X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=362ae1cbe5af964e61f7622df949887f6787d277;hp=b32b23bedf1926032e4d03c075309ef1b597e554;hb=e97be718044fd9a296f05f13e3ad91427b212b7c;hpb=f054160a1923845f40d15457d1009420827f4c88 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b32b23bedf..362ae1cbe5 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -33,6 +33,7 @@ # include "packet_locl.h" # include "internal/dane.h" # include "internal/refcount.h" +# include "internal/tsan_assist.h" # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -383,11 +384,6 @@ # define SSL_PKEY_ED25519 7 # define SSL_PKEY_ED448 8 # define SSL_PKEY_NUM 9 -/* - * Pseudo-constant. GOST cipher suites can use different certs for 1 - * SSL_CIPHER. So let's see which one we have in fact. - */ -# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 /*- * SSL_kRSA <- RSA_ENC @@ -475,6 +471,8 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; +# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64 + /*- * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { @@ -510,9 +508,9 @@ struct ssl_session_st { unsigned char early_secret[EVP_MAX_MD_SIZE]; /* * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption - * master secret + * PSK */ - unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH]; + unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH]; /* session_id - valid? */ size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; @@ -572,8 +570,6 @@ struct ssl_session_st { /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; - unsigned char *tick_nonce; - size_t tick_nonce_len; int tick_identity; /* Max number of bytes that can be sent as early data */ uint32_t max_early_data; @@ -784,21 +780,23 @@ struct ssl_ctx_st { const unsigned char *data, int len, int *copy); struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate; /* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate; /* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not in the cache was - * passed back via the callback. This - * indicates that the application is supplying - * session-id's from other processes - spooky - * :-) */ + TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */ + TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */ + TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */ + TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */ + TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */ + TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */ + TSAN_QUALIFIER int sess_miss; /* session lookup misses */ + TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */ + TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */ + TSAN_QUALIFIER int sess_hit; /* session reuse actually done */ + TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in + * the cache was passed back via + * the callback. This indicates + * that the application is + * supplying session-id's from + * other processes - spooky + * :-) */ } stats; CRYPTO_REF_COUNT references; @@ -1037,9 +1035,18 @@ struct ssl_ctx_st { */ SSL_CTX_keylog_cb_func keylog_callback; - /* The maximum number of bytes that can be sent as early data */ + /* + * The maximum number of bytes advertised in session tickets that can be + * sent as early data. + */ uint32_t max_early_data; + /* + * The maximum number of bytes of early data that a server will tolerate + * (which should be at least as much as max_early_data). + */ + uint32_t recv_max_early_data; + /* TLS1.3 padding callback */ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); void *record_padding_arg; @@ -1049,6 +1056,16 @@ struct ssl_ctx_st { SSL_CTX_generate_session_ticket_fn generate_ticket_cb; SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb; void *ticket_cb_data; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; + + /* Callback to determine if early_data is acceptable or not */ + SSL_allow_early_data_cb_fn allow_early_data_cb; + void *allow_early_data_cb_data; + + /* Do we advertise Post-handshake auth support? */ + int pha_enabled; }; struct ssl_st { @@ -1125,12 +1142,12 @@ struct ssl_st { */ uint32_t mac_flags; /* - * The TLS1.3 secrets. The resumption master secret is stored in the - * session. + * The TLS1.3 secrets. */ unsigned char early_secret[EVP_MAX_MD_SIZE]; unsigned char handshake_secret[EVP_MAX_MD_SIZE]; unsigned char master_secret[EVP_MAX_MD_SIZE]; + unsigned char resumption_master_secret[EVP_MAX_MD_SIZE]; unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_hash[EVP_MAX_MD_SIZE]; @@ -1205,6 +1222,7 @@ struct ssl_st { # endif SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; + SSL_CTX *ctx; /* Verified chain of peer */ STACK_OF(X509) *verified_chain; @@ -1376,7 +1394,7 @@ struct ssl_st { int key_update; /* Post-handshake authentication state */ SSL_PHA_STATE post_handshake_auth; - int pha_forced; + int pha_enabled; uint8_t* pha_context; size_t pha_context_len; int certreqs_sent; @@ -1401,8 +1419,17 @@ struct ssl_st { ASYNC_WAIT_CTX *waitctx; size_t asyncrw; - /* The maximum number of plaintext bytes that can be sent as early data */ + /* + * The maximum number of bytes advertised in session tickets that can be + * sent as early data. + */ uint32_t max_early_data; + /* + * The maximum number of bytes of early data that a server will tolerate + * (which should be at least as much as max_early_data). + */ + uint32_t recv_max_early_data; + /* * The number of bytes of early data received so far. If we accepted early * data then this is a count of the plaintext bytes. If we rejected it then @@ -1416,6 +1443,18 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; + RAND_DRBG *drbg; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; + /* The number of TLS1.3 tickets actually sent so far */ + size_t sent_tickets; + /* The next nonce value to use when we send a ticket on this connection */ + uint64_t next_ticket_nonce; + + /* Callback to determine if early_data is acceptable or not */ + SSL_allow_early_data_cb_fn allow_early_data_cb; + void *allow_early_data_cb_data; }; /* @@ -2204,6 +2243,8 @@ void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); +__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len); __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); @@ -2251,6 +2292,7 @@ __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); +__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); @@ -2331,7 +2373,8 @@ __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); -__owur int ssl_version_supported(const SSL *s, int version); +__owur int ssl_version_supported(const SSL *s, int version, + const SSL_METHOD **meth); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); @@ -2473,9 +2516,9 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, __owur int tls1_set_server_sigalgs(SSL *s); -__owur SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, +__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, SSL_SESSION **ret); -__owur SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, +__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, size_t eticklen, const unsigned char *sess_id, size_t sesslen, SSL_SESSION **psess);