/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
#ifndef OSSL_SSL_LOCAL_H
# define OSSL_SSL_LOCAL_H
-# include "e_os.h" /* struct timeval for DTLS */
+# include "internal/e_os.h" /* struct timeval for DTLS */
# include <stdlib.h>
# include <time.h>
-# include <string.h>
# include <errno.h>
+# include "internal/common.h" /* for HAS_PREFIX */
# include <openssl/buffer.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
-# include <openssl/rsa.h>
# include <openssl/dsa.h>
# include <openssl/err.h>
# include <openssl/ssl.h>
# include "internal/refcount.h"
# include "internal/tsan_assist.h"
# include "internal/bio.h"
+# include "internal/ktls.h"
# ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
* Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
* consistency, even in the event of OPENSSL_NO_PSK being defined.
*/
-# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH 512
/*-
* Lets make this into an ASN.1 type structure as follows
int not_resumable;
/* This is the cert and type for the other end. */
X509 *peer;
- int peer_type;
/* Certificate chain peer sent. */
STACK_OF(X509) *peer_chain;
/*
*/
long verify_result; /* only for servers */
CRYPTO_REF_COUNT references;
- long timeout;
- long time;
+ time_t timeout;
+ time_t time;
+ time_t calc_timeout;
+ int timeout_ovf;
unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
* load the 'cipher' structure */
+ unsigned int kex_group; /* TLS group from key exchange */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
* These are used to make removal of session-ids more efficient and to
unsigned char *ticket_appdata;
size_t ticket_appdata_len;
uint32_t flags;
+ SSL_CTX *owner;
CRYPTO_RWLOCK *lock;
};
size_t max_size);
size_t ssl_hmac_size(const SSL_HMAC *ctx);
+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey);
+__owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey,
+ const unsigned char *enckey,
+ size_t enckeylen);
+
typedef struct tls_group_info_st {
char *tlsname; /* Curve Name as in TLS specs */
char *realname; /* Curve Name according to provider */
int maxtls; /* Maximum TLS version (or 0 for undefined) */
int mindtls; /* Minimum DTLS version, -1 unsupported */
int maxdtls; /* Maximum DTLS version (or 0 for undefined) */
+ char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */
} TLS_GROUP_INFO;
/* flags values */
# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3)
struct ssl_ctx_st {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
const SSL_METHOD *method;
STACK_OF(SSL_CIPHER) *cipher_list;
* other processes - spooky
* :-) */
} stats;
+#ifdef TSAN_REQUIRES_LOCKING
+ CRYPTO_RWLOCK *tsan_lock;
+#endif
CRYPTO_REF_COUNT references;
* SSL_new)
*/
- uint32_t options;
+ uint64_t options;
uint32_t mode;
int min_proto_version;
int max_proto_version;
/* RFC 4366 Maximum Fragment Length Negotiation */
uint8_t max_fragment_len_mode;
-# ifndef OPENSSL_NO_EC
/* EC extension values inherited by SSL structure */
size_t ecpointformats_len;
unsigned char *ecpointformats;
-# endif /* OPENSSL_NO_EC */
size_t supportedgroups_len;
uint16_t *supportedgroups;
+ uint16_t *supported_groups_default;
+ size_t supported_groups_default_len;
/*
* ALPN information (we are in the process of transitioning from NPN to
* ALPN.)
char *propq;
+ int ssl_mac_pkey_id[SSL_MD_NUM_IDX];
const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX];
size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
TLS_GROUP_INFO *group_list;
size_t group_list_len;
size_t group_list_max_len;
+
+ /* masks of disabled algorithms */
+ uint32_t disabled_enc_mask;
+ uint32_t disabled_mac_mask;
+ uint32_t disabled_mkey_mask;
+ uint32_t disabled_auth_mask;
};
typedef struct cert_pkey_st CERT_PKEY;
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
-# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
-# endif
+ EVP_PKEY *pkey; /* holds short lived key exchange key */
/* used for certificate requests */
int cert_req;
/* Certificate types in certificate request message. */
size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
size_t previous_server_finished_len;
- int send_connection_binding; /* TODOEKR */
+ int send_connection_binding;
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
/* used by the client to know if it actually sent alpn */
int alpn_sent;
-# ifndef OPENSSL_NO_EC
/*
* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari on
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
*/
char is_probably_safari;
-# endif /* !OPENSSL_NO_EC */
+ /*
+ * Track whether we did a key exchange this handshake or not, so
+ * SSL_get_negotiated_group() knows whether to fall back to the
+ * value in the SSL_SESSION.
+ */
+ char did_kex;
/* For clients: peer temporary key */
-# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- /* The group_id for the DH/ECDH key */
+ /* The group_id for the key exchange key */
uint16_t group_id;
EVP_PKEY *peer_tmp;
-# endif
} s3;
STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
- uint32_t options;
+ uint64_t options;
/* API behaviour */
uint32_t mode;
int min_proto_version;
int ticket_expected;
/* TLS 1.3 tickets requested by the application. */
int extra_tickets_expected;
-# ifndef OPENSSL_NO_EC
size_t ecpointformats_len;
/* our list */
unsigned char *ecpointformats;
size_t peer_ecpointformats_len;
/* peer's list */
unsigned char *peer_ecpointformats;
-# endif /* OPENSSL_NO_EC */
size_t supportedgroups_len;
/* our list */
uint16_t *supportedgroups;
struct dtls1_retransmit_state saved_retransmit_state;
};
-struct dtls1_timeout_st {
- /* Number of read timeouts so far */
- unsigned int read_timeouts;
- /* Number of write timeouts so far */
- unsigned int write_timeouts;
- /* Number of alerts received so far */
- unsigned int num_alerts;
-};
-
typedef struct hm_fragment_st {
struct hm_header_st msg_header;
unsigned char *fragment;
size_t mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
struct hm_header_st r_msg_hdr;
- struct dtls1_timeout_st timeout;
+ /* Number of alerts received so far */
+ unsigned int timeout_num_alerts;
/*
* Indicates when the last handshake msg sent will timeout
*/
} DTLS1_STATE;
-# ifndef OPENSSL_NO_EC
/*
* From ECC-TLS draft, used in encoding the curve type in ECParameters
*/
# define EXPLICIT_PRIME_CURVE_TYPE 1
# define EXPLICIT_CHAR2_CURVE_TYPE 2
# define NAMED_CURVE_TYPE 3
-# endif /* OPENSSL_NO_EC */
struct cert_pkey_st {
X509 *x509;
* an index, not a pointer.
*/
CERT_PKEY *key;
-# ifndef OPENSSL_NO_DH
+
EVP_PKEY *dh_tmp;
DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
int dh_tmp_auto;
-# endif
/* Flags related to certificates */
uint32_t cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
* of a mess of functions, but hell, think of it as an opaque structure :-)
*/
typedef struct ssl3_enc_method {
- int (*enc) (SSL *, SSL3_RECORD *, size_t, int);
+ int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t);
int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
int (*setup_key_block) (SSL *);
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
#define TLSEXT_SIGALG_ed25519 0x0807
#define TLSEXT_SIGALG_ed448 0x0808
+#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256 0x081a
+#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384 0x081b
+#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512 0x081c
/* Known PSK key exchange modes */
#define TLSEXT_KEX_MODE_KE 0x00
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
size_t *int_overhead, size_t *blocksize,
size_t *ext_overhead);
-__owur int ssl_cert_is_disabled(size_t idx);
+__owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
const unsigned char *ptr,
int all);
__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref);
+__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm);
+__owur int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen);
__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
int genmaster);
+__owur int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
+ const unsigned char *ct, size_t ctlen,
+ int gensecret);
+__owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
+ unsigned char **ctp, size_t *ctlenp,
+ int gensecret);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+ void *key);
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
void dtls1_start_timer(SSL *s);
void dtls1_stop_timer(SSL *s);
__owur int dtls1_is_timer_expired(SSL *s);
-void dtls1_double_timeout(SSL *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
size_t cookie_len);
__owur size_t dtls1_min_mtu(SSL *s);
__owur int tls13_alert_code(int code);
__owur int ssl3_alert_code(int code);
-# ifndef OPENSSL_NO_EC
__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
-# endif
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+__owur uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id);
+__owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id);
-__owur int tls1_group_id2nid(uint16_t group_id);
+__owur int tls1_group_id2nid(uint16_t group_id, int include_unknown);
+__owur uint16_t tls1_nid2group_id(int nid);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *curves, size_t ncurves);
-__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
+__owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion,
- int maxversion);
+ int maxversion, int isec, int *okfortls13);
__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
-# ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-# endif /* OPENSSL_NO_EC */
__owur int tls_group_allowed(SSL *s, uint16_t curve, int op);
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
__owur int ssl_validate_ct(SSL *s);
# endif
-# ifndef OPENSSL_NO_DH
-__owur DH *ssl_get_auto_dh(SSL *s);
-# endif
+__owur EVP_PKEY *ssl_get_auto_dh(SSL *s);
__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
__owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu,
const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
-# ifndef OPENSSL_NO_EC
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
-# endif
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
+# ifndef OPENSSL_NO_KTLS
+/* ktls.c */
+int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
+ const EVP_CIPHER_CTX *dd);
+int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ void *rl_sequence, ktls_crypto_info_t *crypto_info,
+ int is_tx, unsigned char *iv,
+ unsigned char *key, unsigned char *mac_key,
+ size_t mac_secret_size);
+# endif
+
/* s3_cbc.c */
__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-__owur int ssl3_cbc_digest_record(SSL *s,
- const EVP_MD_CTX *ctx,
+__owur int ssl3_cbc_digest_record(const EVP_MD *md,
unsigned char *md_out,
size_t *md_out_size,
- const unsigned char header[13],
+ const unsigned char *header,
const unsigned char *data,
- size_t data_plus_mac_size,
+ size_t data_size,
size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3);
/* ssl_mcnf.c */
void ssl_ctx_system_config(SSL_CTX *ctx);
-const EVP_CIPHER *ssl_evp_cipher_fetch(OPENSSL_CTX *libctx,
+const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
int nid,
const char *properties);
int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher);
void ssl_evp_cipher_free(const EVP_CIPHER *cipher);
-const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx,
+const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
int nid,
const char *properties);
int ssl_evp_md_up_ref(const EVP_MD *md);
void ssl_evp_md_free(const EVP_MD *md);
+int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER *ciph,
+ const EVP_MD *md);
+
+void tls_engine_finish(ENGINE *e);
+const EVP_CIPHER *tls_get_cipher_from_engine(int nid);
+const EVP_MD *tls_get_digest_from_engine(int nid);
+int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+int ssl_hmac_old_new(SSL_HMAC *ret);
+void ssl_hmac_old_free(SSL_HMAC *ctx);
+int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md);
+int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len);
+int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len);
+size_t ssl_hmac_old_size(const SSL_HMAC *ctx);
+
+int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx);
+int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx);
+int ssl_srp_ctx_free_intern(SSL *s);
+int ssl_srp_ctx_init_intern(SSL *s);
+
+int ssl_srp_calc_a_param_intern(SSL *s);
+int ssl_srp_server_param_with_username_intern(SSL *s, int *ad);
+
+void ssl_session_calculate_timeout(SSL_SESSION* ss);
# else /* OPENSSL_UNIT_TEST */
# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
# endif
+
+/* Some helper routines to support TSAN operations safely */
+static ossl_unused ossl_inline int ssl_tsan_lock(const SSL_CTX *ctx)
+{
+#ifdef TSAN_REQUIRES_LOCKING
+ if (!CRYPTO_THREAD_write_lock(ctx->tsan_lock))
+ return 0;
+#endif
+ return 1;
+}
+
+static ossl_unused ossl_inline void ssl_tsan_unlock(const SSL_CTX *ctx)
+{
+#ifdef TSAN_REQUIRES_LOCKING
+ CRYPTO_THREAD_unlock(ctx->tsan_lock);
+#endif
+}
+
+static ossl_unused ossl_inline void ssl_tsan_counter(const SSL_CTX *ctx,
+ TSAN_QUALIFIER int *stat)
+{
+ if (ssl_tsan_lock(ctx)) {
+ tsan_counter(stat);
+ ssl_tsan_unlock(ctx);
+ }
+}
+
#endif