X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=95e60414e217367857cb1be8b553750740390946;hp=db1d7cfad3e8b8a027779a8941110f1f0ebe422a;hb=6aaa29fb35c6d830c19e673650e6baf3f21ceda0;hpb=d781d247d1ef9331983f456d616659108c857d0d diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index db1d7cfad3..95e60414e2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1,5 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,50 +9,15 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #ifndef HEADER_SSL_LOCL_H # define HEADER_SSL_LOCL_H + +# include "e_os.h" /* struct timeval for DTLS */ # include # include # include # include -# include "e_os.h" -# if defined(__unix) || defined(__unix__) -# include /* struct timeval for DTLS */ -# endif - # include # include # include @@ -236,6 +203,9 @@ # define SSL_aGOST12 0x00000080U /* Any appropriate signature auth (for TLS 1.3 ciphersuites) */ # define SSL_aANY 0x00000000U +/* All bits requiring a certificate */ +#define SSL_aCERT \ + (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -258,12 +228,16 @@ # define SSL_AES256CCM8 0x00020000U # define SSL_eGOST2814789CNT12 0x00040000U # define SSL_CHACHA20POLY1305 0x00080000U +# define SSL_ARIA128GCM 0x00100000U +# define SSL_ARIA256GCM 0x00200000U # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) # define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) +# define SSL_ARIA (SSL_ARIAGCM) /* Bits for algorithm_mac (symmetric authentication) */ @@ -350,7 +324,8 @@ && (s)->method->version != TLS_ANY_VERSION) # define SSL_TREAT_AS_TLS13(s) \ - (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING) + (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) # define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0) @@ -388,24 +363,20 @@ /* Mostly for SSLv3 */ # define SSL_PKEY_RSA 0 -# define SSL_PKEY_DSA_SIGN 1 -# define SSL_PKEY_ECC 2 -# define SSL_PKEY_GOST01 3 -# define SSL_PKEY_GOST12_256 4 -# define SSL_PKEY_GOST12_512 5 -# define SSL_PKEY_NUM 6 +# define SSL_PKEY_RSA_PSS_SIGN 1 +# define SSL_PKEY_DSA_SIGN 2 +# define SSL_PKEY_ECC 3 +# define SSL_PKEY_GOST01 4 +# define SSL_PKEY_GOST12_256 5 +# define SSL_PKEY_GOST12_512 6 +# define SSL_PKEY_ED25519 7 +# define SSL_PKEY_NUM 8 /* * Pseudo-constant. GOST cipher suites can use different certs for 1 * SSL_CIPHER. So let's see which one we have in fact. */ # define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 -/* - * TODO(TLS1.3) for now use SSL_PKEY_RSA keys for PSS - */ - -#define SSL_PKEY_RSA_PSS_SIGN SSL_PKEY_RSA - /*- * SSL_kRSA <- RSA_ENC * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) @@ -426,6 +397,7 @@ struct ssl_cipher_st { uint32_t valid; const char *name; /* text name */ + const char *stdname; /* RFC name */ uint32_t id; /* id, 4 bytes, first is version */ /* * changed in 1.0.0: these four used to be portions of a single value @@ -451,7 +423,7 @@ struct ssl_method_st { unsigned flags; unsigned long mask; int (*ssl_new) (SSL *s); - void (*ssl_clear) (SSL *s); + int (*ssl_clear) (SSL *s); void (*ssl_free) (SSL *s); int (*ssl_accept) (SSL *s); int (*ssl_connect) (SSL *s); @@ -513,6 +485,8 @@ struct ssl_session_st { * in here? */ size_t master_key_length; + /* TLSv1.3 early_secret used for external PSKs */ + unsigned char early_secret[EVP_MAX_MD_SIZE]; /* * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption * master secret @@ -541,7 +515,7 @@ struct ssl_session_st { /* This is the cert and type for the other end. */ X509 *peer; int peer_type; - /* Certificate chain peer sent */ + /* Certificate chain peer sent. */ STACK_OF(X509) *peer_chain; /* * when app_verify_callback accepts a session where the peer's @@ -577,9 +551,14 @@ struct ssl_session_st { /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; + unsigned char *tick_nonce; + size_t tick_nonce_len; int tick_identity; /* Max number of bytes that can be sent as early data */ uint32_t max_early_data; + /* The ALPN protocol selected for this session */ + unsigned char *alpn_selected; + size_t alpn_selected_len; } ext; # ifndef OPENSSL_NO_SRP char *srp_username; @@ -618,6 +597,7 @@ typedef enum { SSL_EARLY_DATA_CONNECTING, SSL_EARLY_DATA_WRITE_RETRY, SSL_EARLY_DATA_WRITING, + SSL_EARLY_DATA_UNAUTH_WRITING, SSL_EARLY_DATA_FINISHED_WRITING, SSL_EARLY_DATA_ACCEPT_RETRY, SSL_EARLY_DATA_ACCEPTING, @@ -626,6 +606,26 @@ typedef enum { SSL_EARLY_DATA_FINISHED_READING } SSL_EARLY_DATA_STATE; +/* + * We check that the amount of unreadable early data doesn't exceed + * max_early_data. max_early_data is given in plaintext bytes. However if it is + * unreadable then we only know the number of ciphertext bytes. We also don't + * know how much the overhead should be because it depends on the ciphersuite. + * We make a small allowance. We assume 5 records of actual data plus the end + * of early data alert record. Each record has a tag and a content type byte. + * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the + * content of the alert record either which is 2 bytes. + */ +# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2) + +/* + * The allowance we have between the client's calculated ticket age and our own. + * We allow for 10 seconds (units are in ms). If a ticket is presented and the + * client's age calculation is different by more than this than our own then we + * do not allow that ticket for early_data. + */ +# define TICKET_AGE_ALLOWANCE (10 * 1000) + #define MAX_COMPRESSIONS_SIZE 255 struct ssl_comp_st { @@ -643,6 +643,8 @@ typedef struct raw_extension_st { int parsed; /* The type of this extension, i.e. a TLSEXT_TYPE_* value */ unsigned int type; + /* Track what order extensions are received in (0-based). */ + size_t received_order; } RAW_EXTENSION; typedef struct { @@ -661,6 +663,38 @@ typedef struct { RAW_EXTENSION *pre_proc_exts; } CLIENTHELLO_MSG; +/* + * Extension index values NOTE: Any updates to these defines should be mirrored + * with equivalent updates to ext_defs in extensions.c + */ +typedef enum tlsext_index_en { + TLSEXT_IDX_renegotiate, + TLSEXT_IDX_server_name, + TLSEXT_IDX_srp, + TLSEXT_IDX_ec_point_formats, + TLSEXT_IDX_supported_groups, + TLSEXT_IDX_session_ticket, + TLSEXT_IDX_status_request, + TLSEXT_IDX_next_proto_neg, + TLSEXT_IDX_application_layer_protocol_negotiation, + TLSEXT_IDX_use_srtp, + TLSEXT_IDX_encrypt_then_mac, + TLSEXT_IDX_signed_certificate_timestamp, + TLSEXT_IDX_extended_master_secret, + TLSEXT_IDX_signature_algorithms, + TLSEXT_IDX_supported_versions, + TLSEXT_IDX_psk_kex_modes, + TLSEXT_IDX_key_share, + TLSEXT_IDX_cookie, + TLSEXT_IDX_cryptopro_bug, + TLSEXT_IDX_early_data, + TLSEXT_IDX_certificate_authorities, + TLSEXT_IDX_padding, + TLSEXT_IDX_psk, + /* Dummy index - must always be the last entry */ + TLSEXT_IDX_num_builtins +} TLSEXT_INDEX; + DEFINE_LHASH_OF(SSL_SESSION); /* Needed in ssl_cert.c */ DEFINE_LHASH_OF(X509_NAME); @@ -765,8 +799,12 @@ struct ssl_ctx_st { /* used if SSL's info_callback is NULL */ void (*info_callback) (const SSL *ssl, int type, int val); - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; + /* + * What we put in certificate_authorities extension for TLS 1.3 + * (ClientHello and CertificateRequest) or just client cert requests for + * earlier versions. + */ + STACK_OF(X509_NAME) *ca_names; /* * Default values to use in SSL structures follow (these are copied by @@ -834,9 +872,9 @@ struct ssl_ctx_st { ENGINE *client_cert_engine; # endif - /* Early callback. Mostly for extensions, but not entirely. */ - SSL_early_cb_fn early_cb; - void *early_cb_arg; + /* ClientHello callback. Mostly for extensions, but not entirely. */ + SSL_client_hello_cb_fn client_hello_cb; + void *client_hello_cb_arg; /* TLS extensions. */ struct { @@ -918,6 +956,8 @@ struct ssl_ctx_st { SSL_psk_client_cb_func psk_client_callback; SSL_psk_server_cb_func psk_server_callback; # endif + SSL_psk_find_session_cb_func psk_find_session_cb; + SSL_psk_use_session_cb_func psk_use_session_cb; # ifndef OPENSSL_NO_SRP SRP_CTX srp_ctx; /* ctx for SRP authentication */ @@ -944,6 +984,11 @@ struct ssl_ctx_st { /* The maximum number of bytes that can be sent as early data */ uint32_t max_early_data; + + /* TLS1.3 padding callback */ + size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); + void *record_padding_arg; + size_t block_padding; }; struct ssl_st { @@ -1027,8 +1072,10 @@ struct ssl_st { unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_hash[EVP_MAX_MD_SIZE]; + unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ EVP_MD_CTX *read_hash; /* used for mac generation */ @@ -1062,6 +1109,10 @@ struct ssl_st { unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* This can also be in the session once a session is established */ SSL_SESSION *session; + /* TLSv1.3 PSK session */ + SSL_SESSION *psksession; + unsigned char *psksession_id; + size_t psksession_id_len; /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; /* Used in SSL3 */ @@ -1082,6 +1133,8 @@ struct ssl_st { SSL_psk_client_cb_func psk_client_callback; SSL_psk_server_cb_func psk_server_callback; # endif + SSL_psk_find_session_cb_func