Lines Matching refs:ssl
49 int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_fetch_handshake_msg() argument
56 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in mbedtls_ssl_tls13_fetch_handshake_msg()
61 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in mbedtls_ssl_tls13_fetch_handshake_msg()
62 ssl->in_msg[0] != hs_type) { in mbedtls_ssl_tls13_fetch_handshake_msg()
77 *buf = ssl->in_msg + 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
78 *buf_len = ssl->in_hslen - 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
86 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts() argument
212 static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, in ssl_tls13_parse_certificate_verify() argument
260 if (!mbedtls_ssl_sig_alg_is_offered(ssl, algorithm)) { in ssl_tls13_parse_certificate_verify()
284 if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) { in ssl_tls13_parse_certificate_verify()
316 &ssl->session_negotiate->peer_cert->pk, in ssl_tls13_parse_certificate_verify()
336 int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_certificate_verify() argument
352 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len)); in mbedtls_ssl_tls13_process_certificate_verify()
359 ssl, in mbedtls_ssl_tls13_process_certificate_verify()
360 (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in mbedtls_ssl_tls13_process_certificate_verify()
377 (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ? in mbedtls_ssl_tls13_process_certificate_verify()
383 ssl, buf, buf + buf_len, in mbedtls_ssl_tls13_process_certificate_verify()
387 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_process_certificate_verify()
396 ((void) ssl); in mbedtls_ssl_tls13_process_certificate_verify()
440 int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_certificate() argument
449 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_parse_certificate()
468 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_parse_certificate()
469 mbedtls_x509_crt_free(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
470 mbedtls_free(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
474 ssl->session_negotiate->peer_cert = NULL; in mbedtls_ssl_tls13_parse_certificate()
479 if ((ssl->session_negotiate->peer_cert = in mbedtls_ssl_tls13_parse_certificate()
488 mbedtls_x509_crt_init(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
513 ret = mbedtls_x509_crt_parse_der(ssl->session_negotiate->peer_cert, in mbedtls_ssl_tls13_parse_certificate()
572 ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, in mbedtls_ssl_tls13_parse_certificate()
603 ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
610 int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_certificate() argument
614 ((void) ssl); in mbedtls_ssl_tls13_parse_certificate()
626 static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_validate_certificate() argument
639 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_validate_certificate()
641 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_validate_certificate()
642 authmode = ssl->handshake->sni_authmode; in ssl_tls13_validate_certificate()
645 authmode = ssl->conf->authmode; in ssl_tls13_validate_certificate()
656 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_tls13_validate_certificate()
660 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_validate_certificate()
665 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; in ssl_tls13_validate_certificate()
678 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_validate_certificate()
687 if (ssl->handshake->sni_ca_chain != NULL) { in ssl_tls13_validate_certificate()
688 ca_chain = ssl->handshake->sni_ca_chain; in ssl_tls13_validate_certificate()
689 ca_crl = ssl->handshake->sni_ca_crl; in ssl_tls13_validate_certificate()
693 ca_chain = ssl->conf->ca_chain; in ssl_tls13_validate_certificate()
694 ca_crl = ssl->conf->ca_crl; in ssl_tls13_validate_certificate()
701 ssl->session_negotiate->peer_cert, in ssl_tls13_validate_certificate()
703 ssl->conf->cert_profile, in ssl_tls13_validate_certificate()
704 ssl->hostname, in ssl_tls13_validate_certificate()
706 ssl->conf->f_vrfy, ssl->conf->p_vrfy); in ssl_tls13_validate_certificate()
715 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_validate_certificate()
724 ssl->session_negotiate->peer_cert, in ssl_tls13_validate_certificate()
727 ssl->session_negotiate->peer_cert, in ssl_tls13_validate_certificate()
792 ssl->session_negotiate->verify_result = verify_result; in ssl_tls13_validate_certificate()
797 static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_validate_certificate() argument
799 ((void) ssl); in ssl_tls13_validate_certificate()
805 int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_certificate() argument
815 ssl, MBEDTLS_SSL_HS_CERTIFICATE, in mbedtls_ssl_tls13_process_certificate()
819 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_parse_certificate(ssl, buf, in mbedtls_ssl_tls13_process_certificate()
822 MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); in mbedtls_ssl_tls13_process_certificate()
825 ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); in mbedtls_ssl_tls13_process_certificate()
829 (void) ssl; in mbedtls_ssl_tls13_process_certificate()
861 static int ssl_tls13_write_certificate_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_body() argument
866 const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert(ssl); in ssl_tls13_write_certificate_body()
869 ssl->handshake->certificate_request_context; in ssl_tls13_write_certificate_body()
871 ssl->handshake->certificate_request_context_len; in ssl_tls13_write_certificate_body()
920 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_body()
925 int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_certificate() argument
934 ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len)); in mbedtls_ssl_tls13_write_certificate()
936 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl, in mbedtls_ssl_tls13_write_certificate()
942 ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); in mbedtls_ssl_tls13_write_certificate()
945 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_certificate()
1000 static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_verify_body() argument
1014 uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_write_certificate_verify_body()
1019 own_key = mbedtls_ssl_own_key(ssl); in ssl_tls13_write_certificate_verify_body()
1026 ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in ssl_tls13_write_certificate_verify_body()
1038 ssl->conf->endpoint); in ssl_tls13_write_certificate_verify_body()
1059 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_write_certificate_verify_body()
1092 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_tls13_write_certificate_verify_body()
1126 int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_certificate_verify() argument
1135 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_write_certificate_verify()
1139 ssl, buf, buf + buf_len, &msg_len)); in mbedtls_ssl_tls13_write_certificate_verify()
1142 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_write_certificate_verify()
1146 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_certificate_verify()
1165 static int ssl_tls13_preprocess_finished_message(mbedtls_ssl_context *ssl) in ssl_tls13_preprocess_finished_message() argument
1170 ssl, in ssl_tls13_preprocess_finished_message()
1171 ssl->handshake->state_local.finished_in.digest, in ssl_tls13_preprocess_finished_message()
1172 sizeof(ssl->handshake->state_local.finished_in.digest), in ssl_tls13_preprocess_finished_message()
1173 &ssl->handshake->state_local.finished_in.digest_len, in ssl_tls13_preprocess_finished_message()
1174 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ? in ssl_tls13_preprocess_finished_message()
1185 static int ssl_tls13_parse_finished_message(mbedtls_ssl_context *ssl, in ssl_tls13_parse_finished_message() argument
1195 ssl->handshake->state_local.finished_in.digest; in ssl_tls13_parse_finished_message()
1197 ssl->handshake->state_local.finished_in.digest_len; in ssl_tls13_parse_finished_message()
1226 int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_finished_message() argument
1235 ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1238 MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl)); in mbedtls_ssl_tls13_process_finished_message()
1241 ssl, buf, buf + buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1244 ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1262 static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_finished_message() argument
1267 ret = mbedtls_ssl_tls13_calculate_verify_data(ssl, in ssl_tls13_prepare_finished_message()
1268 ssl->handshake->state_local.finished_out.digest, in ssl_tls13_prepare_finished_message()
1269 sizeof(ssl->handshake->state_local.finished_out. in ssl_tls13_prepare_finished_message()
1271 … &ssl->handshake->state_local.finished_out.digest_len, in ssl_tls13_prepare_finished_message()
1272 ssl->conf->endpoint); in ssl_tls13_prepare_finished_message()
1283 static int ssl_tls13_write_finished_message_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_finished_message_body() argument
1288 size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; in ssl_tls13_write_finished_message_body()
1296 memcpy(buf, ssl->handshake->state_local.finished_out.digest, in ssl_tls13_write_finished_message_body()
1304 int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_finished_message() argument
1312 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_finished_message(ssl)); in mbedtls_ssl_tls13_write_finished_message()
1314 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in mbedtls_ssl_tls13_write_finished_message()
1318 ssl, buf, buf + buf_len, &msg_len)); in mbedtls_ssl_tls13_write_finished_message()
1320 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, in mbedtls_ssl_tls13_write_finished_message()
1324 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_finished_message()
1331 void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_wrapup() argument
1337 mbedtls_ssl_set_inbound_transform(ssl, ssl->transform_application); in mbedtls_ssl_tls13_handshake_wrapup()
1340 mbedtls_ssl_set_outbound_transform(ssl, ssl->transform_application); in mbedtls_ssl_tls13_handshake_wrapup()
1345 if (ssl->session) { in mbedtls_ssl_tls13_handshake_wrapup()
1346 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1347 mbedtls_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1349 ssl->session = ssl->session_negotiate; in mbedtls_ssl_tls13_handshake_wrapup()
1350 ssl->session_negotiate = NULL; in mbedtls_ssl_tls13_handshake_wrapup()
1362 static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_change_cipher_spec_body() argument
1367 ((void) ssl); in ssl_tls13_write_change_cipher_spec_body()
1376 int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_change_cipher_spec() argument
1383 if (ssl->handshake->ccs_sent) { in mbedtls_ssl_tls13_write_change_cipher_spec()
1390 ssl, ssl->out_msg, in mbedtls_ssl_tls13_write_change_cipher_spec()
1391 ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, in mbedtls_ssl_tls13_write_change_cipher_spec()
1392 &ssl->out_msglen)); in mbedtls_ssl_tls13_write_change_cipher_spec()
1394 ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; in mbedtls_ssl_tls13_write_change_cipher_spec()
1397 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); in mbedtls_ssl_tls13_write_change_cipher_spec()
1399 ssl->handshake->ccs_sent = 1; in mbedtls_ssl_tls13_write_change_cipher_spec()
1420 int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_write_early_data_ext() argument
1444 MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); in mbedtls_ssl_tls13_write_early_data_ext()
1447 (unsigned int) ssl->conf->max_early_data_size)); in mbedtls_ssl_tls13_write_early_data_ext()
1453 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); in mbedtls_ssl_tls13_write_early_data_ext()
1459 int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_check_early_data_len() argument
1467 if (ssl->session_negotiate == NULL) { in mbedtls_ssl_tls13_check_early_data_len()
1481 (ssl->session_negotiate->max_early_data_size - in mbedtls_ssl_tls13_check_early_data_len()
1482 ssl->total_early_data_size)) { in mbedtls_ssl_tls13_check_early_data_len()
1486 ssl->total_early_data_size, early_data_len, in mbedtls_ssl_tls13_check_early_data_len()
1487 ssl->session_negotiate->max_early_data_size)); in mbedtls_ssl_tls13_check_early_data_len()
1500 ssl->total_early_data_size += (uint32_t) early_data_len; in mbedtls_ssl_tls13_check_early_data_len()
1518 int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) in mbedtls_ssl_reset_transcript_for_hrr() argument
1524 ssl->handshake->ciphersuite_info; in mbedtls_ssl_reset_transcript_for_hrr()
1528 ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, in mbedtls_ssl_reset_transcript_for_hrr()
1548 ret = mbedtls_ssl_reset_checksum(ssl); in mbedtls_ssl_reset_transcript_for_hrr()
1553 ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); in mbedtls_ssl_reset_transcript_for_hrr()
1564 int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_read_public_xxdhe_share() argument
1570 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_read_public_xxdhe_share()
1635 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange() argument
1645 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange()
1676 ssl->handshake->xxdh_psa_bits = bits; in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange()
1719 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_check_received_extension() argument
1739 ssl->handshake->received_extensions |= extension_mask; in mbedtls_ssl_tls13_check_received_extension()
1750 if ((ssl->handshake->sent_extensions & extension_mask) != 0) { in mbedtls_ssl_tls13_check_received_extension()
1775 int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_record_size_limit_ext() argument
1816 ssl->session_negotiate->record_size_limit = record_size_limit; in mbedtls_ssl_tls13_parse_record_size_limit_ext()
1822 int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_write_record_size_limit_ext() argument
1846 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); in mbedtls_ssl_tls13_write_record_size_limit_ext()