Lines Matching refs:s
171 static int ssl3_get_client_hello(SSL *s);
172 static int ssl3_send_dtls_hello_verify_request(SSL *s);
173 static int ssl3_send_server_hello(SSL *s);
174 static int ssl3_send_hello_request(SSL *s);
175 static int ssl3_send_server_certificate(SSL *s);
176 static int ssl3_send_server_key_exchange(SSL *s);
177 static int ssl3_send_certificate_request(SSL *s);
178 static int ssl3_send_server_done(SSL *s);
179 static int ssl3_get_client_certificate(SSL *s);
180 static int ssl3_get_client_key_exchange(SSL *s);
181 static int ssl3_get_cert_verify(SSL *s);
182 static int ssl3_send_newsession_ticket(SSL *s);
183 static int ssl3_send_cert_status(SSL *s);
184 static int ssl3_send_server_change_cipher_spec(SSL *s);
185 static int ssl3_send_server_finished(SSL *s);
186 static int ssl3_get_client_finished(SSL *s);
189 ssl3_accept(SSL *s) in ssl3_accept() argument
199 if (SSL_is_dtls(s)) in ssl3_accept()
200 listen = s->d1->listen; in ssl3_accept()
203 s->in_handshake++; in ssl3_accept()
204 if (!SSL_in_init(s) || SSL_in_before(s)) in ssl3_accept()
205 SSL_clear(s); in ssl3_accept()
207 if (SSL_is_dtls(s)) in ssl3_accept()
208 s->d1->listen = listen; in ssl3_accept()
211 state = s->s3->hs.state; in ssl3_accept()
213 switch (s->s3->hs.state) { in ssl3_accept()
215 s->renegotiate = 1; in ssl3_accept()
222 s->server = 1; in ssl3_accept()
224 ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1); in ssl3_accept()
226 if (!ssl_legacy_stack_version(s, s->version)) { in ssl3_accept()
227 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_accept()
232 if (!ssl_supported_tls_version_range(s, in ssl3_accept()
233 &s->s3->hs.our_min_tls_version, in ssl3_accept()
234 &s->s3->hs.our_max_tls_version)) { in ssl3_accept()
235 SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); in ssl3_accept()
240 if (!ssl_security_version(s, in ssl3_accept()
241 s->s3->hs.our_min_tls_version)) { in ssl3_accept()
242 SSLerror(s, SSL_R_VERSION_TOO_LOW); in ssl3_accept()
247 if (!ssl3_setup_init_buffer(s)) { in ssl3_accept()
251 if (!ssl3_setup_buffers(s)) { in ssl3_accept()
256 s->init_num = 0; in ssl3_accept()
258 if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { in ssl3_accept()
264 if (!ssl_init_wbio_buffer(s, 1)) { in ssl3_accept()
269 if (!tls1_transcript_init(s)) { in ssl3_accept()
274 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; in ssl3_accept()
275 s->ctx->stats.sess_accept++; in ssl3_accept()
276 } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { in ssl3_accept()
282 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); in ssl3_accept()
283 ssl3_send_alert(s, SSL3_AL_FATAL, in ssl3_accept()
292 s->ctx->stats.sess_accept_renegotiate++; in ssl3_accept()
293 s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; in ssl3_accept()
299 s->shutdown = 0; in ssl3_accept()
300 if (SSL_is_dtls(s)) { in ssl3_accept()
301 dtls1_clear_record_buffer(s); in ssl3_accept()
302 dtls1_start_timer(s); in ssl3_accept()
304 ret = ssl3_send_hello_request(s); in ssl3_accept()
307 if (SSL_is_dtls(s)) in ssl3_accept()
308 s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; in ssl3_accept()
310 s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; in ssl3_accept()
311 s->s3->hs.state = SSL3_ST_SW_FLUSH; in ssl3_accept()
312 s->init_num = 0; in ssl3_accept()
314 if (SSL_is_dtls(s)) { in ssl3_accept()
315 if (!tls1_transcript_init(s)) { in ssl3_accept()
323 s->s3->hs.state = SSL_ST_OK; in ssl3_accept()
329 s->shutdown = 0; in ssl3_accept()
330 if (SSL_is_dtls(s)) { in ssl3_accept()
331 ret = ssl3_get_client_hello(s); in ssl3_accept()
334 dtls1_stop_timer(s); in ssl3_accept()
337 (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) in ssl3_accept()
338 s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; in ssl3_accept()
340 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; in ssl3_accept()
342 s->init_num = 0; in ssl3_accept()
350 s->rl); in ssl3_accept()
354 if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { in ssl3_accept()
356 s->d1->listen = 0; in ssl3_accept()
361 s->d1->handshake_read_seq = 2; in ssl3_accept()
362 s->d1->handshake_write_seq = 1; in ssl3_accept()
363 s->d1->next_handshake_write_seq = 1; in ssl3_accept()
367 if (s->rwstate != SSL_X509_LOOKUP) { in ssl3_accept()
368 ret = ssl3_get_client_hello(s); in ssl3_accept()
373 s->renegotiate = 2; in ssl3_accept()
374 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; in ssl3_accept()
375 s->init_num = 0; in ssl3_accept()
381 ret = ssl3_send_dtls_hello_verify_request(s); in ssl3_accept()
384 s->s3->hs.state = SSL3_ST_SW_FLUSH; in ssl3_accept()
385 s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; in ssl3_accept()
388 tls1_transcript_reset(s); in ssl3_accept()
393 if (SSL_is_dtls(s)) { in ssl3_accept()
394 s->renegotiate = 2; in ssl3_accept()
395 dtls1_start_timer(s); in ssl3_accept()
397 ret = ssl3_send_server_hello(s); in ssl3_accept()
400 if (s->hit) { in ssl3_accept()
401 if (s->tlsext_ticket_expected) in ssl3_accept()
402 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; in ssl3_accept()
404 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; in ssl3_accept()
406 s->s3->hs.state = SSL3_ST_SW_CERT_A; in ssl3_accept()
408 s->init_num = 0; in ssl3_accept()
414 if (!(s->s3->hs.cipher->algorithm_auth & in ssl3_accept()
