| /openssl/doc/man3/ |
| H A D | SSL_CTX_set_stateless_cookie_generate_cb.pod | 18 unsigned char *cookie,
23 const unsigned char *cookie,
29 *cookie,
46 of bytes written to B<cookie_len>. If a cookie cannot be generated, a zero
51 ClientHello cookie is valid. The cookie data is pointed to by B<cookie> and is of
53 communicates that the cookie is valid. The integrity of the entire cookie,
59 as a response to a ClientHello with a missing or invalid cookie.
62 cookie cannot be generated, a zero return value can be used to abort the
66 determine whether the cookie in a ClientHello is valid. The cookie data is
68 from app_verify_cookie_cb() communicates that the cookie is valid. The
[all …]
|
| H A D | DTLSv1_listen.pod | 20 ClientHello is received that does not contain a cookie, then they respond with a
21 request for a new ClientHello that does contain a cookie. If a ClientHello is
22 received with a cookie that is verified then the function returns in order to
42 As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie
45 TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The
46 client then resends the ClientHello, but this time includes the cookie in the
57 When a ClientHello is received that contains a cookie that has been verified,
84 Prior to calling DTLSv1_listen() user code must ensure that cookie generation
|
| H A D | OSSL_STORE_INFO.pod | 142 named C<cookie.pem>, and in that case, the returned B<OSSL_STORE_INFO_NAME>
143 object would have the URI C<file:/foo/bar/cookie.pem>, which can be
150 given and that path has the file C<cookie.pem>, the name
151 C</foo/bar/cookie.pem> will be returned.
|
| H A D | OSSL_PARAM_int.pod | 392 if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL)
393 OSSL_PARAM_set_utf8_ptr(p, "cookie value");
|
| /openssl/util/perl/TLSProxy/ |
| H A D | HelloVerifyRequest.pm | 45 $self->{cookie} = "";
58 my $cookie = substr($self->data, $ptr, $cookie_len);
62 $self->cookie($cookie);
85 $data .= $self->cookie;
107 sub cookie subroutine
111 $self->{cookie} = shift;
113 return $self->{cookie};
|
| /openssl/test/ |
| H A D | dtlsv1listentest.c | 262 static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) in cookie_gen() argument
266 for (i = 0; i < COOKIE_LEN; i++, cookie++) in cookie_gen()
267 *cookie = i; in cookie_gen()
273 static int cookie_verify(SSL *ssl, const unsigned char *cookie, in cookie_verify() argument
281 for (i = 0; i < COOKIE_LEN; i++, cookie++) { in cookie_verify()
282 if (*cookie != i) in cookie_verify()
|
| H A D | bad_dtls_test.c | 55 static unsigned char cookie[20]; variable
164 if (!PACKET_equal(&pkt2, cookie, sizeof(cookie))) in validate_client_hello()
216 memcpy(hello_verify + HV_COOKIE_OFS, cookie, sizeof(cookie)); in send_hello_verify()
481 RAND_bytes(cookie, sizeof(cookie)); in test_bad_dtls()
|
| H A D | dtlstest.c | 47 static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, in generate_cookie_cb() argument
50 memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); in generate_cookie_cb()
55 static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, in verify_cookie_cb() argument
58 return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); in verify_cookie_cb()
|
| H A D | ext_internal_test.c | 70 EXT_ENTRY(cookie),
|
| /openssl/test/recipes/ |
| H A D | 70-test_tls13cookie.t | 108 my $cookie =
111 return if !defined($cookie);
113 return if ($cookie cmp $ext) != 0;
|
| /openssl/apps/include/ |
| H A D | s_apps.h | 53 int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
55 int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
63 int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
65 int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
|
| /openssl/ssl/statem/ |
| H A D | extensions_srvr.c | 730 PACKET cookie, raw, chhash, appcookie; in tls_parse_ctos_cookie() local
745 if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { in tls_parse_ctos_cookie()
750 raw = cookie; in tls_parse_ctos_cookie()
793 if (!PACKET_get_net_2(&cookie, &format)) { in tls_parse_ctos_cookie()
807 if (!PACKET_get_net_2(&cookie, &version)) { in tls_parse_ctos_cookie()
817 if (!PACKET_get_net_2(&cookie, &group_id)) { in tls_parse_ctos_cookie()
822 ciphdata = PACKET_data(&cookie); in tls_parse_ctos_cookie()
823 if (!PACKET_forward(&cookie, 2)) { in tls_parse_ctos_cookie()
838 if (!PACKET_get_1(&cookie, &key_share) in tls_parse_ctos_cookie()
839 || !PACKET_get_net_8(&cookie, &tm) in tls_parse_ctos_cookie()
[all …]
|
| H A D | statem_srvr.c | 1368 int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, in dtls_raw_hello_verify_request() argument
1373 || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) in dtls_raw_hello_verify_request()
1386 || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_SSL(s), s->d1->cookie, in dtls_construct_hello_verify_request()
1394 if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, in dtls_construct_hello_verify_request()
1474 PACKET session_id, compression, extensions, cookie; in tls_process_client_hello() local
1505 PACKET_null_init(&cookie); in tls_process_client_hello()
1611 if (!PACKET_get_length_prefixed_1(pkt, &cookie)) { in tls_process_client_hello()
1615 if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie, in tls_process_client_hello()
1769 || memcmp(clienthello->dtls_cookie, s->d1->cookie, in tls_early_post_process_client_hello()
|
| H A D | extensions_clnt.c | 1972 PACKET cookie; in tls_parse_stoc_cookie() local
1974 if (!PACKET_as_length_prefixed_2(pkt, &cookie) in tls_parse_stoc_cookie()
1975 || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, in tls_parse_stoc_cookie()
|
| H A D | statem_clnt.c | 1293 if (s->d1->cookie_len > sizeof(s->d1->cookie) in tls_construct_client_hello()
1294 || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, in tls_construct_client_hello()
1364 if (cookie_len > sizeof(s->d1->cookie)) { in dtls_process_hello_verify()
1369 if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) { in dtls_process_hello_verify()
|
| /openssl/test/recipes/04-test_conf_data/ |
| H A D | dollarid_off.txt | 4 cookie = 0
|
| H A D | dollarid_on.txt | 4 cookie = 1
|
| H A D | dollarid_off.cnf | 5 cookie = ${foo}
|
| H A D | dollarid_on.cnf | 5 cookie = ${foo$bar}
|
| /openssl/ssl/ |
| H A D | d1_lib.c | 87 d1->cookie_len = sizeof(s->d1->cookie); in dtls1_new()
202 s->d1->cookie_len = sizeof(s->d1->cookie); in dtls1_clear()
421 unsigned char cookie[DTLS1_COOKIE_LENGTH]; in DTLSv1_listen() local
665 ssl->ctx->app_gen_cookie_cb(ssl, cookie, &cookielen) == 0 || in DTLSv1_listen()
724 || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen) in DTLSv1_listen()
|
| H A D | ssl_sess.c | 1405 unsigned char *cookie, in SSL_CTX_set_cookie_generate_cb() argument
1413 const unsigned char *cookie, in SSL_CTX_set_cookie_verify_cb() argument
1445 unsigned char *cookie, in SSL_CTX_set_stateless_cookie_generate_cb() argument
1454 const unsigned char *cookie, in SSL_CTX_set_stateless_cookie_verify_cb() argument
|
| H A D | ssl_local.h | 877 int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
881 int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
885 int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
889 int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
1908 unsigned char cookie[DTLS1_COOKIE_LENGTH]; member
2684 __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
|
| /openssl/apps/lib/ |
| H A D | s_cb.c | 813 int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, in generate_stateless_cookie_callback() argument
860 cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) { in generate_stateless_cookie_callback()
873 int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, in verify_stateless_cookie_callback() argument
884 && memcmp(result, cookie, resultlength) == 0) in verify_stateless_cookie_callback()
890 int generate_cookie_callback(SSL *ssl, unsigned char *cookie, in generate_cookie_callback() argument
894 int res = generate_stateless_cookie_callback(ssl, cookie, &temp); in generate_cookie_callback()
901 int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, in verify_cookie_callback() argument
904 return verify_stateless_cookie_callback(ssl, cookie, cookie_len); in verify_cookie_callback()
|
| /openssl/doc/man1/ |
| H A D | openssl-s_server.pod.in | 756 Any ClientHellos that arrive will be checked to see if they have a cookie in
758 Any without a cookie will be responded to with a HelloVerifyRequest.
759 If a ClientHello with a cookie is received then this command will
|
| /openssl/crypto/err/ |
| H A D | openssl.txt | 1390 SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure
1391 SSL_R_COOKIE_MISMATCH:308:cookie mismatch
1505 SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set
1525 SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
|
