Lines Matching +full:enable +full:- +full:weak +full:- +full:ssl +full:- +full:ciphers
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
29 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
30 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
110 int tls1_new(SSL *s) in tls1_new()
114 if (!s->method->ssl_clear(s)) in tls1_new()
120 void tls1_free(SSL *s) in tls1_free()
122 OPENSSL_free(s->ext.session_ticket); in tls1_free()
126 int tls1_clear(SSL *s) in tls1_clear()
131 if (s->method->version == TLS_ANY_VERSION) in tls1_clear()
132 s->version = TLS_MAX_VERSION_INTERNAL; in tls1_clear()
134 s->version = s->method->version; in tls1_clear()
230 SSL_CTX *ctx = pgd->ctx; in add_provider_groups()
231 OSSL_PROVIDER *provider = pgd->provider; in add_provider_groups()
239 if (ctx->group_list_max_len == ctx->group_list_len) { in add_provider_groups()
242 if (ctx->group_list_max_len == 0) in add_provider_groups()
246 tmp = OPENSSL_realloc(ctx->group_list, in add_provider_groups()
247 (ctx->group_list_max_len in add_provider_groups()
254 ctx->group_list = tmp; in add_provider_groups()
255 memset(tmp + ctx->group_list_max_len, in add_provider_groups()
258 ctx->group_list_max_len += TLS_GROUP_LIST_MALLOC_BLOCK_SIZE; in add_provider_groups()
261 ginf = &ctx->group_list[ctx->group_list_len]; in add_provider_groups()
264 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) { in add_provider_groups()
268 ginf->tlsname = OPENSSL_strdup(p->data); in add_provider_groups()
269 if (ginf->tlsname == NULL) { in add_provider_groups()
275 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) { in add_provider_groups()
279 ginf->realname = OPENSSL_strdup(p->data); in add_provider_groups()
280 if (ginf->realname == NULL) { in add_provider_groups()
290 ginf->group_id = (uint16_t)gid; in add_provider_groups()
293 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) { in add_provider_groups()
297 ginf->algorithm = OPENSSL_strdup(p->data); in add_provider_groups()
298 if (ginf->algorithm == NULL) { in add_provider_groups()
304 if (p == NULL || !OSSL_PARAM_get_uint(p, &ginf->secbits)) { in add_provider_groups()
314 ginf->is_kem = 1 & is_kem; in add_provider_groups()
317 if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mintls)) { in add_provider_groups()
323 if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxtls)) { in add_provider_groups()
329 if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mindtls)) { in add_provider_groups()
335 if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxdtls)) { in add_provider_groups()
347 keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); in add_provider_groups()
350 * We have successfully fetched the algorithm - however if the provider in add_provider_groups()
362 /* We have a match - so we will use this group */ in add_provider_groups()
363 ctx->group_list_len++; in add_provider_groups()
371 OPENSSL_free(ginf->tlsname); in add_provider_groups()
372 OPENSSL_free(ginf->realname); in add_provider_groups()
373 OPENSSL_free(ginf->algorithm); in add_provider_groups()
374 ginf->algorithm = ginf->tlsname = ginf->realname = NULL; in add_provider_groups()
385 return OSSL_PROVIDER_get_capabilities(provider, "TLS-GROUP", in discover_provider_groups()
394 if (!OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx)) in ssl_load_groups()
398 for (j = 0; j < ctx->group_list_len; j++) { in ssl_load_groups()
399 if (ctx->group_list[j].group_id == supported_groups_default[i]) { in ssl_load_groups()
400 tmp_supp_groups[num_deflt_grps++] = ctx->group_list[j].group_id; in ssl_load_groups()
409 ctx->ext.supported_groups_default in ssl_load_groups()
412 if (ctx->ext.supported_groups_default == NULL) { in ssl_load_groups()
417 memcpy(ctx->ext.supported_groups_default, in ssl_load_groups()
420 ctx->ext.supported_groups_default_len = num_deflt_grps; in ssl_load_groups()
429 for (i = 0; i < ctx->group_list_len; i++) { in tls1_group_name2id()
430 if (strcmp(ctx->group_list[i].tlsname, name) == 0 in tls1_group_name2id()
431 || strcmp(ctx->group_list[i].realname, name) == 0) in tls1_group_name2id()
432 return ctx->group_list[i].group_id; in tls1_group_name2id()
442 for (i = 0; i < ctx->group_list_len; i++) { in tls1_group_id_lookup()
443 if (ctx->group_list[i].group_id == group_id) in tls1_group_id_lookup()
444 return &ctx->group_list[i]; in tls1_group_id_lookup()
458 * Return well known Group NIDs - for backwards compatibility. This won't in tls1_group_id2nid()
476 * Return well known Group ids - for backwards compatibility. This won't in tls1_nid2group_id()
492 void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, in tls1_get_supported_groups()
495 /* For Suite B mode only include P-256, P-384 */ in tls1_get_supported_groups()
513 if (s->ext.supportedgroups == NULL) { in tls1_get_supported_groups()
514 *pgroups = s->ctx->ext.supported_groups_default; in tls1_get_supported_groups()
515 *pgroupslen = s->ctx->ext.supported_groups_default_len; in tls1_get_supported_groups()
517 *pgroups = s->ext.supportedgroups; in tls1_get_supported_groups()
518 *pgroupslen = s->ext.supportedgroups_len; in tls1_get_supported_groups()
524 int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, in tls_valid_group()
