Lines Matching refs:ssl
25 mbedtls_ssl_context *ssl, in ssl_tls13_validate_peer_ciphersuite() argument
29 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { in ssl_tls13_validate_peer_ciphersuite()
34 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, in ssl_tls13_validate_peer_ciphersuite()
35 ssl->tls_version, in ssl_tls13_validate_peer_ciphersuite()
36 ssl->tls_version) != 0)) { in ssl_tls13_validate_peer_ciphersuite()
51 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_exchange_modes_ext() argument
89 ssl->handshake->tls13_kex_modes = ke_modes; in ssl_tls13_parse_key_exchange_modes_ext()
100 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match_ticket() argument
119 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { in ssl_tls13_offered_psks_check_identity_match_ticket()
135 if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, in ssl_tls13_offered_psks_check_identity_match_ticket()
166 ssl, in ssl_tls13_offered_psks_check_identity_match_ticket()
244 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_identity_match() argument
258 ssl->handshake->resume = 0; in ssl_tls13_offered_psks_check_identity_match()
262 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_offered_psks_check_identity_match()
264 ssl->handshake->resume = 1; in ssl_tls13_offered_psks_check_identity_match()
266 ret = mbedtls_ssl_set_hs_psk(ssl, in ssl_tls13_offered_psks_check_identity_match()
284 if (ssl->conf->f_psk != NULL) { in ssl_tls13_offered_psks_check_identity_match()
285 if (ssl->conf->f_psk( in ssl_tls13_offered_psks_check_identity_match()
286 ssl->conf->p_psk, ssl, identity, identity_len) == 0) { in ssl_tls13_offered_psks_check_identity_match()
294 if (ssl->conf->psk_identity != NULL && in ssl_tls13_offered_psks_check_identity_match()
295 identity_len == ssl->conf->psk_identity_len && in ssl_tls13_offered_psks_check_identity_match()
296 mbedtls_ct_memcmp(ssl->conf->psk_identity, in ssl_tls13_offered_psks_check_identity_match()
298 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); in ssl_tls13_offered_psks_check_identity_match()
311 mbedtls_ssl_context *ssl, in ssl_tls13_offered_psks_check_binder_match() argument
325 ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), in ssl_tls13_offered_psks_check_binder_match()
331 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); in ssl_tls13_offered_psks_check_binder_match()
336 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, in ssl_tls13_offered_psks_check_binder_match()
363 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite_for_psk() argument
390 ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl, in ssl_tls13_select_ciphersuite_for_psk()
412 mbedtls_ssl_context *ssl, in ssl_tls13_select_ciphersuite_for_resumption() argument
430 ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl, in ssl_tls13_select_ciphersuite_for_resumption()
483 mbedtls_ssl_context *ssl, in ssl_tls13_parse_pre_shared_key_ext() argument
525 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, in ssl_tls13_parse_pre_shared_key_ext()
565 ssl, identity, identity_len, obfuscated_ticket_age, in ssl_tls13_parse_pre_shared_key_ext()
575 ssl, ciphersuites, ciphersuites_end, in ssl_tls13_parse_pre_shared_key_ext()
581 ssl, ciphersuites, ciphersuites_end, &session, in ssl_tls13_parse_pre_shared_key_ext()
604 ssl, binder, binder_len, psk_type, in ssl_tls13_parse_pre_shared_key_ext()
625 ssl->handshake->ciphersuite_info = ciphersuite_info; in ssl_tls13_parse_pre_shared_key_ext()
626 ssl->session_negotiate->ciphersuite = cipher_suite; in ssl_tls13_parse_pre_shared_key_ext()
631 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, in ssl_tls13_parse_pre_shared_key_ext()
649 ret = ssl->handshake->update_checksum( in ssl_tls13_parse_pre_shared_key_ext()
650 ssl, identities_end, (size_t) (binders_end - identities_end)); in ssl_tls13_parse_pre_shared_key_ext()
660 ssl->handshake->selected_identity = (uint16_t) matched_identity; in ssl_tls13_parse_pre_shared_key_ext()
675 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_pre_shared_key_ext() argument
686 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); in ssl_tls13_write_server_pre_shared_key_ext()
688 not_using_psk = (ssl->handshake->psk == NULL); in ssl_tls13_write_server_pre_shared_key_ext()
702 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); in ssl_tls13_write_server_pre_shared_key_ext()
707 ssl->handshake->selected_identity)); in ssl_tls13_write_server_pre_shared_key_ext()
709 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); in ssl_tls13_write_server_pre_shared_key_ext()
722 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_versions_ext() argument
740 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); in ssl_tls13_parse_supported_versions_ext()
749 mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { in ssl_tls13_parse_supported_versions_ext()
