Lines Matching defs:handshake
789 ssl->handshake->update_checksum = ssl_update_checksum_sha384;
794 ssl->handshake->update_checksum = ssl_update_checksum_sha256;
815 return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
828 return ssl->handshake->update_checksum(ssl, msg, msg_len);
845 status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
849 status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
854 mbedtls_md_free(&ssl->handshake->fin_sha256);
855 mbedtls_md_init(&ssl->handshake->fin_sha256);
856 ret = mbedtls_md_setup(&ssl->handshake->fin_sha256,
862 ret = mbedtls_md_starts(&ssl->handshake->fin_sha256);
870 status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
874 status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
879 mbedtls_md_free(&ssl->handshake->fin_sha384);
880 mbedtls_md_init(&ssl->handshake->fin_sha384);
881 ret = mbedtls_md_setup(&ssl->handshake->fin_sha384,
886 ret = mbedtls_md_starts(&ssl->handshake->fin_sha384);
912 status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
917 ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
925 status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
930 ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
945 &ssl->handshake->fin_sha256_psa, buf, len));
947 return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
958 &ssl->handshake->fin_sha384_psa, buf, len));
960 return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
965 static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake)
967 memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params));
971 handshake->fin_sha256_psa = psa_hash_operation_init();
973 mbedtls_md_init(&handshake->fin_sha256);
978 handshake->fin_sha384_psa = psa_hash_operation_init();
980 mbedtls_md_init(&handshake->fin_sha384);
984 handshake->update_checksum = ssl_update_checksum_start;
987 mbedtls_dhm_init(&handshake->dhm_ctx);
991 mbedtls_ecdh_init(&handshake->ecdh_ctx);
995 handshake->psa_pake_ctx = psa_pake_operation_init();
996 handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
998 mbedtls_ecjpake_init(&handshake->ecjpake_ctx);
1001 handshake->ecjpake_cache = NULL;
1002 handshake->ecjpake_cache_len = 0;
1007 mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx);
1011 handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
1016 mbedtls_pk_init(&handshake->peer_pubkey);
1053 /* Clear old handshake information if present */
1062 if (ssl->handshake) {
1080 if (ssl->handshake == NULL) {
1081 ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params));
1091 if (ssl->handshake == NULL ||
1098 mbedtls_free(ssl->handshake);
1099 ssl->handshake = NULL;
1124 ssl_handshake_params_init(ssl->handshake);
1130 /* Setup handshake checksums */
1140 ssl->handshake->new_session_tickets_count =
1146 ssl->handshake->alt_transform_out = ssl->transform_out;
1149 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
1151 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
1191 ssl->handshake->group_list = group_list;
1192 ssl->handshake->group_list_heap_allocated = 1;
1194 ssl->handshake->group_list = ssl->conf->group_list;
1195 ssl->handshake->group_list_heap_allocated = 0;
1236 ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len +
1238 if (ssl->handshake->sig_algs == NULL) {
1242 p = (uint16_t *) ssl->handshake->sig_algs;
1258 ssl->handshake->sig_algs_heap_allocated = 1;
1262 ssl->handshake->sig_algs_heap_allocated = 0;
1360 * If the verification fails, the receiver MUST terminate the handshake with
1549 if (ssl->handshake != NULL) {
1551 mbedtls_ssl_transform_free(ssl->handshake->transform_earlydata);
1552 mbedtls_free(ssl->handshake->transform_earlydata);
1553 ssl->handshake->transform_earlydata = NULL;
