tls13_both.cc
Go to the documentation of this file.
1 /* Copyright (c) 2016, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #include <openssl/ssl.h>
16 
17 #include <assert.h>
18 #include <string.h>
19 
20 #include <utility>
21 
22 #include <openssl/bytestring.h>
23 #include <openssl/err.h>
24 #include <openssl/hkdf.h>
25 #include <openssl/mem.h>
26 #include <openssl/stack.h>
27 #include <openssl/x509.h>
28 
29 #include "../crypto/internal.h"
30 #include "internal.h"
31 
32 
33 BSSL_NAMESPACE_BEGIN
34 
35 // kMaxKeyUpdates is the number of consecutive KeyUpdates that will be
36 // processed. Without this limit an attacker could force unbounded processing
37 // without being able to return application data.
38 static const uint8_t kMaxKeyUpdates = 32;
39 
40 const uint8_t kHelloRetryRequest[SSL3_RANDOM_SIZE] = {
41  0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c,
42  0x02, 0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb,
43  0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
44 };
45 
46 // See RFC 8446, section 4.1.3.
47 const uint8_t kTLS12DowngradeRandom[8] = {0x44, 0x4f, 0x57, 0x4e,
48  0x47, 0x52, 0x44, 0x00};
49 const uint8_t kTLS13DowngradeRandom[8] = {0x44, 0x4f, 0x57, 0x4e,
50  0x47, 0x52, 0x44, 0x01};
51 
52 // This is a non-standard randomly-generated value.
53 const uint8_t kJDK11DowngradeRandom[8] = {0xed, 0xbf, 0xb4, 0xa8,
54  0xc2, 0x47, 0x10, 0xff};
55 
56 bool tls13_get_cert_verify_signature_input(
57  SSL_HANDSHAKE *hs, Array<uint8_t> *out,
58  enum ssl_cert_verify_context_t cert_verify_context) {
59  ScopedCBB cbb;
60  if (!CBB_init(cbb.get(), 64 + 33 + 1 + 2 * EVP_MAX_MD_SIZE)) {
61  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
62  return false;
63  }
64 
65  for (size_t i = 0; i < 64; i++) {
66  if (!CBB_add_u8(cbb.get(), 0x20)) {
67  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
68  return false;
69  }
70  }
71 
72  Span<const char> context;
73  if (cert_verify_context == ssl_cert_verify_server) {
74  static const char kContext[] = "TLS 1.3, server CertificateVerify";
75  context = kContext;
76  } else if (cert_verify_context == ssl_cert_verify_client) {
77  static const char kContext[] = "TLS 1.3, client CertificateVerify";
78  context = kContext;
79  } else if (cert_verify_context == ssl_cert_verify_channel_id) {
80  static const char kContext[] = "TLS 1.3, Channel ID";
81  context = kContext;
82  } else {
83  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
84  return false;
85  }
86 
87  // Note |context| includes the NUL byte separator.
88  if (!CBB_add_bytes(cbb.get(),
89  reinterpret_cast<const uint8_t *>(context.data()),
90  context.size())) {
91  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
92  return false;
93  }
94 
95  uint8_t context_hash[EVP_MAX_MD_SIZE];
96  size_t context_hash_len;
97  if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||
98  !CBB_add_bytes(cbb.get(), context_hash, context_hash_len) ||
99  !CBBFinishArray(cbb.get(), out)) {
100  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
101  return false;
102  }
103 
104  return true;
105 }
106 
107 bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
108  bool allow_anonymous) {
109  SSL *const ssl = hs->ssl;
110  CBS body = msg.body;
111  bssl::UniquePtr<CRYPTO_BUFFER> decompressed;
112 
113  if (msg.type == SSL3_MT_COMPRESSED_CERTIFICATE) {
114  CBS compressed;
115  uint16_t alg_id;
116  uint32_t uncompressed_len;
117 
118  if (!CBS_get_u16(&body, &alg_id) ||
119  !CBS_get_u24(&body, &uncompressed_len) ||
120  !CBS_get_u24_length_prefixed(&body, &compressed) ||
121  CBS_len(&body) != 0) {
122  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
123  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
124  return false;
125  }
126 
127  if (uncompressed_len > ssl->max_cert_list) {
128  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
129  OPENSSL_PUT_ERROR(SSL, SSL_R_UNCOMPRESSED_CERT_TOO_LARGE);
130  ERR_add_error_dataf("requested=%u",
131  static_cast<unsigned>(uncompressed_len));
132  return false;
133  }
134 
135  ssl_cert_decompression_func_t decompress = nullptr;
136  for (const auto &alg : ssl->ctx->cert_compression_algs) {
137  if (alg.alg_id == alg_id) {
138  decompress = alg.decompress;
139  break;
140  }
141  }
142 
143  if (decompress == nullptr) {
144  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
145  OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERT_COMPRESSION_ALG);
146  ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
147  return false;
148  }
149 
150  CRYPTO_BUFFER *decompressed_ptr = nullptr;
151  if (!decompress(ssl, &decompressed_ptr, uncompressed_len,
152  CBS_data(&compressed), CBS_len(&compressed))) {
153  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
154  OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED);
155  ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
156  return false;
157  }
158  decompressed.reset(decompressed_ptr);
159 
160  if (CRYPTO_BUFFER_len(decompressed_ptr) != uncompressed_len) {
161  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
162  OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED);
163  ERR_add_error_dataf(
164  "alg=%d got=%u expected=%u", static_cast<int>(alg_id),
165  static_cast<unsigned>(CRYPTO_BUFFER_len(decompressed_ptr)),
166  static_cast<unsigned>(uncompressed_len));
167  return false;
168  }
169 
170  CBS_init(&body, CRYPTO_BUFFER_data(decompressed_ptr),
171  CRYPTO_BUFFER_len(decompressed_ptr));
172  } else {
173  assert(msg.type == SSL3_MT_CERTIFICATE);
174  }
175 
176  CBS context, certificate_list;
177  if (!CBS_get_u8_length_prefixed(&body, &context) ||
178  CBS_len(&context) != 0 ||
179  !CBS_get_u24_length_prefixed(&body, &certificate_list) ||
180  CBS_len(&body) != 0) {
181  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
182  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
183  return false;
184  }
185 
186  UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null());
187  if (!certs) {
188  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
189  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
190  return false;
191  }
192 
193  const bool retain_sha256 =
194  ssl->server && hs->config->retain_only_sha256_of_client_certs;
195  UniquePtr<EVP_PKEY> pkey;
196  while (CBS_len(&certificate_list) > 0) {
197  CBS certificate, extensions;
198  if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
199  !CBS_get_u16_length_prefixed(&certificate_list, &extensions) ||
200  CBS_len(&certificate) == 0) {
201  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
202  OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
203  return false;
204  }
205 
206  if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
207  pkey = ssl_cert_parse_pubkey(&certificate);
208  if (!pkey) {
209  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
210  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
211  return false;
212  }
213  // TLS 1.3 always uses certificate keys for signing thus the correct
214  // keyUsage is enforced.
215  if (!ssl_cert_check_key_usage(&certificate,
216  key_usage_digital_signature)) {
217  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
218  return false;
219  }
220 
221  if (retain_sha256) {
222  // Retain the hash of the leaf certificate if requested.
223  SHA256(CBS_data(&certificate), CBS_len(&certificate),
224  hs->new_session->peer_sha256);
225  }
226  }
227 
228  UniquePtr<CRYPTO_BUFFER> buf(
229  CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool));
230  if (!buf ||
231  !PushToStack(certs.get(), std::move(buf))) {
232  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
233  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
234  return false;
235  }
236 
237  // Parse out the extensions.
238  SSLExtension status_request(
239  TLSEXT_TYPE_status_request,
240  !ssl->server && hs->config->ocsp_stapling_enabled);
241  SSLExtension sct(
242  TLSEXT_TYPE_certificate_timestamp,
243  !ssl->server && hs->config->signed_cert_timestamps_enabled);
244  uint8_t alert = SSL_AD_DECODE_ERROR;
245  if (!ssl_parse_extensions(&extensions, &alert, {&status_request, &sct},
246  /*ignore_unknown=*/false)) {
247  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
248  return false;
249  }
250 
251  // All Certificate extensions are parsed, but only the leaf extensions are
252  // stored.
253  if (status_request.present) {
254  uint8_t status_type;
255  CBS ocsp_response;
256  if (!CBS_get_u8(&status_request.data, &status_type) ||
257  status_type != TLSEXT_STATUSTYPE_ocsp ||
258  !CBS_get_u24_length_prefixed(&status_request.data, &ocsp_response) ||
259  CBS_len(&ocsp_response) == 0 ||
260  CBS_len(&status_request.data) != 0) {
261  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
262  return false;
263  }
264 
265  if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) {
266  hs->new_session->ocsp_response.reset(
267  CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool));
268  if (hs->new_session->ocsp_response == nullptr) {
269  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
270  return false;
271  }
272  }
273  }
274 
275  if (sct.present) {
276  if (!ssl_is_sct_list_valid(&sct.data)) {
277  OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
278  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
279  return false;
280  }
281 
282  if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) {
283  hs->new_session->signed_cert_timestamp_list.reset(
284  CRYPTO_BUFFER_new_from_CBS(&sct.data, ssl->ctx->pool));
285  if (hs->new_session->signed_cert_timestamp_list == nullptr) {
286  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
287  return false;
288  }
289  }
290  }
291  }
292 
293  // Store a null certificate list rather than an empty one if the peer didn't
294  // send certificates.
295  if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
296  certs.reset();
297  }
298 
299  hs->peer_pubkey = std::move(pkey);
300  hs->new_session->certs = std::move(certs);
301 
302  if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
303  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
304  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
305  return false;
306  }
307 
308  if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) {
309  if (!allow_anonymous) {
310  OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
311  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
312  return false;
313  }
314 
315  // OpenSSL returns X509_V_OK when no certificates are requested. This is
316  // classed by them as a bug, but it's assumed by at least NGINX.
317  hs->new_session->verify_result = X509_V_OK;
318 
319  // No certificate, so nothing more to do.
320  return true;
321  }
322 
323  hs->new_session->peer_sha256_valid = retain_sha256;
324  return true;
325 }
326 
327 bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
328  SSL *const ssl = hs->ssl;
329  if (hs->peer_pubkey == NULL) {
330  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
331  return false;
332  }
333 
334  CBS body = msg.body, signature;
335  uint16_t signature_algorithm;
336  if (!CBS_get_u16(&body, &signature_algorithm) ||
337  !CBS_get_u16_length_prefixed(&body, &signature) ||
338  CBS_len(&body) != 0) {
339  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
340  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
341  return false;
342  }
343 
344  uint8_t alert = SSL_AD_DECODE_ERROR;
345  if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
346  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
347  return false;
348  }
349  hs->new_session->peer_signature_algorithm = signature_algorithm;
350 
351  Array<uint8_t> input;
352  if (!tls13_get_cert_verify_signature_input(
353  hs, &input,
354  ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) {
355  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
356  return false;
357  }
358 
359  if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
360  hs->peer_pubkey.get(), input)) {
361  OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
362  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
363  return false;
364  }
365 
366  return true;
367 }
368 
369 bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
370  bool use_saved_value) {
371  SSL *const ssl = hs->ssl;
372  uint8_t verify_data_buf[EVP_MAX_MD_SIZE];
373  Span<const uint8_t> verify_data;
374  if (use_saved_value) {
375  assert(ssl->server);
376  verify_data = hs->expected_client_finished();
377  } else {
378  size_t len;
379  if (!tls13_finished_mac(hs, verify_data_buf, &len, !ssl->server)) {
380  return false;
381  }
382  verify_data = MakeConstSpan(verify_data_buf, len);
383  }
384 
385  bool finished_ok =
386  CBS_mem_equal(&msg.body, verify_data.data(), verify_data.size());
387 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
388  finished_ok = true;
389 #endif
390  if (!finished_ok) {
391  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
392  OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
393  return false;
394  }
395 
396  return true;
397 }
398 
399 bool tls13_add_certificate(SSL_HANDSHAKE *hs) {
400  SSL *const ssl = hs->ssl;
401  CERT *const cert = hs->config->cert.get();
402  DC *const dc = cert->dc.get();
403 
404  ScopedCBB cbb;
405  CBB *body, body_storage, certificate_list;
406 
407  if (hs->cert_compression_negotiated) {
408  if (!CBB_init(cbb.get(), 1024)) {
409  return false;
410  }
411  body = cbb.get();
412  } else {
413  body = &body_storage;
414  if (!ssl->method->init_message(ssl, cbb.get(), body, SSL3_MT_CERTIFICATE)) {
415  return false;
416  }
417  }
418 
419  if (// The request context is always empty in the handshake.
420  !CBB_add_u8(body, 0) ||
421  !CBB_add_u24_length_prefixed(body, &certificate_list)) {
422  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
423  return false;
424  }
425 
426  if (!ssl_has_certificate(hs)) {
427  return ssl_add_message_cbb(ssl, cbb.get());
428  }
429 
430  CRYPTO_BUFFER *leaf_buf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
431  CBB leaf, extensions;
432  if (!CBB_add_u24_length_prefixed(&certificate_list, &leaf) ||
433  !CBB_add_bytes(&leaf, CRYPTO_BUFFER_data(leaf_buf),
434  CRYPTO_BUFFER_len(leaf_buf)) ||
435  !CBB_add_u16_length_prefixed(&certificate_list, &extensions)) {
436  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
437  return false;
438  }
439 
440  if (hs->scts_requested && cert->signed_cert_timestamp_list != nullptr) {
441  CBB contents;
442  if (!CBB_add_u16(&extensions, TLSEXT_TYPE_certificate_timestamp) ||
443  !CBB_add_u16_length_prefixed(&extensions, &contents) ||
444  !CBB_add_bytes(
445  &contents,
446  CRYPTO_BUFFER_data(cert->signed_cert_timestamp_list.get()),
447  CRYPTO_BUFFER_len(cert->signed_cert_timestamp_list.get())) ||
448  !CBB_flush(&extensions)) {
449  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
450  return false;
451  }
452  }
453 
454  if (hs->ocsp_stapling_requested && cert->ocsp_response != NULL) {
455  CBB contents, ocsp_response;
456  if (!CBB_add_u16(&extensions, TLSEXT_TYPE_status_request) ||
457  !CBB_add_u16_length_prefixed(&extensions, &contents) ||
458  !CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) ||
459  !CBB_add_u24_length_prefixed(&contents, &ocsp_response) ||
460  !CBB_add_bytes(&ocsp_response,
461  CRYPTO_BUFFER_data(cert->ocsp_response.get()),
462  CRYPTO_BUFFER_len(cert->ocsp_response.get())) ||
463  !CBB_flush(&extensions)) {
464  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
465  return false;
466  }
467  }
468 
469  if (ssl_signing_with_dc(hs)) {
470  const CRYPTO_BUFFER *raw = dc->raw.get();
471  CBB child;
472  if (!CBB_add_u16(&extensions, TLSEXT_TYPE_delegated_credential) ||
473  !CBB_add_u16_length_prefixed(&extensions, &child) ||
474  !CBB_add_bytes(&child, CRYPTO_BUFFER_data(raw),
475  CRYPTO_BUFFER_len(raw)) ||
476  !CBB_flush(&extensions)) {
477  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
478  return 0;
479  }
480  ssl->s3->delegated_credential_used = true;
481  }
482 
483  for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {
484  CRYPTO_BUFFER *cert_buf = sk_CRYPTO_BUFFER_value(cert->chain.get(), i);
485  CBB child;
486  if (!CBB_add_u24_length_prefixed(&certificate_list, &child) ||
487  !CBB_add_bytes(&child, CRYPTO_BUFFER_data(cert_buf),
488  CRYPTO_BUFFER_len(cert_buf)) ||
489  !CBB_add_u16(&certificate_list, 0 /* no extensions */)) {
490  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
491  return false;
492  }
493  }
494 
495  if (!hs->cert_compression_negotiated) {
496  return ssl_add_message_cbb(ssl, cbb.get());
497  }
498 
499  Array<uint8_t> msg;
500  if (!CBBFinishArray(cbb.get(), &msg)) {
501  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
502  return false;
503  }
504 
505  const CertCompressionAlg *alg = nullptr;
506  for (const auto &candidate : ssl->ctx->cert_compression_algs) {
507  if (candidate.alg_id == hs->cert_compression_alg_id) {
508  alg = &candidate;
509  break;
510  }
511  }
512 
513  if (alg == nullptr || alg->compress == nullptr) {
514  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
515  return false;
516  }
517 
518  CBB compressed;
519  body = &body_storage;
520  if (!ssl->method->init_message(ssl, cbb.get(), body,
521  SSL3_MT_COMPRESSED_CERTIFICATE) ||
522  !CBB_add_u16(body, hs->cert_compression_alg_id) ||
523  !CBB_add_u24(body, msg.size()) ||
524  !CBB_add_u24_length_prefixed(body, &compressed)) {
525  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
526  return false;
527  }
528 
529  SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
530  if (hints && !hs->hints_requested &&
531  hints->cert_compression_alg_id == hs->cert_compression_alg_id &&
532  hints->cert_compression_input == MakeConstSpan(msg) &&
533  !hints->cert_compression_output.empty()) {
534  if (!CBB_add_bytes(&compressed, hints->cert_compression_output.data(),
535  hints->cert_compression_output.size())) {
536  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
537  return false;
538  }
539  } else {
540  if (!alg->compress(ssl, &compressed, msg.data(), msg.size())) {
541  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
542  return false;
543  }
544  if (hints && hs->hints_requested) {
545  hints->cert_compression_alg_id = hs->cert_compression_alg_id;
546  if (!hints->cert_compression_input.CopyFrom(msg) ||
547  !hints->cert_compression_output.CopyFrom(
548  MakeConstSpan(CBB_data(&compressed), CBB_len(&compressed)))) {
549  return false;
550  }
551  }
552  }
553 
554  if (!ssl_add_message_cbb(ssl, cbb.get())) {
555  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
556  return false;
557  }
558 
559  return true;
560 }
561 
562 enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
563  SSL *const ssl = hs->ssl;
564  uint16_t signature_algorithm;
565  if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
566  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
567  return ssl_private_key_failure;
568  }
569 
570  ScopedCBB cbb;
571  CBB body;
572  if (!ssl->method->init_message(ssl, cbb.get(), &body,
573  SSL3_MT_CERTIFICATE_VERIFY) ||
574  !CBB_add_u16(&body, signature_algorithm)) {
575  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
576  return ssl_private_key_failure;
577  }
578 
579  // Sign the digest.
580  CBB child;
581  const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey.get());
582  uint8_t *sig;
583  size_t sig_len;
584  if (!CBB_add_u16_length_prefixed(&body, &child) ||
585  !CBB_reserve(&child, &sig, max_sig_len)) {
586  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
587  return ssl_private_key_failure;
588  }
589 
590  Array<uint8_t> msg;
591  if (!tls13_get_cert_verify_signature_input(
592  hs, &msg,
593  ssl->server ? ssl_cert_verify_server : ssl_cert_verify_client)) {
594  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
595  return ssl_private_key_failure;
596  }
597 
598  SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
599  Array<uint8_t> spki;
600  if (hints) {
601  ScopedCBB spki_cbb;
602  if (!CBB_init(spki_cbb.get(), 64) ||
603  !EVP_marshal_public_key(spki_cbb.get(), hs->local_pubkey.get()) ||
604  !CBBFinishArray(spki_cbb.get(), &spki)) {
605  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
606  return ssl_private_key_failure;
607  }
608  }
609 
610  if (hints && !hs->hints_requested &&
611  signature_algorithm == hints->signature_algorithm &&
612  MakeConstSpan(msg) == hints->signature_input &&
613  MakeConstSpan(spki) == hints->signature_spki &&
614  !hints->signature.empty() && hints->signature.size() <= max_sig_len) {
615  // Signature algorithm and input both match. Reuse the signature from hints.
616  sig_len = hints->signature.size();
617  OPENSSL_memcpy(sig, hints->signature.data(), sig_len);
618  } else {
619  enum ssl_private_key_result_t sign_result = ssl_private_key_sign(
620  hs, sig, &sig_len, max_sig_len, signature_algorithm, msg);
621  if (sign_result != ssl_private_key_success) {
622  return sign_result;
623  }
624  if (hints && hs->hints_requested) {
625  hints->signature_algorithm = signature_algorithm;
626  hints->signature_input = std::move(msg);
627  hints->signature_spki = std::move(spki);
628  if (!hints->signature.CopyFrom(MakeSpan(sig, sig_len))) {
629  return ssl_private_key_failure;
630  }
631  }
632  }
633 
634  if (!CBB_did_write(&child, sig_len) ||
635  !ssl_add_message_cbb(ssl, cbb.get())) {
636  return ssl_private_key_failure;
637  }
638 
639  return ssl_private_key_success;
640 }
641 
642 bool tls13_add_finished(SSL_HANDSHAKE *hs) {
643  SSL *const ssl = hs->ssl;
644  size_t verify_data_len;
645  uint8_t verify_data[EVP_MAX_MD_SIZE];
646 
647  if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) {
648  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
649  OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
650  return false;
651  }
652 
653  ScopedCBB cbb;
654  CBB body;
655  if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
656  !CBB_add_bytes(&body, verify_data, verify_data_len) ||
657  !ssl_add_message_cbb(ssl, cbb.get())) {
658  return false;
659  }
660 
661  return true;
662 }
663 
664 bool tls13_add_key_update(SSL *ssl, int update_requested) {
665  ScopedCBB cbb;
666  CBB body_cbb;
667  if (!ssl->method->init_message(ssl, cbb.get(), &body_cbb,
668  SSL3_MT_KEY_UPDATE) ||
669  !CBB_add_u8(&body_cbb, update_requested) ||
670  !ssl_add_message_cbb(ssl, cbb.get()) ||
671  !tls13_rotate_traffic_key(ssl, evp_aead_seal)) {
672  return false;
673  }
674 
675  // Suppress KeyUpdate acknowledgments until this change is written to the
676  // wire. This prevents us from accumulating write obligations when read and
677  // write progress at different rates. See RFC 8446, section 4.6.3.
678  ssl->s3->key_update_pending = true;
679 
680  return true;
681 }
682 
683 static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
684  CBS body = msg.body;
685  uint8_t key_update_request;
686  if (!CBS_get_u8(&body, &key_update_request) ||
687  CBS_len(&body) != 0 ||
688  (key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED &&
689  key_update_request != SSL_KEY_UPDATE_REQUESTED)) {
690  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
691  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
692  return false;
693  }
694 
695  if (!tls13_rotate_traffic_key(ssl, evp_aead_open)) {
696  return false;
697  }
698 
699  // Acknowledge the KeyUpdate
700  if (key_update_request == SSL_KEY_UPDATE_REQUESTED &&
701  !ssl->s3->key_update_pending &&
702  !tls13_add_key_update(ssl, SSL_KEY_UPDATE_NOT_REQUESTED)) {
703  return false;
704  }
705 
706  return true;
707 }
708 
709 bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
710  if (msg.type == SSL3_MT_KEY_UPDATE) {
711  ssl->s3->key_update_count++;
712  if (ssl->quic_method != nullptr ||
713  ssl->s3->key_update_count > kMaxKeyUpdates) {
714  OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES);
715  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
716  return false;
717  }
718 
719  return tls13_receive_key_update(ssl, msg);
720  }
721 
722  ssl->s3->key_update_count = 0;
723 
724  if (msg.type == SSL3_MT_NEW_SESSION_TICKET && !ssl->server) {
725  return tls13_process_new_session_ticket(ssl, msg);
726  }
727 
728  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
729  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
730  return false;
731 }
732 
733 BSSL_NAMESPACE_END
ssl_send_alert
void ssl_send_alert(SSL *ssl, int level, int desc)
Definition: s3_pkt.cc:379
SSL_HANDSHAKE::hints_requested
bool hints_requested
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2026
CERT::ocsp_response
UniquePtr< CRYPTO_BUFFER > ocsp_response
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2405
ssl_st::server
bool server
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3777
ssl_has_certificate
bool ssl_has_certificate(const SSL_HANDSHAKE *hs)
Definition: ssl_cert.cc:340
SSL_AD_UNEXPECTED_MESSAGE
#define SSL_AD_UNEXPECTED_MESSAGE
Definition: ssl.h:3795
CBS_get_u24_length_prefixed
#define CBS_get_u24_length_prefixed
Definition: boringssl_prefix_symbols.h:1077
CBB_flush
#define CBB_flush
Definition: boringssl_prefix_symbols.h:1045
CBB_data
#define CBB_data
Definition: boringssl_prefix_symbols.h:1040
SSL3_MT_FINISHED
#define SSL3_MT_FINISHED
Definition: ssl3.h:310
CBB_init
#define CBB_init
Definition: boringssl_prefix_symbols.h:1047
gen_build_yaml.out
dictionary out
Definition: src/benchmark/gen_build_yaml.py:24
CBS_get_u16
#define CBS_get_u16
Definition: boringssl_prefix_symbols.h:1073
Span::size
size_t size() const
Definition: boringssl-with-bazel/src/include/openssl/span.h:133
SSL_HANDSHAKE_HINTS::cert_compression_alg_id
uint16_t cert_compression_alg_id
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1715
SSL_HANDSHAKE::hints
UniquePtr< SSL_HANDSHAKE_HINTS > hints
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1943
cbs_st
Definition: bytestring.h:39
tls13_process_certificate
bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, bool allow_anonymous)
Definition: tls13_both.cc:107
DC::raw
UniquePtr< CRYPTO_BUFFER > raw
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1586
Array::data
const T * data() const
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:274
SSL_HANDSHAKE::local_pubkey
UniquePtr< EVP_PKEY > local_pubkey
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1909
CBS_data
#define CBS_data
Definition: boringssl_prefix_symbols.h:1057
EVP_marshal_public_key
#define EVP_marshal_public_key
Definition: boringssl_prefix_symbols.h:1737
uint16_t
unsigned short uint16_t
Definition: stdint-msvc2008.h:79
SSL_HANDSHAKE_HINTS::signature_spki
Array< uint8_t > signature_spki
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1709
CertCompressionAlg
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2587
ssl_public_key_verify
bool ssl_public_key_verify(SSL *ssl, Span< const uint8_t > signature, uint16_t sigalg, EVP_PKEY *pkey, Span< const uint8_t > in)
Definition: ssl_privkey.cc:236
SSL3_MT_CERTIFICATE_VERIFY
#define SSL3_MT_CERTIFICATE_VERIFY
Definition: ssl3.h:308
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
internal.h
CRYPTO_BUFFER_new_from_CBS
#define CRYPTO_BUFFER_new_from_CBS
Definition: boringssl_prefix_symbols.h:1120
ssl_private_key_failure
ssl_private_key_failure
Definition: ssl.h:1236
string.h
CBB_add_u16_length_prefixed
#define CBB_add_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1028
CBB_add_u8
#define CBB_add_u8
Definition: boringssl_prefix_symbols.h:1036
SSL_HANDSHAKE::ssl
SSL * ssl
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1726
CBS_mem_equal
#define CBS_mem_equal
Definition: boringssl_prefix_symbols.h:1090
buf
voidpf void * buf
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:136
TLSEXT_TYPE_delegated_credential
#define TLSEXT_TYPE_delegated_credential
Definition: tls1.h:243
SSL_AD_INTERNAL_ERROR
#define SSL_AD_INTERNAL_ERROR
Definition: ssl.h:3815
CRYPTO_BUFFER_len
#define CRYPTO_BUFFER_len
Definition: boringssl_prefix_symbols.h:1118
tls13_add_finished
bool tls13_add_finished(SSL_HANDSHAKE *hs)
Definition: tls13_both.cc:642
CBS_get_u8_length_prefixed
#define CBS_get_u8_length_prefixed
Definition: boringssl_prefix_symbols.h:1083
CBS_len
#define CBS_len
Definition: boringssl_prefix_symbols.h:1089
SSL_CONFIG::cert
UniquePtr< CERT > cert
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2986
SSL_HANDSHAKE_HINTS::signature
Array< uint8_t > signature
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1710
CBB_add_u24
#define CBB_add_u24
Definition: boringssl_prefix_symbols.h:1030
crypto_buffer_st
Definition: third_party/boringssl-with-bazel/src/crypto/pool/internal.h:31
SSL_HANDSHAKE::ocsp_stapling_requested
bool ocsp_stapling_requested
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1973
CERT::dc
UniquePtr< DC > dc
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2415
SSL3_MT_CERTIFICATE
#define SSL3_MT_CERTIFICATE
Definition: ssl3.h:304
kJDK11DowngradeRandom
const uint8_t kJDK11DowngradeRandom[8]
Definition: tls13_both.cc:53
SSL_AD_ILLEGAL_PARAMETER
#define SSL_AD_ILLEGAL_PARAMETER
Definition: ssl.h:3807
SSL_HANDSHAKE::new_session
UniquePtr< SSL_SESSION > new_session
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1916
X509_V_OK
#define X509_V_OK
Definition: x509.h:1918
SSL3_RANDOM_SIZE
#define SSL3_RANDOM_SIZE
Definition: ssl3.h:204
CBS_init
#define CBS_init
Definition: boringssl_prefix_symbols.h:1085
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
SSL_HANDSHAKE::cert_compression_alg_id
uint16_t cert_compression_alg_id
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1879
Array::CopyFrom
bool CopyFrom(Span< const T > in)
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:338
ssl_st::quic_method
const SSL_QUIC_METHOD * quic_method
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3769
ssl_cert_verify_server
@ ssl_cert_verify_server
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2182
SSLExtension
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2222
CertCompressionAlg::compress
ssl_cert_compression_func_t compress
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2590
tls13_finished_mac
bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, bool is_server)
Definition: tls13_enc.cc:356
SSL_R_UNEXPECTED_MESSAGE
#define SSL_R_UNEXPECTED_MESSAGE
Definition: ssl.h:5490
key_usage_digital_signature
@ key_usage_digital_signature
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1321
CERT
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2345
SSL_HANDSHAKE::peer_pubkey
UniquePtr< EVP_PKEY > peer_pubkey
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1912
CBB_reserve
#define CBB_reserve
Definition: boringssl_prefix_symbols.h:1050
SSL_AD_CERTIFICATE_REQUIRED
#define SSL_AD_CERTIFICATE_REQUIRED
Definition: ssl.h:3827
uint32_t
unsigned int uint32_t
Definition: stdint-msvc2008.h:80
Array::empty
bool empty() const
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:277
CBB_did_write
#define CBB_did_write
Definition: boringssl_prefix_symbols.h:1041
bytestring.h
ssl_is_sct_list_valid
bool ssl_is_sct_list_valid(const CBS *contents)
Definition: extensions.cc:4286
SSL_R_BAD_SIGNATURE
#define SSL_R_BAD_SIGNATURE
Definition: ssl.h:5382
CBB_add_u16
#define CBB_add_u16
Definition: boringssl_prefix_symbols.h:1027
CERT::chain
UniquePtr< STACK_OF(CRYPTO_BUFFER)> chain
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2359
sk_CRYPTO_BUFFER_new_null
#define sk_CRYPTO_BUFFER_new_null
Definition: boringssl_prefix_symbols.h:557
SSL_R_DIGEST_CHECK_FAILED
#define SSL_R_DIGEST_CHECK_FAILED
Definition: ssl.h:5410
SSL_HANDSHAKE
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1720
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
Array< uint8_t >
ssl_cert_verify_context_t
ssl_cert_verify_context_t
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2181
SSL_HANDSHAKE::scts_requested
bool scts_requested
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1954
STACK_OF
#define STACK_OF(type)
Definition: stack.h:125
tls13_add_certificate
bool tls13_add_certificate(SSL_HANDSHAKE *hs)
Definition: tls13_both.cc:399
Array::size
size_t size() const
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:276
tls13_add_certificate_verify
enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs)
Definition: tls13_both.cc:562
ssl_st
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3698
ERR_add_error_dataf
#define ERR_add_error_dataf
Definition: boringssl_prefix_symbols.h:1412
SSLExtension::present
bool present
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2230
SSL3_MT_KEY_UPDATE
#define SSL3_MT_KEY_UPDATE
Definition: ssl3.h:313
SSL_R_CERT_LENGTH_MISMATCH
#define SSL_R_CERT_LENGTH_MISMATCH
Definition: ssl.h:5395
SSL_R_UNKNOWN_CERT_COMPRESSION_ALG
#define SSL_R_UNKNOWN_CERT_COMPRESSION_ALG
Definition: ssl.h:5561
SSL3_MT_NEW_SESSION_TICKET
#define SSL3_MT_NEW_SESSION_TICKET
Definition: ssl3.h:301
SSL_KEY_UPDATE_REQUESTED
#define SSL_KEY_UPDATE_REQUESTED
Definition: ssl.h:421
ssl_private_key_sign
enum ssl_private_key_result_t ssl_private_key_sign(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, size_t max_out, uint16_t sigalg, Span< const uint8_t > in)
Definition: ssl_privkey.cc:200
tls13_add_key_update
bool tls13_add_key_update(SSL *ssl, int update_requested)
Definition: tls13_both.cc:664
OPENSSL_memcpy
static void * OPENSSL_memcpy(void *dst, const void *src, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:819
tls12_check_peer_sigalg
bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert, uint16_t sigalg)
Definition: extensions.cc:490
BSSL_NAMESPACE_END
#define BSSL_NAMESPACE_END
Definition: base.h:480
CBS_get_u8
#define CBS_get_u8
Definition: boringssl_prefix_symbols.h:1082
err.h
kTLS12DowngradeRandom
const uint8_t kTLS12DowngradeRandom[8]
Definition: tls13_both.cc:47
ERR_R_INTERNAL_ERROR
#define ERR_R_INTERNAL_ERROR
Definition: err.h:374
tls1_choose_signature_algorithm
bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out)
Definition: extensions.cc:4054
evp_aead_open
@ evp_aead_open
Definition: aead.h:430
evp_aead_seal
@ evp_aead_seal
Definition: aead.h:431
googletest-filter-unittest.child
child
Definition: bloaty/third_party/googletest/googletest/test/googletest-filter-unittest.py:62
SSL_R_TOO_MANY_KEY_UPDATES
#define SSL_R_TOO_MANY_KEY_UPDATES
Definition: ssl.h:5527
SSL_HANDSHAKE::expected_client_finished
Span< uint8_t > expected_client_finished()
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1794
tls13_post_handshake
bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg)
Definition: tls13_both.cc:709
conf.extensions
list extensions
Definition: doc/python/sphinx/conf.py:54
tls13_rotate_traffic_key
bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction)
Definition: tls13_enc.cc:303
EVP_PKEY_size
#define EVP_PKEY_size
Definition: boringssl_prefix_symbols.h:1658
SSL_CONFIG::ocsp_stapling_enabled
bool ocsp_stapling_enabled
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3055
Span
Definition: boringssl-with-bazel/src/include/openssl/span.h:32
kMaxKeyUpdates
static const BSSL_NAMESPACE_BEGIN uint8_t kMaxKeyUpdates
Definition: tls13_both.cc:38
SSL_R_CERT_DECOMPRESSION_FAILED
#define SSL_R_CERT_DECOMPRESSION_FAILED
Definition: ssl.h:5559
grpc_core::UniquePtr
std::unique_ptr< T, DefaultDeleteChar > UniquePtr
Definition: src/core/lib/gprpp/memory.h:43
SSL_HANDSHAKE::transcript
SSLTranscript transcript
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1821
tls13_receive_key_update
static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg)
Definition: tls13_both.cc:683
msg
std::string msg
Definition: client_interceptors_end2end_test.cc:372
SSL3_AL_FATAL
#define SSL3_AL_FATAL
Definition: ssl3.h:280
tls13_process_new_session_ticket
bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg)
Definition: tls13_client.cc:1028
ssl_cert_verify_client
@ ssl_cert_verify_client
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2183
ssl.h
SSL_HANDSHAKE_HINTS::signature_algorithm
uint16_t signature_algorithm
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1707
SHA256
#define SHA256
Definition: boringssl_prefix_symbols.h:2154
SSL_CONFIG::retain_only_sha256_of_client_certs
bool retain_only_sha256_of_client_certs
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3069
SSLMessage
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1140
DC
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1572
CERT::signed_cert_timestamp_list
UniquePtr< CRYPTO_BUFFER > signed_cert_timestamp_list
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2402
SSL_KEY_UPDATE_NOT_REQUESTED
#define SSL_KEY_UPDATE_NOT_REQUESTED
Definition: ssl.h:425
sk_CRYPTO_BUFFER_value
#define sk_CRYPTO_BUFFER_value
Definition: boringssl_prefix_symbols.h:561
CBB_add_bytes
#define CBB_add_bytes
Definition: boringssl_prefix_symbols.h:1025
contents
string_view contents
Definition: elf.cc:597
CBBFinishArray
OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array< uint8_t > *out)
Definition: ssl_lib.cc:190
BSSL_NAMESPACE_BEGIN
Definition: trust_token_test.cc:45
ssl_st::s3
bssl::SSL3_STATE * s3
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3730
SSL_HANDSHAKE::config
SSL_CONFIG * config
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1729
TLSEXT_TYPE_certificate_timestamp
#define TLSEXT_TYPE_certificate_timestamp
Definition: tls1.h:255
ssl_st::max_cert_list
uint32_t max_cert_list
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3765
SSL_HANDSHAKE_HINTS::signature_input
Array< uint8_t > signature_input
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1708
TLSEXT_TYPE_status_request
#define TLSEXT_TYPE_status_request
Definition: tls1.h:186
hkdf.h
SSLExtension::data
CBS data
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2231
SSL_AD_DECODE_ERROR
#define SSL_AD_DECODE_ERROR
Definition: ssl.h:3810
ssl_private_key_success
ssl_private_key_success
Definition: ssl.h:1234
CBS_get_u16_length_prefixed
#define CBS_get_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1074
SSL_CONFIG::signed_cert_timestamps_enabled
bool signed_cert_timestamps_enabled
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3051
SSL_HANDSHAKE_HINTS::cert_compression_output
Array< uint8_t > cert_compression_output
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1717
EVP_MAX_MD_SIZE
#define EVP_MAX_MD_SIZE
Definition: digest.h:156
PushToStack
std::enable_if<!internal::StackTraits< Stack >::kIsConst, bool >::type PushToStack(Stack *sk, UniquePtr< typename internal::StackTraits< Stack >::Type > elem)
Definition: stack.h:515
SSL_AD_HANDSHAKE_FAILURE
#define SSL_AD_HANDSHAKE_FAILURE
Definition: ssl.h:3800
ssl_add_message_cbb
bool ssl_add_message_cbb(SSL *ssl, CBB *cbb)
Definition: handshake.cc:220
SSL3_MT_COMPRESSED_CERTIFICATE
#define SSL3_MT_COMPRESSED_CERTIFICATE
Definition: ssl3.h:314
SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
Definition: ssl.h:5459
TLSEXT_STATUSTYPE_ocsp
#define TLSEXT_STATUSTYPE_ocsp
Definition: tls1.h:265
SSLTranscript::GetHash
bool GetHash(uint8_t *out, size_t *out_len) const
Definition: ssl_transcript.cc:235
tls13_get_cert_verify_signature_input
bool tls13_get_cert_verify_signature_input(SSL_HANDSHAKE *hs, Array< uint8_t > *out, enum ssl_cert_verify_context_t cert_verify_context)
Definition: tls13_both.cc:56
ssl_st::method
const bssl::SSL_PROTOCOL_METHOD * method
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3706
CBS_get_u24
#define CBS_get_u24
Definition: boringssl_prefix_symbols.h:1076
input
std::string input
Definition: bloaty/third_party/protobuf/src/google/protobuf/io/tokenizer_unittest.cc:197
SSL_HANDSHAKE_HINTS::cert_compression_input
Array< uint8_t > cert_compression_input
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1716
tls13_process_finished
bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, bool use_saved_value)
Definition: tls13_both.cc:369
ssl_parse_extensions
bool ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, std::initializer_list< SSLExtension * > extensions, bool ignore_unknown)
Definition: handshake.cc:269
ssl_cert_verify_channel_id
@ ssl_cert_verify_channel_id
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2184
context
grpc::ClientContext context
Definition: istio_echo_server_lib.cc:61
Span::data
T * data() const
Definition: boringssl-with-bazel/src/include/openssl/span.h:132
CBB_len
#define CBB_len
Definition: boringssl_prefix_symbols.h:1049
SSL_R_DECODE_ERROR
#define SSL_R_DECODE_ERROR
Definition: ssl.h:5405
mem.h
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46
SSL_HANDSHAKE_HINTS
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1698
ssl_cert_check_key_usage
bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit)
Definition: ssl_cert.cc:542
ssl_signing_with_dc
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs)
Definition: ssl_cert.cc:831
SSL_R_ERROR_PARSING_EXTENSION
#define SSL_R_ERROR_PARSING_EXTENSION
Definition: ssl.h:5417
kTLS13DowngradeRandom
const uint8_t kTLS13DowngradeRandom[8]
Definition: tls13_both.cc:49
ssl_st::ctx
bssl::UniquePtr< SSL_CTX > ctx
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3754
kHelloRetryRequest
const uint8_t kHelloRetryRequest[SSL3_RANDOM_SIZE]
Definition: tls13_both.cc:40
ssl_cert_parse_pubkey
UniquePtr< EVP_PKEY > ssl_cert_parse_pubkey(const CBS *in)
Definition: ssl_cert.cc:482
SSL_AD_DECRYPT_ERROR
#define SSL_AD_DECRYPT_ERROR
Definition: ssl.h:3811
SSL_HANDSHAKE::cert_compression_negotiated
bool cert_compression_negotiated
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2029
absl::MakeSpan
constexpr Span< T > MakeSpan(T *ptr, size_t size) noexcept
Definition: abseil-cpp/absl/types/span.h:661
sk_CRYPTO_BUFFER_num
#define sk_CRYPTO_BUFFER_num
Definition: boringssl_prefix_symbols.h:558
tls13_process_certificate_verify
bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg)
Definition: tls13_both.cc:327
ssl_cert_decompression_func_t
int(* ssl_cert_decompression_func_t)(SSL *ssl, CRYPTO_BUFFER **out, size_t uncompressed_len, const uint8_t *in, size_t in_len)
Definition: ssl.h:2926
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
CRYPTO_BUFFER_data
#define CRYPTO_BUFFER_data
Definition: boringssl_prefix_symbols.h:1115
ERR_R_MALLOC_FAILURE
#define ERR_R_MALLOC_FAILURE
Definition: err.h:371
signature_algorithm
uint16_t signature_algorithm
Definition: ssl_privkey.cc:439
stack.h
x509.h
SSL_R_UNCOMPRESSED_CERT_TOO_LARGE
#define SSL_R_UNCOMPRESSED_CERT_TOO_LARGE
Definition: ssl.h:5560
absl::MakeConstSpan
constexpr Span< const T > MakeConstSpan(T *ptr, size_t size) noexcept
Definition: abseil-cpp/absl/types/span.h:707
cbb_st
Definition: bytestring.h:375
CBB_add_u24_length_prefixed
#define CBB_add_u24_length_prefixed
Definition: boringssl_prefix_symbols.h:1031

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:39