Home
last modified time | relevance | path

Searched refs:handshake (Results 1 – 25 of 222) sorted by relevance

123456789

/third_party/openssl/test/ssl-tests/
D26-tls13_client_auth.cnf11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
210 [6-client-auth-TLSv1.3-request-post-handshake]
211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
[all …]
D26-tls13_client_auth.cnf.in12 ## TLSv1.3 and post-handshake authentication
133 name => "client-auth-TLSv1.3-request-post-handshake",
149 name => "client-auth-TLSv1.3-require-fail-post-handshake",
166 name => "client-auth-TLSv1.3-require-post-handshake",
193 name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
221 name => "client-auth-TLSv1.3-noroot-post-handshake",
243 name => "client-auth-TLSv1.3-request-force-client-post-handshake",
262 name => "client-auth-TLSv1.3-request-force-server-post-handshake",
281 name => "client-auth-TLSv1.3-request-force-both-post-handshake",
/third_party/mbedtls/library/
Dssl_tls12_client.c145 if (ssl->handshake->psa_pake_ctx_is_ok != 1) { in ssl_write_ecjpake_kkpp_ext()
149 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { in ssl_write_ecjpake_kkpp_ext()
167 if (ssl->handshake->ecjpake_cache == NULL || in ssl_write_ecjpake_kkpp_ext()
168 ssl->handshake->ecjpake_cache_len == 0) { in ssl_write_ecjpake_kkpp_ext()
172 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, in ssl_write_ecjpake_kkpp_ext()
176 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_write_ecjpake_kkpp_ext()
177 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_write_ecjpake_kkpp_ext()
182 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
192 ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); in ssl_write_ecjpake_kkpp_ext()
193 if (ssl->handshake->ecjpake_cache == NULL) { in ssl_write_ecjpake_kkpp_ext()
[all …]
Dssl_tls12_server.c209 if (ssl->handshake->curves_tls_id != NULL) { in ssl_parse_supported_groups_ext()
230 ssl->handshake->curves_tls_id = curves_tls_id; in ssl_parse_supported_groups_ext()
271 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
276 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, in ssl_parse_supported_point_formats()
301 if (ssl->handshake->psa_pake_ctx_is_ok != 1) in ssl_parse_ecjpake_kkpp()
303 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) in ssl_parse_ecjpake_kkpp()
312 &ssl->handshake->psa_pake_ctx, buf, len, in ssl_parse_ecjpake_kkpp()
314 psa_destroy_key(ssl->handshake->psa_pake_password); in ssl_parse_ecjpake_kkpp()
315 psa_pake_abort(&ssl->handshake->psa_pake_ctx); in ssl_parse_ecjpake_kkpp()
326 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
[all …]
Dssl_tls13_keys.c671 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_key_schedule_stage_application() local
673 handshake->ciphersuite_info->mac); in ssl_tls13_key_schedule_stage_application()
679 handshake->tls13_master_secrets.handshake, in ssl_tls13_key_schedule_stage_application()
681 handshake->tls13_master_secrets.app); in ssl_tls13_key_schedule_stage_application()
688 handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg)); in ssl_tls13_key_schedule_stage_application()
781 &ssl->handshake->tls13_hs_secrets; in mbedtls_ssl_tls13_calculate_verify_data()
783 mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; in mbedtls_ssl_tls13_calculate_verify_data()
786 ssl->handshake->ciphersuite_info->mac); in mbedtls_ssl_tls13_calculate_verify_data()
1136 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_generate_early_key() local
1137 const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info; in ssl_tls13_generate_early_key()
[all …]
Dssl_tls13_client.c57 unsigned char versions_len = (ssl->handshake->min_tls_version <= in ssl_tls13_write_supported_versions_ext()
88 if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) { in ssl_tls13_write_supported_versions_ext()
181 uint16_t group_id = ssl->handshake->offered_group_id; in ssl_tls13_reset_key_share()
193 status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey); in ssl_tls13_reset_key_share()
200 ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; in ssl_tls13_reset_key_share()
288 group_id = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
350 ssl->handshake->offered_group_id = group_id; in ssl_tls13_write_key_share_ext()
423 if (found == 0 || selected_group == ssl->handshake->offered_group_id) { in ssl_tls13_parse_hrr_key_share_ext()
432 ssl->handshake->offered_group_id = selected_group; in ssl_tls13_parse_hrr_key_share_ext()
473 offered_group = ssl->handshake->offered_group_id; in ssl_tls13_parse_key_share_ext()
[all …]
Dssl_tls.c789 ssl->handshake->update_checksum = ssl_update_checksum_sha384; in mbedtls_ssl_optimize_checksum()
794 ssl->handshake->update_checksum = ssl_update_checksum_sha256; in mbedtls_ssl_optimize_checksum()
815 return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); in mbedtls_ssl_add_hs_hdr_to_checksum()
828 return ssl->handshake->update_checksum(ssl, msg, msg_len); in mbedtls_ssl_add_hs_msg_to_checksum()
845 status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); in mbedtls_ssl_reset_checksum()
849 status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); in mbedtls_ssl_reset_checksum()
854 mbedtls_md_free(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
855 mbedtls_md_init(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
856 ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, in mbedtls_ssl_reset_checksum()
