X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=e4b5d9f05ef3cccd82ddf3350ecfbaf151f47845;hp=936e84b120019201721fbfdfeaaf02f08baf41da;hb=f672aee49450e03e7b1a26c8701d0be720e9ae0e;hpb=9920a58eb20dcf33abf231e8c9439953ace3c936 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 936e84b120..e4b5d9f05e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -176,7 +176,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { (int (*)(SSL *, const char *, int, unsigned char *)) ssl_undefined_function, 0, /* finish_mac_length */ - (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, NULL, /* client_finished_label */ 0, /* client_finished_label_len */ NULL, /* server_finished_label */ @@ -191,8 +190,341 @@ struct ssl_async_args { SSL *s; void *buf; int num; + enum { READFUNC, WRITEFUNC, OTHERFUNC} type; + union { + int (*func_read)(SSL *, void *, int); + int (*func_write)(SSL *, const void *, int); + int (*func_other)(SSL *); + } f; }; +static const struct { + uint8_t mtype; + uint8_t ord; + int nid; +} dane_mds[] = { + { DANETLS_MATCHING_FULL, 0, NID_undef }, + { DANETLS_MATCHING_2256, 1, NID_sha256 }, + { DANETLS_MATCHING_2512, 2, NID_sha512 }, +}; + +static int dane_ctx_enable(struct dane_ctx_st *dctx) +{ + const EVP_MD **mdevp; + uint8_t *mdord; + uint8_t mdmax = DANETLS_MATCHING_LAST; + int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */ + size_t i; + + mdevp = OPENSSL_zalloc(n * sizeof(*mdevp)); + mdord = OPENSSL_zalloc(n * sizeof(*mdord)); + + if (mdord == NULL || mdevp == NULL) { + OPENSSL_free(mdevp); + SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Install default entries */ + for (i = 0; i < OSSL_NELEM(dane_mds); ++i) { + const EVP_MD *md; + + if (dane_mds[i].nid == NID_undef || + (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) + continue; + mdevp[dane_mds[i].mtype] = md; + mdord[dane_mds[i].mtype] = dane_mds[i].ord; + } + + dctx->mdevp = mdevp; + dctx->mdord = mdord; + dctx->mdmax = mdmax; + + return 1; +} + +static void dane_ctx_final(struct dane_ctx_st *dctx) +{ + OPENSSL_free(dctx->mdevp); + dctx->mdevp = NULL; + + OPENSSL_free(dctx->mdord); + dctx->mdord = NULL; + dctx->mdmax = 0; +} + +static void tlsa_free(danetls_record *t) +{ + if (t == NULL) + return; + OPENSSL_free(t->data); + EVP_PKEY_free(t->spki); + OPENSSL_free(t); +} + +static void dane_final(struct dane_st *dane) +{ + sk_danetls_record_pop_free(dane->trecs, tlsa_free); + dane->trecs = NULL; + + sk_X509_pop_free(dane->certs, X509_free); + dane->certs = NULL; + + X509_free(dane->mcert); + dane->mcert = NULL; + dane->mtlsa = NULL; + dane->mdpth = -1; + dane->pdpth = -1; +} + +/* + * dane_copy - Copy dane configuration, sans verification state. + */ +static int ssl_dane_dup(SSL *to, SSL *from) +{ + int num; + int i; + + if (!DANETLS_ENABLED(&from->dane)) + return 1; + + dane_final(&to->dane); + + num = sk_danetls_record_num(from->dane.trecs); + for (i = 0; i < num; ++i) { + danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); + if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, + t->data, t->dlen) <= 0) + return 0; + } + return 1; +} + +static int dane_mtype_set( + struct dane_ctx_st *dctx, + const EVP_MD *md, + uint8_t mtype, + uint8_t ord) +{ + int i; + + if (mtype == DANETLS_MATCHING_FULL && md != NULL) { + SSLerr(SSL_F_DANE_MTYPE_SET, + SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL); + return 0; + } + + if (mtype > dctx->mdmax) { + const EVP_MD **mdevp; + uint8_t *mdord; + int n = ((int) mtype) + 1; + + mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp)); + if (mdevp == NULL) { + SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE); + return -1; + } + dctx->mdevp = mdevp; + + mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord)); + if (mdord == NULL) { + SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE); + return -1; + } + dctx->mdord = mdord; + + /* Zero-fill any gaps */ + for (i = dctx->mdmax+1; i < mtype; ++i) { + mdevp[i] = NULL; + mdord[i] = 0; + } + + dctx->mdmax = mtype; + } + + dctx->mdevp[mtype] = md; + /* Coerce ordinal of disabled matching types to 0 */ + dctx->mdord[mtype] = (md == NULL) ? 0 : ord; + + return 1; +} + +static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype) +{ + if (mtype > dane->dctx->mdmax) + return NULL; + return dane->dctx->mdevp[mtype]; +} + +static int dane_tlsa_add( + struct dane_st *dane, + uint8_t usage, + uint8_t selector, + uint8_t mtype, + unsigned char *data, + size_t dlen) +{ + danetls_record *t; + const EVP_MD *md = NULL; + int ilen = (int)dlen; + int i; + + if (dane->trecs == NULL) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED); + return -1; + } + + if (ilen < 0 || dlen != (size_t)ilen) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH); + return 0; + } + + if (usage > DANETLS_USAGE_LAST) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE); + return 0; + } + + if (selector > DANETLS_SELECTOR_LAST) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR); + return 0; + } + + if (mtype != DANETLS_MATCHING_FULL) { + md = tlsa_md_get(dane, mtype); + if (md == NULL) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE); + return 0; + } + } + + if (md != NULL && dlen != (size_t)EVP_MD_size(md)) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); + return 0; + } + if (!data) { + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA); + return 0; + } + + if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) { + SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); + return -1; + } + + t->usage = usage; + t->selector = selector; + t->mtype = mtype; + t->data = OPENSSL_malloc(ilen); + if (t->data == NULL) { + tlsa_free(t); + SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); + return -1; + } + memcpy(t->data, data, ilen); + t->dlen = ilen; + + /* Validate and cache full certificate or public key */ + if (mtype == DANETLS_MATCHING_FULL) { + const unsigned char *p = data; + X509 *cert = NULL; + EVP_PKEY *pkey = NULL; + + switch (selector) { + case DANETLS_SELECTOR_CERT: + if (!d2i_X509(&cert, &p, dlen) || p < data || + dlen != (size_t)(p - data)) { + tlsa_free(t); + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); + return 0; + } + if (X509_get0_pubkey(cert) == NULL) { + tlsa_free(t); + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); + return 0; + } + + if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { + X509_free(cert); + break; + } + + /* + * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA + * records that contain full certificates of trust-anchors that are + * not present in the wire chain. For usage PKIX-TA(0), we augment + * the chain with untrusted Full(0) certificates from DNS, in case + * they are missing from the chain. + */ + if ((dane->certs == NULL && + (dane->certs = sk_X509_new_null()) == NULL) || + !sk_X509_push(dane->certs, cert)) { + SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); + X509_free(cert); + tlsa_free(t); + return -1; + } + break; + + case DANETLS_SELECTOR_SPKI: + if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data || + dlen != (size_t)(p - data)) { + tlsa_free(t); + SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); + return 0; + } + + /* + * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA + * records that contain full bare keys of trust-anchors that are + * not present in the wire chain. + */ + if (usage == DANETLS_USAGE_DANE_TA) + t->spki = pkey; + else + EVP_PKEY_free(pkey); + break; + } + } + + /*- + * Find the right insertion point for the new record. + * + * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that + * they can be processed first, as they require no chain building, and no + * expiration or hostname checks. Because DANE-EE(3) is numerically + * largest, this is accomplished via descending sort by "usage". + * + * We also sort in descending order by matching ordinal to simplify + * the implementation of digest agility in the verification code. + * + * The choice of order for the selector is not significant, so we + * use the same descending order for consistency. + */ + for (i = 0; i < sk_danetls_record_num(dane->trecs); ++i) { + danetls_record *rec = sk_danetls_record_value(dane->trecs, i); + if (rec->usage > usage) + continue; + if (rec->usage < usage) + break; + if (rec->selector > selector) + continue; + if (rec->selector < selector) + break; + if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype]) + continue; + break; + } + + if (!sk_danetls_record_insert(dane->trecs, t, i)) { + tlsa_free(t); + SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); + return -1; + } + dane->umask |= DANETLS_USAGE_BIT(usage); + + return 1; +} + static void clear_ciphers(SSL *s) { /* clear the current cipher */ @@ -233,6 +565,16 @@ int SSL_clear(SSL *s) clear_ciphers(s); s->first_packet = 0; + /* Reset DANE verification result state */ + s->dane.mdpth = -1; + s->dane.pdpth = -1; + X509_free(s->dane.mcert); + s->dane.mcert = NULL; + s->dane.mtlsa = NULL; + + /* Clear the verification result peername */ + X509_VERIFY_PARAM_move_peername(s->param, NULL); + /* * Check to see if we were changed into a different method, if so, revert * back if we are not doing session-id reuse. @@ -289,6 +631,8 @@ SSL *SSL_new(SSL_CTX *ctx) RECORD_LAYER_init(&s->rlayer, s); s->options = ctx->options; + s->min_proto_version = ctx->min_proto_version; + s->max_proto_version = ctx->max_proto_version; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; s->references = 1; @@ -340,8 +684,8 @@ SSL *SSL_new(SSL_CTX *ctx) # ifndef OPENSSL_NO_EC if (ctx->tlsext_ecpointformatlist) { s->tlsext_ecpointformatlist = - BUF_memdup(ctx->tlsext_ecpointformatlist, - ctx->tlsext_ecpointformatlist_length); + OPENSSL_memdup(ctx->tlsext_ecpointformatlist, + ctx->tlsext_ecpointformatlist_length); if (!s->tlsext_ecpointformatlist) goto err; s->tlsext_ecpointformatlist_length = @@ -349,8 +693,8 @@ SSL *SSL_new(SSL_CTX *ctx) } if (ctx->tlsext_ellipticcurvelist) { s->tlsext_ellipticcurvelist = - BUF_memdup(ctx->tlsext_ellipticcurvelist, - ctx->tlsext_ellipticcurvelist_length); + OPENSSL_memdup(ctx->tlsext_ellipticcurvelist, + ctx->tlsext_ellipticcurvelist_length); if (!s->tlsext_ellipticcurvelist) goto err; s->tlsext_ellipticcurvelist_length = @@ -371,6 +715,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; } + s->verified_chain = NULL; s->verify_result = X509_V_OK; s->default_passwd_callback = ctx->default_passwd_callback; @@ -402,6 +747,11 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } +void SSL_up_ref(SSL *s) +{ + CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); +} + int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { @@ -491,6 +841,127 @@ int SSL_set_trust(SSL *s, int trust) return X509_VERIFY_PARAM_set_trust(s->param, trust); } +int SSL_set1_host(SSL *s, const char *hostname) +{ + return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); +} + +int SSL_add1_host(SSL *s, const char *hostname) +{ + return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0); +} + +void SSL_set_hostflags(SSL *s, unsigned int flags) +{ + X509_VERIFY_PARAM_set_hostflags(s->param, flags); +} + +const char *SSL_get0_peername(SSL *s) +{ + return X509_VERIFY_PARAM_get0_peername(s->param); +} + +int SSL_CTX_dane_enable(SSL_CTX *ctx) +{ + return dane_ctx_enable(&ctx->dane); +} + +int SSL_dane_enable(SSL *s, const char *basedomain) +{ + struct dane_st *dane = &s->dane; + + if (s->ctx->dane.mdmax == 0) { + SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED); + return 0; + } + if (dane->trecs != NULL) { + SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED); + return 0; + } + + /* + * Default SNI name. This rejects empty names, while set1_host below + * accepts them and disables host name checks. To avoid side-effects with + * invalid input, set the SNI name first. + */ + if (s->tlsext_hostname == NULL) { + if (!SSL_set_tlsext_host_name(s, basedomain)) { + SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); + return -1; + } + } + + /* Primary RFC6125 reference identifier */ + if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) { + SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); + return -1; + } + + dane->mdpth = -1; + dane->pdpth = -1; + dane->dctx = &s->ctx->dane; + dane->trecs = sk_danetls_record_new_null(); + + if (dane->trecs == NULL) { + SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE); + return -1; + } + return 1; +} + +int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) +{ + struct dane_st *dane = &s->dane; + + if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) + return -1; + if (dane->mtlsa) { + if (mcert) + *mcert = dane->mcert; + if (mspki) + *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL; + } + return dane->mdpth; +} + +int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, size_t *dlen) +{ + struct dane_st *dane = &s->dane; + + if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) + return -1; + if (dane->mtlsa) { + if (usage) + *usage = dane->mtlsa->usage; + if (selector) + *selector = dane->mtlsa->selector; + if (mtype) + *mtype = dane->mtlsa->mtype; + if (data) + *data = dane->mtlsa->data; + if (dlen) + *dlen = dane->mtlsa->dlen; + } + return dane->mdpth; +} + +struct dane_st *SSL_get0_dane(SSL *s) +{ + return &s->dane; +} + +int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned char *data, size_t dlen) +{ + return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); +} + +int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord) +{ + return dane_mtype_set(&ctx->dane, md, mtype, ord); +} + int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { return X509_VERIFY_PARAM_set1(ctx->param, vpm); @@ -537,6 +1008,7 @@ void SSL_free(SSL *s) #endif X509_VERIFY_PARAM_free(s->param); + dane_final(&s->dane); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); if (s->bbio != NULL) { @@ -581,6 +1053,8 @@ void SSL_free(SSL *s) sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + sk_X509_pop_free(s->verified_chain, X509_free); + if (s->method != NULL) s->method->ssl_free(s); @@ -871,9 +1345,10 @@ int SSL_copy_session_id(SSL *t, const SSL *f) * what if we are setup for one protocol version but want to talk another */ if (t->method != f->method) { - t->method->ssl_free(t); /* cleanup current */ - t->method = f->method; /* change method */ - t->method->ssl_new(t); /* setup new */ + t->method->ssl_free(t); + t->method = f->method; + if (t->method->ssl_new(t) == 0) + return 0; } CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); @@ -939,56 +1414,24 @@ int SSL_get_async_wait_fd(SSL *s) return ASYNC_get_wait_fd(s->job); } -static int ssl_accept_intern(void *vargs) -{ - struct ssl_async_args *args; - SSL *s; - - args = (struct ssl_async_args *)vargs; - s = args->s; - - return s->method->ssl_accept(s); -} - int SSL_accept(SSL *s) { - int ret; - struct ssl_async_args args; - - if (s->handshake_func == 0) + if (s->handshake_func == 0) { /* Not properly initialized yet */ SSL_set_accept_state(s); - - args.s = s; - - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { - switch(ASYNC_start_job(&s->job, &ret, ssl_accept_intern, &args, - sizeof(struct