(int (*)(SSL *, const char *, int, unsigned char *))
ssl_undefined_function,
0, /* finish_mac_length */
- (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */
} f;
};
+static const struct {
+ uint8_t mtype;
+ uint8_t ord;
+ int nid;
+} dane_mds[] = {
+ { DANETLS_MATCHING_FULL, 0, NID_undef },
+ { DANETLS_MATCHING_2256, 1, NID_sha256 },
+ { DANETLS_MATCHING_2512, 2, NID_sha512 },
+};
+
+static int dane_ctx_enable(struct dane_ctx_st *dctx)
+{
+ const EVP_MD **mdevp;
+ uint8_t *mdord;
+ uint8_t mdmax = DANETLS_MATCHING_LAST;
+ int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */
+ size_t i;
+
+ mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
+ mdord = OPENSSL_zalloc(n * sizeof(*mdord));
+
+ if (mdord == NULL || mdevp == NULL) {
+ OPENSSL_free(mdevp);
+ SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* Install default entries */
+ for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
+ const EVP_MD *md;
+
+ if (dane_mds[i].nid == NID_undef ||
+ (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
+ continue;
+ mdevp[dane_mds[i].mtype] = md;
+ mdord[dane_mds[i].mtype] = dane_mds[i].ord;
+ }
+
+ dctx->mdevp = mdevp;
+ dctx->mdord = mdord;
+ dctx->mdmax = mdmax;
+
+ return 1;
+}
+
+static void dane_ctx_final(struct dane_ctx_st *dctx)
+{
+ OPENSSL_free(dctx->mdevp);
+ dctx->mdevp = NULL;
+
+ OPENSSL_free(dctx->mdord);
+ dctx->mdord = NULL;
+ dctx->mdmax = 0;
+}
+
+static void tlsa_free(danetls_record *t)
+{
+ if (t == NULL)
+ return;
+ OPENSSL_free(t->data);
+ EVP_PKEY_free(t->spki);
+ OPENSSL_free(t);
+}
+
+static void dane_final(struct dane_st *dane)
+{
+ sk_danetls_record_pop_free(dane->trecs, tlsa_free);
+ dane->trecs = NULL;
+
+ sk_X509_pop_free(dane->certs, X509_free);
+ dane->certs = NULL;
+
+ X509_free(dane->mcert);
+ dane->mcert = NULL;
+ dane->mtlsa = NULL;
+ dane->mdpth = -1;
+ dane->pdpth = -1;
+}
+
+/*
+ * dane_copy - Copy dane configuration, sans verification state.
+ */
+static int ssl_dane_dup(SSL *to, SSL *from)
+{
+ int num;
+ int i;
+
+ if (!DANETLS_ENABLED(&from->dane))
+ return 1;
+
+ dane_final(&to->dane);
+
+ num = sk_danetls_record_num(from->dane.trecs);
+ for (i = 0; i < num; ++i) {
+ danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
+ if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
+ t->data, t->dlen) <= 0)
+ return 0;
+ }
+ return 1;
+}
+
+static int dane_mtype_set(
+ struct dane_ctx_st *dctx,
+ const EVP_MD *md,
+ uint8_t mtype,
+ uint8_t ord)
+{
+ int i;
+
+ if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
+ SSLerr(SSL_F_DANE_MTYPE_SET,
+ SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
+ return 0;
+ }
+
+ if (mtype > dctx->mdmax) {
+ const EVP_MD **mdevp;
+ uint8_t *mdord;
+ int n = ((int) mtype) + 1;
+
+ mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
+ if (mdevp == NULL) {
+ SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dctx->mdevp = mdevp;
+
+ mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
+ if (mdord == NULL) {
+ SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dctx->mdord = mdord;
+
+ /* Zero-fill any gaps */
+ for (i = dctx->mdmax+1; i < mtype; ++i) {
+ mdevp[i] = NULL;
+ mdord[i] = 0;
+ }
+
+ dctx->mdmax = mtype;
+ }
+
+ dctx->mdevp[mtype] = md;
+ /* Coerce ordinal of disabled matching types to 0 */
+ dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
+
+ return 1;
+}
+
+static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype)
+{
+ if (mtype > dane->dctx->mdmax)
+ return NULL;
+ return dane->dctx->mdevp[mtype];
+}
+
+static int dane_tlsa_add(
+ struct dane_st *dane,
+ uint8_t usage,
+ uint8_t selector,
+ uint8_t mtype,
+ unsigned char *data,
+ size_t dlen)
+{
+ danetls_record *t;
+ const EVP_MD *md = NULL;
+ int ilen = (int)dlen;
+ int i;
+
+ if (dane->trecs == NULL) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
+ return -1;
+ }
+
+ if (ilen < 0 || dlen != (size_t)ilen) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
+ return 0;
+ }
+
+ if (usage > DANETLS_USAGE_LAST) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
