/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/objects.h>
-#include <openssl/lhash.h>
#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/ocsp.h>
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
+#include "internal/cryptlib.h"
+#include "internal/rand.h"
+#include "internal/refcount.h"
const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
if (!DANETLS_ENABLED(&from->dane))
return 1;
+ num = sk_danetls_record_num(from->dane.trecs);
dane_final(&to->dane);
to->dane.flags = from->dane.flags;
to->dane.dctx = &to->ctx->dane;
SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
return 0;
}
+ if (!sk_danetls_record_reserve(to->dane.trecs, num))
+ return 0;
- num = sk_danetls_record_num(from->dane.trecs);
for (i = 0; i < num; ++i) {
danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
if (min_version == DTLS1_VERSION)
min_version = DTLS1_2_VERSION;
#endif
- /* Done massaging versions; do the check. */
- if (0
+ /* Done massaging versions; do the check. */
+ if (0
#ifdef OPENSSL_NO_DTLS1
|| (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
&& DTLS_VERSION_GE(DTLS1_VERSION, max_version))
return 0;
} else {
/* Regular TLS version checks. */
- if (min_version == 0)
- min_version = SSL3_VERSION;
- if (max_version == 0)
- max_version = TLS1_3_VERSION;
+ if (min_version == 0)
+ min_version = SSL3_VERSION;
+ if (max_version == 0)
+ max_version = TLS1_3_VERSION;
#ifdef OPENSSL_NO_TLS1_3
- if (max_version == TLS1_3_VERSION)
- max_version = TLS1_2_VERSION;
+ if (max_version == TLS1_3_VERSION)
+ max_version = TLS1_2_VERSION;
#endif
#ifdef OPENSSL_NO_TLS1_2
- if (max_version == TLS1_2_VERSION)
- max_version = TLS1_1_VERSION;
+ if (max_version == TLS1_2_VERSION)
+ max_version = TLS1_1_VERSION;
#endif
#ifdef OPENSSL_NO_TLS1_1
- if (max_version == TLS1_1_VERSION)
- max_version = TLS1_VERSION;
+ if (max_version == TLS1_1_VERSION)
+ max_version = TLS1_VERSION;
#endif
#ifdef OPENSSL_NO_TLS1
- if (max_version == TLS1_VERSION)
- max_version = SSL3_VERSION;
+ if (max_version == TLS1_VERSION)
+ max_version = SSL3_VERSION;
#endif
#ifdef OPENSSL_NO_SSL3
- if (min_version == SSL3_VERSION)
- min_version = TLS1_VERSION;
+ if (min_version == SSL3_VERSION)
+ min_version = TLS1_VERSION;
#endif
#ifdef OPENSSL_NO_TLS1
- if (min_version == TLS1_VERSION)
- min_version = TLS1_1_VERSION;
+ if (min_version == TLS1_VERSION)
+ min_version = TLS1_1_VERSION;
#endif
#ifdef OPENSSL_NO_TLS1_1
- if (min_version == TLS1_1_VERSION)
- min_version = TLS1_2_VERSION;
+ if (min_version == TLS1_1_VERSION)
+ min_version = TLS1_2_VERSION;
#endif
#ifdef OPENSSL_NO_TLS1_2
- if (min_version == TLS1_2_VERSION)
- min_version = TLS1_3_VERSION;
+ if (min_version == TLS1_2_VERSION)
+ min_version = TLS1_3_VERSION;
#endif
- /* Done massaging versions; do the check. */
- if (0
+ /* Done massaging versions; do the check. */
+ if (0
#ifdef OPENSSL_NO_SSL3
|| (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
#endif
}
SSL_SESSION_free(s->psksession);
s->psksession = NULL;
+ OPENSSL_free(s->psksession_id);
+ s->psksession_id = NULL;
+ s->psksession_id_len = 0;
s->error = 0;
s->hit = 0;
/*
* Check to see if we were changed into a different method, if so, revert
- * back. We always do this in TLSv1.3. Below that we only do it if we are
- * not doing session-id reuse.
+ * back.
*/
- if (s->method != s->ctx->method
- && (SSL_IS_TLS13(s)
- || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+ if (s->method != s->ctx->method) {
s->method->ssl_free(s);
s->method = s->ctx->method;
if (!s->method->ssl_new(s))
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return (0);
}
- return (1);
+ return 1;
}
SSL *SSL_new(SSL_CTX *ctx)
goto err;
s->lock = CRYPTO_THREAD_lock_new();
- if (s->lock == NULL) {
- SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(s);
- return NULL;
+ if (s->lock == NULL)
+ goto err;
+
+ /*
+ * If not using the standard RAND (say for fuzzing), then don't use a
+ * chained DRBG.
+ */
+ if (RAND_get_rand_method() == RAND_OpenSSL()) {
+ s->drbg = RAND_DRBG_new(NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF,
+ RAND_DRBG_get0_global());
+ if (s->drbg == NULL
+ || RAND_DRBG_instantiate(s->drbg, NULL, 0) == 0) {
+ CRYPTO_THREAD_lock_free(s->lock);
+ goto err;
+ }
}
RECORD_LAYER_init(&s->rlayer, s);
if (ctx->ext.supportedgroups) {
s->ext.supportedgroups =
OPENSSL_memdup(ctx->ext.supportedgroups,
- ctx->ext.supportedgroups_len);
+ ctx->ext.supportedgroups_len
+ * sizeof(*ctx->ext.supportedgroups));
if (!s->ext.supportedgroups)
goto err;
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
SSL_SESSION_free(s->session);
}
SSL_SESSION_free(s->psksession);
+ OPENSSL_free(s->psksession_id);
clear_ciphers(s);
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
#endif
+ RAND_DRBG_free(s->drbg);
CRYPTO_THREAD_lock_free(s->lock);
OPENSSL_free(s);
case SSL_EARLY_DATA_NONE:
if (s->server
|| !SSL_in_before(s)
- || s->session == NULL
- || s->session->ext.max_early_data == 0) {
+ || ((s->session == NULL || s->session->ext.max_early_data == 0)
+ && (s->psk_use_session_cb == NULL))) {
SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
return ssl_check_allowed_versions(larg, s->max_proto_version)
&& ssl_set_version_bound(s->ctx->method->version, (int)larg,
&s->min_proto_version);
+ case SSL_CTRL_GET_MIN_PROTO_VERSION:
+ return s->min_proto_version;
case SSL_CTRL_SET_MAX_PROTO_VERSION:
return ssl_check_allowed_versions(s->min_proto_version, larg)
&& ssl_set_version_bound(s->ctx->method->version, (int)larg,
&s->max_proto_version);
+ case SSL_CTRL_GET_MAX_PROTO_VERSION:
+ return s->max_proto_version;
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
return ssl_check_allowed_versions(larg, ctx->max_proto_version)
&& ssl_set_version_bound(ctx->method->version, (int)larg,
&ctx->min_proto_version);
+ case SSL_CTRL_GET_MIN_PROTO_VERSION:
+ return ctx->min_proto_version;
case SSL_CTRL_SET_MAX_PROTO_VERSION:
return ssl_check_allowed_versions(ctx->min_proto_version, larg)
&& ssl_set_version_bound(ctx->method->version, (int)larg,
&ctx->max_proto_version);
+ case SSL_CTRL_GET_MAX_PROTO_VERSION:
+ return ctx->max_proto_version;
default:
return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
}
*p = '\0';
return buf;
}
- memcpy(p, c->name, n + 1);
+ strcpy(p, c->name);
p += n;
*(p++) = ':';
len -= n + 1;
static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
{
if (a->ssl_version != b->ssl_version)
- return (1);
+ return 1;
if (a->session_id_length != b->session_id_length)
- return (1);
+ return 1;
return (memcmp(a->session_id, b->session_id, a->session_id_length));
}
if (dh_tmp)
mask_k |= SSL_kDHE;
- if (rsa_enc || rsa_sign) {
+ /*
+ * If we only have an RSA-PSS certificate allow RSA authentication
+ * if TLS 1.2 and peer supports it.
