Lines Matching refs:ssl
55 static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, in ssl_write_hostname_ext() argument
60 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_hostname_ext()
65 if( ssl->hostname == NULL ) in ssl_write_hostname_ext()
69 ssl->hostname ) ); in ssl_write_hostname_ext()
71 hostname_len = strlen( ssl->hostname ); in ssl_write_hostname_ext()
118 memcpy( p, ssl->hostname, hostname_len ); in ssl_write_hostname_ext()
125 static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, in ssl_write_renegotiation_ext() argument
130 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_renegotiation_ext()
137 if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_write_renegotiation_ext()
142 if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) in ssl_write_renegotiation_ext()
155 *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; in ssl_write_renegotiation_ext()
156 *p++ = ssl->verify_data_len & 0xFF; in ssl_write_renegotiation_ext()
158 memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); in ssl_write_renegotiation_ext()
160 *olen = 5 + ssl->verify_data_len; in ssl_write_renegotiation_ext()
169 static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, in ssl_write_signature_algorithms_ext() argument
174 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_signature_algorithms_ext()
183 if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_signature_algorithms_ext()
188 for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) in ssl_write_signature_algorithms_ext()
209 for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) in ssl_write_signature_algorithms_ext()
254 static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, in ssl_write_supported_elliptic_curves_ext() argument
259 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_supported_elliptic_curves_ext()
266 ((void) ssl); in ssl_write_supported_elliptic_curves_ext()
274 for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) in ssl_write_supported_elliptic_curves_ext()
300 for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) in ssl_write_supported_elliptic_curves_ext()
329 static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, in ssl_write_supported_point_formats_ext() argument
334 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_supported_point_formats_ext()
361 static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, in ssl_write_ecjpake_kkpp_ext() argument
367 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_ecjpake_kkpp_ext()
373 if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) in ssl_write_ecjpake_kkpp_ext()
392 if( ssl->handshake->ecjpake_cache == NULL || in ssl_write_ecjpake_kkpp_ext()
393 ssl->handshake->ecjpake_cache_len == 0 ) in ssl_write_ecjpake_kkpp_ext()
397 ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
399 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_ecjpake_kkpp_ext()
406 ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); in ssl_write_ecjpake_kkpp_ext()
407 if( ssl->handshake->ecjpake_cache == NULL ) in ssl_write_ecjpake_kkpp_ext()
413 memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); in ssl_write_ecjpake_kkpp_ext()
414 ssl->handshake->ecjpake_cache_len = kkpp_len; in ssl_write_ecjpake_kkpp_ext()
420 kkpp_len = ssl->handshake->ecjpake_cache_len; in ssl_write_ecjpake_kkpp_ext()
428 memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); in ssl_write_ecjpake_kkpp_ext()
439 static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, in ssl_write_max_fragment_length_ext() argument
444 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_max_fragment_length_ext()
448 if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { in ssl_write_max_fragment_length_ext()
466 *p++ = ssl->conf->mfl_code; in ssl_write_max_fragment_length_ext()
473 static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, in ssl_write_truncated_hmac_ext() argument
477 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_truncated_hmac_ext()
481 if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) in ssl_write_truncated_hmac_ext()
505 static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, in ssl_write_encrypt_then_mac_ext() argument
509 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_encrypt_then_mac_ext()
513 if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || in ssl_write_encrypt_then_mac_ext()
514 ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_write_encrypt_then_mac_ext()
539 static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, in ssl_write_extended_ms_ext() argument
543 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_extended_ms_ext()
547 if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || in ssl_write_extended_ms_ext()
548 ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_write_extended_ms_ext()
573 static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, in ssl_write_session_ticket_ext() argument
577 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_session_ticket_ext()
578 size_t tlen = ssl->session_negotiate->ticket_len; in ssl_write_session_ticket_ext()
582 if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) in ssl_write_session_ticket_ext()
603 if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) in ssl_write_session_ticket_ext()
610 memcpy( p, ssl->session_negotiate->ticket, tlen ); in ssl_write_session_ticket_ext()
617 static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, in ssl_write_alpn_ext() argument
621 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; in ssl_write_alpn_ext()
627 if( ssl->conf->alpn_list == NULL ) in ssl_write_alpn_ext()
634 for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) in ssl_write_alpn_ext()
657 for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) in ssl_write_alpn_ext()
679 static int ssl_generate_random( mbedtls_ssl_context *ssl ) in ssl_generate_random() argument
