X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=f179efa231407e08cedc1712e02eaf50216030cf;hp=aae547ae2bc4624abb1e180f63e845358555f0d0;hb=0e1d6ecf37ea33ad963249cdb5efebeb04299033;hpb=52fd27f9784c9648af55b507d03d0d9e3a368855 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index aae547ae2b..f179efa231 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -11,20 +11,16 @@ #ifndef HEADER_SSL_LOCL_H # define HEADER_SSL_LOCL_H + +# include "e_os.h" /* struct timeval for DTLS */ # include # include # include # include -# include "e_os.h" -# if defined(__unix) || defined(__unix__) -# include /* struct timeval for DTLS */ -# endif - # include # include # include -# include # include # include # include @@ -231,12 +227,16 @@ # define SSL_AES256CCM8 0x00020000U # define SSL_eGOST2814789CNT12 0x00040000U # define SSL_CHACHA20POLY1305 0x00080000U +# define SSL_ARIA128GCM 0x00100000U +# define SSL_ARIA256GCM 0x00200000U # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) # define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) +# define SSL_ARIA (SSL_ARIAGCM) /* Bits for algorithm_mac (symmetric authentication) */ @@ -323,10 +323,14 @@ && (s)->method->version != TLS_ANY_VERSION) # define SSL_TREAT_AS_TLS13(s) \ - (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ - || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) + (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ + || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ + || (s)->hello_retry_request == SSL_HRR_PENDING) -# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0) +# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \ + || (s)->s3->tmp.peer_finish_md_len == 0) /* See if we need explicit IV */ # define SSL_USE_EXPLICIT_IV(s) \ @@ -357,30 +361,34 @@ # define SSL_CLIENT_USE_SIGALGS(s) \ SSL_CLIENT_USE_TLS1_2_CIPHERS(s) +# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \ + (((value) >= TLSEXT_max_fragment_length_512) && \ + ((value) <= TLSEXT_max_fragment_length_4096)) +# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \ + IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode) +# define GET_MAX_FRAGMENT_LENGTH(session) \ + (512U << (session->ext.max_fragment_len_mode - 1)) + # define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) # define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) /* Mostly for SSLv3 */ # define SSL_PKEY_RSA 0 -# define SSL_PKEY_DSA_SIGN 1 -# define SSL_PKEY_ECC 2 -# define SSL_PKEY_GOST01 3 -# define SSL_PKEY_GOST12_256 4 -# define SSL_PKEY_GOST12_512 5 -# define SSL_PKEY_ED25519 6 -# define SSL_PKEY_NUM 7 +# define SSL_PKEY_RSA_PSS_SIGN 1 +# define SSL_PKEY_DSA_SIGN 2 +# define SSL_PKEY_ECC 3 +# define SSL_PKEY_GOST01 4 +# define SSL_PKEY_GOST12_256 5 +# define SSL_PKEY_GOST12_512 6 +# define SSL_PKEY_ED25519 7 +# define SSL_PKEY_ED448 8 +# define SSL_PKEY_NUM 9 /* * Pseudo-constant. GOST cipher suites can use different certs for 1 * SSL_CIPHER. So let's see which one we have in fact. */ # define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 -/* - * TODO(TLS1.3) for now use SSL_PKEY_RSA keys for PSS - */ - -#define SSL_PKEY_RSA_PSS_SIGN SSL_PKEY_RSA - /*- * SSL_kRSA <- RSA_ENC * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) @@ -395,12 +403,22 @@ #define CERT_PRIVATE_KEY 2 */ +/* Post-Handshake Authentication state */ +typedef enum { + SSL_PHA_NONE = 0, + SSL_PHA_EXT_SENT, /* client-side only: extension sent */ + SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */ + SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */ + SSL_PHA_REQUESTED /* request received by client, or sent by server */ +} SSL_PHA_STATE; + /* CipherSuite length. SSLv3 and all TLS versions. */ # define TLS_CIPHER_LEN 2 /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { uint32_t valid; const char *name; /* text name */ + const char *stdname; /* RFC name */ uint32_t id; /* id, 4 bytes, first is version */ /* * changed in 1.0.0: these four used to be portions of a single value @@ -545,9 +563,9 @@ struct ssl_session_st { # ifndef OPENSSL_NO_EC size_t ecpointformats_len; unsigned char *ecpointformats; /* peer's list */ - size_t supportedgroups_len; - unsigned char *supportedgroups; /* peer's list */ # endif /* OPENSSL_NO_EC */ + size_t supportedgroups_len; + uint16_t *supportedgroups; /* peer's list */ /* RFC4507 info */ unsigned char *tick; /* Session ticket */ size_t ticklen; /* Session ticket length */ @@ -562,6 +580,13 @@ struct ssl_session_st { /* The ALPN protocol selected for this session */ unsigned char *alpn_selected; size_t alpn_selected_len; + /* + * Maximum Fragment Length as per RFC 4366. + * If this value does not contain RFC 4366 allowed values (1-4) then + * either the Maximum Fragment Length Negotiation failed or was not + * performed at all. + */ + uint8_t max_fragment_len_mode; } ext; # ifndef OPENSSL_NO_SRP char *srp_username; @@ -600,6 +625,7 @@ typedef enum { SSL_EARLY_DATA_CONNECTING, SSL_EARLY_DATA_WRITE_RETRY, SSL_EARLY_DATA_WRITING, + SSL_EARLY_DATA_WRITE_FLUSH, SSL_EARLY_DATA_UNAUTH_WRITING, SSL_EARLY_DATA_FINISHED_WRITING, SSL_EARLY_DATA_ACCEPT_RETRY, @@ -673,11 +699,11 @@ typedef struct { typedef enum tlsext_index_en { TLSEXT_IDX_renegotiate, TLSEXT_IDX_server_name, + TLSEXT_IDX_max_fragment_length, TLSEXT_IDX_srp, TLSEXT_IDX_ec_point_formats, TLSEXT_IDX_supported_groups, TLSEXT_IDX_session_ticket, - TLSEXT_IDX_signature_algorithms, TLSEXT_IDX_status_request, TLSEXT_IDX_next_proto_neg, TLSEXT_IDX_application_layer_protocol_negotiation, @@ -685,6 +711,9 @@ typedef enum tlsext_index_en { TLSEXT_IDX_encrypt_then_mac, TLSEXT_IDX_signed_certificate_timestamp, TLSEXT_IDX_extended_master_secret, + TLSEXT_IDX_signature_algorithms_cert, + TLSEXT_IDX_post_handshake_auth, + TLSEXT_IDX_signature_algorithms, TLSEXT_IDX_supported_versions, TLSEXT_IDX_psk_kex_modes, TLSEXT_IDX_key_share, @@ -721,7 +750,7 @@ struct ssl_ctx_st { /* * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which - * means only SSL_accept which cache SSL_SESSIONS. + * means only SSL_accept will cache SSL_SESSIONS. */ uint32_t session_cache_mode; /* @@ -875,9 +904,9 @@ struct ssl_ctx_st { ENGINE *client_cert_engine; # endif - /* Early callback. Mostly for extensions, but not entirely. */ - SSL_early_cb_fn early_cb; - void *early_cb_arg; + /* ClientHello callback. Mostly for extensions, but not entirely. */ + SSL_client_hello_cb_fn client_hello_cb; + void *client_hello_cb_arg; /* TLS extensions. */ struct { @@ -899,13 +928,15 @@ struct ssl_ctx_st { void *status_arg; /* ext status type used for CSR extension (OCSP Stapling) */ int status_type; + /* RFC 4366 Maximum Fragment Length Negotiation */ + uint8_t max_fragment_len_mode; # ifndef OPENSSL_NO_EC /* EC extension values inherited by SSL structure */ size_t ecpointformats_len; unsigned char *ecpointformats; size_t supportedgroups_len; - unsigned char *supportedgroups; + uint16_t *supportedgroups; # endif /* OPENSSL_NO_EC */ /* @@ -953,6 +984,8 @@ struct ssl_ctx_st { SSL_CTX_npn_select_cb_func npn_select_cb; void *npn_select_cb_arg; # endif + + unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH]; } ext; # ifndef OPENSSL_NO_PSK @@ -1079,6 +1112,7 @@ struct ssl_st { unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; + unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ EVP_MD_CTX *read_hash; /* used for mac generation */ @@ -1102,7 +1136,8 @@ struct ssl_st { size_t cert_verify_hash_len; /* Flag to indicate whether we should send a HelloRetryRequest or not */ - int hello_retry_request; + enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE} + hello_retry_request; /* * the session_id_context is used to ensure sessions are only reused in @@ -1114,8 +1149,16 @@ struct ssl_st { SSL_SESSION *session; /* TLSv1.3 PSK session */ SSL_SESSION *psksession; + unsigned char *psksession_id; + size_t psksession_id_len; /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; + /* + * The temporary TLSv1.3 session id. This isn't really a session id at all + * but is a random value sent in the legacy session id field. + */ + unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + size_t tmp_session_id_len; /* Used in SSL3 */ /* * 0 don't care about verify failure. @@ -1204,10 +1247,10 @@ struct ssl_st { size_t ecpointformats_len; /* our list */ unsigned char *ecpointformats; +# endif /* OPENSSL_NO_EC */ size_t supportedgroups_len; /* our list */ - unsigned char *supportedgroups; -# endif /* OPENSSL_NO_EC */ + uint16_t *supportedgroups; /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *session_ticket; /* TLS Session Ticket extension callback */ @@ -1246,9 +1289,25 @@ struct ssl_st { /* May be sent by a server in HRR. Must be echoed back in ClientHello */ unsigned char *tls13_cookie; size_t tls13_cookie_len; + /* Have we received a cookie from the client? */ + int cookieok; + + /* + * Maximum Fragment Length as per RFC 4366. + * If this member contains one of the allowed values (1-4) + * then we should include Maximum Fragment Length Negotiation + * extension in Client Hello. + * Please note that value of this member does not have direct + * effect. The actual (binding) value is stored in SSL_SESSION, + * as this extension is optional on server side. + */ + uint8_t max_fragment_len_mode; } ext; - /* Parsed form of the ClientHello, kept around across early_cb calls. */ + /* + * Parsed form of the ClientHello, kept around across client_hello_cb + * calls. + */ CLIENTHELLO_MSG *clienthello; /*- @@ -1287,6 +1346,14 @@ struct ssl_st { int renegotiate; /* If sending a KeyUpdate is pending */ int key_update; + /* Post-handshake authentication state */ + SSL_PHA_STATE post_handshake_auth; + int pha_forced; + uint8_t* pha_context; + size_t pha_context_len; + int certreqs_sent; + EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */ + # ifndef OPENSSL_NO_SRP /* ctx for SRP authentication */ SRP_CTX srp_ctx; @@ -1321,6 +1388,7 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; + RAND_DRBG *drbg; }; /* @@ -1346,6 +1414,18 @@ typedef struct sigalg_lookup_st { int curve; } SIGALG_LOOKUP; +typedef struct tls_group_info_st { + int nid; /* Curve NID */ + int secbits; /* Bits of security (from SP800-57) */ + uint16_t flags; /* Flags: currently just group type */ +} TLS_GROUP_INFO; + +/* flags values */ +# define TLS_CURVE_TYPE 0x3 /* Mask for group type */ +# define TLS_CURVE_PRIME 0x0 +# define TLS_CURVE_CHAR2 0x1 +# define TLS_CURVE_CUSTOM 0x2 + typedef struct cert_pkey_st CERT_PKEY; /* @@ -1448,11 +1528,14 @@ typedef struct ssl3_state_st { * signature algorithms peer reports: e.g. supported signature * algorithms extension for server or as part of a certificate * request for client. + * Keep track of the algorithms for TLS and X.509 usage separately. */ uint16_t *peer_sigalgs; - /* Size of above array */ + uint16_t *peer_cert_sigalgs; + /* Size of above arrays */ size_t peer_sigalgslen; - /* Sigalg peer actualy uses */ + size_t peer_cert_sigalgslen; + /* Sigalg peer actually uses */ const SIGALG_LOOKUP *peer_sigalg; /* * Set if corresponding CERT_PKEY can be used with current @@ -1520,7 +1603,7 @@ typedef struct ssl3_state_st { /* For clients: peer temporary key */ # if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) /* The group_id for the DH/ECDH key */ - unsigned int group_id; + uint16_t group_id; EVP_PKEY *peer_tmp; # endif @@ -1537,7 +1620,7 @@ typedef struct ssl3_state_st { /* * Flag used in message reuse to indicate the buffer contains the record - * header as well as the the handshake message header. + * header as well as the handshake message header. */ # define DTLS1_SKIP_RECORD_HEADER 2 @@ -1619,11 +1702,15 @@ typedef struct dtls1_state_st { */ struct timeval next_timeout; /* Timeout duration */ - unsigned short timeout_duration; + unsigned int timeout_duration_us; + unsigned int retransmitting; # ifndef OPENSSL_NO_SCTP int shutdown_received; # endif + + DTLS_timer_cb timer_cb; + } DTLS1_STATE; # ifndef OPENSSL_NO_EC @@ -1855,9 +1942,12 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 #define TLSEXT_SIGALG_ecdsa_sha224 0x0303 #define TLSEXT_SIGALG_ecdsa_sha1 0x0203 -#define TLSEXT_SIGALG_rsa_pss_sha256 0x0804 -#define TLSEXT_SIGALG_rsa_pss_sha384 0x0805 -#define TLSEXT_SIGALG_rsa_pss_sha512 0x0806 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 +#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809 +#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a +#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b #define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 #define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 #define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 @@ -1873,6 +1963,7 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded #define TLSEXT_SIGALG_ed25519 0x0807 +#define TLSEXT_SIGALG_ed448 0x0808 /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 @@ -2067,6 +2158,13 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx) && s->cert->pkeys[idx].privatekey != NULL; } +static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, + size_t *pgroupslen) +{ + *pgroups = s->session->ext.supportedgroups; + *pgroupslen = s->session->ext.supportedgroups_len; +} + # ifndef OPENSSL_UNIT_TEST __owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); @@ -2077,8 +2175,9 @@ __owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); +__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); -__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al); +__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); @@ -2090,12 +2189,11 @@ __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, **sorted, const char *rule_str, CERT *c); -__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, - int sslv2format, int *al); +__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **skp, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, - int *al); + int fatal); void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, @@ -2114,7 +2212,6 @@ __owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_set_current(CERT *c, long arg); -__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first); void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); @@ -2122,6 +2219,7 @@ __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); +__owur int ssl_randbytes(SSL *s, unsigned char *buf, size_t num); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); @@ -2149,8 +2247,11 @@ __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int genmaster); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); +__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); +__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); __owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id); +__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len); @@ -2174,7 +2275,7 @@ __owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, __owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, - CERT_PKEY *cpk, int *al); + CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); @@ -2210,9 +2311,10 @@ __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); __owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd); -__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd, - int *al); -int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version); +__owur int ssl_choose_client_version(SSL *s, int version, + RAW_EXTENSION *extensions); +__owur int ssl_get_min_max_version(const SSL *s, int *min_version, + int *max_version); __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); @@ -2243,7 +2345,6 @@ __owur int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, size_t cookie_len); -__owur int dtls1_send_newsession_ticket(SSL *s); __owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); __owur int dtls1_query_mtu(SSL *s); @@ -2251,8 +2352,6 @@ __owur int dtls1_query_mtu(SSL *s); __owur int tls1_new(SSL *s); void tls1_free(SSL *s); int tls1_clear(SSL *s); -long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); -long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); __owur int dtls1_new(SSL *s); void dtls1_free(SSL *s); @@ -2310,6 +2409,11 @@ __owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen, int use_context); +__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); @@ -2321,37 +2425,25 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); # ifndef OPENSSL_NO_EC -/* Flags values from tls1_ec_curve_id2nid() */ -/* Mask for curve type */ -# define TLS_CURVE_TYPE 0x3 -# define TLS_CURVE_PRIME 0x0 -# define TLS_CURVE_CHAR2 0x1 -# define TLS_CURVE_CUSTOM 0x2 - -#define bytestogroup(bytes) ((unsigned int)(bytes[0] << 8 | bytes[1])) -__owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags); -__owur int tls1_ec_nid2curve_id(int nid); -__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); -__owur int tls1_shared_group(SSL *s, int nmatch); -__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen, +__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); +__owur int tls1_check_group_id(SSL *s, uint16_t group_id); +__owur uint16_t tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, +__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str); void tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -__owur EVP_PKEY *ssl_generate_pkey_curve(int id); +__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); +__owur EVP_PKEY *ssl_generate_param_group(uint16_t id); # endif /* OPENSSL_NO_EC */ -__owur int tls1_shared_list(SSL *s, - const unsigned char *l1, size_t l1len, - const unsigned char *l2, size_t l2len, int nmatch); -__owur int tls_curve_allowed(SSL *s, const unsigned char *curve, int op); -__owur int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves, - size_t *num_curves); +__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op); +void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, + size_t *pgroupslen); -void ssl_set_default_md(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s); /* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */ @@ -2368,7 +2460,7 @@ typedef enum ticket_en { TICKET_NO_DECRYPT, /* a ticket was successfully decrypted */ TICKET_SUCCESS, - /* same as above but the ticket needs to be reneewed */ + /* same as above but the ticket needs to be renewed */ TICKET_SUCCESS_RENEW } TICKET_RETURN; @@ -2384,6 +2476,8 @@ __owur int tls_use_ticket(SSL *s); void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); +__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, + int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, @@ -2402,20 +2496,21 @@ __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy); -int tls_choose_sigalg(SSL *s, int *al); +int tls_choose_sigalg(SSL *s, int fatalerrs); __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); __owur long ssl_get_algorithm2(SSL *s); __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, const uint16_t *psig, size_t psiglen); -__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt); +__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen); +__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert); __owur int tls1_process_sigalgs(SSL *s); __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); -void ssl_set_client_disabled(SSL *s); +__owur int ssl_set_client_disabled(SSL *s); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, @@ -2465,7 +2560,11 @@ __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); -__owur int srp_verify_server_param(SSL *s, int *al); +__owur int srp_verify_server_param(SSL *s); + +/* statem/statem_srvr.c */ + +__owur int send_certificate_request(SSL *s); /* statem/extensions_cust.c */ @@ -2477,9 +2576,9 @@ void custom_ext_init(custom_ext_methods *meths); __owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, - X509 *x, size_t chainidx, int *al); + X509 *x, size_t chainidx); __owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, - size_t chainidx, int maxversion, int *al); + size_t chainidx, int maxversion); __owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);