Lines Matching defs:ssl
25 mbedtls_ssl_context *ssl,
29 if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) {
34 if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info,
35 ssl->tls_version,
36 ssl->tls_version) != 0)) {
43 mbedtls_ssl_context *ssl,
71 ssl_tls13_validate_peer_ciphersuite(ssl, id);
108 static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
146 ssl->handshake->tls13_kex_modes = ke_modes;
177 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
179 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
183 mbedtls_ssl_context *ssl,
203 if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
218 ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
330 mbedtls_ssl_context *ssl,
347 ssl, identity, identity_len, obfuscated_ticket_age, session);
350 ret = mbedtls_ssl_set_hs_psk(ssl,
370 if (ssl->conf->f_psk != NULL) {
371 if (ssl->conf->f_psk(
372 ssl->conf->p_psk, ssl, identity, identity_len) == 0) {
380 if (ssl->conf->psk_identity != NULL &&
381 identity_len == ssl->conf->psk_identity_len &&
382 mbedtls_ct_memcmp(ssl->conf->psk_identity,
384 ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len);
405 mbedtls_ssl_context *ssl,
423 ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg),
429 ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
434 ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg,
518 mbedtls_ssl_context *ssl,
561 ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
602 ssl, identity, identity_len, obfuscated_ticket_age,
621 ssl->session_negotiate->ticket_flags = session.ticket_flags;
635 ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
639 ssl_tls13_key_exchange_is_psk_available(ssl)) {
648 ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end,
668 ssl, binder, binder_len, psk->type,
690 ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate,
708 ret = ssl->handshake->update_checksum(
709 ssl, identities_end, (size_t) (binders_end - identities_end));
719 ssl->handshake->selected_identity = (uint16_t) matched_identity;
734 static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
745 not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
747 not_using_psk = (ssl->handshake->psk == NULL);
761 MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4);
766 ssl->handshake->selected_identity));
768 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY);
781 static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl,
799 tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport);
808 mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
840 static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
854 ssl->handshake->hrr_selected_group = 0;
867 if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) ||
869 ssl->handshake->hrr_selected_group != 0) {
878 ssl->handshake->hrr_selected_group = named_group;
902 static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl,
924 ssl->handshake->offered_group_id = 0;
955 if (!mbedtls_ssl_named_group_is_offered(ssl, group) ||
957 ssl->handshake->offered_group_id != 0) {
970 ssl, key_exchange - 2, key_exchange_len + 2);
981 ssl->handshake->offered_group_id = group;
985 if (ssl->handshake->offered_group_id == 0) {
994 static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl,
997 int masked = ssl->handshake->received_extensions & exts_mask;
1004 mbedtls_ssl_context *ssl)
1007 ssl,
1017 mbedtls_ssl_context *ssl)
1020 ssl,
1029 mbedtls_ssl_context *ssl)
1032 ssl,
1042 static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
1045 return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
1046 mbedtls_ssl_tls13_is_psk_supported(ssl) &&
1047 ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
1049 ((void) ssl);
1055 static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
1058 return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
1059 mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
1060 ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
1062 ((void) ssl);
1069 static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl)
1072 return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) &&
1073 ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl);
1075 ((void) ssl);
1116 static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
1119 const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
1122 if (ssl->handshake->sni_key_cert != NULL) {
1123 key_cert_list = ssl->handshake->sni_key_cert;
1126 key_cert_list = ssl->conf->key_cert;
1134 if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) {
1182 ssl->handshake->key_cert = key_cert;
1191 ssl->handshake->key_cert->cert);
1250 static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
1266 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1304 if (mbedtls_ssl_read_version(p, ssl->conf->transport) !=
1371 ssl, p + 2, end,
1384 ret = ssl_tls13_parse_supported_versions_ext(ssl,
1408 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
1409 ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
1410 ssl->session_negotiate->endpoint = ssl->conf->endpoint;
1421 if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) {
1425 ssl->session_negotiate->id_len = legacy_session_id_len;
1428 memcpy(&ssl->session_negotiate->id[0],
1437 ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end,
1445 ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
1486 if (ssl->handshake->hello_retry_request_flag) {
1516 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
1526 ret = mbedtls_ssl_parse_server_name_ext(ssl, p,
1547 ssl, p, extension_data_end);
1569 ssl, p, extension_data_end);
1594 ssl, p, extension_data_end);
1627 ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end);
1641 ssl, p, extension_data_end);
1655 ssl, p, extension_data_end);
1677 ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
1694 ret = handshake->update_checksum(ssl, buf,
1700 ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
1716 ret = handshake->update_checksum(ssl, buf, p - buf);
1746 if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
1772 ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id;
1789 mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info);
1795 static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
1797 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1799 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
1838 ssl->session_negotiate->ciphersuite) {
1846 if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) {
1855 const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl);
1858 if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) {
1867 ssl->session_negotiate->ticket_alpn == NULL ||
1868 alpn_len != strlen(ssl->session_negotiate->ticket_alpn) ||
1869 (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) {
1883 static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl,
1891 if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) {
1896 ssl->handshake->sni_name = NULL;
1897 ssl->handshake->sni_name_len = 0;
1900 ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl);
1908 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
1909 ssl->handshake->early_data_accepted =
1910 (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0);
1912 if (ssl->handshake->early_data_accepted) {
1913 ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
1920 ssl->discard_early_data_record =
1938 static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl)
1949 ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
1952 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf,
1962 * ssl->keep_current_message flag for the ClientHello to be kept and parsed
1963 * as a TLS 1.2 ClientHello. We also change ssl->tls_version to
1969 if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
1977 ssl->keep_current_message = 1;
1978 ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
1983 ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret ==
1987 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
1989 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST);
2002 static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl)
2006 ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
2008 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
2018 ssl->session_negotiate->start = mbedtls_time(NULL);
2033 mbedtls_ssl_context *ssl,
2054 ssl->conf->transport,
2055 ssl->tls_version);
2058 ssl->tls_version));
2063 ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS);
2073 static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
2087 ssl, named_group, buf, end, out_len);
2098 ((void) ssl);
2122 static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
2129 uint16_t group = ssl->handshake->offered_group_id;
2155 ssl, group, server_share + 4, end, &key_exchange_length);
2167 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
2173 static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl,
2178 uint16_t selected_group = ssl->handshake->hrr_selected_group;
2198 if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
2204 if (ssl->handshake->offered_group_id != 0) {
2232 mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
2250 static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl,
2262 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
2285 memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
2296 MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len);
2297 *p++ = (unsigned char) ssl->session_negotiate->id_len;
2298 if (ssl->session_negotiate->id_len > 0) {
2299 memcpy(p, &ssl->session_negotiate->id[0],
2300 ssl->session_negotiate->id_len);
2301 p += ssl->session_negotiate->id_len;
2303 MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id,
2304 ssl->session_negotiate->id_len);
2314 MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0);
2319 ssl->session_negotiate->ciphersuite),
2320 ssl->session_negotiate->ciphersuite));
2342 ssl, p, end, &output_len)) != 0) {
2349 if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
2351 ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len);
2353 ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len);
2362 if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
2363 ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len);
2385 ssl->handshake->sent_extensions);
2391 static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl)
2394 ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl);
2406 static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
2414 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl));
2417 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len));
2419 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
2425 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
2428 ssl, buf_len, msg_len));
2430 MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl));
2438 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO);
2440 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
2454 static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl)
2457 if (ssl->handshake->hello_retry_request_flag) {
2468 ret = mbedtls_ssl_reset_transcript_for_hrr(ssl);
2473 mbedtls_ssl_session_reset_msg_layer(ssl, 0);
2479 static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl)
2487 MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl));
2490 ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
2493 MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
2498 ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
2501 MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
2504 ssl->handshake->hello_retry_request_flag = 1;
2512 ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST);
2514 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
2533 static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
2550 ((void) ssl);
2555 ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len);
2563 if (ssl->handshake->early_data_accepted) {
2565 ssl, 0, p, end, &output_len);
2574 if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) {
2576 ssl, p, end, &output_len);
2592 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions);
2598 static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
2604 mbedtls_ssl_set_outbound_transform(ssl,
2605 ssl->handshake->transform_handshake);
2612 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
2616 ssl, buf, buf + buf_len, &msg_len));
2619 ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
2623 ssl, buf_len, msg_len));
2626 if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
2627 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
2629 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST);
2632 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
2653 static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl)
2658 if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
2659 authmode = ssl->handshake->sni_authmode;
2662 authmode = ssl->conf->authmode;
2665 ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
2669 ssl->handshake->certificate_request_sent = 1;
2682 static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl,
2716 ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
2727 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions);
2733 static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
2739 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl));
2746 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
2750 ssl, buf, buf + buf_len, &msg_len));
2753 ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
2757 ssl, buf_len, msg_len));
2767 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE);
2778 static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl)
2783 if ((ssl_tls13_pick_key_cert(ssl) != 0) ||
2784 mbedtls_ssl_own_cert(ssl) == NULL) {
2792 ret = mbedtls_ssl_tls13_write_certificate(ssl);
2796 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY);
2804 static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl)
2806 int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl);
2810 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
2856 mbedtls_ssl_context *ssl)
2858 if (ssl->handshake->certificate_request_sent) {
2859 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
2864 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
2872 static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl)
2876 ret = mbedtls_ssl_tls13_write_finished_message(ssl);
2881 ret = mbedtls_ssl_tls13_compute_application_transform(ssl);
2890 if (ssl->handshake->early_data_accepted) {
2896 ssl, ssl->handshake->transform_earlydata);
2897 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
2904 mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake);
2906 ssl_tls13_prepare_for_handshake_second_flight(ssl);
2926 static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl)
2930 if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
2934 ssl->keep_current_message = 1;
2936 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
2937 ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) {
2942 if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
2943 if (ssl->in_offt == NULL) {
2946 ssl->in_offt = ssl->in_msg;
2947 ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen);
2961 static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl,
3015 static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl)
3021 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl));
3028 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA,
3032 ssl, buf, buf + buf_len));
3038 ssl, ssl->handshake->transform_handshake);
3041 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA,
3044 ssl_tls13_prepare_for_handshake_second_flight(ssl);
3065 static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl)
3069 ret = mbedtls_ssl_tls13_process_finished_message(ssl);
3074 ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
3080 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
3088 static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
3092 mbedtls_ssl_tls13_handshake_wrapup(ssl);
3101 if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) {
3103 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
3107 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
3118 static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl)
3121 if (ssl->conf->f_ticket_write == NULL) {
3126 if (ssl->conf->new_session_tickets_count == 0) {
3132 if (ssl->handshake->new_session_tickets_count == 0) {
3143 static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
3148 mbedtls_ssl_session *session = ssl->session;
3160 session, ssl->handshake->tls13_kex_modes);
3164 if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
3165 ssl->conf->max_early_data_size > 0) {
3168 session->max_early_data_size = ssl->conf->max_early_data_size;
3176 ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen);
3184 if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
3194 ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size);
3203 (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
3273 static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
3282 mbedtls_ssl_session *session = ssl->session;
3302 ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket,
3353 ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
3364 ssl, 1, p, end, &output_len)) != 0) {
3385 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions);
3393 static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl)
3397 MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl));
3405 ssl, ticket_nonce, sizeof(ticket_nonce)));
3408 ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
3412 ssl, buf, buf + buf_len, &msg_len,
3416 ssl, buf_len, msg_len));
3422 if (ssl->handshake->resume == 1) {
3423 ssl->handshake->new_session_tickets_count = 0;
3425 ssl->handshake->new_session_tickets_count--;
3429 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH);
3431 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
3443 int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl)
3447 if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
3452 mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state),
3453 ssl->state));
3455 switch (ssl->state) {
3458 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
3463 ret = ssl_tls13_process_client_hello(ssl);
3470 ret = ssl_tls13_write_hello_retry_request(ssl);
3478 ret = ssl_tls13_write_server_hello(ssl);
3482 ret = ssl_tls13_write_encrypted_extensions(ssl);
3491 ret = ssl_tls13_write_certificate_request(ssl);
3495 ret = ssl_tls13_write_server_certificate(ssl);
3499 ret = ssl_tls13_write_certificate_verify(ssl);
3508 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
3510 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
3515 ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
3519 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
3524 ret = ssl_tls13_write_server_finished(ssl);
3529 ret = ssl_tls13_process_end_of_early_data(ssl);
3534 ret = ssl_tls13_process_client_finished(ssl);
3538 ret = ssl_tls13_handshake_wrapup(ssl);
3543 ret = mbedtls_ssl_tls13_process_certificate(ssl);
3545 if (ssl->session_negotiate->peer_cert != NULL) {
3547 ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY);
3551 ssl, MBEDTLS_SSL_CLIENT_FINISHED);
3557 ret = mbedtls_ssl_tls13_process_certificate_verify(ssl);
3560 ssl, MBEDTLS_SSL_CLIENT_FINISHED);
3567 ret = ssl_tls13_write_new_session_ticket(ssl);
3581 if (ssl->handshake->new_session_tickets_count == 0) {
3582 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
3585 ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
3592 MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));