Lines Matching refs:s
42 int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_renegotiate() argument
53 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_RENEGOTIATION_ENCODING_ERR); in tls_parse_ctos_renegotiate()
58 if (ilen != s->s3.previous_client_finished_len) { in tls_parse_ctos_renegotiate()
59 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_ctos_renegotiate()
63 ok = memcmp(data, s->s3.previous_client_finished, in tls_parse_ctos_renegotiate()
64 s->s3.previous_client_finished_len); in tls_parse_ctos_renegotiate()
67 if ((data[0] ^ s->s3.previous_client_finished[0]) != 0xFF) { in tls_parse_ctos_renegotiate()
73 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_ctos_renegotiate()
77 s->s3.send_connection_binding = 1; in tls_parse_ctos_renegotiate()
105 int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_server_name() argument
114 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
132 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
140 if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { in tls_parse_ctos_server_name()
142 SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
147 SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
155 OPENSSL_free(s->ext.hostname); in tls_parse_ctos_server_name()
156 s->ext.hostname = NULL; in tls_parse_ctos_server_name()
157 if (!PACKET_strndup(&hostname, &s->ext.hostname)) { in tls_parse_ctos_server_name()
158 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_server_name()
162 s->servername_done = 1; in tls_parse_ctos_server_name()
169 s->servername_done = (s->session->ext.hostname != NULL) in tls_parse_ctos_server_name()
170 && PACKET_equal(&hostname, s->session->ext.hostname, in tls_parse_ctos_server_name()
171 strlen(s->session->ext.hostname)); in tls_parse_ctos_server_name()
177 int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_maxfragmentlen() argument
184 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_maxfragmentlen()
190 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_ctos_maxfragmentlen()
209 if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED) in tls_parse_ctos_maxfragmentlen()
214 s->session->ext.max_fragment_len_mode = value; in tls_parse_ctos_maxfragmentlen()
220 int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_srp() argument
227 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_srp()
231 if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) { in tls_parse_ctos_srp()
232 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_srp()
240 int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_ec_pt_formats() argument
248 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_ec_pt_formats()
252 if (!s->hit) { in tls_parse_ctos_ec_pt_formats()
254 &s->ext.peer_ecpointformats, in tls_parse_ctos_ec_pt_formats()
255 &s->ext.peer_ecpointformats_len)) { in tls_parse_ctos_ec_pt_formats()
256 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_ec_pt_formats()
264 int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_session_ticket() argument
268 if (s->ext.session_ticket_cb && in tls_parse_ctos_session_ticket()
269 !s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), in tls_parse_ctos_session_ticket()
271 s->ext.session_ticket_cb_arg)) { in tls_parse_ctos_session_ticket()
272 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_session_ticket()
279 int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_sig_algs_cert() argument
288 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs_cert()
292 if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { in tls_parse_ctos_sig_algs_cert()
293 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs_cert()
300 int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_sig_algs() argument
307 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs()
311 if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { in tls_parse_ctos_sig_algs()
312 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs()
320 int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_status_request() argument
327 if (s->hit) in tls_parse_ctos_status_request()
334 if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) { in tls_parse_ctos_status_request()
335 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
339 if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) { in tls_parse_ctos_status_request()
343 s->ext.status_type = TLSEXT_STATUSTYPE_nothing; in tls_parse_ctos_status_request()
348 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
356 sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); in tls_parse_ctos_status_request()
358 s->ext.ocsp.ids = sk_OCSP_RESPID_new_null(); in tls_parse_ctos_status_request()
359 if (s->ext.ocsp.ids == NULL) { in tls_parse_ctos_status_request()
360 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); in tls_parse_ctos_status_request()
364 s->ext.ocsp.ids = NULL; in tls_parse_ctos_status_request()
374 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
382 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
388 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
393 if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) { in tls_parse_ctos_status_request()
395 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_status_request()
403 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
410 sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, in tls_parse_ctos_status_request()
412 s->ext.ocsp.exts = in tls_parse_ctos_status_request()
414 if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { in tls_parse_ctos_status_request()
415 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
425 int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_npn() argument
432 if (SSL_IS_FIRST_HANDSHAKE(s)) in tls_parse_ctos_npn()
433 s->s3.npn_seen = 1; in tls_parse_ctos_npn()
443 int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_alpn() argument
448 if (!SSL_IS_FIRST_HANDSHAKE(s)) in tls_parse_ctos_alpn()
453 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_alpn()
462 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_alpn()
467 OPENSSL_free(s->s3.alpn_proposed); in tls_parse_ctos_alpn()
468 s->s3.alpn_proposed = NULL; in tls_parse_ctos_alpn()
469 s->s3.alpn_proposed_len = 0; in tls_parse_ctos_alpn()
471 &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { in tls_parse_ctos_alpn()
472 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_alpn()
480 int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_use_srtp() argument
487 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_parse_ctos_use_srtp()
496 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_use_srtp()
502 s->srtp_profile = NULL; in tls_parse_ctos_use_srtp()
508 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_use_srtp()
524 s->srtp_profile = sprof; in tls_parse_ctos_use_srtp()
533 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_use_srtp()
540 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_SRTP_MKI_VALUE); in tls_parse_ctos_use_srtp()
548 int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_etm() argument
551 if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) in tls_parse_ctos_etm()
552 s->ext.use_etm = 1; in tls_parse_ctos_etm()
561 int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_psk_kex_modes() argument
571 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk_kex_modes()
577 s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE; in tls_parse_ctos_psk_kex_modes()
579 && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) in tls_parse_ctos_psk_kex_modes()
580 s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; in tls_parse_ctos_psk_kex_modes()
583 if (((s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) != 0) in tls_parse_ctos_psk_kex_modes()
584 && (s->options & SSL_OP_PREFER_NO_DHE_KEX) != 0) { in tls_parse_ctos_psk_kex_modes()
594 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE; in tls_parse_ctos_psk_kex_modes()
613 static int tls_accept_ksgroup(SSL_CONNECTION *s, uint16_t ksgroup, PACKET *encoded_pubkey) in tls_accept_ksgroup() argument
616 s->s3.group_id = ksgroup; in tls_accept_ksgroup()
617 s->s3.group_id_candidate = ksgroup; in tls_accept_ksgroup()
619 s->session->kex_group = ksgroup; in tls_accept_ksgroup()
620 if ((s->s3.peer_tmp = ssl_generate_param_group(s, ksgroup)) == NULL) { in tls_accept_ksgroup()
621 SSLfatal(s, in tls_accept_ksgroup()
626 if (tls13_set_encoded_pub_key(s->s3.peer_tmp, in tls_accept_ksgroup()
629 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); in tls_accept_ksgroup()
643 static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_share_list, in extract_keyshares() argument
657 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in extract_keyshares()
662 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in extract_keyshares()
671 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in extract_keyshares()
679 if (s->s3.group_id != 0 in extract_keyshares()
680 && (group_id != s->s3.group_id in extract_keyshares()
682 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in extract_keyshares()
694 if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0, &key_share_pos)) { in extract_keyshares()
695 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in extract_keyshares()
704 if (s->s3.group_id != 0) { in extract_keyshares()
711 if (!tls_accept_ksgroup(s, s->s3.group_id, &encoded_pubkey)) in extract_keyshares()
721 if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1, NULL) in extract_keyshares()
722 || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) in extract_keyshares()
723 || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, in extract_keyshares()
776 static void check_overlap(SSL_CONNECTION *s, in check_overlap() argument
791 if (!check_in_list(s, candidate_groups[current_group], prio_groups, in check_overlap()
793 || !tls_group_allowed(s, candidate_groups[current_group], in check_overlap()
795 || !tls_valid_group(s, candidate_groups[current_group], TLS1_3_VERSION, in check_overlap()
814 int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_key_share() argument
833 s->s3.group_id_candidate = 0; in tls_parse_ctos_key_share()
834 if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) in tls_parse_ctos_key_share()
838 if (s->s3.peer_tmp != NULL) { in tls_parse_ctos_key_share()
839 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_key_share()
844 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_key_share()
849 tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups); in tls_parse_ctos_key_share()
850 tls1_get_group_tuples(s, &srvrtuples, &srvr_num_tuples); in tls_parse_ctos_key_share()
852 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); in tls_parse_ctos_key_share()
860 SSLfatal(s, SSL_AD_MISSING_EXTENSION, in tls_parse_ctos_key_share()
865 if (s->s3.group_id != 0 && PACKET_remaining(&key_share_list) == 0) { in tls_parse_ctos_key_share()
871 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_ctos_key_share()
876 ks_extraction_result = extract_keyshares(s, in tls_parse_ctos_key_share()
911 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { in tls_parse_ctos_key_share()
914 check_overlap(s, in tls_parse_ctos_key_share()
920 if (!tls_accept_ksgroup(s, group_id_candidate, in tls_parse_ctos_key_share()
930 check_overlap(s, in tls_parse_ctos_key_share()
941 s->s3.group_id_candidate = group_id_candidate; in tls_parse_ctos_key_share()
954 check_overlap(s, in tls_parse_ctos_key_share()
960 if (!tls_accept_ksgroup(s, group_id_candidate, &encoded_pubkey_arr[prio_group_idx])) in tls_parse_ctos_key_share()
964 check_overlap(s, in tls_parse_ctos_key_share()
970 s->s3.group_id_candidate = group_id_candidate; in tls_parse_ctos_key_share()
993 int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_cookie() argument
1007 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_parse_ctos_cookie()
1008 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_parse_ctos_cookie()
1012 || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) in tls_parse_ctos_cookie()
1016 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1025 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1034 s->session_ctx->ext.cookie_hmac_key, in tls_parse_ctos_cookie()
1035 sizeof(s->session_ctx->ext.cookie_hmac_key)); in tls_parse_ctos_cookie()
1039 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_parse_ctos_cookie()
1051 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
1059 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); in tls_parse_ctos_cookie()
1064 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1078 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1082 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_ctos_cookie()
1088 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1094 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1097 if (group_id != s->s3.group_id in tls_parse_ctos_cookie()
1098 || s->s3.tmp.new_cipher in tls_parse_ctos_cookie()
1099 != ssl_get_cipher_by_char(s, ciphdata, 0)) { in tls_parse_ctos_cookie()
1104 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_CIPHER); in tls_parse_ctos_cookie()
1113 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
1125 if (sctx->verify_stateless_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), in tls_parse_ctos_cookie()
1128 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); in tls_parse_ctos_cookie()
1138 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
1145 || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, in tls_parse_ctos_cookie()
1146 s->tmp_session_id_len) in tls_parse_ctos_cookie()
1147 || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, in tls_parse_ctos_cookie()
1152 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
1157 || !WPACKET_put_bytes_u16(&hrrpkt, s->version) in tls_parse_ctos_cookie()
1160 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
1166 || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) in tls_parse_ctos_cookie()
1169 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
1182 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
1187 if (!create_synthetic_message_hash(s, PACKET_data(&chhash), in tls_parse_ctos_cookie()
1195 s->hello_retry_request = SSL_HRR_PENDING; in tls_parse_ctos_cookie()
1197 s->ext.cookieok = 1; in tls_parse_ctos_cookie()
1203 int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_supported_groups() argument
1213 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_supported_groups()
1217 if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { in tls_parse_ctos_supported_groups()
1218 OPENSSL_free(s->ext.peer_supportedgroups); in tls_parse_ctos_supported_groups()
1219 s->ext.peer_supportedgroups = NULL; in tls_parse_ctos_supported_groups()
1220 s->ext.peer_supportedgroups_len = 0; in tls_parse_ctos_supported_groups()
1222 &s->ext.peer_supportedgroups, in tls_parse_ctos_supported_groups()
1223 &s->ext.peer_supportedgroups_len)) { in tls_parse_ctos_supported_groups()
1224 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_supported_groups()
1232 int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_ems() argument
1237 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_ems()
1241 if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) in tls_parse_ctos_ems()
1244 s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS; in tls_parse_ctos_ems()
1250 int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_early_data() argument
1254 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_early_data()
1258 if (s->hello_retry_request != SSL_HRR_NONE) { in tls_parse_ctos_early_data()
1259 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); in tls_parse_ctos_early_data()
1266 static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL_CONNECTION *s, PACKET *tick, in tls_get_stateful_ticket() argument
1271 s->ext.ticket_expected = 1; in tls_get_stateful_ticket()
1284 tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), in tls_get_stateful_ticket()
1294 int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_psk() argument
1303 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_parse_ctos_psk()
1304 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in tls_parse_ctos_psk()
1310 if ((s->ext.psk_kex_mode in tls_parse_ctos_psk()
1315 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1319 s->ext.ticket_expected = 0; in tls_parse_ctos_psk()
1327 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1332 if (s->psk_find_session_cb != NULL in tls_parse_ctos_psk()
1333 && !s->psk_find_session_cb(ussl, PACKET_data(&identity), idlen, in tls_parse_ctos_psk()
1335 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1341 && s->psk_server_callback != NULL in tls_parse_ctos_psk()
1348 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1351 pskdatalen = s->psk_server_callback(ussl, pskid, pskdata, in tls_parse_ctos_psk()
1355 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1365 cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), in tls_parse_ctos_psk()
1369 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1381 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1394 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1404 memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length); in tls_parse_ctos_psk()
1405 sess->sid_ctx_length = s->sid_ctx_length; in tls_parse_ctos_psk()
1408 s->ext.early_data_ok = 1; in tls_parse_ctos_psk()
1409 s->ext.ticket_expected = 1; in tls_parse_ctos_psk()
1419 if ((s->options & SSL_OP_NO_TICKET) != 0 in tls_parse_ctos_psk()
1420 || (s->max_early_data > 0 in tls_parse_ctos_psk()
1421 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) in tls_parse_ctos_psk()
1422 ret = tls_get_stateful_ticket(s, &identity, &sess); in tls_parse_ctos_psk()
1424 ret = tls_decrypt_ticket(s, PACKET_data(&identity), in tls_parse_ctos_psk()
1429 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1435 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1442 if (s->max_early_data > 0 in tls_parse_ctos_psk()
1443 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 in tls_parse_ctos_psk()
1444 && !SSL_CTX_remove_session(s->session_ctx, sess)) { in tls_parse_ctos_psk()
1474 s->ext.early_data_ok = 1; in tls_parse_ctos_psk()
1480 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1485 s->s3.tmp.new_cipher->algorithm2)))) { in tls_parse_ctos_psk()
1489 s->ext.early_data_ok = 0; in tls_parse_ctos_psk()
1490 s->ext.ticket_expected = 0; in tls_parse_ctos_psk()
1499 binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; in tls_parse_ctos_psk()
1505 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1511 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1517 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1520 if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, in tls_parse_ctos_psk()
1527 s->ext.tick_identity = id; in tls_parse_ctos_psk()
1529 SSL_SESSION_free(s->session); in tls_parse_ctos_psk()
1530 s->session = sess; in tls_parse_ctos_psk()
1537 int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_ctos_post_handshake_auth() argument
1543 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_post_handshake_auth()
1548 s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; in tls_parse_ctos_post_handshake_auth()
1556 EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_renegotiate() argument
1560 if (!s->s3.send_connection_binding) in tls_construct_stoc_renegotiate()
1567 || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, in tls_construct_stoc_renegotiate()
1568 s->s3.previous_client_finished_len) in tls_construct_stoc_renegotiate()
1569 || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, in tls_construct_stoc_renegotiate()
1570 s->s3.previous_server_finished_len) in tls_construct_stoc_renegotiate()
1573 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_renegotiate()
1580 EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_server_name() argument
1584 if (s->servername_done != 1) in tls_construct_stoc_server_name()
1591 if (s->hit && !SSL_CONNECTION_IS_TLS13(s)) in tls_construct_stoc_server_name()
1596 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_server_name()
1604 EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_maxfragmentlen() argument
1608 if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) in tls_construct_stoc_maxfragmentlen()
1617 || !WPACKET_put_bytes_u8(pkt, s->session->ext.max_fragment_len_mode) in tls_construct_stoc_maxfragmentlen()
1619 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_maxfragmentlen()
1626 EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_ec_pt_formats() argument
1630 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in tls_construct_stoc_ec_pt_formats()
1631 unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth; in tls_construct_stoc_ec_pt_formats()
1633 && (s->ext.peer_ecpointformats != NULL); in tls_construct_stoc_ec_pt_formats()
1640 tls1_get_formatlist(s, &plist, &plistlen); in tls_construct_stoc_ec_pt_formats()
1645 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_ec_pt_formats()
1652 EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_supported_groups() argument
1661 if (s->s3.group_id == 0) in tls_construct_stoc_supported_groups()
1665 tls1_get_supported_groups(s, &groups, &numgroups); in tls_construct_stoc_supported_groups()
1667 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1672 version = SSL_version(SSL_CONNECTION_GET_SSL(s)); in tls_construct_stoc_supported_groups()
1676 if (tls_valid_group(s, group, version, version, 0, NULL) in tls_construct_stoc_supported_groups()
1677 && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { in tls_construct_stoc_supported_groups()
1683 if (s->s3.group_id == group) in tls_construct_stoc_supported_groups()
1691 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1698 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1705 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1712 EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_session_ticket() argument
1716 if (!s->ext.ticket_expected || !tls_use_ticket(s)) { in tls_construct_stoc_session_ticket()
1717 s->ext.ticket_expected = 0; in tls_construct_stoc_session_ticket()
1723 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_session_ticket()
1731 EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_status_request() argument
1739 if (!s->ext.status_expected) in tls_construct_stoc_status_request()
1742 if (SSL_CONNECTION_IS_TLS13(s) && chainidx != 0) in tls_construct_stoc_status_request()
1747 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_status_request()
1756 if (SSL_CONNECTION_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { in tls_construct_stoc_status_request()
1761 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_status_request()
1770 EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_next_proto_neg() argument
1777 int npn_seen = s->s3.npn_seen; in tls_construct_stoc_next_proto_neg()
1778 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_construct_stoc_next_proto_neg()
1780 s->s3.npn_seen = 0; in tls_construct_stoc_next_proto_neg()
1784 ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_USER_SSL(s), &npa, in tls_construct_stoc_next_proto_neg()
1789 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_next_proto_neg()
1792 s->s3.npn_seen = 1; in tls_construct_stoc_next_proto_neg()
1800 EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, in tls_construct_stoc_alpn() argument
1803 if (s->s3.alpn_selected == NULL) in tls_construct_stoc_alpn()
1810 || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, in tls_construct_stoc_alpn()
1811 s->s3.alpn_selected_len) in tls_construct_stoc_alpn()
1814 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_alpn()
1822 EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_use_srtp() argument
1826 if (s->srtp_profile == NULL) in tls_construct_stoc_use_srtp()
1832 || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) in tls_construct_stoc_use_srtp()
1835 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_use_srtp()
1843 EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_etm() argument
1847 if (!s->ext.use_etm) in tls_construct_stoc_etm()
1854 if (s->s3.tmp.new_cipher->algorithm_mac == SSL_AEAD in tls_construct_stoc_etm()
1855 || s->s3.tmp.new_cipher->algorithm_enc == SSL_RC4 in tls_construct_stoc_etm()
1856 || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT in tls_construct_stoc_etm()
1857 || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12 in tls_construct_stoc_etm()
1858 || s->s3.tmp.new_cipher->algorithm_enc == SSL_MAGMA in tls_construct_stoc_etm()
1859 || s->s3.tmp.new_cipher->algorithm_enc == SSL_KUZNYECHIK) { in tls_construct_stoc_etm()
1860 s->ext.use_etm = 0; in tls_construct_stoc_etm()
1866 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_etm()
1873 EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_ems() argument
1877 if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) in tls_construct_stoc_ems()
1882 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_ems()
1889 EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_supported_versions() argument
1893 if (!ossl_assert(SSL_CONNECTION_IS_TLS13(s))) { in tls_construct_stoc_supported_versions()
1894 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_versions()
1900 || !WPACKET_put_bytes_u16(pkt, s->version) in tls_construct_stoc_supported_versions()
1902 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_versions()
1909 EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_key_share() argument
1916 EVP_PKEY *ckey = s->s3.peer_tmp, *skey = NULL; in tls_construct_stoc_key_share()
1919 if (s->hello_retry_request == SSL_HRR_PENDING) { in tls_construct_stoc_key_share()
1926 || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) in tls_construct_stoc_key_share()
1928 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1937 if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) { in tls_construct_stoc_key_share()
1938 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1944 if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) { in tls_construct_stoc_key_share()
1956 || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { in tls_construct_stoc_key_share()
1957 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1961 if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), in tls_construct_stoc_key_share()
1962 s->s3.group_id)) == NULL) { in tls_construct_stoc_key_share()
1963 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1969 skey = ssl_generate_pkey(s, ckey); in tls_construct_stoc_key_share()
1971 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); in tls_construct_stoc_key_share()
1978 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); in tls_construct_stoc_key_share()
1985 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1995 s->s3.tmp.pkey = skey; in tls_construct_stoc_key_share()
1996 if (ssl_derive(s, skey, ckey, 1) == 0) { in tls_construct_stoc_key_share()
2011 if (ssl_encapsulate(s, ckey, &ct, &ctlen, 0) == 0) { in tls_construct_stoc_key_share()
2017 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
2024 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
2033 if (ssl_gensecret(s, s->s3.tmp.pms, s->s3.tmp.pmslen) == 0) { in tls_construct_stoc_key_share()
2038 s->s3.did_kex = 1; in tls_construct_stoc_key_share()
2045 EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_cookie() argument
2056 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_construct_stoc_cookie()
2057 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_construct_stoc_cookie()
2058 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in tls_construct_stoc_cookie()
2060 if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) in tls_construct_stoc_cookie()
2064 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_COOKIE_CALLBACK_SET); in tls_construct_stoc_cookie()
2075 || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) in tls_construct_stoc_cookie()
2076 || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, in tls_construct_stoc_cookie()
2079 || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) in tls_construct_stoc_cookie()
2083 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2092 if (!ssl3_digest_cached_records(s, 0) in tls_construct_stoc_cookie()
2093 || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { in tls_construct_stoc_cookie()
2103 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2110 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); in tls_construct_stoc_cookie()
2119 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2126 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2134 s->session_ctx->ext.cookie_hmac_key, in tls_construct_stoc_cookie()
2135 sizeof(s->session_ctx->ext.cookie_hmac_key)); in tls_construct_stoc_cookie()
2137 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_stoc_cookie()
2145 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2150 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2159 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
2174 EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_cryptopro_bug() argument
2187 if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 in tls_construct_stoc_cryptopro_bug()
2188 && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) in tls_construct_stoc_cryptopro_bug()
2189 || (SSL_get_options(SSL_CONNECTION_GET_SSL(s)) in tls_construct_stoc_cryptopro_bug()
2194 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cryptopro_bug()
2201 EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_early_data() argument
2206 if (s->max_early_data == 0) in tls_construct_stoc_early_data()
2211 || !WPACKET_put_bytes_u32(pkt, s->max_early_data) in tls_construct_stoc_early_data()
2213 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_early_data()
2220 if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) in tls_construct_stoc_early_data()
2226 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_early_data()
2233 EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_stoc_psk() argument
2237 if (!s->hit) in tls_construct_stoc_psk()
2242 || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) in tls_construct_stoc_psk()
2244 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_psk()
