Lines Matching full:s
15 EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, in tls_construct_ctos_renegotiate() argument
20 if (!s->renegotiate) in tls_construct_ctos_renegotiate()
25 || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, in tls_construct_ctos_renegotiate()
26 s->s3.previous_client_finished_len) in tls_construct_ctos_renegotiate()
28 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_renegotiate()
35 EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, in tls_construct_ctos_server_name() argument
39 if (s->ext.hostname == NULL) in tls_construct_ctos_server_name()
49 || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, in tls_construct_ctos_server_name()
50 strlen(s->ext.hostname)) in tls_construct_ctos_server_name()
53 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_server_name()
61 EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, in tls_construct_ctos_maxfragmentlen() argument
65 if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED) in tls_construct_ctos_maxfragmentlen()
76 || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) in tls_construct_ctos_maxfragmentlen()
78 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_maxfragmentlen()
86 EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_srp() argument
90 if (s->srp_ctx.login == NULL) in tls_construct_ctos_srp()
99 || !WPACKET_memcpy(pkt, s->srp_ctx.login, in tls_construct_ctos_srp()
100 strlen(s->srp_ctx.login)) in tls_construct_ctos_srp()
103 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_srp()
111 static int use_ecc(SSL *s, int min_version, int max_version) in use_ecc() argument
120 if (s->version == SSL3_VERSION) in use_ecc()
123 cipher_stack = SSL_get1_supported_ciphers(s); in use_ecc()
142 tls1_get_supported_groups(s, &pgroups, &num_groups); in use_ecc()
146 if (tls_valid_group(s, ctmp, min_version, max_version, 1, NULL) in use_ecc()
147 && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) in use_ecc()
154 EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, in tls_construct_ctos_ec_pt_formats() argument
162 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); in tls_construct_ctos_ec_pt_formats()
164 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason); in tls_construct_ctos_ec_pt_formats()
167 if (!use_ecc(s, min_version, max_version)) in tls_construct_ctos_ec_pt_formats()
171 tls1_get_formatlist(s, &pformats, &num_formats); in tls_construct_ctos_ec_pt_formats()
178 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_ec_pt_formats()
185 EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, in tls_construct_ctos_supported_groups() argument
193 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); in tls_construct_ctos_supported_groups()
195 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason); in tls_construct_ctos_supported_groups()
203 if (!use_ecc(s, min_version, max_version) in tls_construct_ctos_supported_groups()
204 && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) in tls_construct_ctos_supported_groups()
210 tls1_get_supported_groups(s, &pgroups, &num_groups); in tls_construct_ctos_supported_groups()
217 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_supported_groups()
225 if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) in tls_construct_ctos_supported_groups()
226 && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { in tls_construct_ctos_supported_groups()
228 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_supported_groups()
238 SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, in tls_construct_ctos_supported_groups()
241 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_supported_groups()
246 SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, in tls_construct_ctos_supported_groups()
254 EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, in tls_construct_ctos_session_ticket() argument
260 if (!tls_use_ticket(s)) in tls_construct_ctos_session_ticket()
263 if (!s->new_session && s->session != NULL in tls_construct_ctos_session_ticket()
264 && s->session->ext.tick != NULL in tls_construct_ctos_session_ticket()
265 && s->session->ssl_version != TLS1_3_VERSION) { in tls_construct_ctos_session_ticket()
266 ticklen = s->session->ext.ticklen; in tls_construct_ctos_session_ticket()
267 } else if (s->session && s->ext.session_ticket != NULL in tls_construct_ctos_session_ticket()
268 && s->ext.session_ticket->data != NULL) { in tls_construct_ctos_session_ticket()
