Lines Matching defs:ssl
18 #include "mbedtls/ssl.h"
101 int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
106 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
110 ssl->negotiate_cid = enable;
118 if (own_cid_len != ssl->conf->cid_len) {
121 (unsigned) ssl->conf->cid_len));
125 memcpy(ssl->own_cid, own_cid, own_cid_len);
128 ssl->own_cid_len = (uint8_t) own_cid_len;
133 int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl,
140 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
147 if (ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
152 *own_cid_len = ssl->own_cid_len;
154 memcpy(own_cid, ssl->own_cid, ssl->own_cid_len);
163 int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
170 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
171 mbedtls_ssl_is_handshake_over(ssl) == 0) {
179 if (ssl->transform_in->in_cid_len == 0 &&
180 ssl->transform_in->out_cid_len == 0) {
185 *peer_cid_len = ssl->transform_in->out_cid_len;
187 memcpy(peer_cid, ssl->transform_in->out_cid,
188 ssl->transform_in->out_cid_len);
342 static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
349 if (ssl->in_buf != NULL) {
350 written_in = ssl->in_msg - ssl->in_buf;
351 iv_offset_in = ssl->in_iv - ssl->in_buf;
352 len_offset_in = ssl->in_len - ssl->in_buf;
354 ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
355 ssl->in_buf_len < in_buf_new_len) {
356 if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) {
366 if (ssl->out_buf != NULL) {
367 written_out = ssl->out_msg - ssl->out_buf;
368 iv_offset_out = ssl->out_iv - ssl->out_buf;
369 len_offset_out = ssl->out_len - ssl->out_buf;
371 ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len :
372 ssl->out_buf_len < out_buf_new_len) {
373 if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) {
384 mbedtls_ssl_reset_in_out_pointers(ssl);
387 ssl->out_msg = ssl->out_buf + written_out;
388 ssl->out_len = ssl->out_buf + len_offset_out;
389 ssl->out_iv = ssl->out_buf + iv_offset_out;
391 ssl->in_msg = ssl->in_buf + written_in;
392 ssl->in_len = ssl->in_buf + len_offset_in;
393 ssl->in_iv = ssl->in_buf + iv_offset_in;
426 const mbedtls_ssl_context *ssl);
704 void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl,
712 ssl, level, file, line,
724 ssl, level, file, line,
732 ssl, level, file, line,
737 void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl,
747 ssl, level, file, line, hs_msg_type, extension_type_table[i],
760 void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl,
766 mbedtls_debug_print_msg(ssl, level, file, line,
773 mbedtls_debug_print_msg(ssl, level, file, line, "- %s is set.",
782 void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
789 ssl->handshake->update_checksum = ssl_update_checksum_sha384;
794 ssl->handshake->update_checksum = ssl_update_checksum_sha256;
803 int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
815 return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
818 int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
824 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len);
828 return ssl->handshake->update_checksum(ssl, msg, msg_len);
831 int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
841 ((void) ssl);
845 status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
849 status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
854 mbedtls_md_free(&ssl->handshake->fin_sha256);
855 mbedtls_md_init(&ssl->handshake->fin_sha256);
856 ret = mbedtls_md_setup(&ssl->handshake->fin_sha256,
862 ret = mbedtls_md_starts(&ssl->handshake->fin_sha256);
870 status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
874 status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
879 mbedtls_md_free(&ssl->handshake->fin_sha384);
880 mbedtls_md_init(&ssl->handshake->fin_sha384);
881 ret = mbedtls_md_setup(&ssl->handshake->fin_sha384,
886 ret = mbedtls_md_starts(&ssl->handshake->fin_sha384);
895 static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
906 ((void) ssl);
912 status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
917 ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
925 status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
930 ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
940 static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
945 &ssl->handshake->fin_sha256_psa, buf, len));
947 return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
953 static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
958 &ssl->handshake->fin_sha384_psa, buf, len));
960 return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
1049 static int ssl_handshake_init(mbedtls_ssl_context *ssl)
1055 if (ssl->transform_negotiate) {
1056 mbedtls_ssl_transform_free(ssl->transform_negotiate);
1059 if (ssl->session_negotiate) {
1060 mbedtls_ssl_session_free(ssl->session_negotiate);
1062 if (ssl->handshake) {
1063 mbedtls_ssl_handshake_free(ssl);
1071 if (ssl->transform_negotiate == NULL) {
1072 ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform));
1076 if (ssl->session_negotiate == NULL) {
1077 ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session));
1080 if (ssl->handshake == NULL) {
1081 ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params));
1086 handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
