Lines Matching defs:ssl
26 static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
36 if (ssl->hostname == NULL) {
42 ssl->hostname));
44 hostname_len = strlen(ssl->hostname);
88 memcpy(p, ssl->hostname, hostname_len);
93 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME);
114 static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
123 if (ssl->conf->alpn_list == NULL) {
145 for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
167 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN);
217 static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
226 const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
308 ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS);
318 mbedtls_ssl_context *ssl,
340 ciphersuite_list = ssl->conf->ciphersuite_list;
356 if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info,
357 ssl->handshake->min_tls_version,
358 ssl->tls_version) != 0) {
384 renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE);
436 static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
443 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
457 (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version);
463 (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version);
472 mbedtls_ssl_write_version(p, ssl->conf->transport,
503 * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer
506 MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1);
507 *p++ = (unsigned char) ssl->session_negotiate->id_len;
508 memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len);
509 p += ssl->session_negotiate->id_len;
511 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id,
512 ssl->session_negotiate->id_len);
520 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
544 ret = ssl_write_client_hello_cipher_suites(ssl, p, end,
580 ret = ssl_write_hostname_ext(ssl, p, end, &output_len);
588 ret = ssl_write_alpn_ext(ssl, p, end, &output_len);
597 ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end,
612 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
624 ret = ssl_write_supported_groups_ext(ssl, p, end,
640 (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl));
647 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
657 ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end,
671 if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) {
673 ssl, p, end, &output_len, binders_len);
699 static int ssl_generate_random(mbedtls_ssl_context *ssl)
702 unsigned char *randbytes = ssl->handshake->randbytes;
717 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
729 ret = ssl->conf->f_rng(ssl->conf->p_rng,
736 static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
740 mbedtls_ssl_session *session_negotiate = ssl->session_negotiate;
751 if (ssl->handshake->resume != 0 &&
761 ssl->handshake->resume = 0;
772 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
773 ssl->handshake->min_tls_version = ssl->tls_version;
777 if (ssl->handshake->resume) {
778 ssl->tls_version = session_negotiate->tls_version;
779 ssl->handshake->min_tls_version = ssl->tls_version;
781 ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
791 if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
792 (ssl->handshake->cookie == NULL))
796 if (!ssl->handshake->hello_retry_request_flag)
799 ret = ssl_generate_random(ssl);
809 * identifier in the SSL context `ssl->session_negotiate->id_len` is equal
816 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
819 ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
821 ssl->handshake->resume == 0) {
832 if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
847 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
871 ret = ssl->conf->f_rng(ssl->conf->p_rng,
884 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
885 ssl->handshake->resume) {
886 int hostname_mismatch = ssl->hostname != NULL ||
888 if (ssl->hostname != NULL && session_negotiate->hostname != NULL) {
890 ssl->hostname, session_negotiate->hostname) != 0;
901 ssl->hostname);
913 int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl)
921 MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl));
924 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
927 MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf,
933 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
934 ssl->out_msglen = msg_len + 4;
935 mbedtls_ssl_send_flight_completed(ssl);
946 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
948 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
953 if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
961 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
968 ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len);
977 ssl, buf + msg_len - binders_len, buf + msg_len));
978 ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len,
987 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl,
995 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
998 if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
999 MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) {
1000 ret = mbedtls_ssl_tls13_finalize_client_hello(ssl);
1007 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions);