/* Copyright (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([email protected]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([email protected]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([email protected])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * [email protected]. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * ([email protected]). This product includes software written by Tim * Hudson ([email protected]). */ #include <openssl/ssl.h> #include <assert.h> #include <limits.h> #include <stdlib.h> #include <string.h> #include <algorithm> #include <utility> #include <openssl/aead.h> #include <openssl/bytestring.h> #include <openssl/chacha.h> #include <openssl/curve25519.h> #include <openssl/digest.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/hpke.h> #include <openssl/mem.h> #include <openssl/nid.h> #include <openssl/rand.h> #include "../crypto/internal.h" #include "internal.h" BSSL_NAMESPACE_BEGIN static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs); static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs); static int compare_uint16_t(const void *p1, const void *p2) { … } // Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be // more than one extension of the same type in a ClientHello or ServerHello. // This function does an initial scan over the extensions block to filter those // out. static bool tls1_check_duplicate_extensions(const CBS *cbs) { … } static bool is_post_quantum_group(uint16_t id) { … } bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out, Span<const uint8_t> body) { … } bool ssl_parse_client_hello_with_trailing_data(const SSL *ssl, CBS *cbs, SSL_CLIENT_HELLO *out) { … } bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello, CBS *out, uint16_t extension_type) { … } static const uint16_t kDefaultGroups[] = …; Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) { … } bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) { … } bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) { … } // kVerifySignatureAlgorithms is the default list of accepted signature // algorithms for verifying. static const uint16_t kVerifySignatureAlgorithms[] = …; // kSignSignatureAlgorithms is the default list of supported signature // algorithms for signing. static const uint16_t kSignSignatureAlgorithms[] = …; static Span<const uint16_t> tls12_get_verify_sigalgs(const SSL_HANDSHAKE *hs) { … } bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out) { … } bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert, uint16_t sigalg, EVP_PKEY *pkey) { … } // tls_extension represents a TLS extension that is handled internally. // // The parse callbacks receive a |CBS| that contains the contents of the // extension (i.e. not including the type and length bytes). If an extension is // not received then the parse callbacks will be called with a NULL CBS so that // they can do any processing needed to handle the absence of an extension. // // The add callbacks receive a |CBB| to which the extension can be appended but // the function is responsible for appending the type and length bytes too. // // |add_clienthello| may be called multiple times and must not mutate |hs|. It // is additionally passed two output |CBB|s. If the extension is the same // independent of the value of |type|, the callback may write to // |out_compressible| instead of |out|. When serializing the ClientHelloInner, // all compressible extensions will be made continguous and replaced with // ech_outer_extensions when encrypted. When serializing the ClientHelloOuter // or not offering ECH, |out| will be equal to |out_compressible|, so writing to // |out_compressible| still works. // // Note the |parse_serverhello| and |add_serverhello| callbacks refer to the // TLS 1.2 ServerHello. In TLS 1.3, these callbacks act on EncryptedExtensions, // with ServerHello extensions handled elsewhere in the handshake. // // All callbacks return true for success and false for error. If a parse // function returns zero then a fatal alert with value |*out_alert| will be // sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent. struct tls_extension { … }; static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Server name indication (SNI). // // https://tools.ietf.org/html/rfc6066#section-3. static bool ext_sni_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Encrypted ClientHello (ECH) // // https://tools.ietf.org/html/draft-ietf-tls-esni-13 static bool ext_ech_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ech_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Renegotiation indication. // // https://tools.ietf.org/html/rfc5746 static bool ext_ri_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Extended Master Secret. // // https://tools.ietf.org/html/rfc7627 static bool ext_ems_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Session tickets. // // https://tools.ietf.org/html/rfc5077 static bool ext_ticket_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Signature Algorithms. // // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 static bool ext_sigalgs_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } // OCSP Stapling. // // https://tools.ietf.org/html/rfc6066#section-8 static bool ext_ocsp_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Next protocol negotiation. // // https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html static bool ext_npn_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Signed certificate timestamps. // // https://tools.ietf.org/html/rfc6962#section-3.3.1 static bool ext_sct_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Application-level Protocol Negotiation. // // https://tools.ietf.org/html/rfc7301 static bool ext_alpn_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } bool ssl_is_valid_alpn_list(Span<const uint8_t> in) { … } bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs, Span<const uint8_t> protocol) { … } bool ssl_alpn_list_contains_protocol(Span<const uint8_t> list, Span<const uint8_t> protocol) { … } bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert, const SSL_CLIENT_HELLO *client_hello) { … } static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Channel ID. // // https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 static bool ext_channel_id_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Secure Real-time Transport Protocol (SRTP) extension. // // https://tools.ietf.org/html/rfc5764 static bool ext_srtp_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // EC point formats. // // https://tools.ietf.org/html/rfc4492#section-5.1.2 static bool ext_ec_point_add_extension(const SSL_HANDSHAKE *hs, CBB *out) { … } static bool ext_ec_point_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Pre Shared Key // // https://tools.ietf.org/html/rfc8446#section-4.2.11 static bool should_offer_psk(const SSL_HANDSHAKE *hs, ssl_client_hello_type_t type) { … } static size_t ext_pre_shared_key_clienthello_length( const SSL_HANDSHAKE *hs, ssl_client_hello_type_t type) { … } static bool ext_pre_shared_key_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, bool *out_needs_binder, ssl_client_hello_type_t type) { … } bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } bool ssl_ext_pre_shared_key_parse_clienthello( SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders, uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, const SSL_CLIENT_HELLO *client_hello, CBS *contents) { … } bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Pre-Shared Key Exchange Modes // // https://tools.ietf.org/html/rfc8446#section-4.2.9 static bool ext_psk_key_exchange_modes_add_clienthello( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } // Early Data Indication // // https://tools.ietf.org/html/rfc8446#section-4.2.10 static bool ext_early_data_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Key Share // // https://tools.ietf.org/html/rfc8446#section-4.2.8 bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { … } static bool ext_key_share_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, Array<uint8_t> *out_secret, uint8_t *out_alert, CBS *contents) { … } bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found, Span<const uint8_t> *out_peer_key, uint8_t *out_alert, const SSL_CLIENT_HELLO *client_hello) { … } bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Supported Versions // // https://tools.ietf.org/html/rfc8446#section-4.2.1 static bool ext_supported_versions_add_clienthello( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } // Cookie // // https://tools.ietf.org/html/rfc8446#section-4.2.2 static bool ext_cookie_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } // Supported Groups // // https://tools.ietf.org/html/rfc4492#section-5.1.1 // https://tools.ietf.org/html/rfc8446#section-4.2.7 static bool ext_supported_groups_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) { … } static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } // QUIC Transport Parameters static bool ext_quic_transport_params_add_clienthello_impl( const SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) { … } static bool ext_quic_transport_params_add_clienthello( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_quic_transport_params_add_clienthello_legacy( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_quic_transport_params_parse_serverhello_impl( SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents, bool used_legacy_codepoint) { … } static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_quic_transport_params_parse_serverhello_legacy( SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_quic_transport_params_parse_clienthello_impl( SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents, bool used_legacy_codepoint) { … } static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_quic_transport_params_parse_clienthello_legacy( SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_quic_transport_params_add_serverhello_impl( SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) { … } static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs, CBB *out) { … } // Delegated credentials. // // https://www.rfc-editor.org/rfc/rfc9345.html static bool ext_delegated_credential_add_clienthello( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } // Certificate compression static bool cert_compression_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool cert_compression_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool cert_compression_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } // Application-level Protocol Settings // // https://tools.ietf.org/html/draft-vvv-tls-alps-01 bool ssl_get_local_application_settings(const SSL_HANDSHAKE *hs, Span<const uint8_t> *out_settings, Span<const uint8_t> protocol) { … } static bool ext_alps_add_clienthello_impl(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type, bool use_new_codepoint) { … } static bool ext_alps_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_alps_add_clienthello_old(const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { … } static bool ext_alps_parse_serverhello_impl(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents, bool use_new_codepoint) { … } static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_alps_parse_serverhello_old(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { … } static bool ext_alps_add_serverhello_impl(SSL_HANDSHAKE *hs, CBB *out, bool use_new_codepoint) { … } static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { … } static bool ext_alps_add_serverhello_old(SSL_HANDSHAKE *hs, CBB *out) { … } bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert, const SSL_CLIENT_HELLO *client_hello) { … } // kExtensions contains all the supported extensions. static const struct tls_extension kExtensions[] = …; #define kNumExtensions … static_assert …; static_assert …; bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) { … } static const struct tls_extension *tls_extension_find(uint32_t *out_index, uint16_t value) { … } static bool add_padding_extension(CBB *cbb, uint16_t ext, size_t len) { … } static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded, bool *out_needs_psk_binder) { … } bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded, bool *out_needs_psk_binder, ssl_client_hello_type_t type, size_t header_len) { … } bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) { … } static bool ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello, int *out_alert) { … } bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello) { … } static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *cbs, int *out_alert) { … } static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) { … } static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) { … } bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *cbs) { … } static enum ssl_ticket_aead_result_t decrypt_ticket_with_cipher_ctx( Array<uint8_t> *out, EVP_CIPHER_CTX *cipher_ctx, HMAC_CTX *hmac_ctx, Span<const uint8_t> ticket) { … } static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_cb( SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket, Span<const uint8_t> ticket) { … } static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_ticket_keys( SSL_HANDSHAKE *hs, Array<uint8_t> *out, Span<const uint8_t> ticket) { … } static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_method( SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket, Span<const uint8_t> ticket) { … } enum ssl_ticket_aead_result_t ssl_process_ticket( SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session, bool *out_renew_ticket, Span<const uint8_t> ticket, Span<const uint8_t> session_id) { … } bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) { … } bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) { … } bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, const SSL_CREDENTIAL *cred, uint16_t *out) { … } bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) { … } bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) { … } bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) { … } bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) { … } bool ssl_is_sct_list_valid(const CBS *contents) { … } BSSL_NAMESPACE_END usingnamespacebssl; int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello, uint16_t extension_type, const uint8_t **out_data, size_t *out_len) { … }
Codebase Browser
chromium