diff options
Diffstat (limited to 'src/ssl/internal.h')
| -rw-r--r-- | src/ssl/internal.h | 436 |
1 files changed, 223 insertions, 213 deletions
diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 520131e..5acb598 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -155,7 +155,7 @@ #include <winsock2.h> #pragma warning(pop) #else -#include <sys/types.h> +#include <sys/time.h> #endif @@ -183,6 +183,7 @@ #define SSL_AES256GCM 0x00000020L #define SSL_CHACHA20POLY1305_OLD 0x00000040L #define SSL_eNULL 0x00000080L +#define SSL_CHACHA20POLY1305 0x00000100L #define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) @@ -194,15 +195,6 @@ /* SSL_AEAD is set for all AEADs. */ #define SSL_AEAD 0x00000010L -/* Bits for |algorithm_ssl| (protocol version). These denote the first protocol - * version which introduced the cipher. - * - * TODO(davidben): These are extremely confusing, both in code and in - * cipher rules. Try to remove them. */ -#define SSL_SSLV3 0x00000002L -#define SSL_TLSV1 SSL_SSLV3 -#define SSL_TLSV1_2 0x00000004L - /* Bits for |algorithm_prf| (handshake digest). */ #define SSL_HANDSHAKE_MAC_DEFAULT 0x1 #define SSL_HANDSHAKE_MAC_SHA256 0x2 @@ -212,11 +204,6 @@ * one, update the table in ssl_cipher.c. */ #define SSL_MAX_DIGEST 4 -/* Bits for |algo_strength|, cipher strength information. */ -#define SSL_MEDIUM 0x00000001L -#define SSL_HIGH 0x00000002L -#define SSL_FIPS 0x00000004L - /* ssl_cipher_get_evp_aead sets |*out_aead| to point to the correct EVP_AEAD * object for |cipher| protocol version |version|. It sets |*out_mac_secret_len| * and |*out_fixed_iv_len| to the MAC key length and fixed IV length, @@ -280,7 +267,7 @@ struct ssl_aead_ctx_st { EVP_AEAD_CTX ctx; /* fixed_nonce contains any bytes of the nonce that are fixed for all * records. */ - uint8_t fixed_nonce[8]; + uint8_t fixed_nonce[12]; uint8_t fixed_nonce_len, variable_nonce_len; /* variable_nonce_included_in_record is non-zero if the variable nonce * for a record is included as a prefix before the ciphertext. */ @@ -295,6 +282,9 @@ struct ssl_aead_ctx_st { /* omit_version_in_ad is non-zero if the version should be omitted * in the AEAD's ad parameter. */ char omit_version_in_ad; + /* xor_fixed_nonce is non-zero if the fixed nonce should be XOR'd into the + * variable nonce rather than prepended. */ + char xor_fixed_nonce; } /* SSL_AEAD_CTX */; /* SSL_AEAD_CTX_new creates a newly-allocated |SSL_AEAD_CTX| using the supplied @@ -517,13 +507,69 @@ int ssl3_init_handshake_hash(SSL *ssl); void ssl3_free_handshake_buffer(SSL *ssl); /* ssl3_free_handshake_hash releases the handshake hash. */ -void ssl3_free_handshake_hash(SSL *s); +void ssl3_free_handshake_hash(SSL *ssl); /* ssl3_update_handshake_hash adds |in| to the handshake buffer and handshake * hash, whichever is enabled. It returns one on success and zero on failure. */ int ssl3_update_handshake_hash(SSL *ssl, const uint8_t *in, size_t in_len); +/* ECDH curves. */ + +#define SSL_CURVE_SECP256R1 23 +#define SSL_CURVE_SECP384R1 24 +#define SSL_CURVE_SECP521R1 25 +#define SSL_CURVE_ECDH_X25519 29 + +/* An SSL_ECDH_METHOD is an implementation of ECDH-like key exchanges for + * TLS. */ +struct ssl_ecdh_method_st { + int nid; + uint16_t curve_id; + const char name[8]; + + /* cleanup releases state in |ctx|. */ + void (*cleanup)(SSL_ECDH_CTX *ctx); + + /* generate_keypair generates a keypair and writes the public value to + * |out_public_key|. It returns one on success and zero on error. */ + int (*generate_keypair)(SSL_ECDH_CTX *ctx, CBB *out_public_key); + + /* compute_secret performs a key exchange against |peer_key| and, on + * success, returns one and sets |*out_secret| and |*out_secret_len| to + * a newly-allocated buffer containing the shared secret. The caller must + * release this buffer with |OPENSSL_free|. Otherwise, it returns zero and + * sets |*out_alert| to an alert to send to the peer. */ + int (*compute_secret)(SSL_ECDH_CTX *ctx, uint8_t **out_secret, + size_t *out_secret_len, uint8_t *out_alert, + const uint8_t *peer_key, size_t peer_key_len); +} /* SSL_ECDH_METHOD */; + +/* ssl_nid_to_curve_id looks up the curve corresponding to |nid|. On success, it + * sets |*out_curve_id| to the curve ID and returns one. Otherwise, it returns + * zero. */ +int ssl_nid_to_curve_id(uint16_t *out_curve_id, int nid); + +/* SSL_ECDH_CTX_init sets up |ctx| for use with curve |curve_id|. It returns one + * on success and zero on error. */ +int SSL_ECDH_CTX_init(SSL_ECDH_CTX *ctx, uint16_t curve_id); + +/* SSL_ECDH_CTX_init_for_dhe sets up |ctx| for use with legacy DHE-based ciphers + * where the server specifies a group. It takes ownership of |params|. */ +void SSL_ECDH_CTX_init_for_dhe(SSL_ECDH_CTX *ctx, DH *params); + +/* SSL_ECDH_CTX_cleanup releases memory associated with |ctx|. It is legal to + * call it in the zero state. */ +void SSL_ECDH_CTX_cleanup(SSL_ECDH_CTX *ctx); + +/* The following functions call the corresponding method of + * |SSL_ECDH_METHOD|. */ +int SSL_ECDH_CTX_generate_keypair(SSL_ECDH_CTX *ctx, CBB *out_public_key); +int SSL_ECDH_CTX_compute_secret(SSL_ECDH_CTX *ctx, uint8_t **out_secret, + size_t *out_secret_len, uint8_t *out_alert, + const uint8_t *peer_key, size_t peer_key_len); + + /* Transport buffers. */ /* ssl_read_buffer returns a pointer to contents of the read buffer. */ @@ -688,24 +734,15 @@ void ssl_write_buffer_clear(SSL *ssl); #define TLSEXT_CHANNEL_ID_SIZE 128 /* Check if an SSL structure is using DTLS */ -#define SSL_IS_DTLS(s) (s->method->is_dtls) +#define SSL_IS_DTLS(ssl) (ssl->method->is_dtls) /* See if we need explicit IV */ -#define SSL_USE_EXPLICIT_IV(s) \ - (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) +#define SSL_USE_EXPLICIT_IV(ssl) \ + (ssl->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) /* See if we use signature algorithms extension and signature algorithm before * signatures. */ -#define SSL_USE_SIGALGS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS) - -/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) - * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) - * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN - * SSL_aRSA <- RSA_ENC | RSA_SIGN - * SSL_aDSS <- DSA_SIGN */ +#define SSL_USE_SIGALGS(ssl) (ssl->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS) /* From RFC4492, used in encoding the curve type in ECParameters */ -#define EXPLICIT_PRIME_CURVE_TYPE 1 -#define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 enum ssl_hash_message_t { @@ -740,14 +777,6 @@ typedef struct cert_st { DH *dh_tmp; DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); - /* ecdh_nid, if not |NID_undef|, is the NID of the curve to use for ephemeral - * ECDH keys. If unset, |ecdh_tmp_cb| is consulted. */ - int ecdh_nid; - /* ecdh_tmp_cb is a callback for selecting the curve to use for ephemeral ECDH - * keys. If NULL, a curve is selected automatically. See - * |SSL_CTX_set_tmp_ecdh_callback|. */ - EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize); - /* peer_sigalgs are the algorithm/hash pairs that the peer supports. These * are taken from the contents of signature algorithms extension for a server * or from the CertificateRequest for a client. */ @@ -785,26 +814,27 @@ struct ssl_method_st { struct ssl_protocol_method_st { /* is_dtls is one if the protocol is DTLS and zero otherwise. */ char is_dtls; - int (*ssl_new)(SSL *s); - void (*ssl_free)(SSL *s); - int (*ssl_accept)(SSL *s); - int (*ssl_connect)(SSL *s); - long (*ssl_get_message)(SSL *s, int header_state, int body_state, + int (*ssl_new)(SSL *ssl); + void (*ssl_free)(SSL *ssl); + int (*ssl_accept)(SSL *ssl); + int (*ssl_connect)(SSL *ssl); + long (*ssl_get_message)(SSL *ssl, int header_state, int body_state, int msg_type, long max, enum ssl_hash_message_t hash_message, int *ok); - int (*ssl_read_app_data)(SSL *s, uint8_t *buf, int len, int peek); - void (*ssl_read_close_notify)(SSL *s); - int (*ssl_write_app_data)(SSL *s, const void *buf_, int len); - int (*ssl_dispatch_alert)(SSL *s); + int (*ssl_read_app_data)(SSL *ssl, uint8_t *buf, int len, int peek); + int (*ssl_read_change_cipher_spec)(SSL *ssl); + void (*ssl_read_close_notify)(SSL *ssl); + int (*ssl_write_app_data)(SSL *ssl, const void *buf_, int len); + int (*ssl_dispatch_alert)(SSL *ssl); /* supports_cipher returns one if |cipher| is supported by this protocol and * zero otherwise. */ int (*supports_cipher)(const SSL_CIPHER *cipher); /* Handshake header length */ unsigned int hhlen; /* Set the handshake header */ - int (*set_handshake_header)(SSL *s, int type, unsigned long len); + int (*set_handshake_header)(SSL *ssl, int type, unsigned long len); /* Write out handshake message */ - int (*do_write)(SSL *s); + int (*do_write)(SSL *ssl); }; /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit @@ -828,12 +858,12 @@ struct ssl3_enc_method { unsigned int enc_flags; }; -#define SSL_HM_HEADER_LENGTH(s) s->method->hhlen -#define ssl_handshake_start(s) \ - (((uint8_t *)s->init_buf->data) + s->method->hhlen) -#define ssl_set_handshake_header(s, htype, len) \ - s->method->set_handshake_header(s, htype, len) -#define ssl_do_write(s) s->method->do_write(s) +#define SSL_HM_HEADER_LENGTH(ssl) ssl->method->hhlen +#define ssl_handshake_start(ssl) \ + (((uint8_t *)ssl->init_buf->data) + ssl->method->hhlen) +#define ssl_set_handshake_header(ssl, htype, len) \ + ssl->method->set_handshake_header(ssl, htype, len) +#define ssl_do_write(ssl) ssl->method->do_write(ssl) /* Values for enc_flags */ @@ -933,8 +963,6 @@ typedef struct dtls1_state_st { /* Timeout duration */ unsigned short timeout_duration; - - unsigned int change_cipher_spec_ok; } DTLS1_STATE; extern const SSL3_ENC_METHOD TLSv1_enc_data; @@ -943,8 +971,8 @@ extern const SSL3_ENC_METHOD TLSv1_2_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SRTP_PROTECTION_PROFILE kSRTPProfiles[]; -void ssl_clear_cipher_ctx(SSL *s); -int ssl_clear_bad_session(SSL *s); +void ssl_clear_cipher_ctx(SSL *ssl); +int ssl_clear_bad_session(SSL *ssl); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); @@ -967,14 +995,10 @@ enum ssl_session_result_t ssl_get_prev_session( SSL *ssl, SSL_SESSION **out_session, int *out_send_ticket, const struct ssl_early_callback_ctx *ctx); -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs); -struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup( - struct ssl_cipher_preference_list_st *cipher_list); +STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs); void ssl_cipher_preference_list_free( struct ssl_cipher_preference_list_st *cipher_list); -struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers( - STACK_OF(SSL_CIPHER) *ciphers); -struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s); +struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl); int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain); int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain); @@ -984,42 +1008,42 @@ void ssl_cert_set_cert_cb(CERT *cert, int (*cb)(SSL *ssl, void *arg), void *arg); int ssl_verify_cert_chain(SSL *ssl, STACK_OF(X509) *cert_chain); -int ssl_add_cert_chain(SSL *s, unsigned long *l); +int ssl_add_cert_chain(SSL *ssl, unsigned long *l); void ssl_update_cache(SSL *ssl, int mode); /* ssl_get_compatible_server_ciphers determines the key exchange and * authentication cipher suite masks compatible with the server configuration - * and current ClientHello parameters of |s|. It sets |*out_mask_k| to the key + * and current ClientHello parameters of |ssl|. It sets |*out_mask_k| to the key * exchange mask and |*out_mask_a| to the authentication mask. */ -void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k, +void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k, uint32_t *out_mask_a); -STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); +STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *ssl); int ssl_verify_alarm_type(long type); /* ssl_fill_hello_random fills a client_random or server_random field of length * |len|. It returns one on success and zero on failure. */ int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server); -int ssl3_send_server_certificate(SSL *s); -int ssl3_send_new_session_ticket(SSL *s); -int ssl3_send_certificate_status(SSL *s); -int ssl3_get_finished(SSL *s, int state_a, int state_b); -int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); -int ssl3_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, +int ssl3_send_server_certificate(SSL *ssl); +int ssl3_send_new_session_ticket(SSL *ssl); +int ssl3_send_certificate_status(SSL *ssl); +int ssl3_get_finished(SSL *ssl, int state_a, int state_b); +int ssl3_send_change_cipher_spec(SSL *ssl, int state_a, int state_b); +int ssl3_prf(SSL *ssl, uint8_t *out, size_t out_len, const uint8_t *secret, size_t secret_len, const char *label, size_t label_len, const uint8_t *seed1, size_t seed1_len, const uint8_t *seed2, size_t seed2_len); -void ssl3_cleanup_key_block(SSL *s); -int ssl3_do_write(SSL *s, int type); -int ssl3_send_alert(SSL *s, int level, int desc); -int ssl3_get_req_cert_type(SSL *s, uint8_t *p); -long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, +void ssl3_cleanup_key_block(SSL *ssl); +int ssl3_do_write(SSL *ssl, int type); +int ssl3_send_alert(SSL *ssl, int level, int desc); +int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p); +long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type, long max, enum ssl_hash_message_t hash_message, int *ok); /* ssl3_hash_current_message incorporates the current handshake message into the * handshake hash. It returns one on success and zero on allocation failure. */ -int ssl3_hash_current_message(SSL *s); +int ssl3_hash_current_message(SSL *ssl); /* ssl3_cert_verify_hash writes the CertificateVerify hash into the bytes * pointed to by |out| and writes the number of bytes to |*out_len|. |out| must @@ -1027,29 +1051,29 @@ int ssl3_hash_current_message(SSL *s); * for the hash function, otherwise the hash function depends on |pkey_type| * and is written to |*out_md|. It returns one on success and zero on * failure. */ -int ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len, +int ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len, const EVP_MD **out_md, int pkey_type); -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); +int ssl3_send_finished(SSL *ssl, int a, int b, const char *sender, int slen); int ssl3_supports_cipher(const SSL_CIPHER *cipher); -int ssl3_dispatch_alert(SSL *s); -int ssl3_expect_change_cipher_spec(SSL *s); +int ssl3_dispatch_alert(SSL *ssl); int ssl3_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek); +int ssl3_read_change_cipher_spec(SSL *ssl); void ssl3_read_close_notify(SSL *ssl); -int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); +int ssl3_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek); int ssl3_write_app_data(SSL *ssl, const void *buf, int len); -int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, uint8_t *p); -int ssl3_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); -int ssl3_output_cert_chain(SSL *s); +int ssl3_write_bytes(SSL *ssl, int type, const void *buf, int len); +int ssl3_final_finish_mac(SSL *ssl, const char *sender, int slen, uint8_t *p); +int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p); +int ssl3_output_cert_chain(SSL *ssl); const SSL_CIPHER *ssl3_choose_cipher( SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, struct ssl_cipher_preference_list_st *srvr); -int ssl3_new(SSL *s); -void ssl3_free(SSL *s); -int ssl3_accept(SSL *s); -int ssl3_connect(SSL *s); +int ssl3_new(SSL *ssl); +void ssl3_free(SSL *ssl); +int ssl3_accept(SSL *ssl); +int ssl3_connect(SSL *ssl); /* ssl3_record_sequence_update