+ return 0;
+ }
+
+ if (selector > DANETLS_SELECTOR_LAST) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
+ return 0;
+ }
+
+ if (mtype != DANETLS_MATCHING_FULL) {
+ md = tlsa_md_get(dane, mtype);
+ if (md == NULL) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
+ return 0;
+ }
+ }
+
+ if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
+ return 0;
+ }
+ if (!data) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
+ return 0;
+ }
+
+ if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
+ t->usage = usage;
+ t->selector = selector;
+ t->mtype = mtype;
+ t->data = OPENSSL_malloc(ilen);
+ if (t->data == NULL) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ memcpy(t->data, data, ilen);
+ t->dlen = ilen;
+
+ /* Validate and cache full certificate or public key */
+ if (mtype == DANETLS_MATCHING_FULL) {
+ const unsigned char *p = data;
+ X509 *cert = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ switch (selector) {
+ case DANETLS_SELECTOR_CERT:
+ if (!d2i_X509(&cert, &p, dlen) || p < data ||
+ dlen != (size_t)(p - data)) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+ return 0;
+ }
+ if (X509_get0_pubkey(cert) == NULL) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+ return 0;
+ }
+
+ if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+ X509_free(cert);
+ break;
+ }
+
+ /*
+ * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
+ * records that contain full certificates of trust-anchors that are
+ * not present in the wire chain. For usage PKIX-TA(0), we augment
+ * the chain with untrusted Full(0) certificates from DNS, in case
+ * they are missing from the chain.
+ */
+ if ((dane->certs == NULL &&
+ (dane->certs = sk_X509_new_null()) == NULL) ||
+ !sk_X509_push(dane->certs, cert)) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ X509_free(cert);
+ tlsa_free(t);
+ return -1;
+ }
+ break;
+
+ case DANETLS_SELECTOR_SPKI:
+ if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data ||
+ dlen != (size_t)(p - data)) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
+ return 0;
+ }
+
+ /*
+ * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
+ * records that contain full bare keys of trust-anchors that are
+ * not present in the wire chain.
+ */
+ if (usage == DANETLS_USAGE_DANE_TA)
+ t->spki = pkey;
+ else
+ EVP_PKEY_free(pkey);
+ break;
+ }
+ }
+
+ /*-
+ * Find the right insertion point for the new record.
+ *
+ * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
+ * they can be processed first, as they require no chain building, and no
+ * expiration or hostname checks. Because DANE-EE(3) is numerically
+ * largest, this is accomplished via descending sort by "usage".
+ *
+ * We also sort in descending order by matching ordinal to simplify
+ * the implementation of digest agility in the verification code.
+ *
+ * The choice of order for the selector is not significant, so we
+ * use the same descending order for consistency.
+ */
+ for (i = 0; i < sk_danetls_record_num(dane->trecs); ++i) {
+ danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
+ if (rec->usage > usage)
+ continue;
+ if (rec->usage < usage)
+ break;
+ if (rec->selector > selector)
+ continue;
+ if (rec->selector < selector)
+ break;
+ if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
+ continue;
+ break;
+ }
+
+ if (!sk_danetls_record_insert(dane->trecs, t, i)) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dane->umask |= DANETLS_USAGE_BIT(usage);
+
+ return 1;
+}
+
static void clear_ciphers(SSL *s)
{
/* clear the current cipher */
clear_ciphers(s);
s->first_packet = 0;
+ /* Reset DANE verification result state */
+ s->dane.mdpth = -1;
+ s->dane.pdpth = -1;
+ X509_free(s->dane.mcert);
+ s->dane.mcert = NULL;
+ s->dane.mtlsa = NULL;
+
+ /* Clear the verification result peername */
+ X509_VERIFY_PARAM_move_peername(s->param, NULL);
+
/*
* Check to see if we were changed into a different method, if so, revert
* back if we are not doing session-id reuse.
RECORD_LAYER_init(&s->rlayer, s);
s->options = ctx->options;
+ s->min_proto_version = ctx->min_proto_version;
+ s->max_proto_version = ctx->max_proto_version;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
s->references = 1;
# ifndef OPENSSL_NO_EC
if (ctx->tlsext_ecpointformatlist) {
s->tlsext_ecpointformatlist =
- BUF_memdup(ctx->tlsext_ecpointformatlist,
- ctx->tlsext_ecpointformatlist_length);
+ OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
+ ctx->tlsext_ecpointformatlist_length);
if (!s->tlsext_ecpointformatlist)
goto err;
s->tlsext_ecpointformatlist_length =
}
if (ctx->tlsext_ellipticcurvelist) {
s->tlsext_ellipticcurvelist =
- BUF_memdup(ctx->tlsext_ellipticcurvelist,
- ctx->tlsext_ellipticcurvelist_length);
+ OPENSSL_memdup(ctx->tlsext_ellipticcurvelist,
+ ctx->tlsext_ellipticcurvelist_length);
if (!s->tlsext_ellipticcurvelist)
goto err;
s->tlsext_ellipticcurvelist_length =
return X509_VERIFY_PARAM_set_trust(s->param, trust);
}
+int SSL_set1_host(SSL *s, const char *hostname)
+{
+ return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
+int SSL_add1_host(SSL *s, const char *hostname)
+{
+ return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
+}
+
+void SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+ X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
+const char *SSL_get0_peername(SSL *s)
+{
+ return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx)
+{
+ return dane_ctx_enable(&ctx->dane);
+}
+
+int SSL_dane_enable(SSL *s, const char *basedomain)
+{
+ struct dane_st *dane = &s->dane;
+
+ if (s->ctx->dane.mdmax == 0) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
+ return 0;
+ }
+ if (dane->trecs != NULL) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
+ return 0;
+ }
+
+ /* Primary RFC6125 reference identifier */
+ if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+ return -1;
+ }
+
+ /* Default SNI name */
+ if (s->tlsext_hostname == NULL) {
+ if (!SSL_set_tlsext_host_name(s, basedomain))
+ return -1;
+ }
+
+ dane->mdpth = -1;
+ dane->pdpth = -1;
+ dane->dctx = &s->ctx->dane;
+ dane->trecs = sk_danetls_record_new_null();
+
+ if (dane->trecs == NULL) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ return 1;
+}
+
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+{
+ struct dane_st *dane = &s->dane;
+
+ if (!DANETLS_ENABLED(dane))
+ return -1;
+ if (dane->mtlsa) {
+ if (mcert)
+ *mcert = dane->mcert;
+ if (mspki)
+ *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
+ }
+ return dane->mdpth;
+}
+
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+ uint8_t *mtype, unsigned const char **data, size_t *dlen)
+{
+ struct dane_st *dane = &s->dane;
+
+ if (!DANETLS_ENABLED(dane))
+ return -1;
+ if (dane->mtlsa) {
+ if (usage)
+ *usage = dane->mtlsa->usage;
+ if (selector)
+ *selector = dane->mtlsa->selector;
+ if (mtype)
+ *mtype = dane->mtlsa->mtype;
+ if (data)
+ *data = dane->mtlsa->data;
+ if (dlen)
+ *dlen = dane->mtlsa->dlen;
+ }
+ return dane->mdpth;
+}
+
+struct dane_st *SSL_get0_dane(SSL *s)
+{
+ return &s->dane;
+}
+
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+ uint8_t mtype, unsigned char *data, size_t dlen)
+{
+ return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
+}
+
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord)
+{
+ return dane_mtype_set(&ctx->dane, md, mtype, ord);
+}
+
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
{
return X509_VERIFY_PARAM_set1(ctx->param, vpm);
#endif
X509_VERIFY_PARAM_free(s->param);
+ dane_final(&s->dane);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
if (s->bbio != NULL) {
* what if we are setup for one protocol version but want to talk another
*/
if (t->method != f->method) {
- t->method->ssl_free(t); /* cleanup current */
- t->method = f->method; /* change method */
- t->method->ssl_new(t); /* setup new */
+ t->method->ssl_free(t);
+ t->method = f->method;
+ if (t->method->ssl_new(t) == 0)
+ return 0;
}
CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
return 1;
else
return 0;
+ case SSL_CTRL_SET_MIN_PROTO_VERSION:
+ return ssl_set_version_bound(s->ctx->method->version, (int)larg,
+ &s->min_proto_version);
+ case SSL_CTRL_SET_MAX_PROTO_VERSION:
+ return ssl_set_version_bound(s->ctx->method->version, (int)larg,
+ &s->max_proto_version);
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
return (ctx->cert->cert_flags |= larg);
case SSL_CTRL_CLEAR_CERT_FLAGS:
return (ctx->cert->cert_flags &= ~larg);
+ case SSL_CTRL_SET_MIN_PROTO_VERSION:
+ return ssl_set_version_bound(ctx->method->version, (int)larg,
+ &ctx->min_proto_version);
+ case SSL_CTRL_SET_MAX_PROTO_VERSION:
+ return ssl_set_version_bound(ctx->method->version, (int)larg,
+ &ctx->max_proto_version);
default:
return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
}
/** The old interface to get the same thing as SSL_get_ciphers() */
const char *SSL_get_cipher_list(const SSL *s, int n)
{
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
if (s == NULL)
{
char *p;
STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
int i;
if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
}
if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);
return NULL;
}
goto err;
ret->method = meth;
+ ret->min_proto_version = 0;
+ ret->max_proto_version = 0;
ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
/* We take the system default. */
#endif
X509_VERIFY_PARAM_free(a->param);
+ dane_ctx_final(&a->dane);
/*
* Free internal session cache. However: the remove_cb() may reference
void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
{
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST)
CERT_PKEY *cpk;
+#endif
CERT *c = s->cert;
uint32_t *pvalid = s->s3->tmp.valid_flags;
- int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
- int rsa_enc_export, dh_rsa_export, dh_dsa_export;
- int rsa_tmp_export, dh_tmp_export, kl;
- unsigned long mask_k, mask_a, emask_k, emask_a;
+ int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+ unsigned long mask_k, mask_a;
#ifndef OPENSSL_NO_EC
- int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
- int have_ecdh_tmp, ecdh_ok;
+ int have_ecc_cert, ecdsa_ok;
+ int ecdh_ok;
X509 *x = NULL;
- EVP_PKEY *ecc_pkey = NULL;
int pk_nid = 0, md_nid = 0;
#endif
if (c == NULL)
return;
- kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
- rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
- rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
- (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl));
-#else
- rsa_tmp = rsa_tmp_export = 0;
-#endif
#ifndef OPENSSL_NO_DH
dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
- dh_tmp_export = !c->dh_tmp_auto && (c->dh_tmp_cb != NULL ||
- (dh_tmp
- && DH_size(c->dh_tmp) * 8 <= kl));
#else
- dh_tmp = dh_tmp_export = 0;
+ dh_tmp = 0;
#endif
-#ifndef OPENSSL_NO_EC
- have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
-#endif
- cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
- rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
- cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN;
- cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
- cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
- dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID;
- dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
- cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
- dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID;
- dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
- cpk = &(c->pkeys[SSL_PKEY_ECC]);
#ifndef OPENSSL_NO_EC
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
#endif
mask_k = 0;
mask_a = 0;
- emask_k = 0;
- emask_a = 0;
#ifdef CIPHER_DEBUG
fprintf(stderr,
- "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
- rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc,
- rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
+ "dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ dh_tmp, rsa_enc, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