781 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_supported_groups_ext() argument
795 ssl->handshake->hrr_selected_group = 0; in ssl_tls13_parse_supported_groups_ext()
808 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || in ssl_tls13_parse_supported_groups_ext()
810 ssl->handshake->hrr_selected_group != 0) { in ssl_tls13_parse_supported_groups_ext()
819 ssl->handshake->hrr_selected_group = named_group; in ssl_tls13_parse_supported_groups_ext()
843 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, in ssl_tls13_parse_key_shares_ext() argument
865 ssl->handshake->offered_group_id = 0; in ssl_tls13_parse_key_shares_ext()
896 if (!mbedtls_ssl_named_group_is_offered(ssl, group) || in ssl_tls13_parse_key_shares_ext()
898 ssl->handshake->offered_group_id != 0) { in ssl_tls13_parse_key_shares_ext()
911 ssl, key_exchange - 2, key_exchange_len + 2); in ssl_tls13_parse_key_shares_ext()
922 ssl->handshake->offered_group_id = group; in ssl_tls13_parse_key_shares_ext()
926 if (ssl->handshake->offered_group_id == 0) { in ssl_tls13_parse_key_shares_ext()
935 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, in ssl_tls13_client_hello_has_exts() argument
938 int masked = ssl->handshake->received_extensions & exts_mask; in ssl_tls13_client_hello_has_exts()
945 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange() argument
948 ssl, in ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()
958 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_key_exchange() argument
961 ssl, in ssl_tls13_client_hello_has_exts_for_psk_key_exchange()
970 mbedtls_ssl_context *ssl) in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange() argument
973 ssl, in ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange()
982 static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) in ssl_tls13_check_ephemeral_key_exchange() argument
985 return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && in ssl_tls13_check_ephemeral_key_exchange()
986 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); in ssl_tls13_check_ephemeral_key_exchange()
988 ((void) ssl); in ssl_tls13_check_ephemeral_key_exchange()
994 static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) in ssl_tls13_check_psk_key_exchange() argument
997 return mbedtls_ssl_conf_tls13_psk_enabled(ssl) && in ssl_tls13_check_psk_key_exchange()
998 mbedtls_ssl_tls13_psk_enabled(ssl) && in ssl_tls13_check_psk_key_exchange()
999 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); in ssl_tls13_check_psk_key_exchange()
1001 ((void) ssl); in ssl_tls13_check_psk_key_exchange()
1007 static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl) in ssl_tls13_check_psk_ephemeral_key_exchange() argument
1010 return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && in ssl_tls13_check_psk_ephemeral_key_exchange()
1011 mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && in ssl_tls13_check_psk_ephemeral_key_exchange()
1012 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); in ssl_tls13_check_psk_ephemeral_key_exchange()
1014 ((void) ssl); in ssl_tls13_check_psk_ephemeral_key_exchange()
1019 static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl) in ssl_tls13_determine_key_exchange_mode() argument
1036 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1039 if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { in ssl_tls13_determine_key_exchange_mode()
1040 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1044 if (ssl_tls13_check_ephemeral_key_exchange(ssl)) { in ssl_tls13_determine_key_exchange_mode()
1045 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1049 if (ssl_tls13_check_psk_key_exchange(ssl)) { in ssl_tls13_determine_key_exchange_mode()
1050 ssl->handshake->key_exchange_mode = in ssl_tls13_determine_key_exchange_mode()
1102 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) in ssl_tls13_pick_key_cert() argument
1105 const uint16_t *sig_alg = ssl->handshake->received_sig_algs; in ssl_tls13_pick_key_cert()
1108 if (ssl->handshake->sni_key_cert != NULL) { in ssl_tls13_pick_key_cert()
1109 key_cert_list = ssl->handshake->sni_key_cert; in ssl_tls13_pick_key_cert()
1112 key_cert_list = ssl->conf->key_cert; in ssl_tls13_pick_key_cert()
1120 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { in ssl_tls13_pick_key_cert()
1168 ssl->handshake->key_cert = key_cert; in ssl_tls13_pick_key_cert()
1177 ssl->handshake->key_cert->cert); in ssl_tls13_pick_key_cert()
1236 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, in ssl_tls13_parse_client_hello() argument
1252 mbedtls_ssl_handshake_params *handshake = ssl->handshake; in ssl_tls13_parse_client_hello()
1288 if (mbedtls_ssl_read_version(p, ssl->conf->transport) != in ssl_tls13_parse_client_hello()
1355 ssl, p + 2, end, in ssl_tls13_parse_client_hello()
1368 ret = ssl_tls13_parse_supported_versions_ext(ssl, in ssl_tls13_parse_client_hello()
