Lines Matching refs:s

40 int ossl_statem_set_mutator(SSL *s,  in ossl_statem_set_mutator()  argument
45 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); in ossl_statem_set_mutator()
61 int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) in ssl3_do_write() argument
65 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in ssl3_do_write()
66 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in ssl3_do_write()
72 if (s->statem.mutate_handshake_cb != NULL in ssl3_do_write()
73 && !s->statem.write_in_progress in ssl3_do_write()
75 && s->init_num >= SSL3_HM_HEADER_LENGTH) { in ssl3_do_write()
79 if (!s->statem.mutate_handshake_cb((unsigned char *)s->init_buf->data, in ssl3_do_write()
80 s->init_num, in ssl3_do_write()
82 s->statem.mutatearg)) in ssl3_do_write()
85 || !BUF_MEM_grow(s->init_buf, msglen)) in ssl3_do_write()
87 memcpy(s->init_buf->data, msg, msglen); in ssl3_do_write()
88 s->init_num = msglen; in ssl3_do_write()
89 s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; in ssl3_do_write()
90 s->statem.finish_mutate_handshake_cb(s->statem.mutatearg); in ssl3_do_write()
91 s->statem.write_in_progress = 1; in ssl3_do_write()
94 ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off], in ssl3_do_write()
95 s->init_num, &written); in ssl3_do_write()
104 if (!SSL_CONNECTION_IS_TLS13(s) in ssl3_do_write()
105 || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET in ssl3_do_write()
106 && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE in ssl3_do_write()
107 && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) in ssl3_do_write()
108 if (!ssl3_finish_mac(s, in ssl3_do_write()
109 (unsigned char *)&s->init_buf->data[s->init_off], in ssl3_do_write()
112 if (written == s->init_num) { in ssl3_do_write()
113 s->statem.write_in_progress = 0; in ssl3_do_write()
114 if (s->msg_callback) in ssl3_do_write()
115 s->msg_callback(1, s->version, type, s->init_buf->data, in ssl3_do_write()
116 (size_t)(s->init_off + s->init_num), ussl, in ssl3_do_write()
117 s->msg_callback_arg); in ssl3_do_write()
120 s->init_off += written; in ssl3_do_write()
121 s->init_num -= written; in ssl3_do_write()
125 int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) in tls_close_construct_packet() argument
133 s->init_num = (int)msglen; in tls_close_construct_packet()
134 s->init_off = 0; in tls_close_construct_packet()
139 int tls_setup_handshake(SSL_CONNECTION *s) in tls_setup_handshake() argument
142 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_setup_handshake()
143 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_setup_handshake()
145 if (!ssl3_init_finished_mac(s)) { in tls_setup_handshake()
151 memset(s->ext.extflags, 0, sizeof(s->ext.extflags)); in tls_setup_handshake()
153 if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) { in tls_setup_handshake()
154 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_NO_PROTOCOLS_AVAILABLE); in tls_setup_handshake()
161 int md5sha1_needed_maxversion = SSL_CONNECTION_IS_DTLS(s) in tls_setup_handshake()
165 if (ssl_version_cmp(s, ver_max, md5sha1_needed_maxversion) <= 0) { in tls_setup_handshake()
166 SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, in tls_setup_handshake()
178 negotiated_minversion = SSL_CONNECTION_IS_DTLS(s) ? in tls_setup_handshake()
180 if (ssl_version_cmp(s, ver_min, negotiated_minversion) < 0) in tls_setup_handshake()
184 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); in tls_setup_handshake()
190 if (s->server) { in tls_setup_handshake()
201 int cipher_minprotover = SSL_CONNECTION_IS_DTLS(s) in tls_setup_handshake()
203 int cipher_maxprotover = SSL_CONNECTION_IS_DTLS(s) in tls_setup_handshake()
206 if (ssl_version_cmp(s, ver_max, cipher_minprotover) >= 0 in tls_setup_handshake()
207 && ssl_version_cmp(s, ver_max, cipher_maxprotover) <= 0) { in tls_setup_handshake()
213 SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, in tls_setup_handshake()
219 if (SSL_IS_FIRST_HANDSHAKE(s)) { in tls_setup_handshake()
221 ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept); in tls_setup_handshake()
226 s->s3.tmp.cert_request = 0; in tls_setup_handshake()
229 if (SSL_IS_FIRST_HANDSHAKE(s)) in tls_setup_handshake()
230 ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_connect); in tls_setup_handshake()
232 ssl_tsan_counter(s->session_ctx, in tls_setup_handshake()
233 &s->session_ctx->stats.sess_connect_renegotiate); in tls_setup_handshake()
236 memset(s->s3.client_random, 0, sizeof(s->s3.client_random)); in tls_setup_handshake()
237 s->hit = 0; in tls_setup_handshake()
239 s->s3.tmp.cert_req = 0; in tls_setup_handshake()
241 if (SSL_CONNECTION_IS_DTLS(s)) in tls_setup_handshake()
242 s->statem.use_timer = 1; in tls_setup_handshake()
255 static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs, in get_cert_verify_tbs_data() argument
265 if (SSL_CONNECTION_IS_TLS13(s)) { in get_cert_verify_tbs_data()
271 if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY in get_cert_verify_tbs_data()
