Lines Matching refs:ssl
58 static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, in ssl_write_hostname_ext() argument
63 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_write_hostname_ext()
68 if( ssl->hostname == NULL ) in ssl_write_hostname_ext()
72 ssl->hostname ) ); in ssl_write_hostname_ext()
74 hostname_len = strlen( ssl->hostname ); in ssl_write_hostname_ext()
113 memcpy( p, ssl->hostname, hostname_len ); in ssl_write_hostname_ext()
120 static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, in ssl_write_renegotiation_ext() argument
125 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_write_renegotiation_ext()
129 if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_write_renegotiation_ext()
134 if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) in ssl_write_renegotiation_ext()
147 *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; in ssl_write_renegotiation_ext()
148 *p++ = ssl->verify_data_len & 0xFF; in ssl_write_renegotiation_ext()
150 memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); in ssl_write_renegotiation_ext()
152 *olen = 5 + ssl->verify_data_len; in ssl_write_renegotiation_ext()
161 static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, in ssl_write_signature_algorithms_ext() argument
166 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_write_signature_algorithms_ext()
175 if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_signature_algorithms_ext()
180 for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) in ssl_write_signature_algorithms_ext()
201 for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) in ssl_write_signature_algorithms_ext()
246 static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, argument
251 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
258 ((void) ssl);
266 for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
291 for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
317 static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, argument
322 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
349 static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, argument
355 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
361 if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
380 if( ssl->handshake->ecjpake_cache == NULL ||
381 ssl->handshake->ecjpake_cache_len == 0 )
385 ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
387 ssl->conf->f_rng, ssl->conf->p_rng );
394 ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
395 if( ssl->handshake->ecjpake_cache == NULL )
401 memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
402 ssl->handshake->ecjpake_cache_len = kkpp_len;
408 kkpp_len = ssl->handshake->ecjpake_cache_len;
416 memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
427 static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, argument
432 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
436 if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
454 *p++ = ssl->conf->mfl_code;
461 static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, argument
465 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
469 if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
493 static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, argument
497 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
501 if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
502 ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
527 static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, argument
531 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
535 if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
536 ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
561 static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, argument
565 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
566 size_t tlen = ssl->session_negotiate->ticket_len;
570 if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
591 if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
598 memcpy( p, ssl->session_negotiate->ticket, tlen );
605 static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, argument
609 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
615 if( ssl->conf->alpn_list == NULL )
622 for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
645 for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
667 static int ssl_generate_random( mbedtls_ssl_context *ssl ) argument
670 unsigned char *p = ssl->handshake->randbytes;
679 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
680 ssl->handshake->verify_cookie != NULL )
695 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
701 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
707 static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) argument
719 if( ssl->conf->f_rng == NULL )
726 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
729 ssl->major_ver = ssl->conf->min_major_ver;
730 ssl->minor_ver = ssl->conf->min_minor_ver;
733 if( ssl->conf->max_major_ver == 0 )
747 buf = ssl->out_msg;
750 mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
751 ssl->conf->transport, p );
757 if( ( ret = ssl_generate_random( ssl ) ) != 0 )
763 memcpy( p, ssl->handshake->randbytes, 32 );
779 n = ssl->session_negotiate->id_len;
783 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
785 ssl->handshake->resume == 0 )
796 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
799 if( ssl->session_negotiate->ticket != NULL &&
800 ssl->session_negotiate->ticket_len != 0 )
802 ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
807 ssl->session_negotiate->id_len = n = 32;
815 *p++ = ssl->session_negotiate->id[i];
824 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
826 if( ssl->handshake->verify_cookie == NULL )
834 ssl->handshake->verify_cookie,
835 ssl->handshake->verify_cookie_len );
837 *p++ = ssl->handshake->verify_cookie_len;
838 memcpy( p, ssl->handshake->verify_cookie,
839 ssl->handshake->verify_cookie_len );
840 p += ssl->handshake->verify_cookie_len;
848 ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
862 if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
863 ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
867 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
873 if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
880 mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
896 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
906 if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
933 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
960 ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
965 ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
971 ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
977 ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
980 ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
985 ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
990 ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
995 ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
1000 ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
1005 ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
1010 ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
1015 ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
1032 ssl->out_msglen = p - buf;
1033 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
1034 ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_HELLO;
1036 ssl->state++;
1039 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1040 mbedtls_ssl_send_flight_completed( ssl );
1043 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
1054 static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, argument
1061 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
1064 if( len != 1 + ssl->verify_data_len * 2 ||
1065 buf[0] != ssl->verify_data_len * 2 ||
1067 ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
1068 mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
1069 ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
1073 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
1086 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
1092 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
1099 static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, argument
1107 if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
1109 buf[0] != ssl->conf->mfl_code )
1119 static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, argument
1123 if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
1131 ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
1138 static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, argument
1142 if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
1143 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
1151 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
1158 static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, argument
1162 if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
1163 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
1171 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1178 static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, argument
1182 if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
1190 ssl->handshake->new_session_ticket = 1;
1198 static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, argument
1219 ssl->handshake->ecdh_ctx.point_format = p[0];
1222 ssl->handshake->ecjpake_ctx.point_format = p[0];
1239 static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, argument
1245 if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
1253 mbedtls_free( ssl->handshake->ecjpake_cache );
1254 ssl->handshake->ecjpake_cache = NULL;
1255 ssl->handshake->ecjpake_cache_len = 0;
1257 if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
1269 static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, argument
1276 if( ssl->conf->alpn_list == NULL )
1302 for( p = ssl->conf->alpn_list; *p != NULL; p++ )
1307 ssl->alpn_chosen = *p;
1320 static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) argument
1322 const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
1335 mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
1344 major_ver > ssl->conf->max_major_ver ||
1345 minor_ver > ssl->conf->max_minor_ver )
1349 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1358 if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
1362 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1367 mbedtls_free( ssl->handshake->verify_cookie );
1369 ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
1370 if( ssl->handshake->verify_cookie == NULL )
1376 memcpy( ssl->handshake->verify_cookie, p, cookie_len );
1377 ssl->handshake->verify_cookie_len = cookie_len;
1380 ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
1381 mbedtls_ssl_reset_checksum( ssl );
1383 mbedtls_ssl_recv_flight_completed( ssl );
1391 static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) argument
1412 buf = ssl->in_msg;
1414 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
1420 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
1423 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
1425 ssl->renego_records_seen++;
1427 if( ssl->conf->renego_max_records >= 0 &&
1428 ssl->renego_records_seen > ssl->conf->renego_max_records )
1445 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1451 return( ssl_parse_hello_verify_request( ssl ) );
1456 mbedtls_free( ssl->handshake->verify_cookie );
1457 ssl->handshake->verify_cookie = NULL;
1458 ssl->handshake->verify_cookie_len = 0;
1463 if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) ||
1481 buf += mbedtls_ssl_hs_hdr_len( ssl );
1484 mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
1485 ssl->conf->transport, buf + 0 );
1487 if( ssl->major_ver < ssl->conf->min_major_ver ||
1488 ssl->minor_ver < ssl->conf->min_minor_ver ||
1489 ssl->major_ver > ssl->conf->max_major_ver ||
1490 ssl->minor_ver > ssl->conf->max_minor_ver )
1494 ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
1495 ssl->major_ver, ssl->minor_ver,
1496 ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
1498 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1512 memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
1524 if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
1530 ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
1536 else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
1557 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1576 ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
1578 if( ssl->transform_negotiate->ciphersuite_info == NULL )
1584 mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
1592 if( ssl->handshake->resume == 0 || n == 0 ||
1594 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
1596 ssl->session_negotiate->ciphersuite != i ||
1597 ssl->session_negotiate->compression != comp ||
1598 ssl->session_negotiate->id_len != n ||
1599 memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
1601 ssl->state++;
1602 ssl->handshake->resume = 0;
1604 ssl->session_negotiate->start = mbedtls_time( NULL );
1606 ssl->session_negotiate->ciphersuite = i;
1607 ssl->session_negotiate->compression = comp;
1608 ssl->session_negotiate->id_len = n;
1609 memcpy( ssl->session_negotiate->id, buf + 35, n );
1613 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
1615 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
1623 ssl->handshake->resume ? "a" : "no" ) );
1628 suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
1631 || ( ssl->conf->arc4_disabled &&
1645 if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
1651 if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
1652 ssl->session_negotiate->ciphersuite )
1667 ssl->session_negotiate->compression = comp;
