Home
last modified time | relevance | path

Searched refs:handshake (Results 1 – 25 of 193) sorted by relevance

12345678

/third_party/openssl/test/ssl-tests/
D26-tls13_client_auth.cnf11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
210 [6-client-auth-TLSv1.3-request-post-handshake]
211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
[all …]
D26-tls13_client_auth.cnf.in12 ## TLSv1.3 and post-handshake authentication
133 name => "client-auth-TLSv1.3-request-post-handshake",
149 name => "client-auth-TLSv1.3-require-fail-post-handshake",
166 name => "client-auth-TLSv1.3-require-post-handshake",
193 name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
221 name => "client-auth-TLSv1.3-noroot-post-handshake",
243 name => "client-auth-TLSv1.3-request-force-client-post-handshake",
262 name => "client-auth-TLSv1.3-request-force-server-post-handshake",
281 name => "client-auth-TLSv1.3-request-force-both-post-handshake",
/third_party/mbedtls/library/
Dssl_cli.c411 if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) in ssl_write_ecjpake_kkpp_ext()
427 if( ssl->handshake->ecjpake_cache == NULL || in ssl_write_ecjpake_kkpp_ext()
428 ssl->handshake->ecjpake_cache_len == 0 ) in ssl_write_ecjpake_kkpp_ext()
432 ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
442 ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); in ssl_write_ecjpake_kkpp_ext()
443 if( ssl->handshake->ecjpake_cache == NULL ) in ssl_write_ecjpake_kkpp_ext()
449 memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); in ssl_write_ecjpake_kkpp_ext()
450 ssl->handshake->ecjpake_cache_len = kkpp_len; in ssl_write_ecjpake_kkpp_ext()
456 kkpp_len = ssl->handshake->ecjpake_cache_len; in ssl_write_ecjpake_kkpp_ext()
459 memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); in ssl_write_ecjpake_kkpp_ext()
[all …]
Dssl_tls13_keys.c570 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_key_schedule_stage_application() local
571 mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac; in mbedtls_ssl_tls13_key_schedule_stage_application()
581 handshake->tls13_master_secrets.handshake, in mbedtls_ssl_tls13_key_schedule_stage_application()
583 handshake->tls13_master_secrets.app ); in mbedtls_ssl_tls13_key_schedule_stage_application()
591 handshake->tls13_master_secrets.app, md_size ); in mbedtls_ssl_tls13_key_schedule_stage_application()
660 &ssl->handshake->tls13_hs_secrets; in mbedtls_ssl_tls13_calculate_verify_data()
662 mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; in mbedtls_ssl_tls13_calculate_verify_data()
923 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_key_schedule_stage_early() local
925 if( handshake->ciphersuite_info == NULL ) in mbedtls_ssl_tls13_key_schedule_stage_early()
931 md_type = handshake->ciphersuite_info->mac; in mbedtls_ssl_tls13_key_schedule_stage_early()
[all …]
Dssl_tls.c599 if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) in ssl_use_opaque_psk()
780 if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) in ssl_tls12_populate_transform()
789 transform->out_cid_len = ssl->handshake->peer_cid_len; in ssl_tls12_populate_transform()
790 memcpy( transform->out_cid, ssl->handshake->peer_cid, in ssl_tls12_populate_transform()
791 ssl->handshake->peer_cid_len ); in ssl_tls12_populate_transform()
1111 static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, in ssl_set_handshake_prfs() argument
1124 handshake->tls_prf = tls_prf_sha384; in ssl_set_handshake_prfs()
1125 handshake->calc_verify = ssl_calc_verify_tls_sha384; in ssl_set_handshake_prfs()
1126 handshake->calc_finished = ssl_calc_finished_tls_sha384; in ssl_set_handshake_prfs()
1133 handshake->tls_prf = tls_prf_sha256; in ssl_set_handshake_prfs()
[all …]
Dssl_srv.c177 if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) in ssl_use_opaque_psk()
301 mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); in ssl_parse_signature_algorithms_ext()
345 if( ssl->handshake->curves != NULL ) in ssl_parse_supported_elliptic_curves()
366 ssl->handshake->curves = curves; in ssl_parse_supported_elliptic_curves()
409 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
412 mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, in ssl_parse_supported_point_formats()
435 if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) in ssl_parse_ecjpake_kkpp()
441 if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
451 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; in ssl_parse_ecjpake_kkpp()
537 ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; in ssl_parse_cid_ext()
[all …]
Dssl_tls13_client.c270 ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; in ssl_tls13_write_supported_groups_ext()
295 if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx, in ssl_tls13_generate_and_write_ecdh_key_exchange()
302 ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, out_len, in ssl_tls13_generate_and_write_ecdh_key_exchange()
311 MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, in ssl_tls13_generate_and_write_ecdh_key_exchange()
393 group_id = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