increments the sequence number in |seq|. It * returns one on success and zero on wraparound. */ @@ -1057,102 +1081,102 @@ int ssl3_record_sequence_update(uint8_t *seq, size_t seq_len); int ssl3_do_change_cipher_spec(SSL *ssl); -int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); -int ssl3_handshake_write(SSL *s); +int ssl3_set_handshake_header(SSL *ssl, int htype, unsigned long len); +int ssl3_handshake_write(SSL *ssl); -int dtls1_do_handshake_write(SSL *s, enum dtls1_use_epoch_t use_epoch); +int dtls1_do_handshake_write(SSL *ssl, enum dtls1_use_epoch_t use_epoch); int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek); +int dtls1_read_change_cipher_spec(SSL *ssl); void dtls1_read_close_notify(SSL *ssl); -int dtls1_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); -void dtls1_set_message_header(SSL *s, uint8_t mt, unsigned long len, +int dtls1_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek); +void dtls1_set_message_header(SSL *ssl, uint8_t mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len); -int dtls1_write_app_data(SSL *s, const void *buf, int len); -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len, +int dtls1_write_app_data(SSL *ssl, const void *buf, int len); +int dtls1_write_bytes(SSL *ssl, int type, const void *buf, int len, enum dtls1_use_epoch_t use_epoch); -int dtls1_send_change_cipher_spec(SSL *s, int a, int b); -int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); -int dtls1_read_failed(SSL *s, int code); -int dtls1_buffer_message(SSL *s); -int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_record_buffer(SSL *s); +int dtls1_send_change_cipher_spec(SSL *ssl, int a, int b); +int dtls1_send_finished(SSL *ssl, int a, int b, const char *sender, int slen); +int dtls1_read_failed(SSL *ssl, int code); +int dtls1_buffer_message(SSL *ssl); +int dtls1_retransmit_buffered_messages(SSL *ssl); +void dtls1_clear_record_buffer(SSL *ssl); void dtls1_get_message_header(uint8_t *data, struct hm_header_st *msg_hdr); -void dtls1_reset_seq_numbers(SSL *s, int rw); -int dtls1_check_timeout_num(SSL *s); -int dtls1_set_handshake_header(SSL *s, int type, unsigned long len); -int dtls1_handshake_write(SSL *s); +int dtls1_check_timeout_num(SSL *ssl); +int dtls1_set_handshake_header(SSL *ssl, int type, unsigned long len); +int dtls1_handshake_write(SSL *ssl); int dtls1_supports_cipher(const SSL_CIPHER *cipher); -void dtls1_start_timer(SSL *s); -void dtls1_stop_timer(SSL *s); -int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); +void dtls1_start_timer(SSL *ssl); +void dtls1_stop_timer(SSL *ssl); +int dtls1_is_timer_expired(SSL *ssl); +void dtls1_double_timeout(SSL *ssl); unsigned int dtls1_min_mtu(void); void dtls1_hm_fragment_free(hm_fragment *frag); /* some client-only functions */ int ssl3_send_client_hello(SSL *ssl); -int ssl3_get_server_hello(SSL *s); -int ssl3_get_certificate_request(SSL *s); -int ssl3_get_new_session_ticket(SSL *s); -int ssl3_get_cert_status(SSL *s); -int ssl3_get_server_done(SSL *s); -int ssl3_send_cert_verify(SSL *s); -int ssl3_send_client_certificate(SSL *s); -int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -int ssl3_send_client_key_exchange(SSL *s); -int ssl3_get_server_key_exchange(SSL *s); -int ssl3_get_server_certificate(SSL *s); +int ssl3_get_server_hello(SSL *ssl); +int ssl3_get_certificate_request(SSL *ssl); +int ssl3_get_new_session_ticket(SSL *ssl); +int ssl3_get_cert_status(SSL *ssl); +int ssl3_get_server_done(SSL *ssl); +int ssl3_send_cert_verify(SSL *ssl); +int ssl3_send_client_certificate(SSL *ssl); +int ssl_do_client_cert_cb(SSL *ssl, X509 **px509, EVP_PKEY **ppkey); +int ssl3_send_client_key_exchange(SSL *ssl); +int ssl3_get_server_key_exchange(SSL *ssl); +int ssl3_get_server_certificate(SSL *ssl); int ssl3_send_next_proto(SSL *ssl); int ssl3_send_channel_id(SSL *ssl); -int ssl3_verify_server_cert(SSL *s); +int ssl3_verify_server_cert(SSL *ssl); /* some