handshake->fin_md5 ); in mbedtls_ssl_reset_checksum()
4638 mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); in mbedtls_ssl_reset_checksum()
4642 mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); in mbedtls_ssl_reset_checksum()
4645 mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); in mbedtls_ssl_reset_checksum()
4650 static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, in ssl_update_checksum_start() argument
4655 mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); in ssl_update_checksum_start()
4656 mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); in ssl_update_checksum_start()
4660 mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); in ssl_update_checksum_start()
4663 mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); in ssl_update_checksum_start()
4670 static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, in ssl_update_checksum_md5sha1() argument
4673 mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); in ssl_update_checksum_md5sha1()
4674 mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); in ssl_update_checksum_md5sha1()
4680 static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, in ssl_update_checksum_sha256() argument
4683 mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); in ssl_update_checksum_sha256()
4688 static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, in ssl_update_checksum_sha384() argument
4691 mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); in ssl_update_checksum_sha384()
4698 mbedtls_ssl_context *ssl, unsigned char *buf, int from ) in ssl_calc_finished_ssl() argument
4708 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_ssl()
4710 session = ssl->session; in ssl_calc_finished_ssl()
4717 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); in ssl_calc_finished_ssl()
4718 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); in ssl_calc_finished_ssl()
4783 mbedtls_ssl_context *ssl, unsigned char *buf, int from ) in ssl_calc_finished_tls() argument
4791 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_tls()
4793 session = ssl->session; in ssl_calc_finished_tls()
4800 mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); in ssl_calc_finished_tls()
4801 mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); in ssl_calc_finished_tls()
4826 ssl->handshake->tls_prf( session->master, 48, sender, in ssl_calc_finished_tls()
4843 mbedtls_ssl_context *ssl, unsigned char *buf, int from ) in ssl_calc_finished_tls_sha256() argument
4850 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_tls_sha256()
4852 session = ssl->session; in ssl_calc_finished_tls_sha256()
4858 mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); in ssl_calc_finished_tls_sha256()
4877 ssl->handshake->tls_prf( session->master, 48, sender, in ssl_calc_finished_tls_sha256()
4892 mbedtls_ssl_context *ssl, unsigned char *buf, int from ) in ssl_calc_finished_tls_sha384() argument
4899 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_tls_sha384()
4901 session = ssl->session; in ssl_calc_finished_tls_sha384()
4907 mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); in ssl_calc_finished_tls_sha384()
4926 ssl->handshake->tls_prf( session->master, 48, sender, in ssl_calc_finished_tls_sha384()
4940 static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) in ssl_handshake_wrapup_free_hs_transform() argument
4947 mbedtls_ssl_handshake_free( ssl->handshake ); in ssl_handshake_wrapup_free_hs_transform()
4948 mbedtls_free( ssl->handshake ); in ssl_handshake_wrapup_free_hs_transform()
4949 ssl->handshake = NULL; in ssl_handshake_wrapup_free_hs_transform()
4954 if( ssl->transform ) in ssl_handshake_wrapup_free_hs_transform()
4956 mbedtls_ssl_transform_free( ssl->transform ); in ssl_handshake_wrapup_free_hs_transform()
4957 mbedtls_free( ssl->transform ); in ssl_handshake_wrapup_free_hs_transform()
4959 ssl->transform = ssl->transform_negotiate; in ssl_handshake_wrapup_free_hs_transform()
4960 ssl->transform_negotiate = NULL; in ssl_handshake_wrapup_free_hs_transform()
4965 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) in mbedtls_ssl_handshake_wrapup() argument
4967 int resume = ssl->handshake->resume; in mbedtls_ssl_handshake_wrapup()
4972 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in mbedtls_ssl_handshake_wrapup()
4974 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; in mbedtls_ssl_handshake_wrapup()
4975 ssl->renego_records_seen = 0; in mbedtls_ssl_handshake_wrapup()
4982 if( ssl->session ) in mbedtls_ssl_handshake_wrapup()
4986 ssl->session_negotiate->encrypt_then_mac = in mbedtls_ssl_handshake_wrapup()
4987 ssl->session->encrypt_then_mac; in mbedtls_ssl_handshake_wrapup()
4990 mbedtls_ssl_session_free( ssl->session ); in mbedtls_ssl_handshake_wrapup()
4991 mbedtls_free( ssl->session ); in mbedtls_ssl_handshake_wrapup()
4993 ssl->session = ssl->session_negotiate; in mbedtls_ssl_handshake_wrapup()
4994 ssl->session_negotiate = NULL; in mbedtls_ssl_handshake_wrapup()
4999 if( ssl->conf->f_set_cache != NULL && in mbedtls_ssl_handshake_wrapup()
5000 ssl->session->id_len != 0 && in mbedtls_ssl_handshake_wrapup()
5003 if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) in mbedtls_ssl_handshake_wrapup()
5008 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake_wrapup()
5009 ssl->handshake->flight != NULL ) in mbedtls_ssl_handshake_wrapup()
5012 ssl_set_timer( ssl, 0 ); in mbedtls_ssl_handshake_wrapup()
5020 ssl_handshake_wrapup_free_hs_transform( ssl ); in mbedtls_ssl_handshake_wrapup()
5022 ssl->state++; in mbedtls_ssl_handshake_wrapup()
5027 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) in mbedtls_ssl_write_finished() argument
5036 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) in mbedtls_ssl_write_finished()
5038 ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen - in mbedtls_ssl_write_finished()
5039 ssl->transform_negotiate->fixed_ivlen; in mbedtls_ssl_write_finished()
5042 ssl->out_msg = ssl->out_iv; in mbedtls_ssl_write_finished()
5044 ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); in mbedtls_ssl_write_finished()
5052 hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; in mbedtls_ssl_write_finished()
5055 ssl->verify_data_len = hash_len; in mbedtls_ssl_write_finished()
5056 memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); in mbedtls_ssl_write_finished()
5059 ssl->out_msglen = 4 + hash_len; in mbedtls_ssl_write_finished()
5060 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in mbedtls_ssl_write_finished()
5061 ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; in mbedtls_ssl_write_finished()
5067 if( ssl->handshake->resume != 0 ) in mbedtls_ssl_write_finished()
5070 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_write_finished()
5071 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; in mbedtls_ssl_write_finished()
5074 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_write_finished()
5075 ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; in mbedtls_ssl_write_finished()
5079 ssl->state++; in mbedtls_ssl_write_finished()
5088 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_write_finished()
5093 ssl->handshake->alt_transform_out = ssl->transform_out; in mbedtls_ssl_write_finished()
5094 memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 ); in mbedtls_ssl_write_finished()
5097 memset( ssl->out_ctr + 2, 0, 6 ); in mbedtls_ssl_write_finished()
5101 if( ++ssl->out_ctr[i - 1] != 0 ) in mbedtls_ssl_write_finished()
5113 memset( ssl->out_ctr, 0, 8 ); in mbedtls_ssl_write_finished()
5115 ssl->transform_out = ssl->transform_negotiate; in mbedtls_ssl_write_finished()
5116 ssl->session_out = ssl->session_negotiate; in mbedtls_ssl_write_finished()
5121 if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) in mbedtls_ssl_write_finished()
5130 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_write_finished()
5131 mbedtls_ssl_send_flight_completed( ssl ); in mbedtls_ssl_write_finished()
5134 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in mbedtls_ssl_write_finished()
5151 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) in mbedtls_ssl_parse_finished() argument
5159 ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); in mbedtls_ssl_parse_finished()
5161 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) in mbedtls_ssl_parse_finished()
5167 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in mbedtls_ssl_parse_finished()
5175 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_parse_finished()
5181 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || in mbedtls_ssl_parse_finished()
5182 ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) in mbedtls_ssl_parse_finished()
5188 if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), in mbedtls_ssl_parse_finished()
5196 ssl->verify_data_len = hash_len; in mbedtls_ssl_parse_finished()
5197 memcpy( ssl->peer_verify_data, buf, hash_len ); in mbedtls_ssl_parse_finished()
5200 if( ssl->handshake->resume != 0 ) in mbedtls_ssl_parse_finished()
5203 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_parse_finished()
5204 ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; in mbedtls_ssl_parse_finished()
5207 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_parse_finished()
5208 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; in mbedtls_ssl_parse_finished()
5212 ssl->state++; in mbedtls_ssl_parse_finished()
5215 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_parse_finished()
5216 mbedtls_ssl_recv_flight_completed( ssl ); in mbedtls_ssl_parse_finished()
5284 static int ssl_handshake_init( mbedtls_ssl_context *ssl ) in ssl_handshake_init() argument
5287 if( ssl->transform_negotiate ) in ssl_handshake_init()
5288 mbedtls_ssl_transform_free( ssl->transform_negotiate ); in ssl_handshake_init()
5289 if( ssl->session_negotiate ) in ssl_handshake_init()
5290 mbedtls_ssl_session_free( ssl->session_negotiate ); in ssl_handshake_init()
5291 if( ssl->handshake ) in ssl_handshake_init()
5292 mbedtls_ssl_handshake_free( ssl->handshake ); in ssl_handshake_init()
5298 if( ssl->transform_negotiate == NULL ) in ssl_handshake_init()
5300 ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); in ssl_handshake_init()
5303 if( ssl->session_negotiate == NULL ) in ssl_handshake_init()
5305 ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); in ssl_handshake_init()
5308 if( ssl->handshake == NULL ) in ssl_handshake_init()
5310 ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); in ssl_handshake_init()
5314 if( ssl->handshake == NULL || in ssl_handshake_init()
5315 ssl->transform_negotiate == NULL || in ssl_handshake_init()
5316 ssl->session_negotiate == NULL ) in ssl_handshake_init()
5320 mbedtls_free( ssl->handshake ); in ssl_handshake_init()
5321 mbedtls_free( ssl->transform_negotiate ); in ssl_handshake_init()
5322 mbedtls_free( ssl->session_negotiate ); in ssl_handshake_init()
5324 ssl->handshake = NULL; in ssl_handshake_init()
5325 ssl->transform_negotiate = NULL; in ssl_handshake_init()
5326 ssl->session_negotiate = NULL; in ssl_handshake_init()
5332 mbedtls_ssl_session_init( ssl->session_negotiate ); in ssl_handshake_init()
5333 ssl_transform_init( ssl->transform_negotiate ); in ssl_handshake_init()
5334 ssl_handshake_params_init( ssl->handshake ); in ssl_handshake_init()
5337 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_handshake_init()
5339 ssl->handshake->alt_transform_out = ssl->transform_out; in ssl_handshake_init()
5341 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in ssl_handshake_init()
5342 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; in ssl_handshake_init()
5344 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; in ssl_handshake_init()
5346 ssl_set_timer( ssl, 0 ); in ssl_handshake_init()
5385 void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) in mbedtls_ssl_init() argument
5387 memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); in mbedtls_ssl_init()
5393 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, in mbedtls_ssl_setup() argument
5399 ssl->conf = conf; in mbedtls_ssl_setup()
5404 if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL || in mbedtls_ssl_setup()
5405 ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL ) in mbedtls_ssl_setup()
5408 mbedtls_free( ssl->in_buf ); in mbedtls_ssl_setup()
5409 ssl->in_buf = NULL; in mbedtls_ssl_setup()
5416 ssl->out_hdr = ssl->out_buf; in mbedtls_ssl_setup()
5417 ssl->out_ctr = ssl->out_buf + 3; in mbedtls_ssl_setup()
5418 ssl->out_len = ssl->out_buf + 11; in mbedtls_ssl_setup()
5419 ssl->out_iv = ssl->out_buf + 13; in mbedtls_ssl_setup()
5420 ssl->out_msg = ssl->out_buf + 13; in mbedtls_ssl_setup()
5422 ssl->in_hdr = ssl->in_buf; in mbedtls_ssl_setup()
5423 ssl->in_ctr = ssl->in_buf + 3; in mbedtls_ssl_setup()
5424 ssl->in_len = ssl->in_buf + 11; in mbedtls_ssl_setup()
5425 ssl->in_iv = ssl->in_buf + 13; in mbedtls_ssl_setup()
5426 ssl->in_msg = ssl->in_buf + 13; in mbedtls_ssl_setup()
5431 ssl->out_ctr = ssl->out_buf; in mbedtls_ssl_setup()
5432 ssl->out_hdr = ssl->out_buf + 8; in mbedtls_ssl_setup()
5433 ssl->out_len = ssl->out_buf + 11; in mbedtls_ssl_setup()
5434 ssl->out_iv = ssl->out_buf + 13; in mbedtls_ssl_setup()
5435 ssl->out_msg = ssl->out_buf + 13; in mbedtls_ssl_setup()
5437 ssl->in_ctr = ssl->in_buf; in mbedtls_ssl_setup()
5438 ssl->in_hdr = ssl->in_buf + 8; in mbedtls_ssl_setup()
5439 ssl->in_len = ssl->in_buf + 11; in mbedtls_ssl_setup()
5440 ssl->in_iv = ssl->in_buf + 13; in mbedtls_ssl_setup()
5441 ssl->in_msg = ssl->in_buf + 13; in mbedtls_ssl_setup()
5444 if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) in mbedtls_ssl_setup()
5457 static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) in ssl_session_reset_int() argument
5461 ssl->state = MBEDTLS_SSL_HELLO_REQUEST; in ssl_session_reset_int()
5464 ssl_set_timer( ssl, 0 ); in ssl_session_reset_int()
5467 ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; in ssl_session_reset_int()
5468 ssl->renego_records_seen = 0; in ssl_session_reset_int()
5470 ssl->verify_data_len = 0; in ssl_session_reset_int()
5471 memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); in ssl_session_reset_int()
5472 memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); in ssl_session_reset_int()
5474 ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; in ssl_session_reset_int()
5476 ssl->in_offt = NULL; in ssl_session_reset_int()
5478 ssl->in_msg = ssl->in_buf + 13; in ssl_session_reset_int()
5479 ssl->in_msgtype = 0; in ssl_session_reset_int()
5480 ssl->in_msglen = 0; in ssl_session_reset_int()
5482 ssl->in_left = 0; in ssl_session_reset_int()
5484 ssl->next_record_offset = 0; in ssl_session_reset_int()
5485 ssl->in_epoch = 0; in ssl_session_reset_int()
5488 ssl_dtls_replay_reset( ssl ); in ssl_session_reset_int()
5491 ssl->in_hslen = 0; in ssl_session_reset_int()
5492 ssl->nb_zero = 0; in ssl_session_reset_int()
5493 ssl->record_read = 0; in ssl_session_reset_int()
5495 ssl->out_msg = ssl->out_buf + 13; in ssl_session_reset_int()
5496 ssl->out_msgtype = 0; in ssl_session_reset_int()
5497 ssl->out_msglen = 0; in ssl_session_reset_int()
5498 ssl->out_left = 0; in ssl_session_reset_int()
5500 if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) in ssl_session_reset_int()
5501 ssl->split_done = 0; in ssl_session_reset_int()
5504 ssl->transform_in = NULL; in ssl_session_reset_int()
5505 ssl->transform_out = NULL; in ssl_session_reset_int()
5507 memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); in ssl_session_reset_int()
5509 memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN ); in ssl_session_reset_int()
5515 if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) in ssl_session_reset_int()
5523 if( ssl->transform ) in ssl_session_reset_int()
5525 mbedtls_ssl_transform_free( ssl->transform ); in ssl_session_reset_int()
5526 mbedtls_free( ssl->transform ); in ssl_session_reset_int()
5527 ssl->transform = NULL; in ssl_session_reset_int()
5530 if( ssl->session ) in ssl_session_reset_int()
5532 mbedtls_ssl_session_free( ssl->session ); in ssl_session_reset_int()
5533 mbedtls_free( ssl->session ); in ssl_session_reset_int()
5534 ssl->session = NULL; in ssl_session_reset_int()
5538 ssl->alpn_chosen = NULL; in ssl_session_reset_int()
5544 mbedtls_free( ssl->cli_id ); in ssl_session_reset_int()
5545 ssl->cli_id = NULL; in ssl_session_reset_int()
5546 ssl->cli_id_len = 0; in ssl_session_reset_int()
5550 if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) in ssl_session_reset_int()
5560 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) in mbedtls_ssl_session_reset() argument
5562 return( ssl_session_reset_int( ssl, 0 ) ); in mbedtls_ssl_session_reset()
5631 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_bio() argument
5637 ssl->p_bio = p_bio; in mbedtls_ssl_set_bio()
5638 ssl->f_send = f_send; in mbedtls_ssl_set_bio()
5639 ssl->f_recv = f_recv; in mbedtls_ssl_set_bio()
5640 ssl->f_recv_timeout = f_recv_timeout; in mbedtls_ssl_set_bio()
5648 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_timer_cb() argument
5653 ssl->p_timer = p_timer; in mbedtls_ssl_set_timer_cb()
5654 ssl->f_set_timer = f_set_timer; in mbedtls_ssl_set_timer_cb()
5655 ssl->f_get_timer = f_get_timer; in mbedtls_ssl_set_timer_cb()
5658 ssl_set_timer( ssl, 0 ); in mbedtls_ssl_set_timer_cb()
5674 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) in mbedtls_ssl_set_session() argument
5678 if( ssl == NULL || in mbedtls_ssl_set_session()
5680 ssl->session_negotiate == NULL || in mbedtls_ssl_set_session()
5681 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_set_session()
5686 if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) in mbedtls_ssl_set_session()
5689 ssl->handshake->resume = 1; in mbedtls_ssl_set_session()
5772 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_hs_own_cert() argument
5776 return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, in mbedtls_ssl_set_hs_own_cert()
5780 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_hs_ca_chain() argument
5784 ssl->handshake->sni_ca_chain = ca_chain; in mbedtls_ssl_set_hs_ca_chain()
5785 ssl->handshake->sni_ca_crl = ca_crl; in mbedtls_ssl_set_hs_ca_chain()
5788 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_hs_authmode() argument
5791 ssl->handshake->sni_authmode = authmode; in mbedtls_ssl_set_hs_authmode()
5799 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_hs_ecjpake_password() argument
5805 if( ssl->handshake == NULL || ssl->conf == NULL ) in mbedtls_ssl_set_hs_ecjpake_password()
5808 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_set_hs_ecjpake_password()
5813 return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, in mbedtls_ssl_set_hs_ecjpake_password()
5866 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_hs_psk() argument
5869 if( psk == NULL || ssl->handshake == NULL ) in mbedtls_ssl_set_hs_psk()
5875 if( ssl->handshake->psk != NULL ) in mbedtls_ssl_set_hs_psk()
5876 mbedtls_free( ssl->handshake->psk ); in mbedtls_ssl_set_hs_psk()
5878 if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) in mbedtls_ssl_set_hs_psk()
5881 ssl->handshake->psk_len = psk_len; in mbedtls_ssl_set_hs_psk()
5882 memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); in mbedtls_ssl_set_hs_psk()
5963 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) in mbedtls_ssl_set_hostname() argument
5978 ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); in mbedtls_ssl_set_hostname()
5980 if( ssl->hostname == NULL ) in mbedtls_ssl_set_hostname()
5983 memcpy( ssl->hostname, hostname, hostname_len ); in mbedtls_ssl_set_hostname()
5985 ssl->hostname[hostname_len] = '\0'; in mbedtls_ssl_set_hostname()
6027 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_alpn_protocol() argument
6029 return( ssl->alpn_chosen ); in mbedtls_ssl_get_alpn_protocol()
6159 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_bytes_avail() argument
6161 return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); in mbedtls_ssl_get_bytes_avail()
6164 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_verify_result() argument
6166 if( ssl->session != NULL ) in mbedtls_ssl_get_verify_result()
6167 return( ssl->session->verify_result ); in mbedtls_ssl_get_verify_result()
6169 if( ssl->session_negotiate != NULL ) in mbedtls_ssl_get_verify_result()
6170 return( ssl->session_negotiate->verify_result ); in mbedtls_ssl_get_verify_result()
6175 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_ciphersuite() argument
6177 if( ssl == NULL || ssl->session == NULL ) in mbedtls_ssl_get_ciphersuite()
6180 return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); in mbedtls_ssl_get_ciphersuite()
6183 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_version() argument
6186 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_get_version()
6188 switch( ssl->minor_ver ) in mbedtls_ssl_get_version()
6202 switch( ssl->minor_ver ) in mbedtls_ssl_get_version()
6221 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_record_expansion() argument
6224 const mbedtls_ssl_transform *transform = ssl->transform_out; in mbedtls_ssl_get_record_expansion()
6227 if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) in mbedtls_ssl_get_record_expansion()
6232 return( (int) mbedtls_ssl_hdr_len( ssl ) ); in mbedtls_ssl_get_record_expansion()
6252 return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) ); in mbedtls_ssl_get_record_expansion()
6256 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_max_frag_len() argument
6263 max_len = mfl_code_to_length[ssl->conf->mfl_code]; in mbedtls_ssl_get_max_frag_len()
6268 if( ssl->session_out != NULL && in mbedtls_ssl_get_max_frag_len()
6269 mfl_code_to_length[ssl->session_out->mfl_code] < max_len ) in mbedtls_ssl_get_max_frag_len()
6271 max_len = mfl_code_to_length[ssl->session_out->mfl_code]; in mbedtls_ssl_get_max_frag_len()
6279 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) in mbedtls_ssl_get_peer_cert() argument
6281 if( ssl == NULL || ssl->session == NULL ) in mbedtls_ssl_get_peer_cert()
6284 return( ssl->session->peer_cert ); in mbedtls_ssl_get_peer_cert()
6289 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) in mbedtls_ssl_get_session() argument
6291 if( ssl == NULL || in mbedtls_ssl_get_session()