1091 if (ssl->handshake == NULL ||
1093 ssl->transform_negotiate == NULL ||
1095 ssl->session_negotiate == NULL) {
1096 MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed"));
1098 mbedtls_free(ssl->handshake);
1099 ssl->handshake = NULL;
1102 mbedtls_free(ssl->transform_negotiate);
1103 ssl->transform_negotiate = NULL;
1106 mbedtls_free(ssl->session_negotiate);
1107 ssl->session_negotiate = NULL;
1114 ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IDLE;
1117 ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
1119 ssl->total_early_data_size = 0;
1123 mbedtls_ssl_session_init(ssl->session_negotiate);
1124 ssl_handshake_params_init(ssl->handshake);
1127 mbedtls_ssl_transform_init(ssl->transform_negotiate);
1131 ret = mbedtls_ssl_reset_checksum(ssl);
1140 ssl->handshake->new_session_tickets_count =
1141 ssl->conf->new_session_tickets_count;
1145 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1146 ssl->handshake->alt_transform_out = ssl->transform_out;
1148 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
1149 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
1151 ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
1154 mbedtls_ssl_set_timer(ssl, 0);
1166 if (ssl->conf->curve_list != NULL) {
1168 const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
1191 ssl->handshake->group_list = group_list;
1192 ssl->handshake->group_list_heap_allocated = 1;
1194 ssl->handshake->group_list = ssl->conf->group_list;
1195 ssl->handshake->group_list_heap_allocated = 0;
1205 if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) &&
1206 ssl->conf->sig_hashes != NULL) {
1208 const int *sig_hashes = ssl->conf->sig_hashes;
1236 ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len +
1238 if (ssl->handshake->sig_algs == NULL) {
1242 p = (uint16_t *) ssl->handshake->sig_algs;
1258 ssl->handshake->sig_algs_heap_allocated = 1;
1262 ssl->handshake->sig_algs_heap_allocated = 0;
1303 void mbedtls_ssl_init(mbedtls_ssl_context *ssl)
1305 memset(ssl, 0, sizeof(mbedtls_ssl_context));
1309 static int ssl_conf_version_check(const mbedtls_ssl_context *ssl)
1311 const mbedtls_ssl_config *conf = ssl->conf;
1334 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1349 static int ssl_conf_check(const mbedtls_ssl_context *ssl)
1352 ret = ssl_conf_version_check(ssl);
1368 (mbedtls_ssl_context *) ssl) &&
1369 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
1370 ssl->conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
1371 ssl->conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
1372 ssl->conf->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) {
1380 if (ssl->conf->f_rng == NULL) {
1394 int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
1401 ssl->conf = conf;
1403 if ((ret = ssl_conf_check(ssl)) != 0) {
1406 ssl->tls_version = ssl->conf->max_tls_version;
1413 ssl->out_buf = NULL;
1416 ssl->in_buf_len = in_buf_len;
1418 ssl->in_buf = mbedtls_calloc(1, in_buf_len);
1419 if (ssl->in_buf == NULL) {
1426 ssl->out_buf_len = out_buf_len;
1428 ssl->out_buf = mbedtls_calloc(1, out_buf_len);
1429 if (ssl->out_buf == NULL) {
1435 mbedtls_ssl_reset_in_out_pointers(ssl);
1438 memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info));
1441 if ((ret = ssl_handshake_init(ssl)) != 0) {
1448 mbedtls_free(ssl->in_buf);
1449 mbedtls_free(ssl->out_buf);
1451 ssl->conf = NULL;
1454 ssl->in_buf_len = 0;
1455 ssl->out_buf_len = 0;
1457 ssl->in_buf = NULL;
1458 ssl->out_buf = NULL;
1460 ssl->in_hdr = NULL;
1461 ssl->in_ctr = NULL;
1462 ssl->in_len = NULL;
1463 ssl->in_iv = NULL;
1464 ssl->in_msg = NULL;
1466 ssl->out_hdr = NULL;
1467 ssl->out_ctr = NULL;
1468 ssl->out_len = NULL;
1469 ssl->out_iv = NULL;
1470 ssl->out_msg = NULL;
1482 void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
1486 size_t in_buf_len = ssl->in_buf_len;
1487 size_t out_buf_len = ssl->out_buf_len;
1498 mbedtls_ssl_set_timer(ssl, 0);
1500 mbedtls_ssl_reset_in_out_pointers(ssl);
1503 ssl->in_offt = NULL;
1504 ssl->nb_zero = 0;
1505 ssl->in_msgtype = 0;
1506 ssl->in_msglen = 0;
1507 ssl->in_hslen = 0;
1508 ssl->keep_current_message = 0;
1509 ssl->transform_in = NULL;
1512 ssl->next_record_offset = 0;
1513 ssl->in_epoch = 0;
1518 ssl->in_left = 0;
1519 memset(ssl->in_buf, 0, in_buf_len);
1522 ssl->send_alert = 0;
1525 ssl->out_msgtype = 0;
1526 ssl->out_msglen = 0;
1527 ssl->out_left = 0;
1528 memset(ssl->out_buf, 0, out_buf_len);
1529 memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
1530 ssl->transform_out = NULL;
1533 mbedtls_ssl_dtls_replay_reset(ssl);
1537 if (ssl->transform) {
1538 mbedtls_ssl_transform_free(ssl->transform);
1539 mbedtls_free(ssl->transform);
1540 ssl->transform = NULL;
1545 mbedtls_ssl_transform_free(ssl->transform_application);
1546 mbedtls_free(ssl->transform_application);
1547 ssl->transform_application = NULL;
1549 if (ssl->handshake != NULL) {
1551 mbedtls_ssl_transform_free(ssl->handshake->transform_earlydata);
1552 mbedtls_free(ssl->handshake->transform_earlydata);
1553 ssl->handshake->transform_earlydata = NULL;
1556 mbedtls_ssl_transform_free(ssl->handshake->transform_handshake);
1557 mbedtls_free(ssl->handshake->transform_handshake);
1558 ssl->handshake->transform_handshake = NULL;
1564 int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial)
