X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=9fb6e89b3649d9daa04ca3db9f601e83e09d06a1;hp=a1c8da8890a6f737c5a618c5f22349181d8a53c6;hb=f75b34c8c81d7277fa002120d4c8dc36c39d1ff5;hpb=817cd0d52f0462039d1fe60462150be7f59d2002 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a1c8da8890..9fb6e89b36 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,115 +1,12 @@ /* - * ! \file ssl/ssl_lib.c \brief Version independent SSL functions. - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by @@ -142,9 +39,7 @@ * OTHERWISE. */ -#ifdef REF_DEBUG -# include -#endif +#include #include #include "ssl_locl.h" #include @@ -152,16 +47,10 @@ #include #include #include -#ifndef OPENSSL_NO_DH -# include -#endif -#ifndef OPENSSL_NO_ENGINE -# include -#endif +#include +#include #include -#ifndef OPENSSL_NO_CT -# include -#endif +#include const char SSL_version_str[] = OPENSSL_VERSION_TEXT; @@ -223,6 +112,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx) mdord = OPENSSL_zalloc(n * sizeof(*mdord)); if (mdord == NULL || mdevp == NULL) { + OPENSSL_free(mdord); OPENSSL_free(mdevp); SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE); return 0; @@ -265,7 +155,7 @@ static void tlsa_free(danetls_record *t) OPENSSL_free(t); } -static void dane_final(struct dane_st *dane) +static void dane_final(SSL_DANE *dane) { sk_danetls_record_pop_free(dane->trecs, tlsa_free); dane->trecs = NULL; @@ -292,10 +182,18 @@ static int ssl_dane_dup(SSL *to, SSL *from) return 1; dane_final(&to->dane); + to->dane.dctx = &to->ctx->dane; + to->dane.trecs = sk_danetls_record_new_null(); + + if (to->dane.trecs == NULL) { + SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE); + return 0; + } num = sk_danetls_record_num(from->dane.trecs); for (i = 0; i < num; ++i) { danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); + if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, t->data, t->dlen) <= 0) return 0; @@ -352,7 +250,7 @@ static int dane_mtype_set( return 1; } -static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype) +static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype) { if (mtype > dane->dctx->mdmax) return NULL; @@ -360,7 +258,7 @@ static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype) } static int dane_tlsa_add( - struct dane_st *dane, + SSL_DANE *dane, uint8_t usage, uint8_t selector, uint8_t mtype, @@ -371,6 +269,7 @@ static int dane_tlsa_add( const EVP_MD *md = NULL; int ilen = (int)dlen; int i; + int num; if (dane->trecs == NULL) { SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED); @@ -503,8 +402,10 @@ static int dane_tlsa_add( * The choice of order for the selector is not significant, so we * use the same descending order for consistency. */ - for (i = 0; i < sk_danetls_record_num(dane->trecs); ++i) { + num = sk_danetls_record_num(dane->trecs); + for (i = 0; i < num; ++i) { danetls_record *rec = sk_danetls_record_value(dane->trecs, i); + if (rec->usage > usage) continue; if (rec->usage < usage) @@ -631,6 +532,13 @@ SSL *SSL_new(SSL_CTX *ctx) if (s == NULL) goto err; + s->lock = CRYPTO_THREAD_lock_new(); + if (s->lock == NULL) { + SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(s); + return NULL; + } + RECORD_LAYER_init(&s->rlayer, s); s->options = ctx->options; @@ -677,18 +585,18 @@ SSL *SSL_new(SSL_CTX *ctx) if (ctx->default_read_buf_len > 0) SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len); - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + SSL_CTX_up_ref(ctx); s->ctx = ctx; s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; - s->tlsext_status_type = -1; + s->tlsext_status_type = ctx->tlsext_status_type; s->tlsext_status_expected = 0; s->tlsext_ocsp_ids = NULL; s->tlsext_ocsp_exts = NULL; s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + SSL_CTX_up_ref(ctx); s->initial_ctx = ctx; # ifndef OPENSSL_NO_EC if (ctx->tlsext_ecpointformatlist) { @@ -740,7 +648,8 @@ SSL *SSL_new(SSL_CTX *ctx) if (!SSL_clear(s)) goto err; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data)) + goto err; #ifndef OPENSSL_NO_PSK s->psk_client_callback = ctx->psk_client_callback; @@ -755,16 +664,23 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; #endif - return (s); + return s; err: SSL_free(s); SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } -void SSL_up_ref(SSL *s) +int SSL_up_ref(SSL *s) { - CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); + int i; + + if (CRYPTO_atomic_add(&s->references, 1, &i, s->lock) <= 0) + return 0; + + REF_PRINT_COUNT("SSL", s); + REF_ASSERT_ISNT(i < 2); + return ((i > 1) ? 