Lines Matching refs:conf
84 int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_cid() argument
97 conf->ignore_unexpected_cid = ignore_other_cid; in mbedtls_ssl_conf_cid()
98 conf->cid_len = len; in mbedtls_ssl_conf_cid()
107 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_set_cid()
119 if (own_cid_len != ssl->conf->cid_len) { in mbedtls_ssl_set_cid()
122 (unsigned) ssl->conf->cid_len)); in mbedtls_ssl_set_cid()
141 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_get_own_cid()
171 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in mbedtls_ssl_get_peer_cid()
1146 ssl->conf->new_session_tickets_count; in ssl_handshake_init()
1150 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_handshake_init()
1153 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_handshake_init()
1171 if (ssl->conf->curve_list != NULL) { in ssl_handshake_init()
1173 const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; in ssl_handshake_init()
1199 ssl->handshake->group_list = ssl->conf->group_list; in ssl_handshake_init()
1210 if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && in ssl_handshake_init()
1211 ssl->conf->sig_hashes != NULL) { in ssl_handshake_init()
1213 const int *sig_hashes = ssl->conf->sig_hashes; in ssl_handshake_init()
1316 const mbedtls_ssl_config *conf = ssl->conf; in ssl_conf_version_check() local
1319 if (mbedtls_ssl_conf_is_tls13_only(conf)) { in ssl_conf_version_check()
1320 if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_conf_version_check()
1331 if (mbedtls_ssl_conf_is_tls12_only(conf)) { in ssl_conf_version_check()
1338 if (mbedtls_ssl_conf_is_hybrid_tls12_tls13(conf)) { in ssl_conf_version_check()
1339 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_conf_version_check()
1362 if (ssl->conf->f_rng == NULL) { in ssl_conf_check()
1377 const mbedtls_ssl_config *conf) in mbedtls_ssl_setup() argument
1383 ssl->conf = conf; in mbedtls_ssl_setup()
1388 ssl->tls_version = ssl->conf->max_tls_version; in mbedtls_ssl_setup()
1434 ssl->conf = NULL; in mbedtls_ssl_setup()
1559 ssl->tls_version = ssl->conf->max_tls_version; in mbedtls_ssl_session_reset_int()
1617 void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint) in mbedtls_ssl_conf_endpoint() argument
1619 conf->endpoint = endpoint; in mbedtls_ssl_conf_endpoint()
1622 void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport) in mbedtls_ssl_conf_transport() argument
1624 conf->transport = transport; in mbedtls_ssl_conf_transport()
1628 void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode) in mbedtls_ssl_conf_dtls_anti_replay() argument
1630 conf->anti_replay = mode; in mbedtls_ssl_conf_dtls_anti_replay()
1634 void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit) in mbedtls_ssl_conf_dtls_badmac_limit() argument
1636 conf->badmac_limit = limit; in mbedtls_ssl_conf_dtls_badmac_limit()
1647 void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_handshake_timeout() argument
1650 conf->hs_timeout_min = min; in mbedtls_ssl_conf_handshake_timeout()
1651 conf->hs_timeout_max = max; in mbedtls_ssl_conf_handshake_timeout()
1655 void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode) in mbedtls_ssl_conf_authmode() argument
1657 conf->authmode = authmode; in mbedtls_ssl_conf_authmode()
1661 void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_verify() argument
1665 conf->f_vrfy = f_vrfy; in mbedtls_ssl_conf_verify()
1666 conf->p_vrfy = p_vrfy; in mbedtls_ssl_conf_verify()
1670 void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_rng() argument
1674 conf->f_rng = f_rng; in mbedtls_ssl_conf_rng()
1675 conf->p_rng = p_rng; in mbedtls_ssl_conf_rng()
1678 void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dbg() argument
1682 conf->f_dbg = f_dbg; in mbedtls_ssl_conf_dbg()
1683 conf->p_dbg = p_dbg; in mbedtls_ssl_conf_dbg()
1705 void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout) in mbedtls_ssl_conf_read_timeout() argument
1707 conf->read_timeout = timeout; in mbedtls_ssl_conf_read_timeout()
1724 void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_session_cache() argument
1729 conf->p_cache = p_cache; in mbedtls_ssl_conf_session_cache()
1730 conf->f_get_cache = f_get_cache; in mbedtls_ssl_conf_session_cache()
1731 conf->f_set_cache = f_set_cache; in mbedtls_ssl_conf_session_cache()
1743 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_set_session()
1786 void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_ciphersuites() argument
1789 conf->ciphersuite_list = ciphersuites; in mbedtls_ssl_conf_ciphersuites()
