Lines Matching defs:ssl
19 #include "mbedtls/ssl.h"
279 static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
285 void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs)
287 if (ssl->f_set_timer == NULL) {
292 ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs);
298 int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl)
300 if (ssl->f_get_timer == NULL) {
304 if (ssl->f_get_timer(ssl->p_timer) == 2) {
313 static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
318 int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
329 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
337 ret = ssl_parse_record_header(ssl, buf, buflen, &rec);
343 if (ssl->transform_in != NULL) {
344 ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec);
375 static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl,
377 static void ssl_free_buffered_record(mbedtls_ssl_context *ssl);
379 static int ssl_load_buffered_message(mbedtls_ssl_context *ssl);
381 static int ssl_load_buffered_record(mbedtls_ssl_context *ssl);
383 static int ssl_buffer_message(mbedtls_ssl_context *ssl);
385 static int ssl_buffer_future_record(mbedtls_ssl_context *ssl,
388 static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl);
390 static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl)
392 size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
394 size_t out_buf_len = ssl->out_buf_len;
407 static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl)
409 size_t const bytes_written = ssl->out_left;
410 size_t const mtu = ssl_get_maximum_datagram_size(ssl);
423 static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl)
430 const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl);
445 if (max_len <= ssl->out_left) {
449 max_len -= ssl->out_left;
452 ret = ssl_get_remaining_space_in_datagram(ssl);
458 ret = mbedtls_ssl_get_record_expansion(ssl);
481 static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl)
485 if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) {
495 if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) {
496 ssl->handshake->mtu = 508;
497 MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu));
500 new_timeout = 2 * ssl->handshake->retransmit_timeout;
503 if (new_timeout < ssl->handshake->retransmit_timeout ||
504 new_timeout > ssl->conf->hs_timeout_max) {
505 new_timeout = ssl->conf->hs_timeout_max;
508 ssl->handshake->retransmit_timeout = new_timeout;
510 (unsigned long) ssl->handshake->retransmit_timeout));
515 static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl)
517 ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
519 (unsigned long) ssl->handshake->retransmit_timeout));
901 int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
923 ssl = NULL; /* make sure we don't use it except for debug */
924 ((void) ssl);
1479 int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
1506 ssl = NULL; /* make sure we don't use it except for debug */
1507 ((void) ssl);
2132 * The amount of data already fetched is in ssl->in_left.
2138 * With stream transport (TLS) on success ssl->in_left == nb_want, but
2139 * with datagram transport (DTLS) on success ssl->in_left >= nb_want,
2142 * For DTLS, it is up to the caller to set ssl->next_record_offset when
2145 int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
2150 size_t in_buf_len = ssl->in_buf_len;
2157 if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) {
2162 if (nb_want > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) {
2168 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2181 if (ssl->next_record_offset != 0) {
2182 if (ssl->in_left < ssl->next_record_offset) {
2187 ssl->in_left -= ssl->next_record_offset;
2189 if (ssl->in_left != 0) {
2192 ssl->next_record_offset));
2193 memmove(ssl->in_hdr,
2194 ssl->in_hdr + ssl->next_record_offset,
2195 ssl->in_left);
2198 ssl->next_record_offset = 0;
2203 ssl->in_left, nb_want));
2208 if (nb_want <= ssl->in_left) {
2218 if (ssl->in_left != 0) {
2228 if (mbedtls_ssl_check_timer(ssl) != 0) {
2232 len = in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf);
2234 if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
2235 timeout = ssl->handshake->retransmit_timeout;
2237 timeout = ssl->conf->read_timeout;
2242 if (ssl->f_recv_timeout != NULL) {
2243 ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len,
2246 ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len);
2249 MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret);
2258 mbedtls_ssl_set_timer(ssl, 0);
2260 if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
2261 if (ssl_double_retransmit_timeout(ssl) != 0) {
2266 if ((ret = mbedtls_ssl_resend(ssl)) != 0) {
2274 else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
2275 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
2276 if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) {
2291 ssl->in_left = ret;
2297 ssl->in_left, nb_want));
2299 while (ssl->in_left < nb_want) {
2300 len = nb_want - ssl->in_left;
2302 if (mbedtls_ssl_check_timer(ssl) != 0) {
2305 if (ssl->f_recv_timeout != NULL) {
2306 ret = ssl->f_recv_timeout(ssl->p_bio,
