X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=e068fd102ef9a2951556e5bb3a94b2ea2963c83e;hp=db7ca80eba4e89cff892edde0575f303e51b7aa8;hb=02f0274e8c0596dcf7e2d104250232a42c650b96;hpb=6db6bc5a8f0663e679a99ea91a6f490db0f183ba diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index db7ca80eba..e068fd102e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -66,6 +66,7 @@ # include "statem/statem.h" # include "packet_locl.h" # include "internal/dane.h" +# include "internal/refcount.h" # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -349,6 +350,12 @@ /* Check if an SSL structure is using DTLS */ # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) + +/* Check if we are using TLSv1.3 */ +# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ + && (s)->method->version >= TLS1_3_VERSION \ + && (s)->method->version != TLS_ANY_VERSION) + /* See if we need explicit IV */ # define SSL_USE_EXPLICIT_IV(s) \ (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) @@ -444,15 +451,15 @@ struct ssl_method_st { void (*ssl_free) (SSL *s); int (*ssl_accept) (SSL *s); int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *read); - int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *read); + int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes); int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written); int (*ssl_shutdown) (SSL *s); int (*ssl_renegotiate) (SSL *s); int (*ssl_renegotiate_check) (SSL *s); int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type, unsigned char *buf, size_t len, int peek, - size_t *read); + size_t *readbytes); int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len, size_t *written); int (*ssl_dispatch_alert) (SSL *s); @@ -461,7 +468,7 @@ struct ssl_method_st { const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt, size_t *len); - int (*ssl_pending) (const SSL *s); + size_t (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); const SSL_CIPHER *(*get_cipher) (unsigned ncipher); long (*get_timeout) (void); @@ -532,7 +539,7 @@ struct ssl_session_st { * certificate is not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ - int references; + CRYPTO_REF_COUNT references; long timeout; long time; unsigned int compress_meth; /* Need to lookup the method */ @@ -550,8 +557,8 @@ struct ssl_session_st { # ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; /* peer's list */ # endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ @@ -659,7 +666,7 @@ struct ssl_ctx_st { * :-) */ } stats; - int references; + CRYPTO_REF_COUNT references; /* if defined, these override the X509_verify_cert() calls */ int (*app_verify_callback) (X509_STORE_CTX *, void *); @@ -864,8 +871,8 @@ struct ssl_ctx_st { /* EC extension values inherited by SSL structure */ size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* ext status type used for CSR extension (OCSP Stapling) */ @@ -944,11 +951,21 @@ struct ssl_st { * be 'copied' into these ones */ uint32_t mac_flags; + /* + * The TLS1.3 early_secret and handshake_secret. The master_secret is stored + * in the session. + */ + unsigned char early_secret[EVP_MAX_MD_SIZE]; + unsigned char handshake_secret[EVP_MAX_MD_SIZE]; + unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; + unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ EVP_MD_CTX *read_hash; /* used for mac generation */ COMP_CTX *compress; /* compression */ COMP_CTX *expand; /* uncompress */ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ EVP_MD_CTX *write_hash; /* used for mac generation */ /* session info */ /* client cert? */ @@ -996,7 +1013,7 @@ struct ssl_st { CRYPTO_EX_DATA ex_data; /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; - int references; + CRYPTO_REF_COUNT references; /* protocol behaviour */ uint32_t options; /* API behaviour */ @@ -1005,7 +1022,10 @@ struct ssl_st { int max_proto_version; size_t max_cert_list; int first_packet; - /* what was passed, used for SSLv3/TLS rollback check */ + /* + * What was passed in ClientHello.legacy_version. Used for RSA pre-master + * secret and SSLv3/TLS (<=1.2) rollback check + */ int client_version; /* * If we're using more than one pipeline how should we divide the data @@ -1061,16 +1081,16 @@ struct ssl_st { X509_EXTENSIONS *tlsext_ocsp_exts; /* OCSP response received or to be sent */ unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; + size_t tlsext_ocsp_resplen; /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; # ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; /* our list */ unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; + size_t tlsext_supportedgroupslist_length; /* our list */ - unsigned char *tlsext_ellipticcurvelist; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; @@ -1097,17 +1117,6 @@ struct ssl_st { STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; - /*- - * Is use of the Heartbeat extension negotiated? - * 0: disabled - * 1: enabled - * 2: enabled, but not allowed to send Requests - */ - unsigned int tlsext_heartbeat; - /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_pending; - /* HeartbeatRequest sequence number */ - unsigned int tlsext_hb_seq; /* * For a client, this contains the list of supported protocols in wire * format. @@ -1300,6 +1309,8 @@ typedef struct ssl3_state_st { /* For clients: peer temporary key */ # if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + /* The group_id for the DH/ECDH key */ + unsigned int group_id; EVP_PKEY *peer_tmp; # endif @@ -1374,7 +1385,7 @@ pitem *pqueue_pop(pqueue *pq); pitem *pqueue_find(pqueue *pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue *pq); pitem *pqueue_next(piterator *iter); -int pqueue_size(pqueue *pq); +size_t pqueue_size(pqueue *pq); typedef struct dtls1_state_st { unsigned char cookie[DTLS1_COOKIE_LENGTH]; @@ -1394,7 +1405,7 @@ typedef struct dtls1_state_st { struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; /* - * Indicates when the last handshake msg or heartbeat sent will timeout + * Indicates when the last handshake msg sent will timeout */ struct timeval next_timeout; /* Timeout duration */ @@ -1542,7 +1553,7 @@ typedef struct cert_st { /* If not NULL psk identity hint to use for servers */ char *psk_identity_hint; # endif - int references; /* >1 only if SSL_copy_session_id is used */ + CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */ CRYPTO_RWLOCK *lock; } CERT; @@ -1573,11 +1584,10 @@ typedef struct ssl3_enc_method { size_t, size_t *); int (*change_cipher_state) (SSL *, int); size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); - int finish_mac_length; const char *client_finished_label; - int client_finished_label_len; + size_t client_finished_label_len; const char *server_finished_label; - int server_finished_label_len; + size_t server_finished_label_len; int (*alert_value) (int); int (*export_keying_material) (SSL *, unsigned char *, size_t, const char *, size_t, @@ -1585,8 +1595,6 @@ typedef struct ssl3_enc_method { int use_context); /* Various flags indicating protocol version requirements */ uint32_t enc_flags; - /* Handshake header length */ - unsigned int hhlen; /* Set the handshake header */ int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); /* Close construction of the handshake message */ @@ -1595,9 +1603,6 @@ typedef struct ssl3_enc_method { int (*do_write) (SSL *s); } SSL3_ENC_METHOD; -# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen -# define ssl_handshake_start(s) \ - (((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen) # define ssl_set_handshake_header(s, pkt, htype) \ s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) # define ssl_close_construct_packet(s, pkt, htype) \ @@ -1630,6 +1635,33 @@ typedef struct ssl3_comp_st { } SSL3_COMP; # endif +typedef struct raw_extension_st { + /* The type of the extension */ + unsigned int type; + /* Raw packet data for the extension */ + PACKET data; + /* Set to 1 if we have already parsed the extension or 0 otherwise */ + int parsed; +} RAW_EXTENSION; + +#define MAX_COMPRESSIONS_SIZE 255 + +typedef struct { + unsigned int isv2; + unsigned int legacy_version; + unsigned char random[SSL3_RANDOM_SIZE]; + size_t session_id_len; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + size_t dtls_cookie_len; + unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH]; + PACKET ciphersuites; + size_t compressions_len; + unsigned char compressions[MAX_COMPRESSIONS_SIZE]; + PACKET extensions; + size_t num_extensions; + RAW_EXTENSION *pre_proc_exts; +} CLIENTHELLO_MSG; + extern SSL3_ENC_METHOD ssl3_undef_enc_method; __owur const SSL_METHOD *ssl_bad_method(int ver); @@ -1786,10 +1818,6 @@ const SSL_METHOD *func_name(void) \ struct openssl_ssl_test_functions { int (*p_ssl_init_wbio_buffer) (SSL *s); int (*p_ssl3_setup_buffers) (SSL *s); -# ifndef OPENSSL_NO_HEARTBEATS - int (*p_dtls1_process_heartbeat) (SSL *s, - unsigned char *p, unsigned int length); -# endif }; const char *ssl_protocol_to_string(int version); @@ -1803,8 +1831,7 @@ __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur int ssl_get_new_session(SSL *s, int session); -__owur int ssl_get_prev_session(SSL *s, const PACKET *ext, - const PACKET *session_id); +__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); @@ -1866,7 +1893,8 @@ __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms); __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); -__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey); +__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, + int genmaster); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); @@ -1899,8 +1927,8 @@ __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); -__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *read); -__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read); +__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes); __owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written); __owur int ssl3_shutdown(SSL *s); void ssl3_clear(SSL *s); @@ -1925,7 +1953,7 @@ __owur int ssl_version_supported(const SSL *s, int version); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); -__owur int ssl_choose_server_version(SSL *s); +__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello); __owur int ssl_choose_client_version(SSL *s, int version); int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version); @@ -1934,8 +1962,8 @@ __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); void dtls1_set_message_header(SSL *s, unsigned char mt, - unsigned long len, - unsigned long frag_off, unsigned long frag_len); + size_t len, + size_t frag_off, size_t frag_len); int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written); @@ -1988,6 +2016,25 @@ __owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, __owur int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size); +__owur int tls13_setup_key_block(SSL *s); +__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *p); +__owur int tls13_change_cipher_state(SSL *s, int which); +__owur int tls13_derive_secret(SSL *s, const unsigned char *insecret, + const unsigned char *label, size_t labellen, + unsigned char *secret); +__owur int tls13_derive_key(SSL *s, const unsigned char *secret, + unsigned char *key, size_t keylen); +__owur int tls13_derive_iv(SSL *s, const unsigned char *secret, + unsigned char *iv, size_t ivlen); +__owur int tls13_generate_early_secret(SSL *s, const unsigned char *insecret, + size_t insecretlen); +__owur int tls13_generate_handshake_secret(SSL *s, + const unsigned char *insecret, + size_t insecretlen); +__owur int tls13_generate_master_secret(SSL *s, unsigned char *out, + unsigned char *prev, size_t prevlen, + size_t *secret_size); __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, @@ -2012,11 +2059,13 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); __owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags); __owur int tls1_ec_nid2curve_id(int nid); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); -__owur int tls1_shared_curve(SSL *s, int nmatch); -__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, +__owur int tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, +__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str); +void tls1_get_formatlist(SSL *s, const unsigned char **pformats, + size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_curve(int id); # endif /* OPENSSL_NO_EC */ @@ -2024,25 +2073,20 @@ __owur EVP_PKEY *ssl_generate_pkey_curve(int id); __owur int tls1_shared_list(SSL *s, const unsigned char *l1, size_t l1len, const unsigned char *l2, size_t l2len, int nmatch); -__owur int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al); -__owur int ssl_add_serverhello_tlsext(SSL *s, WPACKET *pkt, int *al); -__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt); +__owur int tls_curve_allowed(SSL *s, const unsigned char *curve, int op); +__owur int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves, + size_t *num_curves); + void ssl_set_default_md(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s); __owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al); __owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt); -__owur int ssl_prepare_clienthello_tlsext(SSL *s); -__owur int ssl_prepare_serverhello_tlsext(SSL *s); - -# ifndef OPENSSL_NO_HEARTBEATS -__owur int dtls1_heartbeat(SSL *s); -__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, - unsigned int length); -# endif - -__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, - const PACKET *session_id, - SSL_SESSION **ret); +__owur RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts, + size_t numexts, + unsigned int type); +__owur int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, + SSL_SESSION **ret); +__owur int tls_use_ticket(SSL *s); __owur int tls12_get_sigandhash(WPACKET *pkt, const EVP_PKEY *pk, const EVP_MD *md); @@ -2071,13 +2115,10 @@ __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); -__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt); -__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); -__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); __owur long ssl_get_algorithm2(SSL *s); __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, const unsigned char *psig, size_t psiglen); -__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); +__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, size_t dsize); __owur int tls1_process_sigalgs(SSL *s); __owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, @@ -2085,9 +2126,6 @@ __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, void ssl_set_client_disabled(SSL *s); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op); -__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); -__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); - __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, size_t *hashlen); __owur const EVP_MD *ssl_md(int idx); @@ -2134,7 +2172,6 @@ void ssl_comp_free_compression_methods_int(void); # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer # define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat # endif #endif