Lines Matching refs:ssl
48 int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_fetch_handshake_msg() argument
55 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in mbedtls_ssl_tls13_fetch_handshake_msg()
60 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in mbedtls_ssl_tls13_fetch_handshake_msg()
61 ssl->in_msg[0] != hs_type) { in mbedtls_ssl_tls13_fetch_handshake_msg()
76 *buf = ssl->in_msg + 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
77 *buf_len = ssl->in_hslen - 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
85 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts() argument
213 static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, in ssl_tls13_parse_certificate_verify() argument
256 if (!mbedtls_ssl_sig_alg_is_offered(ssl, algorithm)) { in ssl_tls13_parse_certificate_verify()
280 if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) { in ssl_tls13_parse_certificate_verify()
304 &ssl->session_negotiate->peer_cert->pk, in ssl_tls13_parse_certificate_verify()
324 int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_certificate_verify() argument
340 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len)); in mbedtls_ssl_tls13_process_certificate_verify()
347 ssl, in mbedtls_ssl_tls13_process_certificate_verify()
348 (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in mbedtls_ssl_tls13_process_certificate_verify()
365 (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ? in mbedtls_ssl_tls13_process_certificate_verify()
371 ssl, buf, buf + buf_len, in mbedtls_ssl_tls13_process_certificate_verify()
375 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_process_certificate_verify()
384 ((void) ssl); in mbedtls_ssl_tls13_process_certificate_verify()
428 int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_certificate() argument
437 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_parse_certificate()
456 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_parse_certificate()
457 mbedtls_x509_crt_free(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
458 mbedtls_free(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
463 ssl->session_negotiate->peer_cert = NULL; in mbedtls_ssl_tls13_parse_certificate()
468 if ((ssl->session_negotiate->peer_cert = in mbedtls_ssl_tls13_parse_certificate()
477 mbedtls_x509_crt_init(ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
502 ret = mbedtls_x509_crt_parse_der(ssl->session_negotiate->peer_cert, in mbedtls_ssl_tls13_parse_certificate()
561 ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, in mbedtls_ssl_tls13_parse_certificate()
592 ssl->session_negotiate->peer_cert); in mbedtls_ssl_tls13_parse_certificate()
599 int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_certificate() argument
603 ((void) ssl); in mbedtls_ssl_tls13_parse_certificate()
615 static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_validate_certificate() argument
619 const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET in ssl_tls13_validate_certificate()
620 ? ssl->handshake->sni_authmode in ssl_tls13_validate_certificate()
621 : ssl->conf->authmode; in ssl_tls13_validate_certificate()
623 const int authmode = ssl->conf->authmode; in ssl_tls13_validate_certificate()
633 if (ssl->session_negotiate->peer_cert == NULL) { in ssl_tls13_validate_certificate()
637 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_tls13_validate_certificate()
642 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; in ssl_tls13_validate_certificate()
660 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_tls13_validate_certificate()
668 return mbedtls_ssl_verify_certificate(ssl, authmode, in ssl_tls13_validate_certificate()
669 ssl->session_negotiate->peer_cert, in ssl_tls13_validate_certificate()
674 static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_validate_certificate() argument
676 ((void) ssl); in ssl_tls13_validate_certificate()
682 int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_certificate() argument
692 ssl, MBEDTLS_SSL_HS_CERTIFICATE, in mbedtls_ssl_tls13_process_certificate()
696 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_parse_certificate(ssl, buf, in mbedtls_ssl_tls13_process_certificate()
699 MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); in mbedtls_ssl_tls13_process_certificate()
702 ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); in mbedtls_ssl_tls13_process_certificate()
706 (void) ssl; in mbedtls_ssl_tls13_process_certificate()
738 static int ssl_tls13_write_certificate_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_body() argument
743 const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert(ssl); in ssl_tls13_write_certificate_body()
746 ssl->handshake->certificate_request_context; in ssl_tls13_write_certificate_body()
748 ssl->handshake->certificate_request_context_len; in ssl_tls13_write_certificate_body()
797 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_body()
802 int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_certificate() argument
811 ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len)); in mbedtls_ssl_tls13_write_certificate()
813 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl, in mbedtls_ssl_tls13_write_certificate()
819 ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); in mbedtls_ssl_tls13_write_certificate()
822 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_certificate()
877 static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_verify_body() argument
891 uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_write_certificate_verify_body()
896 own_key = mbedtls_ssl_own_key(ssl); in ssl_tls13_write_certificate_verify_body()
903 ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, in ssl_tls13_write_certificate_verify_body()
915 ssl->conf->endpoint); in ssl_tls13_write_certificate_verify_body()
936 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_write_certificate_verify_body()
1002 int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_certificate_verify() argument
1011 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_write_certificate_verify()
1015 ssl, buf, buf + buf_len, &msg_len)); in mbedtls_ssl_tls13_write_certificate_verify()
1018 ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, in mbedtls_ssl_tls13_write_certificate_verify()
1022 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_certificate_verify()
1041 static int ssl_tls13_preprocess_finished_message(mbedtls_ssl_context *ssl) in ssl_tls13_preprocess_finished_message() argument
1046 ssl, in ssl_tls13_preprocess_finished_message()
1047 ssl->handshake->state_local.finished_in.digest, in ssl_tls13_preprocess_finished_message()
1048 sizeof(ssl->handshake->state_local.finished_in.digest), in ssl_tls13_preprocess_finished_message()
1049 &ssl->handshake->state_local.finished_in.digest_len, in ssl_tls13_preprocess_finished_message()
1050 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ? in ssl_tls13_preprocess_finished_message()
1061 static int ssl_tls13_parse_finished_message(mbedtls_ssl_context *ssl, in ssl_tls13_parse_finished_message() argument
1071 ssl->handshake->state_local.finished_in.digest; in ssl_tls13_parse_finished_message()
1073 ssl->handshake->state_local.finished_in.digest_len; in ssl_tls13_parse_finished_message()
1102 int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_process_finished_message() argument
1111 ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1114 MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl)); in mbedtls_ssl_tls13_process_finished_message()
1117 ssl, buf, buf + buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1120 ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); in mbedtls_ssl_tls13_process_finished_message()
1138 static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_finished_message() argument
1143 ret = mbedtls_ssl_tls13_calculate_verify_data(ssl, in ssl_tls13_prepare_finished_message()
1144 ssl->handshake->state_local.finished_out.digest, in ssl_tls13_prepare_finished_message()
1145 sizeof(ssl->handshake->state_local.finished_out. in ssl_tls13_prepare_finished_message()
1147 &ssl->handshake->state_local.finished_out. in ssl_tls13_prepare_finished_message()
1149 ssl->conf->endpoint); in ssl_tls13_prepare_finished_message()
1160 static int ssl_tls13_write_finished_message_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_finished_message_body() argument
1165 size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; in ssl_tls13_write_finished_message_body()
1173 memcpy(buf, ssl->handshake->state_local.finished_out.digest, in ssl_tls13_write_finished_message_body()
1181 int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_finished_message() argument
1189 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_finished_message(ssl)); in mbedtls_ssl_tls13_write_finished_message()
1191 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, in mbedtls_ssl_tls13_write_finished_message()
1195 ssl, buf, buf + buf_len, &msg_len)); in mbedtls_ssl_tls13_write_finished_message()
1197 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, in mbedtls_ssl_tls13_write_finished_message()
1201 ssl, buf_len, msg_len)); in mbedtls_ssl_tls13_write_finished_message()
1208 void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_wrapup() argument
1214 mbedtls_ssl_set_inbound_transform(ssl, ssl->transform_application); in mbedtls_ssl_tls13_handshake_wrapup()
1217 mbedtls_ssl_set_outbound_transform(ssl, ssl->transform_application); in mbedtls_ssl_tls13_handshake_wrapup()
1222 if (ssl->session) { in mbedtls_ssl_tls13_handshake_wrapup()
1223 mbedtls_ssl_session_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1224 mbedtls_free(ssl->session); in mbedtls_ssl_tls13_handshake_wrapup()
1226 ssl->session = ssl->session_negotiate; in mbedtls_ssl_tls13_handshake_wrapup()
1227 ssl->session_negotiate = NULL; in mbedtls_ssl_tls13_handshake_wrapup()
1239 static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_change_cipher_spec_body() argument
1244 ((void) ssl); in ssl_tls13_write_change_cipher_spec_body()
1253 int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_write_change_cipher_spec() argument
1260 if (ssl->handshake->ccs_sent) { in mbedtls_ssl_tls13_write_change_cipher_spec()
1267 ssl, ssl->out_msg, in mbedtls_ssl_tls13_write_change_cipher_spec()
1268 ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, in mbedtls_ssl_tls13_write_change_cipher_spec()
1269 &ssl->out_msglen)); in mbedtls_ssl_tls13_write_change_cipher_spec()
1271 ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; in mbedtls_ssl_tls13_write_change_cipher_spec()
1274 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); in mbedtls_ssl_tls13_write_change_cipher_spec()
1276 ssl->handshake->ccs_sent = 1; in mbedtls_ssl_tls13_write_change_cipher_spec()
1297 int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_write_early_data_ext() argument
1321 MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); in mbedtls_ssl_tls13_write_early_data_ext()
1324 (unsigned int) ssl->conf->max_early_data_size)); in mbedtls_ssl_tls13_write_early_data_ext()
1330 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); in mbedtls_ssl_tls13_write_early_data_ext()
1336 int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_check_early_data_len() argument
1344 if (ssl->session_negotiate == NULL) { in mbedtls_ssl_tls13_check_early_data_len()
1358 (ssl->session_negotiate->max_early_data_size - in mbedtls_ssl_tls13_check_early_data_len()
1359 ssl->total_early_data_size)) { in mbedtls_ssl_tls13_check_early_data_len()
1364 (unsigned long) ssl->total_early_data_size, in mbedtls_ssl_tls13_check_early_data_len()
1366 (unsigned long) ssl->session_negotiate->max_early_data_size)); in mbedtls_ssl_tls13_check_early_data_len()
1379 ssl->total_early_data_size += (uint32_t) early_data_len; in mbedtls_ssl_tls13_check_early_data_len()
1397 int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) in mbedtls_ssl_reset_transcript_for_hrr() argument
1403 ssl->handshake->ciphersuite_info; in mbedtls_ssl_reset_transcript_for_hrr()
1407 ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, in mbedtls_ssl_reset_transcript_for_hrr()
1427 ret = mbedtls_ssl_reset_checksum(ssl); in mbedtls_ssl_reset_transcript_for_hrr()
1432 ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); in mbedtls_ssl_reset_transcript_for_hrr()
1443 int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_read_public_xxdhe_share() argument
1449 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_read_public_xxdhe_share()
1514 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange() argument
1524 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange()
1555 ssl->handshake->xxdh_psa_bits = bits; in mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange()
1598 mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_check_received_extension() argument
1618 ssl->handshake->received_extensions |= extension_mask; in mbedtls_ssl_tls13_check_received_extension()
1629 if ((ssl->handshake->sent_extensions & extension_mask) != 0) { in mbedtls_ssl_tls13_check_received_extension()
1654 int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_parse_record_size_limit_ext() argument
1695 ssl->session_negotiate->record_size_limit = record_size_limit; in mbedtls_ssl_tls13_parse_record_size_limit_ext()
1701 int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, in mbedtls_ssl_tls13_write_record_size_limit_ext() argument
1725 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); in mbedtls_ssl_tls13_write_record_size_limit_ext()