1568 ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
1569 ssl->tls_version = ssl->conf->max_tls_version;
1571 mbedtls_ssl_session_reset_msg_layer(ssl, partial);
1575 ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
1576 ssl->renego_records_seen = 0;
1578 ssl->verify_data_len = 0;
1579 memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN);
1580 memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN);
1582 ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
1584 ssl->session_in = NULL;
1585 ssl->session_out = NULL;
1586 if (ssl->session) {
1587 mbedtls_ssl_session_free(ssl->session);
1588 mbedtls_free(ssl->session);
1589 ssl->session = NULL;
1593 ssl->alpn_chosen = NULL;
1602 mbedtls_free(ssl->cli_id);
1603 ssl->cli_id = NULL;
1604 ssl->cli_id_len = 0;
1608 if ((ret = ssl_handshake_init(ssl)) != 0) {
1619 int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
1621 return mbedtls_ssl_session_reset_int(ssl, 0);
1651 void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
1654 ssl->disable_datagram_packing = !allow_packing;
1696 void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
1702 ssl->p_bio = p_bio;
1703 ssl->f_send = f_send;
1704 ssl->f_recv = f_recv;
1705 ssl->f_recv_timeout = f_recv_timeout;
1709 void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu)
1711 ssl->mtu = mtu;
1720 void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
1725 ssl->p_timer = p_timer;
1726 ssl->f_set_timer = f_set_timer;
1727 ssl->f_get_timer = f_get_timer;
1730 mbedtls_ssl_set_timer(ssl, 0);
1746 int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
1750 if (ssl == NULL ||
1752 ssl->session_negotiate == NULL ||
1753 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
1757 if (ssl->handshake->resume == 1) {
1767 ssl, ciphersuite_info, MBEDTLS_SSL_VERSION_TLS1_3,
1776 if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate,
1781 ssl->handshake->resume = 1;
1913 const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl,
1916 *name_len = ssl->handshake->sni_name_len;
1917 return ssl->handshake->sni_name;
1920 int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
1924 return ssl_append_key_cert(&ssl->handshake->sni_key_cert,
1928 void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
1932 ssl->handshake->sni_ca_chain = ca_chain;
1933 ssl->handshake->sni_ca_crl = ca_crl;
1937 void mbedtls_ssl_set_hs_dn_hints(mbedtls_ssl_context *ssl,
1940 ssl->handshake->dn_hints = crt;
1944 void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl,
1947 ssl->handshake->sni_authmode = authmode;
1952 void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl,
1956 ssl->f_vrfy = f_vrfy;
1957 ssl->p_vrfy = p_vrfy;
1968 mbedtls_ssl_context *ssl,
1984 status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite);
1989 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
2001 status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len);
2006 status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len);
2011 status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd);
2016 ssl->handshake->psa_pake_ctx_is_ok = 1;
2021 int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
2028 if (ssl->handshake == NULL || ssl->conf == NULL) {
2042 &ssl->handshake->psa_pake_password);
2047 status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl,
2048 ssl->handshake->psa_pake_password);
2050 psa_destroy_key(ssl->handshake->psa_pake_password);
2051 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2058 int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl,
2063 if (ssl->handshake == NULL || ssl->conf == NULL) {
2071 status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl, pwd);
2073 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2080 int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
2086 if (ssl->handshake == NULL || ssl->conf == NULL) {
2095 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
2101 return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx,
2220 static void ssl_remove_psk(mbedtls_ssl_context *ssl)
2223 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
2226 if (ssl->handshake->psk_opaque_is_internal) {
2227 psa_destroy_key(ssl->handshake->psk_opaque);
2228 ssl->handshake->psk_opaque_is_internal = 0;
2230 ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
2233 if (ssl->handshake->psk != NULL) {
2234 mbedtls_zeroize_and_free(ssl->handshake->psk,
2235 ssl->handshake->psk_len);
2236 ssl->handshake->psk_len = 0;
2241 int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
2251 if (psk == NULL || ssl->handshake == NULL) {
2259 ssl_remove_psk(ssl);
2263 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
2264 if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
2274 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
2290 ssl->handshake->psk_opaque_is_internal = 1;
2291 return mbedtls_ssl_set_hs_psk_opaque(ssl, key);
2293 if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) {
2297 ssl->handshake->psk_len = psk_len;
2298 memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len);
2333 int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl,
2337 (ssl->handshake == NULL)) {
2341 ssl_remove_psk(ssl);
2342 ssl->handshake->psk_opaque = psk;
2748 * stored in ssl->handshake->group_list.
2773 int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
2791 if (ssl->hostname != NULL) {
2792 mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
2798 ssl->hostname = NULL;
2800 ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
2801 if (ssl->hostname == NULL) {
2805 memcpy(ssl->hostname, hostname, hostname_len);
2807 ssl->hostname[hostname_len] = '\0';
2853 const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl)
2855 return ssl->alpn_chosen;
2866 int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
2874 if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) {
2878 memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len);
2879 ssl->dtls_srtp_info.mki_len = mki_len;
2914 void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl,
2917 dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile;
2922 dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len;
2923 memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
2924 ssl->dtls_srtp_info.mki_len);
3030 void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl,
3034 ssl->f_export_keys = f_export_keys;
3035 ssl->p_export_keys = p_export_keys;
3059 void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl)
3061 if (ssl->handshake == NULL) {
3064 return ssl->handshake->user_async_ctx;
3068 void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl,
3071 if (ssl->handshake != NULL) {
3072 ssl->handshake->user_async_ctx = ctx;
3080 uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl)
3082 if (ssl->session != NULL) {
3083 return ssl->session->verify_result;
3086 if (ssl->session_negotiate != NULL) {
3087 return ssl->session_negotiate->verify_result;
3093 int mbedtls_ssl_get_ciphersuite_id_from_ssl(const mbedtls_ssl_context *ssl)
3095 if (ssl == NULL || ssl->session == NULL) {
3099 return ssl->session->ciphersuite;
3102 const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl)
3104 if (ssl == NULL || ssl->session == NULL) {
3108 return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite);
3111 const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl)
3114 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
3115 switch (ssl->tls_version) {
3124 switch (ssl->tls_version) {
3136 size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl)
3141 if (ssl->session != NULL &&
3142 ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
3143 ssl->session->record_size_limit < max_len) {
3144 record_size_limit = ssl->session->record_size_limit;
3149 if (ssl->session_negotiate != NULL &&
3150 ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN &&
3151 ssl->session_negotiate->record_size_limit < max_len) {
3152 record_size_limit = ssl->session_negotiate->record_size_limit;
3160 size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl)
3167 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
3168 ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) {
3169 return ssl_mfl_code_to_length(ssl->conf->mfl_code);
3174 if (ssl->session_out != NULL) {
3175 read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code);
3182 if (ssl->session_negotiate != NULL) {
3183 read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code);
3192 size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
3199 max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code);
3202 if (ssl->session_out != NULL &&
3203 ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) {
3204 max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code);
3208 if (ssl->session_negotiate != NULL &&
3209 ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) {
3210 max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code);
3218 size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl)
3221 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
3222 (ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
3223 ssl->state == MBEDTLS_SSL_SERVER_HELLO)) {
3227 if (ssl->handshake == NULL || ssl->handshake->mtu == 0) {
3228 return ssl->mtu;
3231 if (ssl->mtu == 0) {
3232 return ssl->handshake->mtu;
3235 return ssl->mtu < ssl->handshake->mtu ?
3236 ssl->mtu : ssl->handshake->mtu;
3240 int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
3247 (void) ssl;
3251 const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl);
3259 const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl);
3266 if (ssl->transform_out != NULL &&
3267 ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
3283 if (mbedtls_ssl_get_current_mtu(ssl) != 0) {
3284 const size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
3285 const int ret = mbedtls_ssl_get_record_expansion(ssl);
3306 ((void) ssl);
3312 int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl)
3317 (void) ssl;
3321 const size_t mfl = mbedtls_ssl_get_input_max_frag_len(ssl);
3332 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl)
3334 if (ssl == NULL || ssl->session == NULL) {
3339 return ssl->session->peer_cert;
3347 int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
3352 if (ssl == NULL ||
3354 ssl->session == NULL ||
3355 ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
3370 if (ssl->session->exported == 1) {
3374 ret = mbedtls_ssl_session_copy(dst, ssl->session);
3380 ssl->session->exported = 1;
4463 static int ssl_prepare_handshake_step(mbedtls_ssl_context *ssl)
4482 if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
4487 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
4488 ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
4489 if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
4498 int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
4502 if (ssl == NULL ||
4503 ssl->conf == NULL ||
4504 ssl->handshake == NULL ||
4505 ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
4509 ret = ssl_prepare_handshake_step(ssl);
4514 ret = mbedtls_ssl_handle_pending_alert(ssl);
4519 /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
4524 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
4526 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state)));
4528 switch (ssl->state) {
4530 ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
4535 ret = mbedtls_ssl_write_client_hello(ssl);
4540 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
4541 ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
4543 ret = mbedtls_ssl_handshake_client_step(ssl);
4546 ret = mbedtls_ssl_handshake_client_step(ssl);
4548 ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
4555 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
4557 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
4558 ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
4560 ret = mbedtls_ssl_handshake_server_step(ssl);
4563 ret = mbedtls_ssl_handshake_server_step(ssl);
4565 ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
4574 if (ssl->send_alert) {
4575 ret = mbedtls_ssl_handle_pending_alert(ssl);
4587 int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl)
4593 if (ssl == NULL || ssl->conf == NULL) {
4598 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
4599 (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) {
4609 while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
4610 ret = mbedtls_ssl_handshake_step(ssl);
4628 static int ssl_write_hello_request(mbedtls_ssl_context *ssl)
4634 ssl->out_msglen = 4;
4635 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
4636 ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
4638 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
4658 int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl)
4664 if ((ret = ssl_handshake_init(ssl)) != 0) {
4671 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
4672 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
4673 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
4674 ssl->handshake->out_msg_seq = 1;
4676 ssl->handshake->in_msg_seq = 1;
4681 ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
4682 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
4684 if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
4698 int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl)
4702 if (ssl == NULL || ssl->conf == NULL) {
4708 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
4709 if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
4713 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
4716 if (ssl->out_left != 0) {
4717 return mbedtls_ssl_flush_output(ssl);
4720 return ssl_write_hello_request(ssl);
4729 if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
4730 if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
4734 if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) {
4739 if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
4750 void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
4752 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
4760 if (ssl->handshake->group_list_heap_allocated) {
4769 if (ssl->handshake->sig_algs_heap_allocated) {
4775 if (ssl->handshake->certificate_request_context) {
4782 if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) {
4783 ssl->conf->f_async_cancel(ssl);
4842 if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
4845 if (ssl->handshake->psk_opaque_is_internal) {
4846 psa_destroy_key(ssl->handshake->psk_opaque);
4847 ssl->handshake->psk_opaque_is_internal = 0;
4849 ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
4888 mbedtls_ssl_buffering_free(ssl);
4912 handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl),
4913 mbedtls_ssl_get_output_buflen(ssl));
5034 int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
5053 if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
5057 if (ssl->handshake != NULL) {
5062 if (ssl->transform == NULL || ssl->session == NULL) {
5067 if (mbedtls_ssl_check_pending(ssl) != 0) {
5071 if (ssl->out_left != 0) {
5076 if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
5081 if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) {
5086 if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) {
5092 if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) {
5112 ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len);
5122 ret = ssl_session_save(ssl->session, 1,
5134 used += sizeof(ssl->transform->randbytes);
5136 memcpy(p, ssl->transform->randbytes,
5137 sizeof(ssl->transform->randbytes));
5138 p += sizeof(ssl->transform->randbytes);
5142 used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
5144 *p++ = ssl->transform->in_cid_len;
5145 memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len);
5146 p += ssl->transform->in_cid_len;
5148 *p++ = ssl->transform->out_cid_len;
5149 memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len);
5150 p += ssl->transform->out_cid_len;
5159 MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
5166 MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0);
5169 MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0);
5177 *p++ = ssl->disable_datagram_packing;
5183 memcpy(p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
5190 MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0);
5197 const uint8_t alpn_len = ssl->alpn_chosen
5198 ? (uint8_t) strlen(ssl->alpn_chosen)
5205 if (ssl->alpn_chosen != NULL) {
5206 memcpy(p, ssl->alpn_chosen, alpn_len);
5224 return mbedtls_ssl_session_reset_int(ssl, 0);
5234 static int ssl_context_load(mbedtls_ssl_context *ssl,
5252 if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
5253 ssl->session != NULL) {
5263 ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
5265 ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
5266 ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
5267 ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2
5299 ssl->session = ssl->session_negotiate;
5300 ssl->session_in = ssl->session;
5301 ssl->session_out = ssl->session;
5302 ssl->session_negotiate = NULL;
5308 ret = ssl_session_load(ssl->session, 1, p, session_len);
5310 mbedtls_ssl_session_free(ssl->session);
5323 ssl->transform = ssl->transform_negotiate;
5324 ssl->transform_in = ssl->transform;
5325 ssl->transform_out = ssl->transform;
5326 ssl->transform_negotiate = NULL;
5330 prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite);
5336 if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) {
5340 ret = ssl_tls12_populate_transform(ssl->transform,
5341 ssl->session->ciphersuite,
5342 ssl->session->master,
5344 ssl->session->encrypt_then_mac,
5349 ssl->conf->endpoint,
5350 ssl);
5355 p += sizeof(ssl->transform->randbytes);
5363 ssl->transform->in_cid_len = *p++;
5365 if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) {
5369 memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len);
5370 p += ssl->transform->in_cid_len;
5372 ssl->transform->out_cid_len = *p++;
5374 if ((size_t) (end - p) < ssl->transform->out_cid_len) {
5378 memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len);
5379 p += ssl->transform->out_cid_len;
5389 ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0);
5397 ssl->in_window_top = MBEDTLS_GET_UINT64_BE(p, 0);
5400 ssl->in_window = MBEDTLS_GET_UINT64_BE(p, 0);
5409 ssl->disable_datagram_packing = *p++;
5412 if ((size_t) (end - p) < sizeof(ssl->cur_out_ctr)) {
5415 memcpy(ssl->cur_out_ctr, p, sizeof(ssl->cur_out_ctr));
5416 p += sizeof(ssl->cur_out_ctr);
5423 ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0);
5438 if (alpn_len != 0 && ssl->conf->alpn_list != NULL) {
5440 for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
5443 ssl->alpn_chosen = *cur;
5450 if (alpn_len != 0 && ssl->alpn_chosen == NULL) {
5464 ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
5465 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
5469 mbedtls_ssl_update_out_pointers(ssl, ssl->transform);
5472 ssl->in_epoch = 1;
5479 if (ssl->handshake != NULL) {
5480 mbedtls_ssl_handshake_free(ssl);
5481 mbedtls_free(ssl->handshake);
5482 ssl->handshake = NULL;
5515 void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
5517 if (ssl == NULL) {
5523 if (ssl->out_buf != NULL) {
5525 size_t out_buf_len = ssl->out_buf_len;
5530 mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len);
5531 ssl->out_buf = NULL;
5534 if (ssl->in_buf != NULL) {
5536 size_t in_buf_len = ssl->in_buf_len;
5541 mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len);
5542 ssl->in_buf = NULL;
5545 if (ssl->transform) {
5546 mbedtls_ssl_transform_free(ssl->transform);
5547 mbedtls_free(ssl->transform);
5550 if (ssl->handshake) {
5551 mbedtls_ssl_handshake_free(ssl);
5552 mbedtls_free(ssl->handshake);
5555 mbedtls_ssl_transform_free(ssl->transform_negotiate);
5556 mbedtls_free(ssl->transform_negotiate);
5559 mbedtls_ssl_session_free(ssl->session_negotiate);
5560 mbedtls_free(ssl->session_negotiate);
5564 mbedtls_ssl_transform_free(ssl->transform_application);
5565 mbedtls_free(ssl->transform_application);
5568 if (ssl->session) {
5569 mbedtls_ssl_session_free(ssl->session);
5570 mbedtls_free(ssl->session);
5574 if (ssl->hostname != NULL) {
5575 mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
5580 mbedtls_free(ssl->cli_id);
5586 mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context));
6189 int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id)
6191 const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
6210 int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
6218 return mbedtls_ssl_check_curve_tls_id(ssl, tls_id);
6413 int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
6428 hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
6434 hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
6455 (void) ssl;
6463 static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
6480 ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
6501 static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl,
6518 ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
6537 int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
6547 return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
6552 return ssl_get_handshake_transcript_sha256(ssl, dst, dst_len, olen);
6558 (void) ssl;
6611 int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl,
6625 memset(ssl->handshake->received_sig_algs, 0,
6626 sizeof(ssl->handshake->received_sig_algs));
6638 if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
6639 (!(mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg) &&
6640 mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)))) {
6649 ssl->handshake->received_sig_algs[common_idx] = sig_alg;
6669 ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE;
7002 * [in] ssl: optionally used for debugging, EMS and PSA-PSK
7010 const mbedtls_ssl_context *ssl)
7042 ssl = NULL; /* make sure we don't use it except for those cases */
7043 (void) ssl;
7055 ret = handshake->calc_verify(ssl, session_hash, &seed_len);
7078 psk = mbedtls_ssl_get_opaque_psk(ssl);
7109 ssl->conf->psk, ssl->conf->psk_len,
7200 int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
7204 ssl->handshake->ciphersuite_info;
7209 ret = ssl_set_handshake_prfs(ssl->handshake,
7217 ret = ssl_compute_master(ssl->handshake,
7218 ssl->session_negotiate->master,
7219 ssl);
7230 memcpy(tmp, ssl->handshake->randbytes, 64);
7231 memcpy(ssl->handshake->randbytes, tmp + 32, 32);
7232 memcpy(ssl->handshake->randbytes + 32, tmp, 32);
7237 ret = ssl_tls12_populate_transform(ssl->transform_negotiate,
7238 ssl->session_negotiate->ciphersuite,
7239 ssl->session_negotiate->master,
7241 ssl->session_negotiate->encrypt_then_mac,
7243 ssl->handshake->tls_prf,
7244 ssl->handshake->randbytes,
7245 ssl->tls_version,
7246 ssl->conf->endpoint,
7247 ssl);
7254 mbedtls_platform_zeroize(ssl->handshake->randbytes,
7255 sizeof(ssl->handshake->randbytes));
7262 int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
7267 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
7272 ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
7280 (void) ssl;
7286 static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl,
7296 (void) ssl;
7317 static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl,
7328 (void) ssl;
7358 int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
7363 return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32,
7366 return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256,
7373 int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
7378 return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48,
7381 return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384,
7389 int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
7391 unsigned char *p = ssl->handshake->premaster;
7392 unsigned char *end = p + sizeof(ssl->handshake->premaster);
7395 int psk_ret = mbedtls_ssl_get_psk(ssl, &psk, &psk_len);
7456 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
7458 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
7465 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
7473 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen,
7475 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
7483 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
7507 ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster);
7515 static int ssl_write_hello_request(mbedtls_ssl_context *ssl);
7518 int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl)
7522 if (ssl->conf->renego_max_records < 0) {
7523 uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
7531 if (++ssl->renego_records_seen > doublings) {
7537 return ssl_write_hello_request(ssl);
7547 int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
7550 ssl->handshake->ciphersuite_info;
7556 ssl->state++;
7564 int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
7567 ssl->handshake->ciphersuite_info;
7573 ssl->state++;
7584 int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
7590 ssl->handshake->ciphersuite_info;
7596 ssl->state++;
7601 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
7602 if (ssl->handshake->client_auth == 0) {
7604 ssl->state++;
7610 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
7611 if (mbedtls_ssl_own_cert(ssl) == NULL) {
7619 MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl));
7631 crt = mbedtls_ssl_own_cert(ssl);
7642 ssl->out_msg[i] = MBEDTLS_BYTE_2(n);
7643 ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n);
