Lines Matching +full:cancel +full:- +full:in +full:- +full:progress
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
45 * arguments in each translating place. */
73 return (chk_buf_ptr_fail_args.cur != args->cur) || in mbedtls_ssl_cmp_chk_buf_ptr_fail_args()
74 (chk_buf_ptr_fail_args.end != args->end) || in mbedtls_ssl_cmp_chk_buf_ptr_fail_args()
75 (chk_buf_ptr_fail_args.need != args->need); in mbedtls_ssl_cmp_chk_buf_ptr_fail_args()
82 /* Top-level Connection ID API */
97 conf->ignore_unexpected_cid = ignore_other_cid; in mbedtls_ssl_conf_cid()
98 conf->cid_len = len; in mbedtls_ssl_conf_cid()
107 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_set_cid()
111 ssl->negotiate_cid = enable; in mbedtls_ssl_set_cid()
119 if (own_cid_len != ssl->conf->cid_len) { in mbedtls_ssl_set_cid()
120 MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config", in mbedtls_ssl_set_cid()
122 (unsigned) ssl->conf->cid_len)); in mbedtls_ssl_set_cid()
126 memcpy(ssl->own_cid, own_cid, own_cid_len); in mbedtls_ssl_set_cid()
129 ssl->own_cid_len = (uint8_t) own_cid_len; in mbedtls_ssl_set_cid()
141 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_get_own_cid()
145 /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is in mbedtls_ssl_get_own_cid()
148 if (ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in mbedtls_ssl_get_own_cid()
153 *own_cid_len = ssl->own_cid_len; in mbedtls_ssl_get_own_cid()
155 memcpy(own_cid, ssl->own_cid, ssl->own_cid_len); in mbedtls_ssl_get_own_cid()
171 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in mbedtls_ssl_get_peer_cid()
176 /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions in mbedtls_ssl_get_peer_cid()
179 * in the first place. */ in mbedtls_ssl_get_peer_cid()
180 if (ssl->transform_in->in_cid_len == 0 && in mbedtls_ssl_get_peer_cid()
181 ssl->transform_in->out_cid_len == 0) { in mbedtls_ssl_get_peer_cid()
186 *peer_cid_len = ssl->transform_in->out_cid_len; in mbedtls_ssl_get_peer_cid()
188 memcpy(peer_cid, ssl->transform_in->out_cid, in mbedtls_ssl_get_peer_cid()
189 ssl->transform_in->out_cid_len); in mbedtls_ssl_get_peer_cid()
208 * and we add 0 -> extension unused
235 dst->ticket = NULL; in mbedtls_ssl_session_copy()
238 dst->hostname = NULL; in mbedtls_ssl_session_copy()
244 dst->ticket_alpn = NULL; in mbedtls_ssl_session_copy()
250 if (src->peer_cert != NULL) { in mbedtls_ssl_session_copy()
253 dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in mbedtls_ssl_session_copy()
254 if (dst->peer_cert == NULL) { in mbedtls_ssl_session_copy()
258 mbedtls_x509_crt_init(dst->peer_cert); in mbedtls_ssl_session_copy()
260 if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p, in mbedtls_ssl_session_copy()
261 src->peer_cert->raw.len)) != 0) { in mbedtls_ssl_session_copy()
262 mbedtls_free(dst->peer_cert); in mbedtls_ssl_session_copy()
263 dst->peer_cert = NULL; in mbedtls_ssl_session_copy()
268 if (src->peer_cert_digest != NULL) { in mbedtls_ssl_session_copy()
269 dst->peer_cert_digest = in mbedtls_ssl_session_copy()
270 mbedtls_calloc(1, src->peer_cert_digest_len); in mbedtls_ssl_session_copy()
271 if (dst->peer_cert_digest == NULL) { in mbedtls_ssl_session_copy()
275 memcpy(dst->peer_cert_digest, src->peer_cert_digest, in mbedtls_ssl_session_copy()
276 src->peer_cert_digest_len); in mbedtls_ssl_session_copy()
277 dst->peer_cert_digest_type = src->peer_cert_digest_type; in mbedtls_ssl_session_copy()
278 dst->peer_cert_digest_len = src->peer_cert_digest_len; in mbedtls_ssl_session_copy()
287 int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn); in mbedtls_ssl_session_copy()
295 if (src->ticket != NULL) { in mbedtls_ssl_session_copy()
296 dst->ticket = mbedtls_calloc(1, src->ticket_len); in mbedtls_ssl_session_copy()
297 if (dst->ticket == NULL) { in mbedtls_ssl_session_copy()
301 memcpy(dst->ticket, src->ticket, src->ticket_len); in mbedtls_ssl_session_copy()
306 if (src->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_session_copy()
308 ret = mbedtls_ssl_session_set_hostname(dst, src->hostname); in mbedtls_ssl_session_copy()
350 if (ssl->in_buf != NULL) { in handle_buffer_resizing()
351 written_in = ssl->in_msg - ssl->in_buf; in handle_buffer_resizing()
352 iv_offset_in = ssl->in_iv - ssl->in_buf; in handle_buffer_resizing()
353 len_offset_in = ssl->in_len - ssl->in_buf; in handle_buffer_resizing()
354 hdr_in = ssl->in_hdr - ssl->in_buf; in handle_buffer_resizing()
356 ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : in handle_buffer_resizing()
357 ssl->in_buf_len < in_buf_new_len) { in handle_buffer_resizing()
358 if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) { in handle_buffer_resizing()
359 MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory")); in handle_buffer_resizing()
368 if (ssl->out_buf != NULL) { in handle_buffer_resizing()
369 written_out = ssl->out_msg - ssl->out_buf; in handle_buffer_resizing()
370 iv_offset_out = ssl->out_iv - ssl->out_buf; in handle_buffer_resizing()
371 len_offset_out = ssl->out_len - ssl->out_buf; in handle_buffer_resizing()
373 ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : in handle_buffer_resizing()
374 ssl->out_buf_len < out_buf_new_len) { in handle_buffer_resizing()
375 if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) { in handle_buffer_resizing()
376 MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory")); in handle_buffer_resizing()
386 ssl->in_hdr = ssl->in_buf + hdr_in; in handle_buffer_resizing()
392 ssl->out_msg = ssl->out_buf + written_out; in handle_buffer_resizing()
393 ssl->out_len = ssl->out_buf + len_offset_out; in handle_buffer_resizing()
394 ssl->out_iv = ssl->out_buf + iv_offset_out; in handle_buffer_resizing()
396 ssl->in_msg = ssl->in_buf + written_in; in handle_buffer_resizing()
397 ssl->in_len = ssl->in_buf + len_offset_in; in handle_buffer_resizing()
398 ssl->in_iv = ssl->in_buf + iv_offset_in; in handle_buffer_resizing()
503 if (session->peer_cert != NULL) { in ssl_clear_peer_cert()
504 mbedtls_x509_crt_free(session->peer_cert); in ssl_clear_peer_cert()
505 mbedtls_free(session->peer_cert); in ssl_clear_peer_cert()
506 session->peer_cert = NULL; in ssl_clear_peer_cert()
509 if (session->peer_cert_digest != NULL) { in ssl_clear_peer_cert()
511 mbedtls_free(session->peer_cert_digest); in ssl_clear_peer_cert()
512 session->peer_cert_digest = NULL; in ssl_clear_peer_cert()
513 session->peer_cert_digest_type = MBEDTLS_MD_NONE; in ssl_clear_peer_cert()
514 session->peer_cert_digest_len = 0; in ssl_clear_peer_cert()
778 mbedtls_debug_print_msg(ssl, level, file, line, "- %s is set.", in mbedtls_ssl_print_ticket_flags()
793 if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { in mbedtls_ssl_optimize_checksum()
794 ssl->handshake->update_checksum = ssl_update_checksum_sha384; in mbedtls_ssl_optimize_checksum()
798 if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) { in mbedtls_ssl_optimize_checksum()
799 ssl->handshake->update_checksum = ssl_update_checksum_sha256; in mbedtls_ssl_optimize_checksum()
820 return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); in mbedtls_ssl_add_hs_hdr_to_checksum()
833 return ssl->handshake->update_checksum(ssl, msg, msg_len); in mbedtls_ssl_add_hs_msg_to_checksum()
845 #else /* SHA-256 or SHA-384 */ in mbedtls_ssl_reset_checksum()
847 #endif /* SHA-256 or SHA-384 */ in mbedtls_ssl_reset_checksum()
850 status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); in mbedtls_ssl_reset_checksum()
854 status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); in mbedtls_ssl_reset_checksum()
859 mbedtls_md_free(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
860 mbedtls_md_init(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
861 ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, in mbedtls_ssl_reset_checksum()
867 ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
875 status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); in mbedtls_ssl_reset_checksum()
879 status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); in mbedtls_ssl_reset_checksum()
884 mbedtls_md_free(&ssl->handshake->fin_sha384); in mbedtls_ssl_reset_checksum()
885 mbedtls_md_init(&ssl->handshake->fin_sha384); in mbedtls_ssl_reset_checksum()
886 ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, in mbedtls_ssl_reset_checksum()
891 ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); in mbedtls_ssl_reset_checksum()
910 #else /* SHA-256 or SHA-384 */ in ssl_update_checksum_start()
914 #endif /* SHA-256 or SHA-384 */ in ssl_update_checksum_start()
917 status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); in ssl_update_checksum_start()
922 ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); in ssl_update_checksum_start()
930 status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); in ssl_update_checksum_start()
935 ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); in ssl_update_checksum_start()
950 &ssl->handshake->fin_sha256_psa, buf, len)); in ssl_update_checksum_sha256()
952 return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); in ssl_update_checksum_sha256()
963 &ssl->handshake->fin_sha384_psa, buf, len)); in ssl_update_checksum_sha384()
965 return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); in ssl_update_checksum_sha384()
976 handshake->fin_sha256_psa = psa_hash_operation_init(); in ssl_handshake_params_init()
978 mbedtls_md_init(&handshake->fin_sha256); in ssl_handshake_params_init()
983 handshake->fin_sha384_psa = psa_hash_operation_init(); in ssl_handshake_params_init()
985 mbedtls_md_init(&handshake->fin_sha384); in ssl_handshake_params_init()
989 handshake->update_checksum = ssl_update_checksum_start; in ssl_handshake_params_init()
992 mbedtls_dhm_init(&handshake->dhm_ctx); in ssl_handshake_params_init()
996 mbedtls_ecdh_init(&handshake->ecdh_ctx); in ssl_handshake_params_init()
1000 handshake->psa_pake_ctx = psa_pake_operation_init(); in ssl_handshake_params_init()
1001 handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; in ssl_handshake_params_init()
1003 mbedtls_ecjpake_init(&handshake->ecjpake_ctx); in ssl_handshake_params_init()
1006 handshake->ecjpake_cache = NULL; in ssl_handshake_params_init()
1007 handshake->ecjpake_cache_len = 0; in ssl_handshake_params_init()
1012 mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx); in ssl_handshake_params_init()
1016 handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; in ssl_handshake_params_init()
1021 mbedtls_pk_init(&handshake->peer_pubkey); in ssl_handshake_params_init()
1030 transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_transform_init()
1031 transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_transform_init()
1033 mbedtls_cipher_init(&transform->cipher_ctx_enc); in mbedtls_ssl_transform_init()
1034 mbedtls_cipher_init(&transform->cipher_ctx_dec); in mbedtls_ssl_transform_init()
1039 transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_transform_init()
1040 transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_transform_init()
1042 mbedtls_md_init(&transform->md_ctx_enc); in mbedtls_ssl_transform_init()
1043 mbedtls_md_init(&transform->md_ctx_dec); in mbedtls_ssl_transform_init()
1060 if (ssl->transform_negotiate) { in ssl_handshake_init()
1061 mbedtls_ssl_transform_free(ssl->transform_negotiate); in ssl_handshake_init()
1064 if (ssl->session_negotiate) { in ssl_handshake_init()
1065 mbedtls_ssl_session_free(ssl->session_negotiate); in ssl_handshake_init()
1067 if (ssl->handshake) { in ssl_handshake_init()
1076 if (ssl->transform_negotiate == NULL) { in ssl_handshake_init()
1077 ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); in ssl_handshake_init()
1081 if (ssl->session_negotiate == NULL) { in ssl_handshake_init()
1082 ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); in ssl_handshake_init()
1085 if (ssl->handshake == NULL) { in ssl_handshake_init()
1086 ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params)); in ssl_handshake_init()
1089 /* If the buffers are too small - reallocate */ in ssl_handshake_init()
1096 if (ssl->handshake == NULL || in ssl_handshake_init()
1098 ssl->transform_negotiate == NULL || in ssl_handshake_init()
1100 ssl->session_negotiate == NULL) { in ssl_handshake_init()
1101 MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed")); in ssl_handshake_init()
1103 mbedtls_free(ssl->handshake); in ssl_handshake_init()
1104 ssl->handshake = NULL; in ssl_handshake_init()
1107 mbedtls_free(ssl->transform_negotiate); in ssl_handshake_init()
1108 ssl->transform_negotiate = NULL; in ssl_handshake_init()
1111 mbedtls_free(ssl->session_negotiate); in ssl_handshake_init()
1112 ssl->session_negotiate = NULL; in ssl_handshake_init()
1119 ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IDLE; in ssl_handshake_init()
1122 ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; in ssl_handshake_init()
1124 ssl->total_early_data_size = 0; in ssl_handshake_init()
1128 mbedtls_ssl_session_init(ssl->session_negotiate); in ssl_handshake_init()
1129 ssl_handshake_params_init(ssl->handshake); in ssl_handshake_init()
1132 mbedtls_ssl_transform_init(ssl->transform_negotiate); in ssl_handshake_init()
1145 ssl->handshake->new_session_tickets_count = in ssl_handshake_init()
1146 ssl->conf->new_session_tickets_count; in ssl_handshake_init()
1150 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_handshake_init()
1151 ssl->handshake->alt_transform_out = ssl->transform_out; in ssl_handshake_init()
1153 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_handshake_init()
1154 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; in ssl_handshake_init()
1156 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; in ssl_handshake_init()
1171 if (ssl->conf->curve_list != NULL) { in ssl_handshake_init()
1173 const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; in ssl_handshake_init()
1196 ssl->handshake->group_list = group_list; in ssl_handshake_init()
1197 ssl->handshake->group_list_heap_allocated = 1; in ssl_handshake_init()
1199 ssl->handshake->group_list = ssl->conf->group_list; in ssl_handshake_init()
1200 ssl->handshake->group_list_heap_allocated = 0; in ssl_handshake_init()
1210 if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && in ssl_handshake_init()
1211 ssl->conf->sig_hashes != NULL) { in ssl_handshake_init()
1213 const int *sig_hashes = ssl->conf->sig_hashes; in ssl_handshake_init()
1218 <= (SIZE_MAX - (2 * sizeof(uint16_t))), in ssl_handshake_init()
1241 ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len + in ssl_handshake_init()
1243 if (ssl->handshake->sig_algs == NULL) { in ssl_handshake_init()
1247 p = (uint16_t *) ssl->handshake->sig_algs; in ssl_handshake_init()
1263 ssl->handshake->sig_algs_heap_allocated = 1; in ssl_handshake_init()
1267 ssl->handshake->sig_algs_heap_allocated = 0; in ssl_handshake_init()
1316 const mbedtls_ssl_config *conf = ssl->conf; in ssl_conf_version_check()
1320 if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_conf_version_check()
1339 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_conf_version_check()
1340 MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2")); in ssl_conf_version_check()
1362 if (ssl->conf->f_rng == NULL) { in ssl_conf_check()
1383 ssl->conf = conf; in mbedtls_ssl_setup()
1388 ssl->tls_version = ssl->conf->max_tls_version; in mbedtls_ssl_setup()
1394 /* Set to NULL in case of an error condition */ in mbedtls_ssl_setup()
1395 ssl->out_buf = NULL; in mbedtls_ssl_setup()
1398 ssl->in_buf_len = in_buf_len; in mbedtls_ssl_setup()
1400 ssl->in_buf = mbedtls_calloc(1, in_buf_len); in mbedtls_ssl_setup()
1401 if (ssl->in_buf == NULL) { in mbedtls_ssl_setup()
1408 ssl->out_buf_len = out_buf_len; in mbedtls_ssl_setup()
1410 ssl->out_buf = mbedtls_calloc(1, out_buf_len); in mbedtls_ssl_setup()
1411 if (ssl->out_buf == NULL) { in mbedtls_ssl_setup()
1421 memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); in mbedtls_ssl_setup()
1431 mbedtls_free(ssl->in_buf); in mbedtls_ssl_setup()
1432 mbedtls_free(ssl->out_buf); in mbedtls_ssl_setup()
1434 ssl->conf = NULL; in mbedtls_ssl_setup()
1437 ssl->in_buf_len = 0; in mbedtls_ssl_setup()
1438 ssl->out_buf_len = 0; in mbedtls_ssl_setup()
1440 ssl->in_buf = NULL; in mbedtls_ssl_setup()
1441 ssl->out_buf = NULL; in mbedtls_ssl_setup()
1443 ssl->in_hdr = NULL; in mbedtls_ssl_setup()
1444 ssl->in_ctr = NULL; in mbedtls_ssl_setup()
1445 ssl->in_len = NULL; in mbedtls_ssl_setup()
1446 ssl->in_iv = NULL; in mbedtls_ssl_setup()
1447 ssl->in_msg = NULL; in mbedtls_ssl_setup()
1449 ssl->out_hdr = NULL; in mbedtls_ssl_setup()
1450 ssl->out_ctr = NULL; in mbedtls_ssl_setup()
1451 ssl->out_len = NULL; in mbedtls_ssl_setup()
1452 ssl->out_iv = NULL; in mbedtls_ssl_setup()
1453 ssl->out_msg = NULL; in mbedtls_ssl_setup()
1459 * Reset an initialized and used SSL context for re-use while retaining
1460 * all application-set variables, function pointers and data.
1462 * If partial is non-zero, keep data in the input buffer and client ID.
1469 size_t in_buf_len = ssl->in_buf_len; in mbedtls_ssl_session_reset_msg_layer()
1470 size_t out_buf_len = ssl->out_buf_len; in mbedtls_ssl_session_reset_msg_layer()
1480 /* Cancel any possibly running timer */ in mbedtls_ssl_session_reset_msg_layer()
1487 ssl->in_offt = NULL; in mbedtls_ssl_session_reset_msg_layer()
1488 ssl->nb_zero = 0; in mbedtls_ssl_session_reset_msg_layer()
1489 ssl->in_msgtype = 0; in mbedtls_ssl_session_reset_msg_layer()
1490 ssl->in_msglen = 0; in mbedtls_ssl_session_reset_msg_layer()
1491 ssl->in_hslen = 0; in mbedtls_ssl_session_reset_msg_layer()
1492 ssl->keep_current_message = 0; in mbedtls_ssl_session_reset_msg_layer()
1493 ssl->transform_in = NULL; in mbedtls_ssl_session_reset_msg_layer()
1498 ssl->badmac_seen_or_in_hsfraglen = 0; in mbedtls_ssl_session_reset_msg_layer()
1502 ssl->next_record_offset = 0; in mbedtls_ssl_session_reset_msg_layer()
1503 ssl->in_epoch = 0; in mbedtls_ssl_session_reset_msg_layer()
1508 ssl->in_left = 0; in mbedtls_ssl_session_reset_msg_layer()
1509 memset(ssl->in_buf, 0, in_buf_len); in mbedtls_ssl_session_reset_msg_layer()
1512 ssl->send_alert = 0; in mbedtls_ssl_session_reset_msg_layer()
1515 ssl->out_msgtype = 0; in mbedtls_ssl_session_reset_msg_layer()
1516 ssl->out_msglen = 0; in mbedtls_ssl_session_reset_msg_layer()
1517 ssl->out_left = 0; in mbedtls_ssl_session_reset_msg_layer()
1518 memset(ssl->out_buf, 0, out_buf_len); in mbedtls_ssl_session_reset_msg_layer()
1519 memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); in mbedtls_ssl_session_reset_msg_layer()
1520 ssl->transform_out = NULL; in mbedtls_ssl_session_reset_msg_layer()
1527 if (ssl->transform) { in mbedtls_ssl_session_reset_msg_layer()
1528 mbedtls_ssl_transform_free(ssl->transform); in mbedtls_ssl_session_reset_msg_layer()
1529 mbedtls_free(ssl->transform); in mbedtls_ssl_session_reset_msg_layer()
1530 ssl->transform = NULL; in mbedtls_ssl_session_reset_msg_layer()
1535 mbedtls_ssl_transform_free(ssl->transform_application); in mbedtls_ssl_session_reset_msg_layer()
1536 mbedtls_free(ssl->transform_application); in mbedtls_ssl_session_reset_msg_layer()
1537 ssl->transform_application = NULL; in mbedtls_ssl_session_reset_msg_layer()
1539 if (ssl->handshake != NULL) { in mbedtls_ssl_session_reset_msg_layer()
1541 mbedtls_ssl_transform_free(ssl->handshake->transform_earlydata); in mbedtls_ssl_session_reset_msg_layer()
1542 mbedtls_free(ssl->handshake->transform_earlydata); in mbedtls_ssl_session_reset_msg_layer()
1543 ssl->handshake->transform_earlydata = NULL; in mbedtls_ssl_session_reset_msg_layer()
1546 mbedtls_ssl_transform_free(ssl->handshake->transform_handshake); in mbedtls_ssl_session_reset_msg_layer()
1547 mbedtls_free(ssl->handshake->transform_handshake); in mbedtls_ssl_session_reset_msg_layer()
1548 ssl->handshake->transform_handshake = NULL; in mbedtls_ssl_session_reset_msg_layer()
1559 ssl->tls_version = ssl->conf->max_tls_version; in mbedtls_ssl_session_reset_int()
1565 ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; in mbedtls_ssl_session_reset_int()
1566 ssl->renego_records_seen = 0; in mbedtls_ssl_session_reset_int()
1568 ssl->verify_data_len = 0; in mbedtls_ssl_session_reset_int()
1569 memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); in mbedtls_ssl_session_reset_int()
1570 memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); in mbedtls_ssl_session_reset_int()
1572 ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; in mbedtls_ssl_session_reset_int()
1574 ssl->session_in = NULL; in mbedtls_ssl_session_reset_int()
1575 ssl->session_out = NULL; in mbedtls_ssl_session_reset_int()
1576 if (ssl->session) { in mbedtls_ssl_session_reset_int()
1577 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_session_reset_int()
1578 mbedtls_free(ssl->session); in mbedtls_ssl_session_reset_int()
1579 ssl->session = NULL; in mbedtls_ssl_session_reset_int()
1583 ssl->alpn_chosen = NULL; in mbedtls_ssl_session_reset_int()
1592 mbedtls_free(ssl->cli_id); in mbedtls_ssl_session_reset_int()
1593 ssl->cli_id = NULL; in mbedtls_ssl_session_reset_int()
1594 ssl->cli_id_len = 0; in mbedtls_ssl_session_reset_int()
1606 * Reset an initialized and used SSL context for re-use while retaining
1607 * all application-set variables, function pointers and data.
1619 conf->endpoint = endpoint; in mbedtls_ssl_conf_endpoint()
1624 conf->transport = transport; in mbedtls_ssl_conf_transport()
1630 conf->anti_replay = mode; in mbedtls_ssl_conf_dtls_anti_replay()
1636 conf->badmac_limit = limit; in mbedtls_ssl_conf_dtls_badmac_limit()
1644 ssl->disable_datagram_packing = !allow_packing; in mbedtls_ssl_set_datagram_packing()
1650 conf->hs_timeout_min = min; in mbedtls_ssl_conf_handshake_timeout()
1651 conf->hs_timeout_max = max; in mbedtls_ssl_conf_handshake_timeout()
1657 conf->authmode = authmode; in mbedtls_ssl_conf_authmode()
1665 conf->f_vrfy = f_vrfy; in mbedtls_ssl_conf_verify()
1666 conf->p_vrfy = p_vrfy; in mbedtls_ssl_conf_verify()
1674 conf->f_rng = f_rng; in mbedtls_ssl_conf_rng()
1675 conf->p_rng = p_rng; in mbedtls_ssl_conf_rng()
1682 conf->f_dbg = f_dbg; in mbedtls_ssl_conf_dbg()
1683 conf->p_dbg = p_dbg; in mbedtls_ssl_conf_dbg()
1692 ssl->p_bio = p_bio; in mbedtls_ssl_set_bio()
1693 ssl->f_send = f_send; in mbedtls_ssl_set_bio()
1694 ssl->f_recv = f_recv; in mbedtls_ssl_set_bio()
1695 ssl->f_recv_timeout = f_recv_timeout; in mbedtls_ssl_set_bio()
1701 ssl->mtu = mtu; in mbedtls_ssl_set_mtu()
1707 conf->read_timeout = timeout; in mbedtls_ssl_conf_read_timeout()
1715 ssl->p_timer = p_timer; in mbedtls_ssl_set_timer_cb()
1716 ssl->f_set_timer = f_set_timer; in mbedtls_ssl_set_timer_cb()
1717 ssl->f_get_timer = f_get_timer; in mbedtls_ssl_set_timer_cb()
1729 conf->p_cache = p_cache; in mbedtls_ssl_conf_session_cache()
1730 conf->f_get_cache = f_get_cache; in mbedtls_ssl_conf_session_cache()
1731 conf->f_set_cache = f_set_cache; in mbedtls_ssl_conf_session_cache()
1742 ssl->session_negotiate == NULL || in mbedtls_ssl_set_session()
1743 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_set_session()
1747 if (ssl->handshake->resume == 1) { in mbedtls_ssl_set_session()
1752 if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_set_session()
1755 mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); in mbedtls_ssl_set_session()
1761 session->ciphersuite)); in mbedtls_ssl_set_session()
1767 * TLS 1.3 session, thus do not make any change to the SSL context in in mbedtls_ssl_set_session()
1775 if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate, in mbedtls_ssl_set_session()
1780 ssl->handshake->resume = 1; in mbedtls_ssl_set_session()
1789 conf->ciphersuite_list = ciphersuites; in mbedtls_ssl_conf_ciphersuites()
1796 conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; in mbedtls_ssl_conf_tls13_key_exchange_modes()
1803 conf->early_data_enabled = early_data_enabled; in mbedtls_ssl_conf_early_data()
1810 conf->max_early_data_size = max_early_data_size; in mbedtls_ssl_conf_max_early_data_size()
1821 conf->cert_profile = profile; in mbedtls_ssl_conf_cert_profile()
1829 next = cur->next; in ssl_key_cert_free()
1855 new_cert->cert = cert; in ssl_append_key_cert()
1856 new_cert->key = key; in ssl_append_key_cert()
1857 new_cert->next = NULL; in ssl_append_key_cert()
1864 while (cur->next != NULL) { in ssl_append_key_cert()
1865 cur = cur->next; in ssl_append_key_cert()
1867 cur->next = new_cert; in ssl_append_key_cert()
1877 return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key); in mbedtls_ssl_conf_own_cert()
1884 conf->ca_chain = ca_chain; in mbedtls_ssl_conf_ca_chain()
1885 conf->ca_crl = ca_crl; in mbedtls_ssl_conf_ca_chain()
1890 conf->f_ca_cb = NULL; in mbedtls_ssl_conf_ca_chain()
1891 conf->p_ca_cb = NULL; in mbedtls_ssl_conf_ca_chain()
1900 conf->f_ca_cb = f_ca_cb; in mbedtls_ssl_conf_ca_cb()
1901 conf->p_ca_cb = p_ca_cb; in mbedtls_ssl_conf_ca_cb()
1905 conf->ca_chain = NULL; in mbedtls_ssl_conf_ca_cb()
1906 conf->ca_crl = NULL; in mbedtls_ssl_conf_ca_cb()
1915 *name_len = ssl->handshake->sni_name_len; in mbedtls_ssl_get_hs_sni()
1916 return ssl->handshake->sni_name; in mbedtls_ssl_get_hs_sni()
1923 return ssl_append_key_cert(&ssl->handshake->sni_key_cert, in mbedtls_ssl_set_hs_own_cert()
1931 ssl->handshake->sni_ca_chain = ca_chain; in mbedtls_ssl_set_hs_ca_chain()
1932 ssl->handshake->sni_ca_crl = ca_crl; in mbedtls_ssl_set_hs_ca_chain()
1939 ssl->handshake->dn_hints = crt; in mbedtls_ssl_set_hs_dn_hints()
1946 ssl->handshake->sni_authmode = authmode; in mbedtls_ssl_set_hs_authmode()
1955 ssl->f_vrfy = f_vrfy; in mbedtls_ssl_set_verify()
1956 ssl->p_vrfy = p_vrfy; in mbedtls_ssl_set_verify()
1983 status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite); in mbedtls_ssl_set_hs_ecjpake_password_common()
1988 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_hs_ecjpake_password_common()
2000 status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); in mbedtls_ssl_set_hs_ecjpake_password_common()
2005 status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len); in mbedtls_ssl_set_hs_ecjpake_password_common()
2010 status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd); in mbedtls_ssl_set_hs_ecjpake_password_common()
2015 ssl->handshake->psa_pake_ctx_is_ok = 1; in mbedtls_ssl_set_hs_ecjpake_password_common()
2027 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password()
2041 &ssl->handshake->psa_pake_password); in mbedtls_ssl_set_hs_ecjpake_password()
2047 ssl->handshake->psa_pake_password); in mbedtls_ssl_set_hs_ecjpake_password()
2049 psa_destroy_key(ssl->handshake->psa_pake_password); in mbedtls_ssl_set_hs_ecjpake_password()
2050 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in mbedtls_ssl_set_hs_ecjpake_password()
2062 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password_opaque()
2072 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in mbedtls_ssl_set_hs_ecjpake_password_opaque()
2085 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password()
2094 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_hs_ecjpake_password()
2100 return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx, in mbedtls_ssl_set_hs_ecjpake_password()
2112 if (conf->psk_identity == NULL || in mbedtls_ssl_conf_has_static_psk()
2113 conf->psk_identity_len == 0) { in mbedtls_ssl_conf_has_static_psk()
2118 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in mbedtls_ssl_conf_has_static_psk()
2123 if (conf->psk != NULL && conf->psk_len != 0) { in mbedtls_ssl_conf_has_static_psk()
2134 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in ssl_conf_remove_psk()
2137 conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in ssl_conf_remove_psk()
2140 if (conf->psk != NULL) { in ssl_conf_remove_psk()
2141 mbedtls_zeroize_and_free(conf->psk, conf->psk_len); in ssl_conf_remove_psk()
2142 conf->psk = NULL; in ssl_conf_remove_psk()
2143 conf->psk_len = 0; in ssl_conf_remove_psk()
2147 if (conf->psk_identity != NULL) { in ssl_conf_remove_psk()
2148 mbedtls_free(conf->psk_identity); in ssl_conf_remove_psk()
2149 conf->psk_identity = NULL; in ssl_conf_remove_psk()
2150 conf->psk_identity_len = 0; in ssl_conf_remove_psk()
2154 /* This function assumes that PSK identity in the SSL config is unset.