527 const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id); in tls_valid_group()
537 if (ginfo->mindtls < 0 || ginfo->maxdtls < 0) in tls_valid_group()
539 if (ginfo->maxdtls == 0) in tls_valid_group()
542 ret = DTLS_VERSION_LE(minversion, ginfo->maxdtls); in tls_valid_group()
543 if (ginfo->mindtls > 0) in tls_valid_group()
544 ret &= DTLS_VERSION_GE(maxversion, ginfo->mindtls); in tls_valid_group()
546 if (ginfo->mintls < 0 || ginfo->maxtls < 0) in tls_valid_group()
548 if (ginfo->maxtls == 0) in tls_valid_group()
551 ret = (minversion <= ginfo->maxtls); in tls_valid_group()
552 if (ginfo->mintls > 0) in tls_valid_group()
553 ret &= (maxversion >= ginfo->mintls); in tls_valid_group()
555 *okfortls13 = (ginfo->maxtls == 0) in tls_valid_group()
556 || (ginfo->maxtls >= TLS1_3_VERSION); in tls_valid_group()
559 || strcmp(ginfo->algorithm, "EC") == 0 in tls_valid_group()
560 || strcmp(ginfo->algorithm, "X25519") == 0 in tls_valid_group()
561 || strcmp(ginfo->algorithm, "X448") == 0; in tls_valid_group()
567 int tls_group_allowed(SSL *s, uint16_t group, int op) in tls_group_allowed()
569 const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group); in tls_group_allowed()
577 return ssl_security(s, op, ginfo->secbits, in tls_group_allowed()
578 tls1_group_id2nid(ginfo->group_id, 0), (void *)gtmp); in tls_group_allowed()
591 /*-
594 * For nmatch == -1, return number of matches
595 * For nmatch == -2, return the id of the group to use for
598 uint16_t tls1_shared_group(SSL *s, int nmatch) in tls1_shared_group()
605 if (s->server == 0) in tls1_shared_group()
607 if (nmatch == -2) { in tls1_shared_group()
613 unsigned long cid = s->s3.tmp.new_cipher->id; in tls1_shared_group()
629 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { in tls1_shared_group()
647 if (nmatch == -1) in tls1_shared_group()
714 if (garg->gidcnt == garg->gidmax) { in gid_cb()
716 OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT); in gid_cb()
719 garg->gidmax += GROUPLIST_INCREMENT; in gid_cb()
720 garg->gid_arr = tmp; in gid_cb()
722 if (len > (int)(sizeof(etmp) - 1)) in gid_cb()
727 gid = tls1_group_name2id(garg->ctx, etmp); in gid_cb()
733 for (i = 0; i < garg->gidcnt; i++) in gid_cb()
734 if (garg->gid_arr[i] == gid) in gid_cb()
736 garg->gid_arr[garg->gidcnt++] = gid; in gid_cb()
777 int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) in tls1_check_group_id()
786 if (tls1_suiteb(s) && s->s3.tmp.new_cipher != NULL) { in tls1_check_group_id()
787 unsigned long cid = s->s3.tmp.new_cipher->id; in tls1_check_group_id()
812 if (!s->server) in tls1_check_group_id()
829 void tls1_get_formatlist(SSL *s, const unsigned char **pformats, in tls1_get_formatlist()
835 if (s->ext.ecpointformats) { in tls1_get_formatlist()
836 *pformats = s->ext.ecpointformats; in tls1_get_formatlist()
837 *num_formats = s->ext.ecpointformats_len; in tls1_get_formatlist()
842 *num_formats = sizeof(ecformats_default) - 1; in tls1_get_formatlist()
849 static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) in tls1_check_pkey_comp()
886 if (s->ext.peer_ecpointformats == NULL) in tls1_check_pkey_comp()
889 for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { in tls1_check_pkey_comp()
890 if (s->ext.peer_ecpointformats[i] == comp_id) in tls1_check_pkey_comp()
910 static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) in tls1_check_cert_param()
928 if (!tls1_check_group_id(s, group_id, !s->server)) in tls1_check_cert_param()
931 * Special case for suite B. We *MUST* sign using SHA256+P-256 or in tls1_check_cert_param()
932 * SHA384+P-384. in tls1_check_cert_param()
945 for (i = 0; i < s->shared_sigalgslen; i++) { in tls1_check_cert_param()
946 if (check_md == s->shared_sigalgs[i]->sigandhash) in tls1_check_cert_param()
955 * tls1_check_ec_tmp_key - Check EC temporary key compatibility
956 * @s: SSL connection
964 int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) in tls1_check_ec_tmp_key()
970 * If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other in tls1_check_ec_tmp_key()
1039 NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
1042 NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,
1170 * independently - but not as a combination. We ignore this for now. in ssl_setup_sig_algs()
1172 if (lu->hash != NID_undef in ssl_setup_sig_algs()
1173 && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { in ssl_setup_sig_algs()
1178 if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { in ssl_setup_sig_algs()
1182 pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, tmpkey, ctx->propq); in ssl_setup_sig_algs()
1189 ctx->sigalg_lookup_cache = cache; in ssl_setup_sig_algs()
1200 static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg) in tls1_lookup_sigalg()
1205 for (i = 0, lu = s->ctx->sigalg_lookup_cache; in tls1_lookup_sigalg()
1209 if (lu->sigalg == sigalg) { in tls1_lookup_sigalg()
1210 if (!lu->enabled) in tls1_lookup_sigalg()
1223 /* lu->hash == NID_undef means no associated digest */ in tls1_lookup_md()
1224 if (lu->hash == NID_undef) { in tls1_lookup_md()
1227 md = ssl_md(ctx, lu->hash_idx); in tls1_lookup_md()
1237 * Check if key is large enough to generate RSA-PSS signature.
