X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl3.h;h=8bd201e08baa7704ea80b0c1894318b008a930ba;hp=29cd3da860fc68d41ef2cef0a50fa3da7a07e3a2;hb=358d352aa244b4f2ef655bccff6658d92d5ce03c;hpb=761772d7e19145fa9afb2a0c830ead69a33f3fa5 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 29cd3da860..8bd201e08b 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -128,6 +128,9 @@ extern "C" { #endif +/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +#define SSL3_CK_SCSV 0x030000FF + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 @@ -146,12 +149,18 @@ extern "C" { #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 -#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 -#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 -#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 -#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 -#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 -#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 +#define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +#define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +#define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +#define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +#define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +#define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA #define SSL3_CK_ADH_RC4_40_MD5 0x03000017 #define SSL3_CK_ADH_RC4_128_MD5 0x03000018 @@ -205,6 +214,17 @@ extern "C" { #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" +#define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +#define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +#define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +#define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +#define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* This next block of six "EDH" labels is for backward compatibility + with older versions of OpenSSL. New code should use the six "DHE" + labels above instead: + */ #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" @@ -248,6 +268,8 @@ extern "C" { #define SSL3_SESSION_ID_SIZE 32 #define SSL3_RT_HEADER_LENGTH 5 +#define SSL3_HM_HEADER_LENGTH 4 + #ifndef SSL3_ALIGN_PAYLOAD /* Some will argue that this increases memory footprint, but it's * not actually true. Point is that malloc has to return at least @@ -319,6 +341,24 @@ extern "C" { #define SSL3_RT_ALERT 21 #define SSL3_RT_HANDSHAKE 22 #define SSL3_RT_APPLICATION_DATA 23 +#define TLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +#define TLS1_RT_CRYPTO 0x1000 +#define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +#define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +#define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +#define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +#define TLS1_RT_CRYPTO_READ 0x0000 +#define TLS1_RT_CRYPTO_WRITE 0x0100 +#define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +#define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +#define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +#define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content type for SSL/TLS header info */ +#define SSL3_RT_HEADER 0x100 #define SSL3_AL_WARNING 1 #define SSL3_AL_FATAL 2 @@ -336,10 +376,19 @@ extern "C" { #define SSL3_AD_CERTIFICATE_UNKNOWN 46 #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ +#define TLS1_HB_REQUEST 1 +#define TLS1_HB_RESPONSE 2 + +#ifndef OPENSSL_NO_SSL_INTERN + typedef struct ssl3_record_st { /*r */ int type; /* type of record */ /*rw*/ unsigned int length; /* How many bytes available */ +/*rw*/ unsigned int orig_len; /* How many bytes were available before padding + was removed? This is used to implement the + MAC check in constant time for CBC records. + */ /*r */ unsigned int off; /* read/write offset into 'buf' */ /*rw*/ unsigned char *data; /* pointer to the record data */ /*rw*/ unsigned char *input; /* where the decode bytes are */ @@ -357,6 +406,8 @@ typedef struct ssl3_buffer_st int left; /* how many bytes left */ } SSL3_BUFFER; +#endif + #define SSL3_CT_RSA_SIGN 1 #define SSL3_CT_DSS_SIGN 2 #define SSL3_CT_RSA_FIXED_DH 3 @@ -368,13 +419,30 @@ typedef struct ssl3_buffer_st * enough to contain all of the cert types defined either for * SSLv3 and TLSv1. */ -#define SSL3_CT_NUMBER 7 +#define SSL3_CT_NUMBER 9 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 #define SSL3_FLAGS_POP_BUFFER 0x0004 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 +#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 + +/* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us + * from restarting the handshake in a loop. It's reset on a + * renegotiation, so effectively limits the client to one restart + * per negotiation. This limits the possibility of a DDoS + * attack where the client handshakes in a loop using SGC to + * restart. Servers which permit renegotiation can still be + * effected, but we can't prevent that. + */ +#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +/* Set if we encrypt then mac instead of usual mac then encrypt */ +#define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0080 + +#ifndef OPENSSL_NO_SSL_INTERN typedef struct ssl3_state_st { @@ -460,12 +528,12 @@ typedef struct ssl3_state_st int finish_md_len; unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; int peer_finish_md_len; - + unsigned long message_size; int message_type; /* used to hold the new cipher we are going to use */ - SSL_CIPHER *new_cipher; + const SSL_CIPHER *new_cipher; #ifndef OPENSSL_NO_DH DH *dh; #endif @@ -502,13 +570,56 @@ typedef struct ssl3_state_st int cert_request; } tmp; + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + +#ifndef OPENSSL_NO_NEXTPROTONEG + /* Set if we saw the Next Protocol Negotiation extension from our peer. */ + int next_proto_neg_seen; +#endif + +#ifndef OPENSSL_NO_TLSEXT + /* serverinfo_client_tlsext_custom_types contains an array of TLS Extension types which + * were advertised by the client in its ClientHello and leveraged by ServerInfo TLS extension callbacks. + * The array does not contain any duplicates, and is in the same order + * as the types were received in the client hello. */ + unsigned short *serverinfo_client_tlsext_custom_types; + size_t serverinfo_client_tlsext_custom_types_count; /* how many serverinfo_client_tlsext_custom_types */ + + /* ALPN information + * (we are in the process of transitioning from NPN to ALPN.) */ + + /* In a server these point to the selected ALPN protocol after the + * ClientHello has been processed. In a client these contain the + * protocol that the server selected once the ServerHello has been + * processed. */ + unsigned char *alpn_selected; + unsigned alpn_selected_len; + +#ifndef OPENSSL_NO_EC + /* This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari + * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ + char is_probably_safari; +#endif /* !OPENSSL_NO_EC */ + +#endif /* !OPENSSL_NO_TLSEXT */ } SSL3_STATE; +#endif /* SSLv3 */ /*client */ /* extra state */ #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) +#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) +#endif /* write to server */ #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) @@ -525,6 +636,10 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_CONNECT) +#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_CONNECT) +#endif /* write to server */ #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) @@ -536,6 +651,14 @@ typedef struct ssl3_state_st #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +#endif +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT) +#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT) +#endif #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ @@ -545,15 +668,26 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) /* server */ /* extra state */ #define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) +#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) +#endif /* read from client */ /* Do not change the number values, they do matter */ #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_SR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_ACCEPT) +#define SSL3_ST_SR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_ACCEPT) +#endif /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) @@ -579,6 +713,10 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) +#endif #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) /* write to client */ @@ -586,8 +724,14 @@ typedef struct ssl3_state_st #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_CONNECT) -#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_CONNECT) +#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_ACCEPT) +#endif #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 @@ -600,6 +744,13 @@ typedef struct ssl3_state_st #define SSL3_MT_CERTIFICATE_VERIFY 15 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_MT_SUPPLEMENTAL_DATA 23 +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_MT_NEXT_PROTO 67 +#endif #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 @@ -619,4 +770,3 @@ typedef struct ssl3_state_st } #endif #endif -