Lines Matching refs:ssl
25 mbedtls_ssl_context *ssl, in ssl_tls13_validate_peer_ciphersuite() argument
29 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { in ssl_tls13_validate_peer_ciphersuite()
34 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_tls13_validate_peer_ciphersuite()
35 ssl->tls_version, in ssl_tls13_validate_peer_ciphersuite()
36 ssl->tls_version) != 0)) { in ssl_tls13_validate_peer_ciphersuite()
43 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite() argument
71 ssl_tls13_validate_peer_ciphersuite(ssl, id); in ssl_tls13_select_ciphersuite()
109 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_exchange_modes_ext() argument
147 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
177 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
179 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
184 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match_ticket() argument
204 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { in ssl_tls13_offered_psks_check_identity_match_ticket()
219 ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, in ssl_tls13_offered_psks_check_identity_match_ticket()
331 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match() argument
348 ssl, identity, identity_len, obfuscated_ticket_age, session); in ssl_tls13_offered_psks_check_identity_match()
351 ret = mbedtls_ssl_set_hs_psk(ssl, in ssl_tls13_offered_psks_check_identity_match()
371 if (ssl->conf->f_psk != NULL) { in ssl_tls13_offered_psks_check_identity_match()
372 if (ssl->conf->f_psk( in ssl_tls13_offered_psks_check_identity_match()
373 ssl->conf->p_psk, ssl, identity, identity_len) == 0) { in ssl_tls13_offered_psks_check_identity_match()
381 if (ssl->conf->psk_identity != NULL && in ssl_tls13_offered_psks_check_identity_match()
382 identity_len == ssl->conf->psk_identity_len && in ssl_tls13_offered_psks_check_identity_match()
383 mbedtls_ct_memcmp(ssl->conf->psk_identity, in ssl_tls13_offered_psks_check_identity_match()
385 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); in ssl_tls13_offered_psks_check_identity_match()
406 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_binder_match() argument
424 ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), in ssl_tls13_offered_psks_check_binder_match()
430 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); in ssl_tls13_offered_psks_check_binder_match()
435 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, in ssl_tls13_offered_psks_check_binder_match()
519 mbedtls_ssl_context *ssl, in ssl_tls13_parse_pre_shared_key_ext() argument
562 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
601 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_parse_pre_shared_key_ext()
620 ssl->session_negotiate->ticket_flags = session.ticket_flags; in ssl_tls13_parse_pre_shared_key_ext()
634 ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
638 ssl_tls13_key_exchange_is_psk_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
647 ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, in ssl_tls13_parse_pre_shared_key_ext()
667 ssl, binder, binder_len, psk->type, in ssl_tls13_parse_pre_shared_key_ext()
689 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, in ssl_tls13_parse_pre_shared_key_ext()
707 ret = ssl->handshake->update_checksum( in ssl_tls13_parse_pre_shared_key_ext()
708 ssl, identities_end, (size_t) (binders_end - identities_end)); in ssl_tls13_parse_pre_shared_key_ext()
718 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
733 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_pre_shared_key_ext() argument
744 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
746 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
760 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
765 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
767 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); in ssl_tls13_write_server_pre_shared_key_ext()
780 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_versions_ext() argument
798 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); in ssl_tls13_parse_supported_versions_ext()
807 mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_parse_supported_versions_ext()
839 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_groups_ext() argument
853 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
866 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || in ssl_tls13_parse_supported_groups_ext()
868 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
877 ssl->handshake->hrr_selected_group = named_group; in ssl_tls13_parse_supported_groups_ext()
901 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_shares_ext() argument
923 ssl->handshake->offered_group_id = 0; in ssl_tls13_parse_key_shares_ext()
954 if (!mbedtls_ssl_named_group_is_offered(ssl, group) || in ssl_tls13_parse_key_shares_ext()
956 ssl->handshake->offered_group_id != 0) { in ssl_tls13_parse_key_shares_ext()
969 ssl, key_exchange - 2, key_exchange_len + 2); in ssl_tls13_parse_key_shares_ext()
980 ssl->handshake->offered_group_id = group; in ssl_tls13_parse_key_shares_ext()
984 if (ssl->handshake->offered_group_id == 0) { in ssl_tls13_parse_key_shares_ext()
993 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, in ssl_tls13_client_hello_has_exts() argument
996 int masked = ssl->handshake->received_extensions & exts_mask; in ssl_tls13_client_hello_has_exts()
1003 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange() argument
1006 ssl, in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()
1016 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_key_exchange() argument
1019 ssl, in ssl_tls13_client_hello_has_exts_for_psk_key_exchange()
1028 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange() argument
1031 ssl, in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange()
1041 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_available() argument
1044 return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1045 mbedtls_ssl_tls13_is_psk_supported(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1046 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_available()
1048 ((void) ssl); in ssl_tls13_key_exchange_is_psk_available()
1054 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_ephemeral_available() argument
1057 return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1058 mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1059 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1061 ((void) ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1068 static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_ephemeral_available() argument
1071 return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_ephemeral_available()
1072 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1074 ((void) ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1115 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) in ssl_tls13_pick_key_cert() argument
1118 const uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_pick_key_cert()
1121 if (ssl->handshake->sni_key_cert != NULL) { in ssl_tls13_pick_key_cert()
1122 key_cert_list = ssl->handshake->sni_key_cert; in ssl_tls13_pick_key_cert()
1125 key_cert_list = ssl->conf->key_cert; in ssl_tls13_pick_key_cert()
1133 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_pick_key_cert()
1181 ssl->handshake->key_cert = key_cert; in ssl_tls13_pick_key_cert()
1190 ssl->handshake->key_cert->cert); in ssl_tls13_pick_key_cert()
1249 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_parse_client_hello() argument
1265 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_parse_client_hello()
1303 if (mbedtls_ssl_read_version(p, ssl->conf->transport) != in ssl_tls13_parse_client_hello()
1374 ssl, p + 1 + p[0], end, in ssl_tls13_parse_client_hello()
1388 ret = ssl_tls13_parse_supported_versions_ext(ssl, in ssl_tls13_parse_client_hello()
1413 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1414 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1415 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_tls13_parse_client_hello()
1418 ret = mbedtls_ssl_tls13_crypto_init(ssl); in ssl_tls13_parse_client_hello()
1432 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { in ssl_tls13_parse_client_hello()
1436 ssl->session_negotiate->id_len = legacy_session_id_len; in ssl_tls13_parse_client_hello()
1439 memcpy(&ssl->session_negotiate->id[0], in ssl_tls13_parse_client_hello()
1448 ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, in ssl_tls13_parse_client_hello()
1456 ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1497 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_parse_client_hello()
1527 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, in ssl_tls13_parse_client_hello()
1537 ret = mbedtls_ssl_parse_server_name_ext(ssl, p, in ssl_tls13_parse_client_hello()
1558 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1580 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1605 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1638 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1652 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1666 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1688 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in ssl_tls13_parse_client_hello()
1705 ret = handshake->update_checksum(ssl, buf, in ssl_tls13_parse_client_hello()
1711 ret = ssl_tls13_parse_pre_shared_key_ext(ssl, in ssl_tls13_parse_client_hello()
1727 ret = handshake->update_checksum(ssl, buf, p - buf); in ssl_tls13_parse_client_hello()
1757 if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { in ssl_tls13_parse_client_hello()
1783 ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1800 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); in ssl_tls13_parse_client_hello()
1806 static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) in ssl_tls13_check_early_data_requirements() argument
1808 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_check_early_data_requirements()
1810 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { in ssl_tls13_check_early_data_requirements()
1849 ssl->session_negotiate->ciphersuite) { in ssl_tls13_check_early_data_requirements()
1857 if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { in ssl_tls13_check_early_data_requirements()
1866 const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl); in ssl_tls13_check_early_data_requirements()
1869 if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) { in ssl_tls13_check_early_data_requirements()
1878 ssl->session_negotiate->ticket_alpn == NULL || in ssl_tls13_check_early_data_requirements()
1879 alpn_len != strlen(ssl->session_negotiate->ticket_alpn) || in ssl_tls13_check_early_data_requirements()
1880 (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) { in ssl_tls13_check_early_data_requirements()
1894 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_postprocess_client_hello() argument
1902 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_tls13_postprocess_client_hello()
1907 ssl->handshake->sni_name = NULL; in ssl_tls13_postprocess_client_hello()
1908 ssl->handshake->sni_name_len = 0; in ssl_tls13_postprocess_client_hello()
1911 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); in ssl_tls13_postprocess_client_hello()
1919 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { in ssl_tls13_postprocess_client_hello()
1920 ssl->handshake->early_data_accepted = in ssl_tls13_postprocess_client_hello()
1921 (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); in ssl_tls13_postprocess_client_hello()
1923 if (ssl->handshake->early_data_accepted) { in ssl_tls13_postprocess_client_hello()
1924 ret = mbedtls_ssl_tls13_compute_early_transform(ssl); in ssl_tls13_postprocess_client_hello()
1931 ssl->discard_early_data_record = in ssl_tls13_postprocess_client_hello()
1949 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_hello() argument
1960 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in ssl_tls13_process_client_hello()
1963 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, in ssl_tls13_process_client_hello()
1980 if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_process_client_hello()
1988 ssl->keep_current_message = 1; in ssl_tls13_process_client_hello()
1989 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in ssl_tls13_process_client_hello()
1995 ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == in ssl_tls13_process_client_hello()
1999 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in ssl_tls13_process_client_hello()
2001 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); in ssl_tls13_process_client_hello()
2014 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_server_hello() argument
2018 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; in ssl_tls13_prepare_server_hello()
2020 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, in ssl_tls13_prepare_server_hello()
2030 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_tls13_prepare_server_hello()
2045 mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_supported_versions_ext() argument
2066 ssl->conf->transport, in ssl_tls13_write_server_hello_supported_versions_ext()
2067 ssl->tls_version); in ssl_tls13_write_server_hello_supported_versions_ext()
2070 ssl->tls_version)); in ssl_tls13_write_server_hello_supported_versions_ext()
2075 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); in ssl_tls13_write_server_hello_supported_versions_ext()
2085 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, in ssl_tls13_generate_and_write_key_share() argument
2099 ssl, named_group, buf, end, out_len); in ssl_tls13_generate_and_write_key_share()
2110 ((void) ssl); in ssl_tls13_generate_and_write_key_share()
2134 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_key_share_ext() argument
2141 uint16_t group = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
2167 ssl, group, server_share + 4, end, &key_exchange_length); in ssl_tls13_write_key_share_ext()
2179 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_key_share_ext()
2185 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_hrr_key_share_ext() argument
2190 uint16_t selected_group = ssl->handshake->hrr_selected_group; in ssl_tls13_write_hrr_key_share_ext()
2210 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_hrr_key_share_ext()
2216 if (ssl->handshake->offered_group_id != 0) { in ssl_tls13_write_hrr_key_share_ext()
2244 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_hrr_key_share_ext()
2262 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_body() argument
2274 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_server_hello_body()
2297 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], in ssl_tls13_write_server_hello_body()
2308 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2309 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2310 if (ssl->session_negotiate->id_len > 0) { in ssl_tls13_write_server_hello_body()
2311 memcpy(p, &ssl->session_negotiate->id[0], in ssl_tls13_write_server_hello_body()
2312 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2313 p += ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2315 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_tls13_write_server_hello_body()
2316 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2326 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_tls13_write_server_hello_body()
2331 ssl->session_negotiate->ciphersuite), in ssl_tls13_write_server_hello_body()
2332 ssl->session_negotiate->ciphersuite)); in ssl_tls13_write_server_hello_body()
2354 ssl, p, end, &output_len)) != 0) { in ssl_tls13_write_server_hello_body()
2361 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_server_hello_body()
2363 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2365 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2374 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_server_hello_body()
2375 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2397 ssl->handshake->sent_extensions); in ssl_tls13_write_server_hello_body()
2403 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_finalize_server_hello() argument
2406 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); in ssl_tls13_finalize_server_hello()
2418 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_hello() argument
2426 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); in ssl_tls13_write_server_hello()
2429 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); in ssl_tls13_write_server_hello()
2431 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_server_hello()
2437 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_server_hello()
2440 ssl, buf_len, msg_len)); in ssl_tls13_write_server_hello()
2442 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); in ssl_tls13_write_server_hello()
2450 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); in ssl_tls13_write_server_hello()
2452 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in ssl_tls13_write_server_hello()
2466 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_hello_retry_request() argument
2469 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_prepare_hello_retry_request()
2480 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); in ssl_tls13_prepare_hello_retry_request()
2485 mbedtls_ssl_session_reset_msg_layer(ssl, 0); in ssl_tls13_prepare_hello_retry_request()
2491 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_hello_retry_request() argument
2499 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); in ssl_tls13_write_hello_retry_request()
2502 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, in ssl_tls13_write_hello_retry_request()
2505 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_hello_retry_request()
2510 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_hello_retry_request()
2513 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, in ssl_tls13_write_hello_retry_request()
2516 ssl->handshake->hello_retry_request_flag = 1; in ssl_tls13_write_hello_retry_request()
2524 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); in ssl_tls13_write_hello_retry_request()
2526 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in ssl_tls13_write_hello_retry_request()
2545 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_encrypted_extensions_body() argument
2562 ((void) ssl); in ssl_tls13_write_encrypted_extensions_body()
2567 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2575 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_encrypted_extensions_body()
2577 ssl, 0, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2586 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { in ssl_tls13_write_encrypted_extensions_body()
2588 ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2604 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); in ssl_tls13_write_encrypted_extensions_body()
2610 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) in ssl_tls13_write_encrypted_extensions() argument
2616 mbedtls_ssl_set_outbound_transform(ssl, in ssl_tls13_write_encrypted_extensions()
2617 ssl->handshake->transform_handshake); in ssl_tls13_write_encrypted_extensions()
2624 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2628 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_encrypted_extensions()
2631 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2635 ssl, buf_len, msg_len)); in ssl_tls13_write_encrypted_extensions()
2638 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_encrypted_extensions()
2639 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2641 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); in ssl_tls13_write_encrypted_extensions()
2644 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2665 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_certificate_request_coordinate() argument
2670 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_certificate_request_coordinate()
2671 authmode = ssl->handshake->sni_authmode; in ssl_tls13_certificate_request_coordinate()
2674 authmode = ssl->conf->authmode; in ssl_tls13_certificate_request_coordinate()
2677 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in ssl_tls13_certificate_request_coordinate()
2681 ssl->handshake->certificate_request_sent = 1; in ssl_tls13_certificate_request_coordinate()
2694 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_request_body() argument
2728 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_tls13_write_certificate_request_body()
2739 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_request_body()
2745 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_request() argument
2751 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); in ssl_tls13_write_certificate_request()
2758 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2762 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_certificate_request()
2765 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2769 ssl, buf_len, msg_len)); in ssl_tls13_write_certificate_request()
2779 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); in ssl_tls13_write_certificate_request()
2790 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_certificate() argument
2795 if ((ssl_tls13_pick_key_cert(ssl) != 0) || in ssl_tls13_write_server_certificate()
2796 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_tls13_write_server_certificate()
2804 ret = mbedtls_ssl_tls13_write_certificate(ssl); in ssl_tls13_write_server_certificate()
2808 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); in ssl_tls13_write_server_certificate()
2816 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_verify() argument
2818 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); in ssl_tls13_write_certificate_verify()
2822 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_certificate_verify()
2868 mbedtls_ssl_context *ssl) in ssl_tls13_prepare_for_handshake_second_flight() argument
2870 if (ssl->handshake->certificate_request_sent) { in ssl_tls13_prepare_for_handshake_second_flight()
2871 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); in ssl_tls13_prepare_for_handshake_second_flight()
2876 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); in ssl_tls13_prepare_for_handshake_second_flight()
2884 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_finished() argument
2888 ret = mbedtls_ssl_tls13_write_finished_message(ssl); in ssl_tls13_write_server_finished()
2893 ret = mbedtls_ssl_tls13_compute_application_transform(ssl); in ssl_tls13_write_server_finished()
2902 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_server_finished()
2908 ssl, ssl->handshake->transform_earlydata); in ssl_tls13_write_server_finished()
2909 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); in ssl_tls13_write_server_finished()
2916 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); in ssl_tls13_write_server_finished()
2918 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_write_server_finished()
2938 static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_end_of_early_data_coordinate() argument
2942 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in ssl_tls13_end_of_early_data_coordinate()
2946 ssl->keep_current_message = 1; in ssl_tls13_end_of_early_data_coordinate()
2948 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_tls13_end_of_early_data_coordinate()
2949 ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2954 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2955 if (ssl->in_offt == NULL) { in ssl_tls13_end_of_early_data_coordinate()
2958 ssl->in_offt = ssl->in_msg; in ssl_tls13_end_of_early_data_coordinate()
2959 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); in ssl_tls13_end_of_early_data_coordinate()
2973 static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, in ssl_tls13_parse_end_of_early_data() argument
3027 static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) in ssl_tls13_process_end_of_early_data() argument
3033 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); in ssl_tls13_process_end_of_early_data()
3040 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3044 ssl, buf, buf + buf_len)); in ssl_tls13_process_end_of_early_data()
3050 ssl, ssl->handshake->transform_handshake); in ssl_tls13_process_end_of_early_data()
3053 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3056 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_process_end_of_early_data()
3077 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_finished() argument
3081 ret = mbedtls_ssl_tls13_process_finished_message(ssl); in ssl_tls13_process_client_finished()
3086 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); in ssl_tls13_process_client_finished()
3092 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in ssl_tls13_process_client_finished()
3100 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in ssl_tls13_handshake_wrapup() argument
3104 mbedtls_ssl_tls13_handshake_wrapup(ssl); in ssl_tls13_handshake_wrapup()
3113 if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { in ssl_tls13_handshake_wrapup()
3115 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in ssl_tls13_handshake_wrapup()
3119 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_handshake_wrapup()
3131 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket_coordinate() argument
3134 if (ssl->conf->f_ticket_write == NULL) { in ssl_tls13_write_new_session_ticket_coordinate()
3139 if (ssl->conf->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3145 if (ssl->handshake->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3155 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, in ssl_tls13_prepare_new_session_ticket() argument
3160 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_prepare_new_session_ticket()
3172 session, ssl->handshake->tls13_kex_modes); in ssl_tls13_prepare_new_session_ticket()
3176 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && in ssl_tls13_prepare_new_session_ticket()
3177 ssl->conf->max_early_data_size > 0) { in ssl_tls13_prepare_new_session_ticket()
3180 session->max_early_data_size = ssl->conf->max_early_data_size; in ssl_tls13_prepare_new_session_ticket()
3188 ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen); in ssl_tls13_prepare_new_session_ticket()
3196 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_tls13_prepare_new_session_ticket()
3206 ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); in ssl_tls13_prepare_new_session_ticket()
3215 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; in ssl_tls13_prepare_new_session_ticket()
3285 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_new_session_ticket_body() argument
3294 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_write_new_session_ticket_body()
3314 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_tls13_write_new_session_ticket_body()
3365 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_new_session_ticket_body()
3376 ssl, 1, p, end, &output_len)) != 0) { in ssl_tls13_write_new_session_ticket_body()
3397 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); in ssl_tls13_write_new_session_ticket_body()
3405 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket() argument
3409 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); in ssl_tls13_write_new_session_ticket()
3417 ssl, ticket_nonce, sizeof(ticket_nonce))); in ssl_tls13_write_new_session_ticket()
3420 ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, in ssl_tls13_write_new_session_ticket()
3424 ssl, buf, buf + buf_len, &msg_len, in ssl_tls13_write_new_session_ticket()
3428 ssl, buf_len, msg_len)); in ssl_tls13_write_new_session_ticket()
3434 if (ssl->handshake->resume == 1) { in ssl_tls13_write_new_session_ticket()
3435 ssl->handshake->new_session_tickets_count = 0; in ssl_tls13_write_new_session_ticket()
3437 ssl->handshake->new_session_tickets_count--; in ssl_tls13_write_new_session_ticket()
3441 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); in ssl_tls13_write_new_session_ticket()
3443 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_write_new_session_ticket()
3455 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_server_step() argument
3459 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3464 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), in mbedtls_ssl_tls13_handshake_server_step()
3465 ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()
3467 switch (ssl->state) { in mbedtls_ssl_tls13_handshake_server_step()
3470 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3475 ret = ssl_tls13_process_client_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3482 ret = ssl_tls13_write_hello_retry_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3490 ret = ssl_tls13_write_server_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3494 ret = ssl_tls13_write_encrypted_extensions(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3503 ret = ssl_tls13_write_certificate_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3507 ret = ssl_tls13_write_server_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3511 ret = ssl_tls13_write_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3520 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3522 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3527 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3531 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in mbedtls_ssl_tls13_handshake_server_step()
3536 ret = ssl_tls13_write_server_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3541 ret = ssl_tls13_process_end_of_early_data(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3546 ret = ssl_tls13_process_client_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3550 ret = ssl_tls13_handshake_wrapup(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3555 ret = mbedtls_ssl_tls13_process_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3557 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3559 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); in mbedtls_ssl_tls13_handshake_server_step()
3563 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3569 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3572 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3579 ret = ssl_tls13_write_new_session_ticket(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3593 if (ssl->handshake->new_session_tickets_count == 0) { in mbedtls_ssl_tls13_handshake_server_step()
3594 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in mbedtls_ssl_tls13_handshake_server_step()
3597 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in mbedtls_ssl_tls13_handshake_server_step()
3604 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()