2155 * It checks that the provided identity is well-formed and attempts
2156 * to make a copy of it in the SSL config.
2157 * On failure, the PSK identity in the config remains unset. */
2171 conf->psk_identity = mbedtls_calloc(1, psk_identity_len); in ssl_conf_set_psk_identity()
2172 if (conf->psk_identity == NULL) { in ssl_conf_set_psk_identity()
2176 conf->psk_identity_len = psk_identity_len; in ssl_conf_set_psk_identity()
2177 memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); in ssl_conf_set_psk_identity()
2204 if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { in mbedtls_ssl_conf_psk()
2207 conf->psk_len = psk_len; in mbedtls_ssl_conf_psk()
2208 memcpy(conf->psk, psk, conf->psk_len); in mbedtls_ssl_conf_psk()
2222 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { in ssl_remove_psk()
2225 if (ssl->handshake->psk_opaque_is_internal) { in ssl_remove_psk()
2226 psa_destroy_key(ssl->handshake->psk_opaque); in ssl_remove_psk()
2227 ssl->handshake->psk_opaque_is_internal = 0; in ssl_remove_psk()
2229 ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in ssl_remove_psk()
2232 if (ssl->handshake->psk != NULL) { in ssl_remove_psk()
2233 mbedtls_zeroize_and_free(ssl->handshake->psk, in ssl_remove_psk()
2234 ssl->handshake->psk_len); in ssl_remove_psk()
2235 ssl->handshake->psk_len = 0; in ssl_remove_psk()
2236 ssl->handshake->psk = NULL; in ssl_remove_psk()
2251 if (psk == NULL || ssl->handshake == NULL) { in mbedtls_ssl_set_hs_psk()
2263 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in mbedtls_ssl_set_hs_psk()
2264 if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { in mbedtls_ssl_set_hs_psk()
2274 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_set_hs_psk()
2290 ssl->handshake->psk_opaque_is_internal = 1; in mbedtls_ssl_set_hs_psk()
2293 if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) { in mbedtls_ssl_set_hs_psk()
2297 ssl->handshake->psk_len = psk_len; in mbedtls_ssl_set_hs_psk()
2298 memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len); in mbedtls_ssl_set_hs_psk()
2321 conf->psk_opaque = psk; in mbedtls_ssl_conf_psk_opaque()
2337 (ssl->handshake == NULL)) { in mbedtls_ssl_set_hs_psk_opaque()
2342 ssl->handshake->psk_opaque = psk; in mbedtls_ssl_set_hs_psk_opaque()
2353 conf->f_psk = f_psk; in mbedtls_ssl_conf_psk_cb()
2354 conf->p_psk = p_psk; in mbedtls_ssl_conf_psk_cb()
2420 transform->psa_alg in mbedtls_ssl_get_mode_from_transform()
2422 mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc) in mbedtls_ssl_get_mode_from_transform()
2428 encrypt_then_mac = transform->encrypt_then_mac; in mbedtls_ssl_get_mode_from_transform()
2446 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher, in mbedtls_ssl_get_mode_from_ciphersuite()
2453 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) suite->cipher); in mbedtls_ssl_get_mode_from_ciphersuite()
2674 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_bin()
2675 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_bin()
2677 if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || in mbedtls_ssl_conf_dh_param_bin()
2678 (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { in mbedtls_ssl_conf_dh_param_bin()
2679 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_bin()
2680 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_bin()
2691 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_ctx()
2692 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_ctx()
2695 &conf->dhm_P)) != 0 || in mbedtls_ssl_conf_dh_param_ctx()
2697 &conf->dhm_G)) != 0) { in mbedtls_ssl_conf_dh_param_ctx()
2698 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_ctx()
2699 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_ctx()
2709 * Set the minimum length for Diffie-Hellman parameters
2714 conf->dhm_min_bitlen = bitlen; in mbedtls_ssl_conf_dhm_min_bitlen()
2726 conf->sig_hashes = hashes; in mbedtls_ssl_conf_sig_hashes()
2735 conf->sig_hashes = NULL; in mbedtls_ssl_conf_sig_algs()
2737 conf->sig_algs = sig_algs; in mbedtls_ssl_conf_sig_algs()
2748 * stored in ssl->handshake->group_list.
2754 conf->curve_list = curve_list; in mbedtls_ssl_conf_curves()
2755 conf->group_list = NULL; in mbedtls_ssl_conf_curves()
2767 conf->curve_list = NULL; in mbedtls_ssl_conf_groups()
2769 conf->group_list = group_list; in mbedtls_ssl_conf_groups()
2774 /* A magic value for `ssl->hostname` indicating that
2777 * `ssl->hostname == NULL`. */
2783 * \param[in] ssl SSL context
2792 return ssl->hostname != NULL; in mbedtls_ssl_has_set_hostname_been_called()
2796 /* Micro-optimization: don't export this function if it isn't needed outside
2803 if (ssl->hostname == ssl_hostname_skip_cn_verification) { in mbedtls_ssl_get_hostname_pointer()
2806 return ssl->hostname; in mbedtls_ssl_get_hostname_pointer()
2811 if (ssl->hostname != NULL && in mbedtls_ssl_free_hostname()
2812 ssl->hostname != ssl_hostname_skip_cn_verification) { in mbedtls_ssl_free_hostname()
2813 mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); in mbedtls_ssl_free_hostname()
2815 ssl->hostname = NULL; in mbedtls_ssl_free_hostname()
2841 /* ssl->hostname should be const, but isn't. We won't actually in mbedtls_ssl_set_hostname()
2843 ssl->hostname = (char *) ssl_hostname_skip_cn_verification; in mbedtls_ssl_set_hostname()
2845 ssl->hostname = mbedtls_calloc(1, hostname_len + 1); in mbedtls_ssl_set_hostname()
2846 if (ssl->hostname == NULL) { in mbedtls_ssl_set_hostname()
2848 * Leave ssl->hostname in the same state as if the function had in mbedtls_ssl_set_hostname()
2853 memcpy(ssl->hostname, hostname, hostname_len); in mbedtls_ssl_set_hostname()
2855 ssl->hostname[hostname_len] = '\0'; in mbedtls_ssl_set_hostname()
2868 conf->f_sni = f_sni; in mbedtls_ssl_conf_sni()
2869 conf->p_sni = p_sni; in mbedtls_ssl_conf_sni()
2896 conf->alpn_list = protos; in mbedtls_ssl_conf_alpn_protocols()
2903 return ssl->alpn_chosen; in mbedtls_ssl_get_alpn_protocol()
2911 conf->dtls_srtp_mki_support = support_mki_value; in mbedtls_ssl_conf_srtp_mki_value_supported()
2922 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { in mbedtls_ssl_dtls_srtp_set_mki_value()
2926 memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len); in mbedtls_ssl_dtls_srtp_set_mki_value()
2927 ssl->dtls_srtp_info.mki_len = mki_len; in mbedtls_ssl_dtls_srtp_set_mki_value()
2951 conf->dtls_srtp_profile_list = NULL; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2952 conf->dtls_srtp_profile_list_len = 0; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2956 conf->dtls_srtp_profile_list = profiles; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2957 conf->dtls_srtp_profile_list_len = list_size; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2965 dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; in mbedtls_ssl_get_dtls_srtp_negotiation_result()
2967 if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { in mbedtls_ssl_get_dtls_srtp_negotiation_result()
2968 dtls_srtp_info->mki_len = 0; in mbedtls_ssl_get_dtls_srtp_negotiation_result()
2970 dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; in mbedtls_ssl_get_dtls_srtp_negotiation_result()
2971 memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, in mbedtls_ssl_get_dtls_srtp_negotiation_result()
2972 ssl->dtls_srtp_info.mki_len); in mbedtls_ssl_get_dtls_srtp_negotiation_result()
2980 conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); in mbedtls_ssl_conf_max_version()
2985 conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); in mbedtls_ssl_conf_min_version()
2993 conf->cert_req_ca_list = cert_req_ca_list; in mbedtls_ssl_conf_cert_req_ca_list()
3000 conf->encrypt_then_mac = etm; in mbedtls_ssl_conf_encrypt_then_mac()
3007 conf->extended_ms = ems; in mbedtls_ssl_conf_extended_master_secret()
3019 conf->mfl_code = mfl_code; in mbedtls_ssl_conf_max_frag_len()
3027 conf->allow_legacy_renegotiation = allow_legacy; in mbedtls_ssl_conf_legacy_renegotiation()
3033 conf->disable_renegotiation = renegotiation; in mbedtls_ssl_conf_renegotiation()
3038 conf->renego_max_records = max_records; in mbedtls_ssl_conf_renegotiation_enforced()
3044 memcpy(conf->renego_period, period, 8); in mbedtls_ssl_conf_renegotiation_period()
3053 conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK; in mbedtls_ssl_conf_session_tickets()
3054 conf->session_tickets |= (use_tickets != 0) << in mbedtls_ssl_conf_session_tickets()
3062 conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK; in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()
3063 conf->session_tickets |= (signal_new_session_tickets != 0) << in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()
3075 conf->new_session_tickets_count = num_tickets; in mbedtls_ssl_conf_new_session_tickets()
3084 conf->f_ticket_write = f_ticket_write; in mbedtls_ssl_conf_session_tickets_cb()
3085 conf->f_ticket_parse = f_ticket_parse; in mbedtls_ssl_conf_session_tickets_cb()
3086 conf->p_ticket = p_ticket; in mbedtls_ssl_conf_session_tickets_cb()
3095 ssl->f_export_keys = f_export_keys; in mbedtls_ssl_set_export_keys_cb()
3096 ssl->p_export_keys = p_export_keys; in mbedtls_ssl_set_export_keys_cb()
3108 conf->f_async_sign_start = f_async_sign; in mbedtls_ssl_conf_async_private_cb()
3109 conf->f_async_decrypt_start = f_async_decrypt; in mbedtls_ssl_conf_async_private_cb()
3110 conf->f_async_resume = f_async_resume; in mbedtls_ssl_conf_async_private_cb()
3111 conf->f_async_cancel = f_async_cancel; in mbedtls_ssl_conf_async_private_cb()
3112 conf->p_async_config_data = async_config_data; in mbedtls_ssl_conf_async_private_cb()
3117 return conf->p_async_config_data; in mbedtls_ssl_conf_get_async_config_data()
3122 if (ssl->handshake == NULL) { in mbedtls_ssl_get_async_operation_data()
3125 return ssl->handshake->user_async_ctx; in mbedtls_ssl_get_async_operation_data()
3132 if (ssl->handshake != NULL) { in mbedtls_ssl_set_async_operation_data()
3133 ssl->handshake->user_async_ctx = ctx; in mbedtls_ssl_set_async_operation_data()
3143 if (ssl->session != NULL) { in mbedtls_ssl_get_verify_result()
3144 return ssl->session->verify_result; in mbedtls_ssl_get_verify_result()
3147 if (ssl->session_negotiate != NULL) { in mbedtls_ssl_get_verify_result()
3148 return ssl->session_negotiate->verify_result; in mbedtls_ssl_get_verify_result()
3156 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_ciphersuite_id_from_ssl()
3160 return ssl->session->ciphersuite; in mbedtls_ssl_get_ciphersuite_id_from_ssl()
3165 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_ciphersuite()
3169 return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); in mbedtls_ssl_get_ciphersuite()
3175 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_get_version()
3176 switch (ssl->tls_version) { in mbedtls_ssl_get_version()
3185 switch (ssl->tls_version) { in mbedtls_ssl_get_version()
3202 if (ssl->session != NULL && in mbedtls_ssl_get_output_record_size_limit()
3203 ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && in mbedtls_ssl_get_output_record_size_limit()
3204 ssl->session->record_size_limit < max_len) { in mbedtls_ssl_get_output_record_size_limit()
3205 record_size_limit = ssl->session->record_size_limit; in mbedtls_ssl_get_output_record_size_limit()
3210 if (ssl->session_negotiate != NULL && in mbedtls_ssl_get_output_record_size_limit()
3211 ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && in mbedtls_ssl_get_output_record_size_limit()
3212 ssl->session_negotiate->record_size_limit < max_len) { in mbedtls_ssl_get_output_record_size_limit()
3213 record_size_limit = ssl->session_negotiate->record_size_limit; in mbedtls_ssl_get_output_record_size_limit()
3228 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_get_input_max_frag_len()
3229 ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) { in mbedtls_ssl_get_input_max_frag_len()
3230 return ssl_mfl_code_to_length(ssl->conf->mfl_code); in mbedtls_ssl_get_input_max_frag_len()
3235 if (ssl->session_out != NULL) { in mbedtls_ssl_get_input_max_frag_len()
3236 read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code); in mbedtls_ssl_get_input_max_frag_len()
3243 if (ssl->session_negotiate != NULL) { in mbedtls_ssl_get_input_max_frag_len()
3244 read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); in mbedtls_ssl_get_input_max_frag_len()
3260 max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); in mbedtls_ssl_get_output_max_frag_len()
3263 if (ssl->session_out != NULL && in mbedtls_ssl_get_output_max_frag_len()
3264 ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) { in mbedtls_ssl_get_output_max_frag_len()
3265 max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code); in mbedtls_ssl_get_output_max_frag_len()
3269 if (ssl->session_negotiate != NULL && in mbedtls_ssl_get_output_max_frag_len()
3270 ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) { in mbedtls_ssl_get_output_max_frag_len()
3271 max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); in mbedtls_ssl_get_output_max_frag_len()
3282 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_get_current_mtu()
3283 (ssl->state == MBEDTLS_SSL_CLIENT_HELLO || in mbedtls_ssl_get_current_mtu()
3284 ssl->state == MBEDTLS_SSL_SERVER_HELLO)) { in mbedtls_ssl_get_current_mtu()
3288 if (ssl->handshake == NULL || ssl->handshake->mtu == 0) { in mbedtls_ssl_get_current_mtu()
3289 return ssl->mtu; in mbedtls_ssl_get_current_mtu()
3292 if (ssl->mtu == 0) { in mbedtls_ssl_get_current_mtu()
3293 return ssl->handshake->mtu; in mbedtls_ssl_get_current_mtu()
3296 return ssl->mtu < ssl->handshake->mtu ? in mbedtls_ssl_get_current_mtu()
3297 ssl->mtu : ssl->handshake->mtu; in mbedtls_ssl_get_current_mtu()
3327 if (ssl->transform_out != NULL && in mbedtls_ssl_get_max_out_record_payload()
3328 ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_get_max_out_record_payload()
3330 * In TLS 1.3 case, when records are protected, `max_len` as computed in mbedtls_ssl_get_max_out_record_payload()
3334 * in mbedtls_ssl_encrypt_buf(), compute the maximum length for in mbedtls_ssl_get_max_out_record_payload()
3340 MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; in mbedtls_ssl_get_max_out_record_payload()
3358 if (max_len > mtu - overhead) { in mbedtls_ssl_get_max_out_record_payload()
3359 max_len = mtu - overhead; in mbedtls_ssl_get_max_out_record_payload()
3395 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_peer_cert()
3400 return ssl->session->peer_cert; in mbedtls_ssl_get_peer_cert()
3415 ssl->session == NULL || in mbedtls_ssl_get_session()
3416 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_get_session()
3423 * (This is in preparation for TLS 1.3 support where we will in mbedtls_ssl_get_session()
3431 if (ssl->session->exported == 1) { in mbedtls_ssl_get_session()
3435 ret = mbedtls_ssl_session_copy(dst, ssl->session); in mbedtls_ssl_get_session()
3441 ssl->session->exported = 1; in mbedtls_ssl_get_session()
3475 start = (uint64_t) session->start; in ssl_tls12_session_save()
3486 + sizeof(session->id) in ssl_tls12_session_save()
3487 + sizeof(session->master) in ssl_tls12_session_save()
