Lines Matching refs:ssl
51 static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, in ssl_write_renegotiation_ext() argument
63 if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_write_renegotiation_ext()
70 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len); in ssl_write_renegotiation_ext()
79 *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1); in ssl_write_renegotiation_ext()
80 *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len); in ssl_write_renegotiation_ext()
82 memcpy(p, ssl->own_verify_data, ssl->verify_data_len); in ssl_write_renegotiation_ext()
84 *olen = 5 + ssl->verify_data_len; in ssl_write_renegotiation_ext()
95 static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, in ssl_write_supported_point_formats_ext() argument
101 (void) ssl; /* ssl used for debugging only */ in ssl_write_supported_point_formats_ext()
128 static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, in ssl_write_ecjpake_kkpp_ext() argument
141 if (ssl->handshake->psa_pake_ctx_is_ok != 1) { in ssl_write_ecjpake_kkpp_ext()
145 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { in ssl_write_ecjpake_kkpp_ext()
163 if (ssl->handshake->ecjpake_cache == NULL || in ssl_write_ecjpake_kkpp_ext()
164 ssl->handshake->ecjpake_cache_len == 0) { in ssl_write_ecjpake_kkpp_ext()
168 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_ecjpake_kkpp_ext()
172 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_ecjpake_kkpp_ext()
173 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_ecjpake_kkpp_ext()
178 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
180 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_ecjpake_kkpp_ext()
188 ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
189 if (ssl->handshake->ecjpake_cache == NULL) { in ssl_write_ecjpake_kkpp_ext()
194 memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
195 ssl->handshake->ecjpake_cache_len = kkpp_len; in ssl_write_ecjpake_kkpp_ext()
199 kkpp_len = ssl->handshake->ecjpake_cache_len; in ssl_write_ecjpake_kkpp_ext()
202 memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
216 static int ssl_write_cid_ext(mbedtls_ssl_context *ssl, in ssl_write_cid_ext() argument
231 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_write_cid_ext()
232 ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in ssl_write_cid_ext()
239 MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5)); in ssl_write_cid_ext()
244 ext_len = (size_t) ssl->own_cid_len + 1; in ssl_write_cid_ext()
248 *p++ = (uint8_t) ssl->own_cid_len; in ssl_write_cid_ext()
249 memcpy(p, ssl->own_cid, ssl->own_cid_len); in ssl_write_cid_ext()
251 *olen = ssl->own_cid_len + 5; in ssl_write_cid_ext()
259 static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, in ssl_write_max_fragment_length_ext() argument
268 if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { in ssl_write_max_fragment_length_ext()
283 *p++ = ssl->conf->mfl_code; in ssl_write_max_fragment_length_ext()
293 static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, in ssl_write_encrypt_then_mac_ext() argument
302 if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { in ssl_write_encrypt_then_mac_ext()
325 static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, in ssl_write_extended_ms_ext() argument
334 if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { in ssl_write_extended_ms_ext()
357 static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, in ssl_write_session_ticket_ext() argument
363 size_t tlen = ssl->session_negotiate->ticket_len; in ssl_write_session_ticket_ext()
367 if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) { in ssl_write_session_ticket_ext()
385 if (ssl->session_negotiate->ticket == NULL || tlen == 0) { in ssl_write_session_ticket_ext()
392 memcpy(p, ssl->session_negotiate->ticket, tlen); in ssl_write_session_ticket_ext()
402 static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, in ssl_write_use_srtp_ext() argument
413 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_write_use_srtp_ext()
414 (ssl->conf->dtls_srtp_profile_list == NULL) || in ssl_write_use_srtp_ext()
415 (ssl->conf->dtls_srtp_profile_list_len == 0)) { in ssl_write_use_srtp_ext()
428 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { in ssl_write_use_srtp_ext()
429 mki_len = ssl->dtls_srtp_info.mki_len; in ssl_write_use_srtp_ext()
435 ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len; in ssl_write_use_srtp_ext()
460 *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len); in ssl_write_use_srtp_ext()
463 protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; in ssl_write_use_srtp_ext()
466 (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]); in ssl_write_use_srtp_ext()
480 ssl->conf->dtls_srtp_profile_list[protection_profiles_index] in ssl_write_use_srtp_ext()
489 memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len); in ssl_write_use_srtp_ext()
494 MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value, in ssl_write_use_srtp_ext()
495 ssl->dtls_srtp_info.mki_len); in ssl_write_use_srtp_ext()
512 int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls12_write_client_hello_exts() argument
522 (void) ssl; in mbedtls_ssl_tls12_write_client_hello_exts()
533 if ((ret = ssl_write_renegotiation_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
544 if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, in mbedtls_ssl_tls12_write_client_hello_exts()
554 if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
562 if ((ret = ssl_write_cid_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
570 if ((ret = ssl_write_max_fragment_length_ext(ssl, p, end, in mbedtls_ssl_tls12_write_client_hello_exts()
579 if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
587 if ((ret = ssl_write_extended_ms_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
595 if ((ret = ssl_write_use_srtp_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
603 if ((ret = ssl_write_session_ticket_ext(ssl, p, end, &ext_len)) != 0) { in mbedtls_ssl_tls12_write_client_hello_exts()
616 static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, in ssl_parse_renegotiation_info() argument
621 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_renegotiation_info()
623 if (len != 1 + ssl->verify_data_len * 2 || in ssl_parse_renegotiation_info()
624 buf[0] != ssl->verify_data_len * 2 || in ssl_parse_renegotiation_info()
626 ssl->own_verify_data, ssl->verify_data_len) != 0 || in ssl_parse_renegotiation_info()
627 mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len, in ssl_parse_renegotiation_info()
628 ssl->peer_verify_data, ssl->verify_data_len) != 0) { in ssl_parse_renegotiation_info()
631 ssl, in ssl_parse_renegotiation_info()
643 ssl, in ssl_parse_renegotiation_info()
649 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_renegotiation_info()
657 static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, in ssl_parse_max_fragment_length_ext() argument
665 if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || in ssl_parse_max_fragment_length_ext()
667 buf[0] != ssl->conf->mfl_code) { in ssl_parse_max_fragment_length_ext()
671 ssl, in ssl_parse_max_fragment_length_ext()
683 static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, in ssl_parse_cid_ext() argument
690 ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_parse_cid_ext()
692 ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in ssl_parse_cid_ext()
694 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
701 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
711 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
718 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
723 ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; in ssl_parse_cid_ext()
724 ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; in ssl_parse_cid_ext()
725 memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); in ssl_parse_cid_ext()
736 static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, in ssl_parse_encrypt_then_mac_ext() argument
740 if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || in ssl_parse_encrypt_then_mac_ext()
745 ssl, in ssl_parse_encrypt_then_mac_ext()
753 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in ssl_parse_encrypt_then_mac_ext()
761 static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, in ssl_parse_extended_ms_ext() argument
765 if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || in ssl_parse_extended_ms_ext()
770 ssl, in ssl_parse_extended_ms_ext()
778 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in ssl_parse_extended_ms_ext()
786 static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, in ssl_parse_session_ticket_ext() argument
790 if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || in ssl_parse_session_ticket_ext()
795 ssl, in ssl_parse_session_ticket_ext()
803 ssl->handshake->new_session_ticket = 1; in ssl_parse_session_ticket_ext()
813 static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, in ssl_parse_supported_point_formats_ext() argument
822 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats_ext()
834 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats_ext()
838 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, in ssl_parse_supported_point_formats_ext()
850 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats_ext()
860 static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, in ssl_parse_ecjpake_kkpp() argument
866 if (ssl->handshake->ciphersuite_info->key_exchange != in ssl_parse_ecjpake_kkpp()
873 mbedtls_free(ssl->handshake->ecjpake_cache); in ssl_parse_ecjpake_kkpp()
874 ssl->handshake->ecjpake_cache = NULL; in ssl_parse_ecjpake_kkpp()
875 ssl->handshake->ecjpake_cache_len = 0; in ssl_parse_ecjpake_kkpp()
879 &ssl->handshake->psa_pake_ctx, buf, len, in ssl_parse_ecjpake_kkpp()
881 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_ecjpake_kkpp()
882 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_ecjpake_kkpp()
886 ssl, in ssl_parse_ecjpake_kkpp()
894 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
898 ssl, in ssl_parse_ecjpake_kkpp()
911 static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, in ssl_parse_alpn_ext() argument
918 if (ssl->conf->alpn_list == NULL) { in ssl_parse_alpn_ext()
921 ssl, in ssl_parse_alpn_ext()
939 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
946 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
953 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
959 for (p = ssl->conf->alpn_list; *p != NULL; p++) { in ssl_parse_alpn_ext()
962 ssl->alpn_chosen = *p; in ssl_parse_alpn_ext()
968 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
976 static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, in ssl_parse_use_srtp_ext() argument
985 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_parse_use_srtp_ext()
986 (ssl->conf->dtls_srtp_profile_list == NULL) || in ssl_parse_use_srtp_ext()
987 (ssl->conf->dtls_srtp_profile_list_len == 0)) { in ssl_parse_use_srtp_ext()
1002 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { in ssl_parse_use_srtp_ext()
1003 mki_len = ssl->dtls_srtp_info.mki_len; in ssl_parse_use_srtp_ext()
