/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
return buf;
}
-/** return a servername extension value if provided in Client Hello, or NULL.
- * So far, only host_name types are defined (RFC 3546).
+/**
+ * Return the requested servername (SNI) value. Note that the behaviour varies
+ * depending on:
+ * - whether this is called by the client or the server,
+ * - if we are before or during/after the handshake,
+ * - if a resumption or normal handshake is being attempted/has occurred
+ * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
+ *
+ * Note that only the host_name type is defined (RFC 3546).
*/
-
const char *SSL_get_servername(const SSL *s, const int type)
{
+ /*
+ * If we don't know if we are the client or the server yet then we assume
+ * client.
+ */
+ int server = s->handshake_func == NULL ? 0 : s->server;
if (type != TLSEXT_NAMETYPE_host_name)
return NULL;
- /*
- * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an
- * SNI value to return if we are resuming/resumed. N.B. that we still
- * call the relevant callbacks for such resumption flows, and callbacks
- * might error out if there is not a SNI value available.
- */
- if (s->hit)
- return s->session->ext.hostname;
+ if (server) {
+ /**
+ * Server side
+ * In TLSv1.3 on the server SNI is not associated with the session
+ * but in TLSv1.2 or below it is.
+ *
+ * Before the handshake:
+ * - return NULL
+ *
+ * During/after the handshake (TLSv1.2 or below resumption occurred):
+ * - If a servername was accepted by the server in the original
+ * handshake then it will return that servername, or NULL otherwise.
+ *
+ * During/after the handshake (TLSv1.2 or below resumption did not occur):
+ * - The function will return the servername requested by the client in
+ * this handshake or NULL if none was requested.
+ */
+ if (s->hit && !SSL_IS_TLS13(s))
+ return s->session->ext.hostname;
+ } else {
+ /**
+ * Client side
+ *
+ * Before the handshake:
+ * - If a servername has been set via a call to
+ * SSL_set_tlsext_host_name() then it will return that servername
+ * - If one has not been set, but a TLSv1.2 resumption is being
+ * attempted and the session from the original handshake had a
+ * servername accepted by the server then it will return that
+ * servername
+ * - Otherwise it returns NULL
+ *
+ * During/after the handshake (TLSv1.2 or below resumption occurred):
+ * - If the session from the orignal handshake had a servername accepted
+ * by the server then it will return that servername.
+ * - Otherwise it returns the servername set via
+ * SSL_set_tlsext_host_name() (or NULL if it was not called).
+ *
+ * During/after the handshake (TLSv1.2 or below resumption did not occur):
+ * - It will return the servername set via SSL_set_tlsext_host_name()
+ * (or NULL if it was not called).
+ */
+ if (SSL_in_before(s)) {
+ if (s->ext.hostname == NULL
+ && s->session != NULL
+ && s->session->ssl_version != TLS1_3_VERSION)
+ return s->session->ext.hostname;
+ } else {
+ if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
+ return s->session->ext.hostname;
+ }
+ }
+
return s->ext.hostname;
}
int SSL_get_servername_type(const SSL *s)
{
- if (s->session
- && (!s->ext.hostname ? s->session->
- ext.hostname : s->ext.hostname))
+ if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
return TLSEXT_NAMETYPE_host_name;
return -1;
}
if (ret->cert_store == NULL)
goto err;
#ifndef OPENSSL_NO_CT
- ret->ctlog_store = CTLOG_STORE_new();
+ ret->ctlog_store = CTLOG_STORE_new_with_libctx(libctx, propq);
if (ret->ctlog_store == NULL)
goto err;
#endif
+ /* initialize cipher/digest methods table */
+ if (!ssl_load_ciphers(ret))
+ goto err2;
+
if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
goto err;
if (ret->param == NULL)
goto err;
- if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
- SSLerr(0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
- SSLerr(0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
- goto err2;
- }
+ /*
+ * If these aren't available from the provider we'll get NULL returns.
+ * That's fine but will cause errors later if SSLv3 is negotiated
+ */
+ ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
+ ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
goto err;
OPENSSL_free(a->ext.alpn);
OPENSSL_secure_free(a->ext.secure);
+ ssl_evp_md_free(a->md5);
+ ssl_evp_md_free(a->sha1);
+
+ for (i = 0; i < SSL_ENC_NUM_IDX; i++)
+ ssl_evp_cipher_free(a->ssl_cipher_methods[i]);
+ for (i = 0; i < SSL_MD_NUM_IDX; i++)
+ ssl_evp_md_free(a->ssl_digest_methods[i]);
+
CRYPTO_THREAD_lock_free(a->lock);
OPENSSL_free(a->propq);
}
}
- ctx = CT_POLICY_EVAL_CTX_new();
+ ctx = CT_POLICY_EVAL_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
ERR_R_MALLOC_FAILURE);
s->allow_early_data_cb = cb;
s->allow_early_data_cb_data = arg;
}
+
+const EVP_CIPHER *ssl_evp_cipher_fetch(OPENSSL_CTX *libctx,
+ int nid,
+ const char *properties)
+{
+ EVP_CIPHER *ciph;
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *eng;
+
+ /*
+ * If there is an Engine available for this cipher we use the "implicit"
+ * form to ensure we use that engine later.
+ */
+ eng = ENGINE_get_cipher_engine(nid);
+ if (eng != NULL) {
+ ENGINE_finish(eng);
+ return EVP_get_cipherbynid(nid);
+ }
+#endif
+
+ /* Otherwise we do an explicit fetch. This may fail and that could be ok */
+ ERR_set_mark();
+ ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
+ ERR_pop_to_mark();
+ return ciph;
+}
+
+
+int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
+{
+ /* Don't up-ref an implicit EVP_CIPHER */
+ if (EVP_CIPHER_provider(cipher) == NULL)
+ return 1;
+
+ /*
+ * The cipher was explicitly fetched and therefore it is safe to cast
+ * away the const
+ */
+ return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
+}
+
+void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
+{
+ if (cipher == NULL)
+ return;
+
+ if (EVP_CIPHER_provider(cipher) != NULL) {
+ /*
+ * The cipher was explicitly fetched and therefore it is safe to cast
+ * away the const
+ */
+ EVP_CIPHER_free((EVP_CIPHER *)cipher);
+ }
+}
+
+const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx,
+ int nid,
+ const char *properties)
+{
+ EVP_MD *md;
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *eng;
+
+ /*
+ * If there is an Engine available for this digest we use the "implicit"
+ * form to ensure we use that engine later.
+ */
+ eng = ENGINE_get_digest_engine(nid);
+ if (eng != NULL) {
+ ENGINE_finish(eng);
+ return EVP_get_digestbynid(nid);
+ }
+#endif
+
+ /* Otherwise we do an explicit fetch */
+ ERR_set_mark();
+ md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
+ ERR_pop_to_mark();
+ return md;
+}
+
+int ssl_evp_md_up_ref(const EVP_MD *md)
+{
+ /* Don't up-ref an implicit EVP_MD */
+ if (EVP_MD_provider(md) == NULL)
+ return 1;
+
+ /*
+ * The digest was explicitly fetched and therefore it is safe to cast
+ * away the const
+ */
+ return EVP_MD_up_ref((EVP_MD *)md);
+}
+
+void ssl_evp_md_free(const EVP_MD *md)
+{
+ if (md == NULL)
+ return;
+
+ if (EVP_MD_provider(md) != NULL) {
+ /*
+ * The digest was explicitly fetched and therefore it is safe to cast
+ * away the const
+ */
+ EVP_MD_free((EVP_MD *)md);
+ }
+}