57     SSL_HANDSHAKE *hs, Array<uint8_t> *out,  in tls13_get_cert_verify_signature_input()  argument
97   if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||  in tls13_get_cert_verify_signature_input()
107 bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,  in tls13_process_certificate()  argument
109   SSL *const ssl = hs->ssl;  in tls13_process_certificate()
194       ssl->server && hs->config->retain_only_sha256_of_client_certs;  in tls13_process_certificate()
224                hs->new_session->peer_sha256);  in tls13_process_certificate()
256       if (ssl->server || !hs->config->ocsp_stapling_enabled) {  in tls13_process_certificate()
274         hs->new_session->ocsp_response.reset(  in tls13_process_certificate()
276         if (hs->new_session->ocsp_response == nullptr) {  in tls13_process_certificate()
284       if (ssl->server || !hs->config->signed_cert_timestamps_enabled) {  in tls13_process_certificate()
297         hs->new_session->signed_cert_timestamp_list.reset(  in tls13_process_certificate()
299         if (hs->new_session->signed_cert_timestamp_list == nullptr) {  in tls13_process_certificate()
313   hs->peer_pubkey = std::move(pkey);  in tls13_process_certificate()
314   hs->new_session->certs = std::move(certs);  in tls13_process_certificate()
316   if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {  in tls13_process_certificate()
322   if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) {  in tls13_process_certificate()
331     hs->new_session->verify_result = X509_V_OK;  in tls13_process_certificate()
337   hs->new_session->peer_sha256_valid = retain_sha256;  in tls13_process_certificate()
341 bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {  in tls13_process_certificate_verify()  argument
342   SSL *const ssl = hs->ssl;  in tls13_process_certificate_verify()
343   if (hs->peer_pubkey == NULL) {  in tls13_process_certificate_verify()
363   hs->new_session->peer_signature_algorithm = signature_algorithm;  in tls13_process_certificate_verify()
367           hs, &input,  in tls13_process_certificate_verify()
374                              hs->peer_pubkey.get(), input)) {  in tls13_process_certificate_verify()
383 bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,  in tls13_process_finished()  argument
385   SSL *const ssl = hs->ssl;  in tls13_process_finished()
390     verify_data = hs->expected_client_finished();  in tls13_process_finished()
393     if (!tls13_finished_mac(hs, verify_data_buf, &len, !ssl->server)) {  in tls13_process_finished()
413 bool tls13_add_certificate(SSL_HANDSHAKE *hs) {  in tls13_add_certificate()  argument
414   SSL *const ssl = hs->ssl;  in tls13_add_certificate()
415   CERT *const cert = hs->config->cert.get();  in tls13_add_certificate()
421   if (hs->cert_compression_negotiated) {  in tls13_add_certificate()
440   if (!ssl_has_certificate(hs)) {  in tls13_add_certificate()
454   if (hs->scts_requested && cert->signed_cert_timestamp_list != nullptr) {  in tls13_add_certificate()
468   if (hs->ocsp_stapling_requested && cert->ocsp_response != NULL) {  in tls13_add_certificate()
483   if (ssl_signing_with_dc(hs)) {  in tls13_add_certificate()
509   if (!hs->cert_compression_negotiated) {  in tls13_add_certificate()
521     if (candidate.alg_id == hs->cert_compression_alg_id) {  in tls13_add_certificate()
536       !CBB_add_u16(body, hs->cert_compression_alg_id) ||  in tls13_add_certificate()
548 enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {  in tls13_add_certificate_verify()  argument
549   SSL *const ssl = hs->ssl;  in tls13_add_certificate_verify()
551   if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {  in tls13_add_certificate_verify()
567   const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey.get());  in tls13_add_certificate_verify()
578           hs, &msg,  in tls13_add_certificate_verify()
585       hs, sig, &sig_len, max_sig_len, signature_algorithm, msg);  in tls13_add_certificate_verify()
598 bool tls13_add_finished(SSL_HANDSHAKE *hs) {  in tls13_add_finished()  argument
599   SSL *const ssl = hs->ssl;  in tls13_add_finished()
603   if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) {  in tls13_add_finished()