Lines Matching refs:s3
664 unsigned long cid = s->s3.tmp.new_cipher->id; in tls1_shared_group()
845 if (tls1_suiteb(s) && s->s3.tmp.new_cipher != NULL) { in tls1_check_group_id()
846 unsigned long cid = s->s3.tmp.new_cipher->id; in tls1_check_group_id()
1351 if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) { in tls1_get_legacy_sigalg()
1360 if (idx == SSL_PKEY_GOST01 && s->s3.tmp.new_cipher->algorithm_auth != SSL_aGOST01) { in tls1_get_legacy_sigalg()
1418 s->s3.tmp.peer_sigalg = lu; in tls1_set_peer_legacy_sigalg()
1651 s->s3.tmp.peer_sigalg = lu; in tls12_check_peer_sigalg()
1662 if (sc->s3.tmp.peer_sigalg == NULL) in SSL_get_peer_signature_type_nid()
1664 *pnid = sc->s3.tmp.peer_sigalg->sig; in SSL_get_peer_signature_type_nid()
1675 if (sc->s3.tmp.sigalg == NULL) in SSL_get_signature_type_nid()
1677 *pnid = sc->s3.tmp.sigalg->sig; in SSL_get_signature_type_nid()
1693 s->s3.tmp.mask_a = 0; in ssl_set_client_disabled()
1694 s->s3.tmp.mask_k = 0; in ssl_set_client_disabled()
1695 ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); in ssl_set_client_disabled()
1696 if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver, in ssl_set_client_disabled()
1697 &s->s3.tmp.max_ver, NULL) != 0) in ssl_set_client_disabled()
1702 s->s3.tmp.mask_a |= SSL_aPSK; in ssl_set_client_disabled()
1703 s->s3.tmp.mask_k |= SSL_PSK; in ssl_set_client_disabled()
1708 s->s3.tmp.mask_a |= SSL_aSRP; in ssl_set_client_disabled()
1709 s->s3.tmp.mask_k |= SSL_kSRP; in ssl_set_client_disabled()
1727 if (c->algorithm_mkey & s->s3.tmp.mask_k in ssl_cipher_disabled()
1728 || c->algorithm_auth & s->s3.tmp.mask_a) in ssl_cipher_disabled()
1730 if (s->s3.tmp.max_ver == 0) in ssl_cipher_disabled()
1743 if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) in ssl_cipher_disabled()
1747 && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) in ssl_cipher_disabled()
1748 || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) in ssl_cipher_disabled()
1771 s->s3.tmp.valid_flags[i] = 0; in tls1_set_server_sigalgs()
1776 if (s->s3.tmp.peer_cert_sigalgs == NULL in tls1_set_server_sigalgs()
1777 && s->s3.tmp.peer_sigalgs == NULL) { in tls1_set_server_sigalgs()
1790 s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; in tls1_set_server_sigalgs()
2156 && s->s3.tmp.min_ver >= TLS1_3_VERSION in tls12_sigalg_allowed()
2174 && s->s3.tmp.max_ver >= TLS1_3_VERSION) { in tls12_sigalg_allowed()
2184 if (s->s3.tmp.min_ver >= TLS1_3_VERSION) in tls12_sigalg_allowed()
2328 allow = s->s3.tmp.peer_sigalgs; in tls1_set_shared_sigalgs()
2329 allowlen = s->s3.tmp.peer_sigalgslen; in tls1_set_shared_sigalgs()
2333 pref = s->s3.tmp.peer_sigalgs; in tls1_set_shared_sigalgs()
2334 preflen = s->s3.tmp.peer_sigalgslen; in tls1_set_shared_sigalgs()
2394 return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs, in tls1_save_sigalgs()
2395 &s->s3.tmp.peer_cert_sigalgslen); in tls1_save_sigalgs()
2397 return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs, in tls1_save_sigalgs()
2398 &s->s3.tmp.peer_sigalgslen); in tls1_save_sigalgs()
2407 uint32_t *pvalid = s->s3.tmp.valid_flags; in tls1_process_sigalgs()
2441 psig = sc->s3.tmp.peer_sigalgs; in SSL_get_sigalgs()
2442 numsigalgs = sc->s3.tmp.peer_sigalgslen; in SSL_get_sigalgs()
2687 if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) { in tls1_check_sig_alg()
2693 sigalgslen = s->s3.tmp.peer_cert_sigalgslen; in tls1_check_sig_alg()
2700 ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) in tls1_check_sig_alg()
2756 pvalid = s->s3.tmp.valid_flags + idx; in tls1_check_chain()
2773 pvalid = s->s3.tmp.valid_flags + idx; in tls1_check_chain()
2802 if (s->s3.tmp.peer_cert_sigalgs != NULL in tls1_check_chain()
2803 || s->s3.tmp.peer_sigalgs != NULL) { in tls1_check_chain()
2924 const uint8_t *ctypes = s->s3.tmp.ctype; in tls1_check_chain()
2927 for (j = 0; j < s->s3.tmp.ctype_len; j++, ctypes++) { in tls1_check_chain()
2939 ca_dn = s->s3.tmp.peer_ca_names; in tls1_check_chain()
3022 if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { in ssl_get_auto_dh()
3023 if (s->s3.tmp.new_cipher->strength_bits == 256) in ssl_get_auto_dh()
3028 if (s->s3.tmp.cert == NULL) in ssl_get_auto_dh()
3030 dh_secbits = EVP_PKEY_get_security_bits(s->s3.tmp.cert->privatekey); in ssl_get_auto_dh()
3180 || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 in tls12_get_cert_sigalg_idx()
3182 && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) in tls12_get_cert_sigalg_idx()
3185 return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; in tls12_get_cert_sigalg_idx()
3219 if (s->s3.tmp.peer_cert_sigalgs != NULL) { in check_cert_usable()
3222 for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) { in check_cert_usable()
3223 lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]); in check_cert_usable()
3353 s->s3.tmp.cert = NULL; in tls_choose_sigalg()
3354 s->s3.tmp.sigalg = NULL; in tls_choose_sigalg()
3367 if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) in tls_choose_sigalg()
3374 if (s->s3.tmp.peer_sigalgs != NULL) { in tls_choose_sigalg()
3420 && (s->s3.tmp.new_cipher->algorithm_auth in tls_choose_sigalg()
3483 s->s3.tmp.cert = &s->cert->pkeys[sig_idx]; in tls_choose_sigalg()
3484 s->cert->key = s->s3.tmp.cert; in tls_choose_sigalg()
3485 s->s3.tmp.sigalg = lu; in tls_choose_sigalg()
