Lines Matching defs:s
16 * Copyright remains Eric Young's, and as such any Copyright notices in
1155 ssl3_pending(const SSL *s)
1157 if (s->s3->rcontent == NULL)
1159 if (tls_content_type(s->s3->rcontent) != SSL3_RT_APPLICATION_DATA)
1162 return tls_content_remaining(s->s3->rcontent);
1166 ssl3_handshake_msg_hdr_len(SSL *s)
1168 return (SSL_is_dtls(s) ? DTLS1_HM_HEADER_LENGTH :
1173 ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type)
1181 if (SSL_is_dtls(s)) {
1198 ssl3_handshake_msg_finish(SSL *s, CBB *handshake)
1210 if (!BUF_MEM_grow_clean(s->init_buf, outlen))
1213 memcpy(s->init_buf->data, data, outlen);
1215 s->init_num = (int)outlen;
1216 s->init_off = 0;
1218 if (SSL_is_dtls(s)) {
1227 len = outlen - ssl3_handshake_msg_hdr_len(s);
1229 dtls1_set_message_header(s, msg_type, len, 0, len);
1230 dtls1_buffer_message(s, 0);
1242 ssl3_handshake_write(SSL *s)
1244 return ssl3_record_write(s, SSL3_RT_HANDSHAKE);
1248 ssl3_record_write(SSL *s, int type)
1250 if (SSL_is_dtls(s))
1251 return dtls1_do_write(s, type);
1253 return ssl3_do_write(s, type);
1257 ssl3_new(SSL *s)
1259 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
1262 s->method->ssl_clear(s);
1268 ssl3_free(SSL *s)
1270 if (s == NULL)
1273 tls1_cleanup_key_block(s);
1274 ssl3_release_read_buffer(s);
1275 ssl3_release_write_buffer(s);
1277 tls_content_free(s->s3->rcontent);
1279 tls_buffer_free(s->s3->alert_fragment);
1280 tls_buffer_free(s->s3->handshake_fragment);
1282 freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
1284 sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
1285 sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
1286 sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
1287 sk_X509_pop_free(s->s3->hs.verified_chain, X509_free);
1288 tls_key_share_free(s->s3->hs.key_share);
1290 tls13_secrets_destroy(s->s3->hs.tls13.secrets);
1291 freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
1292 tls13_clienthello_hash_clear(&s->s3->hs.tls13);
1294 tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
1296 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1298 tls1_transcript_free(s);
1299 tls1_transcript_hash_free(s);
1301 free(s->s3->alpn_selected);
1303 freezero(s->s3->peer_quic_transport_params,
1304 s->s3->peer_quic_transport_params_len);
1306 freezero(s->s3, sizeof(*s->s3));
1308 s->s3 = NULL;
1312 ssl3_clear(SSL *s)
1317 tls1_cleanup_key_block(s);
1318 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1320 tls_buffer_free(s->s3->alert_fragment);
1321 s->s3->alert_fragment = NULL;
1322 tls_buffer_free(s->s3->handshake_fragment);
1323 s->s3->handshake_fragment = NULL;
1325 freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
1326 s->s3->hs.sigalgs = NULL;
1327 s->s3->hs.sigalgs_len = 0;
1329 sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
1330 s->s3->hs.client_ciphers = NULL;
1331 sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
1332 s->s3->hs.peer_certs = NULL;
1333 sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
1334 s->s3->hs.peer_certs_no_leaf = NULL;
1335 sk_X509_pop_free(s->s3->hs.verified_chain, X509_free);
1336 s->s3->hs.verified_chain = NULL;
1338 tls_key_share_free(s->s3->hs.key_share);
1339 s->s3->hs.key_share = NULL;
1341 tls13_secrets_destroy(s->s3->hs.tls13.secrets);
1342 s->s3->hs.tls13.secrets = NULL;
1343 freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
1344 s->s3->hs.tls13.cookie = NULL;
1345 s->s3->hs.tls13.cookie_len = 0;
1346 tls13_clienthello_hash_clear(&s->s3->hs.tls13);
1348 tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
1349 s->s3->hs.tls13.quic_read_buffer = NULL;
1350 s->s3->hs.tls13.quic_read_level = ssl_encryption_initial;
1351 s->s3->hs.tls13.quic_write_level = ssl_encryption_initial;
1353 s->s3->hs.extensions_seen = 0;
1355 rp = s->s3->rbuf.buf;
1356 wp = s->s3->wbuf.buf;
1357 rlen = s->s3->rbuf.len;
1358 wlen = s->s3->wbuf.len;
1360 tls_content_free(s->s3->rcontent);
1361 s->s3->rcontent = NULL;
1363 tls1_transcript_free(s);
1364 tls1_transcript_hash_free(s);
1366 free(s->s3->alpn_selected);
1367 s->s3->alpn_selected = NULL;
1368 s->s3->alpn_selected_len = 0;
1370 freezero(s->s3->peer_quic_transport_params,
1371 s->s3->peer_quic_transport_params_len);
1372 s->s3->peer_quic_transport_params = NULL;
1373 s->s3->peer_quic_transport_params_len = 0;
1375 memset(s->s3, 0, sizeof(*s->s3));
1377 s->s3->rbuf.buf = rp;
1378 s->s3->wbuf.buf = wp;
1379 s->s3->rbuf.len = rlen;
1380 s->s3->wbuf.len = wlen;
1382 ssl_free_wbio_buffer(s);
1385 s->s3->renegotiate = 0;
1386 s->s3->total_renegotiations = 0;
1387 s->s3->num_renegotiations = 0;
1388 s->s3->in_read_app_data = 0;
1390 s->packet_length = 0;
1391 s->version = TLS1_2_VERSION;
1393 s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
1397 _SSL_get_shared_group(SSL *s, long n)
1403 if (!s->server)
1407 if (!tls1_count_shared_groups(s, &count))
1423 if (!tls1_get_shared_group_by_index(s, n, &nid))
1430 _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
1437 if (s->s3->hs.key_share == NULL)
1442 if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey))
1457 _SSL_session_reused(SSL *s)
1459 return s->hit;
1463 _SSL_num_renegotiations(SSL *s)
1465 return s->s3->num_renegotiations;
1469 _SSL_clear_num_renegotiations(SSL *s)
1473 renegs = s->s3->num_renegotiations;
1474 s->s3->num_renegotiations = 0;
1480 _SSL_total_renegotiations(SSL *s)
1482 return s->s3->total_renegotiations;
1486 _SSL_set_tmp_dh(SSL *s, DH *dh)
1491 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
1495 if (!ssl_security_dh(s, dh)) {
1496 SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
1501 SSLerror(s, ERR_R_DH_LIB);
1505 DH_free(s->cert->dhe_params);
1506 s->cert->dhe_params = dhe_params;
1512 _SSL_set_dh_auto(SSL *s, int state)
1514 s->cert->dhe_params_auto = state;
1519 _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh)
1530 return SSL_set1_groups(s, &nid, 1);
1534 _SSL_set_ecdh_auto(SSL *s, int state)
1540 _SSL_set_tlsext_host_name(SSL *s, const char *name)
1545 free(s->tlsext_hostname);
1546 s->tlsext_hostname = NULL;
1554 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1557 if ((s->tlsext_hostname = strdup(name)) == NULL) {
1558 SSLerror(s, ERR_R_INTERNAL_ERROR);
1566 _SSL_set_tlsext_debug_arg(SSL *s, void *arg)
1568 s->tlsext_debug_arg = arg;
1573 _SSL_get_tlsext_status_type(SSL *s)
1575 return s->tlsext_status_type;
1579 _SSL_set_tlsext_status_type(SSL *s, int type)
1581 s->tlsext_status_type = type;
1586 _SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts)
1588 *exts = s->tlsext_ocsp_exts;
1593 _SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts)
1596 s->tlsext_ocsp_exts = exts;
1601 _SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids)
1603 *ids = s->tlsext_ocsp_ids;
1608 _SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)
1611 s->tlsext_ocsp_ids = ids;
1616 _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
1618 if (s->tlsext_ocsp_resp != NULL &&
1619 s->tlsext_ocsp_resp_len < INT_MAX) {
1620 *resp = s->tlsext_ocsp_resp;
1621 return (int)s->tlsext_ocsp_resp_len;
1630 _SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)
1632 free(s->tlsext_ocsp_resp);
1633 s->tlsext_ocsp_resp = NULL;
1634 s->tlsext_ocsp_resp_len = 0;
1639 s->tlsext_ocsp_resp = resp;
1640 s->tlsext_ocsp_resp_len = (size_t)resp_len;
1693 SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
1695 return tls1_set_groups(&s->tlsext_supportedgroups,
1696 &s->tlsext_supportedgroups_length, groups, groups_len);
1701 SSL_set1_groups_list(SSL *s, const char *groups)
1703 return tls1_set_group_list(&s->tlsext_supportedgroups,
1704 &s->tlsext_supportedgroups_length, groups);
1709 _SSL_get_signature_nid(SSL *s, int *nid)
1713 if ((sigalg = s->s3->hs.our_sigalg) == NULL)
1722 _SSL_get_peer_signature_nid(SSL *s, int *nid)
1726 if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
1735 SSL_get_signature_type_nid(const SSL *s, int *nid)
1739 if ((sigalg = s->s3->hs.our_sigalg) == NULL)
1752 SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
1756 if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
1769 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1773 return _SSL_session_reused(s);
1776 return _SSL_num_renegotiations(s);
1779 return _SSL_clear_num_renegotiations(s);
1782 return _SSL_total_renegotiations(s);
1785 return _SSL_set_tmp_dh(s, parg);
1788 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1792 return _SSL_set_dh_auto(s, larg);
1795 return _SSL_set_tmp_ecdh(s, parg);
1798 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1802 return _SSL_set_ecdh_auto(s, larg);
1806 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
1809 return _SSL_set_tlsext_host_name(s, parg);
1812 return _SSL_set_tlsext_debug_arg(s, parg);
1815 return _SSL_get_tlsext_status_type(s);
1818 return _SSL_set_tlsext_status_type(s, larg);
1821 return _SSL_get_tlsext_status_exts(s, parg);
1824 return _SSL_set_tlsext_status_exts(s, parg);
1827 return _SSL_get_tlsext_status_ids(s, parg);
1830 return _SSL_set_tlsext_status_ids(s, parg);
1833 return _SSL_get_tlsext_status_ocsp_resp(s, parg);
1836 return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg);
1840 return SSL_set0_chain(s, (STACK_OF(X509) *)parg);
1842 return SSL_set1_chain(s, (STACK_OF(X509) *)parg);
1846 return SSL_add0_chain_cert(s, (X509 *)parg);
1848 return SSL_add1_chain_cert(s, (X509 *)parg);
1851 return SSL_get0_chain_certs(s, (STACK_OF(X509) **)parg);
1854 return SSL_set1_groups(s, parg, larg);
1857 return SSL_set1_groups_list(s, parg);
1860 return _SSL_get_shared_group(s, larg);
1864 if (s->server != 0)
1866 return _SSL_get_peer_tmp_key(s, parg);
1869 return SSL_get_min_proto_version(s);
1872 return SSL_get_max_proto_version(s);
1877 return SSL_set_min_proto_version(s, larg);
1882 return SSL_set_max_proto_version(s, larg);
1885 return _SSL_get_signature_nid(s, parg);
1888 return _SSL_get_peer_signature_nid(s, parg);
1897 return (int)(s->s3->flags);
1904 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1912 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1916 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1920 s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp;
1927 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2289 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2299 /* Let's see which ciphers we can support */
2300 cert = s->cert;
2302 can_use_ecc = tls1_get_supported_group(s, &nid);
2311 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2324 !SSL_USE_TLS1_2_CIPHERS(s))
2329 !SSL_USE_TLS1_3_CIPHERS(s))
2333 if (SSL_USE_TLS1_3_CIPHERS(s) &&
2337 if (!ssl_security_shared_cipher(s, c))
2354 ok = ok && tls1_check_ec_server_key(s);
2378 ssl3_get_req_cert_types(SSL *s, CBB *cbb)
2382 alg_k = s->s3->hs.cipher->algorithm_mkey;
2403 ssl3_shutdown(SSL *s)
2411 if ((s->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
2412 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2416 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
2417 s->shutdown|=SSL_SENT_SHUTDOWN;
2418 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2421 * to be written, s->s3->alert_dispatch will be true
2423 if (s->s3->alert_dispatch)
2425 } else if (s->s3->alert_dispatch) {
2427 ret = ssl3_dispatch_alert(s);
2437 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2439 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
2440 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2445 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2446 !s->s3->alert_dispatch)
2453 ssl3_write(SSL *s, const void *buf, int len)
2457 if (s->s3->renegotiate)
2458 ssl3_renegotiate_check(s);
2460 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2465 ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2470 if (s->s3->renegotiate)
2471 ssl3_renegotiate_check(s);
2472 s->s3->in_read_app_data = 1;
2474 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
2476 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2478 * ssl3_read_bytes decided to call s->handshake_func,
2484 s->in_handshake++;
2485 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,
2487 s->in_handshake--;
2489 s->s3->in_read_app_data = 0;
2495 ssl3_read(SSL *s, void *buf, int len)
2497 return ssl3_read_internal(s, buf, len, 0);
2501 ssl3_peek(SSL *s, void *buf, int len)
2503 return ssl3_read_internal(s, buf, len, 1);
2507 ssl3_renegotiate(SSL *s)
2509 if (s->handshake_func == NULL)
2512 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2515 s->s3->renegotiate = 1;
2521 ssl3_renegotiate_check(SSL *s)
2523 if (!s->s3->renegotiate)
2525 if (SSL_in_init(s) || s->s3->rbuf.left != 0 || s->s3->wbuf.left != 0)
2528 s->s3->hs.state = SSL_ST_RENEGOTIATE;
2529 s->s3->renegotiate = 0;
2530 s->s3->num_renegotiations++;
2531 s->s3->total_renegotiations++;