2307 ssl->in_hdr + ssl->in_left, len,
2308 ssl->conf->read_timeout);
2310 ret = ssl->f_recv(ssl->p_bio,
2311 ssl->in_hdr + ssl->in_left, len);
2317 ssl->in_left, nb_want));
2318 MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret);
2336 ssl->in_left += ret;
2348 int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
2355 if (ssl->f_send == NULL) {
2361 if (ssl->out_left == 0) {
2366 while (ssl->out_left > 0) {
2369 mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left));
2371 buf = ssl->out_hdr - ssl->out_left;
2372 ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left);
2374 MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret);
2380 if ((size_t) ret > ssl->out_left) {
2384 ret, ssl->out_left));
2388 ssl->out_left -= ret;
2392 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2393 ssl->out_hdr = ssl->out_buf;
2397 ssl->out_hdr = ssl->out_buf + 8;
2399 mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
2414 static int ssl_flight_append(mbedtls_ssl_context *ssl)
2419 ssl->out_msg, ssl->out_msglen);
2428 if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) {
2430 ssl->out_msglen));
2436 memcpy(msg->p, ssl->out_msg, ssl->out_msglen);
2437 msg->len = ssl->out_msglen;
2438 msg->type = ssl->out_msgtype;
2442 if (ssl->handshake->flight == NULL) {
2443 ssl->handshake->flight = msg;
2445 mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
2478 static int ssl_swap_epochs(mbedtls_ssl_context *ssl)
2483 if (ssl->transform_out == ssl->handshake->alt_transform_out) {
2491 tmp_transform = ssl->transform_out;
2492 ssl->transform_out = ssl->handshake->alt_transform_out;
2493 ssl->handshake->alt_transform_out = tmp_transform;
2496 memcpy(tmp_out_ctr, ssl->cur_out_ctr, sizeof(tmp_out_ctr));
2497 memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr,
2498 sizeof(ssl->cur_out_ctr));
2499 memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr,
2500 sizeof(ssl->handshake->alt_out_ctr));
2503 mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
2511 int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
2517 ret = mbedtls_ssl_flight_transmit(ssl);
2531 int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl)
2536 if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) {
2539 ssl->handshake->cur_msg = ssl->handshake->flight;
2540 ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
2541 ret = ssl_swap_epochs(ssl);
2546 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
2549 while (ssl->handshake->cur_msg != NULL) {
2551 const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
2557 int const force_flush = ssl->disable_datagram_packing == 1 ?
2563 if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) {
2565 ret = ssl_swap_epochs(ssl);
2571 ret = ssl_get_remaining_payload_in_datagram(ssl);
2580 if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
2587 memcpy(ssl->out_msg, cur->p, cur->len);
2588 ssl->out_msglen = cur->len;
2589 ssl->out_msgtype = cur->type;
2592 ssl->handshake->cur_msg_p += cur->len;
2594 const unsigned char * const p = ssl->handshake->cur_msg_p;
2602 ret = ssl_swap_epochs(ssl);
2608 if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
2628 memcpy(ssl->out_msg, cur->p, 6);
2630 ssl->out_msg[6] = MBEDTLS_BYTE_2(frag_off);
2631 ssl->out_msg[7] = MBEDTLS_BYTE_1(frag_off);
2632 ssl->out_msg[8] = MBEDTLS_BYTE_0(frag_off);
2634 ssl->out_msg[9] = MBEDTLS_BYTE_2(cur_hs_frag_len);
2635 ssl->out_msg[10] = MBEDTLS_BYTE_1(cur_hs_frag_len);
2636 ssl->out_msg[11] = MBEDTLS_BYTE_0(cur_hs_frag_len);
2638 MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12);
2641 memcpy(ssl->out_msg + 12, p, cur_hs_frag_len);
2642 ssl->out_msglen = cur_hs_frag_len + 12;
2643 ssl->out_msgtype = cur->type;
2646 ssl->handshake->cur_msg_p += cur_hs_frag_len;
2650 if (ssl->handshake->cur_msg_p >= cur->p + cur->len) {
2652 ssl->handshake->cur_msg = cur->next;
2653 ssl->handshake->cur_msg_p = cur->next->p + 12;
2655 ssl->handshake->cur_msg = NULL;
2656 ssl->handshake->cur_msg_p = NULL;
2661 if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) {
2667 if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
2672 if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
2673 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
2675 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
2676 mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout);
2687 void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
2690 mbedtls_ssl_flight_free(ssl->handshake->flight);
2691 ssl->handshake->flight = NULL;
2692 ssl->handshake->cur_msg = NULL;
2695 ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
2698 ssl->handshake->buffering.seen_ccs = 0;
2701 mbedtls_ssl_buffering_free(ssl);
2704 mbedtls_ssl_set_timer(ssl, 0);
2706 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
2707 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) {
2708 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
2710 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
2717 void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
2719 ssl_reset_retransmit_timeout(ssl);
2720 mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout);
2722 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
2723 ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) {
2724 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
2726 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
2734 int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type,
2744 *buf = ssl->out_msg + 4;
2747 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
2748 ssl->out_msg[0] = hs_type;
2765 * - ssl->out_msglen: 4 + actual handshake message len
2767 * - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
2768 * - ssl->out_msg + 4: the handshake message body
2771 * - ssl->out_msglen: the length of the record contents
2773 * - ssl->out_msg: the record contents (handshake headers + content)
2775 int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
2780 const size_t hs_len = ssl->out_msglen - 4;
2781 const unsigned char hs_type = ssl->out_msg[0];
2788 if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
2789 ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
2796 if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
2798 ssl->handshake == NULL) {
2804 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
2805 ssl->handshake != NULL &&
2806 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
2820 if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) {
2824 ssl->out_msglen,
2832 if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
2833 ssl->out_msg[1] = MBEDTLS_BYTE_2(hs_len);
2834 ssl->out_msg[2] = MBEDTLS_BYTE_1(hs_len);
2835 ssl->out_msg[3] = MBEDTLS_BYTE_0(hs_len);
2845 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2847 if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) {
2856 memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len);
2857 ssl->out_msglen += 8;
2861 MBEDTLS_PUT_UINT16_BE(ssl->handshake->out_msg_seq, ssl->out_msg, 4);
2862 ++(ssl->handshake->out_msg_seq);
2864 ssl->out_msg[4] = 0;
2865 ssl->out_msg[5] = 0;
2870 memset(ssl->out_msg + 6, 0x00, 3);
2871 memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3);
2877 ret = ssl->handshake->update_checksum(ssl, ssl->out_msg,
2878 ssl->out_msglen);
2888 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
2889 !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
2891 if ((ret = ssl_flight_append(ssl)) != 0) {
2898 if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) {
2909 int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl,
2918 ssl->out_msglen = msg_with_header_len;
2919 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_handshake_msg_ext(ssl, 0, 0));
2933 * - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS)
2934 * - ssl->out_msglen: length of the record content (excl headers)
2935 * - ssl->out_msg: record content
2937 int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush)
2940 size_t len = ssl->out_msglen;
2949 size_t out_buf_len = ssl->out_buf_len;
2955 mbedtls_ssl_protocol_version tls_ver = ssl->tls_version;
2963 mbedtls_ssl_write_version(ssl->out_hdr + 1, ssl->conf->transport,
2966 memcpy(ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
2967 MBEDTLS_PUT_UINT16_BE(len, ssl->out_len, 0);
2969 if (ssl->transform_out != NULL) {
2972 rec.buf = ssl->out_iv;
2973 rec.buf_len = out_buf_len - (size_t) (ssl->out_iv - ssl->out_buf);
2974 rec.data_len = ssl->out_msglen;
2975 rec.data_offset = (size_t) (ssl->out_msg - rec.buf);
2977 memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr));
2978 mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver);
2979 rec.type = ssl->out_msgtype;
2986 if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
2987 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
2998 ssl->out_msgtype = rec.type;
3000 memcpy(ssl->out_cid, rec.cid, rec.cid_len);
3002 ssl->out_msglen = len = rec.data_len;
3003 MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->out_len, 0);
3006 protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl);
3011 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
3012 ret = ssl_get_remaining_space_in_datagram(ssl);
3025 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
3029 ssl->out_hdr[0], ssl->out_hdr[1],
3030 ssl->out_hdr[2], len));
3033 ssl->out_hdr, protected_record_size);
3035 ssl->out_left += protected_record_size;
3036 ssl->out_hdr += protected_record_size;
3037 mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
3039 for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) {
3040 if (++ssl->cur_out_ctr[i - 1] != 0) {
3046 if (i == mbedtls_ssl_ep_len(ssl)) {
3053 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
3056 ret = ssl_get_remaining_payload_in_datagram(ssl);
3075 (ret = mbedtls_ssl_flush_output(ssl)) != 0) {
3088 static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl)
3090 if (ssl->in_msglen < ssl->in_hslen ||
3091 memcmp(ssl->in_msg + 6, "\0\0\0", 3) != 0 ||
3092 memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) {
3098 static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl)
3100 return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9);
3103 static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl)
