X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=711846dc0139d1c8d5ef2f956b662a0c1217549d;hp=ed2113caa5f76559689964277bc7ebaefb2680b4;hb=79b4444d81e2b9f21c60d7bf6511200e3e41d6fd;hpb=0aed6e449da5f06a23fd191bb86bfdd71bde6f9c diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ed2113caa5..711846dc01 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -22,6 +22,7 @@ #include #include "internal/cryptlib.h" #include "internal/rand.h" +#include "internal/refcount.h" const char SSL_version_str[] = OPENSSL_VERSION_TEXT; @@ -439,8 +440,8 @@ static int ssl_check_allowed_versions(int min_version, int max_version) if (min_version == DTLS1_VERSION) min_version = DTLS1_2_VERSION; #endif - /* Done massaging versions; do the check. */ - if (0 + /* Done massaging versions; do the check. */ + if (0 #ifdef OPENSSL_NO_DTLS1 || (DTLS_VERSION_GE(min_version, DTLS1_VERSION) && DTLS_VERSION_GE(DTLS1_VERSION, max_version)) @@ -453,44 +454,44 @@ static int ssl_check_allowed_versions(int min_version, int max_version) return 0; } else { /* Regular TLS version checks. */ - if (min_version == 0) - min_version = SSL3_VERSION; - if (max_version == 0) - max_version = TLS1_3_VERSION; + if (min_version == 0) + min_version = SSL3_VERSION; + if (max_version == 0) + max_version = TLS1_3_VERSION; #ifdef OPENSSL_NO_TLS1_3 - if (max_version == TLS1_3_VERSION) - max_version = TLS1_2_VERSION; + if (max_version == TLS1_3_VERSION) + max_version = TLS1_2_VERSION; #endif #ifdef OPENSSL_NO_TLS1_2 - if (max_version == TLS1_2_VERSION) - max_version = TLS1_1_VERSION; + if (max_version == TLS1_2_VERSION) + max_version = TLS1_1_VERSION; #endif #ifdef OPENSSL_NO_TLS1_1 - if (max_version == TLS1_1_VERSION) - max_version = TLS1_VERSION; + if (max_version == TLS1_1_VERSION) + max_version = TLS1_VERSION; #endif #ifdef OPENSSL_NO_TLS1 - if (max_version == TLS1_VERSION) - max_version = SSL3_VERSION; + if (max_version == TLS1_VERSION) + max_version = SSL3_VERSION; #endif #ifdef OPENSSL_NO_SSL3 - if (min_version == SSL3_VERSION) - min_version = TLS1_VERSION; + if (min_version == SSL3_VERSION) + min_version = TLS1_VERSION; #endif #ifdef OPENSSL_NO_TLS1 - if (min_version == TLS1_VERSION) - min_version = TLS1_1_VERSION; + if (min_version == TLS1_VERSION) + min_version = TLS1_1_VERSION; #endif #ifdef OPENSSL_NO_TLS1_1 - if (min_version == TLS1_1_VERSION) - min_version = TLS1_2_VERSION; + if (min_version == TLS1_1_VERSION) + min_version = TLS1_2_VERSION; #endif #ifdef OPENSSL_NO_TLS1_2 - if (min_version == TLS1_2_VERSION) - min_version = TLS1_3_VERSION; + if (min_version == TLS1_2_VERSION) + min_version = TLS1_3_VERSION; #endif - /* Done massaging versions; do the check. */ - if (0 + /* Done massaging versions; do the check. */ + if (0 #ifdef OPENSSL_NO_SSL3 || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version) #endif @@ -533,6 +534,9 @@ int SSL_clear(SSL *s) } SSL_SESSION_free(s->psksession); s->psksession = NULL; + OPENSSL_free(s->psksession_id); + s->psksession_id = NULL; + s->psksession_id_len = 0; s->error = 0; s->hit = 0; @@ -630,7 +634,8 @@ SSL *SSL_new(SSL_CTX *ctx) if (RAND_get_rand_method() == RAND_OpenSSL()) { s->drbg = RAND_DRBG_new(NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF, RAND_DRBG_get0_global()); - if (s->drbg == NULL) { + if (s->drbg == NULL + || RAND_DRBG_instantiate(s->drbg, NULL, 0) == 0) { CRYPTO_THREAD_lock_free(s->lock); goto err; } @@ -1095,6 +1100,7 @@ void SSL_free(SSL *s) SSL_SESSION_free(s->session); } SSL_SESSION_free(s->psksession); + OPENSSL_free(s->psksession_id); clear_ciphers(s); @@ -1908,8 +1914,8 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) case SSL_EARLY_DATA_NONE: if (s->server || !SSL_in_before(s) - || s->session == NULL - || s->session->ext.max_early_data == 0) { + || ((s->session == NULL || s->session->ext.max_early_data == 0) + && (s->psk_use_session_cb == NULL))) { SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -2134,10 +2140,14 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version); + case SSL_CTRL_GET_MIN_PROTO_VERSION: + return s->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version); + case SSL_CTRL_GET_MAX_PROTO_VERSION: + return s->max_proto_version; default: return (s->method->ssl_ctrl(s, cmd, larg, parg)); } @@ -2270,10 +2280,14 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version); + case SSL_CTRL_GET_MIN_PROTO_VERSION: + return ctx->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version); + case SSL_CTRL_GET_MAX_PROTO_VERSION: + return ctx->max_proto_version; default: return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } @@ -2465,7 +2479,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) *p = '\0'; return buf; } - memcpy(p, c->name, n + 1); + strcpy(p, c->name); p += n; *(p++) = ':'; len -= n + 1; @@ -3076,9 +3090,15 @@ void ssl_set_masks(SSL *s) if (dh_tmp) mask_k |= SSL_kDHE; - if (rsa_enc || rsa_sign) { + /* + * If we only have an RSA-PSS certificate allow RSA authentication + * if TLS 1.2 and peer supports it. + */ + + if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) + && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION)) mask_a |= SSL_aRSA; - } if (dsa_sign) { mask_a |= SSL_aDSS; @@ -3295,8 +3315,8 @@ int SSL_get_error(const SSL *s, int i) return SSL_ERROR_WANT_ASYNC; if (SSL_want_async_job(s)) return SSL_ERROR_WANT_ASYNC_JOB; - if (SSL_want_early(s)) - return SSL_ERROR_WANT_EARLY; + if (SSL_want_client_hello_cb(s)) + return SSL_ERROR_WANT_CLIENT_HELLO_CB; if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) @@ -4694,27 +4714,28 @@ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) #endif /* OPENSSL_NO_CT */ -void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg) +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg) { - c->early_cb = cb; - c->early_cb_arg = arg; + c->client_hello_cb = cb; + c->client_hello_cb_arg = arg; } -int SSL_early_isv2(SSL *s) +int SSL_client_hello_isv2(SSL *s) { if (s->clienthello == NULL) return 0; return s->clienthello->isv2; } -unsigned int SSL_early_get0_legacy_version(SSL *s) +unsigned int SSL_client_hello_get0_legacy_version(SSL *s) { if (s->clienthello == NULL) return 0; return s->clienthello->legacy_version; } -size_t SSL_early_get0_random(SSL *s, const unsigned char **out) +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) { if (s->clienthello == NULL) return 0; @@ -4723,7 +4744,7 @@ size_t SSL_early_get0_random(SSL *s, const unsigned char **out) return SSL3_RANDOM_SIZE; } -size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out) +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) { if (s->clienthello == NULL) return 0; @@ -4732,7 +4753,7 @@ size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out) return s->clienthello->session_id_len; } -size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out) +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) { if (s->clienthello == NULL) return 0; @@ -4741,7 +4762,7 @@ size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out) return PACKET_remaining(&s->clienthello->ciphersuites); } -size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out) +size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) { if (s->clienthello == NULL) return 0; @@ -4750,7 +4771,7 @@ size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out) return s->clienthello->compressions_len; } -int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen) +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) { RAW_EXTENSION *ext; int *present; @@ -4782,7 +4803,7 @@ int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen) return 0; } -int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out, +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen) { size_t i;