Lines Matching refs:s
21 static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent);
22 static int init_server_name(SSL_CONNECTION *s, unsigned int context);
23 static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent);
24 static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
26 static int init_session_ticket(SSL_CONNECTION *s, unsigned int context);
28 static int init_status_request(SSL_CONNECTION *s, unsigned int context);
31 static int init_npn(SSL_CONNECTION *s, unsigned int context);
33 static int init_alpn(SSL_CONNECTION *s, unsigned int context);
34 static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent);
35 static int init_sig_algs_cert(SSL_CONNECTION *s, unsigned int context);
36 static int init_sig_algs(SSL_CONNECTION *s, unsigned int context);
39 static int init_certificate_authorities(SSL_CONNECTION *s,
41 static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
46 static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
50 static int init_srp(SSL_CONNECTION *s, unsigned int context);
52 static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context);
53 static int init_etm(SSL_CONNECTION *s, unsigned int context);
54 static int init_ems(SSL_CONNECTION *s, unsigned int context);
55 static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent);
56 static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context);
57 static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent);
59 static int init_srtp(SSL_CONNECTION *s, unsigned int context);
61 static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent);
62 static int final_supported_versions(SSL_CONNECTION *s, unsigned int context,
64 static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent);
65 static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
67 static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context);
68 static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent);
90 int (*init)(SSL_CONNECTION *s, unsigned int context);
92 int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
95 int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
98 EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt,
102 EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt,
110 int (*final)(SSL_CONNECTION *s, unsigned int context, int sent);
446 static int validate_context(SSL_CONNECTION *s, unsigned int extctx, in validate_context() argument
453 if (SSL_CONNECTION_IS_DTLS(s)) { in validate_context()
463 int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, in tls_validate_all_contexts() argument
477 num_exts = builtin_num + s->cert->custext.meths_count; in tls_validate_all_contexts()
488 meth = custom_ext_find(&s->cert->custext, role, thisext->type, in tls_validate_all_contexts()
495 if (!validate_context(s, context, thisctx)) in tls_validate_all_contexts()
508 static int verify_extension(SSL_CONNECTION *s, unsigned int context, in verify_extension() argument
518 if (!validate_context(s, thisext->context, context)) in verify_extension()
539 if (!validate_context(s, meth->context, context)) in verify_extension()
556 int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, in extension_is_relevant() argument
568 is_tls13 = SSL_CONNECTION_IS_TLS13(s); in extension_is_relevant()
570 if ((SSL_CONNECTION_IS_DTLS(s) in extension_is_relevant()
572 || (s->version == SSL3_VERSION in extension_is_relevant()
585 || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) in extension_is_relevant()
586 || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) in extension_is_relevant()
607 int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, in tls_collect_extensions() argument
614 custom_ext_methods *exts = &s->cert->custext; in tls_collect_extensions()
625 custom_ext_init(&s->cert->custext); in tls_collect_extensions()
630 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); in tls_collect_extensions()
642 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_collect_extensions()
650 if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) in tls_collect_extensions()
655 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); in tls_collect_extensions()
680 && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 in tls_collect_extensions()
686 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, in tls_collect_extensions()
695 if (s->ext.debug_cb) in tls_collect_extensions()
696 s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server, in tls_collect_extensions()
699 s->ext.debug_arg); in tls_collect_extensions()
711 && extension_is_relevant(s, thisexd->context, context) in tls_collect_extensions()
712 && !thisexd->init(s, context)) { in tls_collect_extensions()
739 int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, in tls_parse_extension() argument
743 int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_extension()
761 if (!extension_is_relevant(s, extdef->context, context)) in tls_parse_extension()
764 parser = s->server ? extdef->parse_ctos : extdef->parse_stoc; in tls_parse_extension()
767 return parser(s, &currext->data, context, x, chainidx); in tls_parse_extension()
776 return custom_ext_parse(s, context, currext->type, in tls_parse_extension()
789 int tls_parse_all_extensions(SSL_CONNECTION *s, int context, in tls_parse_all_extensions() argument
797 numexts += s->cert->custext.meths_count; in tls_parse_all_extensions()
801 if (!tls_parse_extension(s, i, context, exts, x, chainidx)) { in tls_parse_all_extensions()
815 && !thisexd->final(s, context, exts[i].present)) { in tls_parse_all_extensions()
