Lines Matching refs:ssl
26 static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl, in ssl_write_hostname_ext() argument
32 const char *hostname = mbedtls_ssl_get_hostname_pointer(ssl); in ssl_write_hostname_ext()
94 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME); in ssl_write_hostname_ext()
115 static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, in ssl_write_alpn_ext() argument
124 if (ssl->conf->alpn_list == NULL) { in ssl_write_alpn_ext()
146 for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { in ssl_write_alpn_ext()
168 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); in ssl_write_alpn_ext()
218 static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_write_supported_groups_ext() argument
227 const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); in ssl_write_supported_groups_ext()
309 ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS); in ssl_write_supported_groups_ext()
319 mbedtls_ssl_context *ssl, in ssl_write_client_hello_cipher_suites() argument
341 ciphersuite_list = ssl->conf->ciphersuite_list; in ssl_write_client_hello_cipher_suites()
357 if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_write_client_hello_cipher_suites()
358 ssl->handshake->min_tls_version, in ssl_write_client_hello_cipher_suites()
359 ssl->tls_version) != 0) { in ssl_write_client_hello_cipher_suites()
385 renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); in ssl_write_client_hello_cipher_suites()
437 static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, in ssl_write_client_hello_body() argument
444 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_hello_body()
458 (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version); in ssl_write_client_hello_body()
464 (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version); in ssl_write_client_hello_body()
473 mbedtls_ssl_write_version(p, ssl->conf->transport, in ssl_write_client_hello_body()
507 MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1); in ssl_write_client_hello_body()
508 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_write_client_hello_body()
509 memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); in ssl_write_client_hello_body()
510 p += ssl->session_negotiate->id_len; in ssl_write_client_hello_body()
512 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_write_client_hello_body()
513 ssl->session_negotiate->id_len); in ssl_write_client_hello_body()
521 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_write_client_hello_body()
545 ret = ssl_write_client_hello_cipher_suites(ssl, p, end, in ssl_write_client_hello_body()
581 ret = ssl_write_hostname_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
589 ret = ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
598 ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end, in ssl_write_client_hello_body()
613 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { in ssl_write_client_hello_body()
625 ret = ssl_write_supported_groups_ext(ssl, p, end, in ssl_write_client_hello_body()
641 (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); in ssl_write_client_hello_body()
648 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
658 ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end, in ssl_write_client_hello_body()
672 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { in ssl_write_client_hello_body()
674 ssl, p, end, &output_len, binders_len); in ssl_write_client_hello_body()
700 static int ssl_generate_random(mbedtls_ssl_context *ssl) in ssl_generate_random() argument
703 unsigned char *randbytes = ssl->handshake->randbytes; in ssl_generate_random()
718 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_generate_random()
730 ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_generate_random()
737 static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) in ssl_prepare_client_hello() argument
741 mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; in ssl_prepare_client_hello()
752 if (ssl->handshake->resume != 0 && in ssl_prepare_client_hello()
762 ssl->handshake->resume = 0; in ssl_prepare_client_hello()
773 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_prepare_client_hello()
774 ssl->handshake->min_tls_version = ssl->tls_version; in ssl_prepare_client_hello()
778 if (ssl->handshake->resume) { in ssl_prepare_client_hello()
779 ssl->tls_version = session_negotiate->tls_version; in ssl_prepare_client_hello()
780 ssl->handshake->min_tls_version = ssl->tls_version; in ssl_prepare_client_hello()
782 ssl->handshake->min_tls_version = ssl->conf->min_tls_version; in ssl_prepare_client_hello()
792 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_prepare_client_hello()
793 (ssl->handshake->cookie == NULL)) in ssl_prepare_client_hello()
797 if (!ssl->handshake->hello_retry_request_flag) in ssl_prepare_client_hello()
800 ret = ssl_generate_random(ssl); in ssl_prepare_client_hello()
817 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_prepare_client_hello()
820 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_prepare_client_hello()
822 ssl->handshake->resume == 0) { in ssl_prepare_client_hello()
833 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_prepare_client_hello()
848 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in ssl_prepare_client_hello()
872 ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_prepare_client_hello()
885 const char *context_hostname = mbedtls_ssl_get_hostname_pointer(ssl); in ssl_prepare_client_hello()
886 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && in ssl_prepare_client_hello()
887 ssl->handshake->resume) { in ssl_prepare_client_hello()
915 int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) in mbedtls_ssl_write_client_hello() argument
923 MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl)); in mbedtls_ssl_write_client_hello()
926 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in mbedtls_ssl_write_client_hello()
929 MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf, in mbedtls_ssl_write_client_hello()
935 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_client_hello()
936 ssl->out_msglen = msg_len + 4; in mbedtls_ssl_write_client_hello()
937 mbedtls_ssl_send_flight_completed(ssl); in mbedtls_ssl_write_client_hello()
948 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in mbedtls_ssl_write_client_hello()
950 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in mbedtls_ssl_write_client_hello()
955 if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { in mbedtls_ssl_write_client_hello()
963 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in mbedtls_ssl_write_client_hello()
970 ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); in mbedtls_ssl_write_client_hello()
979 ssl, buf + msg_len - binders_len, buf + msg_len)); in mbedtls_ssl_write_client_hello()
980 ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, in mbedtls_ssl_write_client_hello()
989 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, in mbedtls_ssl_write_client_hello()
997 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in mbedtls_ssl_write_client_hello()
1000 if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && in mbedtls_ssl_write_client_hello()
1001 MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) { in mbedtls_ssl_write_client_hello()
1002 ret = mbedtls_ssl_tls13_finalize_client_hello(ssl); in mbedtls_ssl_write_client_hello()
1009 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); in mbedtls_ssl_write_client_hello()