272 || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) in get_cert_verify_tbs_data()
282 if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY in get_cert_verify_tbs_data()
283 || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { in get_cert_verify_tbs_data()
284 memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash, in get_cert_verify_tbs_data()
285 s->cert_verify_hash_len); in get_cert_verify_tbs_data()
286 hashlen = s->cert_verify_hash_len; in get_cert_verify_tbs_data()
287 } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE, in get_cert_verify_tbs_data()
299 retlen = retlen_l = BIO_get_mem_data(s->s3.handshake_buffer, hdata); in get_cert_verify_tbs_data()
301 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in get_cert_verify_tbs_data()
310 CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) in tls_construct_cert_verify() argument
320 const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; in tls_construct_cert_verify()
321 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_construct_cert_verify()
323 if (lu == NULL || s->s3.tmp.cert == NULL) { in tls_construct_cert_verify()
324 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_cert_verify()
327 pkey = s->s3.tmp.cert->privatekey; in tls_construct_cert_verify()
330 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_cert_verify()
336 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
341 if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) { in tls_construct_cert_verify()
346 if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) { in tls_construct_cert_verify()
347 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_cert_verify()
355 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
363 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
367 if (s->version == SSL3_VERSION) { in tls_construct_cert_verify()
374 (int)s->session->master_key_length, in tls_construct_cert_verify()
375 s->session->master_key) <= 0 in tls_construct_cert_verify()
378 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
384 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
393 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
399 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_construct_cert_verify()
416 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_cert_verify()
421 if (!ssl3_digest_cached_records(s, 0)) { in tls_construct_cert_verify()
435 MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) in tls_process_cert_verify() argument
451 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_process_cert_verify()
454 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_process_cert_verify()
458 pkey = tls_get_peer_pkey(s); in tls_process_cert_verify()
460 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_process_cert_verify()
465 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_process_cert_verify()
470 if (SSL_USE_SIGALGS(s)) { in tls_process_cert_verify()
474 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET); in tls_process_cert_verify()
477 if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) { in tls_process_cert_verify()
481 } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { in tls_process_cert_verify()
482 SSLfatal(s, SSL_AD_INTERNAL_ERROR, in tls_process_cert_verify()
487 if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) { in tls_process_cert_verify()
488 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_process_cert_verify()
492 if (SSL_USE_SIGALGS(s)) in tls_process_cert_verify()
502 if (!SSL_USE_SIGALGS(s) in tls_process_cert_verify()
512 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_process_cert_verify()
517 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_process_cert_verify()
521 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_process_cert_verify()
525 if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) { in tls_process_cert_verify()
537 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_process_cert_verify()
554 if (SSL_USE_PSS(s)) { in tls_process_cert_verify()
558 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_process_cert_verify()
562 if (s->version == SSL3_VERSION) { in tls_process_cert_verify()
565 (int)s->session->master_key_length, in tls_process_cert_verify()
566 s->session->master_key) <= 0) { in tls_process_cert_verify()
567 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); in tls_process_cert_verify()
571 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); in tls_process_cert_verify()
578 if (SSL_IS_QUIC_HANDSHAKE(s)) in tls_process_cert_verify()
582 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); in tls_process_cert_verify()
595 if (!s->server && SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.cert_req == 1) in tls_process_cert_verify()
600 BIO_free(s->s3.handshake_buffer); in tls_process_cert_verify()
601 s->s3.handshake_buffer = NULL; in tls_process_cert_verify()
609 CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt) in tls_construct_finished() argument
614 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_construct_finished()
617 if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED) in tls_construct_finished()
618 s->statem.cleanuphand = 1; in tls_construct_finished()
626 if (SSL_CONNECTION_IS_TLS13(s) in tls_construct_finished()
627 && !s->server in tls_construct_finished()
628 && (s->early_data_state != SSL_EARLY_DATA_NONE in tls_construct_finished()
629 || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) in tls_construct_finished()
630 && s->s3.tmp.cert_req == 0 in tls_construct_finished()
631 && (!ssl->method->ssl3_enc->change_cipher_state(s, in tls_construct_finished()
637 if (s->server) { in tls_construct_finished()
645 finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s, in tls_construct_finished()
647 s->s3.tmp.finish_md); in tls_construct_finished()
653 s->s3.tmp.finish_md_len = finish_md_len; in tls_construct_finished()
655 if (!WPACKET_memcpy(pkt, s->s3.tmp.finish_md, finish_md_len)) { in tls_construct_finished()
656 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_finished()
664 if (!SSL_CONNECTION_IS_TLS13(s) in tls_construct_finished()
665 && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key, in tls_construct_finished()
666 s->session->master_key_length)) { in tls_construct_finished()
675 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_finished()
678 if (!s->server) { in tls_construct_finished()
679 memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md, in tls_construct_finished()
681 s->s3.previous_client_finished_len = finish_md_len; in tls_construct_finished()
683 memcpy(s->s3.previous_server_finished, s->s3.tmp.finish_md, in tls_construct_finished()
685 s->s3.previous_server_finished_len = finish_md_len; in tls_construct_finished()
691 CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt) in tls_construct_key_update() argument
693 if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { in tls_construct_key_update()
694 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_key_update()
698 s->key_update = SSL_KEY_UPDATE_NONE; in tls_construct_key_update()
702 MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt) in tls_process_key_update() argument
710 if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { in tls_process_key_update()
711 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY); in tls_process_key_update()
717 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_KEY_UPDATE); in tls_process_key_update()
727 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_UPDATE); in tls_process_key_update()
737 s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED; in tls_process_key_update()
739 if (!tls13_update_key(s, 0)) { in tls_process_key_update()
751 int ssl3_take_mac(SSL_CONNECTION *s) in ssl3_take_mac() argument
755 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in ssl3_take_mac()
757 if (!s->server) { in ssl3_take_mac()
765 s->s3.tmp.peer_finish_md_len = in ssl3_take_mac()
766 ssl->method->ssl3_enc->final_finish_mac(s, sender, slen, in ssl3_take_mac()
767 s->s3.tmp.peer_finish_md); in ssl3_take_mac()
769 if (s->s3.tmp.peer_finish_md_len == 0) { in ssl3_take_mac()
777 MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, in tls_process_change_cipher_spec() argument
788 if (SSL_CONNECTION_IS_DTLS(s)) { in tls_process_change_cipher_spec()
789 if ((s->version == DTLS1_BAD_VER in tls_process_change_cipher_spec()
791 || (s->version != DTLS1_BAD_VER in tls_process_change_cipher_spec()
793 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_CHANGE_CIPHER_SPEC); in tls_process_change_cipher_spec()
798 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_CHANGE_CIPHER_SPEC); in tls_process_change_cipher_spec()
804 if (s->s3.tmp.new_cipher == NULL) { in tls_process_change_cipher_spec()
805 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_CCS_RECEIVED_EARLY); in tls_process_change_cipher_spec()
809 s->s3.change_cipher_spec = 1; in tls_process_change_cipher_spec()
810 if (!ssl3_do_change_cipher_spec(s)) { in tls_process_change_cipher_spec()
811 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_process_change_cipher_spec()
815 if (SSL_CONNECTION_IS_DTLS(s)) { in tls_process_change_cipher_spec()
816 if (s->version == DTLS1_BAD_VER) in tls_process_change_cipher_spec()
817 s->d1->handshake_read_seq++; in tls_process_change_cipher_spec()
825 BIO_ctrl(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)), in tls_process_change_cipher_spec()
833 MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) in tls_process_finished() argument
836 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_process_finished()
837 int was_first = SSL_IS_FIRST_HANDSHAKE(s); in tls_process_finished()
842 if (s->server) { in tls_process_finished()
848 if (s->rlayer.rrlmethod->set_plain_alerts != NULL) in tls_process_finished()
849 s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); in tls_process_finished()
850 if (s->post_handshake_auth != SSL_PHA_REQUESTED) in tls_process_finished()
851 s->statem.cleanuphand = 1; in tls_process_finished()
852 if (SSL_CONNECTION_IS_TLS13(s) in tls_process_finished()
853 && !tls13_save_handshake_digest_for_pha(s)) { in tls_process_finished()
863 if (SSL_CONNECTION_IS_TLS13(s) in tls_process_finished()
864 && RECORD_LAYER_processed_read_pending(&s->rlayer)) { in tls_process_finished()
865 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY); in tls_process_finished()
870 if (!SSL_CONNECTION_IS_TLS13(s) && !s->s3.change_cipher_spec) { in tls_process_finished()
871 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_GOT_A_FIN_BEFORE_A_CCS); in tls_process_finished()
874 s->s3.change_cipher_spec = 0; in tls_process_finished()
876 md_len = s->s3.tmp.peer_finish_md_len; in tls_process_finished()
879 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_DIGEST_LENGTH); in tls_process_finished()
883 ok = CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, in tls_process_finished()
887 if ((PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0]) != 0xFF) { in tls_process_finished()
893 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED); in tls_process_finished()
901 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_process_finished()
904 if (s->server) { in tls_process_finished()
905 memcpy(s->s3.previous_client_finished, s->s3.tmp.peer_finish_md, in tls_process_finished()
907 s->s3.previous_client_finished_len = md_len; in tls_process_finished()
909 memcpy(s->s3.previous_server_finished, s->s3.tmp.peer_finish_md, in tls_process_finished()
911 s->s3.previous_server_finished_len = md_len; in tls_process_finished()
918 if (SSL_CONNECTION_IS_TLS13(s)) { in tls_process_finished()
919 if (s->server) { in tls_process_finished()
920 if (s->post_handshake_auth != SSL_PHA_REQUESTED && in tls_process_finished()
921 !ssl->method->ssl3_enc->change_cipher_state(s, in tls_process_finished()
929 if (!ssl->method->ssl3_enc->generate_master_secret(s, in tls_process_finished()
930 s->master_secret, s->handshake_secret, 0, in tls_process_finished()
935 if (!ssl->method->ssl3_enc->change_cipher_state(s, in tls_process_finished()
940 if (!tls_process_initial_server_flight(s)) { in tls_process_finished()
948 && !SSL_IS_FIRST_HANDSHAKE(s) in tls_process_finished()
949 && s->rlayer.rrlmethod->set_first_handshake != NULL) in tls_process_finished()
950 s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 0); in tls_process_finished()
955 CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt) in tls_construct_change_cipher_spec() argument
958 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_change_cipher_spec()
966 static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt, in ssl_add_cert_to_wpacket() argument
979 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); in ssl_add_cert_to_wpacket()
985 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in ssl_add_cert_to_wpacket()
989 if ((SSL_CONNECTION_IS_TLS13(s) || for_comp) in ssl_add_cert_to_wpacket()
990 && !tls_construct_extensions(s, pkt, context, x, chain)) { in ssl_add_cert_to_wpacket()
999 static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk, int for_comp) in ssl_add_cert_chain() argument
1006 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in ssl_add_cert_chain()
1021 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) in ssl_add_cert_chain()
1023 else if (s->cert->chain_store) in ssl_add_cert_chain()
1024 chain_store = s->cert->chain_store; in ssl_add_cert_chain()
1034 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_X509_LIB); in ssl_add_cert_chain()
1040 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_X509_LIB); in ssl_add_cert_chain()
1053 i = ssl_security_cert_chain(s, chain, NULL, 0); in ssl_add_cert_chain()
1063 SSLfatal(s, SSL_AD_INTERNAL_ERROR, i); in ssl_add_cert_chain()
1070 if (!ssl_add_cert_to_wpacket(s, pkt, x, i, for_comp)) { in ssl_add_cert_chain()
1078 i = ssl_security_cert_chain(s, extra_certs, x, 0); in ssl_add_cert_chain()
1081 SSLfatal(s, SSL_AD_INTERNAL_ERROR, i); in ssl_add_cert_chain()
1084 if (!ssl_add_cert_to_wpacket(s, pkt, x, 0, for_comp)) { in ssl_add_cert_chain()
1090 if (!ssl_add_cert_to_wpacket(s, pkt, x, i + 1, for_comp)) { in ssl_add_cert_chain()
1384 unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, in ssl3_output_cert_chain() argument
1389 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in ssl3_output_cert_chain()
1393 if (!ssl_add_cert_chain(s, pkt, cpk, for_comp)) in ssl3_output_cert_chain()
1398 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in ssl3_output_cert_chain()
1410 WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, in tls_finish_handshake() argument
1414 int cleanuphand = s->statem.cleanuphand; in tls_finish_handshake()
1415 SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); in tls_finish_handshake()
1416 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_finish_handshake()
1419 if (!SSL_CONNECTION_IS_DTLS(s) in tls_finish_handshake()
1427 || BIO_dgram_is_sctp(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s))) in tls_finish_handshake()
1434 BUF_MEM_free(s->init_buf); in tls_finish_handshake()
1435 s->init_buf = NULL; in tls_finish_handshake()
1438 if (!ssl_free_wbio_buffer(s)) { in tls_finish_handshake()
1439 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_finish_handshake()
1442 s->init_num = 0; in tls_finish_handshake()
1445 if (SSL_CONNECTION_IS_TLS13(s) && !s->server in tls_finish_handshake()
1446 && s->post_handshake_auth == SSL_PHA_REQUESTED) in tls_finish_handshake()
1447 s->post_handshake_auth = SSL_PHA_EXT_SENT; in tls_finish_handshake()
1455 s->renegotiate = 0; in tls_finish_handshake()
1456 s->new_session = 0; in tls_finish_handshake()
1457 s->statem.cleanuphand = 0; in tls_finish_handshake()
1458 s->ext.ticket_expected = 0; in tls_finish_handshake()
1460 ssl3_cleanup_key_block(s); in tls_finish_handshake()
1462 if (s->server) { in tls_finish_handshake()
1467 if (!SSL_CONNECTION_IS_TLS13(s)) in tls_finish_handshake()
1468 ssl_update_cache(s, SSL_SESS_CACHE_SERVER); in tls_finish_handshake()
1472 s->handshake_func = ossl_statem_accept; in tls_finish_handshake()
1474 if (SSL_CONNECTION_IS_TLS13(s)) { in tls_finish_handshake()
1479 if ((s->session_ctx->session_cache_mode in tls_finish_handshake()
1481 SSL_CTX_remove_session(s->session_ctx, s->session); in tls_finish_handshake()
1487 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); in tls_finish_handshake()
1489 if (s->hit) in tls_finish_handshake()
1490 ssl_tsan_counter(s->session_ctx, in tls_finish_handshake()
1491 &s->session_ctx->stats.sess_hit); in tls_finish_handshake()
1493 s->handshake_func = ossl_statem_connect; in tls_finish_handshake()
1494 ssl_tsan_counter(s->session_ctx, in tls_finish_handshake()
1495 &s->session_ctx->stats.sess_connect_good); in tls_finish_handshake()
1498 if (SSL_CONNECTION_IS_DTLS(s)) { in tls_finish_handshake()
1500 s->d1->handshake_read_seq = 0; in tls_finish_handshake()
1501 s->d1->handshake_write_seq = 0; in tls_finish_handshake()
1502 s->d1->next_handshake_write_seq = 0; in tls_finish_handshake()
1503 dtls1_clear_received_buffer(s); in tls_finish_handshake()
1507 if (s->info_callback != NULL) in tls_finish_handshake()
1508 cb = s->info_callback; in tls_finish_handshake()
1513 ossl_statem_set_in_init(s, 0); in tls_finish_handshake()
1517 || !SSL_CONNECTION_IS_TLS13(s) in tls_finish_handshake()
1518 || SSL_IS_FIRST_HANDSHAKE(s)) in tls_finish_handshake()
1524 ossl_statem_set_in_init(s, 1); in tls_finish_handshake()
1531 int tls_get_message_header(SSL_CONNECTION *s, int *mt) in tls_get_message_header() argument
1538 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_get_message_header()
1539 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in tls_get_message_header()
1541 p = (unsigned char *)s->init_buf->data; in tls_get_message_header()
1544 while (s->init_num < SSL3_HM_HEADER_LENGTH) { in tls_get_message_header()
1546 &p[s->init_num], in tls_get_message_header()
1547 SSL3_HM_HEADER_LENGTH - s->init_num, in tls_get_message_header()
1550 s->rwstate = SSL_READING; in tls_get_message_header()
1558 if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) { in tls_get_message_header()
1559 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, in tls_get_message_header()
1563 if (s->statem.hand_state == TLS_ST_BEFORE in tls_get_message_header()
1564 && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { in tls_get_message_header()
1574 s->s3.tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; in tls_get_message_header()
1575 s->init_num = readbytes - 1; in tls_get_message_header()
1576 s->init_msg = s->init_buf->data; in tls_get_message_header()
1577 s->s3.tmp.message_size = readbytes; in tls_get_message_header()
1580 SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, in tls_get_message_header()
1584 s->init_num += readbytes; in tls_get_message_header()
1588 if (!s->server) in tls_get_message_header()
1589 if (s->statem.hand_state != TLS_ST_OK in tls_get_message_header()
1598 s->init_num = 0; in tls_get_message_header()
1601 if (s->msg_callback) in tls_get_message_header()
1602 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, in tls_get_message_header()
1604 s->msg_callback_arg); in tls_get_message_header()
1610 s->s3.tmp.message_type = *(p++); in tls_get_message_header()
1612 if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { in tls_get_message_header()
1620 l = s->rlayer.tlsrecs[0].length + SSL3_HM_HEADER_LENGTH; in tls_get_message_header()
1621 s->s3.tmp.message_size = l; in tls_get_message_header()
1623 s->init_msg = s->init_buf->data; in tls_get_message_header()
1624 s->init_num = SSL3_HM_HEADER_LENGTH; in tls_get_message_header()
1629 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_get_message_header()
1633 s->s3.tmp.message_size = l; in tls_get_message_header()
1635 s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; in tls_get_message_header()
1636 s->init_num = 0; in tls_get_message_header()
1642 int tls_get_message_body(SSL_CONNECTION *s, size_t *len) in tls_get_message_body() argument
1647 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in tls_get_message_body()
1648 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in tls_get_message_body()
1650 if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { in tls_get_message_body()
1652 *len = (unsigned long)s->init_num; in tls_get_message_body()
1656 p = s->init_msg; in tls_get_message_body()
1657 n = s->s3.tmp.message_size - s->init_num; in tls_get_message_body()
1660 &p[s->init_num], n, 0, &readbytes); in tls_get_message_body()
1662 s->rwstate = SSL_READING; in tls_get_message_body()
1666 s->init_num += readbytes; in tls_get_message_body()
1674 if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { in tls_get_message_body()
1681 if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { in tls_get_message_body()
1682 if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, in tls_get_message_body()
1683 s->init_num)) { in tls_get_message_body()
1688 if (s->msg_callback) in tls_get_message_body()
1689 s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, in tls_get_message_body()
1690 (size_t)s->init_num, ussl, s->msg_callback_arg); in tls_get_message_body()
1700 if (!SSL_CONNECTION_IS_TLS13(s) in tls_get_message_body()
1701 || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET in tls_get_message_body()
1702 && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { in tls_get_message_body()
1703 if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO in tls_get_message_body()
1704 || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE in tls_get_message_body()
1706 s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, in tls_get_message_body()
1708 if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, in tls_get_message_body()
1709 s->init_num + SSL3_HM_HEADER_LENGTH)) { in tls_get_message_body()
1716 if (s->msg_callback) in tls_get_message_body()
1717 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, in tls_get_message_body()
1718 (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ussl, in tls_get_message_body()
1719 s->msg_callback_arg); in tls_get_message_body()
1722 *len = s->init_num; in tls_get_message_body()
1782 int ssl_allow_compression(SSL_CONNECTION *s) in ssl_allow_compression() argument
1784 if (s->options & SSL_OP_NO_COMPRESSION) in ssl_allow_compression()
1786 return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL); in ssl_allow_compression()
1797 int ssl_version_cmp(const SSL_CONNECTION *s, int versiona, int versionb) in ssl_version_cmp() argument
1799 int dtls = SSL_CONNECTION_IS_DTLS(s); in ssl_version_cmp()
1877 static int ssl_method_error(const SSL_CONNECTION *s, const SSL_METHOD *method) in ssl_method_error() argument
1881 if ((s->min_proto_version != 0 && in ssl_method_error()
1882 ssl_version_cmp(s, version, s->min_proto_version) < 0) || in ssl_method_error()
1883 ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) in ssl_method_error()
1886 if (s->max_proto_version != 0 && in ssl_method_error()
1887 ssl_version_cmp(s, version, s->max_proto_version) > 0) in ssl_method_error()
1890 if ((s->options & method->mask) != 0) in ssl_method_error()
1892 if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s)) in ssl_method_error()
1903 static int is_tls13_capable(const SSL_CONNECTION *s) in is_tls13_capable() argument
1907 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in is_tls13_capable()
1909 if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) in is_tls13_capable()
1917 || s->session_ctx->ext.servername_cb != NULL) in is_tls13_capable()
1921 if (s->psk_server_callback != NULL) in is_tls13_capable()
1925 if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL) in is_tls13_capable()
1929 for (i = 0; i < s->ssl_pkey_num; i++) { in is_tls13_capable()
1940 if (!ssl_has_cert(s, i)) in is_tls13_capable()
1949 curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC].privatekey); in is_tls13_capable()
1950 if (tls_check_sigalg_curve(s, curve)) in is_tls13_capable()
1966 int ssl_version_supported(const SSL_CONNECTION *s, int version, in ssl_version_supported() argument
1972 switch (SSL_CONNECTION_GET_SSL(s)->method->version) { in ssl_version_supported()
1975 return ssl_version_cmp(s, version, s->version) == 0; in ssl_version_supported()
1985 vent->version != 0 && ssl_version_cmp(s, version, vent->version) <= 0; in ssl_version_supported()
1987 const SSL_METHOD *(*thismeth)(void) = s->server ? vent->smeth in ssl_version_supported()
1991 && ssl_version_cmp(s, version, vent->version) == 0 in ssl_version_supported()
1992 && ssl_method_error(s, thismeth()) == 0 in ssl_version_supported()
1993 && (!s->server in ssl_version_supported()
1995 || is_tls13_capable(s))) { in ssl_version_supported()
2013 int ssl_check_version_downgrade(SSL_CONNECTION *s) in ssl_check_version_downgrade() argument
2017 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in ssl_check_version_downgrade()
2024 if (s->version == ssl->defltmeth->version) in ssl_check_version_downgrade()
2041 if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0) in ssl_check_version_downgrade()
2042 return s->version == vent->version; in ssl_check_version_downgrade()
2110 static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd) in check_for_downgrade() argument
2113 && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { in check_for_downgrade()
2115 } else if (!SSL_CONNECTION_IS_DTLS(s) in check_for_downgrade()
2124 && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { in check_for_downgrade()
2140 int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, in ssl_choose_server_version() argument
2152 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in ssl_choose_server_version()
2160 s->client_version = client_version; in ssl_choose_server_version()
2164 if (!SSL_CONNECTION_IS_TLS13(s)) { in ssl_choose_server_version()
2165 if (ssl_version_cmp(s, client_version, s->version) < 0) in ssl_choose_server_version()
2193 if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE) in ssl_choose_server_version()
2196 if (suppversions->present && !SSL_CONNECTION_IS_DTLS(s)) { in ssl_choose_server_version()
2222 if (ssl_version_cmp(s, candidate_vers, best_vers) <= 0) in ssl_choose_server_version()
2224 if (ssl_version_supported(s, candidate_vers, &best_method)) in ssl_choose_server_version()
2233 if (s->hello_retry_request != SSL_HRR_NONE) { in ssl_choose_server_version()
2242 check_for_downgrade(s, best_vers, dgrd); in ssl_choose_server_version()
2243 s->version = best_vers; in ssl_choose_server_version()
2245 if (!ssl_set_record_protocol_version(s, best_vers)) in ssl_choose_server_version()
2257 if (ssl_version_cmp(s, client_version, TLS1_3_VERSION) >= 0) in ssl_choose_server_version()
2268 ssl_version_cmp(s, client_version, vent->version) < 0) in ssl_choose_server_version()
2271 if (ssl_method_error(s, method) == 0) { in ssl_choose_server_version()
2272 check_for_downgrade(s, vent->version, dgrd); in ssl_choose_server_version()
2273 s->version = vent->version; in ssl_choose_server_version()
2275 if (!ssl_set_record_protocol_version(s, s->version)) in ssl_choose_server_version()
2296 int ssl_choose_client_version(SSL_CONNECTION *s, int version, in ssl_choose_client_version() argument
2302 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in ssl_choose_client_version()
2304 origv = s->version; in ssl_choose_client_version()
2305 s->version = version; in ssl_choose_client_version()
2308 if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions, in ssl_choose_client_version()
2312 s->version = origv; in ssl_choose_client_version()
2316 if (s->hello_retry_request != SSL_HRR_NONE in ssl_choose_client_version()
2317 && s->version != TLS1_3_VERSION) { in ssl_choose_client_version()
2318 s->version = origv; in ssl_choose_client_version()
2319 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); in ssl_choose_client_version()
2325 if (s->version != ssl->method->version) { in ssl_choose_client_version()
2326 s->version = origv; in ssl_choose_client_version()
2327 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); in ssl_choose_client_version()
2337 if (!ssl_set_record_protocol_version(s, s->version)) { in ssl_choose_client_version()
2338 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in ssl_choose_client_version()
2350 ret = ssl_get_min_max_version(s, &ver_min, &ver_max, &real_max); in ssl_choose_client_version()
2352 s->version = origv; in ssl_choose_client_version()
2353 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, ret); in ssl_choose_client_version()
2356 if (ssl_version_cmp(s, s->version, ver_min) < 0 in ssl_choose_client_version()
2357 || ssl_version_cmp(s, s->version, ver_max) > 0) { in ssl_choose_client_version()
2358 s->version = origv; in ssl_choose_client_version()
2359 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); in ssl_choose_client_version()
2363 if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0) in ssl_choose_client_version()
2367 if (s->version == TLS1_2_VERSION && real_max > s->version) { in ssl_choose_client_version()
2369 s->s3.server_random + SSL3_RANDOM_SIZE in ssl_choose_client_version()
2372 s->version = origv; in ssl_choose_client_version()
2373 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in ssl_choose_client_version()
2377 } else if (!SSL_CONNECTION_IS_DTLS(s) in ssl_choose_client_version()
2378 && s->version < TLS1_2_VERSION in ssl_choose_client_version()
2379 && real_max > s->version) { in ssl_choose_client_version()
2381 s->s3.server_random + SSL3_RANDOM_SIZE in ssl_choose_client_version()
2384 s->version = origv; in ssl_choose_client_version()
2385 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in ssl_choose_client_version()
2392 if (vent->cmeth == NULL || s->version != vent->version) in ssl_choose_client_version()
2396 if (!ssl_set_record_protocol_version(s, s->version)) { in ssl_choose_client_version()
2397 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in ssl_choose_client_version()
2403 s->version = origv; in ssl_choose_client_version()
2404 SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); in ssl_choose_client_version()
2430 int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version, in ssl_get_min_max_version() argument
2438 const SSL *ssl = SSL_CONNECTION_GET_SSL(s); in ssl_get_min_max_version()
2449 *min_version = *max_version = s->version; in ssl_get_min_max_version()
2505 if (ssl_method_error(s, method) != 0) { in ssl_get_min_max_version()
2535 int ssl_set_client_hello_version(SSL_CONNECTION *s) in ssl_set_client_hello_version() argument
2543 if (!SSL_IS_FIRST_HANDSHAKE(s)) in ssl_set_client_hello_version()
2546 ret = ssl_get_min_max_version(s, &ver_min, &ver_max, NULL); in ssl_set_client_hello_version()
2551 s->version = ver_max; in ssl_set_client_hello_version()
2553 if (SSL_CONNECTION_IS_DTLS(s)) { in ssl_set_client_hello_version()
2562 if (!ssl_set_record_protocol_version(s, ver_max)) in ssl_set_client_hello_version()
2570 s->client_version = ver_max; in ssl_set_client_hello_version()
2580 int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, in check_in_list() argument
2593 || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { in check_in_list()
2602 int create_synthetic_message_hash(SSL_CONNECTION *s, in create_synthetic_message_hash() argument
2616 if (!ssl3_digest_cached_records(s, 0) in create_synthetic_message_hash()
2617 || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), in create_synthetic_message_hash()
2625 if (!ssl3_init_finished_mac(s)) { in create_synthetic_message_hash()
2633 if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH) in create_synthetic_message_hash()
2634 || !ssl3_finish_mac(s, hashval, hashlen)) { in create_synthetic_message_hash()
2645 && (!ssl3_finish_mac(s, hrr, hrrlen) in create_synthetic_message_hash()
2646 || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, in create_synthetic_message_hash()
2647 s->s3.tmp.message_size in create_synthetic_message_hash()
2661 int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt) in parse_ca_names() argument
2668 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); in parse_ca_names()
2673 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in parse_ca_names()
2683 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in parse_ca_names()
2689 SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_ASN1_LIB); in parse_ca_names()
2693 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_CA_DN_LENGTH_MISMATCH); in parse_ca_names()
2698 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); in parse_ca_names()
2704 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); in parse_ca_names()
2705 s->s3.tmp.peer_ca_names = ca_sk; in parse_ca_names()
2715 const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s) in STACK_OF()
2718 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in STACK_OF()
2720 if (s->server) { in STACK_OF()
2732 int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, in construct_ca_names() argument
2737 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in construct_ca_names()
2741 if ((ca_sk != NULL) && !(s->options & SSL_OP_DISABLE_TLSEXT_CA_NAMES)) { in construct_ca_names()
2754 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in construct_ca_names()
2761 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in construct_ca_names()
2769 size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, in construct_key_exchange_tbs() argument
2776 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); in construct_key_exchange_tbs()
2779 memcpy(tbs, s->s3.client_random, SSL3_RANDOM_SIZE); in construct_key_exchange_tbs()
2780 memcpy(tbs + SSL3_RANDOM_SIZE, s->s3.server_random, SSL3_RANDOM_SIZE); in construct_key_exchange_tbs()
2792 int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s) in tls13_save_handshake_digest_for_pha() argument
2794 if (s->pha_dgst == NULL) { in tls13_save_handshake_digest_for_pha()
2795 if (!ssl3_digest_cached_records(s, 1)) in tls13_save_handshake_digest_for_pha()
2799 s->pha_dgst = EVP_MD_CTX_new(); in tls13_save_handshake_digest_for_pha()
2800 if (s->pha_dgst == NULL) { in tls13_save_handshake_digest_for_pha()
2801 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls13_save_handshake_digest_for_pha()
2804 if (!EVP_MD_CTX_copy_ex(s->pha_dgst, in tls13_save_handshake_digest_for_pha()
2805 s->s3.handshake_dgst)) { in tls13_save_handshake_digest_for_pha()
2806 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls13_save_handshake_digest_for_pha()
2807 EVP_MD_CTX_free(s->pha_dgst); in tls13_save_handshake_digest_for_pha()
2808 s->pha_dgst = NULL; in tls13_save_handshake_digest_for_pha()
2819 int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s) in tls13_restore_handshake_digest_for_pha() argument
2821 if (s->pha_dgst == NULL) { in tls13_restore_handshake_digest_for_pha()
2822 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls13_restore_handshake_digest_for_pha()
2825 if (!EVP_MD_CTX_copy_ex(s->s3.handshake_dgst, in tls13_restore_handshake_digest_for_pha()
2826 s->pha_dgst)) { in tls13_restore_handshake_digest_for_pha()
2827 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls13_restore_handshake_digest_for_pha()