269 ticklen = s->ext.session_ticket->length; in tls_construct_ctos_session_ticket()
270 s->session->ext.tick = OPENSSL_malloc(ticklen); in tls_construct_ctos_session_ticket()
271 if (s->session->ext.tick == NULL) { in tls_construct_ctos_session_ticket()
272 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_session_ticket()
275 memcpy(s->session->ext.tick, in tls_construct_ctos_session_ticket()
276 s->ext.session_ticket->data, ticklen); in tls_construct_ctos_session_ticket()
277 s->session->ext.ticklen = ticklen; in tls_construct_ctos_session_ticket()
282 if (ticklen == 0 && s->ext.session_ticket != NULL && in tls_construct_ctos_session_ticket()
283 s->ext.session_ticket->data == NULL) in tls_construct_ctos_session_ticket()
287 || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { in tls_construct_ctos_session_ticket()
288 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_session_ticket()
295 EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, in tls_construct_ctos_sig_algs() argument
302 if (!SSL_CLIENT_USE_SIGALGS(s)) in tls_construct_ctos_sig_algs()
305 salglen = tls12_get_psigalgs(s, 1, &salg); in tls_construct_ctos_sig_algs()
311 || !tls12_copy_sigalgs(s, pkt, salg, salglen) in tls_construct_ctos_sig_algs()
314 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_sig_algs()
322 EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, in tls_construct_ctos_status_request() argument
332 if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) in tls_construct_ctos_status_request()
341 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_status_request()
344 for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) { in tls_construct_ctos_status_request()
346 OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i); in tls_construct_ctos_status_request()
353 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_status_request()
359 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_status_request()
362 if (s->ext.ocsp.exts) { in tls_construct_ctos_status_request()
364 int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL); in tls_construct_ctos_status_request()
367 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_status_request()
371 || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) in tls_construct_ctos_status_request()
373 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_status_request()
378 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_status_request()
387 EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_npn() argument
390 if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) in tls_construct_ctos_npn()
399 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_npn()
407 EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_alpn() argument
410 s->s3.alpn_sent = 0; in tls_construct_ctos_alpn()
412 if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) in tls_construct_ctos_alpn()
419 || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) in tls_construct_ctos_alpn()
421 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_alpn()
424 s->s3.alpn_sent = 1; in tls_construct_ctos_alpn()
431 EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, in tls_construct_ctos_use_srtp() argument
435 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s); in tls_construct_ctos_use_srtp()
446 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_use_srtp()
456 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_use_srtp()
464 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_use_srtp()
472 EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_etm() argument
475 if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) in tls_construct_ctos_etm()
480 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_etm()
488 EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_sct() argument
491 if (s->ct_validation_callback == NULL) in tls_construct_ctos_sct()
500 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_sct()
508 EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_ems() argument
511 if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) in tls_construct_ctos_ems()
516 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_ems()
523 EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, in tls_construct_ctos_supported_versions() argument
529 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); in tls_construct_ctos_supported_versions()
531 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason); in tls_construct_ctos_supported_versions()
