Lines Matching refs:s
41 int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_renegotiate() argument
50 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_RENEGOTIATION_ENCODING_ERR); in tls_parse_ctos_renegotiate()
55 if (ilen != s->s3.previous_client_finished_len) { in tls_parse_ctos_renegotiate()
56 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_ctos_renegotiate()
60 if (memcmp(data, s->s3.previous_client_finished, in tls_parse_ctos_renegotiate()
61 s->s3.previous_client_finished_len)) { in tls_parse_ctos_renegotiate()
62 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); in tls_parse_ctos_renegotiate()
66 s->s3.send_connection_binding = 1; in tls_parse_ctos_renegotiate()
94 int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_server_name() argument
103 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
121 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
129 if (!s->hit || SSL_IS_TLS13(s)) { in tls_parse_ctos_server_name()
131 SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
136 SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION); in tls_parse_ctos_server_name()
144 OPENSSL_free(s->ext.hostname); in tls_parse_ctos_server_name()
145 s->ext.hostname = NULL; in tls_parse_ctos_server_name()
146 if (!PACKET_strndup(&hostname, &s->ext.hostname)) { in tls_parse_ctos_server_name()
147 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_server_name()
151 s->servername_done = 1; in tls_parse_ctos_server_name()
158 s->servername_done = (s->session->ext.hostname != NULL) in tls_parse_ctos_server_name()
159 && PACKET_equal(&hostname, s->session->ext.hostname, in tls_parse_ctos_server_name()
160 strlen(s->session->ext.hostname)); in tls_parse_ctos_server_name()
166 int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_maxfragmentlen() argument
172 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_maxfragmentlen()
178 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_ctos_maxfragmentlen()
188 if (s->hit && s->session->ext.max_fragment_len_mode != value) { in tls_parse_ctos_maxfragmentlen()
189 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_ctos_maxfragmentlen()
198 s->session->ext.max_fragment_len_mode = value; in tls_parse_ctos_maxfragmentlen()
203 int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_srp() argument
210 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_srp()
214 if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) { in tls_parse_ctos_srp()
215 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_srp()
223 int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_ec_pt_formats() argument
230 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_ec_pt_formats()
234 if (!s->hit) { in tls_parse_ctos_ec_pt_formats()
236 &s->ext.peer_ecpointformats, in tls_parse_ctos_ec_pt_formats()
237 &s->ext.peer_ecpointformats_len)) { in tls_parse_ctos_ec_pt_formats()
238 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_ec_pt_formats()
246 int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_session_ticket() argument
249 if (s->ext.session_ticket_cb && in tls_parse_ctos_session_ticket()
250 !s->ext.session_ticket_cb(s, PACKET_data(pkt), in tls_parse_ctos_session_ticket()
252 s->ext.session_ticket_cb_arg)) { in tls_parse_ctos_session_ticket()
253 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_session_ticket()
260 int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, in tls_parse_ctos_sig_algs_cert() argument
269 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs_cert()
273 if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { in tls_parse_ctos_sig_algs_cert()
274 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs_cert()
281 int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_sig_algs() argument
288 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs()
292 if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { in tls_parse_ctos_sig_algs()
293 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_sig_algs()
301 int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_status_request() argument
307 if (s->hit) in tls_parse_ctos_status_request()
314 if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) { in tls_parse_ctos_status_request()
315 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
319 if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) { in tls_parse_ctos_status_request()
323 s->ext.status_type = TLSEXT_STATUSTYPE_nothing; in tls_parse_ctos_status_request()
328 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
336 sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); in tls_parse_ctos_status_request()
338 s->ext.ocsp.ids = sk_OCSP_RESPID_new_null(); in tls_parse_ctos_status_request()
339 if (s->ext.ocsp.ids == NULL) { in tls_parse_ctos_status_request()
340 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_parse_ctos_status_request()
344 s->ext.ocsp.ids = NULL; in tls_parse_ctos_status_request()
354 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
362 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
368 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
373 if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) { in tls_parse_ctos_status_request()
375 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_status_request()
383 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
390 sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, in tls_parse_ctos_status_request()
392 s->ext.ocsp.exts = in tls_parse_ctos_status_request()
394 if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { in tls_parse_ctos_status_request()
395 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_status_request()
405 int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_npn() argument
412 if (SSL_IS_FIRST_HANDSHAKE(s)) in tls_parse_ctos_npn()
413 s->s3.npn_seen = 1; in tls_parse_ctos_npn()
423 int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_alpn() argument
428 if (!SSL_IS_FIRST_HANDSHAKE(s)) in tls_parse_ctos_alpn()
433 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_alpn()
442 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_alpn()
447 OPENSSL_free(s->s3.alpn_proposed); in tls_parse_ctos_alpn()
448 s->s3.alpn_proposed = NULL; in tls_parse_ctos_alpn()
449 s->s3.alpn_proposed_len = 0; in tls_parse_ctos_alpn()
451 &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { in tls_parse_ctos_alpn()
452 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_alpn()
460 int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_use_srtp() argument
469 if (SSL_get_srtp_profiles(s) == NULL) in tls_parse_ctos_use_srtp()
475 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_use_srtp()
480 srvr = SSL_get_srtp_profiles(s); in tls_parse_ctos_use_srtp()
481 s->srtp_profile = NULL; in tls_parse_ctos_use_srtp()
487 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_use_srtp()
503 s->srtp_profile = sprof; in tls_parse_ctos_use_srtp()
512 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_use_srtp()
519 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_SRTP_MKI_VALUE); in tls_parse_ctos_use_srtp()
527 int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_etm() argument
530 if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) in tls_parse_ctos_etm()
531 s->ext.use_etm = 1; in tls_parse_ctos_etm()
540 int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_psk_kex_modes() argument
549 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk_kex_modes()
555 s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE; in tls_parse_ctos_psk_kex_modes()
557 && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) in tls_parse_ctos_psk_kex_modes()
558 s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; in tls_parse_ctos_psk_kex_modes()
569 int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_key_share() argument
579 if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) in tls_parse_ctos_key_share()
583 if (s->s3.peer_tmp != NULL) { in tls_parse_ctos_key_share()
584 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_key_share()
589 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_key_share()
594 tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups); in tls_parse_ctos_key_share()
596 tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); in tls_parse_ctos_key_share()
603 SSLfatal(s, SSL_AD_MISSING_EXTENSION, in tls_parse_ctos_key_share()
608 if (s->s3.group_id != 0 && PACKET_remaining(&key_share_list) == 0) { in tls_parse_ctos_key_share()
614 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_ctos_key_share()
622 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_key_share()
637 if (s->s3.group_id != 0 in tls_parse_ctos_key_share()
638 && (group_id != s->s3.group_id in tls_parse_ctos_key_share()
640 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_ctos_key_share()
645 if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) { in tls_parse_ctos_key_share()
646 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); in tls_parse_ctos_key_share()
651 if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) { in tls_parse_ctos_key_share()
656 if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) { in tls_parse_ctos_key_share()
657 SSLfatal(s, SSL_AD_INTERNAL_ERROR, in tls_parse_ctos_key_share()
662 s->s3.group_id = group_id; in tls_parse_ctos_key_share()
664 s->session->kex_group = group_id; in tls_parse_ctos_key_share()
666 if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, in tls_parse_ctos_key_share()
669 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); in tls_parse_ctos_key_share()
680 int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_cookie() argument
696 if (s->ctx->verify_stateless_cookie_cb == NULL in tls_parse_ctos_cookie()
697 || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) in tls_parse_ctos_cookie()
701 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
710 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
717 pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", in tls_parse_ctos_cookie()
718 s->ctx->propq, in tls_parse_ctos_cookie()
719 s->session_ctx->ext.cookie_hmac_key, in tls_parse_ctos_cookie()
720 sizeof(s->session_ctx->ext.cookie_hmac_key)); in tls_parse_ctos_cookie()
724 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_parse_ctos_cookie()
729 if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, in tls_parse_ctos_cookie()
730 s->ctx->propq, pkey, NULL) <= 0 in tls_parse_ctos_cookie()
736 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
744 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); in tls_parse_ctos_cookie()
749 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
763 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
767 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in tls_parse_ctos_cookie()
773 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
779 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
782 if (group_id != s->s3.group_id in tls_parse_ctos_cookie()
783 || s->s3.tmp.new_cipher in tls_parse_ctos_cookie()
784 != ssl_get_cipher_by_char(s, ciphdata, 0)) { in tls_parse_ctos_cookie()
789 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_CIPHER); in tls_parse_ctos_cookie()
798 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); in tls_parse_ctos_cookie()
810 if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), in tls_parse_ctos_cookie()
812 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); in tls_parse_ctos_cookie()
822 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
829 || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, in tls_parse_ctos_cookie()
830 s->tmp_session_id_len) in tls_parse_ctos_cookie()
831 || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, in tls_parse_ctos_cookie()
836 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
841 || !WPACKET_put_bytes_u16(&hrrpkt, s->version) in tls_parse_ctos_cookie()
844 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
850 || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) in tls_parse_ctos_cookie()
853 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
866 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_cookie()
871 if (!create_synthetic_message_hash(s, PACKET_data(&chhash), in tls_parse_ctos_cookie()
879 s->hello_retry_request = 1; in tls_parse_ctos_cookie()
881 s->ext.cookieok = 1; in tls_parse_ctos_cookie()
887 int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_supported_groups() argument
896 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_supported_groups()
900 if (!s->hit || SSL_IS_TLS13(s)) { in tls_parse_ctos_supported_groups()
901 OPENSSL_free(s->ext.peer_supportedgroups); in tls_parse_ctos_supported_groups()
902 s->ext.peer_supportedgroups = NULL; in tls_parse_ctos_supported_groups()
903 s->ext.peer_supportedgroups_len = 0; in tls_parse_ctos_supported_groups()
905 &s->ext.peer_supportedgroups, in tls_parse_ctos_supported_groups()
906 &s->ext.peer_supportedgroups_len)) { in tls_parse_ctos_supported_groups()
907 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_supported_groups()
915 int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_ems() argument
920 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_ems()
924 if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) in tls_parse_ctos_ems()
927 s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS; in tls_parse_ctos_ems()
933 int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, in tls_parse_ctos_early_data() argument
937 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_early_data()
941 if (s->hello_retry_request != SSL_HRR_NONE) { in tls_parse_ctos_early_data()
942 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); in tls_parse_ctos_early_data()
949 static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, in tls_get_stateful_ticket() argument
954 s->ext.ticket_expected = 1; in tls_get_stateful_ticket()
967 tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), in tls_get_stateful_ticket()
977 int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, in tls_parse_ctos_psk() argument
990 if ((s->ext.psk_kex_mode in tls_parse_ctos_psk()
995 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
999 s->ext.ticket_expected = 0; in tls_parse_ctos_psk()
1007 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1012 if (s->psk_find_session_cb != NULL in tls_parse_ctos_psk()
1013 && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, in tls_parse_ctos_psk()
1015 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1021 && s->psk_server_callback != NULL in tls_parse_ctos_psk()
1028 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1031 pskdatalen = s->psk_server_callback(s, pskid, pskdata, in tls_parse_ctos_psk()
1035 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1045 cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); in tls_parse_ctos_psk()
1048 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1060 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1073 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1083 memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length); in tls_parse_ctos_psk()
1084 sess->sid_ctx_length = s->sid_ctx_length; in tls_parse_ctos_psk()
1087 s->ext.early_data_ok = 1; in tls_parse_ctos_psk()
1088 s->ext.ticket_expected = 1; in tls_parse_ctos_psk()
1098 if ((s->options & SSL_OP_NO_TICKET) != 0 in tls_parse_ctos_psk()
1099 || (s->max_early_data > 0 in tls_parse_ctos_psk()
1100 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) in tls_parse_ctos_psk()
1101 ret = tls_get_stateful_ticket(s, &identity, &sess); in tls_parse_ctos_psk()
1103 ret = tls_decrypt_ticket(s, PACKET_data(&identity), in tls_parse_ctos_psk()
1108 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1114 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_parse_ctos_psk()
1121 if (s->max_early_data > 0 in tls_parse_ctos_psk()
1122 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 in tls_parse_ctos_psk()
1123 && !SSL_CTX_remove_session(s->session_ctx, sess)) { in tls_parse_ctos_psk()
1152 s->ext.early_data_ok = 1; in tls_parse_ctos_psk()
1156 md = ssl_md(s->ctx, sess->cipher->algorithm2); in tls_parse_ctos_psk()
1158 EVP_MD_get0_name(ssl_md(s->ctx, in tls_parse_ctos_psk()
1159 s->s3.tmp.new_cipher->algorithm2)))) { in tls_parse_ctos_psk()
1163 s->ext.early_data_ok = 0; in tls_parse_ctos_psk()
1164 s->ext.ticket_expected = 0; in tls_parse_ctos_psk()
1173 binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; in tls_parse_ctos_psk()
1177 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1183 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1189 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); in tls_parse_ctos_psk()
1192 if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, in tls_parse_ctos_psk()
1199 s->ext.tick_identity = id; in tls_parse_ctos_psk()
1201 SSL_SESSION_free(s->session); in tls_parse_ctos_psk()
1202 s->session = sess; in tls_parse_ctos_psk()
1209 int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, in tls_parse_ctos_post_handshake_auth() argument
1215 SSLfatal(s, SSL_AD_DECODE_ERROR, in tls_parse_ctos_post_handshake_auth()
1220 s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; in tls_parse_ctos_post_handshake_auth()
1228 EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, in tls_construct_stoc_renegotiate() argument
1232 if (!s->s3.send_connection_binding) in tls_construct_stoc_renegotiate()
1239 || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, in tls_construct_stoc_renegotiate()
1240 s->s3.previous_client_finished_len) in tls_construct_stoc_renegotiate()
1241 || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, in tls_construct_stoc_renegotiate()
1242 s->s3.previous_server_finished_len) in tls_construct_stoc_renegotiate()
1245 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_renegotiate()
1252 EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, in tls_construct_stoc_server_name() argument
1256 if (s->servername_done != 1) in tls_construct_stoc_server_name()
1263 if (s->hit && !SSL_IS_TLS13(s)) in tls_construct_stoc_server_name()
1268 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_server_name()
1276 EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, in tls_construct_stoc_maxfragmentlen() argument
1280 if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) in tls_construct_stoc_maxfragmentlen()
1289 || !WPACKET_put_bytes_u8(pkt, s->session->ext.max_fragment_len_mode) in tls_construct_stoc_maxfragmentlen()
1291 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_maxfragmentlen()
1298 EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, in tls_construct_stoc_ec_pt_formats() argument
1302 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; in tls_construct_stoc_ec_pt_formats()
1303 unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth; in tls_construct_stoc_ec_pt_formats()
1305 && (s->ext.peer_ecpointformats != NULL); in tls_construct_stoc_ec_pt_formats()
1312 tls1_get_formatlist(s, &plist, &plistlen); in tls_construct_stoc_ec_pt_formats()
1317 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_ec_pt_formats()
1324 EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, in tls_construct_stoc_supported_groups() argument
1333 if (s->s3.group_id == 0) in tls_construct_stoc_supported_groups()
1337 tls1_get_supported_groups(s, &groups, &numgroups); in tls_construct_stoc_supported_groups()
1339 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1344 version = SSL_version(s); in tls_construct_stoc_supported_groups()
1348 if (tls_valid_group(s, group, version, version, 0, NULL) in tls_construct_stoc_supported_groups()
1349 && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { in tls_construct_stoc_supported_groups()
1355 if (s->s3.group_id == group) in tls_construct_stoc_supported_groups()
1363 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1370 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1377 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_groups()
1384 EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, in tls_construct_stoc_session_ticket() argument
1388 if (!s->ext.ticket_expected || !tls_use_ticket(s)) { in tls_construct_stoc_session_ticket()
1389 s->ext.ticket_expected = 0; in tls_construct_stoc_session_ticket()
1395 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_session_ticket()
1403 EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, in tls_construct_stoc_status_request() argument
1411 if (!s->ext.status_expected) in tls_construct_stoc_status_request()
1414 if (SSL_IS_TLS13(s) && chainidx != 0) in tls_construct_stoc_status_request()
1419 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_status_request()
1428 if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { in tls_construct_stoc_status_request()
1433 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_status_request()
1442 EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, in tls_construct_stoc_next_proto_neg() argument
1449 int npn_seen = s->s3.npn_seen; in tls_construct_stoc_next_proto_neg()
1451 s->s3.npn_seen = 0; in tls_construct_stoc_next_proto_neg()
1452 if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) in tls_construct_stoc_next_proto_neg()
1455 ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, in tls_construct_stoc_next_proto_neg()
1456 s->ctx->ext.npn_advertised_cb_arg); in tls_construct_stoc_next_proto_neg()
1460 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_next_proto_neg()
1463 s->s3.npn_seen = 1; in tls_construct_stoc_next_proto_neg()
1470 EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_stoc_alpn() argument
1473 if (s->s3.alpn_selected == NULL) in tls_construct_stoc_alpn()
1480 || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, in tls_construct_stoc_alpn()
1481 s->s3.alpn_selected_len) in tls_construct_stoc_alpn()
1484 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_alpn()
1492 EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, in tls_construct_stoc_use_srtp() argument
1496 if (s->srtp_profile == NULL) in tls_construct_stoc_use_srtp()
1502 || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) in tls_construct_stoc_use_srtp()
1505 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_use_srtp()
1513 EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_stoc_etm() argument
1516 if (!s->ext.use_etm) in tls_construct_stoc_etm()
1523 if (s->s3.tmp.new_cipher->algorithm_mac == SSL_AEAD in tls_construct_stoc_etm()
1524 || s->s3.tmp.new_cipher->algorithm_enc == SSL_RC4 in tls_construct_stoc_etm()
1525 || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT in tls_construct_stoc_etm()
1526 || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12 in tls_construct_stoc_etm()
1527 || s->s3.tmp.new_cipher->algorithm_enc == SSL_MAGMA in tls_construct_stoc_etm()
1528 || s->s3.tmp.new_cipher->algorithm_enc == SSL_KUZNYECHIK) { in tls_construct_stoc_etm()
1529 s->ext.use_etm = 0; in tls_construct_stoc_etm()
1535 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_etm()
1542 EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_stoc_ems() argument
1545 if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) in tls_construct_stoc_ems()
1550 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_ems()
1557 EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, in tls_construct_stoc_supported_versions() argument
1561 if (!ossl_assert(SSL_IS_TLS13(s))) { in tls_construct_stoc_supported_versions()
1562 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_versions()
1568 || !WPACKET_put_bytes_u16(pkt, s->version) in tls_construct_stoc_supported_versions()
1570 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_supported_versions()
1577 EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, in tls_construct_stoc_key_share() argument
1584 EVP_PKEY *ckey = s->s3.peer_tmp, *skey = NULL; in tls_construct_stoc_key_share()
1587 if (s->hello_retry_request == SSL_HRR_PENDING) { in tls_construct_stoc_key_share()
1594 || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) in tls_construct_stoc_key_share()
1596 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1605 if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) { in tls_construct_stoc_key_share()
1606 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1611 if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) { in tls_construct_stoc_key_share()
1621 || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { in tls_construct_stoc_key_share()
1622 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1626 if ((ginf = tls1_group_id_lookup(s->ctx, s->s3.group_id)) == NULL) { in tls_construct_stoc_key_share()
1627 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1633 skey = ssl_generate_pkey(s, ckey); in tls_construct_stoc_key_share()
1635 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_construct_stoc_key_share()
1642 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); in tls_construct_stoc_key_share()
1649 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1659 s->s3.tmp.pkey = skey; in tls_construct_stoc_key_share()
1660 if (ssl_derive(s, skey, ckey, 1) == 0) { in tls_construct_stoc_key_share()
1675 if (ssl_encapsulate(s, ckey, &ct, &ctlen, 0) == 0) { in tls_construct_stoc_key_share()
1681 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1688 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_key_share()
1697 if (ssl_gensecret(s, s->s3.tmp.pms, s->s3.tmp.pmslen) == 0) { in tls_construct_stoc_key_share()
1702 s->s3.did_kex = 1; in tls_construct_stoc_key_share()
1709 EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_stoc_cookie() argument
1720 if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) in tls_construct_stoc_cookie()
1723 if (s->ctx->gen_stateless_cookie_cb == NULL) { in tls_construct_stoc_cookie()
1724 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_COOKIE_CALLBACK_SET); in tls_construct_stoc_cookie()
1735 || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) in tls_construct_stoc_cookie()
1736 || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, in tls_construct_stoc_cookie()
1739 || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) in tls_construct_stoc_cookie()
1743 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1752 if (!ssl3_digest_cached_records(s, 0) in tls_construct_stoc_cookie()
1753 || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { in tls_construct_stoc_cookie()
1763 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1768 if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) { in tls_construct_stoc_cookie()
1769 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); in tls_construct_stoc_cookie()
1778 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1785 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1791 pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", in tls_construct_stoc_cookie()
1792 s->ctx->propq, in tls_construct_stoc_cookie()
1793 s->session_ctx->ext.cookie_hmac_key, in tls_construct_stoc_cookie()
1794 sizeof(s->session_ctx->ext.cookie_hmac_key)); in tls_construct_stoc_cookie()
1796 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls_construct_stoc_cookie()
1800 if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, in tls_construct_stoc_cookie()
1801 s->ctx->propq, pkey, NULL) <= 0 in tls_construct_stoc_cookie()
1804 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1809 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1818 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cookie()
1833 EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, in tls_construct_stoc_cryptopro_bug() argument
1846 if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 in tls_construct_stoc_cryptopro_bug()
1847 && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) in tls_construct_stoc_cryptopro_bug()
1848 || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) in tls_construct_stoc_cryptopro_bug()
1852 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_cryptopro_bug()
1859 EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, in tls_construct_stoc_early_data() argument
1864 if (s->max_early_data == 0) in tls_construct_stoc_early_data()
1869 || !WPACKET_put_bytes_u32(pkt, s->max_early_data) in tls_construct_stoc_early_data()
1871 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_early_data()
1878 if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) in tls_construct_stoc_early_data()
1884 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_early_data()
1891 EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, in tls_construct_stoc_psk() argument
1894 if (!s->hit) in tls_construct_stoc_psk()
1899 || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) in tls_construct_stoc_psk()
1901 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_construct_stoc_psk()