1392 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1396 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; in ssl_tls13_parse_client_hello()
1397 ssl->session_negotiate->endpoint = ssl->conf->endpoint; in ssl_tls13_parse_client_hello()
1409 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { in ssl_tls13_parse_client_hello()
1413 ssl->session_negotiate->id_len = legacy_session_id_len; in ssl_tls13_parse_client_hello()
1416 memcpy(&ssl->session_negotiate->id[0], in ssl_tls13_parse_client_hello()
1437 ssl, cipher_suite); in ssl_tls13_parse_client_hello()
1442 ssl->session_negotiate->ciphersuite = cipher_suite; in ssl_tls13_parse_client_hello()
1515 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, in ssl_tls13_parse_client_hello()
1525 ret = mbedtls_ssl_parse_server_name_ext(ssl, p, in ssl_tls13_parse_client_hello()
1546 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1568 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1593 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1626 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1640 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1654 ssl, p, extension_data_end); in ssl_tls13_parse_client_hello()
1679 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, in ssl_tls13_parse_client_hello()
1693 if (mbedtls_ssl_tls13_some_psk_enabled(ssl) && in ssl_tls13_parse_client_hello()
1694 mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && in ssl_tls13_parse_client_hello()
1696 ret = handshake->update_checksum(ssl, buf, in ssl_tls13_parse_client_hello()
1702 ret = ssl_tls13_parse_pre_shared_key_ext(ssl, in ssl_tls13_parse_client_hello()
1717 ret = handshake->update_checksum(ssl, buf, p - buf); in ssl_tls13_parse_client_hello()
1724 ret = ssl_tls13_determine_key_exchange_mode(ssl); in ssl_tls13_parse_client_hello()
1729 if (ssl->handshake->key_exchange_mode != in ssl_tls13_parse_client_hello()
1734 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); in ssl_tls13_parse_client_hello()
1742 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_postprocess_client_hello() argument
1749 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { in ssl_tls13_postprocess_client_hello()
1754 ssl->handshake->sni_name = NULL; in ssl_tls13_postprocess_client_hello()
1755 ssl->handshake->sni_name_len = 0; in ssl_tls13_postprocess_client_hello()
1758 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); in ssl_tls13_postprocess_client_hello()
1774 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_hello() argument
1785 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, in ssl_tls13_process_client_hello()
1788 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, in ssl_tls13_process_client_hello()
1803 ssl->keep_current_message = 1; in ssl_tls13_process_client_hello()
1804 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; in ssl_tls13_process_client_hello()
1808 MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl)); in ssl_tls13_process_client_hello()
1811 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); in ssl_tls13_process_client_hello()
1813 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); in ssl_tls13_process_client_hello()
1826 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_server_hello() argument
1830 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; in ssl_tls13_prepare_server_hello()
1831 if (ssl->conf->f_rng == NULL) { in ssl_tls13_prepare_server_hello()
1836 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, in ssl_tls13_prepare_server_hello()
1846 ssl->session_negotiate->start = mbedtls_time(NULL); in ssl_tls13_prepare_server_hello()
1861 mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_supported_versions_ext() argument
1882 ssl->conf->transport, in ssl_tls13_write_server_hello_supported_versions_ext()
1883 ssl->tls_version); in ssl_tls13_write_server_hello_supported_versions_ext()
1886 ssl->tls_version)); in ssl_tls13_write_server_hello_supported_versions_ext()
1891 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); in ssl_tls13_write_server_hello_supported_versions_ext()
1901 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, in ssl_tls13_generate_and_write_key_share() argument
1915 ssl, named_group, buf, end, out_len); in ssl_tls13_generate_and_write_key_share()
1926 ((void) ssl); in ssl_tls13_generate_and_write_key_share()
1950 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_key_share_ext() argument
1957 uint16_t group = ssl->handshake->offered_group_id; in ssl_tls13_write_key_share_ext()
1983 ssl, group, server_share + 4, end, &key_exchange_length); in ssl_tls13_write_key_share_ext()
1995 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_key_share_ext()
2001 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, in ssl_tls13_write_hrr_key_share_ext() argument
