X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=054fc468edf35fb66d78d749b70fd20e6ab613f1;hp=6c3f04db423c27b6f21cf7b8fdb11adc78bc21e8;hb=5a5530a29abcf5d7ab7194d73b3807d568b06cbd;hpb=65dc5c3cc10af7c6f24ecd922adb7b6d17a9fe65 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6c3f04db42..054fc468ed 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -12,13 +12,18 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include #include +#include #include "internal/cryptlib.h" +DEFINE_STACK_OF(X509_NAME) +DEFINE_STACK_OF(X509) +DEFINE_STACK_OF_CONST(SSL_CIPHER) + #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) @@ -2636,7 +2641,23 @@ static SSL_CIPHER ssl3_ciphers[] = { }, { 1, - "GOST2012-GOST8912-GOST8912", + "IANA-GOST2012-GOST8912-GOST8912", + NULL, + 0x0300c102, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, + }, + { + 1, + "LEGACY-GOST2012-GOST8912-GOST8912", NULL, 0x0300ff85, SSL_kGOST, @@ -2666,6 +2687,38 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, + { + 1, + "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", + NULL, + 0x0300C100, + SSL_kGOST18, + SSL_aGOST12, + SSL_KUZNYECHIK, + SSL_KUZNYECHIKOMAC, + TLS1_2_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, + { + 1, + "GOST2012-MAGMA-MAGMAOMAC", + NULL, + 0x0300C101, + SSL_kGOST18, + SSL_aGOST12, + SSL_MAGMA, + SSL_MAGMAOMAC, + TLS1_2_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, #endif /* OPENSSL_NO_GOST */ #ifndef OPENSSL_NO_IDEA @@ -3317,6 +3370,9 @@ void ssl3_free(SSL *s) s->s3.tmp.pkey = NULL; #endif + ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); + ssl_evp_md_free(s->s3.tmp.new_hash); + OPENSSL_free(s->s3.tmp.ctype); sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); OPENSSL_free(s->s3.tmp.ciphers_raw); @@ -3552,6 +3608,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_CHAIN_CERTS: *(STACK_OF(X509) **)parg = s->cert->key->chain; + ret = 1; break; case SSL_CTRL_SELECT_CURRENT_CERT: @@ -3586,8 +3643,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (!s->session) return 0; - clist = s->session->ext.supportedgroups; - clistlen = s->session->ext.supportedgroups_len; + clist = s->ext.peer_supportedgroups; + clistlen = s->ext.peer_supportedgroups_len; if (parg) { size_t i; int *cptr = parg; @@ -3616,13 +3673,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { uint16_t id = tls1_shared_group(s, larg); - if (larg != -1) { - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); - - return ginf == NULL ? 0 : ginf->nid; - } + if (larg != -1) + return tls1_group_id2nid(id); return id; } + case SSL_CTRL_GET_NEGOTIATED_GROUP: + ret = tls1_group_id2nid(s->s3.group_id); + break; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ case SSL_CTRL_SET_SIGALGS: @@ -3702,13 +3759,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { - SSL_SESSION *sess = s->session; const unsigned char **pformat = parg; - if (sess == NULL || sess->ext.ecpointformats == NULL) + if (s->ext.peer_ecpointformats == NULL) return 0; - *pformat = sess->ext.ecpointformats; - return (int)sess->ext.ecpointformats_len; + *pformat = s->ext.peer_ecpointformats; + return (int)s->ext.peer_ecpointformats_len; } #endif @@ -3885,7 +3941,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) srp_password_from_info_cb; if (ctx->srp_ctx.info != NULL) OPENSSL_free(ctx->srp_ctx.info); - if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) { + if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); return 0; } @@ -3944,6 +4000,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 0; } } + if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) { + SSLerr(0, ERR_LIB_X509); + return 0; + } if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE); return 0; @@ -4008,12 +4068,14 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ctx->ext.status_cb = (int (*)(SSL *, void *))fp; break; +# ifndef OPENSSL_NO_DEPRECATED_3_0 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; break; +#endif #ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: @@ -4042,6 +4104,14 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) return 1; } +int SSL_CTX_set_tlsext_ticket_key_evp_cb + (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)) +{ + ctx->ext.ticket_key_evp_cb = fp; + return 1; +} + const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) { SSL_CIPHER c; @@ -4126,7 +4196,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok, prefer_sha256 = 0; unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0; - const EVP_MD *mdsha256 = EVP_sha256(); #ifndef OPENSSL_NO_CHACHA STACK_OF(SSL_CIPHER) *prio_chacha = NULL; #endif @@ -4300,7 +4369,12 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); - if (ssl_md(tmp->algorithm2) == mdsha256) { + /* + * TODO: When there are no more legacy digests we can just use + * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn + */ + if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2), + OBJ_nid2sn(NID_sha256))) { ret = tmp; break; } @@ -4332,9 +4406,17 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) - return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); + if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN)) + return 0; + + if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18)) + if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) + || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)) + return 0; #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { @@ -4570,9 +4652,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, unsigned char *p = result; l2n(Time, p); - ret = RAND_bytes(p, len - 4); + ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4); } else { - ret = RAND_bytes(result, len); + ret = RAND_bytes_ex(s->ctx->libctx, result, len); } if (ret > 0) { @@ -4625,7 +4707,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3.tmp.psk, psklen); s->s3.tmp.psk = NULL; if (!s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,pskpms, pskpmslen, + s->session->master_key, pskpms, pskpmslen, &s->session->master_key_length)) { OPENSSL_clear_free(pskpms, pskpmslen); /* SSLfatal() already called */ @@ -4659,14 +4741,14 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } /* Generate a private key from parameters */ -EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) +EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; if (pm == NULL) return NULL; - pctx = EVP_PKEY_CTX_new(pm, NULL); + pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq); if (pctx == NULL) goto err; if (EVP_PKEY_keygen_init(pctx) <= 0) @@ -4699,21 +4781,10 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) goto err; } gtype = ginf->flags & TLS_GROUP_TYPE; -# ifndef OPENSSL_NO_DH - if (gtype == TLS_GROUP_FFDHE) - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); -# ifndef OPENSSL_NO_EC - else -# endif -# endif -# ifndef OPENSSL_NO_EC - { - if (gtype == TLS_GROUP_CURVE_CUSTOM) - pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL); - else - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - } -# endif + + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->keytype, + s->ctx->propq); + if (pctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, ERR_R_MALLOC_FAILURE); @@ -4730,7 +4801,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) || (dh = DH_new_by_nid(ginf->nid)) == NULL || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, - ERR_R_EVP_LIB); + ERR_R_EVP_LIB); DH_free(dh); EVP_PKEY_free(pkey); pkey = NULL; @@ -4738,7 +4809,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) } if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, - ERR_R_EVP_LIB); + ERR_R_EVP_LIB); EVP_PKEY_free(pkey); pkey = NULL; goto err; @@ -4774,12 +4845,12 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) /* * Generate parameters from a group ID */ -EVP_PKEY *ssl_generate_param_group(uint16_t id) +EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); - int pkey_ctx_id; + const char *pkey_ctx_name; if (ginf == NULL) goto err; @@ -4792,9 +4863,10 @@ EVP_PKEY *ssl_generate_param_group(uint16_t id) return NULL; } - pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE) - ? EVP_PKEY_DH : EVP_PKEY_EC; - pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL); + pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC"; + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name, + s->ctx->propq); + if (pctx == NULL) goto err; if (EVP_PKEY_paramgen_init(pctx) <= 0) @@ -4838,7 +4910,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) return 0; } - pctx = EVP_PKEY_CTX_new(privkey, NULL); + pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); if (EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0