/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
#ifndef HEADER_SSL_LOCL_H
# define HEADER_SSL_LOCL_H
# include <stdlib.h>
&& (s)->method->version != TLS_ANY_VERSION)
# define SSL_TREAT_AS_TLS13(s) \
- (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING)
+ (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0)
# define SSL_PKEY_GOST01 3
# define SSL_PKEY_GOST12_256 4
# define SSL_PKEY_GOST12_512 5
-# define SSL_PKEY_NUM 6
+# define SSL_PKEY_ED25519 6
+# define SSL_PKEY_NUM 7
/*
* Pseudo-constant. GOST cipher suites can use different certs for 1
* SSL_CIPHER. So let's see which one we have in fact.
unsigned flags;
unsigned long mask;
int (*ssl_new) (SSL *s);
- void (*ssl_clear) (SSL *s);
+ int (*ssl_clear) (SSL *s);
void (*ssl_free) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
* in here? */
size_t master_key_length;
+ /* TLSv1.3 early_secret used for external PSKs */
+ unsigned char early_secret[EVP_MAX_MD_SIZE];
/*
* For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
* master secret
/* This is the cert and type for the other end. */
X509 *peer;
int peer_type;
- /* Certificate chain peer sent */
+ /* Certificate chain peer sent. */
STACK_OF(X509) *peer_chain;
/*
* when app_verify_callback accepts a session where the peer's
/* Session lifetime hint in seconds */
unsigned long tick_lifetime_hint;
uint32_t tick_age_add;
+ unsigned char *tick_nonce;
+ size_t tick_nonce_len;
int tick_identity;
/* Max number of bytes that can be sent as early data */
uint32_t max_early_data;
+ /* The ALPN protocol selected for this session */
+ unsigned char *alpn_selected;
+ size_t alpn_selected_len;
} ext;
# ifndef OPENSSL_NO_SRP
char *srp_username;
SSL_EARLY_DATA_CONNECTING,
SSL_EARLY_DATA_WRITE_RETRY,
SSL_EARLY_DATA_WRITING,
+ SSL_EARLY_DATA_UNAUTH_WRITING,
SSL_EARLY_DATA_FINISHED_WRITING,
SSL_EARLY_DATA_ACCEPT_RETRY,
SSL_EARLY_DATA_ACCEPTING,
int parsed;
/* The type of this extension, i.e. a TLSEXT_TYPE_* value */
unsigned int type;
+ /* Track what order extensions are received in (0-based). */
+ size_t received_order;
} RAW_EXTENSION;
typedef struct {
RAW_EXTENSION *pre_proc_exts;
} CLIENTHELLO_MSG;
+/*
+ * Extension index values NOTE: Any updates to these defines should be mirrored
+ * with equivalent updates to ext_defs in extensions.c
+ */
+typedef enum tlsext_index_en {
+ TLSEXT_IDX_renegotiate,
+ TLSEXT_IDX_server_name,
+ TLSEXT_IDX_srp,
+ TLSEXT_IDX_ec_point_formats,
+ TLSEXT_IDX_supported_groups,
+ TLSEXT_IDX_session_ticket,
+ TLSEXT_IDX_signature_algorithms,
+ TLSEXT_IDX_status_request,
+ TLSEXT_IDX_next_proto_neg,
+ TLSEXT_IDX_application_layer_protocol_negotiation,
+ TLSEXT_IDX_use_srtp,
+ TLSEXT_IDX_encrypt_then_mac,
+ TLSEXT_IDX_signed_certificate_timestamp,
+ TLSEXT_IDX_extended_master_secret,
+ TLSEXT_IDX_supported_versions,
+ TLSEXT_IDX_psk_kex_modes,
+ TLSEXT_IDX_key_share,
+ TLSEXT_IDX_cookie,
+ TLSEXT_IDX_cryptopro_bug,
+ TLSEXT_IDX_early_data,
+ TLSEXT_IDX_certificate_authorities,
+ TLSEXT_IDX_padding,
+ TLSEXT_IDX_psk,
+ /* Dummy index - must always be the last entry */
+ TLSEXT_IDX_num_builtins
+} TLSEXT_INDEX;
+
DEFINE_LHASH_OF(SSL_SESSION);
/* Needed in ssl_cert.c */
DEFINE_LHASH_OF(X509_NAME);
/* used if SSL's info_callback is NULL */
void (*info_callback) (const SSL *ssl, int type, int val);
- /* what we put in client cert requests */
- STACK_OF(X509_NAME) *client_CA;
+ /*
+ * What we put in certificate_authorities extension for TLS 1.3
+ * (ClientHello and CertificateRequest) or just client cert requests for
+ * earlier versions.
+ */
+ STACK_OF(X509_NAME) *ca_names;
/*
* Default values to use in SSL structures follow (these are copied by
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
+ SSL_psk_find_session_cb_func psk_find_session_cb;
+ SSL_psk_use_session_cb_func psk_use_session_cb;
# ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
/* The maximum number of bytes that can be sent as early data */
uint32_t max_early_data;
+
+ /* TLS1.3 padding callback */
+ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+ void *record_padding_arg;
+ size_t block_padding;
};
struct ssl_st {
unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+ unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
EVP_MD_CTX *read_hash; /* used for mac generation */
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */
SSL_SESSION *session;
+ /* TLSv1.3 PSK session */
+ SSL_SESSION *psksession;
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
/* Used in SSL3 */
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
+ SSL_psk_find_session_cb_func psk_find_session_cb;
+ SSL_psk_use_session_cb_func psk_use_session_cb;
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
- STACK_OF(X509_NAME) *client_CA;
+ STACK_OF(X509_NAME) *ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint32_t options;
size_t max_pipelines;
struct {
+ /* Built-in extension flags */
+ uint8_t extflags[TLSEXT_IDX_num_builtins];
/* TLS extension debug callback */
void (*debug_cb)(SSL *s, int client_server, int type,
const unsigned char *data, int len, void *arg);
int early_data;
/* Is the session suitable for early data? */
int early_data_ok;
+
+ /* May be sent by a server in HRR. Must be echoed back in ClientHello */
+ unsigned char *tls13_cookie;
+ size_t tls13_cookie_len;
} ext;
/* Parsed form of the ClientHello, kept around across early_cb calls. */
*/
uint32_t early_data_count;
+ /* TLS1.3 padding callback */
+ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+ void *record_padding_arg;
+ size_t block_padding;
+
CRYPTO_RWLOCK *lock;
};
const char *name;
/* Raw value used in extension */
uint16_t sigalg;
- /* NID of hash algorithm */
+ /* NID of hash algorithm or NID_undef if no hash */
int hash;
- /* Index of hash algorithm */
+ /* Index of hash algorithm or -1 if no hash algorithm */
int hash_idx;
/* NID of signature algorithm */
int sig;
/* Certificate types in certificate request message. */
uint8_t *ctype;
size_t ctype_len;
- STACK_OF(X509_NAME) *ca_names;
+ /* Certificate authorities list peer sent */
+ STACK_OF(X509_NAME) *peer_ca_names;
size_t key_block_length;
unsigned char *key_block;
const EVP_CIPHER *new_sym_enc;
# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
(SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+typedef enum {
+ ENDPOINT_CLIENT = 0,
+ ENDPOINT_SERVER,
+ ENDPOINT_BOTH
+} ENDPOINT;
+
+
typedef struct {
unsigned short ext_type;
+ ENDPOINT role;
+ /* The context which this extension applies to */
+ unsigned int context;
/*
* Per-connection flags relating to this extension type: not used if
* part of an SSL_CTX structure.
*/
uint32_t ext_flags;
- custom_ext_add_cb add_cb;
- custom_ext_free_cb free_cb;
+ SSL_custom_ext_add_cb_ex add_cb;
+ SSL_custom_ext_free_cb_ex free_cb;
void *add_arg;
- custom_ext_parse_cb parse_cb;
+ SSL_custom_ext_parse_cb_ex parse_cb;
void *parse_arg;
} custom_ext_method;
*/
X509_STORE *chain_store;
X509_STORE *verify_store;
- /* Custom extension methods for server and client */
- custom_ext_methods cli_ext;
- custom_ext_methods srv_ext;
+ /* Custom extensions */
+ custom_ext_methods custext;
/* Security callback */
int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
void *other, void *ex);
} SSL3_COMP;
# endif
-/*
- * Extension index values NOTE: Any updates to these defines should be mirrored
- * with equivalent updates to ext_defs in extensions.c
- */
-typedef enum tlsext_index_en {
- TLSEXT_IDX_renegotiate,
- TLSEXT_IDX_server_name,
- TLSEXT_IDX_srp,
- TLSEXT_IDX_early_data_info,
- TLSEXT_IDX_ec_point_formats,
- TLSEXT_IDX_supported_groups,
- TLSEXT_IDX_session_ticket,
- TLSEXT_IDX_signature_algorithms,
- TLSEXT_IDX_status_request,
- TLSEXT_IDX_next_proto_neg,
- TLSEXT_IDX_application_layer_protocol_negotiation,
- TLSEXT_IDX_use_srtp,
- TLSEXT_IDX_encrypt_then_mac,
- TLSEXT_IDX_signed_certificate_timestamp,
- TLSEXT_IDX_extended_master_secret,
- TLSEXT_IDX_supported_versions,
- TLSEXT_IDX_psk_kex_modes,
- TLSEXT_IDX_key_share,
- TLSEXT_IDX_cryptopro_bug,
- TLSEXT_IDX_early_data,
- TLSEXT_IDX_padding,
- TLSEXT_IDX_psk
-} TLSEXT_INDEX;
+typedef enum downgrade_en {
+ DOWNGRADE_NONE,
+ DOWNGRADE_TO_1_2,
+ DOWNGRADE_TO_1_1
+} DOWNGRADE;
/*
* Dummy status type for the status_type extension. Indicates no status type
#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403
#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503
#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603
+#define TLSEXT_SIGALG_ecdsa_sha224 0x0303
#define TLSEXT_SIGALG_ecdsa_sha1 0x0203
#define TLSEXT_SIGALG_rsa_pss_sha256 0x0804
#define TLSEXT_SIGALG_rsa_pss_sha384 0x0805
#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401
#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501
#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601
+#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301
#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201
#define TLSEXT_SIGALG_dsa_sha256 0x0402
#define TLSEXT_SIGALG_dsa_sha384 0x0502
#define TLSEXT_SIGALG_dsa_sha512 0x0602
+#define TLSEXT_SIGALG_dsa_sha224 0x0302
#define TLSEXT_SIGALG_dsa_sha1 0x0202
#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee
#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef
#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded
+#define TLSEXT_SIGALG_ed25519 0x0807
+
/* Known PSK key exchange modes */
#define TLSEXT_KEX_MODE_KE 0x00
#define TLSEXT_KEX_MODE_KE_DHE 0x01
/* A dummy signature value not valid for TLSv1.2 signature algs */
#define TLSEXT_signature_rsa_pss 0x0101
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
# ifndef OPENSSL_UNIT_TEST
-int ssl_end_of_early_data_seen(SSL *s);
__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
void ssl_clear_cipher_ctx(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type);
void ssl_sort_cipher_list(void);
-void ssl_load_ciphers(void);
+int ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
- size_t len);
+ size_t len, DOWNGRADE dgrd);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
__owur int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
+int ssl3_clear(SSL *s);
__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur int ssl_set_client_hello_version(SSL *s);
__owur int ssl_check_version_downgrade(SSL *s);
__owur int ssl_set_version_bound(int method_version, int version, int *bound);
-__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello);
-__owur int ssl_choose_client_version(SSL *s, int version);
-int ssl_get_client_min_max_version(const SSL *s, int *min_version,
- int *max_version);
+__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
+ DOWNGRADE *dgrd);
+__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd,
+ int *al);
+int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version);
__owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type);
__owur int tls1_new(SSL *s);
void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
+int tls1_clear(SSL *s);
long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur int dtls1_new(SSL *s);
void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
+int dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s);
__owur int ssl_init_wbio_buffer(SSL *s);
-void ssl_free_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
+__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen,
+ const unsigned char *context,
+ size_t contextlen, int use_context);
__owur int tls1_alert_code(int code);
__owur int tls13_alert_code(int code);
__owur int ssl3_alert_code(int code);
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
__owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);
-__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
size_t *hashlen);
__owur int srp_generate_client_master_secret(SSL *s);
__owur int srp_verify_server_param(SSL *s, int *al);
-/* t1_ext.c */
+/* statem/extensions_cust.c */
+
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+ ENDPOINT role, unsigned int ext_type,
+ size_t *idx);
void custom_ext_init(custom_ext_methods *meths);
-__owur int custom_ext_parse(SSL *s, int server,
- unsigned int ext_type,
+__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size,
- int *al);
-__owur int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al);
+ X509 *x, size_t chainidx, int *al);
+__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
+ size_t chainidx, int maxversion, int *al);
__owur int custom_exts_copy(custom_ext_methods *dst,
const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+ const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts);
void ssl_comp_free_compression_methods_int(void);
projects / openssl.git / blobdiff