Lines Matching +full:- +full:- +full:exit +full:- +full:status
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
30 static int local_err_translation(psa_status_t status) in local_err_translation() argument
32 return psa_status_to_mbedtls(status, psa_to_ssl_errors, in local_err_translation()
36 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) argument
40 * If DTLS is in use, then at least one of SHA-256 or SHA-384 is
41 * available. Try SHA-256 first as 384 wastes resources
52 #error "DTLS hello verify needs SHA-256 or SHA-384"
56 * Cookies are formed of a 4-bytes timestamp (or serial number) and
64 ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT; in mbedtls_ssl_cookie_init()
66 mbedtls_md_init(&ctx->hmac_ctx); in mbedtls_ssl_cookie_init()
69 ctx->serial = 0; in mbedtls_ssl_cookie_init()
71 ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; in mbedtls_ssl_cookie_init()
75 mbedtls_mutex_init(&ctx->mutex); in mbedtls_ssl_cookie_init()
82 ctx->timeout = delay; in mbedtls_ssl_cookie_set_timeout()
88 psa_destroy_key(ctx->psa_hmac_key); in mbedtls_ssl_cookie_free()
90 mbedtls_md_free(&ctx->hmac_ctx); in mbedtls_ssl_cookie_free()
93 mbedtls_mutex_free(&ctx->mutex); in mbedtls_ssl_cookie_free()
106 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_ssl_cookie_setup() local
117 ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(alg), in mbedtls_ssl_cookie_setup()
122 psa_set_key_algorithm(&attributes, ctx->psa_hmac_alg); in mbedtls_ssl_cookie_setup()
126 if ((status = psa_generate_key(&attributes, in mbedtls_ssl_cookie_setup()
127 &ctx->psa_hmac_key)) != PSA_SUCCESS) { in mbedtls_ssl_cookie_setup()
128 return PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_setup()
138 ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1); in mbedtls_ssl_cookie_setup()
143 ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key)); in mbedtls_ssl_cookie_setup()
191 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_ssl_cookie_write() local
207 t = ctx->serial++; in mbedtls_ssl_cookie_write()
214 status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key, in mbedtls_ssl_cookie_write()
215 ctx->psa_hmac_alg); in mbedtls_ssl_cookie_write()
216 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_write()
217 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_write()
218 goto exit; in mbedtls_ssl_cookie_write()
221 status = psa_mac_update(&operation, *p - 4, 4); in mbedtls_ssl_cookie_write()
222 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_write()
223 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_write()
224 goto exit; in mbedtls_ssl_cookie_write()
227 status = psa_mac_update(&operation, cli_id, cli_id_len); in mbedtls_ssl_cookie_write()
228 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_write()
229 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_write()
230 goto exit; in mbedtls_ssl_cookie_write()
233 status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN, in mbedtls_ssl_cookie_write()
235 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_write()
236 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_write()
237 goto exit; in mbedtls_ssl_cookie_write()
245 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { in mbedtls_ssl_cookie_write()
250 ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4, in mbedtls_ssl_cookie_write()
254 if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { in mbedtls_ssl_cookie_write()
262 exit: in mbedtls_ssl_cookie_write()
263 status = psa_mac_abort(&operation); in mbedtls_ssl_cookie_write()
264 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_write()
265 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_write()
280 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_ssl_cookie_check() local
294 return -1; in mbedtls_ssl_cookie_check()
298 status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key, in mbedtls_ssl_cookie_check()
299 ctx->psa_hmac_alg); in mbedtls_ssl_cookie_check()
300 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_check()
301 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_check()
302 goto exit; in mbedtls_ssl_cookie_check()
305 status = psa_mac_update(&operation, cookie, 4); in mbedtls_ssl_cookie_check()
306 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_check()
307 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_check()
308 goto exit; in mbedtls_ssl_cookie_check()
311 status = psa_mac_update(&operation, cli_id, in mbedtls_ssl_cookie_check()
313 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_check()
314 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_check()
315 goto exit; in mbedtls_ssl_cookie_check()
318 status = psa_mac_verify_finish(&operation, cookie + 4, in mbedtls_ssl_cookie_check()
320 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_check()
321 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_check()
322 goto exit; in mbedtls_ssl_cookie_check()
328 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { in mbedtls_ssl_cookie_check()
333 if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie, in mbedtls_ssl_cookie_check()
336 ret = -1; in mbedtls_ssl_cookie_check()
340 if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { in mbedtls_ssl_cookie_check()
347 goto exit; in mbedtls_ssl_cookie_check()
351 ret = -1; in mbedtls_ssl_cookie_check()
352 goto exit; in mbedtls_ssl_cookie_check()
359 cur_time = ctx->serial; in mbedtls_ssl_cookie_check()
364 if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) { in mbedtls_ssl_cookie_check()
365 ret = -1; in mbedtls_ssl_cookie_check()
366 goto exit; in mbedtls_ssl_cookie_check()
369 exit: in mbedtls_ssl_cookie_check()
371 status = psa_mac_abort(&operation); in mbedtls_ssl_cookie_check()
372 if (status != PSA_SUCCESS) { in mbedtls_ssl_cookie_check()
373 ret = PSA_TO_MBEDTLS_ERR(status); in mbedtls_ssl_cookie_check()