/* Copyright (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([email protected]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([email protected]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([email protected])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * [email protected]. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * ([email protected]). This product includes software written by Tim * Hudson ([email protected]). * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ /* ==================================================================== * Copyright 2005 Nokia. All rights reserved. * * The portions of the attached software ("Contribution") is developed by * Nokia Corporation and is licensed pursuant to the OpenSSL open source * license. * * The Contribution, originally written by Mika Kousa and Pasi Eronen of * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites * support (see RFC 4279) to OpenSSL. * * No patent licenses or other rights except those expressly stated in * the OpenSSL open source license shall be deemed granted or received * expressly, by implication, estoppel, or otherwise. * * No assurances are provided by Nokia that the Contribution does not * infringe the patent or other intellectual property rights of any third * party or that the license provides you with all the necessary rights * to make use of the Contribution. * * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ #include <openssl/ssl.h> #include <algorithm> #include <assert.h> #include <limits.h> #include <stdlib.h> #include <string.h> #include <openssl/bytestring.h> #include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/lhash.h> #include <openssl/mem.h> #include <openssl/rand.h> #include "internal.h" #include "../crypto/internal.h" #if defined(OPENSSL_WINDOWS) #include <sys/timeb.h> #else #include <sys/socket.h> #include <sys/time.h> #endif BSSL_NAMESPACE_BEGIN static_assert …; // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it // to avoid downstream churn. OPENSSL_DECLARE_ERROR_REASON(…) // The following errors are no longer emitted, but are used in nginx without // #ifdefs. OPENSSL_DECLARE_ERROR_REASON(…) OPENSSL_DECLARE_ERROR_REASON(…) // Some error codes are special. Ensure the make_errors.go script never // regresses this. static_assert …; // kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. static const size_t kMaxHandshakeSize = …; static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl = …; static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx = …; bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out) { … } void ssl_reset_error_state(SSL *ssl) { … } void ssl_set_read_error(SSL* ssl) { … } static bool check_read_error(const SSL *ssl) { … } bool ssl_can_write(const SSL *ssl) { … } bool ssl_can_read(const SSL *ssl) { … } ssl_open_record_t ssl_open_handshake(SSL *ssl, size_t *out_consumed, uint8_t *out_alert, Span<uint8_t> in) { … } ssl_open_record_t ssl_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, uint8_t *out_alert, Span<uint8_t> in) { … } ssl_open_record_t ssl_open_app_data(SSL *ssl, Span<uint8_t> *out, size_t *out_consumed, uint8_t *out_alert, Span<uint8_t> in) { … } static uint8_t hex_char_consttime(uint8_t b) { … } static bool cbb_add_hex_consttime(CBB *cbb, Span<const uint8_t> in) { … } bool ssl_log_secret(const SSL *ssl, const char *label, Span<const uint8_t> secret) { … } void ssl_do_info_callback(const SSL *ssl, int type, int value) { … } void ssl_do_msg_callback(const SSL *ssl, int is_write, int content_type, Span<const uint8_t> in) { … } void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) { … } void ssl_ctx_get_current_time(const SSL_CTX *ctx, struct OPENSSL_timeval *out_clock) { … } void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) { … } static bool ssl_can_renegotiate(const SSL *ssl) { … } static void ssl_maybe_shed_handshake_config(SSL *ssl) { … } void SSL_set_handoff_mode(SSL *ssl, bool on) { … } bool SSL_get_traffic_secrets(const SSL *ssl, Span<const uint8_t> *out_read_traffic_secret, Span<const uint8_t> *out_write_traffic_secret) { … } void SSL_CTX_set_aes_hw_override_for_testing(SSL_CTX *ctx, bool override_value) { … } void SSL_set_aes_hw_override_for_testing(SSL *ssl, bool override_value) { … } BSSL_NAMESPACE_END usingnamespacebssl; int SSL_library_init(void) { … } int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { … } static uint32_t ssl_session_hash(const SSL_SESSION *sess) { … } static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { … } ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method) : … { … } ssl_ctx_st::~ssl_ctx_st() { … } SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { … } int SSL_CTX_up_ref(SSL_CTX *ctx) { … } void SSL_CTX_free(SSL_CTX *ctx) { … } ssl_st::ssl_st(SSL_CTX *ctx_arg) : … { … } ssl_st::~ssl_st() { … } SSL *SSL_new(SSL_CTX *ctx) { … } SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) : … { … } SSL_CONFIG::~SSL_CONFIG() { … } void SSL_free(SSL *ssl) { … } void SSL_set_connect_state(SSL *ssl) { … } void SSL_set_accept_state(SSL *ssl) { … } void SSL_set0_rbio(SSL *ssl, BIO *rbio) { … } void SSL_set0_wbio(SSL *ssl, BIO *wbio) { … } void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) { … } BIO *SSL_get_rbio(const SSL *ssl) { … } BIO *SSL_get_wbio(const SSL *ssl) { … } size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, enum ssl_encryption_level_t level) { … } enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) { … } enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) { … } int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, const uint8_t *data, size_t len) { … } int SSL_do_handshake(SSL *ssl) { … } int SSL_connect(SSL *ssl) { … } int SSL_accept(SSL *ssl) { … } static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) { … } int SSL_process_quic_post_handshake(SSL *ssl) { … } static int ssl_read_impl(SSL *ssl) { … } int SSL_read(SSL *ssl, void *buf, int num) { … } int SSL_peek(SSL *ssl, void *buf, int num) { … } int SSL_write(SSL *ssl, const void *buf, int num) { … } int SSL_key_update(SSL *ssl, int request_type) { … } int SSL_shutdown(SSL *ssl) { … } int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) { … } int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, size_t params_len) { … } void SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, size_t *out_params_len) { … } int SSL_set_quic_early_data_context(SSL *ssl, const uint8_t *context, size_t context_len) { … } void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) { … } void SSL_set_early_data_enabled(SSL *ssl, int enabled) { … } int SSL_in_early_data(const SSL *ssl) { … } int SSL_early_data_accepted(const SSL *ssl) { … } void SSL_reset_early_data_reject(SSL *ssl) { … } enum ssl_early_data_reason_t SSL_get_early_data_reason(const SSL *ssl) { … } const char *SSL_early_data_reason_string(enum ssl_early_data_reason_t reason) { … } static int bio_retry_reason_to_error(int reason) { … } int SSL_get_error(const SSL *ssl, int ret_code) { … } const char *SSL_error_description(int err) { … } uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) { … } uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) { … } uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { … } uint32_t SSL_set_options(SSL *ssl, uint32_t options) { … } uint32_t SSL_clear_options(SSL *ssl, uint32_t options) { … } uint32_t SSL_get_options(const SSL *ssl) { … } uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) { … } uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) { … } uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { … } uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) { … } uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) { … } uint32_t SSL_get_mode(const SSL *ssl) { … } void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, CRYPTO_BUFFER_POOL *pool) { … } int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) { … } static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx, size_t sid_ctx_len) { … } int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx, size_t sid_ctx_len) { … } int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, size_t sid_ctx_len) { … } const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) { … } int SSL_get_fd(const SSL *ssl) { … } int SSL_get_rfd(const SSL *ssl) { … } int SSL_get_wfd(const SSL *ssl) { … } #if !defined(OPENSSL_NO_SOCK) int SSL_set_fd(SSL *ssl, int fd) { … } int SSL_set_wfd(SSL *ssl, int fd) { … } int SSL_set_rfd(SSL *ssl, int fd) { … } #endif // !OPENSSL_NO_SOCK static size_t copy_finished(void *out, size_t out_len, const uint8_t *in, size_t in_len) { … } size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) { … } size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) { … } int SSL_get_verify_mode(const SSL *ssl) { … } int SSL_get_extms_support(const SSL *ssl) { … } int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { … } int SSL_get_read_ahead(const SSL *ssl) { … } int SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { … } int SSL_set_read_ahead(SSL *ssl, int yes) { … } int SSL_pending(const SSL *ssl) { … } int SSL_has_pending(const SSL *ssl) { … } static bool has_cert_and_key(const SSL_CREDENTIAL *cred) { … } int SSL_CTX_check_private_key(const SSL_CTX *ctx) { … } int SSL_check_private_key(const SSL *ssl) { … } long SSL_get_default_timeout(const SSL *ssl) { … } int SSL_renegotiate(SSL *ssl) { … } int SSL_renegotiate_pending(SSL *ssl) { … } int SSL_total_renegotiations(const SSL *ssl) { … } size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) { … } void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) { … } size_t SSL_get_max_cert_list(const SSL *ssl) { … } void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) { … } int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { … } int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { … } int SSL_set_mtu(SSL *ssl, unsigned mtu) { … } int SSL_get_secure_renegotiation_support(const SSL *ssl) { … } size_t SSL_CTX_sess_number(const SSL_CTX *ctx) { … } unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) { … } unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) { … } int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) { … } int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) { … } int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) { … } int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) { … } int SSL_CTX_set_tlsext_ticket_key_cb( SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, int encrypt)) { … } static bool check_group_ids(Span<const uint16_t> group_ids) { … } int SSL_CTX_set1_group_ids(SSL_CTX *ctx, const uint16_t *group_ids, size_t num_group_ids) { … } int SSL_set1_group_ids(SSL *ssl, const uint16_t *group_ids, size_t num_group_ids) { … } static bool ssl_nids_to_group_ids(Array<uint16_t> *out_group_ids, Span<const int> nids) { … } int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t num_groups) { … } int SSL_set1_groups(SSL *ssl, const int *groups, size_t num_groups) { … } static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids, const char *str) { … } int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) { … } int SSL_set1_groups_list(SSL *ssl, const char *groups) { … } uint16_t SSL_get_group_id(const SSL *ssl) { … } int SSL_get_negotiated_group(const SSL *ssl) { … } int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) { … } int SSL_set_tmp_dh(SSL *ssl, const DH *dh) { … } STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { … } int SSL_CTX_cipher_in_group(const SSL_CTX *ctx, size_t i) { … } STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) { … } const char *SSL_get_cipher_list(const SSL *ssl, int n) { … } int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { … } int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) { … } int SSL_set_cipher_list(SSL *ssl, const char *str) { … } int SSL_set_strict_cipher_list(SSL *ssl, const char *str) { … } const char *SSL_get_servername(const SSL *ssl, const int type) { … } int SSL_get_servername_type(const SSL *ssl) { … } void SSL_CTX_set_custom_verify( SSL_CTX *ctx, int mode, enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)) { … } void SSL_set_custom_verify( SSL *ssl, int mode, enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)) { … } void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) { … } void SSL_enable_signed_cert_timestamps(SSL *ssl) { … } void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) { … } void SSL_enable_ocsp_stapling(SSL *ssl) { … } void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, size_t *out_len) { … } void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, size_t *out_len) { … } int SSL_set_tlsext_host_name(SSL *ssl, const char *name) { … } int SSL_CTX_set_tlsext_servername_callback( SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) { … } int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) { … } int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer, unsigned peer_len, const uint8_t *supported, unsigned supported_len) { … } void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data, unsigned *out_len) { … } void SSL_CTX_set_next_protos_advertised_cb( SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg), void *arg) { … } void SSL_CTX_set_next_proto_select_cb( SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len, const uint8_t *in, unsigned in_len, void *arg), void *arg) { … } int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, size_t protos_len) { … } int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, size_t protos_len) { … } void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in, unsigned in_len, void *arg), void *arg) { … } void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data, unsigned *out_len) { … } void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) { … } int SSL_add_application_settings(SSL *ssl, const uint8_t *proto, size_t proto_len, const uint8_t *settings, size_t settings_len) { … } void SSL_get0_peer_application_settings(const SSL *ssl, const uint8_t **out_data, size_t *out_len) { … } int SSL_has_application_settings(const SSL *ssl) { … } void SSL_set_alps_use_new_codepoint(SSL *ssl, int use_new) { … } int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id, ssl_cert_compression_func_t compress, ssl_cert_decompression_func_t decompress) { … } void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) { … } int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) { … } void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled) { … } int SSL_enable_tls_channel_id(SSL *ssl) { … } static int is_p256_key(EVP_PKEY *private_key) { … } int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) { … } int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) { … } size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) { … } size_t SSL_get0_certificate_types(const SSL *ssl, const uint8_t **out_types) { … } size_t SSL_get0_peer_verify_algorithms(const SSL *ssl, const uint16_t **out_sigalgs) { … } size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl, const uint16_t **out_sigalgs){ … } EVP_PKEY *SSL_get_privatekey(const SSL *ssl) { … } EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) { … } const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) { … } int SSL_session_reused(const SSL *ssl) { … } const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { … } const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { … } int SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { … } void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) { … } int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { … } void SSL_set_quiet_shutdown(SSL *ssl, int mode) { … } int SSL_get_quiet_shutdown(const SSL *ssl) { … } void SSL_set_shutdown(SSL *ssl, int mode) { … } int SSL_get_shutdown(const SSL *ssl) { … } SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { … } SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { … } void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int value)) { … } void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int value) { … } int SSL_state(const SSL *ssl) { … } void SSL_set_state(SSL *ssl, int state) { … } char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) { … } int SSL_get_shared_sigalgs(SSL *ssl, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, uint8_t *rhash) { … } int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) { … } int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) { … } int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { … } int SSL_set_ex_data(SSL *ssl, int idx, void *data) { … } void *SSL_get_ex_data(const SSL *ssl, int idx) { … } int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { … } int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data) { … } void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) { … } int SSL_want(const SSL *ssl) { … } void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)) { … } void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, int keylength)) { … } void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(SSL *ssl, int is_export, int keylength)) { … } void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*cb)(SSL *ssl, int is_export, int keylength)) { … } static int use_psk_identity_hint(UniquePtr<char> *out, const char *identity_hint) { … } int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { … } int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) { … } const char *SSL_get_psk_identity_hint(const SSL *ssl) { … } const char *SSL_get_psk_identity(const SSL *ssl) { … } void SSL_set_psk_client_callback( SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, unsigned max_identity_len, uint8_t *psk, unsigned max_psk_len)) { … } void SSL_CTX_set_psk_client_callback( SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, unsigned max_identity_len, uint8_t *psk, unsigned max_psk_len)) { … } void SSL_set_psk_server_callback( SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk, unsigned max_psk_len)) { … } void SSL_CTX_set_psk_server_callback( SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk, unsigned max_psk_len)) { … } void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { … } void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) { … } void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { … } void SSL_set_msg_callback_arg(SSL *ssl, void *arg) { … } void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl, const char *line)) { … } void (*SSL_CTX_get_keylog_callback(const SSL_CTX *ctx))(const SSL *ssl, const char *line) { … } void SSL_CTX_set_current_time_cb(SSL_CTX *ctx, void (*cb)(const SSL *ssl, struct timeval *out_clock)) { … } int SSL_can_release_private_key(const SSL *ssl) { … } int SSL_is_init_finished(const SSL *ssl) { … } int SSL_in_init(const SSL *ssl) { … } int SSL_in_false_start(const SSL *ssl) { … } int SSL_cutthrough_complete(const SSL *ssl) { … } int SSL_is_server(const SSL *ssl) { … } int SSL_is_dtls(const SSL *ssl) { … } void SSL_CTX_set_select_certificate_cb( SSL_CTX *ctx, enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) { … } void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx, int (*cb)(const SSL_CLIENT_HELLO *)) { … } void SSL_CTX_set_reverify_on_resume(SSL_CTX *ctx, int enabled) { … } void SSL_set_enforce_rsa_key_usage(SSL *ssl, int enabled) { … } int SSL_was_key_usage_invalid(const SSL *ssl) { … } void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) { … } int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv, const uint8_t **out_write_iv, size_t *out_iv_len) { … } uint64_t SSL_get_read_sequence(const SSL *ssl) { … } uint64_t SSL_get_write_sequence(const SSL *ssl) { … } uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) { … } size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, size_t max_out) { … } size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, size_t max_out) { … } const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) { … } void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) { … } void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) { … } void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled) { … } void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled) { … } void SSL_set_permute_extensions(SSL *ssl, int enabled) { … } int32_t SSL_get_ticket_age_skew(const SSL *ssl) { … } void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) { … } int SSL_used_hello_retry_request(const SSL *ssl) { … } void SSL_set_shed_handshake_config(SSL *ssl, int enable) { … } void SSL_set_jdk11_workaround(SSL *ssl, int enable) { … } void SSL_set_check_client_certificate_type(SSL *ssl, int enable) { … } void SSL_set_check_ecdsa_curve(SSL *ssl, int enable) { … } void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) { … } int SSL_clear(SSL *ssl) { … } int SSL_CTX_sess_connect(const SSL_CTX *ctx) { … } int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { … } int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { … } int SSL_CTX_sess_accept(const SSL_CTX *ctx) { … } int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { … } int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { … } int SSL_CTX_sess_hits(const SSL_CTX *ctx) { … } int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { … } int SSL_CTX_sess_misses(const SSL_CTX *ctx) { … } int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { … } int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { … } int SSL_num_renegotiations(const SSL *ssl) { … } int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) { … } int SSL_need_tmp_RSA(const SSL *ssl) { … } int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) { … } int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) { … } void ERR_load_SSL_strings(void) { … } void SSL_load_error_strings(void) { … } int SSL_cache_hit(SSL *ssl) { … } int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) { … } int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) { … } void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx, const SSL_TICKET_AEAD_METHOD *aead_method) { … } SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf, size_t buf_len) { … } int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) { … } size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) { … } int SSL_set_tlsext_status_type(SSL *ssl, int type) { … } int SSL_get_tlsext_status_type(const SSL *ssl) { … } int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, size_t resp_len) { … } size_t SSL_get_tlsext_status_ocsp_resp(const SSL *ssl, const uint8_t **out) { … } int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *ssl, void *arg)) { … } int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) { … } uint16_t SSL_get_curve_id(const SSL *ssl) { … } const char *SSL_get_curve_name(uint16_t curve_id) { … } size_t SSL_get_all_curve_names(const char **out, size_t max_out) { … } int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t num_curves) { … } int SSL_set1_curves(SSL *ssl, const int *curves, size_t num_curves) { … } int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) { … } int SSL_set1_curves_list(SSL *ssl, const char *curves) { … } namespace fips202205 { // (References are to SP 800-52r2): // Section 3.4.2.2 // "at least one of the NIST-approved curves, P-256 (secp256r1) and P384 // (secp384r1), shall be supported as described in RFC 8422." // // Section 3.3.1 // "The server shall be configured to only use cipher suites that are // composed entirely of NIST approved algorithms" static const uint16_t kGroups[] = …; static const uint16_t kSigAlgs[] = …; static const char kTLS12Ciphers[] = …; static int Configure(SSL_CTX *ctx) { … } static int Configure(SSL *ssl) { … } } // namespace fips202205 namespace wpa202304 { // See WPA version 3.1, section 3.5. static const uint16_t kGroups[] = …; static const uint16_t kSigAlgs[] = …; static const char kTLS12Ciphers[] = …; static int Configure(SSL_CTX *ctx) { … } static int Configure(SSL *ssl) { … } } // namespace wpa202304 namespace cnsa202407 { static int Configure(SSL_CTX *ctx) { … } static int Configure(SSL *ssl) { … } } int SSL_CTX_set_compliance_policy(SSL_CTX *ctx, enum ssl_compliance_policy_t policy) { … } int SSL_set_compliance_policy(SSL *ssl, enum ssl_compliance_policy_t policy) { … }
Codebase Browser
chromium