Lines Matching refs:s
21 static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent);
22 static int init_server_name(SSL_CONNECTION *s, unsigned int context);
23 static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent);
24 static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
26 static int init_session_ticket(SSL_CONNECTION *s, unsigned int context);
28 static int init_status_request(SSL_CONNECTION *s, unsigned int context);
31 static int init_npn(SSL_CONNECTION *s, unsigned int context);
33 static int init_alpn(SSL_CONNECTION *s, unsigned int context);
34 static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent);
35 static int init_sig_algs_cert(SSL_CONNECTION *s, unsigned int context);
36 static int init_sig_algs(SSL_CONNECTION *s, unsigned int context);
39 static int init_certificate_authorities(SSL_CONNECTION *s,
41 static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
46 static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
50 static int init_srp(SSL_CONNECTION *s, unsigned int context);
52 static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context);
53 static int init_etm(SSL_CONNECTION *s, unsigned int context);
54 static int init_ems(SSL_CONNECTION *s, unsigned int context);
55 static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent);
56 static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context);
57 static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent);
59 static int init_srtp(SSL_CONNECTION *s, unsigned int context);
61 static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent);
62 static int final_supported_versions(SSL_CONNECTION *s, unsigned int context,
64 static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent);
65 static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
67 static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context);
68 static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent);
90 int (*init)(SSL_CONNECTION *s, unsigned int context);
92 int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
95 int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
98 EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt,
102 EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt,
110 int (*final)(SSL_CONNECTION *s, unsigned int context, int sent);
446 static int validate_context(SSL_CONNECTION *s, unsigned int extctx, in validate_context() argument
453 if (SSL_CONNECTION_IS_DTLS(s)) { in validate_context()
463 int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, in tls_validate_all_contexts() argument
477 num_exts = builtin_num + s->cert->custext.meths_count; in tls_validate_all_contexts()
488 meth = custom_ext_find(&s->cert->custext, role, thisext->type, in tls_validate_all_contexts()
495 if (!validate_context(s, context, thisctx)) in tls_validate_all_contexts()
508 static int verify_extension(SSL_CONNECTION *s, unsigned int context, in verify_extension() argument
518 if (!validate_context(s, thisext->context, context)) in verify_extension()
539 if (!validate_context(s, meth->context, context)) in verify_extension()
556 int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, in extension_is_relevant() argument
568 is_tls13 = SSL_CONNECTION_IS_TLS13(s); in extension_is_relevant()
570 if ((SSL_CONNECTION_IS_DTLS(s) in extension_is_relevant()
572 || (s->version == SSL3_VERSION in extension_is_relevant()
585 || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) in extension_is_relevant()
586 || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) in extension_is_relevant()
607 int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, in tls_collect_extensions() argument
614 custom_ext_methods *exts = &s->cert->custext; in tls_collect_extensions()
625 custom_ext_init(&s->cert->custext); in tls_collect_extensions()
630 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); in tls_collect_extensions()
642 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_collect_extensions()
650 if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) in tls_collect_extensions()
655 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); in tls_collect_extensions()
680 && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 in tls_collect_extensions()
686 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, in tls_collect_extensions()
695 if (s->ext.debug_cb) in tls_collect_extensions()
696 s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server, in tls_collect_extensions()
699 s->ext.debug_arg); in tls_collect_extensions()
711 && extension_is_relevant(s, thisexd->context, context) in tls_collect_extensions()
712 && !thisexd->init(s, context)) { in tls_collect_extensions()
739 int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, in tls_parse_extension() argument
743 int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_extension()
761 if (!extension_is_relevant(s, extdef->context, context)) in tls_parse_extension()
764 parser = s->server ? extdef->parse_ctos : extdef->parse_stoc; in tls_parse_extension()
767 return parser(s, &currext->data, context, x, chainidx); in tls_parse_extension()
776 return custom_ext_parse(s, context, currext->type, in tls_parse_extension()
789 int tls_parse_all_extensions(SSL_CONNECTION *s, int context, in tls_parse_all_extensions() argument
797 numexts += s->cert->custext.meths_count; in tls_parse_all_extensions()
801 if (!tls_parse_extension(s, i, context, exts, x, chainidx)) { in tls_parse_all_extensions()
815 && !thisexd->final(s, context, exts[i].present)) { in tls_parse_all_extensions()
825 int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, in should_add_extension() argument
833 if (!extension_is_relevant(s, extctx, thisctx) in should_add_extension()
836 && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))) in should_add_extension()
850 int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_extensions() argument
870 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_extensions()
875 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); in tls_construct_extensions()
878 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason); in tls_construct_extensions()
886 custom_ext_init(&s->cert->custext); in tls_construct_extensions()
888 if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) { in tls_construct_extensions()
894 EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt, in tls_construct_extensions()
900 if (!should_add_extension(s, thisexd->context, context, max_version)) in tls_construct_extensions()
903 construct = s->server ? thisexd->construct_stoc in tls_construct_extensions()
909 ret = construct(s, pkt, context, x, chainidx); in tls_construct_extensions()
918 s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; in tls_construct_extensions()
923 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_extensions()
937 static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent) in final_renegotiate() argument
939 if (!s->server) { in final_renegotiate()
944 if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) in final_renegotiate()
945 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) in final_renegotiate()
947 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, in final_renegotiate()
956 if (s->renegotiate in final_renegotiate()
957 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) in final_renegotiate()
959 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, in final_renegotiate()
977 static int init_server_name(SSL_CONNECTION *s, unsigned int context) in init_server_name() argument
979 if (s->server) { in init_server_name()
980 s->servername_done = 0; in init_server_name()
982 OPENSSL_free(s->ext.hostname); in init_server_name()
983 s->ext.hostname = NULL; in init_server_name()
989 static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) in final_server_name() argument
993 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in final_server_name()
994 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in final_server_name()
997 if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { in final_server_name()
998 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1005 else if (s->session_ctx->ext.servername_cb != NULL) in final_server_name()
1006 ret = s->session_ctx->ext.servername_cb(ssl, &altmp, in final_server_name()
1007 s->session_ctx->ext.servername_arg); in final_server_name()
1017 if (s->server) { in final_server_name()
1018 if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) { in final_server_name()
1020 OPENSSL_free(s->session->ext.hostname); in final_server_name()
1021 s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); in final_server_name()
1022 if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) { in final_server_name()
1023 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1034 if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx in final_server_name()
1035 && s->hello_retry_request == SSL_HRR_NONE) { in final_server_name()
1037 ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); in final_server_name()
1045 if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected in final_server_name()
1047 s->ext.ticket_expected = 0; in final_server_name()
1048 if (!s->hit) { in final_server_name()
1057 if (!ssl_generate_session_id(s, ss)) { in final_server_name()
1058 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1062 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
1070 SSLfatal(s, altmp, SSL_R_CALLBACK_FAILED); in final_server_name()
1075 if (!SSL_CONNECTION_IS_TLS13(s)) in final_server_name()
1076 ssl3_send_alert(s, SSL3_AL_WARNING, altmp); in final_server_name()
1077 s->servername_done = 0; in final_server_name()
1081 s->servername_done = 0; in final_server_name()
1089 static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, in final_ec_pt_formats() argument
1094 if (s->server) in final_ec_pt_formats()
1097 alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in final_ec_pt_formats()
1098 alg_a = s->s3.tmp.new_cipher->algorithm_auth; in final_ec_pt_formats()
1105 if (s->ext.ecpointformats != NULL in final_ec_pt_formats()
1106 && s->ext.ecpointformats_len > 0 in final_ec_pt_formats()
1107 && s->ext.peer_ecpointformats != NULL in final_ec_pt_formats()
1108 && s->ext.peer_ecpointformats_len > 0 in final_ec_pt_formats()
1112 unsigned char *list = s->ext.peer_ecpointformats; in final_ec_pt_formats()
1114 for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { in final_ec_pt_formats()
1118 if (i == s->ext.peer_ecpointformats_len) { in final_ec_pt_formats()
1119 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in final_ec_pt_formats()
1128 static int init_session_ticket(SSL_CONNECTION *s, unsigned int context) in init_session_ticket() argument
1130 if (!s->server) in init_session_ticket()
1131 s->ext.ticket_expected = 0; in init_session_ticket()
1137 static int init_status_request(SSL_CONNECTION *s, unsigned int context) in init_status_request() argument
1139 if (s->server) { in init_status_request()
1140 s->ext.status_type = TLSEXT_STATUSTYPE_nothing; in init_status_request()
1146 OPENSSL_free(s->ext.ocsp.resp); in init_status_request()
1147 s->ext.ocsp.resp = NULL; in init_status_request()
1148 s->ext.ocsp.resp_len = 0; in init_status_request()
1156 static int init_npn(SSL_CONNECTION *s, unsigned int context) in init_npn() argument
1158 s->s3.npn_seen = 0; in init_npn()
1164 static int init_alpn(SSL_CONNECTION *s, unsigned int context) in init_alpn() argument
1166 OPENSSL_free(s->s3.alpn_selected); in init_alpn()
1167 s->s3.alpn_selected = NULL; in init_alpn()
1168 s->s3.alpn_selected_len = 0; in init_alpn()
1169 if (s->server) { in init_alpn()
1170 OPENSSL_free(s->s3.alpn_proposed); in init_alpn()
1171 s->s3.alpn_proposed = NULL; in init_alpn()
1172 s->s3.alpn_proposed_len = 0; in init_alpn()
1177 static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent) in final_alpn() argument
1179 if (!s->server && !sent && s->session->ext.alpn_selected != NULL) in final_alpn()
1180 s->ext.early_data_ok = 0; in final_alpn()
1182 if (!s->server || !SSL_CONNECTION_IS_TLS13(s)) in final_alpn()
1194 return tls_handle_alpn(s); in final_alpn()
1197 static int init_sig_algs(SSL_CONNECTION *s, unsigned int context) in init_sig_algs() argument
1200 OPENSSL_free(s->s3.tmp.peer_sigalgs); in init_sig_algs()
1201 s->s3.tmp.peer_sigalgs = NULL; in init_sig_algs()
1202 s->s3.tmp.peer_sigalgslen = 0; in init_sig_algs()
1207 static int init_sig_algs_cert(SSL_CONNECTION *s, in init_sig_algs_cert() argument
1211 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); in init_sig_algs_cert()
1212 s->s3.tmp.peer_cert_sigalgs = NULL; in init_sig_algs_cert()
1213 s->s3.tmp.peer_cert_sigalgslen = 0; in init_sig_algs_cert()
1219 static int init_srp(SSL_CONNECTION *s, unsigned int context) in init_srp() argument
1221 OPENSSL_free(s->srp_ctx.login); in init_srp()
1222 s->srp_ctx.login = NULL; in init_srp()
1228 static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context) in init_ec_point_formats() argument
1230 OPENSSL_free(s->ext.peer_ecpointformats); in init_ec_point_formats()
1231 s->ext.peer_ecpointformats = NULL; in init_ec_point_formats()
1232 s->ext.peer_ecpointformats_len = 0; in init_ec_point_formats()
1237 static int init_etm(SSL_CONNECTION *s, unsigned int context) in init_etm() argument
1239 s->ext.use_etm = 0; in init_etm()
1244 static int init_ems(SSL_CONNECTION *s, unsigned int context) in init_ems() argument
1246 if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { in init_ems()
1247 s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; in init_ems()
1248 s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS; in init_ems()
1254 static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent) in final_ems() argument
1260 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) in final_ems()
1261 && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) { in final_ems()
1262 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); in final_ems()
1265 if (!s->server && s->hit) { in final_ems()
1270 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != in final_ems()
1271 !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { in final_ems()
1272 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); in final_ems()
1280 static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context) in init_certificate_authorities() argument
1282 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); in init_certificate_authorities()
1283 s->s3.tmp.peer_ca_names = NULL; in init_certificate_authorities()
1287 static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, in tls_construct_certificate_authorities() argument
1293 const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); in tls_construct_certificate_authorities()
1300 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_certificate_authorities()
1304 if (!construct_ca_names(s, ca_sk, pkt)) { in tls_construct_certificate_authorities()
1310 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_certificate_authorities()
1317 static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt, in tls_parse_certificate_authorities() argument
1321 if (!parse_ca_names(s, pkt)) in tls_parse_certificate_authorities()
1324 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_certificate_authorities()
1331 static int init_srtp(SSL_CONNECTION *s, unsigned int context) in init_srtp() argument
1333 if (s->server) in init_srtp()
1334 s->srtp_profile = NULL; in init_srtp()
1340 static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent) in final_sig_algs() argument
1342 if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) { in final_sig_algs()
1343 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_sig_algs()
1351 static int final_supported_versions(SSL_CONNECTION *s, unsigned int context, in final_supported_versions() argument
1355 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_supported_versions()
1363 static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) in final_key_share() argument
1366 if (!SSL_CONNECTION_IS_TLS13(s)) in final_key_share()
1384 if (!s->server in final_key_share()
1386 if ((s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { in final_key_share()
1387 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_SUITABLE_KEY_SHARE); in final_key_share()
1390 if (!s->hit) { in final_key_share()
1391 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE); in final_key_share()
1429 if (s->server) { in final_key_share()
1430 if (s->s3.peer_tmp != NULL) { in final_key_share()
1432 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 in final_key_share()
1433 && !s->ext.cookieok) { in final_key_share()
1434 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { in final_key_share()
1440 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1443 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1448 if (s->hello_retry_request == SSL_HRR_NONE && sent in final_key_share()
1449 && (!s->hit in final_key_share()
1450 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) in final_key_share()
1459 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); in final_key_share()
1460 tls1_get_supported_groups(s, &pgroups, &num_groups); in final_key_share()
1468 if (check_in_list(s, group_id, clntgroups, clnt_num_groups, in final_key_share()
1470 && tls_group_allowed(s, group_id, in final_key_share()
1472 && tls_valid_group(s, group_id, TLS1_3_VERSION, in final_key_share()
1479 s->s3.group_id = group_id; in final_key_share()
1480 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1484 if (!s->hit in final_key_share()
1485 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { in final_key_share()
1487 SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE in final_key_share()
1493 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 in final_key_share()
1494 && !s->ext.cookieok) { in final_key_share()
1495 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { in final_key_share()
1501 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1504 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1513 if (s->hello_retry_request == SSL_HRR_PENDING) in final_key_share()
1514 s->hello_retry_request = SSL_HRR_COMPLETE; in final_key_share()
1521 if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) { in final_key_share()
1522 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1530 static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context) in init_psk_kex_modes() argument
1532 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; in init_psk_kex_modes()
1536 int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, in tls_psk_do_binder() argument
1556 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in tls_psk_do_binder()
1560 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1566 && s->early_data_state == SSL_EARLY_DATA_CONNECTING in tls_psk_do_binder()
1567 && s->session->ext.max_early_data == 0 in tls_psk_do_binder()
1587 if (s->server || !external || usepskfored) in tls_psk_do_binder()
1588 early_secret = (unsigned char *)s->early_secret; in tls_psk_do_binder()
1592 if (!tls13_generate_secret(s, md, NULL, sess->master_key, in tls_psk_do_binder()
1606 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1611 if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, in tls_psk_do_binder()
1618 if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) { in tls_psk_do_binder()
1624 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1633 if (s->hello_retry_request == SSL_HRR_PENDING) { in tls_psk_do_binder()
1639 BIO_get_mem_data(s->s3.handshake_buffer, &hdata); in tls_psk_do_binder()
1641 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); in tls_psk_do_binder()
1649 if (s->server) { in tls_psk_do_binder()
1658 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1665 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1672 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1680 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1693 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1703 SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY); in tls_psk_do_binder()
1715 static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) in final_early_data() argument
1720 if (!s->server) { in final_early_data()
1723 && !s->ext.early_data_ok) { in final_early_data()
1729 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EARLY_DATA); in final_early_data()
1736 if (s->max_early_data == 0 in final_early_data()
1737 || !s->hit in final_early_data()
1738 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING in final_early_data()
1739 || !s->ext.early_data_ok in final_early_data()
1740 || s->hello_retry_request != SSL_HRR_NONE in final_early_data()
1741 || (s->allow_early_data_cb != NULL in final_early_data()
1742 && !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s), in final_early_data()
1743 s->allow_early_data_cb_data))) { in final_early_data()
1744 s->ext.early_data = SSL_EARLY_DATA_REJECTED; in final_early_data()
1746 s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; in final_early_data()
1748 if (!tls13_change_cipher_state(s, in final_early_data()
1758 static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, in final_maxfragmentlen() argument
1762 if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED) in final_maxfragmentlen()
1763 s->session->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_DISABLED; in final_maxfragmentlen()
1765 if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) { in final_maxfragmentlen()
1766 s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl, in final_maxfragmentlen()
1767 GET_MAX_FRAGMENT_LENGTH(s->session)); in final_maxfragmentlen()
1768 s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl, in final_maxfragmentlen()
1769 ssl_get_max_send_fragment(s)); in final_maxfragmentlen()
1775 static int init_post_handshake_auth(SSL_CONNECTION *s, in init_post_handshake_auth() argument
1778 s->post_handshake_auth = SSL_PHA_NONE; in init_post_handshake_auth()
1787 static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent) in final_psk() argument
1789 if (s->server && sent && s->clienthello != NULL in final_psk()
1790 && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { in final_psk()
1791 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_psk()
