Lines Matching refs:ssl
60 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_client_transport_id() argument
64 if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_set_client_transport_id()
67 mbedtls_free( ssl->cli_id ); in mbedtls_ssl_set_client_transport_id()
69 if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL ) in mbedtls_ssl_set_client_transport_id()
72 memcpy( ssl->cli_id, info, ilen ); in mbedtls_ssl_set_client_transport_id()
73 ssl->cli_id_len = ilen; in mbedtls_ssl_set_client_transport_id()
90 static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, in ssl_parse_servername_ext() argument
119 ret = ssl->conf->f_sni( ssl->conf->p_sni, in ssl_parse_servername_ext()
120 ssl, p + 3, hostname_len ); in ssl_parse_servername_ext()
124 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_servername_ext()
145 static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, in ssl_parse_renegotiation_info() argument
152 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_parse_renegotiation_info()
155 if( len != 1 + ssl->verify_data_len || in ssl_parse_renegotiation_info()
156 buf[0] != ssl->verify_data_len || in ssl_parse_renegotiation_info()
157 mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data, in ssl_parse_renegotiation_info()
158 ssl->verify_data_len ) != 0 ) in ssl_parse_renegotiation_info()
162 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) in ssl_parse_renegotiation_info()
175 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) in ssl_parse_renegotiation_info()
181 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_renegotiation_info()
189 static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, in ssl_parse_signature_algorithms_ext() argument
213 for( md_cur = ssl->conf->sig_hashes; *md_cur != MBEDTLS_MD_NONE; md_cur++ ) { in ssl_parse_signature_algorithms_ext()
216 ssl->handshake->sig_alg = p[0]; in ssl_parse_signature_algorithms_ext()
228 ssl->handshake->sig_alg ) ); in ssl_parse_signature_algorithms_ext()
237 static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, in ssl_parse_supported_elliptic_curves() argument
254 if( ssl->handshake->curves != NULL ) in ssl_parse_supported_elliptic_curves()
269 ssl->handshake->curves = curves; in ssl_parse_supported_elliptic_curves()
289 static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, in ssl_parse_supported_point_formats() argument
310 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
313 ssl->handshake->ecjpake_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
329 static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, in ssl_parse_ecjpake_kkpp() argument
335 if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) in ssl_parse_ecjpake_kkpp()
341 if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
349 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; in ssl_parse_ecjpake_kkpp()
356 static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, in ssl_parse_max_fragment_length_ext() argument
366 ssl->session_negotiate->mfl_code = buf[0]; in ssl_parse_max_fragment_length_ext()
373 static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, in ssl_parse_truncated_hmac_ext() argument
385 if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) in ssl_parse_truncated_hmac_ext()
386 ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; in ssl_parse_truncated_hmac_ext()
393 static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, in ssl_parse_encrypt_then_mac_ext() argument
405 if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && in ssl_parse_encrypt_then_mac_ext()
406 ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_parse_encrypt_then_mac_ext()
408 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in ssl_parse_encrypt_then_mac_ext()
416 static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, in ssl_parse_extended_ms_ext() argument
428 if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && in ssl_parse_extended_ms_ext()
429 ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_parse_extended_ms_ext()
431 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in ssl_parse_extended_ms_ext()
439 static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, in ssl_parse_session_ticket_ext() argument
448 if( ssl->conf->f_ticket_parse == NULL || in ssl_parse_session_ticket_ext()
449 ssl->conf->f_ticket_write == NULL ) in ssl_parse_session_ticket_ext()
455 ssl->handshake->new_session_ticket = 1; in ssl_parse_session_ticket_ext()
463 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_parse_session_ticket_ext()
473 if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session, in ssl_parse_session_ticket_ext()
492 session.id_len = ssl->session_negotiate->id_len; in ssl_parse_session_ticket_ext()
493 memcpy( &session.id, ssl->session_negotiate->id, session.id_len ); in ssl_parse_session_ticket_ext()
495 mbedtls_ssl_session_free( ssl->session_negotiate ); in ssl_parse_session_ticket_ext()
496 memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); in ssl_parse_session_ticket_ext()
503 ssl->handshake->resume = 1; in ssl_parse_session_ticket_ext()
506 ssl->handshake->new_session_ticket = 0; in ssl_parse_session_ticket_ext()
513 static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, in ssl_parse_alpn_ext() argument
521 if( ssl->conf->alpn_list == NULL ) in ssl_parse_alpn_ext()
545 for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ ) in ssl_parse_alpn_ext()
563 ssl->alpn_chosen = *ours; in ssl_parse_alpn_ext()
570 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
606 static int ssl_pick_cert( mbedtls_ssl_context *ssl, in ssl_pick_cert() argument
614 if( ssl->handshake->sni_key_cert != NULL ) in ssl_pick_cert()
615 list = ssl->handshake->sni_key_cert; in ssl_pick_cert()
618 list = ssl->conf->key_cert; in ssl_pick_cert()
660 ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 ) in ssl_pick_cert()
672 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && in ssl_pick_cert()
694 ssl->handshake->key_cert = cur; in ssl_pick_cert()
696 ssl->handshake->key_cert->cert ); in ssl_pick_cert()
708 static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, in ssl_ciphersuite_match() argument
722 if( suite_info->min_minor_ver > ssl->minor_ver || in ssl_ciphersuite_match()
723 suite_info->max_minor_ver < ssl->minor_ver ) in ssl_ciphersuite_match()
730 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_ciphersuite_match()
736 if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && in ssl_ciphersuite_match()
746 ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 ) in ssl_ciphersuite_match()
757 ( ssl->handshake->curves == NULL || in ssl_ciphersuite_match()
758 ssl->handshake->curves[0] == NULL ) ) in ssl_ciphersuite_match()
770 ssl->conf->f_psk == NULL && in ssl_ciphersuite_match()
771 ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL || in ssl_ciphersuite_match()
772 ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) ) in ssl_ciphersuite_match()
787 if( ssl_pick_cert( ssl, suite_info ) != 0 ) in ssl_ciphersuite_match()
800 static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) argument
813 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
817 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
824 buf = ssl->in_hdr;
860 ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
861 ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
862 ? buf[4] : ssl->conf->max_minor_ver;
864 if( ssl->minor_ver < ssl->conf->min_minor_ver )
868 ssl->major_ver, ssl->minor_ver,
869 ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
871 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
876 ssl->handshake->max_major_ver = buf[3];
877 ssl->handshake->max_minor_ver = buf[4];
879 if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
885 ssl->handshake->update_checksum( ssl, buf + 2, n );
887 buf = ssl->in_msg;
888 n = ssl->in_left - 5;
942 ssl->session_negotiate->id_len = sess_len;
943 memset( ssl->session_negotiate->id, 0,
944 sizeof( ssl->session_negotiate->id ) );
945 memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
948 memset( ssl->handshake->randbytes, 0, 64 );
949 memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
960 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
965 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
971 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
985 if( ssl->minor_ver < ssl->conf->max_minor_ver )
989 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1001 ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
1020 if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
1044 ssl->session_negotiate->ciphersuite = ciphersuites[i];
1045 ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
1050 if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1051 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
1055 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
1061 ssl->in_left = 0;
1062 ssl->state++;
1070 static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) argument
1099 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
1102 if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
1109 buf = ssl->in_hdr;
1113 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
1116 return ssl_parse_client_hello_v2( ssl );
1119 MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
1140 ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
1145 mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
1160 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
1162 && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
1167 if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
1173 memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 );
1176 if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
1179 ssl->next_record_offset = 0;
1180 ssl->in_left = 0;
1185 mbedtls_ssl_dtls_replay_update( ssl );
1190 msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
1193 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
1196 msg_len = ssl->in_hslen;
1207 if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
1215 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1216 ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
1219 ssl->in_left = 0;
1222 buf = ssl->in_msg;
1226 ssl->handshake->update_checksum( ssl, buf, msg_len );
1236 if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) )
1255 msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
1262 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1269 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
1272 unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
1273 ssl->in_msg[5];
1275 if( cli_msg_seq != ssl->handshake->in_msg_seq )
1279 ssl->handshake->in_msg_seq ) );
1283 ssl->handshake->in_msg_seq++;
1288 unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
1289 ssl->in_msg[5];
1290 ssl->handshake->out_msg_seq = cli_msg_seq;
1291 ssl->handshake->in_msg_seq = cli_msg_seq + 1;
1298 if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
1299 memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
1307 buf += mbedtls_ssl_hs_hdr_len( ssl );
1308 msg_len -= mbedtls_ssl_hs_hdr_len( ssl );
1342 mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
1343 ssl->conf->transport, buf );
1345 ssl->handshake->max_major_ver = ssl->major_ver;
1346 ssl->handshake->max_minor_ver = ssl->minor_ver;
1348 if( ssl->major_ver < ssl->conf->min_major_ver ||
1349 ssl->minor_ver < ssl->conf->min_minor_ver )
1353 ssl->major_ver, ssl->minor_ver,
1354 ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
1356 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1362 if( ssl->major_ver > ssl->conf->max_major_ver )
1364 ssl->major_ver = ssl->conf->max_major_ver;
1365 ssl->minor_ver = ssl->conf->max_minor_ver;
1367 else if( ssl->minor_ver > ssl->conf->max_minor_ver )
1368 ssl->minor_ver = ssl->conf->max_minor_ver;
1375 memcpy( ssl->handshake->randbytes, buf + 2, 32 );
1382 if( sess_len > sizeof( ssl->session_negotiate->id ) ||
1391 ssl->session_negotiate->id_len = sess_len;
1392 memset( ssl->session_negotiate->id, 0,
1393 sizeof( ssl->session_negotiate->id ) );
1394 memcpy( ssl->session_negotiate->id, buf + 35,
1395 ssl->session_negotiate->id_len );
1401 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1416 if( ssl->conf->f_cookie_check != NULL
1418 && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
1422 if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
1424 ssl->cli_id, ssl->cli_id_len ) != 0 )
1427 ssl->handshake->verify_cookie_len = 1;
1432 ssl->handshake->verify_cookie_len = 0;
1489 ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
1495 ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_DEFLATE;
1503 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1504 ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
