/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
#ifndef HEADER_SSL_LOCL_H
# define HEADER_SSL_LOCL_H
+
+# include "e_os.h" /* struct timeval for DTLS */
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include <errno.h>
-# include "e_os.h"
-# if defined(__unix) || defined(__unix__)
-# include <sys/time.h> /* struct timeval for DTLS */
-# endif
-
# include <openssl/buffer.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
# define SSL_aGOST12 0x00000080U
/* Any appropriate signature auth (for TLS 1.3 ciphersuites) */
# define SSL_aANY 0x00000000U
+/* All bits requiring a certificate */
+#define SSL_aCERT \
+ (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12)
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U
# define SSL_AES256CCM8 0x00020000U
# define SSL_eGOST2814789CNT12 0x00040000U
# define SSL_CHACHA20POLY1305 0x00080000U
+# define SSL_ARIA128GCM 0x00100000U
+# define SSL_ARIA256GCM 0x00200000U
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
+# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM)
+# define SSL_ARIA (SSL_ARIAGCM)
/* Bits for algorithm_mac (symmetric authentication) */
/* Mostly for SSLv3 */
# define SSL_PKEY_RSA 0
-# define SSL_PKEY_DSA_SIGN 1
-# define SSL_PKEY_ECC 2
-# define SSL_PKEY_GOST01 3
-# define SSL_PKEY_GOST12_256 4
-# define SSL_PKEY_GOST12_512 5
-# define SSL_PKEY_NUM 6
+# define SSL_PKEY_RSA_PSS_SIGN 1
+# define SSL_PKEY_DSA_SIGN 2
+# define SSL_PKEY_ECC 3
+# define SSL_PKEY_GOST01 4
+# define SSL_PKEY_GOST12_256 5
+# define SSL_PKEY_GOST12_512 6
+# define SSL_PKEY_ED25519 7
+# define SSL_PKEY_NUM 8
/*
* Pseudo-constant. GOST cipher suites can use different certs for 1
* SSL_CIPHER. So let's see which one we have in fact.
*/
# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1
-/*
- * TODO(TLS1.3) for now use SSL_PKEY_RSA keys for PSS
- */
-
-#define SSL_PKEY_RSA_PSS_SIGN SSL_PKEY_RSA
-
/*-
* SSL_kRSA <- RSA_ENC
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
struct ssl_cipher_st {
uint32_t valid;
const char *name; /* text name */
+ const char *stdname; /* RFC name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 1.0.0: these four used to be portions of a single value
unsigned flags;
unsigned long mask;
int (*ssl_new) (SSL *s);
- void (*ssl_clear) (SSL *s);
+ int (*ssl_clear) (SSL *s);
void (*ssl_free) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
* in here? */
size_t master_key_length;
+ /* TLSv1.3 early_secret used for external PSKs */
+ unsigned char early_secret[EVP_MAX_MD_SIZE];
/*
* For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
* master secret
/* Session lifetime hint in seconds */
unsigned long tick_lifetime_hint;
uint32_t tick_age_add;
+ unsigned char *tick_nonce;
+ size_t tick_nonce_len;
int tick_identity;
/* Max number of bytes that can be sent as early data */
uint32_t max_early_data;
int parsed;
/* The type of this extension, i.e. a TLSEXT_TYPE_* value */
unsigned int type;
+ /* Track what order extensions are received in (0-based). */
+ size_t received_order;
} RAW_EXTENSION;
typedef struct {
TLSEXT_IDX_ec_point_formats,
TLSEXT_IDX_supported_groups,
TLSEXT_IDX_session_ticket,
- TLSEXT_IDX_signature_algorithms,
TLSEXT_IDX_status_request,
TLSEXT_IDX_next_proto_neg,
TLSEXT_IDX_application_layer_protocol_negotiation,
TLSEXT_IDX_encrypt_then_mac,
TLSEXT_IDX_signed_certificate_timestamp,
TLSEXT_IDX_extended_master_secret,
+ TLSEXT_IDX_signature_algorithms,
TLSEXT_IDX_supported_versions,
TLSEXT_IDX_psk_kex_modes,
TLSEXT_IDX_key_share,
ENGINE *client_cert_engine;
# endif
- /* Early callback. Mostly for extensions, but not entirely. */
- SSL_early_cb_fn early_cb;
- void *early_cb_arg;
+ /* ClientHello callback. Mostly for extensions, but not entirely. */
+ SSL_client_hello_cb_fn client_hello_cb;
+ void *client_hello_cb_arg;
/* TLS extensions. */
struct {
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
+ SSL_psk_find_session_cb_func psk_find_session_cb;
+ SSL_psk_use_session_cb_func psk_use_session_cb;
# ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+ unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
EVP_MD_CTX *read_hash; /* used for mac generation */
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */
SSL_SESSION *session;
+ /* TLSv1.3 PSK session */
+ SSL_SESSION *psksession;
+ unsigned char *psksession_id;
+ size_t psksession_id_len;
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
/* Used in SSL3 */
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
+ SSL_psk_find_session_cb_func psk_find_session_cb;
+ SSL_psk_use_session_cb_func psk_use_session_cb;
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
size_t tls13_cookie_len;
} ext;
- /* Parsed form of the ClientHello, kept around across early_cb calls. */
+ /*
+ * Parsed form of the ClientHello, kept around across client_hello_cb
+ * calls.