1037 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; in ssl_parse_use_srtp_ext()
1042 for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { in ssl_parse_use_srtp_ext()
1043 if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { in ssl_parse_use_srtp_ext()
1044 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; in ssl_parse_use_srtp_ext()
1053 if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { in ssl_parse_use_srtp_ext()
1054 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
1062 ssl->dtls_srtp_info.mki_len = 0; in ssl_parse_use_srtp_ext()
1072 (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) { in ssl_parse_use_srtp_ext()
1073 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
1079 MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value, in ssl_parse_use_srtp_ext()
1080 ssl->dtls_srtp_info.mki_len); in ssl_parse_use_srtp_ext()
1092 static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) in ssl_parse_hello_verify_request() argument
1095 const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_hello_verify_request()
1110 if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) { in ssl_parse_hello_verify_request()
1113 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1136 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1143 if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) { in ssl_parse_hello_verify_request()
1146 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1152 mbedtls_free(ssl->handshake->cookie); in ssl_parse_hello_verify_request()
1154 ssl->handshake->cookie = mbedtls_calloc(1, cookie_len); in ssl_parse_hello_verify_request()
1155 if (ssl->handshake->cookie == NULL) { in ssl_parse_hello_verify_request()
1160 memcpy(ssl->handshake->cookie, p, cookie_len); in ssl_parse_hello_verify_request()
1161 ssl->handshake->cookie_len = cookie_len; in ssl_parse_hello_verify_request()
1164 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in ssl_parse_hello_verify_request()
1165 ret = mbedtls_ssl_reset_checksum(ssl); in ssl_parse_hello_verify_request()
1171 mbedtls_ssl_recv_flight_completed(ssl); in ssl_parse_hello_verify_request()
1180 static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) in ssl_parse_server_hello() argument
1195 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_server_hello()
1201 buf = ssl->in_msg; in ssl_parse_server_hello()
1203 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_server_hello()
1205 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_server_hello()
1206 ssl->renego_records_seen++; in ssl_parse_server_hello()
1208 if (ssl->conf->renego_max_records >= 0 && in ssl_parse_server_hello()
1209 ssl->renego_records_seen > ssl->conf->renego_max_records) { in ssl_parse_server_hello()
1218 ssl->keep_current_message = 1; in ssl_parse_server_hello()
1225 ssl, in ssl_parse_server_hello()
1232 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_server_hello()
1236 return ssl_parse_hello_verify_request(ssl); in ssl_parse_server_hello()
1239 mbedtls_free(ssl->handshake->cookie); in ssl_parse_server_hello()
1240 ssl->handshake->cookie = NULL; in ssl_parse_server_hello()
1241 ssl->handshake->cookie_len = 0; in ssl_parse_server_hello()
1246 if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) || in ssl_parse_server_hello()
1249 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1265 buf += mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_server_hello()
1268 ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, in ssl_parse_server_hello()
1269 … ssl->conf->transport); in ssl_parse_server_hello()
1270 ssl->session_negotiate->tls_version = ssl->tls_version; in ssl_parse_server_hello()
1271 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_parse_server_hello()
1273 if (ssl->tls_version < ssl->conf->min_tls_version || in ssl_parse_server_hello()
1274 ssl->tls_version > ssl->conf->max_tls_version) { in ssl_parse_server_hello()
1278 (unsigned) ssl->conf->min_tls_version, in ssl_parse_server_hello()
1279 (unsigned) ssl->tls_version, in ssl_parse_server_hello()
1280 (unsigned) ssl->conf->max_tls_version)); in ssl_parse_server_hello()
1282 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1294 memcpy(ssl->handshake->randbytes + 32, buf + 2, 32); in ssl_parse_server_hello()
1302 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1307 if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { in ssl_parse_server_hello()
1311 ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { in ssl_parse_server_hello()
1314 ssl, in ssl_parse_server_hello()
1319 } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) { in ssl_parse_server_hello()
1323 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1340 ssl, in ssl_parse_server_hello()
1349 ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i); in ssl_parse_server_hello()
1350 if (ssl->handshake->ciphersuite_info == NULL) { in ssl_parse_server_hello()
1353 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1358 mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info); in ssl_parse_server_hello()
1366 if (ssl->handshake->resume == 0 || n == 0 || in ssl_parse_server_hello()
1368 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_parse_server_hello()
1370 ssl->session_negotiate->ciphersuite != i || in ssl_parse_server_hello()
1371 ssl->session_negotiate->id_len != n || in ssl_parse_server_hello()
1372 memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { in ssl_parse_server_hello()
1373 ssl->state++; in ssl_parse_server_hello()
1374 ssl->handshake->resume = 0; in ssl_parse_server_hello()