3105 return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6);
3109 static int ssl_check_hs_header(mbedtls_ssl_context const *ssl)
3113 msg_len = ssl_get_hs_total_len(ssl);
3114 frag_off = ssl_get_hs_frag_off(ssl);
3115 frag_len = ssl_get_hs_frag_len(ssl);
3125 if (frag_len + 12 > ssl->in_msglen) {
3216 static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
3218 return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1);
3221 int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
3223 if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
3225 ssl->in_msglen));
3229 ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
3234 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen));
3237 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
3239 unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
3241 if (ssl_check_hs_header(ssl) != 0) {
3246 if (ssl->handshake != NULL &&
3247 ((mbedtls_ssl_is_handshake_over(ssl) == 0 &&
3248 recv_msg_seq != ssl->handshake->in_msg_seq) ||
3249 (mbedtls_ssl_is_handshake_over(ssl) == 1 &&
3250 ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) {
3251 if (recv_msg_seq > ssl->handshake->in_msg_seq) {
3256 ssl->handshake->in_msg_seq));
3263 if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
3264 ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) {
3268 ssl->handshake->in_flight_start_seq));
3270 if ((ret = mbedtls_ssl_resend(ssl)) != 0) {
3278 ssl->handshake->in_msg_seq));
3289 if (ssl_hs_is_proper_fragment(ssl) == 1) {
3296 if (ssl->in_msglen < ssl->in_hslen) {
3304 int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
3307 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
3309 if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) {
3310 ret = ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
3319 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
3320 ssl->handshake != NULL) {
3332 ssl_buffering_free_slot(ssl, 0);
3359 void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl)
3361 ssl->in_window_top = 0;
3362 ssl->in_window = 0;
3376 static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr)
3382 original_in_ctr = ssl->in_ctr;
3385 ssl->in_ctr = record_in_ctr;
3387 ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl);
3390 ssl->in_ctr = original_in_ctr;
3398 int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl)
3400 uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2);
3403 if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) {
3407 if (rec_seqnum > ssl->in_window_top) {
3411 bit = ssl->in_window_top - rec_seqnum;
3417 if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) {
3427 void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
3429 uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2);
3431 if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) {
3435 if (rec_seqnum > ssl->in_window_top) {
3437 uint64_t shift = rec_seqnum - ssl->in_window_top;
3440 ssl->in_window = 1;
3442 ssl->in_window <<= shift;
3443 ssl->in_window |= 1;
3446 ssl->in_window_top = rec_seqnum;
3449 uint64_t bit = ssl->in_window_top - rec_seqnum;
3452 ssl->in_window |= (uint64_t) 1 << bit;
3473 mbedtls_ssl_context *ssl,
3547 if (ssl->conf->f_cookie_check(ssl->conf->p_cookie,
3586 if (ssl->conf->f_cookie_write(ssl->conf->p_cookie,
3627 static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl)
3632 if (ssl->conf->f_cookie_write == NULL ||
3633 ssl->conf->f_cookie_check == NULL) {
3642 ssl,
3643 ssl->cli_id, ssl->cli_id_len,
3644 ssl->in_buf, ssl->in_left,
3645 ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len);
3653 ssl->out_buf, len);
3657 send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len);
3658 MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret);
3666 if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) {
3711 static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
3746 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
3773 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
3774 ssl->conf->cid_len != 0 &&
3791 rec_hdr_cid_len = ssl->conf->cid_len;
3824 ssl->conf->transport);
3826 if (tls_version > ssl->conf->max_tls_version) {
3829 (unsigned) ssl->conf->max_tls_version));
3838 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
3846 memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len);
3881 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
3898 if (rec_epoch != ssl->in_epoch) {
3901 ssl->in_epoch, (unsigned long) rec_epoch));
3905 if (rec_epoch == (unsigned) ssl->in_epoch + 1) {
3915 else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl,
3930 static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl)
3932 unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0);
3941 ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
3942 mbedtls_ssl_is_handshake_over(ssl) == 1 &&
3943 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
3944 ssl->in_left > 13 &&
3945 ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) {
3948 return ssl_handle_possible_reconnect(ssl);
3959 static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
