Lines Matching refs:ssl
48 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, in mbedtls_ssl_set_client_transport_id() argument
52 if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER ) in mbedtls_ssl_set_client_transport_id()
55 free( ssl->cli_id ); in mbedtls_ssl_set_client_transport_id()
57 if( ( ssl->cli_id = (unsigned char*)calloc( 1, ilen ) ) == NULL ) in mbedtls_ssl_set_client_transport_id()
60 memcpy( ssl->cli_id, info, ilen ); in mbedtls_ssl_set_client_transport_id()
61 ssl->cli_id_len = ilen; in mbedtls_ssl_set_client_transport_id()
78 static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, in ssl_parse_servername_ext() argument
92 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_servername_ext()
104 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_servername_ext()
111 ret = ssl->conf->f_sni( ssl->conf->p_sni, in ssl_parse_servername_ext()
112 ssl, p + 3, hostname_len ); in ssl_parse_servername_ext()
116 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_servername_ext()
130 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_servername_ext()
156 static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, in ssl_parse_signature_algorithms_ext() argument
173 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_signature_algorithms_ext()
207 if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 ) in ssl_parse_signature_algorithms_ext()
209 mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); in ssl_parse_signature_algorithms_ext()
228 static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, in ssl_parse_supported_elliptic_curves() argument
241 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_elliptic_curves()
247 if( ssl->handshake->curves != NULL ) in ssl_parse_supported_elliptic_curves()
250 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_elliptic_curves()
264 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_elliptic_curves()
269 ssl->handshake->curves = curves; in ssl_parse_supported_elliptic_curves()
289 static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, in ssl_parse_supported_point_formats() argument
300 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_supported_point_formats()
312 ssl->handshake->ecdh_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
315 ssl->handshake->ecjpake_ctx.point_format = p[0]; in ssl_parse_supported_point_formats()
331 static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, in ssl_parse_ecjpake_kkpp() argument
337 if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) in ssl_parse_ecjpake_kkpp()
343 if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, in ssl_parse_ecjpake_kkpp()
347 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_ecjpake_kkpp()
353 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; in ssl_parse_ecjpake_kkpp()
364 static int ssl_srv_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, in ssl_srv_parse_truncated_hmac_ext() argument
371 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_truncated_hmac_ext()
378 if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) in ssl_srv_parse_truncated_hmac_ext()
379 ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; in ssl_srv_parse_truncated_hmac_ext()
386 static int ssl_srv_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, in ssl_srv_parse_encrypt_then_mac_ext() argument
393 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_encrypt_then_mac_ext()
400 if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && in ssl_srv_parse_encrypt_then_mac_ext()
401 ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_srv_parse_encrypt_then_mac_ext()
403 ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; in ssl_srv_parse_encrypt_then_mac_ext()
411 static int ssl_srv_parse_extended_ms_ext( mbedtls_ssl_context *ssl, in ssl_srv_parse_extended_ms_ext() argument
418 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_extended_ms_ext()
425 if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && in ssl_srv_parse_extended_ms_ext()
426 ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_srv_parse_extended_ms_ext()
428 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; in ssl_srv_parse_extended_ms_ext()
436 static int ssl_srv_parse_session_ticket_ext( mbedtls_ssl_context *ssl, in ssl_srv_parse_session_ticket_ext() argument
445 if( ssl->conf->f_ticket_parse == NULL || in ssl_srv_parse_session_ticket_ext()
446 ssl->conf->f_ticket_write == NULL ) in ssl_srv_parse_session_ticket_ext()
452 ssl->handshake->new_session_ticket = 1; in ssl_srv_parse_session_ticket_ext()
460 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_srv_parse_session_ticket_ext()
470 if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session, in ssl_srv_parse_session_ticket_ext()
489 session.id_len = ssl->session_negotiate->id_len; in ssl_srv_parse_session_ticket_ext()
490 memcpy( &session.id, ssl->session_negotiate->id, session.id_len ); in ssl_srv_parse_session_ticket_ext()
492 mbedtls_ssl_session_free( ssl->session_negotiate ); in ssl_srv_parse_session_ticket_ext()
493 memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); in ssl_srv_parse_session_ticket_ext()
500 ssl->handshake->resume = 1; in ssl_srv_parse_session_ticket_ext()
503 ssl->handshake->new_session_ticket = 0; in ssl_srv_parse_session_ticket_ext()
510 static int ssl_srv_parse_alpn_ext( mbedtls_ssl_context *ssl, in ssl_srv_parse_alpn_ext() argument
518 if( ssl->conf->alpn_list == NULL ) in ssl_srv_parse_alpn_ext()
532 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_alpn_ext()
540 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_alpn_ext()
550 for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ ) in ssl_srv_parse_alpn_ext()
558 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_alpn_ext()
568 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_alpn_ext()
576 ssl->alpn_chosen = *ours; in ssl_srv_parse_alpn_ext()
