Lines Matching full:s3
50 && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) in cert_req_allowed()
51 || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) in cert_req_allowed()
66 long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in key_exchange_expected()
279 } else if (!(s->s3.tmp.new_cipher->algorithm_auth in ossl_statem_client_read_transition()
289 || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) in ossl_statem_client_read_transition()
321 if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) in ossl_statem_client_read_transition()
447 st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT in ossl_statem_client13_write_transition()
460 st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT in ossl_statem_client13_write_transition()
466 st->hand_state = (s->s3.tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY in ossl_statem_client13_write_transition()
567 if (s->s3.tmp.cert_req) in ossl_statem_client_write_transition()
588 if (s->s3.tmp.cert_req == 1) { in ossl_statem_client_write_transition()
593 if (s->s3.flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { in ossl_statem_client_write_transition()
611 if (!SSL_IS_DTLS(s) && s->s3.npn_seen) in ossl_statem_client_write_transition()
796 s->session->cipher = s->s3.tmp.new_cipher; in ossl_statem_client_post_work()
800 if (s->s3.tmp.new_compression == NULL) in ossl_statem_client_post_work()
803 s->session->compress_meth = s->s3.tmp.new_compression->id; in ossl_statem_client_post_work()
1122 p = s->s3.client_random; in tls_construct_client_hello()
1131 for (idx = 0; idx < sizeof(s->s3.client_random); idx++) { in tls_construct_client_hello()
1141 if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), in tls_construct_client_hello()
1181 || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { in tls_construct_client_hello()
1252 && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { in tls_construct_client_hello()
1333 if (SSL_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL in set_client_ciphersuite()
1334 && s->s3.tmp.new_cipher->id != c->id) { in set_client_ciphersuite()
1371 s->s3.tmp.new_cipher = c; in set_client_ciphersuite()
1411 if (!PACKET_copy_bytes(pkt, s->s3.server_random, SSL3_RANDOM_SIZE)) { in tls_process_server_hello()
1611 s->s3.tmp.min_ver = s->version; in tls_process_server_hello()
1612 s->s3.tmp.max_ver = s->version; in tls_process_server_hello()
1653 s->s3.tmp.new_compression = comp; in tls_process_server_hello()
1736 if (s->ext.tls13_cookie_len == 0 && s->s3.tmp.pkey != NULL) { in tls_process_as_hello_retry_request()
1919 if ((clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0) { in tls_post_process_server_certificate()
2015 if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) in tls_process_ske_srp()
2096 s->s3.peer_tmp = peer_tmp; in tls_process_ske_dhe()
2103 if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) in tls_process_ske_dhe()
2145 if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) { in tls_process_ske_ecdhe()
2156 if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, in tls_process_ske_ecdhe()
2168 if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) in tls_process_ske_ecdhe()
2170 else if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aRSA) in tls_process_ske_ecdhe()
2187 alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in tls_process_key_exchange()
2191 EVP_PKEY_free(s->s3.peer_tmp); in tls_process_key_exchange()
2192 s->s3.peer_tmp = NULL; in tls_process_key_exchange()
2259 if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { in tls_process_key_exchange()
2313 if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) in tls_process_key_exchange()
2341 s->s3.tmp.valid_flags[i] = 0; in tls_process_certificate_request()
2357 OPENSSL_free(s->s3.tmp.ctype); in tls_process_certificate_request()
2358 s->s3.tmp.ctype = NULL; in tls_process_certificate_request()
2359 s->s3.tmp.ctype_len = 0; in tls_process_certificate_request()
2397 if (!PACKET_memdup(&ctypes, &s->s3.tmp.ctype, &s->s3.tmp.ctype_len)) { in tls_process_certificate_request()
2438 s->s3.tmp.cert_req = 1; in tls_process_certificate_request()
2732 if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) { in tls_process_server_done()
2797 OPENSSL_free(s->s3.tmp.psk); in tls_construct_cke_psk_preamble()
2798 s->s3.tmp.psk = tmppsk; in tls_construct_cke_psk_preamble()
2799 s->s3.tmp.psklen = psklen; in tls_construct_cke_psk_preamble()
2894 s->s3.tmp.pms = pms; in tls_construct_cke_rsa()
2895 s->s3.tmp.pmslen = pmslen; in tls_construct_cke_rsa()
2914 skey = s->s3.peer_tmp; in tls_construct_cke_dhe()
2975 skey = s->s3.peer_tmp; in tls_construct_cke_ecdhe()
3026 if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0) in tls_construct_cke_gost()
3074 || EVP_DigestUpdate(ukm_hash, s->s3.client_random, in tls_construct_cke_gost()
3076 || EVP_DigestUpdate(ukm_hash, s->s3.server_random, in tls_construct_cke_gost()
3107 s->s3.tmp.pms = pms; in tls_construct_cke_gost()
3108 s->s3.tmp.pmslen = pmslen; in tls_construct_cke_gost()
3125 if ((s->s3.tmp.new_cipher->algorithm_enc & SSL_MAGMA) != 0) in ossl_gost18_cke_cipher_nid()
3127 else if ((s->s3.tmp.new_cipher->algorithm_enc & SSL_KUZNYECHIK) != 0) in ossl_gost18_cke_cipher_nid()
3144 || EVP_DigestUpdate(hash, s->s3.client_random, SSL3_RANDOM_SIZE) <= 0 in ossl_gost_ukm()
3145 || EVP_DigestUpdate(hash, s->s3.server_random, SSL3_RANDOM_SIZE) <= 0 in ossl_gost_ukm()
3241 s->s3.tmp.pms = pms; in tls_construct_cke_gost18()
3242 s->s3.tmp.pmslen = pmslen; in tls_construct_cke_gost18()
3286 alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in tls_construct_client_key_exchange()
3321 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); in tls_construct_client_key_exchange()
3322 s->s3.tmp.pms = NULL; in tls_construct_client_key_exchange()
3323 s->s3.tmp.pmslen = 0; in tls_construct_client_key_exchange()
3325 OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); in tls_construct_client_key_exchange()
3326 s->s3.tmp.psk = NULL; in tls_construct_client_key_exchange()
3327 s->s3.tmp.psklen = 0; in tls_construct_client_key_exchange()
3337 pms = s->s3.tmp.pms; in tls_client_key_exchange_post_work()
3338 pmslen = s->s3.tmp.pmslen; in tls_client_key_exchange_post_work()
3342 if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) { in tls_client_key_exchange_post_work()
3351 if (pms == NULL && !(s->s3.tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { in tls_client_key_exchange_post_work()
3398 s->s3.tmp.pms = NULL; in tls_client_key_exchange_post_work()
3399 s->s3.tmp.pmslen = 0; in tls_client_key_exchange_post_work()
3411 if (!tls_choose_sigalg(s, 0) || s->s3.tmp.sigalg == NULL) in ssl3_check_client_certificate()
3480 s->s3.tmp.cert_req = 0; in tls_prepare_client_certificate()
3484 s->s3.tmp.cert_req = 2; in tls_prepare_client_certificate()
3517 (s->s3.tmp.cert_req == 2) ? NULL in tls_construct_client_certificate()
3544 alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in ssl3_check_cert_and_algorithm()
3545 alg_a = s->s3.tmp.new_cipher->algorithm_auth; in ssl3_check_cert_and_algorithm()
3573 if ((alg_k & SSL_kDHE) && (s->s3.peer_tmp == NULL)) { in ssl3_check_cert_and_algorithm()
3727 if (DTLS_VERSION_GE(c->max_dtls, s->s3.tmp.max_ver) in ssl_cipher_list_to_bytes()
3728 && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) in ssl_cipher_list_to_bytes()
3731 if (c->max_tls >= s->s3.tmp.max_ver in ssl_cipher_list_to_bytes()
3732 && c->min_tls <= s->s3.tmp.max_ver) in ssl_cipher_list_to_bytes()