Lines Matching refs:ssl
59 SSL *const ssl = hs->ssl; in close_early_data() local
79 if (ssl->quic_method == nullptr) { in close_early_data()
82 SSLAEADContext::CreateNullCipher(SSL_is_dtls(ssl)); in close_early_data()
84 !ssl->method->set_write_state(ssl, ssl_encryption_initial, in close_early_data()
89 ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version); in close_early_data()
92 if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal, in close_early_data()
100 assert(ssl->s3->write_level == level); in close_early_data()
105 SSL *const ssl = hs->ssl; in do_read_hello_retry_request() local
106 assert(ssl->s3->have_version); in do_read_hello_retry_request()
108 if (!ssl->method->get_message(ssl, &msg)) { in do_read_hello_retry_request()
116 !ssl->method->add_change_cipher_spec(ssl)) { in do_read_hello_retry_request()
120 if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) { in do_read_hello_retry_request()
138 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in do_read_hello_retry_request()
150 SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) || in do_read_hello_retry_request()
151 SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl)) { in do_read_hello_retry_request()
153 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_hello_retry_request()
159 if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) || in do_read_hello_retry_request()
177 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in do_read_hello_retry_request()
183 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_hello_retry_request()
192 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in do_read_hello_retry_request()
205 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in do_read_hello_retry_request()
211 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_hello_retry_request()
220 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_hello_retry_request()
235 if (ssl->method->has_unprocessed_handshake_data(ssl)) { in do_read_hello_retry_request()
236 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); in do_read_hello_retry_request()
241 ssl->method->next_message(ssl); in do_read_hello_retry_request()
242 ssl->s3->used_hello_retry_request = true; in do_read_hello_retry_request()
246 ssl->s3->early_data_reason = ssl_early_data_hello_retry_request; in do_read_hello_retry_request()
257 assert(hs->ssl->s3->write_level == ssl_encryption_initial); in do_send_second_client_hello()
268 SSL *const ssl = hs->ssl; in do_read_server_hello() local
270 if (!ssl->method->get_message(ssl, &msg)) { in do_read_server_hello()
273 if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) { in do_read_server_hello()
290 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in do_read_server_hello()
296 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in do_read_server_hello()
303 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); in do_read_server_hello()
308 OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random), in do_read_server_hello()
314 SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) || in do_read_server_hello()
315 SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl)) { in do_read_server_hello()
317 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_server_hello()
322 if (ssl->s3->used_hello_retry_request && hs->new_cipher != cipher) { in do_read_server_hello()
324 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_server_hello()
342 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in do_read_server_hello()
350 version != ssl->version) { in do_read_server_hello()
352 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_server_hello()
358 if (ssl->session == NULL) { in do_read_server_hello()
360 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); in do_read_server_hello()
366 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in do_read_server_hello()
370 if (ssl->session->ssl_version != ssl->version) { in do_read_server_hello()
372 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_server_hello()
376 if (ssl->session->cipher->algorithm_prf != cipher->algorithm_prf) { in do_read_server_hello()
378 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_server_hello()
382 if (!ssl_session_is_context_valid(hs, ssl->session.get())) { in do_read_server_hello()
386 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_server_hello()
390 ssl->s3->session_reused = true; in do_read_server_hello()
393 SSL_SESSION_dup(ssl->session.get(), SSL_SESSION_DUP_AUTH_ONLY); in do_read_server_hello()
395 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in do_read_server_hello()
398 ssl_set_session(ssl, NULL); in do_read_server_hello()
401 ssl_session_renew_timeout(ssl, hs->new_session.get(), in do_read_server_hello()
402 ssl->session_ctx->session_psk_dhe_timeout); in do_read_server_hello()
404 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in do_read_server_hello()
412 EVP_MD_size(ssl_get_handshake_digest(ssl_protocol_version(ssl), cipher)); in do_read_server_hello()
415 if (ssl->s3->session_reused) { in do_read_server_hello()
428 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION); in do_read_server_hello()
437 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in do_read_server_hello()
451 if (!hs->in_early_data || ssl->quic_method != nullptr) { in do_read_server_hello()
452 if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal, in do_read_server_hello()
459 if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open, in do_read_server_hello()
465 ssl->method->next_message(ssl); in do_read_server_hello()
471 SSL *const ssl = hs->ssl; in do_read_encrypted_extensions() local
473 if (!ssl->method->get_message(ssl, &msg)) { in do_read_encrypted_extensions()
476 if (!ssl_check_message_type(ssl, msg, SSL3_MT_ENCRYPTED_EXTENSIONS)) { in do_read_encrypted_extensions()
487 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in do_read_encrypted_extensions()
491 if (ssl->s3->early_data_accepted) { in do_read_encrypted_extensions()
494 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_encrypted_extensions()
498 ssl->s3->alpn_selected) { in do_read_encrypted_extensions()
500 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_encrypted_extensions()
505 if (ssl->s3->channel_id_valid || ssl->s3->token_binding_negotiated || in do_read_encrypted_extensions()
508 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in do_read_encrypted_extensions()
517 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in do_read_encrypted_extensions()
523 if (!hs->new_session->early_alpn.CopyFrom(ssl->s3->alpn_selected)) { in do_read_encrypted_extensions()
524 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in do_read_encrypted_extensions()
532 ssl->method->next_message(ssl); in do_read_encrypted_extensions()
534 if (hs->in_early_data && !ssl->s3->early_data_accepted) { in do_read_encrypted_extensions()
544 SSL *const ssl = hs->ssl; in do_read_certificate_request() local
546 if (ssl->s3->session_reused) { in do_read_certificate_request()
547 if (ssl->ctx->reverify_on_resume && !ssl->s3->early_data_accepted) { in do_read_certificate_request()
556 if (!ssl->method->get_message(ssl, &msg)) { in do_read_certificate_request()
588 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in do_read_certificate_request()
594 hs->ca_names = ssl_parse_client_CA_list(ssl, &alert, &ca); in do_read_certificate_request()
596 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in do_read_certificate_request()
603 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in do_read_certificate_request()
609 ssl->ctx->x509_method->hs_flush_cached_ca_names(hs); in do_read_certificate_request()
615 ssl->method->next_message(ssl); in do_read_certificate_request()
621 SSL *const ssl = hs->ssl; in do_read_server_certificate() local
623 if (!ssl->method->get_message(ssl, &msg)) { in do_read_server_certificate()
628 !ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE)) { in do_read_server_certificate()
637 ssl->method->next_message(ssl); in do_read_server_certificate()
643 SSL *const ssl = hs->ssl; in do_read_server_certificate_verify() local
645 if (!ssl->method->get_message(ssl, &msg)) { in do_read_server_certificate_verify()
658 if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE_VERIFY) || in do_read_server_certificate_verify()
664 ssl->method->next_message(ssl); in do_read_server_certificate_verify()
684 SSL *const ssl = hs->ssl; in do_read_server_finished() local
686 if (!ssl->method->get_message(ssl, &msg)) { in do_read_server_finished()
689 if (!ssl_check_message_type(ssl, msg, SSL3_MT_FINISHED) || in do_read_server_finished()
700 if (ssl->method->has_unprocessed_handshake_data(ssl)) { in do_read_server_finished()
701 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); in do_read_server_finished()
706 ssl->method->next_message(ssl); in do_read_server_finished()
712 SSL *const ssl = hs->ssl; in do_send_end_of_early_data() local
714 if (ssl->s3->early_data_accepted) { in do_send_end_of_early_data()
717 if (ssl->quic_method == nullptr) { in do_send_end_of_early_data()
720 if (!ssl->method->init_message(ssl, cbb.get(), &body, in do_send_end_of_early_data()
722 !ssl_add_message_cbb(ssl, cbb.get())) { in do_send_end_of_early_data()
738 SSL *const ssl = hs->ssl; in do_send_client_encrypted_extensions() local
742 !ssl->s3->early_data_accepted) { in do_send_client_encrypted_extensions()
745 if (!ssl->method->init_message(ssl, cbb.get(), &body, in do_send_client_encrypted_extensions()
753 !ssl_add_message_cbb(ssl, cbb.get())) { in do_send_client_encrypted_extensions()
763 SSL *const ssl = hs->ssl; in do_send_client_certificate() local
773 int rv = hs->config->cert->cert_cb(ssl, hs->config->cert->cert_cb_arg); in do_send_client_certificate()
775 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in do_send_client_certificate()
819 SSL *const ssl = hs->ssl; in do_complete_second_flight() local
822 if (ssl->s3->channel_id_valid) { in do_complete_second_flight()
834 if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CHANNEL_ID) || in do_complete_second_flight()
836 !ssl_add_message_cbb(ssl, cbb.get())) { in do_complete_second_flight()
847 if (!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal, in do_complete_second_flight()
850 !tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_open, in do_complete_second_flight()
915 ssl_do_info_callback(hs->ssl, SSL_CB_CONNECT_LOOP, 1); in tls13_client_handshake()
965 bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { in tls13_process_new_session_ticket() argument
966 if (ssl->s3->write_shutdown != ssl_shutdown_none) { in tls13_process_new_session_ticket()
974 UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body); in tls13_process_new_session_ticket()
979 if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) && in tls13_process_new_session_ticket()
980 ssl->session_ctx->new_session_cb != NULL && in tls13_process_new_session_ticket()
981 ssl->session_ctx->new_session_cb(ssl, session.get())) { in tls13_process_new_session_ticket()
989 UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) { in tls13_create_session_with_ticket() argument
991 ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH); in tls13_create_session_with_ticket()
996 ssl_session_rebase_time(ssl, session.get()); in tls13_create_session_with_ticket()
1007 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in tls13_create_session_with_ticket()
1032 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in tls13_create_session_with_ticket()
1039 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in tls13_create_session_with_ticket()
1046 if (ssl->quic_method != nullptr && in tls13_create_session_with_ticket()
1048 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in tls13_create_session_with_ticket()