Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame ssl/statem/statem_clnt.c

Blob History Raw

Packit Service	084de1	`/*`
Packit Service	084de1	`* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.`
Packit Service	084de1	`* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved`
Packit Service	084de1	`* Copyright 2005 Nokia. All rights reserved.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit Service	084de1	`* this file except in compliance with the License. You can obtain a copy`
Packit Service	084de1	`* in the file LICENSE in the source distribution or at`
Packit Service	084de1	`* https://www.openssl.org/source/license.html`
Packit Service	084de1	`*/`
Packit Service	084de1
Packit Service	084de1	`#include <stdio.h>`
Packit Service	084de1	`#include <time.h>`
Packit Service	084de1	`#include <assert.h>`
Packit Service	084de1	`#include "../ssl_local.h"`
Packit Service	084de1	`#include "statem_local.h"`
Packit Service	084de1	`#include <openssl/buffer.h>`
Packit Service	084de1	`#include <openssl/rand.h>`
Packit Service	084de1	`#include <openssl/objects.h>`
Packit Service	084de1	`#include <openssl/evp.h>`
Packit Service	084de1	`#include <openssl/md5.h>`
Packit Service	084de1	`#include <openssl/dh.h>`
Packit Service	084de1	`#include <openssl/bn.h>`
Packit Service	084de1	`#include <openssl/engine.h>`
Packit Service	084de1	`#include <internal/cryptlib.h>`
Packit Service	084de1
Packit Service	084de1	`static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL s, PACKET pkt);`
Packit Service	084de1	`static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL s, PACKET pkt);`
Packit Service	084de1
Packit Service	084de1	`static ossl_inline int cert_req_allowed(SSL *s);`
Packit Service	084de1	`static int key_exchange_expected(SSL *s);`
Packit Service	084de1	`static int ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk,`
Packit Service	084de1	`WPACKET *pkt);`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Is a CertificateRequest message allowed at the moment or not?`
Packit Service	084de1	`*`
Packit Service	084de1	`* Return values are:`
Packit Service	084de1	`* 1: Yes`
Packit Service	084de1	`* 0: No`
Packit Service	084de1	`*/`
Packit Service	084de1	`static ossl_inline int cert_req_allowed(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`/* TLS does not like anon-DH with client cert */`
Packit Service	084de1	`if ((s->version > SSL3_VERSION`
Packit Service	084de1	`&& (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))`
Packit Service	084de1	`\|\| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP \| SSL_aPSK)))`
Packit Service	084de1	`return 0;`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Should we expect the ServerKeyExchange message or not?`
Packit Service	084de1	`*`
Packit Service	084de1	`* Return values are:`
Packit Service	084de1	`* 1: Yes`
Packit Service	084de1	`* 0: No`
Packit Service	084de1	`*/`
Packit Service	084de1	`static int key_exchange_expected(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Can't skip server key exchange if this is an ephemeral`
Packit Service	084de1	`* ciphersuite or for SRP`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (alg_k & (SSL_kDHE \| SSL_kECDHE \| SSL_kDHEPSK \| SSL_kECDHEPSK`
Packit Service	084de1	`\| SSL_kSRP)) {`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* ossl_statem_client_read_transition() encapsulates the logic for the allowed`
Packit Service	084de1	`* handshake state transitions when a TLS1.3 client is reading messages from the`
Packit Service	084de1	`* server. The message type that the server has sent is provided in \|mt\|. The`
Packit Service	084de1	`* current state is in \|s->statem.hand_state\|.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Return values are 1 for success (transition allowed) and 0 on error`
Packit Service	084de1	`* (transition not allowed)`
Packit Service	084de1	`*/`
Packit Service	084de1	`static int ossl_statem_client13_read_transition(SSL *s, int mt)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't`
Packit Service	084de1	`* yet negotiated TLSv1.3 at that point so that is handled by`
Packit Service	084de1	`* ossl_statem_client_read_transition()`
Packit Service	084de1	`*/`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CLNT_HELLO:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* This must a ClientHello following a HelloRetryRequest, so the only`
Packit Service	084de1	`* thing we can get now is a ServerHello.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (mt == SSL3_MT_SERVER_HELLO) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SRVR_HELLO;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_HELLO:`
Packit Service	084de1	`if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_ENCRYPTED_EXTENSIONS:`
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`if (mt == SSL3_MT_FINISHED) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_FINISHED;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE_REQUEST) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT_REQ;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_REQ:`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT:`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE_VERIFY) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT_VRFY;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_VRFY:`
Packit Service	084de1	`if (mt == SSL3_MT_FINISHED) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_FINISHED;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_OK:`
Packit Service	084de1	`if (mt == SSL3_MT_NEWSESSION_TICKET) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SESSION_TICKET;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (mt == SSL3_MT_KEY_UPDATE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_KEY_UPDATE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE_REQUEST) {`
Packit Service	084de1	`#if DTLS_MAX_VERSION != DTLS1_2_VERSION`
Packit Service	084de1	`# error TODO(DTLS1.3): Restore digest for PHA before adding message.`
Packit Service	084de1	`#endif`
Packit Service	084de1	`if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {`
Packit Service	084de1	`s->post_handshake_auth = SSL_PHA_REQUESTED;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLS, this is called before the message is added to the`
Packit Service	084de1	`* digest. In DTLS, this is expected to be called after adding`
Packit Service	084de1	`* to the digest. Either move the digest restore, or add the`
Packit Service	084de1	`* message here after the swap, or do it after the clientFinished?`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!tls13_restore_handshake_digest_for_pha(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT_REQ;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* No valid transition found */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* ossl_statem_client_read_transition() encapsulates the logic for the allowed`
Packit Service	084de1	`* handshake state transitions when the client is reading messages from the`
Packit Service	084de1	`* server. The message type that the server has sent is provided in \|mt\|. The`
Packit Service	084de1	`* current state is in \|s->statem.hand_state\|.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Return values are 1 for success (transition allowed) and 0 on error`
Packit Service	084de1	`* (transition not allowed)`
Packit Service	084de1	`*/`
Packit Service	084de1	`int ossl_statem_client_read_transition(SSL *s, int mt)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1	`int ske_expected;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Note that after writing the first ClientHello we don't know what version`
Packit Service	084de1	`* we are going to negotiate yet, so we don't take this branch until later.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`if (!ossl_statem_client13_read_transition(s, mt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CLNT_HELLO:`
Packit Service	084de1	`if (mt == SSL3_MT_SERVER_HELLO) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SRVR_HELLO;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {`
Packit Service	084de1	`st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_EARLY_DATA:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We've not actually selected TLSv1.3 yet, but we have sent early`
Packit Service	084de1	`* data. The only thing allowed now is a ServerHello or a`
Packit Service	084de1	`* HelloRetryRequest.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (mt == SSL3_MT_SERVER_HELLO) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SRVR_HELLO;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_HELLO:`
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`if (s->ext.ticket_expected) {`
Packit Service	084de1	`if (mt == SSL3_MT_NEWSESSION_TICKET) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SESSION_TICKET;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CHANGE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {`
Packit Service	084de1	`st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`} else if (s->version >= TLS1_VERSION`
Packit Service	084de1	`&& s->ext.session_secret_cb != NULL`
Packit Service	084de1	`&& s->session->ext.tick != NULL`
Packit Service	084de1	`&& mt == SSL3_MT_CHANGE_CIPHER_SPEC) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Normally, we can tell if the server is resuming the session`
Packit Service	084de1	`* from the session ID. EAP-FAST (RFC 4851), however, relies on`
Packit Service	084de1	`* the next server message after the ServerHello to determine if`
Packit Service	084de1	`* the server is resuming.`
Packit Service	084de1	`*/`
Packit Service	084de1	`s->hit = 1;`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CHANGE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`} else if (!(s->s3->tmp.new_cipher->algorithm_auth`
Packit Service	084de1	`& (SSL_aNULL \| SSL_aSRP \| SSL_aPSK))) {`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`ske_expected = key_exchange_expected(s);`
Packit Service	084de1	`/* SKE is optional for some PSK ciphersuites */`
Packit Service	084de1	`if (ske_expected`
Packit Service	084de1	`\|\| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)`
Packit Service	084de1	`&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {`
Packit Service	084de1	`if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_KEY_EXCH;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (mt == SSL3_MT_CERTIFICATE_REQUEST`
Packit Service	084de1	`&& cert_req_allowed(s)) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT_REQ;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`} else if (mt == SSL3_MT_SERVER_DONE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SRVR_DONE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* The CertificateStatus message is optional even if`
Packit Service	084de1	`* \|ext.status_expected\| is set`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT_STATUS;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* Fall through */`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_STATUS:`
Packit Service	084de1	`ske_expected = key_exchange_expected(s);`
Packit Service	084de1	`/* SKE is optional for some PSK ciphersuites */`
Packit Service	084de1	`if (ske_expected \|\| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)`
Packit Service	084de1	`&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {`
Packit Service	084de1	`if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_KEY_EXCH;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* Fall through */`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_KEY_EXCH:`
Packit Service	084de1	`if (mt == SSL3_MT_CERTIFICATE_REQUEST) {`
Packit Service	084de1	`if (cert_req_allowed(s)) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CERT_REQ;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* Fall through */`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_REQ:`
Packit Service	084de1	`if (mt == SSL3_MT_SERVER_DONE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SRVR_DONE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_FINISHED:`
Packit Service	084de1	`if (s->ext.ticket_expected) {`
Packit Service	084de1	`if (mt == SSL3_MT_NEWSESSION_TICKET) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_SESSION_TICKET;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CHANGE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SESSION_TICKET:`
Packit Service	084de1	`if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_CHANGE;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CHANGE:`
Packit Service	084de1	`if (mt == SSL3_MT_FINISHED) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_FINISHED;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_OK:`
Packit Service	084de1	`if (mt == SSL3_MT_HELLO_REQUEST) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CR_HELLO_REQ;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`err:`
Packit Service	084de1	`/* No valid transition found */`
Packit Service	084de1	`if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {`
Packit Service	084de1	`BIO *rbio;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* CCS messages don't have a message sequence number so this is probably`
Packit Service	084de1	`* because of an out-of-order CCS. We'll just drop it.`
Packit Service	084de1	`*/`
Packit Service	084de1	`s->init_num = 0;`
Packit Service	084de1	`s->rwstate = SSL_READING;`
Packit Service	084de1	`rbio = SSL_get_rbio(s);`
Packit Service	084de1	`BIO_clear_retry_flags(rbio);`
Packit Service	084de1	`BIO_set_retry_read(rbio);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION,`
Packit Service	084de1	`SSL_R_UNEXPECTED_MESSAGE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* ossl_statem_client13_write_transition() works out what handshake state to`
Packit Service	084de1	`* move to next when the TLSv1.3 client is writing messages to be sent to the`
Packit Service	084de1	`* server.`
Packit Service	084de1	`*/`
Packit Service	084de1	`static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated`
Packit Service	084de1	`* TLSv1.3 yet at that point. They are handled by`
Packit Service	084de1	`* ossl_statem_client_write_transition().`
Packit Service	084de1	`*/`
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* Shouldn't happen */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return WRITE_TRAN_ERROR;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_REQ:`
Packit Service	084de1	`if (s->post_handshake_auth == SSL_PHA_REQUESTED) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CERT;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We should only get here if we received a CertificateRequest after`
Packit Service	084de1	`* we already sent close_notify`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!ossl_assert((s->shutdown & SSL_SENT_SHUTDOWN) != 0)) {`
Packit Service	084de1	`/* Shouldn't happen - same as default case */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return WRITE_TRAN_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`st->hand_state = TLS_ST_OK;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_FINISHED:`
Packit Service	084de1	`if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY`
Packit Service	084de1	`\|\| s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)`
Packit Service	084de1	`st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;`
Packit Service	084de1	`else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0`
Packit Service	084de1	`&& s->hello_retry_request == SSL_HRR_NONE)`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`else`
Packit Service	084de1	`st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT`
Packit Service	084de1	`: TLS_ST_CW_FINISHED;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_PENDING_EARLY_DATA_END:`
Packit Service	084de1	`if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* Fall through */`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_END_OF_EARLY_DATA:`