7644 ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n);
7646 i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n);
7650 ssl->out_msg[4] = MBEDTLS_BYTE_2(i - 7);
7651 ssl->out_msg[5] = MBEDTLS_BYTE_1(i - 7);
7652 ssl->out_msg[6] = MBEDTLS_BYTE_0(i - 7);
7654 ssl->out_msglen = i;
7655 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
7656 ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
7658 ssl->state++;
7660 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
7674 static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl,
7678 mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
7692 static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl,
7698 ssl->session->peer_cert_digest;
7700 ssl->session->peer_cert_digest_type;
7730 static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
7740 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
7742 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
7747 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE) {
7748 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
7753 if (ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) {
7755 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
7760 i = mbedtls_ssl_hs_hdr_len(ssl);
7765 n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
7767 if (ssl->in_msg[i] != 0 ||
7768 ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) {
7770 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
7775 /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
7779 while (i < ssl->in_hslen) {
7781 if (i + 3 > ssl->in_hslen) {
7783 mbedtls_ssl_send_alert_message(ssl,
7790 if (ssl->in_msg[i] != 0) {
7792 mbedtls_ssl_send_alert_message(ssl,
7799 n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
7802 if (n < 128 || i + n > ssl->in_hslen) {
7804 mbedtls_ssl_send_alert_message(ssl,
7813 ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
7814 ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
7820 if (ssl_check_peer_crt_unchanged(ssl,
7821 &ssl->in_msg[i],
7824 mbedtls_ssl_send_alert_message(ssl,
7831 ssl_clear_peer_cert(ssl->session);
7837 ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n);
7841 ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n);
7861 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert);
7875 static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl)
7877 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
7881 if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) &&
7882 ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
7883 ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
7884 memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) {
7901 static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
7905 ssl->handshake->ciphersuite_info;
7912 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
7918 ssl->session_negotiate->verify_result =
7931 static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
7938 ssl->handshake->ciphersuite_info;
7948 if (ssl->f_vrfy != NULL) {
7950 f_vrfy = ssl->f_vrfy;
7951 p_vrfy = ssl->p_vrfy;
7954 f_vrfy = ssl->conf->f_vrfy;
7955 p_vrfy = ssl->conf->p_vrfy;
7962 if (ssl->conf->f_ca_cb != NULL) {
7969 ssl->conf->f_ca_cb,
7970 ssl->conf->p_ca_cb,
7971 ssl->conf->cert_profile,
7972 ssl->hostname,
7973 &ssl->session_negotiate->verify_result,
7982 if (ssl->handshake->sni_ca_chain != NULL) {
7983 ca_chain = ssl->handshake->sni_ca_chain;
7984 ca_crl = ssl->handshake->sni_ca_crl;
7988 ca_chain = ssl->conf->ca_chain;
7989 ca_crl = ssl->conf->ca_crl;
7999 ssl->conf->cert_profile,
8000 ssl->hostname,
8001 &ssl->session_negotiate->verify_result,
8035 if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
8036 ssl->session_negotiate->verify_result |=
8050 !ssl->conf->endpoint,
8051 &ssl->session_negotiate->verify_result) != 0) {
8081 if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) {
8083 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
8085 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) {
8087 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) {
8089 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE) {
8091 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) {
8093 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) {
8095 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
8097 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
8099 } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
8104 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
8109 if (ssl->session_negotiate->verify_result != 0) {
8111 (unsigned int) ssl->session_negotiate->verify_result));
8122 static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl,
8127 ssl->session_negotiate->peer_cert_digest =
8129 if (ssl->session_negotiate->peer_cert_digest == NULL) {
8132 mbedtls_ssl_send_alert_message(ssl,
8142 ssl->session_negotiate->peer_cert_digest);
8144 ssl->session_negotiate->peer_cert_digest_type =
8146 ssl->session_negotiate->peer_cert_digest_len =
8153 static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl,
8160 mbedtls_pk_init(&ssl->handshake->peer_pubkey);
8162 &ssl->handshake->peer_pubkey);
8172 int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
8177 const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
8178 ? ssl->handshake->sni_authmode
8179 : ssl->conf->authmode;
8181 const int authmode = ssl->conf->authmode;
8188 crt_expected = ssl_parse_certificate_coordinate(ssl, authmode);
8195 if (ssl->handshake->ecrs_enabled &&
8196 ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) {
8197 chain = ssl->handshake->ecrs_peer_cert;
8198 ssl->handshake->ecrs_peer_cert = NULL;
8203 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
8211 if (ssl_srv_check_client_no_crt_notification(ssl) == 0) {
8212 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
8224 ssl_clear_peer_cert(ssl->session_negotiate);
8230 mbedtls_ssl_send_alert_message(ssl,
8239 ret = ssl_parse_certificate_chain(ssl, chain);
8245 if (ssl->handshake->ecrs_enabled) {
8246 ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
8250 if (ssl->handshake->ecrs_enabled) {
8251 rs_ctx = &ssl->handshake->ecrs_ctx;
8255 ret = ssl_parse_certificate_verify(ssl, authmode,
8283 ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len);
8288 ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len);
8295 ssl->session_negotiate->peer_cert = chain;
8304 ssl->state++;
8309 ssl->handshake->ecrs_peer_cert = chain;
8323 static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx,
8341 mbedtls_ssl_session *session = ssl->session_negotiate;
8343 session = ssl->session;
8388 ssl->handshake->tls_prf(session->master, 48, sender,
8409 mbedtls_ssl_context *ssl, unsigned char *buf, int from)
8412 return ssl_calc_finished_tls_generic(ssl,
