Lines Matching refs:ssl
48 int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, in mbedtls_ssl_set_client_transport_id() argument
52 if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) { in mbedtls_ssl_set_client_transport_id()
56 mbedtls_free(ssl->cli_id); in mbedtls_ssl_set_client_transport_id()
58 if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) { in mbedtls_ssl_set_client_transport_id()
62 memcpy(ssl->cli_id, info, ilen); in mbedtls_ssl_set_client_transport_id()
63 ssl->cli_id_len = ilen; in mbedtls_ssl_set_client_transport_id()
107 static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, in ssl_parse_renegotiation_info() argument
112 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_renegotiation_info()
114 if (len != 1 + ssl->verify_data_len || in ssl_parse_renegotiation_info()
115 buf[0] != ssl->verify_data_len || in ssl_parse_renegotiation_info()
116 mbedtls_ct_memcmp(buf + 1, ssl->peer_verify_data, in ssl_parse_renegotiation_info()
117 ssl->verify_data_len) != 0) { in ssl_parse_renegotiation_info()
119 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_renegotiation_info()
128 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_renegotiation_info()
133 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_renegotiation_info()
181 static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_parse_supported_groups_ext() argument
191 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_groups_ext()
199 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_groups_ext()
205 if (ssl->handshake->curves_tls_id != NULL) { in ssl_parse_supported_groups_ext()
207 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_groups_ext()
221 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_groups_ext()
226 ssl->handshake->curves_tls_id = curves_tls_id; in ssl_parse_supported_groups_ext()
246 static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, in ssl_parse_supported_point_formats() argument
255 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats()
267 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
271 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, in ssl_parse_supported_point_formats()
290 static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, in ssl_parse_ecjpake_kkpp() argument
297 if (ssl->handshake->psa_pake_ctx_is_ok != 1) in ssl_parse_ecjpake_kkpp()
299 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) in ssl_parse_ecjpake_kkpp()
308 &ssl->handshake->psa_pake_ctx, buf, len, in ssl_parse_ecjpake_kkpp()
310 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_ecjpake_kkpp()
311 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_ecjpake_kkpp()
315 ssl, in ssl_parse_ecjpake_kkpp()
322 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
325 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_ecjpake_kkpp()
332 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; in ssl_parse_ecjpake_kkpp()
340 static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, in ssl_parse_max_fragment_length_ext() argument
346 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_max_fragment_length_ext()
351 ssl->session_negotiate->mfl_code = buf[0]; in ssl_parse_max_fragment_length_ext()
359 static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, in ssl_parse_cid_ext() argument
366 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_cid_ext()
368 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
381 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
391 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
397 if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { in ssl_parse_cid_ext()
406 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_cid_ext()
411 ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; in ssl_parse_cid_ext()
412 ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; in ssl_parse_cid_ext()
413 memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); in ssl_parse_cid_ext()
424 static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, in ssl_parse_encrypt_then_mac_ext() argument
430 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_encrypt_then_mac_ext()
437 if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { in ssl_parse_encrypt_then_mac_ext()
438 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in ssl_parse_encrypt_then_mac_ext()
447 static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, in ssl_parse_extended_ms_ext() argument
453 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_extended_ms_ext()
460 if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { in ssl_parse_extended_ms_ext()
461 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in ssl_parse_extended_ms_ext()
470 static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, in ssl_parse_session_ticket_ext() argument
479 if (ssl->conf->f_ticket_parse == NULL || in ssl_parse_session_ticket_ext()
480 ssl->conf->f_ticket_write == NULL) { in ssl_parse_session_ticket_ext()
485 ssl->handshake->new_session_ticket = 1; in ssl_parse_session_ticket_ext()
494 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_session_ticket_ext()
503 if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, in ssl_parse_session_ticket_ext()
522 session.id_len = ssl->session_negotiate->id_len; in ssl_parse_session_ticket_ext()
523 memcpy(&session.id, ssl->session_negotiate->id, session.id_len); in ssl_parse_session_ticket_ext()
525 mbedtls_ssl_session_free(ssl->session_negotiate); in ssl_parse_session_ticket_ext()
526 memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session)); in ssl_parse_session_ticket_ext()
533 ssl->handshake->resume = 1; in ssl_parse_session_ticket_ext()
536 ssl->handshake->new_session_ticket = 0; in ssl_parse_session_ticket_ext()
544 static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, in ssl_parse_use_srtp_ext() argument
556 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_parse_use_srtp_ext()
557 (ssl->conf->dtls_srtp_profile_list == NULL) || in ssl_parse_use_srtp_ext()
558 (ssl->conf->dtls_srtp_profile_list_len == 0)) { in ssl_parse_use_srtp_ext()
580 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
585 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; in ssl_parse_use_srtp_ext()
594 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
614 for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { in ssl_parse_use_srtp_ext()
615 if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { in ssl_parse_use_srtp_ext()
616 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; in ssl_parse_use_srtp_ext()
623 if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) { in ssl_parse_use_srtp_ext()
633 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_use_srtp_ext()
639 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && in ssl_parse_use_srtp_ext()
641 ssl->dtls_srtp_info.mki_len = mki_length; in ssl_parse_use_srtp_ext()
643 memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); in ssl_parse_use_srtp_ext()
645 MBEDTLS_SSL_DEBUG_BUF(3, "using mki", ssl->dtls_srtp_info.mki_value, in ssl_parse_use_srtp_ext()
646 ssl->dtls_srtp_info.mki_len); in ssl_parse_use_srtp_ext()
687 static int ssl_pick_cert(mbedtls_ssl_context *ssl, in ssl_pick_cert() argument
703 if (ssl->handshake->sni_key_cert != NULL) { in ssl_pick_cert()
704 list = ssl->handshake->sni_key_cert; in ssl_pick_cert()
707 list = ssl->conf->key_cert; in ssl_pick_cert()
734 key_type_matches = ((ssl->conf->f_async_sign_start != NULL || in ssl_pick_cert()
735 ssl->conf->f_async_decrypt_start != NULL || in ssl_pick_cert()
770 ssl->handshake->curves_tls_id) != 0) { in ssl_pick_cert()
782 ssl->handshake->key_cert = cur; in ssl_pick_cert()
784 ssl->handshake->key_cert->cert); in ssl_pick_cert()
797 static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, in ssl_ciphersuite_match() argument
815 if (suite_info->min_tls_version > ssl->tls_version || in ssl_ciphersuite_match()
816 suite_info->max_tls_version < ssl->tls_version) { in ssl_ciphersuite_match()
823 (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) { in ssl_ciphersuite_match()
834 (ssl->handshake->curves_tls_id == NULL || in ssl_ciphersuite_match()
835 ssl->handshake->curves_tls_id[0] == 0)) { in ssl_ciphersuite_match()
846 ssl_conf_has_psk_or_cb(ssl->conf) == 0) { in ssl_ciphersuite_match()
860 if (ssl_pick_cert(ssl, suite_info) != 0) { in ssl_ciphersuite_match()
873 ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) { in ssl_ciphersuite_match()
889 static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) in ssl_parse_client_hello() argument
930 renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); in ssl_parse_client_hello()
932 if (!renegotiating && !ssl->keep_current_message) { in ssl_parse_client_hello()
933 if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { in ssl_parse_client_hello()
940 buf = ssl->in_hdr; in ssl_parse_client_hello()
942 MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl)); in ssl_parse_client_hello()
962 MBEDTLS_GET_UINT16_BE(ssl->in_len, 0))); in ssl_parse_client_hello()
970 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM in ssl_parse_client_hello()
972 && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE in ssl_parse_client_hello()
976 if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { in ssl_parse_client_hello()
981 memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, in ssl_parse_client_hello()
982 sizeof(ssl->cur_out_ctr) - 2); in ssl_parse_client_hello()
985 if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { in ssl_parse_client_hello()
987 ssl->next_record_offset = 0; in ssl_parse_client_hello()
988 ssl->in_left = 0; in ssl_parse_client_hello()
993 mbedtls_ssl_dtls_replay_update(ssl); in ssl_parse_client_hello()
998 msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0); in ssl_parse_client_hello()
1001 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_parse_client_hello()
1003 msg_len = ssl->in_hslen; in ssl_parse_client_hello()
1007 if (ssl->keep_current_message) { in ssl_parse_client_hello()
1008 ssl->keep_current_message = 0; in ssl_parse_client_hello()
1015 if ((ret = mbedtls_ssl_fetch_input(ssl, in ssl_parse_client_hello()
1016 mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) { in ssl_parse_client_hello()
1023 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1024 ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl); in ssl_parse_client_hello()
1027 ssl->in_left = 0; in ssl_parse_client_hello()
1031 buf = ssl->in_msg; in ssl_parse_client_hello()
1035 ret = ssl->handshake->update_checksum(ssl, buf, msg_len); in ssl_parse_client_hello()
1049 if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { in ssl_parse_client_hello()
1062 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1068 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_client_hello()
1070 unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); in ssl_parse_client_hello()
1071 if (cli_msg_seq != ssl->handshake->in_msg_seq) { in ssl_parse_client_hello()
1074 ssl->handshake->in_msg_seq)); in ssl_parse_client_hello()
1078 ssl->handshake->in_msg_seq++; in ssl_parse_client_hello()
1082 unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); in ssl_parse_client_hello()
1083 ssl->handshake->out_msg_seq = cli_msg_seq; in ssl_parse_client_hello()
1084 ssl->handshake->in_msg_seq = cli_msg_seq + 1; in ssl_parse_client_hello()
1092 fragment_offset = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); in ssl_parse_client_hello()
1093 fragment_length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); in ssl_parse_client_hello()
1094 length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); in ssl_parse_client_hello()
1107 buf += mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_client_hello()
1108 msg_len -= mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_client_hello()
1141 ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, in ssl_parse_client_hello()
1142 … ssl->conf->transport); in ssl_parse_client_hello()
1143 ssl->session_negotiate->tls_version = ssl->tls_version; in ssl_parse_client_hello()
1144 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_parse_client_hello()
1146 if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_parse_client_hello()
1148 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1158 memcpy(ssl->handshake->randbytes, buf + 2, 32); in ssl_parse_client_hello()
1165 if (sess_len > sizeof(ssl->session_negotiate->id) || in ssl_parse_client_hello()
1168 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1175 ssl->session_negotiate->id_len = sess_len; in ssl_parse_client_hello()
1176 memset(ssl->session_negotiate->id, 0, in ssl_parse_client_hello()
1177 sizeof(ssl->session_negotiate->id)); in ssl_parse_client_hello()
1178 memcpy(ssl->session_negotiate->id, buf + 35, in ssl_parse_client_hello()
1179 ssl->session_negotiate->id_len); in ssl_parse_client_hello()
1185 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1191 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1200 if (ssl->conf->f_cookie_check != NULL in ssl_parse_client_hello()
1202 && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE in ssl_parse_client_hello()
1205 if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, in ssl_parse_client_hello()
1207 ssl->cli_id, ssl->cli_id_len) != 0) { in ssl_parse_client_hello()
1209 ssl->handshake->cookie_verify_result = 1; in ssl_parse_client_hello()
1212 ssl->handshake->cookie_verify_result = 0; in ssl_parse_client_hello()
1241 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1263 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1278 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1287 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1303 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1312 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1320 ret = mbedtls_ssl_parse_server_name_ext(ssl, ext + 4, in ssl_parse_client_hello()
1334 ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1344 ret = mbedtls_ssl_parse_sig_alg_ext(ssl, ext + 4, ext + 4 + ext_size); in ssl_parse_client_hello()
1359 ret = ssl_parse_supported_groups_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1367 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; in ssl_parse_client_hello()
1369 ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1382 ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1393 ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1404 ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1415 ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1426 ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1437 ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1448 ret = mbedtls_ssl_parse_alpn_ext(ssl, ext + 4, in ssl_parse_client_hello()
1460 ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size); in ssl_parse_client_hello()
1483 uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; in ssl_parse_client_hello()
1512 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { in ssl_parse_client_hello()
1515 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1520 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_client_hello()
1528 if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_client_hello()
1529 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { in ssl_parse_client_hello()
1534 else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1535 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_client_hello()
1539 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1540 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_client_hello()
1541 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { in ssl_parse_client_hello()
1544 } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1545 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_client_hello()
1553 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1561 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_parse_client_hello()
1566 ssl->handshake->sni_name = NULL; in ssl_parse_client_hello()
1567 ssl->handshake->sni_name_len = 0; in ssl_parse_client_hello()
1577 ciphersuites = ssl->conf->ciphersuite_list; in ssl_parse_client_hello()
1580 if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) { in ssl_parse_client_hello()
1589 if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], in ssl_parse_client_hello()
1608 if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], in ssl_parse_client_hello()
1623 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1628 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1636 ssl->session_negotiate->ciphersuite = ciphersuites[i]; in ssl_parse_client_hello()
1637 ssl->handshake->ciphersuite_info = ciphersuite_info; in ssl_parse_client_hello()
1639 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_client_hello()
1642 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_parse_client_hello()
1643 mbedtls_ssl_recv_flight_completed(ssl); in ssl_parse_client_hello()
1653 ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); in ssl_parse_client_hello()
1668 static void ssl_write_cid_ext(mbedtls_ssl_context *ssl, in ssl_write_cid_ext() argument
1674 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_cid_ext()
1680 if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) { in ssl_write_cid_ext()
1686 if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) { in ssl_write_cid_ext()
1700 ext_len = (size_t) ssl->own_cid_len + 1; in ssl_write_cid_ext()
1704 *p++ = (uint8_t) ssl->own_cid_len; in ssl_write_cid_ext()
1705 memcpy(p, ssl->own_cid, ssl->own_cid_len); in ssl_write_cid_ext()
1707 *olen = ssl->own_cid_len + 5; in ssl_write_cid_ext()
1712 static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, in ssl_write_encrypt_then_mac_ext() argument
1726 ssl->session_negotiate->ciphersuite); in ssl_write_encrypt_then_mac_ext()
1728 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; in ssl_write_encrypt_then_mac_ext()
1732 ssl->session_negotiate->encrypt_then_mac, in ssl_write_encrypt_then_mac_ext()
1736 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; in ssl_write_encrypt_then_mac_ext()
1740 if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { in ssl_write_encrypt_then_mac_ext()
1758 static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, in ssl_write_extended_ms_ext() argument
1764 if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { in ssl_write_extended_ms_ext()
1783 static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, in ssl_write_session_ticket_ext() argument
1789 if (ssl->handshake->new_session_ticket == 0) { in ssl_write_session_ticket_ext()
1806 static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, in ssl_write_renegotiation_ext() argument
1812 if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) { in ssl_write_renegotiation_ext()
1823 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_write_renegotiation_ext()
1825 *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF; in ssl_write_renegotiation_ext()
1826 *p++ = ssl->verify_data_len * 2 & 0xFF; in ssl_write_renegotiation_ext()
1828 memcpy(p, ssl->peer_verify_data, ssl->verify_data_len); in ssl_write_renegotiation_ext()
1829 p += ssl->verify_data_len; in ssl_write_renegotiation_ext()
1830 memcpy(p, ssl->own_verify_data, ssl->verify_data_len); in ssl_write_renegotiation_ext()
1831 p += ssl->verify_data_len; in ssl_write_renegotiation_ext()
1844 static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, in ssl_write_max_fragment_length_ext() argument
1850 if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { in ssl_write_max_fragment_length_ext()
1863 *p++ = ssl->session_negotiate->mfl_code; in ssl_write_max_fragment_length_ext()
1872 static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, in ssl_write_supported_point_formats_ext() argument
1877 ((void) ssl); in ssl_write_supported_point_formats_ext()
1879 if ((ssl->handshake->cli_exts & in ssl_write_supported_point_formats_ext()
1903 static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, in ssl_write_ecjpake_kkpp_ext() argument
1909 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_ecjpake_kkpp_ext()
1915 if (ssl->handshake->ciphersuite_info->key_exchange != in ssl_write_ecjpake_kkpp_ext()
1931 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_ecjpake_kkpp_ext()
1935 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_ecjpake_kkpp_ext()
1936 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_ecjpake_kkpp_ext()
1941 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
1943 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_write_ecjpake_kkpp_ext()
1958 static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, in ssl_write_use_srtp_ext() argument
1964 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_use_srtp_ext()
1968 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_write_use_srtp_ext()
1969 (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) { in ssl_write_use_srtp_ext()
1975 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { in ssl_write_use_srtp_ext()
1976 mki_len = ssl->dtls_srtp_info.mki_len; in ssl_write_use_srtp_ext()
2005 ssl->dtls_srtp_info.chosen_dtls_srtp_profile); in ssl_write_use_srtp_ext()
2014 memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len); in ssl_write_use_srtp_ext()
2022 static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) in ssl_write_hello_verify_request() argument
2025 unsigned char *p = ssl->out_msg + 4; in ssl_write_hello_verify_request()
2039 mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version); in ssl_write_hello_verify_request()
2044 if (ssl->conf->f_cookie_write == NULL) { in ssl_write_hello_verify_request()
2052 if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie, in ssl_write_hello_verify_request()
2053 &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, in ssl_write_hello_verify_request()
2054 ssl->cli_id, ssl->cli_id_len)) != 0) { in ssl_write_hello_verify_request()
2063 ssl->out_msglen = (size_t) (p - ssl->out_msg); in ssl_write_hello_verify_request()
2064 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_hello_verify_request()
2065 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; in ssl_write_hello_verify_request()
2067 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); in ssl_write_hello_verify_request()
2069 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_hello_verify_request()
2075 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_hello_verify_request()
2076 (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { in ssl_write_hello_verify_request()
2088 static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl) in ssl_handle_id_based_session_resumption() argument
2092 mbedtls_ssl_session * const session = ssl->session_negotiate; in ssl_handle_id_based_session_resumption()
2096 if (ssl->handshake->resume == 1) { in ssl_handle_id_based_session_resumption()
2102 if (ssl->conf->f_get_cache == NULL) { in ssl_handle_id_based_session_resumption()
2106 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_handle_id_based_session_resumption()
2113 ret = ssl->conf->f_get_cache(ssl->conf->p_cache, in ssl_handle_id_based_session_resumption()
2132 ssl->handshake->resume = 1; in ssl_handle_id_based_session_resumption()
2140 static int ssl_write_server_hello(mbedtls_ssl_context *ssl) in ssl_write_server_hello() argument
2152 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_server_hello()
2153 ssl->handshake->cookie_verify_result != 0) { in ssl_write_server_hello()
2157 return ssl_write_hello_verify_request(ssl); in ssl_write_server_hello()
2168 buf = ssl->out_msg; in ssl_write_server_hello()
2171 mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version); in ssl_write_server_hello()
2185 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { in ssl_write_server_hello()
2192 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { in ssl_write_server_hello()
2205 if (mbedtls_ssl_conf_is_tls13_enabled(ssl->conf)) { in ssl_write_server_hello()
2218 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { in ssl_write_server_hello()
2224 memcpy(ssl->handshake->randbytes + 32, buf + 6, 32); in ssl_write_server_hello()
2228 ssl_handle_id_based_session_resumption(ssl); in ssl_write_server_hello()
2230 if (ssl->handshake->resume == 0) { in ssl_write_server_hello()
2235 mbedtls_ssl_handshake_increment_state(ssl); in ssl_write_server_hello()
2238 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_write_server_hello()
2242 if (ssl->handshake->new_session_ticket != 0) { in ssl_write_server_hello()
2243 ssl->session_negotiate->id_len = n = 0; in ssl_write_server_hello()
2244 memset(ssl->session_negotiate->id, 0, 32); in ssl_write_server_hello()
2248 ssl->session_negotiate->id_len = n = 32; in ssl_write_server_hello()
2249 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, in ssl_write_server_hello()
2258 n = ssl->session_negotiate->id_len; in ssl_write_server_hello()
2259 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); in ssl_write_server_hello()
2261 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_write_server_hello()
2275 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_write_server_hello()
2276 memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); in ssl_write_server_hello()
2277 p += ssl->session_negotiate->id_len; in ssl_write_server_hello()
2282 ssl->handshake->resume ? "a" : "no")); in ssl_write_server_hello()
2284 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_write_server_hello()
2289 … mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite))); in ssl_write_server_hello()
2296 ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2300 ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2305 ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2310 ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2315 ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2320 ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2328 mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); in ssl_write_server_hello()
2330 ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2336 ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2342 if ((ret = mbedtls_ssl_write_alpn_ext(ssl, p + 2 + ext_len, end, &olen)) in ssl_write_server_hello()
2351 ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen); in ssl_write_server_hello()
2363 ssl->out_msglen = (size_t) (p - buf); in ssl_write_server_hello()
2364 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_server_hello()
2365 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; in ssl_write_server_hello()
2367 ret = mbedtls_ssl_write_handshake_msg(ssl); in ssl_write_server_hello()
2376 static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_write_certificate_request() argument
2379 ssl->handshake->ciphersuite_info; in ssl_write_certificate_request()
2385 mbedtls_ssl_handshake_increment_state(ssl); in ssl_write_certificate_request()
2394 static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_write_certificate_request() argument
2398 ssl->handshake->ciphersuite_info; in ssl_write_certificate_request()
2402 const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_certificate_request()
2408 mbedtls_ssl_handshake_increment_state(ssl); in ssl_write_certificate_request()
2411 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_write_certificate_request()
2412 authmode = ssl->handshake->sni_authmode; in ssl_write_certificate_request()
2415 authmode = ssl->conf->authmode; in ssl_write_certificate_request()
2435 buf = ssl->out_msg; in ssl_write_certificate_request()
2471 const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); in ssl_write_certificate_request()
2479 if (mbedtls_ssl_set_calc_verify_md(ssl, hash)) { in ssl_write_certificate_request()
2482 if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) { in ssl_write_certificate_request()
2507 if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) { in ssl_write_certificate_request()
2515 if (ssl->handshake->dn_hints != NULL) { in ssl_write_certificate_request()
2516 crt = ssl->handshake->dn_hints; in ssl_write_certificate_request()
2519 if (ssl->conf->dn_hints != NULL) { in ssl_write_certificate_request()
2520 crt = ssl->conf->dn_hints; in ssl_write_certificate_request()
2524 if (ssl->handshake->sni_ca_chain != NULL) { in ssl_write_certificate_request()
2525 crt = ssl->handshake->sni_ca_chain; in ssl_write_certificate_request()
2528 crt = ssl->conf->ca_chain; in ssl_write_certificate_request()
2552 ssl->out_msglen = (size_t) (p - buf); in ssl_write_certificate_request()
2553 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_certificate_request()
2554 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; in ssl_write_certificate_request()
2555 MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); in ssl_write_certificate_request()
2557 ret = mbedtls_ssl_write_handshake_msg(ssl); in ssl_write_certificate_request()
2569 static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) in ssl_get_ecdh_params_from_cert() argument
2585 pk = mbedtls_ssl_own_key(ssl); in ssl_get_ecdh_params_from_cert()
2611 ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); in ssl_get_ecdh_params_from_cert()
2612 ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); in ssl_get_ecdh_params_from_cert()
2625 PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); in ssl_get_ecdh_params_from_cert()
2626 psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); in ssl_get_ecdh_params_from_cert()
2634 &ssl->handshake->xxdh_psa_privkey); in ssl_get_ecdh_params_from_cert()
2642 ssl->handshake->xxdh_psa_privkey_is_external = 0; in ssl_get_ecdh_params_from_cert()
2652 ssl->handshake->xxdh_psa_privkey = pk->priv_id; in ssl_get_ecdh_params_from_cert()
2653 ssl->handshake->xxdh_psa_privkey_is_external = 1; in ssl_get_ecdh_params_from_cert()
2675 &ssl->handshake->xxdh_psa_bits); in ssl_get_ecdh_params_from_cert()
2677 ssl->handshake->xxdh_psa_type = key_type; in ssl_get_ecdh_params_from_cert()
2683 PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); in ssl_get_ecdh_params_from_cert()
2684 psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); in ssl_get_ecdh_params_from_cert()
2693 &ssl->handshake->xxdh_psa_privkey); in ssl_get_ecdh_params_from_cert()
2716 static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) in ssl_get_ecdh_params_from_cert() argument
2720 const mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); in ssl_get_ecdh_params_from_cert()
2731 if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, in ssl_get_ecdh_params_from_cert()
2732 mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)), in ssl_get_ecdh_params_from_cert()
2747 static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl, in ssl_resume_server_key_exchange() argument
2755 unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; in ssl_resume_server_key_exchange()
2756 size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN in ssl_resume_server_key_exchange()
2758 int ret = ssl->conf->f_async_resume(ssl, in ssl_resume_server_key_exchange()
2761 ssl->handshake->async_in_progress = 0; in ssl_resume_server_key_exchange()
2762 mbedtls_ssl_set_async_operation_data(ssl, NULL); in ssl_resume_server_key_exchange()
2774 static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, in ssl_prepare_server_key_exchange() argument
2778 ssl->handshake->ciphersuite_info; in ssl_prepare_server_key_exchange()
2793 size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); in ssl_prepare_server_key_exchange()
2795 size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); in ssl_prepare_server_key_exchange()
2799 ssl->out_msglen = 4; /* header (type:1, length:3) to be written later */ in ssl_prepare_server_key_exchange()
2814 unsigned char *out_p = ssl->out_msg + ssl->out_msglen; in ssl_prepare_server_key_exchange()
2815 unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - in ssl_prepare_server_key_exchange()
2816 ssl->out_msglen; in ssl_prepare_server_key_exchange()
2837 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_prepare_server_key_exchange()
2842 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_prepare_server_key_exchange()
2843 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_prepare_server_key_exchange()
2849 ssl->out_msglen += output_offset; in ssl_prepare_server_key_exchange()
2854 &ssl->handshake->ecjpake_ctx, in ssl_prepare_server_key_exchange()
2855 ssl->out_msg + ssl->out_msglen, in ssl_prepare_server_key_exchange()
2856 MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, in ssl_prepare_server_key_exchange()
2857 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_prepare_server_key_exchange()
2863 ssl->out_msglen += len; in ssl_prepare_server_key_exchange()
2877 ssl->out_msg[ssl->out_msglen++] = 0x00; in ssl_prepare_server_key_exchange()
2878 ssl->out_msg[ssl->out_msglen++] = 0x00; in ssl_prepare_server_key_exchange()
2891 if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) { in ssl_prepare_server_key_exchange()
2905 if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx, in ssl_prepare_server_key_exchange()
2906 &ssl->conf->dhm_P, in ssl_prepare_server_key_exchange()
2907 &ssl->conf->dhm_G)) != 0) { in ssl_prepare_server_key_exchange()
2913 &ssl->handshake->dhm_ctx, in ssl_prepare_server_key_exchange()
2914 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), in ssl_prepare_server_key_exchange()
2915 ssl->out_msg + ssl->out_msglen, &len, in ssl_prepare_server_key_exchange()
2916 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_prepare_server_key_exchange()
2922 dig_signed = ssl->out_msg + ssl->out_msglen; in ssl_prepare_server_key_exchange()
2925 ssl->out_msglen += len; in ssl_prepare_server_key_exchange()
2927 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); in ssl_prepare_server_key_exchange()
2928 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); in ssl_prepare_server_key_exchange()
2929 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); in ssl_prepare_server_key_exchange()
2930 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); in ssl_prepare_server_key_exchange()
2947 uint16_t *curr_tls_id = ssl->handshake->curves_tls_id; in ssl_prepare_server_key_exchange()
2948 const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); in ssl_prepare_server_key_exchange()
2957 for (curr_tls_id = ssl->handshake->curves_tls_id; in ssl_prepare_server_key_exchange()
2977 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_prepare_server_key_exchange()
2978 uint8_t *p = ssl->out_msg + ssl->out_msglen; in ssl_prepare_server_key_exchange()
3038 - (own_pubkey - ssl->out_msg)); in ssl_prepare_server_key_exchange()
3060 if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, in ssl_prepare_server_key_exchange()
3067 &ssl->handshake->ecdh_ctx, &len, in ssl_prepare_server_key_exchange()
3068 ssl->out_msg + ssl->out_msglen, in ssl_prepare_server_key_exchange()
3069 MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, in ssl_prepare_server_key_exchange()
3070 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_prepare_server_key_exchange()
3075 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_prepare_server_key_exchange()
3080 dig_signed = ssl->out_msg + ssl->out_msglen; in ssl_prepare_server_key_exchange()
3083 ssl->out_msglen += len; in ssl_prepare_server_key_exchange()
3100 size_t dig_signed_len = (size_t) (ssl->out_msg + ssl->out_msglen - dig_signed); in ssl_prepare_server_key_exchange()
3117 ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); in ssl_prepare_server_key_exchange()
3136 ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, in ssl_prepare_server_key_exchange()
3169 ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg(md_alg); in ssl_prepare_server_key_exchange()
3170 ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg(sig_alg); in ssl_prepare_server_key_exchange()
3173 if (ssl->conf->f_async_sign_start != NULL) { in ssl_prepare_server_key_exchange()
3174 ret = ssl->conf->f_async_sign_start(ssl, in ssl_prepare_server_key_exchange()
3175 mbedtls_ssl_own_cert(ssl), in ssl_prepare_server_key_exchange()
3182 ssl->handshake->async_in_progress = 1; in ssl_prepare_server_key_exchange()
3183 return ssl_resume_server_key_exchange(ssl, signature_len); in ssl_prepare_server_key_exchange()
3185 ssl->handshake->async_in_progress = 1; in ssl_prepare_server_key_exchange()
3194 if (mbedtls_ssl_own_key(ssl) == NULL) { in ssl_prepare_server_key_exchange()
3204 if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), in ssl_prepare_server_key_exchange()
3206 ssl->out_msg + ssl->out_msglen + 2, in ssl_prepare_server_key_exchange()
3207 out_buf_len - ssl->out_msglen - 2, in ssl_prepare_server_key_exchange()
3209 ssl->conf->f_rng, in ssl_prepare_server_key_exchange()
3210 ssl->conf->p_rng)) != 0) { in ssl_prepare_server_key_exchange()
3225 static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) in ssl_write_server_key_exchange() argument
3231 ssl->handshake->ciphersuite_info; in ssl_write_server_key_exchange()
3244 ret = ssl_get_ecdh_params_from_cert(ssl); in ssl_write_server_key_exchange()
3255 mbedtls_ssl_handshake_increment_state(ssl); in ssl_write_server_key_exchange()
3264 if (ssl->handshake->async_in_progress != 0) { in ssl_write_server_key_exchange()
3266 ret = ssl_resume_server_key_exchange(ssl, &signature_len); in ssl_write_server_key_exchange()
3272 ret = ssl_prepare_server_key_exchange(ssl, &signature_len); in ssl_write_server_key_exchange()
3283 ssl->out_msglen = 0; in ssl_write_server_key_exchange()
3293 ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1(signature_len); in ssl_write_server_key_exchange()
3294 ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0(signature_len); in ssl_write_server_key_exchange()
3297 ssl->out_msg + ssl->out_msglen, in ssl_write_server_key_exchange()
3301 ssl->out_msglen += signature_len; in ssl_write_server_key_exchange()
3306 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_server_key_exchange()
3307 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; in ssl_write_server_key_exchange()
3309 mbedtls_ssl_handshake_increment_state(ssl); in ssl_write_server_key_exchange()
3311 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_server_key_exchange()
3321 static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) in ssl_write_server_hello_done() argument
3327 ssl->out_msglen = 4; in ssl_write_server_hello_done()
3328 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_server_hello_done()
3329 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; in ssl_write_server_hello_done()
3331 mbedtls_ssl_handshake_increment_state(ssl); in ssl_write_server_hello_done()
3334 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_write_server_hello_done()
3335 mbedtls_ssl_send_flight_completed(ssl); in ssl_write_server_hello_done()
3339 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_server_hello_done()
3345 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_server_hello_done()
3346 (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { in ssl_write_server_hello_done()
3360 static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p, in ssl_parse_client_dh_public() argument
3382 if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) { in ssl_parse_client_dh_public()
3389 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); in ssl_parse_client_dh_public()
3401 static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, in ssl_resume_decrypt_pms() argument
3406 int ret = ssl->conf->f_async_resume(ssl, in ssl_resume_decrypt_pms()
3409 ssl->handshake->async_in_progress = 0; in ssl_resume_decrypt_pms()
3410 mbedtls_ssl_set_async_operation_data(ssl, NULL); in ssl_resume_decrypt_pms()
3418 static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, in ssl_decrypt_encrypted_pms() argument
3427 mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl); in ssl_decrypt_encrypted_pms()
3433 mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); in ssl_decrypt_encrypted_pms()
3439 if (ssl->handshake->async_in_progress != 0) { in ssl_decrypt_encrypted_pms()
3441 return ssl_resume_decrypt_pms(ssl, in ssl_decrypt_encrypted_pms()
3468 if (ssl->conf->f_async_decrypt_start != NULL) { in ssl_decrypt_encrypted_pms()
3469 ret = ssl->conf->f_async_decrypt_start(ssl, in ssl_decrypt_encrypted_pms()
3470 mbedtls_ssl_own_cert(ssl), in ssl_decrypt_encrypted_pms()
3477 ssl->handshake->async_in_progress = 1; in ssl_decrypt_encrypted_pms()
3478 return ssl_resume_decrypt_pms(ssl, in ssl_decrypt_encrypted_pms()
3483 ssl->handshake->async_in_progress = 1; in ssl_decrypt_encrypted_pms()
3499 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_decrypt_encrypted_pms()
3504 static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, in ssl_parse_encrypted_pms() argument
3510 unsigned char *pms = ssl->handshake->premaster + pms_offset; in ssl_parse_encrypted_pms()
3526 ret = ssl_decrypt_encrypted_pms(ssl, p, end, in ssl_parse_encrypted_pms()
3537 mbedtls_ssl_write_version(ver, ssl->conf->transport, in ssl_parse_encrypted_pms()
3538 ssl->session_negotiate->tls_version); in ssl_parse_encrypted_pms()
3557 ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); in ssl_parse_encrypted_pms()
3570 if (sizeof(ssl->handshake->premaster) < pms_offset || in ssl_parse_encrypted_pms()
3571 sizeof(ssl->handshake->premaster) - pms_offset < 48) { in ssl_parse_encrypted_pms()
3575 ssl->handshake->pmslen = 48; in ssl_parse_encrypted_pms()
3579 mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen); in ssl_parse_encrypted_pms()
3588 static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, in ssl_parse_client_psk_identity() argument
3594 if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) { in ssl_parse_client_psk_identity()
3615 if (ssl->conf->f_psk != NULL) { in ssl_parse_client_psk_identity()
3616 if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) { in ssl_parse_client_psk_identity()
3622 if (n != ssl->conf->psk_identity_len || in ssl_parse_client_psk_identity()
3623 mbedtls_ct_memcmp(ssl->conf->psk_identity, *p, n) != 0) { in ssl_parse_client_psk_identity()
3630 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_psk_identity()
3642 static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) in ssl_parse_client_key_exchange() argument
3648 ciphersuite_info = ssl->handshake->ciphersuite_info; in ssl_parse_client_key_exchange()
3657 (ssl->handshake->async_in_progress != 0)) { in ssl_parse_client_key_exchange()
3664 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { in ssl_parse_client_key_exchange()
3669 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_client_key_exchange()
3670 end = ssl->in_msg + ssl->in_hslen; in ssl_parse_client_key_exchange()
3672 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { in ssl_parse_client_key_exchange()
3677 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) { in ssl_parse_client_key_exchange()
3684 if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3694 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_parse_client_key_exchange()
3695 ssl->handshake->premaster, in ssl_parse_client_key_exchange()
3697 &ssl->handshake->pmslen, in ssl_parse_client_key_exchange()
3698 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_parse_client_key_exchange()
3703 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in ssl_parse_client_key_exchange()
3718 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_parse_client_key_exchange()
3776 if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3782 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3785 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3786 &ssl->handshake->pmslen, in ssl_parse_client_key_exchange()
3787 ssl->handshake->premaster, in ssl_parse_client_key_exchange()
3789 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_parse_client_key_exchange()
3794 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3804 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3815 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3827 if (ssl->handshake->async_in_progress != 0) { in ssl_parse_client_key_exchange()
3834 p += ssl->conf->psk_identity_len + 2; in ssl_parse_client_key_exchange()
3837 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3842 if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) { in ssl_parse_client_key_exchange()
3848 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3859 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3863 if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3874 unsigned char *pms = ssl->handshake->premaster; in ssl_parse_client_key_exchange()
3875 unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); in ssl_parse_client_key_exchange()
3879 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, in ssl_parse_client_key_exchange()
3881 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { in ssl_parse_client_key_exchange()
3888 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); in ssl_parse_client_key_exchange()
3890 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
3906 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_parse_client_key_exchange()
3908 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3954 unsigned char *psm = ssl->handshake->premaster; in ssl_parse_client_key_exchange()
3956 psm + sizeof(ssl->handshake->premaster); in ssl_parse_client_key_exchange()
3984 if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { in ssl_parse_client_key_exchange()
3989 if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3995 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3998 if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, in ssl_parse_client_key_exchange()
4009 if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { in ssl_parse_client_key_exchange()
4019 &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p), in ssl_parse_client_key_exchange()
4021 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_client_key_exchange()
4022 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_client_key_exchange()
4028 ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, in ssl_parse_client_key_exchange()
4035 ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, in ssl_parse_client_key_exchange()
4036 ssl->handshake->premaster, 32, &ssl->handshake->pmslen, in ssl_parse_client_key_exchange()
4037 ssl->conf->f_rng, ssl->conf->p_rng); in ssl_parse_client_key_exchange()
4050 if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { in ssl_parse_client_key_exchange()
4055 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_client_key_exchange()
4064 static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) in ssl_parse_certificate_verify() argument
4067 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_verify()
4073 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_certificate_verify()
4082 static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) in ssl_parse_certificate_verify() argument
4092 ssl->handshake->ciphersuite_info; in ssl_parse_certificate_verify()
4099 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_certificate_verify()
4104 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_parse_certificate_verify()
4106 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_certificate_verify()
4110 if (ssl->session_negotiate->peer_cert_digest == NULL) { in ssl_parse_certificate_verify()
4112 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_certificate_verify()
4118 ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */); in ssl_parse_certificate_verify()
4124 mbedtls_ssl_handshake_increment_state(ssl); in ssl_parse_certificate_verify()
4127 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in ssl_parse_certificate_verify()
4128 ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) { in ssl_parse_certificate_verify()
4133 i = mbedtls_ssl_hs_hdr_len(ssl); in ssl_parse_certificate_verify()
4136 peer_pk = &ssl->handshake->peer_pubkey; in ssl_parse_certificate_verify()
4138 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_parse_certificate_verify()
4142 peer_pk = &ssl->session_negotiate->peer_cert->pk; in ssl_parse_certificate_verify()
4151 if (i + 2 > ssl->in_hslen) { in ssl_parse_certificate_verify()
4159 md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]); in ssl_parse_certificate_verify()
4161 if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) { in ssl_parse_certificate_verify()
4181 if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) in ssl_parse_certificate_verify()
4198 if (i + 2 > ssl->in_hslen) { in ssl_parse_certificate_verify()
4203 sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i); in ssl_parse_certificate_verify()
4206 if (i + sig_len != ssl->in_hslen) { in ssl_parse_certificate_verify()
4214 ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); in ssl_parse_certificate_verify()
4223 ssl->in_msg + i, sig_len)) != 0) { in ssl_parse_certificate_verify()
4228 ret = mbedtls_ssl_update_handshake_status(ssl); in ssl_parse_certificate_verify()
4242 static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_write_new_session_ticket() argument
4250 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_new_session_ticket()
4251 ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET; in ssl_write_new_session_ticket()
4265 ssl->session_negotiate->ticket_creation_time = mbedtls_ms_time(); in ssl_write_new_session_ticket()
4267 if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_write_new_session_ticket()
4268 ssl->session_negotiate, in ssl_write_new_session_ticket()
4269 ssl->out_msg + 10, in ssl_write_new_session_ticket()
4270 ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, in ssl_write_new_session_ticket()
4276 MBEDTLS_PUT_UINT32_BE(lifetime, ssl->out_msg, 4); in ssl_write_new_session_ticket()
4277 MBEDTLS_PUT_UINT16_BE(tlen, ssl->out_msg, 8); in ssl_write_new_session_ticket()
4278 ssl->out_msglen = 10 + tlen; in ssl_write_new_session_ticket()
4284 ssl->handshake->new_session_ticket = 0; in ssl_write_new_session_ticket()
4286 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in ssl_write_new_session_ticket()
4300 int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_handshake_server_step() argument
4304 MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state)); in mbedtls_ssl_handshake_server_step()
4306 switch (ssl->state) { in mbedtls_ssl_handshake_server_step()
4308 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_handshake_server_step()
4315 ret = ssl_parse_client_hello(ssl); in mbedtls_ssl_handshake_server_step()
4331 ret = ssl_write_server_hello(ssl); in mbedtls_ssl_handshake_server_step()
4335 ret = mbedtls_ssl_write_certificate(ssl); in mbedtls_ssl_handshake_server_step()
4339 ret = ssl_write_server_key_exchange(ssl); in mbedtls_ssl_handshake_server_step()
4343 ret = ssl_write_certificate_request(ssl); in mbedtls_ssl_handshake_server_step()
4347 ret = ssl_write_server_hello_done(ssl); in mbedtls_ssl_handshake_server_step()
4358 ret = mbedtls_ssl_parse_certificate(ssl); in mbedtls_ssl_handshake_server_step()
4362 ret = ssl_parse_client_key_exchange(ssl); in mbedtls_ssl_handshake_server_step()
4366 ret = ssl_parse_certificate_verify(ssl); in mbedtls_ssl_handshake_server_step()
4370 ret = mbedtls_ssl_parse_change_cipher_spec(ssl); in mbedtls_ssl_handshake_server_step()
4374 ret = mbedtls_ssl_parse_finished(ssl); in mbedtls_ssl_handshake_server_step()
4384 if (ssl->handshake->new_session_ticket != 0) { in mbedtls_ssl_handshake_server_step()
4385 ret = ssl_write_new_session_ticket(ssl); in mbedtls_ssl_handshake_server_step()
4388 ret = mbedtls_ssl_write_change_cipher_spec(ssl); in mbedtls_ssl_handshake_server_step()
4392 ret = mbedtls_ssl_write_finished(ssl); in mbedtls_ssl_handshake_server_step()
4397 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in mbedtls_ssl_handshake_server_step()
4401 mbedtls_ssl_handshake_wrapup(ssl); in mbedtls_ssl_handshake_server_step()
4405 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_handshake_server_step()