583 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_srv_parse_alpn_ext()
619 static int ssl_pick_cert( mbedtls_ssl_context *ssl, in ssl_pick_cert() argument
628 if( ssl->handshake->sni_key_cert != NULL ) in ssl_pick_cert()
629 list = ssl->handshake->sni_key_cert; in ssl_pick_cert()
632 list = ssl->conf->key_cert; in ssl_pick_cert()
674 ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 ) in ssl_pick_cert()
686 if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && in ssl_pick_cert()
708 ssl->handshake->key_cert = cur; in ssl_pick_cert()
710 ssl->handshake->key_cert->cert ); in ssl_pick_cert()
722 static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, in ssl_ciphersuite_match() argument
741 if( suite_info->min_minor_ver > ssl->minor_ver || in ssl_ciphersuite_match()
742 suite_info->max_minor_ver < ssl->minor_ver ) in ssl_ciphersuite_match()
749 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_ciphersuite_match()
755 if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && in ssl_ciphersuite_match()
765 ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 ) in ssl_ciphersuite_match()
776 ( ssl->handshake->curves == NULL || in ssl_ciphersuite_match()
777 ssl->handshake->curves[0] == NULL ) ) in ssl_ciphersuite_match()
789 ssl->conf->f_psk == NULL && in ssl_ciphersuite_match()
790 ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL || in ssl_ciphersuite_match()
791 ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) ) in ssl_ciphersuite_match()
802 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_ciphersuite_match()
806 … mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) in ssl_ciphersuite_match()
825 if( ssl_pick_cert( ssl, suite_info ) != 0 ) in ssl_ciphersuite_match()
838 static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) in ssl_parse_client_hello_v2() argument
851 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_parse_client_hello_v2()
854 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello_v2()
860 buf = ssl->in_hdr; in ssl_parse_client_hello_v2()
896 ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; in ssl_parse_client_hello_v2()
897 ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver ) in ssl_parse_client_hello_v2()
898 ? buf[4] : ssl->conf->max_minor_ver; in ssl_parse_client_hello_v2()
900 if( ssl->minor_ver < ssl->conf->min_minor_ver ) in ssl_parse_client_hello_v2()
904 ssl->major_ver, ssl->minor_ver, in ssl_parse_client_hello_v2()
905 ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); in ssl_parse_client_hello_v2()
907 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello_v2()
912 ssl->handshake->max_major_ver = buf[3]; in ssl_parse_client_hello_v2()
913 ssl->handshake->max_minor_ver = buf[4]; in ssl_parse_client_hello_v2()
915 if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 ) in ssl_parse_client_hello_v2()
921 ssl->handshake->update_checksum( ssl, buf + 2, n ); in ssl_parse_client_hello_v2()
923 buf = ssl->in_msg; in ssl_parse_client_hello_v2()
924 n = ssl->in_left - 5; in ssl_parse_client_hello_v2()
978 ssl->session_negotiate->id_len = sess_len; in ssl_parse_client_hello_v2()
979 memset( ssl->session_negotiate->id, 0, in ssl_parse_client_hello_v2()
980 sizeof( ssl->session_negotiate->id ) ); in ssl_parse_client_hello_v2()
981 memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len ); in ssl_parse_client_hello_v2()
984 memset( ssl->handshake->randbytes, 0, 64 ); in ssl_parse_client_hello_v2()
985 memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len ); in ssl_parse_client_hello_v2()
996 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_parse_client_hello_v2()
1001 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello_v2()
1006 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_client_hello_v2()
1020 if( ssl->minor_ver < ssl->conf->max_minor_ver ) in ssl_parse_client_hello_v2()
1024 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello_v2()
1036 ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; in ssl_parse_client_hello_v2()
1053 if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], in ssl_parse_client_hello_v2()
1076 ssl->session_negotiate->ciphersuite = ciphersuites[i]; in ssl_parse_client_hello_v2()
1077 ssl->transform_negotiate->ciphersuite_info = ciphersuite_info; in ssl_parse_client_hello_v2()
1082 if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_client_hello_v2()
1083 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) in ssl_parse_client_hello_v2()
1086 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello_v2()
1091 ssl->in_left = 0; in ssl_parse_client_hello_v2()
1092 ssl->state++; in ssl_parse_client_hello_v2()
1103 static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) in ssl_parse_client_hello() argument
1141 if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_parse_client_hello()
1144 if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) in ssl_parse_client_hello()
1152 buf = ssl->in_hdr; in ssl_parse_client_hello()
1156 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) in ssl_parse_client_hello()
1159 return( ssl_parse_client_hello_v2( ssl ) ); in ssl_parse_client_hello()
1162 MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) ); in ssl_parse_client_hello()
1183 ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) ); in ssl_parse_client_hello()
1188 mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 ); in ssl_parse_client_hello()
1203 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM in ssl_parse_client_hello()
1205 && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE in ssl_parse_client_hello()
1210 if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 ) in ssl_parse_client_hello()
1216 memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 ); in ssl_parse_client_hello()
1219 if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) in ssl_parse_client_hello()