545 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_supported_versions()
551 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_supported_versions()
556 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_supported_versions()
566 EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, in tls_construct_ctos_psk_kex_modes() argument
571 int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX; in tls_construct_ctos_psk_kex_modes()
580 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_psk_kex_modes()
584 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE_DHE; in tls_construct_ctos_psk_kex_modes()
586 s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; in tls_construct_ctos_psk_kex_modes()
593 static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) in add_key_share() argument
599 if (s->s3.tmp.pkey != NULL) { in add_key_share()
600 if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) { in add_key_share()
601 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in add_key_share()
607 key_share_key = s->s3.tmp.pkey; in add_key_share()
609 key_share_key = ssl_generate_pkey_group(s, curve_id); in add_key_share()
620 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); in add_key_share()
627 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in add_key_share()
636 s->s3.tmp.pkey = key_share_key; in add_key_share()
637 s->s3.group_id = curve_id; in add_key_share()
642 if (s->s3.tmp.pkey == NULL) in add_key_share()
649 EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, in tls_construct_ctos_key_share() argument
664 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_key_share()
668 tls1_get_supported_groups(s, &pgroups, &num_groups); in tls_construct_ctos_key_share()
674 if (s->s3.group_id != 0) { in tls_construct_ctos_key_share()
675 curve_id = s->s3.group_id; in tls_construct_ctos_key_share()
679 if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) in tls_construct_ctos_key_share()
682 if (!tls_valid_group(s, pgroups[i], TLS1_3_VERSION, TLS1_3_VERSION, in tls_construct_ctos_key_share()
692 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_KEY_SHARE); in tls_construct_ctos_key_share()
696 if (!add_key_share(s, pkt, curve_id)) { in tls_construct_ctos_key_share()
702 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_key_share()
711 EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_cookie() argument
717 if (s->ext.tls13_cookie_len == 0) in tls_construct_ctos_cookie()
723 || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, in tls_construct_ctos_cookie()
724 s->ext.tls13_cookie_len) in tls_construct_ctos_cookie()
726 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_cookie()
732 OPENSSL_free(s->ext.tls13_cookie); in tls_construct_ctos_cookie()
733 s->ext.tls13_cookie = NULL; in tls_construct_ctos_cookie()
734 s->ext.tls13_cookie_len = 0; in tls_construct_ctos_cookie()
739 EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, in tls_construct_ctos_early_data() argument
752 if (s->hello_retry_request == SSL_HRR_PENDING) in tls_construct_ctos_early_data()
753 handmd = ssl_handshake_md(s); in tls_construct_ctos_early_data()
755 if (s->psk_use_session_cb != NULL in tls_construct_ctos_early_data()
756 && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) in tls_construct_ctos_early_data()
760 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); in tls_construct_ctos_early_data()
765 if (psksess == NULL && s->psk_client_callback != NULL) { in tls_construct_ctos_early_data()
770 psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1, in tls_construct_ctos_early_data()
774 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
782 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
791 cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); in tls_construct_ctos_early_data()
793 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
802 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
811 SSL_SESSION_free(s->psksession); in tls_construct_ctos_early_data()
812 s->psksession = psksess; in tls_construct_ctos_early_data()
814 OPENSSL_free(s->psksession_id); in tls_construct_ctos_early_data()
815 s->psksession_id = OPENSSL_memdup(id, idlen); in tls_construct_ctos_early_data()
816 if (s->psksession_id == NULL) { in tls_construct_ctos_early_data()
817 s->psksession_id_len = 0; in tls_construct_ctos_early_data()
818 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
