X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=1e1b26569c9d20225450fb714a2b090685ec1ed6;hp=70689bc324e8804c13bac3470b0fd5d3a33104a7;hb=e7f0d9210c4a421e6306cd9a0c486c3e96be4d25;hpb=6938c954b072c1ddddeb0ec9f6a151df0d2cd925 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 70689bc324..1e1b26569c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -391,101 +391,63 @@ # define SSL_TLSV1 0x00000004U # define SSL_TLSV1_2 0x00000008U -/* Bits for algorithm2 (handshake digests and other extra flags) */ - -# define SSL_HANDSHAKE_MAC_MD5 0x10 -# define SSL_HANDSHAKE_MAC_SHA 0x20 -# define SSL_HANDSHAKE_MAC_GOST94 0x40 -# define SSL_HANDSHAKE_MAC_SHA256 0x80 -# define SSL_HANDSHAKE_MAC_SHA384 0x100 -# define SSL_HANDSHAKE_MAC_GOST12_256 0x200 -# define SSL_HANDSHAKE_MAC_GOST12_512 0x400 -# define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) - /* * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make * sure to update this constant too */ -# define SSL_MAX_DIGEST 9 - -# define TLS1_PRF_DGST_SHIFT 10 -# define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST12_256 (SSL_HANDSHAKE_MAC_GOST12_256 << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST12_512 (SSL_HANDSHAKE_MAC_GOST12_512 << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) + +# define SSL_MD_MD5_IDX 0 +# define SSL_MD_SHA1_IDX 1 +# define SSL_MD_GOST94_IDX 2 +# define SSL_MD_GOST89MAC_IDX 3 +# define SSL_MD_SHA256_IDX 4 +# define SSL_MD_SHA384_IDX 5 +# define SSL_MD_GOST12_256_IDX 6 +# define SSL_MD_GOST89MAC12_IDX 7 +# define SSL_MD_GOST12_512_IDX 8 +# define SSL_MD_MD5_SHA1_IDX 9 +# define SSL_MD_SHA224_IDX 10 +# define SSL_MD_SHA512_IDX 11 +# define SSL_MAX_DIGEST 12 + +/* Bits for algorithm2 (handshake digests and other extra flags) */ + +/* Bits 0-7 are handshake MAC */ +# define SSL_HANDSHAKE_MAC_MASK 0xFF +# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX +# define SSL_HANDSHAKE_MAC_SHA256 SSL_MD_SHA256_IDX +# define SSL_HANDSHAKE_MAC_SHA384 SSL_MD_SHA384_IDX +# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX +# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX +# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX +# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 + +/* Bits 8-15 bits are PRF */ +# define TLS1_PRF_DGST_SHIFT 8 +# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) /* * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also * goes into algorithm2) */ -# define TLS1_STREAM_MAC 0x04 - -/* - * Export and cipher strength information. For each cipher we have to decide - * whether it is exportable or not. This information is likely to change - * over time, since the export control rules are no static technical issue. - * - * Independent of the export flag the cipher strength is sorted into classes. - * SSL_EXP40 was denoting the 40bit US export limit of past times, which now - * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change - * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, - * since SSL_EXP64 could be similar to SSL_LOW. - * For this reason SSL_MICRO and SSL_MINI macros are included to widen the - * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed - * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would - * be possible. - */ -# define SSL_EXP_MASK 0x00000003U -# define SSL_STRONG_MASK 0x000001fcU -# define SSL_DEFAULT_MASK 0X00000200U +# define TLS1_STREAM_MAC 0x10000 -# define SSL_NOT_EXP 0x00000001U -# define SSL_EXPORT 0x00000002U +# define SSL_DEFAULT_MASK 0X00000020U -# define SSL_STRONG_NONE 0x00000004U -# define SSL_EXP40 0x00000008U -# define SSL_MICRO (SSL_EXP40) -# define SSL_EXP56 0x00000010U -# define SSL_MINI (SSL_EXP56) -# define SSL_LOW 0x00000020U -# define SSL_MEDIUM 0x00000040U -# define SSL_HIGH 0x00000080U -# define SSL_FIPS 0x00000100U +# define SSL_STRONG_NONE 0x00000001U +# define SSL_LOW 0x00000002U +# define SSL_MEDIUM 0x00000004U +# define SSL_HIGH 0x00000008U +# define SSL_FIPS 0x00000010U +# define SSL_NOT_DEFAULT 0x00000020U -# define SSL_NOT_DEFAULT 0x00000200U - -/* we have used 000003ff - 22 bits left to go */ - -/*- - * Macros to check the export status and cipher strength for export ciphers. - * Even though the macros for EXPORT and EXPORT40/56 have similar names, - * their meaning is different: - * *_EXPORT macros check the 'exportable' status. - * *_EXPORT40/56 macros are used to check whether a certain cipher strength - * is given. - * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct - * algorithm structure element to be passed (algorithms, algo_strength) and no - * typechecking can be done as they are all of type unsigned long, their - * direct usage is discouraged. - * Use the SSL_C_* macros instead. - */ -# define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) -# define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) -# define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) -# define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) -# define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) -# define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) - -# define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ - (a) == SSL_DES ? 8 : 7) -# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) -# define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \ - (c)->algo_strength) -# define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) +/* we have used 0000003f - 26 bits left to go */ /* Check if an SSL structure is using DTLS */ # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) @@ -536,8 +498,7 @@ # define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 /*- - * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) + * SSL_kRSA <- RSA_ENC * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN * SSL_aRSA <- RSA_ENC | RSA_SIGN @@ -1239,10 +1200,10 @@ typedef struct ssl3_state_st { /* used during startup, digest all incoming/outgoing packets */ BIO *handshake_buffer; /* - * When set of handshake digests is determined, buffer is hashed and - * freed and MD_CTX-es for all required digests are stored in this array + * When handshake digest is determined, buffer is hashed and + * freed and MD_CTX for the required digest is stored here. */ - EVP_MD_CTX **handshake_dgst; + EVP_MD_CTX *handshake_dgst; /* * Set whenever an expected ChangeCipherSpec message is processed. * Unset when the peer's Finished message is received. @@ -1286,7 +1247,6 @@ typedef struct ssl3_state_st { int ctype_num; char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; int key_block_length; unsigned char *key_block; const EVP_CIPHER *new_sym_enc; @@ -1335,8 +1295,6 @@ typedef struct ssl3_state_st { */ uint32_t mask_k; uint32_t mask_a; - uint32_t export_mask_k; - uint32_t export_mask_a; /* Client only */ uint32_t mask_ssl; } tmp; @@ -1378,9 +1336,6 @@ typedef struct ssl3_state_st { # endif /* !OPENSSL_NO_EC */ /* For clients: peer temporary key */ -# ifndef OPENSSL_NO_RSA - RSA *peer_rsa_tmp; -# endif # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; # endif @@ -1545,21 +1500,10 @@ typedef struct cert_st { * an index, not a pointer. */ CERT_PKEY *key; -# ifndef OPENSSL_NO_RSA - RSA *rsa_tmp; - RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize); -# endif # ifndef OPENSSL_NO_DH DH *dh_tmp; DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); int dh_tmp_auto; -# endif -# ifndef OPENSSL_NO_EC - EC_KEY *ecdh_tmp; - /* Callback for generating ephemeral ECDH keys */ - EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize); - /* Select ECDH parameters automatically */ - int ecdh_tmp_auto; # endif /* Flags related to certificates */ uint32_t cert_flags; @@ -1890,7 +1834,6 @@ void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp, int use_etm); -__owur int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); __owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr); __owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); @@ -2078,8 +2021,9 @@ __owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) __owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); # endif -__owur int tls1_process_ticket(SSL *s, const PACKET *ext, - const PACKET *session_id, SSL_SESSION **ret); +__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, + const PACKET *session_id, + SSL_SESSION **ret); __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md); @@ -2128,6 +2072,9 @@ __owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); +__owur const EVP_MD *ssl_md(int idx); +__owur const EVP_MD *ssl_handshake_md(SSL *s); +__owur const EVP_MD *ssl_prf_md(SSL *s); /* s3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);