27 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
28 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
33                                     WPACKET *pkt);
885 int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
1020 MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
1033         return tls_process_server_hello(s, pkt);
1036         return dtls_process_hello_verify(s, pkt);
1039         return tls_process_server_certificate(s, pkt);
1042         return tls_process_cert_verify(s, pkt);
1045         return tls_process_cert_status(s, pkt);
1048         return tls_process_key_exchange(s, pkt);
1051         return tls_process_certificate_request(s, pkt);
1054         return tls_process_server_done(s, pkt);
1057         return tls_process_change_cipher_spec(s, pkt);
1060         return tls_process_new_session_ticket(s, pkt);
1063         return tls_process_finished(s, pkt);
1066         return tls_process_hello_req(s, pkt);
1069         return tls_process_encrypted_extensions(s, pkt);
1072         return tls_process_key_update(s, pkt);
1098 int tls_construct_client_hello(SSL *s, WPACKET *pkt)
1187     if (!WPACKET_put_bytes_u16(pkt, s->client_version)
1188             || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
1220     if (!WPACKET_start_sub_packet_u8(pkt)
1221             || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,
1223             || !WPACKET_close(pkt)) {
1232                 || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,
1241     if (!WPACKET_start_sub_packet_u16(pkt)) {
1247     if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {
1251     if (!WPACKET_close(pkt)) {
1258     if (!WPACKET_start_sub_packet_u8(pkt)) {
1270             if (!WPACKET_put_bytes_u8(pkt, comp->id)) {
1280     if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {
1287     if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {
1295 MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
1300     if (!PACKET_forward(pkt, 2)
1301         || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
1399 MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
1413     if (!PACKET_get_net_2(pkt, &sversion)) {
1422             && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
1423             && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
1426         if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
1432         if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {
1440     if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
1453     if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
1459     if (!PACKET_get_1(pkt, &compression)) {
1466     if (PACKET_remaining(pkt) == 0 && !hrr) {
1468     } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
1469                || PACKET_remaining(pkt) != 0) {
1814 MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
1833     if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context))
1835             || !PACKET_get_net_3(pkt, &cert_list_len)
1836             || PACKET_remaining(pkt) != cert_list_len
1837             || PACKET_remaining(pkt) == 0) {
1842     for (chainidx = 0; PACKET_remaining(pkt); chainidx++) {
1843         if (!PACKET_get_net_3(pkt, &cert_len)
1844             || !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
1869             if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
1880                                              PACKET_remaining(pkt) == 0)) {
1987 static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt)
1994     if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
2031 static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
2036     if (!PACKET_get_length_prefixed_2(pkt, &prime)
2037         || !PACKET_get_length_prefixed_2(pkt, &generator)
2038         || !PACKET_get_length_prefixed_1(pkt, &salt)
2039         || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
2080 static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
2091     if (!PACKET_get_length_prefixed_2(pkt, &prime)
2092         || !PACKET_get_length_prefixed_2(pkt, &generator)
2093         || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
2188 static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
2199     if (!PACKET_get_1(pkt, &curve_type) || !PACKET_get_net_2(pkt, &curve_id)) {
2221     if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
2254 MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
2264     save_param_start = *pkt;
2272         if (!tls_process_ske_psk_preamble(s, pkt)) {
2281         if (!tls_process_ske_srp(s, pkt, &pkey)) {
2286         if (!tls_process_ske_dhe(s, pkt, &pkey)) {
2291         if (!tls_process_ske_ecdhe(s, pkt, &pkey)) {
2311          * |pkt| now points to the beginning of the signature, so the difference
2316                                    PACKET_remaining(pkt))) {
2325             if (!PACKET_get_net_2(pkt, &sigalg)) {
2351         if (!PACKET_get_length_prefixed_2(pkt, &signature)
2352             || PACKET_remaining(pkt) != 0) {
2425         if (PACKET_remaining(pkt) != 0) {
2438 MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
2467         if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
2475         if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
2501         if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {
2518             if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {
2544         if (!parse_ca_names(s, pkt)) {
2550     if (PACKET_remaining(pkt) != 0) {
2574 MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
2584     if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
2586             && (!PACKET_get_net_4(pkt, &age_add)
2587                 || !PACKET_get_length_prefixed_1(pkt, &nonce)))
2588         || !PACKET_get_net_2(pkt, &ticklen)
2589         || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen)
2590                             : PACKET_remaining(pkt) != ticklen)) {
2656     if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {
2669         if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
2670                 || PACKET_remaining(pkt) != 0) {
2756 int tls_process_cert_status_body(SSL *s, PACKET *pkt)
2761     if (!PACKET_get_1(pkt, &type)
2767     if (!PACKET_get_net_3_len(pkt, &resplen)
2768         || PACKET_remaining(pkt) != resplen) {
2781     if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
2791 MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
2793     if (!tls_process_cert_status_body(s, pkt)) {
2853 MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
2855     if (PACKET_remaining(pkt) > 0) {
2879 static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
2942     if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen))  {
2964 static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
3008     if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {
3020     if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)
3030     if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {
3058 static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
3095     if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
3116 static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
3152     if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {
3170 static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
3262     if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
3263             || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))
3264             || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
3287 static int tls_construct_cke_srp(SSL *s, WPACKET *pkt)
3293             || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),
3317 int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
3328         && !tls_construct_cke_psk_preamble(s, pkt))
3332         if (!tls_construct_cke_rsa(s, pkt))
3335         if (!tls_construct_cke_dhe(s, pkt))
3338         if (!tls_construct_cke_ecdhe(s, pkt))
3341         if (!tls_construct_cke_gost(s, pkt))
3344         if (!tls_construct_cke_srp(s, pkt))
3542 int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
3547             if (!WPACKET_put_bytes_u8(pkt, 0)) {
3552         } else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
3558     if (!ssl3_output_cert_chain(s, pkt,
3634 int tls_construct_next_proto(SSL *s, WPACKET *pkt)
3642     if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
3643             || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
3655 MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt)
3657     if (PACKET_remaining(pkt) > 0) {
3684 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt)
3689     if (!PACKET_as_length_prefixed_2(pkt, &extensions)
3690             || PACKET_remaining(pkt) != 0) {
3730 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
3778         if (!s->method->put_cipher_by_char(c, pkt, &len)) {
3816             if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
3826             if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
3837 int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt)

Indexes created Sun Aug 18 21:54:11 MDT 2024