1556 mbedtls_ssl_transform_free(ssl->handshake->transform_handshake);
1557 mbedtls_free(ssl->handshake->transform_handshake);
1558 ssl->handshake->transform_handshake = NULL;
1757 if (ssl->handshake->resume == 1) {
1781 ssl->handshake->resume = 1;
1916 *name_len = ssl->handshake->sni_name_len;
1917 return ssl->handshake->sni_name;
1924 return ssl_append_key_cert(&ssl->handshake->sni_key_cert,
1932 ssl->handshake->sni_ca_chain = ca_chain;
1933 ssl->handshake->sni_ca_crl = ca_crl;
1940 ssl->handshake->dn_hints = crt;
1947 ssl->handshake->sni_authmode = authmode;
1984 status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite);
2001 status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len);
2006 status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len);
2011 status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd);
2016 ssl->handshake->psa_pake_ctx_is_ok = 1;
2028 if (ssl->handshake == NULL || ssl->conf == NULL) {
2042 &ssl->handshake->psa_pake_password);
2048 ssl->handshake->psa_pake_password);
2050 psa_destroy_key(ssl->handshake->psa_pake_password);
2051 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2063 if (ssl->handshake == NULL || ssl->conf == NULL) {
2073 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2086 if (ssl->handshake == NULL || ssl->conf == NULL) {
2101 return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx,
2223 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
2226 if (ssl->handshake->psk_opaque_is_internal) {
2227 psa_destroy_key(ssl->handshake->psk_opaque);
2228 ssl->handshake->psk_opaque_is_internal = 0;
2230 ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
2233 if (ssl->handshake->psk != NULL) {
2234 mbedtls_zeroize_and_free(ssl->handshake->psk,
2235 ssl->handshake->psk_len);
2236 ssl->handshake->psk_len = 0;
2251 if (psk == NULL || ssl->handshake == NULL) {
2264 if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
2290 ssl->handshake->psk_opaque_is_internal = 1;
2293 if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) {
2297 ssl->handshake->psk_len = psk_len;
2298 memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len);
2337 (ssl->handshake == NULL)) {
2342 ssl->handshake->psk_opaque = psk;
2721 * Set allowed/preferred hashes for handshake signatures
2730 /* Configure allowed signature algorithms for handshake */
2748 * stored in ssl->handshake->group_list.
3061 if (ssl->handshake == NULL) {
3064 return ssl->handshake->user_async_ctx;
3071 if (ssl->handshake != NULL) {
3072 ssl->handshake->user_async_ctx = ctx;
3148 /* During a handshake, use the value being negotiated */
3181 /* During a handshake, use the value being negotiated */
3207 /* During a handshake, use the value being negotiated */
3227 if (ssl->handshake == NULL || ssl->handshake->mtu == 0) {
3232 return ssl->handshake->mtu;
3235 return ssl->mtu < ssl->handshake->mtu ?
3236 ssl->mtu : ssl->handshake->mtu;
4460 * Perform a single step of the SSL handshake
4468 * We may have not been able to send to the peer all the handshake data
4469 * that were written into the output buffer by the previous handshake step,
4472 * We proceed to the next handshake step only when all data from the
4477 * In the case of TLS 1.3, handshake step handlers do not send data to the
4488 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
4504 ssl->handshake == NULL ||
4585 * Perform the SSL handshake
4606 MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake"));
4608 /* Main handshake loop */
4617 MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake"));
4653 * - server: receiving any handshake message on server during mbedtls_ssl_read() after
4654 * the initial handshake is completed.
4655 * If the handshake doesn't complete due to waiting for I/O, it will continue
4674 ssl->handshake->out_msg_seq = 1;
4676 ssl->handshake->in_msg_seq = 1;
4727 * if already in progress, continue the handshake
4752 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
4754 if (handshake == NULL) {
4760 if (ssl->handshake->group_list_heap_allocated) {
4761 mbedtls_free((void *) handshake->group_list);
4763 handshake->group_list = NULL;
4769 if (ssl->handshake->sig_algs_heap_allocated) {
4770 mbedtls_free((void *) handshake->sig_algs);
4772 handshake->sig_algs = NULL;
4775 if (ssl->handshake->certificate_request_context) {
4776 mbedtls_free((void *) handshake->certificate_request_context);
4782 if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) {
4784 handshake->async_in_progress = 0;
4790 psa_hash_abort(&handshake->fin_sha256_psa);
4792 mbedtls_md_free(&handshake->fin_sha256);
4797 psa_hash_abort(&handshake->fin_sha384_psa);
4799 mbedtls_md_free(&handshake->fin_sha384);
4804 mbedtls_dhm_free(&handshake->dhm_ctx);
4808 mbedtls_ecdh_free(&handshake->ecdh_ctx);
4813 psa_pake_abort(&handshake->psa_pake_ctx);
4815 * Opaque keys are not stored in the handshake's data and it's the user
4819 if (!mbedtls_svc_key_id_is_null(handshake->psa_pake_password)) {
4820 psa_destroy_key(handshake->psa_pake_password);
4822 handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
4824 mbedtls_ecjpake_free(&handshake->ecjpake_ctx);
4827 mbedtls_free(handshake->ecjpake_cache);
4828 handshake->ecjpake_cache = NULL;
4829 handshake->ecjpake_cache_len = 0;
4837 mbedtls_free((void *) handshake->curves_tls_id);
4842 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
4845 if (ssl->handshake->psk_opaque_is_internal) {
4846 psa_destroy_key(ssl->handshake->psk_opaque);
4847 ssl->handshake->psk_opaque_is_internal = 0;
4849 ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
4852 if (handshake->psk != NULL) {
4853 mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len);
4864 ssl_key_cert_free(handshake->sni_key_cert);
4868 mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx);
4869 if (handshake->ecrs_peer_cert != NULL) {
4870 mbedtls_x509_crt_free(handshake->ecrs_peer_cert);
4871 mbedtls_free(handshake->ecrs_peer_cert);
4877 mbedtls_pk_free(&handshake->peer_pubkey);
4882 mbedtls_free(handshake->cookie);
4887 mbedtls_ssl_flight_free(handshake->flight);
4892 if (handshake->xxdh_psa_privkey_is_external == 0) {
4893 psa_destroy_key(handshake->xxdh_psa_privkey);
4898 mbedtls_ssl_transform_free(handshake->transform_handshake);
4899 mbedtls_free(handshake->transform_handshake);
4901 mbedtls_ssl_transform_free(handshake->transform_earlydata);
4902 mbedtls_free(handshake->transform_earlydata);
4917 mbedtls_platform_zeroize(handshake,
5049 * them are likely to stay (no handshake in progress) some might go away
5052 /* The initial handshake must be over */
5054 MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over"));
5057 if (ssl->handshake != NULL) {
5475 /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated,
5479 if (ssl->handshake != NULL) {
5481 mbedtls_free(ssl->handshake);
5482 ssl->handshake = NULL;
5550 if (ssl->handshake) {
5552 mbedtls_free(ssl->handshake);
6428 hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
6434 hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
6480 ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
6518 ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
6625 memset(ssl->handshake->received_sig_algs, 0,
6626 sizeof(ssl->handshake->received_sig_algs));
6649 ssl->handshake->received_sig_algs[common_idx] = sig_alg;
6669 ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE;
6962 * - the tls_prf, calc_verify and calc_finished members of handshake structure
6965 static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake,
6970 handshake->tls_prf = tls_prf_sha384;
6971 handshake->calc_verify = ssl_calc_verify_tls_sha384;
6972 handshake->calc_finished = ssl_calc_finished_tls_sha384;
6978 handshake->tls_prf = tls_prf_sha256;
6979 handshake->calc_verify = ssl_calc_verify_tls_sha256;
6980 handshake->calc_finished = ssl_calc_finished_tls_sha256;
6984 (void) handshake;
6997 * [in/out] handshake
7008 static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
7033 * this is the transcript of the handshake so far.
7035 unsigned char const *seed = handshake->randbytes;
7046 if (handshake->resume != 0) {
7052 if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) {
7055 ret = handshake->calc_verify(ssl, session_hash, &seed_len);
7067 if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) {
7074 mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
7089 switch (handshake->ciphersuite_info->key_exchange) {
7097 other_secret = handshake->premaster + 2;
7101 other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0);
7102 other_secret = handshake->premaster + 2;
7137 if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
7145 handshake->pmslen = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE;
7159 status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx,
7167 handshake->premaster,
7168 handshake->pmslen);
7180 ret = handshake->tls_prf(handshake->premaster, handshake->pmslen,
7190 handshake->premaster,
7191 handshake->pmslen);
7193 mbedtls_platform_zeroize(handshake->premaster,
7194 sizeof(handshake->premaster));
7204 ssl->handshake->ciphersuite_info;
7209 ret = ssl_set_handshake_prfs(ssl->handshake,
7217 ret = ssl_compute_master(ssl->handshake,
7230 memcpy(tmp, ssl->handshake->randbytes, 64);
7231 memcpy(ssl->handshake->randbytes, tmp + 32, 32);
7232 memcpy(ssl->handshake->randbytes + 32, tmp, 32);
7243 ssl->handshake->tls_prf,
7244 ssl->handshake->randbytes,
7254 mbedtls_platform_zeroize(ssl->handshake->randbytes,
7255 sizeof(ssl->handshake->randbytes));
7267 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
7272 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
7363 return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32,
7366 return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256,
7378 return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48,
7381 return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384,
7391 unsigned char *p = ssl->handshake->premaster;
7392 unsigned char *end = p + sizeof(ssl->handshake->premaster);
7456 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
7465 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
7473 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen,
7483 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
7507 ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster);
7521 * timeout if we were using the usual handshake doubling scheme */
7550 ssl->handshake->ciphersuite_info;
7567 ssl->handshake->ciphersuite_info;
7590 ssl->handshake->ciphersuite_info;
7602 if (ssl->handshake->client_auth == 0) {
7622 * 0 . 0 handshake type
7623 * 1 . 3 handshake length
7816 * end-CRTs hasn't changed compared to the initial handshake,
7817 * mitigating the triple handshake attack. On success, reuse
7905 ssl->handshake->ciphersuite_info;
7938 ssl->handshake->ciphersuite_info;
7982 if (ssl->handshake->sni_ca_chain != NULL) {
7983 ca_chain = ssl->handshake->sni_ca_chain;
7984 ca_crl = ssl->handshake->sni_ca_crl;
8160 mbedtls_pk_init(&ssl->handshake->peer_pubkey);
8162 &ssl->handshake->peer_pubkey);
8177 const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
8178 ? ssl->handshake->sni_authmode
8195 if (ssl->handshake->ecrs_enabled &&
8196 ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) {
8197 chain = ssl->handshake->ecrs_peer_cert;
8198 ssl->handshake->ecrs_peer_cert = NULL;
8245 if (ssl->handshake->ecrs_enabled) {
8246 ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
8250 if (ssl->handshake->ecrs_enabled) {
8251 rs_ctx = &ssl->handshake->ecrs_ctx;
8309 ssl->handshake->ecrs_peer_cert = chain;
8386 * Hash( handshake ) )[0.11]
8388 ssl->handshake->tls_prf(session->master, 48, sender,
8414 &ssl->handshake->fin_sha256_psa,
8416 &ssl->handshake->fin_sha256,
8431 &ssl->handshake->fin_sha384_psa,
8433 &ssl->handshake->fin_sha384,
8442 MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free"));
8445 * Free our handshake params
8448 mbedtls_free(ssl->handshake);
8449 ssl->handshake = NULL;
8461 MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free"));
8466 int resume = ssl->handshake->resume;
8468 MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup"));
8509 ssl->handshake->flight != NULL) {
8510 /* Cancel handshake timer */
8514 * we need the handshake and transform structures for that */
8515 MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform"));
8522 MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup"));
8534 ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
8560 if (ssl->handshake->resume != 0) {
8586 ssl->handshake->alt_transform_out = ssl->transform_out;
8587 memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
8588 sizeof(ssl->handshake->alt_out_ctr));
8647 ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
8694 if (ssl->handshake->resume != 0) {
8905 if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) {
8913 transform->out_cid_len = ssl->handshake->peer_cid_len;
8914 memcpy(transform->out_cid, ssl->handshake->peer_cid,
8915 ssl->handshake->peer_cid_len);
9344 if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes,
9412 if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) {
9445 uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
9467 if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
9472 !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
9479 !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
9520 ssl->handshake->psa_pake_ctx_is_ok != 1)
9523 mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
9699 ssl->handshake->sni_name = p + 3;
9700 ssl->handshake->sni_name_len = hostname_len;