3973 if (ssl->transform_in != NULL &&
3974 ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
3981 if (!done && ssl->transform_in != NULL) {
3984 if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in,
4004 (ssl->discard_early_data_record ==
4009 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
4019 ssl->conf->ignore_unexpected_cid
4041 if (ssl->discard_early_data_record ==
4043 ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
4071 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2
4074 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype));
4079 ssl->nb_zero++;
4085 if (ssl->nb_zero > 3) {
4094 ssl->nb_zero = 0;
4098 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
4105 i > mbedtls_ssl_ep_len(ssl); i--) {
4106 if (++ssl->in_ctr[i - 1] != 0) {
4112 if (i == mbedtls_ssl_ep_len(ssl)) {
4134 if (ssl->discard_early_data_record == MBEDTLS_SSL_EARLY_DATA_DISCARD) {
4137 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
4147 ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
4153 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
4154 mbedtls_ssl_dtls_replay_update(ssl);
4178 static int ssl_consume_current_message(mbedtls_ssl_context *ssl);
4180 static int ssl_get_next_record(mbedtls_ssl_context *ssl);
4182 static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl);
4184 int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
4191 if (ssl->keep_current_message == 0) {
4194 ret = ssl_consume_current_message(ssl);
4199 if (ssl_record_is_in_progress(ssl) == 0) {
4205 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
4206 ssl_next_record_is_in_datagram(ssl) == 0) {
4207 if (ssl_load_buffered_message(ssl) == 0) {
4214 ret = ssl_get_next_record(ssl);
4226 ret = mbedtls_ssl_handle_message_type(ssl);
4231 ret = ssl_buffer_message(ssl);
4248 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
4250 ret = mbedtls_ssl_update_handshake_status(ssl);
4258 ssl->keep_current_message = 0;
4268 static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl)
4270 if (ssl->in_left > ssl->next_record_offset) {
4278 static int ssl_load_buffered_message(mbedtls_ssl_context *ssl)
4280 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
4290 if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
4291 ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) {
4301 ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
4302 ssl->in_msglen = 1;
4303 ssl->in_msg[0] = 1;
4306 ssl->in_left = 0;
4307 ssl->next_record_offset = 0;
4346 ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
4347 ssl->in_hslen = msg_len + 12;
4348 ssl->in_msglen = msg_len + 12;
4349 memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen);
4367 static int ssl_buffer_make_space(mbedtls_ssl_context *ssl,
4371 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
4376 ssl_free_buffered_record(ssl);
4395 ssl_buffering_free_slot(ssl, (uint8_t) offset);
4409 static int ssl_buffer_message(mbedtls_ssl_context *ssl)
4412 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
4420 switch (ssl->in_msgtype) {
4430 unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
4432 size_t msg_len = ssl->in_hslen - 12;
4436 if (recv_msg_seq < ssl->handshake->in_msg_seq) {
4441 recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
4447 recv_msg_seq, ssl->handshake->in_msg_seq,
4448 ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS -
4464 (ssl_hs_is_proper_fragment(ssl) == 1);
4513 if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) {
4546 memcpy(hs_buf->data, ssl->in_msg, 6);
4555 if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) {
4572 frag_off = ssl_get_hs_frag_off(ssl);
4573 frag_len = ssl_get_hs_frag_len(ssl);
4578 memcpy(msg + frag_off, ssl->in_msg + 12, frag_len);
4609 static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
4634 if (ssl->in_hslen != 0) {
4636 * is in flight, as corrupting ssl->in_msglen during
4637 * ssl->in_offt != NULL is fatal. */
4638 if (ssl->in_offt != NULL) {
4660 * Additionally, ssl->in_hslen might be arbitrarily out of
4664 if (ssl->in_hslen < ssl->in_msglen) {
4665 ssl->in_msglen -= ssl->in_hslen;
4666 memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen,
4667 ssl->in_msglen);
4670 ssl->in_msg, ssl->in_msglen);
4672 ssl->in_msglen = 0;
4675 ssl->in_hslen = 0;
4678 else if (ssl->in_offt != NULL) {
4683 ssl->in_msglen = 0;
4690 static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl)
4692 if (ssl->in_msglen > 0) {
4701 static void ssl_free_buffered_record(mbedtls_ssl_context *ssl)
4703 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
4718 static int ssl_load_buffered_record(mbedtls_ssl_context *ssl)
4720 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
4725 size_t in_buf_len = ssl->in_buf_len;
4729 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
4747 if (ssl_next_record_is_in_datagram(ssl) == 1) {
4753 if (rec_epoch != ssl->in_epoch) {
4761 if (rec_len > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) {
4766 memcpy(ssl->in_hdr, rec, rec_len);
4767 ssl->in_left = rec_len;
4768 ssl->next_record_offset = 0;
4770 ssl_free_buffered_record(ssl);