1694 if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
1704 if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
1717 if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
1730 if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
1743 if( ( ret = ssl_parse_extended_ms_ext( ssl,
1756 if( ( ret = ssl_parse_session_ticket_ext( ssl,
1770 if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
1784 if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
1797 if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
1821 if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1822 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
1828 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1829 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
1835 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1836 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1837 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
1842 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1843 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1853 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
1866 static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, argument
1880 if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 )
1886 if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
1889 ssl->handshake->dhm_ctx.len * 8,
1890 ssl->conf->dhm_min_bitlen ) );
1894 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
1895 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
1896 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
1908 static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) argument
1912 curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
1922 if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
1924 if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
1925 ssl->handshake->ecdh_ctx.grp.nbits > 521 )
1929 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
1942 static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, argument
1956 if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx,
1963 if( ssl_check_server_ecdh_params( ssl ) != 0 )
1976 static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, argument
1982 ((void) ssl);
2015 static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, argument
2020 size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
2021 unsigned char *p = ssl->handshake->premaster + pms_offset;
2036 mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
2037 ssl->conf->transport, p );
2039 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
2045 ssl->handshake->pmslen = 48;
2047 if( ssl->session_negotiate->peer_cert == NULL )
2056 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
2063 if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
2064 p, ssl->handshake->pmslen,
2065 ssl->out_msg + offset + len_bytes, olen,
2067 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
2077 ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
2078 ssl->out_msg[offset+1] = (unsigned char)( *olen );
2092 static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, argument
2098 ((void) ssl);
2103 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
2134 if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
2154 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) argument
2159 if( ssl->session_negotiate->peer_cert == NULL )
2165 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
2172 peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk );
2174 if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
2181 if( ssl_check_server_ecdh_params( ssl ) != 0 )
2192 static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) argument
2195 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2204 ssl->state++;
2216 if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
2223 ssl->state++;
2231 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
2237 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
2247 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
2252 ssl->record_read = 1;
2260 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
2261 end = ssl->in_msg + ssl->in_hslen;
2270 if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
2291 if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
2307 if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
2320 ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
2346 unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
2353 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
2355 if( ssl_parse_signature_algorithm( ssl, &p, end,
2372 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
2430 mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 );
2435 mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 );
2471 mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 );
2487 if( ssl->session_negotiate->peer_cert == NULL )
2496 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
2502 if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
2514 ssl->state++;
2527 static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) argument
2529 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2540 ssl->state++;
2548 static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) argument
2554 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2565 ssl->state++;
2569 if( ssl->record_read == 0 )
2571 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
2577 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
2583 ssl->record_read = 1;
2586 ssl->client_auth = 0;
2587 ssl->state++;
2589 if( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST )
2590 ssl->client_auth++;
2593 ssl->client_auth ? "a" : "no" ) );
2595 if( ssl->client_auth == 0 )
2598 ssl->record_read = 0;
2624 buf = ssl->in_msg;
2627 cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
2630 if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
2638 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
2640 size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
2641 | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
2643 unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
2654 if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
2663 dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
2664 | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
2667 if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
2685 static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) argument
2691 if( ssl->record_read == 0 )
2693 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
2699 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
2705 ssl->record_read = 0;
2707 if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ||
2708 ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE )
2714 ssl->state++;
2717 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2718 mbedtls_ssl_recv_flight_completed( ssl );
2726 static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) argument
2730 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2740 n = ssl->handshake->dhm_ctx.len;
2742 ssl->out_msg[4] = (unsigned char)( n >> 8 );
2743 ssl->out_msg[5] = (unsigned char)( n );
2746 ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
2747 (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
2748 &ssl->out_msg[i], n,
2749 ssl->conf->f_rng, ssl->conf->p_rng );
2756 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
2757 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
2759 if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
2760 ssl->handshake->premaster,
2762 &ssl->handshake->pmslen,
2763 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
2769 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
2787 ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
2789 &ssl->out_msg[i], 1000,
2790 ssl->conf->f_rng, ssl->conf->p_rng );
2797 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
2799 if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
2800 &ssl->handshake->pmslen,
2801 ssl->handshake->premaster,
2803 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
2809 MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
2825 if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
2832 n = ssl->conf->psk_identity_len;
2841 ssl->out_msg[i++] = (unsigned char)( n >> 8 );
2842 ssl->out_msg[i++] = (unsigned char)( n );
2844 memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
2845 i += ssl->conf->psk_identity_len;
2857 if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
2868 n = ssl->handshake->dhm_ctx.len;
2877 ssl->out_msg[i++] = (unsigned char)( n >> 8 );
2878 ssl->out_msg[i++] = (unsigned char)( n );
2880 ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
2881 (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
2882 &ssl->out_msg[i], n,
2883 ssl->conf->f_rng, ssl->conf->p_rng );
2898 ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
2899 &ssl->out_msg[i], MBEDTLS_SSL_MAX_CONTENT_LEN - i,
2900 ssl->conf->f_rng, ssl->conf->p_rng );
2907 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
2916 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
2929 if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
2939 ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
2940 ssl->out_msg + i, MBEDTLS_SSL_MAX_CONTENT_LEN - i, &n,
2941 ssl->conf->f_rng, ssl->conf->p_rng );
2948 ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
2949 ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
2950 ssl->conf->f_rng, ssl->conf->p_rng );
2965 ssl->out_msglen = i + n;
2966 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
2967 ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
2969 ssl->state++;
2971 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
2988 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) argument
2990 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2995 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
3008 ssl->state++;
3016 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) argument
3019 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
3028 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
3041 ssl->state++;
3045 if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
3048 ssl->state++;
3052 if( mbedtls_ssl_own_key( ssl ) == NULL )
3061 ssl->handshake->calc_verify( ssl, hash );
3065 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
3085 if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
3096 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
3113 if( ssl->transform_negotiate->ciphersuite_info->mac ==
3117 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
3122 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
3124 ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
3137 if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen,
3138 ssl->out_msg + 6 + offset, &n,
3139 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
3145 ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
3146 ssl->out_msg[5 + offset] = (unsigned char)( n );
3148 ssl->out_msglen = 6 + n + offset;
3149 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
3150 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
3152 ssl->state++;
3154 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
3172 static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) argument
3182 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
3188 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
3204 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
3205 ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) )
3211 msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
3218 if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
3227 ssl->handshake->new_session_ticket = 0;
3228 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
3237 mbedtls_zeroize( ssl->session_negotiate->ticket,
3238 ssl->session_negotiate->ticket_len );
3239 mbedtls_free( ssl->session_negotiate->ticket );
3240 ssl->session_negotiate->ticket = NULL;
3241 ssl->session_negotiate->ticket_len = 0;
3251 ssl->session_negotiate->ticket = ticket;
3252 ssl->session_negotiate->ticket_len = ticket_len;
3253 ssl->session_negotiate->ticket_lifetime = lifetime;
3261 ssl->session_negotiate->id_len = 0;
3272 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) argument
3276 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
3279 MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
3281 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
3285 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
3286 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
3288 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
3296 if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
3297 ssl->handshake->new_session_ticket != 0 )
3299 ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
3303 switch( ssl->state )
3306 ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
3313 ret = ssl_write_client_hello( ssl );
3324 ret = ssl_parse_server_hello( ssl );
3328 ret = mbedtls_ssl_parse_certificate( ssl );
3332 ret = ssl_parse_server_key_exchange( ssl );
3336 ret = ssl_parse_certificate_request( ssl );
3340 ret = ssl_parse_server_hello_done( ssl );
3351 ret = mbedtls_ssl_write_certificate( ssl );
3355 ret = ssl_write_client_key_exchange( ssl );
3359 ret = ssl_write_certificate_verify( ssl );
3363 ret = mbedtls_ssl_write_change_cipher_spec( ssl );
3367 ret = mbedtls_ssl_write_finished( ssl );
3377 ret = ssl_parse_new_session_ticket( ssl );
3382 ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
3386 ret = mbedtls_ssl_parse_finished( ssl );
3391 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
3395 mbedtls_ssl_handshake_wrapup( ssl );
3399 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );