Lines Matching refs:ssl
24 mbedtls_ssl_context *ssl, in ssl_tls13_validate_peer_ciphersuite() argument
28 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { in ssl_tls13_validate_peer_ciphersuite()
33 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_tls13_validate_peer_ciphersuite()
34 ssl->tls_version, in ssl_tls13_validate_peer_ciphersuite()
35 ssl->tls_version) != 0)) { in ssl_tls13_validate_peer_ciphersuite()
42 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite() argument
70 ssl_tls13_validate_peer_ciphersuite(ssl, id); in ssl_tls13_select_ciphersuite()
108 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_exchange_modes_ext() argument
146 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
176 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
178 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
183 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match_ticket() argument
203 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { in ssl_tls13_offered_psks_check_identity_match_ticket()
218 ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, in ssl_tls13_offered_psks_check_identity_match_ticket()
330 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match() argument
347 ssl, identity, identity_len, obfuscated_ticket_age, session); in ssl_tls13_offered_psks_check_identity_match()
350 ret = mbedtls_ssl_set_hs_psk(ssl, in ssl_tls13_offered_psks_check_identity_match()
370 if (ssl->conf->f_psk != NULL) { in ssl_tls13_offered_psks_check_identity_match()
371 if (ssl->conf->f_psk( in ssl_tls13_offered_psks_check_identity_match()
372 ssl->conf->p_psk, ssl, identity, identity_len) == 0) { in ssl_tls13_offered_psks_check_identity_match()
380 if (ssl->conf->psk_identity != NULL && in ssl_tls13_offered_psks_check_identity_match()
381 identity_len == ssl->conf->psk_identity_len && in ssl_tls13_offered_psks_check_identity_match()
382 mbedtls_ct_memcmp(ssl->conf->psk_identity, in ssl_tls13_offered_psks_check_identity_match()
384 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); in ssl_tls13_offered_psks_check_identity_match()
405 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_binder_match() argument
423 ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), in ssl_tls13_offered_psks_check_binder_match()
429 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); in ssl_tls13_offered_psks_check_binder_match()
434 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, in ssl_tls13_offered_psks_check_binder_match()
516 mbedtls_ssl_context *ssl, in ssl_tls13_parse_pre_shared_key_ext() argument
559 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
598 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_parse_pre_shared_key_ext()
617 ssl->session_negotiate->ticket_flags = session.ticket_flags; in ssl_tls13_parse_pre_shared_key_ext()
631 ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
635 ssl_tls13_key_exchange_is_psk_available(ssl)) { in ssl_tls13_parse_pre_shared_key_ext()
644 ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, in ssl_tls13_parse_pre_shared_key_ext()
664 ssl, binder, binder_len, psk->type, in ssl_tls13_parse_pre_shared_key_ext()
686 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, in ssl_tls13_parse_pre_shared_key_ext()
704 ret = ssl->handshake->update_checksum( in ssl_tls13_parse_pre_shared_key_ext()
705 ssl, identities_end, (size_t) (binders_end - identities_end)); in ssl_tls13_parse_pre_shared_key_ext()
715 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
730 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_pre_shared_key_ext() argument
740 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
753 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
758 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
760 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); in ssl_tls13_write_server_pre_shared_key_ext()
773 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_versions_ext() argument
791 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); in ssl_tls13_parse_supported_versions_ext()
800 mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_parse_supported_versions_ext()
832 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_groups_ext() argument
846 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
859 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || in ssl_tls13_parse_supported_groups_ext()
861 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
870 ssl->handshake->hrr_selected_group = named_group; in ssl_tls13_parse_supported_groups_ext()
894 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_shares_ext() argument
916 ssl->handshake->offered_group_id = 0; in ssl_tls13_parse_key_shares_ext()
947 if (!mbedtls_ssl_named_group_is_offered(ssl, group) || in ssl_tls13_parse_key_shares_ext()
949 ssl->handshake->offered_group_id != 0) { in ssl_tls13_parse_key_shares_ext()
962 ssl, key_exchange - 2, key_exchange_len + 2); in ssl_tls13_parse_key_shares_ext()
973 ssl->handshake->offered_group_id = group; in ssl_tls13_parse_key_shares_ext()
977 if (ssl->handshake->offered_group_id == 0) { in ssl_tls13_parse_key_shares_ext()
986 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, in ssl_tls13_client_hello_has_exts() argument
989 int masked = ssl->handshake->received_extensions & exts_mask; in ssl_tls13_client_hello_has_exts()
996 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange() argument
999 ssl, in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()
1009 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_key_exchange() argument
1012 ssl, in ssl_tls13_client_hello_has_exts_for_psk_key_exchange()
1021 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange() argument
1024 ssl, in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange()
1034 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_available() argument
1037 return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1038 mbedtls_ssl_tls13_is_psk_supported(ssl) && in ssl_tls13_key_exchange_is_psk_available()
1039 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_available()
1041 ((void) ssl); in ssl_tls13_key_exchange_is_psk_available()
1047 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_psk_ephemeral_available() argument
1050 return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1051 mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1052 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1054 ((void) ssl); in ssl_tls13_key_exchange_is_psk_ephemeral_available()
1061 static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) in ssl_tls13_key_exchange_is_ephemeral_available() argument
1064 return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && in ssl_tls13_key_exchange_is_ephemeral_available()
1065 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1067 ((void) ssl); in ssl_tls13_key_exchange_is_ephemeral_available()
1106 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) in ssl_tls13_pick_key_cert() argument
1109 const uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_pick_key_cert()
1112 if (ssl->handshake->sni_key_cert != NULL) { in ssl_tls13_pick_key_cert()
1113 key_cert_list = ssl->handshake->sni_key_cert; in ssl_tls13_pick_key_cert()
1116 key_cert_list = ssl->conf->key_cert; in ssl_tls13_pick_key_cert()
1124 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_pick_key_cert()
1166 ssl->handshake->key_cert = key_cert; in ssl_tls13_pick_key_cert()
1175 ssl->handshake->key_cert->cert); in ssl_tls13_pick_key_cert()
1234 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_parse_client_hello() argument
1250 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_parse_client_hello()
1288 if (mbedtls_ssl_read_version(p, ssl->conf->transport) != in ssl_tls13_parse_client_hello()
1359 ssl, p + 1 + p[0], end, in ssl_tls13_parse_client_hello()
1373 ret = ssl_tls13_parse_supported_versions_ext(ssl, in ssl_tls13_parse_client_hello()
1398 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1399 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1400 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_tls13_parse_client_hello()
1411 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { in ssl_tls13_parse_client_hello()
1415 ssl->session_negotiate->id_len = legacy_session_id_len; in ssl_tls13_parse_client_hello()
1418 memcpy(&ssl->session_negotiate->id[0], in ssl_tls13_parse_client_hello()
1427 ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, in ssl_tls13_parse_client_hello()
1435 ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1476 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_parse_client_hello()
1506 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, in ssl_tls13_parse_client_hello()
1516 ret = mbedtls_ssl_parse_server_name_ext(ssl, p, in ssl_tls13_parse_client_hello()
1537 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1559 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1584 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1617 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1631 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1645 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1667 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in ssl_tls13_parse_client_hello()
1684 ret = handshake->update_checksum(ssl, buf, in ssl_tls13_parse_client_hello()
1690 ret = ssl_tls13_parse_pre_shared_key_ext(ssl, in ssl_tls13_parse_client_hello()
1706 ret = handshake->update_checksum(ssl, buf, p - buf); in ssl_tls13_parse_client_hello()
1736 if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { in ssl_tls13_parse_client_hello()
1762 ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; in ssl_tls13_parse_client_hello()
1779 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); in ssl_tls13_parse_client_hello()
1785 static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) in ssl_tls13_check_early_data_requirements() argument
1787 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_check_early_data_requirements()
1789 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { in ssl_tls13_check_early_data_requirements()
1828 ssl->session_negotiate->ciphersuite) { in ssl_tls13_check_early_data_requirements()
1836 if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { in ssl_tls13_check_early_data_requirements()
1845 const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl); in ssl_tls13_check_early_data_requirements()
1848 if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) { in ssl_tls13_check_early_data_requirements()
1857 ssl->session_negotiate->ticket_alpn == NULL || in ssl_tls13_check_early_data_requirements()
1858 alpn_len != strlen(ssl->session_negotiate->ticket_alpn) || in ssl_tls13_check_early_data_requirements()
1859 (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) { in ssl_tls13_check_early_data_requirements()
1873 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_postprocess_client_hello() argument
1881 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_tls13_postprocess_client_hello()
1886 ssl->handshake->sni_name = NULL; in ssl_tls13_postprocess_client_hello()
1887 ssl->handshake->sni_name_len = 0; in ssl_tls13_postprocess_client_hello()
1890 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); in ssl_tls13_postprocess_client_hello()
1898 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { in ssl_tls13_postprocess_client_hello()
1899 ssl->handshake->early_data_accepted = in ssl_tls13_postprocess_client_hello()
1900 (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); in ssl_tls13_postprocess_client_hello()
1902 if (ssl->handshake->early_data_accepted) { in ssl_tls13_postprocess_client_hello()
1903 ret = mbedtls_ssl_tls13_compute_early_transform(ssl); in ssl_tls13_postprocess_client_hello()
1910 ssl->discard_early_data_record = in ssl_tls13_postprocess_client_hello()
1928 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_hello() argument
1939 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in ssl_tls13_process_client_hello()
1942 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, in ssl_tls13_process_client_hello()
1959 if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_process_client_hello()
1967 ssl->keep_current_message = 1; in ssl_tls13_process_client_hello()
1968 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in ssl_tls13_process_client_hello()
1974 ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == in ssl_tls13_process_client_hello()
1978 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in ssl_tls13_process_client_hello()
1980 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); in ssl_tls13_process_client_hello()
1993 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_server_hello() argument
1997 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; in ssl_tls13_prepare_server_hello()
2009 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_tls13_prepare_server_hello()
2024 mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_supported_versions_ext() argument
2045 ssl->conf->transport, in ssl_tls13_write_server_hello_supported_versions_ext()
2046 ssl->tls_version); in ssl_tls13_write_server_hello_supported_versions_ext()
2049 ssl->tls_version)); in ssl_tls13_write_server_hello_supported_versions_ext()
2054 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); in ssl_tls13_write_server_hello_supported_versions_ext()
2064 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, in ssl_tls13_generate_and_write_key_share() argument
2078 ssl, named_group, buf, end, out_len); in ssl_tls13_generate_and_write_key_share()
2089 ((void) ssl); in ssl_tls13_generate_and_write_key_share()
2113 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_key_share_ext() argument
2120 uint16_t group = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
2146 ssl, group, server_share + 4, end, &key_exchange_length); in ssl_tls13_write_key_share_ext()
2158 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_key_share_ext()
2164 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_hrr_key_share_ext() argument
2169 uint16_t selected_group = ssl->handshake->hrr_selected_group; in ssl_tls13_write_hrr_key_share_ext()
2189 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_hrr_key_share_ext()
2195 if (ssl->handshake->offered_group_id != 0) { in ssl_tls13_write_hrr_key_share_ext()
2223 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_hrr_key_share_ext()
2241 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_body() argument
2253 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_server_hello_body()
2276 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], in ssl_tls13_write_server_hello_body()
2287 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2288 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2289 if (ssl->session_negotiate->id_len > 0) { in ssl_tls13_write_server_hello_body()
2290 memcpy(p, &ssl->session_negotiate->id[0], in ssl_tls13_write_server_hello_body()
2291 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2292 p += ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2294 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_tls13_write_server_hello_body()
2295 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2305 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_tls13_write_server_hello_body()
2310 ssl->session_negotiate->ciphersuite), in ssl_tls13_write_server_hello_body()
2311 ssl->session_negotiate->ciphersuite)); in ssl_tls13_write_server_hello_body()
2333 ssl, p, end, &output_len)) != 0) { in ssl_tls13_write_server_hello_body()
2340 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_server_hello_body()
2342 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2344 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2353 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_server_hello_body()
2354 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2376 ssl->handshake->sent_extensions); in ssl_tls13_write_server_hello_body()
2382 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_finalize_server_hello() argument
2385 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); in ssl_tls13_finalize_server_hello()
2397 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_hello() argument
2405 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); in ssl_tls13_write_server_hello()
2408 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); in ssl_tls13_write_server_hello()
2410 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_server_hello()
2416 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_server_hello()
2419 ssl, buf_len, msg_len)); in ssl_tls13_write_server_hello()
2421 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); in ssl_tls13_write_server_hello()
2429 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); in ssl_tls13_write_server_hello()
2431 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in ssl_tls13_write_server_hello()
2445 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_hello_retry_request() argument
2448 if (ssl->handshake->hello_retry_request_flag) { in ssl_tls13_prepare_hello_retry_request()
2459 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); in ssl_tls13_prepare_hello_retry_request()
2464 mbedtls_ssl_session_reset_msg_layer(ssl, 0); in ssl_tls13_prepare_hello_retry_request()
2470 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_hello_retry_request() argument
2478 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); in ssl_tls13_write_hello_retry_request()
2481 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, in ssl_tls13_write_hello_retry_request()
2484 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_hello_retry_request()
2489 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_hello_retry_request()
2492 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, in ssl_tls13_write_hello_retry_request()
2495 ssl->handshake->hello_retry_request_flag = 1; in ssl_tls13_write_hello_retry_request()
2503 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); in ssl_tls13_write_hello_retry_request()
2505 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in ssl_tls13_write_hello_retry_request()
2524 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_encrypted_extensions_body() argument
2541 ((void) ssl); in ssl_tls13_write_encrypted_extensions_body()
2546 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2554 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_encrypted_extensions_body()
2556 ssl, 0, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2565 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { in ssl_tls13_write_encrypted_extensions_body()
2567 ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2583 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); in ssl_tls13_write_encrypted_extensions_body()
2589 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) in ssl_tls13_write_encrypted_extensions() argument
2595 mbedtls_ssl_set_outbound_transform(ssl, in ssl_tls13_write_encrypted_extensions()
2596 ssl->handshake->transform_handshake); in ssl_tls13_write_encrypted_extensions()
2603 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2607 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_encrypted_extensions()
2610 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2614 ssl, buf_len, msg_len)); in ssl_tls13_write_encrypted_extensions()
2617 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_encrypted_extensions()
2618 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2620 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); in ssl_tls13_write_encrypted_extensions()
2623 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2644 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_certificate_request_coordinate() argument
2649 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_certificate_request_coordinate()
2650 authmode = ssl->handshake->sni_authmode; in ssl_tls13_certificate_request_coordinate()
2653 authmode = ssl->conf->authmode; in ssl_tls13_certificate_request_coordinate()
2656 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in ssl_tls13_certificate_request_coordinate()
2660 ssl->handshake->certificate_request_sent = 1; in ssl_tls13_certificate_request_coordinate()
2673 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_request_body() argument
2707 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_tls13_write_certificate_request_body()
2718 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_request_body()
2724 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_request() argument
2730 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); in ssl_tls13_write_certificate_request()
2737 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2741 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_certificate_request()
2744 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2748 ssl, buf_len, msg_len)); in ssl_tls13_write_certificate_request()
2758 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); in ssl_tls13_write_certificate_request()
2769 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_certificate() argument
2774 if ((ssl_tls13_pick_key_cert(ssl) != 0) || in ssl_tls13_write_server_certificate()
2775 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_tls13_write_server_certificate()
2783 ret = mbedtls_ssl_tls13_write_certificate(ssl); in ssl_tls13_write_server_certificate()
2787 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); in ssl_tls13_write_server_certificate()
2795 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_verify() argument
2797 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); in ssl_tls13_write_certificate_verify()
2801 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_certificate_verify()
2847 mbedtls_ssl_context *ssl) in ssl_tls13_prepare_for_handshake_second_flight() argument
2849 if (ssl->handshake->certificate_request_sent) { in ssl_tls13_prepare_for_handshake_second_flight()
2850 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); in ssl_tls13_prepare_for_handshake_second_flight()
2855 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); in ssl_tls13_prepare_for_handshake_second_flight()
2863 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_finished() argument
2867 ret = mbedtls_ssl_tls13_write_finished_message(ssl); in ssl_tls13_write_server_finished()
2872 ret = mbedtls_ssl_tls13_compute_application_transform(ssl); in ssl_tls13_write_server_finished()
2881 if (ssl->handshake->early_data_accepted) { in ssl_tls13_write_server_finished()
2887 ssl, ssl->handshake->transform_earlydata); in ssl_tls13_write_server_finished()
2888 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); in ssl_tls13_write_server_finished()
2895 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); in ssl_tls13_write_server_finished()
2897 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_write_server_finished()
2917 static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_end_of_early_data_coordinate() argument
2921 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { in ssl_tls13_end_of_early_data_coordinate()
2925 ssl->keep_current_message = 1; in ssl_tls13_end_of_early_data_coordinate()
2927 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && in ssl_tls13_end_of_early_data_coordinate()
2928 ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2933 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { in ssl_tls13_end_of_early_data_coordinate()
2934 if (ssl->in_offt == NULL) { in ssl_tls13_end_of_early_data_coordinate()
2937 ssl->in_offt = ssl->in_msg; in ssl_tls13_end_of_early_data_coordinate()
2938 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); in ssl_tls13_end_of_early_data_coordinate()
2952 static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, in ssl_tls13_parse_end_of_early_data() argument
3006 static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) in ssl_tls13_process_end_of_early_data() argument
3012 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); in ssl_tls13_process_end_of_early_data()
3019 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3023 ssl, buf, buf + buf_len)); in ssl_tls13_process_end_of_early_data()
3029 ssl, ssl->handshake->transform_handshake); in ssl_tls13_process_end_of_early_data()
3032 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, in ssl_tls13_process_end_of_early_data()
3035 ssl_tls13_prepare_for_handshake_second_flight(ssl); in ssl_tls13_process_end_of_early_data()
3056 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_finished() argument
3060 ret = mbedtls_ssl_tls13_process_finished_message(ssl); in ssl_tls13_process_client_finished()
3065 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); in ssl_tls13_process_client_finished()
3071 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in ssl_tls13_process_client_finished()
3079 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in ssl_tls13_handshake_wrapup() argument
3083 mbedtls_ssl_tls13_handshake_wrapup(ssl); in ssl_tls13_handshake_wrapup()
3092 if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { in ssl_tls13_handshake_wrapup()
3094 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in ssl_tls13_handshake_wrapup()
3098 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_handshake_wrapup()
3110 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket_coordinate() argument
3113 if (ssl->conf->f_ticket_write == NULL) { in ssl_tls13_write_new_session_ticket_coordinate()
3118 if (ssl->conf->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3124 if (ssl->handshake->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
3134 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, in ssl_tls13_prepare_new_session_ticket() argument
3139 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_prepare_new_session_ticket()
3151 session, ssl->handshake->tls13_kex_modes); in ssl_tls13_prepare_new_session_ticket()
3155 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && in ssl_tls13_prepare_new_session_ticket()
3156 ssl->conf->max_early_data_size > 0) { in ssl_tls13_prepare_new_session_ticket()
3159 session->max_early_data_size = ssl->conf->max_early_data_size; in ssl_tls13_prepare_new_session_ticket()
3167 ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen); in ssl_tls13_prepare_new_session_ticket()
3193 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; in ssl_tls13_prepare_new_session_ticket()
3263 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_new_session_ticket_body() argument
3272 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_write_new_session_ticket_body()
3292 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_tls13_write_new_session_ticket_body()
3343 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_new_session_ticket_body()
3354 ssl, 1, p, end, &output_len)) != 0) { in ssl_tls13_write_new_session_ticket_body()
3375 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); in ssl_tls13_write_new_session_ticket_body()
3383 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket() argument
3387 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); in ssl_tls13_write_new_session_ticket()
3395 ssl, ticket_nonce, sizeof(ticket_nonce))); in ssl_tls13_write_new_session_ticket()
3398 ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, in ssl_tls13_write_new_session_ticket()
3402 ssl, buf, buf + buf_len, &msg_len, in ssl_tls13_write_new_session_ticket()
3406 ssl, buf_len, msg_len)); in ssl_tls13_write_new_session_ticket()
3412 if (ssl->handshake->resume == 1) { in ssl_tls13_write_new_session_ticket()
3413 ssl->handshake->new_session_tickets_count = 0; in ssl_tls13_write_new_session_ticket()
3415 ssl->handshake->new_session_tickets_count--; in ssl_tls13_write_new_session_ticket()
3419 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); in ssl_tls13_write_new_session_ticket()
3421 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_write_new_session_ticket()
3433 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_server_step() argument
3437 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3442 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), in mbedtls_ssl_tls13_handshake_server_step()
3443 ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()
3445 switch (ssl->state) { in mbedtls_ssl_tls13_handshake_server_step()
3448 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3453 ret = ssl_tls13_process_client_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3460 ret = ssl_tls13_write_hello_retry_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3468 ret = ssl_tls13_write_server_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3472 ret = ssl_tls13_write_encrypted_extensions(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3481 ret = ssl_tls13_write_certificate_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3485 ret = ssl_tls13_write_server_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3489 ret = ssl_tls13_write_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3498 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3500 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3505 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3509 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in mbedtls_ssl_tls13_handshake_server_step()
3514 ret = ssl_tls13_write_server_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3519 ret = ssl_tls13_process_end_of_early_data(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3524 ret = ssl_tls13_process_client_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3528 ret = ssl_tls13_handshake_wrapup(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3533 ret = mbedtls_ssl_tls13_process_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3535 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3537 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); in mbedtls_ssl_tls13_handshake_server_step()
3541 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3547 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3550 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3557 ret = ssl_tls13_write_new_session_ticket(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3571 if (ssl->handshake->new_session_tickets_count == 0) { in mbedtls_ssl_tls13_handshake_server_step()
3572 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in mbedtls_ssl_tls13_handshake_server_step()
3575 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in mbedtls_ssl_tls13_handshake_server_step()
3582 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()