#endif
+#ifndef OPENSSL_NO_GOST
cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
mask_k |= SSL_kGOST;
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
+#endif
- if (rsa_enc || (rsa_tmp && rsa_sign))
+ if (rsa_enc)
mask_k |= SSL_kRSA;
- if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
- emask_k |= SSL_kRSA;
-
- if (dh_tmp_export)
- emask_k |= SSL_kDHE;
if (dh_tmp)
mask_k |= SSL_kDHE;
- if (dh_rsa)
- mask_k |= SSL_kDHr;
- if (dh_rsa_export)
- emask_k |= SSL_kDHr;
-
- if (dh_dsa)
- mask_k |= SSL_kDHd;
- if (dh_dsa_export)
- emask_k |= SSL_kDHd;
-
- if (mask_k & (SSL_kDHr | SSL_kDHd))
- mask_a |= SSL_aDH;
-
if (rsa_enc || rsa_sign) {
mask_a |= SSL_aRSA;
- emask_a |= SSL_aRSA;
}
if (dsa_sign) {
mask_a |= SSL_aDSS;
- emask_a |= SSL_aDSS;
}
mask_a |= SSL_aNULL;
- emask_a |= SSL_aNULL;
/*
* An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
ecdsa_ok = 0;
- ecc_pkey = X509_get_pubkey(x);
- ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
- EVP_PKEY_free(ecc_pkey);
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
if (ecdh_ok) {
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
mask_k |= SSL_kECDHr;
mask_a |= SSL_aECDH;
- if (ecc_pkey_size <= 163) {
- emask_k |= SSL_kECDHr;
- emask_a |= SSL_aECDH;
- }
}
if (pk_nid == NID_X9_62_id_ecPublicKey) {
mask_k |= SSL_kECDHe;
mask_a |= SSL_aECDH;
- if (ecc_pkey_size <= 163) {
- emask_k |= SSL_kECDHe;
- emask_a |= SSL_aECDH;
- }
}
}
if (ecdsa_ok) {
mask_a |= SSL_aECDSA;
- emask_a |= SSL_aECDSA;
}
}
#endif
#ifndef OPENSSL_NO_EC
- if (have_ecdh_tmp) {
- mask_k |= SSL_kECDHE;
- emask_k |= SSL_kECDHE;
- }
+ mask_k |= SSL_kECDHE;
#endif
#ifndef OPENSSL_NO_PSK
mask_k |= SSL_kPSK;
mask_a |= SSL_aPSK;
- emask_k |= SSL_kPSK;
- emask_a |= SSL_aPSK;
if (mask_k & SSL_kRSA)
mask_k |= SSL_kRSAPSK;
if (mask_k & SSL_kDHE)
s->s3->tmp.mask_k = mask_k;
s->s3->tmp.mask_a = mask_a;
- s->s3->tmp.export_mask_k = emask_k;
- s->s3->tmp.export_mask_a = emask_a;
}
#ifndef OPENSSL_NO_EC
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
unsigned long alg_k, alg_a;
- EVP_PKEY *pkey = NULL;
- int keysize = 0;
int md_nid = 0, pk_nid = 0;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
uint32_t ex_kusage = X509_get_key_usage(x);
alg_k = cs->algorithm_mkey;
alg_a = cs->algorithm_auth;
- if (SSL_C_IS_EXPORT(cs)) {
- /* ECDH key length in export ciphers must be <= 163 bits */
- pkey = X509_get_pubkey(x);
- if (pkey == NULL)
- return 0;
- keysize = EVP_PKEY_bits(pkey);
- EVP_PKEY_free(pkey);
- if (keysize > 163)
- return 0;
- }
-
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
{
- int conn = -1;
int ret = 1;
if (s->method != meth) {
- if (s->handshake_func != NULL)
- conn = (s->handshake_func == s->method->ssl_connect);
+ const SSL_METHOD *sm = s->method;
+ int (*hf)(SSL *) = s->handshake_func;
- if (s->method->version == meth->version)
+ if (sm->version == meth->version)
s->method = meth;
else {
- s->method->ssl_free(s);
+ sm->ssl_free(s);
s->method = meth;
ret = s->method->ssl_new(s);
}
- if (conn == 1)
+ if (hf == sm->ssl_connect)
s->handshake_func = meth->ssl_connect;
- else if (conn == 0)
+ else if (hf == sm->ssl_accept)
s->handshake_func = meth->ssl_accept;
}
return (ret);
SSL *ret;
int i;
+ /* If we're not quiescent, just up_ref! */
+ if (!SSL_in_init(s) || !SSL_in_before(s)) {
+ CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL);
+ return s;
+ }
+
+ /*
+ * Otherwise, copy configuration state, and session if set.
+ */
if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
return (NULL);
- ret->version = s->version;
- ret->method = s->method;
-
if (s->session != NULL) {
- /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+ /*
+ * Arranges to share the same session via up_ref. This "copies"
+ * session-id, SSL_METHOD, sid_ctx, and 'cert'
+ */
if (!SSL_copy_session_id(ret, s))
goto err;
} else {
* point to the same object, and thus we can't use
* SSL_copy_session_id.
*/
-
- ret->method->ssl_free(ret);
- ret->method = s->method;
- ret->method->ssl_new(ret);
+ if (!SSL_set_ssl_method(ret, s->method))
+ goto err;
if (s->cert != NULL) {
ssl_cert_free(ret->cert);
goto err;
}
+ ssl_dane_dup(ret, s);
+ ret->version = s->version;
ret->options = s->options;
ret->mode = s->mode;
SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
} else
ret->wbio = ret->rbio;
}
- ret->rwstate = s->rwstate;
- ret->handshake_func = s->handshake_func;
+
ret->server = s->server;
- ret->renegotiate = s->renegotiate;
- ret->new_session = s->new_session;
- ret->quiet_shutdown = s->quiet_shutdown;
+ if (s->handshake_func) {
+ if (s->server)
+ SSL_set_accept_state(ret);
+ else
+ SSL_set_connect_state(ret);
+ }
ret->shutdown = s->shutdown;
- ret->statem = s->statem; /* SSL_dup does not really work at any state,
- * though */
- RECORD_LAYER_dup(&ret->rlayer, &s->rlayer);
- ret->init_num = 0; /* would have to copy ret->init_buf,
- * ret->init_msg, ret->init_num,
- * ret->init_off */
ret->hit = s->hit;
ret->default_passwd_callback = s->default_passwd_callback;
return outlen;
}
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
- new_func, dup_func, free_func);
-}
-
int SSL_set_ex_data(SSL *s, int idx, void *arg)
{
return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
return (CRYPTO_get_ex_data(&s->ex_data, idx));
}
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
-{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
- new_func, dup_func, free_func);
-}
-
int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
{
return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
return (s->rwstate);
}
-/**
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl,
- int is_export,
- int keylength))
-{
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
-}
-
-void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl,
- int is_export,
- int keylength))
-{
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
-}
-#endif
-
-#ifdef DOXYGEN
-/**
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl, int is_export, int keylength)
-{
-}
-#endif
-
/**
* \brief Set the callback for generating temporary DH keys.
* \param ctx the SSL context.
}
#endif
-#ifndef OPENSSL_NO_EC
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
- EC_KEY *(*ecdh) (SSL *ssl, int is_export,
- int keylength))
-{
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
- (void (*)(void))ecdh);
-}
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
- EC_KEY *(*ecdh) (SSL *ssl, int is_export,
- int keylength))
-{
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh);
-}
-#endif
-
#ifndef OPENSSL_NO_PSK
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
}
OPENSSL_free(ctx->cert->psk_identity_hint);
if (identity_hint != NULL) {
- ctx->cert->psk_identity_hint = BUF_strdup(identity_hint);
+ ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
if (ctx->cert->psk_identity_hint == NULL)
return 0;
} else
}
OPENSSL_free(s->cert->psk_identity_hint);
if (identity_hint != NULL) {
- s->cert->psk_identity_hint = BUF_strdup(identity_hint);
+ s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
if (s->cert->psk_identity_hint == NULL)
return 0;
} else
EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
{
ssl_clear_hash_ctx(hash);
- *hash = EVP_MD_CTX_create();
+ *hash = EVP_MD_CTX_new();
if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
- EVP_MD_CTX_destroy(*hash);
+ EVP_MD_CTX_free(*hash);
*hash = NULL;
return NULL;
}
{
if (*hash)
- EVP_MD_CTX_destroy(*hash);
+ EVP_MD_CTX_free(*hash);
*hash = NULL;
}
/* Retrieve handshake hashes */
int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
{
- unsigned char *p = out;
- int idx, ret = 0;
- long mask;
- EVP_MD_CTX ctx;
- const EVP_MD *md;
- EVP_MD_CTX_init(&ctx);
- for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
- if (mask & ssl_get_algorithm2(s)) {
- int hashsize = EVP_MD_size(md);
- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
- if (!hdgst || hashsize < 0 || hashsize > outlen)
- goto err;
- if (!EVP_MD_CTX_copy_ex(&ctx, hdgst))
- goto err;
- if (!EVP_DigestFinal_ex(&ctx, p, NULL))
- goto err;
- p += hashsize;
- outlen -= hashsize;
- }
+ EVP_MD_CTX *ctx = NULL;
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
+ int ret = EVP_MD_CTX_size(hdgst);
+ if (ret < 0 || ret > outlen) {
+ ret = 0;
+ goto err;
+ }
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ ret = 0;
+ goto err;
}
- ret = p - out;
+ if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
+ || EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
+ ret = 0;
err:
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_free(ctx);
return ret;
}