Lines Matching refs:s3
935 unsigned long cid = s->s3.tmp.new_cipher->id; in tls1_shared_group()
1199 if (tls1_suiteb(s) && s->s3.tmp.new_cipher != NULL) { in tls1_check_group_id()
1200 unsigned long cid = s->s3.tmp.new_cipher->id; in tls1_check_group_id()
1816 if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) { in tls1_get_legacy_sigalg()
1825 if (idx == SSL_PKEY_GOST01 && s->s3.tmp.new_cipher->algorithm_auth != SSL_aGOST01) { in tls1_get_legacy_sigalg()
1884 s->s3.tmp.peer_sigalg = lu; in tls1_set_peer_legacy_sigalg()
2135 s->s3.tmp.peer_sigalg = lu; in tls12_check_peer_sigalg()
2146 if (sc->s3.tmp.peer_sigalg == NULL) in SSL_get_peer_signature_type_nid()
2148 *pnid = sc->s3.tmp.peer_sigalg->sig; in SSL_get_peer_signature_type_nid()
2159 if (sc->s3.tmp.sigalg == NULL) in SSL_get_signature_type_nid()
2161 *pnid = sc->s3.tmp.sigalg->sig; in SSL_get_signature_type_nid()
2177 s->s3.tmp.mask_a = 0; in ssl_set_client_disabled()
2178 s->s3.tmp.mask_k = 0; in ssl_set_client_disabled()
2179 ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); in ssl_set_client_disabled()
2180 if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver, in ssl_set_client_disabled()
2181 &s->s3.tmp.max_ver, NULL) != 0) in ssl_set_client_disabled()
2186 s->s3.tmp.mask_a |= SSL_aPSK; in ssl_set_client_disabled()
2187 s->s3.tmp.mask_k |= SSL_PSK; in ssl_set_client_disabled()
2192 s->s3.tmp.mask_a |= SSL_aSRP; in ssl_set_client_disabled()
2193 s->s3.tmp.mask_k |= SSL_kSRP; in ssl_set_client_disabled()
2214 if (c->algorithm_mkey & s->s3.tmp.mask_k in ssl_cipher_disabled()
2215 || c->algorithm_auth & s->s3.tmp.mask_a) in ssl_cipher_disabled()
2217 if (s->s3.tmp.max_ver == 0) in ssl_cipher_disabled()
2240 if (ssl_version_cmp(s, minversion, s->s3.tmp.max_ver) > 0 in ssl_cipher_disabled()
2241 || ssl_version_cmp(s, maxversion, s->s3.tmp.min_ver) < 0) in ssl_cipher_disabled()
2264 if (s->s3.tmp.valid_flags) in tls1_set_server_sigalgs()
2265 memset(s->s3.tmp.valid_flags, 0, s->ssl_pkey_num * sizeof(uint32_t)); in tls1_set_server_sigalgs()
2267 s->s3.tmp.valid_flags = OPENSSL_zalloc(s->ssl_pkey_num * sizeof(uint32_t)); in tls1_set_server_sigalgs()
2268 if (s->s3.tmp.valid_flags == NULL) in tls1_set_server_sigalgs()
2274 if (s->s3.tmp.peer_cert_sigalgs == NULL in tls1_set_server_sigalgs()
2275 && s->s3.tmp.peer_sigalgs == NULL) { in tls1_set_server_sigalgs()
2288 s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; in tls1_set_server_sigalgs()
2655 && s->s3.tmp.min_ver >= TLS1_3_VERSION in tls12_sigalg_allowed()
2673 && s->s3.tmp.max_ver >= TLS1_3_VERSION) { in tls12_sigalg_allowed()
2683 if (s->s3.tmp.min_ver >= TLS1_3_VERSION) in tls12_sigalg_allowed()
2828 allow = s->s3.tmp.peer_sigalgs; in tls1_set_shared_sigalgs()
2829 allowlen = s->s3.tmp.peer_sigalgslen; in tls1_set_shared_sigalgs()
2833 pref = s->s3.tmp.peer_sigalgs; in tls1_set_shared_sigalgs()
2834 preflen = s->s3.tmp.peer_sigalgslen; in tls1_set_shared_sigalgs()
2890 return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs, in tls1_save_sigalgs()
2891 &s->s3.tmp.peer_cert_sigalgslen); in tls1_save_sigalgs()
2893 return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs, in tls1_save_sigalgs()
2894 &s->s3.tmp.peer_sigalgslen); in tls1_save_sigalgs()
2903 uint32_t *pvalid = s->s3.tmp.valid_flags; in tls1_process_sigalgs()
2937 psig = sc->s3.tmp.peer_sigalgs; in SSL_get_sigalgs()
2938 numsigalgs = sc->s3.tmp.peer_sigalgslen; in SSL_get_sigalgs()
3218 if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) { in tls1_check_sig_alg()
3224 sigalgslen = s->s3.tmp.peer_cert_sigalgslen; in tls1_check_sig_alg()
3231 ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) in tls1_check_sig_alg()
3293 pvalid = s->s3.tmp.valid_flags + idx; in tls1_check_chain()
3317 pvalid = s->s3.tmp.valid_flags + idx; in tls1_check_chain()
3346 if (s->s3.tmp.peer_cert_sigalgs != NULL in tls1_check_chain()
3347 || s->s3.tmp.peer_sigalgs != NULL) { in tls1_check_chain()
3468 const uint8_t *ctypes = s->s3.tmp.ctype; in tls1_check_chain()
3471 for (j = 0; j < s->s3.tmp.ctype_len; j++, ctypes++) { in tls1_check_chain()
3483 ca_dn = s->s3.tmp.peer_ca_names; in tls1_check_chain()
3566 if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { in ssl_get_auto_dh()
3567 if (s->s3.tmp.new_cipher->strength_bits == 256) in ssl_get_auto_dh()
3572 if (s->s3.tmp.cert == NULL) in ssl_get_auto_dh()
3574 dh_secbits = EVP_PKEY_get_security_bits(s->s3.tmp.cert->privatekey); in ssl_get_auto_dh()
3725 || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 in tls12_get_cert_sigalg_idx()
3727 && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) in tls12_get_cert_sigalg_idx()
3732 return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_RPK ? sig_idx : -1; in tls12_get_cert_sigalg_idx()
3734 return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; in tls12_get_cert_sigalg_idx()
3768 if (s->s3.tmp.peer_cert_sigalgs != NULL) { in check_cert_usable()
3771 for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) { in check_cert_usable()
3772 lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]); in check_cert_usable()
3902 s->s3.tmp.cert = NULL; in tls_choose_sigalg()
3903 s->s3.tmp.sigalg = NULL; in tls_choose_sigalg()
3916 if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) in tls_choose_sigalg()
3923 if (s->s3.tmp.peer_sigalgs != NULL) { in tls_choose_sigalg()
3969 && (s->s3.tmp.new_cipher->algorithm_auth in tls_choose_sigalg()
4032 s->s3.tmp.cert = &s->cert->pkeys[sig_idx]; in tls_choose_sigalg()
4033 s->cert->key = s->s3.tmp.cert; in tls_choose_sigalg()
4034 s->s3.tmp.sigalg = lu; in tls_choose_sigalg()