862 ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); in mbedtls_ssl_reset_checksum()
[all …]
Dssl_tls13_generic.c306 ssl->handshake->ciphersuite_info->mac, in mbedtls_ssl_tls13_process_certificate_verify()
395 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in mbedtls_ssl_tls13_parse_certificate() local
498 handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in mbedtls_ssl_tls13_parse_certificate()
536 handshake->received_extensions); in mbedtls_ssl_tls13_parse_certificate()
586 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_validate_certificate()
587 authmode = ssl->handshake->sni_authmode; in ssl_tls13_validate_certificate()
631 if (ssl->handshake->sni_ca_chain != NULL) { in ssl_tls13_validate_certificate()
632 ca_chain = ssl->handshake->sni_ca_chain; in ssl_tls13_validate_certificate()
633 ca_crl = ssl->handshake->sni_ca_crl; in ssl_tls13_validate_certificate()
807 ssl->handshake->certificate_request_context; in ssl_tls13_write_certificate_body()
[all …]
Dssl_tls13_server.c99 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
268 ssl->handshake->resume = 0; in ssl_tls13_offered_psks_check_identity_match()
274 ssl->handshake->resume = 1; in ssl_tls13_offered_psks_check_identity_match()
535 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
635 ssl->handshake->ciphersuite_info = ciphersuite_info; in ssl_tls13_parse_pre_shared_key_ext()
659 ret = ssl->handshake->update_checksum(ssl, in ssl_tls13_parse_pre_shared_key_ext()
671 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
697 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
699 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
713 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
[all …]
Dssl_client.c352 ssl->handshake->min_tls_version, in ssl_write_client_hello_cipher_suites()
437 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_write_client_hello_body() local
449 (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) in ssl_write_client_hello_body()
455 (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3) in ssl_write_client_hello_body()
479 memcpy(p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); in ssl_write_client_hello_body()
521 if (handshake->cookie != NULL) { in ssl_write_client_hello_body()
523 handshake->cookie, in ssl_write_client_hello_body()
524 handshake->cookie_len); in ssl_write_client_hello_body()
525 cookie_len = handshake->cookie_len; in ssl_write_client_hello_body()
531 memcpy(p, handshake->cookie, cookie_len); in ssl_write_client_hello_body()
[all …]
Dssl_msg.c263 if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) { in ssl_double_retransmit_timeout()
273 if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) { in ssl_double_retransmit_timeout()
274 ssl->handshake->mtu = 508; in ssl_double_retransmit_timeout()
275 MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu)); in ssl_double_retransmit_timeout()
278 new_timeout = 2 * ssl->handshake->retransmit_timeout; in ssl_double_retransmit_timeout()
281 if (new_timeout < ssl->handshake->retransmit_timeout || in ssl_double_retransmit_timeout()
286 ssl->handshake->retransmit_timeout = new_timeout; in ssl_double_retransmit_timeout()
288 (unsigned long) ssl->handshake->retransmit_timeout)); in ssl_double_retransmit_timeout()
295 ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; in ssl_reset_retransmit_timeout()
297 (unsigned long) ssl->handshake->retransmit_timeout)); in ssl_reset_retransmit_timeout()
[all …]
Dssl_misc.h990 unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; member
1508 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { in mbedtls_ssl_get_opaque_psk()
1509 return ssl->handshake->psk_opaque; in mbedtls_ssl_get_opaque_psk()
1529 … if (ssl->MBEDTLS_PRIVATE(handshake)->psk != NULL && ssl->MBEDTLS_PRIVATE(handshake)->psk_len > 0) in mbedtls_ssl_get_psk()
1531 *psk = ssl->MBEDTLS_PRIVATE(handshake)->psk; in mbedtls_ssl_get_psk()
1532 *psk_len = ssl->MBEDTLS_PRIVATE(handshake)->psk_len; in mbedtls_ssl_get_psk()
1641 …if (ssl->MBEDTLS_PRIVATE(handshake) != NULL && ssl->MBEDTLS_PRIVATE(handshake)->key_cert != NULL) { in mbedtls_ssl_own_key()
1642 key_cert = ssl->MBEDTLS_PRIVATE(handshake)->key_cert; in mbedtls_ssl_own_key()
1654 …if (ssl->MBEDTLS_PRIVATE(handshake) != NULL && ssl->MBEDTLS_PRIVATE(handshake)->key_cert != NULL) { in mbedtls_ssl_own_cert()
1655 key_cert = ssl->MBEDTLS_PRIVATE(handshake)->key_cert; in mbedtls_ssl_own_cert()
[all …]
/third_party/openssl/doc/man3/
DSSL_CTX_set_tlsext_servername_callback.pod47 handshake will be aborted. The value of the alert to be used should be stored in
54 However, the handshake will continue and send a warning alert instead. The value
72 handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
77 =item On the client, before the handshake
83 session from the original handshake had a servername accepted by the server then
88 =item On the client, during or after the handshake and a TLSv1.2 (or below)
91 If the session from the original handshake had a servername accepted by the
97 =item On the client, during or after the handshake and a TLSv1.2 (or below)
103 =item On the server, before the handshake
105 The function will always return NULL before the handshake
[all …]
DSSL_do_handshake.pod5 SSL_do_handshake - perform a TLS/SSL handshake
15 SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
16 connection is in client mode, the handshake will be started. The handshake
26 once the handshake has been finished or an error occurred.