825 int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, in should_add_extension() argument
833 if (!extension_is_relevant(s, extctx, thisctx) in should_add_extension()
836 && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))) in should_add_extension()
850 int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_extensions() argument
870 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_extensions()
875 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); in tls_construct_extensions()
878 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason); in tls_construct_extensions()
886 custom_ext_init(&s->cert->custext); in tls_construct_extensions()
888 if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) { in tls_construct_extensions()
894 EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_extensions()
900 if (!should_add_extension(s, thisexd->context, context, max_version)) in tls_construct_extensions()
903 construct = s->server ? thisexd->construct_stoc in tls_construct_extensions()
909 ret = construct(s, pkt, context, x, chainidx); in tls_construct_extensions()
918 s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; in tls_construct_extensions()
923 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_extensions()
937 static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent) in final_renegotiate() argument
939 if (!s->server) { in final_renegotiate()
944 if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) in final_renegotiate()
945 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) in final_renegotiate()
947 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, in final_renegotiate()
956 if (s->renegotiate in final_renegotiate()
957 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) in final_renegotiate()
959 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, in final_renegotiate()
977 static int init_server_name(SSL_CONNECTION *s, unsigned int context) in init_server_name() argument
979 if (s->server) { in init_server_name()
980 s->servername_done = 0; in init_server_name()
982 OPENSSL_free(s->ext.hostname); in init_server_name()
983 s->ext.hostname = NULL; in init_server_name()
989 static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) in final_server_name() argument
993 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in final_server_name()
994 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in final_server_name()
995 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in final_server_name()
998 if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { in final_server_name()
999 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1006 else if (s->session_ctx->ext.servername_cb != NULL) in final_server_name()
1007 ret = s->session_ctx->ext.servername_cb(ussl, &altmp, in final_server_name()
1008 s->session_ctx->ext.servername_arg); in final_server_name()
1018 if (s->server) { in final_server_name()
1019 if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) { in final_server_name()
1021 OPENSSL_free(s->session->ext.hostname); in final_server_name()
1022 s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); in final_server_name()
1023 if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) { in final_server_name()
1024 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1035 if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx in final_server_name()
1036 && s->hello_retry_request == SSL_HRR_NONE) { in final_server_name()
1038 ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); in final_server_name()
1046 if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected in final_server_name()
1048 s->ext.ticket_expected = 0; in final_server_name()
1049 if (!s->hit) { in final_server_name()
1058 if (!ssl_generate_session_id(s, ss)) { in final_server_name()
1059 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1063 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1071 SSLfatal(s, altmp, SSL_R_CALLBACK_FAILED); in final_server_name()
1076 if (!SSL_CONNECTION_IS_TLS13(s)) in final_server_name()
1077 ssl3_send_alert(s, SSL3_AL_WARNING, altmp); in final_server_name()
1078 s->servername_done = 0; in final_server_name()
1082 s->servername_done = 0; in final_server_name()
1090 static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, in final_ec_pt_formats() argument
1095 if (s->server) in final_ec_pt_formats()
1098 alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in final_ec_pt_formats()
1099 alg_a = s->s3.tmp.new_cipher->algorithm_auth; in final_ec_pt_formats()
1106 if (s->ext.ecpointformats != NULL in final_ec_pt_formats()
1107 && s->ext.ecpointformats_len > 0 in final_ec_pt_formats()
1108 && s->ext.peer_ecpointformats != NULL in final_ec_pt_formats()
1109 && s->ext.peer_ecpointformats_len > 0 in final_ec_pt_formats()
1113 unsigned char *list = s->ext.peer_ecpointformats; in final_ec_pt_formats()
1115 for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { in final_ec_pt_formats()
1119 if (i == s->ext.peer_ecpointformats_len) { in final_ec_pt_formats()
1120 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in final_ec_pt_formats()
1129 static int init_session_ticket(SSL_CONNECTION *s, unsigned int context) in init_session_ticket() argument
1131 if (!s->server) in init_session_ticket()
1132 s->ext.ticket_expected = 0; in init_session_ticket()
1138 static int init_status_request(SSL_CONNECTION *s, unsigned int context) in init_status_request() argument
1140 if (s->server) { in init_status_request()
1141 s->ext.status_type = TLSEXT_STATUSTYPE_nothing; in init_status_request()
1147 OPENSSL_free(s->ext.ocsp.resp); in init_status_request()
1148 s->ext.ocsp.resp = NULL; in init_status_request()
1149 s->ext.ocsp.resp_len = 0; in init_status_request()
1157 static int init_npn(SSL_CONNECTION *s, unsigned int context) in init_npn() argument
1159 s->s3.npn_seen = 0; in init_npn()
1165 static int init_alpn(SSL_CONNECTION *s, unsigned int context) in init_alpn() argument
1167 OPENSSL_free(s->s3.alpn_selected); in init_alpn()
1168 s->s3.alpn_selected = NULL; in init_alpn()
1169 s->s3.alpn_selected_len = 0; in init_alpn()
1170 if (s->server) { in init_alpn()
1171 OPENSSL_free(s->s3.alpn_proposed); in init_alpn()
1172 s->s3.alpn_proposed = NULL; in init_alpn()
1173 s->s3.alpn_proposed_len = 0; in init_alpn()
1178 static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent) in final_alpn() argument
1180 if (!s->server && !sent && s->session->ext.alpn_selected != NULL) in final_alpn()
1181 s->ext.early_data_ok = 0; in final_alpn()
1183 if (!s->server || !SSL_CONNECTION_IS_TLS13(s)) in final_alpn()
1195 return tls_handle_alpn(s); in final_alpn()
1198 static int init_sig_algs(SSL_CONNECTION *s, unsigned int context) in init_sig_algs() argument
1201 OPENSSL_free(s->s3.tmp.peer_sigalgs); in init_sig_algs()
1202 s->s3.tmp.peer_sigalgs = NULL; in init_sig_algs()
1203 s->s3.tmp.peer_sigalgslen = 0; in init_sig_algs()
1208 static int init_sig_algs_cert(SSL_CONNECTION *s, in init_sig_algs_cert() argument
1212 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); in init_sig_algs_cert()
1213 s->s3.tmp.peer_cert_sigalgs = NULL; in init_sig_algs_cert()
1214 s->s3.tmp.peer_cert_sigalgslen = 0; in init_sig_algs_cert()
1220 static int init_srp(SSL_CONNECTION *s, unsigned int context) in init_srp() argument
1222 OPENSSL_free(s->srp_ctx.login); in init_srp()
1223 s->srp_ctx.login = NULL; in init_srp()
1229 static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context) in init_ec_point_formats() argument
1231 OPENSSL_free(s->ext.peer_ecpointformats); in init_ec_point_formats()
1232 s->ext.peer_ecpointformats = NULL; in init_ec_point_formats()
1233 s->ext.peer_ecpointformats_len = 0; in init_ec_point_formats()
1238 static int init_etm(SSL_CONNECTION *s, unsigned int context) in init_etm() argument
1240 s->ext.use_etm = 0; in init_etm()
1245 static int init_ems(SSL_CONNECTION *s, unsigned int context) in init_ems() argument
1247 if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { in init_ems()
1248 s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; in init_ems()
1249 s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS; in init_ems()
1255 static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent) in final_ems() argument
1261 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) in final_ems()
1262 && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) { in final_ems()
1263 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); in final_ems()
1266 if (!s->server && s->hit) { in final_ems()
1271 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != in final_ems()
1272 !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { in final_ems()
1273 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); in final_ems()
1281 static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context) in init_certificate_authorities() argument
1283 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); in init_certificate_authorities()
1284 s->s3.tmp.peer_ca_names = NULL; in init_certificate_authorities()
1288 static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, in tls_construct_certificate_authorities() argument
1294 const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); in tls_construct_certificate_authorities()
1301 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_certificate_authorities()
1305 if (!construct_ca_names(s, ca_sk, pkt)) { in tls_construct_certificate_authorities()
1311 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_certificate_authorities()
1318 static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_certificate_authorities() argument
1322 if (!parse_ca_names(s, pkt)) in tls_parse_certificate_authorities()
1325 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_certificate_authorities()
1332 static int init_srtp(SSL_CONNECTION *s, unsigned int context) in init_srtp() argument
1334 if (s->server) in init_srtp()
1335 s->srtp_profile = NULL; in init_srtp()
1341 static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent) in final_sig_algs() argument
1343 if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) { in final_sig_algs()
1344 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_sig_algs()
1352 static int final_supported_versions(SSL_CONNECTION *s, unsigned int context, in final_supported_versions() argument
1356 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_supported_versions()
1364 static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) in final_key_share() argument
1367 if (!SSL_CONNECTION_IS_TLS13(s)) in final_key_share()
1385 if (!s->server in final_key_share()
1387 if ((s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { in final_key_share()
1388 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_SUITABLE_KEY_SHARE); in final_key_share()
1391 if (!s->hit) { in final_key_share()
1392 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE); in final_key_share()
1430 if (s->server) { in final_key_share()
1431 if (s->s3.peer_tmp != NULL) { in final_key_share()
1433 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 in final_key_share()
1434 && !s->ext.cookieok) { in final_key_share()
1435 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { in final_key_share()
1441 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1444 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1449 if (s->hello_retry_request == SSL_HRR_NONE && sent in final_key_share()
1450 && (!s->hit in final_key_share()
1451 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) in final_key_share()
1460 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); in final_key_share()
1461 tls1_get_supported_groups(s, &pgroups, &num_groups); in final_key_share()
1469 if (check_in_list(s, group_id, clntgroups, clnt_num_groups, in final_key_share()
1471 && tls_group_allowed(s, group_id, in final_key_share()
1473 && tls_valid_group(s, group_id, TLS1_3_VERSION, in final_key_share()
1480 s->s3.group_id = group_id; in final_key_share()
1481 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1485 if (!s->hit in final_key_share()
1486 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { in final_key_share()
1488 SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE in final_key_share()
1494 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 in final_key_share()
1495 && !s->ext.cookieok) { in final_key_share()
1496 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { in final_key_share()
1502 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1505 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1514 if (s->hello_retry_request == SSL_HRR_PENDING) in final_key_share()
1515 s->hello_retry_request = SSL_HRR_COMPLETE; in final_key_share()
1522 if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) { in final_key_share()
1523 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1531 static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context) in init_psk_kex_modes() argument
1533 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; in init_psk_kex_modes()
1537 int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, in tls_psk_do_binder() argument
1557 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_psk_do_binder()
1561 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1567 && s->early_data_state == SSL_EARLY_DATA_CONNECTING in tls_psk_do_binder()
1568 && s->session->ext.max_early_data == 0 in tls_psk_do_binder()
1588 if (s->server || !external || usepskfored) in tls_psk_do_binder()
1589 early_secret = (unsigned char *)s->early_secret; in tls_psk_do_binder()
1593 if (!tls13_generate_secret(s, md, NULL, sess->master_key, in tls_psk_do_binder()
1607 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1612 if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, in tls_psk_do_binder()
1619 if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) { in tls_psk_do_binder()
1625 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1634 if (s->hello_retry_request == SSL_HRR_PENDING) { in tls_psk_do_binder()
1640 BIO_get_mem_data(s->s3.handshake_buffer, &hdata); in tls_psk_do_binder()
1642 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); in tls_psk_do_binder()
1650 if (s->server) { in tls_psk_do_binder()
1659 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1666 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1673 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1681 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1694 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1704 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY); in tls_psk_do_binder()
1716 static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) in final_early_data() argument
1721 if (!s->server) { in final_early_data()
1724 && !s->ext.early_data_ok) { in final_early_data()
1730 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EARLY_DATA); in final_early_data()
1737 if (s->max_early_data == 0 in final_early_data()
1738 || !s->hit in final_early_data()
1739 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING in final_early_data()
1740 || !s->ext.early_data_ok in final_early_data()
1741 || s->hello_retry_request != SSL_HRR_NONE in final_early_data()
1742 || (s->allow_early_data_cb != NULL in final_early_data()
1743 && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s), in final_early_data()
1744 s->allow_early_data_cb_data))) { in final_early_data()
1745 s->ext.early_data = SSL_EARLY_DATA_REJECTED; in final_early_data()
1747 s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; in final_early_data()
1749 if (!tls13_change_cipher_state(s, in final_early_data()
1759 static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, in final_maxfragmentlen() argument
1763 if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED) in final_maxfragmentlen()
1764 s->session->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_DISABLED; in final_maxfragmentlen()
1766 if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) { in final_maxfragmentlen()
1767 s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl, in final_maxfragmentlen()
1768 GET_MAX_FRAGMENT_LENGTH(s->session)); in final_maxfragmentlen()
1769 s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl, in final_maxfragmentlen()
1770 ssl_get_max_send_fragment(s)); in final_maxfragmentlen()
1776 static int init_post_handshake_auth(SSL_CONNECTION *s, in init_post_handshake_auth() argument
1779 s->post_handshake_auth = SSL_PHA_NONE; in init_post_handshake_auth()
1788 static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent) in final_psk() argument
1790 if (s->server && sent && s->clienthello != NULL in final_psk()
1791 && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { in final_psk()
1792 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_psk()