Packit Service	084de1	`case TLS_ST_CW_CHANGE:`
Packit Service	084de1	`st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT`
Packit Service	084de1	`: TLS_ST_CW_FINISHED;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CERT:`
Packit Service	084de1	`/* If a non-empty Certificate we also send CertificateVerify */`
Packit Service	084de1	`st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY`
Packit Service	084de1	`: TLS_ST_CW_FINISHED;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CERT_VRFY:`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_FINISHED;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_KEY_UPDATE:`
Packit Service	084de1	`case TLS_ST_CW_KEY_UPDATE:`
Packit Service	084de1	`case TLS_ST_CR_SESSION_TICKET:`
Packit Service	084de1	`case TLS_ST_CW_FINISHED:`
Packit Service	084de1	`st->hand_state = TLS_ST_OK;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_OK:`
Packit Service	084de1	`if (s->key_update != SSL_KEY_UPDATE_NONE) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_KEY_UPDATE;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Try to read from the server instead */`
Packit Service	084de1	`return WRITE_TRAN_FINISHED;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* ossl_statem_client_write_transition() works out what handshake state to`
Packit Service	084de1	`* move to next when the client is writing messages to be sent to the server.`
Packit Service	084de1	`*/`
Packit Service	084de1	`WRITE_TRAN ossl_statem_client_write_transition(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Note that immediately before/after a ClientHello we don't know what`
Packit Service	084de1	`* version we are going to negotiate yet, so we don't take this branch until`
Packit Service	084de1	`* later`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_TLS13(s))`
Packit Service	084de1	`return ossl_statem_client13_write_transition(s);`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* Shouldn't happen */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return WRITE_TRAN_ERROR;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_OK:`
Packit Service	084de1	`if (!s->renegotiate) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We haven't requested a renegotiation ourselves so we must have`
Packit Service	084de1	`* received a message from the server. Better read it.`
Packit Service	084de1	`*/`
Packit Service	084de1	`return WRITE_TRAN_FINISHED;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* Renegotiation */`
Packit Service	084de1	`/* fall thru */`
Packit Service	084de1	`case TLS_ST_BEFORE:`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CLNT_HELLO;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CLNT_HELLO:`
Packit Service	084de1	`if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We are assuming this is a TLSv1.3 connection, although we haven't`
Packit Service	084de1	`* actually selected a version yet.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`else`
Packit Service	084de1	`st->hand_state = TLS_ST_EARLY_DATA;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* No transition at the end of writing because we don't know what`
Packit Service	084de1	`* we will be sent`
Packit Service	084de1	`*/`
Packit Service	084de1	`return WRITE_TRAN_FINISHED;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_HELLO:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We only get here in TLSv1.3. We just received an HRR, so issue a`
Packit Service	084de1	`* CCS unless middlebox compat mode is off, or we already issued one`
Packit Service	084de1	`* because we did early data.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0`
Packit Service	084de1	`&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`else`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CLNT_HELLO;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_EARLY_DATA:`
Packit Service	084de1	`return WRITE_TRAN_FINISHED;`
Packit Service	084de1
Packit Service	084de1	`case DTLS_ST_CR_HELLO_VERIFY_REQUEST:`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CLNT_HELLO;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_DONE:`
Packit Service	084de1	`if (s->s3->tmp.cert_req)`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CERT;`
Packit Service	084de1	`else`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_KEY_EXCH;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CERT:`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_KEY_EXCH;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_KEY_EXCH:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* For TLS, cert_req is set to 2, so a cert chain of nothing is`
Packit Service	084de1	`* sent, but no verify packet is sent`
Packit Service	084de1	`*/`
Packit Service	084de1	`/*`
Packit Service	084de1	`* XXX: For now, we do not support client authentication in ECDH`
Packit Service	084de1	`* cipher suites with ECDH (rather than ECDSA) certificates. We`
Packit Service	084de1	`* need to skip the certificate verify message when client's`
Packit Service	084de1	`* ECDH public key is sent inside the client certificate.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->s3->tmp.cert_req == 1) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CERT_VRFY;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`}`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CERT_VRFY:`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CHANGE:`
Packit Service	084de1	`if (s->hello_retry_request == SSL_HRR_PENDING) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CLNT_HELLO;`
Packit Service	084de1	`} else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {`
Packit Service	084de1	`st->hand_state = TLS_ST_EARLY_DATA;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`#if defined(OPENSSL_NO_NEXTPROTONEG)`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_FINISHED;`
Packit Service	084de1	`#else`
Packit Service	084de1	`if (!SSL_IS_DTLS(s) && s->s3->npn_seen)`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_NEXT_PROTO;`
Packit Service	084de1	`else`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_FINISHED;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1
Packit Service	084de1	`#if !defined(OPENSSL_NO_NEXTPROTONEG)`
Packit Service	084de1	`case TLS_ST_CW_NEXT_PROTO:`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_FINISHED;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_FINISHED:`
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`st->hand_state = TLS_ST_OK;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`return WRITE_TRAN_FINISHED;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_FINISHED:`
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CHANGE;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`st->hand_state = TLS_ST_OK;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_HELLO_REQ:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If we can renegotiate now then do so, otherwise wait for a more`
Packit Service	084de1	`* convenient time.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (ssl3_renegotiate_check(s, 1)) {`
Packit Service	084de1	`if (!tls_setup_handshake(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WRITE_TRAN_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`st->hand_state = TLS_ST_CW_CLNT_HELLO;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1	`st->hand_state = TLS_ST_OK;`
Packit Service	084de1	`return WRITE_TRAN_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Perform any pre work that needs to be done prior to sending a message from`
Packit Service	084de1	`* the client to the server.`
Packit Service	084de1	`*/`
Packit Service	084de1	`WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* No pre work to be done */`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CLNT_HELLO:`
Packit Service	084de1	`s->shutdown = 0;`
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`/* every DTLS ClientHello resets Finished MAC */`
Packit Service	084de1	`if (!ssl3_init_finished_mac(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CHANGE:`
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We're into the last flight so we don't retransmit these`
Packit Service	084de1	`* messages unless we need to.`
Packit Service	084de1	`*/`
Packit Service	084de1	`st->use_timer = 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`#ifndef OPENSSL_NO_SCTP`
Packit Service	084de1	`if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {`
Packit Service	084de1	`/* Calls SSLfatal() as required */`
Packit Service	084de1	`return dtls_wait_for_dry(s);`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_PENDING_EARLY_DATA_END:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If we've been called by SSL_do_handshake()/SSL_write(), or we did not`
Packit Service	084de1	`* attempt to write early data before calling SSL_read() then we press`
Packit Service	084de1	`* on with the handshake. Otherwise we pause here.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING`
Packit Service	084de1	`\|\| s->early_data_state == SSL_EARLY_DATA_NONE)`
Packit Service	084de1	`return WORK_FINISHED_CONTINUE;`
Packit Service	084de1	`/* Fall through */`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_EARLY_DATA:`
Packit Service	084de1	`return tls_finish_handshake(s, wst, 0, 1);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_OK:`
Packit Service	084de1	`/* Calls SSLfatal() as required */`
Packit Service	084de1	`return tls_finish_handshake(s, wst, 1, 1);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return WORK_FINISHED_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Perform any work that needs to be done after sending a message from the`
Packit Service	084de1	`* client to the server.`
Packit Service	084de1	`*/`
Packit Service	084de1	`WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`s->init_num = 0;`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* No post work to be done */`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CLNT_HELLO:`
Packit Service	084de1	`if (s->early_data_state == SSL_EARLY_DATA_CONNECTING`
Packit Service	084de1	`&& s->max_early_data > 0) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We haven't selected TLSv1.3 yet so we don't call the change`
Packit Service	084de1	`* cipher state function associated with the SSL_METHOD. Instead`
Packit Service	084de1	`* we call tls13_change_cipher_state() directly.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {`
Packit Service	084de1	`if (!tls13_change_cipher_state(s,`
Packit Service	084de1	`SSL3_CC_EARLY \| SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`/* else we're in compat mode so we delay flushing until after CCS */`
Packit Service	084de1	`} else if (!statem_flush(s)) {`
Packit Service	084de1	`return WORK_MORE_A;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`/* Treat the next message as the first packet */`
Packit Service	084de1	`s->first_packet = 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_END_OF_EARLY_DATA:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We set the enc_write_ctx back to NULL because we may end up writing`
Packit Service	084de1	`* in cleartext again if we get a HelloRetryRequest from the server.`
Packit Service	084de1	`*/`
Packit Service	084de1	`EVP_CIPHER_CTX_free(s->enc_write_ctx);`
Packit Service	084de1	`s->enc_write_ctx = NULL;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_KEY_EXCH:`
Packit Service	084de1	`if (tls_client_key_exchange_post_work(s) == 0) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CHANGE:`
Packit Service	084de1	`if (SSL_IS_TLS13(s) \|\| s->hello_retry_request == SSL_HRR_PENDING)`
Packit Service	084de1	`break;`
Packit Service	084de1	`if (s->early_data_state == SSL_EARLY_DATA_CONNECTING`
Packit Service	084de1	`&& s->max_early_data > 0) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We haven't selected TLSv1.3 yet so we don't call the change`
Packit Service	084de1	`* cipher state function associated with the SSL_METHOD. Instead`
Packit Service	084de1	`* we call tls13_change_cipher_state() directly.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!tls13_change_cipher_state(s,`
Packit Service	084de1	`SSL3_CC_EARLY \| SSL3_CHANGE_CIPHER_CLIENT_WRITE))`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->session->cipher = s->s3->tmp.new_cipher;`
Packit Service	084de1	`#ifdef OPENSSL_NO_COMP`
Packit Service	084de1	`s->session->compress_meth = 0;`
Packit Service	084de1	`#else`
Packit Service	084de1	`if (s->s3->tmp.new_compression == NULL)`
Packit Service	084de1	`s->session->compress_meth = 0;`
Packit Service	084de1	`else`
Packit Service	084de1	`s->session->compress_meth = s->s3->tmp.new_compression->id;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`if (!s->method->ssl3_enc->setup_key_block(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!s->method->ssl3_enc->change_cipher_state(s,`
Packit Service	084de1	`SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`#ifndef OPENSSL_NO_SCTP`
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Change to new shared key of SCTP-Auth, will be ignored if`
Packit Service	084de1	`* no SCTP used.`
Packit Service	084de1	`*/`
Packit Service	084de1	`BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,`
Packit Service	084de1	`0, NULL);`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_FINISHED:`
Packit Service	084de1	`#ifndef OPENSSL_NO_SCTP`
Packit Service	084de1	`if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Change to new shared key of SCTP-Auth, will be ignored if`
Packit Service	084de1	`* no SCTP used.`
Packit Service	084de1	`*/`
Packit Service	084de1	`BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,`
Packit Service	084de1	`0, NULL);`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1	`if (statem_flush(s) != 1)`
Packit Service	084de1	`return WORK_MORE_B;`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`if (!tls13_save_handshake_digest_for_pha(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (s->post_handshake_auth != SSL_PHA_REQUESTED) {`
Packit Service	084de1	`if (!s->method->ssl3_enc->change_cipher_state(s,`
Packit Service	084de1	`SSL3_CC_APPLICATION \| SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_KEY_UPDATE:`
Packit Service	084de1	`if (statem_flush(s) != 1)`
Packit Service	084de1	`return WORK_MORE_A;`
Packit Service	084de1	`if (!tls13_update_key(s, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return WORK_FINISHED_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Get the message construction function and message type for sending from the`
Packit Service	084de1	`* client`
Packit Service	084de1	`*`
Packit Service	084de1	`* Valid return values are:`
Packit Service	084de1	`* 1: Success`
Packit Service	084de1	`* 0: Error`
Packit Service	084de1	`*/`
Packit Service	084de1	`int ossl_statem_client_construct_message(SSL s, WPACKET pkt,`
Packit Service	084de1	`confunc_f confunc, int mt)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* Shouldn't happen */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,`
Packit Service	084de1	`SSL_R_BAD_HANDSHAKE_STATE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CHANGE:`
Packit Service	084de1	`if (SSL_IS_DTLS(s))`
Packit Service	084de1	`*confunc = dtls_construct_change_cipher_spec;`
Packit Service	084de1	`else`
Packit Service	084de1	`*confunc = tls_construct_change_cipher_spec;`
Packit Service	084de1	`*mt = SSL3_MT_CHANGE_CIPHER_SPEC;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CLNT_HELLO:`
Packit Service	084de1	`*confunc = tls_construct_client_hello;`
Packit Service	084de1	`*mt = SSL3_MT_CLIENT_HELLO;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_END_OF_EARLY_DATA:`
Packit Service	084de1	`*confunc = tls_construct_end_of_early_data;`
Packit Service	084de1	`*mt = SSL3_MT_END_OF_EARLY_DATA;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_PENDING_EARLY_DATA_END:`
Packit Service	084de1	`*confunc = NULL;`
Packit Service	084de1	`*mt = SSL3_MT_DUMMY;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CERT:`
Packit Service	084de1	`*confunc = tls_construct_client_certificate;`
Packit Service	084de1	`*mt = SSL3_MT_CERTIFICATE;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_KEY_EXCH:`
Packit Service	084de1	`*confunc = tls_construct_client_key_exchange;`
Packit Service	084de1	`*mt = SSL3_MT_CLIENT_KEY_EXCHANGE;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_CERT_VRFY:`
Packit Service	084de1	`*confunc = tls_construct_cert_verify;`
Packit Service	084de1	`*mt = SSL3_MT_CERTIFICATE_VERIFY;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`#if !defined(OPENSSL_NO_NEXTPROTONEG)`
Packit Service	084de1	`case TLS_ST_CW_NEXT_PROTO:`
Packit Service	084de1	`*confunc = tls_construct_next_proto;`
Packit Service	084de1	`*mt = SSL3_MT_NEXT_PROTO;`
Packit Service	084de1	`break;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`case TLS_ST_CW_FINISHED:`
Packit Service	084de1	`*confunc = tls_construct_finished;`
Packit Service	084de1	`*mt = SSL3_MT_FINISHED;`
Packit Service	084de1	`break;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CW_KEY_UPDATE:`
Packit Service	084de1	`*confunc = tls_construct_key_update;`
Packit Service	084de1	`*mt = SSL3_MT_KEY_UPDATE;`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Returns the maximum allowed length for the current message that we are`
Packit Service	084de1	`* reading. Excludes the message header.`
Packit Service	084de1	`*/`
Packit Service	084de1	`size_t ossl_statem_client_max_message_size(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* Shouldn't happen */`
Packit Service	084de1	`return 0;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_HELLO:`
Packit Service	084de1	`return SERVER_HELLO_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case DTLS_ST_CR_HELLO_VERIFY_REQUEST:`
Packit Service	084de1	`return HELLO_VERIFY_REQUEST_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT:`
Packit Service	084de1	`return s->max_cert_list;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_VRFY:`
Packit Service	084de1	`return SSL3_RT_MAX_PLAIN_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_STATUS:`
Packit Service	084de1	`return SSL3_RT_MAX_PLAIN_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_KEY_EXCH:`
Packit Service	084de1	`return SERVER_KEY_EXCH_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_REQ:`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Set to s->max_cert_list for compatibility with previous releases. In`
Packit Service	084de1	`* practice these messages can get quite long if servers are configured`
Packit Service	084de1	`* to provide a long list of acceptable CAs`
Packit Service	084de1	`*/`
Packit Service	084de1	`return s->max_cert_list;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_DONE:`
Packit Service	084de1	`return SERVER_HELLO_DONE_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CHANGE:`
Packit Service	084de1	`if (s->version == DTLS1_BAD_VER)`
Packit Service	084de1	`return 3;`
Packit Service	084de1	`return CCS_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SESSION_TICKET:`
Packit Service	084de1	`return SSL3_RT_MAX_PLAIN_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_FINISHED:`
Packit Service	084de1	`return FINISHED_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_ENCRYPTED_EXTENSIONS:`
Packit Service	084de1	`return ENCRYPTED_EXTENSIONS_MAX_LENGTH;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_KEY_UPDATE:`
Packit Service	084de1	`return KEY_UPDATE_MAX_LENGTH;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Process a message that the client has been received from the server.`
Packit Service	084de1	`*/`
Packit Service	084de1	`MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* Shouldn't happen */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_HELLO:`
Packit Service	084de1	`return tls_process_server_hello(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case DTLS_ST_CR_HELLO_VERIFY_REQUEST:`
Packit Service	084de1	`return dtls_process_hello_verify(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT:`
Packit Service	084de1	`return tls_process_server_certificate(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_VRFY:`
Packit Service	084de1	`return tls_process_cert_verify(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_STATUS:`
Packit Service	084de1	`return tls_process_cert_status(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_KEY_EXCH:`
Packit Service	084de1	`return tls_process_key_exchange(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_REQ:`
Packit Service	084de1	`return tls_process_certificate_request(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SRVR_DONE:`
Packit Service	084de1	`return tls_process_server_done(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CHANGE:`
Packit Service	084de1	`return tls_process_change_cipher_spec(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_SESSION_TICKET:`
Packit Service	084de1	`return tls_process_new_session_ticket(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_FINISHED:`
Packit Service	084de1	`return tls_process_finished(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_HELLO_REQ:`
Packit Service	084de1	`return tls_process_hello_req(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_ENCRYPTED_EXTENSIONS:`
Packit Service	084de1	`return tls_process_encrypted_extensions(s, pkt);`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_KEY_UPDATE:`
Packit Service	084de1	`return tls_process_key_update(s, pkt);`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Perform any further processing required following the receipt of a message`
Packit Service	084de1	`* from the server`
Packit Service	084de1	`*/`
Packit Service	084de1	`WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)`
Packit Service	084de1	`{`
Packit Service	084de1	`OSSL_STATEM *st = &s->statem;`
Packit Service	084de1
Packit Service	084de1	`switch (st->hand_state) {`
Packit Service	084de1	`default:`
Packit Service	084de1	`/* Shouldn't happen */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1
Packit Service	084de1	`case TLS_ST_CR_CERT_VRFY:`
Packit Service	084de1	`case TLS_ST_CR_CERT_REQ:`
Packit Service	084de1	`return tls_prepare_client_certificate(s, wst);`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int tls_construct_client_hello(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`unsigned char *p;`
Packit Service	084de1	`size_t sess_id_len;`
Packit Service	084de1	`int i, protverr;`
Packit Service	084de1	`#ifndef OPENSSL_NO_COMP`
Packit Service	084de1	`SSL_COMP *comp;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`SSL_SESSION *sess = s->session;`
Packit Service	084de1	`unsigned char *session_id;`
Packit Service	084de1
Packit Service	084de1	`/* Work out what SSL/TLS/DTLS version to use */`
Packit Service	084de1	`protverr = ssl_set_client_hello_version(s);`
Packit Service	084de1	`if (protverr != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`protverr);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (sess == NULL`
Packit Service	084de1	`\|\| !ssl_version_supported(s, sess->ssl_version, NULL)`
Packit Service	084de1	`\|\| !SSL_SESSION_is_resumable(sess)) {`
Packit Service	084de1	`if (s->hello_retry_request == SSL_HRR_NONE`
Packit Service	084de1	`&& !ssl_get_new_session(s, 0)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`/* else use the pre-loaded session */`
Packit Service	084de1
Packit Service	084de1	`p = s->s3->client_random;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* for DTLS if client_random is initialized, reuse it, we are`
Packit Service	084de1	`* required to use same upon reply to HelloVerify`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`size_t idx;`
Packit Service	084de1	`i = 1;`
Packit Service	084de1	`for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {`
Packit Service	084de1	`if (p[idx]) {`
Packit Service	084de1	`i = 0;`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`i = (s->hello_retry_request == SSL_HRR_NONE);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random),`
Packit Service	084de1	`DOWNGRADE_NONE) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*-`
Packit Service	084de1	`* version indicates the negotiated version: for example from`
Packit Service	084de1	`* an SSLv2/v3 compatible client hello). The client_version`
Packit Service	084de1	`* field is the maximum version we permit and it is also`
Packit Service	084de1	`* used in RSA encrypted premaster secrets. Some servers can`
Packit Service	084de1	`* choke if we initially report a higher version then`
Packit Service	084de1	`* renegotiate to a lower one in the premaster secret. This`
Packit Service	084de1	`* didn't happen with TLS 1.0 as most servers supported it`
Packit Service	084de1	`* but it can with TLS 1.1 or later if the server only supports`
Packit Service	084de1	`* 1.0.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Possible scenario with previous logic:`
Packit Service	084de1	`* 1. Client hello indicates TLS 1.2`
Packit Service	084de1	`* 2. Server hello says TLS 1.0`
Packit Service	084de1	`* 3. RSA encrypted premaster secret uses 1.2.`
Packit Service	084de1	`* 4. Handshake proceeds using TLS 1.0.`
Packit Service	084de1	`* 5. Server sends hello request to renegotiate.`
Packit Service	084de1	`* 6. Client hello indicates TLS v1.0 as we now`
Packit Service	084de1	`* know that is maximum server supports.`
Packit Service	084de1	`* 7. Server chokes on RSA encrypted premaster secret`
Packit Service	084de1	`* containing version 1.0.`
Packit Service	084de1	`*`
Packit Service	084de1	`* For interoperability it should be OK to always use the`
Packit Service	084de1	`* maximum version we support in client hello and then rely`
Packit Service	084de1	`* on the checking of version to ensure the servers isn't`
Packit Service	084de1	`* being inconsistent: for example initially negotiating with`
Packit Service	084de1	`* TLS 1.0 and renegotiating with TLS 1.2. We do this by using`
Packit Service	084de1	`* client_version in client hello and not resetting it to`
Packit Service	084de1	`* the negotiated version.`
Packit Service	084de1	`*`
Packit Service	084de1	`* For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the`
Packit Service	084de1	`* supported_versions extension for the real supported versions.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!WPACKET_put_bytes_u16(pkt, s->client_version)`
Packit Service	084de1	`\|\| !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Session ID */`
Packit Service	084de1	`session_id = s->session->session_id;`
Packit Service	084de1	`if (s->new_session \|\| s->session->ssl_version == TLS1_3_VERSION) {`
Packit Service	084de1	`if (s->version == TLS1_3_VERSION`
Packit Service	084de1	`&& (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {`
Packit Service	084de1	`sess_id_len = sizeof(s->tmp_session_id);`
Packit Service	084de1	`s->tmp_session_id_len = sess_id_len;`
Packit Service	084de1	`session_id = s->tmp_session_id;`
Packit Service	084de1	`if (s->hello_retry_request == SSL_HRR_NONE`
Packit Service	084de1	`&& RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`sess_id_len = 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`assert(s->session->session_id_length <= sizeof(s->session->session_id));`
Packit Service	084de1	`sess_id_len = s->session->session_id_length;`
Packit Service	084de1	`if (s->version == TLS1_3_VERSION) {`
Packit Service	084de1	`s->tmp_session_id_len = sess_id_len;`
Packit Service	084de1	`memcpy(s->tmp_session_id, s->session->session_id, sess_id_len);`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!WPACKET_start_sub_packet_u8(pkt)`
Packit Service	084de1	`\|\| (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,`
Packit Service	084de1	`sess_id_len))`
Packit Service	084de1	`\|\| !WPACKET_close(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* cookie stuff for DTLS */`
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`if (s->d1->cookie_len > sizeof(s->d1->cookie)`
Packit Service	084de1	`\|\| !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,`
Packit Service	084de1	`s->d1->cookie_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Ciphers supported */`
Packit Service	084de1	`if (!WPACKET_start_sub_packet_u16(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!WPACKET_close(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* COMPRESSION */`
Packit Service	084de1	`if (!WPACKET_start_sub_packet_u8(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`#ifndef OPENSSL_NO_COMP`
Packit Service	084de1	`if (ssl_allow_compression(s)`
Packit Service	084de1	`&& s->ctx->comp_methods`
Packit Service	084de1	`&& (SSL_IS_DTLS(s) \|\| s->s3->tmp.max_ver < TLS1_3_VERSION)) {`
Packit Service	084de1	`int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);`
Packit Service	084de1	`for (i = 0; i < compnum; i++) {`
Packit Service	084de1	`comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);`
Packit Service	084de1	`if (!WPACKET_put_bytes_u8(pkt, comp->id)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1	`/* Add the NULL method */`
Packit Service	084de1	`if (!WPACKET_put_bytes_u8(pkt, 0) \|\| !WPACKET_close(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* TLS extensions */`
Packit Service	084de1	`if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN dtls_process_hello_verify(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`size_t cookie_len;`
Packit Service	084de1	`PACKET cookiepkt;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_forward(pkt, 2)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`cookie_len = PACKET_remaining(&cookiepkt);`
Packit Service	084de1	`if (cookie_len > sizeof(s->d1->cookie)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS_PROCESS_HELLO_VERIFY,`
Packit Service	084de1	`SSL_R_LENGTH_TOO_LONG);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->d1->cookie_len = cookie_len;`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int set_client_ciphersuite(SSL s, const unsigned char cipherchars)`
Packit Service	084de1	`{`
Packit Service	084de1	`STACK_OF(SSL_CIPHER) *sk;`
Packit Service	084de1	`const SSL_CIPHER *c;`
Packit Service	084de1	`int i;`
Packit Service	084de1
Packit Service	084de1	`c = ssl_get_cipher_by_char(s, cipherchars, 0);`
Packit Service	084de1	`if (c == NULL) {`
Packit Service	084de1	`/* unknown cipher */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,`
Packit Service	084de1	`SSL_R_UNKNOWN_CIPHER_RETURNED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If it is a disabled cipher we either didn't send it in client hello,`
Packit Service	084de1	`* or it's not allowed for the selected protocol. So we return an error.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,`
Packit Service	084de1	`SSL_R_WRONG_CIPHER_RETURNED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`sk = ssl_get_ciphers_by_id(s);`
Packit Service	084de1	`i = sk_SSL_CIPHER_find(sk, c);`
Packit Service	084de1	`if (i < 0) {`
Packit Service	084de1	`/* we did not say we would use this cipher */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,`
Packit Service	084de1	`SSL_R_WRONG_CIPHER_RETURNED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL`
Packit Service	084de1	`&& s->s3->tmp.new_cipher->id != c->id) {`
Packit Service	084de1	`/* ServerHello selected a different ciphersuite to that in the HRR */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,`
Packit Service	084de1	`SSL_R_WRONG_CIPHER_RETURNED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Depending on the session caching (internal/external), the cipher`
Packit Service	084de1	`* and/or cipher_id values may not be set. Make sure that cipher_id is`
Packit Service	084de1	`* set and use it for comparison.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->session->cipher != NULL)`
Packit Service	084de1	`s->session->cipher_id = s->session->cipher->id;`
Packit Service	084de1	`if (s->hit && (s->session->cipher_id != c->id)) {`
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.3 it is valid for the server to select a different`
Packit Service	084de1	`* ciphersuite as long as the hash is the same.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (ssl_md(c->algorithm2)`
Packit Service	084de1	`!= ssl_md(s->session->cipher->algorithm2)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_SET_CLIENT_CIPHERSUITE,`
Packit Service	084de1	`SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Prior to TLSv1.3 resuming a session always meant using the same`
Packit Service	084de1	`* ciphersuite.`
Packit Service	084de1	`*/`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,`
Packit Service	084de1	`SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`s->s3->tmp.new_cipher = c;`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_server_hello(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`PACKET session_id, extpkt;`
Packit Service	084de1	`size_t session_id_len;`
Packit Service	084de1	`const unsigned char *cipherchars;`
Packit Service	084de1	`int hrr = 0;`
Packit Service	084de1	`unsigned int compression;`
Packit Service	084de1	`unsigned int sversion;`
Packit Service	084de1	`unsigned int context;`
Packit Service	084de1	`RAW_EXTENSION *extensions = NULL;`
Packit Service	084de1	`#ifndef OPENSSL_NO_COMP`
Packit Service	084de1	`SSL_COMP *comp;`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_net_2(pkt, &sversion)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* load the server random */`
Packit Service	084de1	`if (s->version == TLS1_3_VERSION`
Packit Service	084de1	`&& sversion == TLS1_2_VERSION`
Packit Service	084de1	`&& PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE`
Packit Service	084de1	`&& memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {`
Packit Service	084de1	`s->hello_retry_request = SSL_HRR_PENDING;`
Packit Service	084de1	`hrr = 1;`
Packit Service	084de1	`if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Get the session-id. */`
Packit Service	084de1	`if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`session_id_len = PACKET_remaining(&session_id);`
Packit Service	084de1	`if (session_id_len > sizeof(s->session->session_id)`
Packit Service	084de1	`\|\| session_id_len > SSL3_SESSION_ID_SIZE) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_SSL3_SESSION_ID_TOO_LONG);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_1(pkt, &compression)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* TLS extensions */`
Packit Service	084de1	`if (PACKET_remaining(pkt) == 0 && !hrr) {`
Packit Service	084de1	`PACKET_null_init(&extpkt);`
Packit Service	084de1	`} else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_BAD_LENGTH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!hrr) {`
Packit Service	084de1	`if (!tls_collect_extensions(s, &extpkt,`
Packit Service	084de1	`SSL_EXT_TLS1_2_SERVER_HELLO`
Packit Service	084de1	`\| SSL_EXT_TLS1_3_SERVER_HELLO,`
Packit Service	084de1	`&extensions, NULL, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!ssl_choose_client_version(s, sversion, extensions)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s) \|\| hrr) {`
Packit Service	084de1	`if (compression != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_INVALID_COMPRESSION_ALGORITHM);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (session_id_len != s->tmp_session_id_len`
Packit Service	084de1	`\|\| memcmp(PACKET_data(&session_id), s->tmp_session_id,`
Packit Service	084de1	`session_id_len) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INVALID_SESSION_ID);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (hrr) {`
Packit Service	084de1	`if (!set_client_ciphersuite(s, cipherchars)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return tls_process_as_hello_retry_request(s, &extpkt);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Now we have chosen the version we need to check again that the extensions`
Packit Service	084de1	`* are appropriate for this version.`
Packit Service	084de1	`*/`
Packit Service	084de1	`context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO`
Packit Service	084de1	`: SSL_EXT_TLS1_2_SERVER_HELLO;`
Packit Service	084de1	`if (!tls_validate_all_contexts(s, context, extensions)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_BAD_EXTENSION);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->hit = 0;`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.3 a ServerHello message signals a key change so the end of`
Packit Service	084de1	`* the message must be on a record boundary.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_NOT_ON_RECORD_BOUNDARY);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* This will set s->hit if we are resuming */`
Packit Service	084de1	`if (!tls_parse_extension(s, TLSEXT_IDX_psk,`
Packit Service	084de1	`SSL_EXT_TLS1_3_SERVER_HELLO,`
Packit Service	084de1	`extensions, NULL, 0)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Check if we can resume the session based on external pre-shared`
Packit Service	084de1	`* secret. EAP-FAST (RFC 4851) supports two types of session resumption.`
Packit Service	084de1	`* Resumption based on server-side state works with session IDs.`
Packit Service	084de1	`* Resumption based on pre-shared Protected Access Credentials (PACs)`
Packit Service	084de1	`* works by overriding the SessionTicket extension at the application`
Packit Service	084de1	`* layer, and does not send a session ID. (We do not know whether`
Packit Service	084de1	`* EAP-FAST servers would honour the session ID.) Therefore, the session`
Packit Service	084de1	`* ID alone is not a reliable indicator of session resumption, so we`
Packit Service	084de1	`* first check if we can resume, and later peek at the next handshake`
Packit Service	084de1	`* message to see if the server wants to resume.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->version >= TLS1_VERSION`
Packit Service	084de1	`&& s->ext.session_secret_cb != NULL && s->session->ext.tick) {`
Packit Service	084de1	`const SSL_CIPHER *pref_cipher = NULL;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* s->session->master_key_length is a size_t, but this is an int for`
Packit Service	084de1	`* backwards compat reasons`
Packit Service	084de1	`*/`
Packit Service	084de1	`int master_key_length;`
Packit Service	084de1	`master_key_length = sizeof(s->session->master_key);`
Packit Service	084de1	`if (s->ext.session_secret_cb(s, s->session->master_key,`
Packit Service	084de1	`&master_key_length,`
Packit Service	084de1	`NULL, &pref_cipher,`
Packit Service	084de1	`s->ext.session_secret_cb_arg)`
Packit Service	084de1	`&& master_key_length > 0) {`
Packit Service	084de1	`s->session->master_key_length = master_key_length;`
Packit Service	084de1	`s->session->cipher = pref_cipher ?`
Packit Service	084de1	`pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0);`
Packit Service	084de1	`} else {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (session_id_len != 0`
Packit Service	084de1	`&& session_id_len == s->session->session_id_length`
Packit Service	084de1	`&& memcmp(PACKET_data(&session_id), s->session->session_id,`
Packit Service	084de1	`session_id_len) == 0)`
Packit Service	084de1	`s->hit = 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (s->hit) {`
Packit Service	084de1	`if (s->sid_ctx_length != s->session->sid_ctx_length`
Packit Service	084de1	`\|\| memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {`
Packit Service	084de1	`/* actually a client application bug */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If we were trying for session-id reuse but the server`
Packit Service	084de1	`* didn't resume, make a new SSL_SESSION.`
Packit Service	084de1	`* In the case of EAP-FAST and PAC, we do not send a session ID,`
Packit Service	084de1	`* so the PAC-based session secret is always preserved. It'll be`
Packit Service	084de1	`* overwritten if the server refuses resumption.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->session->session_id_length > 0) {`
Packit Service	084de1	`tsan_counter(&s->session_ctx->stats.sess_miss);`
Packit Service	084de1	`if (!ssl_get_new_session(s, 0)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->session->ssl_version = s->version;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.2 and below we save the session id we were sent so we can`
Packit Service	084de1	`* resume it later. In TLSv1.3 the session id we were sent is just an`
Packit Service	084de1	`* echo of what we originally sent in the ClientHello and should not be`
Packit Service	084de1	`* used for resumption.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!SSL_IS_TLS13(s)) {`
Packit Service	084de1	`s->session->session_id_length = session_id_len;`
Packit Service	084de1	`/* session_id_len could be 0 */`
Packit Service	084de1	`if (session_id_len > 0)`
Packit Service	084de1	`memcpy(s->session->session_id, PACKET_data(&session_id),`
Packit Service	084de1	`session_id_len);`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Session version and negotiated protocol version should match */`
Packit Service	084de1	`if (s->version != s->session->ssl_version) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_SSL_SESSION_VERSION_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Now that we know the version, update the check to see if it's an allowed`
Packit Service	084de1	`* version.`
Packit Service	084de1	`*/`
Packit Service	084de1	`s->s3->tmp.min_ver = s->version;`
Packit Service	084de1	`s->s3->tmp.max_ver = s->version;`
Packit Service	084de1
Packit Service	084de1	`if (!set_client_ciphersuite(s, cipherchars)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`#ifdef OPENSSL_NO_COMP`
Packit Service	084de1	`if (compression != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If compression is disabled we'd better not try to resume a session`
Packit Service	084de1	`* using compression.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->session->compress_meth != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_INCONSISTENT_COMPRESSION);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`#else`
Packit Service	084de1	`if (s->hit && compression != s->session->compress_meth) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (compression == 0)`
Packit Service	084de1	`comp = NULL;`
Packit Service	084de1	`else if (!ssl_allow_compression(s)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_COMPRESSION_DISABLED);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`comp = ssl3_comp_find(s->ctx->comp_methods, compression);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (compression != 0 && comp == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`s->s3->tmp.new_compression = comp;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`#ifndef OPENSSL_NO_SCTP`
Packit Service	084de1	`if (SSL_IS_DTLS(s) && s->hit) {`
Packit Service	084de1	`unsigned char sctpauthkey[64];`
Packit Service	084de1	`char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];`
Packit Service	084de1	`size_t labellen;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Add new shared key for SCTP-Auth, will be ignored if`
Packit Service	084de1	`* no SCTP used.`
Packit Service	084de1	`*/`
Packit Service	084de1	`memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,`
Packit Service	084de1	`sizeof(DTLS1_SCTP_AUTH_LABEL));`
Packit Service	084de1
Packit Service	084de1	`/* Don't include the terminating zero. */`
Packit Service	084de1	`labellen = sizeof(labelbuffer) - 1;`
Packit Service	084de1	`if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)`
Packit Service	084de1	`labellen += 1;`
Packit Service	084de1
Packit Service	084de1	`if (SSL_export_keying_material(s, sctpauthkey,`
Packit Service	084de1	`sizeof(sctpauthkey),`
Packit Service	084de1	`labelbuffer,`
Packit Service	084de1	`labellen, NULL, 0, 0) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`BIO_ctrl(SSL_get_wbio(s),`
Packit Service	084de1	`BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,`
Packit Service	084de1	`sizeof(sctpauthkey), sctpauthkey);`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.3 we have some post-processing to change cipher state, otherwise`
Packit Service	084de1	`* we're done with this message`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_TLS13(s)`
Packit Service	084de1	`&& (!s->method->ssl3_enc->setup_key_block(s)`
Packit Service	084de1	`\|\| !s->method->ssl3_enc->change_cipher_state(s,`
Packit Service	084de1	`SSL3_CC_HANDSHAKE \| SSL3_CHANGE_CIPHER_CLIENT_READ))) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(extensions);`
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_free(extensions);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s,`
Packit Service	084de1	`PACKET *extpkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`RAW_EXTENSION *extensions = NULL;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* If we were sending early_data then the enc_write_ctx is now invalid and`
Packit Service	084de1	`* should not be used.`
Packit Service	084de1	`*/`
Packit Service	084de1	`EVP_CIPHER_CTX_free(s->enc_write_ctx);`
Packit Service	084de1	`s->enc_write_ctx = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,`
Packit Service	084de1	`&extensions, NULL, 1)`
Packit Service	084de1	`\|\| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,`
Packit Service	084de1	`extensions, NULL, 0, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(extensions);`
Packit Service	084de1	`extensions = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (s->ext.tls13_cookie_len == 0`
Packit Service	084de1	`#if !defined(OPENSSL_NO_EC) \|\| !defined(OPENSSL_NO_DH)`
Packit Service	084de1	`&& s->s3->tmp.pkey != NULL`
Packit Service	084de1	`#endif`
Packit Service	084de1	`) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We didn't receive a cookie or a new key_share so the next`
Packit Service	084de1	`* ClientHello will not change`
Packit Service	084de1	`*/`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST,`
Packit Service	084de1	`SSL_R_NO_CHANGE_FOLLOWING_HRR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Re-initialise the Transcript Hash. We're going to prepopulate it with`
Packit Service	084de1	`* a synthetic message_hash in place of ClientHello1.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Add this message to the Transcript Hash. Normally this is done`
Packit Service	084de1	`* automatically prior to the message processing stage. However due to the`
Packit Service	084de1	`* need to create the synthetic message hash, we defer that step until now`
Packit Service	084de1	`* for HRR messages.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,`
Packit Service	084de1	`s->init_num + SSL3_HM_HEADER_LENGTH)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_free(extensions);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_server_certificate(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`int i;`
Packit Service	084de1	`MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;`
Packit Service	084de1	`unsigned long cert_list_len, cert_len;`
Packit Service	084de1	`X509 *x = NULL;`
Packit Service	084de1	`const unsigned char certstart, certbytes;`
Packit Service	084de1	`STACK_OF(X509) *sk = NULL;`
Packit Service	084de1	`EVP_PKEY *pkey = NULL;`
Packit Service	084de1	`size_t chainidx, certidx;`
Packit Service	084de1	`unsigned int context = 0;`
Packit Service	084de1	`const SSL_CERT_LOOKUP *clu;`
Packit Service	084de1
Packit Service	084de1	`if ((sk = sk_X509_new_null()) == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context))`
Packit Service	084de1	`\|\| context != 0`
Packit Service	084de1	`\|\| !PACKET_get_net_3(pkt, &cert_list_len)`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) != cert_list_len`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`for (chainidx = 0; PACKET_remaining(pkt); chainidx++) {`
Packit Service	084de1	`if (!PACKET_get_net_3(pkt, &cert_len)`
Packit Service	084de1	`\|\| !PACKET_get_bytes(pkt, &certbytes, cert_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_CERT_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`certstart = certbytes;`
Packit Service	084de1	`x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);`
Packit Service	084de1	`if (x == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_BAD_CERTIFICATE,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (certbytes != (certstart + cert_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_CERT_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`RAW_EXTENSION *rawexts = NULL;`
Packit Service	084de1	`PACKET extensions;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_BAD_LENGTH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!tls_collect_extensions(s, &extensions,`
Packit Service	084de1	`SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,`
Packit Service	084de1	`NULL, chainidx == 0)`
Packit Service	084de1	`\|\| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,`
Packit Service	084de1	`rawexts, x, chainidx,`
Packit Service	084de1	`PACKET_remaining(pkt) == 0)) {`
Packit Service	084de1	`OPENSSL_free(rawexts);`
Packit Service	084de1	`/* SSLfatal already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`OPENSSL_free(rawexts);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!sk_X509_push(sk, x)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`x = NULL;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`i = ssl_verify_cert_chain(s, sk);`
Packit Service	084de1	`/*`
Packit Service	084de1	`* The documented interface is that SSL_VERIFY_PEER should be set in order`
Packit Service	084de1	`* for client side verification of the server certificate to take place.`
Packit Service	084de1	`* However, historically the code has only checked that any flag is set`
Packit Service	084de1	`* to cause server verification to take place. Use of the other flags makes`
Packit Service	084de1	`* no sense in client mode. An attempt to clean up the semantics was`
Packit Service	084de1	`* reverted because at least one application only set`
Packit Service	084de1	`* SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused`
Packit Service	084de1	`* server verification to take place, after the clean up it silently did`
Packit Service	084de1	`* nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags`
Packit Service	084de1	`* sent to them because they are void functions. Therefore, we now use the`
Packit Service	084de1	`* (less clean) historic behaviour of performing validation if any flag is`
Packit Service	084de1	`* set. The documented interface remains the same.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {`
Packit Service	084de1	`SSLfatal(s, ssl_x509err2alert(s->verify_result),`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_CERTIFICATE_VERIFY_FAILED);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`ERR_clear_error(); /* but we keep s->verify_result */`
Packit Service	084de1	`if (i > 1) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->session->peer_chain = sk;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Inconsistency alert: cert_chain does include the peer's certificate,`
Packit Service	084de1	`* which we don't include in statem_srvr.c`
Packit Service	084de1	`*/`
Packit Service	084de1	`x = sk_X509_value(sk, 0);`
Packit Service	084de1	`sk = NULL;`
Packit Service	084de1
Packit Service	084de1	`pkey = X509_get0_pubkey(x);`
Packit Service	084de1
Packit Service	084de1	`if (pkey == NULL \|\| EVP_PKEY_missing_parameters(pkey)) {`
Packit Service	084de1	`x = NULL;`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {`
Packit Service	084de1	`x = NULL;`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_UNKNOWN_CERTIFICATE_TYPE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Check certificate type is consistent with ciphersuite. For TLS 1.3`
Packit Service	084de1	`* skip check since TLS 1.3 ciphersuites can be used with any certificate`
Packit Service	084de1	`* type.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!SSL_IS_TLS13(s)) {`
Packit Service	084de1	`if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) {`
Packit Service	084de1	`x = NULL;`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,`
Packit Service	084de1	`SSL_R_WRONG_CERTIFICATE_TYPE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`s->session->peer_type = certidx;`
Packit Service	084de1
Packit Service	084de1	`X509_free(s->session->peer);`
Packit Service	084de1	`X509_up_ref(x);`
Packit Service	084de1	`s->session->peer = x;`
Packit Service	084de1	`s->session->verify_result = s->verify_result;`
Packit Service	084de1	`x = NULL;`
Packit Service	084de1
Packit Service	084de1	`/* Save the current hash state for when we receive the CertificateVerify */`
Packit Service	084de1	`if (SSL_IS_TLS13(s)`
Packit Service	084de1	`&& !ssl_handshake_hash(s, s->cert_verify_hash,`
Packit Service	084de1	`sizeof(s->cert_verify_hash),`
Packit Service	084de1	`&s->cert_verify_hash_len)) {`
Packit Service	084de1	`/* SSLfatal() already called */;`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ret = MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1
Packit Service	084de1	`err:`
Packit Service	084de1	`X509_free(x);`
Packit Service	084de1	`sk_X509_pop_free(sk, X509_free);`
Packit Service	084de1	`return ret;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_process_ske_psk_preamble(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_PSK`
Packit Service	084de1	`PACKET psk_identity_hint;`
Packit Service	084de1
Packit Service	084de1	`/* PSK ciphersuites are preceded by an identity hint */`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Store PSK identity hint for later use, hint is used in`
Packit Service	084de1	`* tls_construct_client_key_exchange. Assume that the maximum length of`
Packit Service	084de1	`* a PSK identity hint can be as long as the maximum length of a PSK`
Packit Service	084de1	`* identity.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,`
Packit Service	084de1	`SSL_R_DATA_LENGTH_TOO_LONG);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (PACKET_remaining(&psk_identity_hint) == 0) {`
Packit Service	084de1	`OPENSSL_free(s->session->psk_identity_hint);`
Packit Service	084de1	`s->session->psk_identity_hint = NULL;`
Packit Service	084de1	`} else if (!PACKET_strndup(&psk_identity_hint,`
Packit Service	084de1	`&s->session->psk_identity_hint)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_process_ske_srp(SSL s, PACKET pkt, EVP_PKEY **pkey)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_SRP`
Packit Service	084de1	`PACKET prime, generator, salt, server_pub;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &prime)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_2(pkt, &generator)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_1(pkt, &salt)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_2(pkt, &server_pub)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* TODO(size_t): Convert BN_bin2bn() calls */`
Packit Service	084de1	`if ((s->srp_ctx.N =`
Packit Service	084de1	`BN_bin2bn(PACKET_data(&prime),`
Packit Service	084de1	`(int)PACKET_remaining(&prime), NULL)) == NULL`
Packit Service	084de1	`\|\| (s->srp_ctx.g =`
Packit Service	084de1	`BN_bin2bn(PACKET_data(&generator),`
Packit Service	084de1	`(int)PACKET_remaining(&generator), NULL)) == NULL`
Packit Service	084de1	`\|\| (s->srp_ctx.s =`
Packit Service	084de1	`BN_bin2bn(PACKET_data(&salt),`
Packit Service	084de1	`(int)PACKET_remaining(&salt), NULL)) == NULL`
Packit Service	084de1	`\|\| (s->srp_ctx.B =`
Packit Service	084de1	`BN_bin2bn(PACKET_data(&server_pub),`
Packit Service	084de1	`(int)PACKET_remaining(&server_pub), NULL)) == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,`
Packit Service	084de1	`ERR_R_BN_LIB);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!srp_verify_server_param(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* We must check if there is a certificate */`
Packit Service	084de1	`if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA \| SSL_aDSS))`
Packit Service	084de1	`*pkey = X509_get0_pubkey(s->session->peer);`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_process_ske_dhe(SSL s, PACKET pkt, EVP_PKEY **pkey)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_DH`
Packit Service	084de1	`PACKET prime, generator, pub_key;`
Packit Service	084de1	`EVP_PKEY *peer_tmp = NULL;`
Packit Service	084de1
Packit Service	084de1	`DH *dh = NULL;`
Packit Service	084de1	`BIGNUM p = NULL, g = NULL, *bnpub_key = NULL;`
Packit Service	084de1
Packit Service	084de1	`int check_bits = 0;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &prime)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_2(pkt, &generator)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_2(pkt, &pub_key)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`peer_tmp = EVP_PKEY_new();`
Packit Service	084de1	`dh = DH_new();`
Packit Service	084de1
Packit Service	084de1	`if (peer_tmp == NULL \|\| dh == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* TODO(size_t): Convert these calls */`
Packit Service	084de1	`p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL);`
Packit Service	084de1	`g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator),`
Packit Service	084de1	`NULL);`
Packit Service	084de1	`bnpub_key = BN_bin2bn(PACKET_data(&pub_key),`
Packit Service	084de1	`(int)PACKET_remaining(&pub_key), NULL);`
Packit Service	084de1	`if (p == NULL \|\| g == NULL \|\| bnpub_key == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`ERR_R_BN_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* test non-zero pubkey */`
Packit Service	084de1	`if (BN_is_zero(bnpub_key)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`SSL_R_BAD_DH_VALUE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!DH_set0_pqg(dh, p, NULL, g)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`ERR_R_BN_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`p = g = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (DH_check_params(dh, &check_bits) == 0 \|\| check_bits != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`SSL_R_BAD_DH_VALUE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!DH_set0_key(dh, bnpub_key, NULL)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`ERR_R_BN_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`bnpub_key = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`SSL_R_DH_KEY_TOO_SMALL);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`ERR_R_EVP_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->s3->peer_tmp = peer_tmp;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* FIXME: This makes assumptions about which ciphersuites come with`
Packit Service	084de1	`* public keys. We should have a less ad-hoc way of doing this`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA \| SSL_aDSS))`
Packit Service	084de1	`*pkey = X509_get0_pubkey(s->session->peer);`
Packit Service	084de1	`/* else anonymous DH, so no certificate or pkey. */`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1
Packit Service	084de1	`err:`
Packit Service	084de1	`BN_free(p);`
Packit Service	084de1	`BN_free(g);`
Packit Service	084de1	`BN_free(bnpub_key);`
Packit Service	084de1	`DH_free(dh);`
Packit Service	084de1	`EVP_PKEY_free(peer_tmp);`
Packit Service	084de1
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_process_ske_ecdhe(SSL s, PACKET pkt, EVP_PKEY **pkey)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_EC`
Packit Service	084de1	`PACKET encoded_pt;`
Packit Service	084de1	`unsigned int curve_type, curve_id;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Extract elliptic curve parameters and the server's ephemeral ECDH`
Packit Service	084de1	`* public key. We only support named (not generic) curves and`
Packit Service	084de1	`* ECParameters in this case is just three bytes.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!PACKET_get_1(pkt, &curve_type) \|\| !PACKET_get_net_2(pkt, &curve_id)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,`
Packit Service	084de1	`SSL_R_LENGTH_TOO_SHORT);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Check curve is named curve type and one of our preferences, if not`
Packit Service	084de1	`* server has sent an invalid curve.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (curve_type != NAMED_CURVE_TYPE`
Packit Service	084de1	`\|\| !tls1_check_group_id(s, curve_id, 1)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,`
Packit Service	084de1	`SSL_R_WRONG_CURVE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,`
Packit Service	084de1	`SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,`
Packit Service	084de1	`PACKET_data(&encoded_pt),`
Packit Service	084de1	`PACKET_remaining(&encoded_pt))) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,`
Packit Service	084de1	`SSL_R_BAD_ECPOINT);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* The ECC/TLS specification does not mention the use of DSA to sign`
Packit Service	084de1	`* ECParameters in the server key exchange message. We do support RSA`
Packit Service	084de1	`* and ECDSA.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)`
Packit Service	084de1	`*pkey = X509_get0_pubkey(s->session->peer);`
Packit Service	084de1	`else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)`
Packit Service	084de1	`*pkey = X509_get0_pubkey(s->session->peer);`
Packit Service	084de1	`/* else anonymous ECDH, so no certificate or pkey. */`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_key_exchange(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`long alg_k;`
Packit Service	084de1	`EVP_PKEY *pkey = NULL;`
Packit Service	084de1	`EVP_MD_CTX *md_ctx = NULL;`
Packit Service	084de1	`EVP_PKEY_CTX *pctx = NULL;`
Packit Service	084de1	`PACKET save_param_start, signature;`
Packit Service	084de1
Packit Service	084de1	`alg_k = s->s3->tmp.new_cipher->algorithm_mkey;`
Packit Service	084de1
Packit Service	084de1	`save_param_start = *pkt;`
Packit Service	084de1
Packit Service	084de1	`#if !defined(OPENSSL_NO_EC) \|\| !defined(OPENSSL_NO_DH)`
Packit Service	084de1	`EVP_PKEY_free(s->s3->peer_tmp);`
Packit Service	084de1	`s->s3->peer_tmp = NULL;`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`if (alg_k & SSL_PSK) {`
Packit Service	084de1	`if (!tls_process_ske_psk_preamble(s, pkt)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Nothing else to do for plain PSK or RSAPSK */`
Packit Service	084de1	`if (alg_k & (SSL_kPSK \| SSL_kRSAPSK)) {`
Packit Service	084de1	`} else if (alg_k & SSL_kSRP) {`
Packit Service	084de1	`if (!tls_process_ske_srp(s, pkt, &pkey)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (alg_k & (SSL_kDHE \| SSL_kDHEPSK)) {`
Packit Service	084de1	`if (!tls_process_ske_dhe(s, pkt, &pkey)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (alg_k & (SSL_kECDHE \| SSL_kECDHEPSK)) {`
Packit Service	084de1	`if (!tls_process_ske_ecdhe(s, pkt, &pkey)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (alg_k) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_UNEXPECTED_MESSAGE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* if it was signed, check the signature */`
Packit Service	084de1	`if (pkey != NULL) {`
Packit Service	084de1	`PACKET params;`
Packit Service	084de1	`int maxsig;`
Packit Service	084de1	`const EVP_MD *md = NULL;`
Packit Service	084de1	`unsigned char *tbs;`
Packit Service	084de1	`size_t tbslen;`
Packit Service	084de1	`int rv;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* \|pkt\| now points to the beginning of the signature, so the difference`
Packit Service	084de1	`* equals the length of the parameters.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!PACKET_get_sub_packet(&save_param_start, &params,`
Packit Service	084de1	`PACKET_remaining(&save_param_start) -`
Packit Service	084de1	`PACKET_remaining(pkt))) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_USE_SIGALGS(s)) {`
Packit Service	084de1	`unsigned int sigalg;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_net_2(pkt, &sigalg)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_LENGTH_TOO_SHORT);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`#ifdef SSL_DEBUG`
Packit Service	084de1	`if (SSL_USE_SIGALGS(s))`
Packit Service	084de1	`fprintf(stderr, "USING TLSv1.2 HASH %s\n",`
Packit Service	084de1	`md == NULL ? "n/a" : EVP_MD_name(md));`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &signature)`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`maxsig = EVP_PKEY_size(pkey);`
Packit Service	084de1	`if (maxsig < 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Check signature length`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (PACKET_remaining(&signature) > (size_t)maxsig) {`
Packit Service	084de1	`/* wrong packet length */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_WRONG_SIGNATURE_LENGTH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`md_ctx = EVP_MD_CTX_new();`
Packit Service	084de1	`if (md_ctx == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`ERR_R_EVP_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (SSL_USE_PSS(s)) {`
Packit Service	084de1	`if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0`
Packit Service	084de1	`\|\| EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,`
Packit Service	084de1	`RSA_PSS_SALTLEN_DIGEST) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(&params),`
Packit Service	084de1	`PACKET_remaining(&params));`
Packit Service	084de1	`if (tbslen == 0) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature),`
Packit Service	084de1	`PACKET_remaining(&signature), tbs, tbslen);`
Packit Service	084de1	`OPENSSL_free(tbs);`
Packit Service	084de1	`if (rv <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_BAD_SIGNATURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`EVP_MD_CTX_free(md_ctx);`
Packit Service	084de1	`md_ctx = NULL;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`/* aNULL, aSRP or PSK do not need public keys */`
Packit Service	084de1	`if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL \| SSL_aSRP))`
Packit Service	084de1	`&& !(alg_k & SSL_PSK)) {`
Packit Service	084de1	`/* Might be wrong key type, check it */`
Packit Service	084de1	`if (ssl3_check_cert_and_algorithm(s)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_BAD_DATA);`
Packit Service	084de1	`}`
Packit Service	084de1	`/* else this shouldn't happen, SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* still data left over */`
Packit Service	084de1	`if (PACKET_remaining(pkt) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,`
Packit Service	084de1	`SSL_R_EXTRA_DATA_IN_MESSAGE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1	`err:`
Packit Service	084de1	`EVP_MD_CTX_free(md_ctx);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_certificate_request(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`size_t i;`
Packit Service	084de1
Packit Service	084de1	`/* Clear certificate validity flags */`
Packit Service	084de1	`for (i = 0; i < SSL_PKEY_NUM; i++)`
Packit Service	084de1	`s->s3->tmp.valid_flags[i] = 0;`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`PACKET reqctx, extensions;`
Packit Service	084de1	`RAW_EXTENSION *rawexts = NULL;`
Packit Service	084de1
Packit Service	084de1	`if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We already sent close_notify. This can only happen in TLSv1.3`
Packit Service	084de1	`* post-handshake messages. We can't reasonably respond to this, so`
Packit Service	084de1	`* we just ignore it`
Packit Service	084de1	`*/`
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Free and zero certificate types: it is not present in TLS 1.3 */`
Packit Service	084de1	`OPENSSL_free(s->s3->tmp.ctype);`
Packit Service	084de1	`s->s3->tmp.ctype = NULL;`
Packit Service	084de1	`s->s3->tmp.ctype_len = 0;`
Packit Service	084de1	`OPENSSL_free(s->pha_context);`
Packit Service	084de1	`s->pha_context = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_1(pkt, &reqctx) \|\|`
Packit Service	084de1	`!PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_BAD_LENGTH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!tls_collect_extensions(s, &extensions,`
Packit Service	084de1	`SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,`
Packit Service	084de1	`&rawexts, NULL, 1)`
Packit Service	084de1	`\|\| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,`
Packit Service	084de1	`rawexts, NULL, 0, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`OPENSSL_free(rawexts);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`OPENSSL_free(rawexts);`
Packit Service	084de1	`if (!tls1_process_sigalgs(s)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_BAD_LENGTH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`PACKET ctypes;`
Packit Service	084de1
Packit Service	084de1	`/* get the certificate types */`
Packit Service	084de1	`if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_USE_SIGALGS(s)) {`
Packit Service	084de1	`PACKET sigalgs;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Despite this being for certificates, preserve compatibility`
Packit Service	084de1	`* with pre-TLS 1.3 and use the regular sigalgs field.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!tls1_save_sigalgs(s, &sigalgs, 0)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_SIGNATURE_ALGORITHMS_ERROR);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!tls1_process_sigalgs(s)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* get the CA RDNs */`
Packit Service	084de1	`if (!parse_ca_names(s, pkt)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (PACKET_remaining(pkt) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* we should setup a certificate to return.... */`
Packit Service	084de1	`s->s3->tmp.cert_req = 1;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.3 we don't prepare the client certificate yet. We wait until`
Packit Service	084de1	`* after the CertificateVerify message has been received. This is because`
Packit Service	084de1	`* in TLSv1.3 the CertificateRequest arrives before the Certificate message`
Packit Service	084de1	`* but in TLSv1.2 it is the other way around. We want to make sure that`
Packit Service	084de1	`* SSL_get_peer_certificate() returns something sensible in`
Packit Service	084de1	`* client_cert_cb.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)`
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_PROCESSING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`unsigned int ticklen;`
Packit Service	084de1	`unsigned long ticket_lifetime_hint, age_add = 0;`
Packit Service	084de1	`unsigned int sess_len;`
Packit Service	084de1	`RAW_EXTENSION *exts = NULL;`
Packit Service	084de1	`PACKET nonce;`
Packit Service	084de1
Packit Service	084de1	`PACKET_null_init(&nonce);`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)`
Packit Service	084de1	`\|\| (SSL_IS_TLS13(s)`
Packit Service	084de1	`&& (!PACKET_get_net_4(pkt, &age_add)`
Packit Service	084de1	`\|\| !PACKET_get_length_prefixed_1(pkt, &nonce)))`
Packit Service	084de1	`\|\| !PACKET_get_net_2(pkt, &ticklen)`
Packit Service	084de1	`\|\| (SSL_IS_TLS13(s) ? (ticklen == 0 \|\| PACKET_remaining(pkt) < ticklen)`
Packit Service	084de1	`: PACKET_remaining(pkt) != ticklen)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Server is allowed to change its mind (in <=TLSv1.2) and send an empty`
Packit Service	084de1	`* ticket. We already checked this TLSv1.3 case above, so it should never`
Packit Service	084de1	`* be 0 here in that instance`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (ticklen == 0)`
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Sessions must be immutable once they go into the session cache. Otherwise`
Packit Service	084de1	`* we can get multi-thread problems. Therefore we don't "update" sessions,`
Packit Service	084de1	`* we replace them with a duplicate. In TLSv1.3 we need to do this every`
Packit Service	084de1	`* time a NewSessionTicket arrives because those messages arrive`
Packit Service	084de1	`* post-handshake and the session may have already gone into the session`
Packit Service	084de1	`* cache.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_TLS13(s) \|\| s->session->session_id_length > 0) {`
Packit Service	084de1	`SSL_SESSION *new_sess;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* We reused an existing session, so we need to replace it with a new`
Packit Service	084de1	`* one`
Packit Service	084de1	`*/`
Packit Service	084de1	`if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0`
Packit Service	084de1	`&& !SSL_IS_TLS13(s)) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.2 and below the arrival of a new tickets signals that`
Packit Service	084de1	`* any old ticket we were using is now out of date, so we remove the`
Packit Service	084de1	`* old session from the cache. We carry on if this fails`
Packit Service	084de1	`*/`
Packit Service	084de1	`SSL_CTX_remove_session(s->session_ctx, s->session);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`SSL_SESSION_free(s->session);`
Packit Service	084de1	`s->session = new_sess;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Technically the cast to long here is not guaranteed by the C standard -`
Packit Service	084de1	`* but we use it elsewhere, so this should be ok.`
Packit Service	084de1	`*/`
Packit Service	084de1	`s->session->time = (long)time(NULL);`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(s->session->ext.tick);`
Packit Service	084de1	`s->session->ext.tick = NULL;`
Packit Service	084de1	`s->session->ext.ticklen = 0;`
Packit Service	084de1
Packit Service	084de1	`s->session->ext.tick = OPENSSL_malloc(ticklen);`
Packit Service	084de1	`if (s->session->ext.tick == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->session->ext.tick_lifetime_hint = ticket_lifetime_hint;`
Packit Service	084de1	`s->session->ext.tick_age_add = age_add;`
Packit Service	084de1	`s->session->ext.ticklen = ticklen;`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`PACKET extpkt;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_as_length_prefixed_2(pkt, &extpkt)`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!tls_collect_extensions(s, &extpkt,`
Packit Service	084de1	`SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,`
Packit Service	084de1	`NULL, 1)`
Packit Service	084de1	`\|\| !tls_parse_all_extensions(s,`
Packit Service	084de1	`SSL_EXT_TLS1_3_NEW_SESSION_TICKET,`
Packit Service	084de1	`exts, NULL, 0, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* There are two ways to detect a resumed ticket session. One is to set`
Packit Service	084de1	`* an appropriate session ID and then the server must return a match in`
Packit Service	084de1	`* ServerHello. This allows the normal client session ID matching to work`
Packit Service	084de1	`* and we know much earlier that the ticket has been accepted. The`
Packit Service	084de1	`* other way is to set zero length session ID when the ticket is`
Packit Service	084de1	`* presented and rely on the handshake to determine session resumption.`
Packit Service	084de1	`* We choose the former approach because this fits in with assumptions`
Packit Service	084de1	`* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is`
Packit Service	084de1	`* SHA256 is disabled) hash of the ticket.`
Packit Service	084de1	`*/`
Packit Service	084de1	`/*`
Packit Service	084de1	`* TODO(size_t): we use sess_len here because EVP_Digest expects an int`
Packit Service	084de1	`* but s->session->session_id_length is a size_t`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!EVP_Digest(s->session->ext.tick, ticklen,`
Packit Service	084de1	`s->session->session_id, &sess_len,`
Packit Service	084de1	`EVP_sha256(), NULL)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`ERR_R_EVP_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->session->session_id_length = sess_len;`
Packit Service	084de1	`s->session->not_resumable = 0;`
Packit Service	084de1
Packit Service	084de1	`/* This is a standalone message in TLSv1.3, so there is no more to read */`
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`const EVP_MD *md = ssl_handshake_md(s);`
Packit Service	084de1	`int hashleni = EVP_MD_size(md);`
Packit Service	084de1	`size_t hashlen;`
Packit Service	084de1	`static const unsigned char nonce_label[] = "resumption";`
Packit Service	084de1
Packit Service	084de1	`/* Ensure cast to size_t is safe */`
Packit Service	084de1	`if (!ossl_assert(hashleni >= 0)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`hashlen = (size_t)hashleni;`
Packit Service	084de1
Packit Service	084de1	`if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,`
Packit Service	084de1	`nonce_label,`
Packit Service	084de1	`sizeof(nonce_label) - 1,`
Packit Service	084de1	`PACKET_data(&nonce),`
Packit Service	084de1	`PACKET_remaining(&nonce),`
Packit Service	084de1	`s->session->master_key,`
Packit Service	084de1	`hashlen, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->session->master_key_length = hashlen;`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(exts);`
Packit Service	084de1	`ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);`
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_free(exts);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* In TLSv1.3 this is called from the extensions code, otherwise it is used to`
Packit Service	084de1	`* parse a separate message. Returns 1 on success or 0 on failure`
Packit Service	084de1	`*/`
Packit Service	084de1	`int tls_process_cert_status_body(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`size_t resplen;`
Packit Service	084de1	`unsigned int type;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_get_1(pkt, &type)`
Packit Service	084de1	`\|\| type != TLSEXT_STATUSTYPE_ocsp) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,`
Packit Service	084de1	`SSL_R_UNSUPPORTED_STATUS_TYPE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!PACKET_get_net_3_len(pkt, &resplen)`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) != resplen) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->ext.ocsp.resp = OPENSSL_malloc(resplen);`
Packit Service	084de1	`if (s->ext.ocsp.resp == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->ext.ocsp.resp_len = resplen;`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_cert_status(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`if (!tls_process_cert_status_body(s, pkt)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Perform miscellaneous checks and processing after we have received the`
Packit Service	084de1	`* server's initial flight. In TLS1.3 this is after the Server Finished message.`
Packit Service	084de1	`* In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0`
Packit Service	084de1	`* on failure.`
Packit Service	084de1	`*/`
Packit Service	084de1	`int tls_process_initial_server_flight(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`/*`
Packit Service	084de1	`* at this point we check that we have the required stuff from`
Packit Service	084de1	`* the server`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!ssl3_check_cert_and_algorithm(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Call the ocsp status callback if needed. The \|ext.ocsp.resp\| and`
Packit Service	084de1	`* \|ext.ocsp.resp_len\| values will be set if we actually received a status`
Packit Service	084de1	`* message, or NULL and -1 otherwise`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing`
Packit Service	084de1	`&& s->ctx->ext.status_cb != NULL) {`
Packit Service	084de1	`int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);`
Packit Service	084de1
Packit Service	084de1	`if (ret == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,`
Packit Service	084de1	`SSL_R_INVALID_STATUS_RESPONSE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (ret < 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`#ifndef OPENSSL_NO_CT`
Packit Service	084de1	`if (s->ct_validation_callback != NULL) {`
Packit Service	084de1	`/* Note we validate the SCTs whether or not we abort on error */`
Packit Service	084de1	`if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_server_done(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`if (PACKET_remaining(pkt) > 0) {`
Packit Service	084de1	`/* should contain no data */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`#ifndef OPENSSL_NO_SRP`
Packit Service	084de1	`if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {`
Packit Service	084de1	`if (SRP_Calc_A_param(s) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,`
Packit Service	084de1	`SSL_R_SRP_A_CALC);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`if (!tls_process_initial_server_flight(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_construct_cke_psk_preamble(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_PSK`
Packit Service	084de1	`int ret = 0;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a`
Packit Service	084de1	`* \0-terminated identity. The last byte is for us for simulating`
Packit Service	084de1	`* strnlen.`
Packit Service	084de1	`*/`
Packit Service	084de1	`char identity[PSK_MAX_IDENTITY_LEN + 1];`
Packit Service	084de1	`size_t identitylen = 0;`
Packit Service	084de1	`unsigned char psk[PSK_MAX_PSK_LEN];`
Packit Service	084de1	`unsigned char *tmppsk = NULL;`
Packit Service	084de1	`char *tmpidentity = NULL;`
Packit Service	084de1	`size_t psklen = 0;`
Packit Service	084de1
Packit Service	084de1	`if (s->psk_client_callback == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,`
Packit Service	084de1	`SSL_R_PSK_NO_CLIENT_CB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`memset(identity, 0, sizeof(identity));`
Packit Service	084de1
Packit Service	084de1	`psklen = s->psk_client_callback(s, s->session->psk_identity_hint,`
Packit Service	084de1	`identity, sizeof(identity) - 1,`
Packit Service	084de1	`psk, sizeof(psk));`
Packit Service	084de1
Packit Service	084de1	`if (psklen > PSK_MAX_PSK_LEN) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else if (psklen == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,`
Packit Service	084de1	`SSL_R_PSK_IDENTITY_NOT_FOUND);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`identitylen = strlen(identity);`
Packit Service	084de1	`if (identitylen > PSK_MAX_IDENTITY_LEN) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`tmppsk = OPENSSL_memdup(psk, psklen);`
Packit Service	084de1	`tmpidentity = OPENSSL_strdup(identity);`
Packit Service	084de1	`if (tmppsk == NULL \|\| tmpidentity == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(s->s3->tmp.psk);`
Packit Service	084de1	`s->s3->tmp.psk = tmppsk;`
Packit Service	084de1	`s->s3->tmp.psklen = psklen;`
Packit Service	084de1	`tmppsk = NULL;`
Packit Service	084de1	`OPENSSL_free(s->session->psk_identity);`
Packit Service	084de1	`s->session->psk_identity = tmpidentity;`
Packit Service	084de1	`tmpidentity = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ret = 1;`
Packit Service	084de1
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_cleanse(psk, psklen);`
Packit Service	084de1	`OPENSSL_cleanse(identity, sizeof(identity));`
Packit Service	084de1	`OPENSSL_clear_free(tmppsk, psklen);`
Packit Service	084de1	`OPENSSL_clear_free(tmpidentity, identitylen);`
Packit Service	084de1
Packit Service	084de1	`return ret;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_construct_cke_rsa(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_RSA`
Packit Service	084de1	`unsigned char *encdata = NULL;`
Packit Service	084de1	`EVP_PKEY *pkey = NULL;`
Packit Service	084de1	`EVP_PKEY_CTX *pctx = NULL;`
Packit Service	084de1	`size_t enclen;`
Packit Service	084de1	`unsigned char *pms = NULL;`
Packit Service	084de1	`size_t pmslen = 0;`
Packit Service	084de1
Packit Service	084de1	`if (s->session->peer == NULL) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We should always have a server certificate with SSL_kRSA.`
Packit Service	084de1	`*/`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`pkey = X509_get0_pubkey(s->session->peer);`
Packit Service	084de1	`if (EVP_PKEY_get0_RSA(pkey) == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`pmslen = SSL_MAX_MASTER_KEY_LENGTH;`
Packit Service	084de1	`pms = OPENSSL_malloc(pmslen);`
Packit Service	084de1	`if (pms == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`pms[0] = s->client_version >> 8;`
Packit Service	084de1	`pms[1] = s->client_version & 0xff;`
Packit Service	084de1	`/* TODO(size_t): Convert this function */`
Packit Service	084de1	`if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Fix buf for TLS and beyond */`
Packit Service	084de1	`if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`pctx = EVP_PKEY_CTX_new(pkey, NULL);`
Packit Service	084de1	`if (pctx == NULL \|\| EVP_PKEY_encrypt_init(pctx) <= 0`
Packit Service	084de1	`\|\| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_EVP_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)`
Packit Service	084de1	`\|\| EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`SSL_R_BAD_RSA_ENCRYPT);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`EVP_PKEY_CTX_free(pctx);`
Packit Service	084de1	`pctx = NULL;`
Packit Service	084de1
Packit Service	084de1	`/* Fix buf for TLS and beyond */`
Packit Service	084de1	`if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Log the premaster secret, if logging is enabled. */`
Packit Service	084de1	`if (!ssl_log_rsa_client_key_exchange(s, encdata, enclen, pms, pmslen)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->s3->tmp.pms = pms;`
Packit Service	084de1	`s->s3->tmp.pmslen = pmslen;`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_clear_free(pms, pmslen);`
Packit Service	084de1	`EVP_PKEY_CTX_free(pctx);`
Packit Service	084de1
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_construct_cke_dhe(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_DH`
Packit Service	084de1	`DH *dh_clnt = NULL;`
Packit Service	084de1	`const BIGNUM *pub_key;`
Packit Service	084de1	`EVP_PKEY ckey = NULL, skey = NULL;`
Packit Service	084de1	`unsigned char *keybytes = NULL;`
Packit Service	084de1
Packit Service	084de1	`skey = s->s3->peer_tmp;`
Packit Service	084de1	`if (skey == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ckey = ssl_generate_pkey(skey);`
Packit Service	084de1	`if (ckey == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`dh_clnt = EVP_PKEY_get0_DH(ckey);`
Packit Service	084de1
Packit Service	084de1	`if (dh_clnt == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (ssl_derive(s, ckey, skey, 0) == 0) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* send off the data */`
Packit Service	084de1	`DH_get0_key(dh_clnt, &pub_key, NULL);`
Packit Service	084de1	`if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),`
Packit Service	084de1	`&keybytes)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`BN_bn2bin(pub_key, keybytes);`
Packit Service	084de1	`EVP_PKEY_free(ckey);`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`err:`
Packit Service	084de1	`EVP_PKEY_free(ckey);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_construct_cke_ecdhe(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_EC`
Packit Service	084de1	`unsigned char *encodedPoint = NULL;`
Packit Service	084de1	`size_t encoded_pt_len = 0;`
Packit Service	084de1	`EVP_PKEY ckey = NULL, skey = NULL;`
Packit Service	084de1	`int ret = 0;`
Packit Service	084de1
Packit Service	084de1	`skey = s->s3->peer_tmp;`
Packit Service	084de1	`if (skey == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ckey = ssl_generate_pkey(skey);`
Packit Service	084de1	`if (ckey == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (ssl_derive(s, ckey, skey, 0) == 0) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Generate encoding of client key */`
Packit Service	084de1	`encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);`
Packit Service	084de1
Packit Service	084de1	`if (encoded_pt_len == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,`
Packit Service	084de1	`ERR_R_EC_LIB);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ret = 1;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_free(encodedPoint);`
Packit Service	084de1	`EVP_PKEY_free(ckey);`
Packit Service	084de1	`return ret;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_construct_cke_gost(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_GOST`
Packit Service	084de1	`/* GOST key exchange message creation */`
Packit Service	084de1	`EVP_PKEY_CTX *pkey_ctx = NULL;`
Packit Service	084de1	`X509 *peer_cert;`
Packit Service	084de1	`size_t msglen;`
Packit Service	084de1	`unsigned int md_len;`
Packit Service	084de1	`unsigned char shared_ukm[32], tmp[256];`
Packit Service	084de1	`EVP_MD_CTX *ukm_hash = NULL;`
Packit Service	084de1	`int dgst_nid = NID_id_GostR3411_94;`
Packit Service	084de1	`unsigned char *pms = NULL;`
Packit Service	084de1	`size_t pmslen = 0;`
Packit Service	084de1
Packit Service	084de1	`if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)`
Packit Service	084de1	`dgst_nid = NID_id_GostR3411_2012_256;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Get server certificate PKEY and create ctx from it`
Packit Service	084de1	`*/`
Packit Service	084de1	`peer_cert = s->session->peer;`
Packit Service	084de1	`if (!peer_cert) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);`
Packit Service	084de1	`if (pkey_ctx == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If we have send a certificate, and certificate key`
Packit Service	084de1	`* parameters match those of server certificate, use`
Packit Service	084de1	`* certificate key for key exchange`
Packit Service	084de1	`*/`
Packit Service	084de1
Packit Service	084de1	`/* Otherwise, generate ephemeral key pair */`
Packit Service	084de1	`pmslen = 32;`
Packit Service	084de1	`pms = OPENSSL_malloc(pmslen);`
Packit Service	084de1	`if (pms == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0`
Packit Service	084de1	`/* Generate session key`
Packit Service	084de1	`* TODO(size_t): Convert this function`
Packit Service	084de1	`*/`
Packit Service	084de1	`\|\| RAND_bytes(pms, (int)pmslen) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`};`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Compute shared IV and store it in algorithm-specific context`
Packit Service	084de1	`* data`
Packit Service	084de1	`*/`
Packit Service	084de1	`ukm_hash = EVP_MD_CTX_new();`
Packit Service	084de1	`if (ukm_hash == NULL`
Packit Service	084de1	`\|\| EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0`
Packit Service	084de1	`\|\| EVP_DigestUpdate(ukm_hash, s->s3->client_random,`
Packit Service	084de1	`SSL3_RANDOM_SIZE) <= 0`
Packit Service	084de1	`\|\| EVP_DigestUpdate(ukm_hash, s->s3->server_random,`
Packit Service	084de1	`SSL3_RANDOM_SIZE) <= 0`
Packit Service	084de1	`\|\| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`EVP_MD_CTX_free(ukm_hash);`
Packit Service	084de1	`ukm_hash = NULL;`
Packit Service	084de1	`if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,`
Packit Service	084de1	`EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`SSL_R_LIBRARY_BUG);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* Make GOST keytransport blob message */`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Encapsulate it into sequence`
Packit Service	084de1	`*/`
Packit Service	084de1	`msglen = 255;`
Packit Service	084de1	`if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`SSL_R_LIBRARY_BUG);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE \| V_ASN1_CONSTRUCTED)`
Packit Service	084de1	`\|\| (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))`
Packit Service	084de1	`\|\| !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`EVP_PKEY_CTX_free(pkey_ctx);`
Packit Service	084de1	`s->s3->tmp.pms = pms;`
Packit Service	084de1	`s->s3->tmp.pmslen = pmslen;`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`err:`
Packit Service	084de1	`EVP_PKEY_CTX_free(pkey_ctx);`
Packit Service	084de1	`OPENSSL_clear_free(pms, pmslen);`
Packit Service	084de1	`EVP_MD_CTX_free(ukm_hash);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int tls_construct_cke_srp(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifndef OPENSSL_NO_SRP`
Packit Service	084de1	`unsigned char *abytes = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (s->srp_ctx.A == NULL`
Packit Service	084de1	`\|\| !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),`
Packit Service	084de1	`&abytes)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`BN_bn2bin(s->srp_ctx.A, abytes);`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(s->session->srp_username);`
Packit Service	084de1	`s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);`
Packit Service	084de1	`if (s->session->srp_username == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,`
Packit Service	084de1	`ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`#else`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int tls_construct_client_key_exchange(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`unsigned long alg_k;`
Packit Service	084de1
Packit Service	084de1	`alg_k = s->s3->tmp.new_cipher->algorithm_mkey;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* All of the construct functions below call SSLfatal() if necessary so`
Packit Service	084de1	`* no need to do so here.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if ((alg_k & SSL_PSK)`
Packit Service	084de1	`&& !tls_construct_cke_psk_preamble(s, pkt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1
Packit Service	084de1	`if (alg_k & (SSL_kRSA \| SSL_kRSAPSK)) {`
Packit Service	084de1	`if (!tls_construct_cke_rsa(s, pkt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else if (alg_k & (SSL_kDHE \| SSL_kDHEPSK)) {`
Packit Service	084de1	`if (!tls_construct_cke_dhe(s, pkt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else if (alg_k & (SSL_kECDHE \| SSL_kECDHEPSK)) {`
Packit Service	084de1	`if (!tls_construct_cke_ecdhe(s, pkt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else if (alg_k & SSL_kGOST) {`
Packit Service	084de1	`if (!tls_construct_cke_gost(s, pkt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else if (alg_k & SSL_kSRP) {`
Packit Service	084de1	`if (!tls_construct_cke_srp(s, pkt))`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`} else if (!(alg_k & SSL_kPSK)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);`
Packit Service	084de1	`s->s3->tmp.pms = NULL;`
Packit Service	084de1	`#ifndef OPENSSL_NO_PSK`
Packit Service	084de1	`OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);`
Packit Service	084de1	`s->s3->tmp.psk = NULL;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int tls_client_key_exchange_post_work(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`unsigned char *pms = NULL;`
Packit Service	084de1	`size_t pmslen = 0;`
Packit Service	084de1
Packit Service	084de1	`pms = s->s3->tmp.pms;`
Packit Service	084de1	`pmslen = s->s3->tmp.pmslen;`
Packit Service	084de1
Packit Service	084de1	`#ifndef OPENSSL_NO_SRP`
Packit Service	084de1	`/* Check for SRP */`
Packit Service	084de1	`if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {`
Packit Service	084de1	`if (!srp_generate_client_master_secret(s)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`/* ssl_generate_master_secret frees the pms even on error */`
Packit Service	084de1	`pms = NULL;`
Packit Service	084de1	`pmslen = 0;`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1	`pms = NULL;`
Packit Service	084de1	`pmslen = 0;`
Packit Service	084de1
Packit Service	084de1	`#ifndef OPENSSL_NO_SCTP`
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`unsigned char sctpauthkey[64];`
Packit Service	084de1	`char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];`
Packit Service	084de1	`size_t labellen;`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Add new shared key for SCTP-Auth, will be ignored if no SCTP`
Packit Service	084de1	`* used.`
Packit Service	084de1	`*/`
Packit Service	084de1	`memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,`
Packit Service	084de1	`sizeof(DTLS1_SCTP_AUTH_LABEL));`
Packit Service	084de1
Packit Service	084de1	`/* Don't include the terminating zero. */`
Packit Service	084de1	`labellen = sizeof(labelbuffer) - 1;`
Packit Service	084de1	`if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)`
Packit Service	084de1	`labellen += 1;`
Packit Service	084de1
Packit Service	084de1	`if (SSL_export_keying_material(s, sctpauthkey,`
Packit Service	084de1	`sizeof(sctpauthkey), labelbuffer,`
Packit Service	084de1	`labellen, NULL, 0, 0) <= 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,`
Packit Service	084de1	`sizeof(sctpauthkey), sctpauthkey);`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_clear_free(pms, pmslen);`
Packit Service	084de1	`s->s3->tmp.pms = NULL;`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Check a certificate can be used for client authentication. Currently check`
Packit Service	084de1	`* cert exists, if we have a suitable digest for TLS 1.2 if static DH client`
Packit Service	084de1	`* certificates can be used and optionally checks suitability for Suite B.`
Packit Service	084de1	`*/`
Packit Service	084de1	`static int ssl3_check_client_certificate(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`/* If no suitable signature algorithm can't use certificate */`
Packit Service	084de1	`if (!tls_choose_sigalg(s, 0) \|\| s->s3->tmp.sigalg == NULL)`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If strict mode check suitability of chain before using it. This also`
Packit Service	084de1	`* adjusts suite B digest if necessary.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&`
Packit Service	084de1	`!tls1_check_chain(s, NULL, NULL, NULL, -2))`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)`
Packit Service	084de1	`{`
Packit Service	084de1	`X509 *x509 = NULL;`
Packit Service	084de1	`EVP_PKEY *pkey = NULL;`
Packit Service	084de1	`int i;`
Packit Service	084de1
Packit Service	084de1	`if (wst == WORK_MORE_A) {`
Packit Service	084de1	`/* Let cert callback update client certificates if required */`
Packit Service	084de1	`if (s->cert->cert_cb) {`
Packit Service	084de1	`i = s->cert->cert_cb(s, s->cert->cert_cb_arg);`
Packit Service	084de1	`if (i < 0) {`
Packit Service	084de1	`s->rwstate = SSL_X509_LOOKUP;`
Packit Service	084de1	`return WORK_MORE_A;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (i == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,`
Packit Service	084de1	`SSL_R_CALLBACK_FAILED);`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->rwstate = SSL_NOTHING;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (ssl3_check_client_certificate(s)) {`
Packit Service	084de1	`if (s->post_handshake_auth == SSL_PHA_REQUESTED) {`
Packit Service	084de1	`return WORK_FINISHED_STOP;`
Packit Service	084de1	`}`
Packit Service	084de1	`return WORK_FINISHED_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Fall through to WORK_MORE_B */`
Packit Service	084de1	`wst = WORK_MORE_B;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* We need to get a client cert */`
Packit Service	084de1	`if (wst == WORK_MORE_B) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;`
Packit Service	084de1	`* return(-1); We then get retied later`
Packit Service	084de1	`*/`
Packit Service	084de1	`i = ssl_do_client_cert_cb(s, &x509, &pkey);`
Packit Service	084de1	`if (i < 0) {`
Packit Service	084de1	`s->rwstate = SSL_X509_LOOKUP;`
Packit Service	084de1	`return WORK_MORE_B;`
Packit Service	084de1	`}`
Packit Service	084de1	`s->rwstate = SSL_NOTHING;`
Packit Service	084de1	`if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {`
Packit Service	084de1	`if (!SSL_use_certificate(s, x509) \|\| !SSL_use_PrivateKey(s, pkey))`
Packit Service	084de1	`i = 0;`
Packit Service	084de1	`} else if (i == 1) {`
Packit Service	084de1	`i = 0;`
Packit Service	084de1	`SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,`
Packit Service	084de1	`SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`X509_free(x509);`
Packit Service	084de1	`EVP_PKEY_free(pkey);`
Packit Service	084de1	`if (i && !ssl3_check_client_certificate(s))`
Packit Service	084de1	`i = 0;`
Packit Service	084de1	`if (i == 0) {`
Packit Service	084de1	`if (s->version == SSL3_VERSION) {`
Packit Service	084de1	`s->s3->tmp.cert_req = 0;`
Packit Service	084de1	`ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);`
Packit Service	084de1	`return WORK_FINISHED_CONTINUE;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`s->s3->tmp.cert_req = 2;`
Packit Service	084de1	`if (!ssl3_digest_cached_records(s, 0)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (s->post_handshake_auth == SSL_PHA_REQUESTED)`
Packit Service	084de1	`return WORK_FINISHED_STOP;`
Packit Service	084de1	`return WORK_FINISHED_CONTINUE;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Shouldn't ever get here */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return WORK_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int tls_construct_client_certificate(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`if (SSL_IS_TLS13(s)) {`
Packit Service	084de1	`if (s->pha_context == NULL) {`
Packit Service	084de1	`/* no context available, add 0-length context */`
Packit Service	084de1	`if (!WPACKET_put_bytes_u8(pkt, 0)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!ssl3_output_cert_chain(s, pkt,`
Packit Service	084de1	`(s->s3->tmp.cert_req == 2) ? NULL`
Packit Service	084de1	`: s->cert->key)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (SSL_IS_TLS13(s)`
Packit Service	084de1	`&& SSL_IS_FIRST_HANDSHAKE(s)`
Packit Service	084de1	`&& (!s->method->ssl3_enc->change_cipher_state(s,`
Packit Service	084de1	`SSL3_CC_HANDSHAKE \| SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* This is a fatal error, which leaves enc_write_ctx in an inconsistent`
Packit Service	084de1	`* state and thus ssl3_send_alert may crash.`
Packit Service	084de1	`*/`
Packit Service	084de1	`SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE,`
Packit Service	084de1	`SSL_R_CANNOT_CHANGE_CIPHER);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int ssl3_check_cert_and_algorithm(SSL *s)`
Packit Service	084de1	`{`
Packit Service	084de1	`const SSL_CERT_LOOKUP *clu;`
Packit Service	084de1	`size_t idx;`
Packit Service	084de1	`long alg_k, alg_a;`
Packit Service	084de1
Packit Service	084de1	`alg_k = s->s3->tmp.new_cipher->algorithm_mkey;`
Packit Service	084de1	`alg_a = s->s3->tmp.new_cipher->algorithm_auth;`
Packit Service	084de1
Packit Service	084de1	`/* we don't have a certificate */`
Packit Service	084de1	`if (!(alg_a & SSL_aCERT))`
Packit Service	084de1	`return 1;`
Packit Service	084de1
Packit Service	084de1	`/* This is the passed certificate */`
Packit Service	084de1	`clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);`
Packit Service	084de1
Packit Service	084de1	`/* Check certificate is recognised and suitable for cipher */`
Packit Service	084de1	`if (clu == NULL \|\| (alg_a & clu->amask) == 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,`
Packit Service	084de1	`SSL_R_MISSING_SIGNING_CERT);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`#ifndef OPENSSL_NO_EC`
Packit Service	084de1	`if (clu->amask & SSL_aECDSA) {`
Packit Service	084de1	`if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1	`#ifndef OPENSSL_NO_RSA`
Packit Service	084de1	`if (alg_k & (SSL_kRSA \| SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,`
Packit Service	084de1	`SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,`
Packit Service	084de1	`SSL_R_MISSING_RSA_ENCRYPTING_CERT);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1	`#ifndef OPENSSL_NO_DH`
Packit Service	084de1	`if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`#ifndef OPENSSL_NO_NEXTPROTONEG`
Packit Service	084de1	`int tls_construct_next_proto(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`size_t len, padding_len;`
Packit Service	084de1	`unsigned char *padding = NULL;`
Packit Service	084de1
Packit Service	084de1	`len = s->ext.npn_len;`
Packit Service	084de1	`padding_len = 32 - ((len + 2) % 32);`
Packit Service	084de1
Packit Service	084de1	`if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)`
Packit Service	084de1	`\|\| !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEXT_PROTO,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`memset(padding, 0, padding_len);`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1
Packit Service	084de1	`MSG_PROCESS_RETURN tls_process_hello_req(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`if (PACKET_remaining(pkt) > 0) {`
Packit Service	084de1	`/* should contain no data */`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_HELLO_REQ,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if ((s->options & SSL_OP_NO_RENEGOTIATION)) {`
Packit Service	084de1	`ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);`
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* This is a historical discrepancy (not in the RFC) maintained for`
Packit Service	084de1	`* compatibility reasons. If a TLS client receives a HelloRequest it will`
Packit Service	084de1	`* attempt an abbreviated handshake. However if a DTLS client receives a`
Packit Service	084de1	`* HelloRequest it will do a full handshake. Either behaviour is reasonable`
Packit Service	084de1	`* but doing one for TLS and another for DTLS is odd.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (SSL_IS_DTLS(s))`
Packit Service	084de1	`SSL_renegotiate(s);`
Packit Service	084de1	`else`
Packit Service	084de1	`SSL_renegotiate_abbreviated(s);`
Packit Service	084de1
Packit Service	084de1	`return MSG_PROCESS_FINISHED_READING;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL s, PACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`PACKET extensions;`
Packit Service	084de1	`RAW_EXTENSION *rawexts = NULL;`
Packit Service	084de1
Packit Service	084de1	`if (!PACKET_as_length_prefixed_2(pkt, &extensions)`
Packit Service	084de1	`\|\| PACKET_remaining(pkt) != 0) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS,`
Packit Service	084de1	`SSL_R_LENGTH_MISMATCH);`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!tls_collect_extensions(s, &extensions,`
Packit Service	084de1	`SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts,`
Packit Service	084de1	`NULL, 1)`
Packit Service	084de1	`\|\| !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,`
Packit Service	084de1	`rawexts, NULL, 0, 1)) {`
Packit Service	084de1	`/* SSLfatal() already called */`
Packit Service	084de1	`goto err;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_free(rawexts);`
Packit Service	084de1	`return MSG_PROCESS_CONTINUE_READING;`
Packit Service	084de1
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_free(rawexts);`
Packit Service	084de1	`return MSG_PROCESS_ERROR;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int ssl_do_client_cert_cb(SSL s, X509 px509, EVP_PKEY *ppkey)`
Packit Service	084de1	`{`
Packit Service	084de1	`int i = 0;`
Packit Service	084de1	`#ifndef OPENSSL_NO_ENGINE`
Packit Service	084de1	`if (s->ctx->client_cert_engine) {`
Packit Service	084de1	`i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,`
Packit Service	084de1	`SSL_get_client_CA_list(s),`
Packit Service	084de1	`px509, ppkey, NULL, NULL, NULL);`
Packit Service	084de1	`if (i != 0)`
Packit Service	084de1	`return i;`
Packit Service	084de1	`}`
Packit Service	084de1	`#endif`
Packit Service	084de1	`if (s->ctx->client_cert_cb)`
Packit Service	084de1	`i = s->ctx->client_cert_cb(s, px509, ppkey);`
Packit Service	084de1	`return i;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk, WPACKET *pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`int i;`
Packit Service	084de1	`size_t totlen = 0, len, maxlen, maxverok = 0;`
Packit Service	084de1	`int empty_reneg_info_scsv = !s->renegotiate;`
Packit Service	084de1
Packit Service	084de1	`/* Set disabled masks for this session */`
Packit Service	084de1	`if (!ssl_set_client_disabled(s)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,`
Packit Service	084de1	`SSL_R_NO_PROTOCOLS_AVAILABLE);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (sk == NULL) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH`
Packit Service	084de1	`# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6`
Packit Service	084de1	`# error Max cipher length too short`
Packit Service	084de1	`# endif`
Packit Service	084de1	`/*`
Packit Service	084de1	`* Some servers hang if client hello > 256 bytes as hack workaround`
Packit Service	084de1	`* chop number of supported ciphers to keep it well below this if we`
Packit Service	084de1	`* use TLS v1.2`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (TLS1_get_version(s) >= TLS1_2_VERSION)`
Packit Service	084de1	`maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;`
Packit Service	084de1	`else`
Packit Service	084de1	`#endif`
Packit Service	084de1	`/* Maximum length that can be stored in 2 bytes. Length must be even */`
Packit Service	084de1	`maxlen = 0xfffe;`
Packit Service	084de1
Packit Service	084de1	`if (empty_reneg_info_scsv)`
Packit Service	084de1	`maxlen -= 2;`
Packit Service	084de1	`if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)`
Packit Service	084de1	`maxlen -= 2;`
Packit Service	084de1
Packit Service	084de1	`for (i = 0; i < sk_SSL_CIPHER_num(sk) && totlen < maxlen; i++) {`
Packit Service	084de1	`const SSL_CIPHER *c;`
Packit Service	084de1
Packit Service	084de1	`c = sk_SSL_CIPHER_value(sk, i);`
Packit Service	084de1	`/* Skip disabled ciphers */`
Packit Service	084de1	`if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))`
Packit Service	084de1	`continue;`
Packit Service	084de1
Packit Service	084de1	`if (!s->method->put_cipher_by_char(c, pkt, &len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,`
Packit Service	084de1	`ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Sanity check that the maximum version we offer has ciphers enabled */`
Packit Service	084de1	`if (!maxverok) {`
Packit Service	084de1	`if (SSL_IS_DTLS(s)) {`
Packit Service	084de1	`if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver)`
Packit Service	084de1	`&& DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver))`
Packit Service	084de1	`maxverok = 1;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`if (c->max_tls >= s->s3->tmp.max_ver`
Packit Service	084de1	`&& c->min_tls <= s->s3->tmp.max_ver)`
Packit Service	084de1	`maxverok = 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`totlen += len;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (totlen == 0 \|\| !maxverok) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,`
Packit Service	084de1	`SSL_R_NO_CIPHERS_AVAILABLE);`
Packit Service	084de1
Packit Service	084de1	`if (!maxverok)`
Packit Service	084de1	`ERR_add_error_data(1, "No ciphers enabled for max supported "`
Packit Service	084de1	`"SSL/TLS version");`
Packit Service	084de1
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (totlen != 0) {`
Packit Service	084de1	`if (empty_reneg_info_scsv) {`
Packit Service	084de1	`static SSL_CIPHER scsv = {`
Packit Service	084de1	`0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0`
Packit Service	084de1	`};`
Packit Service	084de1	`if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {`
Packit Service	084de1	`static SSL_CIPHER scsv = {`
Packit Service	084de1	`0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0`
Packit Service	084de1	`};`
Packit Service	084de1	`if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int tls_construct_end_of_early_data(SSL s, WPACKET pkt)`
Packit Service	084de1	`{`
Packit Service	084de1	`if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY`
Packit Service	084de1	`&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {`
Packit Service	084de1	`SSLfatal(s, SSL_AD_INTERNAL_ERROR,`
Packit Service	084de1	`SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA,`
Packit Service	084de1	`ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`

source-git / openssl

Source Code

Blame ssl/statem/statem_clnt.c