+ */
CLIENTHELLO_MSG *clienthello;
/*-
size_t block_padding;
CRYPTO_RWLOCK *lock;
+ RAND_DRBG *drbg;
};
/*
const char *name;
/* Raw value used in extension */
uint16_t sigalg;
- /* NID of hash algorithm */
+ /* NID of hash algorithm or NID_undef if no hash */
int hash;
- /* Index of hash algorithm */
+ /* Index of hash algorithm or -1 if no hash algorithm */
int hash_idx;
/* NID of signature algorithm */
int sig;
typedef struct cert_pkey_st CERT_PKEY;
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+ int nid; /* NID of pubic key algorithm */
+ uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
typedef struct ssl3_state_st {
long flags;
size_t read_mac_secret_size;
*/
struct timeval next_timeout;
/* Timeout duration */
- unsigned short timeout_duration;
+ unsigned int timeout_duration_us;
+
unsigned int retransmitting;
# ifndef OPENSSL_NO_SCTP
int shutdown_received;
# endif
+
+ DTLS_timer_cb timer_cb;
+
} DTLS1_STATE;
# ifndef OPENSSL_NO_EC
#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403
#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503
#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603
+#define TLSEXT_SIGALG_ecdsa_sha224 0x0303
#define TLSEXT_SIGALG_ecdsa_sha1 0x0203
#define TLSEXT_SIGALG_rsa_pss_sha256 0x0804
#define TLSEXT_SIGALG_rsa_pss_sha384 0x0805
#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401
#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501
#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601
+#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301
#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201
#define TLSEXT_SIGALG_dsa_sha256 0x0402
#define TLSEXT_SIGALG_dsa_sha384 0x0502
#define TLSEXT_SIGALG_dsa_sha512 0x0602
+#define TLSEXT_SIGALG_dsa_sha224 0x0302
#define TLSEXT_SIGALG_dsa_sha1 0x0202
#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee
#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef
#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded
+#define TLSEXT_SIGALG_ed25519 0x0807
+
/* Known PSK key exchange modes */
#define TLSEXT_KEX_MODE_KE 0x00
#define TLSEXT_KEX_MODE_KE_DHE 0x01
__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
size_t *int_overhead, size_t *blocksize,
size_t *ext_overhead);
-__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
+__owur int ssl_cert_is_disabled(size_t idx);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
const unsigned char *ptr,
int all);
__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_select_current(CERT *c, X509 *x);
__owur int ssl_cert_set_current(CERT *c, long arg);
-__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref);
+__owur int ssl_randbytes(SSL *s, unsigned char *buf, size_t num);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+ size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
int ssl_undefined_function(SSL *s);
__owur int ssl_undefined_void_function(void);
__owur int ssl_undefined_const_function(const SSL *s);
__owur int ssl_get_server_cert_serverinfo(SSL *s,
const unsigned char **serverinfo,
size_t *serverinfo_length);
-__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);
__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
__owur int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
+int ssl3_clear(SSL *s);
__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
void dtls1_double_timeout(SSL *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
size_t cookie_len);
-__owur int dtls1_send_newsession_ticket(SSL *s);
__owur size_t dtls1_min_mtu(SSL *s);
void dtls1_hm_fragment_free(hm_fragment *frag);
__owur int dtls1_query_mtu(SSL *s);
__owur int tls1_new(SSL *s);
void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+int tls1_clear(SSL *s);
__owur int dtls1_new(SSL *s);
void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
+int dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s);
__owur int ssl_init_wbio_buffer(SSL *s);
-void ssl_free_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
const unsigned char *secret,
const unsigned char *label, size_t labellen,
- const unsigned char *hash,
+ const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen);
__owur int tls13_derive_key(SSL *s, const EVP_MD *md,
const unsigned char *secret, unsigned char *key,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
+__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen,
+ const unsigned char *context,
+ size_t contextlen, int use_context);
__owur int tls1_alert_code(int code);
__owur int tls13_alert_code(int code);
__owur int ssl3_alert_code(int code);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
# endif /* OPENSSL_NO_EC */
-__owur int tls1_shared_list(SSL *s,
- const unsigned char *l1, size_t l1len,
- const unsigned char *l2, size_t l2len, int nmatch);
__owur int tls_curve_allowed(SSL *s, const unsigned char *curve, int op);
__owur int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves,
size_t *num_curves);
-void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s);
/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
TICKET_NO_DECRYPT,
/* a ticket was successfully decrypted */
TICKET_SUCCESS,
- /* same as above but the ticket needs to be reneewed */
+ /* same as above but the ticket needs to be renewed */
TICKET_SUCCESS_RENEW
} TICKET_RETURN;
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
__owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);
projects / openssl.git / blobdiff