Lines Matching refs:ssl
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
149 #include <openssl/ssl.h>
188 SSL *const ssl = hs->ssl;
191 assert(ssl->handshake_func == ssl3_accept);
192 assert(ssl->server);
199 ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
204 ret = ssl->method->ssl_get_message(ssl);
234 ssl->method->received_flight(ssl);
243 if (ssl->session != NULL) {
307 ret = ssl->method->read_change_cipher_spec(ssl);
331 if (ssl->s3->tlsext_channel_id_valid) {
346 ssl->method->received_flight(ssl);
347 if (ssl->session != NULL) {
356 if (ssl->session == NULL && ssl->s3->tlsext_channel_id_valid) {
370 if (ssl->session != NULL) {
378 ret = ssl->method->flush_flight(ssl);
385 ssl->method->expect_flight(ssl);
406 ssl->method->release_current_message(ssl, 1 /* free_buffer */);
411 ssl->retain_only_sha256_of_client_certs) {
414 ssl->ctx->x509_method->session_clear(hs->new_session);
417 SSL_SESSION_free(ssl->s3->established_session);
418 if (ssl->session != NULL) {
419 SSL_SESSION_up_ref(ssl->session);
420 ssl->s3->established_session = ssl->session;
422 ssl->s3->established_session = hs->new_session;
423 ssl->s3->established_session->not_resumable = 0;
427 ssl->s3->initial_handshake_complete = 1;
430 ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
435 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE);
441 ssl_do_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 1);
446 ssl_do_info_callback(ssl, SSL_CB_ACCEPT_EXIT, ret);
472 SSL *const ssl = hs->ssl;
473 assert(!ssl->s3->have_version);
480 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
491 0x03, 0x00, /* SSL 3 */
500 if (SSL_is_dtls(ssl)) {
523 if (!ssl_negotiate_version(hs, out_alert, &ssl->version, &versions)) {
527 /* At this point, the connection's version is known and |ssl->version| is
529 ssl->s3->have_version = 1;
534 ssl3_protocol_version(ssl) < hs->max_version) {
535 OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
551 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
559 OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
565 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
584 SSL *const ssl = hs->ssl;
588 if (ssl_has_certificate(ssl)) {
602 if (ssl->psk_server_callback != NULL) {
614 SSL *const ssl = hs->ssl;
631 if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
650 SSL_CIPHER_get_min_version(c) <= ssl3_protocol_version(ssl) &&
651 ssl3_protocol_version(ssl) <= SSL_CIPHER_get_max_version(c) &&
685 SSL *const ssl = hs->ssl;
686 if (!ssl_check_message_type(ssl, SSL3_MT_CLIENT_HELLO)) {
691 if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
692 ssl->init_num)) {
693 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
694 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
699 if (ssl->ctx->select_certificate_cb != NULL) {
700 switch (ssl->ctx->select_certificate_cb(&client_hello)) {
702 ssl->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
707 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
708 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
717 if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
723 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
729 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
732 OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
739 (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
741 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMPRESSION_LIST);
742 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
748 OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
756 SSL *const ssl = hs->ssl;
758 if (ssl->cert->cert_cb != NULL) {
759 int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
761 OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
762 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
766 ssl->rwstate = SSL_X509_LOOKUP;
775 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
783 if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
784 ssl->init_num)) {
791 ssl3_choose_cipher(hs, &client_hello, ssl_get_cipher_preferences(ssl));
793 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
794 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
802 SSL *const ssl = hs->ssl;
804 if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
805 ssl->init_num)) {
814 auto session_ret = ssl_get_prev_session(ssl, &session_raw, &tickets_supported,
823 ssl->rwstate = SSL_PENDING_SESSION;
826 ssl->rwstate = SSL_PENDING_TICKET;
834 OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
835 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
850 ssl->session = session.release();
851 ssl->s3->session_reused = 1;
854 ssl_set_session(ssl, NULL);
860 if (!(ssl->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) {
865 if (ssl->ctx->dos_protection_cb != NULL &&
866 ssl->ctx->dos_protection_cb(&client_hello) == 0) {
868 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
869 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
873 if (ssl->session == NULL) {
881 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
887 hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER);
889 if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
890 ssl->s3->tlsext_channel_id_valid) {
909 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
915 if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
918 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
931 SSL *const ssl = hs->ssl;
935 if (ssl->s3->tlsext_channel_id_valid &&
937 ssl->s3->tlsext_channel_id_valid = 0;
943 if (ssl->session != NULL &&
944 ssl->session->original_handshake_hash_len == 0) {
945 ssl->s3->tlsext_channel_id_valid = 0;
949 ssl_get_current_time(ssl, &now);
950 ssl->s3->server_random[0] = now.tv_sec >> 24;
951 ssl->s3->server_random[1] = now.tv_sec >> 16;
952 ssl->s3->server_random[2] = now.tv_sec >> 8;
953 ssl->s3->server_random[3] = now.tv_sec;
954 if (!RAND_bytes(ssl->s3->server_random + 4, SSL3_RANDOM_SIZE - 4)) {
962 if (ssl->session != NULL) {
963 session = ssl->session;
967 if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_SERVER_HELLO) ||
968 !CBB_add_u16(&body, ssl->version) ||
969 !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
976 !ssl_add_message_cbb(ssl, &cbb)) {
977 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
986 SSL *const ssl = hs->ssl;
990 if (!ssl_has_certificate(ssl)) {
991 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET);
995 if (!ssl3_output_cert_chain(ssl)) {
1001 if (!ssl->method->init_message(ssl, cbb.get(), &body,
1006 CRYPTO_BUFFER_data(ssl->cert->ocsp_response),
1007 CRYPTO_BUFFER_len(ssl->cert->ocsp_response)) ||
1008 !ssl_add_message_cbb(ssl, cbb.get())) {
1009 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1019 ((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
1025 !CBB_add_bytes(cbb.get(), ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
1026 !CBB_add_bytes(cbb.get(), ssl->s3->server_random, SSL3_RANDOM_SIZE)) {
1033 (ssl->psk_identity_hint == NULL) ? 0 : strlen(ssl->psk_identity_hint);
1035 !CBB_add_bytes(&child, (const uint8_t *)ssl->psk_identity_hint,
1045 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1046 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1072 SSL *const ssl = hs->ssl;
1074 if (!ssl->method->init_message(ssl, &cbb, &body,
1085 if (!ssl_has_private_key(ssl)) {
1086 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1095 if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
1097 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1098 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1123 ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
1128 if (!ssl_add_message_cbb(ssl, &cbb)) {
1144 SSL *const ssl = hs->ssl;
1149 if (!ssl->method->init_message(ssl, &cbb, &body,
1153 (ssl3_protocol_version(ssl) >= TLS1_VERSION &&
1155 (ssl3_protocol_version(ssl) >= TLS1_2_VERSION &&
1157 !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
1158 !ssl_add_client_CA_list(ssl, &body) ||
1159 !ssl_add_message_cbb(ssl, &cbb)) {
1164 if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_SERVER_HELLO_DONE) ||
1165 !ssl_add_message_cbb(ssl, &cbb)) {
1172 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1178 SSL *const ssl = hs->ssl;
1181 int msg_ret = ssl->method->ssl_get_message(ssl);
1186 if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
1187 if (ssl->version == SSL3_VERSION &&
1188 ssl->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
1189 /* In SSL 3.0, the Certificate message is omitted to signal no
1191 if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
1192 OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
1193 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1200 ssl->s3->tmp.reuse_message = 1;
1204 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
1205 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1214 CBS_init(&certificate_msg, ssl->init_msg, ssl->init_num);
1222 ssl->retain_only_sha256_of_client_certs ? hs->new_session->peer_sha256
1224 &certificate_msg, ssl->ctx->pool);
1226 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1231 !ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
1232 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1233 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1241 /* In SSL 3.0, sending no certificate is signaled by omitting the
1243 if (ssl->version == SSL3_VERSION) {
1244 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATES_RETURNED);
1245 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1249 if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
1251 OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
1252 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1263 if (ssl->retain_only_sha256_of_client_certs) {
1267 if (!ssl->ctx->x509_method->session_verify_cert_chain(hs->new_session, ssl)) {
1275 SSL *const ssl = hs->ssl;
1282 int ret = ssl->method->ssl_get_message(ssl);
1288 if (!ssl_check_message_type(ssl, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
1292 CBS_init(&client_key_exchange, ssl->init_msg, ssl->init_num);
1304 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1305 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1311 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
1312 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1317 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1318 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1327 if (ssl->version > SSL3_VERSION) {
1331 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1332 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1343 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1358 ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
1364 OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
1365 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1374 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1384 OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
1385 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1419 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1420 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1429 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1436 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1437 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1444 if (ssl->psk_server_callback == NULL) {
1445 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1446 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1452 unsigned psk_len = ssl->psk_server_callback(
1453 ssl, hs->new_session->psk_identity, psk, sizeof(psk));
1455 OPENSSL_PUT_ERROR(SSL
1456 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1460 OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1461 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
1471 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1487 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1525 SSL *const ssl = hs->ssl;
1536 int msg_ret = ssl->method->ssl_get_message(ssl);
1541 if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY)) {
1545 CBS_init(&certificate_verify, ssl->init_msg, ssl->init_num);
1549 if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
1551 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1552 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1556 if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1557 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
1563 OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
1564 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
1571 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1572 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1579 if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
1596 ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm,
1606 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
1607 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1624 SSL *const ssl = hs->ssl;
1625 int ret = ssl->method->ssl_get_message(ssl);
1630 if (!ssl_check_message_type(ssl, SSL3_MT_NEXT_PROTO) ||
1636 CBS_init(&next_protocol, ssl->init_msg, ssl->init_num);
1640 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1641 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1645 if (!CBS_stow(&selected_protocol, &ssl->s3->next_proto_negotiated,
1646 &ssl->s3->next_proto_negotiated_len)) {
1655 SSL *const ssl = hs->ssl;
1656 int msg_ret = ssl->method->ssl_get_message(ssl);
1661 if (!ssl_check_message_type(ssl, SSL3_MT_CHANNEL_ID) ||
1670 SSL *const ssl = hs->ssl;
1675 if (ssl->session == NULL) {
1677 ssl_session_rebase_time(ssl, hs->new_session);
1682 session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
1687 ssl_session_rebase_time(ssl, session_copy);
1692 int ok = ssl->method->init_message(ssl, &cbb, &body,
1696 ssl_encrypt_ticket(ssl, &ticket, session) &&
1697 ssl_add_message_cbb(ssl, &cbb);
1705 if (!ssl->method->add_change_cipher_spec(ssl) ||