2006 uint16_t selected_group = ssl->handshake->hrr_selected_group; in ssl_tls13_write_hrr_key_share_ext()
2026 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_hrr_key_share_ext()
2032 if (ssl->handshake->offered_group_id != 0) { in ssl_tls13_write_hrr_key_share_ext()
2060 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); in ssl_tls13_write_hrr_key_share_ext()
2078 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_server_hello_body() argument
2090 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_server_hello_body()
2113 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], in ssl_tls13_write_server_hello_body()
2124 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2125 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2126 if (ssl->session_negotiate->id_len > 0) { in ssl_tls13_write_server_hello_body()
2127 memcpy(p, &ssl->session_negotiate->id[0], in ssl_tls13_write_server_hello_body()
2128 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2129 p += ssl->session_negotiate->id_len; in ssl_tls13_write_server_hello_body()
2131 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, in ssl_tls13_write_server_hello_body()
2132 ssl->session_negotiate->id_len); in ssl_tls13_write_server_hello_body()
2142 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); in ssl_tls13_write_server_hello_body()
2147 ssl->session_negotiate->ciphersuite), in ssl_tls13_write_server_hello_body()
2148 ssl->session_negotiate->ciphersuite)); in ssl_tls13_write_server_hello_body()
2170 ssl, p, end, &output_len)) != 0) { in ssl_tls13_write_server_hello_body()
2177 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { in ssl_tls13_write_server_hello_body()
2179 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2181 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2190 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_server_hello_body()
2191 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); in ssl_tls13_write_server_hello_body()
2213 ssl->handshake->sent_extensions); in ssl_tls13_write_server_hello_body()
2219 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_finalize_server_hello() argument
2222 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); in ssl_tls13_finalize_server_hello()
2234 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_hello() argument
2242 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); in ssl_tls13_write_server_hello()
2245 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); in ssl_tls13_write_server_hello()
2247 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_server_hello()
2253 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_server_hello()
2256 ssl, buf_len, msg_len)); in ssl_tls13_write_server_hello()
2258 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); in ssl_tls13_write_server_hello()
2266 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); in ssl_tls13_write_server_hello()
2268 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in ssl_tls13_write_server_hello()
2282 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_prepare_hello_retry_request() argument
2285 if (ssl->handshake->hello_retry_request_count > 0) { in ssl_tls13_prepare_hello_retry_request()
2296 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); in ssl_tls13_prepare_hello_retry_request()
2301 mbedtls_ssl_session_reset_msg_layer(ssl, 0); in ssl_tls13_prepare_hello_retry_request()
2307 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_hello_retry_request() argument
2315 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); in ssl_tls13_write_hello_retry_request()
2318 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, in ssl_tls13_write_hello_retry_request()
2321 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, in ssl_tls13_write_hello_retry_request()
2326 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); in ssl_tls13_write_hello_retry_request()
2329 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, in ssl_tls13_write_hello_retry_request()
2332 ssl->handshake->hello_retry_request_count++; in ssl_tls13_write_hello_retry_request()
2340 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); in ssl_tls13_write_hello_retry_request()
2342 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in ssl_tls13_write_hello_retry_request()
2361 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_encrypted_extensions_body() argument
2378 ((void) ssl); in ssl_tls13_write_encrypted_extensions_body()
2383 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); in ssl_tls13_write_encrypted_extensions_body()
2398 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); in ssl_tls13_write_encrypted_extensions_body()
2404 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) in ssl_tls13_write_encrypted_extensions() argument
2410 mbedtls_ssl_set_outbound_transform(ssl, in ssl_tls13_write_encrypted_extensions()
2411 ssl->handshake->transform_handshake); in ssl_tls13_write_encrypted_extensions()
2418 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2422 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_encrypted_extensions()
2425 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, in ssl_tls13_write_encrypted_extensions()
2429 ssl, buf_len, msg_len)); in ssl_tls13_write_encrypted_extensions()
2432 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { in ssl_tls13_write_encrypted_extensions()
2433 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2435 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); in ssl_tls13_write_encrypted_extensions()
2438 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_encrypted_extensions()
2459 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_certificate_request_coordinate() argument
2464 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { in ssl_tls13_certificate_request_coordinate()
2465 authmode = ssl->handshake->sni_authmode; in ssl_tls13_certificate_request_coordinate()
2468 authmode = ssl->conf->authmode; in ssl_tls13_certificate_request_coordinate()
2471 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; in ssl_tls13_certificate_request_coordinate()
2475 ssl->handshake->certificate_request_sent = 1; in ssl_tls13_certificate_request_coordinate()
2488 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_certificate_request_body() argument
2522 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); in ssl_tls13_write_certificate_request_body()
2533 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); in ssl_tls13_write_certificate_request_body()
2539 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_request() argument
2545 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); in ssl_tls13_write_certificate_request()
2552 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2556 ssl, buf, buf + buf_len, &msg_len)); in ssl_tls13_write_certificate_request()
2559 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, in ssl_tls13_write_certificate_request()
2563 ssl, buf_len, msg_len)); in ssl_tls13_write_certificate_request()
2573 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); in ssl_tls13_write_certificate_request()
2584 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_certificate() argument
2589 if ((ssl_tls13_pick_key_cert(ssl) != 0) || in ssl_tls13_write_server_certificate()
2590 mbedtls_ssl_own_cert(ssl) == NULL) { in ssl_tls13_write_server_certificate()
2598 ret = mbedtls_ssl_tls13_write_certificate(ssl); in ssl_tls13_write_server_certificate()
2602 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); in ssl_tls13_write_server_certificate()
2610 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) in ssl_tls13_write_certificate_verify() argument
2612 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); in ssl_tls13_write_certificate_verify()
2616 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); in ssl_tls13_write_certificate_verify()
2625 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) in ssl_tls13_write_server_finished() argument
2629 ret = mbedtls_ssl_tls13_write_finished_message(ssl); in ssl_tls13_write_server_finished()
2634 ret = mbedtls_ssl_tls13_compute_application_transform(ssl); in ssl_tls13_write_server_finished()
2643 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); in ssl_tls13_write_server_finished()
2645 if (ssl->handshake->certificate_request_sent) { in ssl_tls13_write_server_finished()
2646 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); in ssl_tls13_write_server_finished()
2650 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); in ssl_tls13_write_server_finished()
2660 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) in ssl_tls13_process_client_finished() argument
2664 ret = mbedtls_ssl_tls13_process_finished_message(ssl); in ssl_tls13_process_client_finished()
2669 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); in ssl_tls13_process_client_finished()
2675 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); in ssl_tls13_process_client_finished()
2683 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) in ssl_tls13_handshake_wrapup() argument
2687 mbedtls_ssl_tls13_handshake_wrapup(ssl); in ssl_tls13_handshake_wrapup()
2696 if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) { in ssl_tls13_handshake_wrapup()
2698 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in ssl_tls13_handshake_wrapup()
2702 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_handshake_wrapup()
2713 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket_coordinate() argument
2716 if (ssl->conf->f_ticket_write == NULL) { in ssl_tls13_write_new_session_ticket_coordinate()
2721 if (ssl->conf->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
2727 if (ssl->handshake->new_session_tickets_count == 0) { in ssl_tls13_write_new_session_ticket_coordinate()
2738 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, in ssl_tls13_prepare_new_session_ticket() argument
2743 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_prepare_new_session_ticket()
2759 session, ssl->handshake->tls13_kex_modes); in ssl_tls13_prepare_new_session_ticket()
2764 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, in ssl_tls13_prepare_new_session_ticket()
2774 ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); in ssl_tls13_prepare_new_session_ticket()
2783 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; in ssl_tls13_prepare_new_session_ticket()
2852 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, in ssl_tls13_write_new_session_ticket_body() argument
2861 mbedtls_ssl_session *session = ssl->session; in ssl_tls13_write_new_session_ticket_body()
2877 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, in ssl_tls13_write_new_session_ticket_body()
2928 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; in ssl_tls13_write_new_session_ticket_body()
2939 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); in ssl_tls13_write_new_session_ticket_body()
2947 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) in ssl_tls13_write_new_session_ticket() argument
2951 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); in ssl_tls13_write_new_session_ticket()
2959 ssl, ticket_nonce, sizeof(ticket_nonce))); in ssl_tls13_write_new_session_ticket()
2962 ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, in ssl_tls13_write_new_session_ticket()
2966 ssl, buf, buf + buf_len, &msg_len, in ssl_tls13_write_new_session_ticket()
2970 ssl, buf_len, msg_len)); in ssl_tls13_write_new_session_ticket()
2976 if (ssl->handshake->resume == 1) { in ssl_tls13_write_new_session_ticket()
2977 ssl->handshake->new_session_tickets_count = 0; in ssl_tls13_write_new_session_ticket()
2979 ssl->handshake->new_session_tickets_count--; in ssl_tls13_write_new_session_ticket()
2983 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); in ssl_tls13_write_new_session_ticket()
2985 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in ssl_tls13_write_new_session_ticket()
2997 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) in mbedtls_ssl_tls13_handshake_server_step() argument
3001 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3006 mbedtls_ssl_states_str(ssl->state), in mbedtls_ssl_tls13_handshake_server_step()
3007 ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()
3009 switch (ssl->state) { in mbedtls_ssl_tls13_handshake_server_step()
3012 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3017 ret = ssl_tls13_process_client_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3024 ret = ssl_tls13_write_hello_retry_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3032 ret = ssl_tls13_write_server_hello(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3036 ret = ssl_tls13_write_encrypted_extensions(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3045 ret = ssl_tls13_write_certificate_request(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3049 ret = ssl_tls13_write_server_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3053 ret = ssl_tls13_write_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3062 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3064 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); in mbedtls_ssl_tls13_handshake_server_step()
3069 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3071 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); in mbedtls_ssl_tls13_handshake_server_step()
3077 ret = ssl_tls13_write_server_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3081 ret = ssl_tls13_process_client_finished(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3085 ret = ssl_tls13_handshake_wrapup(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3090 ret = mbedtls_ssl_tls13_process_certificate(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3092 if (ssl->session_negotiate->peer_cert != NULL) { in mbedtls_ssl_tls13_handshake_server_step()
3094 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); in mbedtls_ssl_tls13_handshake_server_step()
3098 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3104 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3107 ssl, MBEDTLS_SSL_CLIENT_FINISHED); in mbedtls_ssl_tls13_handshake_server_step()
3114 ret = ssl_tls13_write_new_session_ticket(ssl); in mbedtls_ssl_tls13_handshake_server_step()
3128 if (ssl->handshake->new_session_tickets_count == 0) { in mbedtls_ssl_tls13_handshake_server_step()
3129 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); in mbedtls_ssl_tls13_handshake_server_step()
3132 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); in mbedtls_ssl_tls13_handshake_server_step()
3139 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); in mbedtls_ssl_tls13_handshake_server_step()