682 unsigned char *p = ssl->handshake->randbytes; in ssl_generate_random()
691 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_generate_random()
692 ssl->handshake->verify_cookie != NULL ) in ssl_generate_random()
707 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) in ssl_generate_random()
713 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) in ssl_generate_random()
730 const mbedtls_ssl_context * ssl, in ssl_validate_ciphersuite() argument
733 (void) ssl; in ssl_validate_ciphersuite()
742 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_validate_ciphersuite()
748 if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && in ssl_validate_ciphersuite()
755 mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) in ssl_validate_ciphersuite()
762 static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) in ssl_write_client_hello() argument
778 if( ssl->conf->f_rng == NULL ) in ssl_write_client_hello()
785 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_write_client_hello()
788 ssl->major_ver = ssl->conf->min_major_ver; in ssl_write_client_hello()
789 ssl->minor_ver = ssl->conf->min_minor_ver; in ssl_write_client_hello()
792 if( ssl->conf->max_major_ver == 0 ) in ssl_write_client_hello()
806 buf = ssl->out_msg; in ssl_write_client_hello()
809 mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, in ssl_write_client_hello()
810 ssl->conf->transport, p ); in ssl_write_client_hello()
816 if( ( ret = ssl_generate_random( ssl ) ) != 0 ) in ssl_write_client_hello()
822 memcpy( p, ssl->handshake->randbytes, 32 ); in ssl_write_client_hello()
838 n = ssl->session_negotiate->id_len; in ssl_write_client_hello()
842 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_write_client_hello()
844 ssl->handshake->resume == 0 ) in ssl_write_client_hello()
855 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_write_client_hello()
858 if( ssl->session_negotiate->ticket != NULL && in ssl_write_client_hello()
859 ssl->session_negotiate->ticket_len != 0 ) in ssl_write_client_hello()
861 ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); in ssl_write_client_hello()
866 ssl->session_negotiate->id_len = n = 32; in ssl_write_client_hello()
874 *p++ = ssl->session_negotiate->id[i]; in ssl_write_client_hello()
883 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_write_client_hello()
885 if( ssl->handshake->verify_cookie == NULL ) in ssl_write_client_hello()
893 ssl->handshake->verify_cookie, in ssl_write_client_hello()
894 ssl->handshake->verify_cookie_len ); in ssl_write_client_hello()
896 *p++ = ssl->handshake->verify_cookie_len; in ssl_write_client_hello()
897 memcpy( p, ssl->handshake->verify_cookie, in ssl_write_client_hello()
898 ssl->handshake->verify_cookie_len ); in ssl_write_client_hello()
899 p += ssl->handshake->verify_cookie_len; in ssl_write_client_hello()
907 ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; in ssl_write_client_hello()
918 if( ssl_validate_ciphersuite( ciphersuite_info, ssl, in ssl_write_client_hello()
919 ssl->conf->min_minor_ver, in ssl_write_client_hello()
920 ssl->conf->max_minor_ver ) != 0 ) in ssl_write_client_hello()
942 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_write_client_hello()
953 if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) in ssl_write_client_hello()
978 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_write_client_hello()
1005 ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1012 ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1018 ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1026 ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1029 ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1035 ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1040 ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1045 ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1050 ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1055 ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1060 ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1065 ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_client_hello()
1082 ssl->out_msglen = p - buf; in ssl_write_client_hello()
1083 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_client_hello()
1084 ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_HELLO; in ssl_write_client_hello()
1086 ssl->state++; in ssl_write_client_hello()
1089 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_write_client_hello()
1090 mbedtls_ssl_send_flight_completed( ssl ); in ssl_write_client_hello()
1093 if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) in ssl_write_client_hello()
1100 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_client_hello()
1101 ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) in ssl_write_client_hello()
1113 static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, in ssl_parse_renegotiation_info() argument
1118 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_parse_renegotiation_info()
1121 if( len != 1 + ssl->verify_data_len * 2 || in ssl_parse_renegotiation_info()
1122 buf[0] != ssl->verify_data_len * 2 || in ssl_parse_renegotiation_info()
1124 ssl->own_verify_data, ssl->verify_data_len ) != 0 || in ssl_parse_renegotiation_info()
1125 mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len, in ssl_parse_renegotiation_info()
1126 ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) in ssl_parse_renegotiation_info()
1129 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_renegotiation_info()
1140 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_renegotiation_info()
1145 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_renegotiation_info()
1152 static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, in ssl_parse_max_fragment_length_ext() argument
1160 if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || in ssl_parse_max_fragment_length_ext()
1162 buf[0] != ssl->conf->mfl_code ) in ssl_parse_max_fragment_length_ext()
1165 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_max_fragment_length_ext()
1175 static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, in ssl_parse_truncated_hmac_ext() argument
1179 if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || in ssl_parse_truncated_hmac_ext()
1183 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_truncated_hmac_ext()
1190 ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; in ssl_parse_truncated_hmac_ext()
1197 static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, in ssl_parse_encrypt_then_mac_ext() argument
1201 if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || in ssl_parse_encrypt_then_mac_ext()
1202 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || in ssl_parse_encrypt_then_mac_ext()
1206 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_encrypt_then_mac_ext()
1213 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in ssl_parse_encrypt_then_mac_ext()
1220 static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, in ssl_parse_extended_ms_ext() argument
1224 if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || in ssl_parse_extended_ms_ext()
1225 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || in ssl_parse_extended_ms_ext()
1229 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_extended_ms_ext()
1236 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in ssl_parse_extended_ms_ext()
1243 static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, in ssl_parse_session_ticket_ext() argument
1247 if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || in ssl_parse_session_ticket_ext()
1251 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_session_ticket_ext()
1258 ssl->handshake->new_session_ticket = 1; in ssl_parse_session_ticket_ext()
1266 static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, in ssl_parse_supported_point_formats_ext() argument
1276 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats_ext()
1289 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats_ext()
1292 ssl->handshake->ecjpake_ctx.point_format = p[0]; in ssl_parse_supported_point_formats_ext()
1303 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats_ext()
1311 static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, in ssl_parse_ecjpake_kkpp() argument
1317 if( ssl->transform_negotiate->ciphersuite_info->key_exchange != in ssl_parse_ecjpake_kkpp()
1325 mbedtls_free( ssl->handshake->ecjpake_cache ); in ssl_parse_ecjpake_kkpp()
1326 ssl->handshake->ecjpake_cache = NULL; in ssl_parse_ecjpake_kkpp()
1327 ssl->handshake->ecjpake_cache_len = 0; in ssl_parse_ecjpake_kkpp()
1329 if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
1333 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_ecjpake_kkpp()
1343 static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, in ssl_parse_alpn_ext() argument
1350 if( ssl->conf->alpn_list == NULL ) in ssl_parse_alpn_ext()
1353 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
1371 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
1379 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
1387 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
1393 for( p = ssl->conf->alpn_list; *p != NULL; p++ ) in ssl_parse_alpn_ext()
1398 ssl->alpn_chosen = *p; in ssl_parse_alpn_ext()
1404 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_alpn_ext()
1414 static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) in ssl_parse_hello_verify_request() argument
1416 const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_hello_verify_request()
1429 mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p ); in ssl_parse_hello_verify_request()
1438 major_ver > ssl->conf->max_major_ver || in ssl_parse_hello_verify_request()
1439 minor_ver > ssl->conf->max_minor_ver ) in ssl_parse_hello_verify_request()
1443 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1452 if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len ) in ssl_parse_hello_verify_request()
1456 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_hello_verify_request()
1461 mbedtls_free( ssl->handshake->verify_cookie ); in ssl_parse_hello_verify_request()
1463 ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); in ssl_parse_hello_verify_request()
1464 if( ssl->handshake->verify_cookie == NULL ) in ssl_parse_hello_verify_request()
1470 memcpy( ssl->handshake->verify_cookie, p, cookie_len ); in ssl_parse_hello_verify_request()
1471 ssl->handshake->verify_cookie_len = cookie_len; in ssl_parse_hello_verify_request()
1474 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in ssl_parse_hello_verify_request()
1475 mbedtls_ssl_reset_checksum( ssl ); in ssl_parse_hello_verify_request()
1477 mbedtls_ssl_recv_flight_completed( ssl ); in ssl_parse_hello_verify_request()
1485 static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) in ssl_parse_server_hello() argument
1503 buf = ssl->in_msg; in ssl_parse_server_hello()
1505 if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) in ssl_parse_server_hello()
1512 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in ssl_parse_server_hello()
1515 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_parse_server_hello()
1517 ssl->renego_records_seen++; in ssl_parse_server_hello()
1519 if( ssl->conf->renego_max_records >= 0 && in ssl_parse_server_hello()
1520 ssl->renego_records_seen > ssl->conf->renego_max_records ) in ssl_parse_server_hello()
1529 ssl->keep_current_message = 1; in ssl_parse_server_hello()
1535 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1541 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_server_hello()
1547 return( ssl_parse_hello_verify_request( ssl ) ); in ssl_parse_server_hello()
1552 mbedtls_free( ssl->handshake->verify_cookie ); in ssl_parse_server_hello()
1553 ssl->handshake->verify_cookie = NULL; in ssl_parse_server_hello()
1554 ssl->handshake->verify_cookie_len = 0; in ssl_parse_server_hello()
1559 if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) || in ssl_parse_server_hello()
1563 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1579 buf += mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_server_hello()
1582 mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, in ssl_parse_server_hello()
1583 ssl->conf->transport, buf + 0 ); in ssl_parse_server_hello()
1585 if( ssl->major_ver < ssl->conf->min_major_ver || in ssl_parse_server_hello()
1586 ssl->minor_ver < ssl->conf->min_minor_ver || in ssl_parse_server_hello()
1587 ssl->major_ver > ssl->conf->max_major_ver || in ssl_parse_server_hello()
1588 ssl->minor_ver > ssl->conf->max_minor_ver ) in ssl_parse_server_hello()
1592 ssl->conf->min_major_ver, ssl->conf->min_minor_ver, in ssl_parse_server_hello()
1593 ssl->major_ver, ssl->minor_ver, in ssl_parse_server_hello()
1594 ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); in ssl_parse_server_hello()
1596 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1608 memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); in ssl_parse_server_hello()
1617 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1622 if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) in ssl_parse_server_hello()
1628 ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) in ssl_parse_server_hello()
1631 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1636 else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n ) in ssl_parse_server_hello()
1643 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1659 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_server_hello()
1672 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1680 ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); in ssl_parse_server_hello()
1682 if( ssl->transform_negotiate->ciphersuite_info == NULL ) in ssl_parse_server_hello()
1685 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1690 mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info ); in ssl_parse_server_hello()
1698 if( ssl->handshake->resume == 0 || n == 0 || in ssl_parse_server_hello()
1700 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || in ssl_parse_server_hello()
1702 ssl->session_negotiate->ciphersuite != i || in ssl_parse_server_hello()
1703 ssl->session_negotiate->compression != comp || in ssl_parse_server_hello()
1704 ssl->session_negotiate->id_len != n || in ssl_parse_server_hello()
1705 memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 ) in ssl_parse_server_hello()
1707 ssl->state++; in ssl_parse_server_hello()
1708 ssl->handshake->resume = 0; in ssl_parse_server_hello()
1710 ssl->session_negotiate->start = mbedtls_time( NULL ); in ssl_parse_server_hello()
1712 ssl->session_negotiate->ciphersuite = i; in ssl_parse_server_hello()
1713 ssl->session_negotiate->compression = comp; in ssl_parse_server_hello()
1714 ssl->session_negotiate->id_len = n; in ssl_parse_server_hello()
1715 memcpy( ssl->session_negotiate->id, buf + 35, n ); in ssl_parse_server_hello()
1719 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_parse_server_hello()
1721 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) in ssl_parse_server_hello()
1724 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1731 ssl->handshake->resume ? "a" : "no" ) ); in ssl_parse_server_hello()
1742 if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) in ssl_parse_server_hello()
1745 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1750 if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == in ssl_parse_server_hello()
1751 ssl->session_negotiate->ciphersuite ) in ssl_parse_server_hello()
1757 suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); in ssl_parse_server_hello()
1758 if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 ) in ssl_parse_server_hello()
1761 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1770 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_server_hello()
1772 ssl->handshake->ecrs_enabled = 1; in ssl_parse_server_hello()
1783 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1787 ssl->session_negotiate->compression = comp; in ssl_parse_server_hello()
1803 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1816 if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, in ssl_parse_server_hello()
1826 if( ( ret = ssl_parse_max_fragment_length_ext( ssl, in ssl_parse_server_hello()
1839 if( ( ret = ssl_parse_truncated_hmac_ext( ssl, in ssl_parse_server_hello()
1852 if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl, in ssl_parse_server_hello()
1865 if( ( ret = ssl_parse_extended_ms_ext( ssl, in ssl_parse_server_hello()
1878 if( ( ret = ssl_parse_session_ticket_ext( ssl, in ssl_parse_server_hello()
1892 if( ( ret = ssl_parse_supported_point_formats_ext( ssl, in ssl_parse_server_hello()
1906 if( ( ret = ssl_parse_ecjpake_kkpp( ssl, in ssl_parse_server_hello()
1919 if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) in ssl_parse_server_hello()
1943 if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1944 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) in ssl_parse_server_hello()
1950 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1951 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_server_hello()
1957 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1958 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1959 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) in ssl_parse_server_hello()
1964 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_server_hello()
1965 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_server_hello()
1975 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello()
1987 static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, in ssl_parse_server_dh_params() argument
2001 if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 ) in ssl_parse_server_dh_params()
2007 if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) in ssl_parse_server_dh_params()
2010 ssl->handshake->dhm_ctx.len * 8, in ssl_parse_server_dh_params()
2011 ssl->conf->dhm_min_bitlen ) ); in ssl_parse_server_dh_params()
2015 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); in ssl_parse_server_dh_params()
2016 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); in ssl_parse_server_dh_params()
2017 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); in ssl_parse_server_dh_params()
2029 static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) in ssl_check_server_ecdh_params() argument
2034 grp_id = ssl->handshake->ecdh_ctx.grp.id; in ssl_check_server_ecdh_params()
2036 grp_id = ssl->handshake->ecdh_ctx.grp_id; in ssl_check_server_ecdh_params()
2049 if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) in ssl_check_server_ecdh_params()
2051 if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || in ssl_check_server_ecdh_params()
2052 ssl->handshake->ecdh_ctx.grp.nbits > 521 ) in ssl_check_server_ecdh_params()
2056 MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, in ssl_check_server_ecdh_params()
2070 static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, in ssl_parse_server_ecdh_params() argument
2084 if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx, in ssl_parse_server_ecdh_params()
2095 if( ssl_check_server_ecdh_params( ssl ) != 0 ) in ssl_parse_server_ecdh_params()
2108 static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, in ssl_parse_server_psk_hint() argument
2114 ((void) ssl); in ssl_parse_server_psk_hint()
2154 static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, in ssl_write_encrypted_pms() argument
2159 size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; in ssl_write_encrypted_pms()
2160 unsigned char *p = ssl->handshake->premaster + pms_offset; in ssl_write_encrypted_pms()
2175 mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, in ssl_write_encrypted_pms()
2176 ssl->conf->transport, p ); in ssl_write_encrypted_pms()
2178 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) in ssl_write_encrypted_pms()
2184 ssl->handshake->pmslen = 48; in ssl_write_encrypted_pms()
2186 if( ssl->session_negotiate->peer_cert == NULL ) in ssl_write_encrypted_pms()
2195 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, in ssl_write_encrypted_pms()
2202 if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk, in ssl_write_encrypted_pms()
2203 p, ssl->handshake->pmslen, in ssl_write_encrypted_pms()
2204 ssl->out_msg + offset + len_bytes, olen, in ssl_write_encrypted_pms()
2206 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_write_encrypted_pms()
2216 ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 ); in ssl_write_encrypted_pms()
2217 ssl->out_msg[offset+1] = (unsigned char)( *olen ); in ssl_write_encrypted_pms()
2231 static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, in ssl_parse_signature_algorithm() argument
2237 ((void) ssl); in ssl_parse_signature_algorithm()
2242 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_signature_algorithm()
2273 if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) in ssl_parse_signature_algorithm()
2293 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) in ssl_get_ecdh_params_from_cert() argument
2298 if( ssl->session_negotiate->peer_cert == NULL ) in ssl_get_ecdh_params_from_cert()
2304 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, in ssl_get_ecdh_params_from_cert()
2311 peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk ); in ssl_get_ecdh_params_from_cert()
2313 if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key, in ssl_get_ecdh_params_from_cert()
2320 if( ssl_check_server_ecdh_params( ssl ) != 0 ) in ssl_get_ecdh_params_from_cert()
2331 static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) in ssl_parse_server_key_exchange() argument
2335 ssl->transform_negotiate->ciphersuite_info; in ssl_parse_server_key_exchange()
2344 ssl->state++; in ssl_parse_server_key_exchange()
2356 if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) in ssl_parse_server_key_exchange()
2359 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2365 ssl->state++; in ssl_parse_server_key_exchange()
2374 if( ssl->handshake->ecrs_enabled && in ssl_parse_server_key_exchange()
2375 ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing ) in ssl_parse_server_key_exchange()
2381 if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) in ssl_parse_server_key_exchange()
2387 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in ssl_parse_server_key_exchange()
2390 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2399 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) in ssl_parse_server_key_exchange()
2406 ssl->keep_current_message = 1; in ssl_parse_server_key_exchange()
2412 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2419 if( ssl->handshake->ecrs_enabled ) in ssl_parse_server_key_exchange()
2420 ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; in ssl_parse_server_key_exchange()
2424 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_server_key_exchange()
2425 end = ssl->in_msg + ssl->in_hslen; in ssl_parse_server_key_exchange()
2434 if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) in ssl_parse_server_key_exchange()
2437 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2457 if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) in ssl_parse_server_key_exchange()
2460 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2475 if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) in ssl_parse_server_key_exchange()
