/* Copyright (c) 2016, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <openssl/ssl.h> #include <assert.h> #include <string.h> #include <utility> #include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/hkdf.h> #include <openssl/mem.h> #include <openssl/stack.h> #include <openssl/x509.h> #include "../crypto/internal.h" #include "internal.h" BSSL_NAMESPACE_BEGIN // kMaxKeyUpdates is the number of consecutive KeyUpdates that will be // processed. Without this limit an attacker could force unbounded processing // without being able to return application data. static const uint8_t kMaxKeyUpdates = …; const uint8_t kHelloRetryRequest[SSL3_RANDOM_SIZE] = …; // See RFC 8446, section 4.1.3. const uint8_t kTLS12DowngradeRandom[8] = …; const uint8_t kTLS13DowngradeRandom[8] = …; // This is a non-standard randomly-generated value. const uint8_t kJDK11DowngradeRandom[8] = …; bool tls13_get_cert_verify_signature_input( SSL_HANDSHAKE *hs, Array<uint8_t> *out, enum ssl_cert_verify_context_t cert_verify_context) { … } bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, bool allow_anonymous) { … } bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) { … } bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, bool use_saved_value) { … } bool tls13_add_certificate(SSL_HANDSHAKE *hs) { … } enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) { … } bool tls13_add_finished(SSL_HANDSHAKE *hs) { … } bool tls13_add_key_update(SSL *ssl, int update_requested) { … } static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { … } bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) { … } BSSL_NAMESPACE_END
Codebase Browser
chromium