X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=86c250b695f3fdad6c0ec3b5ba4d73ff34972e64;hb=bd3d8c12606c48388be61db0681ac759804b6100;hp=b590b53630ef56d990137221853dea9ebec3d6b1;hpb=1d0c08b4963f5f7e1d1855e360417a11973d8455;p=openssl.git diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b590b53630..86c250b695 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -381,12 +381,8 @@ # define SSL_PKEY_GOST12_256 5 # define SSL_PKEY_GOST12_512 6 # define SSL_PKEY_ED25519 7 -# define SSL_PKEY_NUM 8 -/* - * Pseudo-constant. GOST cipher suites can use different certs for 1 - * SSL_CIPHER. So let's see which one we have in fact. - */ -# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 +# define SSL_PKEY_ED448 8 +# define SSL_PKEY_NUM 9 /*- * SSL_kRSA <- RSA_ENC @@ -474,6 +470,8 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; +# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64 + /*- * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { @@ -509,9 +507,9 @@ struct ssl_session_st { unsigned char early_secret[EVP_MAX_MD_SIZE]; /* * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption - * master secret + * PSK */ - unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH]; + unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH]; /* session_id - valid? */ size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; @@ -549,7 +547,7 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to * load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to @@ -571,8 +569,6 @@ struct ssl_session_st { /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; - unsigned char *tick_nonce; - size_t tick_nonce_len; int tick_identity; /* Max number of bytes that can be sent as early data */ uint32_t max_early_data; @@ -590,6 +586,8 @@ struct ssl_session_st { # ifndef OPENSSL_NO_SRP char *srp_username; # endif + unsigned char *ticket_appdata; + size_t ticket_appdata_len; uint32_t flags; CRYPTO_RWLOCK *lock; }; @@ -730,13 +728,21 @@ DEFINE_LHASH_OF(SSL_SESSION); /* Needed in ssl_cert.c */ DEFINE_LHASH_OF(X509_NAME); -# define TLSEXT_KEYNAME_LENGTH 16 +# define TLSEXT_KEYNAME_LENGTH 16 +# define TLSEXT_TICK_KEY_LENGTH 32 + +typedef struct ssl_ctx_ext_secure_st { + unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH]; + unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; +} SSL_CTX_EXT_SECURE; struct ssl_ctx_st { const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; + /* TLSv1.3 specific ciphersuites */ + STACK_OF(SSL_CIPHER) *tls13_ciphersuites; struct x509_store_st /* X509_STORE */ *cert_store; LHASH_OF(SSL_SESSION) *sessions; /* @@ -817,6 +823,14 @@ struct ssl_ctx_st { int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie, unsigned int cookie_len); + /* TLS1.3 app-controlled cookie generate callback */ + int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie, + size_t *cookie_len); + + /* TLS1.3 verify app-controlled cookie callback */ + int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie, + size_t cookie_len); + CRYPTO_EX_DATA ex_data; const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ @@ -914,8 +928,7 @@ struct ssl_ctx_st { void *servername_arg; /* RFC 4507 session ticket keys */ unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH]; - unsigned char tick_hmac_key[32]; - unsigned char tick_aes_key[32]; + SSL_CTX_EXT_SECURE *secure; /* Callback to support customisation of ticket key setting */ int (*ticket_key_cb) (SSL *ssl, unsigned char *name, unsigned char *iv, @@ -1001,8 +1014,10 @@ struct ssl_ctx_st { /* Shared DANE context */ struct dane_ctx_st dane; +# ifndef OPENSSL_NO_SRTP /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; +# endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. @@ -1024,6 +1039,14 @@ struct ssl_ctx_st { size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); void *record_padding_arg; size_t block_padding; + + /* Session ticket appdata */ + SSL_CTX_generate_session_ticket_fn generate_ticket_cb; + SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb; + void *ticket_cb_data; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; }; struct ssl_st { @@ -1032,6 +1055,8 @@ struct ssl_st { * DTLS1_VERSION) */ int version; + /* TODO(TLS1.3): Remove this before release */ + int version_draft; /* SSLv3 */ const SSL_METHOD *method; /* @@ -1092,18 +1117,20 @@ struct ssl_st { /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; + /* TLSv1.3 specific ciphersuites */ + STACK_OF(SSL_CIPHER) *tls13_ciphersuites; /* * These are the ones being used, the ones in SSL_SESSION are the ones to * be 'copied' into these ones */ uint32_t mac_flags; /* - * The