illegalClientHelloChange reports whether the two ClientHello messages are different, with the exception of the changes allowed before and after a HelloRetryRequest. See RFC 8446, Section 4.1.2.
(ch, ch1 *clientHelloMsg)
| 767 | // different, with the exception of the changes allowed before and after a |
| 768 | // HelloRetryRequest. See RFC 8446, Section 4.1.2. |
| 769 | func illegalClientHelloChange(ch, ch1 *clientHelloMsg) bool { |
| 770 | if len(ch.supportedVersions) != len(ch1.supportedVersions) || |
| 771 | len(ch.cipherSuites) != len(ch1.cipherSuites) || |
| 772 | len(ch.supportedCurves) != len(ch1.supportedCurves) || |
| 773 | len(ch.supportedSignatureAlgorithms) != len(ch1.supportedSignatureAlgorithms) || |
| 774 | len(ch.supportedSignatureAlgorithmsCert) != len(ch1.supportedSignatureAlgorithmsCert) || |
| 775 | len(ch.alpnProtocols) != len(ch1.alpnProtocols) { |
| 776 | return true |
| 777 | } |
| 778 | for i := range ch.supportedVersions { |
| 779 | if ch.supportedVersions[i] != ch1.supportedVersions[i] { |
| 780 | return true |
| 781 | } |
| 782 | } |
| 783 | for i := range ch.cipherSuites { |
| 784 | if ch.cipherSuites[i] != ch1.cipherSuites[i] { |
| 785 | return true |
| 786 | } |
| 787 | } |
| 788 | for i := range ch.supportedCurves { |
| 789 | if ch.supportedCurves[i] != ch1.supportedCurves[i] { |
| 790 | return true |
| 791 | } |
| 792 | } |
| 793 | for i := range ch.supportedSignatureAlgorithms { |
| 794 | if ch.supportedSignatureAlgorithms[i] != ch1.supportedSignatureAlgorithms[i] { |
| 795 | return true |
| 796 | } |
| 797 | } |
| 798 | for i := range ch.supportedSignatureAlgorithmsCert { |
| 799 | if ch.supportedSignatureAlgorithmsCert[i] != ch1.supportedSignatureAlgorithmsCert[i] { |
| 800 | return true |
| 801 | } |
| 802 | } |
| 803 | for i := range ch.alpnProtocols { |
| 804 | if ch.alpnProtocols[i] != ch1.alpnProtocols[i] { |
| 805 | return true |
| 806 | } |
| 807 | } |
| 808 | return ch.vers != ch1.vers || |
| 809 | !bytes.Equal(ch.random, ch1.random) || |
| 810 | !bytes.Equal(ch.sessionId, ch1.sessionId) || |
| 811 | !bytes.Equal(ch.compressionMethods, ch1.compressionMethods) || |
| 812 | ch.serverName != ch1.serverName || |
| 813 | ch.ocspStapling != ch1.ocspStapling || |
| 814 | !bytes.Equal(ch.supportedPoints, ch1.supportedPoints) || |
| 815 | ch.ticketSupported != ch1.ticketSupported || |
| 816 | !bytes.Equal(ch.sessionTicket, ch1.sessionTicket) || |
| 817 | ch.secureRenegotiationSupported != ch1.secureRenegotiationSupported || |
| 818 | !bytes.Equal(ch.secureRenegotiation, ch1.secureRenegotiation) || |
| 819 | ch.scts != ch1.scts || |
| 820 | !bytes.Equal(ch.cookie, ch1.cookie) || |
| 821 | !bytes.Equal(ch.pskModes, ch1.pskModes) |
| 822 | } |
| 823 | |
| 824 | func (hs *serverHandshakeStateTLS13) sendServerParameters() error { |
| 825 | c := hs.c |
no outgoing calls
no test coverage detected
searching dependent graphs…