Lines Matching refs:session
456 static int ssl_tls12_session_load(mbedtls_ssl_session *session,
500 static void ssl_clear_peer_cert(mbedtls_ssl_session *session) in ssl_clear_peer_cert() argument
503 if (session->peer_cert != NULL) { in ssl_clear_peer_cert()
504 mbedtls_x509_crt_free(session->peer_cert); in ssl_clear_peer_cert()
505 mbedtls_free(session->peer_cert); in ssl_clear_peer_cert()
506 session->peer_cert = NULL; in ssl_clear_peer_cert()
509 if (session->peer_cert_digest != NULL) { in ssl_clear_peer_cert()
511 mbedtls_free(session->peer_cert_digest); in ssl_clear_peer_cert()
512 session->peer_cert_digest = NULL; in ssl_clear_peer_cert()
513 session->peer_cert_digest_type = MBEDTLS_MD_NONE; in ssl_clear_peer_cert()
514 session->peer_cert_digest_len = 0; in ssl_clear_peer_cert()
1048 void mbedtls_ssl_session_init(mbedtls_ssl_session *session) in mbedtls_ssl_session_init() argument
1050 memset(session, 0, sizeof(mbedtls_ssl_session)); in mbedtls_ssl_session_init()
1576 if (ssl->session) { in mbedtls_ssl_session_reset_int()
1577 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_session_reset_int()
1578 mbedtls_free(ssl->session); in mbedtls_ssl_session_reset_int()
1579 ssl->session = NULL; in mbedtls_ssl_session_reset_int()
1736 int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) in mbedtls_ssl_set_session() argument
1741 session == NULL || in mbedtls_ssl_set_session()
1752 if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in mbedtls_ssl_set_session()
1755 mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); in mbedtls_ssl_set_session()
1761 session->ciphersuite)); in mbedtls_ssl_set_session()
1776 session)) != 0) { in mbedtls_ssl_set_session()
3143 if (ssl->session != NULL) { in mbedtls_ssl_get_verify_result()
3144 return ssl->session->verify_result; in mbedtls_ssl_get_verify_result()
3156 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_ciphersuite_id_from_ssl()
3160 return ssl->session->ciphersuite; in mbedtls_ssl_get_ciphersuite_id_from_ssl()
3165 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_ciphersuite()
3169 return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); in mbedtls_ssl_get_ciphersuite()
3202 if (ssl->session != NULL && in mbedtls_ssl_get_output_record_size_limit()
3203 ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && in mbedtls_ssl_get_output_record_size_limit()
3204 ssl->session->record_size_limit < max_len) { in mbedtls_ssl_get_output_record_size_limit()
3205 record_size_limit = ssl->session->record_size_limit; in mbedtls_ssl_get_output_record_size_limit()
3395 if (ssl == NULL || ssl->session == NULL) { in mbedtls_ssl_get_peer_cert()
3400 return ssl->session->peer_cert; in mbedtls_ssl_get_peer_cert()
3415 ssl->session == NULL || in mbedtls_ssl_get_session()
3431 if (ssl->session->exported == 1) { in mbedtls_ssl_get_session()
3435 ret = mbedtls_ssl_session_copy(dst, ssl->session); in mbedtls_ssl_get_session()
3441 ssl->session->exported = 1; in mbedtls_ssl_get_session()
3452 static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, in ssl_tls12_session_save() argument
3475 start = (uint64_t) session->start; in ssl_tls12_session_save()
3486 + sizeof(session->id) in ssl_tls12_session_save()
3487 + sizeof(session->master) in ssl_tls12_session_save()
3491 *p++ = MBEDTLS_BYTE_0(session->id_len); in ssl_tls12_session_save()
3492 memcpy(p, session->id, 32); in ssl_tls12_session_save()
3495 memcpy(p, session->master, 48); in ssl_tls12_session_save()
3498 MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); in ssl_tls12_session_save()
3507 if (session->peer_cert == NULL) { in ssl_tls12_session_save()
3510 cert_len = session->peer_cert->raw.len; in ssl_tls12_session_save()
3520 if (session->peer_cert != NULL) { in ssl_tls12_session_save()
3521 memcpy(p, session->peer_cert->raw.p, cert_len); in ssl_tls12_session_save()
3526 if (session->peer_cert_digest != NULL) { in ssl_tls12_session_save()
3527 used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; in ssl_tls12_session_save()
3529 *p++ = (unsigned char) session->peer_cert_digest_type; in ssl_tls12_session_save()
3530 *p++ = (unsigned char) session->peer_cert_digest_len; in ssl_tls12_session_save()
3531 memcpy(p, session->peer_cert_digest, in ssl_tls12_session_save()
3532 session->peer_cert_digest_len); in ssl_tls12_session_save()
3533 p += session->peer_cert_digest_len; in ssl_tls12_session_save()
3550 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls12_session_save()
3551 used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ in ssl_tls12_session_save()
3554 *p++ = MBEDTLS_BYTE_2(session->ticket_len); in ssl_tls12_session_save()
3555 *p++ = MBEDTLS_BYTE_1(session->ticket_len); in ssl_tls12_session_save()
3556 *p++ = MBEDTLS_BYTE_0(session->ticket_len); in ssl_tls12_session_save()
3558 if (session->ticket != NULL) { in ssl_tls12_session_save()
3559 memcpy(p, session->ticket, session->ticket_len); in ssl_tls12_session_save()
3560 p += session->ticket_len; in ssl_tls12_session_save()
3563 MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); in ssl_tls12_session_save()
3569 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls12_session_save()
3573 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); in ssl_tls12_session_save()
3587 *p++ = session->mfl_code; in ssl_tls12_session_save()
3595 *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); in ssl_tls12_session_save()
3603 static int ssl_tls12_session_load(mbedtls_ssl_session *session, in ssl_tls12_session_load() argument
3630 session->start = (time_t) start; in ssl_tls12_session_load()
3640 session->id_len = *p++; in ssl_tls12_session_load()
3641 memcpy(session->id, p, 32); in ssl_tls12_session_load()
3644 memcpy(session->master, p, 48); in ssl_tls12_session_load()
3647 session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls12_session_load()
3654 session->peer_cert = NULL; in ssl_tls12_session_load()
3656 session->peer_cert_digest = NULL; in ssl_tls12_session_load()
3660 session->ticket = NULL; in ssl_tls12_session_load()
3683 session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in ssl_tls12_session_load()
3685 if (session->peer_cert == NULL) { in ssl_tls12_session_load()
3689 mbedtls_x509_crt_init(session->peer_cert); in ssl_tls12_session_load()
3691 if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, in ssl_tls12_session_load()
3693 mbedtls_x509_crt_free(session->peer_cert); in ssl_tls12_session_load()
3694 mbedtls_free(session->peer_cert); in ssl_tls12_session_load()
3695 session->peer_cert = NULL; in ssl_tls12_session_load()
3707 session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; in ssl_tls12_session_load()
3708 session->peer_cert_digest_len = (size_t) *p++; in ssl_tls12_session_load()
3710 if (session->peer_cert_digest_len != 0) { in ssl_tls12_session_load()
3712 mbedtls_md_info_from_type(session->peer_cert_digest_type); in ssl_tls12_session_load()
3716 if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { in ssl_tls12_session_load()
3720 if (session->peer_cert_digest_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3724 session->peer_cert_digest = in ssl_tls12_session_load()
3725 mbedtls_calloc(1, session->peer_cert_digest_len); in ssl_tls12_session_load()
3726 if (session->peer_cert_digest == NULL) { in ssl_tls12_session_load()
3730 memcpy(session->peer_cert_digest, p, in ssl_tls12_session_load()
3731 session->peer_cert_digest_len); in ssl_tls12_session_load()
3732 p += session->peer_cert_digest_len; in ssl_tls12_session_load()
3742 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls12_session_load()
3747 session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); in ssl_tls12_session_load()
3750 if (session->ticket_len != 0) { in ssl_tls12_session_load()
3751 if (session->ticket_len > (size_t) (end - p)) { in ssl_tls12_session_load()
3755 session->ticket = mbedtls_calloc(1, session->ticket_len); in ssl_tls12_session_load()
3756 if (session->ticket == NULL) { in ssl_tls12_session_load()
3760 memcpy(session->ticket, p, session->ticket_len); in ssl_tls12_session_load()
3761 p += session->ticket_len; in ssl_tls12_session_load()
3768 session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls12_session_load()
3773 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls12_session_load()
3777 session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls12_session_load()
3791 session->mfl_code = *p++; in ssl_tls12_session_load()
3799 session->encrypt_then_mac = *p++; in ssl_tls12_session_load()
3819 static int ssl_tls13_session_save(const mbedtls_ssl_session *session, in ssl_tls13_session_save() argument
3827 size_t hostname_len = (session->hostname == NULL) ? in ssl_tls13_session_save()
3828 0 : strlen(session->hostname) + 1; in ssl_tls13_session_save()
3833 const size_t alpn_len = (session->ticket_alpn == NULL) ? in ssl_tls13_session_save()
3834 0 : strlen(session->ticket_alpn) + 1; in ssl_tls13_session_save()
3842 if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { in ssl_tls13_session_save()
3845 needed += session->resumption_key_len; /* resumption_key */ in ssl_tls13_session_save()
3859 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_save()
3868 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_save()
3878 if (session->ticket_len > SIZE_MAX - needed) { in ssl_tls13_session_save()
3882 needed += session->ticket_len; /* ticket */ in ssl_tls13_session_save()
3891 MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 0); in ssl_tls13_session_save()
3892 p[4] = session->ticket_flags; in ssl_tls13_session_save()
3895 p[5] = session->resumption_key_len; in ssl_tls13_session_save()
3897 memcpy(p, session->resumption_key, session->resumption_key_len); in ssl_tls13_session_save()
3898 p += session->resumption_key_len; in ssl_tls13_session_save()
3901 MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); in ssl_tls13_session_save()
3905 MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); in ssl_tls13_session_save()
3910 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_save()
3912 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); in ssl_tls13_session_save()
3922 memcpy(p, session->ticket_alpn, alpn_len); in ssl_tls13_session_save()
3930 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_save()
3936 memcpy(p, session->hostname, hostname_len); in ssl_tls13_session_save()
3942 MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); in ssl_tls13_session_save()
3945 MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); in ssl_tls13_session_save()
3948 MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); in ssl_tls13_session_save()
3951 if (session->ticket != NULL && session->ticket_len > 0) { in ssl_tls13_session_save()
3952 memcpy(p, session->ticket, session->ticket_len); in ssl_tls13_session_save()
3953 p += session->ticket_len; in ssl_tls13_session_save()
3961 static int ssl_tls13_session_load(mbedtls_ssl_session *session, in ssl_tls13_session_load() argument
3971 session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
3972 session->ticket_flags = p[4]; in ssl_tls13_session_load()
3975 session->resumption_key_len = p[5]; in ssl_tls13_session_load()
3978 if (end - p < session->resumption_key_len) { in ssl_tls13_session_load()
3982 if (sizeof(session->resumption_key) < session->resumption_key_len) { in ssl_tls13_session_load()
3985 memcpy(session->resumption_key, p, session->resumption_key_len); in ssl_tls13_session_load()
3986 p += session->resumption_key_len; in ssl_tls13_session_load()
3992 session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
3999 session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_tls13_session_load()
4004 if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_session_load()
4009 session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls13_session_load()
4028 int ret = mbedtls_ssl_session_set_ticket_alpn(session, (char *) p); in ssl_tls13_session_load()
4039 if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_session_load()
4053 session->hostname = mbedtls_calloc(1, hostname_len); in ssl_tls13_session_load()
4054 if (session->hostname == NULL) { in ssl_tls13_session_load()
4057 memcpy(session->hostname, p, hostname_len); in ssl_tls13_session_load()
4066 session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); in ssl_tls13_session_load()
4072 session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); in ssl_tls13_session_load()
4078 session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_tls13_session_load()
4081 if (end - p < (long int) session->ticket_len) { in ssl_tls13_session_load()
4084 if (session->ticket_len > 0) { in ssl_tls13_session_load()
4085 session->ticket = mbedtls_calloc(1, session->ticket_len); in ssl_tls13_session_load()
4086 if (session->ticket == NULL) { in ssl_tls13_session_load()
4089 memcpy(session->ticket, p, session->ticket_len); in ssl_tls13_session_load()
4090 p += session->ticket_len; in ssl_tls13_session_load()
4100 static int ssl_tls13_session_save(const mbedtls_ssl_session *session, in ssl_tls13_session_save() argument
4105 ((void) session); in ssl_tls13_session_save()
4112 static int ssl_tls13_session_load(const mbedtls_ssl_session *session, in ssl_tls13_session_load() argument
4116 ((void) session); in ssl_tls13_session_load()
4353 static int ssl_session_save(const mbedtls_ssl_session *session, in ssl_session_save() argument
4366 if (session == NULL) { in ssl_session_save()
4390 *p++ = MBEDTLS_BYTE_0(session->tls_version); in ssl_session_save()
4391 *p++ = session->endpoint; in ssl_session_save()
4392 MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); in ssl_session_save()
4398 switch (session->tls_version) { in ssl_session_save()
4401 used += ssl_tls12_session_save(session, p, remaining_len); in ssl_session_save()
4407 ret = ssl_tls13_session_save(session, p, remaining_len, &out_len); in ssl_session_save()
4430 int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, in mbedtls_ssl_session_save() argument
4435 return ssl_session_save(session, 0, buf, buf_len, olen); in mbedtls_ssl_session_save()
4445 static int ssl_session_load(mbedtls_ssl_session *session, in ssl_session_load() argument
4455 if (session == NULL) { in ssl_session_load()
4481 session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); in ssl_session_load()
4482 session->endpoint = *p++; in ssl_session_load()
4483 session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); in ssl_session_load()
4488 switch (session->tls_version) { in ssl_session_load()
4491 return ssl_tls12_session_load(session, p, remaining_len); in ssl_session_load()
4496 return ssl_tls13_session_load(session, p, remaining_len); in ssl_session_load()
4507 int mbedtls_ssl_session_load(mbedtls_ssl_session *session, in mbedtls_ssl_session_load() argument
4511 int ret = ssl_session_load(session, 0, buf, len); in mbedtls_ssl_session_load()
4514 mbedtls_ssl_session_free(session); in mbedtls_ssl_session_load()
4982 void mbedtls_ssl_session_free(mbedtls_ssl_session *session) in mbedtls_ssl_session_free() argument
4984 if (session == NULL) { in mbedtls_ssl_session_free()
4989 ssl_clear_peer_cert(session); in mbedtls_ssl_session_free()
4995 mbedtls_free(session->hostname); in mbedtls_ssl_session_free()
4997 mbedtls_free(session->ticket); in mbedtls_ssl_session_free()
5002 mbedtls_free(session->ticket_alpn); in mbedtls_ssl_session_free()
5005 mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); in mbedtls_ssl_session_free()
5123 if (ssl->transform == NULL || ssl->session == NULL) { in mbedtls_ssl_context_save()
5173 ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); in mbedtls_ssl_context_save()
5183 ret = ssl_session_save(ssl->session, 1, in mbedtls_ssl_context_save()
5314 ssl->session != NULL) { in ssl_context_load()
5360 ssl->session = ssl->session_negotiate; in ssl_context_load()
5361 ssl->session_in = ssl->session; in ssl_context_load()
5362 ssl->session_out = ssl->session; in ssl_context_load()
5369 ret = ssl_session_load(ssl->session, 1, p, session_len); in ssl_context_load()
5371 mbedtls_ssl_session_free(ssl->session); in ssl_context_load()
5391 prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite); in ssl_context_load()
5402 ssl->session->ciphersuite, in ssl_context_load()
5403 ssl->session->master, in ssl_context_load()
5405 ssl->session->encrypt_then_mac, in ssl_context_load()
5629 if (ssl->session) { in mbedtls_ssl_free()
5630 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_free()
5631 mbedtls_free(ssl->session); in mbedtls_ssl_free()
7702 mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; in ssl_check_peer_crt_unchanged()
7722 ssl->session->peer_cert_digest; in ssl_check_peer_crt_unchanged()
7724 ssl->session->peer_cert_digest_type; in ssl_check_peer_crt_unchanged()
7855 ssl_clear_peer_cert(ssl->session); in ssl_parse_certificate_chain()
8177 mbedtls_ssl_session *session = ssl->session_negotiate; in ssl_calc_finished_tls_generic() local
8178 if (!session) { in ssl_calc_finished_tls_generic()
8179 session = ssl->session; in ssl_calc_finished_tls_generic()
8224 ssl->handshake->tls_prf(session->master, 48, sender, in ssl_calc_finished_tls_generic()
8316 if (ssl->session) { in mbedtls_ssl_handshake_wrapup()
8320 ssl->session->encrypt_then_mac; in mbedtls_ssl_handshake_wrapup()
8323 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_handshake_wrapup()
8324 mbedtls_free(ssl->session); in mbedtls_ssl_handshake_wrapup()
8326 ssl->session = ssl->session_negotiate; in mbedtls_ssl_handshake_wrapup()
8333 ssl->session->id_len != 0 && in mbedtls_ssl_handshake_wrapup()
8336 ssl->session->id, in mbedtls_ssl_handshake_wrapup()
8337 ssl->session->id_len, in mbedtls_ssl_handshake_wrapup()
8338 ssl->session) != 0) { in mbedtls_ssl_handshake_wrapup()
9686 int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, in mbedtls_ssl_session_set_hostname() argument
9704 if (session->hostname != NULL) { in mbedtls_ssl_session_set_hostname()
9705 mbedtls_zeroize_and_free(session->hostname, in mbedtls_ssl_session_set_hostname()
9706 strlen(session->hostname)); in mbedtls_ssl_session_set_hostname()
9711 session->hostname = NULL; in mbedtls_ssl_session_set_hostname()
9713 session->hostname = mbedtls_calloc(1, hostname_len + 1); in mbedtls_ssl_session_set_hostname()
9714 if (session->hostname == NULL) { in mbedtls_ssl_session_set_hostname()
9718 memcpy(session->hostname, hostname, hostname_len); in mbedtls_ssl_session_set_hostname()
9730 int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session, in mbedtls_ssl_session_set_ticket_alpn() argument
9743 if (session->ticket_alpn != NULL) { in mbedtls_ssl_session_set_ticket_alpn()
9744 mbedtls_zeroize_and_free(session->ticket_alpn, in mbedtls_ssl_session_set_ticket_alpn()
9745 strlen(session->ticket_alpn)); in mbedtls_ssl_session_set_ticket_alpn()
9746 session->ticket_alpn = NULL; in mbedtls_ssl_session_set_ticket_alpn()
9750 session->ticket_alpn = mbedtls_calloc(alpn_len + 1, 1); in mbedtls_ssl_session_set_ticket_alpn()
9751 if (session->ticket_alpn == NULL) { in mbedtls_ssl_session_set_ticket_alpn()
9754 memcpy(session->ticket_alpn, alpn, alpn_len); in mbedtls_ssl_session_set_ticket_alpn()
10104 ret = tls_prf_generic(hash_alg, ssl->session->master, sizeof(ssl->session->master), in mbedtls_ssl_tls12_export_keying_material()
10125 const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; in mbedtls_ssl_tls13_export_keying_material()