53   const SSL3_STATE *const s3 = ssl->s3;  in SSL_serialize_handoff()  local
55       s3->hs == nullptr ||  in SSL_serialize_handoff()
56       s3->rwstate != SSL_HANDOFF) {  in SSL_serialize_handoff()
61   Span<const uint8_t> transcript = s3->hs->transcript.buffer();  in SSL_serialize_handoff()
66                                  reinterpret_cast<uint8_t *>(s3->hs_buf->data),  in SSL_serialize_handoff()
67                                  s3->hs_buf->length) ||  in SSL_serialize_handoff()
77   const SSL3_STATE *const s3 = ssl->s3;  in SSL_decline_handoff()  local
79       s3->hs == nullptr ||  in SSL_decline_handoff()
80       s3->rwstate != SSL_HANDOFF) {  in SSL_decline_handoff()
84   s3->hs->config->handoff = false;  in SSL_decline_handoff()
153       tls1_get_grouplist(ssl->s3->hs.get());  in apply_remote_features()
202   SSL3_STATE *const s3 = ssl->s3;  in SSL_apply_handoff()  local
203   s3->v2_hello_done = true;  in SSL_apply_handoff()
204   s3->has_message = true;  in SSL_apply_handoff()
206   s3->hs_buf.reset(BUF_MEM_new());  in SSL_apply_handoff()
207   if (!s3->hs_buf ||  in SSL_apply_handoff()
208       !BUF_MEM_append(s3->hs_buf.get(), CBS_data(&hs_buf), CBS_len(&hs_buf))) {  in SSL_apply_handoff()
213     s3->hs->transcript.Update(transcript);  in SSL_apply_handoff()
214     s3->is_v2_hello = true;  in SSL_apply_handoff()
216   s3->hs->handback = true;  in SSL_apply_handoff()
226   switch (ssl->s3->hs->state) {  in SSL_serialize_handback()
240   const SSL3_STATE *const s3 = ssl->s3;  in SSL_serialize_handback()  local
242   if (s3->hostname) {  in SSL_serialize_handback()
243     hostname_len = strlen(s3->hostname.get());  in SSL_serialize_handback()
249     transcript = s3->hs->transcript.buffer();  in SSL_serialize_handback()
256       SSL_CIPHER_is_block_cipher(s3->aead_write_ctx->cipher()) &&  in SSL_serialize_handback()
257       !s3->aead_write_ctx->GetIV(&write_iv, &write_iv_len)) {  in SSL_serialize_handback()
264       SSL_CIPHER_is_block_cipher(s3->aead_read_ctx->cipher()) &&  in SSL_serialize_handback()
265       !s3->aead_read_ctx->GetIV(&read_iv, &read_iv_len)) {  in SSL_serialize_handback()
272       s3->session_reused ? ssl->session.get() : s3->hs->new_session.get();  in SSL_serialize_handback()
276       !CBB_add_asn1_octet_string(&seq, s3->read_sequence,  in SSL_serialize_handback()
277                                  sizeof(s3->read_sequence)) ||  in SSL_serialize_handback()
278       !CBB_add_asn1_octet_string(&seq, s3->write_sequence,  in SSL_serialize_handback()
279                                  sizeof(s3->write_sequence)) ||  in SSL_serialize_handback()
280       !CBB_add_asn1_octet_string(&seq, s3->server_random,  in SSL_serialize_handback()
281                                  sizeof(s3->server_random)) ||  in SSL_serialize_handback()
282       !CBB_add_asn1_octet_string(&seq, s3->client_random,  in SSL_serialize_handback()
283                                  sizeof(s3->client_random)) ||  in SSL_serialize_handback()
286       !CBB_add_asn1_bool(&seq, s3->session_reused) ||  in SSL_serialize_handback()
287       !CBB_add_asn1_bool(&seq, s3->channel_id_valid) ||  in SSL_serialize_handback()
289       !CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),  in SSL_serialize_handback()
290                                  s3->next_proto_negotiated.size()) ||  in SSL_serialize_handback()
291       !CBB_add_asn1_octet_string(&seq, s3->alpn_selected.data(),  in SSL_serialize_handback()
292                                  s3->alpn_selected.size()) ||  in SSL_serialize_handback()
294           &seq, reinterpret_cast<uint8_t *>(s3->hostname.get()),  in SSL_serialize_handback()
296       !CBB_add_asn1_octet_string(&seq, s3->channel_id,  in SSL_serialize_handback()
297                                  sizeof(s3->channel_id)) ||  in SSL_serialize_handback()
298       !CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) ||  in SSL_serialize_handback()
299       !CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) ||  in SSL_serialize_handback()
300       !CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||  in SSL_serialize_handback()
301       !CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||  in SSL_serialize_handback()
302       !CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||  in SSL_serialize_handback()
303       !CBB_add_asn1_bool(&seq, s3->hs->ticket_expected) ||  in SSL_serialize_handback()
304       !CBB_add_asn1_uint64(&seq, SSL_CIPHER_get_id(s3->hs->new_cipher)) ||  in SSL_serialize_handback()
310       !s3->hs->key_shares[0]->Serialize(&key_share)) {  in SSL_serialize_handback()
322   SSL3_STATE *const s3 = ssl->s3;  in SSL_apply_handback()  local
340       CBS_len(&read_seq) != sizeof(s3->read_sequence) ||  in SSL_apply_handback()
342       CBS_len(&write_seq) != sizeof(s3->write_sequence) ||  in SSL_apply_handback()
344       CBS_len(&server_rand) != sizeof(s3->server_random) ||  in SSL_apply_handback()
345       !CBS_copy_bytes(&server_rand, s3->server_random,  in SSL_apply_handback()
346                       sizeof(s3->server_random)) ||  in SSL_apply_handback()
348       CBS_len(&client_rand) != sizeof(s3->client_random) ||  in SSL_apply_handback()
349       !CBS_copy_bytes(&client_rand, s3->client_random,  in SSL_apply_handback()
350                       sizeof(s3->client_random)) ||  in SSL_apply_handback()
358   s3->hs = ssl_handshake_new(ssl);  in SSL_apply_handback()
364     s3->hs->new_session =  in SSL_apply_handback()
366     session = s3->hs->new_session.get();  in SSL_apply_handback()
373       CBS_len(&channel_id) != sizeof(s3->channel_id) ||  in SSL_apply_handback()
374       !CBS_copy_bytes(&channel_id, s3->channel_id,  in SSL_apply_handback()
375                       sizeof(s3->channel_id)) ||  in SSL_apply_handback()
385   if ((s3->hs->new_cipher =  in SSL_apply_handback()
395   s3->have_version = true;  in SSL_apply_handback()
397       session->cipher != s3->hs->new_cipher ||  in SSL_apply_handback()
406       ssl->s3->hs->state = state12_read_change_cipher_spec;  in SSL_apply_handback()
412       ssl->s3->hs->state = state12_read_client_certificate;  in SSL_apply_handback()
418       ssl->s3->hs->state = state12_finish_server_handshake;  in SSL_apply_handback()
423   s3->session_reused = session_reused;  in SSL_apply_handback()
424   s3->channel_id_valid = channel_id_valid;  in SSL_apply_handback()
425   s3->next_proto_negotiated.CopyFrom(next_proto);  in SSL_apply_handback()
426   s3->alpn_selected.CopyFrom(alpn);  in SSL_apply_handback()
430     s3->hostname.reset();  in SSL_apply_handback()
436     s3->hostname.reset(hostname_str);  in SSL_apply_handback()
439   s3->token_binding_negotiated = token_binding_negotiated;  in SSL_apply_handback()
440   s3->negotiated_token_binding_param =  in SSL_apply_handback()
442   s3->hs->next_proto_neg_seen = next_proto_neg_seen;  in SSL_apply_handback()
443   s3->hs->wait = ssl_hs_flush;  in SSL_apply_handback()
444   s3->hs->extended_master_secret = extended_master_secret;  in SSL_apply_handback()
445   s3->hs->ticket_expected = ticket_expected;  in SSL_apply_handback()
446   s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);  in SSL_apply_handback()
447   s3->hs->cert_request = cert_request;  in SSL_apply_handback()
454        !CBS_copy_bytes(&write_seq, s3->write_sequence,  in SSL_apply_handback()
455                        sizeof(s3->write_sequence)))) {  in SSL_apply_handback()
461        !CBS_copy_bytes(&read_seq, s3->read_sequence,  in SSL_apply_handback()
462                        sizeof(s3->read_sequence)))) {  in SSL_apply_handback()
467       (!s3->hs->transcript.Init() ||  in SSL_apply_handback()
468        !s3->hs->transcript.InitHash(ssl_protocol_version(ssl),  in SSL_apply_handback()
469                                     s3->hs->new_cipher) ||  in SSL_apply_handback()
470        !s3->hs->transcript.Update(transcript))) {  in SSL_apply_handback()
474       (s3->hs->key_shares[0] = SSLKeyShare::Create(&key_share)) == nullptr) {  in SSL_apply_handback()