1509 if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
1557 if( ssl->conf->f_sni == NULL )
1560 ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
1572 ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
1582 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
1586 ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
1598 ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
1605 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
1607 ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
1618 ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
1628 ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
1638 ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
1648 ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
1658 ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
1668 ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
1678 ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
1710 if( ssl->minor_ver < ssl->conf->max_minor_ver )
1714 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1734 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
1738 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
1744 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
1752 if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
1753 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
1759 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1760 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
1766 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1767 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1768 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
1773 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1774 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1784 if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
1796 ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
1814 if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
1827 mbedtls_ssl_send_fatal_handshake_failure( ssl );
1833 mbedtls_ssl_send_fatal_handshake_failure( ssl );
1840 ssl->session_negotiate->ciphersuite = ciphersuites[i];
1841 ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
1843 ssl->state++;
1846 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1847 mbedtls_ssl_recv_flight_completed( ssl );
1856 static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, argument
1862 if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
1881 static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, argument
1889 if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
1890 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
1903 ssl->session_negotiate->ciphersuite ) ) == NULL ||
1924 static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, argument
1930 if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
1931 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
1951 static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, argument
1957 if( ssl->handshake->new_session_ticket == 0 )
1975 static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, argument
1981 if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION )
1993 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
1996 *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
1997 *p++ = ssl->verify_data_len * 2 & 0xFF;
1999 memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
2000 p += ssl->verify_data_len;
2001 memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
2002 p += ssl->verify_data_len;
2016 static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, argument
2022 if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
2036 *p++ = ssl->session_negotiate->mfl_code;
2044 static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, argument
2049 ((void) ssl);
2051 if( ( ssl->handshake->cli_exts &
2074 static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, argument
2080 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
2086 if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
2101 ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
2103 ssl->conf->f_rng, ssl->conf->p_rng );
2118 static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, argument
2121 if( ssl->alpn_chosen == NULL )
2139 *olen = 7 + strlen( ssl->alpn_chosen );
2149 memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
2154 static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) argument
2157 unsigned char *p = ssl->out_msg + 4;
2171 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
2172 ssl->conf->transport, p );
2177 if( ssl->conf->f_cookie_write == NULL )
2186 if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
2187 &p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
2188 ssl->cli_id, ssl->cli_id_len ) ) != 0 )
2198 ssl->out_msglen = p - ssl->out_msg;
2199 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
2200 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
2202 ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
2204 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
2216 static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) argument
2228 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
2229 ssl->handshake->verify_cookie_len != 0 )
2234 return( ssl_write_hello_verify_request( ssl ) );
2238 if( ssl->conf->f_rng == NULL )
2251 buf = ssl->out_msg;
2254 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
2255 ssl->conf->transport, p );
2270 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
2276 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
2281 memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
2290 if( ssl->handshake->resume == 0 &&
2292 ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
2294 ssl->session_negotiate->id_len != 0 &&
2295 ssl->conf->f_get_cache != NULL &&
2296 ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
2299 ssl->handshake->resume = 1;
2302 if( ssl->handshake->resume == 0 )
2308 ssl->state++;
2311 ssl->session_negotiate->start = mbedtls_time( NULL );
2315 if( ssl->handshake->new_session_ticket != 0 )
2317 ssl->session_negotiate->id_len = n = 0;
2318 memset( ssl->session_negotiate->id, 0, 32 );
2323 ssl->session_negotiate->id_len = n = 32;
2324 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
2334 n = ssl->session_negotiate->id_len;
2335 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
2337 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
