| /mbedtls-latest/library/ |
| D | ssl_tls.c | 451 static int ssl_tls12_session_load(mbedtls_ssl_session *session,
495 static void ssl_clear_peer_cert(mbedtls_ssl_session *session) in ssl_clear_peer_cert() argument
498 if (session->peer_cert != NULL) { in ssl_clear_peer_cert()
499 mbedtls_x509_crt_free(session->peer_cert); in ssl_clear_peer_cert()
500 mbedtls_free(session->peer_cert); in ssl_clear_peer_cert()
501 session->peer_cert = NULL; in ssl_clear_peer_cert()
504 if (session->peer_cert_digest != NULL) { in ssl_clear_peer_cert()
506 mbedtls_free(session->peer_cert_digest); in ssl_clear_peer_cert()
507 session->peer_cert_digest = NULL; in ssl_clear_peer_cert()
508 session->peer_cert_digest_type = MBEDTLS_MD_NONE; in ssl_clear_peer_cert()
[all …]
|
| D | ssl_tls13_client.c | 684 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_tls13_has_configured_ticket() local
686 session != NULL && session->ticket != NULL && in ssl_tls13_has_configured_ticket()
689 session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); in ssl_tls13_has_configured_ticket()
695 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_tls13_early_data_has_valid_ticket() local
697 session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && in ssl_tls13_early_data_has_valid_ticket()
698 mbedtls_ssl_tls13_session_ticket_allow_early_data(session) && in ssl_tls13_early_data_has_valid_ticket()
699 mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); in ssl_tls13_early_data_has_valid_ticket()
709 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_tls13_ticket_get_identity() local
715 *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite); in ssl_tls13_ticket_get_identity()
716 *identity = session->ticket; in ssl_tls13_ticket_get_identity()
[all …]
|
| D | ssl_tls13_server.c | 188 mbedtls_ssl_session *session) in ssl_tls13_offered_psks_check_identity_match_ticket() argument
220 session, in ssl_tls13_offered_psks_check_identity_match_ticket()
255 if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { in ssl_tls13_offered_psks_check_identity_match_ticket()
263 if (now < session->ticket_creation_time) { in ssl_tls13_offered_psks_check_identity_match_ticket()
267 now, session->ticket_creation_time)); in ssl_tls13_offered_psks_check_identity_match_ticket()
271 server_age = now - session->ticket_creation_time; in ssl_tls13_offered_psks_check_identity_match_ticket()
302 client_age = obfuscated_ticket_age - session->ticket_age_add; in ssl_tls13_offered_psks_check_identity_match_ticket()
321 mbedtls_ssl_session_free(session); in ssl_tls13_offered_psks_check_identity_match_ticket()
336 mbedtls_ssl_session *session) in ssl_tls13_offered_psks_check_identity_match() argument
340 ((void) session); in ssl_tls13_offered_psks_check_identity_match()
[all …]
|
| D | ssl_cache.c | 77 mbedtls_ssl_session *session) in mbedtls_ssl_cache_get() argument
94 ret = mbedtls_ssl_session_load(session, in mbedtls_ssl_cache_get()
95 entry->session, in mbedtls_ssl_cache_get()
121 if (entry->session != NULL) { in ssl_cache_entry_zeroize()
122 mbedtls_zeroize_and_free(entry->session, entry->session_len); in ssl_cache_entry_zeroize()
230 if (cur->session != NULL) { in ssl_cache_pick_writing_slot()
249 const mbedtls_ssl_session *session) in mbedtls_ssl_cache_set() argument
273 ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len); in mbedtls_ssl_cache_set()
285 ret = mbedtls_ssl_session_save(session, in mbedtls_ssl_cache_set()
300 cur->session = session_serialized; in mbedtls_ssl_cache_set()
|
| D | ssl_misc.h | 2906 int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session,
2913 int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session,
2922 mbedtls_ssl_session *session, unsigned int flags) in mbedtls_ssl_tls13_session_get_ticket_flags() argument
2924 return session->ticket_flags & in mbedtls_ssl_tls13_session_get_ticket_flags()
2935 mbedtls_ssl_session *session, unsigned int flags) in mbedtls_ssl_tls13_session_ticket_has_flags() argument
2937 return mbedtls_ssl_tls13_session_get_ticket_flags(session, flags) != 0; in mbedtls_ssl_tls13_session_ticket_has_flags()
2941 mbedtls_ssl_session *session) in mbedtls_ssl_tls13_session_ticket_allow_psk() argument
2944 session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); in mbedtls_ssl_tls13_session_ticket_allow_psk()
2948 mbedtls_ssl_session *session) in mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral() argument
2951 session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); in mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral()
[all …]
|
| D | ssl_ticket.c | 300 const mbedtls_ssl_session *session, in mbedtls_ssl_ticket_write() argument
350 if ((ret = mbedtls_ssl_session_save(session, in mbedtls_ssl_ticket_write()
419 mbedtls_ssl_session *session, in mbedtls_ssl_ticket_parse() argument
500 if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) { in mbedtls_ssl_ticket_parse()
509 ret = mbedtls_ssl_session_get_ticket_creation_time(session, in mbedtls_ssl_ticket_parse()
|
| D | ssl_tls12_server.c | 475 mbedtls_ssl_session session; in ssl_parse_session_ticket_ext() local
477 mbedtls_ssl_session_init(&session); in ssl_parse_session_ticket_ext()
503 if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, in ssl_parse_session_ticket_ext()
505 mbedtls_ssl_session_free(&session); in ssl_parse_session_ticket_ext()
522 session.id_len = ssl->session_negotiate->id_len; in ssl_parse_session_ticket_ext()
523 memcpy(&session.id, ssl->session_negotiate->id, session.id_len); in ssl_parse_session_ticket_ext()
526 memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session)); in ssl_parse_session_ticket_ext()
529 mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session)); in ssl_parse_session_ticket_ext()
2114 mbedtls_ssl_session * const session = ssl->session_negotiate; in ssl_handle_id_based_session_resumption() local
2121 if (session->id_len == 0) { in ssl_handle_id_based_session_resumption()
[all …]
|
| D | ssl_tls13_generic.c | 1244 if (ssl->session) { in mbedtls_ssl_tls13_handshake_wrapup()
1245 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1246 mbedtls_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1248 ssl->session = ssl->session_negotiate; in mbedtls_ssl_tls13_handshake_wrapup()
|
| D | ssl_tls12_client.c | 3446 if (ssl->session != NULL && ssl->session->ticket != NULL) { in ssl_parse_new_session_ticket()
3447 mbedtls_zeroize_and_free(ssl->session->ticket, in ssl_parse_new_session_ticket()
3448 ssl->session->ticket_len); in ssl_parse_new_session_ticket()
3449 ssl->session->ticket = NULL; in ssl_parse_new_session_ticket()
3450 ssl->session->ticket_len = 0; in ssl_parse_new_session_ticket()
|
| /mbedtls-latest/tests/src/test_helpers/ |
| D | ssl_helpers.c | 1674 int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, in mbedtls_test_ssl_tls12_populate_session() argument
1682 session->start = mbedtls_time(NULL) - 42; in mbedtls_test_ssl_tls12_populate_session()
1684 session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_test_ssl_tls12_populate_session()
1689 session->endpoint = endpoint_type; in mbedtls_test_ssl_tls12_populate_session()
1690 session->ciphersuite = 0xabcd; in mbedtls_test_ssl_tls12_populate_session()
1691 session->id_len = sizeof(session->id); in mbedtls_test_ssl_tls12_populate_session()
1692 memset(session->id, 66, session->id_len); in mbedtls_test_ssl_tls12_populate_session()
1693 memset(session->master, 17, sizeof(session->master)); in mbedtls_test_ssl_tls12_populate_session()
1708 session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); in mbedtls_test_ssl_tls12_populate_session()
1709 if (session->peer_cert == NULL) { in mbedtls_test_ssl_tls12_populate_session()
[all …]
|
| /mbedtls-latest/include/mbedtls/ |
| D | ssl.h | 917 mbedtls_ssl_session *session);
939 const mbedtls_ssl_session *session);
1747 … mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
2615 const mbedtls_ssl_session *session,
2645 mbedtls_ssl_session *session,
2684 mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) in mbedtls_ssl_session_get_ticket_creation_time() argument
2686 if (session == NULL || ticket_creation_time == NULL || in mbedtls_ssl_session_get_ticket_creation_time()
2687 session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_session_get_ticket_creation_time()
2691 *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); in mbedtls_ssl_session_get_ticket_creation_time()
2706 session))[32] in mbedtls_ssl_session_get_id() argument
[all …]
|
| D | ssl_cache.h | 58 unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
102 mbedtls_ssl_session *session);
120 const mbedtls_ssl_session *session);
|
| /mbedtls-latest/tests/include/test/ |
| D | ssl_helpers.h | 548 int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
554 int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
611 void *p_ticket, const mbedtls_ssl_session *session,
615 int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
625 mbedtls_ssl_session *session);
|
| /mbedtls-latest/tests/suites/ |
| D | test_suite_ssl.function | 1996 /* Prepare a dummy session to work on */
2021 /* Restore session from serialized data */
2025 * Make sure both session structures are identical
2170 mbedtls_ssl_session session;
2177 mbedtls_ssl_session_init(&session);
2180 /* Prepare a dummy session to work on */
2188 &session, 0, endpoint_type) == 0);
2195 &session, ticket_len, endpoint_type, crt_file) == 0);
2205 TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0)
2212 /* Serialize to buffer and free live session */
[all …]
|
| D | test_suite_ssl.data | 916 SSL session serialization: Wrong major version
920 SSL session serialization: Wrong minor version
924 SSL session serialization: Wrong patch version
928 SSL session serialization: Wrong config
932 TLS 1.3: CLI: session serialization: Wrong major version
936 TLS 1.3: CLI: session serialization: Wrong minor version
940 TLS 1.3: CLI: session serialization: Wrong patch version
944 TLS 1.3: CLI: session serialization: Wrong config
948 TLS 1.3: SRV: session serialization: Wrong major version
952 TLS 1.3: SRV: session serialization: Wrong minor version
[all …]
|
| /mbedtls-latest/tests/ |
| D | Descriptions.txt | 21 covered by compat.sh: session resumption (using session cache or tickets),
|
| /mbedtls-latest/programs/ssl/ |
| D | ssl_server2.c | 1387 static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, in dummy_ticket_write() argument
1404 if ((ret = mbedtls_ssl_session_save(session, p, end - p, in dummy_ticket_write()
1414 static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, in dummy_ticket_parse() argument
1420 if ((ret = mbedtls_ssl_session_load(session, buf + 4, len - 4)) != 0) { in dummy_ticket_parse()
1431 session->ticket_creation_time = mbedtls_ms_time() + 1000; in dummy_ticket_parse()
1435 session->ticket_creation_time = mbedtls_ms_time() - in dummy_ticket_parse()
1441 session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; in dummy_ticket_parse()
1443 session->ticket_creation_time = mbedtls_ms_time(); in dummy_ticket_parse()
1448 session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; in dummy_ticket_parse()
1450 session->ticket_creation_time = mbedtls_ms_time(); in dummy_ticket_parse()
[all …]
|
| /mbedtls-latest/docs/ |
| D | 3.0-migration-guide.md | 844 1. Users who manually inspect parts of the current session through
847 2. Users of session resumption who query the current session
900 to configure a custom session cache implementation different
903 Those users will need to modify the API of their session cache
905 session IDs and values being instances of `mbedtls_ssl_session`:
911 mbedtls_ssl_session *session );
915 const mbedtls_ssl_session *session );
919 onwards, portable session cache implementations must not access fields of
921 find themselves unable to migrate their session cache functionality without
979 the same session. This use of `mbedtls_ssl_get_session()`
[all …]
|
| /mbedtls-latest/ |
| D | ChangeLog | 113 * Fix TLS 1.3 client build and runtime when support for session tickets is
321 * Add new accessors to expose the private session-id,
322 session-id length, and ciphersuite-id members of
413 * Fix missing bitflags in SSL session serialization headers. Their absence
848 its session id.
894 * In TLS 1.3, when using a ticket for session resumption, tweak its age
948 * Fix TLS 1.3 session resumption when the established pre-shared key is
950 session where the cipher suite is TLS_AES_256_GCM_SHA384.
1059 mechanism (session resumption).
1088 calculation that can be used to derive the session secret in TLS 1.2,
[all …]
|
| /mbedtls-latest/programs/ |
| D | README.md | 44 …ecure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.
|
| /mbedtls-latest/docs/architecture/ |
| D | tls13-support.md | 25 - Mbed TLS supports session resumption via the ticket mechanism.
|
| /mbedtls-latest/docs/architecture/psa-migration/ |
| D | strategy.md | 11 G3. Allow isolation of short-term secrets (for example, TLS session keys).
|