416 if (SSL_is_dtls(s)) in ssl3_accept()
417 dtls1_start_timer(s); in ssl3_accept()
418 ret = ssl3_send_server_certificate(s); in ssl3_accept()
421 if (s->tlsext_status_expected) in ssl3_accept()
422 s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; in ssl3_accept()
424 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; in ssl3_accept()
427 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; in ssl3_accept()
429 s->init_num = 0; in ssl3_accept()
434 alg_k = s->s3->hs.cipher->algorithm_mkey; in ssl3_accept()
445 if (SSL_is_dtls(s)) in ssl3_accept()
446 dtls1_start_timer(s); in ssl3_accept()
447 ret = ssl3_send_server_key_exchange(s); in ssl3_accept()
453 s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; in ssl3_accept()
454 s->init_num = 0; in ssl3_accept()
476 if (!(s->verify_mode & SSL_VERIFY_PEER) || in ssl3_accept()
477 ((s->session->peer_cert != NULL) && in ssl3_accept()
478 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || in ssl3_accept()
479 ((s->s3->hs.cipher->algorithm_auth & in ssl3_accept()
480 SSL_aNULL) && !(s->verify_mode & in ssl3_accept()
484 s->s3->hs.tls12.cert_request = 0; in ssl3_accept()
485 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; in ssl3_accept()
487 if (!SSL_is_dtls(s)) in ssl3_accept()
488 tls1_transcript_free(s); in ssl3_accept()
490 s->s3->hs.tls12.cert_request = 1; in ssl3_accept()
491 if (SSL_is_dtls(s)) in ssl3_accept()
492 dtls1_start_timer(s); in ssl3_accept()
493 ret = ssl3_send_certificate_request(s); in ssl3_accept()
496 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; in ssl3_accept()
497 s->init_num = 0; in ssl3_accept()
503 if (SSL_is_dtls(s)) in ssl3_accept()
504 dtls1_start_timer(s); in ssl3_accept()
505 ret = ssl3_send_server_done(s); in ssl3_accept()
508 s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; in ssl3_accept()
509 s->s3->hs.state = SSL3_ST_SW_FLUSH; in ssl3_accept()
510 s->init_num = 0; in ssl3_accept()
524 s->rwstate = SSL_WRITING; in ssl3_accept()
525 if (BIO_flush(s->wbio) <= 0) { in ssl3_accept()
526 if (SSL_is_dtls(s)) { in ssl3_accept()
528 if (!BIO_should_retry(s->wbio)) { in ssl3_accept()
529 s->rwstate = SSL_NOTHING; in ssl3_accept()
530 s->s3->hs.state = s->s3->hs.tls12.next_state; in ssl3_accept()
536 s->rwstate = SSL_NOTHING; in ssl3_accept()
537 s->s3->hs.state = s->s3->hs.tls12.next_state; in ssl3_accept()
542 if (s->s3->hs.tls12.cert_request != 0) { in ssl3_accept()
543 ret = ssl3_get_client_certificate(s); in ssl3_accept()
547 s->init_num = 0; in ssl3_accept()
548 s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; in ssl3_accept()
553 ret = ssl3_get_client_key_exchange(s); in ssl3_accept()
557 if (SSL_is_dtls(s)) { in ssl3_accept()
558 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; in ssl3_accept()
559 s->init_num = 0; in ssl3_accept()
562 alg_k = s->s3->hs.cipher->algorithm_mkey; in ssl3_accept()
563 if (SSL_USE_SIGALGS(s)) { in ssl3_accept()
564 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; in ssl3_accept()
565 s->init_num = 0; in ssl3_accept()
566 if (!s->session->peer_cert) in ssl3_accept()
572 tls1_transcript_freeze(s); in ssl3_accept()
574 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; in ssl3_accept()
575 s->init_num = 0; in ssl3_accept()
577 tls1_transcript_free(s); in ssl3_accept()
583 if (!tls1_transcript_hash_value(s, in ssl3_accept()
584 s->s3->hs.tls12.cert_verify, in ssl3_accept()
585 sizeof(s->s3->hs.tls12.cert_verify), in ssl3_accept()
595 if (SSL_is_dtls(s)) in ssl3_accept()
596 s->d1->change_cipher_spec_ok = 1; in ssl3_accept()
598 s->s3->flags |= SSL3_FLAGS_CCS_OK; in ssl3_accept()
601 ret = ssl3_get_cert_verify(s); in ssl3_accept()
604 s->s3->hs.state = SSL3_ST_SR_FINISHED_A; in ssl3_accept()
605 s->init_num = 0; in ssl3_accept()
610 if (SSL_is_dtls(s)) in ssl3_accept()
611 s->d1->change_cipher_spec_ok = 1; in ssl3_accept()
613 s->s3->flags |= SSL3_FLAGS_CCS_OK; in ssl3_accept()
614 ret = ssl3_get_client_finished(s); in ssl3_accept()
617 if (SSL_is_dtls(s)) in ssl3_accept()
618 dtls1_stop_timer(s); in ssl3_accept()
619 if (s->hit) in ssl3_accept()
620 s->s3->hs.state = SSL_ST_OK; in ssl3_accept()
621 else if (s->tlsext_ticket_expected) in ssl3_accept()
622 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; in ssl3_accept()
624 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; in ssl3_accept()
625 s->init_num = 0; in ssl3_accept()
630 ret = ssl3_send_newsession_ticket(s); in ssl3_accept()
633 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; in ssl3_accept()
634 s->init_num = 0; in ssl3_accept()
639 ret = ssl3_send_cert_status(s); in ssl3_accept()
642 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; in ssl3_accept()
643 s->init_num = 0; in ssl3_accept()
648 ret = ssl3_send_server_change_cipher_spec(s); in ssl3_accept()
651 s->s3->hs.state = SSL3_ST_SW_FINISHED_A; in ssl3_accept()
652 s->init_num = 0; in ssl3_accept()
653 s->session->cipher = s->s3->hs.cipher; in ssl3_accept()
655 if (!tls1_setup_key_block(s)) { in ssl3_accept()
659 if (!tls1_change_write_cipher_state(s)) { in ssl3_accept()
667 ret = ssl3_send_server_finished(s); in ssl3_accept()
670 s->s3->hs.state = SSL3_ST_SW_FLUSH; in ssl3_accept()
671 if (s->hit) { in ssl3_accept()
672 s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; in ssl3_accept()
673 tls1_transcript_free(s); in ssl3_accept()
675 s->s3->hs.tls12.next_state = SSL_ST_OK; in ssl3_accept()
676 s->init_num = 0; in ssl3_accept()
681 tls1_cleanup_key_block(s); in ssl3_accept()
683 if (s->s3->handshake_transcript != NULL) { in ssl3_accept()
684 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_accept()
689 if (!SSL_is_dtls(s)) in ssl3_accept()
690 ssl3_release_init_buffer(s); in ssl3_accept()
693 ssl_free_wbio_buffer(s); in ssl3_accept()
695 s->init_num = 0; in ssl3_accept()
698 if (s->renegotiate == 2) { in ssl3_accept()
699 s->renegotiate = 0; in ssl3_accept()
700 s->new_session = 0; in ssl3_accept()
702 ssl_update_cache(s, SSL_SESS_CACHE_SERVER); in ssl3_accept()
704 s->ctx->stats.sess_accept_good++; in ssl3_accept()
706 s->handshake_func = ssl3_accept; in ssl3_accept()
708 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); in ssl3_accept()
713 if (SSL_is_dtls(s)) { in ssl3_accept()
715 s->d1->handshake_read_seq = 0; in ssl3_accept()
717 s->d1->handshake_write_seq = 0; in ssl3_accept()
718 s->d1->next_handshake_write_seq = 0; in ssl3_accept()
724 SSLerror(s, SSL_R_UNKNOWN_STATE); in ssl3_accept()
730 if (!s->s3->hs.tls12.reuse_message && !skip) { in ssl3_accept()
731 if (s->s3->hs.state != state) { in ssl3_accept()
732 new_state = s->s3->hs.state; in ssl3_accept()
733 s->s3->hs.state = state; in ssl3_accept()
734 ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1); in ssl3_accept()
735 s->s3->hs.state = new_state; in ssl3_accept()
742 s->in_handshake--; in ssl3_accept()
743 ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret); in ssl3_accept()
749 ssl3_send_hello_request(SSL *s) in ssl3_send_hello_request() argument
755 if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) { in ssl3_send_hello_request()
756 if (!ssl3_handshake_msg_start(s, &cbb, &hello, in ssl3_send_hello_request()
759 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_hello_request()
762 s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B; in ssl3_send_hello_request()
766 return (ssl3_handshake_write(s)); in ssl3_send_hello_request()
775 ssl3_get_client_hello(SSL *s) in ssl3_get_client_hello() argument
796 if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) in ssl3_get_client_hello()
797 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; in ssl3_get_client_hello()
799 s->first_packet = 1; in ssl3_get_client_hello()
800 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, in ssl3_get_client_hello()
804 s->first_packet = 0; in ssl3_get_client_hello()
808 if (s->init_num < 0) in ssl3_get_client_hello()
811 CBS_init(&cbs, s->init_msg, s->init_num); in ssl3_get_client_hello()
822 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); in ssl3_get_client_hello()
825 if (SSL_is_dtls(s)) { in ssl3_get_client_hello()
838 if (!ssl_max_shared_version(s, client_version, &shared_version)) { in ssl3_get_client_hello()
840 !tls12_record_layer_write_protected(s->rl)) { in ssl3_get_client_hello()
845 s->version = client_version; in ssl3_get_client_hello()
847 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); in ssl3_get_client_hello()
851 s->s3->hs.peer_legacy_version = client_version; in ssl3_get_client_hello()
852 s->version = shared_version; in ssl3_get_client_hello()
854 s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version); in ssl3_get_client_hello()
855 if (s->s3->hs.negotiated_tls_version == 0) { in ssl3_get_client_hello()
856 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_get_client_hello()
861 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_get_client_hello()
864 s->method = method; in ssl3_get_client_hello()
871 if (SSL_is_dtls(s)) { in ssl3_get_client_hello()
872 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { in ssl3_get_client_hello()
878 if (!CBS_write_bytes(&client_random, s->s3->client_random, in ssl3_get_client_hello()
879 sizeof(s->s3->client_random), NULL)) in ssl3_get_client_hello()
882 s->hit = 0; in ssl3_get_client_hello()
899 if ((s->new_session && (s->options & in ssl3_get_client_hello()
901 if (!ssl_get_new_session(s, 1)) in ssl3_get_client_hello()
908 i = ssl_get_prev_session(s, &session_id, &ext_block, &al); in ssl3_get_client_hello()
910 s->hit = 1; in ssl3_get_client_hello()
915 if (!ssl_get_new_session(s, 1)) in ssl3_get_client_hello()
920 if (SSL_is_dtls(s)) { in ssl3_get_client_hello()
926 if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) { in ssl3_get_client_hello()
928 SSLerror(s, SSL_R_COOKIE_MISMATCH); in ssl3_get_client_hello()
933 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && in ssl3_get_client_hello()
938 if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie, in ssl3_get_client_hello()
939 sizeof(s->d1->rcvd_cookie), &cookie_len)) in ssl3_get_client_hello()
942 if (s->ctx->app_verify_cookie_cb != NULL) { in ssl3_get_client_hello()
943 if (s->ctx->app_verify_cookie_cb(s, in ssl3_get_client_hello()
944 s->d1->rcvd_cookie, cookie_len) == 0) { in ssl3_get_client_hello()
946 SSLerror(s, SSL_R_COOKIE_MISMATCH); in ssl3_get_client_hello()
951 } else if (timingsafe_memcmp(s->d1->rcvd_cookie, in ssl3_get_client_hello()
952 s->d1->cookie, s->d1->cookie_len) != 0) { in ssl3_get_client_hello()
955 SSLerror(s, SSL_R_COOKIE_MISMATCH); in ssl3_get_client_hello()
966 SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED); in ssl3_get_client_hello()
971 if ((ciphers = ssl_bytes_to_cipher_list(s, in ssl3_get_client_hello()
978 if (s->hit && CBS_len(&cipher_suites) > 0) { in ssl3_get_client_hello()
980 id = s->session->cipher->id; in ssl3_get_client_hello()
995 SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING); in ssl3_get_client_hello()
1009 SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED); in ssl3_get_client_hello()
1013 if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) { in ssl3_get_client_hello()
1014 SSLerror(s, SSL_R_PARSE_TLSEXT); in ssl3_get_client_hello()
1021 if (!s->s3->renegotiate_seen && s->renegotiate) { in ssl3_get_client_hello()
1023 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); in ssl3_get_client_hello()
1027 if (ssl_check_clienthello_tlsext_early(s) <= 0) { in ssl3_get_client_hello()
1028 SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT); in ssl3_get_client_hello()
1038 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); in ssl3_get_client_hello()
1040 if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && in ssl3_get_client_hello()
1041 s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { in ssl3_get_client_hello()
1049 uint8_t *magic = &s->s3->server_random[index]; in ssl3_get_client_hello()
1050 if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) { in ssl3_get_client_hello()
1061 if (!s->hit && s->tls_session_secret_cb != NULL) { in ssl3_get_client_hello()
1063 int master_key_length = sizeof(s->session->master_key); in ssl3_get_client_hello()
1065 if (!s->tls_session_secret_cb(s, in ssl3_get_client_hello()
1066 s->session->master_key, &master_key_length, ciphers, in ssl3_get_client_hello()
1067 &pref_cipher, s->tls_session_secret_cb_arg)) { in ssl3_get_client_hello()
1068 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_get_client_hello()
1072 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_get_client_hello()
1075 s->session->master_key_length = master_key_length; in ssl3_get_client_hello()
1077 s->hit = 1; in ssl3_get_client_hello()
1078 s->session->verify_result = X509_V_OK; in ssl3_get_client_hello()
1080 sk_SSL_CIPHER_free(s->session->ciphers); in ssl3_get_client_hello()
1081 s->session->ciphers = ciphers; in ssl3_get_client_hello()
1086 pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, in ssl3_get_client_hello()
1087 SSL_get_ciphers(s)); in ssl3_get_client_hello()
1090 SSLerror(s, SSL_R_NO_SHARED_CIPHER); in ssl3_get_client_hello()
1093 s->session->cipher = pref_cipher; in ssl3_get_client_hello()
1095 sk_SSL_CIPHER_free(s->cipher_list); in ssl3_get_client_hello()
1096 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); in ssl3_get_client_hello()
1104 if (!s->hit) { in ssl3_get_client_hello()
1107 SSLerror(s, SSL_R_NO_CIPHERS_PASSED); in ssl3_get_client_hello()
1110 sk_SSL_CIPHER_free(s->session->ciphers); in ssl3_get_client_hello()
1111 s->session->ciphers = ciphers; in ssl3_get_client_hello()
1114 if ((c = ssl3_choose_cipher(s, s->session->ciphers, in ssl3_get_client_hello()
1115 SSL_get_ciphers(s))) == NULL) { in ssl3_get_client_hello()
1117 SSLerror(s, SSL_R_NO_SHARED_CIPHER); in ssl3_get_client_hello()
1120 s->s3->hs.cipher = c; in ssl3_get_client_hello()
1122 s->s3->hs.cipher = s->session->cipher; in ssl3_get_client_hello()
1125 if (!tls1_transcript_hash_init(s)) in ssl3_get_client_hello()
1128 if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) in ssl3_get_client_hello()
1129 tls1_transcript_free(s); in ssl3_get_client_hello()
1144 if (ssl_check_clienthello_tlsext_late(s) <= 0) { in ssl3_get_client_hello()
1145 SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT); in ssl3_get_client_hello()
1154 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_hello()
1156 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_get_client_hello()
1165 ssl3_send_dtls_hello_verify_request(SSL *s) in ssl3_send_dtls_hello_verify_request() argument
1171 if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { in ssl3_send_dtls_hello_verify_request()
1172 if (s->ctx->app_gen_cookie_cb == NULL || in ssl3_send_dtls_hello_verify_request()
1173 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, in ssl3_send_dtls_hello_verify_request()
1174 &(s->d1->cookie_len)) == 0) { in ssl3_send_dtls_hello_verify_request()
1175 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_dtls_hello_verify_request()
1184 if (!ssl3_handshake_msg_start(s, &cbb, &verify, in ssl3_send_dtls_hello_verify_request()
1191 if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len)) in ssl3_send_dtls_hello_verify_request()
1193 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_dtls_hello_verify_request()
1196 s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; in ssl3_send_dtls_hello_verify_request()
1200 return (ssl3_handshake_write(s)); in ssl3_send_dtls_hello_verify_request()
1209 ssl3_send_server_hello(SSL *s) in ssl3_send_server_hello() argument
1216 if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { in ssl3_send_server_hello()
1217 if (!ssl3_handshake_msg_start(s, &cbb, &server_hello, in ssl3_send_server_hello()
1221 if (!CBB_add_u16(&server_hello, s->version)) in ssl3_send_server_hello()
1223 if (!CBB_add_bytes(&server_hello, s->s3->server_random, in ssl3_send_server_hello()
1224 sizeof(s->s3->server_random))) in ssl3_send_server_hello()
1245 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) in ssl3_send_server_hello()
1246 && !s->hit) in ssl3_send_server_hello()
1247 s->session->session_id_length = 0; in ssl3_send_server_hello()
1249 sl = s->session->session_id_length; in ssl3_send_server_hello()
1250 if (sl > sizeof(s->session->session_id)) { in ssl3_send_server_hello()
1251 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_hello()
1256 if (!CBB_add_bytes(&session_id, s->session->session_id, sl)) in ssl3_send_server_hello()
1261 ssl3_cipher_get_value(s->s3->hs.cipher))) in ssl3_send_server_hello()
1269 if (!tlsext_server_build(s, SSL_TLSEXT_MSG_SH, &server_hello)) { in ssl3_send_server_hello()
1270 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_hello()
1274 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_server_hello()
1279 return (ssl3_handshake_write(s)); in ssl3_send_server_hello()
1288 ssl3_send_server_done(SSL *s) in ssl3_send_server_done() argument
1294 if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) { in ssl3_send_server_done()
1295 if (!ssl3_handshake_msg_start(s, &cbb, &done, in ssl3_send_server_done()
1298 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_server_done()
1301 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B; in ssl3_send_server_done()
1305 return (ssl3_handshake_write(s)); in ssl3_send_server_done()
1314 ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) in ssl3_send_server_kex_dhe() argument
1318 tls_key_share_free(s->s3->hs.key_share); in ssl3_send_server_kex_dhe()
1319 if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) in ssl3_send_server_kex_dhe()
1322 if (s->cert->dhe_params_auto != 0) { in ssl3_send_server_kex_dhe()
1325 if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) { in ssl3_send_server_kex_dhe()
1326 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_kex_dhe()
1327 ssl3_send_alert(s, SSL3_AL_FATAL, in ssl3_send_server_kex_dhe()
1331 tls_key_share_set_key_bits(s->s3->hs.key_share, in ssl3_send_server_kex_dhe()
1334 DH *dh_params = s->cert->dhe_params; in ssl3_send_server_kex_dhe()
1336 if (dh_params == NULL && s->cert->dhe_params_cb != NULL) in ssl3_send_server_kex_dhe()
1337 dh_params = s->cert->dhe_params_cb(s, 0, in ssl3_send_server_kex_dhe()
1338 SSL_C_PKEYLENGTH(s->s3->hs.cipher)); in ssl3_send_server_kex_dhe()
1341 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); in ssl3_send_server_kex_dhe()
1342 ssl3_send_alert(s, SSL3_AL_FATAL, in ssl3_send_server_kex_dhe()
1347 if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params)) in ssl3_send_server_kex_dhe()
1351 if (!tls_key_share_generate(s->s3->hs.key_share)) in ssl3_send_server_kex_dhe()
1354 if (!tls_key_share_params(s->s3->hs.key_share, cbb)) in ssl3_send_server_kex_dhe()
1356 if (!tls_key_share_public(s->s3->hs.key_share, cbb)) in ssl3_send_server_kex_dhe()
1359 if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { in ssl3_send_server_kex_dhe()
1360 SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); in ssl3_send_server_kex_dhe()
1361 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); in ssl3_send_server_kex_dhe()
1372 ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) in ssl3_send_server_kex_ecdhe() argument
1377 if (!tls1_get_supported_group(s, &nid)) { in ssl3_send_server_kex_ecdhe()
1378 SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); in ssl3_send_server_kex_ecdhe()
1379 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); in ssl3_send_server_kex_ecdhe()
1383 tls_key_share_free(s->s3->hs.key_share); in ssl3_send_server_kex_ecdhe()
1384 if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) in ssl3_send_server_kex_ecdhe()
1387 if (!tls_key_share_generate(s->s3->hs.key_share)) in ssl3_send_server_kex_ecdhe()
1395 if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) in ssl3_send_server_kex_ecdhe()
1399 if (!tls_key_share_public(s->s3->hs.key_share, &public)) in ssl3_send_server_kex_ecdhe()
1411 ssl3_send_server_key_exchange(SSL *s) in ssl3_send_server_key_exchange() argument
1433 if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) { in ssl3_send_server_key_exchange()
1435 if (!ssl3_handshake_msg_start(s, &cbb, &server_kex, in ssl3_send_server_key_exchange()
1442 if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random, in ssl3_send_server_key_exchange()
1444 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_key_exchange()
1447 if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random, in ssl3_send_server_key_exchange()
1449 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_key_exchange()
1453 type = s->s3->hs.cipher->algorithm_mkey; in ssl3_send_server_key_exchange()
1455 if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params)) in ssl3_send_server_key_exchange()
1458 if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params)) in ssl3_send_server_key_exchange()
1462 SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); in ssl3_send_server_key_exchange()
1479 if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { in ssl3_send_server_key_exchange()
1480 if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher, in ssl3_send_server_key_exchange()
1485 s->s3->hs.our_sigalg = sigalg; in ssl3_send_server_key_exchange()
1488 if (SSL_USE_SIGALGS(s)) { in ssl3_send_server_key_exchange()
1491 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_key_exchange()
1497 SSLerror(s, ERR_R_EVP_LIB); in ssl3_send_server_key_exchange()
1504 SSLerror(s, ERR_R_EVP_LIB); in ssl3_send_server_key_exchange()
1509 SSLerror(s, ERR_R_EVP_LIB); in ssl3_send_server_key_exchange()
1513 SSLerror(s, ERR_R_MALLOC_FAILURE); in ssl3_send_server_key_exchange()
1518 SSLerror(s, ERR_R_EVP_LIB); in ssl3_send_server_key_exchange()
1530 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_server_key_exchange()
1533 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B; in ssl3_send_server_key_exchange()
1540 return (ssl3_handshake_write(s)); in ssl3_send_server_key_exchange()
1543 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_send_server_key_exchange()
1555 ssl3_send_certificate_request(SSL *s) in ssl3_send_certificate_request() argument
1568 if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) { in ssl3_send_certificate_request()
1569 if (!ssl3_handshake_msg_start(s, &cbb, &cert_request, in ssl3_send_certificate_request()
1575 if (!ssl3_get_req_cert_types(s, &cert_types)) in ssl3_send_certificate_request()
1578 if (SSL_USE_SIGALGS(s)) { in ssl3_send_certificate_request()
1582 if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, in ssl3_send_certificate_request()
1583 &sigalgs, SSL_get_security_level(s))) in ssl3_send_certificate_request()
1590 sk = SSL_get_client_CA_list(s); in ssl3_send_certificate_request()
1606 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_certificate_request()
1609 s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B; in ssl3_send_certificate_request()
1613 return (ssl3_handshake_write(s)); in ssl3_send_certificate_request()
1622 ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) in ssl3_get_client_kex_rsa() argument
1636 fakekey[0] = s->s3->hs.peer_legacy_version >> 8; in ssl3_get_client_kex_rsa()
1637 fakekey[1] = s->s3->hs.peer_legacy_version & 0xff; in ssl3_get_client_kex_rsa()
1639 pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; in ssl3_get_client_kex_rsa()
1642 SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE); in ssl3_get_client_kex_rsa()
1656 SSLerror(s, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); in ssl3_get_client_kex_rsa()
1670 if ((al == -1) && !((pms[0] == (s->s3->hs.peer_legacy_version >> 8)) && in ssl3_get_client_kex_rsa()
1671 (pms[1] == (s->s3->hs.peer_legacy_version & 0xff)))) { in ssl3_get_client_kex_rsa()
1700 if (!tls12_derive_master_secret(s, p, SSL_MAX_MASTER_KEY_LENGTH)) in ssl3_get_client_kex_rsa()
1709 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_kex_rsa()
1711 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_get_client_kex_rsa()
1719 ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) in ssl3_get_client_kex_dhe() argument
1726 if (s->s3->hs.key_share == NULL) { in ssl3_get_client_kex_dhe()
1727 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); in ssl3_get_client_kex_dhe()
1728 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); in ssl3_get_client_kex_dhe()
1732 if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, in ssl3_get_client_kex_dhe()
1735 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_kex_dhe()
1736 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in ssl3_get_client_kex_dhe()
1741 SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); in ssl3_get_client_kex_dhe()
1742 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in ssl3_get_client_kex_dhe()
1746 if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) in ssl3_get_client_kex_dhe()
1749 if (!tls12_derive_master_secret(s, key, key_len)) in ssl3_get_client_kex_dhe()
1761 ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) in ssl3_get_client_kex_ecdhe() argument
1769 if (s->s3->hs.key_share == NULL) { in ssl3_get_client_kex_ecdhe()
1770 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); in ssl3_get_client_kex_ecdhe()
1771 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); in ssl3_get_client_kex_ecdhe()
1776 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_kex_ecdhe()
1777 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in ssl3_get_client_kex_ecdhe()
1780 if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, in ssl3_get_client_kex_ecdhe()
1783 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_kex_ecdhe()
1784 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in ssl3_get_client_kex_ecdhe()
1789 if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) in ssl3_get_client_kex_ecdhe()
1792 if (!tls12_derive_master_secret(s, key, key_len)) in ssl3_get_client_kex_ecdhe()
1804 ssl3_get_client_key_exchange(SSL *s) in ssl3_get_client_key_exchange() argument
1811 if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, in ssl3_get_client_key_exchange()
1815 if (s->init_num < 0) in ssl3_get_client_key_exchange()
1818 CBS_init(&cbs, s->init_msg, s->init_num); in ssl3_get_client_key_exchange()
1820 alg_k = s->s3->hs.cipher->algorithm_mkey; in ssl3_get_client_key_exchange()
1823 if (!ssl3_get_client_kex_rsa(s, &cbs)) in ssl3_get_client_key_exchange()
1826 if (!ssl3_get_client_kex_dhe(s, &cbs)) in ssl3_get_client_key_exchange()
1829 if (!ssl3_get_client_kex_ecdhe(s, &cbs)) in ssl3_get_client_key_exchange()
1833 SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE); in ssl3_get_client_key_exchange()
1839 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_key_exchange()
1846 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_get_client_key_exchange()
1852 ssl3_get_cert_verify(SSL *s) in ssl3_get_cert_verify() argument
1866 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, in ssl3_get_cert_verify()
1872 if (s->init_num < 0) in ssl3_get_cert_verify()
1878 CBS_init(&cbs, s->init_msg, s->init_num); in ssl3_get_cert_verify()
1880 peer_cert = s->session->peer_cert; in ssl3_get_cert_verify()
1884 if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { in ssl3_get_cert_verify()
1885 s->s3->hs.tls12.reuse_message = 1; in ssl3_get_cert_verify()
1888 SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); in ssl3_get_cert_verify()
1896 SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); in ssl3_get_cert_verify()
1902 SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); in ssl3_get_cert_verify()
1907 if (s->s3->change_cipher_spec) { in ssl3_get_cert_verify()
1908 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); in ssl3_get_cert_verify()
1913 if (SSL_USE_SIGALGS(s)) { in ssl3_get_cert_verify()
1921 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); in ssl3_get_cert_verify()
1926 SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); in ssl3_get_cert_verify()
1931 if ((sigalg = ssl_sigalg_for_peer(s, pkey, in ssl3_get_cert_verify()
1936 s->s3->hs.peer_sigalg = sigalg; in ssl3_get_cert_verify()
1938 if (SSL_USE_SIGALGS(s)) { in ssl3_get_cert_verify()
1941 if (!tls1_transcript_data(s, &hdata, &hdatalen)) { in ssl3_get_cert_verify()
1942 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_get_cert_verify()
1948 SSLerror(s, ERR_R_EVP_LIB); in ssl3_get_cert_verify()
1961 SSLerror(s, ERR_R_EVP_LIB); in ssl3_get_cert_verify()
1970 SSLerror(s, ERR_R_EVP_LIB); in ssl3_get_cert_verify()
1973 verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify, in ssl3_get_cert_verify()
1978 SSLerror(s, SSL_R_BAD_RSA_DECRYPT); in ssl3_get_cert_verify()
1983 SSLerror(s, SSL_R_BAD_RSA_SIGNATURE); in ssl3_get_cert_verify()
1991 SSLerror(s, ERR_R_EVP_LIB); in ssl3_get_cert_verify()
1995 &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), in ssl3_get_cert_verify()
2000 SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); in ssl3_get_cert_verify()
2004 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_get_cert_verify()
2013 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_cert_verify()
2015 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_get_cert_verify()
2018 tls1_transcript_free(s); in ssl3_get_cert_verify()
2026 ssl3_get_client_certificate(SSL *s) in ssl3_get_client_certificate() argument
2034 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, in ssl3_get_client_certificate()
2035 -1, s->max_cert_list)) <= 0) in ssl3_get_client_certificate()
2040 if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { in ssl3_get_client_certificate()
2041 if ((s->verify_mode & SSL_VERIFY_PEER) && in ssl3_get_client_certificate()
2042 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { in ssl3_get_client_certificate()
2043 SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); in ssl3_get_client_certificate()
2052 if (s->s3->hs.tls12.cert_request != 0) { in ssl3_get_client_certificate()
2053 SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); in ssl3_get_client_certificate()
2057 s->s3->hs.tls12.reuse_message = 1; in ssl3_get_client_certificate()
2061 if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { in ssl3_get_client_certificate()
2063 SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); in ssl3_get_client_certificate()
2067 if (s->init_num < 0) in ssl3_get_client_certificate()
2070 CBS_init(&cbs, s->init_msg, s->init_num); in ssl3_get_client_certificate()
2083 if ((s->verify_mode & SSL_VERIFY_PEER) && in ssl3_get_client_certificate()
2084 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { in ssl3_get_client_certificate()
2085 SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); in ssl3_get_client_certificate()
2090 tls1_transcript_free(s); in ssl3_get_client_certificate()
2095 SSLerror(s, ERR_R_MALLOC_FAILURE); in ssl3_get_client_certificate()
2104 SSLerror(s, ERR_R_ASN1_LIB); in ssl3_get_client_certificate()
2110 SSLerror(s, ERR_R_MALLOC_FAILURE); in ssl3_get_client_certificate()
2116 if (ssl_verify_cert_chain(s, certs) <= 0) { in ssl3_get_client_certificate()
2117 al = ssl_verify_alarm_type(s->verify_result); in ssl3_get_client_certificate()
2118 SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED); in ssl3_get_client_certificate()
2121 s->session->verify_result = s->verify_result; in ssl3_get_client_certificate()
2124 if (!tls_process_peer_certs(s, certs)) in ssl3_get_client_certificate()
2132 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); in ssl3_get_client_certificate()
2134 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_get_client_certificate()
2144 ssl3_send_server_certificate(SSL *s) in ssl3_send_server_certificate() argument
2155 if (s->s3->hs.state == SSL3_ST_SW_CERT_A) { in ssl3_send_server_certificate()
2156 if ((cpk = ssl_get_server_send_pkey(s)) == NULL) { in ssl3_send_server_certificate()
2157 SSLerror(s, ERR_R_INTERNAL_ERROR); in ssl3_send_server_certificate()
2161 if (!ssl3_handshake_msg_start(s, &cbb, &server_cert, in ssl3_send_server_certificate()
2164 if (!ssl3_output_cert_chain(s, &server_cert, cpk)) in ssl3_send_server_certificate()
2166 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_server_certificate()
2169 s->s3->hs.state = SSL3_ST_SW_CERT_B; in ssl3_send_server_certificate()
2173 return (ssl3_handshake_write(s)); in ssl3_send_server_certificate()
2183 ssl3_send_newsession_ticket(SSL *s) in ssl3_send_newsession_ticket() argument
2186 SSL_CTX *tctx = s->initial_ctx; in ssl3_send_newsession_ticket()
2209 if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { in ssl3_send_newsession_ticket()
2210 if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket, in ssl3_send_newsession_ticket()
2214 if (!SSL_SESSION_ticket(s->session, &session, &session_len)) in ssl3_send_newsession_ticket()
2225 if (tctx->tlsext_ticket_key_cb(s, in ssl3_send_newsession_ticket()
2272 s->hit ? 0 : s->session->timeout)) in ssl3_send_newsession_ticket()
2293 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_newsession_ticket()
2296 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B; in ssl3_send_newsession_ticket()
2305 return (ssl3_handshake_write(s)); in ssl3_send_newsession_ticket()
2318 ssl3_send_cert_status(SSL *s) in ssl3_send_cert_status() argument
2324 if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) { in ssl3_send_cert_status()
2325 if (!ssl3_handshake_msg_start(s, &cbb, &certstatus, in ssl3_send_cert_status()
2328 if (!CBB_add_u8(&certstatus, s->tlsext_status_type)) in ssl3_send_cert_status()
2332 if (!CBB_add_bytes(&ocspresp, s->tlsext_ocsp_resp, in ssl3_send_cert_status()
2333 s->tlsext_ocsp_resp_len)) in ssl3_send_cert_status()
2335 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_cert_status()
2338 s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B; in ssl3_send_cert_status()
2342 return (ssl3_handshake_write(s)); in ssl3_send_cert_status()
2351 ssl3_send_server_change_cipher_spec(SSL *s) in ssl3_send_server_change_cipher_spec() argument
2358 if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) { in ssl3_send_server_change_cipher_spec()
2359 if (!CBB_init_fixed(&cbb, s->init_buf->data, in ssl3_send_server_change_cipher_spec()
2360 s->init_buf->length)) in ssl3_send_server_change_cipher_spec()
2370 s->init_num = (int)outlen; in ssl3_send_server_change_cipher_spec()
2371 s->init_off = 0; in ssl3_send_server_change_cipher_spec()
2373 if (SSL_is_dtls(s)) { in ssl3_send_server_change_cipher_spec()
2374 s->d1->handshake_write_seq = in ssl3_send_server_change_cipher_spec()
2375 s->d1->next_handshake_write_seq; in ssl3_send_server_change_cipher_spec()
2376 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, in ssl3_send_server_change_cipher_spec()
2377 s->d1->handshake_write_seq, 0, 0); in ssl3_send_server_change_cipher_spec()
2378 dtls1_buffer_message(s, 1); in ssl3_send_server_change_cipher_spec()
2381 s->s3->hs.state = SSL3_ST_SW_CHANGE_B; in ssl3_send_server_change_cipher_spec()
2385 return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in ssl3_send_server_change_cipher_spec()
2394 ssl3_get_client_finished(SSL *s) in ssl3_get_client_finished() argument
2400 if ((ret = ssl3_get_message(s, SSL3_ST_SR_FINISHED_A, in ssl3_get_client_finished()
2405 if (!s->s3->change_cipher_spec) { in ssl3_get_client_finished()
2407 SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); in ssl3_get_client_finished()
2410 s->s3->change_cipher_spec = 0; in ssl3_get_client_finished()
2414 if (s->init_num < 0) { in ssl3_get_client_finished()
2416 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); in ssl3_get_client_finished()
2420 CBS_init(&cbs, s->init_msg, s->init_num); in ssl3_get_client_finished()
2422 if (s->s3->hs.peer_finished_len != md_len || in ssl3_get_client_finished()
2425 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); in ssl3_get_client_finished()
2429 if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) { in ssl3_get_client_finished()
2431 SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); in ssl3_get_client_finished()
2437 memcpy(s->s3->previous_client_finished, in ssl3_get_client_finished()
2438 s->s3->hs.peer_finished, md_len); in ssl3_get_client_finished()
2439 s->s3->previous_client_finished_len = md_len; in ssl3_get_client_finished()
2443 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ssl3_get_client_finished()
2448 ssl3_send_server_finished(SSL *s) in ssl3_send_server_finished() argument
2454 if (s->s3->hs.state == SSL3_ST_SW_FINISHED_A) { in ssl3_send_server_finished()
2455 if (!tls12_derive_finished(s)) in ssl3_send_server_finished()
2459 memcpy(s->s3->previous_server_finished, in ssl3_send_server_finished()
2460 s->s3->hs.finished, s->s3->hs.finished_len); in ssl3_send_server_finished()
2461 s->s3->previous_server_finished_len = s->s3->hs.finished_len; in ssl3_send_server_finished()
2463 if (!ssl3_handshake_msg_start(s, &cbb, &finished, in ssl3_send_server_finished()
2466 if (!CBB_add_bytes(&finished, s->s3->hs.finished, in ssl3_send_server_finished()
2467 s->s3->hs.finished_len)) in ssl3_send_server_finished()
2469 if (!ssl3_handshake_msg_finish(s, &cbb)) in ssl3_send_server_finished()
2472 s->s3->hs.state = SSL3_ST_SW_FINISHED_B; in ssl3_send_server_finished()
2475 return (ssl3_handshake_write(s)); in ssl3_send_server_finished()