Lines Matching +full:post +full:- +full:init +full:- +full:providers
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
63 # define SSL_AD_NO_ALERT -1
96 /* GOST KDF key exchange, draft-smyshlyaev-tls12-gost-suites */
117 /* GOST R 34.10-2001 signature auth */
121 /* GOST R 34.10-2012 signature auth */
207 /* Bits 0-7 are handshake MAC */
217 /* Bits 8-15 bits are PRF */
233 * TLSTREE cipher/mac key derivation from draft-smyshlyaev-tls12-gost-suites
251 /* we have used 0000003f - 26 bits left to go */
258 (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
262 (ctx->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
266 && SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \
267 && SSL_CONNECTION_GET_SSL(s)->method->version != TLS_ANY_VERSION)
271 || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
272 || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
273 || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
274 || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
275 || (s)->hello_retry_request == SSL_HRR_PENDING)
277 # define SSL_IS_FIRST_HANDSHAKE(s) ((s)->s3.tmp.finish_md_len == 0 \
278 || (s)->s3.tmp.peer_finish_md_len == 0)
285 (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
291 (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
297 IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode)
299 (512U << (session->ext.max_fragment_len_mode - 1))
301 # define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
302 # define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
304 # define SSL_IS_QUIC_HANDSHAKE(s) (((s)->s3.flags & TLS1_FLAGS_QUIC) != 0)
305 # define SSL_IS_QUIC_INT_HANDSHAKE(s) (((s)->s3.flags & TLS1_FLAGS_QUIC_INTERNAL) != 0)
357 /*-
358 * SSL_kRSA <- RSA_ENC
359 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
360 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
361 * SSL_aRSA <- RSA_ENC | RSA_SIGN
362 * SSL_aDSS <- DSA_SIGN
370 /* Post-Handshake Authentication state */
373 SSL_PHA_EXT_SENT, /* client-side only: extension sent */
374 SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */
375 SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */
451 /*-
454 * version INTEGER, -- structure version number
455 * SSLversion INTEGER, -- SSL version number
456 * Cipher OCTET STRING, -- the 3 byte cipher ID
457 * Session_ID OCTET STRING, -- the Session ID
458 * Master_key OCTET STRING, -- the master key
459 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
460 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
461 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
462 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
463 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
464 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
465 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
466 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
467 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
468 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
469 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
470 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
471 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
472 * flags [ 13 ] EXPLICIT INTEGER -- optional flags
475 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
489 /* session_id - valid? */
545 * If this value does not contain RFC 4366 allowed values (1-4) then
560 * These are used to make removal of session-ids more efficient and to
561 * implement a maximum cache size. Access requires protection of ctx->lock.
639 /* Track what order extensions are received in (0-based). */
693 /* Dummy index - must always be the last entry */
744 unsigned int secbits; /* Bits of security (from SP800-57) */
746 int mintls; /* Minimum TLS version, -1 unsupported */
748 int mindtls; /* Minimum DTLS version, -1 unsupported */
755 uint16_t code_point; /* IANA-specified code point of sigalg-name */
764 unsigned int secbits; /* Bits of security (from SP800-57) */
765 int mintls; /* Minimum TLS version, -1 unsupported */
767 int mindtls; /* Minimum DTLS version, -1 unsupported */
807 * Most session-ids that will be cached, default is
830 * remove_session_cb is not null, it will be called when a session-id is
840 TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */
841 TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */
842 TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */
843 TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */
844 TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */
845 TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */
850 TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in
854 * supplying session-id's from
855 * other processes - spooky
856 * :-) */
889 /* TLS1.3 app-controlled cookie generate callback */
893 /* TLS1.3 verify app-controlled cookie callback */
899 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
900 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */
905 /* Default values used when no per-SSL value is defined follow */
1039 /*-
1046 * wire-format.
1152 /* Do we advertise Post-handshake auth support? */
1170 /* List of all sigalgs (code points) available, incl. from providers */
1192 /* Certificate Type stuff - for RPK vs X.509 */
1267 /* used during session-id reuse to concatenate messages */
1270 * This holds a variable that indicates what we were doing when a 0 or -1
1271 * is returned. This is needed for non-blocking IO so we know what
1272 * request needs re-doing when in SSL_accept or SSL_connect
1277 * Imagine that here's a boolean member "init" that is switched as soon
1281 * "init" member.
1302 BUF_MEM *init_buf; /* buffer used during init */
1469 * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
1600 * What was passed in ClientHello.legacy_version. Used for RSA pre-master
1618 /* Built-in extension flags */
1626 /* Status type or -1 if no status type */
1675 /* TLS pre-shared secret session resumption */
1713 * If this member contains one of the allowed values (1-4)
1746 /*-
1759 /* User-supplied argument that is passed to the ct_validation_callback */
1776 /*-
1784 /* Post-handshake authentication state */
1859 /* Certificate Type stuff - for RPK vs X.509 */
1879 /* Index of hash algorithm or -1 if no hash algorithm */
1934 unsigned char priority[8]; /* 64-bit value in big-endian encoding */
1965 size_t link_mtu; /* max on-the-wire DTLS packet size */
1988 * From ECC-TLS draft, used in encoding the curve type in ECParameters
2013 /*-
2023 /* Compressed certificate data - index 0 is unused */
2029 # define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
2047 * Per-connection flags relating to this extension type: not used if
2150 * of a mess of functions, but hell, think of it as an opaque structure :-)
2179 SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
2181 SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
2182 # define ssl_do_write(s) SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->do_write(s)
2208 #define TLSEXT_STATUSTYPE_nothing -1
2300 #define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && \
2301 s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
2480 return ((sc->server && sc->ext.server_cert_type == TLSEXT_cert_type_rpk) in tls12_rpk_and_privkey()
2481 || (!sc->server && sc->ext.client_cert_type == TLSEXT_cert_type_rpk)) in tls12_rpk_and_privkey()
2482 && sc->cert->pkeys[idx].privatekey != NULL in tls12_rpk_and_privkey()
2483 && sc->cert->pkeys[idx].x509 == NULL; in tls12_rpk_and_privkey()
2491 if (sc->server) { in ssl_has_cert_type()
2492 ptr = sc->server_cert_type; in ssl_has_cert_type()
2493 len = sc->server_cert_type_len; in ssl_has_cert_type()
2495 ptr = sc->client_cert_type; in ssl_has_cert_type()
2496 len = sc->client_cert_type_len; in ssl_has_cert_type()
2508 if (idx < 0 || idx >= (int)s->ssl_pkey_num) in ssl_has_cert()
2513 return s->cert->pkeys[idx].privatekey != NULL; in ssl_has_cert()
2515 return s->cert->pkeys[idx].x509 != NULL in ssl_has_cert()
2516 && s->cert->pkeys[idx].privatekey != NULL; in ssl_has_cert()
2523 *pgroups = s->ext.peer_supportedgroups; in tls1_get_peer_groups()
2524 *pgroupslen = s->ext.peer_supportedgroups_len; in tls1_get_peer_groups()
3050 # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
3058 if (!CRYPTO_THREAD_write_lock(ctx->tsan_lock)) in ssl_tsan_lock()
3067 CRYPTO_THREAD_unlock(ctx->tsan_lock); in ssl_tsan_unlock()
3091 * as no-ops for QUIC.
3109 /* This option is undefined in public headers with no-dtls1-method. */
3114 * Options which are no-ops under QUIC or TLSv1.3 and which are therefore
3138 /* Total mask of connection-level options permitted or ignored under QUIC. */
3151 /* Total mask of stream-level options permitted or ignored under QUIC. */