1376 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_parse_server_hello()
1378 ssl->session_negotiate->ciphersuite = i; in ssl_parse_server_hello()
1379 ssl->session_negotiate->id_len = n; in ssl_parse_server_hello()
1380 memcpy(ssl->session_negotiate->id, buf + 35, n); in ssl_parse_server_hello()
1382 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_parse_server_hello()
1386 ssl->handshake->resume ? "a" : "no")); in ssl_parse_server_hello()
1397 if (ssl->conf->ciphersuite_list[i] == 0) { in ssl_parse_server_hello()
1400 ssl, in ssl_parse_server_hello()
1406 if (ssl->conf->ciphersuite_list[i++] == in ssl_parse_server_hello()
1407 ssl->session_negotiate->ciphersuite) { in ssl_parse_server_hello()
1413 ssl->session_negotiate->ciphersuite); in ssl_parse_server_hello()
1414 if (mbedtls_ssl_validate_ciphersuite(ssl, suite_info, ssl->tls_version, in ssl_parse_server_hello()
1415 ssl->tls_version) != 0) { in ssl_parse_server_hello()
1418 ssl, in ssl_parse_server_hello()
1429 ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_parse_server_hello()
1430 ssl->handshake->ecrs_enabled = 1; in ssl_parse_server_hello()
1437 ssl, in ssl_parse_server_hello()
1456 ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1468 if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4, in ssl_parse_server_hello()
1480 if ((ret = ssl_parse_max_fragment_length_ext(ssl, in ssl_parse_server_hello()
1492 if ((ret = ssl_parse_cid_ext(ssl, in ssl_parse_server_hello()
1505 if ((ret = ssl_parse_encrypt_then_mac_ext(ssl, in ssl_parse_server_hello()
1518 if ((ret = ssl_parse_extended_ms_ext(ssl, in ssl_parse_server_hello()
1530 if ((ret = ssl_parse_session_ticket_ext(ssl, in ssl_parse_server_hello()
1545 if ((ret = ssl_parse_supported_point_formats_ext(ssl, in ssl_parse_server_hello()
1559 if ((ret = ssl_parse_ecjpake_kkpp(ssl, in ssl_parse_server_hello()
1571 if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) { in ssl_parse_server_hello()
1582 if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) { in ssl_parse_server_hello()
1608 if (ssl->handshake->resume) { in ssl_parse_server_hello()
1609 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_parse_server_hello()
1612 ssl, in ssl_parse_server_hello()
1622 if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1623 ssl->conf->allow_legacy_renegotiation == in ssl_parse_server_hello()
1630 else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1631 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_server_hello()
1636 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1637 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1638 ssl->conf->allow_legacy_renegotiation == in ssl_parse_server_hello()
1642 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1643 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1653 ssl, in ssl_parse_server_hello()
1667 static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, in ssl_parse_server_dh_params() argument
1683 if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx, in ssl_parse_server_dh_params()
1689 dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx); in ssl_parse_server_dh_params()
1690 if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) { in ssl_parse_server_dh_params()
1693 ssl->conf->dhm_min_bitlen)); in ssl_parse_server_dh_params()
1697 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); in ssl_parse_server_dh_params()
1698 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); in ssl_parse_server_dh_params()
1699 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); in ssl_parse_server_dh_params()
1711 static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, in ssl_parse_server_ecdh_params() argument
1717 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_parse_server_ecdh_params()
1746 if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) { in ssl_parse_server_ecdh_params()
1787 static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) in ssl_check_server_ecdh_params() argument
1792 grp_id = ssl->handshake->ecdh_ctx.grp.id; in ssl_check_server_ecdh_params()
1794 grp_id = ssl->handshake->ecdh_ctx.grp_id; in ssl_check_server_ecdh_params()
1806 if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { in ssl_check_server_ecdh_params()
1810 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_check_server_ecdh_params()
1826 static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, in ssl_parse_server_ecdh_params() argument
1840 if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx, in ssl_parse_server_ecdh_params()
1851 if (ssl_check_server_ecdh_params(ssl) != 0) { in ssl_parse_server_ecdh_params()
1865 static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, in ssl_parse_server_psk_hint() argument
1871 ((void) ssl); in ssl_parse_server_psk_hint()
1910 static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, in ssl_write_encrypted_pms() argument
1916 unsigned char *p = ssl->handshake->premaster + pms_offset; in ssl_write_encrypted_pms()
1931 mbedtls_ssl_write_version(p, ssl->conf->transport, in ssl_write_encrypted_pms()
1934 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { in ssl_write_encrypted_pms()
1939 ssl->handshake->pmslen = 48; in ssl_write_encrypted_pms()
1942 peer_pk = &ssl->handshake->peer_pubkey; in ssl_write_encrypted_pms()
1944 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_write_encrypted_pms()
1949 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_write_encrypted_pms()
1961 p, ssl->handshake->pmslen, in ssl_write_encrypted_pms()
1962 ssl->out_msg + offset + len_bytes, olen, in ssl_write_encrypted_pms()
1964 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_encrypted_pms()
1970 MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); in ssl_write_encrypted_pms()
1986 static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) in ssl_get_ecdh_params_from_cert() argument
1992 peer_pk = &ssl->handshake->peer_pubkey; in ssl_get_ecdh_params_from_cert()
1994 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_get_ecdh_params_from_cert()
1999 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_get_ecdh_params_from_cert()
2018 if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { in ssl_get_ecdh_params_from_cert()
2033 &ssl->handshake->xxdh_psa_bits); in ssl_get_ecdh_params_from_cert()
2035 ssl->handshake->xxdh_psa_type = key_type; in ssl_get_ecdh_params_from_cert()
2039 memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); in ssl_get_ecdh_params_from_cert()
2040 ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; in ssl_get_ecdh_params_from_cert()
2046 ssl->handshake->xxdh_psa_peerkey, in ssl_get_ecdh_params_from_cert()
2047 sizeof(ssl->handshake->xxdh_psa_peerkey)); in ssl_get_ecdh_params_from_cert()
2053 ssl->handshake->xxdh_psa_peerkey_len = olen; in ssl_get_ecdh_params_from_cert()
2056 if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, in ssl_get_ecdh_params_from_cert()
2062 if (ssl_check_server_ecdh_params(ssl) != 0) { in ssl_get_ecdh_params_from_cert()
2080 static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) in ssl_parse_server_key_exchange() argument
2084 ssl->handshake->ciphersuite_info; in ssl_parse_server_key_exchange()
2092 ssl->state++; in ssl_parse_server_key_exchange()
2103 if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { in ssl_parse_server_key_exchange()
2106 ssl, in ssl_parse_server_key_exchange()
2113 ssl->state++; in ssl_parse_server_key_exchange()
2122 if (ssl->handshake->ecrs_enabled && in ssl_parse_server_key_exchange()
2123 ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { in ssl_parse_server_key_exchange()
2128 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_server_key_exchange()
2133 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_server_key_exchange()
2136 ssl, in ssl_parse_server_key_exchange()
2146 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { in ssl_parse_server_key_exchange()
2151 ssl->keep_current_message = 1; in ssl_parse_server_key_exchange()
2158 ssl, in ssl_parse_server_key_exchange()
2166 if (ssl->handshake->ecrs_enabled) { in ssl_parse_server_key_exchange()
2167 ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; in ssl_parse_server_key_exchange()
2172 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_server_key_exchange()
2173 end = ssl->in_msg + ssl->in_hslen; in ssl_parse_server_key_exchange()
2181 if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { in ssl_parse_server_key_exchange()
2184 ssl, in ssl_parse_server_key_exchange()
2204 if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { in ssl_parse_server_key_exchange()
2207 ssl, in ssl_parse_server_key_exchange()
2221 if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) { in ssl_parse_server_key_exchange()
2224 ssl, in ssl_parse_server_key_exchange()
2260 &ssl->handshake->psa_pake_ctx, p, end - p, in ssl_parse_server_key_exchange()
2262 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_server_key_exchange()
2263 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_server_key_exchange()
2267 ssl, in ssl_parse_server_key_exchange()
2273 ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, in ssl_parse_server_key_exchange()
2278 ssl, in ssl_parse_server_key_exchange()
2298 unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_server_key_exchange()
2306 peer_pk = &ssl->handshake->peer_pubkey; in ssl_parse_server_key_exchange()
2308 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_parse_server_key_exchange()
2313 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_parse_server_key_exchange()
2323 !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && in ssl_parse_server_key_exchange()
2324 !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { in ssl_parse_server_key_exchange()
2328 ssl, in ssl_parse_server_key_exchange()
2339 ssl, in ssl_parse_server_key_exchange()
2352 ssl, in ssl_parse_server_key_exchange()
2363 ssl, in ssl_parse_server_key_exchange()
2375 ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, in ssl_parse_server_key_exchange()
2394 ssl, in ssl_parse_server_key_exchange()
2401 if (ssl->handshake->ecrs_enabled) { in ssl_parse_server_key_exchange()
2402 rs_ctx = &ssl->handshake->ecrs_ctx.pk; in ssl_parse_server_key_exchange()
2432 ssl, in ssl_parse_server_key_exchange()
2455 ssl->state++; in ssl_parse_server_key_exchange()
2464 static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) in ssl_parse_certificate_request() argument
2467 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_request()
2473 ssl->state++; in ssl_parse_certificate_request()
2482 static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) in ssl_parse_certificate_request() argument
2489 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_request()
2500 ssl->state++; in ssl_parse_certificate_request()
2504 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_certificate_request()
2509 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_certificate_request()
2512 ssl, in ssl_parse_certificate_request()
2518 ssl->state++; in ssl_parse_certificate_request()
2519 ssl->handshake->client_auth = in ssl_parse_certificate_request()
