Lines Matching refs:handshake
205 if (ssl->handshake->curves_tls_id != NULL) {
226 ssl->handshake->curves_tls_id = curves_tls_id;
267 ssl->handshake->ecdh_ctx.point_format = p[0];
271 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
297 if (ssl->handshake->psa_pake_ctx_is_ok != 1)
299 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
308 &ssl->handshake->psa_pake_ctx, buf, len,
310 psa_destroy_key(ssl->handshake->psa_pake_password);
311 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
322 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
332 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
398 /* Leave ssl->handshake->cid_in_use in its default
411 ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
412 ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
413 memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
461 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
485 ssl->handshake->new_session_ticket = 1;
533 ssl->handshake->resume = 1;
536 ssl->handshake->new_session_ticket = 0;
703 if (ssl->handshake->sni_key_cert != NULL) {
704 list = ssl->handshake->sni_key_cert;
768 ssl->handshake->curves_tls_id) != 0) {
778 /* Do not update ssl->handshake->key_cert unless there is a match */
780 ssl->handshake->key_cert = cur;
782 ssl->handshake->key_cert->cert);
821 (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) {
832 (ssl->handshake->curves_tls_id == NULL ||
833 ssl->handshake->curves_tls_id[0] == 0)) {
965 /* For DTLS if this is the initial handshake, remember the client sequence
1033 ret = ssl->handshake->update_checksum(ssl, buf, msg_len);
1041 * 0 . 0 handshake type
1042 * 1 . 3 handshake length
1052 MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0]));
1060 MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u",
1084 * Copy the client's handshake message_seq on initial handshakes,
1091 if (cli_msg_seq != ssl->handshake->in_msg_seq) {
1094 ssl->handshake->in_msg_seq));
1098 ssl->handshake->in_msg_seq++;
1103 ssl->handshake->out_msg_seq = cli_msg_seq;
1104 ssl->handshake->in_msg_seq = cli_msg_seq + 1;
1178 memcpy(ssl->handshake->randbytes, buf + 2, 32);
1229 ssl->handshake->cookie_verify_result = 1;
1232 ssl->handshake->cookie_verify_result = 0;
1387 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
1503 uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
1550 MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake"));
1586 ssl->handshake->sni_name = NULL;
1587 ssl->handshake->sni_name_len = 0;
1657 ssl->handshake->ciphersuite_info = ciphersuite_info;
1700 if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) {
1784 if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) {
1809 if (ssl->handshake->new_session_ticket == 0) {
1899 if ((ssl->handshake->cli_exts &
1935 if (ssl->handshake->ciphersuite_info->key_exchange !=
1951 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
1955 psa_destroy_key(ssl->handshake->psa_pake_password);
1956 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
1961 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
2116 if (ssl->handshake->resume == 1) {
2152 ssl->handshake->resume = 1;
2173 ssl->handshake->cookie_verify_result != 0) {
2182 * 0 . 0 handshake type
2183 * 1 . 3 handshake length
2244 memcpy(ssl->handshake->randbytes + 32, buf + 6, 32);
2250 if (ssl->handshake->resume == 0) {
2262 if (ssl->handshake->new_session_ticket != 0) {
2302 ssl->handshake->resume ? "a" : "no"));
2399 ssl->handshake->ciphersuite_info;
2418 ssl->handshake->ciphersuite_info;
2431 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
2432 authmode = ssl->handshake->sni_authmode;
2444 * 0 . 0 handshake type
2445 * 1 . 3 handshake length
2535 if (ssl->handshake->dn_hints != NULL) {
2536 crt = ssl->handshake->dn_hints;
2544 if (ssl->handshake->sni_ca_chain != NULL) {
2545 crt = ssl->handshake->sni_ca_chain;
2631 ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
2632 ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes);
2638 ssl->handshake->xxdh_psa_privkey = pk->priv_id;
2639 ssl->handshake->xxdh_psa_privkey_is_external = 1;
2650 PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
2651 psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
2659 &ssl->handshake->xxdh_psa_privkey);
2667 ssl->handshake->xxdh_psa_privkey_is_external = 0;
2690 &ssl->handshake->xxdh_psa_bits);
2692 ssl->handshake->xxdh_psa_type = key_type;
2698 PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
2699 psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
2708 &ssl->handshake->xxdh_psa_privkey);
2746 if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
2776 ssl->handshake->async_in_progress = 0;
2793 ssl->handshake->ciphersuite_info;
2852 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
2857 psa_destroy_key(ssl->handshake->psa_pake_password);
2858 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2869 &ssl->handshake->ecjpake_ctx,
2920 if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx,
2928 &ssl->handshake->dhm_ctx,
2929 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
2942 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
2943 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
2944 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
2945 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
2962 uint16_t *curr_tls_id = ssl->handshake->curves_tls_id;
2972 for (curr_tls_id = ssl->handshake->curves_tls_id;
2992 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
3009 handshake->xxdh_psa_type = key_type;
3010 handshake->xxdh_psa_bits = ec_bits;
3015 psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
3016 psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
3033 &handshake->xxdh_psa_privkey);
3055 status = psa_export_public_key(handshake->xxdh_psa_privkey,
3061 (void) psa_destroy_key(handshake->xxdh_psa_privkey);
3062 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3075 if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx,
3082 &ssl->handshake->ecdh_ctx, &len,
3090 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
3197 ssl->handshake->async_in_progress = 1;
3200 ssl->handshake->async_in_progress = 1;
3246 ssl->handshake->ciphersuite_info;
3279 if (ssl->handshake->async_in_progress != 0) {
3397 if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) {
3404 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
3424 ssl->handshake->async_in_progress = 0;
3454 if (ssl->handshake->async_in_progress != 0) {
3492 ssl->handshake->async_in_progress = 1;
3498 ssl->handshake->async_in_progress = 1;
3525 unsigned char *pms = ssl->handshake->premaster + pms_offset;
3566 * bad_record_mac later in the handshake.
3585 if (sizeof(ssl->handshake->premaster) < pms_offset ||
3586 sizeof(ssl->handshake->premaster) - pms_offset < 48) {
3590 ssl->handshake->pmslen = 48;
3594 mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen);
3663 ciphersuite_info = ssl->handshake->ciphersuite_info;
3672 (ssl->handshake->async_in_progress != 0)) {
3709 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
3710 ssl->handshake->premaster,
3712 &ssl->handshake->pmslen,
3718 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
3733 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
3754 if (data_len > sizeof(handshake->xxdh_psa_peerkey)) {
3758 sizeof(handshake->xxdh_psa_peerkey)));
3761 memcpy(handshake->xxdh_psa_peerkey, p, data_len);
3762 handshake->xxdh_psa_peerkey_len = data_len;
3766 PSA_ALG_ECDH, handshake->xxdh_psa_privkey,
3767 handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,
3768 handshake->premaster, sizeof(handshake->premaster),
3769 &handshake->pmslen);
3773 if (handshake->xxdh_psa_privkey_is_external == 0) {
3774 (void) psa_destroy_key(handshake->xxdh_psa_privkey);
3776 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3780 if (handshake->xxdh_psa_privkey_is_external == 0) {
3781 status = psa_destroy_key(handshake->xxdh_psa_privkey);
3789 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3791 if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
3797 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
3800 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
3801 &ssl->handshake->pmslen,
3802 ssl->handshake->premaster,
3809 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
3842 if (ssl->handshake->async_in_progress != 0) {
3889 unsigned char *pms = ssl->handshake->premaster;
3890 unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
3894 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
3903 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
3921 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
3925 psa_destroy_key(handshake->xxdh_psa_privkey);
3926 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3932 psa_destroy_key(handshake->xxdh_psa_privkey);
3933 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3939 psa_destroy_key(handshake->xxdh_psa_privkey);
3940 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3944 /* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account
3949 if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
3950 psa_destroy_key(handshake->xxdh_psa_privkey);
3951 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3955 MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX,
3959 memcpy(handshake->xxdh_psa_peerkey, p, ecpoint_len);
3960 handshake->xxdh_psa_peerkey_len = ecpoint_len;
3969 unsigned char *psm = ssl->handshake->premaster;
3971 psm + sizeof(ssl->handshake->premaster);
3978 handshake->xxdh_psa_privkey,
3979 handshake->xxdh_psa_peerkey,
3980 handshake->xxdh_psa_peerkey_len,
3985 destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
3986 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
4004 if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
4010 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
4034 &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p),
4036 psa_destroy_key(ssl->handshake->psa_pake_password);
4037 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
4043 ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
4050 ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
4051 ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
4082 ssl->handshake->ciphersuite_info;
4107 ssl->handshake->ciphersuite_info;
4151 peer_pk = &ssl->handshake->peer_pubkey;
4229 ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
4299 ssl->handshake->new_session_ticket = 0;
4313 * SSL handshake -- server side -- single step
4399 if (ssl->handshake->new_session_ticket != 0) {
4411 MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));