xref: /third_party/mbedtls/library/ssl_tls13_server.c

146     ssl->handshake->tls13_kex_modes = ke_modes;
167  * pre-shared-key: if the binder check fails, we fail the handshake and we do
421     /* Get current state of handshake transcript. */
561     ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
659              * abort the handshake with a decrypt_error alert.
671             /* For security reasons, the handshake should be aborted when we
707     /* Update the handshake transcript with the binder list. */
708     ret = ssl->handshake->update_checksum(
719     ssl->handshake->selected_identity = (uint16_t) matched_identity;
745     not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
747     not_using_psk = (ssl->handshake->psk == NULL);
761     MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4);
766                               ssl->handshake->selected_identity));
854     ssl->handshake->hrr_selected_group = 0;
869             ssl->handshake->hrr_selected_group != 0) {
878         ssl->handshake->hrr_selected_group = named_group;
924     ssl->handshake->offered_group_id = 0;
928      * handshake context. Later, we have to find out whether we can do
957             ssl->handshake->offered_group_id != 0) {
981         ssl->handshake->offered_group_id = group;
985     if (ssl->handshake->offered_group_id == 0) {
997     int masked = ssl->handshake->received_extensions & exts_mask;
1119     const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
1122     if (ssl->handshake->sni_key_cert != NULL) {
1123         key_cert_list = ssl->handshake->sni_key_cert;
1182                 ssl->handshake->key_cert = key_cert;
1191                     ssl->handshake->key_cert->cert);
1224  *    In this case, we abort the handshake.
1266     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1419     memcpy(&handshake->randbytes[0], random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
1438                                  0, PSA_ALG_NONE, &handshake->ciphersuite_info);
1440     if (handshake->ciphersuite_info == NULL) {
1445     ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
1448                               ((unsigned) handshake->ciphersuite_info->id),
1449                               handshake->ciphersuite_info->name));
1478     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
1486         if (ssl->handshake->hello_retry_request_flag) {
1496          * the handshake with an "illegal_parameter" alert.
1498         if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) {
1606                 if ((handshake->received_extensions &
1675                            handshake->received_extensions);
1693     if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) {
1694         ret = handshake->update_checksum(ssl, buf,
1716         ret = handshake->update_checksum(ssl, buf, p - buf);
1740         handshake->key_exchange_mode =
1747         handshake->key_exchange_mode =
1755         handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
1769     if (handshake->key_exchange_mode &
1771         handshake->ciphersuite_info = psk.ciphersuite_info;
1779             handshake->resume = 1;
1784     if (handshake->key_exchange_mode !=
1789     mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info);
1797     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1806     if (!handshake->resume) {
1830     if (handshake->selected_identity != 0) {
1837     if (handshake->ciphersuite_info->id !=
1880 /* Update the handshake state machine */
1896     ssl->handshake->sni_name = NULL;
1897     ssl->handshake->sni_name_len = 0;
1908     if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
1909         ssl->handshake->early_data_accepted =
1912         if (ssl->handshake->early_data_accepted) {
1960      * Version 1.2 of the protocol has to be used for the handshake.
1961      * If TLS 1.2 is not supported, abort the handshake. Otherwise, set the
2006         ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
2129     uint16_t group = ssl->handshake->offered_group_id;
2178     uint16_t selected_group = ssl->handshake->hrr_selected_group;
2204     if (ssl->handshake->offered_group_id != 0) {
2262     ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
2285         memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
2385         ssl->handshake->sent_extensions);
2434      * after its first handshake message. This may either be after
2457     if (ssl->handshake->hello_retry_request_flag) {
2504     ssl->handshake->hello_retry_request_flag = 1;
2508      * after its first handshake message. This may either be after
2563     if (ssl->handshake->early_data_accepted) {
2574     if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) {
2592         3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions);
2605                                        ssl->handshake->transform_handshake);
2607         3, ("switching to handshake transform for outbound data"));
2658     if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
2659         authmode = ssl->handshake->sni_authmode;
2669     ssl->handshake->certificate_request_sent = 1;
2704      * We use a zero length context for the normal handshake
2705      * messages. For post-authentication handshake messages
2727         3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions);
2819  *                                | K_send = handshake
2828  *   K_recv = handshake  |                 | K_recv = early data
2831  *                       |    | early data |      | K_recv = handshake
2852  * anymore, prepare to receive the first handshake message of the client
2858     if (ssl->handshake->certificate_request_sent) {
2890     if (ssl->handshake->early_data_accepted) {
2896             ssl, ssl->handshake->transform_earlydata);
2902         1, ("Switch to handshake keys for inbound traffic "
2903             "( K_recv = handshake )"));
2904     mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake);
2981  *                                | K_send = handshake
2990  *   K_recv = handshake  |                 | K_recv = early data
2993  *                       |    | early data |      | K_recv = handshake
3035             1, ("Switch to handshake keys for inbound traffic"
3036                 "( K_recv = handshake )"));
3038             ssl, ssl->handshake->transform_handshake);
3090     MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
3132     if (ssl->handshake->new_session_tickets_count == 0) {
3160         session, ssl->handshake->tls13_kex_modes);
3203         (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
3353     ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
3385         3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions);
3422         if (ssl->handshake->resume == 1) {
3423             ssl->handshake->new_session_tickets_count = 0;
3425             ssl->handshake->new_session_tickets_count--;
3447     if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
3581             if (ssl->handshake->new_session_tickets_count == 0) {

Indexes created Thu Nov 07 10:32:03 CST 2024