Lines Matching refs:s
22 static int final_renegotiate(SSL *s, unsigned int context, int sent);
23 static int init_server_name(SSL *s, unsigned int context);
24 static int final_server_name(SSL *s, unsigned int context, int sent);
25 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
26 static int init_session_ticket(SSL *s, unsigned int context);
28 static int init_status_request(SSL *s, unsigned int context);
31 static int init_npn(SSL *s, unsigned int context);
33 static int init_alpn(SSL *s, unsigned int context);
34 static int final_alpn(SSL *s, unsigned int context, int sent);
35 static int init_sig_algs_cert(SSL *s, unsigned int context);
36 static int init_sig_algs(SSL *s, unsigned int context);
37 static int init_certificate_authorities(SSL *s, unsigned int context);
38 static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
42 static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
46 static int init_srp(SSL *s, unsigned int context);
48 static int init_ec_point_formats(SSL *s, unsigned int context);
49 static int init_etm(SSL *s, unsigned int context);
50 static int init_ems(SSL *s, unsigned int context);
51 static int final_ems(SSL *s, unsigned int context, int sent);
52 static int init_psk_kex_modes(SSL *s, unsigned int context);
53 static int final_key_share(SSL *s, unsigned int context, int sent);
55 static int init_srtp(SSL *s, unsigned int context);
57 static int final_sig_algs(SSL *s, unsigned int context, int sent);
58 static int final_early_data(SSL *s, unsigned int context, int sent);
59 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
60 static int init_post_handshake_auth(SSL *s, unsigned int context);
61 static int final_psk(SSL *s, unsigned int context, int sent);
76 int (*init)(SSL *s, unsigned int context);
78 int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
81 int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
84 EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,
87 EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,
94 int (*final)(SSL *s, unsigned int context, int sent);
389 static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) in validate_context() argument
395 if (SSL_IS_DTLS(s)) { in validate_context()
405 int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) in tls_validate_all_contexts() argument
418 num_exts = builtin_num + s->cert->custext.meths_count; in tls_validate_all_contexts()
429 meth = custom_ext_find(&s->cert->custext, role, thisext->type, in tls_validate_all_contexts()
436 if (!validate_context(s, context, thisctx)) in tls_validate_all_contexts()
449 static int verify_extension(SSL *s, unsigned int context, unsigned int type, in verify_extension() argument
459 if (!validate_context(s, thisext->context, context)) in verify_extension()
480 if (!validate_context(s, meth->context, context)) in verify_extension()
497 int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) in extension_is_relevant() argument
508 is_tls13 = SSL_IS_TLS13(s); in extension_is_relevant()
510 if ((SSL_IS_DTLS(s) in extension_is_relevant()
512 || (s->version == SSL3_VERSION in extension_is_relevant()
525 || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) in extension_is_relevant()
526 || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) in extension_is_relevant()
547 int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, in tls_collect_extensions() argument
553 custom_ext_methods *exts = &s->cert->custext; in tls_collect_extensions()
564 custom_ext_init(&s->cert->custext); in tls_collect_extensions()
569 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_collect_extensions()
581 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_collect_extensions()
589 if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) in tls_collect_extensions()
594 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); in tls_collect_extensions()
619 && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 in tls_collect_extensions()
625 SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, in tls_collect_extensions()
634 if (s->ext.debug_cb) in tls_collect_extensions()
635 s->ext.debug_cb(s, !s->server, thisex->type, in tls_collect_extensions()
638 s->ext.debug_arg); in tls_collect_extensions()
650 && extension_is_relevant(s, thisexd->context, context) in tls_collect_extensions()
651 && !thisexd->init(s, context)) { in tls_collect_extensions()
678 int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, in tls_parse_extension() argument
682 int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_extension()
700 if (!extension_is_relevant(s, extdef->context, context)) in tls_parse_extension()
703 parser = s->server ? extdef->parse_ctos : extdef->parse_stoc; in tls_parse_extension()
706 return parser(s, &currext->data, context, x, chainidx); in tls_parse_extension()
715 return custom_ext_parse(s, context, currext->type, in tls_parse_extension()
728 int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, in tls_parse_all_extensions() argument
735 numexts += s->cert->custext.meths_count; in tls_parse_all_extensions()
739 if (!tls_parse_extension(s, i, context, exts, x, chainidx)) { in tls_parse_all_extensions()
753 && !thisexd->final(s, context, exts[i].present)) { in tls_parse_all_extensions()
763 int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, in should_add_extension() argument
771 if (!extension_is_relevant(s, extctx, thisctx) in should_add_extension()
774 && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) in should_add_extension()
788 int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_extensions() argument
805 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_extensions()
810 reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); in tls_construct_extensions()
812 SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason); in tls_construct_extensions()
820 custom_ext_init(&s->cert->custext); in tls_construct_extensions()
822 if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) { in tls_construct_extensions()
828 EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_extensions()
833 if (!should_add_extension(s, thisexd->context, context, max_version)) in tls_construct_extensions()
836 construct = s->server ? thisexd->construct_stoc in tls_construct_extensions()
842 ret = construct(s, pkt, context, x, chainidx); in tls_construct_extensions()
851 s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; in tls_construct_extensions()
855 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_extensions()
869 static int final_renegotiate(SSL *s, unsigned int context, int sent) in final_renegotiate() argument
871 if (!s->server) { in final_renegotiate()
876 if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) in final_renegotiate()
877 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) in final_renegotiate()
879 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, in final_renegotiate()
888 if (s->renegotiate in final_renegotiate()
889 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) in final_renegotiate()
891 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, in final_renegotiate()
900 static int init_server_name(SSL *s, unsigned int context) in init_server_name() argument
902 if (s->server) { in init_server_name()
903 s->servername_done = 0; in init_server_name()
905 OPENSSL_free(s->ext.hostname); in init_server_name()
906 s->ext.hostname = NULL; in init_server_name()
912 static int final_server_name(SSL *s, unsigned int context, int sent) in final_server_name() argument
916 int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0; in final_server_name()
918 if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { in final_server_name()
919 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
923 if (s->ctx->ext.servername_cb != NULL) in final_server_name()
924 ret = s->ctx->ext.servername_cb(s, &altmp, in final_server_name()
925 s->ctx->ext.servername_arg); in final_server_name()
926 else if (s->session_ctx->ext.servername_cb != NULL) in final_server_name()
927 ret = s->session_ctx->ext.servername_cb(s, &altmp, in final_server_name()
928 s->session_ctx->ext.servername_arg); in final_server_name()
938 if (s->server) { in final_server_name()
939 if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) { in final_server_name()
941 OPENSSL_free(s->session->ext.hostname); in final_server_name()
942 s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); in final_server_name()
943 if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) { in final_server_name()
944 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
955 if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx in final_server_name()
956 && s->hello_retry_request == SSL_HRR_NONE) { in final_server_name()
957 tsan_counter(&s->ctx->stats.sess_accept); in final_server_name()
958 tsan_decr(&s->session_ctx->stats.sess_accept); in final_server_name()
966 if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected in final_server_name()
967 && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { in final_server_name()
968 s->ext.ticket_expected = 0; in final_server_name()
969 if (!s->hit) { in final_server_name()
970 SSL_SESSION* ss = SSL_get_session(s); in final_server_name()
978 if (!ssl_generate_session_id(s, ss)) { in final_server_name()
979 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
983 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_server_name()
991 SSLfatal(s, altmp, SSL_R_CALLBACK_FAILED); in final_server_name()
996 if (!SSL_IS_TLS13(s)) in final_server_name()
997 ssl3_send_alert(s, SSL3_AL_WARNING, altmp); in final_server_name()
998 s->servername_done = 0; in final_server_name()
1002 s->servername_done = 0; in final_server_name()
1010 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) in final_ec_pt_formats() argument
1014 if (s->server) in final_ec_pt_formats()
1017 alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in final_ec_pt_formats()
1018 alg_a = s->s3.tmp.new_cipher->algorithm_auth; in final_ec_pt_formats()
1025 if (s->ext.ecpointformats != NULL in final_ec_pt_formats()
1026 && s->ext.ecpointformats_len > 0 in final_ec_pt_formats()
1027 && s->ext.peer_ecpointformats != NULL in final_ec_pt_formats()
1028 && s->ext.peer_ecpointformats_len > 0 in final_ec_pt_formats()
1032 unsigned char *list = s->ext.peer_ecpointformats; in final_ec_pt_formats()
1034 for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { in final_ec_pt_formats()
1038 if (i == s->ext.peer_ecpointformats_len) { in final_ec_pt_formats()
1039 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in final_ec_pt_formats()
1048 static int init_session_ticket(SSL *s, unsigned int context) in init_session_ticket() argument
1050 if (!s->server) in init_session_ticket()
1051 s->ext.ticket_expected = 0; in init_session_ticket()
1057 static int init_status_request(SSL *s, unsigned int context) in init_status_request() argument
1059 if (s->server) { in init_status_request()
1060 s->ext.status_type = TLSEXT_STATUSTYPE_nothing; in init_status_request()
1066 OPENSSL_free(s->ext.ocsp.resp); in init_status_request()
1067 s->ext.ocsp.resp = NULL; in init_status_request()
1068 s->ext.ocsp.resp_len = 0; in init_status_request()
1076 static int init_npn(SSL *s, unsigned int context) in init_npn() argument
1078 s->s3.npn_seen = 0; in init_npn()
1084 static int init_alpn(SSL *s, unsigned int context) in init_alpn() argument
1086 OPENSSL_free(s->s3.alpn_selected); in init_alpn()
1087 s->s3.alpn_selected = NULL; in init_alpn()
1088 s->s3.alpn_selected_len = 0; in init_alpn()
1089 if (s->server) { in init_alpn()
1090 OPENSSL_free(s->s3.alpn_proposed); in init_alpn()
1091 s->s3.alpn_proposed = NULL; in init_alpn()
1092 s->s3.alpn_proposed_len = 0; in init_alpn()
1097 static int final_alpn(SSL *s, unsigned int context, int sent) in final_alpn() argument
1099 if (!s->server && !sent && s->session->ext.alpn_selected != NULL) in final_alpn()
1100 s->ext.early_data_ok = 0; in final_alpn()
1102 if (!s->server || !SSL_IS_TLS13(s)) in final_alpn()
1114 return tls_handle_alpn(s); in final_alpn()
1117 static int init_sig_algs(SSL *s, unsigned int context) in init_sig_algs() argument
1120 OPENSSL_free(s->s3.tmp.peer_sigalgs); in init_sig_algs()
1121 s->s3.tmp.peer_sigalgs = NULL; in init_sig_algs()
1122 s->s3.tmp.peer_sigalgslen = 0; in init_sig_algs()
1127 static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context) in init_sig_algs_cert() argument
1130 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); in init_sig_algs_cert()
1131 s->s3.tmp.peer_cert_sigalgs = NULL; in init_sig_algs_cert()
1132 s->s3.tmp.peer_cert_sigalgslen = 0; in init_sig_algs_cert()
1138 static int init_srp(SSL *s, unsigned int context) in init_srp() argument
1140 OPENSSL_free(s->srp_ctx.login); in init_srp()
1141 s->srp_ctx.login = NULL; in init_srp()
1147 static int init_ec_point_formats(SSL *s, unsigned int context) in init_ec_point_formats() argument
1149 OPENSSL_free(s->ext.peer_ecpointformats); in init_ec_point_formats()
1150 s->ext.peer_ecpointformats = NULL; in init_ec_point_formats()
1151 s->ext.peer_ecpointformats_len = 0; in init_ec_point_formats()
1156 static int init_etm(SSL *s, unsigned int context) in init_etm() argument
1158 s->ext.use_etm = 0; in init_etm()
1163 static int init_ems(SSL *s, unsigned int context) in init_ems() argument
1165 if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { in init_ems()
1166 s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; in init_ems()
1167 s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS; in init_ems()
1173 static int final_ems(SSL *s, unsigned int context, int sent) in final_ems() argument
1179 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) in final_ems()
1180 && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) { in final_ems()
1181 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); in final_ems()
1184 if (!s->server && s->hit) { in final_ems()
1189 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != in final_ems()
1190 !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { in final_ems()
1191 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); in final_ems()
1199 static int init_certificate_authorities(SSL *s, unsigned int context) in init_certificate_authorities() argument
1201 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); in init_certificate_authorities()
1202 s->s3.tmp.peer_ca_names = NULL; in init_certificate_authorities()
1206 static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, in tls_construct_certificate_authorities() argument
1211 const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); in tls_construct_certificate_authorities()
1218 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_certificate_authorities()
1222 if (!construct_ca_names(s, ca_sk, pkt)) { in tls_construct_certificate_authorities()
1228 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_certificate_authorities()
1235 static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, in tls_parse_certificate_authorities() argument
1239 if (!parse_ca_names(s, pkt)) in tls_parse_certificate_authorities()
1242 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_certificate_authorities()
1249 static int init_srtp(SSL *s, unsigned int context) in init_srtp() argument
1251 if (s->server) in init_srtp()
1252 s->srtp_profile = NULL; in init_srtp()
1258 static int final_sig_algs(SSL *s, unsigned int context, int sent) in final_sig_algs() argument
1260 if (!sent && SSL_IS_TLS13(s) && !s->hit) { in final_sig_algs()
1261 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_sig_algs()
1269 static int final_key_share(SSL *s, unsigned int context, int sent) in final_key_share() argument
1272 if (!SSL_IS_TLS13(s)) in final_key_share()
1290 if (!s->server in final_key_share()
1292 && (!s->hit in final_key_share()
1293 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) { in final_key_share()
1295 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE); in final_key_share()
1332 if (s->server) { in final_key_share()
1333 if (s->s3.peer_tmp != NULL) { in final_key_share()
1335 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 in final_key_share()
1336 && !s->ext.cookieok) { in final_key_share()
1337 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { in final_key_share()
1343 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1346 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1351 if (s->hello_retry_request == SSL_HRR_NONE && sent in final_key_share()
1352 && (!s->hit in final_key_share()
1353 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) in final_key_share()
1362 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); in final_key_share()
1363 tls1_get_supported_groups(s, &pgroups, &num_groups); in final_key_share()
1371 if (check_in_list(s, group_id, clntgroups, clnt_num_groups, in final_key_share()
1378 s->s3.group_id = group_id; in final_key_share()
1379 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1383 if (!s->hit in final_key_share()
1384 || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { in final_key_share()
1386 SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE in final_key_share()
1392 if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 in final_key_share()
1393 && !s->ext.cookieok) { in final_key_share()
1394 if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { in final_key_share()
1400 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1403 s->hello_retry_request = SSL_HRR_PENDING; in final_key_share()
1412 if (s->hello_retry_request == SSL_HRR_PENDING) in final_key_share()
1413 s->hello_retry_request = SSL_HRR_COMPLETE; in final_key_share()
1420 if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) { in final_key_share()
1421 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in final_key_share()
1429 static int init_psk_kex_modes(SSL *s, unsigned int context) in init_psk_kex_modes() argument
1431 s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; in init_psk_kex_modes()
1435 int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, in tls_psk_do_binder() argument
1460 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1466 && s->early_data_state == SSL_EARLY_DATA_CONNECTING in tls_psk_do_binder()
1467 && s->session->ext.max_early_data == 0 in tls_psk_do_binder()
1487 if (s->server || !external || usepskfored) in tls_psk_do_binder()
1488 early_secret = (unsigned char *)s->early_secret; in tls_psk_do_binder()
1492 if (!tls13_generate_secret(s, md, NULL, sess->master_key, in tls_psk_do_binder()
1506 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1511 if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, in tls_psk_do_binder()
1518 if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) { in tls_psk_do_binder()
1524 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1533 if (s->hello_retry_request == SSL_HRR_PENDING) { in tls_psk_do_binder()
1539 BIO_get_mem_data(s->s3.handshake_buffer, &hdata); in tls_psk_do_binder()
1541 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); in tls_psk_do_binder()
1549 if (s->server) { in tls_psk_do_binder()
1558 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1565 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1572 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1576 mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", in tls_psk_do_binder()
1577 s->ctx->propq, finishedkey, in tls_psk_do_binder()
1580 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1588 if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, in tls_psk_do_binder()
1589 s->ctx->propq, mackey, NULL) <= 0 in tls_psk_do_binder()
1593 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_psk_do_binder()
1603 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY); in tls_psk_do_binder()
1615 static int final_early_data(SSL *s, unsigned int context, int sent) in final_early_data() argument
1620 if (!s->server) { in final_early_data()
1623 && !s->ext.early_data_ok) { in final_early_data()
1629 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EARLY_DATA); in final_early_data()
1636 if (s->max_early_data == 0 in final_early_data()
1637 || !s->hit in final_early_data()
1638 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING in final_early_data()
1639 || !s->ext.early_data_ok in final_early_data()
1640 || s->hello_retry_request != SSL_HRR_NONE in final_early_data()
1641 || (s->allow_early_data_cb != NULL in final_early_data()
1642 && !s->allow_early_data_cb(s, in final_early_data()
1643 s->allow_early_data_cb_data))) { in final_early_data()
1644 s->ext.early_data = SSL_EARLY_DATA_REJECTED; in final_early_data()
1646 s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; in final_early_data()
1648 if (!tls13_change_cipher_state(s, in final_early_data()
1658 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) in final_maxfragmentlen() argument
1664 if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) in final_maxfragmentlen()
1666 SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_BAD_EXTENSION); in final_maxfragmentlen()
1671 if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) in final_maxfragmentlen()
1672 && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session)) in final_maxfragmentlen()
1674 if (!ssl3_setup_buffers(s)) { in final_maxfragmentlen()
1682 static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context) in init_post_handshake_auth() argument
1684 s->post_handshake_auth = SSL_PHA_NONE; in init_post_handshake_auth()
1693 static int final_psk(SSL *s, unsigned int context, int sent) in final_psk() argument
1695 if (s->server && sent && s->clienthello != NULL in final_psk()
1696 && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { in final_psk()
1697 SSLfatal(s, TLS13_AD_MISSING_EXTENSION, in final_psk()