30 to continue the handshake. In this case a call to SSL_get_error() with the
47 The TLS/SSL handshake was not successful but was shut down controlled and
53 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
58 The TLS/SSL handshake was not successful because a fatal error occurred either
DSSL_connect.pod5 SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
15 SSL_connect() initiates the TLS/SSL handshake with a server. The communication
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
41 impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
42 resumption handshake, because the last peer to communicate in the handshake is
45 been received for the final handshake message.
61 The TLS/SSL handshake was not successful but was shut down controlled and
67 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
72 The TLS/SSL handshake was not successful, because a fatal error occurred either
DSSL_accept.pod5 SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
15 SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
46 The TLS/SSL handshake was not successful but was shut down controlled and
52 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
57 The TLS/SSL handshake was not successful because a fatal error occurred either
DSSL_in_init.pod11 - retrieve information about the handshake state machine
29 awaiting handshake messages, or 0 otherwise.
31 SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0
48 SSL_get_state() returns a value indicating the current state of the handshake
62 B<message> is the name of a handshake message that is being or has been sent, or
72 No handshake messages have yet been been sent or received.
93 SSL_get_state() returns the current handshake state.
DSSL_key_update.pod34 SSL_key_update() must only be called after the initial handshake has been
51 handshake over an existing SSL/TLS connection. The next time an IO operation
56 handshake.
60 session associated with the current connection in the new handshake.
64 for a new handshake to be sent to the client. The next time an IO operation is
67 handshake and it may or may not attempt to resume an existing session. If
68 a new handshake is started then this will be handled transparently by calling
74 new handshake. For historical reasons, DTLS clients will not attempt to resume
75 the session in the new handshake.
DSSL_CTX_set_ct_validation_callback.pod41 TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
42 presents no valid SCTs the handshake will be aborted.
43 If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
49 handshake completion, even after session resumption since the verification
54 handshake continues, and the verification status is not modified, regardless of
57 handshake completion.
59 the handshake.
61 handshake completion, such delayed SCT checks should only be performed when the
69 The TLS handshake is aborted if the verification mode is not B<SSL_VERIFY_NONE>
82 In that case the handshake continues as it would had no callback been
DSSL_CTX_set_num_tickets.pod26 the client after a full handshake. Set the desired value (which could be 0) in
28 the start of the handshake.
35 Tickets are also issued on receipt of a post-handshake certificate from the
40 was used for the initial handshake. If the initial handshake was a full
41 handshake then SSL_set_num_tickets() can be called again prior to calling
48 sent in this manner after the initial handshake has completed, and only for
DSSL_CTX_set_verify.pod52 This makes the handshake suspend and return control to the calling application
59 Note that the handshake may still be aborted if a subsequent invocation of the
70 post-handshake authentication can be requested by the server. If B<val> is 0
93 certificate verification process can be checked after the TLS/SSL handshake
95 The handshake will be continued regardless of the verification result.
101 fails, the TLS/SSL handshake is
109 fails, the TLS/SSL handshake is
117 handshake is immediately terminated with a "handshake failure" alert.
127 during the initial handshake. This flag must be used together with
135 during the initial handshake, but will send the request via
[all …]
DSSL_CTX_set_cert_cb.pod26 been set. A zero is returned on error which will abort the handshake with a
27 fatal internal error alert. A negative return value will suspend the handshake
28 and the handshake function will return immediately.
30 indicate, that the handshake was suspended. The next call to the handshake
50 A more advanced callback might examine the handshake parameters and set
DSSL_set_connect_state.pod35 When beginning a new handshake, the SSL engine must know whether it must
38 requested, the handshake routines must be explicitly set.
41 L<SSL_accept(3)> routines, the correct handshake
44 the handshake routines must be explicitly set in advance using either
DSSL_CTX_set_info_callback.pod65 Callback has been called to indicate exit of a handshake function. This will
66 happen after the end of a handshake, but may happen at other times too such as
95 Callback has been called because a new handshake is started. It also occurs when
96 resuming a handshake following a pause to handle early data.
100 Callback has been called because a handshake is finished. It also occurs if the
101 handshake is paused to allow the exchange of early data.
/third_party/openssl/test/
DREADME.ssltest.md38 * HandshakeMode - which handshake flavour to test:
39 - Simple - plain handshake (default)
44 When HandshakeMode is Resume or Renegotiate, the original handshake is expected
46 handshake.
55 both client and server. Lowering the fragment size will split handshake and
63 * ExpectedResult - expected handshake outcome. One of
64 - Success - handshake success
65 - ServerFail - serverside handshake failure
66 - ClientFail - clientside handshake failure
90 - Yes - resumed handshake
[all …]

123456789