4778 static int ssl_buffer_future_record(mbedtls_ssl_context *ssl,
4781 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
4813 ssl->in_epoch + 1U));
4818 hs->buffering.future_record.epoch = ssl->in_epoch + 1;
4838 static int ssl_get_next_record(mbedtls_ssl_context *ssl)
4846 * On success, this call will set ssl->in_left to
4850 ret = ssl_load_buffered_record(ssl);
4859 ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl));
4865 ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec);
4868 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
4870 ret = ssl_buffer_future_record(ssl, &rec);
4884 mbedtls_ssl_update_in_pointers(ssl);
4887 ssl->in_msgtype = rec.type;
4889 ssl->in_len = ssl->in_cid + rec.cid_len;
4891 ssl->in_iv = ssl->in_msg = ssl->in_len + 2;
4892 ssl->in_msglen = rec.data_len;
4894 ret = ssl_check_client_reconnect(ssl);
4902 ssl->next_record_offset = rec.buf_len;
4908 ssl->next_record_offset = 0;
4909 ssl->in_left = 0;
4925 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
4927 ssl->next_record_offset = rec.buf_len;
4928 if (ssl->next_record_offset < ssl->in_left) {
4937 ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len);
4943 ssl->in_left = 0;
4950 if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) {
4952 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
4958 if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
4959 ssl->state == MBEDTLS_SSL_SERVER_FINISHED) {
4962 mbedtls_ssl_send_alert_message(ssl,
4970 if (ssl->conf->badmac_limit != 0 &&
4971 ++ssl->badmac_seen >= ssl->conf->badmac_limit) {
4979 ssl->next_record_offset = 0;
4980 ssl->in_left = 0;
4993 mbedtls_ssl_send_alert_message(ssl,
5006 mbedtls_ssl_update_in_pointers(ssl);
5008 ssl->in_len = ssl->in_cid + rec.cid_len;
5010 ssl->in_iv = ssl->in_len + 2;
5014 ssl->in_msgtype = rec.type;
5019 ssl->in_hdr[0] = rec.type;
5020 ssl->in_msg = rec.buf + rec.data_offset;
5021 ssl->in_msglen = rec.data_len;
5022 MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0);
5027 int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
5034 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
5035 if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) {
5040 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
5041 if (ssl->in_msglen != 1) {
5043 ssl->in_msglen));
5047 if (ssl->in_msg[0] != 1) {
5049 ssl->in_msg[0]));
5054 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
5055 ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
5056 ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) {
5057 if (ssl->handshake == NULL) {
5068 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
5082 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) {
5083 if (ssl->in_msglen != 2) {
5088 ssl->in_msglen));
5093 ssl->in_msg[0], ssl->in_msg[1]));
5098 if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) {
5100 ssl->in_msg[1]));
5104 if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
5105 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) {
5111 if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
5112 ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) {
5123 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5126 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
5127 mbedtls_ssl_is_handshake_over(ssl) == 0
5129 && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
5130 ssl->state == MBEDTLS_SSL_SERVER_HELLO)
5137 if (ssl->handshake != NULL &&
5138 mbedtls_ssl_is_handshake_over(ssl) == 1) {
5139 mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
5147 int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
5149 return mbedtls_ssl_send_alert_message(ssl,
5154 int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
5160 if (ssl == NULL || ssl->conf == NULL) {
5164 if (ssl->out_left != 0) {
5165 return mbedtls_ssl_flush_output(ssl);
5171 ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
5172 ssl->out_msglen = 2;
5173 ssl->out_msg[0] = level;
5174 ssl->out_msg[1] = message;
5176 if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
5185 int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
5191 ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
5192 ssl->out_msglen = 1;
5193 ssl->out_msg[0] = 1;
5195 ssl->state++;
5197 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
5207 int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
5213 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
5218 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
5220 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
5234 ssl->transform_in = ssl->transform_negotiate;
5236 ssl->session_in = ssl->session_negotiate;
5239 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5241 mbedtls_ssl_dtls_replay_reset(ssl);
5245 if (++ssl->in_epoch == 0) {
5253 memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
5255 mbedtls_ssl_update_in_pointers(ssl);
5257 ssl->state++;
5264 /* Once ssl->out_hdr as the address of the beginning of the
5268 * (entering MAC computation) in the 8 bytes before ssl->out_hdr,
5278 void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
