Lines Matching refs:ssl
25 mbedtls_ssl_context *ssl, in ssl_tls13_validate_peer_ciphersuite() argument
29 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { in ssl_tls13_validate_peer_ciphersuite()
34 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_tls13_validate_peer_ciphersuite()
35 ssl->tls_version, in ssl_tls13_validate_peer_ciphersuite()
36 ssl->tls_version) != 0)) { in ssl_tls13_validate_peer_ciphersuite()
43 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite() argument
71 ssl_tls13_validate_peer_ciphersuite(ssl, id); in ssl_tls13_select_ciphersuite()
108 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_exchange_modes_ext() argument
146 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
177 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
179 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
183 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match_ticket() argument
203 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { in ssl_tls13_offered_psks_check_identity_match_ticket()
218 ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, in ssl_tls13_offered_psks_check_identity_match_ticket()
330 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match() argument
347 ssl, identity, identity_len, obfuscated_ticket_age, session); in ssl_tls13_offered_psks_check_identity_match()
350 ret = mbedtls_ssl_set_hs_psk(ssl, in ssl_tls13_offered_psks_check_identity_match()
370 if (ssl->conf->f_psk != NULL) { in ssl_tls13_offered_psks_check_identity_match()
371 if (ssl->conf->f_psk( in ssl_tls13_offered_psks_check_identity_match()
372 ssl->conf->p_psk, ssl, identity, identity_len) == 0) { in ssl_tls13_offered_psks_check_identity_match()
380 if (ssl->conf->psk_identity != NULL && in ssl_tls13_offered_psks_check_identity_match()
381 identity_len == ssl->conf->psk_identity_len && in ssl_tls13_offered_psks_check_identity_match()
382 mbedtls_ct_memcmp(ssl->conf->psk_identity, in ssl_tls13_offered_psks_check_identity_match()
384 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); in ssl_tls13_offered_psks_check_identity_match()
405 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_binder_match() argument
423 ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), in ssl_tls13_offered_psks_check_binder_match()
429 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); in ssl_tls13_offered_psks_check_binder_match()
434 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, in ssl_tls13_offered_psks_check_binder_match()
518 mbedtls_ssl_context *ssl, in ssl_tls13_parse_pre_shared_key_ext() argument
561 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
602 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_parse_pre_shared_key_ext()
621 ssl->session_negotiate->ticket_flags = session.ticket_flags; in ssl_tls13_parse_pre_shared_key_ext()
635 ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
639 ssl_tls13_key_exchange_is_psk_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
648 ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, in ssl_tls13_parse_pre_shared_key_ext()
668 ssl, binder, binder_len, psk->type, in ssl_tls13_parse_pre_shared_key_ext()
690 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, in ssl_tls13_parse_pre_shared_key_ext()
708 ret = ssl->handshake->update_checksum( in ssl_tls13_parse_pre_shared_key_ext()
709 ssl, identities_end, (size_t) (binders_end - identities_end)); in ssl_tls13_parse_pre_shared_key_ext()
719 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
734 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_pre_shared_key_ext() argument
745 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
747 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
761 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
766 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
768 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); in ssl_tls13_write_server_pre_shared_key_ext()
781 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_versions_ext() argument
799 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); in ssl_tls13_parse_supported_versions_ext()
808 mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_parse_supported_versions_ext()
840 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_groups_ext() argument
854 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
867 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || in ssl_tls13_parse_supported_groups_ext()
869 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
878 ssl->handshake->hrr_selected_group = named_group; in ssl_tls13_parse_supported_groups_ext()
902 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_shares_ext() argument
924 ssl->handshake->offered_group_id = 0; in ssl_tls13_parse_key_shares_ext()
955 if (!mbedtls_ssl_named_group_is_offered(ssl, group) || in ssl_tls13_parse_key_shares_ext()
957 ssl->handshake->offered_group_id != 0) { in ssl_tls13_parse_key_shares_ext()
970 ssl, key_exchange - 2, key_exchange_len + 2); in ssl_tls13_parse_key_shares_ext()
981 ssl->handshake->offered_group_id = group; in ssl_tls13_parse_key_shares_ext()
985 if (ssl->handshake->offered_group_id == 0) { in ssl_tls13_parse_key_shares_ext()
994 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, in ssl_tls13_client_hello_has_exts() argument
997 int masked = ssl->handshake->received_extensions & exts_mask; in ssl_tls13_client_hello_has_exts()
1004 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange() argument
1007 ssl, in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()
1017 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_key_exchange() argument
1020 ssl, in ssl_tls13_client_hello_has_exts_for_psk_key_exchange()
1029 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange() argument
1032 ssl, in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange()
1042 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_available() argument
1045 return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1046 mbedtls_ssl_tls13_is_psk_supported(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1047 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_available()
1049 ((void) ssl); in ssl_tls13_key_exchange_is_psk_available()
1055 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_ephemeral_available() argument
1058 return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1059 mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1060 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1062 ((void) ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1069 static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_ephemeral_available() argument
1072 return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_ephemeral_available()
1073 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1075 ((void) ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1116 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) in ssl_tls13_pick_key_cert() argument
1119 const uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_pick_key_cert()
1122 if (ssl->handshake->sni_key_cert != NULL) { in ssl_tls13_pick_key_cert()
1123 key_cert_list = ssl->handshake->sni_key_cert; in ssl_tls13_pick_key_cert()
1126 key_cert_list = ssl->conf->key_cert; in ssl_tls13_pick_key_cert()
1134 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_pick_key_cert()
1182 ssl->handshake->key_cert = key_cert; in ssl_tls13_pick_key_cert()
1191 ssl->handshake->key_cert->cert); in ssl_tls13_pick_key_cert()
1250 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_parse_client_hello() argument
1266 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_parse_client_hello()
1304 if (mbedtls_ssl_read_version(p, ssl->conf->transport) != in ssl_tls13_parse_client_hello()
1371 ssl, p + 2, end, in ssl_tls13_parse_client_hello()
1384 ret = ssl_tls13_parse_supported_versions_ext(ssl, in ssl_tls13_parse_client_hello()
1408 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1409 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1410 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_tls13_parse_client_hello()
1421 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { in ssl_tls13_parse_client_hello()
1425 ssl->session_negotiate->id_len = legacy_session_id_len; in ssl_tls13_parse_client_hello()
1428 memcpy(&ssl->session_negotiate->id[0], in ssl_tls13_parse_client_hello()
1437 ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, in ssl_tls13_parse_client_hello()
1445 ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1486 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_parse_client_hello()
1516 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, in ssl_tls13_parse_client_hello()
1526 ret = mbedtls_ssl_parse_server_name_ext(ssl, p, in ssl_tls13_parse_client_hello()
1547 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1569 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1594 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1627 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1641 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1655 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1677 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in ssl_tls13_parse_client_hello()
1694 ret = handshake->update_checksum(ssl, buf, in ssl_tls13_parse_client_hello()
1700 ret = ssl_tls13_parse_pre_shared_key_ext(ssl, in ssl_tls13_parse_client_hello()
1716 ret = handshake->update_checksum(ssl, buf, p - buf); in ssl_tls13_parse_client_hello()
1746 if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { in ssl_tls13_parse_client_hello()
1772 ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1789 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); in ssl_tls13_parse_client_hello()
1795 static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) in ssl_tls13_check_early_data_requirements() argument
1797 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_check_early_data_requirements()
1799 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { in ssl_tls13_check_early_data_requirements()
1838 ssl->session_negotiate->ciphersuite) { in ssl_tls13_check_early_data_requirements()
1846 if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { in ssl_tls13_check_early_data_requirements()
1855 const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl); in ssl_tls13_check_early_data_requirements()
1858 if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) { in ssl_tls13_check_early_data_requirements()
1867 ssl->session_negotiate->ticket_alpn == NULL || in ssl_tls13_check_early_data_requirements()
1868 alpn_len != strlen(ssl->session_negotiate->ticket_alpn) || in ssl_tls13_check_early_data_requirements()
1869 (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) { in ssl_tls13_check_early_data_requirements()
1883 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_postprocess_client_hello() argument
1891 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_tls13_postprocess_client_hello()
1896 ssl->handshake->sni_name = NULL; in ssl_tls13_postprocess_client_hello()
1897 ssl->handshake->sni_name_len = 0; in ssl_tls13_postprocess_client_hello()
1900 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); in ssl_tls13_postprocess_client_hello()
1908 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { in ssl_tls13_postprocess_client_hello()
1909 ssl->handshake->early_data_accepted = in ssl_tls13_postprocess_client_hello()
1910 (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); in ssl_tls13_postprocess_client_hello()
1912 if (ssl->handshake->early_data_accepted) { in ssl_tls13_postprocess_client_hello()
1913 ret = mbedtls_ssl_tls13_compute_early_transform(ssl); in ssl_tls13_postprocess_client_hello()
1920 ssl->discard_early_data_record = in ssl_tls13_postprocess_client_hello()
1938 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_hello() argument
1949 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in ssl_tls13_process_client_hello()
1952 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, in ssl_tls13_process_client_hello()
1969 if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_process_client_hello()
1977 ssl->keep_current_message = 1; in ssl_tls13_process_client_hello()
1978 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in ssl_tls13_process_client_hello()
1983 ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == in ssl_tls13_process_client_hello()
1987 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in ssl_tls13_process_client_hello()
1989 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); in ssl_tls13_process_client_hello()
2002 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_server_hello() argument
2006 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; in ssl_tls13_prepare_server_hello()
2008 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, in ssl_tls13_prepare_server_hello()
2018 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_tls13_prepare_server_hello()
2033 mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_supported_versions_ext() argument
2054 ssl->conf->transport, in ssl_tls13_write_server_hello_supported_versions_ext()
2055 ssl->tls_version); in ssl_tls13_write_server_hello_supported_versions_ext()
2058 ssl->tls_version)); in ssl_tls13_write_server_hello_supported_versions_ext()
2063 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); in ssl_tls13_write_server_hello_supported_versions_ext()
2073 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, in ssl_tls13_generate_and_write_key_share() argument
2087 ssl, named_group, buf, end, out_len); in ssl_tls13_generate_and_write_key_share()
2098 ((void) ssl); in ssl_tls13_generate_and_write_key_share()
2122 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_key_share_ext() argument
2129 uint16_t group = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
2155 ssl, group, server_share + 4, end, &key_exchange_length); in ssl_tls13_write_key_share_ext()
2167 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_key_share_ext()
2173 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_hrr_key_share_ext() argument
2178 uint16_t selected_group = ssl->handshake->hrr_selected_group; in ssl_tls13_write_hrr_key_share_ext()
2198 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_hrr_key_share_ext()
2204 if (ssl->handshake->offered_group_id != 0) { in ssl_tls13_write_hrr_key_share_ext()
2232 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_hrr_key_share_ext()
2250 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_body() argument
2262 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_server_hello_body()
2285 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], in ssl_tls13_write_server_hello_body()
2296 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2297 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2298 if (ssl->session_negotiate->id_len > 0) { in ssl_tls13_write_server_hello_body()
2299 memcpy(p, &ssl->session_negotiate->id[0], in ssl_tls13_write_server_hello_body()
2300 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2301 p += ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2303 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_tls13_write_server_hello_body()
2304 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2314 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_tls13_write_server_hello_body()
2319 ssl->session_negotiate->ciphersuite), in ssl_tls13_write_server_hello_body()
2320 ssl->session_negotiate->ciphersuite)); in ssl_tls13_write_server_hello_body()
2342 ssl, p, end, &output_len)) != 0) { in ssl_tls13_write_server_hello_body()
2349 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_server_hello_body()
2351 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2353 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2362 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_server_hello_body()
2363 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2385 ssl->handshake->sent_extensions); in ssl_tls13_write_server_hello_body()
2391 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_finalize_server_hello() argument
2394 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); in ssl_tls13_finalize_server_hello()
2406 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_hello() argument
2414 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); in ssl_tls13_write_server_hello()
2417 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); in ssl_tls13_write_server_hello()
2419 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_server_hello()
2425 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_server_hello()
2428 ssl, buf_len, msg_len)); in ssl_tls13_write_server_hello()
2430 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); in ssl_tls13_write_server_hello()
2438 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); in ssl_tls13_write_server_hello()
2440 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in ssl_tls13_write_server_hello()
2454 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_hello_retry_request() argument
2457 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_prepare_hello_retry_request()
2468 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); in ssl_tls13_prepare_hello_retry_request()
2473 mbedtls_ssl_session_reset_msg_layer(ssl, 0); in ssl_tls13_prepare_hello_retry_request()
2479 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_hello_retry_request() argument
2487 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); in ssl_tls13_write_hello_retry_request()
2490 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, in ssl_tls13_write_hello_retry_request()
2493 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_hello_retry_request()
2498 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_hello_retry_request()
2501 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, in ssl_tls13_write_hello_retry_request()
2504 ssl->handshake->hello_retry_request_flag = 1; in ssl_tls13_write_hello_retry_request()
2512 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); in ssl_tls13_write_hello_retry_request()
2514 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in ssl_tls13_write_hello_retry_request()
2533 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_encrypted_extensions_body() argument
2550 ((void) ssl); in ssl_tls13_write_encrypted_extensions_body()
2555 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2563 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_encrypted_extensions_body()
2565 ssl, 0, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2574 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { in ssl_tls13_write_encrypted_extensions_body()
2576 ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2592 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); in ssl_tls13_write_encrypted_extensions_body()
2598 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) in ssl_tls13_write_encrypted_extensions() argument
2604 mbedtls_ssl_set_outbound_transform(ssl, in ssl_tls13_write_encrypted_extensions()
2605 ssl->handshake->transform_handshake); in ssl_tls13_write_encrypted_extensions()
2612 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2616 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_encrypted_extensions()
2619 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2623 ssl, buf_len, msg_len)); in ssl_tls13_write_encrypted_extensions()
2626 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_encrypted_extensions()
2627 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2629 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); in ssl_tls13_write_encrypted_extensions()
2632 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2653 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_certificate_request_coordinate() argument
2658 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_certificate_request_coordinate()
2659 authmode = ssl->handshake->sni_authmode; in ssl_tls13_certificate_request_coordinate()
2662 authmode = ssl->conf->authmode; in ssl_tls13_certificate_request_coordinate()
2665 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in ssl_tls13_certificate_request_coordinate()
2669 ssl->handshake->certificate_request_sent = 1; in ssl_tls13_certificate_request_coordinate()
2682 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_request_body() argument
2716 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_tls13_write_certificate_request_body()
2727 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_request_body()
2733 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_request() argument
2739 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); in ssl_tls13_write_certificate_request()
2746 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2750 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_certificate_request()
2753 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2757 ssl, buf_len, msg_len)); in ssl_tls13_write_certificate_request()
2767 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); in ssl_tls13_write_certificate_request()
2778 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_certificate() argument
2783 if ((ssl_tls13_pick_key_cert(ssl) != 0) || in ssl_tls13_write_server_certificate()
2784 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_tls13_write_server_certificate()
2792 ret = mbedtls_ssl_tls13_write_certificate(ssl); in ssl_tls13_write_server_certificate()
2796 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); in ssl_tls13_write_server_certificate()
2804 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_verify() argument
2806 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); in ssl_tls13_write_certificate_verify()
2810 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_certificate_verify()
2856 mbedtls_ssl_context *ssl) in ssl_tls13_prepare_for_handshake_second_flight() argument
2858 if (ssl->handshake->certificate_request_sent) { in ssl_tls13_prepare_for_handshake_second_flight()
2859 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); in ssl_tls13_prepare_for_handshake_second_flight()
2864 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); in ssl_tls13_prepare_for_handshake_second_flight()
2872 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_finished() argument
2876 ret = mbedtls_ssl_tls13_write_finished_message(ssl); in ssl_tls13_write_server_finished()
2881 ret = mbedtls_ssl_tls13_compute_application_transform(ssl); in ssl_tls13_write_server_finished()
2890 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_server_finished()
2896 ssl, ssl->handshake->transform_earlydata); in ssl_tls13_write_server_finished()
2897 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); in ssl_tls13_write_server_finished()
2904 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); in ssl_tls13_write_server_finished()
2906 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_write_server_finished()
2926 static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_end_of_early_data_coordinate() argument
2930 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in ssl_tls13_end_of_early_data_coordinate()
2934 ssl->keep_current_message = 1; in ssl_tls13_end_of_early_data_coordinate()
2936 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_tls13_end_of_early_data_coordinate()
2937 ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2942 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2943 if (ssl->in_offt == NULL) { in ssl_tls13_end_of_early_data_coordinate()
2946 ssl->in_offt = ssl->in_msg; in ssl_tls13_end_of_early_data_coordinate()
2947 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); in ssl_tls13_end_of_early_data_coordinate()
2961 static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, in ssl_tls13_parse_end_of_early_data() argument
3015 static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) in ssl_tls13_process_end_of_early_data() argument
3021 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); in ssl_tls13_process_end_of_early_data()
3028 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3032 ssl, buf, buf + buf_len)); in ssl_tls13_process_end_of_early_data()
3038 ssl, ssl->handshake->transform_handshake); in ssl_tls13_process_end_of_early_data()
3041 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3044 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_process_end_of_early_data()
3065 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_finished() argument
3069 ret = mbedtls_ssl_tls13_process_finished_message(ssl); in ssl_tls13_process_client_finished()
3074 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); in ssl_tls13_process_client_finished()
3080 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in ssl_tls13_process_client_finished()
3088 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in ssl_tls13_handshake_wrapup() argument
3092 mbedtls_ssl_tls13_handshake_wrapup(ssl); in ssl_tls13_handshake_wrapup()
3101 if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { in ssl_tls13_handshake_wrapup()
3103 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in ssl_tls13_handshake_wrapup()
3107 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_handshake_wrapup()
3118 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket_coordinate() argument
3121 if (ssl->conf->f_ticket_write == NULL) { in ssl_tls13_write_new_session_ticket_coordinate()
3126 if (ssl->conf->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3132 if (ssl->handshake->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3143 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, in ssl_tls13_prepare_new_session_ticket() argument
3148 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_prepare_new_session_ticket()
3160 session, ssl->handshake->tls13_kex_modes); in ssl_tls13_prepare_new_session_ticket()
3164 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && in ssl_tls13_prepare_new_session_ticket()
3165 ssl->conf->max_early_data_size > 0) { in ssl_tls13_prepare_new_session_ticket()
3168 session->max_early_data_size = ssl->conf->max_early_data_size; in ssl_tls13_prepare_new_session_ticket()
3176 ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen); in ssl_tls13_prepare_new_session_ticket()
3184 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_tls13_prepare_new_session_ticket()
3194 ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); in ssl_tls13_prepare_new_session_ticket()
3203 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; in ssl_tls13_prepare_new_session_ticket()
3273 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_new_session_ticket_body() argument
3282 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_write_new_session_ticket_body()
3302 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_tls13_write_new_session_ticket_body()
3353 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_new_session_ticket_body()
3364 ssl, 1, p, end, &output_len)) != 0) { in ssl_tls13_write_new_session_ticket_body()
3385 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); in ssl_tls13_write_new_session_ticket_body()
3393 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket() argument
3397 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); in ssl_tls13_write_new_session_ticket()
3405 ssl, ticket_nonce, sizeof(ticket_nonce))); in ssl_tls13_write_new_session_ticket()
3408 ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, in ssl_tls13_write_new_session_ticket()
3412 ssl, buf, buf + buf_len, &msg_len, in ssl_tls13_write_new_session_ticket()
3416 ssl, buf_len, msg_len)); in ssl_tls13_write_new_session_ticket()
3422 if (ssl->handshake->resume == 1) { in ssl_tls13_write_new_session_ticket()
3423 ssl->handshake->new_session_tickets_count = 0; in ssl_tls13_write_new_session_ticket()
3425 ssl->handshake->new_session_tickets_count--; in ssl_tls13_write_new_session_ticket()
3429 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); in ssl_tls13_write_new_session_ticket()
3431 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_write_new_session_ticket()
3443 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_server_step() argument
3447 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3452 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), in mbedtls_ssl_tls13_handshake_server_step()
3453 ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()
3455 switch (ssl->state) { in mbedtls_ssl_tls13_handshake_server_step()
3458 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3463 ret = ssl_tls13_process_client_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3470 ret = ssl_tls13_write_hello_retry_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3478 ret = ssl_tls13_write_server_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3482 ret = ssl_tls13_write_encrypted_extensions(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3491 ret = ssl_tls13_write_certificate_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3495 ret = ssl_tls13_write_server_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3499 ret = ssl_tls13_write_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3508 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3510 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3515 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3519 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in mbedtls_ssl_tls13_handshake_server_step()
3524 ret = ssl_tls13_write_server_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3529 ret = ssl_tls13_process_end_of_early_data(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3534 ret = ssl_tls13_process_client_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3538 ret = ssl_tls13_handshake_wrapup(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3543 ret = mbedtls_ssl_tls13_process_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3545 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3547 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); in mbedtls_ssl_tls13_handshake_server_step()
3551 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3557 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3560 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3567 ret = ssl_tls13_write_new_session_ticket(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3581 if (ssl->handshake->new_session_tickets_count == 0) { in mbedtls_ssl_tls13_handshake_server_step()
3582 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in mbedtls_ssl_tls13_handshake_server_step()
3585 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in mbedtls_ssl_tls13_handshake_server_step()
3592 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()