X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=d8d1b7918c2baee8504a2a0162b017c109b7832a;hp=3c025479870da14456c49c360464fde438d44047;hb=ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1;hpb=7409d7ad517650db332ae528915a570e4e0ab88b diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 3c02547987..d8d1b7918c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -280,8 +280,8 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ #define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ -#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ +#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ +#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ #define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ #define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ @@ -295,7 +295,7 @@ #define SSL_aRSA 0x00000001L /* RSA auth */ #define SSL_aDSS 0x00000002L /* DSS auth */ #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ +#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ #define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ #define SSL_aKRB5 0x00000020L /* KRB5 auth */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ @@ -317,22 +317,29 @@ #define SSL_CAMELLIA256 0x00000200L #define SSL_eGOST2814789CNT 0x00000400L #define SSL_SEED 0x00000800L +#define SSL_AES128GCM 0x00001000L +#define SSL_AES256GCM 0x00002000L -#define SSL_AES (SSL_AES128|SSL_AES256) +#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) /* Bits for algorithm_mac (symmetric authentication) */ + #define SSL_MD5 0x00000001L #define SSL_SHA1 0x00000002L #define SSL_GOST94 0x00000004L #define SSL_GOST89MAC 0x00000008L #define SSL_SHA256 0x00000010L +#define SSL_SHA384 0x00000020L +/* Not a real MAC, just an indication it is part of cipher */ +#define SSL_AEAD 0x00000040L /* Bits for algorithm_ssl (protocol version) */ #define SSL_SSLV2 0x00000001L #define SSL_SSLV3 0x00000002L #define SSL_TLSV1 SSL_SSLV3 /* for now */ +#define SSL_TLSV1_2 0x00000004L /* Bits for algorithm2 (handshake digests and other extra flags) */ @@ -341,16 +348,18 @@ #define SSL_HANDSHAKE_MAC_SHA 0x20 #define SSL_HANDSHAKE_MAC_GOST94 0x40 #define SSL_HANDSHAKE_MAC_SHA256 0x80 +#define SSL_HANDSHAKE_MAC_SHA384 0x100 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX * make sure to update this constant too */ -#define SSL_MAX_DIGEST 5 +#define SSL_MAX_DIGEST 6 -#define TLS1_PRF_DGST_SHIFT 8 +#define TLS1_PRF_DGST_SHIFT 10 #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) @@ -457,10 +466,36 @@ #define NAMED_CURVE_TYPE 3 #endif /* OPENSSL_NO_EC */ +/* Values for valid_flags in CERT_PKEY structure */ +/* Certificate inconsistent with session, key missing etc */ +#define CERT_PKEY_INVALID 0x0 +/* Certificate can be used with this sesstion */ +#define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +#define CERT_PKEY_SIGN 0x2 + typedef struct cert_pkey_st { X509 *x509; EVP_PKEY *privatekey; + /* Digest to use when signing */ + const EVP_MD *digest; + /* Chain for this certificate */ + STACK_OF(X509) *chain; +#ifndef OPENSSL_NO_TLSEXT + /* authz/authz_length contain authz data for this certificate. The data + * is in wire format, specifically it's a series of records like: + * uint8_t authz_type; // (RFC 5878, AuthzDataFormat) + * uint16_t length; + * uint8_t data[length]; */ + unsigned char *authz; + size_t authz_length; +#endif + /* Set if CERT_PKEY can be used with current SSL session: e.g. + * appropriate curve, signature algorithms etc. If zero it can't be + * used at all. + */ + int valid_flags; } CERT_PKEY; typedef struct cert_st @@ -470,13 +505,18 @@ typedef struct cert_st * Probably it would make more sense to store * an index, not a pointer. */ - /* The following masks are for the key and auth - * algorithms that are supported by the certs below */ + /* For servers the following masks are for the key and auth + * algorithms that are supported by the certs below. + * For clients they are masks of *disabled* algorithms based + * on the current session. + */ int valid; unsigned long mask_k; unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; + /* Client only */ + unsigned long mask_ssl; #ifndef OPENSSL_NO_RSA RSA *rsa_tmp; RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); @@ -489,10 +529,66 @@ typedef struct cert_st EC_KEY *ecdh_tmp; /* Callback for generating ephemeral ECDH keys */ EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); + /* Select ECDH parameters automatically */ + int ecdh_tmp_auto; #endif - + /* Flags related to certificates */ + unsigned int cert_flags; CERT_PKEY pkeys[SSL_PKEY_NUM]; + /* Certificate types (received or sent) in certificate request + * message. On receive this is only set if number of certificate + * types exceeds SSL3_CT_NUMBER. + */ + unsigned char *ctypes; + size_t ctype_num; + + /* signature algorithms peer reports: e.g. supported signature + * algorithms extension for server or as part of a certificate + * request for client. + */ + unsigned char *peer_sigalgs; + /* Size of above array */ + size_t peer_sigalgslen; + /* suppported signature algorithms. + * When set on a client this is sent in the client hello as the + * supported signature algorithms extension. For servers + * it represents the signature algorithms we are willing to use. + */ + unsigned char *conf_sigalgs; + /* Size of above array */ + size_t conf_sigalgslen; + /* Client authentication signature algorithms, if not set then + * uses conf_sigalgs. On servers these will be the signature + * algorithms sent to the client in a cerificate request for TLS 1.2. + * On a client this represents the signature algortithms we are + * willing to use for client authentication. + */ + unsigned char *client_sigalgs; + /* Size of above array */ + size_t client_sigalgslen; + /* Signature algorithms shared by client and server: cached + * because these are used most often. + */ + TLS_SIGALGS *shared_sigalgs; + size_t shared_sigalgslen; + + /* Certificate setup callback: if set is called whenever a + * certificate may be required (client or server). the callback + * can then examine any appropriate parameters and setup any + * certificates required. This allows advanced applications + * to select certificates on the fly: for example based on + * supported signature algorithms or curves. + */ + int (*cert_cb)(SSL *ssl, void *arg); + void *cert_cb_arg; + + /* Optional X509_STORE for chain building or certificate validation + * If NULL the parent SSL_CTX store is used instead. + */ + X509_STORE *chain_store; + X509_STORE *verify_store; + int references; /* >1 only if SSL_copy_session_id is used */ } CERT; @@ -521,7 +617,19 @@ typedef struct sess_cert_st int references; /* actually always 1 at the moment */ } SESS_CERT; - +/* Structure containing decoded values of signature algorithms extension */ +struct tls_sigalgs_st + { + /* NID of hash algorithm */ + int hash_nid; + /* NID of signature algorithm */ + int sign_nid; + /* Combined hash and signature NID */ + int signandhash_nid; + /* Raw values used in extension */ + unsigned char rsign; + unsigned char rhash; + }; /*#define MAC_DEBUG */ @@ -558,6 +666,10 @@ typedef struct ssl3_enc_method const char *server_finished_label; int server_finished_label_len; int (*alert_value)(int); + int (*export_keying_material)(SSL *, unsigned char *, size_t, + const char *, size_t, + const unsigned char *, size_t, + int use_context); } SSL3_ENC_METHOD; #ifndef OPENSSL_NO_COMP @@ -757,7 +869,7 @@ const SSL_METHOD *func_name(void) \ ssl3_read, \ ssl3_peek, \ ssl3_write, \ - ssl3_shutdown, \ + dtls1_shutdown, \ ssl3_renegotiate, \ ssl3_renegotiate_check, \ dtls1_get_message, \ @@ -785,7 +897,9 @@ void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); +void ssl_cert_set_default_md(CERT *cert); int ssl_cert_inst(CERT **o); +void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); @@ -809,12 +923,22 @@ void ssl_update_cache(SSL *s, int mode); int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); +int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); +int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); +int ssl_cert_add0_chain_cert(CERT *c, X509 *x); +int ssl_cert_add1_chain_cert(CERT *c, X509 *x); +void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg); + int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); +int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l); +int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags); +int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -X509 *ssl_get_server_send_cert(SSL *); -EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *); +CERT_PKEY *ssl_get_server_send_pkey(SSL *); +unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length); +EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); @@ -881,7 +1005,7 @@ void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); int ssl3_enc(SSL *s, int send_data); int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); void ssl3_free_digest_list(SSL *s); -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); +unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); int ssl3_setup_buffers(SSL *s); @@ -935,7 +1059,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); int dtls1_send_change_cipher_spec(SSL *s, int a, int b); int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); -unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); +unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk); int dtls1_read_failed(SSL *s, int code); int dtls1_buffer_message(SSL *s, int ccs); int dtls1_retransmit_message(SSL *s, unsigned short seq, @@ -948,6 +1072,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); +int dtls1_check_timeout_num(SSL *s); int dtls1_handle_timeout(SSL *s); const SSL_CIPHER *dtls1_get_cipher(unsigned int u); void dtls1_start_timer(SSL *s); @@ -955,6 +1080,7 @@ void dtls1_stop_timer(SSL *s); int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); int dtls1_send_newsession_ticket(SSL *s); +unsigned int dtls1_min_mtu(void); /* some client-only functions */ int ssl3_client_hello(SSL *s); @@ -1023,6 +1149,7 @@ int dtls1_connect(SSL *s); void dtls1_free(SSL *s); void dtls1_clear(SSL *s); long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); +int dtls1_shutdown(SSL *s); long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); int dtls1_get_record(SSL *s); @@ -1043,12 +1170,15 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); int tls1_mac(SSL *ssl, unsigned char *md, int snd); int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); +int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *p, size_t plen, int use_context); int tls1_alert_code(int code); int ssl3_alert_code(int code); int ssl_ok(SSL *s); #ifndef OPENSSL_NO_ECDH -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs); +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); #endif SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); @@ -1056,17 +1186,38 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); #ifndef OPENSSL_NO_EC int tls1_ec_curve_id2nid(int curve_id); int tls1_ec_nid2curve_id(int nid); +int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); +int tls1_shared_curve(SSL *s, int nmatch); +int tls1_set_curves(unsigned char **pext, size_t *pextlen, + int *curves, size_t ncurves); +int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, + const char *str); +int tls1_check_ec_tmp_key(SSL *s); #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT +int tls1_shared_list(SSL *s, + const unsigned char *l1, size_t l1len, + const unsigned char *l2, size_t l2len, + int nmatch); unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); -int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n); +int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n); int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); -int ssl_check_clienthello_tlsext(SSL *s); -int ssl_check_serverhello_tlsext(SSL *s); + +/* server only */ +int tls1_send_server_supplemental_data(SSL *s); +/* client only */ +int tls1_get_server_supplemental_data(SSL *s); + +#ifndef OPENSSL_NO_HEARTBEATS +int tls1_heartbeat(SSL *s); +int dtls1_heartbeat(SSL *s); +int tls1_process_heartbeat(SSL *s); +int dtls1_process_heartbeat(SSL *s); +#endif #ifdef OPENSSL_NO_SHA256 #define tlsext_tick_md EVP_sha1 @@ -1075,6 +1226,18 @@ int ssl_check_serverhello_tlsext(SSL *s); #endif int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); + +int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, + const EVP_MD *md); +int tls12_get_sigid(const EVP_PKEY *pk); +const EVP_MD *tls12_get_hash(unsigned char hash_alg); + +int tls1_set_sigalgs_list(CERT *c, const char *str, int client); +int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); +int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, + int idx); +void tls1_set_cert_validity(SSL *s); + #endif EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; void ssl_clear_hash_ctx(EVP_MD_CTX **hash); @@ -1087,4 +1250,15 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, int *al); long ssl_get_algorithm2(SSL *s); +int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); +size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); +int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, + const unsigned char *sig, EVP_PKEY *pkey); +void ssl_set_client_disabled(SSL *s); + +int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); +int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); +int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); +int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); + #endif