diff options
Diffstat (limited to 'src/lib/libssl/ssl3.h')
| -rw-r--r-- | src/lib/libssl/ssl3.h | 133 |
1 files changed, 31 insertions, 102 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index baaa89e717..a1a19cbfcb 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -123,14 +123,12 @@ | |||
| 123 | #include <openssl/buffer.h> | 123 | #include <openssl/buffer.h> |
| 124 | #include <openssl/evp.h> | 124 | #include <openssl/evp.h> |
| 125 | #include <openssl/ssl.h> | 125 | #include <openssl/ssl.h> |
| 126 | #include <openssl/pq_compat.h> | ||
| 126 | 127 | ||
| 127 | #ifdef __cplusplus | 128 | #ifdef __cplusplus |
| 128 | extern "C" { | 129 | extern "C" { |
| 129 | #endif | 130 | #endif |
| 130 | 131 | ||
| 131 | /* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ | ||
| 132 | #define SSL3_CK_SCSV 0x030000FF | ||
| 133 | |||
| 134 | #define SSL3_CK_RSA_NULL_MD5 0x03000001 | 132 | #define SSL3_CK_RSA_NULL_MD5 0x03000001 |
| 135 | #define SSL3_CK_RSA_NULL_SHA 0x03000002 | 133 | #define SSL3_CK_RSA_NULL_SHA 0x03000002 |
| 136 | #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 | 134 | #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 |
| @@ -162,14 +160,12 @@ extern "C" { | |||
| 162 | #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A | 160 | #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A |
| 163 | #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B | 161 | #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B |
| 164 | 162 | ||
| 165 | #if 0 | 163 | #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C |
| 166 | #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C | 164 | #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D |
| 167 | #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D | 165 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe |
| 168 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe | 166 | to remove according to David Hopwood <david.hopwood@zetnet.co.uk> |
| 169 | to remove according to David Hopwood <david.hopwood@zetnet.co.uk> | 167 | of the ietf-tls list */ |
| 170 | of the ietf-tls list */ | 168 | #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E |
| 171 | #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E | ||
| 172 | #endif | ||
| 173 | #endif | 169 | #endif |
| 174 | 170 | ||
| 175 | /* VRS Additional Kerberos5 entries | 171 | /* VRS Additional Kerberos5 entries |
| @@ -221,11 +217,9 @@ extern "C" { | |||
| 221 | #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" | 217 | #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" |
| 222 | #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" | 218 | #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" |
| 223 | 219 | ||
| 224 | #if 0 | 220 | #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" |
| 225 | #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" | 221 | #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" |
| 226 | #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" | 222 | #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" |
| 227 | #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" | ||
| 228 | #endif | ||
| 229 | 223 | ||
| 230 | #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" | 224 | #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" |
| 231 | #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" | 225 | #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" |
| @@ -251,65 +245,23 @@ extern "C" { | |||
| 251 | #define SSL3_SESSION_ID_SIZE 32 | 245 | #define SSL3_SESSION_ID_SIZE 32 |
| 252 | #define SSL3_RT_HEADER_LENGTH 5 | 246 | #define SSL3_RT_HEADER_LENGTH 5 |
| 253 | 247 | ||
| 254 | #ifndef SSL3_ALIGN_PAYLOAD | 248 | /* Due to MS stuffing up, this can change.... */ |
| 255 | /* Some will argue that this increases memory footprint, but it's | 249 | #if defined(OPENSSL_SYS_WIN16) || \ |
| 256 | * not actually true. Point is that malloc has to return at least | 250 | (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) |
| 257 | * 64-bit aligned pointers, meaning that allocating 5 bytes wastes | 251 | #define SSL3_RT_MAX_EXTRA (14000) |
| 258 | * 3 bytes in either case. Suggested pre-gaping simply moves these | ||
| 259 | * wasted bytes from the end of allocated region to its front, | ||
| 260 | * but makes data payload aligned, which improves performance:-) */ | ||
| 261 | # define SSL3_ALIGN_PAYLOAD 8 | ||
| 262 | #else | 252 | #else |
| 263 | # if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 | ||
| 264 | # error "insane SSL3_ALIGN_PAYLOAD" | ||
| 265 | # undef SSL3_ALIGN_PAYLOAD | ||
| 266 | # endif | ||
| 267 | #endif | ||
| 268 | |||
| 269 | /* This is the maximum MAC (digest) size used by the SSL library. | ||
| 270 | * Currently maximum of 20 is used by SHA1, but we reserve for | ||
| 271 | * future extension for 512-bit hashes. | ||
| 272 | */ | ||
| 273 | |||
| 274 | #define SSL3_RT_MAX_MD_SIZE 64 | ||
| 275 | |||
| 276 | /* Maximum block size used in all ciphersuites. Currently 16 for AES. | ||
| 277 | */ | ||
| 278 | |||
| 279 | #define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 | ||
| 280 | |||
| 281 | #define SSL3_RT_MAX_EXTRA (16384) | 253 | #define SSL3_RT_MAX_EXTRA (16384) |
| 254 | #endif | ||
| 282 | 255 | ||
| 283 | /* Maximum plaintext length: defined by SSL/TLS standards */ | ||
| 284 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 | 256 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 |
| 285 | /* Maximum compression overhead: defined by SSL/TLS standards */ | ||
| 286 | #define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 | ||
| 287 | |||
| 288 | /* The standards give a maximum encryption overhead of 1024 bytes. | ||
| 289 | * In practice the value is lower than this. The overhead is the maximum | ||
| 290 | * number of padding bytes (256) plus the mac size. | ||
| 291 | */ | ||
| 292 | #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) | ||
| 293 | |||
| 294 | /* OpenSSL currently only uses a padding length of at most one block so | ||
| 295 | * the send overhead is smaller. | ||
| 296 | */ | ||
| 297 | |||
| 298 | #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ | ||
| 299 | (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) | ||
| 300 | |||
| 301 | /* If compression isn't used don't include the compression overhead */ | ||
| 302 | |||
| 303 | #ifdef OPENSSL_NO_COMP | 257 | #ifdef OPENSSL_NO_COMP |
| 304 | #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH | 258 | #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH |
| 305 | #else | 259 | #else |
| 306 | #define SSL3_RT_MAX_COMPRESSED_LENGTH \ | 260 | #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) |
| 307 | (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) | ||
| 308 | #endif | 261 | #endif |
| 309 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH \ | 262 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) |
| 310 | (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) | 263 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) |
| 311 | #define SSL3_RT_MAX_PACKET_SIZE \ | 264 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) |
| 312 | (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) | ||
| 313 | 265 | ||
| 314 | #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" | 266 | #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" |
| 315 | #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" | 267 | #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" |
| @@ -348,7 +300,7 @@ typedef struct ssl3_record_st | |||
| 348 | /*rw*/ unsigned char *input; /* where the decode bytes are */ | 300 | /*rw*/ unsigned char *input; /* where the decode bytes are */ |
| 349 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ | 301 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ |
| 350 | /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ | 302 | /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ |
| 351 | /*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ | 303 | /*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ |
| 352 | } SSL3_RECORD; | 304 | } SSL3_RECORD; |
| 353 | 305 | ||
| 354 | typedef struct ssl3_buffer_st | 306 | typedef struct ssl3_buffer_st |
| @@ -371,14 +323,14 @@ typedef struct ssl3_buffer_st | |||
| 371 | * enough to contain all of the cert types defined either for | 323 | * enough to contain all of the cert types defined either for |
| 372 | * SSLv3 and TLSv1. | 324 | * SSLv3 and TLSv1. |
| 373 | */ | 325 | */ |
| 374 | #define SSL3_CT_NUMBER 9 | 326 | #define SSL3_CT_NUMBER 7 |
| 375 | 327 | ||
| 376 | 328 | ||
| 377 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 329 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
| 378 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | 330 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 |
| 379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 331 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
| 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 332 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 333 | #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 |
| 382 | 334 | ||
| 383 | typedef struct ssl3_state_st | 335 | typedef struct ssl3_state_st |
| 384 | { | 336 | { |
| @@ -386,10 +338,8 @@ typedef struct ssl3_state_st | |||
| 386 | int delay_buf_pop_ret; | 338 | int delay_buf_pop_ret; |
| 387 | 339 | ||
| 388 | unsigned char read_sequence[8]; | 340 | unsigned char read_sequence[8]; |
| 389 | int read_mac_secret_size; | ||
| 390 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | 341 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; |
| 391 | unsigned char write_sequence[8]; | 342 | unsigned char write_sequence[8]; |
| 392 | int write_mac_secret_size; | ||
| 393 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | 343 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; |
| 394 | 344 | ||
| 395 | unsigned char server_random[SSL3_RANDOM_SIZE]; | 345 | unsigned char server_random[SSL3_RANDOM_SIZE]; |
| @@ -399,9 +349,6 @@ typedef struct ssl3_state_st | |||
| 399 | int need_empty_fragments; | 349 | int need_empty_fragments; |
| 400 | int empty_fragment_done; | 350 | int empty_fragment_done; |
| 401 | 351 | ||
| 402 | /* The value of 'extra' when the buffers were initialized */ | ||
| 403 | int init_extra; | ||
| 404 | |||
| 405 | SSL3_BUFFER rbuf; /* read IO goes into here */ | 352 | SSL3_BUFFER rbuf; /* read IO goes into here */ |
| 406 | SSL3_BUFFER wbuf; /* write IO goes into here */ | 353 | SSL3_BUFFER wbuf; /* write IO goes into here */ |
| 407 | 354 | ||
| @@ -423,11 +370,9 @@ typedef struct ssl3_state_st | |||
| 423 | const unsigned char *wpend_buf; | 370 | const unsigned char *wpend_buf; |
| 424 | 371 | ||
| 425 | /* used during startup, digest all incoming/outgoing packets */ | 372 | /* used during startup, digest all incoming/outgoing packets */ |
| 426 | BIO *handshake_buffer; | 373 | EVP_MD_CTX finish_dgst1; |
| 427 | /* When set of handshake digests is determined, buffer is hashed | 374 | EVP_MD_CTX finish_dgst2; |
| 428 | * and freed and MD_CTX-es for all required digests are stored in | 375 | |
| 429 | * this array */ | ||
| 430 | EVP_MD_CTX **handshake_dgst; | ||
| 431 | /* this is set whenerver we see a change_cipher_spec message | 376 | /* this is set whenerver we see a change_cipher_spec message |
| 432 | * come in when we are not looking for one */ | 377 | * come in when we are not looking for one */ |
| 433 | int change_cipher_spec; | 378 | int change_cipher_spec; |
| @@ -447,14 +392,6 @@ typedef struct ssl3_state_st | |||
| 447 | 392 | ||
| 448 | int in_read_app_data; | 393 | int in_read_app_data; |
| 449 | 394 | ||
| 450 | /* Opaque PRF input as used for the current handshake. | ||
| 451 | * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined | ||
| 452 | * (otherwise, they are merely present to improve binary compatibility) */ | ||
| 453 | void *client_opaque_prf_input; | ||
| 454 | size_t client_opaque_prf_input_len; | ||
| 455 | void *server_opaque_prf_input; | ||
| 456 | size_t server_opaque_prf_input_len; | ||
| 457 | |||
| 458 | struct { | 395 | struct { |
| 459 | /* actually only needs to be 16+20 */ | 396 | /* actually only needs to be 16+20 */ |
| 460 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | 397 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; |
| @@ -469,7 +406,7 @@ typedef struct ssl3_state_st | |||
| 469 | int message_type; | 406 | int message_type; |
| 470 | 407 | ||
| 471 | /* used to hold the new cipher we are going to use */ | 408 | /* used to hold the new cipher we are going to use */ |
| 472 | const SSL_CIPHER *new_cipher; | 409 | SSL_CIPHER *new_cipher; |
| 473 | #ifndef OPENSSL_NO_DH | 410 | #ifndef OPENSSL_NO_DH |
| 474 | DH *dh; | 411 | DH *dh; |
| 475 | #endif | 412 | #endif |
| @@ -496,8 +433,6 @@ typedef struct ssl3_state_st | |||
| 496 | 433 | ||
| 497 | const EVP_CIPHER *new_sym_enc; | 434 | const EVP_CIPHER *new_sym_enc; |
| 498 | const EVP_MD *new_hash; | 435 | const EVP_MD *new_hash; |
| 499 | int new_mac_pkey_type; | ||
| 500 | int new_mac_secret_size; | ||
| 501 | #ifndef OPENSSL_NO_COMP | 436 | #ifndef OPENSSL_NO_COMP |
| 502 | const SSL_COMP *new_compression; | 437 | const SSL_COMP *new_compression; |
| 503 | #else | 438 | #else |
| @@ -506,12 +441,6 @@ typedef struct ssl3_state_st | |||
| 506 | int cert_request; | 441 | int cert_request; |
| 507 | } tmp; | 442 | } tmp; |
| 508 | 443 | ||
| 509 | /* Connection binding to prevent renegotiation attacks */ | ||
| 510 | unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; | ||
| 511 | unsigned char previous_client_finished_len; | ||
| 512 | unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; | ||
| 513 | unsigned char previous_server_finished_len; | ||
| 514 | int send_connection_binding; /* TODOEKR */ | ||
| 515 | } SSL3_STATE; | 444 | } SSL3_STATE; |
| 516 | 445 | ||
| 517 | 446 | ||