42 static ossl_inline int received_server_cert(SSL_CONNECTION *sc)  in received_server_cert()  argument
44     return sc->session->peer_rpk != NULL || sc->session->peer != NULL;  in received_server_cert()
428 static int do_compressed_cert(SSL_CONNECTION *sc)  in do_compressed_cert()  argument
431     return sc->ext.client_cert_type == TLSEXT_cert_type_x509  in do_compressed_cert()
432         && sc->ext.compress_certificate_from_peer[0] != TLSEXT_comp_cert_none;  in do_compressed_cert()
1888 MSG_PROCESS_RETURN tls_process_server_rpk(SSL_CONNECTION *sc, PACKET *pkt)  in tls_process_server_rpk()  argument
1892     if (!tls_process_rpk(sc, pkt, &peer_rpk)) {  in tls_process_server_rpk()
1898         SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_CERTIFICATE);  in tls_process_server_rpk()
1902     EVP_PKEY_free(sc->session->peer_rpk);  in tls_process_server_rpk()
1903     sc->session->peer_rpk = peer_rpk;  in tls_process_server_rpk()
1908 static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc,  in tls_post_process_server_rpk()  argument
1914     if (sc->session->peer_rpk == NULL) {  in tls_post_process_server_rpk()
1915         SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER,  in tls_post_process_server_rpk()
1920     if (sc->rwstate == SSL_RETRY_VERIFY)  in tls_post_process_server_rpk()
1921         sc->rwstate = SSL_NOTHING;  in tls_post_process_server_rpk()
1922     if (ssl_verify_rpk(sc, sc->session->peer_rpk) > 0  in tls_post_process_server_rpk()
1923             && sc->rwstate == SSL_RETRY_VERIFY)  in tls_post_process_server_rpk()
1926     if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx,  in tls_post_process_server_rpk()
1927                                        SSL_CONNECTION_GET_CTX(sc))) == NULL) {  in tls_post_process_server_rpk()
1928         SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_CERTIFICATE_TYPE);  in tls_post_process_server_rpk()
1937     if (!SSL_CONNECTION_IS_TLS13(sc)) {  in tls_post_process_server_rpk()
1938         if ((clu->amask & sc->s3.tmp.new_cipher->algorithm_auth) == 0) {  in tls_post_process_server_rpk()
1939             SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_RPK_TYPE);  in tls_post_process_server_rpk()
1945     X509_free(sc->session->peer);  in tls_post_process_server_rpk()
1946     sc->session->peer = NULL;  in tls_post_process_server_rpk()
1947     sk_X509_pop_free(sc->session->peer_chain, X509_free);  in tls_post_process_server_rpk()
1948     sc->session->peer_chain = NULL;  in tls_post_process_server_rpk()
1949     sc->session->verify_result = sc->verify_result;  in tls_post_process_server_rpk()
1952     if (SSL_CONNECTION_IS_TLS13(sc)  in tls_post_process_server_rpk()
1953             && !ssl_handshake_hash(sc, sc->cert_verify_hash,  in tls_post_process_server_rpk()
1954                                    sizeof(sc->cert_verify_hash),  in tls_post_process_server_rpk()
1955                                    &sc->cert_verify_hash_len)) {  in tls_post_process_server_rpk()
2150 MSG_PROCESS_RETURN tls_process_server_compressed_certificate(SSL_CONNECTION *sc, PACKET *pkt)  in tls_process_server_compressed_certificate()  argument
2156     if (tls13_process_compressed_certificate(sc, pkt, &tmppkt, buf) != MSG_PROCESS_ERROR)  in tls_process_server_compressed_certificate()
2157         ret = tls_process_server_certificate(sc, &tmppkt);  in tls_process_server_compressed_certificate()
3817 CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc,  in tls_construct_client_compressed_certificate()  argument
3820     SSL *ssl = SSL_CONNECTION_GET_SSL(sc);  in tls_construct_client_compressed_certificate()
3829     int alg = sc->ext.compress_certificate_from_peer[0];  in tls_construct_client_compressed_certificate()
3837     if (sc->pha_context == NULL) {  in tls_construct_client_compressed_certificate()
3841     } else if (!WPACKET_sub_memcpy_u8(&tmppkt, sc->pha_context, sc->pha_context_len))  in tls_construct_client_compressed_certificate()
3844     if (!ssl3_output_cert_chain(sc, &tmppkt, sc->cert->key, 0)) {  in tls_construct_client_compressed_certificate()
3889     if (SSL_IS_FIRST_HANDSHAKE(sc)  in tls_construct_client_compressed_certificate()
3890             && (sc->early_data_state != SSL_EARLY_DATA_NONE  in tls_construct_client_compressed_certificate()
3891                 || (sc->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)  in tls_construct_client_compressed_certificate()
3892             && (!ssl->method->ssl3_enc->change_cipher_state(sc,  in tls_construct_client_compressed_certificate()
3898         SSLfatal(sc, SSL_AD_NO_ALERT, SSL_R_CANNOT_CHANGE_CIPHER);  in tls_construct_client_compressed_certificate()
3905     SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls_construct_client_compressed_certificate()

Last Index update Mon Nov 25 14:07:27 UTC 2024

Dedicated to & Maintained by Room-11