TLS1.3 secrets. The resumption master secret is stored in the - * session. + * The TLS1.3 secrets. */ unsigned char early_secret[EVP_MAX_MD_SIZE]; unsigned char handshake_secret[EVP_MAX_MD_SIZE]; unsigned char master_secret[EVP_MAX_MD_SIZE]; + unsigned char resumption_master_secret[EVP_MAX_MD_SIZE]; unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_hash[EVP_MAX_MD_SIZE]; @@ -1111,6 +1138,7 @@ struct ssl_st { unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; + unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ EVP_MD_CTX *read_hash; /* used for mac generation */ @@ -1332,10 +1360,12 @@ struct ssl_st { int scts_parsed; # endif SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ +# ifndef OPENSSL_NO_SRTP /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; +# endif /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1387,6 +1417,13 @@ struct ssl_st { CRYPTO_RWLOCK *lock; RAND_DRBG *drbg; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; + /* The number of TLS1.3 tickets actually sent so far */ + size_t sent_tickets; + /* The next nonce value to use when we send a ticket on this connection */ + uint64_t next_ticket_nonce; }; /* @@ -1961,6 +1998,7 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded #define TLSEXT_SIGALG_ed25519 0x0807 +#define TLSEXT_SIGALG_ed448 0x0808 /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 @@ -2180,10 +2218,11 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, - STACK_OF(SSL_CIPHER) **pref, - STACK_OF(SSL_CIPHER) - **sorted, +__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); +__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); __owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); @@ -2216,7 +2255,6 @@ __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); -__owur int ssl_randbytes(SSL *s, unsigned char *buf, size_t num); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); @@ -2233,7 +2271,7 @@ __owur int ssl_get_server_cert_serverinfo(SSL *s, size_t *serverinfo_length); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); -__owur int ssl_verify_alarm_type(long type); +__owur int ssl_x509err2alert(int type); void ssl_sort_cipher_list(void); int ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, @@ -2406,6 +2444,11 @@ __owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, size_t contextlen, int use_context); +__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); @@ -2419,7 +2462,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); # ifndef OPENSSL_NO_EC __owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); -__owur int tls1_check_group_id(SSL *s, uint16_t group_id); +__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *curves, size_t ncurves); @@ -2438,30 +2481,12 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, __owur int tls1_set_server_sigalgs(SSL *s); -/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */ -typedef enum ticket_en { - /* fatal error, malloc failure */ - TICKET_FATAL_ERR_MALLOC, - /* fatal error, either from parsing or decrypting the ticket */ - TICKET_FATAL_ERR_OTHER, - /* No ticket present */ - TICKET_NONE, - /* Empty ticket present */ - TICKET_EMPTY, - /* the ticket couldn't be decrypted */ - TICKET_NO_DECRYPT, - /* a ticket was successfully decrypted */ - TICKET_SUCCESS, - /* same as above but the ticket needs to be renewed */ - TICKET_SUCCESS_RENEW -} TICKET_RETURN; - -__owur TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, - SSL_SESSION **ret); -__owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, - size_t eticklen, - const unsigned char *sess_id, - size_t sesslen, SSL_SESSION **psess); +__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, + SSL_SESSION **ret); +__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, + size_t eticklen, + const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess); __owur int tls_use_ticket(SSL *s); @@ -2537,6 +2562,8 @@ __owur int ssl_log_secret(SSL *ssl, const char *label, #define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET" #define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0" #define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0" +#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" +#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" /* s3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); @@ -2580,6 +2607,9 @@ void custom_exts_free(custom_ext_methods *exts); void ssl_comp_free_compression_methods_int(void); +/* ssl_mcnf.c */ +void ssl_ctx_system_config(SSL_CTX *ctx); + # else /* OPENSSL_UNIT_TEST */ # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer