141     if (ssl->handshake->psa_pake_ctx_is_ok != 1) {  in ssl_write_ecjpake_kkpp_ext()
145     if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {  in ssl_write_ecjpake_kkpp_ext()
163     if (ssl->handshake->ecjpake_cache == NULL ||  in ssl_write_ecjpake_kkpp_ext()
164         ssl->handshake->ecjpake_cache_len == 0) {  in ssl_write_ecjpake_kkpp_ext()
168         ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,  in ssl_write_ecjpake_kkpp_ext()
172             psa_destroy_key(ssl->handshake->psa_pake_password);  in ssl_write_ecjpake_kkpp_ext()
173             psa_pake_abort(&ssl->handshake->psa_pake_ctx);  in ssl_write_ecjpake_kkpp_ext()
178         ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,  in ssl_write_ecjpake_kkpp_ext()
188         ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len);  in ssl_write_ecjpake_kkpp_ext()
189         if (ssl->handshake->ecjpake_cache == NULL) {  in ssl_write_ecjpake_kkpp_ext()
194         memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len);  in ssl_write_ecjpake_kkpp_ext()
195         ssl->handshake->ecjpake_cache_len = kkpp_len;  in ssl_write_ecjpake_kkpp_ext()
199         kkpp_len = ssl->handshake->ecjpake_cache_len;  in ssl_write_ecjpake_kkpp_ext()
202         memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len);  in ssl_write_ecjpake_kkpp_ext()
724     ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;  in ssl_parse_cid_ext()
725     ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;  in ssl_parse_cid_ext()
726     memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);  in ssl_parse_cid_ext()
779     ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;  in ssl_parse_extended_ms_ext()
805     ssl->handshake->new_session_ticket = 1;  in ssl_parse_session_ticket_ext()
836             ssl->handshake->ecdh_ctx.point_format = p[0];  in ssl_parse_supported_point_formats_ext()
840             mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,  in ssl_parse_supported_point_formats_ext()
868     if (ssl->handshake->ciphersuite_info->key_exchange !=  in ssl_parse_ecjpake_kkpp()
875     mbedtls_free(ssl->handshake->ecjpake_cache);  in ssl_parse_ecjpake_kkpp()
876     ssl->handshake->ecjpake_cache = NULL;  in ssl_parse_ecjpake_kkpp()
877     ssl->handshake->ecjpake_cache_len = 0;  in ssl_parse_ecjpake_kkpp()
881              &ssl->handshake->psa_pake_ctx, buf, len,  in ssl_parse_ecjpake_kkpp()
883         psa_destroy_key(ssl->handshake->psa_pake_password);  in ssl_parse_ecjpake_kkpp()
884         psa_pake_abort(&ssl->handshake->psa_pake_ctx);  in ssl_parse_ecjpake_kkpp()
896     if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,  in ssl_parse_ecjpake_kkpp()
1154     mbedtls_free(ssl->handshake->cookie);  in ssl_parse_hello_verify_request()
1156     ssl->handshake->cookie = mbedtls_calloc(1, cookie_len);  in ssl_parse_hello_verify_request()
1157     if (ssl->handshake->cookie  == NULL) {  in ssl_parse_hello_verify_request()
1162     memcpy(ssl->handshake->cookie, p, cookie_len);  in ssl_parse_hello_verify_request()
1163     ssl->handshake->cookie_len = cookie_len;  in ssl_parse_hello_verify_request()
1241             mbedtls_free(ssl->handshake->cookie);  in ssl_parse_server_hello()
1242             ssl->handshake->cookie = NULL;  in ssl_parse_server_hello()
1243             ssl->handshake->cookie_len = 0;  in ssl_parse_server_hello()
1296     memcpy(ssl->handshake->randbytes + 32, buf + 2, 32);  in ssl_parse_server_hello()
1351     ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i);  in ssl_parse_server_hello()
1352     if (ssl->handshake->ciphersuite_info == NULL) {  in ssl_parse_server_hello()
1360     mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info);  in ssl_parse_server_hello()
1368     if (ssl->handshake->resume == 0 || n == 0 ||  in ssl_parse_server_hello()
1376         ssl->handshake->resume = 0;  in ssl_parse_server_hello()
1388                               ssl->handshake->resume ? "a" : "no"));  in ssl_parse_server_hello()
1432         ssl->handshake->ecrs_enabled = 1;  in ssl_parse_server_hello()
1610     if (ssl->handshake->resume) {  in ssl_parse_server_hello()
1685     if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx,  in ssl_parse_server_dh_params()
1691     dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx);  in ssl_parse_server_dh_params()
1699     MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);  in ssl_parse_server_dh_params()
1700     MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);  in ssl_parse_server_dh_params()
1701     MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);  in ssl_parse_server_dh_params()
1719     mbedtls_ssl_handshake_params *handshake = ssl->handshake;  in ssl_parse_server_ecdh_params()  local
1760     handshake->xxdh_psa_type = key_type;  in ssl_parse_server_ecdh_params()
1761     handshake->xxdh_psa_bits = ec_bits;  in ssl_parse_server_ecdh_params()
1769     if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {  in ssl_parse_server_ecdh_params()
1773     memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);  in ssl_parse_server_ecdh_params()
1774     handshake->xxdh_psa_peerkey_len = ecpoint_len;  in ssl_parse_server_ecdh_params()
1794     grp_id = ssl->handshake->ecdh_ctx.grp.id;  in ssl_check_server_ecdh_params()
1796     grp_id = ssl->handshake->ecdh_ctx.grp_id;  in ssl_check_server_ecdh_params()
1812     MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,  in ssl_check_server_ecdh_params()
1842     if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx,  in ssl_parse_server_ecdh_params()
1918     unsigned char *p = ssl->handshake->premaster + pms_offset;  in ssl_write_encrypted_pms()
1941     ssl->handshake->pmslen = 48;  in ssl_write_encrypted_pms()
1944     peer_pk = &ssl->handshake->peer_pubkey;  in ssl_write_encrypted_pms()
1963                                   p, ssl->handshake->pmslen,  in ssl_write_encrypted_pms()
1994     peer_pk = &ssl->handshake->peer_pubkey;  in ssl_get_ecdh_params_from_cert()
2035                                                &ssl->handshake->xxdh_psa_bits);  in ssl_get_ecdh_params_from_cert()
2037     ssl->handshake->xxdh_psa_type = key_type;  in ssl_get_ecdh_params_from_cert()
2041     memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);  in ssl_get_ecdh_params_from_cert()
2042     ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len;  in ssl_get_ecdh_params_from_cert()
2048                                          ssl->handshake->xxdh_psa_peerkey,  in ssl_get_ecdh_params_from_cert()
2049                                          sizeof(ssl->handshake->xxdh_psa_peerkey));  in ssl_get_ecdh_params_from_cert()
2055     ssl->handshake->xxdh_psa_peerkey_len = olen;  in ssl_get_ecdh_params_from_cert()
2058     if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,  in ssl_get_ecdh_params_from_cert()
2086         ssl->handshake->ciphersuite_info;  in ssl_parse_server_key_exchange()
2124     if (ssl->handshake->ecrs_enabled &&  in ssl_parse_server_key_exchange()
2125         ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) {  in ssl_parse_server_key_exchange()
2168     if (ssl->handshake->ecrs_enabled) {  in ssl_parse_server_key_exchange()
2169         ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;  in ssl_parse_server_key_exchange()
2262                  &ssl->handshake->psa_pake_ctx, p, end - p,  in ssl_parse_server_key_exchange()
2264             psa_destroy_key(ssl->handshake->psa_pake_password);  in ssl_parse_server_key_exchange()
2265             psa_pake_abort(&ssl->handshake->psa_pake_ctx);  in ssl_parse_server_key_exchange()
2275         ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,  in ssl_parse_server_key_exchange()
2308         peer_pk = &ssl->handshake->peer_pubkey;  in ssl_parse_server_key_exchange()
2403         if (ssl->handshake->ecrs_enabled) {  in ssl_parse_server_key_exchange()
2404             rs_ctx = &ssl->handshake->ecrs_ctx.pk;  in ssl_parse_server_key_exchange()
2469         ssl->handshake->ciphersuite_info;  in ssl_parse_certificate_request()
2491         ssl->handshake->ciphersuite_info;  in ssl_parse_certificate_request()
2521     ssl->handshake->client_auth =  in ssl_parse_certificate_request()
2525                               ssl->handshake->client_auth ? "a" : "no"));  in ssl_parse_certificate_request()
2527     if (ssl->handshake->client_auth == 0) {  in ssl_parse_certificate_request()
2712         ssl->handshake->ciphersuite_info;  in ssl_write_client_key_exchange()
2721         content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);  in ssl_write_client_key_exchange()
2726         ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,  in ssl_write_client_key_exchange()
2727                                       (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),  in ssl_write_client_key_exchange()
2735         MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);  in ssl_write_client_key_exchange()
2736         MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);  in ssl_write_client_key_exchange()
2738         if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,  in ssl_write_client_key_exchange()
2739                                            ssl->handshake->premaster,  in ssl_write_client_key_exchange()
2741                                            &ssl->handshake->pmslen,  in ssl_write_client_key_exchange()
2747         MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);  in ssl_write_client_key_exchange()
2763         mbedtls_ssl_handshake_params *handshake = ssl->handshake;  in ssl_write_client_key_exchange()  local
2783         psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);  in ssl_write_client_key_exchange()
2784         psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);  in ssl_write_client_key_exchange()
2788                                   &handshake->xxdh_psa_privkey);  in ssl_write_client_key_exchange()
2801         status = psa_export_public_key(handshake->xxdh_psa_privkey,  in ssl_write_client_key_exchange()
2805             psa_destroy_key(handshake->xxdh_psa_privkey);  in ssl_write_client_key_exchange()
2806             handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;  in ssl_write_client_key_exchange()
2817                                        handshake->xxdh_psa_privkey,  in ssl_write_client_key_exchange()
2818                                        handshake->xxdh_psa_peerkey,  in ssl_write_client_key_exchange()
2819                                        handshake->xxdh_psa_peerkey_len,  in ssl_write_client_key_exchange()
2820                                        ssl->handshake->premaster,  in ssl_write_client_key_exchange()
2821                                        sizeof(ssl->handshake->premaster),  in ssl_write_client_key_exchange()
2822                                        &ssl->handshake->pmslen);  in ssl_write_client_key_exchange()
2824         destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);  in ssl_write_client_key_exchange()
2825         handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;  in ssl_write_client_key_exchange()
2837         if (ssl->handshake->ecrs_enabled) {  in ssl_write_client_key_exchange()
2838             if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) {  in ssl_write_client_key_exchange()
2842             mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx);  in ssl_write_client_key_exchange()
2846         ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,  in ssl_write_client_key_exchange()
2860         MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,  in ssl_write_client_key_exchange()
2864         if (ssl->handshake->ecrs_enabled) {  in ssl_write_client_key_exchange()
2865             ssl->handshake->ecrs_n = content_len;  in ssl_write_client_key_exchange()
2866             ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;  in ssl_write_client_key_exchange()
2870         if (ssl->handshake->ecrs_enabled) {  in ssl_write_client_key_exchange()
2871             content_len = ssl->handshake->ecrs_n;  in ssl_write_client_key_exchange()
2874         if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,  in ssl_write_client_key_exchange()
2875                                             &ssl->handshake->pmslen,  in ssl_write_client_key_exchange()
2876                                             ssl->handshake->premaster,  in ssl_write_client_key_exchange()
2888         MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,  in ssl_write_client_key_exchange()
2903         mbedtls_ssl_handshake_params *handshake = ssl->handshake;  in ssl_write_client_key_exchange()  local
2955         psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);  in ssl_write_client_key_exchange()
2956         psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);  in ssl_write_client_key_exchange()
2960                                   &handshake->xxdh_psa_privkey);  in ssl_write_client_key_exchange()
2973         status = psa_export_public_key(handshake->xxdh_psa_privkey,  in ssl_write_client_key_exchange()
2977             psa_destroy_key(handshake->xxdh_psa_privkey);  in ssl_write_client_key_exchange()
2978             handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;  in ssl_write_client_key_exchange()
2991         unsigned char *pms = ssl->handshake->premaster;  in ssl_write_client_key_exchange()
2993                                               sizeof(ssl->handshake->premaster);  in ssl_write_client_key_exchange()
3000                                        handshake->xxdh_psa_privkey,  in ssl_write_client_key_exchange()
3001                                        handshake->xxdh_psa_peerkey,  in ssl_write_client_key_exchange()
3002                                        handshake->xxdh_psa_peerkey_len,  in ssl_write_client_key_exchange()
3007         destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);  in ssl_write_client_key_exchange()
3008         handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;  in ssl_write_client_key_exchange()
3069             content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);  in ssl_write_client_key_exchange()
3081             ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,  in ssl_write_client_key_exchange()
3082                                           (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),  in ssl_write_client_key_exchange()
3091             unsigned char *pms = ssl->handshake->premaster;  in ssl_write_client_key_exchange()
3092             unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);  in ssl_write_client_key_exchange()
3096             if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,  in ssl_write_client_key_exchange()
3105             MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);  in ssl_write_client_key_exchange()
3115             ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,  in ssl_write_client_key_exchange()
3125             MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,  in ssl_write_client_key_exchange()
3162         ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,  in ssl_write_client_key_exchange()
3166             psa_destroy_key(ssl->handshake->psa_pake_password);  in ssl_write_client_key_exchange()
3167             psa_pake_abort(&ssl->handshake->psa_pake_ctx);  in ssl_write_client_key_exchange()
3172         ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx,  in ssl_write_client_key_exchange()
3182         ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,  in ssl_write_client_key_exchange()
3183                                             ssl->handshake->premaster, 32, &ssl->handshake->pmslen,  in ssl_write_client_key_exchange()
3219         ssl->handshake->ciphersuite_info;  in ssl_write_certificate_verify()
3244         ssl->handshake->ciphersuite_info;  in ssl_write_certificate_verify()
3260     if (ssl->handshake->ecrs_enabled &&  in ssl_write_certificate_verify()
3261         ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) {  in ssl_write_certificate_verify()
3277     if (ssl->handshake->client_auth == 0 ||  in ssl_write_certificate_verify()
3293     if (ssl->handshake->ecrs_enabled) {  in ssl_write_certificate_verify()
3294         ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;  in ssl_write_certificate_verify()
3300     ret = ssl->handshake->calc_verify(ssl, hash, &hashlen);  in ssl_write_certificate_verify()
3322     if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {  in ssl_write_certificate_verify()
3336     if (ssl->handshake->ecrs_enabled) {  in ssl_write_certificate_verify()
3337         rs_ctx = &ssl->handshake->ecrs_ctx.pk;  in ssl_write_certificate_verify()
3435     ssl->handshake->new_session_ticket = 0;  in ssl_parse_new_session_ticket()
3496         ssl->handshake->new_session_ticket != 0) {  in mbedtls_ssl_handshake_client_step()