3491 *p++ = MBEDTLS_BYTE_0(session->id_len); in ssl_tls12_session_save()
3492 memcpy(p, session->id, 32); in ssl_tls12_session_save()
3495 memcpy(p, session->master, 48); in ssl_tls12_session_save()
3498 MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); in ssl_tls12_session_save()
3503 * Peer's end-entity certificate in ssl_tls12_session_save()
3507 if (session->peer_cert == NULL) { in ssl_tls12_session_save()
3510 cert_len = session->peer_cert->raw.len; in ssl_tls12_session_save()
3520 if (session->peer_cert != NULL) { in ssl_tls12_session_save()
3521 memcpy(p, session->peer_cert->raw.p, cert_len); in ssl_tls12_session_save()
3526 if (session->peer_cert_digest != NULL) { in ssl_tls12_session_save()
3527 used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; in ssl_tls12_session_save()
3529 *p++ = (unsigned char) session->peer_cert_digest_type; in ssl_tls12_session_save()
3530 *p++ = (unsigned char) session->peer_cert_digest_len; in ssl_tls12_session_save()
3531 memcpy(p, session->peer_cert_digest, in ssl_tls12_session_save()
3532 session->peer_cert_digest_len); in ssl_tls12_session_save()
3533 p += session->peer_cert_digest_len; in ssl_tls12_session_save()
3550 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls12_session_save()
3551 used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ in ssl_tls12_session_save()
3554 *p++ = MBEDTLS_BYTE_2(session->ticket_len); in ssl_tls12_session_save()
3555 *p++ = MBEDTLS_BYTE_1(session->ticket_len); in ssl_tls12_session_save()
3556 *p++ = MBEDTLS_BYTE_0(session->ticket_len); in ssl_tls12_session_save()
3558 if (session->ticket != NULL) { in ssl_tls12_session_save()
3559 memcpy(p, session->ticket, session->ticket_len); in ssl_tls12_session_save()
3560 p += session->ticket_len; in ssl_tls12_session_save()
3563 MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); in ssl_tls12_session_save()
3569 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls12_session_save()
3573 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); in ssl_tls12_session_save()
3581 * Misc extension-related info in ssl_tls12_session_save()
3587 *p++ = session->mfl_code; in ssl_tls12_session_save()
3595 *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); in ssl_tls12_session_save()
3623 if (8 > (size_t) (end - p)) { in ssl_tls12_session_load()
3630 session->start = (time_t) start; in ssl_tls12_session_load()
3636 if (1 + 32 + 48 + 4 > (size_t) (end - p)) { in ssl_tls12_session_load()
3640 session->id_len = *p++; in ssl_tls12_session_load()
3641 memcpy(session->id, p, 32); in ssl_tls12_session_load()
3644 memcpy(session->master, p, 48); in ssl_tls12_session_load()
3647 session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls12_session_load()
3650 /* Immediately clear invalid pointer values that have been read, in case in ssl_tls12_session_load()
3654 session->peer_cert = NULL; in ssl_tls12_session_load()
3656 session->peer_cert_digest = NULL; in ssl_tls12_session_load()
3660 session->ticket = NULL; in ssl_tls12_session_load()
3669 if (3 > (size_t) (end - p)) { in ssl_tls12_session_load()
3679 if (cert_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3683 session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in ssl_tls12_session_load()
3685 if (session->peer_cert == NULL) { in ssl_tls12_session_load()
3689 mbedtls_x509_crt_init(session->peer_cert); in ssl_tls12_session_load()
3691 if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, in ssl_tls12_session_load()
3693 mbedtls_x509_crt_free(session->peer_cert); in ssl_tls12_session_load()
3694 mbedtls_free(session->peer_cert); in ssl_tls12_session_load()
3695 session->peer_cert = NULL; in ssl_tls12_session_load()
3703 if (2 > (size_t) (end - p)) { in ssl_tls12_session_load()
3707 session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; in ssl_tls12_session_load()
3708 session->peer_cert_digest_len = (size_t) *p++; in ssl_tls12_session_load()
3710 if (session->peer_cert_digest_len != 0) { in ssl_tls12_session_load()
3712 mbedtls_md_info_from_type(session->peer_cert_digest_type); in ssl_tls12_session_load()
3716 if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { in ssl_tls12_session_load()
3720 if (session->peer_cert_digest_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3724 session->peer_cert_digest = in ssl_tls12_session_load()
3725 mbedtls_calloc(1, session->peer_cert_digest_len); in ssl_tls12_session_load()
3726 if (session->peer_cert_digest == NULL) { in ssl_tls12_session_load()
3730 memcpy(session->peer_cert_digest, p, in ssl_tls12_session_load()
3731 session->peer_cert_digest_len); in ssl_tls12_session_load()
3732 p += session->peer_cert_digest_len; in ssl_tls12_session_load()
3742 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls12_session_load()
3743 if (3 > (size_t) (end - p)) { in ssl_tls12_session_load()
3747 session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); in ssl_tls12_session_load()
3750 if (session->ticket_len != 0) { in ssl_tls12_session_load()
3751 if (session->ticket_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3755 session->ticket = mbedtls_calloc(1, session->ticket_len); in ssl_tls12_session_load()
3756 if (session->ticket == NULL) { in ssl_tls12_session_load()
3760 memcpy(session->ticket, p, session->ticket_len); in ssl_tls12_session_load()
3761 p += session->ticket_len; in ssl_tls12_session_load()
3764 if (4 > (size_t) (end - p)) { in ssl_tls12_session_load()
3768 session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls12_session_load()
3773 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls12_session_load()
3774 if (8 > (size_t) (end - p)) { in ssl_tls12_session_load()
3777 session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls12_session_load()
3784 * Misc extension-related info in ssl_tls12_session_load()
3787 if (1 > (size_t) (end - p)) { in ssl_tls12_session_load()
3791 session->mfl_code = *p++; in ssl_tls12_session_load()
3795 if (1 > (size_t) (end - p)) { in ssl_tls12_session_load()
3799 session->encrypt_then_mac = *p++; in ssl_tls12_session_load()
3827 size_t hostname_len = (session->hostname == NULL) ? in ssl_tls13_session_save()
3828 0 : strlen(session->hostname) + 1; in ssl_tls13_session_save()
3833 const size_t alpn_len = (session->ticket_alpn == NULL) ? in ssl_tls13_session_save()
3834 0 : strlen(session->ticket_alpn) + 1; in ssl_tls13_session_save()
3842 if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { in ssl_tls13_session_save()
3845 needed += session->resumption_key_len; /* resumption_key */ in ssl_tls13_session_save()
3859 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_save()
3868 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_save()
3878 if (session->ticket_len > SIZE_MAX - needed) { in ssl_tls13_session_save()
3882 needed += session->ticket_len; /* ticket */ in ssl_tls13_session_save()
3891 MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 0); in ssl_tls13_session_save()
3892 p[4] = session->ticket_flags; in ssl_tls13_session_save()
3895 p[5] = session->resumption_key_len; in ssl_tls13_session_save()
3897 memcpy(p, session->resumption_key, session->resumption_key_len); in ssl_tls13_session_save()
3898 p += session->resumption_key_len; in ssl_tls13_session_save()
3901 MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); in ssl_tls13_session_save()
3905 MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); in ssl_tls13_session_save()
3910 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_save()
3912 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); in ssl_tls13_session_save()
3922 memcpy(p, session->ticket_alpn, alpn_len); in ssl_tls13_session_save()
3930 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_save()
3936 memcpy(p, session->hostname, hostname_len); in ssl_tls13_session_save()
3942 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); in ssl_tls13_session_save()
3945 MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); in ssl_tls13_session_save()
3948 MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); in ssl_tls13_session_save()
3951 if (session->ticket != NULL && session->ticket_len > 0) { in ssl_tls13_session_save()
3952 memcpy(p, session->ticket, session->ticket_len); in ssl_tls13_session_save()
3953 p += session->ticket_len; in ssl_tls13_session_save()
3968 if (end - p < 6) { in ssl_tls13_session_load()
3971 session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
3972 session->ticket_flags = p[4]; in ssl_tls13_session_load()
3975 session->resumption_key_len = p[5]; in ssl_tls13_session_load()
3978 if (end - p < session->resumption_key_len) { in ssl_tls13_session_load()
3982 if (sizeof(session->resumption_key) < session->resumption_key_len) { in ssl_tls13_session_load()
3985 memcpy(session->resumption_key, p, session->resumption_key_len); in ssl_tls13_session_load()
3986 p += session->resumption_key_len; in ssl_tls13_session_load()
3989 if (end - p < 4) { in ssl_tls13_session_load()
3992 session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
3996 if (end - p < 2) { in ssl_tls13_session_load()
3999 session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_tls13_session_load()
4004 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_load()
4006 if (end - p < 8) { in ssl_tls13_session_load()
4009 session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls13_session_load()
4016 if (end - p < 2) { in ssl_tls13_session_load()
4023 if (end - p < (long int) alpn_len) { in ssl_tls13_session_load()
4039 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_load()
4043 if (end - p < 2) { in ssl_tls13_session_load()
4049 if (end - p < (long int) hostname_len) { in ssl_tls13_session_load()
4053 session->hostname = mbedtls_calloc(1, hostname_len); in ssl_tls13_session_load()
4054 if (session->hostname == NULL) { in ssl_tls13_session_load()
4057 memcpy(session->hostname, p, hostname_len); in ssl_tls13_session_load()
4063 if (end - p < 8) { in ssl_tls13_session_load()
4066 session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls13_session_load()
4069 if (end - p < 4) { in ssl_tls13_session_load()
4072 session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
4075 if (end - p < 2) { in ssl_tls13_session_load()
4078 session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_tls13_session_load()
4081 if (end - p < (long int) session->ticket_len) { in ssl_tls13_session_load()
4084 if (session->ticket_len > 0) { in ssl_tls13_session_load()
4085 session->ticket = mbedtls_calloc(1, session->ticket_len); in ssl_tls13_session_load()
4086 if (session->ticket == NULL) { in ssl_tls13_session_load()
4089 memcpy(session->ticket, p, session->ticket_len); in ssl_tls13_session_load()
4090 p += session->ticket_len; in ssl_tls13_session_load()
4130 * Define bitflag determining compile-time settings influencing
4241 * Serialize a session in the following format:
4242 * (in the presentation language of TLS, RFC 8446 section 3)
4248 * opaque ticket<0..2^24-1>; // length 0 means no ticket
4259 * opaque master[48]; // fixed length in the standard
4262 * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
4265 * opaque peer_cert_digest<0..2^8-1>
4284 * opaque hostname<0..2^16-1>;
4290 * opaque ticket<1..2^16-1>;
4321 * opaque session_format[2]; // library-version specific 16-bit field
4328 * // In this version, `session_format` determines
4329 * // the setting of those compile-time
4334 * // - TLS 1.2 (0x0303)
4335 * // - TLS 1.3 (0x0304)
4390 *p++ = MBEDTLS_BYTE_0(session->tls_version); in ssl_session_save()
4391 *p++ = session->endpoint; in ssl_session_save()
4392 MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); in ssl_session_save()
4396 /* Forward to version-specific serialization routine. */ in ssl_session_save()
4397 remaining_len = (buf_len >= used) ? buf_len - used : 0; in ssl_session_save()
4398 switch (session->tls_version) { in ssl_session_save()
4441 * This internal version is wrapped by a public function that cleans up in
4464 if ((size_t) (end - p) < sizeof(ssl_serialized_session_header)) { in ssl_session_load()
4478 if (4 > (size_t) (end - p)) { in ssl_session_load()
4481 session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); in ssl_session_load()
4482 session->endpoint = *p++; in ssl_session_load()
4483 session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_session_load()
4487 remaining_len = (size_t) (end - p); in ssl_session_load()
4488 switch (session->tls_version) { in ssl_session_load()
4536 * return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case in ssl_prepare_handshake_step()
4538 * In the case of TLS 1.3, handshake step handlers do not send data to the in ssl_prepare_handshake_step()
4540 * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an in ssl_prepare_handshake_step()
4548 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_prepare_handshake_step()
4549 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { in ssl_prepare_handshake_step()
4564 ssl->conf == NULL || in mbedtls_ssl_handshake_step()
4565 ssl->handshake == NULL || in mbedtls_ssl_handshake_step()
4566 ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { in mbedtls_ssl_handshake_step()
4580 /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or in mbedtls_ssl_handshake_step()
4585 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_handshake_step()
4587 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state))); in mbedtls_ssl_handshake_step()
4589 switch (ssl->state) { in mbedtls_ssl_handshake_step()
4601 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_handshake_step()
4616 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_handshake_step()
4618 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_handshake_step()
4635 if (ssl->send_alert) { in mbedtls_ssl_handshake_step()
4654 if (ssl == NULL || ssl->conf == NULL) { in mbedtls_ssl_handshake()
4659 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake()
4660 (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) { in mbedtls_ssl_handshake()
4670 while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { in mbedtls_ssl_handshake()
4695 ssl->out_msglen = 4; in ssl_write_hello_request()
4696 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_hello_request()
4697 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; in ssl_write_hello_request()
4712 * - any side: calling mbedtls_ssl_renegotiate(),
4713 * - client: receiving a HelloRequest during mbedtls_ssl_read(),
4714 * - server: receiving any handshake message on server during mbedtls_ssl_read() after
4732 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_start_renegotiation()
4733 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { in mbedtls_ssl_start_renegotiation()
4734 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_start_renegotiation()
4735 ssl->handshake->out_msg_seq = 1; in mbedtls_ssl_start_renegotiation()
4737 ssl->handshake->in_msg_seq = 1; in mbedtls_ssl_start_renegotiation()
4743 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; in mbedtls_ssl_start_renegotiation()
4763 if (ssl == NULL || ssl->conf == NULL) { in mbedtls_ssl_renegotiate()
4769 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_renegotiate()
4774 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; in mbedtls_ssl_renegotiate()
4777 if (ssl->out_left != 0) { in mbedtls_ssl_renegotiate()
4788 * if already in progress, continue the handshake in mbedtls_ssl_renegotiate()
4790 if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in mbedtls_ssl_renegotiate()
4813 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_handshake_free()
4821 if (ssl->handshake->group_list_heap_allocated) { in mbedtls_ssl_handshake_free()
4822 mbedtls_free((void *) handshake->group_list); in mbedtls_ssl_handshake_free()
4824 handshake->group_list = NULL; in mbedtls_ssl_handshake_free()
4830 if (ssl->handshake->sig_algs_heap_allocated) { in mbedtls_ssl_handshake_free()
4831 mbedtls_free((void *) handshake->sig_algs); in mbedtls_ssl_handshake_free()
4833 handshake->sig_algs = NULL; in mbedtls_ssl_handshake_free()
4836 if (ssl->handshake->certificate_request_context) { in mbedtls_ssl_handshake_free()
4837 mbedtls_free((void *) handshake->certificate_request_context); in mbedtls_ssl_handshake_free()
4843 if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { in mbedtls_ssl_handshake_free()
4844 ssl->conf->f_async_cancel(ssl); in mbedtls_ssl_handshake_free()
4845 handshake->async_in_progress = 0; in mbedtls_ssl_handshake_free()
4851 psa_hash_abort(&handshake->fin_sha256_psa); in mbedtls_ssl_handshake_free()
4853 mbedtls_md_free(&handshake->fin_sha256); in mbedtls_ssl_handshake_free()
4858 psa_hash_abort(&handshake->fin_sha384_psa); in mbedtls_ssl_handshake_free()
4860 mbedtls_md_free(&handshake->fin_sha384); in mbedtls_ssl_handshake_free()
4865 mbedtls_dhm_free(&handshake->dhm_ctx); in mbedtls_ssl_handshake_free()
4869 mbedtls_ecdh_free(&handshake->ecdh_ctx); in mbedtls_ssl_handshake_free()
4874 psa_pake_abort(&handshake->psa_pake_ctx); in mbedtls_ssl_handshake_free()
4876 * Opaque keys are not stored in the handshake's data and it's the user in mbedtls_ssl_handshake_free()
4880 if (!mbedtls_svc_key_id_is_null(handshake->psa_pake_password)) { in mbedtls_ssl_handshake_free()
4881 psa_destroy_key(handshake->psa_pake_password); in mbedtls_ssl_handshake_free()
4883 handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_handshake_free()
4885 mbedtls_ecjpake_free(&handshake->ecjpake_ctx); in mbedtls_ssl_handshake_free()
4888 mbedtls_free(handshake->ecjpake_cache); in mbedtls_ssl_handshake_free()
4889 handshake->ecjpake_cache = NULL; in mbedtls_ssl_handshake_free()
4890 handshake->ecjpake_cache_len = 0; in mbedtls_ssl_handshake_free()
4898 mbedtls_free((void *) handshake->curves_tls_id); in mbedtls_ssl_handshake_free()
4903 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { in mbedtls_ssl_handshake_free()
4906 if (ssl->handshake->psk_opaque_is_internal) { in mbedtls_ssl_handshake_free()
4907 psa_destroy_key(ssl->handshake->psk_opaque); in mbedtls_ssl_handshake_free()
4908 ssl->handshake->psk_opaque_is_internal = 0; in mbedtls_ssl_handshake_free()
4910 ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_handshake_free()
4913 if (handshake->psk != NULL) { in mbedtls_ssl_handshake_free()
4914 mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len); in mbedtls_ssl_handshake_free()
4925 ssl_key_cert_free(handshake->sni_key_cert); in mbedtls_ssl_handshake_free()
4929 mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx); in mbedtls_ssl_handshake_free()
4930 if (handshake->ecrs_peer_cert != NULL) { in mbedtls_ssl_handshake_free()
4931 mbedtls_x509_crt_free(handshake->ecrs_peer_cert); in mbedtls_ssl_handshake_free()
4932 mbedtls_free(handshake->ecrs_peer_cert); in mbedtls_ssl_handshake_free()
4938 mbedtls_pk_free(&handshake->peer_pubkey); in mbedtls_ssl_handshake_free()
4943 mbedtls_free(handshake->cookie); in mbedtls_ssl_handshake_free()
4948 mbedtls_ssl_flight_free(handshake->flight); in mbedtls_ssl_handshake_free()
4953 if (handshake->xxdh_psa_privkey_is_external == 0) { in mbedtls_ssl_handshake_free()
4954 psa_destroy_key(handshake->xxdh_psa_privkey); in mbedtls_ssl_handshake_free()
4959 mbedtls_ssl_transform_free(handshake->transform_handshake); in mbedtls_ssl_handshake_free()
4960 mbedtls_free(handshake->transform_handshake); in mbedtls_ssl_handshake_free()
4962 mbedtls_ssl_transform_free(handshake->transform_earlydata); in mbedtls_ssl_handshake_free()
4963 mbedtls_free(handshake->transform_earlydata); in mbedtls_ssl_handshake_free()
4969 /* If the buffers are too big - reallocate. Because of the way Mbed TLS in mbedtls_ssl_handshake_free()
4971 * several records in it, it is possible that the I/O buffers are not in mbedtls_ssl_handshake_free()
4977 /* mbedtls_platform_zeroize MUST be last one in this function */ in mbedtls_ssl_handshake_free()
4995 mbedtls_free(session->hostname); in mbedtls_ssl_session_free()
4997 mbedtls_free(session->ticket); in mbedtls_ssl_session_free()
5002 mbedtls_free(session->ticket_alpn); in mbedtls_ssl_session_free()
5061 * (in the presentation language of TLS, RFC 8446 section 3)
5065 * opaque context_format[5]; // version-specific field determining
5071 * // session sub-structure
5072 * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
5073 * // transform sub-structure
5075 * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
5076 * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
5084 * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
5086 * Note that many fields of the ssl_context or sub-structures are not
5087 * serialized, as they fall in one of the following categories:
5090 * 2. pointer to dynamically-allocated memory (eg session, transform)
5091 * 3. value can be re-derived from other data (eg session keys from MS)
5106 * Enforce usage restrictions, see "return BAD_INPUT_DATA" in in mbedtls_ssl_context_save()
5109 * These are due to assumptions/limitations in the implementation. Some of in mbedtls_ssl_context_save()
5110 * them are likely to stay (no handshake in progress) some might go away in mbedtls_ssl_context_save()
5118 if (ssl->handshake != NULL) { in mbedtls_ssl_context_save()
5122 /* Double-check that sub-structures are indeed ready */ in mbedtls_ssl_context_save()
5123 if (ssl->transform == NULL || ssl->session == NULL) { in mbedtls_ssl_context_save()
5132 if (ssl->out_left != 0) { in mbedtls_ssl_context_save()
5137 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_context_save()
5142 if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { in mbedtls_ssl_context_save()
5147 if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) { in mbedtls_ssl_context_save()
5153 if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { in mbedtls_ssl_context_save()
5173 ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); in mbedtls_ssl_context_save()
5183 ret = ssl_session_save(ssl->session, 1, in mbedtls_ssl_context_save()
5195 used += sizeof(ssl->transform->randbytes); in mbedtls_ssl_context_save()
5197 memcpy(p, ssl->transform->randbytes, in mbedtls_ssl_context_save()
5198 sizeof(ssl->transform->randbytes)); in mbedtls_ssl_context_save()
5199 p += sizeof(ssl->transform->randbytes); in mbedtls_ssl_context_save()
5203 used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len; in mbedtls_ssl_context_save()
5205 *p++ = ssl->transform->in_cid_len; in mbedtls_ssl_context_save()
5206 memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len); in mbedtls_ssl_context_save()
5207 p += ssl->transform->in_cid_len; in mbedtls_ssl_context_save()
5209 *p++ = ssl->transform->out_cid_len; in mbedtls_ssl_context_save()
5210 memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len); in mbedtls_ssl_context_save()
5211 p += ssl->transform->out_cid_len; in mbedtls_ssl_context_save()
5216 * Saved fields from top-level ssl_context structure in mbedtls_ssl_context_save()
5220 MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen_or_in_hsfraglen, p, 0); in mbedtls_ssl_context_save()
5227 MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0); in mbedtls_ssl_context_save()
5230 MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0); in mbedtls_ssl_context_save()
5238 *p++ = ssl->disable_datagram_packing; in mbedtls_ssl_context_save()
5244 memcpy(p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); in mbedtls_ssl_context_save()
5251 MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0); in mbedtls_ssl_context_save()
5258 const uint8_t alpn_len = ssl->alpn_chosen in mbedtls_ssl_context_save()
5259 ? (uint8_t) strlen(ssl->alpn_chosen) in mbedtls_ssl_context_save()
5266 if (ssl->alpn_chosen != NULL) { in mbedtls_ssl_context_save()
5267 memcpy(p, ssl->alpn_chosen, alpn_len); in mbedtls_ssl_context_save()
5291 * This internal version is wrapped by a public function that cleans up in
5309 * Give the user an error in case of obvious misuse. in ssl_context_load()
5313 if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST || in ssl_context_load()
5314 ssl->session != NULL) { in ssl_context_load()
5324 ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || in ssl_context_load()
5326 ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_context_load()
5327 ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || in ssl_context_load()
5328 ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 in ssl_context_load()
5338 if ((size_t) (end - p) < sizeof(ssl_serialized_context_header)) { in ssl_context_load()
5351 if ((size_t) (end - p) < 4) { in ssl_context_load()
5360 ssl->session = ssl->session_negotiate; in ssl_context_load()
5361 ssl->session_in = ssl->session; in ssl_context_load()
5362 ssl->session_out = ssl->session; in ssl_context_load()
5363 ssl->session_negotiate = NULL; in ssl_context_load()
5365 if ((size_t) (end - p) < session_len) { in ssl_context_load()
5369 ret = ssl_session_load(ssl->session, 1, p, session_len); in ssl_context_load()
5371 mbedtls_ssl_session_free(ssl->session); in ssl_context_load()
5384 ssl->transform = ssl->transform_negotiate; in ssl_context_load()
5385 ssl->transform_in = ssl->transform; in ssl_context_load()
5386 ssl->transform_out = ssl->transform; in ssl_context_load()
5387 ssl->transform_negotiate = NULL; in ssl_context_load()
5391 prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite); in ssl_context_load()
5397 if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) { in ssl_context_load()
5401 ret = ssl_tls12_populate_transform(ssl->transform, in ssl_context_load()
5402 ssl->session->ciphersuite, in ssl_context_load()
5403 ssl->session->master, in ssl_context_load()
5405 ssl->session->encrypt_then_mac, in ssl_context_load()
5410 ssl->conf->endpoint, in ssl_context_load()
5416 p += sizeof(ssl->transform->randbytes); in ssl_context_load()
5420 if ((size_t) (end - p) < 1) { in ssl_context_load()
5424 ssl->transform->in_cid_len = *p++; in ssl_context_load()
5426 if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) { in ssl_context_load()
5430 memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len); in ssl_context_load()
5431 p += ssl->transform->in_cid_len; in ssl_context_load()
5433 ssl->transform->out_cid_len = *p++; in ssl_context_load()
5435 if ((size_t) (end - p) < ssl->transform->out_cid_len) { in ssl_context_load()
5439 memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len); in ssl_context_load()
5440 p += ssl->transform->out_cid_len; in ssl_context_load()
5444 * Saved fields from top-level ssl_context structure in ssl_context_load()
5446 if ((size_t) (end - p) < 4) { in ssl_context_load()
5450 ssl->badmac_seen_or_in_hsfraglen = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_context_load()
5454 if ((size_t) (end - p) < 16) { in ssl_context_load()
5458 ssl->in_window_top = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_context_load()
5461 ssl->in_window = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_context_load()
5466 if ((size_t) (end - p) < 1) { in ssl_context_load()
5470 ssl->disable_datagram_packing = *p++; in ssl_context_load()
5473 if ((size_t) (end - p) < sizeof(ssl->cur_out_ctr)) { in ssl_context_load()
5476 memcpy(ssl->cur_out_ctr, p, sizeof(ssl->cur_out_ctr)); in ssl_context_load()
5477 p += sizeof(ssl->cur_out_ctr); in ssl_context_load()
5480 if ((size_t) (end - p) < 2) { in ssl_context_load()
5484 ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_context_load()
5493 if ((size_t) (end - p) < 1) { in ssl_context_load()
5499 if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { in ssl_context_load()
5500 /* alpn_chosen should point to an item in the configured list */ in ssl_context_load()
5501 for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { in ssl_context_load()
5504 ssl->alpn_chosen = *cur; in ssl_context_load()
5511 if (alpn_len != 0 && ssl->alpn_chosen == NULL) { in ssl_context_load()
5520 * Forced fields from top-level ssl_context structure in ssl_context_load()
5526 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in ssl_context_load()
5530 mbedtls_ssl_update_out_pointers(ssl, ssl->transform); in ssl_context_load()
5533 ssl->in_epoch = 1; in ssl_context_load()
5536 /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated, in ssl_context_load()
5537 * which we don't want - otherwise we'd end up freeing the wrong transform in ssl_context_load()
5540 if (ssl->handshake != NULL) { in ssl_context_load()
5542 mbedtls_free(ssl->handshake); in ssl_context_load()
5543 ssl->handshake = NULL; in ssl_context_load()
5547 * Done - should have consumed entire buffer in ssl_context_load()
5584 if (ssl->out_buf != NULL) { in mbedtls_ssl_free()
5586 size_t out_buf_len = ssl->out_buf_len; in mbedtls_ssl_free()
5591 mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len); in mbedtls_ssl_free()
5592 ssl->out_buf = NULL; in mbedtls_ssl_free()
5595 if (ssl->in_buf != NULL) { in mbedtls_ssl_free()
5597 size_t in_buf_len = ssl->in_buf_len; in mbedtls_ssl_free()
5602 mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len); in mbedtls_ssl_free()
5603 ssl->in_buf = NULL; in mbedtls_ssl_free()
5606 if (ssl->transform) { in mbedtls_ssl_free()
5607 mbedtls_ssl_transform_free(ssl->transform); in mbedtls_ssl_free()
5608 mbedtls_free(ssl->transform); in mbedtls_ssl_free()
5611 if (ssl->handshake) { in mbedtls_ssl_free()
5613 mbedtls_free(ssl->handshake); in mbedtls_ssl_free()
5616 mbedtls_ssl_transform_free(ssl->transform_negotiate); in mbedtls_ssl_free()
5617 mbedtls_free(ssl->transform_negotiate); in mbedtls_ssl_free()
5620 mbedtls_ssl_session_free(ssl->session_negotiate); in mbedtls_ssl_free()
5621 mbedtls_free(ssl->session_negotiate); in mbedtls_ssl_free()
5625 mbedtls_ssl_transform_free(ssl->transform_application); in mbedtls_ssl_free()
5626 mbedtls_free(ssl->transform_application); in mbedtls_ssl_free()
5629 if (ssl->session) { in mbedtls_ssl_free()
5630 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_free()
5631 mbedtls_free(ssl->session); in mbedtls_ssl_free()
5639 mbedtls_free(ssl->cli_id); in mbedtls_ssl_free()
5656 /* The selection should be the same as mbedtls_x509_crt_profile_default in
5708 * - No duplicate entries.
5709 * - But if there is a good reason, do not change the order of the algorithms.
5710 * - ssl_tls12_preset* is for TLS 1.2 use only.
5711 * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes.
5876 ret = -1; in ssl_check_no_sig_alg_duplication()
5885 * Load default in mbedtls_ssl_config
5918 /* Use the functions here so that they are covered in tests, in mbedtls_ssl_config_defaults()
5928 conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; in mbedtls_ssl_config_defaults()
5933 * handling is disabled by default in Mbed TLS 3.6.x for backward in mbedtls_ssl_config_defaults()
5937 * Up to Mbed TLS 3.5, in the default configuration TLS 1.3 was in mbedtls_ssl_config_defaults()
5946 * messages and the Mbed TLS client processes them, this results in in mbedtls_ssl_config_defaults()
5962 conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in mbedtls_ssl_config_defaults()
5966 conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in mbedtls_ssl_config_defaults()
5970 conf->f_cookie_write = ssl_cookie_write_dummy; in mbedtls_ssl_config_defaults()
5971 conf->f_cookie_check = ssl_cookie_check_dummy; in mbedtls_ssl_config_defaults()
5975 conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; in mbedtls_ssl_config_defaults()
5979 conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; in mbedtls_ssl_config_defaults()
5980 conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; in mbedtls_ssl_config_defaults()
5984 conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; in mbedtls_ssl_config_defaults()
5985 conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; in mbedtls_ssl_config_defaults()
5989 conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; in mbedtls_ssl_config_defaults()
5990 memset(conf->renego_period, 0x00, 2); in mbedtls_ssl_config_defaults()
5991 memset(conf->renego_period + 2, 0xFF, 6); in mbedtls_ssl_config_defaults()
6025 conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; in mbedtls_ssl_config_defaults()
6030 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6031 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6037 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6038 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
6040 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
6041 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
6043 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6044 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6051 * Preset-specific defaults in mbedtls_ssl_config_defaults()
6059 conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; in mbedtls_ssl_config_defaults()
6062 conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; in mbedtls_ssl_config_defaults()
6068 conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; in mbedtls_ssl_config_defaults()
6071 conf->sig_algs = ssl_preset_suiteb_sig_algs; in mbedtls_ssl_config_defaults()
6075 conf->curve_list = NULL; in mbedtls_ssl_config_defaults()
6077 conf->group_list = ssl_preset_suiteb_groups; in mbedtls_ssl_config_defaults()
6085 conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); in mbedtls_ssl_config_defaults()
6088 conf->cert_profile = &mbedtls_x509_crt_profile_default; in mbedtls_ssl_config_defaults()
6094 conf->sig_algs = ssl_tls12_preset_default_sig_algs; in mbedtls_ssl_config_defaults()
6097 conf->sig_algs = ssl_preset_default_sig_algs; in mbedtls_ssl_config_defaults()
6101 conf->curve_list = NULL; in mbedtls_ssl_config_defaults()
6103 conf->group_list = ssl_preset_default_groups; in mbedtls_ssl_config_defaults()
6106 conf->dhm_min_bitlen = 1024; in mbedtls_ssl_config_defaults()
6123 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_config_free()
6124 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_config_free()
6129 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in mbedtls_ssl_config_free()
6130 conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_config_free()
6133 if (conf->psk != NULL) { in mbedtls_ssl_config_free()
6134 mbedtls_zeroize_and_free(conf->psk, conf->psk_len); in mbedtls_ssl_config_free()
6135 conf->psk = NULL; in mbedtls_ssl_config_free()
6136 conf->psk_len = 0; in mbedtls_ssl_config_free()
6139 if (conf->psk_identity != NULL) { in mbedtls_ssl_config_free()
6140 mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); in mbedtls_ssl_config_free()
6141 conf->psk_identity = NULL; in mbedtls_ssl_config_free()
6142 conf->psk_identity_len = 0; in mbedtls_ssl_config_free()
6147 ssl_key_cert_free(conf->key_cert); in mbedtls_ssl_config_free()
6275 * Check if a curve proposed by the peer is in our list.
6276 * Return 0 if we're willing to use it, -1 otherwise.
6283 return -1; in mbedtls_ssl_check_curve_tls_id()
6292 return -1; in mbedtls_ssl_check_curve_tls_id()
6304 return -1; in mbedtls_ssl_check_curve()
6452 hash_operation_to_clone = &ssl->handshake->fin_sha384_psa; in mbedtls_ssl_get_handshake_transcript()
6458 hash_operation_to_clone = &ssl->handshake->fin_sha256_psa; in mbedtls_ssl_get_handshake_transcript()
6504 ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); in ssl_get_handshake_transcript_sha384()
6542 ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); in ssl_get_handshake_transcript_sha256()
6608 * SignatureScheme supported_signature_algorithms<2..2^16-2>;
6627 * supported_signature_algorithms<2..2^16-2>;
6649 memset(ssl->handshake->received_sig_algs, 0, in mbedtls_ssl_parse_sig_alg_ext()
6650 sizeof(ssl->handshake->received_sig_algs)); in mbedtls_ssl_parse_sig_alg_ext()
6662 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && in mbedtls_ssl_parse_sig_alg_ext()
6673 ssl->handshake->received_sig_algs[common_idx] = sig_alg; in mbedtls_ssl_parse_sig_alg_ext()
6687 MBEDTLS_SSL_DEBUG_MSG(3, ("no signature algorithm in common")); in mbedtls_ssl_parse_sig_alg_ext()
6693 ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE; in mbedtls_ssl_parse_sig_alg_ext()
6789 * find by brute force, and in particular should not be empty. But in tls_prf_generic()
6790 * this PRF is also used to derive an IV, in particular in EAP-TLS, in tls_prf_generic()
6791 * and for this use case it makes sense to have a 0-length "secret". in tls_prf_generic()
6794 * to mean a 0-length "secret" input. */ in tls_prf_generic()
6983 * - hash associated with the ciphersuite (only used by TLS 1.2)
6986 * - the tls_prf, calc_verify and calc_finished members of handshake structure
6994 handshake->tls_prf = tls_prf_sha384; in ssl_set_handshake_prfs()
6995 handshake->calc_verify = ssl_calc_verify_tls_sha384; in ssl_set_handshake_prfs()
6996 handshake->calc_finished = ssl_calc_finished_tls_sha384; in ssl_set_handshake_prfs()
7002 handshake->tls_prf = tls_prf_sha256; in ssl_set_handshake_prfs()
7003 handshake->calc_verify = ssl_calc_verify_tls_sha256; in ssl_set_handshake_prfs()
7004 handshake->calc_finished = ssl_calc_finished_tls_sha256; in ssl_set_handshake_prfs()
7021 * [in/out] handshake
7022 * [in] resume, premaster, extended_ms, calc_verify, tls_prf
7023 * (PSA-PSK) ciphersuite_info, psk_opaque
7026 * [in] ssl: optionally used for debugging, EMS and PSA-PSK
7027 * debug: conf->f_dbg, conf->p_dbg
7029 * PSA-PSA: conf
7039 * "The master secret is always exactly 48 bytes in length." */ in ssl_compute_master()
7053 * - If the Extended Master Secret extension is not used, in ssl_compute_master()
7055 * (see Sect. 8.1 in RFC 5246). in ssl_compute_master()
7056 * - If the Extended Master Secret extension is used, in ssl_compute_master()
7058 * (see Sect. 4 in RFC 7627). */ in ssl_compute_master()
7059 unsigned char const *seed = handshake->randbytes; in ssl_compute_master()
7070 if (handshake->resume != 0) { in ssl_compute_master()
7076 if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { in ssl_compute_master()
7079 ret = handshake->calc_verify(ssl, session_hash, &seed_len); in ssl_compute_master()
7091 if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) { in ssl_compute_master()
7092 /* Perform PSK-to-MS expansion in a single step. */ in ssl_compute_master()
7098 mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; in ssl_compute_master()
7100 MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); in ssl_compute_master()
7113 switch (handshake->ciphersuite_info->key_exchange) { in ssl_compute_master()
7115 * Other secret is stored in premaster, where first 2 bytes hold the in ssl_compute_master()
7119 /* For RSA-PSK other key length is always 48 bytes. */ in ssl_compute_master()
7121 other_secret = handshake->premaster + 2; in ssl_compute_master()
7125 other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0); in ssl_compute_master()
7126 other_secret = handshake->premaster + 2; in ssl_compute_master()
7133 ssl->conf->psk, ssl->conf->psk_len, in ssl_compute_master()
7161 if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { in ssl_compute_master()
7167 MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PMS KDF for ECJPAKE")); in ssl_compute_master()
7169 handshake->pmslen = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE; in ssl_compute_master()
7183 status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx, in ssl_compute_master()
7191 handshake->premaster, in ssl_compute_master()
7192 handshake->pmslen); in ssl_compute_master()
7204 ret = handshake->tls_prf(handshake->premaster, handshake->pmslen, in ssl_compute_master()
7214 handshake->premaster, in ssl_compute_master()
7215 handshake->pmslen); in ssl_compute_master()
7217 mbedtls_platform_zeroize(handshake->premaster, in ssl_compute_master()
7218 sizeof(handshake->premaster)); in ssl_compute_master()
7228 ssl->handshake->ciphersuite_info; in mbedtls_ssl_derive_keys()
7233 ret = ssl_set_handshake_prfs(ssl->handshake, in mbedtls_ssl_derive_keys()
7234 (mbedtls_md_type_t) ciphersuite_info->mac); in mbedtls_ssl_derive_keys()
7241 ret = ssl_compute_master(ssl->handshake, in mbedtls_ssl_derive_keys()
7242 ssl->session_negotiate->master, in mbedtls_ssl_derive_keys()
7250 * - MS derivation wanted client+server (RFC 5246 8.1) in mbedtls_ssl_derive_keys()
7251 * - key derivation wants server+client (RFC 5246 6.3) */ in mbedtls_ssl_derive_keys()
7254 memcpy(tmp, ssl->handshake->randbytes, 64); in mbedtls_ssl_derive_keys()
7255 memcpy(ssl->handshake->randbytes, tmp + 32, 32); in mbedtls_ssl_derive_keys()
7256 memcpy(ssl->handshake->randbytes + 32, tmp, 32); in mbedtls_ssl_derive_keys()
7261 ret = ssl_tls12_populate_transform(ssl->transform_negotiate, in mbedtls_ssl_derive_keys()
7262 ssl->session_negotiate->ciphersuite, in mbedtls_ssl_derive_keys()
7263 ssl->session_negotiate->master, in mbedtls_ssl_derive_keys()
7265 ssl->session_negotiate->encrypt_then_mac, in mbedtls_ssl_derive_keys()
7267 ssl->handshake->tls_prf, in mbedtls_ssl_derive_keys()
7268 ssl->handshake->randbytes, in mbedtls_ssl_derive_keys()
7269 ssl->tls_version, in mbedtls_ssl_derive_keys()
7270 ssl->conf->endpoint, in mbedtls_ssl_derive_keys()
7278 mbedtls_platform_zeroize(ssl->handshake->randbytes, in mbedtls_ssl_derive_keys()
7279 sizeof(ssl->handshake->randbytes)); in mbedtls_ssl_derive_keys()
7291 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; in mbedtls_ssl_set_calc_verify_md()
7296 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; in mbedtls_ssl_set_calc_verify_md()
7300 return -1; in mbedtls_ssl_set_calc_verify_md()
7387 return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32, in ssl_calc_verify_tls_sha256()
7390 return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256, in ssl_calc_verify_tls_sha256()
7402 return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48, in ssl_calc_verify_tls_sha384()
7405 return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384, in ssl_calc_verify_tls_sha384()
7415 unsigned char *p = ssl->handshake->premaster; in mbedtls_ssl_psk_derive_premaster()
7416 unsigned char *end = p + sizeof(ssl->handshake->premaster); in mbedtls_ssl_psk_derive_premaster()
7426 * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with in mbedtls_ssl_psk_derive_premaster()
7437 * opaque other_secret<0..2^16-1>; in mbedtls_ssl_psk_derive_premaster()
7438 * opaque psk<0..2^16-1>; in mbedtls_ssl_psk_derive_premaster()
7444 if (end - p < 2) { in mbedtls_ssl_psk_derive_premaster()
7451 if (end < p || (size_t) (end - p) < psk_len) { in mbedtls_ssl_psk_derive_premaster()
7465 if (end - p < 2) { in mbedtls_ssl_psk_derive_premaster()
7480 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in mbedtls_ssl_psk_derive_premaster()
7481 p + 2, (size_t) (end - (p + 2)), &len, in mbedtls_ssl_psk_derive_premaster()
7482 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in mbedtls_ssl_psk_derive_premaster()
7489 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in mbedtls_ssl_psk_derive_premaster()
7497 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, in mbedtls_ssl_psk_derive_premaster()
7498 p + 2, (size_t) (end - (p + 2)), in mbedtls_ssl_psk_derive_premaster()
7499 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in mbedtls_ssl_psk_derive_premaster()
7507 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in mbedtls_ssl_psk_derive_premaster()
7516 /* opaque psk<0..2^16-1>; */ in mbedtls_ssl_psk_derive_premaster()
7517 if (end - p < 2) { in mbedtls_ssl_psk_derive_premaster()
7524 if (end < p || (size_t) (end - p) < psk_len) { in mbedtls_ssl_psk_derive_premaster()
7531 ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster); in mbedtls_ssl_psk_derive_premaster()
7546 if (ssl->conf->renego_max_records < 0) { in mbedtls_ssl_resend_hello_request()
7547 uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; in mbedtls_ssl_resend_hello_request()
7555 if (++ssl->renego_records_seen > doublings) { in mbedtls_ssl_resend_hello_request()
7570 /* No certificate support -> dummy functions */
7574 ssl->handshake->ciphersuite_info; in mbedtls_ssl_write_certificate()
7591 ssl->handshake->ciphersuite_info; in mbedtls_ssl_parse_certificate()
7606 /* Some certificate support -> implement write and parse */
7614 ssl->handshake->ciphersuite_info; in mbedtls_ssl_write_certificate()
7625 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_write_certificate()
7626 if (ssl->handshake->client_auth == 0) { in mbedtls_ssl_write_certificate()
7634 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_write_certificate()
7650 * 10 . n-1 peer certificate in mbedtls_ssl_write_certificate()
7658 n = crt->raw.len; in mbedtls_ssl_write_certificate()
7659 if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { in mbedtls_ssl_write_certificate()
7666 ssl->out_msg[i] = MBEDTLS_BYTE_2(n); in mbedtls_ssl_write_certificate()
7667 ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n); in mbedtls_ssl_write_certificate()
7668 ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n); in mbedtls_ssl_write_certificate()
7670 i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n); in mbedtls_ssl_write_certificate()
7671 i += n; crt = crt->next; in mbedtls_ssl_write_certificate()
7674 ssl->out_msg[4] = MBEDTLS_BYTE_2(i - 7); in mbedtls_ssl_write_certificate()
7675 ssl->out_msg[5] = MBEDTLS_BYTE_1(i - 7); in mbedtls_ssl_write_certificate()
7676 ssl->out_msg[6] = MBEDTLS_BYTE_0(i - 7); in mbedtls_ssl_write_certificate()
7678 ssl->out_msglen = i; in mbedtls_ssl_write_certificate()
7679 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in mbedtls_ssl_write_certificate()
7680 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; in mbedtls_ssl_write_certificate()
7702 mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; in ssl_check_peer_crt_unchanged()
7705 return -1; in ssl_check_peer_crt_unchanged()
7708 if (peer_crt->raw.len != crt_buf_len) { in ssl_check_peer_crt_unchanged()
7709 return -1; in ssl_check_peer_crt_unchanged()
7712 return memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len); in ssl_check_peer_crt_unchanged()
7722 ssl->session->peer_cert_digest; in ssl_check_peer_crt_unchanged()
7724 ssl->session->peer_cert_digest_type; in ssl_check_peer_crt_unchanged()
7731 return -1; in ssl_check_peer_crt_unchanged()
7736 return -1; in ssl_check_peer_crt_unchanged()
7741 return -1; in ssl_check_peer_crt_unchanged()
7764 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_certificate_chain()
7771 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE) { in ssl_parse_certificate_chain()
7777 if (ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) { in ssl_parse_certificate_chain()
7787 * Same message structure as in mbedtls_ssl_write_certificate() in ssl_parse_certificate_chain()
7789 n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); in ssl_parse_certificate_chain()
7791 if (ssl->in_msg[i] != 0 || in ssl_parse_certificate_chain()
7792 ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_certificate_chain()
7799 /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ in ssl_parse_certificate_chain()
7802 /* Iterate through and parse the CRTs in the provided chain. */ in ssl_parse_certificate_chain()
7803 while (i < ssl->in_hslen) { in ssl_parse_certificate_chain()
7805 if (i + 3 > ssl->in_hslen) { in ssl_parse_certificate_chain()
7812 /* In theory, the CRT can be up to 2**24 Bytes, but we don't support in ssl_parse_certificate_chain()
7814 if (ssl->in_msg[i] != 0) { in ssl_parse_certificate_chain()
7822 /* Read length of the next CRT in the chain. */ in ssl_parse_certificate_chain()
7823 n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); in ssl_parse_certificate_chain()
7826 if (n < 128 || i + n > ssl->in_hslen) { in ssl_parse_certificate_chain()
7834 /* Check if we're handling the first CRT in the chain. */ in ssl_parse_certificate_chain()
7837 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in ssl_parse_certificate_chain()
7838 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_certificate_chain()
7839 /* During client-side renegotiation, check that the server's in ssl_parse_certificate_chain()
7840 * end-CRTs hasn't changed compared to the initial handshake, in ssl_parse_certificate_chain()
7842 * the original end-CRT instead of parsing it again. */ in ssl_parse_certificate_chain()
7845 &ssl->in_msg[i], in ssl_parse_certificate_chain()
7855 ssl_clear_peer_cert(ssl->session); in ssl_parse_certificate_chain()
7859 /* Parse the next certificate in the chain. */ in ssl_parse_certificate_chain()
7861 ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n); in ssl_parse_certificate_chain()
7864 * it in-place from the input buffer instead of making a copy. */ in ssl_parse_certificate_chain()
7865 ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n); in ssl_parse_certificate_chain()
7901 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_srv_check_client_no_crt_notification()
7902 return -1; in ssl_srv_check_client_no_crt_notification()
7905 if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) && in ssl_srv_check_client_no_crt_notification()
7906 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_srv_check_client_no_crt_notification()
7907 ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && in ssl_srv_check_client_no_crt_notification()
7908 memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) { in ssl_srv_check_client_no_crt_notification()
7912 return -1; in ssl_srv_check_client_no_crt_notification()
7918 * - SSL_CERTIFICATE_EXPECTED, or
7919 * - SSL_CERTIFICATE_SKIP
7929 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_coordinate()
7936 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_parse_certificate_coordinate()
7937 if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { in ssl_parse_certificate_coordinate()
7942 ssl->session_negotiate->verify_result = in ssl_parse_certificate_coordinate()
7960 /* Remember digest of the peer's end-CRT. */ in ssl_remember_peer_crt_digest()
7961 ssl->session_negotiate->peer_cert_digest = in ssl_remember_peer_crt_digest()
7963 if (ssl->session_negotiate->peer_cert_digest == NULL) { in ssl_remember_peer_crt_digest()
7976 ssl->session_negotiate->peer_cert_digest); in ssl_remember_peer_crt_digest()
7978 ssl->session_negotiate->peer_cert_digest_type = in ssl_remember_peer_crt_digest()
7980 ssl->session_negotiate->peer_cert_digest_len = in ssl_remember_peer_crt_digest()
7994 mbedtls_pk_init(&ssl->handshake->peer_pubkey); in ssl_remember_peer_pubkey()
7996 &ssl->handshake->peer_pubkey); in ssl_remember_peer_pubkey()
8012 const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET in mbedtls_ssl_parse_certificate()
8013 ? ssl->handshake->sni_authmode in mbedtls_ssl_parse_certificate()
8014 : ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
8016 const int authmode = ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
8030 if (ssl->handshake->ecrs_enabled && in mbedtls_ssl_parse_certificate()
8031 ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) { in mbedtls_ssl_parse_certificate()
8032 chain = ssl->handshake->ecrs_peer_cert; in mbedtls_ssl_parse_certificate()
8033 ssl->handshake->ecrs_peer_cert = NULL; in mbedtls_ssl_parse_certificate()
8047 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; in mbedtls_ssl_parse_certificate()
8057 /* Clear existing peer CRT structure in case we tried to in mbedtls_ssl_parse_certificate()
8059 ssl_clear_peer_cert(ssl->session_negotiate); in mbedtls_ssl_parse_certificate()
8080 if (ssl->handshake->ecrs_enabled) { in mbedtls_ssl_parse_certificate()
8081 ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; in mbedtls_ssl_parse_certificate()
8085 if (ssl->handshake->ecrs_enabled) { in mbedtls_ssl_parse_certificate()
8086 rs_ctx = &ssl->handshake->ecrs_ctx; in mbedtls_ssl_parse_certificate()
8091 ssl->handshake->ciphersuite_info, in mbedtls_ssl_parse_certificate()
8107 crt_start = chain->raw.p; in mbedtls_ssl_parse_certificate()
8108 crt_len = chain->raw.len; in mbedtls_ssl_parse_certificate()
8110 pk_start = chain->pk_raw.p; in mbedtls_ssl_parse_certificate()
8111 pk_len = chain->pk_raw.len; in mbedtls_ssl_parse_certificate()
8131 ssl->session_negotiate->peer_cert = chain; in mbedtls_ssl_parse_certificate()
8145 ssl->handshake->ecrs_peer_cert = chain; in mbedtls_ssl_parse_certificate()
8177 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_tls_generic()
8179 session = ssl->session; in ssl_calc_finished_tls_generic()
8224 ssl->handshake->tls_prf(session->master, 48, sender, in ssl_calc_finished_tls_generic()
8250 &ssl->handshake->fin_sha256_psa, in ssl_calc_finished_tls_sha256()
8252 &ssl->handshake->fin_sha256, in ssl_calc_finished_tls_sha256()
8267 &ssl->handshake->fin_sha384_psa, in ssl_calc_finished_tls_sha384()
8269 &ssl->handshake->fin_sha384, in ssl_calc_finished_tls_sha384()
8284 mbedtls_free(ssl->handshake); in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8285 ssl->handshake = NULL; in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8288 * Free the previous transform and switch in the current one in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8290 if (ssl->transform) { in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8291 mbedtls_ssl_transform_free(ssl->transform); in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8292 mbedtls_free(ssl->transform); in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8294 ssl->transform = ssl->transform_negotiate; in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8295 ssl->transform_negotiate = NULL; in mbedtls_ssl_handshake_wrapup_free_hs_transform()
8302 int resume = ssl->handshake->resume; in mbedtls_ssl_handshake_wrapup()
8307 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in mbedtls_ssl_handshake_wrapup()
8308 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; in mbedtls_ssl_handshake_wrapup()
8309 ssl->renego_records_seen = 0; in mbedtls_ssl_handshake_wrapup()
8314 * Free the previous session and switch in the current one in mbedtls_ssl_handshake_wrapup()
8316 if (ssl->session) { in mbedtls_ssl_handshake_wrapup()
8319 ssl->session_negotiate->encrypt_then_mac = in mbedtls_ssl_handshake_wrapup()
8320 ssl->session->encrypt_then_mac; in mbedtls_ssl_handshake_wrapup()
8323 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_handshake_wrapup()
8324 mbedtls_free(ssl->session); in mbedtls_ssl_handshake_wrapup()
8326 ssl->session = ssl->session_negotiate; in mbedtls_ssl_handshake_wrapup()
8327 ssl->session_negotiate = NULL; in mbedtls_ssl_handshake_wrapup()
8332 if (ssl->conf->f_set_cache != NULL && in mbedtls_ssl_handshake_wrapup()
8333 ssl->session->id_len != 0 && in mbedtls_ssl_handshake_wrapup()
8335 if (ssl->conf->f_set_cache(ssl->conf->p_cache, in mbedtls_ssl_handshake_wrapup()
8336 ssl->session->id, in mbedtls_ssl_handshake_wrapup()
8337 ssl->session->id_len, in mbedtls_ssl_handshake_wrapup()
8338 ssl->session) != 0) { in mbedtls_ssl_handshake_wrapup()
8344 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake_wrapup()
8345 ssl->handshake->flight != NULL) { in mbedtls_ssl_handshake_wrapup()
8346 /* Cancel handshake timer */ in mbedtls_ssl_handshake_wrapup()
8349 /* Keep last flight around in case we need to resend it: in mbedtls_ssl_handshake_wrapup()
8368 mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate); in mbedtls_ssl_write_finished()
8370 ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); in mbedtls_ssl_write_finished()
8385 ssl->verify_data_len = hash_len; in mbedtls_ssl_write_finished()
8386 memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len); in mbedtls_ssl_write_finished()
8389 ssl->out_msglen = 4 + hash_len; in mbedtls_ssl_write_finished()
8390 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in mbedtls_ssl_write_finished()
8391 ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; in mbedtls_ssl_write_finished()
8394 * In case of session resuming, invert the client and server in mbedtls_ssl_write_finished()
8397 if (ssl->handshake->resume != 0) { in mbedtls_ssl_write_finished()
8399 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_write_finished()
8404 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_write_finished()
8419 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_finished()
8423 ssl->handshake->alt_transform_out = ssl->transform_out; in mbedtls_ssl_write_finished()
8424 memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, in mbedtls_ssl_write_finished()
8425 sizeof(ssl->handshake->alt_out_ctr)); in mbedtls_ssl_write_finished()
8428 memset(&ssl->cur_out_ctr[2], 0, sizeof(ssl->cur_out_ctr) - 2); in mbedtls_ssl_write_finished()
8432 for (i = 2; i > 0; i--) { in mbedtls_ssl_write_finished()
8433 if (++ssl->cur_out_ctr[i - 1] != 0) { in mbedtls_ssl_write_finished()
8445 memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); in mbedtls_ssl_write_finished()
8447 ssl->transform_out = ssl->transform_negotiate; in mbedtls_ssl_write_finished()
8448 ssl->session_out = ssl->session_negotiate; in mbedtls_ssl_write_finished()
8451 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_finished()
8462 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_write_finished()
8484 ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); in mbedtls_ssl_parse_finished()
8495 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in mbedtls_ssl_parse_finished()
8503 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED) { in mbedtls_ssl_parse_finished()
8510 if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) { in mbedtls_ssl_parse_finished()
8518 if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), in mbedtls_ssl_parse_finished()
8528 ssl->verify_data_len = hash_len; in mbedtls_ssl_parse_finished()
8529 memcpy(ssl->peer_verify_data, buf, hash_len); in mbedtls_ssl_parse_finished()
8532 if (ssl->handshake->resume != 0) { in mbedtls_ssl_parse_finished()
8534 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_parse_finished()
8539 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_parse_finished()
8548 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_parse_finished()
8570 if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) { in ssl_tls12prf_from_cs()
8576 if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256) { in ssl_tls12prf_from_cs()
8611 * - [in/out]: transform: structure to populate
8612 * [in] must be just initialised with mbedtls_ssl_transform_init()
8614 * - [in] ciphersuite
8615 * - [in] master
8616 * - [in] encrypt_then_mac
8617 * - [in] tls_prf: pointer to PRF to use for key derivation
8618 * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
8619 * - [in] tls_version: TLS version
8620 * - [in] endpoint: client or server
8621 * - [in] ssl: used for:
8622 * - ssl->conf->{f,p}_export_keys
8623 * [in] optionally used for:
8624 * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
8668 transform->encrypt_then_mac = encrypt_then_mac; in ssl_tls12_populate_transform()
8670 transform->tls_version = tls_version; in ssl_tls12_populate_transform()
8673 memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); in ssl_tls12_populate_transform()
8701 transform->taglen = in ssl_tls12_populate_transform()
8702 ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; in ssl_tls12_populate_transform()
8706 if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, in ssl_tls12_populate_transform()
8707 transform->taglen, in ssl_tls12_populate_transform()
8716 cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) ciphersuite_info->cipher); in ssl_tls12_populate_transform()
8719 ciphersuite_info->cipher)); in ssl_tls12_populate_transform()
8725 mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); in ssl_tls12_populate_transform()
8728 (unsigned) ciphersuite_info->mac)); in ssl_tls12_populate_transform()
8732 md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ciphersuite_info->mac); in ssl_tls12_populate_transform()
8735 (unsigned) ciphersuite_info->mac)); in ssl_tls12_populate_transform()
8743 if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) { in ssl_tls12_populate_transform()
8746 transform->in_cid_len = ssl->own_cid_len; in ssl_tls12_populate_transform()
8747 memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len); in ssl_tls12_populate_transform()
8748 MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid, in ssl_tls12_populate_transform()
8749 transform->in_cid_len); in ssl_tls12_populate_transform()
8751 transform->out_cid_len = ssl->handshake->peer_cid_len; in ssl_tls12_populate_transform()
8752 memcpy(transform->out_cid, ssl->handshake->peer_cid, in ssl_tls12_populate_transform()
8753 ssl->handshake->peer_cid_len); in ssl_tls12_populate_transform()
8754 MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid, in ssl_tls12_populate_transform()
8755 transform->out_cid_len); in ssl_tls12_populate_transform()
8788 transform->maclen = 0; in ssl_tls12_populate_transform()
8791 /* All modes haves 96-bit IVs, but the length of the static parts vary in ssl_tls12_populate_transform()
8793 * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes in ssl_tls12_populate_transform()
8795 * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's in ssl_tls12_populate_transform()
8799 transform->ivlen = 12; in ssl_tls12_populate_transform()
8810 transform->fixed_ivlen = 12; in ssl_tls12_populate_transform()
8812 transform->fixed_ivlen = 4; in ssl_tls12_populate_transform()
8816 explicit_ivlen = transform->ivlen - transform->fixed_ivlen; in ssl_tls12_populate_transform()
8817 transform->minlen = explicit_ivlen + transform->taglen; in ssl_tls12_populate_transform()
8835 if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 || in ssl_tls12_populate_transform()
8836 (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) { in ssl_tls12_populate_transform()
8844 transform->maclen = mac_key_len; in ssl_tls12_populate_transform()
8848 transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg); in ssl_tls12_populate_transform()
8850 transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info); in ssl_tls12_populate_transform()
8855 transform->minlen = transform->maclen; in ssl_tls12_populate_transform()
8859 * 1. if EtM is in use: one block plus MAC in ssl_tls12_populate_transform()
8865 transform->minlen = transform->maclen in ssl_tls12_populate_transform()
8870 transform->minlen = transform->maclen in ssl_tls12_populate_transform()
8872 - transform->maclen % block_size; in ssl_tls12_populate_transform()
8876 transform->minlen += transform->ivlen; in ssl_tls12_populate_transform()
8892 (unsigned) transform->minlen, in ssl_tls12_populate_transform()
8893 (unsigned) transform->ivlen, in ssl_tls12_populate_transform()
8894 (unsigned) transform->maclen)); in ssl_tls12_populate_transform()
8907 iv_copy_len = (transform->fixed_ivlen) ? in ssl_tls12_populate_transform()
8908 transform->fixed_ivlen : transform->ivlen; in ssl_tls12_populate_transform()
8909 memcpy(transform->iv_enc, key2 + keylen, iv_copy_len); in ssl_tls12_populate_transform()
8910 memcpy(transform->iv_dec, key2 + keylen + iv_copy_len, in ssl_tls12_populate_transform()
8922 iv_copy_len = (transform->fixed_ivlen) ? in ssl_tls12_populate_transform()
8923 transform->fixed_ivlen : transform->ivlen; in ssl_tls12_populate_transform()
8924 memcpy(transform->iv_dec, key1 + keylen, iv_copy_len); in ssl_tls12_populate_transform()
8925 memcpy(transform->iv_enc, key1 + keylen + iv_copy_len, in ssl_tls12_populate_transform()
8935 if (ssl->f_export_keys != NULL) { in ssl_tls12_populate_transform()
8936 ssl->f_export_keys(ssl->p_export_keys, in ssl_tls12_populate_transform()
8945 transform->psa_alg = alg; in ssl_tls12_populate_transform()
8955 &transform->psa_key_enc)) != PSA_SUCCESS) { in ssl_tls12_populate_transform()
8967 &transform->psa_key_dec)) != PSA_SUCCESS) { in ssl_tls12_populate_transform()
8974 if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, in ssl_tls12_populate_transform()
8980 if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, in ssl_tls12_populate_transform()
8986 if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1, in ssl_tls12_populate_transform()
8993 if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2, in ssl_tls12_populate_transform()
9002 if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc, in ssl_tls12_populate_transform()
9008 if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec, in ssl_tls12_populate_transform()
9018 /* For HMAC-based ciphersuites, initialize the HMAC transforms. in ssl_tls12_populate_transform()
9019 For AEAD-based ciphersuites, there is nothing to do here. */ in ssl_tls12_populate_transform()
9022 transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg); in ssl_tls12_populate_transform()
9030 &transform->psa_mac_enc)) != PSA_SUCCESS) { in ssl_tls12_populate_transform()
9036 if ((transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) || in ssl_tls12_populate_transform()
9037 ((transform->psa_alg == PSA_ALG_CBC_NO_PADDING) in ssl_tls12_populate_transform()
9039 && (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) in ssl_tls12_populate_transform()
9051 &transform->psa_mac_dec)) != PSA_SUCCESS) { in ssl_tls12_populate_transform()
9057 ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len); in ssl_tls12_populate_transform()
9061 ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len); in ssl_tls12_populate_transform()
9092 for (; remaining_steps > 0; remaining_steps--) { in mbedtls_psa_ecjpake_read_round()
9136 for (; remaining_steps > 0; remaining_steps--) { in mbedtls_psa_ecjpake_write_round()
9146 len - output_offset - 1, in mbedtls_psa_ecjpake_write_round()
9174 MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); in mbedtls_ssl_get_key_exchange_md_tls1_2()
9182 if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes, in mbedtls_ssl_get_key_exchange_md_tls1_2()
9231 MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange")); in mbedtls_ssl_get_key_exchange_md_tls1_2()
9236 * digitally-signed struct { in mbedtls_ssl_get_key_exchange_md_tls1_2()
9250 if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) { in mbedtls_ssl_get_key_exchange_md_tls1_2()
9283 uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; in mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg()
9305 if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { in mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg()
9310 !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, in mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg()
9317 !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, in mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg()
9346 return -1; in mbedtls_ssl_validate_ciphersuite()
9349 if ((suite_info->min_tls_version > max_tls_version) || in mbedtls_ssl_validate_ciphersuite()
9350 (suite_info->max_tls_version < min_tls_version)) { in mbedtls_ssl_validate_ciphersuite()
9351 return -1; in mbedtls_ssl_validate_ciphersuite()
9357 if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && in mbedtls_ssl_validate_ciphersuite()
9358 ssl->handshake->psa_pake_ctx_is_ok != 1) in mbedtls_ssl_validate_ciphersuite()
9360 if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && in mbedtls_ssl_validate_ciphersuite()
9361 mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) in mbedtls_ssl_validate_ciphersuite()
9364 return -1; in mbedtls_ssl_validate_ciphersuite()
9368 /* Don't suggest PSK-based ciphersuite if no PSK is available. */ in mbedtls_ssl_validate_ciphersuite()
9371 mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in mbedtls_ssl_validate_ciphersuite()
9372 return -1; in mbedtls_ssl_validate_ciphersuite()
9395 * SignatureScheme supported_signature_algorithms<2..2^16-2>;
9414 * supported_signature_algorithms<2..2^16-2>;
9434 * - extension_type (2 bytes) in mbedtls_ssl_write_sig_alg_ext()
9435 * - extension_data_length (2 bytes) in mbedtls_ssl_write_sig_alg_ext()
9436 * - supported_signature_algorithms_length (2 bytes) in mbedtls_ssl_write_sig_alg_ext()
9466 supported_sig_alg_len = (size_t) (p - supported_sig_alg); in mbedtls_ssl_write_sig_alg_ext()
9476 *out_len = (size_t) (p - buf); in mbedtls_ssl_write_sig_alg_ext()
9495 * opaque HostName<1..2^16-1>;
9504 * ServerName server_name_list<1..2^16-1>
9537 ssl->handshake->sni_name = p + 3; in mbedtls_ssl_parse_server_name_ext()
9538 ssl->handshake->sni_name_len = hostname_len; in mbedtls_ssl_parse_server_name_ext()
9539 if (ssl->conf->f_sni == NULL) { in mbedtls_ssl_parse_server_name_ext()
9542 ret = ssl->conf->f_sni(ssl->conf->p_sni, in mbedtls_ssl_parse_server_name_ext()
9573 if (ssl->conf->alpn_list == NULL) { in mbedtls_ssl_parse_alpn_ext()
9579 * opaque ProtocolName<1..2^8-1>; in mbedtls_ssl_parse_alpn_ext()
9582 * ProtocolName protocol_name_list<2..2^16-1> in mbedtls_ssl_parse_alpn_ext()
9615 for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { in mbedtls_ssl_parse_alpn_ext()
9622 ssl->alpn_chosen = *alpn; in mbedtls_ssl_parse_alpn_ext()
9646 if (ssl->alpn_chosen == NULL) { in mbedtls_ssl_write_alpn_ext()
9650 protocol_name_len = strlen(ssl->alpn_chosen); in mbedtls_ssl_write_alpn_ext()
9668 * than 255 bytes in `mbedtls_ssl_conf_alpn_protocols`. in mbedtls_ssl_write_alpn_ext()
9672 memcpy(p + 7, ssl->alpn_chosen, protocol_name_len); in mbedtls_ssl_write_alpn_ext()
9704 if (session->hostname != NULL) { in mbedtls_ssl_session_set_hostname()
9705 mbedtls_zeroize_and_free(session->hostname, in mbedtls_ssl_session_set_hostname()
9706 strlen(session->hostname)); in mbedtls_ssl_session_set_hostname()
9711 session->hostname = NULL; in mbedtls_ssl_session_set_hostname()
9713 session->hostname = mbedtls_calloc(1, hostname_len + 1); in mbedtls_ssl_session_set_hostname()
9714 if (session->hostname == NULL) { in mbedtls_ssl_session_set_hostname()
9718 memcpy(session->hostname, hostname, hostname_len); in mbedtls_ssl_session_set_hostname()
9743 if (session->ticket_alpn != NULL) { in mbedtls_ssl_session_set_ticket_alpn()
9744 mbedtls_zeroize_and_free(session->ticket_alpn, in mbedtls_ssl_session_set_ticket_alpn()
9745 strlen(session->ticket_alpn)); in mbedtls_ssl_session_set_ticket_alpn()
9746 session->ticket_alpn = NULL; in mbedtls_ssl_session_set_ticket_alpn()
9750 session->ticket_alpn = mbedtls_calloc(alpn_len + 1, 1); in mbedtls_ssl_session_set_ticket_alpn()
9751 if (session->ticket_alpn == NULL) { in mbedtls_ssl_session_set_ticket_alpn()
9754 memcpy(session->ticket_alpn, alpn, alpn_len); in mbedtls_ssl_session_set_ticket_alpn()
9787 switch (ciphersuite->key_exchange) { in mbedtls_ssl_check_cert_usage()
9825 ret = -1; in mbedtls_ssl_check_cert_usage()
9842 ret = -1; in mbedtls_ssl_check_cert_usage()
9854 if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT && in get_hostname_for_verification()
9855 ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { in get_hostname_for_verification()
9884 if (ssl->f_vrfy != NULL) { in mbedtls_ssl_verify_certificate()
9885 MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback")); in mbedtls_ssl_verify_certificate()
9886 f_vrfy = ssl->f_vrfy; in mbedtls_ssl_verify_certificate()
9887 p_vrfy = ssl->p_vrfy; in mbedtls_ssl_verify_certificate()
9889 MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback")); in mbedtls_ssl_verify_certificate()
9890 f_vrfy = ssl->conf->f_vrfy; in mbedtls_ssl_verify_certificate()
9891 p_vrfy = ssl->conf->p_vrfy; in mbedtls_ssl_verify_certificate()
9903 if (ssl->conf->f_ca_cb != NULL) { in mbedtls_ssl_verify_certificate()
9910 ssl->conf->f_ca_cb, in mbedtls_ssl_verify_certificate()
9911 ssl->conf->p_ca_cb, in mbedtls_ssl_verify_certificate()
9912 ssl->conf->cert_profile, in mbedtls_ssl_verify_certificate()
9914 &ssl->session_negotiate->verify_result, in mbedtls_ssl_verify_certificate()
9922 if (ssl->handshake->sni_ca_chain != NULL) { in mbedtls_ssl_verify_certificate()
9923 ca_chain = ssl->handshake->sni_ca_chain; in mbedtls_ssl_verify_certificate()
9924 ca_crl = ssl->handshake->sni_ca_crl; in mbedtls_ssl_verify_certificate()
9928 ca_chain = ssl->conf->ca_chain; in mbedtls_ssl_verify_certificate()
9929 ca_crl = ssl->conf->ca_crl; in mbedtls_ssl_verify_certificate()
9939 ssl->conf->cert_profile, in mbedtls_ssl_verify_certificate()
9941 &ssl->session_negotiate->verify_result, in mbedtls_ssl_verify_certificate()
9968 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && in mbedtls_ssl_verify_certificate()
9969 mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) { in mbedtls_ssl_verify_certificate()
9970 if (mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) { in mbedtls_ssl_verify_certificate()
9972 ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; in mbedtls_ssl_verify_certificate()
9983 ssl->conf->endpoint, in mbedtls_ssl_verify_certificate()
9984 ssl->tls_version, in mbedtls_ssl_verify_certificate()
9985 &ssl->session_negotiate->verify_result) != 0) { in mbedtls_ssl_verify_certificate()
9997 * - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: cert rejected by primary check; in mbedtls_ssl_verify_certificate()
9998 * - MBEDTLS_ERR_SSL_BAD_CERTIFICATE: cert rejected by secondary checks. in mbedtls_ssl_verify_certificate()
10007 * configuration - can't verify without trust anchors. */ in mbedtls_ssl_verify_certificate()
10018 may be a subject of debate in some cases. */ in mbedtls_ssl_verify_certificate()
10019 if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) { in mbedtls_ssl_verify_certificate()
10021 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) { in mbedtls_ssl_verify_certificate()
10023 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) { in mbedtls_ssl_verify_certificate()
10025 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) { in mbedtls_ssl_verify_certificate()
10027 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) { in mbedtls_ssl_verify_certificate()
10029 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) { in mbedtls_ssl_verify_certificate()
10031 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) { in mbedtls_ssl_verify_certificate()
10033 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) { in mbedtls_ssl_verify_certificate()
10035 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) { in mbedtls_ssl_verify_certificate()
10045 if (ssl->session_negotiate->verify_result != 0) { in mbedtls_ssl_verify_certificate()
10047 (unsigned int) ssl->session_negotiate->verify_result)); in mbedtls_ssl_verify_certificate()
10075 * as a 16-bit big-endian integer, and then the context itself. */ in mbedtls_ssl_tls12_export_keying_material()
10083 /* This does not overflow a 32-bit size_t because the current value of in mbedtls_ssl_tls12_export_keying_material()
10095 ssl->transform->randbytes + MBEDTLS_SERVER_HELLO_RANDOM_LEN, in mbedtls_ssl_tls12_export_keying_material()
10098 ssl->transform->randbytes, in mbedtls_ssl_tls12_export_keying_material()
10104 ret = tls_prf_generic(hash_alg, ssl->session->master, sizeof(ssl->session->master), in mbedtls_ssl_tls12_export_keying_material()
10125 const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; in mbedtls_ssl_tls13_export_keying_material()
10128 * struct as defined in RFC 8446, Section 7.1. in mbedtls_ssl_tls13_export_keying_material()
10130 * The length of the context is unlimited even though the context field in the in mbedtls_ssl_tls13_export_keying_material()
10132 * the context in the field. */ in mbedtls_ssl_tls13_export_keying_material()
10160 const mbedtls_md_type_t hash_alg = ciphersuite->mac; in mbedtls_ssl_export_keying_material()