server-only functions */ -int ssl3_get_initial_bytes(SSL *s); -int ssl3_get_v2_client_hello(SSL *s); -int ssl3_get_client_hello(SSL *s); +int ssl3_get_initial_bytes(SSL *ssl); +int ssl3_get_v2_client_hello(SSL *ssl); +int ssl3_get_client_hello(SSL *ssl); int ssl3_send_server_hello(SSL *ssl); -int ssl3_send_server_key_exchange(SSL *s); -int ssl3_send_certificate_request(SSL *s); -int ssl3_send_server_done(SSL *s); -int ssl3_get_client_certificate(SSL *s); -int ssl3_get_client_key_exchange(SSL *s); -int ssl3_get_cert_verify(SSL *s); -int ssl3_get_next_proto(SSL *s); -int ssl3_get_channel_id(SSL *s); - -int dtls1_new(SSL *s); -int dtls1_accept(SSL *s); -int dtls1_connect(SSL *s); -void dtls1_free(SSL *s); - -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, +int ssl3_send_server_key_exchange(SSL *ssl); +int ssl3_send_certificate_request(SSL *ssl); +int ssl3_send_server_done(SSL *ssl); +int ssl3_get_client_certificate(SSL *ssl); +int ssl3_get_client_key_exchange(SSL *ssl); +int ssl3_get_cert_verify(SSL *ssl); +int ssl3_get_next_proto(SSL *ssl); +int ssl3_get_channel_id(SSL *ssl); + +int dtls1_new(SSL *ssl); +int dtls1_accept(SSL *ssl); +int dtls1_connect(SSL *ssl); +void dtls1_free(SSL *ssl); + +long dtls1_get_message(SSL *ssl, int st1, int stn, int mt, long max, enum ssl_hash_message_t hash_message, int *ok); -int dtls1_dispatch_alert(SSL *s); +int dtls1_dispatch_alert(SSL *ssl); -int ssl_init_wbio_buffer(SSL *s, int push); -void ssl_free_wbio_buffer(SSL *s); +int ssl_init_wbio_buffer(SSL *ssl, int push); +void ssl_free_wbio_buffer(SSL *ssl); -/* tls1_prf computes the TLS PRF function for |s| as described in RFC 5246, +/* tls1_prf computes the TLS PRF function for |ssl| as described in RFC 5246, * section 5 and RFC 2246 section 5. It writes |out_len| bytes to |out|, using * |secret| as the secret and |label| as the label. |seed1| and |seed2| are * concatenated to form the seed parameter. It returns one on success and zero * on failure. */ -int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, +int tls1_prf(SSL *ssl, uint8_t *out, size_t out_len, const uint8_t *secret, size_t secret_len, const char *label, size_t label_len, const uint8_t *seed1, size_t seed1_len, const uint8_t *seed2, size_t seed2_len); -int tls1_change_cipher_state(SSL *s, int which); -int tls1_setup_key_block(SSL *s); -int tls1_handshake_digest(SSL *s, uint8_t *out, size_t out_len); -int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *p); -int tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); -int tls1_generate_master_secret(SSL *s, uint8_t *out, const uint8_t *premaster, +int tls1_change_cipher_state(SSL *ssl, int which); +int tls1_setup_key_block(SSL *ssl); +int tls1_handshake_digest(SSL *ssl, uint8_t *out, size_t out_len); +int tls1_final_finish_mac(SSL *ssl, const char *str, int slen, uint8_t *p); +int tls1_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p); +int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster, size_t premaster_len); -int tls1_export_keying_material(SSL *s, uint8_t *out, size_t out_len, +int tls1_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, const char *label, size_t label_len, const uint8_t *context, size_t context_len, int use_context); @@ -1160,24 +1184,16 @@ int tls1_alert_code(int code); int ssl3_alert_code(int code); char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx); -int tls1_ec_curve_id2nid(uint16_t curve_id); -int tls1_ec_nid2curve_id(uint16_t *out_curve_id, int nid); - -/* tls1_ec_curve_id2name returns a human-readable name for the - * curve specified by the TLS curve id in |curve_id|. If the - * curve is unknown, it returns NULL. */ -const char* tls1_ec_curve_id2name(uint16_t curve_id); -/* tls1_check_curve parses ECParameters out of |cbs|, modifying it. It - * checks the curve is one of our preferences and writes the - * NamedCurve value to |*out_curve_id|. It returns one on success and - * zero