1 : 0); } int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, @@ -797,17 +713,17 @@ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_write_lock(ctx->lock); ctx->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_unlock(ctx->lock); return 1; } int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); + CRYPTO_THREAD_write_lock(ssl->lock); ssl->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + CRYPTO_THREAD_unlock(ssl->lock); return 1; } @@ -830,9 +746,9 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_read_lock(ssl->ctx->lock); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_THREAD_unlock(ssl->ctx->lock); return (p != NULL); } @@ -883,7 +799,7 @@ int SSL_CTX_dane_enable(SSL_CTX *ctx) int SSL_dane_enable(SSL *s, const char *basedomain) { - struct dane_st *dane = &s->dane; + SSL_DANE *dane = &s->dane; if (s->ctx->dane.mdmax == 0) { SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED); @@ -900,9 +816,9 @@ int SSL_dane_enable(SSL *s, const char *basedomain) * invalid input, set the SNI name first. */ if (s->tlsext_hostname == NULL) { - if (!SSL_set_tlsext_host_name(s, basedomain)) { + if (!SSL_set_tlsext_host_name(s, basedomain)) { SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); - return -1; + return -1; } } @@ -926,7 +842,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain) int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) { - struct dane_st *dane = &s->dane; + SSL_DANE *dane = &s->dane; if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) return -1; @@ -942,7 +858,7 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, unsigned const char **data, size_t *dlen) { - struct dane_st *dane = &s->dane; + SSL_DANE *dane = &s->dane; if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) return -1; @@ -961,7 +877,7 @@ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, return dane->mdpth; } -struct dane_st *SSL_get0_dane(SSL *s) +SSL_DANE *SSL_get0_dane(SSL *s) { return &s->dane; } @@ -1009,7 +925,7 @@ void SSL_free(SSL *s) if (s == NULL) return; - i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); + CRYPTO_atomic_add(&s->references, -1, &i, s->lock); REF_PRINT_COUNT("SSL", s); if (i > 0) return; @@ -1055,7 +971,9 @@ void SSL_free(SSL *s) OPENSSL_free(s->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); +#ifndef OPENSSL_NO_OCSP sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); +#endif #ifndef OPENSSL_NO_CT SCT_LIST_free(s->scts); OPENSSL_free(s->tlsext_scts); @@ -1084,6 +1002,8 @@ void SSL_free(SSL *s) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif + CRYPTO_THREAD_lock_free(s->lock); + OPENSSL_free(s); } @@ -1101,8 +1021,8 @@ void SSL_set_wbio(SSL *s, BIO *wbio) */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { - s->wbio = s->wbio->next_bio; - s->bbio->next_bio = NULL; + s->wbio = BIO_next(s->wbio); + BIO_set_next(s->bbio, NULL); } } if (s->wbio != wbio && s->rbio != s->wbio) @@ -1366,6 +1286,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) */ int SSL_copy_session_id(SSL *t, const SSL *f) { + int i; /* Do we need to to SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) { return 0; @@ -1381,7 +1302,7 @@ int SSL_copy_session_id(SSL *t, const SSL *f) return 0; } - CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); + CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock); ssl_cert_free(t->cert); t->cert = f->cert; if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) { @@ -1498,6 +1419,9 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, case ASYNC_PAUSE: s->rwstate = SSL_ASYNC_PAUSED; return -1; + case ASYNC_NO_JOBS: + s->rwstate = SSL_ASYNC_NO_JOBS; + return -1; case ASYNC_FINISH: s->job = NULL; return ret; @@ -1706,7 +1630,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) s->split_send_fragment = s->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if (larg > s->max_send_fragment || larg == 0) + if ((unsigned int)larg > s->max_send_fragment || larg == 0) return 0; s->split_send_fragment = larg; return 1; @@ -1738,8 +1662,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) } case SSL_CTRL_GET_EXTMS_SUPPORT: if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s)) - return -1; - if (s->session->flags & SSL_SESS_FLAG_EXTMS) + return -1; + if (s->session->flags & SSL_SESS_FLAG_EXTMS) return 1; else return 0; @@ -1857,10 +1781,10 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 0; ctx->max_send_fragment = larg; if (ctx->max_send_fragment < ctx->split_send_fragment) - ctx->split_send_fragment = ctx->split_send_fragment; + ctx->split_send_fragment = ctx->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if (larg > ctx->max_send_fragment || larg == 0) + if ((unsigned int)larg > ctx->max_send_fragment || larg == 0) return 0; ctx->split_send_fragment = larg; return 1; @@ -1994,6 +1918,15 @@ const char *SSL_get_cipher_list(const SSL *s, int n) return (c->name); } +/** return a STACK of the ciphers available for the SSL_CTX and in order of + * preference */ +STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) +{ + if (ctx != NULL) + return ctx->cipher_list; + return NULL; +} + /** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { @@ -2369,6 +2302,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /* We take the system default. */ ret->session_timeout = meth->get_timeout(); ret->references = 1; + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; ret->verify_mode = SSL_VERIFY_NONE; if ((ret->cert = ssl_cert_new()) == NULL) @@ -2409,7 +2348,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) goto err; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) + goto err; /* No compression for DTLS */ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) @@ -2418,10 +2358,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; - /* Setup RFC4507 ticket keys */ - if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + /* Setup RFC5077 ticket keys */ + if ((RAND_bytes(ret->tlsext_tick_key_name, sizeof(ret->tlsext_tick_key_name)) <= 0) + || (RAND_bytes(ret->tlsext_tick_hmac_key, sizeof(ret->tlsext_tick_hmac_key)) <= 0) + || (RAND_bytes(ret->tlsext_tick_aes_key, sizeof(ret->tlsext_tick_aes_key)) <= 0)) ret->options |= SSL_OP_NO_TICKET; #ifndef OPENSSL_NO_SRP @@ -2459,17 +2399,26 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_NO_COMPRESSION; - return (ret); + ret->tlsext_status_type = -1; + + return ret; err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); err2: SSL_CTX_free(ret); - return (NULL); + return NULL; } -void SSL_CTX_up_ref(SSL_CTX *ctx) +int SSL_CTX_up_ref(SSL_CTX *ctx) { - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + int i; + + if (CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock) <= 0) + return 0; + + REF_PRINT_COUNT("SSL_CTX", ctx); + REF_ASSERT_ISNT(i < 2); + return ((i > 1) ? 1 : 0); } void SSL_CTX_free(SSL_CTX *a) @@ -2479,7 +2428,7 @@ void SSL_CTX_free(SSL_CTX *a) if (a == NULL) return; - i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); + CRYPTO_atomic_add(&a->references, -1, &i, a->lock); REF_PRINT_COUNT("SSL_CTX", a); if (i > 0) return; @@ -2528,6 +2477,8 @@ void SSL_CTX_free(SSL_CTX *a) #endif OPENSSL_free(a->alpn_client_proto_list); + CRYPTO_THREAD_lock_free(a->lock); + OPENSSL_free(a); } @@ -2833,7 +2784,7 @@ void ssl_update_cache(SSL *s, int mode) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->session_ctx, s->session)) && (s->session_ctx->new_session_cb != NULL)) { - CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(s->session); if (!s->session_ctx->new_session_cb(s, s->session)) SSL_SESSION_free(s->session); } @@ -2902,56 +2853,61 @@ int SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SSL); } - if ((i < 0) && SSL_want_read(s)) { - bio = SSL_get_rbio(s); - if (BIO_should_read(bio)) - return (SSL_ERROR_WANT_READ); - else if (BIO_should_write(bio)) - /* - * This one doesn't make too much sense ... We never try to write - * to the rbio, and an application program where rbio and wbio - * are separate couldn't even know what it should wait for. - * However if we ever set s->rwstate incorrectly (so that we have - * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and - * wbio *are* the same, this test works around that bug; so it - * might be safer to keep it. - */ - return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); /* unknown */ + if (i < 0) { + if (SSL_want_read(s)) { + bio = SSL_get_rbio(s); + if (BIO_should_read(bio)) + return (SSL_ERROR_WANT_READ); + else if (BIO_should_write(bio)) + /* + * This one doesn't make too much sense ... We never try to write + * to the rbio, and an application program where rbio and wbio + * are separate couldn't even know what it should wait for. + * However if we ever set s->rwstate incorrectly (so that we have + * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and + * wbio *are* the same, this test works around that bug; so it + * might be safer to keep it. + */ + return (SSL_ERROR_WANT_WRITE); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return (SSL_ERROR_WANT_CONNECT); + else if (reason == BIO_RR_ACCEPT) + return (SSL_ERROR_WANT_ACCEPT); + else + return (SSL_ERROR_SYSCALL); /* unknown */ + } } - } - if ((i < 0) && SSL_want_write(s)) { - bio = SSL_get_wbio(s); - if (BIO_should_write(bio)) - return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_read(bio)) - /* - * See above (SSL_want_read(s) with BIO_should_write(bio)) - */ - return (SSL_ERROR_WANT_READ); - else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); + if (SSL_want_write(s)) { + bio = SSL_get_wbio(s); + if (BIO_should_write(bio)) + return (SSL_ERROR_WANT_WRITE); + else if (BIO_should_read(bio)) + /* + * See above (SSL_want_read(s) with BIO_should_write(bio)) + */ + return (SSL_ERROR_WANT_READ); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return (SSL_ERROR_WANT_CONNECT); + else if (reason == BIO_RR_ACCEPT) + return (SSL_ERROR_WANT_ACCEPT); + else + return (SSL_ERROR_SYSCALL); + } + } + if (SSL_want_x509_lookup(s)) { + return (SSL_ERROR_WANT_X509_LOOKUP); + } + if (SSL_want_async(s)) { + return SSL_ERROR_WANT_ASYNC; + } + if (SSL_want_async_job(s)) { + return SSL_ERROR_WANT_ASYNC_JOB; } - } - if ((i < 0) && SSL_want_x509_lookup(s)) { - return (SSL_ERROR_WANT_X509_LOOKUP); - } - if ((i < 0) && SSL_want_async(s)) { - return SSL_ERROR_WANT_ASYNC; } if (i == 0) { @@ -3034,32 +2990,37 @@ int ssl_undefined_const_function(const SSL *s) return (0); } -SSL_METHOD *ssl_bad_method(int ver) +const SSL_METHOD *ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (NULL); } -const char *SSL_get_version(const SSL *s) -{ - if (s->version == TLS1_2_VERSION) - return ("TLSv1.2"); - else if (s->version == TLS1_1_VERSION) - return ("TLSv1.1"); - else if (s->version == TLS1_VERSION) - return ("TLSv1"); - else if (s->version == SSL3_VERSION) - return ("SSLv3"); - else if (s->version == DTLS1_BAD_VER) - return ("DTLSv0.9"); - else if (s->version == DTLS1_VERSION) - return ("DTLSv1"); - else if (s->version == DTLS1_2_VERSION) - return ("DTLSv1.2"); +const char *ssl_protocol_to_string(int version) +{ + if (version == TLS1_2_VERSION) + return "TLSv1.2"; + else if (version == TLS1_1_VERSION) + return "TLSv1.1"; + else if (version == TLS1_VERSION) + return "TLSv1"; + else if (version == SSL3_VERSION) + return "SSLv3"; + else if (version == DTLS1_BAD_VER) + return "DTLSv0.9"; + else if (version == DTLS1_VERSION) + return "DTLSv1"; + else if (version == DTLS1_2_VERSION) + return "DTLSv1.2"; else return ("unknown"); } +const char *SSL_get_version(const SSL *s) +{ + return ssl_protocol_to_string(s->version); +} + SSL *SSL_dup(SSL *s) { STACK_OF(X509_NAME) *sk; @@ -3069,7 +3030,7 @@ SSL *SSL_dup(SSL *s) /* If we're not quiescent, just up_ref! */ if (!SSL_in_init(s) || !SSL_in_before(s)) { - CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); + CRYPTO_atomic_add(&s->references, 1, &i, s->lock); return s; } @@ -3107,7 +3068,8 @@ SSL *SSL_dup(SSL *s) goto err; } - ssl_dane_dup(ret, s); + if (!ssl_dane_dup(ret, s)) + goto err; ret->version = s->version; ret->options = s->options; ret->mode = s->mode; @@ -3297,13 +3259,7 @@ void ssl_free_wbio_buffer(SSL *s) if (s->bbio == s->wbio) { /* remove buffering */ s->wbio = BIO_pop(s->wbio); -#ifdef REF_DEBUG - /* - * not the usual REF_DEBUG, but this avoids - * adding one more preprocessor symbol - */ assert(s->wbio != NULL); -#endif } BIO_free(s->bbio); s->bbio = NULL; @@ -3336,17 +3292,22 @@ void SSL_set_shutdown(SSL *s, int mode) int SSL_get_shutdown(const SSL *s) { - return (s->shutdown); + return s->shutdown; } int SSL_version(const SSL *s) { - return (s->version); + return s->version; +} + +int SSL_client_version(const SSL *s) +{ + return s->client_version; } SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { - return (ssl->ctx); + return ssl->ctx; } SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) @@ -3382,11 +3343,11 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); } - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + SSL_CTX_up_ref(ctx); SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; - return (ssl->ctx); + return ssl->ctx; } int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) @@ -3687,7 +3648,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl, /* * Allocates new EVP_MD_CTX and sets pointer to it into given pointer - * vairable, freeing EVP_MD_CTX previously stored in that variable, if any. + * variable, freeing EVP_MD_CTX previously stored in that variable, if any. * If EVP_MD pointer is passed, initializes ctx with this md Returns newly * allocated ctx; */ @@ -3766,14 +3727,14 @@ int SSL_get_security_level(const SSL *s) } void SSL_set_security_callback(SSL *s, - int (*cb) (SSL *s, SSL_CTX *ctx, int op, + int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)) { s->cert->sec_cb = cb; } -int (*SSL_get_security_callback(const SSL *s)) (SSL *s, SSL_CTX *ctx, int op, +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { return s->cert->sec_cb; @@ -3800,15 +3761,15 @@ int SSL_CTX_get_security_level(const SSL_CTX *ctx) } void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (SSL *s, SSL_CTX *ctx, int op, + int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)) { ctx->cert->sec_cb = cb; } -int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (SSL *s, - SSL_CTX *ctx, +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, int op, int bits, int nid, void *other, @@ -3932,6 +3893,7 @@ static int ct_extract_tls_extension_scts(SSL *s) */ static int ct_extract_ocsp_response_scts(SSL *s) { +#ifndef OPENSSL_NO_OCSP int scts_extracted = 0; const unsigned char *p; OCSP_BASICRESP *br = NULL; @@ -3968,6 +3930,10 @@ err: OCSP_BASICRESP_free(br); OCSP_RESPONSE_free(rsp); return scts_extracted; +#else + /* Behave as if no OCSP response exists */ + return 0; +#endif } /* @@ -4013,10 +3979,32 @@ err: return NULL; } -int SSL_set_ct_validation_callback(SSL *s, ct_validation_cb callback, void *arg) +static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) { - int ret = 0; + return 1; +} +static int ct_strict(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) +{ + int count = scts != NULL ? sk_SCT_num(scts) : 0; + int i; + + for (i = 0; i < count; ++i) { + SCT *sct = sk_SCT_value(scts, i); + int status = SCT_get_validation_status(sct); + + if (status == SCT_VALIDATION_STATUS_VALID) + return 1; + } + SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS); + return 0; +} + +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg) +{ /* * Since code exists that uses the custom extension handler for CT, look * for this and throw an error if they have already registered to use CT. @@ -4025,28 +4013,25 @@ int SSL_set_ct_validation_callback(SSL *s, ct_validation_cb callback, void *arg) TLSEXT_TYPE_signed_certificate_timestamp)) { SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); - goto err; + return 0; } - s->ct_validation_callback = callback; - s->ct_validation_callback_arg = arg; - if (callback != NULL) { /* If we are validating CT, then we MUST accept SCTs served via OCSP */ if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp)) - goto err; + return 0; } - ret = 1; -err: - return ret; + s->ct_validation_callback = callback; + s->ct_validation_callback_arg = arg; + + return 1; } -int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ct_validation_cb callback, +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, void *arg) { - int ret = 0; - /* * Since code exists that uses the custom extension handler for CT, look for * this and throw an error if they have already registered to use CT. @@ -4055,59 +4040,90 @@ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ct_validation_cb callback, TLSEXT_TYPE_signed_certificate_timestamp)) { SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); - goto err; + return 0; } ctx->ct_validation_callback = callback; ctx->ct_validation_callback_arg = arg; - ret = 1; -err: - return ret; + return 1; } -ct_validation_cb SSL_get_ct_validation_callback(const SSL *s) +int SSL_ct_is_enabled(const SSL *s) { - return s->ct_validation_callback; + return s->ct_validation_callback != NULL; } -ct_validation_cb SSL_CTX_get_ct_validation_callback(const SSL_CTX *ctx) +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) { - return ctx->ct_validation_callback; + return ctx->ct_validation_callback != NULL; } int ssl_validate_ct(SSL *s) { int ret = 0; X509 *cert = s->session != NULL ? s->session->peer : NULL; - X509 *issuer = NULL; + X509 *issuer; + SSL_DANE *dane = &s->dane; CT_POLICY_EVAL_CTX *ctx = NULL; const STACK_OF(SCT) *scts; - /* If no callback is set, attempt no validation - just return success */ - if (s->ct_validation_callback == NULL) + /* + * If no callback is set, the peer is anonymous, or its chain is invalid, + * skip SCT validation - just return success. Applications that continue + * handshakes without certificates, with unverified chains, or pinned leaf + * certificates are outside the scope of the WebPKI and CT. + * + * The above exclusions notwithstanding the vast majority of peers will + * have