460 ssl->handshake->offered_group_id = group_id; in ssl_tls13_write_key_share_ext()
467 ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; in ssl_tls13_write_key_share_ext()
481 grp_id = ssl->handshake->ecdh_ctx.grp.id; in ssl_tls13_check_ecdh_params()
483 grp_id = ssl->handshake->ecdh_ctx.grp_id; in ssl_tls13_check_ecdh_params()
498 MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, in ssl_tls13_check_ecdh_params()
[all …]
Dssl_msg.c253 if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) in ssl_double_retransmit_timeout()
262 if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) in ssl_double_retransmit_timeout()
264 ssl->handshake->mtu = 508; in ssl_double_retransmit_timeout()
265 MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) ); in ssl_double_retransmit_timeout()
268 new_timeout = 2 * ssl->handshake->retransmit_timeout; in ssl_double_retransmit_timeout()
271 if( new_timeout < ssl->handshake->retransmit_timeout || in ssl_double_retransmit_timeout()
277 ssl->handshake->retransmit_timeout = new_timeout; in ssl_double_retransmit_timeout()
279 (unsigned long) ssl->handshake->retransmit_timeout ) ); in ssl_double_retransmit_timeout()
286 ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; in ssl_reset_retransmit_timeout()
288 (unsigned long) ssl->handshake->retransmit_timeout ) ); in ssl_reset_retransmit_timeout()
[all …]
Dssl_tls13_generic.c120 ssl->handshake->update_checksum( ssl, msg, msg_len ); in mbedtls_ssl_tls13_add_hs_msg_to_checksum()
135 ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) ); in mbedtls_ssl_tls13_add_hs_hdr_to_checksum()
219 ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; in mbedtls_ssl_tls13_write_sig_alg_ext()
501 ssl->handshake->ciphersuite_info->mac, in mbedtls_ssl_tls13_process_certificate_verify()
729 if( ssl->handshake->sni_ca_chain != NULL ) in ssl_tls13_validate_certificate()
731 ca_chain = ssl->handshake->sni_ca_chain; in ssl_tls13_validate_certificate()
732 ca_crl = ssl->handshake->sni_ca_crl; in ssl_tls13_validate_certificate()
779 ssl->handshake->ciphersuite_info, in ssl_tls13_validate_certificate()
888 ssl->handshake->state_local.finished_in.digest, in ssl_tls13_preprocess_finished_message()
889 sizeof( ssl->handshake->state_local.finished_in.digest ), in ssl_tls13_preprocess_finished_message()
[all …]
Dssl_misc.h801 unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; member
1220 … if( ssl->MBEDTLS_PRIVATE(handshake)->psk != NULL && ssl->MBEDTLS_PRIVATE(handshake)->psk_len > 0 ) in mbedtls_ssl_get_psk()
1222 *psk = ssl->MBEDTLS_PRIVATE(handshake)->psk; in mbedtls_ssl_get_psk()
1223 *psk_len = ssl->MBEDTLS_PRIVATE(handshake)->psk_len; in mbedtls_ssl_get_psk()
1254 if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) in mbedtls_ssl_get_opaque_psk()
1255 return( ssl->handshake->psk_opaque ); in mbedtls_ssl_get_opaque_psk()
1307 … if( ssl->MBEDTLS_PRIVATE(handshake) != NULL && ssl->MBEDTLS_PRIVATE(handshake)->key_cert != NULL ) in mbedtls_ssl_own_key()
1308 key_cert = ssl->MBEDTLS_PRIVATE(handshake)->key_cert; in mbedtls_ssl_own_key()
1319 … if( ssl->MBEDTLS_PRIVATE(handshake) != NULL && ssl->MBEDTLS_PRIVATE(handshake)->key_cert != NULL ) in mbedtls_ssl_own_cert()
1320 key_cert = ssl->MBEDTLS_PRIVATE(handshake)->key_cert; in mbedtls_ssl_own_cert()
[all …]
/third_party/openssl/doc/man3/
DSSL_CTX_set_tlsext_servername_callback.pod47 handshake will be aborted. The value of the alert to be used should be stored in
54 However, the handshake will continue and send a warning alert instead. The value
72 handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
77 =item On the client, before the handshake
83 session from the original handshake had a servername accepted by the server then
88 =item On the client, during or after the handshake and a TLSv1.2 (or below)
91 If the session from the original handshake had a servername accepted by the
97 =item On the client, during or after the handshake and a TLSv1.2 (or below)
103 =item On the server, before the handshake
105 The function will always return NULL before the handshake
[all …]
DSSL_do_handshake.pod5 SSL_do_handshake - perform a TLS/SSL handshake
15 SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
16 connection is in client mode, the handshake will be started. The handshake
26 once the handshake has been finished or an error occurred.
30 to continue the handshake. In this case a call to SSL_get_error() with the
47 The TLS/SSL handshake was not successful but was shut down controlled and
53 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
58 The TLS/SSL handshake was not successful because a fatal error occurred either
DSSL_connect.pod5 SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
15 SSL_connect() initiates the TLS/SSL handshake with a server. The communication
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
41 impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
42 resumption handshake, because the last peer to communicate in the handshake is
45 been received for the final handshake message.
61 The TLS/SSL handshake was not successful but was shut down controlled and
67 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
72 The TLS/SSL handshake was not successful, because a fatal error occurred either
DSSL_in_init.pod11 - retrieve information about the handshake state machine
29 awaiting handshake messages, or 0 otherwise.
31 SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0
48 SSL_get_state() returns a value indicating the current state of the handshake
62 B<message> is the name of a handshake message that is being or has been sent, or
72 No handshake messages have yet been been sent or received.
93 SSL_get_state() returns the current handshake state.
DSSL_accept.pod5 SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
15 SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
46 The TLS/SSL handshake was not successful but was shut down controlled and
52 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
57 The TLS/SSL handshake was not successful because a fatal error occurred either
DSSL_key_update.pod34 SSL_key_update() must only be called after the initial handshake has been
51 handshake over an existing SSL/TLS connection. The next time an IO operation
56 handshake.
60 session associated with the current connection in the new handshake.
64 for a new handshake to be sent to the client. The next time an IO operation is
67 handshake and it may or may not attempt to resume an existing session. If
68 a new handshake is started then this will be handled transparently by calling
74 new handshake. For historical reasons, DTLS clients will not attempt to resume
75 the session in the new handshake.
DSSL_CTX_set_ct_validation_callback.pod41 TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
42 presents no valid SCTs the handshake will be aborted.
43 If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
49 handshake completion, even after session resumption since the verification
54 handshake continues, and the verification status is not modified, regardless of
57 handshake completion.
59 the handshake.
61 handshake completion, such delayed SCT checks should only be performed when the
69 The TLS handshake is aborted if the verification mode is not B<SSL_VERIFY_NONE>
82 In that case the handshake continues as it would had no callback been
DSSL_CTX_set_verify.pod52 This makes the handshake suspend and return control to the calling application
59 Note that the handshake may still be aborted if a subsequent invocation of the
70 post-handshake authentication can be requested by the server. If B<val> is 0
93 certificate verification process can be checked after the TLS/SSL handshake
95 The handshake will be continued regardless of the verification result.
101 fails, the TLS/SSL handshake is
109 fails, the TLS/SSL handshake is
117 handshake is immediately terminated with a "handshake failure" alert.
127 during the initial handshake. This flag must be used together with
135 during the initial handshake, but will send the request via
[all …]
DSSL_CTX_set_num_tickets.pod26 the client after a full handshake. Set the desired value (which could be 0) in
28 the start of the handshake.
35 Tickets are also issued on receipt of a post-handshake certificate from the
40 was used for the initial handshake. If the initial handshake was a full
41 handshake then SSL_set_num_tickets() can be called again prior to calling
48 sent in this manner after the initial handshake has completed, and only for
DSSL_CTX_set_cert_cb.pod26 been set. A zero is returned on error which will abort the handshake with a
27 fatal internal error alert. A negative return value will suspend the handshake
28 and the handshake function will return immediately.
30 indicate, that the handshake was suspended. The next call to the handshake
50 A more advanced callback might examine the handshake parameters and set
DSSL_CTX_set_info_callback.pod65 Callback has been called to indicate exit of a handshake function. This will
66 happen after the end of a handshake, but may happen at other times too such as
95 Callback has been called because a new handshake is started. It also occurs when
96 resuming a handshake following a pause to handle early data.
100 Callback has been called because a handshake is finished. It also occurs if the
101 handshake is paused to allow the exchange of early data.
DSSL_set_connect_state.pod35 When beginning a new handshake, the SSL engine must know whether it must
38 requested, the handshake routines must be explicitly set.
41 L<SSL_accept(3)> routines, the correct handshake
44 the handshake routines must be explicitly set in advance using either
DSSL_CTX_set_client_hello_cb.pod32 also return a negative value to suspend the handshake, and the handshake
34 SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended.
36 of the last call if needed to continue. On the next call into the handshake
38 success, normal handshake processing will continue from that point.
74 code to affect the TLS handshake. A primary use of the callback is to
DSSL_CTX_set_psk_client_callback.pod57 be freed by it as required at any point after the handshake is complete.
71 Only the handshake digest associated with the ciphersuite is relevant for the
74 not NULL the handshake digest for the ciphersuite should be the same.
76 handshake digest of an SSL_CIPHER object can be checked using
90 Alternatively an SSL_SESSION created from a previous non-PSK handshake may also
97 case no PSK will be sent to the server but the handshake will continue. To do
125 always be NULL and the handshake digest will default to SHA-256 for any returned
/third_party/openssl/test/
DREADME.ssltest.md38 * HandshakeMode - which handshake flavour to test:
39 - Simple - plain handshake (default)
44 When HandshakeMode is Resume or Renegotiate, the original handshake is expected
46 handshake.
55 both client and server. Lowering the fragment size will split handshake and
63 * ExpectedResult - expected handshake outcome. One of
64 - Success - handshake success
65 - ServerFail - serverside handshake failure
66 - ClientFail - clientside handshake failure
90 - Yes - resumed handshake
[all …]

12345678