+ */
+
+ if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
+ && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
+ && TLS1_get_version(s) == TLS1_2_VERSION))
mask_a |= SSL_aRSA;
- }
if (dsa_sign) {
mask_a |= SSL_aDSS;
return;
i = s->session_ctx->session_cache_mode;
- if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+ if ((i & mode) != 0
+ && (!s->hit || SSL_IS_TLS13(s))
+ && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0
|| SSL_CTX_add_session(s->session_ctx, s->session))
- && (s->session_ctx->new_session_cb != NULL)) {
+ && s->session_ctx->new_session_cb != NULL) {
SSL_SESSION_up_ref(s->session);
if (!s->session_ctx->new_session_cb(s, s->session))
SSL_SESSION_free(s->session);
return SSL_ERROR_WANT_ASYNC;
if (SSL_want_async_job(s))
return SSL_ERROR_WANT_ASYNC_JOB;
- if (SSL_want_early(s))
- return SSL_ERROR_WANT_EARLY;
+ if (SSL_want_client_hello_cb(s))
+ return SSL_ERROR_WANT_CLIENT_HELLO_CB;
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
s->method->ssl_renegotiate_check(s, 0);
+ if (SSL_is_server(s)) {
+ /* clear SNI settings at server-side */
+ OPENSSL_free(s->ext.hostname);
+ s->ext.hostname = NULL;
+ }
+
if (SSL_in_init(s) || SSL_in_before(s)) {
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
return (NULL);
}
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
+{
+ return s->s3->tmp.new_cipher;
+}
+
const COMP_METHOD *SSL_get_current_compression(SSL *s)
{
#ifndef OPENSSL_NO_COMP
#endif /* OPENSSL_NO_CT */
-void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg)
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+ void *arg)
{
- c->early_cb = cb;
- c->early_cb_arg = arg;
+ c->client_hello_cb = cb;
+ c->client_hello_cb_arg = arg;
}
-int SSL_early_isv2(SSL *s)
+int SSL_client_hello_isv2(SSL *s)
{
if (s->clienthello == NULL)
return 0;
return s->clienthello->isv2;
}
-unsigned int SSL_early_get0_legacy_version(SSL *s)
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
{
if (s->clienthello == NULL)
return 0;
return s->clienthello->legacy_version;
}
-size_t SSL_early_get0_random(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
{
if (s->clienthello == NULL)
return 0;
return SSL3_RANDOM_SIZE;
}
-size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
{
if (s->clienthello == NULL)
return 0;
return s->clienthello->session_id_len;
}
-size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
{
if (s->clienthello == NULL)
return 0;
return PACKET_remaining(&s->clienthello->ciphersuites);
}
-size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
{
if (s->clienthello == NULL)
return 0;
return s->clienthello->compressions_len;
}
-int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
{
RAW_EXTENSION *ext;
int *present;
return 0;
}
-int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
size_t *outlen)
{
size_t i;
return 0;
}
+int SSL_free_buffers(SSL *ssl)
+{
+ RECORD_LAYER *rl = &ssl->rlayer;
+
+ if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+ return 0;
+
+ RECORD_LAYER_release(rl);
+ return 1;
+}
+
+int SSL_alloc_buffers(SSL *ssl)
+{
+ return ssl3_setup_buffers(ssl);
+}
+
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
{
ctx->keylog_callback = cb;
{
return s->max_early_data;
}
+
+int ssl_randbytes(SSL *s, unsigned char *rnd, size_t size)
+{
+ if (s->drbg != NULL)
+ return RAND_DRBG_generate(s->drbg, rnd, size, 0, NULL, 0);
+ return RAND_bytes(rnd, (int)size);
+}