Lines Matching refs:ssl
202 bool ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, in ssl_client_hello_init() argument
205 out->ssl = ssl; in ssl_client_hello_init()
224 if (SSL_is_dtls(out->ssl)) { in ssl_client_hello_init()
303 SSL *const ssl = hs->ssl; in tls1_get_shared_group() local
304 assert(ssl->server); in tls1_get_shared_group()
317 if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { in tls1_get_shared_group()
330 (ssl_protocol_version(ssl) >= TLS1_3_VERSION || in tls1_get_shared_group()
394 ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { in tls1_check_group_id()
502 static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl, in tls12_get_verify_sigalgs() argument
505 if (!ssl->config->verify_sigalgs.empty()) { in tls12_get_verify_sigalgs()
506 ret.list = ssl->config->verify_sigalgs; in tls12_get_verify_sigalgs()
509 ret.skip_ed25519 = !ssl->ctx->ed25519_enabled; in tls12_get_verify_sigalgs()
512 ret.skip_rsa_pss_rsae = !ssl->ctx->rsa_pss_rsae_certs_enabled; in tls12_get_verify_sigalgs()
517 bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out, bool for_certs) { in tls12_add_verify_sigalgs() argument
518 SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl, for_certs); in tls12_add_verify_sigalgs()
528 bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert, in tls12_check_peer_sigalg() argument
530 SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl, false); in tls12_check_peer_sigalg()
543 bool tls12_has_different_verify_sigalgs_for_certs(const SSL *ssl) { in tls12_has_different_verify_sigalgs_for_certs() argument
544 return tls12_get_verify_sigalgs(ssl, true) != in tls12_has_different_verify_sigalgs_for_certs()
545 tls12_get_verify_sigalgs(ssl, false); in tls12_has_different_verify_sigalgs_for_certs()
603 SSL *const ssl = hs->ssl; in ext_sni_add_clienthello() local
604 if (ssl->hostname == nullptr) { in ext_sni_add_clienthello()
614 !CBB_add_bytes(&name, (const uint8_t *)ssl->hostname.get(), in ext_sni_add_clienthello()
615 strlen(ssl->hostname.get())) || in ext_sni_add_clienthello()
632 SSL *const ssl = hs->ssl; in ext_sni_parse_clienthello() local
668 ssl->s3->hostname.reset(raw); in ext_sni_parse_clienthello()
675 if (hs->ssl->s3->session_reused || in ext_sni_add_serverhello()
694 SSL *const ssl = hs->ssl; in ext_ri_add_clienthello() local
700 assert(ssl->s3->initial_handshake_complete == in ext_ri_add_clienthello()
701 (ssl->s3->previous_client_finished_len != 0)); in ext_ri_add_clienthello()
707 !CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished, in ext_ri_add_clienthello()
708 ssl->s3->previous_client_finished_len) || in ext_ri_add_clienthello()
718 SSL *const ssl = hs->ssl; in ext_ri_parse_serverhello() local
719 if (contents != NULL && ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_ri_parse_serverhello()
726 if (ssl->s3->initial_handshake_complete && in ext_ri_parse_serverhello()
727 (contents != NULL) != ssl->s3->send_connection_binding) { in ext_ri_parse_serverhello()
744 const size_t expected_len = ssl->s3->previous_client_finished_len + in ext_ri_parse_serverhello()
745 ssl->s3->previous_server_finished_len; in ext_ri_parse_serverhello()
748 assert(!expected_len || ssl->s3->previous_client_finished_len); in ext_ri_parse_serverhello()
749 assert(!expected_len || ssl->s3->previous_server_finished_len); in ext_ri_parse_serverhello()
750 assert(ssl->s3->initial_handshake_complete == in ext_ri_parse_serverhello()
751 (ssl->s3->previous_client_finished_len != 0)); in ext_ri_parse_serverhello()
752 assert(ssl->s3->initial_handshake_complete == in ext_ri_parse_serverhello()
753 (ssl->s3->previous_server_finished_len != 0)); in ext_ri_parse_serverhello()
772 bool ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished, in ext_ri_parse_serverhello()
773 ssl->s3->previous_client_finished_len) == 0; in ext_ri_parse_serverhello()
782 d += ssl->s3->previous_client_finished_len; in ext_ri_parse_serverhello()
784 ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished, in ext_ri_parse_serverhello()
785 ssl->s3->previous_server_finished_len) == 0; in ext_ri_parse_serverhello()
794 ssl->s3->send_connection_binding = true; in ext_ri_parse_serverhello()
801 SSL *const ssl = hs->ssl; in ext_ri_parse_clienthello() local
804 assert(!ssl->s3->initial_handshake_complete); in ext_ri_parse_clienthello()
806 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_ri_parse_clienthello()
829 ssl->s3->send_connection_binding = true; in ext_ri_parse_clienthello()
835 SSL *const ssl = hs->ssl; in ext_ri_add_serverhello() local
838 assert(!ssl->s3->initial_handshake_complete); in ext_ri_add_serverhello()
840 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_ri_add_serverhello()
874 SSL *const ssl = hs->ssl; in ext_ems_parse_serverhello() local
877 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION || in ext_ems_parse_serverhello()
886 if (ssl->s3->established_session != nullptr && in ext_ems_parse_serverhello()
888 !!ssl->s3->established_session->extended_master_secret) { in ext_ems_parse_serverhello()
899 if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in ext_ems_parse_clienthello()
934 SSL *const ssl = hs->ssl; in ext_ticket_add_clienthello() local
937 SSL_get_options(ssl) & SSL_OP_NO_TICKET) { in ext_ticket_add_clienthello()
947 if (!ssl->s3->initial_handshake_complete && in ext_ticket_add_clienthello()
948 ssl->session != nullptr && in ext_ticket_add_clienthello()
949 !ssl->session->ticket.empty() && in ext_ticket_add_clienthello()
951 ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) { in ext_ticket_add_clienthello()
952 ticket = ssl->session->ticket; in ext_ticket_add_clienthello()
968 SSL *const ssl = hs->ssl; in ext_ticket_parse_serverhello() local
973 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_ticket_parse_serverhello()
980 assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0); in ext_ticket_parse_serverhello()
996 assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0); in ext_ticket_add_serverhello()
1012 SSL *const ssl = hs->ssl; in ext_sigalgs_add_clienthello() local
1033 !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, for_certs) || in ext_sigalgs_add_clienthello()
1064 SSL *const ssl = hs->ssl; in ext_sigalgs_cert_add_clienthello() local
1071 !tls12_has_different_verify_sigalgs_for_certs(ssl)) { in ext_sigalgs_cert_add_clienthello()
1079 !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */) || in ext_sigalgs_cert_add_clienthello()
1112 SSL *const ssl = hs->ssl; in ext_ocsp_parse_serverhello() local
1118 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_ocsp_parse_serverhello()
1155 SSL *const ssl = hs->ssl; in ext_ocsp_add_serverhello() local
1156 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION || in ext_ocsp_add_serverhello()
1158 ssl->s3->session_reused || in ext_ocsp_add_serverhello()
1175 SSL *const ssl = hs->ssl; in ext_npn_add_clienthello() local
1176 if (ssl->s3->initial_handshake_complete || in ext_npn_add_clienthello()
1177 ssl->ctx->next_proto_select_cb == NULL || in ext_npn_add_clienthello()
1178 SSL_is_dtls(ssl)) { in ext_npn_add_clienthello()
1192 SSL *const ssl = hs->ssl; in ext_npn_parse_serverhello() local
1197 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_npn_parse_serverhello()
1204 assert(!ssl->s3->initial_handshake_complete); in ext_npn_parse_serverhello()
1205 assert(!SSL_is_dtls(ssl)); in ext_npn_parse_serverhello()
1206 assert(ssl->ctx->next_proto_select_cb != NULL); in ext_npn_parse_serverhello()
1208 if (!ssl->s3->alpn_selected.empty()) { in ext_npn_parse_serverhello()
1228 if (ssl->ctx->next_proto_select_cb( in ext_npn_parse_serverhello()
1229 ssl, &selected, &selected_len, orig_contents, orig_len, in ext_npn_parse_serverhello()
1230 ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK || in ext_npn_parse_serverhello()
1231 !ssl->s3->next_proto_negotiated.CopyFrom( in ext_npn_parse_serverhello()
1243 SSL *const ssl = hs->ssl; in ext_npn_parse_clienthello() local
1244 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_npn_parse_clienthello()
1253 ssl->s3->initial_handshake_complete || in ext_npn_parse_clienthello()
1254 ssl->ctx->next_protos_advertised_cb == NULL || in ext_npn_parse_clienthello()
1255 SSL_is_dtls(ssl)) { in ext_npn_parse_clienthello()
1264 SSL *const ssl = hs->ssl; in ext_npn_add_serverhello() local
1274 if (ssl->ctx->next_protos_advertised_cb( in ext_npn_add_serverhello()
1275 ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) != in ext_npn_add_serverhello()
1312 SSL *const ssl = hs->ssl; in ext_sct_parse_serverhello() local
1318 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_sct_parse_serverhello()
1337 if (!ssl->s3->session_reused) { in ext_sct_parse_serverhello()
1339 CRYPTO_BUFFER_new_from_CBS(contents, ssl->ctx->pool)); in ext_sct_parse_serverhello()
1364 SSL *const ssl = hs->ssl; in ext_sct_add_serverhello() local
1366 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION || ssl->s3->session_reused || in ext_sct_add_serverhello()
1389 SSL *const ssl = hs->ssl; in ext_alpn_add_clienthello() local
1391 ssl->s3->initial_handshake_complete) { in ext_alpn_add_clienthello()
1410 SSL *const ssl = hs->ssl; in ext_alpn_parse_serverhello() local
1415 assert(!ssl->s3->initial_handshake_complete); in ext_alpn_parse_serverhello()
1443 if (!ssl->s3->alpn_selected.CopyFrom(protocol_name)) { in ext_alpn_parse_serverhello()
1457 if (hs->ssl->ctx->allow_unknown_alpn_protos) { in ssl_is_alpn_protocol_allowed()
1481 SSL *const ssl = hs->ssl; in ssl_negotiate_alpn() local
1483 if (ssl->ctx->alpn_select_cb == NULL || in ssl_negotiate_alpn()
1519 if (ssl->ctx->alpn_select_cb( in ssl_negotiate_alpn()
1520 ssl, &selected, &selected_len, CBS_data(&protocol_name_list), in ssl_negotiate_alpn()
1522 ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) { in ssl_negotiate_alpn()
1528 if (!ssl->s3->alpn_selected.CopyFrom( in ssl_negotiate_alpn()
1539 SSL *const ssl = hs->ssl; in ext_alpn_add_serverhello() local
1540 if (ssl->s3->alpn_selected.empty()) { in ext_alpn_add_serverhello()
1549 !CBB_add_bytes(&proto, ssl->s3->alpn_selected.data(), in ext_alpn_add_serverhello()
1550 ssl->s3->alpn_selected.size()) || in ext_alpn_add_serverhello()
1564 hs->ssl->s3->channel_id_valid = false; in ext_channel_id_init()
1568 SSL *const ssl = hs->ssl; in ext_channel_id_add_clienthello() local
1569 if (!hs->config->channel_id_enabled || SSL_is_dtls(ssl)) { in ext_channel_id_add_clienthello()
1584 SSL *const ssl = hs->ssl; in ext_channel_id_parse_serverhello() local
1589 assert(!SSL_is_dtls(ssl)); in ext_channel_id_parse_serverhello()
1596 ssl->s3->channel_id_valid = true; in ext_channel_id_parse_serverhello()
1603 SSL *const ssl = hs->ssl; in ext_channel_id_parse_clienthello() local
1604 if (contents == NULL || !hs->config->channel_id_enabled || SSL_is_dtls(ssl)) { in ext_channel_id_parse_clienthello()
1612 ssl->s3->channel_id_valid = true; in ext_channel_id_parse_clienthello()
1617 SSL *const ssl = hs->ssl; in ext_channel_id_add_serverhello() local
1618 if (!ssl->s3->channel_id_valid) { in ext_channel_id_add_serverhello()
1637 hs->ssl->s3->srtp_profile = NULL; in ext_srtp_init()
1641 SSL *const ssl = hs->ssl; in ext_srtp_add_clienthello() local
1642 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl); in ext_srtp_add_clienthello()
1671 SSL *const ssl = hs->ssl; in ext_srtp_parse_serverhello() local
1698 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl); in ext_srtp_parse_serverhello()
1704 ssl->s3->srtp_profile = profile; in ext_srtp_parse_serverhello()
1716 SSL *const ssl = hs->ssl; in ext_srtp_parse_clienthello() local
1732 SSL_get_srtp_profiles(ssl); in ext_srtp_parse_clienthello()
1746 ssl->s3->srtp_profile = server_profile; in ext_srtp_parse_clienthello()
1756 SSL *const ssl = hs->ssl; in ext_srtp_add_serverhello() local
1757 if (ssl->s3->srtp_profile == NULL) { in ext_srtp_add_serverhello()
1765 !CBB_add_u16(&profile_ids, ssl->s3->srtp_profile->id) || in ext_srtp_add_serverhello()
1807 if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in ext_ec_point_parse_serverhello()
1831 if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in ext_ec_point_parse_clienthello()
1839 SSL *const ssl = hs->ssl; in ext_ec_point_add_serverhello() local
1840 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in ext_ec_point_add_serverhello()
1861 SSL *const ssl = hs->ssl; in ext_pre_shared_key_clienthello_length() local
1862 if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr || in ext_pre_shared_key_clienthello_length()
1863 ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) { in ext_pre_shared_key_clienthello_length()
1867 size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get())); in ext_pre_shared_key_clienthello_length()
1868 return 15 + ssl->session->ticket.size() + binder_len; in ext_pre_shared_key_clienthello_length()
1872 SSL *const ssl = hs->ssl; in ext_pre_shared_key_add_clienthello() local
1874 if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr || in ext_pre_shared_key_add_clienthello()
1875 ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) { in ext_pre_shared_key_add_clienthello()
1883 ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) { in ext_pre_shared_key_add_clienthello()
1888 ssl_get_current_time(ssl, &now); in ext_pre_shared_key_add_clienthello()
1889 uint32_t ticket_age = 1000 * (now.tv_sec - ssl->session->time); in ext_pre_shared_key_add_clienthello()
1890 uint32_t obfuscated_ticket_age = ticket_age + ssl->session->ticket_age_add; in ext_pre_shared_key_add_clienthello()
1895 size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get())); in ext_pre_shared_key_add_clienthello()
1902 !CBB_add_bytes(&ticket, ssl->session->ticket.data(), in ext_pre_shared_key_add_clienthello()
1903 ssl->session->ticket.size()) || in ext_pre_shared_key_add_clienthello()
1993 if (!hs->ssl->s3->session_reused) { in ssl_ext_pre_shared_key_add_serverhello()
2059 SSL *const ssl = hs->ssl; in ext_early_data_add_clienthello() local
2060 if (!ssl->enable_early_data || in ext_early_data_add_clienthello()
2062 ssl->session == nullptr || in ext_early_data_add_clienthello()
2063 ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION || in ext_early_data_add_clienthello()
2064 ssl->session->ticket_max_early_data == 0 || in ext_early_data_add_clienthello()
2069 (!ssl->session->early_alpn.empty() && in ext_early_data_add_clienthello()
2070 !ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn))) { in ext_early_data_add_clienthello()
2087 SSL *const ssl = hs->ssl; in ext_early_data_parse_serverhello() local
2097 if (!ssl->s3->session_reused) { in ext_early_data_parse_serverhello()
2103 ssl->s3->early_data_accepted = true; in ext_early_data_parse_serverhello()
2109 SSL *const ssl = hs->ssl; in ext_early_data_parse_clienthello() local
2111 ssl_protocol_version(ssl) < TLS1_3_VERSION) { in ext_early_data_parse_clienthello()
2125 if (!hs->ssl->s3->early_data_accepted) { in ext_early_data_add_serverhello()
2144 SSL *const ssl = hs->ssl; in ext_key_share_add_clienthello() local
2172 if (ssl->ctx->grease_enabled && in ext_key_share_add_clienthello()
2354 SSL *const ssl = hs->ssl; in ext_supported_versions_add_clienthello() local
2367 if (ssl->ctx->grease_enabled && in ext_supported_versions_add_clienthello()
2411 SSL *const ssl = hs->ssl; in ext_supported_groups_add_clienthello() local
2420 if (ssl->ctx->grease_enabled && in ext_supported_groups_add_clienthello()
2500 SSL *const ssl = hs->ssl; in ext_token_binding_add_clienthello() local
2501 if (hs->config->token_binding_params.empty() || SSL_is_dtls(ssl)) { in ext_token_binding_add_clienthello()
2522 SSL *const ssl = hs->ssl; in ext_token_binding_parse_serverhello() local
2553 ssl->s3->negotiated_token_binding_param = param; in ext_token_binding_parse_serverhello()
2554 ssl->s3->token_binding_negotiated = true; in ext_token_binding_parse_serverhello()
2572 hs->ssl->s3->negotiated_token_binding_param = tb_param; in select_tb_param()
2583 SSL *const ssl = hs->ssl; in ext_token_binding_parse_clienthello() local
2612 ssl->s3->token_binding_negotiated = true; in ext_token_binding_parse_clienthello()
2617 SSL *const ssl = hs->ssl; in ext_token_binding_add_serverhello() local
2619 if (!ssl->s3->token_binding_negotiated) { in ext_token_binding_add_serverhello()
2628 !CBB_add_u8(¶ms, ssl->s3->negotiated_token_binding_param) || in ext_token_binding_add_serverhello()
2659 SSL *const ssl = hs->ssl; in ext_quic_transport_params_parse_serverhello() local
2664 if (ssl_protocol_version(ssl) < TLS1_3_VERSION) { in ext_quic_transport_params_parse_serverhello()
2669 return ssl->s3->peer_quic_transport_params.CopyFrom(*contents); in ext_quic_transport_params_parse_serverhello()
2675 SSL *const ssl = hs->ssl; in ext_quic_transport_params_parse_clienthello() local
2680 if (ssl_protocol_version(ssl) < TLS1_3_VERSION) { in ext_quic_transport_params_parse_clienthello()
2684 return ssl->s3->peer_quic_transport_params.CopyFrom(*contents); in ext_quic_transport_params_parse_clienthello()
2725 if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { in ext_delegated_credential_parse_clienthello()
2741 for (const auto *alg : hs->ssl->ctx->cert_compression_algs.get()) { in cert_compression_add_clienthello()
2780 sk_CertCompressionAlg_num(hs->ssl->ctx->cert_compression_algs.get()); in cert_compression_parse_clienthello()
2809 hs->ssl->ctx->cert_compression_algs.get(), i); in cert_compression_parse_clienthello()
2828 ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in cert_compression_parse_clienthello()
2831 sk_CertCompressionAlg_value(hs->ssl->ctx->cert_compression_algs.get(), in cert_compression_parse_clienthello()
3057 SSL *const ssl = hs->ssl; in ssl_add_clienthello_tlsext() local
3073 if (ssl->ctx->grease_enabled) { in ssl_add_clienthello_tlsext()
3101 if (ssl->ctx->grease_enabled) { in ssl_add_clienthello_tlsext()
3122 if (!SSL_is_dtls(ssl)) { in ssl_add_clienthello_tlsext()
3186 SSL *const ssl = hs->ssl; in ssl_add_serverhello_tlsext() local
3206 if (ssl_protocol_version(ssl) < TLS1_3_VERSION && in ssl_add_serverhello_tlsext()
3292 SSL *const ssl = hs->ssl; in ssl_parse_clienthello_tlsext() local
3295 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in ssl_parse_clienthello_tlsext()
3309 SSL *const ssl = hs->ssl; in ssl_scan_serverhello_tlsext() local
3311 if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) { in ssl_scan_serverhello_tlsext()
3386 SSL *const ssl = hs->ssl; in ssl_check_clienthello_tlsext() local
3388 if (ssl->s3->token_binding_negotiated && in ssl_check_clienthello_tlsext()
3389 !(SSL_get_secure_renegotiation_support(ssl) && in ssl_check_clienthello_tlsext()
3390 SSL_get_extms_support(ssl))) { in ssl_check_clienthello_tlsext()
3392 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); in ssl_check_clienthello_tlsext()
3399 if (ssl->ctx->servername_callback != 0) { in ssl_check_clienthello_tlsext()
3400 ret = ssl->ctx->servername_callback(ssl, &al, ssl->ctx->servername_arg); in ssl_check_clienthello_tlsext()
3401 } else if (ssl->session_ctx->servername_callback != 0) { in ssl_check_clienthello_tlsext()
3402 ret = ssl->session_ctx->servername_callback( in ssl_check_clienthello_tlsext()
3403 ssl, &al, ssl->session_ctx->servername_arg); in ssl_check_clienthello_tlsext()
3408 ssl_send_alert(ssl, SSL3_AL_FATAL, al); in ssl_check_clienthello_tlsext()
3421 SSL *const ssl = hs->ssl; in ssl_parse_serverhello_tlsext() local
3424 ssl_send_alert(ssl, SSL3_AL_FATAL, alert); in ssl_parse_serverhello_tlsext()
3496 int cb_ret = hs->ssl->session_ctx->ticket_key_cb( in ssl_decrypt_ticket_with_cb()
3497 hs->ssl, const_cast<uint8_t *>(name.data()), in ssl_decrypt_ticket_with_cb()
3516 SSL_CTX *ctx = hs->ssl->session_ctx.get(); in ssl_decrypt_ticket_with_ticket_keys()
3563 hs->ssl->session_ctx->ticket_aead_method->open( in ssl_decrypt_ticket_with_method()
3564 hs->ssl, plaintext.data(), &plaintext_len, ticket.size(), in ssl_decrypt_ticket_with_method()
3582 if ((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) || in ssl_process_ticket()
3589 if (hs->ssl->session_ctx->ticket_aead_method != NULL) { in ssl_process_ticket()
3600 if (hs->ssl->session_ctx->ticket_key_cb != NULL) { in ssl_process_ticket()
3614 plaintext.data(), plaintext.size(), hs->ssl->ctx.get())); in ssl_process_ticket()
3631 if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) { in tls1_parse_peer_sigalgs()
3655 SSL *const ssl = hs->ssl; in tls1_choose_signature_algorithm() local
3661 if (ssl_protocol_version(ssl) < TLS1_2_VERSION) { in tls1_choose_signature_algorithm()
3700 if (peer_sigalgs.empty() && ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { in tls1_get_peer_verify_algorithms()
3712 SSL *const ssl = hs->ssl; in tls1_verify_channel_id() local
3723 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); in tls1_verify_channel_id()
3770 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); in tls1_verify_channel_id()
3771 ssl->s3->channel_id_valid = false; in tls1_verify_channel_id()
3775 OPENSSL_memcpy(ssl->s3->channel_id, p, 64); in tls1_verify_channel_id()
3820 SSL *const ssl = hs->ssl; in tls1_channel_id_hash() local
3821 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in tls1_channel_id_hash()
3838 if (ssl->session != NULL) { in tls1_channel_id_hash()
3841 if (ssl->session->original_handshake_hash_len == 0) { in tls1_channel_id_hash()
3845 SHA256_Update(&ctx, ssl->session->original_handshake_hash, in tls1_channel_id_hash()
3846 ssl->session->original_handshake_hash_len); in tls1_channel_id_hash()
3861 SSL *const ssl = hs->ssl; in tls1_record_handshake_hashes_for_channel_id() local
3865 if (ssl->session != NULL) { in tls1_record_handshake_hashes_for_channel_id()
3888 hs->ssl->ctx->channel_id_cb == NULL) { in ssl_do_channel_id_callback()
3893 hs->ssl->ctx->channel_id_cb(hs->ssl, &key); in ssl_do_channel_id_callback()
3900 return SSL_set1_tls_channel_id(hs->ssl, key); in ssl_do_channel_id_callback()