ssl_async_args))) { - case ASYNC_ERR: - SSLerr(SSL_F_SSL_ACCEPT, SSL_R_FAILED_TO_INIT_ASYNC); - return -1; - case ASYNC_PAUSE: - return -1; - case ASYNC_FINISH: - s->job = NULL; - return ret; - default: - SSLerr(SSL_F_SSL_ACCEPT, ERR_R_INTERNAL_ERROR); - /* Shouldn't happen */ - return -1; - } - } else { - return s->method->ssl_accept(s); } + + return SSL_do_handshake(s); } int SSL_connect(SSL *s) { - if (s->handshake_func == 0) + if (s->handshake_func == 0) { /* Not properly initialized yet */ SSL_set_connect_state(s); + } - return (s->method->ssl_connect(s)); + return SSL_do_handshake(s); } long SSL_get_default_timeout(const SSL *s) @@ -996,8 +1439,30 @@ long SSL_get_default_timeout(const SSL *s) return (s->method->get_timeout()); } +static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, + int (*func)(void *)) { + int ret; + switch(ASYNC_start_job(&s->job, &ret, func, args, + sizeof(struct ssl_async_args))) { + case ASYNC_ERR: + s->rwstate = SSL_NOTHING; + SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC); + return -1; + case ASYNC_PAUSE: + s->rwstate = SSL_ASYNC_PAUSED; + return -1; + case ASYNC_FINISH: + s->job = NULL; + return ret; + default: + s->rwstate = SSL_NOTHING; + SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR); + /* Shouldn't happen */ + return -1; + } +} -static int ssl_read_intern(void *vargs) +static int ssl_io_intern(void *vargs) { struct ssl_async_args *args; SSL *s; @@ -1008,15 +1473,19 @@ static int ssl_read_intern(void *vargs) s = args->s; buf = args->buf; num = args->num; - - return s->method->ssl_read(s, buf, num); + switch (args->type) { + case READFUNC: + return args->f.func_read(s, buf, num); + case WRITEFUNC: + return args->f.func_write(s, buf, num); + case OTHERFUNC: + return args->f.func_other(s); + } + return -1; } int SSL_read(SSL *s, void *buf, int num) { - int ret; - struct ssl_async_args args; - if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); return -1; @@ -1027,29 +1496,16 @@ int SSL_read(SSL *s, void *buf, int num) return (0); } - args.s = s; - args.buf = buf; - args.num = num; - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { - switch(ASYNC_start_job(&s->job, &ret, ssl_read_intern, &args, - sizeof(struct ssl_async_args))) { - case ASYNC_ERR: - s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_READ, SSL_R_FAILED_TO_INIT_ASYNC); - return -1; - case ASYNC_PAUSE: - s->rwstate = SSL_ASYNC_PAUSED; - return -1; - case ASYNC_FINISH: - s->job = NULL; - return ret; - default: - s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_READ, ERR_R_INTERNAL_ERROR); - /* Shouldn't happen */ - return -1; - } + struct ssl_async_args args; + + args.s = s; + args.buf = buf; + args.num = num; + args.type = READFUNC; + args.f.func_read = s->method->ssl_read; + + return ssl_start_async_job(s, &args, ssl_io_intern); } else { return s->method->ssl_read(s, buf, num); } @@ -1065,30 +1521,23 @@ int SSL_peek(SSL *s, void *buf, int num) if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { return (0); } - return (s->method->ssl_peek(s, buf, num)); -} - -static int ssl_write_intern(void *vargs) -{ - struct ssl_async_args *args; - SSL *s; - const void *buf; - int num; + if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; - args = (struct ssl_async_args *)vargs; - s = args->s; - buf = args->buf; - num = args->num; + args.s = s; + args.buf = buf; + args.num = num; + args.type = READFUNC; + args.f.func_read = s->method->ssl_peek; - return s->method->ssl_write(s, buf, num); + return ssl_start_async_job(s, &args, ssl_io_intern); + } else { + return s->method->ssl_peek(s, buf, num); + } } - int SSL_write(SSL *s, const void *buf, int num) { - int ret; - struct ssl_async_args args; - if (s->handshake_func == 0) { SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); return -1; @@ -1100,29 +1549,16 @@ int SSL_write(SSL *s, const void *buf, int num) return (-1); } - args.s = s; - args.buf = (void *) buf; - args.num = num; - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { - switch(ASYNC_start_job(&s->job, &ret, ssl_write_intern, &args, - sizeof(struct ssl_async_args))) { - case ASYNC_ERR: - s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, SSL_R_FAILED_TO_INIT_ASYNC); - return -1; - case ASYNC_PAUSE: - s->rwstate = SSL_ASYNC_PAUSED; - return -1; - case ASYNC_FINISH: - s->job = NULL; - return ret; - default: - s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, ERR_R_INTERNAL_ERROR); - /* Shouldn't happen */ - return -1; - } + struct ssl_async_args args; + + args.s = s; + args.buf = (void *)buf; + args.num = num; + args.type = WRITEFUNC; + args.f.func_write = s->method->ssl_write; + + return ssl_start_async_job(s, &args, ssl_io_intern); } else { return s->method->ssl_write(s, buf, num); } @@ -1142,10 +1578,22 @@ int SSL_shutdown(SSL *s) return -1; } - if (!SSL_in_init(s)) - return (s->method->ssl_shutdown(s)); - else - return (1); + if (!SSL_in_init(s)) { + if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; + + args.s = s; + args.type = OTHERFUNC; + args.f.func_other = s->method->ssl_shutdown; + + return ssl_start_async_job(s, &args, ssl_io_intern); + } else { + return s->method->ssl_shutdown(s); + } + } else { + SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT); + return -1; + } } int SSL_renegotiate(SSL *s) @@ -1193,10 +1641,6 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) s->msg_callback_arg = parg; return 1; - case SSL_CTRL_OPTIONS: - return (s->options |= larg); - case SSL_CTRL_CLEAR_OPTIONS: - return (s->options &= ~larg); case SSL_CTRL_MODE: return (s->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -1238,6 +1682,12 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return 1; else return 0; + case SSL_CTRL_SET_MIN_PROTO_VERSION: + return ssl_set_version_bound(s->ctx->method->version, (int)larg, + &s->min_proto_version); + case SSL_CTRL_SET_MAX_PROTO_VERSION: + return ssl_set_version_bound(s->ctx->method->version, (int)larg, + &s->max_proto_version); default: return (s->method->ssl_ctrl(s, cmd, larg, parg)); } @@ -1337,10 +1787,6 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: return (ctx->stats.sess_cache_full); - case SSL_CTRL_OPTIONS: - return (ctx->options |= larg); - case SSL_CTRL_CLEAR_OPTIONS: - return (ctx->options &= ~larg); case SSL_CTRL_MODE: return (ctx->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -1354,6 +1800,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (ctx->cert->cert_flags |= larg); case SSL_CTRL_CLEAR_CERT_FLAGS: return (ctx->cert->cert_flags &= ~larg); + case SSL_CTRL_SET_MIN_PROTO_VERSION: + return ssl_set_version_bound(ctx->method->version, (int)larg, + &ctx->min_proto_version); + case SSL_CTRL_SET_MAX_PROTO_VERSION: + return ssl_set_version_bound(ctx->method->version, (int)larg, + &ctx->max_proto_version); default: return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } @@ -1455,7 +1907,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) /** The old interface to get the same thing as SSL_get_ciphers() */ const char *SSL_get_cipher_list(const SSL *s, int n) { - SSL_CIPHER *c; + const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; if (s == NULL) @@ -1513,7 +1965,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) { char *p; STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; + const SSL_CIPHER *c; int i; if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) @@ -1536,7 +1988,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) *p = '\0'; return buf; } - strcpy(p, c->name); + memcpy(p, c->name, n + 1); p += n; *(p++) = ':'; len -= n + 1; @@ -1808,8 +2260,6 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) * variable. The reason is that the functions aren't static, they're exposed * via ssl.h. */ -static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) -static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { @@ -1820,8 +2270,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + if (FIPS_mode() && (meth->version < TLS1_VERSION)) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); return NULL; } @@ -1834,6 +2286,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) goto err; ret->method = meth; + ret->min_proto_version = 0; + ret->max_proto_version = 0; ret->session_cache_mode = SSL_SESS_CACHE_SERVER; ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; /* We take the system default. */ @@ -1844,7 +2298,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if ((ret->cert = ssl_cert_new()) == NULL) goto err; - ret->sessions = lh_SSL_SESSION_new(); + ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); if (ret->sessions == NULL) goto err; ret->cert_store = X509_STORE_new(); @@ -1916,6 +2370,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) * deployed might change this. */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + /* + * Disable compression by default to prevent CRIME. Applications can + * re-enable compression by configuring + * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); + * or by using the SSL_CONF library. + */ + ret->options |= SSL_OP_NO_COMPRESSION; return (ret); err: @@ -1925,6 +2386,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } +void SSL_CTX_up_ref(SSL_CTX *ctx) +{ + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); +} + void SSL_CTX_free(SSL_CTX *a) { int i; @@ -1946,6 +2412,7 @@ void SSL_CTX_free(SSL_CTX *a) #endif X509_VERIFY_PARAM_free(a->param); + dane_ctx_final(&a->dane); /* * Free internal session cache. However: the remove_cb() may reference @@ -2041,115 +2508,75 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) { +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST) CERT_PKEY *cpk; +#endif CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; - int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; - int rsa_enc_export, dh_rsa_export, dh_dsa_export; - int rsa_tmp_export, dh_tmp_export, kl; - unsigned long mask_k, mask_a, emask_k, emask_a; + int rsa_enc, rsa_sign, dh_tmp, dsa_sign; + unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC - int have_ecc_cert, ecdsa_ok, ecc_pkey_size; - int have_ecdh_tmp, ecdh_ok; + int have_ecc_cert, ecdsa_ok; + int ecdh_ok; X509 *x = NULL; - EVP_PKEY *ecc_pkey = NULL; int pk_nid = 0, md_nid = 0; #endif if (c == NULL) return; - kl = SSL_C_EXPORT_PKEYLENGTH(cipher); - -#ifndef OPENSSL_NO_RSA - rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); - rsa_tmp_export = (c->rsa_tmp_cb != NULL || - (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl)); -#else - rsa_tmp = rsa_tmp_export = 0; -#endif #ifndef OPENSSL_NO_DH dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto); - dh_tmp_export = !c->dh_tmp_auto && (c->dh_tmp_cb != NULL || - (dh_tmp - && DH_size(c->dh_tmp) * 8 <= kl)); #else - dh_tmp = dh_tmp_export = 0; + dh_tmp = 0; #endif -#ifndef OPENSSL_NO_EC - have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); -#endif - cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; - rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); - cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; - cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; - cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID; - dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); - cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); - dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID; - dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); - cpk = &(c->pkeys[SSL_PKEY_ECC]); #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif mask_k = 0; mask_a = 0; - emask_k = 0; - emask_a = 0; #ifdef CIPHER_DEBUG - fprintf(stderr, - "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, - rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); + fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n", + dh_tmp, rsa_enc, rsa_sign, dsa_sign); #endif +#ifndef OPENSSL_NO_GOST + cpk = &(c->pkeys[SSL_PKEY_GOST12_512]); + if (cpk->x509 != NULL && cpk->privatekey != NULL) { + mask_k |= SSL_kGOST; + mask_a |= SSL_aGOST12; + } + cpk = &(c->pkeys[SSL_PKEY_GOST12_256]); + if (cpk->x509 != NULL && cpk->privatekey != NULL) { + mask_k |= SSL_kGOST; + mask_a |= SSL_aGOST12; + } cpk = &(c->pkeys[SSL_PKEY_GOST01]); if (cpk->x509 != NULL && cpk->privatekey != NULL) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } +#endif - if (rsa_enc || (rsa_tmp && rsa_sign)) + if (rsa_enc) mask_k |= SSL_kRSA; - if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) - emask_k |= SSL_kRSA; - - if (dh_tmp_export) - emask_k |= SSL_kDHE; if (dh_tmp) mask_k |= SSL_kDHE; - if (dh_rsa) - mask_k |= SSL_kDHr; - if (dh_rsa_export) - emask_k |= SSL_kDHr; - - if (dh_dsa) - mask_k |= SSL_kDHd; - if (dh_dsa_export) - emask_k |= SSL_kDHd; - - if (mask_k & (SSL_kDHr | SSL_kDHd)) - mask_a |= SSL_aDH; - if (rsa_enc || rsa_sign) { mask_a |= SSL_aRSA; - emask_a |= SSL_aRSA; } if (dsa_sign) { mask_a |= SSL_aDSS; - emask_a |= SSL_aDSS; } mask_a |= SSL_aNULL; - emask_a |= SSL_aNULL; /* * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites @@ -2165,49 +2592,32 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; - ecc_pkey = X509_get_pubkey(x); - ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; - EVP_PKEY_free(ecc_pkey); OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid); if (ecdh_ok) { if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { mask_k |= SSL_kECDHr; mask_a |= SSL_aECDH; - if (ecc_pkey_size <= 163) { - emask_k |= SSL_kECDHr; - emask_a |= SSL_aECDH; - } } if (pk_nid == NID_X9_62_id_ecPublicKey) { mask_k |= SSL_kECDHe; mask_a |= SSL_aECDH; - if (ecc_pkey_size <= 163) { - emask_k |= SSL_kECDHe; - emask_a |= SSL_aECDH; - } } } if (ecdsa_ok) { mask_a |= SSL_aECDSA; - emask_a |= SSL_aECDSA; } } #endif #ifndef OPENSSL_NO_EC - if (have_ecdh_tmp) { - mask_k |= SSL_kECDHE; - emask_k |= SSL_kECDHE; - } + mask_k |= SSL_kECDHE; #endif #ifndef OPENSSL_NO_PSK mask_k |= SSL_kPSK; mask_a |= SSL_aPSK; - emask_k |= SSL_kPSK; - emask_a |= SSL_aPSK; if (mask_k & SSL_kRSA) mask_k |= SSL_kRSAPSK; if (mask_k & SSL_kDHE) @@ -2218,8 +2628,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) s->s3->tmp.mask_k = mask_k; s->s3->tmp.mask_a = mask_a; - s->s3->tmp.export_mask_k = emask_k; - s->s3->tmp.export_mask_a = emask_a; } #ifndef OPENSSL_NO_EC @@ -2227,8 +2635,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { unsigned long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - int keysize = 0; int md_nid = 0, pk_nid = 0; const SSL_CIPHER *cs = s->s3->tmp.new_cipher; uint32_t ex_kusage = X509_get_key_usage(x); @@ -2236,17 +2642,6 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; - if (SSL_C_IS_EXPORT(cs)) { - /* ECDH key length in export ciphers must be <= 163 bits */ - pkey = X509_get_pubkey(x); - if (pkey == NULL) - return 0; - keysize = EVP_PKEY_bits(pkey); - EVP_PKEY_free(pkey); - if (keysize > 163) - return 0; - } - OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid); if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { @@ -2294,6 +2689,16 @@ static int ssl_get_server_cert_index(const SSL *s) idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509) idx = SSL_PKEY_RSA_SIGN; + if (idx == SSL_PKEY_GOST_EC) { + if (s->cert->pkeys[SSL_PKEY_GOST12_512].x509) + idx = SSL_PKEY_GOST12_512; + else if (s->cert->pkeys[SSL_PKEY_GOST12_256].x509) + idx = SSL_PKEY_GOST12_256; + else if (s->cert->pkeys[SSL_PKEY_GOST01].x509) + idx = SSL_PKEY_GOST01; + else + idx = -1; + } if (idx == -1) SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR); return idx; @@ -2431,24 +2836,23 @@ const SSL_METHOD *SSL_get_ssl_method(SSL *s) int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) { - int conn = -1; int ret = 1; if (s->method != meth) { - if (s->handshake_func != NULL) - conn = (s->handshake_func == s->method->ssl_connect); + const SSL_METHOD *sm = s->method; + int (*hf)(SSL *) = s->handshake_func; - if (s->method->version == meth->version) + if (sm->version == meth->version) s->method = meth; else { - s->method->ssl_free(s); + sm->ssl_free(s); s->method = meth; ret = s->method->ssl_new(s); } - if (conn == 1) + if (hf == sm->ssl_connect) s->handshake_func = meth->ssl_connect; - else if (conn == 0) + else if (hf == sm->ssl_accept) s->handshake_func = meth->ssl_accept; } return (ret); @@ -2534,21 +2938,40 @@ int SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } +static int ssl_do_handshake_intern(void *vargs) +{ + struct ssl_async_args *args; + SSL *s; + + args = (struct ssl_async_args *)vargs; + s = args->s; + + return s->handshake_func(s); +} + int SSL_do_handshake(SSL *s) { int ret = 1; if (s->handshake_func == NULL) { SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); - return (-1); + return -1; } s->method->ssl_renegotiate_check(s); if (SSL_in_init(s) || SSL_in_before(s)) { - ret = s->handshake_func(s); + if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; + + args.s = s; + + ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); + } else { + ret = s->handshake_func(s); + } } - return (ret); + return ret; } void SSL_set_accept_state(SSL *s) @@ -2620,14 +3043,23 @@ SSL *SSL_dup(SSL *s) SSL *ret; int i; + /* If we're not quiescent, just up_ref! */ + if (!SSL_in_init(s) || !SSL_in_before(s)) { + CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); + return s; + } + + /* + * Otherwise, copy configuration state, and session if set. + */ if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) return (NULL); - ret->version = s->version; - ret->method = s->method; - if (s->session != NULL) { - /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ + /* + * Arranges to share the same session via up_ref. This "copies" + * session-id, SSL_METHOD, sid_ctx, and 'cert' + */ if (!SSL_copy_session_id(ret, s)) goto err; } else { @@ -2637,10 +3069,8 @@ SSL *SSL_dup(SSL *s) * point to the same object, and thus we can't use * SSL_copy_session_id. */ - - ret->method->ssl_free(ret); - ret->method = s->method; - ret->method->ssl_new(ret); + if (!SSL_set_ssl_method(ret, s->method)) + goto err; if (s->cert != NULL) { ssl_cert_free(ret->cert); @@ -2653,6 +3083,8 @@ SSL *SSL_dup(SSL *s) goto err; } + ssl_dane_dup(ret, s); + ret->version = s->version; ret->options = s->options; ret->mode = s->mode; SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); @@ -2665,8 +3097,6 @@ SSL *SSL_dup(SSL *s) SSL_set_info_callback(ret, SSL_get_info_callback(s)); - ret->debug = s->debug; - /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; @@ -2683,19 +3113,15 @@ SSL *SSL_dup(SSL *s) } else ret->wbio = ret->rbio; } - ret->rwstate = s->rwstate; - ret->handshake_func = s->handshake_func; + ret->server = s->server; - ret->renegotiate = s->renegotiate; - ret->new_session = s->new_session; - ret->quiet_shutdown = s->quiet_shutdown; + if (s->handshake_func) { + if (s->server) + SSL_set_accept_state(ret); + else + SSL_set_connect_state(ret); + } ret->shutdown = s->shutdown; - ret->statem = s->statem; /* SSL_dup does not really work at any state, - * though */ - RECORD_LAYER_dup(&ret->rlayer, &s->rlayer); - ret->init_num = 0; /* would have to copy ret->init_buf, - * ret->init_msg, ret->init_num, - * ret->init_off */ ret->hit = s->hit; ret->default_passwd_callback = s->default_passwd_callback; @@ -2736,13 +3162,11 @@ SSL *SSL_dup(SSL *s) void ssl_clear_cipher_ctx(SSL *s) { if (s->enc_read_ctx != NULL) { - EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); - OPENSSL_free(s->enc_read_ctx); + EVP_CIPHER_CTX_free(s->enc_read_ctx); s->enc_read_ctx = NULL; } if (s->enc_write_ctx != NULL) { - EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); - OPENSSL_free(s->enc_write_ctx); + EVP_CIPHER_CTX_free(s->enc_write_ctx); s->enc_write_ctx = NULL; } #ifndef OPENSSL_NO_COMP @@ -3041,13 +3465,6 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, return outlen; } -int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); -} - int SSL_set_ex_data(SSL *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); @@ -3058,14 +3475,6 @@ void *SSL_get_ex_data(const SSL *s, int idx) return (CRYPTO_get_ex_data(&s->ex_data, idx)); } -int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); -} - int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); @@ -3097,44 +3506,6 @@ int SSL_want(const SSL *s) return (s->rwstate); } -/** - * \brief Set the callback for generating temporary RSA keys. - * \param ctx the SSL context. - * \param cb the callback - */ - -#ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl, - int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); -} - -void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl, - int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); -} -#endif - -#ifdef DOXYGEN -/** - * \brief The RSA temporary key callback function. - * \param ssl the SSL session. - * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. - * \param keylength if \c is_export is \c TRUE, then \c keylength is the size - * of the required key in bits. - * \return the temporary RSA key. - * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback - */ - -RSA *cb(SSL *ssl, int is_export, int keylength) -{ -} -#endif - /** * \brief Set the callback for generating temporary DH keys. * \param ctx the SSL context. @@ -3156,23 +3527,6 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, } #endif -#ifndef OPENSSL_NO_EC -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, - (void (*)(void))ecdh); -} - -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); -} -#endif - #ifndef OPENSSL_NO_PSK int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { @@ -3183,7 +3537,7 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) } OPENSSL_free(ctx->cert->psk_identity_hint); if (identity_hint != NULL) { - ctx->cert->psk_identity_hint = BUF_strdup(identity_hint); + ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); if (ctx->cert->psk_identity_hint == NULL) return 0; } else @@ -3202,7 +3556,7 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) } OPENSSL_free(s->cert->psk_identity_hint); if (identity_hint != NULL) { - s->cert->psk_identity_hint = BUF_strdup(identity_hint); + s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); if (s->cert->psk_identity_hint == NULL) return 0; } else @@ -3314,9 +3668,9 @@ void SSL_set_not_resumable_session_callback(SSL *ssl, EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { ssl_clear_hash_ctx(hash); - *hash = EVP_MD_CTX_create(); + *hash = EVP_MD_CTX_new(); if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { - EVP_MD_CTX_destroy(*hash); + EVP_MD_CTX_free(*hash); *hash = NULL; return NULL; } @@ -3327,45 +3681,34 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) { if (*hash) - EVP_MD_CTX_destroy(*hash); + EVP_MD_CTX_free(*hash); *hash = NULL; } /* Retrieve handshake hashes */ int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) { - unsigned char *p = out; - int idx, ret = 0; - long mask; - EVP_MD_CTX ctx; - const EVP_MD *md; - EVP_MD_CTX_init(&ctx); - for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { - if (mask & ssl_get_algorithm2(s)) { - int hashsize = EVP_MD_size(md); - EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; - if (!hdgst || hashsize < 0 || hashsize > outlen) - goto err; - if (!EVP_MD_CTX_copy_ex(&ctx, hdgst)) - goto err; - if (!EVP_DigestFinal_ex(&ctx, p, NULL)) - goto err; - p += hashsize; - outlen -= hashsize; - } + EVP_MD_CTX *ctx = NULL; + EVP_MD_CTX *hdgst = s->s3->handshake_dgst; + int ret = EVP_MD_CTX_size(hdgst); + if (ret < 0 || ret > outlen) { + ret = 0; + goto err; + } + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + ret = 0; + goto err; } - ret = p - out; + if (!EVP_MD_CTX_copy_ex(ctx, hdgst) + || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) + ret = 0; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return ret; } -void SSL_set_debug(SSL *s, int debug) -{ - s->debug = debug; -} - -int SSL_cache_hit(SSL *s) +int SSL_session_reused(SSL *s) { return s->hit; } @@ -3375,6 +3718,16 @@ int SSL_is_server(SSL *s) return s->server; } +#if OPENSSL_API_COMPAT < 0x10100000L +void SSL_set_debug(SSL *s, int debug) +{ + /* Old function was do-nothing anyway... */ + (void)s; + (void)debug; +} +#endif + + void SSL_set_security_level(SSL *s, int level) { s->cert->sec_level = level; @@ -3446,4 +3799,40 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) return ctx->cert->sec_ex; } + +/* + * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that + * can return unsigned long, instead of the generic long return value from the + * control interface. + */ +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx) +{ + return ctx->options; +} +unsigned long SSL_get_options(const SSL* s) +{ + return s->options; +} +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op) +{ + return ctx->options |= op; +} +unsigned long SSL_set_options(SSL *s, unsigned long op) +{ + return s->options |= op; +} +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) +{ + return ctx->options &= ~op; +} +unsigned long SSL_clear_options(SSL *s, unsigned long op) +{ + return s->options &= ~op; +} + +STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) +{ + return s->verified_chain; +} + IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);