5282 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5283 ssl->out_ctr = ssl->out_hdr + 3;
5285 ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
5286 ssl->out_len = ssl->out_cid;
5288 ssl->out_len += transform->out_cid_len;
5291 ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
5293 ssl->out_iv = ssl->out_len + 2;
5297 ssl->out_len = ssl->out_hdr + 3;
5299 ssl->out_cid = ssl->out_len;
5301 ssl->out_iv = ssl->out_hdr + 5;
5304 ssl->out_msg = ssl->out_iv;
5307 ssl->out_msg += ssl_transform_get_explicit_iv_len(transform);
5311 /* Once ssl->in_hdr as the address of the beginning of the
5315 * (entering MAC computation) in the 8 bytes before ssl->in_hdr,
5319 void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
5322 * of unprotected TLS/DTLS records, with both ssl->in_iv
5323 * and ssl->in_msg pointing to the beginning of the record
5326 * When decrypting a protected record, ssl->in_msg
5332 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5337 ssl->in_ctr = ssl->in_hdr + 3;
5339 ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
5340 ssl->in_len = ssl->in_cid; /* Default: no CID */
5342 ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
5344 ssl->in_iv = ssl->in_len + 2;
5348 ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
5349 ssl->in_len = ssl->in_hdr + 3;
5351 ssl->in_cid = ssl->in_len;
5353 ssl->in_iv = ssl->in_hdr + 5;
5357 ssl->in_msg = ssl->in_iv;
5364 void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl)
5368 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5369 ssl->out_hdr = ssl->out_buf;
5370 ssl->in_hdr = ssl->in_buf;
5374 ssl->out_ctr = ssl->out_buf;
5375 ssl->out_hdr = ssl->out_buf + 8;
5376 ssl->in_hdr = ssl->in_buf + 8;
5380 mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */);
5381 mbedtls_ssl_update_in_pointers(ssl);
5387 size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl)
5389 return ssl->in_offt == NULL ? 0 : ssl->in_msglen;
5392 int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl)
5399 if (ssl->keep_current_message == 1) {
5409 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
5410 ssl->in_left > ssl->next_record_offset) {
5420 if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) {
5429 if (ssl->in_offt != NULL) {
5445 int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl)
5448 const mbedtls_ssl_transform *transform = ssl->transform_out;
5455 size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl);
5543 static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl)
5545 size_t ep_len = mbedtls_ssl_ep_len(ssl);
5549 if (mbedtls_ssl_is_handshake_over(ssl) == 0 ||
5550 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
5551 ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) {
5555 in_ctr_cmp = memcmp(ssl->in_ctr + ep_len,
5556 &ssl->conf->renego_period[ep_len],
5558 out_ctr_cmp = memcmp(&ssl->cur_out_ctr[ep_len],
5559 &ssl->conf->renego_period[ep_len],
5560 sizeof(ssl->cur_out_ctr) - ep_len);
5567 return mbedtls_ssl_renegotiate(ssl);
5575 static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl)
5578 if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) ||
5579 (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)) {
5583 ssl->keep_current_message = 1;
5586 mbedtls_ssl_handshake_set_state(ssl,
5594 static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
5600 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
5601 int ret = ssl_tls13_check_new_session_ticket(ssl);
5624 static int ssl_tls12_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
5635 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
5636 (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
5637 ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl))) {
5642 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5651 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
5652 ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) {
5657 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5667 if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
5668 (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
5669 ssl->conf->allow_legacy_renegotiation ==
5677 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
5678 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
5679 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
5682 ret = mbedtls_ssl_start_renegotiation(ssl);
5698 if ((ret = mbedtls_ssl_send_alert_message(ssl,
5710 static int ssl_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
5714 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
5715 return ssl_tls13_handle_hs_message_post_handshake(ssl);
5720 if (ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) {
5721 return ssl_tls12_handle_hs_message_post_handshake(ssl);
5733 * param ssl SSL context:
5746 mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
5748 size_t n = (len < ssl->in_msglen) ? len : ssl->in_msglen;
5751 memcpy(buf, ssl->in_offt, n);
5752 ssl->in_msglen -= n;
5757 mbedtls_platform_zeroize(ssl->in_offt, n);
5759 if (ssl->in_msglen == 0) {
5761 ssl->in_offt = NULL;
5762 ssl->keep_current_message = 0;
5765 ssl->in_offt += n;
5774 int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
5778 if (ssl == NULL || ssl->conf == NULL) {
5785 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5786 if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
5790 if (ssl->handshake != NULL &&
5791 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
5792 if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
5812 ret = ssl_check_ctr_renegotiate(ssl);
5820 if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
5821 ret = mbedtls_ssl_handshake(ssl);
5830 while (ssl->in_offt == NULL) {
5832 if (ssl->f_get_timer != NULL &&
5833 ssl->f_get_timer(ssl->p_timer) == -1) {
5834 mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout);
5837 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
5846 if (ssl->in_msglen == 0 &&
5847 ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
5851 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
5861 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
5862 ret = ssl_handle_hs_message_post_handshake(ssl);
5893 else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
5894 if (ssl->conf->renego_max_records >= 0) {
5895 if (++ssl->renego_records_seen > ssl->conf->renego_max_records) {
5905 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) {
5910 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
5915 ssl->in_offt = ssl->in_msg;
5919 if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
5920 mbedtls_ssl_set_timer(ssl, 0);
5928 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
5929 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
5930 if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) {
5940 ret = ssl_read_application_data(ssl, buf, len);
5948 int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
5951 if (ssl == NULL || (ssl->conf == NULL)) {
5959 if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) ||
5960 (ssl->in_offt == NULL)) {
5964 return ssl_read_application_data(ssl, buf, len);
5981 static int ssl_write_real(mbedtls_ssl_context *ssl,
5984 int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
5994 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
6005 if (ssl->out_left != 0) {
6012 if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
6022 ssl->out_msglen = len;
6023 ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
6025 memcpy(ssl->out_msg, buf, len);
6028 if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
6040 int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
6046 if (ssl == NULL || ssl->conf == NULL) {
6051 if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) {
6057 if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
6058 if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
6064 ret = ssl_write_real(ssl, buf, len);
6072 int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
6081 if (ssl == NULL || (conf = ssl->conf) == NULL) {
6095 if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
6111 if ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) ||
6112 (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) {
6113 while ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) ||
6114 (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) {
6115 ret = mbedtls_ssl_handshake_step(ssl);
6121 ret = mbedtls_ssl_flush_output(ssl);
6127 remaining = ssl->session_negotiate->max_early_data_size;
6136 if ((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) &&
6137 (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED)) {
6141 remaining = ssl->session_negotiate->max_early_data_size -
6142 ssl->total_early_data_size;
6148 ret = mbedtls_ssl_handshake(ssl);
6155 if (((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) &&
6156 (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED))
6165 ret = ssl_write_real(ssl, buf, len);
6167 ssl->total_early_data_size += ret;
6179 int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl)
6183 if (ssl == NULL || ssl->conf == NULL) {
6189 if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
6190 if ((ret = mbedtls_ssl_send_alert_message(ssl,
6230 void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl,
6233 ssl->transform_in = transform;
6234 memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
6237 void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl,
6240 ssl->transform_out = transform;
6241 memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
6246 void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl)
6249 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
6255 ssl_free_buffered_record(ssl);
6258 ssl_buffering_free_slot(ssl, offset);
6262 static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl,
6265 mbedtls_ssl_handshake_params * const hs = ssl->handshake;
6327 * returned, ssl->alert_reason otherwise.
6329 int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl)
6334 if (ssl->send_alert == 0) {
6338 ret = mbedtls_ssl_send_alert_message(ssl,
6340 ssl->alert_type);
6346 ssl->send_alert = 0;
6353 return ssl->alert_reason;
6359 void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl,
6363 ssl->send_alert = 1;
6364 ssl->alert_type = alert_type;
6365 ssl->alert_reason = alert_reason;