6293 ssl->session == NULL || in mbedtls_ssl_get_session()
6294 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_get_session()
6299 return( ssl_session_copy( dst, ssl->session ) ); in mbedtls_ssl_get_session()
6306 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) in mbedtls_ssl_handshake_step() argument
6310 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_handshake_step()
6314 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_handshake_step()
6315 ret = mbedtls_ssl_handshake_client_step( ssl ); in mbedtls_ssl_handshake_step()
6318 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_handshake_step()
6319 ret = mbedtls_ssl_handshake_server_step( ssl ); in mbedtls_ssl_handshake_step()
6328 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) in mbedtls_ssl_handshake() argument
6332 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_handshake()
6337 while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_handshake()
6339 ret = mbedtls_ssl_handshake_step( ssl ); in mbedtls_ssl_handshake()
6355 static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) in ssl_write_hello_request() argument
6361 ssl->out_msglen = 4; in ssl_write_hello_request()
6362 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_hello_request()
6363 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; in ssl_write_hello_request()
6365 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in ssl_write_hello_request()
6386 static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) in ssl_start_renegotiation() argument
6392 if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) in ssl_start_renegotiation()
6398 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_start_renegotiation()
6399 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) in ssl_start_renegotiation()
6401 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in ssl_start_renegotiation()
6402 ssl->handshake->out_msg_seq = 1; in ssl_start_renegotiation()
6404 ssl->handshake->in_msg_seq = 1; in ssl_start_renegotiation()
6408 ssl->state = MBEDTLS_SSL_HELLO_REQUEST; in ssl_start_renegotiation()
6409 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; in ssl_start_renegotiation()
6411 if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) in ssl_start_renegotiation()
6426 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) in mbedtls_ssl_renegotiate() argument
6430 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_renegotiate()
6435 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_renegotiate()
6437 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_renegotiate()
6440 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; in mbedtls_ssl_renegotiate()
6443 if( ssl->out_left != 0 ) in mbedtls_ssl_renegotiate()
6444 return( mbedtls_ssl_flush_output( ssl ) ); in mbedtls_ssl_renegotiate()
6446 return( ssl_write_hello_request( ssl ) ); in mbedtls_ssl_renegotiate()
6455 if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in mbedtls_ssl_renegotiate()
6457 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_renegotiate()
6460 if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) in mbedtls_ssl_renegotiate()
6468 if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) in mbedtls_ssl_renegotiate()
6482 static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) in ssl_check_ctr_renegotiate() argument
6484 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || in ssl_check_ctr_renegotiate()
6485 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || in ssl_check_ctr_renegotiate()
6486 ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) in ssl_check_ctr_renegotiate()
6491 if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && in ssl_check_ctr_renegotiate()
6492 memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) in ssl_check_ctr_renegotiate()
6498 return( mbedtls_ssl_renegotiate( ssl ) ); in ssl_check_ctr_renegotiate()
6505 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) in mbedtls_ssl_read() argument
6510 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_read()
6516 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_read()
6518 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) in mbedtls_ssl_read()
6521 if( ssl->handshake != NULL && in mbedtls_ssl_read()
6522 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) in mbedtls_ssl_read()
6524 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) in mbedtls_ssl_read()
6531 if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) in mbedtls_ssl_read()
6538 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_read()
6540 ret = mbedtls_ssl_handshake( ssl ); in mbedtls_ssl_read()
6552 if( ssl->in_offt == NULL ) in mbedtls_ssl_read()
6555 if( ssl->f_get_timer != NULL && in mbedtls_ssl_read()
6556 ssl->f_get_timer( ssl->p_timer ) == -1 ) in mbedtls_ssl_read()
6558 ssl_set_timer( ssl, ssl->conf->read_timeout ); in mbedtls_ssl_read()
6563 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) in mbedtls_ssl_read()
6573 if( ssl->in_msglen == 0 && in mbedtls_ssl_read()
6574 ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) in mbedtls_ssl_read()
6579 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) in mbedtls_ssl_read()
6590 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) in mbedtls_ssl_read()
6595 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_read()
6596 ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || in mbedtls_ssl_read()
6597 ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) in mbedtls_ssl_read()
6603 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_read()
6609 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_read()
6610 ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) in mbedtls_ssl_read()
6616 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in mbedtls_ssl_read()
6623 if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || in mbedtls_ssl_read()
6624 ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in mbedtls_ssl_read()
6625 ssl->conf->allow_legacy_renegotiation == in mbedtls_ssl_read()
6631 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in mbedtls_ssl_read()
6636 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) in mbedtls_ssl_read()
6643 if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) in mbedtls_ssl_read()
6645 if( ( ret = mbedtls_ssl_send_alert_message( ssl, in mbedtls_ssl_read()
6664 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_read()
6665 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) in mbedtls_ssl_read()
6667 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; in mbedtls_ssl_read()
6670 ret = ssl_start_renegotiation( ssl ); in mbedtls_ssl_read()
6687 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) in mbedtls_ssl_read()
6690 if( ssl->conf->renego_max_records >= 0 ) in mbedtls_ssl_read()
6692 if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) in mbedtls_ssl_read()
6703 if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) in mbedtls_ssl_read()
6709 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) in mbedtls_ssl_read()
6715 ssl->in_offt = ssl->in_msg; in mbedtls_ssl_read()
6719 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_read()
6720 ssl_set_timer( ssl, 0 ); in mbedtls_ssl_read()
6727 if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && in mbedtls_ssl_read()
6728 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) in mbedtls_ssl_read()
6730 if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) in mbedtls_ssl_read()
6740 n = ( len < ssl->in_msglen ) in mbedtls_ssl_read()
6741 ? len : ssl->in_msglen; in mbedtls_ssl_read()
6743 memcpy( buf, ssl->in_offt, n ); in mbedtls_ssl_read()
6744 ssl->in_msglen -= n; in mbedtls_ssl_read()
6746 if( ssl->in_msglen == 0 ) in mbedtls_ssl_read()
6748 ssl->in_offt = NULL; in mbedtls_ssl_read()
6751 ssl->in_offt += n; in mbedtls_ssl_read()
6762 static int ssl_write_real( mbedtls_ssl_context *ssl, in ssl_write_real() argument
6767 size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); in ssl_write_real()
6772 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_write_real()
6785 if( ssl->out_left != 0 ) in ssl_write_real()
6787 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) in ssl_write_real()
6795 ssl->out_msglen = len; in ssl_write_real()
6796 ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; in ssl_write_real()
6797 memcpy( ssl->out_msg, buf, len ); in ssl_write_real()
6799 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in ssl_write_real()
6817 static int ssl_write_split( mbedtls_ssl_context *ssl, in ssl_write_split() argument
6822 if( ssl->conf->cbc_record_splitting == in ssl_write_split()
6825 ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || in ssl_write_split()
6826 mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) in ssl_write_split()
6829 return( ssl_write_real( ssl, buf, len ) ); in ssl_write_split()
6832 if( ssl->split_done == 0 ) in ssl_write_split()
6834 if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) in ssl_write_split()
6836 ssl->split_done = 1; in ssl_write_split()
6839 if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) in ssl_write_split()
6841 ssl->split_done = 0; in ssl_write_split()
6850 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) in mbedtls_ssl_write() argument
6856 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_write()
6860 if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) in mbedtls_ssl_write()
6867 if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_write()
6869 if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) in mbedtls_ssl_write()
6877 ret = ssl_write_split( ssl, buf, len ); in mbedtls_ssl_write()
6879 ret = ssl_write_real( ssl, buf, len ); in mbedtls_ssl_write()
6890 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) in mbedtls_ssl_close_notify() argument
6894 if( ssl == NULL || ssl->conf == NULL ) in mbedtls_ssl_close_notify()
6899 if( ssl->out_left != 0 ) in mbedtls_ssl_close_notify()
6900 return( mbedtls_ssl_flush_output( ssl ) ); in mbedtls_ssl_close_notify()
6902 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) in mbedtls_ssl_close_notify()
6904 if( ( ret = mbedtls_ssl_send_alert_message( ssl, in mbedtls_ssl_close_notify()
7050 void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) in mbedtls_ssl_free() argument
7052 if( ssl == NULL ) in mbedtls_ssl_free()
7057 if( ssl->out_buf != NULL ) in mbedtls_ssl_free()
7059 mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); in mbedtls_ssl_free()
7060 mbedtls_free( ssl->out_buf ); in mbedtls_ssl_free()
7063 if( ssl->in_buf != NULL ) in mbedtls_ssl_free()
7065 mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); in mbedtls_ssl_free()
7066 mbedtls_free( ssl->in_buf ); in mbedtls_ssl_free()
7070 if( ssl->compress_buf != NULL ) in mbedtls_ssl_free()
7072 mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); in mbedtls_ssl_free()
7073 mbedtls_free( ssl->compress_buf ); in mbedtls_ssl_free()
7077 if( ssl->transform ) in mbedtls_ssl_free()
7079 mbedtls_ssl_transform_free( ssl->transform ); in mbedtls_ssl_free()
7080 mbedtls_free( ssl->transform ); in mbedtls_ssl_free()
7083 if( ssl->handshake ) in mbedtls_ssl_free()
7085 mbedtls_ssl_handshake_free( ssl->handshake ); in mbedtls_ssl_free()
7086 mbedtls_ssl_transform_free( ssl->transform_negotiate ); in mbedtls_ssl_free()
7087 mbedtls_ssl_session_free( ssl->session_negotiate ); in mbedtls_ssl_free()
7089 mbedtls_free( ssl->handshake ); in mbedtls_ssl_free()
7090 mbedtls_free( ssl->transform_negotiate ); in mbedtls_ssl_free()
7091 mbedtls_free( ssl->session_negotiate ); in mbedtls_ssl_free()
7094 if( ssl->session ) in mbedtls_ssl_free()
7096 mbedtls_ssl_session_free( ssl->session ); in mbedtls_ssl_free()
7097 mbedtls_free( ssl->session ); in mbedtls_ssl_free()
7101 if( ssl->hostname != NULL ) in mbedtls_ssl_free()
7103 mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); in mbedtls_ssl_free()
7104 mbedtls_free( ssl->hostname ); in mbedtls_ssl_free()
7112 mbedtls_ssl_hw_record_finish( ssl ); in mbedtls_ssl_free()
7117 mbedtls_free( ssl->cli_id ); in mbedtls_ssl_free()
7123 mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); in mbedtls_ssl_free()
7456 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) in mbedtls_ssl_check_curve() argument
7460 if( ssl->conf->curve_list == NULL ) in mbedtls_ssl_check_curve()
7463 for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) in mbedtls_ssl_check_curve()
7476 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, in mbedtls_ssl_check_sig_hash() argument
7481 if( ssl->conf->sig_hashes == NULL ) in mbedtls_ssl_check_sig_hash()
7484 for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) in mbedtls_ssl_check_sig_hash()
7636 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) in mbedtls_ssl_set_calc_verify_md() argument
7639 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) in mbedtls_ssl_set_calc_verify_md()
7647 ssl->handshake->calc_verify = ssl_calc_verify_tls; in mbedtls_ssl_set_calc_verify_md()
7652 ssl->handshake->calc_verify = ssl_calc_verify_tls; in mbedtls_ssl_set_calc_verify_md()
7658 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; in mbedtls_ssl_set_calc_verify_md()
7663 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; in mbedtls_ssl_set_calc_verify_md()
7672 (void) ssl; in mbedtls_ssl_set_calc_verify_md()