8414 &ssl->handshake->fin_sha256_psa,
8416 &ssl->handshake->fin_sha256,
8426 mbedtls_ssl_context *ssl, unsigned char *buf, int from)
8429 return ssl_calc_finished_tls_generic(ssl,
8431 &ssl->handshake->fin_sha384_psa,
8433 &ssl->handshake->fin_sha384,
8440 void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl)
8447 mbedtls_ssl_handshake_free(ssl);
8448 mbedtls_free(ssl->handshake);
8449 ssl->handshake = NULL;
8454 if (ssl->transform) {
8455 mbedtls_ssl_transform_free(ssl->transform);
8456 mbedtls_free(ssl->transform);
8458 ssl->transform = ssl->transform_negotiate;
8459 ssl->transform_negotiate = NULL;
8464 void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
8466 int resume = ssl->handshake->resume;
8471 if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
8472 ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE;
8473 ssl->renego_records_seen = 0;
8480 if (ssl->session) {
8483 ssl->session_negotiate->encrypt_then_mac =
8484 ssl->session->encrypt_then_mac;
8487 mbedtls_ssl_session_free(ssl->session);
8488 mbedtls_free(ssl->session);
8490 ssl->session = ssl->session_negotiate;
8491 ssl->session_negotiate = NULL;
8496 if (ssl->conf->f_set_cache != NULL &&
8497 ssl->session->id_len != 0 &&
8499 if (ssl->conf->f_set_cache(ssl->conf->p_cache,
8500 ssl->session->id,
8501 ssl->session->id_len,
8502 ssl->session) != 0) {
8508 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
8509 ssl->handshake->flight != NULL) {
8511 mbedtls_ssl_set_timer(ssl, 0);
8518 mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
8520 ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
8525 int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
8532 mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate);
8534 ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
8548 ssl->verify_data_len = hash_len;
8549 memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len);
8552 ssl->out_msglen = 4 + hash_len;
8553 ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
8554 ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
8560 if (ssl->handshake->resume != 0) {
8562 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
8563 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
8567 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
8568 ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
8572 ssl->state++;
8582 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
8586 ssl->handshake->alt_transform_out = ssl->transform_out;
8587 memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
8588 sizeof(ssl->handshake->alt_out_ctr));
8591 memset(&ssl->cur_out_ctr[2], 0, sizeof(ssl->cur_out_ctr) - 2);
8596 if (++ssl->cur_out_ctr[i - 1] != 0) {
8608 memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
8610 ssl->transform_out = ssl->transform_negotiate;
8611 ssl->session_out = ssl->session_negotiate;
8614 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
8615 mbedtls_ssl_send_flight_completed(ssl);
8619 if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
8625 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
8626 (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
8639 int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
8647 ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
8652 if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
8657 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
8659 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
8665 if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED) {
8666 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
8672 if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) {
8674 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
8680 if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl),
8683 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
8690 ssl->verify_data_len = hash_len;
8691 memcpy(ssl->peer_verify_data, buf, hash_len);
8694 if (ssl->handshake->resume != 0) {
8696 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
8697 ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
8701 if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
8702 ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
8706 ssl->state++;
8710 if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
8711 mbedtls_ssl_recv_flight_completed(ssl);
8783 * - [in] ssl: used for:
8784 * - ssl->conf->{f,p}_export_keys
8786 * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
8799 const mbedtls_ssl_context *ssl)
8905 if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) {
8908 transform->in_cid_len = ssl->own_cid_len;
8909 memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len);
8913 transform->out_cid_len = ssl->handshake->peer_cid_len;
8914 memcpy(transform->out_cid, ssl->handshake->peer_cid,
8915 ssl->handshake->peer_cid_len);
9097 if (ssl->f_export_keys != NULL) {
9098 ssl->f_export_keys(ssl->p_export_keys,
9327 int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
9344 if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes,
9364 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
9383 int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
9412 if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) {
9429 mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
9441 mbedtls_ssl_context *ssl,
9445 uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
9467 if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
9472 !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
9479 !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
9500 const mbedtls_ssl_context *ssl,
9505 (void) ssl;
9520 ssl->handshake->psa_pake_ctx_is_ok != 1)
9523 mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
9533 mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) {
9584 int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf,
9607 const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl);
9616 if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) {
9641 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG);
9670 int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
9699 ssl->handshake->sni_name = p + 3;
9700 ssl->handshake->sni_name_len = hostname_len;
9701 if (ssl->conf->f_sni == NULL) {
9704 ret = ssl->conf->f_sni(ssl->conf->p_sni,
9705 ssl, p + 3, hostname_len);
9724 int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
9735 if (ssl->conf->alpn_list == NULL) {
9777 for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
9784 ssl->alpn_chosen = *alpn;
9799 int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
9808 if (ssl->alpn_chosen == NULL) {
9812 protocol_name_len = strlen(ssl->alpn_chosen);
9834 memcpy(p + 7, ssl->alpn_chosen, protocol_name_len);
9837 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN);