Lines Matching refs:hs
134 static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
299 Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) { in tls1_get_grouplist() argument
300 if (!hs->config->supported_group_list.empty()) { in tls1_get_grouplist()
301 return hs->config->supported_group_list; in tls1_get_grouplist()
306 bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) { in tls1_get_shared_group() argument
307 SSL *const ssl = hs->ssl; in tls1_get_shared_group()
319 Span<const uint16_t> groups = tls1_get_grouplist(hs); in tls1_get_shared_group()
323 supp = hs->peer_supported_group_list; in tls1_get_shared_group()
325 pref = hs->peer_supported_group_list; in tls1_get_shared_group()
396 bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) { in tls1_check_group_id() argument
398 ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { in tls1_check_group_id()
403 for (uint16_t supported : tls1_get_grouplist(hs)) { in tls1_check_group_id()
569 void (*init)(SSL_HANDSHAKE *hs);
571 bool (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
572 bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
575 bool (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
577 bool (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
580 static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in forbid_parse_serverhello() argument
592 static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ignore_parse_clienthello() argument
598 static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in dont_add_serverhello() argument
606 static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_sni_add_clienthello() argument
607 SSL *const ssl = hs->ssl; in ext_sni_add_clienthello()
627 static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_sni_parse_serverhello() argument
634 static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_sni_parse_clienthello() argument
640 static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_sni_add_serverhello() argument
641 if (hs->ssl->s3->session_reused || in ext_sni_add_serverhello()
642 !hs->should_ack_sni) { in ext_sni_add_serverhello()
659 static bool ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ri_add_clienthello() argument
660 SSL *const ssl = hs->ssl; in ext_ri_add_clienthello()
662 if (hs->min_version >= TLS1_3_VERSION) { in ext_ri_add_clienthello()
682 static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ri_parse_serverhello() argument
684 SSL *const ssl = hs->ssl; in ext_ri_parse_serverhello()
765 static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ri_parse_clienthello() argument
767 SSL *const ssl = hs->ssl; in ext_ri_parse_clienthello()
800 static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ri_add_serverhello() argument
801 SSL *const ssl = hs->ssl; in ext_ri_add_serverhello()
824 static bool ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ems_add_clienthello() argument
826 if (hs->min_version >= TLS1_3_VERSION) { in ext_ems_add_clienthello()
838 static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ems_parse_serverhello() argument
840 SSL *const ssl = hs->ssl; in ext_ems_parse_serverhello()
848 hs->extended_master_secret = true; in ext_ems_parse_serverhello()
853 hs->extended_master_secret != in ext_ems_parse_serverhello()
863 static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ems_parse_clienthello() argument
865 if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in ext_ems_parse_clienthello()
877 hs->extended_master_secret = true; in ext_ems_parse_clienthello()
881 static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ems_add_serverhello() argument
882 if (!hs->extended_master_secret) { in ext_ems_add_serverhello()
899 static bool ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ticket_add_clienthello() argument
900 SSL *const ssl = hs->ssl; in ext_ticket_add_clienthello()
902 if (hs->min_version >= TLS1_3_VERSION || in ext_ticket_add_clienthello()
932 static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ticket_parse_serverhello() argument
934 SSL *const ssl = hs->ssl; in ext_ticket_parse_serverhello()
952 hs->ticket_expected = true; in ext_ticket_parse_serverhello()
956 static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ticket_add_serverhello() argument
957 if (!hs->ticket_expected) { in ext_ticket_add_serverhello()
962 assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0); in ext_ticket_add_serverhello()
977 static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_sigalgs_add_clienthello() argument
978 SSL *const ssl = hs->ssl; in ext_sigalgs_add_clienthello()
979 if (hs->max_version < TLS1_2_VERSION) { in ext_sigalgs_add_clienthello()
994 bool for_certs = hs->max_version < TLS1_3_VERSION; in ext_sigalgs_add_clienthello()
1007 static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_sigalgs_parse_clienthello() argument
1009 hs->peer_sigalgs.Reset(); in ext_sigalgs_parse_clienthello()
1017 !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) { in ext_sigalgs_parse_clienthello()
1029 static bool ext_sigalgs_cert_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_sigalgs_cert_add_clienthello() argument
1030 SSL *const ssl = hs->ssl; in ext_sigalgs_cert_add_clienthello()
1036 if (hs->max_version < TLS1_3_VERSION || in ext_sigalgs_cert_add_clienthello()
1058 static bool ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ocsp_add_clienthello() argument
1059 if (!hs->config->ocsp_stapling_enabled) { in ext_ocsp_add_clienthello()
1076 static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ocsp_parse_serverhello() argument
1078 SSL *const ssl = hs->ssl; in ext_ocsp_parse_serverhello()
1090 !ssl_cipher_uses_certificate_auth(hs->new_cipher)) { in ext_ocsp_parse_serverhello()
1098 hs->certificate_status_expected = true; in ext_ocsp_parse_serverhello()
1102 static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ocsp_parse_clienthello() argument
1115 hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp; in ext_ocsp_parse_clienthello()
1120 static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ocsp_add_serverhello() argument
1121 SSL *const ssl = hs->ssl; in ext_ocsp_add_serverhello()
1123 !hs->ocsp_stapling_requested || hs->config->cert->ocsp_response == NULL || in ext_ocsp_add_serverhello()
1125 !ssl_cipher_uses_certificate_auth(hs->new_cipher)) { in ext_ocsp_add_serverhello()
1129 hs->certificate_status_expected = true; in ext_ocsp_add_serverhello()
1140 static bool ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_npn_add_clienthello() argument
1141 SSL *const ssl = hs->ssl; in ext_npn_add_clienthello()
1156 static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_npn_parse_serverhello() argument
1158 SSL *const ssl = hs->ssl; in ext_npn_parse_serverhello()
1203 hs->next_proto_neg_seen = true; in ext_npn_parse_serverhello()
1207 static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_npn_parse_clienthello() argument
1209 SSL *const ssl = hs->ssl; in ext_npn_parse_clienthello()
1225 hs->next_proto_neg_seen = true; in ext_npn_parse_clienthello()
1229 static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_npn_add_serverhello() argument
1230 SSL *const ssl = hs->ssl; in ext_npn_add_serverhello()
1233 if (!hs->next_proto_neg_seen) { in ext_npn_add_serverhello()
1243 hs->next_proto_neg_seen = false; in ext_npn_add_serverhello()
1263 static bool ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_sct_add_clienthello() argument
1264 if (!hs->config->signed_cert_timestamps_enabled) { in ext_sct_add_clienthello()
1276 static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_sct_parse_serverhello() argument
1278 SSL *const ssl = hs->ssl; in ext_sct_parse_serverhello()
1291 assert(hs->config->signed_cert_timestamps_enabled); in ext_sct_parse_serverhello()
1304 hs->new_session->signed_cert_timestamp_list.reset( in ext_sct_parse_serverhello()
1306 if (hs->new_session->signed_cert_timestamp_list == nullptr) { in ext_sct_parse_serverhello()
1315 static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_sct_parse_clienthello() argument
1325 hs->scts_requested = true; in ext_sct_parse_clienthello()
1329 static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_sct_add_serverhello() argument
1330 SSL *const ssl = hs->ssl; in ext_sct_add_serverhello()
1333 hs->config->cert->signed_cert_timestamp_list == NULL) { in ext_sct_add_serverhello()
1343 hs->config->cert->signed_cert_timestamp_list.get()), in ext_sct_add_serverhello()
1345 hs->config->cert->signed_cert_timestamp_list.get())) && in ext_sct_add_serverhello()
1354 static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_alpn_add_clienthello() argument
1355 SSL *const ssl = hs->ssl; in ext_alpn_add_clienthello()
1356 if (hs->config->alpn_client_proto_list.empty() || in ext_alpn_add_clienthello()
1365 !CBB_add_bytes(&proto_list, hs->config->alpn_client_proto_list.data(), in ext_alpn_add_clienthello()
1366 hs->config->alpn_client_proto_list.size()) || in ext_alpn_add_clienthello()
1374 static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_alpn_parse_serverhello() argument
1376 SSL *const ssl = hs->ssl; in ext_alpn_parse_serverhello()
1382 assert(!hs->config->alpn_client_proto_list.empty()); in ext_alpn_parse_serverhello()
1384 if (hs->next_proto_neg_seen) { in ext_alpn_parse_serverhello()
1403 if (!ssl_is_alpn_protocol_allowed(hs, protocol_name)) { in ext_alpn_parse_serverhello()
1417 bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs, in ssl_is_alpn_protocol_allowed() argument
1419 if (hs->config->alpn_client_proto_list.empty()) { in ssl_is_alpn_protocol_allowed()
1423 if (hs->ssl->ctx->allow_unknown_alpn_protos) { in ssl_is_alpn_protocol_allowed()
1429 MakeConstSpan(hs->config->alpn_client_proto_list), in ssl_is_alpn_protocol_allowed()
1445 bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ssl_negotiate_alpn() argument
1447 SSL *const ssl = hs->ssl; in ssl_negotiate_alpn()
1458 hs->next_proto_neg_seen = false; in ssl_negotiate_alpn()
1504 static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_alpn_add_serverhello() argument
1505 SSL *const ssl = hs->ssl; in ext_alpn_add_serverhello()
1529 static void ext_channel_id_init(SSL_HANDSHAKE *hs) { in ext_channel_id_init() argument
1530 hs->ssl->s3->channel_id_valid = false; in ext_channel_id_init()
1533 static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_channel_id_add_clienthello() argument
1534 SSL *const ssl = hs->ssl; in ext_channel_id_add_clienthello()
1535 if (!hs->config->channel_id_enabled || SSL_is_dtls(ssl)) { in ext_channel_id_add_clienthello()
1547 static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs, in ext_channel_id_parse_serverhello() argument
1550 SSL *const ssl = hs->ssl; in ext_channel_id_parse_serverhello()
1556 assert(hs->config->channel_id_enabled); in ext_channel_id_parse_serverhello()
1566 static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs, in ext_channel_id_parse_clienthello() argument
1569 SSL *const ssl = hs->ssl; in ext_channel_id_parse_clienthello()
1570 if (contents == NULL || !hs->config->channel_id_enabled || SSL_is_dtls(ssl)) { in ext_channel_id_parse_clienthello()
1582 static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_channel_id_add_serverhello() argument
1583 SSL *const ssl = hs->ssl; in ext_channel_id_add_serverhello()
1602 static void ext_srtp_init(SSL_HANDSHAKE *hs) { in ext_srtp_init() argument
1603 hs->ssl->s3->srtp_profile = NULL; in ext_srtp_init()
1606 static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_srtp_add_clienthello() argument
1607 SSL *const ssl = hs->ssl; in ext_srtp_add_clienthello()
1635 static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_srtp_parse_serverhello() argument
1637 SSL *const ssl = hs->ssl; in ext_srtp_parse_serverhello()
1680 static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_srtp_parse_clienthello() argument
1682 SSL *const ssl = hs->ssl; in ext_srtp_parse_clienthello()
1721 static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_srtp_add_serverhello() argument
1722 SSL *const ssl = hs->ssl; in ext_srtp_add_serverhello()
1745 static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) { in ext_ec_point_add_extension() argument
1758 static bool ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ec_point_add_clienthello() argument
1760 if (hs->min_version >= TLS1_3_VERSION) { in ext_ec_point_add_clienthello()
1764 return ext_ec_point_add_extension(hs, out); in ext_ec_point_add_clienthello()
1767 static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ec_point_parse_serverhello() argument
1773 if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in ext_ec_point_parse_serverhello()
1795 static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, in ext_ec_point_parse_clienthello() argument
1797 if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in ext_ec_point_parse_clienthello()
1801 return ext_ec_point_parse_serverhello(hs, out_alert, contents); in ext_ec_point_parse_clienthello()
1804 static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_ec_point_add_serverhello() argument
1805 SSL *const ssl = hs->ssl; in ext_ec_point_add_serverhello()
1810 const uint32_t alg_k = hs->new_cipher->algorithm_mkey; in ext_ec_point_add_serverhello()
1811 const uint32_t alg_a = hs->new_cipher->algorithm_auth; in ext_ec_point_add_serverhello()
1818 return ext_ec_point_add_extension(hs, out); in ext_ec_point_add_serverhello()
1826 static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) { in ext_pre_shared_key_clienthello_length() argument
1827 SSL *const ssl = hs->ssl; in ext_pre_shared_key_clienthello_length()
1828 if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr || in ext_pre_shared_key_clienthello_length()
1837 static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_pre_shared_key_add_clienthello() argument
1838 SSL *const ssl = hs->ssl; in ext_pre_shared_key_add_clienthello()
1839 hs->needs_psk_binder = false; in ext_pre_shared_key_add_clienthello()
1840 if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr || in ext_pre_shared_key_add_clienthello()
1848 if (hs->received_hello_retry_request && in ext_pre_shared_key_add_clienthello()
1849 ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) { in ext_pre_shared_key_add_clienthello()
1877 hs->needs_psk_binder = true; in ext_pre_shared_key_add_clienthello()
1881 bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs, in ssl_ext_pre_shared_key_parse_serverhello() argument
1903 SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders, in ssl_ext_pre_shared_key_parse_clienthello() argument
1968 bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ssl_ext_pre_shared_key_add_serverhello() argument
1969 if (!hs->ssl->s3->session_reused) { in ssl_ext_pre_shared_key_add_serverhello()
1990 static bool ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs, in ext_psk_key_exchange_modes_add_clienthello() argument
1992 if (hs->max_version < TLS1_3_VERSION) { in ext_psk_key_exchange_modes_add_clienthello()
2007 static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs, in ext_psk_key_exchange_modes_parse_clienthello() argument
2023 hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE, in ext_psk_key_exchange_modes_parse_clienthello()
2034 static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_early_data_add_clienthello() argument
2035 SSL *const ssl = hs->ssl; in ext_early_data_add_clienthello()
2038 if (hs->received_hello_retry_request) { in ext_early_data_add_clienthello()
2048 if (hs->max_version < TLS1_3_VERSION) { in ext_early_data_add_clienthello()
2070 !ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) { in ext_early_data_add_clienthello()
2076 hs->early_data_offered = true; in ext_early_data_add_clienthello()
2087 static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs, in ext_early_data_parse_serverhello() argument
2090 SSL *const ssl = hs->ssl; in ext_early_data_parse_serverhello()
2092 if (hs->early_data_offered && !hs->received_hello_retry_request) { in ext_early_data_parse_serverhello()
2107 assert(!hs->received_hello_retry_request); in ext_early_data_parse_serverhello()
2125 static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs, in ext_early_data_parse_clienthello() argument
2127 SSL *const ssl = hs->ssl; in ext_early_data_parse_clienthello()
2138 hs->early_data_offered = true; in ext_early_data_parse_clienthello()
2142 static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_early_data_add_serverhello() argument
2143 if (!hs->ssl->s3->early_data_accepted) { in ext_early_data_add_serverhello()
2161 static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_key_share_add_clienthello() argument
2162 SSL *const ssl = hs->ssl; in ext_key_share_add_clienthello()
2163 if (hs->max_version < TLS1_3_VERSION) { in ext_key_share_add_clienthello()
2174 uint16_t group_id = hs->retry_group; in ext_key_share_add_clienthello()
2176 if (hs->received_hello_retry_request) { in ext_key_share_add_clienthello()
2180 !CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(), in ext_key_share_add_clienthello()
2181 hs->key_share_bytes.size())) { in ext_key_share_add_clienthello()
2184 hs->key_share_bytes.Reset(); in ext_key_share_add_clienthello()
2192 ssl_get_grease_value(hs, ssl_grease_group)) || in ext_key_share_add_clienthello()
2199 Span<const uint16_t> groups = tls1_get_grouplist(hs); in ext_key_share_add_clienthello()
2216 hs->key_shares[0] = SSLKeyShare::Create(group_id); in ext_key_share_add_clienthello()
2217 if (!hs->key_shares[0] || in ext_key_share_add_clienthello()
2220 !hs->key_shares[0]->Offer(&key_exchange) || in ext_key_share_add_clienthello()
2226 hs->key_shares[1] = SSLKeyShare::Create(second_group_id); in ext_key_share_add_clienthello()
2227 if (!hs->key_shares[1] || in ext_key_share_add_clienthello()
2230 !hs->key_shares[1]->Offer(&key_exchange) || in ext_key_share_add_clienthello()
2238 if (!hs->received_hello_retry_request && in ext_key_share_add_clienthello()
2239 !hs->key_share_bytes.CopyFrom( in ext_key_share_add_clienthello()
2247 bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, in ssl_ext_key_share_parse_serverhello() argument
2260 SSLKeyShare *key_share = hs->key_shares[0].get(); in ssl_ext_key_share_parse_serverhello()
2262 if (!hs->key_shares[1] || hs->key_shares[1]->GroupID() != group_id) { in ssl_ext_key_share_parse_serverhello()
2267 key_share = hs->key_shares[1].get(); in ssl_ext_key_share_parse_serverhello()
2275 hs->new_session->group_id = group_id; in ssl_ext_key_share_parse_serverhello()
2276 hs->key_shares[0].reset(); in ssl_ext_key_share_parse_serverhello()
2277 hs->key_shares[1].reset(); in ssl_ext_key_share_parse_serverhello()
2281 bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found, in ssl_ext_key_share_parse_clienthello() argument
2286 if (!tls1_get_shared_group(hs, &group_id)) { in ssl_ext_key_share_parse_clienthello()
2336 !CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) { in ssl_ext_key_share_parse_clienthello()
2346 bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ssl_ext_key_share_add_serverhello() argument
2349 if (!tls1_get_shared_group(hs, &group_id) || in ssl_ext_key_share_add_serverhello()
2354 !CBB_add_bytes(&public_key, hs->ecdh_public_key.data(), in ssl_ext_key_share_add_serverhello()
2355 hs->ecdh_public_key.size()) || in ssl_ext_key_share_add_serverhello()
2360 hs->ecdh_public_key.Reset(); in ssl_ext_key_share_add_serverhello()
2362 hs->new_session->group_id = group_id; in ssl_ext_key_share_add_serverhello()
2371 static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_supported_versions_add_clienthello() argument
2372 SSL *const ssl = hs->ssl; in ext_supported_versions_add_clienthello()
2373 if (hs->max_version <= TLS1_2_VERSION) { in ext_supported_versions_add_clienthello()
2386 !CBB_add_u16(&versions, ssl_get_grease_value(hs, ssl_grease_version))) { in ext_supported_versions_add_clienthello()
2390 if (!ssl_add_supported_versions(hs, &versions) || in ext_supported_versions_add_clienthello()
2403 static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_cookie_add_clienthello() argument
2404 if (hs->cookie.empty()) { in ext_cookie_add_clienthello()
2412 !CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) || in ext_cookie_add_clienthello()
2418 hs->cookie.Reset(); in ext_cookie_add_clienthello()
2428 static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_supported_groups_add_clienthello() argument
2429 SSL *const ssl = hs->ssl; in ext_supported_groups_add_clienthello()
2440 ssl_get_grease_value(hs, ssl_grease_group))) { in ext_supported_groups_add_clienthello()
2444 for (uint16_t group : tls1_get_grouplist(hs)) { in ext_supported_groups_add_clienthello()
2446 hs->max_version < TLS1_3_VERSION) { in ext_supported_groups_add_clienthello()
2457 static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs, in ext_supported_groups_parse_serverhello() argument
2488 static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs, in ext_supported_groups_parse_clienthello() argument
2499 !parse_u16_array(&supported_group_list, &hs->peer_supported_group_list)) { in ext_supported_groups_parse_clienthello()
2517 static bool ext_token_binding_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in ext_token_binding_add_clienthello() argument
2518 SSL *const ssl = hs->ssl; in ext_token_binding_add_clienthello()
2519 if (hs->config->token_binding_params.empty() || SSL_is_dtls(ssl)) { in ext_token_binding_add_clienthello()
2528 !CBB_add_bytes(¶ms, hs->config->token_binding_params.data(), in ext_token_binding_add_clienthello()
2529 hs->config->token_binding_params.size()) || in ext_token_binding_add_clienthello()
2537 static bool ext_token_binding_parse_serverhello(SSL_HANDSHAKE *hs, in ext_token_binding_parse_serverhello() argument
2540 SSL *const ssl = hs->ssl; in ext_token_binding_parse_serverhello()
2569 for (uint8_t config_param : hs->config->token_binding_params) { in ext_token_binding_parse_serverhello()
2585 static bool select_tb_param(SSL_HANDSHAKE *hs, in select_tb_param() argument
2587 for (uint8_t tb_param : hs->config->token_binding_params) { in select_tb_param()
2590 hs->ssl->s3->negotiated_token_binding_param = tb_param; in select_tb_param()
2598 static bool ext_token_binding_parse_clienthello(SSL_HANDSHAKE *hs, in ext_token_binding_parse_clienthello() argument
2601 SSL *const ssl = hs->ssl; in ext_token_binding_parse_clienthello()
2602 if (contents == nullptr || hs->config->token_binding_params.empty()) { in ext_token_binding_parse_clienthello()
2624 hs->negotiated_token_binding_version = in ext_token_binding_parse_clienthello()
2626 if (!select_tb_param(hs, params)) { in ext_token_binding_parse_clienthello()
2634 static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in ext_token_binding_add_serverhello() argument
2635 SSL *const ssl = hs->ssl; in ext_token_binding_add_serverhello()
2644 !CBB_add_u16(&contents, hs->negotiated_token_binding_version) || in ext_token_binding_add_serverhello()
2656 static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs, in ext_quic_transport_params_add_clienthello() argument
2658 if (hs->config->quic_transport_params.empty() || in ext_quic_transport_params_add_clienthello()
2659 hs->max_version <= TLS1_2_VERSION) { in ext_quic_transport_params_add_clienthello()
2666 !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(), in ext_quic_transport_params_add_clienthello()
2667 hs->config->quic_transport_params.size()) || in ext_quic_transport_params_add_clienthello()
2674 static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs, in ext_quic_transport_params_parse_serverhello() argument
2677 SSL *const ssl = hs->ssl; in ext_quic_transport_params_parse_serverhello()
2690 static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs, in ext_quic_transport_params_parse_clienthello() argument
2693 SSL *const ssl = hs->ssl; in ext_quic_transport_params_parse_clienthello()
2694 if (!contents || hs->config->quic_transport_params.empty()) { in ext_quic_transport_params_parse_clienthello()
2705 static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs, in ext_quic_transport_params_add_serverhello() argument
2707 if (hs->config->quic_transport_params.empty()) { in ext_quic_transport_params_add_serverhello()
2714 !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(), in ext_quic_transport_params_add_serverhello()
2715 hs->config->quic_transport_params.size()) || in ext_quic_transport_params_add_serverhello()
2727 static bool ext_delegated_credential_add_clienthello(SSL_HANDSHAKE *hs, in ext_delegated_credential_add_clienthello() argument
2732 static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs, in ext_delegated_credential_parse_clienthello() argument
2743 if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { in ext_delegated_credential_parse_clienthello()
2749 hs->delegated_credential_requested = true; in ext_delegated_credential_parse_clienthello()
2755 static bool cert_compression_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { in cert_compression_add_clienthello() argument
2759 for (const auto &alg : hs->ssl->ctx->cert_compression_algs) { in cert_compression_add_clienthello()
2778 static bool cert_compression_parse_serverhello(SSL_HANDSHAKE *hs, in cert_compression_parse_serverhello() argument
2790 static bool cert_compression_parse_clienthello(SSL_HANDSHAKE *hs, in cert_compression_parse_clienthello() argument
2797 const SSL_CTX *ctx = hs->ssl->ctx.get(); in cert_compression_parse_clienthello()
2845 ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) { in cert_compression_parse_clienthello()
2846 hs->cert_compression_negotiated = true; in cert_compression_parse_clienthello()
2847 hs->cert_compression_alg_id = ctx->cert_compression_algs[best_index].alg_id; in cert_compression_parse_clienthello()
2853 static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { in cert_compression_add_serverhello() argument
2863 static bool ext_pq_experiment_signal_add_clienthello(SSL_HANDSHAKE *hs, in ext_pq_experiment_signal_add_clienthello() argument
2865 if (hs->ssl->ctx->pq_experiment_signal && in ext_pq_experiment_signal_add_clienthello()
2874 static bool ext_pq_experiment_signal_parse_serverhello(SSL_HANDSHAKE *hs, in ext_pq_experiment_signal_parse_serverhello() argument
2881 if (!hs->ssl->ctx->pq_experiment_signal || CBS_len(contents) != 0) { in ext_pq_experiment_signal_parse_serverhello()
2885 hs->ssl->s3->pq_experiment_signal_seen = true; in ext_pq_experiment_signal_parse_serverhello()
2889 static bool ext_pq_experiment_signal_parse_clienthello(SSL_HANDSHAKE *hs, in ext_pq_experiment_signal_parse_clienthello() argument
2900 if (hs->ssl->ctx->pq_experiment_signal) { in ext_pq_experiment_signal_parse_clienthello()
2901 hs->ssl->s3->pq_experiment_signal_seen = true; in ext_pq_experiment_signal_parse_clienthello()
2907 static bool ext_pq_experiment_signal_add_serverhello(SSL_HANDSHAKE *hs, in ext_pq_experiment_signal_add_serverhello() argument
2909 if (hs->ssl->s3->pq_experiment_signal_seen && in ext_pq_experiment_signal_add_serverhello()
3138 bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, in ssl_add_clienthello_tlsext() argument
3140 SSL *const ssl = hs->ssl; in ssl_add_clienthello_tlsext()
3150 hs->extensions.sent = 0; in ssl_add_clienthello_tlsext()
3154 kExtensions[i].init(hs); in ssl_add_clienthello_tlsext()
3161 grease_ext1 = ssl_get_grease_value(hs, ssl_grease_extension1); in ssl_add_clienthello_tlsext()
3172 if (!kExtensions[i].add_clienthello(hs, &extensions)) { in ssl_add_clienthello_tlsext()
3180 hs->extensions.sent |= (1u << i); in ssl_add_clienthello_tlsext()
3189 uint16_t grease_ext2 = ssl_get_grease_value(hs, ssl_grease_extension2); in ssl_add_clienthello_tlsext()
3209 size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs); in ssl_add_clienthello_tlsext()
3258 if (!ext_pre_shared_key_add_clienthello(hs, &extensions)) { in ssl_add_clienthello_tlsext()
3271 bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) { in ssl_add_serverhello_tlsext() argument
3272 SSL *const ssl = hs->ssl; in ssl_add_serverhello_tlsext()
3279 if (!(hs->extensions.received & (1u << i))) { in ssl_add_serverhello_tlsext()
3284 if (!kExtensions[i].add_serverhello(hs, &extensions)) { in ssl_add_serverhello_tlsext()
3304 static bool ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs, in ssl_scan_clienthello_tlsext() argument
3309 kExtensions[i].init(hs); in ssl_scan_clienthello_tlsext()
3313 hs->extensions.received = 0; in ssl_scan_clienthello_tlsext()
3334 hs->extensions.received |= (1u << ext_index); in ssl_scan_clienthello_tlsext()
3336 if (!ext->parse_clienthello(hs, &alert, &extension)) { in ssl_scan_clienthello_tlsext()
3345 if (hs->extensions.received & (1u << i)) { in ssl_scan_clienthello_tlsext()
3359 hs->extensions.received |= (1u << i); in ssl_scan_clienthello_tlsext()
3365 if (!kExtensions[i].parse_clienthello(hs, &alert, contents)) { in ssl_scan_clienthello_tlsext()
3376 bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs, in ssl_parse_clienthello_tlsext() argument
3378 SSL *const ssl = hs->ssl; in ssl_parse_clienthello_tlsext()
3380 if (!ssl_scan_clienthello_tlsext(hs, client_hello, &alert)) { in ssl_parse_clienthello_tlsext()
3385 if (!ssl_check_clienthello_tlsext(hs)) { in ssl_parse_clienthello_tlsext()
3393 static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs, in ssl_scan_serverhello_tlsext() argument
3395 SSL *const ssl = hs->ssl; in ssl_scan_serverhello_tlsext()
3432 static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8, in ssl_scan_serverhello_tlsext()
3435 if (!(hs->extensions.sent & (1u << ext_index))) { in ssl_scan_serverhello_tlsext()
3446 if (!ext->parse_serverhello(hs, &alert, &extension)) { in ssl_scan_serverhello_tlsext()
3459 if (!kExtensions[i].parse_serverhello(hs, &alert, NULL)) { in ssl_scan_serverhello_tlsext()
3471 static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) { in ssl_check_clienthello_tlsext() argument
3472 SSL *const ssl = hs->ssl; in ssl_check_clienthello_tlsext()
3498 hs->should_ack_sni = false; in ssl_check_clienthello_tlsext()
3506 bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) { in ssl_parse_serverhello_tlsext() argument
3507 SSL *const ssl = hs->ssl; in ssl_parse_serverhello_tlsext()
3509 if (!ssl_scan_serverhello_tlsext(hs, cbs, &alert)) { in ssl_parse_serverhello_tlsext()
3572 SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket, in ssl_decrypt_ticket_with_cb() argument
3582 int cb_ret = hs->ssl->session_ctx->ticket_key_cb( in ssl_decrypt_ticket_with_cb()
3583 hs->ssl, const_cast<uint8_t *>(name.data()), in ssl_decrypt_ticket_with_cb()
3600 SSL_HANDSHAKE *hs, Array<uint8_t> *out, Span<const uint8_t> ticket) { in ssl_decrypt_ticket_with_ticket_keys() argument
3602 SSL_CTX *ctx = hs->ssl->session_ctx.get(); in ssl_decrypt_ticket_with_ticket_keys()
3639 SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket, in ssl_decrypt_ticket_with_method() argument
3649 hs->ssl->session_ctx->ticket_aead_method->open( in ssl_decrypt_ticket_with_method()
3650 hs->ssl, plaintext.data(), &plaintext_len, ticket.size(), in ssl_decrypt_ticket_with_method()
3662 SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session, in ssl_process_ticket() argument
3668 if ((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) || in ssl_process_ticket()
3675 if (hs->ssl->session_ctx->ticket_aead_method != NULL) { in ssl_process_ticket()
3676 result = ssl_decrypt_ticket_with_method(hs, &plaintext, out_renew_ticket, in ssl_process_ticket()
3686 if (hs->ssl->session_ctx->ticket_key_cb != NULL) { in ssl_process_ticket()
3688 ssl_decrypt_ticket_with_cb(hs, &plaintext, out_renew_ticket, ticket); in ssl_process_ticket()
3690 result = ssl_decrypt_ticket_with_ticket_keys(hs, &plaintext, ticket); in ssl_process_ticket()
3700 plaintext.data(), plaintext.size(), hs->ssl->ctx.get())); in ssl_process_ticket()
3715 bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) { in tls1_parse_peer_sigalgs() argument
3717 if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) { in tls1_parse_peer_sigalgs()
3724 parse_u16_array(in_sigalgs, &hs->peer_sigalgs); in tls1_parse_peer_sigalgs()
3740 bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) { in tls1_choose_signature_algorithm() argument
3741 SSL *const ssl = hs->ssl; in tls1_choose_signature_algorithm()
3742 CERT *cert = hs->config->cert.get(); in tls1_choose_signature_algorithm()
3748 if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) { in tls1_choose_signature_algorithm()
3756 if (ssl_signing_with_dc(hs)) { in tls1_choose_signature_algorithm()
3762 Span<const uint16_t> peer_sigalgs = tls1_get_peer_verify_algorithms(hs); in tls1_choose_signature_algorithm()
3768 !ssl_private_key_supports_signature_algorithm(hs, sigalg)) { in tls1_choose_signature_algorithm()
3784 Span<const uint16_t> tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs) { in tls1_get_peer_verify_algorithms() argument
3785 Span<const uint16_t> peer_sigalgs = hs->peer_sigalgs; in tls1_get_peer_verify_algorithms()
3786 if (peer_sigalgs.empty() && ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { in tls1_get_peer_verify_algorithms()
3797 bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) { in tls1_verify_channel_id() argument
3798 SSL *const ssl = hs->ssl; in tls1_verify_channel_id()
3845 if (!tls1_channel_id_hash(hs, digest, &digest_len)) { in tls1_verify_channel_id()
3865 bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) { in tls1_write_channel_id() argument
3868 if (!tls1_channel_id_hash(hs, digest, &digest_len)) { in tls1_write_channel_id()
3872 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(hs->config->channel_id_private.get()); in tls1_write_channel_id()
3905 bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) { in tls1_channel_id_hash() argument
3906 SSL *const ssl = hs->ssl; in tls1_channel_id_hash()
3909 if (!tls13_get_cert_verify_signature_input(hs, &msg, in tls1_channel_id_hash()
3937 if (!hs->transcript.GetHash(hs_hash, &hs_hash_len)) { in tls1_channel_id_hash()
3946 bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) { in tls1_record_handshake_hashes_for_channel_id() argument
3947 SSL *const ssl = hs->ssl; in tls1_record_handshake_hashes_for_channel_id()
3956 sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE, in tls1_record_handshake_hashes_for_channel_id()
3960 if (!hs->transcript.GetHash(hs->new_session->original_handshake_hash, in tls1_record_handshake_hashes_for_channel_id()
3967 hs->new_session->original_handshake_hash_len = (uint8_t)digest_len; in tls1_record_handshake_hashes_for_channel_id()
3972 bool ssl_do_channel_id_callback(SSL_HANDSHAKE *hs) { in ssl_do_channel_id_callback() argument
3973 if (hs->config->channel_id_private != NULL || in ssl_do_channel_id_callback()
3974 hs->ssl->ctx->channel_id_cb == NULL) { in ssl_do_channel_id_callback()
3979 hs->ssl->ctx->channel_id_cb(hs->ssl, &key); in ssl_do_channel_id_callback()
3986 return SSL_set1_tls_channel_id(hs->ssl, key); in ssl_do_channel_id_callback()