rather ordinary certificate chains validated by typical + * applications that perform certificate verification and therefore will + * process SCTs when enabled. + */ + if (s->ct_validation_callback == NULL || cert == NULL || + s->verify_result != X509_V_OK || + s->verified_chain == NULL || + sk_X509_num(s->verified_chain) <= 1) return 1; - if (cert == NULL) { - SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_NO_CERTIFICATE_ASSIGNED); - goto end; + /* + * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3) + * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2 + */ + if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) { + switch (dane->mtlsa->usage) { + case DANETLS_USAGE_DANE_TA: + case DANETLS_USAGE_DANE_EE: + return 1; + } } - if (s->verified_chain != NULL && sk_X509_num(s->verified_chain) > 1) - issuer = sk_X509_value(s->verified_chain, 1); - ctx = CT_POLICY_EVAL_CTX_new(); if (ctx == NULL) { SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE); goto end; } + issuer = sk_X509_value(s->verified_chain, 1); CT_POLICY_EVAL_CTX_set0_cert(ctx, cert); CT_POLICY_EVAL_CTX_set0_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set0_log_store(ctx, s->ctx->ctlog_store); scts = SSL_get0_peer_scts(s); - if (SCT_LIST_validate(scts, ctx) != 1) { + /* + * This function returns success (> 0) only when all the SCTs are valid, 0 + * when some are invalid, and < 0 on various internal errors (out of + * memory, etc.). Having some, or even all, invalid SCTs is not sufficient + * reason to abort the handshake, that decision is up to the callback. + * Therefore, we error out only in the unexpected case that the return + * value is negative. + * + * XXX: One might well argue that the return value of this function is an + * unforunate design choice. Its job is only to determine the validation + * status of each of the provided SCTs. So long as it correctly separates + * the wheat from the chaff it should return success. Failure in this case + * ought to correspond to an inability to carry out its duties. + */ + if (SCT_LIST_validate(scts, ctx) < 0) { SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED); goto end; } @@ -4118,16 +4134,55 @@ int ssl_validate_ct(SSL *s) end: CT_POLICY_EVAL_CTX_free(ctx); + /* + * With SSL_VERIFY_NONE the session may be cached and re-used despite a + * failure return code here. Also the application may wish the complete + * the handshake, and then disconnect cleanly at a higher layer, after + * checking the verification status of the completed connection. + * + * We therefore force a certificate verification failure which will be + * visible via SSL_get_verify_result() and cached as part of any resumed + * session. + * + * Note: the permissive callback is for information gathering only, always + * returns success, and does not affect verification status. Only the + * strict callback or a custom application-specified callback can trigger + * connection failure or record a verification error. + */ + if (ret <= 0) + s->verify_result = X509_V_ERR_NO_VALID_SCTS; return ret; } -int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode) { - int ret = CTLOG_STORE_load_default_file(ctx->ctlog_store); + switch (validation_mode) { + default: + SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); + return 0; + case SSL_CT_VALIDATION_PERMISSIVE: + return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL); + case SSL_CT_VALIDATION_STRICT: + return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL); + } +} - /* Clear any errors if the default file does not exist */ - ERR_clear_error(); - return ret; +int SSL_enable_ct(SSL *s, int validation_mode) +{ + switch (validation_mode) { + default: + SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); + return 0; + case SSL_CT_VALIDATION_PERMISSIVE: + return SSL_set_ct_validation_callback(s, ct_permissive, NULL); + case SSL_CT_VALIDATION_STRICT: + return SSL_set_ct_validation_callback(s, ct_strict, NULL); + } +} + +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) +{ + return CTLOG_STORE_load_default_file(ctx->ctlog_store); } int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) @@ -4135,4 +4190,15 @@ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) return CTLOG_STORE_load_file(ctx->ctlog_store, path); } +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs) +{ + CTLOG_STORE_free(ctx->ctlog_store); + ctx->ctlog_store = logs; +} + +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) +{ + return ctx->ctlog_store; +} + #endif