Lines Matching defs:s
22 static int final_renegotiate(SSL *s, unsigned int context, int sent);
23 static int init_server_name(SSL *s, unsigned int context);
24 static int final_server_name(SSL *s, unsigned int context, int sent);
25 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
26 static int init_session_ticket(SSL *s, unsigned int context);
28 static int init_status_request(SSL *s, unsigned int context);
31 static int init_npn(SSL *s, unsigned int context);
33 static int init_alpn(SSL *s, unsigned int context);
34 static int final_alpn(SSL *s, unsigned int context, int sent);
35 static int init_sig_algs_cert(SSL *s, unsigned int context);
36 static int init_sig_algs(SSL *s, unsigned int context);
37 static int init_certificate_authorities(SSL *s, unsigned int context);
38 static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
42 static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
46 static int init_srp(SSL *s, unsigned int context);
48 static int init_ec_point_formats(SSL *s, unsigned int context);
49 static int init_etm(SSL *s, unsigned int context);
50 static int init_ems(SSL *s, unsigned int context);
51 static int final_ems(SSL *s, unsigned int context, int sent);
52 static int init_psk_kex_modes(SSL *s, unsigned int context);
53 static int final_key_share(SSL *s, unsigned int context, int sent);
55 static int init_srtp(SSL *s, unsigned int context);
57 static int final_sig_algs(SSL *s, unsigned int context, int sent);
58 static int final_early_data(SSL *s, unsigned int context, int sent);
59 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
60 static int init_post_handshake_auth(SSL *s, unsigned int context);
61 static int final_psk(SSL *s, unsigned int context, int sent);
76 int (*init)(SSL *s, unsigned int context);
78 int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
81 int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
84 EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,
87 EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,
94 int (*final)(SSL *s, unsigned int context, int sent);
191 * processing on the server's group list -- this is just a minimal
402 /* Check whether an extension's context matches the current context */
403 static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
409 if (SSL_IS_DTLS(s)) {
419 int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
432 num_exts = builtin_num + s->cert->custext.meths_count;
443 meth = custom_ext_find(&s->cert->custext, role, thisext->type,
450 if (!validate_context(s, context, thisctx))
463 static int verify_extension(SSL *s, unsigned int context, unsigned int type,
473 if (!validate_context(s, thisext->context, context))
494 if (!validate_context(s, meth->context, context))
511 int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
522 is_tls13 = SSL_IS_TLS13(s);
524 if ((SSL_IS_DTLS(s)
526 || (s->version == SSL3_VERSION
539 || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
540 || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
561 int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
567 custom_ext_methods *exts = &s->cert->custext;
578 custom_ext_init(&s->cert->custext);
583 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
595 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
603 if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)
608 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION);
633 && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
639 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
648 if (s->ext.debug_cb)
649 s->ext.debug_cb(s, !s->server, thisex->type,
652 s->ext.debug_arg);
664 && extension_is_relevant(s, thisexd->context, context)
665 && !thisexd->init(s, context)) {
692 int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
696 int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
714 if (!extension_is_relevant(s, extdef->context, context))
717 parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;
720 return parser(s, &currext->data, context, x, chainidx);
729 return custom_ext_parse(s, context, currext->type,
742 int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
749 numexts += s->cert->custext.meths_count;
753 if (!tls_parse_extension(s, i, context, exts, x, chainidx)) {
767 && !thisexd->final(s, context, exts[i].present)) {
777 int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
785 if (!extension_is_relevant(s, extctx, thisctx)
788 && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
802 int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
819 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
824 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
826 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason);
834 custom_ext_init(&s->cert->custext);
836 if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) {
842 EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context,
847 if (!should_add_extension(s, thisexd->context, context, max_version))
850 construct = s->server ? thisexd->construct_stoc
856 ret = construct(s, pkt, context, x, chainidx);
865 s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;
869 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
883 static int final_renegotiate(SSL *s, unsigned int context, int sent)
885 if (!s->server) {
890 if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
891 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
893 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
902 if (s->renegotiate
903 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
905 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
923 static int init_server_name(SSL *s, unsigned int context)
925 if (s->server) {
926 s->servername_done = 0;
928 OPENSSL_free(s->ext.hostname);
929 s->ext.hostname = NULL;
935 static int final_server_name(SSL *s, unsigned int context, int sent)
939 int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0;
941 if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
942 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
946 if (s->ctx->ext.servername_cb != NULL)
947 ret = s->ctx->ext.servername_cb(s, &altmp,
948 s->ctx->ext.servername_arg);
949 else if (s->session_ctx->ext.servername_cb != NULL)
950 ret = s->session_ctx->ext.servername_cb(s, &altmp,
951 s->session_ctx->ext.servername_arg);
957 * Clients make this copy when parsing the server's response to
961 if (s->server) {
962 if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) {
964 OPENSSL_free(s->session->ext.hostname);
965 s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
966 if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) {
967 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
978 if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
979 && s->hello_retry_request == SSL_HRR_NONE) {
980 ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept);
981 ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept);
989 if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
990 && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) {
991 s->ext.ticket_expected = 0;
992 if (!s->hit) {
993 SSL_SESSION* ss = SSL_get_session(s);
1001 if (!ssl_generate_session_id(s, ss)) {
1002 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1006 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1014 SSLfatal(s, altmp, SSL_R_CALLBACK_FAILED);
1019 if (!SSL_IS_TLS13(s))
1020 ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
1021 s->servername_done = 0;
1025 s->servername_done = 0;
1033 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
1037 if (s->server)
1040 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
1041 alg_a = s->s3.tmp.new_cipher->algorithm_auth;
1048 if (s->ext.ecpointformats != NULL
1049 && s->ext.ecpointformats_len > 0
1050 && s->ext.peer_ecpointformats != NULL
1051 && s->ext.peer_ecpointformats_len > 0
1055 unsigned char *list = s->ext.peer_ecpointformats;
1057 for (i = 0; i < s->ext.peer_ecpointformats_len; i++) {
1061 if (i == s->ext.peer_ecpointformats_len) {
1062 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
1071 static int init_session_ticket(SSL *s, unsigned int context)
1073 if (!s->server)
1074 s->ext.ticket_expected = 0;
1080 static int init_status_request(SSL *s, unsigned int context)
1082 if (s->server) {
1083 s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
1089 OPENSSL_free(s->ext.ocsp.resp);
1090 s->ext.ocsp.resp = NULL;
1091 s->ext.ocsp.resp_len = 0;
1099 static int init_npn(SSL *s, unsigned int context)
1101 s->s3.npn_seen = 0;
1107 static int init_alpn(SSL *s, unsigned int context)
1109 OPENSSL_free(s->s3.alpn_selected);
1110 s->s3.alpn_selected = NULL;
1111 s->s3.alpn_selected_len = 0;
1112 if (s->server) {
1113 OPENSSL_free(s->s3.alpn_proposed);
1114 s->s3.alpn_proposed = NULL;
1115 s->s3.alpn_proposed_len = 0;
1120 static int final_alpn(SSL *s, unsigned int context, int sent)
1122 if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
1123 s->ext.early_data_ok = 0;
1125 if (!s->server || !SSL_IS_TLS13(s))
1137 return tls_handle_alpn(s);
1140 static int init_sig_algs(SSL *s, unsigned int context)
1143 OPENSSL_free(s->s3.tmp.peer_sigalgs);
1144 s->s3.tmp.peer_sigalgs = NULL;
1145 s->s3.tmp.peer_sigalgslen = 0;
1150 static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context)
1153 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
1154 s->s3.tmp.peer_cert_sigalgs = NULL;
1155 s->s3.tmp.peer_cert_sigalgslen = 0;
1161 static int init_srp(SSL *s, unsigned int context)
1163 OPENSSL_free(s->srp_ctx.login);
1164 s->srp_ctx.login = NULL;
1170 static int init_ec_point_formats(SSL *s, unsigned int context)
1172 OPENSSL_free(s->ext.peer_ecpointformats);
1173 s->ext.peer_ecpointformats = NULL;
1174 s->ext.peer_ecpointformats_len = 0;
1179 static int init_etm(SSL *s, unsigned int context)
1181 s->ext.use_etm = 0;
1186 static int init_ems(SSL *s, unsigned int context)
1188 if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
1189 s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
1190 s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS;
1196 static int final_ems(SSL *s, unsigned int context, int sent)
1202 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
1203 && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
1204 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
1207 if (!s->server && s->hit) {
1212 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
1213 !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
1214 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
1222 static int init_certificate_authorities(SSL *s, unsigned int context)
1224 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
1225 s->s3.tmp.peer_ca_names = NULL;
1229 static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
1234 const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s);
1241 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1245 if (!construct_ca_names(s, ca_sk, pkt)) {
1251 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1258 static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
1262 if (!parse_ca_names(s, pkt))
1265 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
1272 static int init_srtp(SSL *s, unsigned int context)
1274 if (s->server)
1275 s->srtp_profile = NULL;
1281 static int final_sig_algs(SSL *s, unsigned int context, int sent)
1283 if (!sent && SSL_IS_TLS13(s) && !s->hit) {
1284 SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
1292 static int final_key_share(SSL *s, unsigned int context, int sent)
1295 if (!SSL_IS_TLS13(s))
1313 if (!s->server
1315 && (!s->hit
1316 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {
1318 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE);
1355 if (s->server) {
1356 if (s->s3.peer_tmp != NULL) {
1358 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0
1359 && !s->ext.cookieok) {
1360 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
1366 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1369 s->hello_retry_request = SSL_HRR_PENDING;
1374 if (s->hello_retry_request == SSL_HRR_NONE && sent
1375 && (!s->hit
1376 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
1385 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
1386 tls1_get_supported_groups(s, &pgroups, &num_groups);
1389 * Find the first group we allow that is also in client's list
1394 if (check_in_list(s, group_id, clntgroups, clnt_num_groups,
1396 && tls_group_allowed(s, group_id,
1398 && tls_valid_group(s, group_id, TLS1_3_VERSION,
1405 s->s3.group_id = group_id;
1406 s->hello_retry_request = SSL_HRR_PENDING;
1410 if (!s->hit
1411 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
1413 SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE
1419 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0
1420 && !s->ext.cookieok) {
1421 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
1427 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1430 s->hello_retry_request = SSL_HRR_PENDING;
1439 if (s->hello_retry_request == SSL_HRR_PENDING)
1440 s->hello_retry_request = SSL_HRR_COMPLETE;
1447 if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) {
1448 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1456 static int init_psk_kex_modes(SSL *s, unsigned int context)
1458 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;
1462 int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
1487 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1493 && s->early_data_state == SSL_EARLY_DATA_CONNECTING
1494 && s->session->ext.max_early_data == 0
1514 if (s->server || !external || usepskfored)
1515 early_secret = (unsigned char *)s->early_secret;
1519 if (!tls13_generate_secret(s, md, NULL, sess->master_key,
1533 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1538 if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
1545 if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) {
1551 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1560 if (s->hello_retry_request == SSL_HRR_PENDING) {
1566 BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
1568 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH);
1576 if (s->server) {
1585 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1592 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1599 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1603 mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
1604 s->ctx->propq, finishedkey,
1607 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1615 if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx,
1616 s->ctx->propq, mackey, NULL) <= 0
1620 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
1630 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY);
1642 static int final_early_data(SSL *s, unsigned int context, int sent)
1647 if (!s->server) {
1650 && !s->ext.early_data_ok) {
1656 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EARLY_DATA);
1663 if (s->max_early_data == 0
1664 || !s->hit
1665 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
1666 || !s->ext.early_data_ok
1667 || s->hello_retry_request != SSL_HRR_NONE
1668 || (s->allow_early_data_cb != NULL
1669 && !s->allow_early_data_cb(s,
1670 s->allow_early_data_cb_data))) {
1671 s->ext.early_data = SSL_EARLY_DATA_REJECTED;
1673 s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
1675 if (!tls13_change_cipher_state(s,
1685 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
1688 if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED)
1689 s->session->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_DISABLED;
1692 if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
1693 && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session))
1695 if (!ssl3_setup_buffers(s)) {
1703 static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context)
1705 s->post_handshake_auth = SSL_PHA_NONE;
1714 static int final_psk(SSL *s, unsigned int context, int sent)
1716 if (s->server && sent && s->clienthello != NULL
1717 && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
1718 SSLfatal(s, TLS13_AD_MISSING_EXTENSION,