1261 * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the
1265 static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) in tls1_get_legacy_sigalg()
1267 if (idx == -1) { in tls1_get_legacy_sigalg()
1268 if (s->server) { in tls1_get_legacy_sigalg()
1277 if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) { in tls1_get_legacy_sigalg()
1286 if (idx == SSL_PKEY_GOST01 && s->s3.tmp.new_cipher->algorithm_auth != SSL_aGOST01) { in tls1_get_legacy_sigalg()
1290 real_idx--) { in tls1_get_legacy_sigalg()
1291 if (s->cert->pkeys[real_idx].privatekey != NULL) { in tls1_get_legacy_sigalg()
1299 … * with new (aGOST12-only) ciphersuites, we should find out which one is available really. in tls1_get_legacy_sigalg()
1305 real_idx--) { in tls1_get_legacy_sigalg()
1306 if (s->cert->pkeys[real_idx].privatekey != NULL) { in tls1_get_legacy_sigalg()
1313 idx = s->cert->key - s->cert->pkeys; in tls1_get_legacy_sigalg()
1323 if (!tls1_lookup_md(s->ctx, lu, NULL)) in tls1_get_legacy_sigalg()
1334 int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey) in tls1_set_peer_legacy_sigalg()
1344 s->s3.tmp.peer_sigalg = lu; in tls1_set_peer_legacy_sigalg()
1348 size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) in tls12_get_psigalgs()
1372 if ((s->server == sent) && s->cert->client_sigalgs != NULL) { in tls12_get_psigalgs()
1373 *psigs = s->cert->client_sigalgs; in tls12_get_psigalgs()
1374 return s->cert->client_sigalgslen; in tls12_get_psigalgs()
1375 } else if (s->cert->conf_sigalgs) { in tls12_get_psigalgs()
1376 *psigs = s->cert->conf_sigalgs; in tls12_get_psigalgs()
1377 return s->cert->conf_sigalgslen; in tls12_get_psigalgs()
1388 int tls_check_sigalg_curve(const SSL *s, int curve) in tls_check_sigalg_curve()
1393 if (s->cert->conf_sigalgs) { in tls_check_sigalg_curve()
1394 sigs = s->cert->conf_sigalgs; in tls_check_sigalg_curve()
1395 siglen = s->cert->conf_sigalgslen; in tls_check_sigalg_curve()
1406 if (lu->sig == EVP_PKEY_EC in tls_check_sigalg_curve()
1407 && lu->curve != NID_undef in tls_check_sigalg_curve()
1408 && curve == lu->curve) in tls_check_sigalg_curve()
1437 * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for in sigalg_security_bits()
1440 * puts a chosen-prefix attack for MD5 at 2^39. in sigalg_security_bits()
1449 /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */ in sigalg_security_bits()
1450 if (lu->sigalg == TLSEXT_SIGALG_ed25519) in sigalg_security_bits()
1452 else if (lu->sigalg == TLSEXT_SIGALG_ed448) in sigalg_security_bits()
1463 int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) in tls12_check_peer_sigalg()
1469 int pkeyid = -1; in tls12_check_peer_sigalg()
1475 if (pkeyid == -1) in tls12_check_peer_sigalg()
1476 return -1; in tls12_check_peer_sigalg()
1490 * is consistent with signature: RSA keys can be used for RSA-PSS in tls12_check_peer_sigalg()
1493 || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) in tls12_check_peer_sigalg()
1494 || (pkeyid != lu->sig in tls12_check_peer_sigalg()
1495 && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { in tls12_check_peer_sigalg()
1501 || lu->sig_idx != (int)cidx) { in tls12_check_peer_sigalg()
1519 if (lu->curve != NID_undef && curve != lu->curve) { in tls12_check_peer_sigalg()
1552 if (i == sent_sigslen && (lu->hash != NID_sha1 in tls12_check_peer_sigalg()
1553 || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { in tls12_check_peer_sigalg()
1557 if (!tls1_lookup_md(s->ctx, lu, &md)) { in tls12_check_peer_sigalg()
1567 secbits = sigalg_security_bits(s->ctx, lu); in tls12_check_peer_sigalg()
1576 s->s3.tmp.peer_sigalg = lu; in tls12_check_peer_sigalg()
1580 int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) in SSL_get_peer_signature_type_nid()
1582 if (s->s3.tmp.peer_sigalg == NULL) in SSL_get_peer_signature_type_nid()
1584 *pnid = s->s3.tmp.peer_sigalg->sig; in SSL_get_peer_signature_type_nid()
1588 int SSL_get_signature_type_nid(const SSL *s, int *pnid) in SSL_get_signature_type_nid()
1590 if (s->s3.tmp.sigalg == NULL) in SSL_get_signature_type_nid()
1592 *pnid = s->s3.tmp.sigalg->sig; in SSL_get_signature_type_nid()
1601 * This function should only be used for checking which ciphers are supported
1606 int ssl_set_client_disabled(SSL *s) in ssl_set_client_disabled()
1608 s->s3.tmp.mask_a = 0; in ssl_set_client_disabled()
1609 s->s3.tmp.mask_k = 0; in ssl_set_client_disabled()
1610 ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); in ssl_set_client_disabled()
1611 if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver, in ssl_set_client_disabled()
1612 &s->s3.tmp.max_ver, NULL) != 0) in ssl_set_client_disabled()
1616 if (!s->psk_client_callback) { in ssl_set_client_disabled()
1617 s->s3.tmp.mask_a |= SSL_aPSK; in ssl_set_client_disabled()
1618 s->s3.tmp.mask_k |= SSL_PSK; in ssl_set_client_disabled()
1622 if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { in ssl_set_client_disabled()
1623 s->s3.tmp.mask_a |= SSL_aSRP; in ssl_set_client_disabled()
1624 s->s3.tmp.mask_k |= SSL_kSRP; in ssl_set_client_disabled()
1631 * ssl_cipher_disabled - check that a cipher is disabled or not
1632 * @s: SSL connection that you want to use the cipher on
1635 * @ecdhe: If set to 1 then TLSv1 ECDHE ciphers are also allowed in SSLv3
1639 int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) in ssl_cipher_disabled()
1641 if (c->algorithm_mkey & s->s3.tmp.mask_k in ssl_cipher_disabled()
1642 || c->algorithm_auth & s->s3.tmp.mask_a) in ssl_cipher_disabled()
1644 if (s->s3.tmp.max_ver == 0) in ssl_cipher_disabled()
1647 int min_tls = c->min_tls; in ssl_cipher_disabled()
1654 && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) in ssl_cipher_disabled()
1657 if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) in ssl_cipher_disabled()
1660 if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) in ssl_cipher_disabled()
1661 || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) in ssl_cipher_disabled()
1664 return !ssl_security(s, op, c->strength_bits, 0, (void *)c); in ssl_cipher_disabled()
1667 int tls_use_ticket(SSL *s) in tls_use_ticket()
1669 if ((s->options & SSL_OP_NO_TICKET)) in tls_use_ticket()
1674 int tls1_set_server_sigalgs(SSL *s) in tls1_set_server_sigalgs()
1679 OPENSSL_free(s->shared_sigalgs); in tls1_set_server_sigalgs()
1680 s->shared_sigalgs = NULL; in tls1_set_server_sigalgs()
1681 s->shared_sigalgslen = 0; in tls1_set_server_sigalgs()
1684 s->s3.tmp.valid_flags[i] = 0; in tls1_set_server_sigalgs()
1689 if (s->s3.tmp.peer_cert_sigalgs == NULL in tls1_set_server_sigalgs()
1690 && s->s3.tmp.peer_sigalgs == NULL) { in tls1_set_server_sigalgs()
1702 if (lu->sigalg == sent_sigs[j]) { in tls1_set_server_sigalgs()
1703 s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; in tls1_set_server_sigalgs()
1715 if (s->shared_sigalgs != NULL) in tls1_set_server_sigalgs()
1724 /*-
1731 SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, in tls_get_ticket_from_client()
1738 s->ext.ticket_expected = 0; in tls_get_ticket_from_client()
1745 if (s->version <= SSL3_VERSION || !tls_use_ticket(s)) in tls_get_ticket_from_client()
1748 ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket]; in tls_get_ticket_from_client()
1749 if (!ticketext->present) in tls_get_ticket_from_client()
1752 size = PACKET_remaining(&ticketext->data); in tls_get_ticket_from_client()
1754 return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, in tls_get_ticket_from_client()
1755 hello->session_id, hello->session_id_len, ret); in tls_get_ticket_from_client()
1758 /*-
1761 * If s->tls_session_secret_cb is set and we're not doing TLSv1.3 then we are
1762 * expecting a pre-shared key ciphersuite, in which case we have no use for
1764 * s->ext.ticket_expected be set to 1.
1767 * Sets s->ext.ticket_expected to 1 if the server will have to issue
1769 * (and s->tls_session_secret_cb is NULL) but the client either doesn't have
1771 * s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
1772 * Otherwise, s->ext.ticket_expected is set to 0.
1781 SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, in tls_decrypt_ticket()
1794 SSL_CTX *tctx = s->session_ctx; in tls_decrypt_ticket()
1804 if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) { in tls_decrypt_ticket()
1833 if (tctx->ext.ticket_key_evp_cb != NULL || tctx->ext.ticket_key_cb != NULL) in tls_decrypt_ticket()
1835 if (tctx->ext.ticket_key_evp_cb != NULL) in tls_decrypt_ticket()
1841 if (tctx->ext.ticket_key_evp_cb != NULL) in tls_decrypt_ticket()
1842 rv = tctx->ext.ticket_key_evp_cb(s, nctick, in tls_decrypt_ticket()
1848 else if (tctx->ext.ticket_key_cb != NULL) in tls_decrypt_ticket()
1850 rv = tctx->ext.ticket_key_cb(s, nctick, in tls_decrypt_ticket()
1868 if (memcmp(etick, tctx->ext.tick_key_name, in tls_decrypt_ticket()
1874 aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", in tls_decrypt_ticket()
1875 s->ctx->propq); in tls_decrypt_ticket()
1877 || ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, in tls_decrypt_ticket()
1878 sizeof(tctx->ext.secure->tick_hmac_key), in tls_decrypt_ticket()
1881 tctx->ext.secure->tick_aes_key, in tls_decrypt_ticket()
1912 eticklen -= mlen; in tls_decrypt_ticket()
1927 eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; in tls_decrypt_ticket()
1944 slen -= p - sdec; in tls_decrypt_ticket()
1955 * The session ID, if non-empty, is used by some clients to detect in tls_decrypt_ticket()
1961 memcpy(sess->session_id, sess_id, sesslen); in tls_decrypt_ticket()
1962 sess->session_id_length = sesslen; in tls_decrypt_ticket()
1985 if (s->session_ctx->decrypt_ticket_cb != NULL in tls_decrypt_ticket()
1995 retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, in tls_decrypt_ticket()
1997 s->session_ctx->ticket_cb_data); in tls_decrypt_ticket()
2033 if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) { in tls_decrypt_ticket()
2038 s->ext.ticket_expected = 1; in tls_decrypt_ticket()
2048 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) in tls12_sigalg_allowed()
2053 if (lu == NULL || !lu->enabled) in tls12_sigalg_allowed()
2056 if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) in tls12_sigalg_allowed()
2062 if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION in tls12_sigalg_allowed()
2063 && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX in tls12_sigalg_allowed()
2064 || lu->hash_idx == SSL_MD_MD5_IDX in tls12_sigalg_allowed()
2065 || lu->hash_idx == SSL_MD_SHA224_IDX)) in tls12_sigalg_allowed()
2069 if (ssl_cert_is_disabled(s->ctx, lu->sig_idx)) in tls12_sigalg_allowed()
2072 if (lu->sig == NID_id_GostR3410_2012_256 in tls12_sigalg_allowed()
2073 || lu->sig == NID_id_GostR3410_2012_512 in tls12_sigalg_allowed()
2074 || lu->sig == NID_id_GostR3410_2001) { in tls12_sigalg_allowed()
2076 if (s->server && SSL_IS_TLS13(s)) in tls12_sigalg_allowed()
2078 if (!s->server in tls12_sigalg_allowed()
2079 && s->method->version == TLS_ANY_VERSION in tls12_sigalg_allowed()
2080 && s->s3.tmp.max_ver >= TLS1_3_VERSION) { in tls12_sigalg_allowed()
2090 if (s->s3.tmp.min_ver >= TLS1_3_VERSION) in tls12_sigalg_allowed()
2099 /* Skip disabled ciphers */ in tls12_sigalg_allowed()
2103 if ((c->algorithm_mkey & (SSL_kGOST | SSL_kGOST18)) != 0) in tls12_sigalg_allowed()
2112 secbits = sigalg_security_bits(s->ctx, lu); in tls12_sigalg_allowed()
2113 sigalgstr[0] = (lu->sigalg >> 8) & 0xff; in tls12_sigalg_allowed()
2114 sigalgstr[1] = lu->sigalg & 0xff; in tls12_sigalg_allowed()
2115 return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); in tls12_sigalg_allowed()
2124 void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) in ssl_set_sig_mask()
2141 clu = ssl_cert_lookup_by_idx(lu->sig_idx); in ssl_set_sig_mask()
2145 /* If algorithm is disabled see if we can enable it */ in ssl_set_sig_mask()
2146 if ((clu->amask & disabled_mask) != 0 in ssl_set_sig_mask()
2148 disabled_mask &= ~clu->amask; in ssl_set_sig_mask()
2153 int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, in tls12_copy_sigalgs()
2172 || (lu->sig != EVP_PKEY_RSA in tls12_copy_sigalgs()
2173 && lu->hash != NID_sha1 in tls12_copy_sigalgs()
2174 && lu->hash != NID_sha224))) in tls12_copy_sigalgs()
2183 static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, in tls12_shared_sigalgs()
2208 /* Set shared signature algorithms for SSL structures */
2209 static int tls1_set_shared_sigalgs(SSL *s) in tls1_set_shared_sigalgs()
2215 CERT *c = s->cert; in tls1_set_shared_sigalgs()
2218 OPENSSL_free(s->shared_sigalgs); in tls1_set_shared_sigalgs()
2219 s->shared_sigalgs = NULL; in tls1_set_shared_sigalgs()
2220 s->shared_sigalgslen = 0; in tls1_set_shared_sigalgs()
2222 if (!s->server && c->client_sigalgs && !is_suiteb) { in tls1_set_shared_sigalgs()
2223 conf = c->client_sigalgs; in tls1_set_shared_sigalgs()
2224 conflen = c->client_sigalgslen; in tls1_set_shared_sigalgs()
2225 } else if (c->conf_sigalgs && !is_suiteb) { in tls1_set_shared_sigalgs()
2226 conf = c->conf_sigalgs; in tls1_set_shared_sigalgs()
2227 conflen = c->conf_sigalgslen; in tls1_set_shared_sigalgs()
2230 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { in tls1_set_shared_sigalgs()
2233 allow = s->s3.tmp.peer_sigalgs; in tls1_set_shared_sigalgs()
2234 allowlen = s->s3.tmp.peer_sigalgslen; in tls1_set_shared_sigalgs()
2238 pref = s->s3.tmp.peer_sigalgs; in tls1_set_shared_sigalgs()
2239 preflen = s->s3.tmp.peer_sigalgslen; in tls1_set_shared_sigalgs()
2251 s->shared_sigalgs = salgs; in tls1_set_shared_sigalgs()
2252 s->shared_sigalgslen = nmatch; in tls1_set_shared_sigalgs()
2289 int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) in tls1_save_sigalgs()
2295 if (s->cert == NULL) in tls1_save_sigalgs()
2299 return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs, in tls1_save_sigalgs()
2300 &s->s3.tmp.peer_cert_sigalgslen); in tls1_save_sigalgs()
2302 return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs, in tls1_save_sigalgs()
2303 &s->s3.tmp.peer_sigalgslen); in tls1_save_sigalgs()
2309 int tls1_process_sigalgs(SSL *s) in tls1_process_sigalgs()
2312 uint32_t *pvalid = s->s3.tmp.valid_flags; in tls1_process_sigalgs()
2320 for (i = 0; i < s->shared_sigalgslen; i++) { in tls1_process_sigalgs()
2321 const SIGALG_LOOKUP *sigptr = s->shared_sigalgs[i]; in tls1_process_sigalgs()
2322 int idx = sigptr->sig_idx; in tls1_process_sigalgs()
2325 if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) in tls1_process_sigalgs()
2328 if (pvalid[idx] == 0 && !ssl_cert_is_disabled(s->ctx, idx)) in tls1_process_sigalgs()
2334 int SSL_get_sigalgs(SSL *s, int idx, in SSL_get_sigalgs()
2338 uint16_t *psig = s->s3.tmp.peer_sigalgs; in SSL_get_sigalgs()
2339 size_t numsigalgs = s->s3.tmp.peer_sigalgslen; in SSL_get_sigalgs()
2354 *psign = lu != NULL ? lu->sig : NID_undef; in SSL_get_sigalgs()
2356 *phash = lu != NULL ? lu->hash : NID_undef; in SSL_get_sigalgs()
2358 *psignhash = lu != NULL ? lu->sigandhash : NID_undef; in SSL_get_sigalgs()
2363 int SSL_get_shared_sigalgs(SSL *s, int idx, in SSL_get_shared_sigalgs()
2368 if (s->shared_sigalgs == NULL in SSL_get_shared_sigalgs()
2370 || idx >= (int)s->shared_sigalgslen in SSL_get_shared_sigalgs()
2371 || s->shared_sigalgslen > INT_MAX) in SSL_get_shared_sigalgs()
2373 shsigalgs = s->shared_sigalgs[idx]; in SSL_get_shared_sigalgs()
2375 *phash = shsigalgs->hash; in SSL_get_shared_sigalgs()
2377 *psign = shsigalgs->sig; in SSL_get_shared_sigalgs()
2379 *psignhash = shsigalgs->sigandhash; in SSL_get_shared_sigalgs()
2381 *rsig = (unsigned char)(shsigalgs->sigalg & 0xff); in SSL_get_shared_sigalgs()
2383 *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff); in SSL_get_shared_sigalgs()
2384 return (int)s->shared_sigalgslen; in SSL_get_shared_sigalgs()
2400 } else if (strcmp(str, "RSA-PSS") == 0 || strcmp(str, "PSS") == 0) { in get_sigorhash()
2424 if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT) in sig_cb()
2426 if (len > (int)(sizeof(etmp) - 1)) in sig_cb()
2433 * if there's no '+' in the provided name, look for the new-style combined in sig_cb()
2443 if (s->name != NULL && strcmp(etmp, s->name) == 0) { in sig_cb()
2444 sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; in sig_cb()
2461 if (s->hash == hash_alg && s->sig == sig_alg) { in sig_cb()
2462 sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; in sig_cb()
2471 for (i = 0; i < sarg->sigalgcnt - 1; i++) { in sig_cb()
2472 if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) { in sig_cb()
2473 sarg->sigalgcnt--; in sig_cb()
2507 OPENSSL_free(c->client_sigalgs); in tls1_set_raw_sigalgs()
2508 c->client_sigalgs = sigalgs; in tls1_set_raw_sigalgs()
2509 c->client_sigalgslen = salglen; in tls1_set_raw_sigalgs()
2511 OPENSSL_free(c->conf_sigalgs); in tls1_set_raw_sigalgs()
2512 c->conf_sigalgs = sigalgs; in tls1_set_raw_sigalgs()
2513 c->conf_sigalgslen = salglen; in tls1_set_raw_sigalgs()
2538 if (curr->hash == md_id && curr->sig == sig_id) { in tls1_set_sigalgs()
2539 *sptr++ = curr->sigalg; in tls1_set_sigalgs()
2549 OPENSSL_free(c->client_sigalgs); in tls1_set_sigalgs()
2550 c->client_sigalgs = sigalgs; in tls1_set_sigalgs()
2551 c->client_sigalgslen = salglen / 2; in tls1_set_sigalgs()
2553 OPENSSL_free(c->conf_sigalgs); in tls1_set_sigalgs()
2554 c->conf_sigalgs = sigalgs; in tls1_set_sigalgs()
2555 c->conf_sigalgslen = salglen / 2; in tls1_set_sigalgs()
2565 static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) in tls1_check_sig_alg()
2571 if (default_nid == -1) in tls1_check_sig_alg()
2577 if (SSL_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) { in tls1_check_sig_alg()
2583 sigalgslen = s->s3.tmp.peer_cert_sigalgslen; in tls1_check_sig_alg()
2586 sigalgslen = s->shared_sigalgslen; in tls1_check_sig_alg()
2590 ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) in tls1_check_sig_alg()
2591 : s->shared_sigalgs[i]; in tls1_check_sig_alg()
2592 if (sigalg != NULL && sig_nid == sigalg->sigandhash) in tls1_check_sig_alg()
2627 int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, in tls1_check_chain()
2634 CERT *c = s->cert; in tls1_check_chain()
2637 /* idx == -1 means checking server chains */ in tls1_check_chain()
2638 if (idx != -1) { in tls1_check_chain()
2639 /* idx == -2 means checking client certificate chains */ in tls1_check_chain()
2640 if (idx == -2) { in tls1_check_chain()
2641 cpk = c->key; in tls1_check_chain()
2642 idx = (int)(cpk - c->pkeys); in tls1_check_chain()
2644 cpk = c->pkeys + idx; in tls1_check_chain()
2645 pvalid = s->s3.tmp.valid_flags + idx; in tls1_check_chain()
2646 x = cpk->x509; in tls1_check_chain()
2647 pk = cpk->privatekey; in tls1_check_chain()
2648 chain = cpk->chain; in tls1_check_chain()
2649 strict_mode = c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT; in tls1_check_chain()
2662 pvalid = s->s3.tmp.valid_flags + idx; in tls1_check_chain()
2664 if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) in tls1_check_chain()
2689 if (s->s3.tmp.peer_cert_sigalgs != NULL in tls1_check_chain()
2690 || s->s3.tmp.peer_sigalgs != NULL) { in tls1_check_chain()
2726 default_nid = -1; in tls1_check_chain()
2734 if (default_nid > 0 && c->conf_sigalgs) { in tls1_check_chain()
2736 const uint16_t *p = c->conf_sigalgs; in tls1_check_chain()
2737 for (j = 0; j < c->conf_sigalgslen; j++, p++) { in tls1_check_chain()
2740 if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign) in tls1_check_chain()
2743 if (j == c->conf_sigalgslen) { in tls1_check_chain()
2783 if (!s->server) in tls1_check_chain()
2799 if (!s->server && strict_mode) { in tls1_check_chain()
2811 const uint8_t *ctypes = s->s3.tmp.ctype; in tls1_check_chain()
2814 for (j = 0; j < s->s3.tmp.ctype_len; j++, ctypes++) { in tls1_check_chain()
2826 ca_dn = s->s3.tmp.peer_ca_names; in tls1_check_chain()
2873 /* Set validity of certificates in an SSL structure */
2874 void tls1_set_cert_validity(SSL *s) in tls1_set_cert_validity()
2888 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) in SSL_check_chain()
2890 return tls1_check_chain(s, x, pk, chain, -1); in SSL_check_chain()
2893 EVP_PKEY *ssl_get_auto_dh(SSL *s) in ssl_get_auto_dh()
2902 if (s->cert->dh_tmp_auto != 2) { in ssl_get_auto_dh()
2903 if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { in ssl_get_auto_dh()
2904 if (s->s3.tmp.new_cipher->strength_bits == 256) in ssl_get_auto_dh()
2909 if (s->s3.tmp.cert == NULL) in ssl_get_auto_dh()
2911 dh_secbits = EVP_PKEY_get_security_bits(s->s3.tmp.cert->privatekey); in ssl_get_auto_dh()
2915 /* Do not pick a prime that is too weak for the current security level */ in ssl_get_auto_dh()
2933 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); in ssl_get_auto_dh()
2957 static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) in ssl_security_cert_key()
2959 int secbits = -1; in ssl_security_cert_key()
2963 * If no parameters this will return -1 and fail using the default in ssl_security_cert_key()
2964 * security callback for any non-zero security level. This will in ssl_security_cert_key()
2976 static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) in ssl_security_cert_sig()
2984 secbits = -1; in ssl_security_cert_sig()
2994 int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) in ssl_security_cert()
3016 int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) in ssl_security_cert_chain()
3045 static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) in tls12_get_cert_sigalg_idx()
3047 int sig_idx = lu->sig_idx; in tls12_get_cert_sigalg_idx()
3052 || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 in tls12_get_cert_sigalg_idx()
3053 || (clu->nid == EVP_PKEY_RSA_PSS in tls12_get_cert_sigalg_idx()
3054 && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) in tls12_get_cert_sigalg_idx()
3055 return -1; in tls12_get_cert_sigalg_idx()
3057 return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; in tls12_get_cert_sigalg_idx()
3066 static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, in check_cert_usable()
3078 if (sig->hash != NID_undef) in check_cert_usable()
3079 mdname = OBJ_nid2sn(sig->hash); in check_cert_usable()
3080 supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx, in check_cert_usable()
3082 s->ctx->propq); in check_cert_usable()
3090 if (s->s3.tmp.peer_cert_sigalgs != NULL) { in check_cert_usable()
3093 for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) { in check_cert_usable()
3094 lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]); in check_cert_usable()
3104 if (mdnid == lu->hash && pknid == lu->sig) in check_cert_usable()
3124 static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) in has_usable_cert()
3126 /* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */ in has_usable_cert()
3127 if (idx == -1) in has_usable_cert()
3128 idx = sig->sig_idx; in has_usable_cert()
3132 return check_cert_usable(s, sig, s->cert->pkeys[idx].x509, in has_usable_cert()
3133 s->cert->pkeys[idx].privatekey); in has_usable_cert()
3140 static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, in is_cert_usable()
3149 if ((int)idx != sig->sig_idx) in is_cert_usable()
3160 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) in find_sig_alg()
3164 int curve = -1; in find_sig_alg()
3168 for (i = 0; i < s->shared_sigalgslen; i++) { in find_sig_alg()
3169 lu = s->shared_sigalgs[i]; in find_sig_alg()
3172 if (lu->hash == NID_sha1 in find_sig_alg()
3173 || lu->hash == NID_sha224 in find_sig_alg()
3174 || lu->sig == EVP_PKEY_DSA in find_sig_alg()
3175 || lu->sig == EVP_PKEY_RSA) in find_sig_alg()
3178 if (!tls1_lookup_md(s->ctx, lu, NULL)) in find_sig_alg()
3180 if ((pkey == NULL && !has_usable_cert(s, lu, -1)) in find_sig_alg()
3185 : s->cert->pkeys[lu->sig_idx].privatekey; in find_sig_alg()
3187 if (lu->sig == EVP_PKEY_EC) { in find_sig_alg()
3188 if (curve == -1) in find_sig_alg()
3190 if (lu->curve != NID_undef && curve != lu->curve) in find_sig_alg()
3192 } else if (lu->sig == EVP_PKEY_RSA_PSS) { in find_sig_alg()
3194 if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu)) in find_sig_alg()
3200 if (i == s->shared_sigalgslen) in find_sig_alg()
3217 int tls_choose_sigalg(SSL *s, int fatalerrs) in tls_choose_sigalg()
3220 int sig_idx = -1; in tls_choose_sigalg()
3222 s->s3.tmp.cert = NULL; in tls_choose_sigalg()
3223 s->s3.tmp.sigalg = NULL; in tls_choose_sigalg()
3236 if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) in tls_choose_sigalg()
3238 if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) in tls_choose_sigalg()
3243 if (s->s3.tmp.peer_sigalgs != NULL) { in tls_choose_sigalg()
3244 int curve = -1; in tls_choose_sigalg()
3248 curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC] in tls_choose_sigalg()
3255 for (i = 0; i < s->shared_sigalgslen; i++) { in tls_choose_sigalg()
3256 lu = s->shared_sigalgs[i]; in tls_choose_sigalg()
3258 if (s->server) { in tls_choose_sigalg()
3259 if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1) in tls_choose_sigalg()
3262 int cc_idx = s->cert->key - s->cert->pkeys; in tls_choose_sigalg()
3264 sig_idx = lu->sig_idx; in tls_choose_sigalg()
3271 if (lu->sig == EVP_PKEY_RSA_PSS) { in tls_choose_sigalg()
3273 EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; in tls_choose_sigalg()
3275 if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu)) in tls_choose_sigalg()
3278 if (curve == -1 || lu->curve == curve) in tls_choose_sigalg()
3283 * Some Windows-based implementations do not send GOST algorithms indication in tls_choose_sigalg()
3284 * in supported_algorithms extension, so when we have GOST-based ciphersuite, in tls_choose_sigalg()
3287 …if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12… in tls_choose_sigalg()
3288 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
3296 sig_idx = lu->sig_idx; in tls_choose_sigalg()
3300 if (i == s->shared_sigalgslen) { in tls_choose_sigalg()
3314 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
3325 if (lu->sigalg == *sent_sigs in tls_choose_sigalg()
3326 && has_usable_cert(s, lu, lu->sig_idx)) in tls_choose_sigalg()
3338 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
3347 if (sig_idx == -1) in tls_choose_sigalg()
3348 sig_idx = lu->sig_idx; in tls_choose_sigalg()
3349 s->s3.tmp.cert = &s->cert->pkeys[sig_idx]; in tls_choose_sigalg()
3350 s->cert->key = s->s3.tmp.cert; in tls_choose_sigalg()
3351 s->s3.tmp.sigalg = lu; in tls_choose_sigalg()
3363 ctx->ext.max_fragment_len_mode = mode; in SSL_CTX_set_tlsext_max_fragment_length()
3367 int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) in SSL_set_tlsext_max_fragment_length() argument
3375 ssl->ext.max_fragment_len_mode = mode; in SSL_set_tlsext_max_fragment_length()
3381 return session->ext.max_fragment_len_mode; in SSL_SESSION_get_max_fragment_length()
3395 if (ctx->ext.ticket_key_evp_cb == NULL in ssl_hmac_new()
3396 && ctx->ext.ticket_key_cb != NULL) { in ssl_hmac_new()
3402 mac = EVP_MAC_fetch(ctx->libctx, "HMAC", ctx->propq); in ssl_hmac_new()
3403 if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL) in ssl_hmac_new()
3408 EVP_MAC_CTX_free(ret->ctx); in ssl_hmac_new()
3417 EVP_MAC_CTX_free(ctx->ctx); in ssl_hmac_free()
3427 return ctx->ctx; in ssl_hmac_get0_EVP_MAC_CTX()
3434 if (ctx->ctx != NULL) { in ssl_hmac_init()
3437 if (EVP_MAC_init(ctx->ctx, key, len, params)) in ssl_hmac_init()
3441 if (ctx->old_ctx != NULL) in ssl_hmac_init()
3449 if (ctx->ctx != NULL) in ssl_hmac_update()
3450 return EVP_MAC_update(ctx->ctx, data, len); in ssl_hmac_update()
3452 if (ctx->old_ctx != NULL) in ssl_hmac_update()
3461 if (ctx->ctx != NULL) in ssl_hmac_final()
3462 return EVP_MAC_final(ctx->ctx, md, len, max_size); in ssl_hmac_final()
3464 if (ctx->old_ctx != NULL) in ssl_hmac_final()
3472 if (ctx->ctx != NULL) in ssl_hmac_size()
3473 return EVP_MAC_CTX_get_mac_size(ctx->ctx); in ssl_hmac_size()
3475 if (ctx->old_ctx != NULL) in ssl_hmac_size()