2520 (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); in ssl_parse_certificate_request()
2523 ssl->handshake->client_auth ? "a" : "no")); in ssl_parse_certificate_request()
2525 if (ssl->handshake->client_auth == 0) { in ssl_parse_certificate_request()
2527 ssl->keep_current_message = 1; in ssl_parse_certificate_request()
2555 buf = ssl->in_msg; in ssl_parse_certificate_request()
2558 if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_certificate_request()
2560 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2564 cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)]; in ssl_parse_certificate_request()
2577 if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) { in ssl_parse_certificate_request()
2579 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2585 sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); in ssl_parse_certificate_request()
2599 if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 3 + n + sig_alg_len) { in ssl_parse_certificate_request()
2602 ssl, in ssl_parse_certificate_request()
2609 sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n; in ssl_parse_certificate_request()
2620 dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); in ssl_parse_certificate_request()
2623 if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { in ssl_parse_certificate_request()
2625 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2631 dn = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n - dn_len; in ssl_parse_certificate_request()
2645 ssl, in ssl_parse_certificate_request()
2665 static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) in ssl_parse_server_hello_done() argument
2671 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_server_hello_done()
2676 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_server_hello_done()
2681 if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) || in ssl_parse_server_hello_done()
2682 ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) { in ssl_parse_server_hello_done()
2684 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello_done()
2689 ssl->state++; in ssl_parse_server_hello_done()
2692 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_server_hello_done()
2693 mbedtls_ssl_recv_flight_completed(ssl); in ssl_parse_server_hello_done()
2703 static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) in ssl_write_client_key_exchange() argument
2710 ssl->handshake->ciphersuite_info; in ssl_write_client_key_exchange()
2719 content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); in ssl_write_client_key_exchange()
2721 MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4); in ssl_write_client_key_exchange()
2724 ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
2725 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), in ssl_write_client_key_exchange()
2726 &ssl->out_msg[header_len], content_len, in ssl_write_client_key_exchange()
2727 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
2733 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); in ssl_write_client_key_exchange()
2734 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); in ssl_write_client_key_exchange()
2736 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
2737 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2739 &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
2740 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_client_key_exchange()
2745 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in ssl_write_client_key_exchange()
2761 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_key_exchange()
2794 unsigned char *own_pubkey = ssl->out_msg + header_len + 1; in ssl_write_client_key_exchange()
2795 unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_client_key_exchange()
2808 ssl->out_msg[header_len] = (unsigned char) own_pubkey_len; in ssl_write_client_key_exchange()
2818 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2819 sizeof(ssl->handshake->premaster), in ssl_write_client_key_exchange()
2820 &ssl->handshake->pmslen); in ssl_write_client_key_exchange()
2835 if (ssl->handshake->ecrs_enabled) { in ssl_write_client_key_exchange()
2836 if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) { in ssl_write_client_key_exchange()
2840 mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx); in ssl_write_client_key_exchange()
2844 ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2846 &ssl->out_msg[header_len], 1000, in ssl_write_client_key_exchange()
2847 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
2858 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2862 if (ssl->handshake->ecrs_enabled) { in ssl_write_client_key_exchange()
2863 ssl->handshake->ecrs_n = content_len; in ssl_write_client_key_exchange()
2864 ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; in ssl_write_client_key_exchange()
2868 if (ssl->handshake->ecrs_enabled) { in ssl_write_client_key_exchange()
2869 content_len = ssl->handshake->ecrs_n; in ssl_write_client_key_exchange()
2872 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2873 &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
2874 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2876 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_client_key_exchange()
2886 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2901 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_key_exchange()
2906 if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in ssl_write_client_key_exchange()
2918 if (header_len + content_len_size + ssl->conf->psk_identity_len in ssl_write_client_key_exchange()
2925 unsigned char *p = ssl->out_msg + header_len; in ssl_write_client_key_exchange()
2927 *p++ = MBEDTLS_BYTE_1(ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
2928 *p++ = MBEDTLS_BYTE_0(ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
2931 memcpy(p, ssl->conf->psk_identity, in ssl_write_client_key_exchange()
2932 ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
2933 p += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
2935 header_len += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
2967 unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_client_key_exchange()
2989 unsigned char *pms = ssl->handshake->premaster; in ssl_write_client_key_exchange()
2991 sizeof(ssl->handshake->premaster); in ssl_write_client_key_exchange()
3025 if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in ssl_write_client_key_exchange()
3033 content_len = ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
3041 ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); in ssl_write_client_key_exchange()
3042 ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); in ssl_write_client_key_exchange()
3044 memcpy(ssl->out_msg + header_len, in ssl_write_client_key_exchange()
3045 ssl->conf->psk_identity, in ssl_write_client_key_exchange()
3046 ssl->conf->psk_identity_len); in ssl_write_client_key_exchange()
3047 header_len += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
3056 if ((ret = ssl_write_encrypted_pms(ssl, header_len, in ssl_write_client_key_exchange()
3067 content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); in ssl_write_client_key_exchange()
3076 ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); in ssl_write_client_key_exchange()
3077 ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); in ssl_write_client_key_exchange()
3079 ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
3080 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), in ssl_write_client_key_exchange()
3081 &ssl->out_msg[header_len], content_len, in ssl_write_client_key_exchange()
3082 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3089 unsigned char *pms = ssl->handshake->premaster; in ssl_write_client_key_exchange()
3090 unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); in ssl_write_client_key_exchange()
3094 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
3096 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_write_client_key_exchange()
3103 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in ssl_write_client_key_exchange()
3113 ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
3115 &ssl->out_msg[header_len], in ssl_write_client_key_exchange()
3117 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3123 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
3133 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_write_client_key_exchange()
3146 if ((ret = ssl_write_encrypted_pms(ssl, header_len, in ssl_write_client_key_exchange()
3157 unsigned char *out_p = ssl->out_msg + header_len; in ssl_write_client_key_exchange()
3158 unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - in ssl_write_client_key_exchange()
3160 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_client_key_exchange()
3164 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_client_key_exchange()
3165 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_client_key_exchange()
3170 ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx, in ssl_write_client_key_exchange()
3171 ssl->out_msg + header_len, in ssl_write_client_key_exchange()
3174 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3180 ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, in ssl_write_client_key_exchange()
3181 ssl->handshake->premaster, 32, &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
3182 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_client_key_exchange()
3196 ssl->out_msglen = header_len + content_len; in ssl_write_client_key_exchange()
3197 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_client_key_exchange()
3198 ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; in ssl_write_client_key_exchange()
3200 ssl->state++; in ssl_write_client_key_exchange()
3202 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_client_key_exchange()
3214 static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_write_certificate_verify() argument
3217 ssl->handshake->ciphersuite_info; in ssl_write_certificate_verify()
3222 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_write_certificate_verify()
3229 ssl->state++; in ssl_write_certificate_verify()
3238 static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_write_certificate_verify() argument
3242 ssl->handshake->ciphersuite_info; in ssl_write_certificate_verify()
3250 size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); in ssl_write_certificate_verify()
3252 size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); in ssl_write_certificate_verify()
3258 if (ssl->handshake->ecrs_enabled && in ssl_write_certificate_verify()
3259 ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) { in ssl_write_certificate_verify()
3264 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_write_certificate_verify()
3271 ssl->state++; in ssl_write_certificate_verify()
3275 if (ssl->handshake->client_auth == 0 || in ssl_write_certificate_verify()
3276 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_write_certificate_verify()
3278 ssl->state++; in ssl_write_certificate_verify()
3282 if (mbedtls_ssl_own_key(ssl) == NULL) { in ssl_write_certificate_verify()
3291 if (ssl->handshake->ecrs_enabled) { in ssl_write_certificate_verify()
3292 ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; in ssl_write_certificate_verify()
3298 ret = ssl->handshake->calc_verify(ssl, hash, &hashlen); in ssl_write_certificate_verify()
3320 if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { in ssl_write_certificate_verify()
3322 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; in ssl_write_certificate_verify()
3325 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; in ssl_write_certificate_verify()
3327 ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl)); in ssl_write_certificate_verify()
3334 if (ssl->handshake->ecrs_enabled) { in ssl_write_certificate_verify()
3335 rs_ctx = &ssl->handshake->ecrs_ctx.pk; in ssl_write_certificate_verify()
3339 if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), in ssl_write_certificate_verify()
3341 ssl->out_msg + 6 + offset, in ssl_write_certificate_verify()
3344 ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { in ssl_write_certificate_verify()
3354 MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4); in ssl_write_certificate_verify()
3356 ssl->out_msglen = 6 + n + offset; in ssl_write_certificate_verify()
3357 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_certificate_verify()
3358 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; in ssl_write_certificate_verify()
3360 ssl->state++; in ssl_write_certificate_verify()
3362 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_certificate_verify()
3375 static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_parse_new_session_ticket() argument
3385 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_new_session_ticket()
3390 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_new_session_ticket()
3393 ssl, in ssl_parse_new_session_ticket()
3409 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || in ssl_parse_new_session_ticket()
3410 ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_new_session_ticket()
3412 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3417 msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_new_session_ticket()
3423 if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { in ssl_parse_new_session_ticket()
3425 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3433 ssl->handshake->new_session_ticket = 0; in ssl_parse_new_session_ticket()
3434 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_parse_new_session_ticket()
3444 if (ssl->session != NULL && ssl->session->ticket != NULL) { in ssl_parse_new_session_ticket()
3445 mbedtls_zeroize_and_free(ssl->session->ticket, in ssl_parse_new_session_ticket()
3446 ssl->session->ticket_len); in ssl_parse_new_session_ticket()
3447 ssl->session->ticket = NULL; in ssl_parse_new_session_ticket()
3448 ssl->session->ticket_len = 0; in ssl_parse_new_session_ticket()
3451 mbedtls_zeroize_and_free(ssl->session_negotiate->ticket, in ssl_parse_new_session_ticket()
3452 ssl->session_negotiate->ticket_len); in ssl_parse_new_session_ticket()
3453 ssl->session_negotiate->ticket = NULL; in ssl_parse_new_session_ticket()
3454 ssl->session_negotiate->ticket_len = 0; in ssl_parse_new_session_ticket()
3458 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3465 ssl->session_negotiate->ticket = ticket; in ssl_parse_new_session_ticket()
3466 ssl->session_negotiate->ticket_len = ticket_len; in ssl_parse_new_session_ticket()
3467 ssl->session_negotiate->ticket_lifetime = lifetime; in ssl_parse_new_session_ticket()
3475 ssl->session_negotiate->id_len = 0; in ssl_parse_new_session_ticket()
3486 int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_handshake_client_step() argument
3493 if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && in mbedtls_ssl_handshake_client_step()
3494 ssl->handshake->new_session_ticket != 0) { in mbedtls_ssl_handshake_client_step()
3495 ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; in mbedtls_ssl_handshake_client_step()
3499 switch (ssl->state) { in mbedtls_ssl_handshake_client_step()
3501 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in mbedtls_ssl_handshake_client_step()
3508 ret = mbedtls_ssl_write_client_hello(ssl); in mbedtls_ssl_handshake_client_step()
3519 ret = ssl_parse_server_hello(ssl); in mbedtls_ssl_handshake_client_step()
3523 ret = mbedtls_ssl_parse_certificate(ssl); in mbedtls_ssl_handshake_client_step()
3527 ret = ssl_parse_server_key_exchange(ssl); in mbedtls_ssl_handshake_client_step()
3531 ret = ssl_parse_certificate_request(ssl); in mbedtls_ssl_handshake_client_step()
3535 ret = ssl_parse_server_hello_done(ssl); in mbedtls_ssl_handshake_client_step()
3546 ret = mbedtls_ssl_write_certificate(ssl); in mbedtls_ssl_handshake_client_step()
3550 ret = ssl_write_client_key_exchange(ssl); in mbedtls_ssl_handshake_client_step()
3554 ret = ssl_write_certificate_verify(ssl); in mbedtls_ssl_handshake_client_step()
3558 ret = mbedtls_ssl_write_change_cipher_spec(ssl); in mbedtls_ssl_handshake_client_step()
3562 ret = mbedtls_ssl_write_finished(ssl); in mbedtls_ssl_handshake_client_step()
3572 ret = ssl_parse_new_session_ticket(ssl); in mbedtls_ssl_handshake_client_step()
3577 ret = mbedtls_ssl_parse_change_cipher_spec(ssl); in mbedtls_ssl_handshake_client_step()
3581 ret = mbedtls_ssl_parse_finished(ssl); in mbedtls_ssl_handshake_client_step()
3586 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; in mbedtls_ssl_handshake_client_step()
3590 mbedtls_ssl_handshake_wrapup(ssl); in mbedtls_ssl_handshake_client_step()
3594 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_handshake_client_step()