Lines Matching refs:ssl
150 #include <openssl/ssl.h>
188 SSL *const ssl = hs->ssl;
191 assert(ssl->handshake_func == ssl3_connect);
192 assert(!ssl->server);
199 ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
209 if (!SSL_is_dtls(ssl) || ssl->d1->send_cookie) {
212 !tls13_advance_key_schedule(hs, ssl->session->master_key,
213 ssl->session->master_key_length) ||
215 !tls13_set_traffic_key(ssl, evp_aead_seal,
232 assert(SSL_is_dtls(ssl));
237 if (ssl->d1->send_cookie) {
238 ssl->method->received_flight(ssl);
249 hs->early_session = ssl->session;
250 SSL_SESSION_up_ref(ssl->session);
266 if (ssl->session != NULL) {
326 ssl->method->received_flight(ssl);
349 if (hs->cert_request && ssl_has_certificate(ssl)) {
359 if (!ssl->method->add_change_cipher_spec(ssl) ||
379 if (ssl->s3->tlsext_channel_id_valid) {
395 if (ssl->session != NULL) {
406 if ((SSL_get_mode(ssl) & SSL_MODE_ENABLE_FALSE_START) &&
407 ssl3_can_false_start(ssl) &&
410 !ssl->s3->initial_handshake_complete) {
436 ret = ssl->method->read_change_cipher_spec(ssl);
453 ssl->method->received_flight(ssl);
455 if (ssl->session != NULL) {
463 ret = ssl->method->flush_flight(ssl);
469 ssl->method->expect_flight(ssl);
490 ssl->method->release_current_message(ssl, 1 /* free_buffer */);
492 SSL_SESSION_free(ssl->s3->established_session);
493 if (ssl->session != NULL) {
494 SSL_SESSION_up_ref(ssl->session);
495 ssl->s3->established_session = ssl->session;
500 ssl->s3->established_session =
502 if (ssl->s3->established_session == NULL) {
507 if (!ssl->s3->initial_handshake_complete) {
508 ssl->s3->established_session->not_resumable = 0;
519 ssl->s3->initial_handshake_complete = 1;
523 ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
534 ssl_do_info_callback(ssl, SSL_CB_CONNECT_LOOP, 1);
539 ssl_do_info_callback(ssl, SSL_CB_CONNECT_EXIT, ret);
543 uint16_t ssl_get_grease_value(const SSL *ssl, enum ssl_grease_index_t index) {
548 uint16_t ret = ssl->s3->client_random[index];
557 static void ssl_get_client_disabled(SSL *ssl, uint32_t *out_mask_a,
563 if (ssl->psk_client_callback == NULL) {
570 SSL *const ssl = hs->ssl;
572 ssl_get_client_disabled(ssl, &mask_a, &mask_k);
580 if (ssl->ctx->grease_enabled &&
581 !CBB_add_u16(&child, ssl_get_grease_value(ssl, ssl_grease_cipher))) {
603 STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl);
632 !ssl->s3->initial_handshake_complete) {
638 if (ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
648 SSL *const ssl = hs->ssl;
651 if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO)) {
656 int has_session_id = ssl->session != NULL &&
657 !ssl->s3->initial_handshake_complete &&
658 ssl->session->session_id_length > 0;
662 !CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
668 if (!CBB_add_bytes(&child, ssl->session->session_id,
669 ssl->session->session_id_length)) {
676 ssl->tls13_variant == tls13_experiment &&
682 if (SSL_is_dtls(ssl)) {
684 !CBB_add_bytes(&child, ssl->d1->cookie, ssl->d1->cookie_len)) {
690 SSL_is_dtls(ssl) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH;
700 if (!ssl->method->finish_message(ssl, cbb.get(), &msg, &len)) {
712 return ssl->method->add_message(ssl, msg, len);
716 SSL *const ssl = hs->ssl;
725 if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
732 if (SSL_is_dtls(hs->ssl)) {
742 if (ssl->session != NULL) {
743 if (ssl->session->is_server ||
744 !ssl_supports_version(hs, ssl->session->ssl_version) ||
745 (ssl->session->session_id_length == 0 &&
746 ssl->session->tlsext_ticklen == 0) ||
747 ssl->session->not_resumable ||
748 !ssl_session_is_time_valid(ssl, ssl->session)) {
749 ssl_set_session(ssl, NULL);
755 if ((!SSL_is_dtls(ssl) || !ssl->d1->send_cookie) &&
756 !RAND_bytes(ssl->s3->client_random, sizeof(ssl->s3->client_random))) {
761 if (ssl->tls13_variant == tls13_experiment) {
776 SSL *const ssl = hs->ssl;
780 int ret = ssl->method->ssl_get_message(ssl);
785 if (ssl->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
786 ssl->d1->send_cookie = 0;
787 ssl->s3->tmp.reuse_message = 1;
791 CBS_init(&hello_verify_request, ssl->init_msg, ssl->init_num);
794 CBS_len(&cookie) > sizeof(ssl->d1->cookie) ||
797 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
801 OPENSSL_memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
802 ssl->d1->cookie_len = CBS_len(&cookie);
804 ssl->d1->send_cookie = 1;
809 SSL *const ssl = hs->ssl;
810 if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_HELLO &&
811 ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) {
812 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
818 CBS_init(&server_hello, ssl->init_msg, ssl->init_num);
821 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
827 if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_HELLO ||
838 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
851 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
866 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
873 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
881 SSL *const ssl = hs->ssl;
882 int ret = ssl->method->ssl_get_message(ssl);
905 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
909 assert(ssl->s3->have_version == ssl->s3->initial_handshake_complete);
910 if (!ssl->s3->have_version) {
911 ssl->version = server_version;
912 /* At this point, the connection's version is known and ssl->version is
914 ssl->s3->have_version = 1;
915 } else if (server_version != ssl->version) {
917 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
921 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
929 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
935 if (!ssl_check_message_type(ssl, SSL3_MT_SERVER_HELLO)) {
942 CBS_init(&server_hello, ssl->init_msg, ssl->init_num);
950 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
955 OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
961 if (!ssl->s3->initial_handshake_complete && ssl->session != NULL &&
962 ssl->session->session_id_length != 0 &&
963 CBS_mem_equal(&session_id, ssl->session->session_id,
964 ssl->session->session_id_length)) {
965 ssl->s3->session_reused = 1;
969 ssl_set_session(ssl, NULL);
971 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
984 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
990 ssl_get_client_disabled(ssl, &mask_a, &mask_k);
992 SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl) ||
993 SSL_CIPHER_get_max_version(c) < ssl3_protocol_version(ssl) ||
994 !sk_SSL_CIPHER_find(SSL_get_ciphers(ssl), NULL, c)) {
996 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1000 if (ssl->session != NULL) {
1001 if (ssl->session->ssl_version != ssl->version) {
1003 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1006 if (ssl->session->cipher != c) {
1008 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1011 if (!ssl_session_is_context_valid(ssl, ssl->session)) {
1015 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1025 if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
1028 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1035 if (ssl->session != NULL ||
1043 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1057 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1061 if (ssl->session != NULL &&
1062 hs->extended_master_secret != ssl->session->extended_master_secret) {
1063 if (ssl->session->extended_master_secret) {
1068 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1076 SSL *const ssl = hs->ssl;
1077 int ret = ssl->method->ssl_get_message(ssl);
1082 if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE) ||
1088 CBS_init(&cbs, ssl->init_msg, ssl->init_num);
1095 &cbs, ssl->ctx->pool);
1097 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1103 !ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
1105 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1112 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1120 SSL *const ssl = hs->ssl;
1121 int ret = ssl->method->ssl_get_message(ssl);
1126 if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE_STATUS) {
1129 ssl->s3->tmp.reuse_message = 1;
1139 CBS_init(&certificate_status, ssl->init_msg, ssl->init_num);
1146 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1153 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1177 SSL *const ssl = hs->ssl;
1178 const SSL_SESSION *prev_session = ssl->s3->established_session;
1184 assert(!ssl->server);
1188 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1202 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1226 if (!ssl->ctx->x509_method->session_verify_cert_chain(hs->new_session, ssl)) {
1234 SSL *const ssl = hs->ssl;
1238 int ret = ssl->method->ssl_get_message(ssl);
1243 if (ssl->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1247 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1251 ssl->s3->tmp.reuse_message = 1;
1261 CBS_init(&server_key_exchange, ssl->init_msg, ssl->init_num);
1274 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1288 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1300 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1315 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1321 if (!tls1_check_group_id(ssl, group_id)) {
1323 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1334 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1348 if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
1351 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1355 if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1356 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1363 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
1372 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1380 !CBB_add_bytes(&transcript, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
1381 !CBB_add_bytes(&transcript, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
1386 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1391 ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm,
1402 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1411 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1424 SSL *const ssl = hs->ssl;
1425 int msg_ret = ssl->method->ssl_get_message(ssl);
1430 if (ssl->s3->tmp.message_type == SSL3_MT_SERVER_HELLO_DONE) {
1431 ssl->s3->tmp.reuse_message = 1;
1438 if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_REQUEST) ||
1444 CBS_init(&cbs, ssl->init_msg, ssl->init_num);
1449 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1456 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1460 if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
1464 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1472 ssl_parse_client_CA_list(ssl, &alert, &cbs);
1474 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1479 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1488 ssl->ctx->x509_method->hs_flush_cached_ca_names(hs);
1493 SSL *const ssl = hs->ssl;
1494 int ret = ssl->method->ssl_get_message(ssl);
1499 if (!ssl_check_message_type(ssl, SSL3_MT_SERVER_HELLO_DONE) ||
1505 if (ssl->init_num > 0) {
1506 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1515 SSL *const ssl = hs->ssl;
1517 if (ssl->cert->cert_cb) {
1518 int ret = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
1520 ssl->rwstate = SSL_X509_LOOKUP;
1525 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1530 if (!ssl_has_certificate(ssl)) {
1535 if (ssl->version == SSL3_VERSION) {
1536 if (!ssl->method->add_alert(ssl, SSL3_AL_WARNING,
1545 !ssl3_output_cert_chain(ssl)) {
1555 SSL *const ssl = hs->ssl;
1558 if (!ssl->method->init_message(ssl, cbb.get(), &body,
1572 if (ssl->psk_client_callback == NULL) {
1580 ssl->psk_client_callback(ssl, hs->peer_psk_identity_hint, identity,
1584 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1630 if (ssl->version > SSL3_VERSION) {
1656 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1679 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1710 if (!ssl_add_message_cbb(ssl, cbb.get())) {
1734 SSL *const ssl = hs->ssl;
1735 assert(ssl_has_private_key(ssl));
1739 if (!ssl->method->init_message(ssl, cbb.get(), &body,
1748 if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
1767 if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
1768 if (ssl->cert->key_method != NULL) {
1781 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(ssl->cert->privatekey, NULL);
1799 ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
1805 !ssl_add_message_cbb(ssl, cbb.get())) {
1815 SSL *const ssl = hs->ssl;
1817 size_t padding_len = 32 - ((ssl->s3->next_proto_negotiated_len + 2) % 32);
1820 if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEXT_PROTO) ||
1822 !CBB_add_bytes(&child, ssl->s3->next_proto_negotiated,
1823 ssl->s3->next_proto_negotiated_len) ||
1826 !ssl_add_message_cbb(ssl, &cbb)) {
1836 SSL *const ssl = hs->ssl;
1837 if (!ssl_do_channel_id_callback(ssl)) {
1841 if (ssl->tlsext_channel_id_private == NULL) {
1842 ssl->rwstate = SSL_CHANNEL_ID_LOOKUP;
1847 if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CHANNEL_ID) ||
1849 !ssl_add_message_cbb(ssl, &cbb)) {
1859 SSL *const ssl = hs->ssl;
1860 int ret = ssl->method->ssl_get_message(ssl);
1865 if (!ssl_check_message_type(ssl, SSL3_MT_NEW_SESSION_TICKET) ||
1872 CBS_init(&new_session_ticket, ssl->init_msg, ssl->init_num);
1876 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1889 int session_renewed = ssl->session != NULL;
1895 session = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
1904 ssl_session_rebase_time(ssl, session);
1923 SSL_SESSION_free(ssl->session);
1924 ssl->session = session;