on error. */ -int tls1_check_curve(SSL *s, CBS *cbs, uint16_t *out_curve_id); +/* tls1_check_curve_id returns one if |curve_id| is consistent with both our + * and the peer's curve preferences. Note: if called as the client, only our + * preferences are checked; the peer (the server) does not send preferences. */ +int tls1_check_curve_id(SSL *ssl, uint16_t curve_id); -/* tls1_get_shared_curve returns the NID of the first preferred shared curve - * between client and server preferences. If none can be found, it returns - * NID_undef. */ -int tls1_get_shared_curve(SSL *s); +/* tls1_get_shared_curve sets |*out_curve_id| to the first preferred shared + * curve between client and server preferences and returns one. If none may be + * found, it returns zero. */ +int tls1_get_shared_curve(SSL *ssl, uint16_t *out_curve_id); /* tls1_set_curves converts the array of |ncurves| NIDs pointed to by |curves| * into a newly allocated array of TLS curve IDs. On success, the function @@ -1189,14 +1205,7 @@ int tls1_set_curves(uint16_t **out_curve_ids, size_t *out_curve_ids_len, /* tls1_check_ec_cert returns one if |x| is an ECC certificate with curve and * point format compatible with the client's preferences. Otherwise it returns * zero. */ -int tls1_check_ec_cert(SSL *s, X509 *x); - -/* tls1_check_ec_tmp_key returns one if the EC temporary key is compatible with - * client extensions and zero otherwise. */ -int tls1_check_ec_tmp_key(SSL *s); - -int tls1_shared_list(SSL *s, const uint8_t *l1, size_t l1len, const uint8_t *l2, - size_t l2len, int nmatch); +int tls1_check_ec_cert(SSL *ssl, X509 *x); /* ssl_add_clienthello_tlsext writes ClientHello extensions to |out|. It * returns one on success and zero on failure. The |header_len| argument is the @@ -1205,8 +1214,8 @@ int tls1_shared_list(SSL *s, const uint8_t *l1, size_t l1len, const uint8_t *l2, int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len); int ssl_add_serverhello_tlsext(SSL *ssl, CBB *out); -int ssl_parse_clienthello_tlsext(SSL *s, CBS *cbs); -int ssl_parse_serverhello_tlsext(SSL *s, CBS *cbs); +int ssl_parse_clienthello_tlsext(SSL *ssl, CBS *cbs); +int ssl_parse_serverhello_tlsext(SSL *ssl, CBS *cbs); #define tlsext_tick_md EVP_sha256 @@ -1220,10 +1229,11 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session, size_t ticket_len, const uint8_t *session_id, size_t session_id_len); -/* tls12_get_sigandhash assembles the SignatureAndHashAlgorithm corresponding to - * |ssl|'s private key and |md|. The two-byte value is written to |p|. It +/* tls12_add_sigandhash assembles the SignatureAndHashAlgorithm corresponding to + * |ssl|'s private key and |md|. The two-byte value is written to |out|. It * returns one on success and zero on failure. */ -int tls12_get_sigandhash(SSL *ssl, uint8_t *p, const EVP_MD *md); +int tls12_add_sigandhash(SSL *ssl, CBB *out, const EVP_MD *md); + int tls12_get_sigid(int pkey_type); const EVP_MD *tls12_get_hash(uint8_t hash_alg); @@ -1232,50 +1242,50 @@ const EVP_MD *tls12_get_hash(uint8_t hash_alg); * one on success and zero on failure. */ int tls1_channel_id_hash(SSL *ssl, uint8_t *out, size_t *out_len); -int tls1_record_handshake_hashes_for_channel_id(SSL *s); +int tls1_record_handshake_hashes_for_channel_id(SSL *ssl); -/* ssl_ctx_log_rsa_client_key_exchange logs |premaster| to |ctx|, if logging is - * enabled. It returns one on success and zero on failure. The entry is - * identified by the first 8 bytes of |encrypted_premaster|. */ -int ssl_ctx_log_rsa_client_key_exchange(SSL_CTX *ctx, - const uint8_t *encrypted_premaster, - size_t encrypted_premaster_len, - const uint8_t *premaster, - size_t premaster_len); +/* ssl_log_rsa_client_key_exchange logs |premaster|, if logging is enabled for + * |ssl|. It returns one on success and zero on failure. The entry is identified + * by the first 8 bytes of |encrypted_premaster|. */ +int ssl_log_rsa_client_key_exchange(const SSL *ssl, + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len); -/* ssl_ctx_log_master_secret logs |master| to |ctx|, if logging is enabled. It +/* ssl_log_master_secret logs |master|, if logging is enabled for |ssl|. It * returns one on success and zero on failure. The entry is identified by * |client_random|. */ -int ssl_ctx_log_master_secret(SSL_CTX *ctx, const uint8_t *client_random, - size_t client_random_len, const uint8_t *master, - size_t master_len); +int ssl_log_master_secret(const SSL *ssl, const uint8_t *client_random, + size_t client_random_len, const uint8_t *master, + size_t master_len); -/* ssl3_can_false_start returns one if |s| is allowed to False Start and zero +/* ssl3_can_false_start returns one if |ssl| is allowed to False Start and zero * otherwise. */ -int ssl3_can_false_start(const SSL *s); +int ssl3_can_false_start(const SSL *ssl); /* ssl3_get_enc_method returns the SSL3_ENC_METHOD corresponding to * |version|. */ const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version); /* ssl3_get_max_server_version returns the maximum SSL/TLS version number - * supported by |s| as a server, or zero if all versions are disabled. */ -uint16_t ssl3_get_max_server_version(const SSL *s); + * supported by |ssl| as a server, or zero if all versions are disabled. */ +uint16_t ssl3_get_max_server_version(const SSL *ssl); -/* ssl3_get_mutual_version selects the protocol version on |s| for a client +/* ssl3_get_mutual_version selects the protocol version on |ssl| for a client * which advertises |client_version|. If no suitable version exists, it returns * zero. */ -uint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version); +uint16_t ssl3_get_mutual_version(SSL *ssl, uint16_t client_version); /* ssl3_get_max_client_version returns the maximum protocol version configured * for the client. It is guaranteed that the set of allowed versions at or below * this maximum version is contiguous. If all versions are disabled, it returns * zero. */ -uint16_t ssl3_get_max_client_version(SSL *s); +uint16_t ssl3_get_max_client_version(SSL *ssl); /* ssl3_is_version_enabled returns one if |version| is an enabled protocol - * version for |s| and zero otherwise. */ -int ssl3_is_version_enabled(SSL *s, uint16_t version); + * version for |ssl| and zero otherwise. */ +int ssl3_is_version_enabled(SSL *ssl, uint16_t version); /* ssl3_version_from_wire maps |wire_version| to a protocol version. For * SSLv3/TLS, the version is returned as-is. For DTLS, the corresponding TLS @@ -1284,16 +1294,16 @@ int ssl3_is_version_enabled(SSL *s, uint16_t version); * * TODO(davidben): To normalize some DTLS-specific code, move away from using * the wire version except at API boundaries. */ -uint16_t ssl3_version_from_wire(SSL *s, uint16_t wire_version); +uint16_t ssl3_version_from_wire(SSL *ssl, uint16_t wire_version); -uint32_t ssl_get_algorithm_prf(SSL *s); -int tls1_parse_peer_sigalgs(SSL *s, const CBS *sigalgs); +uint32_t ssl_get_algorithm_prf(SSL *ssl); +int tls1_parse_peer_sigalgs(SSL *ssl, const CBS *sigalgs); /* tls1_choose_signing_digest returns a digest for use with |ssl|'s private key * based on the peer's preferences the digests supported. */ const EVP_MD *tls1_choose_signing_digest(SSL *ssl); -size_t tls12_get_psigalgs(SSL *s, const uint8_t **psigs); +size_t tls12_get_psigalgs(SSL *ssl, const uint8_t **psigs); /* tls12_check_peer_sigalg checks that |hash| and |signature| are consistent * with |pkey| and |ssl|'s sent, supported signature algorithms and, if so, @@ -1301,6 +1311,6 @@ size_t tls12_get_psigalgs(SSL *s, const uint8_t **psigs); * returns 0 and writes an alert into |*out_alert|. */ int tls12_check_peer_sigalg(SSL *ssl, const EVP_MD **out_md, int *out_alert, uint8_t hash, uint8_t signature, EVP_PKEY *pkey); -void ssl_set_client_disabled(SSL *s); +void ssl_set_client_disabled(SSL *ssl); #endif /* OPENSSL_HEADER_SSL_INTERNAL_H */ |