1793 void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_tls13_key_exchange_modes() argument
1796 conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; in mbedtls_ssl_conf_tls13_key_exchange_modes()
1800 void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_early_data() argument
1803 conf->early_data_enabled = early_data_enabled; in mbedtls_ssl_conf_early_data()
1808 mbedtls_ssl_config *conf, uint32_t max_early_data_size) in mbedtls_ssl_conf_max_early_data_size() argument
1810 conf->max_early_data_size = max_early_data_size; in mbedtls_ssl_conf_max_early_data_size()
1818 void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_cert_profile() argument
1821 conf->cert_profile = profile; in mbedtls_ssl_conf_cert_profile()
1873 int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_own_cert() argument
1877 return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key); in mbedtls_ssl_conf_own_cert()
1880 void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_ca_chain() argument
1884 conf->ca_chain = ca_chain; in mbedtls_ssl_conf_ca_chain()
1885 conf->ca_crl = ca_crl; in mbedtls_ssl_conf_ca_chain()
1890 conf->f_ca_cb = NULL; in mbedtls_ssl_conf_ca_chain()
1891 conf->p_ca_cb = NULL; in mbedtls_ssl_conf_ca_chain()
1896 void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_ca_cb() argument
1900 conf->f_ca_cb = f_ca_cb; in mbedtls_ssl_conf_ca_cb()
1901 conf->p_ca_cb = p_ca_cb; in mbedtls_ssl_conf_ca_cb()
1905 conf->ca_chain = NULL; in mbedtls_ssl_conf_ca_cb()
1906 conf->ca_crl = NULL; in mbedtls_ssl_conf_ca_cb()
1988 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_hs_ecjpake_password_common()
2027 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password()
2062 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password_opaque()
2085 if (ssl->handshake == NULL || ssl->conf == NULL) { in mbedtls_ssl_set_hs_ecjpake_password()
2094 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_hs_ecjpake_password()
2110 int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) in mbedtls_ssl_conf_has_static_psk() argument
2112 if (conf->psk_identity == NULL || in mbedtls_ssl_conf_has_static_psk()
2113 conf->psk_identity_len == 0) { in mbedtls_ssl_conf_has_static_psk()
2118 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in mbedtls_ssl_conf_has_static_psk()
2123 if (conf->psk != NULL && conf->psk_len != 0) { in mbedtls_ssl_conf_has_static_psk()
2130 static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) in ssl_conf_remove_psk() argument
2134 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in ssl_conf_remove_psk()
2137 conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in ssl_conf_remove_psk()
2140 if (conf->psk != NULL) { in ssl_conf_remove_psk()
2141 mbedtls_zeroize_and_free(conf->psk, conf->psk_len); in ssl_conf_remove_psk()
2142 conf->psk = NULL; in ssl_conf_remove_psk()
2143 conf->psk_len = 0; in ssl_conf_remove_psk()
2147 if (conf->psk_identity != NULL) { in ssl_conf_remove_psk()
2148 mbedtls_free(conf->psk_identity); in ssl_conf_remove_psk()
2149 conf->psk_identity = NULL; in ssl_conf_remove_psk()
2150 conf->psk_identity_len = 0; in ssl_conf_remove_psk()
2159 static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf, in ssl_conf_set_psk_identity() argument
2171 conf->psk_identity = mbedtls_calloc(1, psk_identity_len); in ssl_conf_set_psk_identity()
2172 if (conf->psk_identity == NULL) { in ssl_conf_set_psk_identity()
2176 conf->psk_identity_len = psk_identity_len; in ssl_conf_set_psk_identity()
2177 memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); in ssl_conf_set_psk_identity()
2182 int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_psk() argument
2189 if (mbedtls_ssl_conf_has_static_psk(conf)) { in mbedtls_ssl_conf_psk()
2204 if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { in mbedtls_ssl_conf_psk()
2207 conf->psk_len = psk_len; in mbedtls_ssl_conf_psk()
2208 memcpy(conf->psk, psk, conf->psk_len); in mbedtls_ssl_conf_psk()
2211 ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); in mbedtls_ssl_conf_psk()
2213 ssl_conf_remove_psk(conf); in mbedtls_ssl_conf_psk()
2305 int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_psk_opaque() argument
2313 if (mbedtls_ssl_conf_has_static_psk(conf)) { in mbedtls_ssl_conf_psk_opaque()
2321 conf->psk_opaque = psk; in mbedtls_ssl_conf_psk_opaque()
2324 ret = ssl_conf_set_psk_identity(conf, psk_identity, in mbedtls_ssl_conf_psk_opaque()
2327 ssl_conf_remove_psk(conf); in mbedtls_ssl_conf_psk_opaque()
2348 void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_psk_cb() argument
2353 conf->f_psk = f_psk; in mbedtls_ssl_conf_psk_cb()
2354 conf->p_psk = p_psk; in mbedtls_ssl_conf_psk_cb()
2668 int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dh_param_bin() argument
2674 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_bin()
2675 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_bin()
2677 if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || in mbedtls_ssl_conf_dh_param_bin()
2678 (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { in mbedtls_ssl_conf_dh_param_bin()
2679 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_bin()
2680 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_bin()
2687 int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) in mbedtls_ssl_conf_dh_param_ctx() argument
2691 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_ctx()
2692 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_ctx()
2695 &conf->dhm_P)) != 0 || in mbedtls_ssl_conf_dh_param_ctx()
2697 &conf->dhm_G)) != 0) { in mbedtls_ssl_conf_dh_param_ctx()
2698 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_conf_dh_param_ctx()
2699 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_conf_dh_param_ctx()
2711 void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dhm_min_bitlen() argument
2714 conf->dhm_min_bitlen = bitlen; in mbedtls_ssl_conf_dhm_min_bitlen()
2723 void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_sig_hashes() argument
2726 conf->sig_hashes = hashes; in mbedtls_ssl_conf_sig_hashes()
2731 void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_sig_algs() argument
2735 conf->sig_hashes = NULL; in mbedtls_ssl_conf_sig_algs()
2737 conf->sig_algs = sig_algs; in mbedtls_ssl_conf_sig_algs()
2751 void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_curves() argument
2754 conf->curve_list = curve_list; in mbedtls_ssl_conf_curves()
2755 conf->group_list = NULL; in mbedtls_ssl_conf_curves()
2763 void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_groups() argument
2767 conf->curve_list = NULL; in mbedtls_ssl_conf_groups()
2769 conf->group_list = group_list; in mbedtls_ssl_conf_groups()
2863 void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_sni() argument
2868 conf->f_sni = f_sni; in mbedtls_ssl_conf_sni()
2869 conf->p_sni = p_sni; in mbedtls_ssl_conf_sni()
2874 int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) in mbedtls_ssl_conf_alpn_protocols() argument
2896 conf->alpn_list = protos; in mbedtls_ssl_conf_alpn_protocols()
2908 void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_srtp_mki_value_supported() argument
2911 conf->dtls_srtp_mki_support = support_mki_value; in mbedtls_ssl_conf_srtp_mki_value_supported()
2922 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { in mbedtls_ssl_dtls_srtp_set_mki_value()
2931 int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_dtls_srtp_protection_profiles() argument
2951 conf->dtls_srtp_profile_list = NULL; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2952 conf->dtls_srtp_profile_list_len = 0; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2956 conf->dtls_srtp_profile_list = profiles; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2957 conf->dtls_srtp_profile_list_len = list_size; in mbedtls_ssl_conf_dtls_srtp_protection_profiles()
2978 void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) in mbedtls_ssl_conf_max_version() argument
2980 conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); in mbedtls_ssl_conf_max_version()
2983 void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) in mbedtls_ssl_conf_min_version() argument
2985 conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); in mbedtls_ssl_conf_min_version()
2990 void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_cert_req_ca_list() argument
2993 conf->cert_req_ca_list = cert_req_ca_list; in mbedtls_ssl_conf_cert_req_ca_list()
2998 void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm) in mbedtls_ssl_conf_encrypt_then_mac() argument
3000 conf->encrypt_then_mac = etm; in mbedtls_ssl_conf_encrypt_then_mac()
3005 void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems) in mbedtls_ssl_conf_extended_master_secret() argument
3007 conf->extended_ms = ems; in mbedtls_ssl_conf_extended_master_secret()
3012 int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code) in mbedtls_ssl_conf_max_frag_len() argument
3019 conf->mfl_code = mfl_code; in mbedtls_ssl_conf_max_frag_len()
3025 void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy) in mbedtls_ssl_conf_legacy_renegotiation() argument
3027 conf->allow_legacy_renegotiation = allow_legacy; in mbedtls_ssl_conf_legacy_renegotiation()
3031 void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation) in mbedtls_ssl_conf_renegotiation() argument
3033 conf->disable_renegotiation = renegotiation; in mbedtls_ssl_conf_renegotiation()
3036 void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records) in mbedtls_ssl_conf_renegotiation_enforced() argument
3038 conf->renego_max_records = max_records; in mbedtls_ssl_conf_renegotiation_enforced()
3041 void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_renegotiation_period() argument
3044 memcpy(conf->renego_period, period, 8); in mbedtls_ssl_conf_renegotiation_period()
3051 void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) in mbedtls_ssl_conf_session_tickets() argument
3053 conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK; in mbedtls_ssl_conf_session_tickets()
3054 conf->session_tickets |= (use_tickets != 0) << in mbedtls_ssl_conf_session_tickets()
3060 mbedtls_ssl_config *conf, int signal_new_session_tickets) in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() argument
3062 conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK; in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()
3063 conf->session_tickets |= (signal_new_session_tickets != 0) << in mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()
3072 void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_new_session_tickets() argument
3075 conf->new_session_tickets_count = num_tickets; in mbedtls_ssl_conf_new_session_tickets()
3079 void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, in mbedtls_ssl_conf_session_tickets_cb() argument
3084 conf->f_ticket_write = f_ticket_write; in mbedtls_ssl_conf_session_tickets_cb()
3085 conf->f_ticket_parse = f_ticket_parse; in mbedtls_ssl_conf_session_tickets_cb()
3086 conf->p_ticket = p_ticket; in mbedtls_ssl_conf_session_tickets_cb()
3101 mbedtls_ssl_config *conf, in mbedtls_ssl_conf_async_private_cb() argument
3108 conf->f_async_sign_start = f_async_sign; in mbedtls_ssl_conf_async_private_cb()
3109 conf->f_async_decrypt_start = f_async_decrypt; in mbedtls_ssl_conf_async_private_cb()
3110 conf->f_async_resume = f_async_resume; in mbedtls_ssl_conf_async_private_cb()
3111 conf->f_async_cancel = f_async_cancel; in mbedtls_ssl_conf_async_private_cb()
3112 conf->p_async_config_data = async_config_data; in mbedtls_ssl_conf_async_private_cb()
3115 void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf) in mbedtls_ssl_conf_get_async_config_data() argument
3117 return conf->p_async_config_data; in mbedtls_ssl_conf_get_async_config_data()
3175 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_get_version()
3228 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_get_input_max_frag_len()
3230 return ssl_mfl_code_to_length(ssl->conf->mfl_code); in mbedtls_ssl_get_input_max_frag_len()
3260 max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); in mbedtls_ssl_get_output_max_frag_len()
3282 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in mbedtls_ssl_get_current_mtu()
3416 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_get_session()
4548 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_prepare_handshake_step()
4564 ssl->conf == NULL || in mbedtls_ssl_handshake_step()
4585 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_handshake_step()
4616 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_handshake_step()
4654 if (ssl == NULL || ssl->conf == NULL) { in mbedtls_ssl_handshake()
4659 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake()
4732 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_start_renegotiation()
4734 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_start_renegotiation()
4763 if (ssl == NULL || ssl->conf == NULL) { in mbedtls_ssl_renegotiate()
4769 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_renegotiate()
4843 if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { in mbedtls_ssl_handshake_free()
4844 ssl->conf->f_async_cancel(ssl); in mbedtls_ssl_handshake_free()
5137 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_context_save()
5153 if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { in mbedtls_ssl_context_save()
5324 ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || in ssl_context_load()
5326 ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || in ssl_context_load()
5327 ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || in ssl_context_load()
5328 ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 in ssl_context_load()
5410 ssl->conf->endpoint, in ssl_context_load()
5499 if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { in ssl_context_load()
5501 for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { in ssl_context_load()
5651 void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) in mbedtls_ssl_config_init() argument
5653 memset(conf, 0, sizeof(mbedtls_ssl_config)); in mbedtls_ssl_config_init()
5887 int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, in mbedtls_ssl_config_defaults() argument
5920 mbedtls_ssl_conf_endpoint(conf, endpoint); in mbedtls_ssl_config_defaults()
5921 mbedtls_ssl_conf_transport(conf, transport); in mbedtls_ssl_config_defaults()
5928 conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; in mbedtls_ssl_config_defaults()
5930 mbedtls_ssl_conf_session_tickets(conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED); in mbedtls_ssl_config_defaults()
5955 conf, MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED); in mbedtls_ssl_config_defaults()
5962 conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in mbedtls_ssl_config_defaults()
5966 conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in mbedtls_ssl_config_defaults()
5970 conf->f_cookie_write = ssl_cookie_write_dummy; in mbedtls_ssl_config_defaults()
5971 conf->f_cookie_check = ssl_cookie_check_dummy; in mbedtls_ssl_config_defaults()
5975 conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; in mbedtls_ssl_config_defaults()
5979 conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; in mbedtls_ssl_config_defaults()
5980 conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; in mbedtls_ssl_config_defaults()
5984 conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; in mbedtls_ssl_config_defaults()
5985 conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; in mbedtls_ssl_config_defaults()
5989 conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; in mbedtls_ssl_config_defaults()
5990 memset(conf->renego_period, 0x00, 2); in mbedtls_ssl_config_defaults()
5991 memset(conf->renego_period + 2, 0xFF, 6); in mbedtls_ssl_config_defaults()
6001 if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, in mbedtls_ssl_config_defaults()
6012 mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); in mbedtls_ssl_config_defaults()
6014 mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); in mbedtls_ssl_config_defaults()
6020 conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS); in mbedtls_ssl_config_defaults()
6025 conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; in mbedtls_ssl_config_defaults()
6030 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6031 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6037 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6038 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
6040 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
6041 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in mbedtls_ssl_config_defaults()
6043 conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6044 conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in mbedtls_ssl_config_defaults()
6059 conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; in mbedtls_ssl_config_defaults()
6062 conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; in mbedtls_ssl_config_defaults()
6067 if (mbedtls_ssl_conf_is_tls12_only(conf)) { in mbedtls_ssl_config_defaults()
6068 conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; in mbedtls_ssl_config_defaults()
6071 conf->sig_algs = ssl_preset_suiteb_sig_algs; in mbedtls_ssl_config_defaults()
6075 conf->curve_list = NULL; in mbedtls_ssl_config_defaults()
6077 conf->group_list = ssl_preset_suiteb_groups; in mbedtls_ssl_config_defaults()
6085 conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); in mbedtls_ssl_config_defaults()
6088 conf->cert_profile = &mbedtls_x509_crt_profile_default; in mbedtls_ssl_config_defaults()
6093 if (mbedtls_ssl_conf_is_tls12_only(conf)) { in mbedtls_ssl_config_defaults()
6094 conf->sig_algs = ssl_tls12_preset_default_sig_algs; in mbedtls_ssl_config_defaults()
6097 conf->sig_algs = ssl_preset_default_sig_algs; in mbedtls_ssl_config_defaults()
6101 conf->curve_list = NULL; in mbedtls_ssl_config_defaults()
6103 conf->group_list = ssl_preset_default_groups; in mbedtls_ssl_config_defaults()
6106 conf->dhm_min_bitlen = 1024; in mbedtls_ssl_config_defaults()
6116 void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) in mbedtls_ssl_config_free() argument
6118 if (conf == NULL) { in mbedtls_ssl_config_free()
6123 mbedtls_mpi_free(&conf->dhm_P); in mbedtls_ssl_config_free()
6124 mbedtls_mpi_free(&conf->dhm_G); in mbedtls_ssl_config_free()
6129 if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { in mbedtls_ssl_config_free()
6130 conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_config_free()
6133 if (conf->psk != NULL) { in mbedtls_ssl_config_free()
6134 mbedtls_zeroize_and_free(conf->psk, conf->psk_len); in mbedtls_ssl_config_free()
6135 conf->psk = NULL; in mbedtls_ssl_config_free()
6136 conf->psk_len = 0; in mbedtls_ssl_config_free()
6139 if (conf->psk_identity != NULL) { in mbedtls_ssl_config_free()
6140 mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); in mbedtls_ssl_config_free()
6141 conf->psk_identity = NULL; in mbedtls_ssl_config_free()
6142 conf->psk_identity_len = 0; in mbedtls_ssl_config_free()
6147 ssl_key_cert_free(conf->key_cert); in mbedtls_ssl_config_free()
6150 mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); in mbedtls_ssl_config_free()
7133 ssl->conf->psk, ssl->conf->psk_len, in ssl_compute_master()
7270 ssl->conf->endpoint, in mbedtls_ssl_derive_keys()
7482 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in mbedtls_ssl_psk_derive_premaster()
7499 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in mbedtls_ssl_psk_derive_premaster()
7546 if (ssl->conf->renego_max_records < 0) { in mbedtls_ssl_resend_hello_request()
7547 uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; in mbedtls_ssl_resend_hello_request()
7625 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_write_certificate()
7634 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_write_certificate()
7837 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && in ssl_parse_certificate_chain()
7901 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_srv_check_client_no_crt_notification()
7936 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_parse_certificate_coordinate()
8014 : ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
8016 const int authmode = ssl->conf->authmode; in mbedtls_ssl_parse_certificate()
8332 if (ssl->conf->f_set_cache != NULL && in mbedtls_ssl_handshake_wrapup()
8335 if (ssl->conf->f_set_cache(ssl->conf->p_cache, in mbedtls_ssl_handshake_wrapup()
8344 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake_wrapup()
8370 ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); in mbedtls_ssl_write_finished()
8399 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_write_finished()
8404 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_write_finished()
8419 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_finished()
8451 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_finished()
8462 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_write_finished()
8484 ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); in mbedtls_ssl_parse_finished()
8534 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in mbedtls_ssl_parse_finished()
8539 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_parse_finished()
8548 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_parse_finished()
9371 mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { in mbedtls_ssl_validate_ciphersuite()
9539 if (ssl->conf->f_sni == NULL) { in mbedtls_ssl_parse_server_name_ext()
9542 ret = ssl->conf->f_sni(ssl->conf->p_sni, in mbedtls_ssl_parse_server_name_ext()
9573 if (ssl->conf->alpn_list == NULL) { in mbedtls_ssl_parse_alpn_ext()
9615 for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { in mbedtls_ssl_parse_alpn_ext()
9854 if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT && in get_hostname_for_verification()
9855 ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { in get_hostname_for_verification()
9890 f_vrfy = ssl->conf->f_vrfy; in mbedtls_ssl_verify_certificate()
9891 p_vrfy = ssl->conf->p_vrfy; in mbedtls_ssl_verify_certificate()
9903 if (ssl->conf->f_ca_cb != NULL) { in mbedtls_ssl_verify_certificate()
9910 ssl->conf->f_ca_cb, in mbedtls_ssl_verify_certificate()
9911 ssl->conf->p_ca_cb, in mbedtls_ssl_verify_certificate()
9912 ssl->conf->cert_profile, in mbedtls_ssl_verify_certificate()
9928 ca_chain = ssl->conf->ca_chain; in mbedtls_ssl_verify_certificate()
9929 ca_crl = ssl->conf->ca_crl; in mbedtls_ssl_verify_certificate()
9939 ssl->conf->cert_profile, in mbedtls_ssl_verify_certificate()
9983 ssl->conf->endpoint, in mbedtls_ssl_verify_certificate()