Home
last modified time | relevance | path

Searched refs:handshake (Results 1 – 12 of 12) sorted by relevance

/optee_os/lib/libmbedtls/mbedtls/library/
H A Dssl_tls12_client.c141 if (ssl->handshake->psa_pake_ctx_is_ok != 1) { in ssl_write_ecjpake_kkpp_ext()
145 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { in ssl_write_ecjpake_kkpp_ext()
163 if (ssl->handshake->ecjpake_cache == NULL || in ssl_write_ecjpake_kkpp_ext()
164 ssl->handshake->ecjpake_cache_len == 0) { in ssl_write_ecjpake_kkpp_ext()
168 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_ecjpake_kkpp_ext()
172 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_ecjpake_kkpp_ext()
173 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_ecjpake_kkpp_ext()
178 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
188 ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
189 if (ssl->handshake->ecjpake_cache == NULL) { in ssl_write_ecjpake_kkpp_ext()
[all …]
H A Dssl_tls13_keys.c674 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_key_schedule_stage_application() local
676 (mbedtls_md_type_t) handshake->ciphersuite_info->mac); in ssl_tls13_key_schedule_stage_application()
683 handshake->tls13_master_secrets.handshake, in ssl_tls13_key_schedule_stage_application()
685 handshake->tls13_master_secrets.app); in ssl_tls13_key_schedule_stage_application()
693 handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg)); in ssl_tls13_key_schedule_stage_application()
786 &ssl->handshake->tls13_hs_secrets; in mbedtls_ssl_tls13_calculate_verify_data()
788 mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac; in mbedtls_ssl_tls13_calculate_verify_data()
791 (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac); in mbedtls_ssl_tls13_calculate_verify_data()
1147 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_generate_early_key() local
1149 handshake->ciphersuite_info; in ssl_tls13_generate_early_key()
[all …]
H A Dssl_tls12_server.c205 if (ssl->handshake->curves_tls_id != NULL) { in ssl_parse_supported_groups_ext()
226 ssl->handshake->curves_tls_id = curves_tls_id; in ssl_parse_supported_groups_ext()
267 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
271 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, in ssl_parse_supported_point_formats()
297 if (ssl->handshake->psa_pake_ctx_is_ok != 1) in ssl_parse_ecjpake_kkpp()
299 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) in ssl_parse_ecjpake_kkpp()
308 &ssl->handshake->psa_pake_ctx, buf, len, in ssl_parse_ecjpake_kkpp()
310 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_ecjpake_kkpp()
311 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_ecjpake_kkpp()
322 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
[all …]
H A Dssl_tls13_client.c52 unsigned char versions_len = (ssl->handshake->min_tls_version <= in ssl_tls13_write_supported_versions_ext()
83 if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_tls13_write_supported_versions_ext()
177 uint16_t group_id = ssl->handshake->offered_group_id; in ssl_tls13_reset_key_share()
190 status = psa_destroy_key(ssl->handshake->xxdh_psa_privkey); in ssl_tls13_reset_key_share()
197 ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; in ssl_tls13_reset_key_share()
288 group_id = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
352 ssl->handshake->offered_group_id = group_id; in ssl_tls13_write_key_share_ext()
433 if (found == 0 || selected_group == ssl->handshake->offered_group_id) { in ssl_tls13_parse_hrr_key_share_ext()
442 ssl->handshake->offered_group_id = selected_group; in ssl_tls13_parse_hrr_key_share_ext()
483 offered_group = ssl->handshake->offered_group_id; in ssl_tls13_parse_key_share_ext()
[all …]
H A Dssl_tls.c794 ssl->handshake->update_checksum = ssl_update_checksum_sha384; in mbedtls_ssl_optimize_checksum()
799 ssl->handshake->update_checksum = ssl_update_checksum_sha256; in mbedtls_ssl_optimize_checksum()
820 return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); in mbedtls_ssl_add_hs_hdr_to_checksum()
833 return ssl->handshake->update_checksum(ssl, msg, msg_len); in mbedtls_ssl_add_hs_msg_to_checksum()
850 status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); in mbedtls_ssl_reset_checksum()
854 status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); in mbedtls_ssl_reset_checksum()
859 mbedtls_md_free(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
860 mbedtls_md_init(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
861 ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, in mbedtls_ssl_reset_checksum()
867 ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
[all …]
H A Dssl_client.c358 ssl->handshake->min_tls_version, in ssl_write_client_hello_cipher_suites()
444 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_hello_body() local
456 (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) in ssl_write_client_hello_body()
462 (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3) in ssl_write_client_hello_body()
486 memcpy(p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); in ssl_write_client_hello_body()
528 if (handshake->cookie != NULL) { in ssl_write_client_hello_body()
530 handshake->cookie, in ssl_write_client_hello_body()
531 handshake->cookie_len); in ssl_write_client_hello_body()
532 cookie_len = handshake->cookie_len; in ssl_write_client_hello_body()
538 memcpy(p, handshake->cookie, cookie_len); in ssl_write_client_hello_body()
[all …]
H A Dssl_tls13_server.c147 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
562 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
707 ret = ssl->handshake->update_checksum( in ssl_tls13_parse_pre_shared_key_ext()
718 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
744 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
746 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
760 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
765 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
853 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
868 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
[all …]
H A Dssl_tls13_generic.c370 (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in mbedtls_ssl_tls13_process_certificate_verify()
459 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_parse_certificate() local
563 handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in mbedtls_ssl_tls13_parse_certificate()
601 handshake->received_extensions); in mbedtls_ssl_tls13_parse_certificate()
641 const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET in ssl_tls13_validate_certificate()
642 ? ssl->handshake->sni_authmode in ssl_tls13_validate_certificate()
768 ssl->handshake->certificate_request_context; in ssl_tls13_write_certificate_body()
770 ssl->handshake->certificate_request_context_len; in ssl_tls13_write_certificate_body()
819 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_body()
913 uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_write_certificate_verify_body()
[all …]
H A Dssl_msg.c486 if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) { in ssl_double_retransmit_timeout()
496 if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) { in ssl_double_retransmit_timeout()
497 ssl->handshake->mtu = 508; in ssl_double_retransmit_timeout()
498 MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu)); in ssl_double_retransmit_timeout()
501 new_timeout = 2 * ssl->handshake->retransmit_timeout; in ssl_double_retransmit_timeout()
504 if (new_timeout < ssl->handshake->retransmit_timeout || in ssl_double_retransmit_timeout()
509 ssl->handshake->retransmit_timeout = new_timeout; in ssl_double_retransmit_timeout()
511 (unsigned long) ssl->handshake->retransmit_timeout)); in ssl_double_retransmit_timeout()
518 ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; in ssl_reset_retransmit_timeout()
520 (unsigned long) ssl->handshake->retransmit_timeout)); in ssl_reset_retransmit_timeout()
[all …]
H A Dssl_misc.h1011 unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; member
1548 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { in mbedtls_ssl_get_opaque_psk()
1549 return ssl->handshake->psk_opaque; in mbedtls_ssl_get_opaque_psk()
1568 if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) { in mbedtls_ssl_get_psk()
1569 *psk = ssl->handshake->psk; in mbedtls_ssl_get_psk()
1570 *psk_len = ssl->handshake->psk_len; in mbedtls_ssl_get_psk()
1677 if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { in mbedtls_ssl_own_key()
1678 key_cert = ssl->handshake->key_cert; in mbedtls_ssl_own_key()
1690 if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { in mbedtls_ssl_own_cert()
1691 key_cert = ssl->handshake->key_cert; in mbedtls_ssl_own_cert()
[all …]
/optee_os/lib/libmbedtls/mbedtls/
H A DChangeLog145 The library will now prevent the handshake and return
153 * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
156 the security guarantees of the TLS handshake.
175 * Support re-assembly of fragmented handshake messages in TLS (both
176 1.2 and 1.3). The lack of support was causing handshake failures with
221 * A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled.
301 optional authentication (required would abort the handshake with a fatal
351 * Fix TLS connections failing when the handshake selects TLS 1.3
463 Record size limits negotiated during handshake.
582 * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2
[all …]
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/
H A Dssl.h1809 mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during