1222 ssl->next_record_offset = 0; in ssl_parse_client_hello()
1223 ssl->in_left = 0; in ssl_parse_client_hello()
1228 mbedtls_ssl_dtls_replay_update( ssl ); in ssl_parse_client_hello()
1233 msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; in ssl_parse_client_hello()
1236 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_parse_client_hello()
1239 msg_len = ssl->in_hslen; in ssl_parse_client_hello()
1250 if( ( ret = mbedtls_ssl_fetch_input( ssl, in ssl_parse_client_hello()
1251 mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 ) in ssl_parse_client_hello()
1259 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_client_hello()
1260 ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl ); in ssl_parse_client_hello()
1263 ssl->in_left = 0; in ssl_parse_client_hello()
1266 buf = ssl->in_msg; in ssl_parse_client_hello()
1270 ssl->handshake->update_checksum( ssl, buf, msg_len ); in ssl_parse_client_hello()
1280 if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) ) in ssl_parse_client_hello()
1299 msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) in ssl_parse_client_hello()
1306 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_client_hello()
1313 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_parse_client_hello()
1316 unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | in ssl_parse_client_hello()
1317 ssl->in_msg[5]; in ssl_parse_client_hello()
1319 if( cli_msg_seq != ssl->handshake->in_msg_seq ) in ssl_parse_client_hello()
1323 ssl->handshake->in_msg_seq ) ); in ssl_parse_client_hello()
1327 ssl->handshake->in_msg_seq++; in ssl_parse_client_hello()
1332 unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | in ssl_parse_client_hello()
1333 ssl->in_msg[5]; in ssl_parse_client_hello()
1334 ssl->handshake->out_msg_seq = cli_msg_seq; in ssl_parse_client_hello()
1335 ssl->handshake->in_msg_seq = cli_msg_seq + 1; in ssl_parse_client_hello()
1342 if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || in ssl_parse_client_hello()
1343 memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 ) in ssl_parse_client_hello()
1351 buf += mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_client_hello()
1352 msg_len -= mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_client_hello()
1386 mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, in ssl_parse_client_hello()
1387 ssl->conf->transport, buf ); in ssl_parse_client_hello()
1389 ssl->handshake->max_major_ver = ssl->major_ver; in ssl_parse_client_hello()
1390 ssl->handshake->max_minor_ver = ssl->minor_ver; in ssl_parse_client_hello()
1392 if( ssl->major_ver < ssl->conf->min_major_ver || in ssl_parse_client_hello()
1393 ssl->minor_ver < ssl->conf->min_minor_ver ) in ssl_parse_client_hello()
1397 ssl->major_ver, ssl->minor_ver, in ssl_parse_client_hello()
1398 ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); in ssl_parse_client_hello()
1399 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1404 if( ssl->major_ver > ssl->conf->max_major_ver ) in ssl_parse_client_hello()
1406 ssl->major_ver = ssl->conf->max_major_ver; in ssl_parse_client_hello()
1407 ssl->minor_ver = ssl->conf->max_minor_ver; in ssl_parse_client_hello()
1409 else if( ssl->minor_ver > ssl->conf->max_minor_ver ) in ssl_parse_client_hello()
1410 ssl->minor_ver = ssl->conf->max_minor_ver; in ssl_parse_client_hello()
1417 memcpy( ssl->handshake->randbytes, buf + 2, 32 ); in ssl_parse_client_hello()
1424 if( sess_len > sizeof( ssl->session_negotiate->id ) || in ssl_parse_client_hello()
1428 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1435 ssl->session_negotiate->id_len = sess_len; in ssl_parse_client_hello()
1436 memset( ssl->session_negotiate->id, 0, in ssl_parse_client_hello()
1437 sizeof( ssl->session_negotiate->id ) ); in ssl_parse_client_hello()
1438 memcpy( ssl->session_negotiate->id, buf + 35, in ssl_parse_client_hello()
1439 ssl->session_negotiate->id_len ); in ssl_parse_client_hello()
1445 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_client_hello()
1453 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1462 if( ssl->conf->f_cookie_check != NULL in ssl_parse_client_hello()
1464 && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE in ssl_parse_client_hello()
1468 if( ssl->conf->f_cookie_check( ssl->conf->p_cookie, in ssl_parse_client_hello()
1470 ssl->cli_id, ssl->cli_id_len ) != 0 ) in ssl_parse_client_hello()
1473 ssl->handshake->verify_cookie_len = 1; in ssl_parse_client_hello()
1478 ssl->handshake->verify_cookie_len = 0; in ssl_parse_client_hello()
1512 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1532 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1540 ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; in ssl_parse_client_hello()
1544 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_client_hello()
1545 ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; in ssl_parse_client_hello()
1550 if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) in ssl_parse_client_hello()
1562 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1574 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1595 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1604 if( ssl->conf->f_sni == NULL ) in ssl_parse_client_hello()
1607 ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1619 ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1629 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_parse_client_hello()
1632 ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1646 ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1653 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; in ssl_parse_client_hello()
1655 ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1666 ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1676 ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1686 ret = ssl_srv_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1696 ret = ssl_srv_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1706 ret = ssl_srv_parse_extended_ms_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1716 ret = ssl_srv_parse_session_ticket_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1726 ret = ssl_srv_parse_alpn_ext( ssl, ext + 4, ext_size ); in ssl_parse_client_hello()
1743 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1760 if( ssl->minor_ver < ssl->conf->max_minor_ver ) in ssl_parse_client_hello()
1764 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1786 if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 ) in ssl_parse_client_hello()
1789 mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); in ssl_parse_client_hello()
1804 if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) in ssl_parse_client_hello()
1808 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1813 ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; in ssl_parse_client_hello()
1821 if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_client_hello()
1822 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) in ssl_parse_client_hello()
1828 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1829 ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && in ssl_parse_client_hello()
1835 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1836 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_client_hello()
1837 ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) in ssl_parse_client_hello()
1842 else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && in ssl_parse_client_hello()
1843 ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && in ssl_parse_client_hello()
1853 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1864 ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; in ssl_parse_client_hello()
1880 if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], in ssl_parse_client_hello()
1892 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1899 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_hello()
1907 ssl->session_negotiate->ciphersuite = ciphersuites[i]; in ssl_parse_client_hello()
1908 ssl->transform_negotiate->ciphersuite_info = ciphersuite_info; in ssl_parse_client_hello()
1910 ssl->state++; in ssl_parse_client_hello()
1913 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_parse_client_hello()
1914 mbedtls_ssl_recv_flight_completed( ssl ); in ssl_parse_client_hello()
1923 static void ssl_srv_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_truncated_hmac_ext() argument
1929 if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) in ssl_srv_write_truncated_hmac_ext()
1948 static void ssl_srv_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_encrypt_then_mac_ext() argument
1956 if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED || in ssl_srv_write_encrypt_then_mac_ext()
1957 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_srv_write_encrypt_then_mac_ext()
1970 ssl->session_negotiate->ciphersuite ) ) == NULL || in ssl_srv_write_encrypt_then_mac_ext()
1991 static void ssl_srv_write_extended_ms_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_extended_ms_ext() argument
1997 if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || in ssl_srv_write_extended_ms_ext()
1998 ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_srv_write_extended_ms_ext()
2018 static void ssl_srv_write_session_ticket_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_session_ticket_ext() argument
2024 if( ssl->handshake->new_session_ticket == 0 ) in ssl_srv_write_session_ticket_ext()
2042 static void ssl_srv_write_renegotiation_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_renegotiation_ext() argument
2048 if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION ) in ssl_srv_write_renegotiation_ext()
2060 if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) in ssl_srv_write_renegotiation_ext()
2063 *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF; in ssl_srv_write_renegotiation_ext()
2064 *p++ = ssl->verify_data_len * 2 & 0xFF; in ssl_srv_write_renegotiation_ext()
2066 memcpy( p, ssl->peer_verify_data, ssl->verify_data_len ); in ssl_srv_write_renegotiation_ext()
2067 p += ssl->verify_data_len; in ssl_srv_write_renegotiation_ext()
2068 memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); in ssl_srv_write_renegotiation_ext()
2069 p += ssl->verify_data_len; in ssl_srv_write_renegotiation_ext()
2083 static void ssl_srv_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_max_fragment_length_ext() argument
2089 if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) in ssl_srv_write_max_fragment_length_ext()
2103 *p++ = ssl->session_negotiate->mfl_code; in ssl_srv_write_max_fragment_length_ext()
2111 static void ssl_srv_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_supported_point_formats_ext() argument
2116 ((void) ssl); in ssl_srv_write_supported_point_formats_ext()
2118 if( ( ssl->handshake->cli_exts & in ssl_srv_write_supported_point_formats_ext()
2141 static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, in ssl_write_ecjpake_kkpp_ext() argument
2147 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_write_ecjpake_kkpp_ext()
2153 if( ssl->transform_negotiate->ciphersuite_info->key_exchange != in ssl_write_ecjpake_kkpp_ext()
2168 ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, in ssl_write_ecjpake_kkpp_ext()
2170 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_ecjpake_kkpp_ext()
2185 static void ssl_srv_write_alpn_ext( mbedtls_ssl_context *ssl, in ssl_srv_write_alpn_ext() argument
2188 if( ssl->alpn_chosen == NULL ) in ssl_srv_write_alpn_ext()
2206 *olen = 7 + strlen( ssl->alpn_chosen ); in ssl_srv_write_alpn_ext()
2216 memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 ); in ssl_srv_write_alpn_ext()
2221 static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) in ssl_write_hello_verify_request() argument
2224 unsigned char *p = ssl->out_msg + 4; in ssl_write_hello_verify_request()
2238 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, in ssl_write_hello_verify_request()
2239 ssl->conf->transport, p ); in ssl_write_hello_verify_request()
2244 if( ssl->conf->f_cookie_write == NULL ) in ssl_write_hello_verify_request()
2253 if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie, in ssl_write_hello_verify_request()
2254 &p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN, in ssl_write_hello_verify_request()
2255 ssl->cli_id, ssl->cli_id_len ) ) != 0 ) in ssl_write_hello_verify_request()
2265 ssl->out_msglen = p - ssl->out_msg; in ssl_write_hello_verify_request()
2266 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_hello_verify_request()
2267 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; in ssl_write_hello_verify_request()
2269 ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; in ssl_write_hello_verify_request()
2271 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in ssl_write_hello_verify_request()
2283 static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) in ssl_write_server_hello() argument
2293 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in ssl_write_server_hello()
2294 ssl->handshake->verify_cookie_len != 0 ) in ssl_write_server_hello()
2299 return( ssl_write_hello_verify_request( ssl ) ); in ssl_write_server_hello()
2303 if( ssl->conf->f_rng == NULL ) in ssl_write_server_hello()
2316 buf = ssl->out_msg; in ssl_write_server_hello()
2319 mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, in ssl_write_server_hello()
2320 ssl->conf->transport, p ); in ssl_write_server_hello()
2334 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) in ssl_write_server_hello()
2339 memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 ); in ssl_write_server_hello()
2348 if( ssl->handshake->resume == 0 && in ssl_write_server_hello()
2350 ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE && in ssl_write_server_hello()
2352 ssl->session_negotiate->id_len != 0 && in ssl_write_server_hello()
2353 ssl->conf->f_get_cache != NULL && in ssl_write_server_hello()
2354 ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 ) in ssl_write_server_hello()
2357 ssl->handshake->resume = 1; in ssl_write_server_hello()
2360 if( ssl->handshake->resume == 0 ) in ssl_write_server_hello()
2366 ssl->state++; in ssl_write_server_hello()
2368 ssl->session_negotiate->start = time( NULL ); in ssl_write_server_hello()
2371 if( ssl->handshake->new_session_ticket != 0 ) in ssl_write_server_hello()
2373 ssl->session_negotiate->id_len = n = 0; in ssl_write_server_hello()
2374 memset( ssl->session_negotiate->id, 0, 32 ); in ssl_write_server_hello()
2379 ssl->session_negotiate->id_len = n = 32; in ssl_write_server_hello()
2380 if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, in ssl_write_server_hello()
2390 n = ssl->session_negotiate->id_len; in ssl_write_server_hello()
2391 ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; in ssl_write_server_hello()
2393 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) in ssl_write_server_hello()
2408 *p++ = (unsigned char) ssl->session_negotiate->id_len; in ssl_write_server_hello()
2409 memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len ); in ssl_write_server_hello()
2410 p += ssl->session_negotiate->id_len; in ssl_write_server_hello()
2415 ssl->handshake->resume ? "a" : "no" ) ); in ssl_write_server_hello()
2417 *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 ); in ssl_write_server_hello()
2418 *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); in ssl_write_server_hello()
2419 *p++ = (unsigned char)( ssl->session_negotiate->compression ); in ssl_write_server_hello()
2422 mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); in ssl_write_server_hello()
2424 ssl->session_negotiate->compression ) ); in ssl_write_server_hello()
2428 if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) in ssl_write_server_hello()
2435 ssl_srv_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2439 ssl_srv_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2444 ssl_srv_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2449 ssl_srv_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2454 ssl_srv_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2459 ssl_srv_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2465 ssl_srv_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2470 ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2475 ssl_srv_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); in ssl_write_server_hello()
2492 ssl->out_msglen = p - buf; in ssl_write_server_hello()
2493 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_server_hello()
2494 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; in ssl_write_server_hello()
2496 ret = mbedtls_ssl_write_record( ssl ); in ssl_write_server_hello()
2509 static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) in ssl_write_certificate_request() argument
2512 ssl->transform_negotiate->ciphersuite_info; in ssl_write_certificate_request()
2523 ssl->state++; in ssl_write_certificate_request()
2531 static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) in ssl_write_certificate_request() argument
2535 ssl->transform_negotiate->ciphersuite_info; in ssl_write_certificate_request()
2539 const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_write_certificate_request()
2545 ssl->state++; in ssl_write_certificate_request()
2548 if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) in ssl_write_certificate_request()
2549 authmode = ssl->handshake->sni_authmode; in ssl_write_certificate_request()
2552 authmode = ssl->conf->authmode; in ssl_write_certificate_request()
2577 buf = ssl->out_msg; in ssl_write_certificate_request()
2613 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_certificate_request()
2620 for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) in ssl_write_certificate_request()
2624 if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) in ssl_write_certificate_request()
2652 if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED ) in ssl_write_certificate_request()
2655 if( ssl->handshake->sni_ca_chain != NULL ) in ssl_write_certificate_request()
2656 crt = ssl->handshake->sni_ca_chain; in ssl_write_certificate_request()
2659 crt = ssl->conf->ca_chain; in ssl_write_certificate_request()
2685 ssl->out_msglen = p - buf; in ssl_write_certificate_request()
2686 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_certificate_request()
2687 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; in ssl_write_certificate_request()
2688 ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); in ssl_write_certificate_request()
2689 ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); in ssl_write_certificate_request()
2691 ret = mbedtls_ssl_write_record( ssl ); in ssl_write_certificate_request()
2706 static int ssl_srv_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) in ssl_srv_get_ecdh_params_from_cert() argument
2710 if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) ) in ssl_srv_get_ecdh_params_from_cert()
2716 if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, in ssl_srv_get_ecdh_params_from_cert()
2717 mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ), in ssl_srv_get_ecdh_params_from_cert()
2729 static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) in ssl_write_server_key_exchange() argument
2734 ssl->transform_negotiate->ciphersuite_info; in ssl_write_server_key_exchange()
2737 unsigned char *p = ssl->out_msg + 4; in ssl_write_server_key_exchange()
2759 ssl_srv_get_ecdh_params_from_cert( ssl ); in ssl_write_server_key_exchange()
2769 ssl->state++; in ssl_write_server_key_exchange()
2786 const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; in ssl_write_server_key_exchange()
2788 ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, in ssl_write_server_key_exchange()
2789 p, end - p, &len, ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_write_server_key_exchange()
2825 if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL ) in ssl_write_server_key_exchange()
2840 if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 || in ssl_write_server_key_exchange()
2841 ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 ) in ssl_write_server_key_exchange()
2847 if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx, in ssl_write_server_key_exchange()
2848 (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), in ssl_write_server_key_exchange()
2849 p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_write_server_key_exchange()
2863 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); in ssl_write_server_key_exchange()
2864 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); in ssl_write_server_key_exchange()
2865 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); in ssl_write_server_key_exchange()
2866 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); in ssl_write_server_key_exchange()
2888 for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) in ssl_write_server_key_exchange()
2889 for( curve = ssl->handshake->curves; *curve != NULL; curve++ ) in ssl_write_server_key_exchange()
2902 if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp, in ssl_write_server_key_exchange()
2909 if( ( ret = mbedtls_ecdh_make_params( &ssl->handshake->ecdh_ctx, &len, in ssl_write_server_key_exchange()
2911 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_write_server_key_exchange()
2925 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q ); in ssl_write_server_key_exchange()
2956 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_server_key_exchange()
2961 ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, in ssl_write_server_key_exchange()
3017 mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 ); in ssl_write_server_key_exchange()
3022 mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 ); in ssl_write_server_key_exchange()
3060 mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ); in ssl_write_server_key_exchange()
3079 if( mbedtls_ssl_own_key( ssl ) == NULL ) in ssl_write_server_key_exchange()
3086 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_write_server_key_exchange()
3111 if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen, in ssl_write_server_key_exchange()
3112 p + 2 , &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_write_server_key_exchange()
3130 ssl->out_msglen = 4 + n; in ssl_write_server_key_exchange()
3131 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_server_key_exchange()
3132 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; in ssl_write_server_key_exchange()
3134 ssl->state++; in ssl_write_server_key_exchange()
3136 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in ssl_write_server_key_exchange()
3147 static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) in ssl_write_server_hello_done() argument
3153 ssl->out_msglen = 4; in ssl_write_server_hello_done()
3154 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_server_hello_done()
3155 ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; in ssl_write_server_hello_done()
3157 ssl->state++; in ssl_write_server_hello_done()
3160 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) in ssl_write_server_hello_done()
3161 mbedtls_ssl_send_flight_completed( ssl ); in ssl_write_server_hello_done()
3164 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in ssl_write_server_hello_done()
3177 static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, in ssl_parse_client_dh_public() argument
3201 if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 ) in ssl_parse_client_dh_public()
3209 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); in ssl_parse_client_dh_public()
3218 static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, in ssl_parse_encrypted_pms() argument
3224 size_t len = mbedtls_pk_get_len( mbedtls_ssl_own_key( ssl ) ); in ssl_parse_encrypted_pms()
3225 unsigned char *pms = ssl->handshake->premaster + pms_offset; in ssl_parse_encrypted_pms()
3232 if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) ) in ssl_parse_encrypted_pms()
3243 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) in ssl_parse_encrypted_pms()
3260 mbedtls_ssl_write_version( ssl->handshake->max_major_ver, in ssl_parse_encrypted_pms()
3261 ssl->handshake->max_minor_ver, in ssl_parse_encrypted_pms()
3262 ssl->conf->transport, ver ); in ssl_parse_encrypted_pms()
3271 ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) ); in ssl_parse_encrypted_pms()
3275 ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len, in ssl_parse_encrypted_pms()
3278 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_parse_encrypted_pms()
3290 if( sizeof( ssl->handshake->premaster ) < pms_offset || in ssl_parse_encrypted_pms()
3291 sizeof( ssl->handshake->premaster ) - pms_offset < 48 ) in ssl_parse_encrypted_pms()
3296 ssl->handshake->pmslen = 48; in ssl_parse_encrypted_pms()
3310 for( i = 0; i < ssl->handshake->pmslen; i++ ) in ssl_parse_encrypted_pms()
3319 static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, in ssl_parse_client_psk_identity() argument
3325 if( ssl->conf->f_psk == NULL && in ssl_parse_client_psk_identity()
3326 ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL || in ssl_parse_client_psk_identity()
3327 ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) ) in ssl_parse_client_psk_identity()
3351 if( ssl->conf->f_psk != NULL ) in ssl_parse_client_psk_identity()
3353 if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 ) in ssl_parse_client_psk_identity()
3360 if( n != ssl->conf->psk_identity_len || in ssl_parse_client_psk_identity()
3361 mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 ) in ssl_parse_client_psk_identity()
3370 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, in ssl_parse_client_psk_identity()
3381 static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) in ssl_parse_client_key_exchange() argument
3387 ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; in ssl_parse_client_key_exchange()
3391 if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) in ssl_parse_client_key_exchange()
3397 p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_client_key_exchange()
3398 end = ssl->in_msg + ssl->in_hslen; in ssl_parse_client_key_exchange()
3400 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) in ssl_parse_client_key_exchange()
3406 if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE ) in ssl_parse_client_key_exchange()
3415 if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) in ssl_parse_client_key_exchange()
3427 if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, in ssl_parse_client_key_exchange()
3428 ssl->handshake->premaster, in ssl_parse_client_key_exchange()
3430 &ssl->handshake->pmslen, in ssl_parse_client_key_exchange()
3431 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_parse_client_key_exchange()
3437 MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); in ssl_parse_client_key_exchange()
3450 if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3457 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp ); in ssl_parse_client_key_exchange()
3459 if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3460 &ssl->handshake->pmslen, in ssl_parse_client_key_exchange()
3461 ssl->handshake->premaster, in ssl_parse_client_key_exchange()
3463 ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) in ssl_parse_client_key_exchange()
3469 MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z ); in ssl_parse_client_key_exchange()
3479 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) in ssl_parse_client_key_exchange()
3491 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, in ssl_parse_client_key_exchange()
3503 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) in ssl_parse_client_key_exchange()
3509 if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 ) in ssl_parse_client_key_exchange()
3515 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, in ssl_parse_client_key_exchange()
3527 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) in ssl_parse_client_key_exchange()
3532 if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) in ssl_parse_client_key_exchange()
3544 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, in ssl_parse_client_key_exchange()
3556 if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) in ssl_parse_client_key_exchange()
3562 if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, in ssl_parse_client_key_exchange()
3569 MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp ); in ssl_parse_client_key_exchange()
3571 if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, in ssl_parse_client_key_exchange()
3583 if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 ) in ssl_parse_client_key_exchange()
3594 ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, in ssl_parse_client_key_exchange()
3602 ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, in ssl_parse_client_key_exchange()
3603 ssl->handshake->premaster, 32, &ssl->handshake->pmslen, in ssl_parse_client_key_exchange()
3604 ssl->conf->f_rng, ssl->conf->p_rng ); in ssl_parse_client_key_exchange()
3618 if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) in ssl_parse_client_key_exchange()
3624 ssl->state++; in ssl_parse_client_key_exchange()
3637 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) in ssl_parse_certificate_verify() argument
3640 ssl->transform_negotiate->ciphersuite_info; in ssl_parse_certificate_verify()
3651 ssl->state++; in ssl_parse_certificate_verify()
3659 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) in ssl_parse_certificate_verify() argument
3671 ssl->transform_negotiate->ciphersuite_info; in ssl_parse_certificate_verify()
3680 ssl->session_negotiate->peer_cert == NULL ) in ssl_parse_certificate_verify()
3683 ssl->state++; in ssl_parse_certificate_verify()
3690 if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) in ssl_parse_certificate_verify()
3696 ret = mbedtls_ssl_handle_message_type( ssl ); in ssl_parse_certificate_verify()
3706 ssl->state++; in ssl_parse_certificate_verify()
3709 if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in ssl_parse_certificate_verify()
3710 ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) in ssl_parse_certificate_verify()
3716 i = mbedtls_ssl_hs_hdr_len( ssl ); in ssl_parse_certificate_verify()
3726 if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_certificate_verify()
3732 if( mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, in ssl_parse_certificate_verify()
3744 if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) in ssl_parse_certificate_verify()
3746 if( i + 2 > ssl->in_hslen ) in ssl_parse_certificate_verify()
3755 md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] ); in ssl_parse_certificate_verify()
3757 if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) ) in ssl_parse_certificate_verify()
3777 if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) ) in ssl_parse_certificate_verify()
3788 if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) in ssl_parse_certificate_verify()
3803 if( i + 2 > ssl->in_hslen ) in ssl_parse_certificate_verify()
3809 sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; in ssl_parse_certificate_verify()
3812 if( i + sig_len != ssl->in_hslen ) in ssl_parse_certificate_verify()
3819 ssl->handshake->calc_verify( ssl, hash ); in ssl_parse_certificate_verify()
3821 if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk, in ssl_parse_certificate_verify()
3823 ssl->in_msg + i, sig_len ) ) != 0 ) in ssl_parse_certificate_verify()
3829 mbedtls_ssl_update_handshake_status( ssl ); in ssl_parse_certificate_verify()
3843 static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) in ssl_write_new_session_ticket() argument
3851 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; in ssl_write_new_session_ticket()
3852 ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET; in ssl_write_new_session_ticket()
3865 if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket, in ssl_write_new_session_ticket()
3866 ssl->session_negotiate, in ssl_write_new_session_ticket()
3867 ssl->out_msg + 10, in ssl_write_new_session_ticket()
3868 ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN, in ssl_write_new_session_ticket()
3875 ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; in ssl_write_new_session_ticket()
3876 ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; in ssl_write_new_session_ticket()
3877 ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF; in ssl_write_new_session_ticket()
3878 ssl->out_msg[7] = ( lifetime ) & 0xFF; in ssl_write_new_session_ticket()
3880 ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF ); in ssl_write_new_session_ticket()
3881 ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF ); in ssl_write_new_session_ticket()
3883 ssl->out_msglen = 10 + tlen; in ssl_write_new_session_ticket()
3889 ssl->handshake->new_session_ticket = 0; in ssl_write_new_session_ticket()
3891 if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) in ssl_write_new_session_ticket()
3906 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) in mbedtls_ssl_handshake_server_step() argument
3910 if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) in mbedtls_ssl_handshake_server_step()
3913 MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); in mbedtls_ssl_handshake_server_step()
3915 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) in mbedtls_ssl_handshake_server_step()
3919 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && in mbedtls_ssl_handshake_server_step()
3920 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) in mbedtls_ssl_handshake_server_step()
3922 if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) in mbedtls_ssl_handshake_server_step()
3927 switch( ssl->state ) in mbedtls_ssl_handshake_server_step()
3930 ssl->state = MBEDTLS_SSL_CLIENT_HELLO; in mbedtls_ssl_handshake_server_step()
3937 ret = ssl_parse_client_hello( ssl ); in mbedtls_ssl_handshake_server_step()
3953 ret = ssl_write_server_hello( ssl ); in mbedtls_ssl_handshake_server_step()
3957 ret = mbedtls_ssl_write_certificate( ssl ); in mbedtls_ssl_handshake_server_step()
3961 ret = ssl_write_server_key_exchange( ssl ); in mbedtls_ssl_handshake_server_step()
3965 ret = ssl_write_certificate_request( ssl ); in mbedtls_ssl_handshake_server_step()
3969 ret = ssl_write_server_hello_done( ssl ); in mbedtls_ssl_handshake_server_step()
3980 ret = mbedtls_ssl_parse_certificate( ssl ); in mbedtls_ssl_handshake_server_step()
3984 ret = ssl_parse_client_key_exchange( ssl ); in mbedtls_ssl_handshake_server_step()
3988 ret = ssl_parse_certificate_verify( ssl ); in mbedtls_ssl_handshake_server_step()
3992 ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); in mbedtls_ssl_handshake_server_step()
3996 ret = mbedtls_ssl_parse_finished( ssl ); in mbedtls_ssl_handshake_server_step()
4006 if( ssl->handshake->new_session_ticket != 0 ) in mbedtls_ssl_handshake_server_step()
4007 ret = ssl_write_new_session_ticket( ssl ); in mbedtls_ssl_handshake_server_step()
4010 ret = mbedtls_ssl_write_change_cipher_spec( ssl ); in mbedtls_ssl_handshake_server_step()
4014 ret = mbedtls_ssl_write_finished( ssl ); in mbedtls_ssl_handshake_server_step()
4019 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; in mbedtls_ssl_handshake_server_step()
4023 mbedtls_ssl_handshake_wrapup( ssl ); in mbedtls_ssl_handshake_server_step()
4027 MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); in mbedtls_ssl_handshake_server_step()