821 s->psksession_id_len = idlen; in tls_construct_ctos_early_data()
824 if (s->early_data_state != SSL_EARLY_DATA_CONNECTING in tls_construct_ctos_early_data()
825 || (s->session->ext.max_early_data == 0 in tls_construct_ctos_early_data()
827 s->max_early_data = 0; in tls_construct_ctos_early_data()
830 edsess = s->session->ext.max_early_data != 0 ? s->session : psksess; in tls_construct_ctos_early_data()
831 s->max_early_data = edsess->ext.max_early_data; in tls_construct_ctos_early_data()
834 if (s->ext.hostname == NULL in tls_construct_ctos_early_data()
835 || (s->ext.hostname != NULL in tls_construct_ctos_early_data()
836 && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { in tls_construct_ctos_early_data()
837 SSLfatal(s, SSL_AD_INTERNAL_ERROR, in tls_construct_ctos_early_data()
843 if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) { in tls_construct_ctos_early_data()
844 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_INCONSISTENT_EARLY_DATA_ALPN); in tls_construct_ctos_early_data()
856 if (!PACKET_buf_init(&prots, s->ext.alpn, s->ext.alpn_len)) { in tls_construct_ctos_early_data()
857 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
868 SSLfatal(s, SSL_AD_INTERNAL_ERROR, in tls_construct_ctos_early_data()
877 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_early_data()
885 s->ext.early_data = SSL_EARLY_DATA_REJECTED; in tls_construct_ctos_early_data()
886 s->ext.early_data_ok = 1; in tls_construct_ctos_early_data()
908 EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, in tls_construct_ctos_padding() argument
915 if ((s->options & SSL_OP_TLSEXT_PADDING) == 0) in tls_construct_ctos_padding()
925 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_padding()
933 if (s->session->ssl_version == TLS1_3_VERSION in tls_construct_ctos_padding()
934 && s->session->ext.ticklen != 0 in tls_construct_ctos_padding()
935 && s->session->cipher != NULL) { in tls_construct_ctos_padding()
936 const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2); in tls_construct_ctos_padding()
943 hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen in tls_construct_ctos_padding()
965 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_padding()
977 EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_ctos_psk() argument
987 s->ext.tick_identity = 0; in tls_construct_ctos_psk()
999 if (s->session->ssl_version != TLS1_3_VERSION in tls_construct_ctos_psk()
1000 || (s->session->ext.ticklen == 0 && s->psksession == NULL)) in tls_construct_ctos_psk()
1003 if (s->hello_retry_request == SSL_HRR_PENDING) in tls_construct_ctos_psk()
1004 handmd = ssl_handshake_md(s); in tls_construct_ctos_psk()
1006 if (s->session->ext.ticklen != 0) { in tls_construct_ctos_psk()
1008 if (s->session->cipher == NULL) { in tls_construct_ctos_psk()
1009 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_psk()
1012 mdres = ssl_md(s->ctx, s->session->cipher->algorithm2); in tls_construct_ctos_psk()
1021 if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) { in tls_construct_ctos_psk()
1037 agesec = (uint32_t)(time(NULL) - s->session->time); in tls_construct_ctos_psk()
1040 * rounding errors we could overestimate the age by up to 1s. It is in tls_construct_ctos_psk()
1049 if (s->session->ext.tick_lifetime_hint < agesec) { in tls_construct_ctos_psk()
1072 agems += s->session->ext.tick_age_add; in tls_construct_ctos_psk()
1075 s->ext.tick_identity++; in tls_construct_ctos_psk()
1080 if (!dores && s->psksession == NULL) in tls_construct_ctos_psk()
1083 if (s->psksession != NULL) { in tls_construct_ctos_psk()
1084 mdpsk = ssl_md(s->ctx, s->psksession->cipher->algorithm2); in tls_construct_ctos_psk()
1088 * If this happens it's an application bug. in tls_construct_ctos_psk()
1090 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); in tls_construct_ctos_psk()
1094 if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) { in tls_construct_ctos_psk()
1099 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); in tls_construct_ctos_psk()
1110 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_psk()
1115 if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, in tls_construct_ctos_psk()
1116 s->session->ext.ticklen) in tls_construct_ctos_psk()
1118 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_psk()
1123 if (s->psksession != NULL) { in tls_construct_ctos_psk()
1124 if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id, in tls_construct_ctos_psk()
1125 s->psksession_id_len) in tls_construct_ctos_psk()
1127 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_psk()
1130 s->ext.tick_identity++; in tls_construct_ctos_psk()
1138 || (s->psksession != NULL in tls_construct_ctos_psk()
1148 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_psk()
1155 && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, in tls_construct_ctos_psk()
1156 resbinder, s->session, 1, 0) != 1) { in tls_construct_ctos_psk()
1161 if (s->psksession != NULL in tls_construct_ctos_psk()
1162 && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, in tls_construct_ctos_psk()
1163 pskbinder, s->psksession, 1, 1) != 1) { in tls_construct_ctos_psk()
1174 EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, in tls_construct_ctos_post_handshake_auth() argument
1180 if (!s->pha_enabled) in tls_construct_ctos_post_handshake_auth()
1187 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_ctos_post_handshake_auth()
1191 s->post_handshake_auth = SSL_PHA_EXT_SENT; in tls_construct_ctos_post_handshake_auth()
1201 * Parse the server's renegotiation binding and abort if it's not right
1203 int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_renegotiate() argument
1206 size_t expected_len = s->s3.previous_client_finished_len in tls_parse_stoc_renegotiate()
1207 + s->s3.previous_server_finished_len; in tls_parse_stoc_renegotiate()
1213 || s->s3.previous_client_finished_len != 0) in tls_parse_stoc_renegotiate()
1215 || s->s3.previous_server_finished_len != 0)) { in tls_parse_stoc_renegotiate()
1216 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_renegotiate()
1222 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_RENEGOTIATION_ENCODING_ERR); in tls_parse_stoc_renegotiate()
1228 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_RENEGOTIATION_ENCODING_ERR); in tls_parse_stoc_renegotiate()
1234 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_stoc_renegotiate()
1238 if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len) in tls_parse_stoc_renegotiate()
1239 || memcmp(data, s->s3.previous_client_finished, in tls_parse_stoc_renegotiate()
1240 s->s3.previous_client_finished_len) != 0) { in tls_parse_stoc_renegotiate()
1241 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_stoc_renegotiate()
1245 if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len) in tls_parse_stoc_renegotiate()
1246 || memcmp(data, s->s3.previous_server_finished, in tls_parse_stoc_renegotiate()
1247 s->s3.previous_server_finished_len) != 0) { in tls_parse_stoc_renegotiate()
1248 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_stoc_renegotiate()
1251 s->s3.send_connection_binding = 1; in tls_parse_stoc_renegotiate()
1256 /* Parse the server's max fragment len extension packet */
1257 int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_maxfragmentlen() argument
1263 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_maxfragmentlen()
1269 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_stoc_maxfragmentlen()
1280 if (value != s->ext.max_fragment_len_mode) { in tls_parse_stoc_maxfragmentlen()
1281 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_stoc_maxfragmentlen()
1290 s->session->ext.max_fragment_len_mode = value; in tls_parse_stoc_maxfragmentlen()
1295 int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_server_name() argument
1298 if (s->ext.hostname == NULL) { in tls_parse_stoc_server_name()
1299 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_server_name()
1304 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_server_name()
1308 if (!s->hit) { in tls_parse_stoc_server_name()
1309 if (s->session->ext.hostname != NULL) { in tls_parse_stoc_server_name()
1310 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_server_name()
1313 s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); in tls_parse_stoc_server_name()
1314 if (s->session->ext.hostname == NULL) { in tls_parse_stoc_server_name()
1315 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_server_name()
1323 int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_ec_pt_formats() argument
1330 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_ec_pt_formats()
1333 if (!s->hit) { in tls_parse_stoc_ec_pt_formats()
1336 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); in tls_parse_stoc_ec_pt_formats()
1340 s->ext.peer_ecpointformats_len = 0; in tls_parse_stoc_ec_pt_formats()
1341 OPENSSL_free(s->ext.peer_ecpointformats); in tls_parse_stoc_ec_pt_formats()
1342 s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len); in tls_parse_stoc_ec_pt_formats()
1343 if (s->ext.peer_ecpointformats == NULL) { in tls_parse_stoc_ec_pt_formats()
1344 s->ext.peer_ecpointformats_len = 0; in tls_parse_stoc_ec_pt_formats()
1345 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_ec_pt_formats()
1349 s->ext.peer_ecpointformats_len = ecpointformats_len; in tls_parse_stoc_ec_pt_formats()
1352 s->ext.peer_ecpointformats, in tls_parse_stoc_ec_pt_formats()
1354 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_ec_pt_formats()
1362 int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_session_ticket() argument
1365 if (s->ext.session_ticket_cb != NULL && in tls_parse_stoc_session_ticket()
1366 !s->ext.session_ticket_cb(s, PACKET_data(pkt), in tls_parse_stoc_session_ticket()
1368 s->ext.session_ticket_cb_arg)) { in tls_parse_stoc_session_ticket()
1369 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); in tls_parse_stoc_session_ticket()
1373 if (!tls_use_ticket(s)) { in tls_parse_stoc_session_ticket()
1374 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); in tls_parse_stoc_session_ticket()
1378 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_session_ticket()
1382 s->ext.ticket_expected = 1; in tls_parse_stoc_session_ticket()
1388 int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_status_request() argument
1400 if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) { in tls_parse_stoc_status_request()
1401 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); in tls_parse_stoc_status_request()
1404 if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) { in tls_parse_stoc_status_request()
1405 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_status_request()
1409 if (SSL_IS_TLS13(s)) { in tls_parse_stoc_status_request()
1410 /* We only know how to handle this if it's for the first Certificate in in tls_parse_stoc_status_request()
1417 return tls_process_cert_status_body(s, pkt); in tls_parse_stoc_status_request()
1421 s->ext.status_expected = 1; in tls_parse_stoc_status_request()
1429 int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_sct() argument
1442 if (s->ct_validation_callback != NULL) { in tls_parse_stoc_sct()
1446 OPENSSL_free(s->ext.scts); in tls_parse_stoc_sct()
1447 s->ext.scts = NULL; in tls_parse_stoc_sct()
1449 s->ext.scts_len = (uint16_t)size; in tls_parse_stoc_sct()
1451 s->ext.scts = OPENSSL_malloc(size); in tls_parse_stoc_sct()
1452 if (s->ext.scts == NULL) { in tls_parse_stoc_sct()
1453 s->ext.scts_len = 0; in tls_parse_stoc_sct()
1454 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_parse_stoc_sct()
1457 if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { in tls_parse_stoc_sct()
1458 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_sct()
1470 if (custom_ext_find(&s->cert->custext, role, in tls_parse_stoc_sct()
1473 SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); in tls_parse_stoc_sct()
1477 if (!custom_ext_parse(s, context, in tls_parse_stoc_sct()
1497 static int ssl_next_proto_validate(SSL *s, PACKET *pkt) in ssl_next_proto_validate() argument
1504 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in ssl_next_proto_validate()
1512 int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_npn() argument
1520 if (!SSL_IS_FIRST_HANDSHAKE(s)) in tls_parse_stoc_npn()
1524 if (s->ctx->ext.npn_select_cb == NULL) { in tls_parse_stoc_npn()
1525 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); in tls_parse_stoc_npn()
1531 if (!ssl_next_proto_validate(s, &tmppkt)) { in tls_parse_stoc_npn()
1535 if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, in tls_parse_stoc_npn()
1538 s->ctx->ext.npn_select_cb_arg) != in tls_parse_stoc_npn()
1541 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); in tls_parse_stoc_npn()
1549 OPENSSL_free(s->ext.npn); in tls_parse_stoc_npn()
1550 s->ext.npn = OPENSSL_malloc(selected_len); in tls_parse_stoc_npn()
1551 if (s->ext.npn == NULL) { in tls_parse_stoc_npn()
1552 s->ext.npn_len = 0; in tls_parse_stoc_npn()
1553 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_npn()
1557 memcpy(s->ext.npn, selected, selected_len); in tls_parse_stoc_npn()
1558 s->ext.npn_len = selected_len; in tls_parse_stoc_npn()
1559 s->s3.npn_seen = 1; in tls_parse_stoc_npn()
1565 int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_alpn() argument
1573 if (!s->s3.alpn_sent) { in tls_parse_stoc_alpn()
1574 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); in tls_parse_stoc_alpn()
1586 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_alpn()
1591 if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { in tls_parse_stoc_alpn()
1592 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_alpn()
1607 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_alpn()
1611 OPENSSL_free(s->s3.alpn_selected); in tls_parse_stoc_alpn()
1612 s->s3.alpn_selected = OPENSSL_malloc(len); in tls_parse_stoc_alpn()
1613 if (s->s3.alpn_selected == NULL) { in tls_parse_stoc_alpn()
1614 s->s3.alpn_selected_len = 0; in tls_parse_stoc_alpn()
1615 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_alpn()
1618 if (!PACKET_copy_bytes(pkt, s->s3.alpn_selected, len)) { in tls_parse_stoc_alpn()
1619 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_alpn()
1622 s->s3.alpn_selected_len = len; in tls_parse_stoc_alpn()
1624 if (s->session->ext.alpn_selected == NULL in tls_parse_stoc_alpn()
1625 || s->session->ext.alpn_selected_len != len in tls_parse_stoc_alpn()
1626 || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) in tls_parse_stoc_alpn()
1629 s->ext.early_data_ok = 0; in tls_parse_stoc_alpn()
1631 if (!s->hit) { in tls_parse_stoc_alpn()
1636 if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { in tls_parse_stoc_alpn()
1637 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_alpn()
1640 s->session->ext.alpn_selected = in tls_parse_stoc_alpn()
1641 OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); in tls_parse_stoc_alpn()
1642 if (s->session->ext.alpn_selected == NULL) { in tls_parse_stoc_alpn()
1643 s->session->ext.alpn_selected_len = 0; in tls_parse_stoc_alpn()
1644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_alpn()
1647 s->session->ext.alpn_selected_len = s->s3.alpn_selected_len; in tls_parse_stoc_alpn()
1654 int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_use_srtp() argument
1666 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_stoc_use_srtp()
1673 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_SRTP_MKI_VALUE); in tls_parse_stoc_use_srtp()
1678 clnt = SSL_get_srtp_profiles(s); in tls_parse_stoc_use_srtp()
1680 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_SRTP_PROFILES); in tls_parse_stoc_use_srtp()
1692 s->srtp_profile = prof; in tls_parse_stoc_use_srtp()
1697 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_stoc_use_srtp()
1703 int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_etm() argument
1707 if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) in tls_parse_stoc_etm()
1708 && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD in tls_parse_stoc_etm()
1709 && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 in tls_parse_stoc_etm()
1710 && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT in tls_parse_stoc_etm()
1711 && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 in tls_parse_stoc_etm()
1712 && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA in tls_parse_stoc_etm()
1713 && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) in tls_parse_stoc_etm()
1714 s->ext.use_etm = 1; in tls_parse_stoc_etm()
1719 int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_ems() argument
1722 if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) in tls_parse_stoc_ems()
1724 s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS; in tls_parse_stoc_ems()
1725 if (!s->hit) in tls_parse_stoc_ems()
1726 s->session->flags |= SSL_SESS_FLAG_EXTMS; in tls_parse_stoc_ems()
1731 int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_supported_versions() argument
1738 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_stoc_supported_versions()
1747 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_stoc_supported_versions()
1757 s->version = version; in tls_parse_stoc_supported_versions()
1762 int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_key_share() argument
1768 EVP_PKEY *ckey = s->s3.tmp.pkey, *skey = NULL; in tls_parse_stoc_key_share()
1772 if (ckey == NULL || s->s3.peer_tmp != NULL) { in tls_parse_stoc_key_share()
1773 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_key_share()
1778 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_stoc_key_share()
1787 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_stoc_key_share()
1795 if (group_id == s->s3.group_id) { in tls_parse_stoc_key_share()
1796 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_stoc_key_share()
1801 tls1_get_supported_groups(s, &pgroups, &num_groups); in tls_parse_stoc_key_share()
1807 || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) in tls_parse_stoc_key_share()
1808 || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, in tls_parse_stoc_key_share()
1810 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_stoc_key_share()
1814 s->s3.group_id = group_id; in tls_parse_stoc_key_share()
1815 EVP_PKEY_free(s->s3.tmp.pkey); in tls_parse_stoc_key_share()
1816 s->s3.tmp.pkey = NULL; in tls_parse_stoc_key_share()
1820 if (group_id != s->s3.group_id) { in tls_parse_stoc_key_share()
1825 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_stoc_key_share()
1829 if (!s->hit) { in tls_parse_stoc_key_share()
1830 s->session->kex_group = group_id; in tls_parse_stoc_key_share()
1831 } else if (group_id != s->session->kex_group) { in tls_parse_stoc_key_share()
1836 * a copy of the session to record the new information so that it's in tls_parse_stoc_key_share()
1842 if ((new_sess = ssl_session_dup(s->session, 0)) == NULL) { in tls_parse_stoc_key_share()
1843 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_parse_stoc_key_share()
1846 SSL_SESSION_free(s->session); in tls_parse_stoc_key_share()
1847 s->session = new_sess; in tls_parse_stoc_key_share()
1848 s->session->kex_group = group_id; in tls_parse_stoc_key_share()
1851 if ((ginf = tls1_group_id_lookup(s->ctx, group_id)) == NULL) { in tls_parse_stoc_key_share()
1852 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_stoc_key_share()
1858 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_stoc_key_share()
1866 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COPY_PARAMETERS_FAILED); in tls_parse_stoc_key_share()
1873 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); in tls_parse_stoc_key_share()
1878 if (ssl_derive(s, ckey, skey, 1) == 0) { in tls_parse_stoc_key_share()
1883 s->s3.peer_tmp = skey; in tls_parse_stoc_key_share()
1889 if (ssl_decapsulate(s, ckey, ct, ctlen, 1) == 0) { in tls_parse_stoc_key_share()
1894 s->s3.did_kex = 1; in tls_parse_stoc_key_share()
1900 int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_cookie() argument
1906 || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, in tls_parse_stoc_cookie()
1907 &s->ext.tls13_cookie_len)) { in tls_parse_stoc_cookie()
1908 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_stoc_cookie()
1915 int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_stoc_early_data() argument
1923 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_MAX_EARLY_DATA); in tls_parse_stoc_early_data()
1927 s->session->ext.max_early_data = max_early_data; in tls_parse_stoc_early_data()
1933 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_stoc_early_data()
1937 if (!s->ext.early_data_ok in tls_parse_stoc_early_data()
1938 || !s->hit) { in tls_parse_stoc_early_data()
1944 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); in tls_parse_stoc_early_data()
1948 s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; in tls_parse_stoc_early_data()
1953 int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_stoc_psk() argument
1960 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_stoc_psk()
1964 if (identity >= (unsigned int)s->ext.tick_identity) { in tls_parse_stoc_psk()
1965 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_PSK_IDENTITY); in tls_parse_stoc_psk()
1974 if (identity == 0 && (s->psksession == NULL || s->ext.tick_identity == 2)) { in tls_parse_stoc_psk()
1975 s->hit = 1; in tls_parse_stoc_psk()
1976 SSL_SESSION_free(s->psksession); in tls_parse_stoc_psk()
1977 s->psksession = NULL; in tls_parse_stoc_psk()
1981 if (s->psksession == NULL) { in tls_parse_stoc_psk()
1983 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_stoc_psk()
1988 * If we used the external PSK for sending early_data then s->early_secret in tls_parse_stoc_psk()
1992 if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY in tls_parse_stoc_psk()
1993 && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) in tls_parse_stoc_psk()
1994 || s->session->ext.max_early_data > 0 in tls_parse_stoc_psk()
1995 || s->psksession->ext.max_early_data == 0) in tls_parse_stoc_psk()
1996 memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE); in tls_parse_stoc_psk()
1998 SSL_SESSION_free(s->session); in tls_parse_stoc_psk()
1999 s->session = s->psksession; in tls_parse_stoc_psk()
2000 s->psksession = NULL; in tls_parse_stoc_psk()
2001 s->hit = 1; in tls_parse_stoc_psk()
2004 s->ext.early_data_ok = 0; in tls_parse_stoc_psk()