Lines Matching refs:ssl
25 static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl, in ssl_write_hostname_ext() argument
35 if (ssl->hostname == NULL) { in ssl_write_hostname_ext()
41 ssl->hostname)); in ssl_write_hostname_ext()
43 hostname_len = strlen(ssl->hostname); in ssl_write_hostname_ext()
87 memcpy(p, ssl->hostname, hostname_len); in ssl_write_hostname_ext()
92 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME); in ssl_write_hostname_ext()
113 static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, in ssl_write_alpn_ext() argument
122 if (ssl->conf->alpn_list == NULL) { in ssl_write_alpn_ext()
144 for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) { in ssl_write_alpn_ext()
166 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); in ssl_write_alpn_ext()
216 static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_write_supported_groups_ext() argument
225 const uint16_t *group_list = ssl->conf->group_list; in ssl_write_supported_groups_ext()
307 ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS); in ssl_write_supported_groups_ext()
317 mbedtls_ssl_context *ssl, in ssl_write_client_hello_cipher_suites() argument
339 ciphersuite_list = ssl->conf->ciphersuite_list; in ssl_write_client_hello_cipher_suites()
355 if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_write_client_hello_cipher_suites()
356 ssl->handshake->min_tls_version, in ssl_write_client_hello_cipher_suites()
357 ssl->tls_version) != 0) { in ssl_write_client_hello_cipher_suites()
383 renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); in ssl_write_client_hello_cipher_suites()
435 static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, in ssl_write_client_hello_body() argument
442 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_hello_body()
456 (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version); in ssl_write_client_hello_body()
462 (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version); in ssl_write_client_hello_body()
471 mbedtls_ssl_write_version(p, ssl->conf->transport, in ssl_write_client_hello_body()
505 MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1); in ssl_write_client_hello_body()
506 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_write_client_hello_body()
507 memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); in ssl_write_client_hello_body()
508 p += ssl->session_negotiate->id_len; in ssl_write_client_hello_body()
510 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_write_client_hello_body()
511 ssl->session_negotiate->id_len); in ssl_write_client_hello_body()
519 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in ssl_write_client_hello_body()
543 ret = ssl_write_client_hello_cipher_suites(ssl, p, end, in ssl_write_client_hello_body()
579 ret = ssl_write_hostname_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
587 ret = ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
596 ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end, in ssl_write_client_hello_body()
611 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { in ssl_write_client_hello_body()
623 ret = ssl_write_supported_groups_ext(ssl, p, end, in ssl_write_client_hello_body()
639 (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); in ssl_write_client_hello_body()
646 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_write_client_hello_body()
656 ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end, in ssl_write_client_hello_body()
670 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { in ssl_write_client_hello_body()
672 ssl, p, end, &output_len, binders_len); in ssl_write_client_hello_body()
698 static int ssl_generate_random(mbedtls_ssl_context *ssl) in ssl_generate_random() argument
701 unsigned char *randbytes = ssl->handshake->randbytes; in ssl_generate_random()
716 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_generate_random()
734 static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) in ssl_prepare_client_hello() argument
738 mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; in ssl_prepare_client_hello()
749 if (ssl->handshake->resume != 0 && in ssl_prepare_client_hello()
759 ssl->handshake->resume = 0; in ssl_prepare_client_hello()
770 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_prepare_client_hello()
771 ssl->handshake->min_tls_version = ssl->tls_version; in ssl_prepare_client_hello()
775 if (ssl->handshake->resume) { in ssl_prepare_client_hello()
776 ssl->tls_version = session_negotiate->tls_version; in ssl_prepare_client_hello()
777 ssl->handshake->min_tls_version = ssl->tls_version; in ssl_prepare_client_hello()
779 ssl->handshake->min_tls_version = ssl->conf->min_tls_version; in ssl_prepare_client_hello()
789 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || in ssl_prepare_client_hello()
790 (ssl->handshake->cookie == NULL)) in ssl_prepare_client_hello()
794 if (!ssl->handshake->hello_retry_request_flag) in ssl_prepare_client_hello()
797 ret = ssl_generate_random(ssl); in ssl_prepare_client_hello()
814 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_prepare_client_hello()
817 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_prepare_client_hello()
819 ssl->handshake->resume == 0) { in ssl_prepare_client_hello()
830 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { in ssl_prepare_client_hello()
845 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { in ssl_prepare_client_hello()
882 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && in ssl_prepare_client_hello()
883 ssl->handshake->resume) { in ssl_prepare_client_hello()
884 int hostname_mismatch = ssl->hostname != NULL || in ssl_prepare_client_hello()
886 if (ssl->hostname != NULL && session_negotiate->hostname != NULL) { in ssl_prepare_client_hello()
888 ssl->hostname, session_negotiate->hostname) != 0; in ssl_prepare_client_hello()
899 ssl->hostname); in ssl_prepare_client_hello()
911 int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) in mbedtls_ssl_write_client_hello() argument
919 MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl)); in mbedtls_ssl_write_client_hello()
922 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in mbedtls_ssl_write_client_hello()
925 MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf, in mbedtls_ssl_write_client_hello()
931 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { in mbedtls_ssl_write_client_hello()
932 ssl->out_msglen = msg_len + 4; in mbedtls_ssl_write_client_hello()
933 mbedtls_ssl_send_flight_completed(ssl); in mbedtls_ssl_write_client_hello()
944 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in mbedtls_ssl_write_client_hello()
946 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { in mbedtls_ssl_write_client_hello()
951 if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { in mbedtls_ssl_write_client_hello()
959 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in mbedtls_ssl_write_client_hello()
966 ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); in mbedtls_ssl_write_client_hello()
975 ssl, buf + msg_len - binders_len, buf + msg_len)); in mbedtls_ssl_write_client_hello()
976 ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, in mbedtls_ssl_write_client_hello()
985 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, in mbedtls_ssl_write_client_hello()
993 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in mbedtls_ssl_write_client_hello()
996 if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && in mbedtls_ssl_write_client_hello()
997 MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) { in mbedtls_ssl_write_client_hello()
998 ret = mbedtls_ssl_tls13_finalize_client_hello(ssl); in mbedtls_ssl_write_client_hello()
1005 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); in mbedtls_ssl_write_client_hello()