2478 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2490 ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, in ssl_parse_server_key_exchange()
2495 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2514 unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_server_key_exchange()
2522 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_server_key_exchange()
2524 if( ssl_parse_signature_algorithm( ssl, &p, end, in ssl_parse_server_key_exchange()
2528 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2536 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2545 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_server_key_exchange()
2567 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2577 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2592 ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params, in ssl_parse_server_key_exchange()
2604 ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, in ssl_parse_server_key_exchange()
2620 if( ssl->session_negotiate->peer_cert == NULL ) in ssl_parse_server_key_exchange()
2623 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2631 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) in ssl_parse_server_key_exchange()
2634 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2640 if( ssl->handshake->ecrs_enabled ) in ssl_parse_server_key_exchange()
2641 rs_ctx = &ssl->handshake->ecrs_ctx.pk; in ssl_parse_server_key_exchange()
2645 &ssl->session_negotiate->peer_cert->pk, in ssl_parse_server_key_exchange()
2651 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_key_exchange()
2664 ssl->state++; in ssl_parse_server_key_exchange()
2672 static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) in ssl_parse_certificate_request() argument
2675 ssl->transform_negotiate->ciphersuite_info; in ssl_parse_certificate_request()
2682 ssl->state++; in ssl_parse_certificate_request()
2690 static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) in ssl_parse_certificate_request() argument
2697 ssl->transform_negotiate->ciphersuite_info; in ssl_parse_certificate_request()
2704 ssl->state++; in ssl_parse_certificate_request()
2708 if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) in ssl_parse_certificate_request()
2714 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in ssl_parse_certificate_request()
2717 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2722 ssl->state++; in ssl_parse_certificate_request()
2723 ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); in ssl_parse_certificate_request()
2726 ssl->client_auth ? "a" : "no" ) ); in ssl_parse_certificate_request()
2728 if( ssl->client_auth == 0 ) in ssl_parse_certificate_request()
2731 ssl->keep_current_message = 1; in ssl_parse_certificate_request()
2759 buf = ssl->in_msg; in ssl_parse_certificate_request()
2762 if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) ) in ssl_parse_certificate_request()
2765 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2769 cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; in ssl_parse_certificate_request()
2782 if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) in ssl_parse_certificate_request()
2785 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2792 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_certificate_request()
2794 size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) in ssl_parse_certificate_request()
2795 | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); in ssl_parse_certificate_request()
2813 if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len ) in ssl_parse_certificate_request()
2816 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2822 sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; in ssl_parse_certificate_request()
2835 dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) in ssl_parse_certificate_request()
2836 | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); in ssl_parse_certificate_request()
2839 if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) in ssl_parse_certificate_request()
2842 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_certificate_request()
2854 static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) in ssl_parse_server_hello_done() argument
2860 if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) in ssl_parse_server_hello_done()
2866 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in ssl_parse_server_hello_done()
2872 if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) || in ssl_parse_server_hello_done()
2873 ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE ) in ssl_parse_server_hello_done()
2876 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_server_hello_done()
2881 ssl->state++; in ssl_parse_server_hello_done()
2884 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_server_hello_done()
2885 mbedtls_ssl_recv_flight_completed( ssl ); in ssl_parse_server_hello_done()
2893 static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) in ssl_write_client_key_exchange() argument
2898 ssl->transform_negotiate->ciphersuite_info; in ssl_write_client_key_exchange()
2908 n = ssl->handshake->dhm_ctx.len; in ssl_write_client_key_exchange()
2910 ssl->out_msg[4] = (unsigned char)( n >> 8 ); in ssl_write_client_key_exchange()
2911 ssl->out_msg[5] = (unsigned char)( n ); in ssl_write_client_key_exchange()
2914 ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
2915 (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), in ssl_write_client_key_exchange()
2916 &ssl->out_msg[i], n, in ssl_write_client_key_exchange()
2917 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_client_key_exchange()
2924 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); in ssl_write_client_key_exchange()
2925 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); in ssl_write_client_key_exchange()
2927 if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
2928 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2930 &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
2931 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_write_client_key_exchange()
2937 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); in ssl_write_client_key_exchange()
2956 if( ssl->handshake->ecrs_enabled ) in ssl_write_client_key_exchange()
2958 if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) in ssl_write_client_key_exchange()
2961 mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); in ssl_write_client_key_exchange()
2965 ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2967 &ssl->out_msg[i], 1000, in ssl_write_client_key_exchange()
2968 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_client_key_exchange()
2979 MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2983 if( ssl->handshake->ecrs_enabled ) in ssl_write_client_key_exchange()
2985 ssl->handshake->ecrs_n = n; in ssl_write_client_key_exchange()
2986 ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; in ssl_write_client_key_exchange()
2990 if( ssl->handshake->ecrs_enabled ) in ssl_write_client_key_exchange()
2991 n = ssl->handshake->ecrs_n; in ssl_write_client_key_exchange()
2993 if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
2994 &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
2995 ssl->handshake->premaster, in ssl_write_client_key_exchange()
2997 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_write_client_key_exchange()
3007 MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
3021 if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ) in ssl_write_client_key_exchange()
3028 n = ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
3037 ssl->out_msg[i++] = (unsigned char)( n >> 8 ); in ssl_write_client_key_exchange()
3038 ssl->out_msg[i++] = (unsigned char)( n ); in ssl_write_client_key_exchange()
3040 memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); in ssl_write_client_key_exchange()
3041 i += ssl->conf->psk_identity_len; in ssl_write_client_key_exchange()
3053 if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) in ssl_write_client_key_exchange()
3064 n = ssl->handshake->dhm_ctx.len; in ssl_write_client_key_exchange()
3073 ssl->out_msg[i++] = (unsigned char)( n >> 8 ); in ssl_write_client_key_exchange()
3074 ssl->out_msg[i++] = (unsigned char)( n ); in ssl_write_client_key_exchange()
3076 ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, in ssl_write_client_key_exchange()
3077 (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), in ssl_write_client_key_exchange()
3078 &ssl->out_msg[i], n, in ssl_write_client_key_exchange()
3079 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_client_key_exchange()
3094 ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, in ssl_write_client_key_exchange()
3095 &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i, in ssl_write_client_key_exchange()
3096 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_client_key_exchange()
3103 MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, in ssl_write_client_key_exchange()
3113 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, in ssl_write_client_key_exchange()
3126 if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) in ssl_write_client_key_exchange()
3136 ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, in ssl_write_client_key_exchange()
3137 ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n, in ssl_write_client_key_exchange()
3138 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_client_key_exchange()
3145 ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, in ssl_write_client_key_exchange()
3146 ssl->handshake->premaster, 32, &ssl->handshake->pmslen, in ssl_write_client_key_exchange()
3147 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_client_key_exchange()
3162 ssl->out_msglen = i + n; in ssl_write_client_key_exchange()
3163 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_client_key_exchange()
3164 ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; in ssl_write_client_key_exchange()
3166 ssl->state++; in ssl_write_client_key_exchange()
3168 if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) in ssl_write_client_key_exchange()
3185 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) in ssl_write_certificate_verify() argument
3188 ssl->transform_negotiate->ciphersuite_info; in ssl_write_certificate_verify()
3193 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) in ssl_write_certificate_verify()
3206 ssl->state++; in ssl_write_certificate_verify()
3214 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) in ssl_write_certificate_verify() argument
3218 ssl->transform_negotiate->ciphersuite_info; in ssl_write_certificate_verify()
3229 if( ssl->handshake->ecrs_enabled && in ssl_write_certificate_verify()
3230 ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign ) in ssl_write_certificate_verify()
3236 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) in ssl_write_certificate_verify()
3249 ssl->state++; in ssl_write_certificate_verify()
3253 if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) in ssl_write_certificate_verify()
3256 ssl->state++; in ssl_write_certificate_verify()
3260 if( mbedtls_ssl_own_key( ssl ) == NULL ) in ssl_write_certificate_verify()
3270 if( ssl->handshake->ecrs_enabled ) in ssl_write_certificate_verify()
3271 ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; in ssl_write_certificate_verify()
3276 ssl->handshake->calc_verify( ssl, hash ); in ssl_write_certificate_verify()
3280 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_certificate_verify()
3300 if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) in ssl_write_certificate_verify()
3311 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_certificate_verify()
3328 if( ssl->transform_negotiate->ciphersuite_info->mac == in ssl_write_certificate_verify()
3332 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; in ssl_write_certificate_verify()
3337 ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; in ssl_write_certificate_verify()
3339 ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ); in ssl_write_certificate_verify()
3353 if( ssl->handshake->ecrs_enabled ) in ssl_write_certificate_verify()
3354 rs_ctx = &ssl->handshake->ecrs_ctx.pk; in ssl_write_certificate_verify()
3357 if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), in ssl_write_certificate_verify()
3359 ssl->out_msg + 6 + offset, &n, in ssl_write_certificate_verify()
3360 ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 ) in ssl_write_certificate_verify()
3370 ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); in ssl_write_certificate_verify()
3371 ssl->out_msg[5 + offset] = (unsigned char)( n ); in ssl_write_certificate_verify()
3373 ssl->out_msglen = 6 + n + offset; in ssl_write_certificate_verify()
3374 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_certificate_verify()
3375 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; in ssl_write_certificate_verify()
3377 ssl->state++; in ssl_write_certificate_verify()
3379 if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) in ssl_write_certificate_verify()
3397 static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) in ssl_parse_new_session_ticket() argument
3407 if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) in ssl_parse_new_session_ticket()
3413 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in ssl_parse_new_session_ticket()
3416 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3431 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || in ssl_parse_new_session_ticket()
3432 ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) ) in ssl_parse_new_session_ticket()
3435 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3440 msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_new_session_ticket()
3447 if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) in ssl_parse_new_session_ticket()
3450 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3458 ssl->handshake->new_session_ticket = 0; in ssl_parse_new_session_ticket()
3459 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_parse_new_session_ticket()
3468 mbedtls_platform_zeroize( ssl->session_negotiate->ticket, in ssl_parse_new_session_ticket()
3469 ssl->session_negotiate->ticket_len ); in ssl_parse_new_session_ticket()
3470 mbedtls_free( ssl->session_negotiate->ticket ); in ssl_parse_new_session_ticket()
3471 ssl->session_negotiate->ticket = NULL; in ssl_parse_new_session_ticket()
3472 ssl->session_negotiate->ticket_len = 0; in ssl_parse_new_session_ticket()
3477 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_new_session_ticket()
3484 ssl->session_negotiate->ticket = ticket; in ssl_parse_new_session_ticket()
3485 ssl->session_negotiate->ticket_len = ticket_len; in ssl_parse_new_session_ticket()
3486 ssl->session_negotiate->ticket_lifetime = lifetime; in ssl_parse_new_session_ticket()
3494 ssl->session_negotiate->id_len = 0; in ssl_parse_new_session_ticket()
3505 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) in mbedtls_ssl_handshake_client_step() argument
3509 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) in mbedtls_ssl_handshake_client_step()
3512 MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); in mbedtls_ssl_handshake_client_step()
3514 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) in mbedtls_ssl_handshake_client_step()
3518 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake_client_step()
3519 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) in mbedtls_ssl_handshake_client_step()
3521 if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) in mbedtls_ssl_handshake_client_step()
3529 if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && in mbedtls_ssl_handshake_client_step()
3530 ssl->handshake->new_session_ticket != 0 ) in mbedtls_ssl_handshake_client_step()
3532 ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET; in mbedtls_ssl_handshake_client_step()
3536 switch( ssl->state ) in mbedtls_ssl_handshake_client_step()
3539 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in mbedtls_ssl_handshake_client_step()
3546 ret = ssl_write_client_hello( ssl ); in mbedtls_ssl_handshake_client_step()
3557 ret = ssl_parse_server_hello( ssl ); in mbedtls_ssl_handshake_client_step()
3561 ret = mbedtls_ssl_parse_certificate( ssl ); in mbedtls_ssl_handshake_client_step()
3565 ret = ssl_parse_server_key_exchange( ssl ); in mbedtls_ssl_handshake_client_step()
3569 ret = ssl_parse_certificate_request( ssl ); in mbedtls_ssl_handshake_client_step()
3573 ret = ssl_parse_server_hello_done( ssl ); in mbedtls_ssl_handshake_client_step()
3584 ret = mbedtls_ssl_write_certificate( ssl ); in mbedtls_ssl_handshake_client_step()
3588 ret = ssl_write_client_key_exchange( ssl ); in mbedtls_ssl_handshake_client_step()
3592 ret = ssl_write_certificate_verify( ssl ); in mbedtls_ssl_handshake_client_step()
3596 ret = mbedtls_ssl_write_change_cipher_spec( ssl ); in mbedtls_ssl_handshake_client_step()
3600 ret = mbedtls_ssl_write_finished( ssl ); in mbedtls_ssl_handshake_client_step()
3610 ret = ssl_parse_new_session_ticket( ssl ); in mbedtls_ssl_handshake_client_step()
3615 ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); in mbedtls_ssl_handshake_client_step()
3619 ret = mbedtls_ssl_parse_finished( ssl ); in mbedtls_ssl_handshake_client_step()
3624 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; in mbedtls_ssl_handshake_client_step()
3628 mbedtls_ssl_handshake_wrapup( ssl ); in mbedtls_ssl_handshake_client_step()
3632 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); in mbedtls_ssl_handshake_client_step()