2352 *p++ = (unsigned char) ssl->session_negotiate->id_len;
2353 memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
2354 p += ssl->session_negotiate->id_len;
2359 ssl->handshake->resume ? "a" : "no" ) );
2361 *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
2362 *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
2363 *p++ = (unsigned char)( ssl->session_negotiate->compression );
2366 mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
2368 ssl->session_negotiate->compression ) );
2372 if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
2379 ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
2383 ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
2388 ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
2393 ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
2398 ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
2403 ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
2409 ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
2414 ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
2419 ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
2436 ssl->out_msglen = p - buf;
2437 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
2438 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
2440 ret = mbedtls_ssl_write_record( ssl );
2453 static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) argument
2455 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2466 ssl->state++;
2474 static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) argument
2477 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
2481 const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
2487 ssl->state++;
2490 if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
2491 authmode = ssl->handshake->sni_authmode;
2494 authmode = ssl->conf->authmode;
2519 buf = ssl->out_msg;
2555 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
2562 for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
2566 if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
2592 if( ssl->handshake->sni_ca_chain != NULL )
2593 crt = ssl->handshake->sni_ca_chain;
2596 crt = ssl->conf->ca_chain;
2622 ssl->out_msglen = p - buf;
2623 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
2624 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
2625 ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
2626 ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
2628 ret = mbedtls_ssl_write_record( ssl );
2643 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) argument
2647 if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
2653 if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx,
2654 mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ),
2666 static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) argument
2671 ssl->transform_negotiate->ciphersuite_info;
2679 unsigned char *p = ssl->out_msg + 4;
2697 ssl->state++;
2707 ssl_get_ecdh_params_from_cert( ssl );
2710 ssl->state++;
2719 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
2721 ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
2722 p, end - p, &jlen, ssl->conf->f_rng, ssl->conf->p_rng );
2754 if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
2769 if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 ||
2770 ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 )
2776 if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx,
2777 (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
2778 p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
2790 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
2791 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
2792 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
2793 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
2815 for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
2816 for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
2829 if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp,
2836 if( ( ret = mbedtls_ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
2838 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
2850 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
2870 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
2872 md_alg = mbedtls_ssl_md_alg_from_hash( ssl->handshake->sig_alg );
2922 mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 );
2927 mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 );
2965 mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 );
2984 if( mbedtls_ssl_own_key( ssl ) == NULL )
2991 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
2993 *(p++) = ssl->handshake->sig_alg;
2994 *(p++) = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
3000 if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen,
3002 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
3020 ssl->out_msglen = 4 + n;
3021 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
3022 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE;
3024 ssl->state++;
3026 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
3037 static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) argument
3043 ssl->out_msglen = 4;
3044 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
3045 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE;
3047 ssl->state++;
3050 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
3051 mbedtls_ssl_send_flight_completed( ssl );
3054 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
3067 static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, argument
3091 if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 )
3099 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
3108 static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, argument
3114 size_t len = mbedtls_pk_get_len( mbedtls_ssl_own_key( ssl ) );
3115 unsigned char *pms = ssl->handshake->premaster + pms_offset;
3122 if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
3133 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
3150 mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
3151 ssl->handshake->max_minor_ver,
3152 ssl->conf->transport, ver );
3161 ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
3165 ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
3168 ssl->conf->f_rng, ssl->conf->p_rng );
3180 if( sizeof( ssl->handshake->premaster ) < pms_offset ||
3181 sizeof( ssl->handshake->premaster ) - pms_offset < 48 )
3186 ssl->handshake->pmslen = 48;
3200 for( i = 0; i < ssl->handshake->pmslen; i++ )
3209 static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, argument
3215 if( ssl->conf->f_psk == NULL &&
3216 ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
3217 ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
3241 if( ssl->conf->f_psk != NULL )
3243 if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
3250 if( n != ssl->conf->psk_identity_len ||
3251 mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
3260 if( ( ret = mbedtls_ssl_send_alert_message( ssl,
3276 static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) argument
3282 ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
3286 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
3292 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
3293 end = ssl->in_msg + ssl->in_hslen;
3295 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
3301 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE )
3310 if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
3322 if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
3323 ssl->handshake->premaster,
3325 &ssl->handshake->pmslen,
3326 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
3332 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
3345 if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
3352 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
3354 if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
3355 &ssl->handshake->pmslen,
3356 ssl->handshake->premaster,
3358 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
3364 MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z );
3374 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
3386 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
3398 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
3404 if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
3410 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
3422 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
3427 if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
3439 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
3451 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
3457 if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
3464 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
3466 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
3478 if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 )
3489 ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
3497 ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
3498 ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
3499 ssl->conf->f_rng, ssl->conf->p_rng );
3513 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
3519 ssl->state++;
3532 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) argument
3534 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
3545 ssl->state++;
3553 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) argument
3564 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
3573 ssl->session_negotiate->peer_cert == NULL )
3576 ssl->state++;
3583 if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
3589 ret = mbedtls_ssl_handle_message_type( ssl );
3599 ssl->state++;
3602 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
3603 ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
3609 i = mbedtls_ssl_hs_hdr_len( ssl );
3619 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
3625 if( mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
3637 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
3639 if( i + 2 > ssl->in_hslen )
3648 md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
3650 if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
3670 if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
3681 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
3696 if( i + 2 > ssl->in_hslen )
3702 sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1];
3705 if( i + sig_len != ssl->in_hslen )
3712 ssl->handshake->calc_verify( ssl, hash );
3714 if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
3716 ssl->in_msg + i, sig_len ) ) != 0 )
3722 mbedtls_ssl_update_handshake_status( ssl );
3736 static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) argument
3744 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
3745 ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET;
3758 if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
3759 ssl->session_negotiate,
3760 ssl->out_msg + 10,
3761 ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN,
3768 ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF;
3769 ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
3770 ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF;
3771 ssl->out_msg[7] = ( lifetime ) & 0xFF;
3773 ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
3774 ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF );
3776 ssl->out_msglen = 10 + tlen;
3782 ssl->handshake->new_session_ticket = 0;
3784 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
3799 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) argument
3803 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
3806 MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
3808 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
3812 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
3813 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
3815 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
3820 switch( ssl->state )
3823 ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
3830 ret = ssl_parse_client_hello( ssl );
3846 ret = ssl_write_server_hello( ssl );
3850 ret = mbedtls_ssl_write_certificate( ssl );
3854 ret = ssl_write_server_key_exchange( ssl );
3858 ret = ssl_write_certificate_request( ssl );
3862 ret = ssl_write_server_hello_done( ssl );
3873 ret = mbedtls_ssl_parse_certificate( ssl );
3877 ret = ssl_parse_client_key_exchange( ssl );
3881 ret = ssl_parse_certificate_verify( ssl );
3885 ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
3889 ret = mbedtls_ssl_parse_finished( ssl );
3899 if( ssl->handshake->new_session_ticket != 0 )
3900 ret = ssl_write_new_session_ticket( ssl );
3903 ret = mbedtls_ssl_write_change_cipher_spec( ssl );
3907 ret = mbedtls_ssl_write_finished( ssl );
3912 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
3916 mbedtls_ssl_handshake_wrapup( ssl );
3920 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );