X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=794af7653053a3699185fd2214776c2ea22e2333;hb=2111f5c2834a838c4fc1ca981fddf80cbc589dfc;hp=15380e1b72d4e8bc60414e0ddfa2a844a6d2dd0d;hpb=a75be9fd34b5d66f349186f21cd8d063d2fa87a4;p=openssl.git diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 15380e1b72..794af76530 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3,14 +3,15 @@ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include -#include "ssl_locl.h" +#include "ssl_local.h" +#include "e_os.h" #include #include #include @@ -20,10 +21,10 @@ #include #include #include +#include #include "internal/cryptlib.h" #include "internal/refcount.h" - -const char SSL_version_str[] = OPENSSL_VERSION_TEXT; +#include "internal/ktls.h" static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t) { @@ -628,6 +629,11 @@ int SSL_clear(SSL *s) /* Clear the verification result peername */ X509_VERIFY_PARAM_move_peername(s->param, NULL); + /* Clear any shared connection state */ + OPENSSL_free(s->shared_sigalgs); + s->shared_sigalgs = NULL; + s->shared_sigalgslen = 0; + /* * Check to see if we were changed into a different method, if so, revert * back. @@ -654,11 +660,15 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; + if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return 0; + } sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), - SSL_DEFAULT_CIPHER_LIST, ctx->cert); + OSSL_default_cipher_list(), ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; @@ -702,6 +712,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->max_early_data = ctx->max_early_data; s->recv_max_early_data = ctx->recv_max_early_data; s->num_tickets = ctx->num_tickets; + s->pha_enabled = ctx->pha_enabled; /* Shallow copy of the ciphersuites stack */ s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); @@ -774,6 +785,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->ext.ecpointformats_len = ctx->ext.ecpointformats_len; } +#endif if (ctx->ext.supportedgroups) { s->ext.supportedgroups = OPENSSL_memdup(ctx->ext.supportedgroups, @@ -783,7 +795,7 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } -#endif + #ifndef OPENSSL_NO_NEXTPROTONEG s->ext.npn = NULL; #endif @@ -827,6 +839,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->psk_find_session_cb = ctx->psk_find_session_cb; s->psk_use_session_cb = ctx->psk_use_session_cb; + s->async_cb = ctx->async_cb; + s->async_cb_arg = ctx->async_cb_arg; + s->job = NULL; #ifndef OPENSSL_NO_CT @@ -862,7 +877,7 @@ int SSL_up_ref(SSL *s) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof(ctx->sid_ctx)) { + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -1143,11 +1158,15 @@ void SSL_free(SSL *s) dane_final(&s->dane); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + RECORD_LAYER_release(&s->rlayer); + /* Ignore return value */ ssl_free_wbio_buffer(s); BIO_free_all(s->wbio); + s->wbio = NULL; BIO_free_all(s->rbio); + s->rbio = NULL; BUF_MEM_free(s->init_buf); @@ -1155,6 +1174,7 @@ void SSL_free(SSL *s) sk_SSL_CIPHER_free(s->cipher_list); sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->tls13_ciphersuites); + sk_SSL_CIPHER_free(s->peer_ciphers); /* Make the next call work :-) */ if (s->session != NULL) { @@ -1167,14 +1187,17 @@ void SSL_free(SSL *s) clear_ciphers(s); ssl_cert_free(s->cert); + OPENSSL_free(s->shared_sigalgs); /* Free up if allocated */ OPENSSL_free(s->ext.hostname); SSL_CTX_free(s->session_ctx); #ifndef OPENSSL_NO_EC OPENSSL_free(s->ext.ecpointformats); - OPENSSL_free(s->ext.supportedgroups); + OPENSSL_free(s->ext.peer_ecpointformats); #endif /* OPENSSL_NO_EC */ + OPENSSL_free(s->ext.supportedgroups); + OPENSSL_free(s->ext.peer_supportedgroups); sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); @@ -1191,14 +1214,13 @@ void SSL_free(SSL *s) EVP_MD_CTX_free(s->pha_dgst); sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); sk_X509_pop_free(s->verified_chain, X509_free); if (s->method != NULL) s->method->ssl_free(s); - RECORD_LAYER_release(&s->rlayer); - SSL_CTX_free(s->ctx); ASYNC_WAIT_CTX_free(s->waitctx); @@ -1338,6 +1360,15 @@ int SSL_set_fd(SSL *s, int fd) } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); +#ifndef OPENSSL_NO_KTLS + /* + * The new socket is created successfully regardless of ktls_enable. + * ktls_enable doesn't change any functionality of the socket, except + * changing the setsockopt to enable the processing of ktls_start. + * Thus, it is not a problem to call it for non-TLS sockets. + */ + ktls_enable(fd); +#endif /* OPENSSL_NO_KTLS */ ret = 1; err: return ret; @@ -1357,6 +1388,15 @@ int SSL_set_wfd(SSL *s, int fd) } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set0_wbio(s, bio); +#ifndef OPENSSL_NO_KTLS + /* + * The new socket is created successfully regardless of ktls_enable. + * ktls_enable doesn't change any functionality of the socket, except + * changing the setsockopt to enable the processing of ktls_start. + * Thus, it is not a problem to call it for non-TLS sockets. + */ + ktls_enable(fd); +#endif /* OPENSSL_NO_KTLS */ } else { BIO_up_ref(rbio); SSL_set0_wbio(s, rbio); @@ -1392,12 +1432,10 @@ size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; - if (s->s3 != NULL) { - ret = s->s3->tmp.finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->tmp.finish_md, count); - } + ret = s->s3.tmp.finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, s->s3.tmp.finish_md, count); return ret; } @@ -1406,12 +1444,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; - if (s->s3 != NULL) { - ret = s->s3->tmp.peer_finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->tmp.peer_finish_md, count); - } + ret = s->s3.tmp.peer_finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, s->s3.tmp.peer_finish_md, count); return ret; } @@ -1627,6 +1663,40 @@ int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, numdelfds); } +int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback) +{ + ctx->async_cb = callback; + return 1; +} + +int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg) +{ + ctx->async_cb_arg = arg; + return 1; +} + +int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback) +{ + s->async_cb = callback; + return 1; +} + +int SSL_set_async_callback_arg(SSL *s, void *arg) +{ + s->async_cb_arg = arg; + return 1; +} + +int SSL_get_async_status(SSL *s, int *status) +{ + ASYNC_WAIT_CTX *ctx = s->waitctx; + + if (ctx == NULL) + return 0; + *status = ASYNC_WAIT_CTX_get_status(ctx); + return 1; +} + int SSL_accept(SSL *s) { if (s->handshake_func == NULL) { @@ -1652,6 +1722,13 @@ long SSL_get_default_timeout(const SSL *s) return s->method->get_timeout(); } +static int ssl_async_wait_ctx_cb(void *arg) +{ + SSL *s = (SSL *)arg; + + return s->async_cb(s, s->async_cb_arg); +} + static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, int (*func) (void *)) { @@ -1660,6 +1737,10 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, s->waitctx = ASYNC_WAIT_CTX_new(); if (s->waitctx == NULL) return -1; + if (s->async_cb != NULL + && !ASYNC_WAIT_CTX_set_callback + (s->waitctx, ssl_async_wait_ctx_cb, s)) + return -1; } switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, sizeof(struct ssl_async_args))) { @@ -1938,6 +2019,73 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) } } +ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) +{ + ossl_ssize_t ret; + + if (s->handshake_func == NULL) { + SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED); + return -1; + } + + if (s->shutdown & SSL_SENT_SHUTDOWN) { + s->rwstate = SSL_NOTHING; + SSLerr(SSL_F_SSL_SENDFILE, SSL_R_PROTOCOL_IS_SHUTDOWN); + return -1; + } + + if (!BIO_get_ktls_send(s->wbio)) { + SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED); + return -1; + } + + /* If we have an alert to send, lets send it */ + if (s->s3.alert_dispatch) { + ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s); + if (ret <= 0) { + /* SSLfatal() already called if appropriate */ + return ret; + } + /* if it went, fall through and send more stuff */ + } + + s->rwstate = SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { + if (!BIO_should_retry(s->wbio)) { + s->rwstate = SSL_NOTHING; + } else { +#ifdef EAGAIN + set_sys_error(EAGAIN); +#endif + } + return -1; + } + +#ifndef OPENSSL_NO_KTLS + ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags); +#else + ret = -1; +#endif + if (ret < 0) { +#if defined(EAGAIN) && defined(EINTR) && defined(EBUSY) + if ((get_last_sys_error() == EAGAIN) || + (get_last_sys_error() == EINTR) || + (get_last_sys_error() == EBUSY)) + BIO_set_retry_write(s->wbio); + else +#endif +#ifdef OPENSSL_NO_KTLS + ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), + "calling sendfile()"); +#else + SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED); +#endif + return ret; + } + s->rwstate = SSL_NOTHING; + return ret; +} + int SSL_write(SSL *s, const void *buf, int num) { int ret; @@ -2101,7 +2249,7 @@ int SSL_key_update(SSL *s, int updatetype) return 1; } -int SSL_get_key_update_type(SSL *s) +int SSL_get_key_update_type(const SSL *s) { return s->key_update; } @@ -2142,7 +2290,7 @@ int SSL_renegotiate_abbreviated(SSL *s) return s->method->ssl_renegotiate(s); } -int SSL_renegotiate_pending(SSL *s) +int SSL_renegotiate_pending(const SSL *s) { /* * becomes true when negotiation is requested; false again once a @@ -2182,6 +2330,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; +#ifndef OPENSSL_NO_KTLS + if (s->wbio != NULL && BIO_get_ktls_send(s->wbio)) + return 0; +#endif /* OPENSSL_NO_KTLS */ s->max_send_fragment = larg; if (s->max_send_fragment < s->split_send_fragment) s->split_send_fragment = s->max_send_fragment; @@ -2199,10 +2351,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) RECORD_LAYER_set_read_ahead(&s->rlayer, 1); return 1; case SSL_CTRL_GET_RI_SUPPORT: - if (s->s3) - return s->s3->send_connection_binding; - else - return 0; + return s->s3.send_connection_binding; case SSL_CTRL_CERT_FLAGS: return (s->cert->cert_flags |= larg); case SSL_CTRL_CLEAR_CERT_FLAGS: @@ -2210,10 +2359,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_RAW_CIPHERLIST: if (parg) { - if (s->s3->tmp.ciphers_raw == NULL) + if (s->s3.tmp.ciphers_raw == NULL) return 0; - *(unsigned char **)parg = s->s3->tmp.ciphers_raw; - return (int)s->s3->tmp.ciphers_rawlen; + *(unsigned char **)parg = s->s3.tmp.ciphers_raw; + return (int)s->s3.tmp.ciphers_rawlen; } else { return TLS_CIPHER_LEN; } @@ -2264,7 +2413,6 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { long l; - int i; /* For some cases with ctx == NULL perform syntax checks */ if (ctx == NULL) { switch (cmd) { @@ -2319,40 +2467,27 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SESS_NUMBER: return lh_SSL_SESSION_num_items(ctx->sessions); case SSL_CTRL_SESS_CONNECT: - return CRYPTO_atomic_read(&ctx->stats.sess_connect, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return CRYPTO_atomic_read(&ctx->stats.sess_connect_good, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return CRYPTO_atomic_read(&ctx->stats.sess_connect_renegotiate, &i, - ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return CRYPTO_atomic_read(&ctx->stats.sess_accept, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return CRYPTO_atomic_read(&ctx->stats.sess_accept_good, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return CRYPTO_atomic_read(&ctx->stats.sess_accept_renegotiate, &i, - ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return CRYPTO_atomic_read(&ctx->stats.sess_hit, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return CRYPTO_atomic_read(&ctx->stats.sess_cb_hit, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return CRYPTO_atomic_read(&ctx->stats.sess_miss, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return CRYPTO_atomic_read(&ctx->stats.sess_timeout, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return CRYPTO_atomic_read(&ctx->stats.sess_cache_full, &i, ctx->lock) - ? i : 0; + return tsan_load(&ctx->stats.sess_cache_full); case SSL_CTRL_MODE: return (ctx->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -2445,9 +2580,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) { - if ((s == NULL) || (s->session == NULL) || !s->server) + if ((s == NULL) || !s->server) return NULL; - return s->session->ciphers; + return s->peer_ciphers; } STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) @@ -2516,6 +2651,26 @@ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) return NULL; } +/* + * Distinguish between ciphers controlled by set_ciphersuite() and + * set_cipher_list() when counting. + */ +static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) +{ + int i, num = 0; + const SSL_CIPHER *c; + + if (sk == NULL) + return 0; + for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { + c = sk_SSL_CIPHER_value(sk, i); + if (c->min_tls >= TLS1_3_VERSION) + continue; + num++; + } + return num; +} + /** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { @@ -2533,7 +2688,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) { + else if (cipher_list_tls12_num(sk) == 0) { SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -2551,7 +2706,7 @@ int SSL_set_cipher_list(SSL *s, const char *str) /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - else if (sk_SSL_CIPHER_num(sk) == 0) { + else if (cipher_list_tls12_num(sk) == 0) { SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -2566,13 +2721,12 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) int i; if (!s->server - || s->session == NULL - || s->session->ciphers == NULL + || s->peer_ciphers == NULL || size < 2) return NULL; p = buf; - clntsk = s->session->ciphers; + clntsk = s->peer_ciphers; srvrsk = SSL_get_ciphers(s); if (clntsk == NULL || srvrsk == NULL) return NULL; @@ -2613,18 +2767,14 @@ const char *SSL_get_servername(const SSL *s, const int type) return NULL; /* - * TODO(OpenSSL1.2) clean up this compat mess. This API is - * currently a mix of "what did I configure" and "what did the - * peer send" and "what was actually negotiated"; we should have - * a clear distinction amongst those three. + * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an + * SNI value to return if we are resuming/resumed. N.B. that we still + * call the relevant callbacks for such resumption flows, and callbacks + * might error out if there is not a SNI value available. */ - if (SSL_in_init(s)) { - if (s->hit) - return s->session->ext.hostname; - return s->ext.hostname; - } - return (s->session != NULL && s->ext.hostname == NULL) ? - s->session->ext.hostname : s->ext.hostname; + if (s->hit) + return s->session->ext.hostname; + return s->ext.hostname; } int SSL_get_servername_type(const SSL *s) @@ -2707,7 +2857,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) { *data = s->ext.npn; - if (!*data) { + if (*data == NULL) { *len = 0; } else { *len = (unsigned int)s->ext.npn_len; @@ -2811,13 +2961,11 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len) { - *data = NULL; - if (ssl->s3) - *data = ssl->s3->alpn_selected; + *data = ssl->s3.alpn_selected; if (*data == NULL) *len = 0; else - *len = (unsigned int)ssl->s3->alpn_selected_len; + *len = (unsigned int)ssl->s3.alpn_selected_len; } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -2940,13 +3088,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) goto err; #endif - if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES)) + if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) goto err; if (!ssl_create_cipher_list(ret->method, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, - SSL_DEFAULT_CIPHER_LIST, ret->cert) + OSSL_default_cipher_list(), ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; @@ -2968,6 +3116,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) goto err; + if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) + goto err; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) goto err; @@ -3125,6 +3276,7 @@ void SSL_CTX_free(SSL_CTX *a) sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free); sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; #ifndef OPENSSL_NO_SRTP @@ -3139,8 +3291,8 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_EC OPENSSL_free(a->ext.ecpointformats); - OPENSSL_free(a->ext.supportedgroups); #endif + OPENSSL_free(a->ext.supportedgroups); OPENSSL_free(a->ext.alpn); OPENSSL_secure_free(a->ext.secure); @@ -3222,7 +3374,7 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) void ssl_set_masks(SSL *s) { CERT *c = s->cert; - uint32_t *pvalid = s->s3->tmp.valid_flags; + uint32_t *pvalid = s->s3.tmp.valid_flags; int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC @@ -3246,10 +3398,8 @@ void ssl_set_masks(SSL *s) mask_k = 0; mask_a = 0; -#ifdef CIPHER_DEBUG - fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n", - dh_tmp, rsa_enc, rsa_sign, dsa_sign); -#endif + OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n", + dh_tmp, rsa_enc, rsa_sign, dsa_sign); #ifndef OPENSSL_NO_GOST if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { @@ -3330,15 +3480,15 @@ void ssl_set_masks(SSL *s) mask_k |= SSL_kECDHEPSK; #endif - s->s3->tmp.mask_k = mask_k; - s->s3->tmp.mask_a = mask_a; + s->s3.tmp.mask_k = mask_k; + s->s3.tmp.mask_a = mask_a; } #ifndef OPENSSL_NO_EC int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) { + if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) { /* key usage, if present, must allow signing */ if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, @@ -3354,7 +3504,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length) { - CERT_PKEY *cpk = s->s3->tmp.cert; + CERT_PKEY *cpk = s->s3.tmp.cert; *serverinfo_length = 0; if (cpk == NULL || cpk->serverinfo == NULL) @@ -3426,23 +3576,22 @@ void ssl_update_cache(SSL *s, int mode) /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { - int *stat, val; + TSAN_QUALIFIER int *stat; if (mode & SSL_SESS_CACHE_CLIENT) stat = &s->session_ctx->stats.sess_connect_good; else stat = &s->session_ctx->stats.sess_accept_good; - if (CRYPTO_atomic_read(stat, &val, s->session_ctx->lock) - && (val & 0xff) == 0xff) + if ((tsan_load(stat) & 0xff) == 0xff) SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); } } -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) +const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx) { return ctx->method; } -const SSL_METHOD *SSL_get_ssl_method(SSL *s) +const SSL_METHOD *SSL_get_ssl_method(const SSL *s) { return s->method; } @@ -3547,7 +3696,7 @@ int SSL_get_error(const SSL *s, int i) return SSL_ERROR_WANT_CLIENT_HELLO_CB; if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) return SSL_ERROR_ZERO_RETURN; return SSL_ERROR_SYSCALL; @@ -3577,12 +3726,6 @@ int SSL_do_handshake(SSL *s) s->method->ssl_renegotiate_check(s, 0); - if (SSL_is_server(s)) { - /* clear SNI settings at server-side */ - OPENSSL_free(s->ext.hostname); - s->ext.hostname = NULL; - } - if (SSL_in_init(s) || SSL_in_before(s)) { if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; @@ -3677,10 +3820,38 @@ const char *SSL_get_version(const SSL *s) return ssl_protocol_to_string(s->version); } -SSL *SSL_dup(SSL *s) +static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) { STACK_OF(X509_NAME) *sk; X509_NAME *xn; + int i; + + if (src == NULL) { + *dst = NULL; + return 1; + } + + if ((sk = sk_X509_NAME_new_null()) == NULL) + return 0; + for (i = 0; i < sk_X509_NAME_num(src); i++) { + xn = X509_NAME_dup(sk_X509_NAME_value(src, i)); + if (xn == NULL) { + sk_X509_NAME_pop_free(sk, X509_NAME_free); + return 0; + } + if (sk_X509_NAME_insert(sk, xn, i) == 0) { + X509_NAME_free(xn); + sk_X509_NAME_pop_free(sk, X509_NAME_free); + return 0; + } + } + *dst = sk; + + return 1; +} + +SSL *SSL_dup(SSL *s) +{ SSL *ret; int i; @@ -3785,18 +3956,10 @@ SSL *SSL_dup(SSL *s) goto err; /* Dup the client_CA list */ - if (s->ca_names != NULL) { - if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL) - goto err; - ret->ca_names = sk; - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - xn = sk_X509_NAME_value(sk, i); - if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { - X509_NAME_free(xn); - goto err; - } - } - } + if (!dup_ca_names(&ret->ca_names, s->ca_names) + || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) + goto err; + return ret; err: @@ -3863,10 +4026,10 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) { - return s->s3->tmp.new_cipher; + return s->s3.tmp.new_cipher; } -const COMP_METHOD *SSL_get_current_compression(SSL *s) +const COMP_METHOD *SSL_get_current_compression(const SSL *s) { #ifndef OPENSSL_NO_COMP return s->compress ? COMP_CTX_get_method(s->compress) : NULL; @@ -3875,7 +4038,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s) #endif } -const COMP_METHOD *SSL_get_current_expansion(SSL *s) +const COMP_METHOD *SSL_get_current_expansion(const SSL *s) { #ifndef OPENSSL_NO_COMP return s->expand ? COMP_CTX_get_method(s->expand) : NULL; @@ -4081,20 +4244,20 @@ long SSL_get_verify_result(const SSL *ssl) size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) - return sizeof(ssl->s3->client_random); - if (outlen > sizeof(ssl->s3->client_random)) - outlen = sizeof(ssl->s3->client_random); - memcpy(out, ssl->s3->client_random, outlen); + return sizeof(ssl->s3.client_random); + if (outlen > sizeof(ssl->s3.client_random)) + outlen = sizeof(ssl->s3.client_random); + memcpy(out, ssl->s3.client_random, outlen); return outlen; } size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) - return sizeof(ssl->s3->server_random); - if (outlen > sizeof(ssl->s3->server_random)) - outlen = sizeof(ssl->s3->server_random); - memcpy(out, ssl->s3->server_random, outlen); + return sizeof(ssl->s3.server_random); + if (outlen > sizeof(ssl->s3.server_random)) + outlen = sizeof(ssl->s3.server_random); + memcpy(out, ssl->s3.server_random, outlen); return outlen; } @@ -4323,7 +4486,7 @@ void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) ctx->record_padding_arg = arg; } -void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx) +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx) { return ctx->record_padding_arg; } @@ -4352,7 +4515,7 @@ void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) ssl->record_padding_arg = arg; } -void *SSL_get_record_padding_callback_arg(SSL *ssl) +void *SSL_get_record_padding_callback_arg(const SSL *ssl) { return ssl->record_padding_arg; } @@ -4376,7 +4539,7 @@ int SSL_set_num_tickets(SSL *s, size_t num_tickets) return 1; } -size_t SSL_get_num_tickets(SSL *s) +size_t SSL_get_num_tickets(const SSL *s) { return s->num_tickets; } @@ -4388,7 +4551,7 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) return 1; } -size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx) +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) { return ctx->num_tickets; } @@ -4424,7 +4587,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, size_t *hashlen) { EVP_MD_CTX *ctx = NULL; - EVP_MD_CTX *hdgst = s->s3->handshake_dgst; + EVP_MD_CTX *hdgst = s->s3.handshake_dgst; int hashleni = EVP_MD_CTX_size(hdgst); int ret = 0; @@ -4453,7 +4616,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, return ret; } -int SSL_session_reused(SSL *s) +int SSL_session_reused(const SSL *s) { return s->hit; } @@ -4463,7 +4626,7 @@ int SSL_is_server(const SSL *s) return s->server; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void SSL_set_debug(SSL *s, int debug) { /* Old function was do-nothing anyway... */ @@ -5045,6 +5208,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } + if (num == 0) { + *out = NULL; + *outlen = 0; + return 1; + } if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ERR_R_MALLOC_FAILURE); @@ -5126,7 +5294,8 @@ static int nss_keylog_int(const char *prefix, size_t i; size_t prefix_len; - if (ssl->ctx->keylog_callback == NULL) return 1; + if (ssl->ctx->keylog_callback == NULL) + return 1; /* * Our output buffer will contain the following strings, rendered with @@ -5137,7 +5306,7 @@ static int nss_keylog_int(const char *prefix, * hexadecimal, so we need a buffer that is twice their lengths. */ prefix_len = strlen(prefix); - out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3; + out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT, ERR_R_MALLOC_FAILURE); @@ -5161,7 +5330,7 @@ static int nss_keylog_int(const char *prefix, *cursor = '\0'; ssl->ctx->keylog_callback(ssl, (const char *)out); - OPENSSL_free(out); + OPENSSL_clear_free(out, out_len); return 1; } @@ -5194,7 +5363,7 @@ int ssl_log_secret(SSL *ssl, { return nss_keylog_int(label, ssl, - ssl->s3->client_random, + ssl->s3.client_random, SSL3_RANDOM_SIZE, secret, secret_len); @@ -5220,9 +5389,9 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) return 0; } - OPENSSL_free(s->s3->tmp.ciphers_raw); - s->s3->tmp.ciphers_raw = NULL; - s->s3->tmp.ciphers_rawlen = 0; + OPENSSL_free(s->s3.tmp.ciphers_raw); + s->s3.tmp.ciphers_raw = NULL; + s->s3.tmp.ciphers_rawlen = 0; if (sslv2format) { size_t numciphers = PACKET_remaining(cipher_suites) / n; @@ -5238,13 +5407,13 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) * problem. */ raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); - s->s3->tmp.ciphers_raw = raw; + s->s3.tmp.ciphers_raw = raw; if (raw == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ERR_R_MALLOC_FAILURE); return 0; } - for (s->s3->tmp.ciphers_rawlen = 0; + for (s->s3.tmp.ciphers_rawlen = 0; PACKET_remaining(&sslv2ciphers) > 0; raw += TLS_CIPHER_LEN) { if (!PACKET_get_1(&sslv2ciphers, &leadbyte) @@ -5255,16 +5424,16 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, SSL_R_BAD_PACKET); - OPENSSL_free(s->s3->tmp.ciphers_raw); - s->s3->tmp.ciphers_raw = NULL; - s->s3->tmp.ciphers_rawlen = 0; + OPENSSL_free(s->s3.tmp.ciphers_raw); + s->s3.tmp.ciphers_raw = NULL; + s->s3.tmp.ciphers_rawlen = 0; return 0; } if (leadbyte == 0) - s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; + s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN; } - } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, - &s->s3->tmp.ciphers_rawlen)) { + } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw, + &s->s3.tmp.ciphers_rawlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ERR_R_INTERNAL_ERROR); return 0; @@ -5457,9 +5626,9 @@ int SSL_stateless(SSL *s) ERR_clear_error(); - s->s3->flags |= TLS1_FLAGS_STATELESS; + s->s3.flags |= TLS1_FLAGS_STATELESS; ret = SSL_accept(s); - s->s3->flags &= ~TLS1_FLAGS_STATELESS; + s->s3.flags &= ~TLS1_FLAGS_STATELESS; if (ret > 0 && s->ext.cookieok) return 1; @@ -5470,9 +5639,14 @@ int SSL_stateless(SSL *s) return -1; } -void SSL_force_post_handshake_auth(SSL *ssl) +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) +{ + ctx->pha_enabled = val; +} + +void SSL_set_post_handshake_auth(SSL *ssl, int val) { - ssl->pha_forced = 1; + ssl->pha_enabled = val; } int SSL_verify_client_post_handshake(SSL *ssl)