psk_find_session_cb; + SSL_psk_use_session_cb_func psk_use_session_cb; SSL_CTX *ctx; /* Verified chain of peer */ STACK_OF(X509) *verified_chain; @@ -1089,7 +1142,7 @@ struct ssl_st { /* extra application data */ CRYPTO_EX_DATA ex_data; /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; + STACK_OF(X509_NAME) *ca_names; CRYPTO_REF_COUNT references; /* protocol behaviour */ uint32_t options; @@ -1118,6 +1171,8 @@ struct ssl_st { size_t max_pipelines; struct { + /* Built-in extension flags */ + uint8_t extflags[TLSEXT_IDX_num_builtins]; /* TLS extension debug callback */ void (*debug_cb)(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); @@ -1182,11 +1237,20 @@ struct ssl_st { /* Set to one if we have negotiated ETM */ int use_etm; - /* Set to 1 if we are expecting to receive early data */ - int expect_early_data; + /* Are we expecting to receive early data? */ + int early_data; + /* Is the session suitable for early data? */ + int early_data_ok; + + /* May be sent by a server in HRR. Must be echoed back in ClientHello */ + unsigned char *tls13_cookie; + size_t tls13_cookie_len; } ext; - /* Parsed form of the ClientHello, kept around across early_cb calls. */ + /* + * Parsed form of the ClientHello, kept around across client_hello_cb + * calls. + */ CLIENTHELLO_MSG *clienthello; /*- @@ -1244,10 +1308,22 @@ struct ssl_st { ASYNC_WAIT_CTX *waitctx; size_t asyncrw; - /* The maximum number of bytes that can be sent as early data */ + /* The maximum number of plaintext bytes that can be sent as early data */ uint32_t max_early_data; + /* + * The number of bytes of early data received so far. If we accepted early + * data then this is a count of the plaintext bytes. If we rejected it then + * this is a count of the ciphertext bytes. + */ + uint32_t early_data_count; + + /* TLS1.3 padding callback */ + size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); + void *record_padding_arg; + size_t block_padding; CRYPTO_RWLOCK *lock; + RAND_DRBG *drbg; }; /* @@ -1259,9 +1335,9 @@ typedef struct sigalg_lookup_st { const char *name; /* Raw value used in extension */ uint16_t sigalg; - /* NID of hash algorithm */ + /* NID of hash algorithm or NID_undef if no hash */ int hash; - /* Index of hash algorithm */ + /* Index of hash algorithm or -1 if no hash algorithm */ int hash_idx; /* NID of signature algorithm */ int sig; @@ -1275,6 +1351,15 @@ typedef struct sigalg_lookup_st { typedef struct cert_pkey_st CERT_PKEY; +/* + * Structure containing table entry of certificate info corresponding to + * CERT_PKEY entries + */ +typedef struct { + int nid; /* NID of pubic key algorithm */ + uint32_t amask; /* authmask corresponding to key type */ +} SSL_CERT_LOOKUP; + typedef struct ssl3_state_st { long flags; size_t read_mac_secret_size; @@ -1333,7 +1418,8 @@ typedef struct ssl3_state_st { /* Certificate types in certificate request message. */ uint8_t *ctype; size_t ctype_len; - STACK_OF(X509_NAME) *ca_names; + /* Certificate authorities list peer sent */ + STACK_OF(X509_NAME) *peer_ca_names; size_t key_block_length; unsigned char *key_block; const EVP_CIPHER *new_sym_enc; @@ -1536,11 +1622,15 @@ typedef struct dtls1_state_st { */ struct timeval next_timeout; /* Timeout duration */ - unsigned short timeout_duration; + unsigned int timeout_duration_us; + unsigned int retransmitting; # ifndef OPENSSL_NO_SCTP int shutdown_received; # endif + + DTLS_timer_cb timer_cb; + } DTLS1_STATE; # ifndef OPENSSL_NO_EC @@ -1573,17 +1663,27 @@ struct cert_pkey_st { # define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT) +typedef enum { + ENDPOINT_CLIENT = 0, + ENDPOINT_SERVER, + ENDPOINT_BOTH +} ENDPOINT; + + typedef struct { unsigned short ext_type; + ENDPOINT role; + /* The context which this extension applies to */ + unsigned int context; /* * Per-connection flags relating to this extension type: not used if * part of an SSL_CTX structure. */ uint32_t ext_flags; - custom_ext_add_cb add_cb; - custom_ext_free_cb free_cb; + SSL_custom_ext_add_cb_ex add_cb; + SSL_custom_ext_free_cb_ex free_cb; void *add_arg; - custom_ext_parse_cb parse_cb; + SSL_custom_ext_parse_cb_ex parse_cb; void *parse_arg; } custom_ext_method; @@ -1663,9 +1763,8 @@ typedef struct cert_st { */ X509_STORE *chain_store; X509_STORE *verify_store; - /* Custom extension methods for server and client */ - custom_ext_methods cli_ext; - custom_ext_methods srv_ext; + /* Custom extensions */ + custom_ext_methods custext; /* Security callback */ int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); @@ -1745,34 +1844,11 @@ typedef struct ssl3_comp_st { } SSL3_COMP; # endif -/* - * Extension index values NOTE: Any updates to these defines should be mirrored - * with equivalent updates to ext_defs in extensions.c - */ -typedef enum tlsext_index_en { - TLSEXT_IDX_renegotiate, - TLSEXT_IDX_server_name, - TLSEXT_IDX_srp, - TLSEXT_IDX_early_data_info, - TLSEXT_IDX_early_data, - TLSEXT_IDX_ec_point_formats, - TLSEXT_IDX_supported_groups, - TLSEXT_IDX_session_ticket, - TLSEXT_IDX_signature_algorithms, - TLSEXT_IDX_status_request, - TLSEXT_IDX_next_proto_neg, - TLSEXT_IDX_application_layer_protocol_negotiation, - TLSEXT_IDX_use_srtp, - TLSEXT_IDX_encrypt_then_mac, - TLSEXT_IDX_signed_certificate_timestamp, - TLSEXT_IDX_extended_master_secret, - TLSEXT_IDX_supported_versions, - TLSEXT_IDX_psk_kex_modes, - TLSEXT_IDX_key_share, - TLSEXT_IDX_cryptopro_bug, - TLSEXT_IDX_padding, - TLSEXT_IDX_psk -} TLSEXT_INDEX; +typedef enum downgrade_en { + DOWNGRADE_NONE, + DOWNGRADE_TO_1_2, + DOWNGRADE_TO_1_1 +} DOWNGRADE; /* * Dummy status type for the status_type extension. Indicates no status type @@ -1784,6 +1860,7 @@ typedef enum tlsext_index_en { #define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 #define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 #define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 +#define TLSEXT_SIGALG_ecdsa_sha224 0x0303 #define TLSEXT_SIGALG_ecdsa_sha1 0x0203 #define TLSEXT_SIGALG_rsa_pss_sha256 0x0804 #define TLSEXT_SIGALG_rsa_pss_sha384 0x0805 @@ -1791,15 +1868,19 @@ typedef enum tlsext_index_en { #define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 #define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 #define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 +#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301 #define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201 #define TLSEXT_SIGALG_dsa_sha256 0x0402 #define TLSEXT_SIGALG_dsa_sha384 0x0502 #define TLSEXT_SIGALG_dsa_sha512 0x0602 +#define TLSEXT_SIGALG_dsa_sha224 0x0302 #define TLSEXT_SIGALG_dsa_sha1 0x0202 #define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee #define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef #define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded +#define TLSEXT_SIGALG_ed25519 0x0807 + /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 #define TLSEXT_KEX_MODE_KE_DHE 0x01 @@ -1820,6 +1901,9 @@ typedef enum tlsext_index_en { /* A dummy signature value not valid for TLSv1.2 signature algs */ #define TLSEXT_signature_rsa_pss 0x0101 +/* TLSv1.3 downgrade protection sentinel values */ +extern const unsigned char tls11downgrade[8]; +extern const unsigned char tls12downgrade[8]; extern SSL3_ENC_METHOD ssl3_undef_enc_method; @@ -1992,7 +2076,6 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx) # ifndef OPENSSL_UNIT_TEST -int ssl_end_of_early_data_seen(SSL *s); __owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); __owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written); void ssl_clear_cipher_ctx(SSL *s); @@ -2028,7 +2111,7 @@ __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, size_t *int_overhead, size_t *blocksize, size_t *ext_overhead); -__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c); +__owur int ssl_cert_is_disabled(size_t idx); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, int all); @@ -2038,7 +2121,6 @@ __owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_set_current(CERT *c, long arg); -__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first); void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); @@ -2046,24 +2128,28 @@ __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); +__owur int ssl_randbytes(SSL *s, unsigned char *buf, size_t num); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, + size_t *pidx); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); + int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); __owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length); -__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); void ssl_sort_cipher_list(void); -void ssl_load_ciphers(void); +int ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, - size_t len); + size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms); __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); @@ -2072,6 +2158,7 @@ __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id); +__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len); @@ -2106,7 +2193,7 @@ __owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes); __owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes); __owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written); __owur int ssl3_shutdown(SSL *s); -void ssl3_clear(SSL *s); +int ssl3_clear(SSL *s); __owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); @@ -2129,10 +2216,11 @@ __owur int ssl_version_supported(const SSL *s, int version); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); -__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello); -__owur int ssl_choose_client_version(SSL *s, int version); -int ssl_get_client_min_max_version(const SSL *s, int *min_version, - int *max_version); +__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, + DOWNGRADE *dgrd); +__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd, + int *al); +int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version); __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); @@ -2163,27 +2251,24 @@ __owur int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, size_t cookie_len); -__owur int dtls1_send_newsession_ticket(SSL *s); __owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); __owur int dtls1_query_mtu(SSL *s); __owur int tls1_new(SSL *s); void tls1_free(SSL *s); -void tls1_clear(SSL *s); -long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); -long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); +int tls1_clear(SSL *s); __owur int dtls1_new(SSL *s); void dtls1_free(SSL *s); -void dtls1_clear(SSL *s); +int dtls1_clear(SSL *s); long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); __owur int dtls1_shutdown(SSL *s); __owur int dtls1_dispatch_alert(SSL *s); __owur int ssl_init_wbio_buffer(SSL *s); -void ssl_free_wbio_buffer(SSL *s); +int ssl_free_wbio_buffer(SSL *s); __owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_setup_key_block(SSL *s); @@ -2200,7 +2285,7 @@ __owur int tls13_update_key(SSL *s, int send); __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *label, size_t labellen, - const unsigned char *hash, + const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen); __owur int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, unsigned char *key, @@ -2226,6 +2311,10 @@ __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); +__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); @@ -2260,14 +2349,10 @@ __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_curve(int id); # endif /* OPENSSL_NO_EC */ -__owur int tls1_shared_list(SSL *s, - const unsigned char *l1, size_t l1len, - const unsigned char *l2, size_t l2len, int nmatch); __owur int tls_curve_allowed(SSL *s, const unsigned char *curve, int op); __owur int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves, size_t *num_curves); -void ssl_set_default_md(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s); /* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */ @@ -2284,7 +2369,7 @@ typedef enum ticket_en { TICKET_NO_DECRYPT, /* a ticket was successfully decrypted */ TICKET_SUCCESS, - /* same as above but the ticket needs to be reneewed */ + /* same as above but the ticket needs to be renewed */ TICKET_SUCCESS_RENEW } TICKET_RETURN; @@ -2328,10 +2413,11 @@ __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, __owur int tls1_save_sigalgs(SSL *s, PACKET *pkt); __owur int tls1_process_sigalgs(SSL *s); __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); +__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); void ssl_set_client_disabled(SSL *s); -__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op); +__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, size_t *hashlen); @@ -2382,18 +2468,24 @@ __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); __owur int srp_verify_server_param(SSL *s, int *al); -/* t1_ext.c */ +/* statem/extensions_cust.c */ + +custom_ext_method *custom_ext_find(const custom_ext_methods *exts, + ENDPOINT role, unsigned int ext_type, + size_t *idx); void custom_ext_init(custom_ext_methods *meths); -__owur int custom_ext_parse(SSL *s, int server, - unsigned int ext_type, +__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, - int *al); -__owur int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al); + X509 *x, size_t chainidx, int *al); +__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, + size_t chainidx, int maxversion, int *al); __owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); +__owur int custom_exts_copy_flags(custom_ext_methods *dst, + const custom_ext_methods *src); void custom_exts_free(custom_ext_methods *exts); void ssl_comp_free_compression_methods_int(void);