Home | History | Annotate | Download | only in ssl

Lines Matching refs:ssl

4  * This package is an SSL implementation written
6  * The implementation was written so as to conform with Netscapes SSL.
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
149 #include <openssl/ssl.h>
221   SSL *const ssl = hs->ssl;
222   assert(!ssl->s3->have_version);
229       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
240         0x03, 0x00,  // SSL 3
249     if (SSL_is_dtls(ssl)) {
272   if (!ssl_negotiate_version(hs, out_alert, &ssl->version, &versions)) {
276   // At this point, the connection's version is known and |ssl->version| is
278   ssl->s3->have_version = true;
279   ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
284       ssl_protocol_version(ssl) < hs->max_version) {
285     OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
301     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
309       OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
315       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
330   SSL *const ssl = hs->ssl;
334   if (ssl_has_certificate(ssl)) {
348   if (ssl->psk_server_callback != NULL) {
360   SSL *const ssl = hs->ssl;
377   if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
395         SSL_CIPHER_get_min_version(c) <= ssl_protocol_version(ssl) &&
396         ssl_protocol_version(ssl) <= SSL_CIPHER_get_max_version(c) &&
427   ssl_do_info_callback(hs->ssl, SSL_CB_HANDSHAKE_START, 1);
433   SSLssl = hs->ssl;
436   if (!ssl->method->get_message(ssl, &msg)) {
440   if (!ssl_check_message_type(ssl, msg, SSL3_MT_CLIENT_HELLO)) {
444   if (ssl->handoff) {
449   if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
450     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
451     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
456   if (ssl->ctx->select_certificate_cb != NULL) {
457     switch (ssl->ctx->select_certificate_cb(&client_hello)) {
463         OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
464         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
473   if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
479     ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
485     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
488   OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
495       (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
497     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMPRESSION_LIST);
498     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
504     OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
513   SSL *const ssl = hs->ssl;
516   if (!ssl->method->get_message(ssl, &msg)) {
521   if (ssl->cert->cert_cb != NULL) {
522     int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
524       OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
525       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
537   if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
544   if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
551       ssl3_choose_cipher(hs, &client_hello, ssl_get_cipher_preferences(ssl));
553     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
554     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
573   SSL *const ssl = hs->ssl;
576   if (!ssl->method->get_message(ssl, &msg)) {
581   if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
589       ssl, &session, &tickets_supported, &renew_ticket, &client_hello);
598       OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
599       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
614     ssl->session = session.release();
615     ssl->s3->session_reused = true;
618     ssl_set_session(ssl, NULL);
624     if (!(ssl->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) {
629   if (ssl->ctx->dos_protection_cb != NULL &&
630       ssl->ctx->dos_protection_cb(&client_hello) == 0) {
632     OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
633     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
637   if (ssl->session == NULL) {
641     hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER);
643     if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
644         ssl->s3->tlsext_channel_id_valid) {
663     ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
669   if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
671     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
680   ssl->method->next_message(ssl);
687   SSL *const ssl = hs->ssl;
691   if (ssl->s3->tlsext_channel_id_valid &&
693     ssl->s3->tlsext_channel_id_valid = false;
699   if (ssl->session != NULL &&
700       ssl->session->original_handshake_hash_len == 0) {
701     ssl->s3->tlsext_channel_id_valid = false;
705   ssl_get_current_time(ssl, &now);
706   ssl->s3->server_random[0] = now.tv_sec >> 24;
707   ssl->s3->server_random[1] = now.tv_sec >> 16;
708   ssl->s3->server_random[2] = now.tv_sec >> 8;
709   ssl->s3->server_random[3] = now.tv_sec;
710   if (!RAND_bytes(ssl->s3->server_random + 4, SSL3_RANDOM_SIZE - 4)) {
720     OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
726   if (ssl->session != NULL) {
727     session = ssl->session;
732   if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
733       !CBB_add_u16(&body, ssl->version) ||
734       !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
741       !ssl_add_message_cbb(ssl, cbb.get())) {
742     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
746   if (ssl->session != NULL) {
755   SSL *const ssl = hs->ssl;
759     if (!ssl_has_certificate(ssl)) {
760       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET);
764     if (!ssl_output_cert_chain(ssl)) {
770       if (!ssl->method->init_message(ssl, cbb.get(), &body,
775                          CRYPTO_BUFFER_data(ssl->cert->ocsp_response),
776                          CRYPTO_BUFFER_len(ssl->cert->ocsp_response)) ||
777           !ssl_add_message_cbb(ssl, cbb.get())) {
778         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
788       ((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
794         !CBB_add_bytes(cbb.get(), ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
795         !CBB_add_bytes(cbb.get(), ssl->s3->server_random, SSL3_RANDOM_SIZE)) {
802           (ssl->psk_identity_hint == NULL) ? 0 : strlen(ssl->psk_identity_hint);
804           !CBB_add_bytes(&child, (const uint8_t *)ssl->psk_identity_hint,
814         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
815         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
843   SSL *const ssl = hs->ssl;
852   if (!ssl->method->init_message(ssl, cbb.get(), &body,
863     if (!ssl_has_private_key(ssl)) {
864       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
873     if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
875         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
876         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
904   if (!ssl_add_message_cbb(ssl, cbb.get())) {
915   SSL *const ssl = hs->ssl;
922     if (!ssl->method->init_message(ssl, cbb.get(), &body,
926         (ssl_protocol_version(ssl) >= TLS1_VERSION &&
928         (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
930           !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
931         !ssl_add_client_CA_list(ssl, &body) ||
932 ssl, cbb.get())) {
933       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
938   if (!ssl->method->init_message(ssl, cbb.get(), &body,
940       !ssl_add_message_cbb(ssl, cbb.get())) {
941     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
950   SSL *const ssl = hs->ssl;
958   if (!ssl->method->get_message(ssl, &msg)) {
963     if (ssl->version == SSL3_VERSION &&
965       // In SSL 3.0, the Certificate message is omitted to signal no
967       if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
968         OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
969         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
980     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
981     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
993                             ssl->retain_only_sha256_of_client_certs
996                             &certificate_msg, ssl->ctx->pool)) {
997     ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1004       !ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
1005     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1006     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1014     // In SSL 3.0, sending no certificate is signaled by omitting the
1016     if (ssl->version == SSL3_VERSION) {
1017       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATES_RETURNED);
1018       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1022     if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
1024       OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
1025       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1032   } else if (ssl->retain_only_sha256_of_client_certs) {
1037   ssl->method->next_message(ssl);
1059   SSL *const ssl = hs->ssl;
1061   if (!ssl->method->get_message(ssl, &msg)) {
1065   if (!ssl_check_message_type(ssl, msg, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
1081       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1082       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1088       OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
1089       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1094       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1095       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1104     if (ssl->version > SSL3_VERSION) {
1108         OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1109         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1137       OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
1138       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1152       OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
1153       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1184       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1185       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1192       ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1199     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1200     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1207     if (ssl->psk_server_callback == NULL) {
1208       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1209       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1215     unsigned psk_len = ssl->psk_server_callback(
1216         ssl, hs->new_session->psk_identity, psk, sizeof(psk));
1218       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1219       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1223       OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1224       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
1247       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1264   ssl->method->next_message(ssl);
1270   SSL *const ssl = hs->ssl;
1281   if (!ssl->method->get_message(ssl, &msg)) {
1285   if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE_VERIFY)) {
1293   if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1295       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1296       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1300     if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1301       ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1307     OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
1308     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
1315     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1316     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1323   if (ssl_protocol_version(ssl) == SSL3_VERSION) {
1339         ssl_public_key_verify(ssl, signature, signature_algorithm,
1348     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
1349     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1360   ssl->method->next_message(ssl);
1380   SSL *const ssl = hs->ssl;
1388   if (!ssl->method->get_message(ssl, &msg)) {
1392   if (!ssl_check_message_type(ssl, msg, SSL3_MT_NEXT_PROTO) ||
1401     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1402     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1406   if (!ssl->s3->next_proto_negotiated.CopyFrom(selected_protocol)) {
1410   ssl->method->next_message(ssl);
1416   SSL *const ssl = hs->ssl;
1418   if (!ssl->s3->tlsext_channel_id_valid) {
1424   if (!ssl->method->get_message(ssl, &msg)) {
1428   if (!ssl_check_message_type(ssl, msg, SSL3_MT_CHANNEL_ID) ||
1434   ssl->method->next_message(ssl);
1440   SSL *const ssl = hs->ssl;
1446   if (ssl->session != NULL) {
1455   if (ssl->session == NULL && ssl->s3->tlsext_channel_id_valid &&
1464   SSL *const ssl = hs->ssl;
1469     if (ssl->session == NULL) {
1471       ssl_session_rebase_time(ssl, hs->new_session.get());
1476       session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
1481       ssl_session_rebase_time(ssl, session_copy.get());
1487     if (!ssl->method->init_message(ssl, cbb.get(), &body,
1491         !ssl_encrypt_ticket(ssl, &ticket, session) ||
1492         !ssl_add_message_cbb(ssl, cbb.get())) {
1497   if (!ssl->method->add_change_cipher_spec(ssl) ||
1503   if (ssl->session != NULL) {
1512   SSL *const ssl = hs->ssl;
1514   ssl->method->on_handshake_complete(ssl);
1517   if (hs->new_session != NULL && ssl->retain_only_sha256_of_client_certs) {
1520     ssl->ctx->x509_method->session_clear(hs->new_session.get());
1523   if (ssl->session != NULL) {
1524     SSL_SESSION_up_ref(ssl->session);
1525     ssl->s3->established_session.reset(ssl->session);
1527     ssl->s3->established_session = std::move(hs->new_session);
1528     ssl->s3->established_session->not_resumable = 0;
1532   ssl->s3->initial_handshake_complete = true;
1611       ssl_do_info_callback(hs->ssl, SSL_CB_ACCEPT_LOOP, 1);
1619   ssl_do_info_callback(hs->ssl, SSL_CB_HANDSHAKE_DONE, 1);