1 files changed, 0 insertions, 443 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
deleted file mode 100644
index f4b17bdf25..0000000000
--- a/src/lib/libssl/tls13_internal.h
+++ /dev/null
@@ -1,443 +0,0 @@
-/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */
-/*
- * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#ifndef HEADER_TLS13_INTERNAL_H
-#define HEADER_TLS13_INTERNAL_H
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-#include "bytestring.h"
-#include "tls_internal.h"
-__BEGIN_HIDDEN_DECLS
-#define TLS13_HS_CLIENT                 1
-#define TLS13_HS_SERVER                 2
-#define TLS13_IO_SUCCESS                 1
-#define TLS13_IO_EOF                     0
-#define TLS13_IO_FAILURE                -1
-#define TLS13_IO_ALERT                  -2
-#define TLS13_IO_WANT_POLLIN            -3
-#define TLS13_IO_WANT_POLLOUT           -4
-#define TLS13_IO_WANT_RETRY             -5 /* Retry the previous call immediately. */
-#define TLS13_IO_USE_LEGACY             -6
-#define TLS13_IO_RECORD_VERSION         -7
-#define TLS13_IO_RECORD_OVERFLOW        -8
-#define TLS13_ERR_VERIFY_FAILED         16
-#define TLS13_ERR_HRR_FAILED            17
-#define TLS13_ERR_TRAILING_DATA         18
-#define TLS13_ERR_NO_SHARED_CIPHER      19
-#define TLS13_ERR_NO_CERTIFICATE        20
-#define TLS13_ERR_NO_PEER_CERTIFICATE   21
-#define TLS13_ALERT_LEVEL_WARNING                       1
-#define TLS13_ALERT_LEVEL_FATAL                         2
-#define TLS13_ALERT_CLOSE_NOTIFY                        0
-#define TLS13_ALERT_UNEXPECTED_MESSAGE                  10
-#define TLS13_ALERT_BAD_RECORD_MAC                      20
-#define TLS13_ALERT_RECORD_OVERFLOW                     22
-#define TLS13_ALERT_HANDSHAKE_FAILURE                   40
-#define TLS13_ALERT_BAD_CERTIFICATE                     42
-#define TLS13_ALERT_UNSUPPORTED_CERTIFICATE             43
-#define TLS13_ALERT_CERTIFICATE_REVOKED                 44
-#define TLS13_ALERT_CERTIFICATE_EXPIRED                 45
-#define TLS13_ALERT_CERTIFICATE_UNKNOWN                 46
-#define TLS13_ALERT_ILLEGAL_PARAMETER                   47
-#define TLS13_ALERT_UNKNOWN_CA                          48
-#define TLS13_ALERT_ACCESS_DENIED                       49
-#define TLS13_ALERT_DECODE_ERROR                        50
-#define TLS13_ALERT_DECRYPT_ERROR                       51
-#define TLS13_ALERT_PROTOCOL_VERSION                    70
-#define TLS13_ALERT_INSUFFICIENT_SECURITY               71
-#define TLS13_ALERT_INTERNAL_ERROR                      80
-#define TLS13_ALERT_INAPPROPRIATE_FALLBACK              86
-#define TLS13_ALERT_USER_CANCELED                       90
-#define TLS13_ALERT_MISSING_EXTENSION                   109
-#define TLS13_ALERT_UNSUPPORTED_EXTENSION               110
-#define TLS13_ALERT_UNRECOGNIZED_NAME                   112
-#define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE     113
-#define TLS13_ALERT_UNKNOWN_PSK_IDENTITY                115
-#define TLS13_ALERT_CERTIFICATE_REQUIRED                116
-#define TLS13_ALERT_NO_APPLICATION_PROTOCOL             120
-#define TLS13_INFO_HANDSHAKE_STARTED                    SSL_CB_HANDSHAKE_START
-#define TLS13_INFO_HANDSHAKE_COMPLETED                  SSL_CB_HANDSHAKE_DONE
-#define TLS13_INFO_ACCEPT_LOOP                          SSL_CB_ACCEPT_LOOP
-#define TLS13_INFO_CONNECT_LOOP                         SSL_CB_CONNECT_LOOP
-#define TLS13_INFO_ACCEPT_EXIT                          SSL_CB_ACCEPT_EXIT
-#define TLS13_INFO_CONNECT_EXIT                         SSL_CB_CONNECT_EXIT
-typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
-typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg);
-typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
-typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
-typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret);
-typedef int (*tls13_ocsp_status_cb)(void *_cb_arg);
-/*
- * PSK support.
- */
-/*
- * Known PskKeyExchangeMode values.
- * https://www.iana.org/assignments/tls-parameters/#tls-pskkeyexchangemode
- */
-#define TLS13_PSK_KE                                    0
-#define TLS13_PSK_DHE_KE                                1
-/*
- * Secrets.
- */
-struct tls13_secret {
-        uint8_t *data;
-        size_t len;
-};
-/* RFC 8446 Section 7.1  Page 92 */
-struct tls13_secrets {
-        const EVP_MD *digest;
-        int resumption;
-        int init_done;
-        int early_done;
-        int handshake_done;
-        int schedule_done;
-        int insecure; /* Set by tests */
-        struct tls13_secret zeros;
-        struct tls13_secret empty_hash;
-        struct tls13_secret extracted_early;
-        struct tls13_secret binder_key;
-        struct tls13_secret client_early_traffic;
-        struct tls13_secret early_exporter_master;
-        struct tls13_secret derived_early;
-        struct tls13_secret extracted_handshake;
-        struct tls13_secret client_handshake_traffic;
-        struct tls13_secret server_handshake_traffic;
-        struct tls13_secret derived_handshake;
-        struct tls13_secret extracted_master;
-        struct tls13_secret client_application_traffic;
-        struct tls13_secret server_application_traffic;
-        struct tls13_secret exporter_master;
-        struct tls13_secret resumption_master;
-};
-int tls13_secret_init(struct tls13_secret *secret, size_t len);
-void tls13_secret_cleanup(struct tls13_secret *secret);
-struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest,
-    int resumption);
-void tls13_secrets_destroy(struct tls13_secrets *secrets);
-int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
-    const struct tls13_secret *secret, const char *label,
-    const struct tls13_secret *context);
-int tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
-    const EVP_MD *digest, const struct tls13_secret *secret,
-    const uint8_t *label, size_t label_len, const struct tls13_secret *context);
-int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
-    const struct tls13_secret *secret, const char *label,
-    const struct tls13_secret *context);
-int tls13_derive_secret_with_label_length(struct tls13_secret *out,
-    const EVP_MD *digest, const struct tls13_secret *secret,
-    const uint8_t *label, size_t label_len, const struct tls13_secret *context);
-int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
-    size_t psk_len, const struct tls13_secret *context);
-int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
-    const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context);
-int tls13_derive_application_secrets(struct tls13_secrets *secrets,
-    const struct tls13_secret *context);
-int tls13_update_client_traffic_secret(struct tls13_secrets *secrets);
-int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
-/*
- * Record Layer.
- */
-struct tls13_record_layer;
-struct tls13_record_layer_callbacks {
-        /* Wire callbacks. */
-        tls_read_cb wire_read;
-        tls_write_cb wire_write;
-        tls_flush_cb wire_flush;
-        /* Interceptors. */
-        tls_handshake_read_cb handshake_read;
-        tls_handshake_write_cb handshake_write;
-        tls_traffic_key_cb set_read_traffic_key;
-        tls_traffic_key_cb set_write_traffic_key;
-        tls_alert_send_cb alert_send;
-        /* Notification callbacks. */
-        tls13_alert_cb alert_recv;
-        tls13_alert_cb alert_sent;
-        tls13_phh_recv_cb phh_recv;
-        tls13_phh_sent_cb phh_sent;
-};
-struct tls13_record_layer *tls13_record_layer_new(
-    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg);
-void tls13_record_layer_free(struct tls13_record_layer *rl);
-void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
-    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg);
-void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
-void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
-void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs);
-void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
-    const EVP_AEAD *aead);
-void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
-    const EVP_MD *hash);
-void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
-    uint16_t version);
-void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry);
-void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
-int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *read_key, enum ssl_encryption_level_t read_level);
-int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *write_key, enum ssl_encryption_level_t write_level);
-ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl);
-ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
-ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl);
-ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
-ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
-    size_t n);
-ssize_t tls13_pending_application_data(struct tls13_record_layer *rl);
-ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
-ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
-ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
-    size_t n);
-ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc);
-ssize_t tls13_send_dummy_ccs(struct tls13_record_layer *rl);
-/*
- * Handshake Messages.
- */
-struct tls13_handshake_msg;
-struct tls13_handshake_msg *tls13_handshake_msg_new(void);
-void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
-void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs);
-uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
-int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs);
-int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
-    uint8_t msg_type);
-int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
-int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
-    struct tls13_record_layer *rl);
-int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
-    struct tls13_record_layer *rl);
-struct tls13_handshake_stage {
-        uint8_t hs_type;
-        uint8_t message_number;
-};
-struct ssl_handshake_tls13_st;
-struct tls13_error {
-        int code;
-        int subcode;
-        int errnum;
-        const char *file;
-        int line;
-        char *msg;
-};
-struct tls13_ctx {
-        struct tls13_error error;
-        SSL *ssl;
-        struct ssl_handshake_st *hs;
-        uint8_t mode;
-        struct tls13_handshake_stage handshake_stage;
-        int handshake_started;
-        int handshake_completed;
-        int need_flush;
-        int middlebox_compat;
-        int send_dummy_ccs;
-        int send_dummy_ccs_after;
-        int close_notify_sent;
-        int close_notify_recv;
-        const EVP_AEAD *aead;
-        const EVP_MD *hash;
-        struct tls13_record_layer *rl;
-        struct tls13_handshake_msg *hs_msg;
-        uint8_t key_update_request;
-        uint8_t alert;
-        int phh_count;
-        time_t phh_last_seen;
-        tls13_handshake_message_cb handshake_message_sent_cb;
-        tls13_handshake_message_cb handshake_message_recv_cb;
-        tls13_info_cb info_cb;
-        tls13_ocsp_status_cb ocsp_status_recv_cb;
-};
-#ifndef TLS13_PHH_LIMIT_TIME
-#define TLS13_PHH_LIMIT_TIME 3600
-#endif
-#ifndef TLS13_PHH_LIMIT
-#define TLS13_PHH_LIMIT 100
-#endif
-struct tls13_ctx *tls13_ctx_new(int mode, SSL *ssl);
-void tls13_ctx_free(struct tls13_ctx *ctx);
-const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
-const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
-void tls13_alert_received_cb(uint8_t alert_desc, void *arg);
-void tls13_alert_sent_cb(uint8_t alert_desc, void *arg);
-ssize_t tls13_phh_received_cb(void *cb_arg);
-void tls13_phh_done_cb(void *cb_arg);
-int tls13_quic_init(struct tls13_ctx *ctx);
-/*
- * Legacy interfaces.
- */
-int tls13_use_legacy_client(struct tls13_ctx *ctx);
-int tls13_use_legacy_server(struct tls13_ctx *ctx);
-int tls13_legacy_accept(SSL *ssl);
-int tls13_legacy_connect(SSL *ssl);
-int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
-ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
-ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
-ssize_t tls13_legacy_wire_flush_cb(void *arg);
-int tls13_legacy_pending(const SSL *ssl);
-int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
-    int peek);
-int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
-int tls13_legacy_shutdown(SSL *ssl);
-int tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert);
-/*
- * Message Types - RFC 8446, Section B.3.
- *
- * Values listed as "_RESERVED" were used in previous versions of TLS and are
- * listed here for completeness.  TLS 1.3 implementations MUST NOT send them but
- * might receive them from older TLS implementations.
- */
-#define TLS13_MT_HELLO_REQUEST_RESERVED         0
-#define TLS13_MT_CLIENT_HELLO                   1
-#define TLS13_MT_SERVER_HELLO                   2
-#define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED  3
-#define TLS13_MT_NEW_SESSION_TICKET             4
-#define TLS13_MT_END_OF_EARLY_DATA              5
-#define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED   6
-#define TLS13_MT_ENCRYPTED_EXTENSIONS           8
-#define TLS13_MT_CERTIFICATE                    11
-#define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED   12
-#define TLS13_MT_CERTIFICATE_REQUEST            13
-#define TLS13_MT_SERVER_HELLO_DONE_RESERVED     14
-#define TLS13_MT_CERTIFICATE_VERIFY             15
-#define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED   16
-#define TLS13_MT_FINISHED                       20
-#define TLS13_MT_CERTIFICATE_URL_RESERVED       21
-#define TLS13_MT_CERTIFICATE_STATUS_RESERVED    22
-#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED     23
-#define TLS13_MT_KEY_UPDATE                     24
-#define TLS13_MT_MESSAGE_HASH                   254
-int tls13_handshake_msg_record(struct tls13_ctx *ctx);
-int tls13_handshake_perform(struct tls13_ctx *ctx);
-int tls13_client_init(struct tls13_ctx *ctx);
-int tls13_server_init(struct tls13_ctx *ctx);
-int tls13_client_connect(struct tls13_ctx *ctx);
-int tls13_server_accept(struct tls13_ctx *ctx);
-int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_hello_sent(struct tls13_ctx *ctx);
-int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_finished_sent(struct tls13_ctx *ctx);
-int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_hello_sent(struct tls13_ctx *ctx);
-int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx);
-int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_finished_sent(struct tls13_ctx *ctx);
-void tls13_error_clear(struct tls13_error *error);
-int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
-    int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb));
-int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
-int tls13_clienthello_hash_init(struct tls13_ctx *ctx);
-void tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs);
-int tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data,
-    size_t len);
-int tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_clienthello_hash_finalize(struct tls13_ctx *ctx);
-int tls13_clienthello_hash_validate(struct tls13_ctx *ctx);
-int tls13_error_set(struct tls13_error *error, int code, int subcode,
-    const char *file, int line, const char *fmt, ...);
-int tls13_error_setx(struct tls13_error *error, int code, int subcode,
-    const char *file, int line, const char *fmt, ...);
-#define tls13_set_error(ctx, code, subcode, fmt, ...) \
-        tls13_error_set(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
-            (fmt), __VA_ARGS__)
-#define tls13_set_errorx(ctx, code, subcode, fmt, ...) \
-        tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
-            (fmt), __VA_ARGS__)
-int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
-    const uint8_t *context_value, size_t context_value_len, uint8_t *out,
-    size_t out_len);
-extern const uint8_t tls13_downgrade_12[8];
-extern const uint8_t tls13_downgrade_11[8];
-extern const uint8_t tls13_hello_retry_request_hash[32];
-extern const uint8_t tls13_cert_verify_pad[64];
-extern const uint8_t tls13_cert_client_verify_context[];
-extern const uint8_t tls13_cert_server_verify_context[];
-__END_HIDDEN_DECLS
-#endif

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h deleted file mode 100644 index f4b17bdf25..0000000000 --- a/src/lib/libssl/tls13_internal.h +++ /dev/null
@@ -1,443 +0,0 @@
1	/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */
2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
5	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
6	*
7	* Permission to use, copy, modify, and/or distribute this software for any
8	* purpose with or without fee is hereby granted, provided that the above
9	* copyright notice and this permission notice appear in all copies.
10	*
11	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
14	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
16	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
17	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18	*/
19
20	#ifndef HEADER_TLS13_INTERNAL_H
21	#define HEADER_TLS13_INTERNAL_H
22
23	#include <openssl/evp.h>
24	#include <openssl/ssl.h>
25
26	#include "bytestring.h"
27	#include "tls_internal.h"
28
29	__BEGIN_HIDDEN_DECLS
30
31	#define TLS13_HS_CLIENT 1
32	#define TLS13_HS_SERVER 2
33
34	#define TLS13_IO_SUCCESS 1
35	#define TLS13_IO_EOF 0
36	#define TLS13_IO_FAILURE -1
37	#define TLS13_IO_ALERT -2
38	#define TLS13_IO_WANT_POLLIN -3
39	#define TLS13_IO_WANT_POLLOUT -4
40	#define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */
41	#define TLS13_IO_USE_LEGACY -6
42	#define TLS13_IO_RECORD_VERSION -7
43	#define TLS13_IO_RECORD_OVERFLOW -8
44
45	#define TLS13_ERR_VERIFY_FAILED 16
46	#define TLS13_ERR_HRR_FAILED 17
47	#define TLS13_ERR_TRAILING_DATA 18
48	#define TLS13_ERR_NO_SHARED_CIPHER 19
49	#define TLS13_ERR_NO_CERTIFICATE 20
50	#define TLS13_ERR_NO_PEER_CERTIFICATE 21
51
52	#define TLS13_ALERT_LEVEL_WARNING 1
53	#define TLS13_ALERT_LEVEL_FATAL 2
54
55	#define TLS13_ALERT_CLOSE_NOTIFY 0
56	#define TLS13_ALERT_UNEXPECTED_MESSAGE 10
57	#define TLS13_ALERT_BAD_RECORD_MAC 20
58	#define TLS13_ALERT_RECORD_OVERFLOW 22
59	#define TLS13_ALERT_HANDSHAKE_FAILURE 40
60	#define TLS13_ALERT_BAD_CERTIFICATE 42
61	#define TLS13_ALERT_UNSUPPORTED_CERTIFICATE 43
62	#define TLS13_ALERT_CERTIFICATE_REVOKED 44
63	#define TLS13_ALERT_CERTIFICATE_EXPIRED 45
64	#define TLS13_ALERT_CERTIFICATE_UNKNOWN 46
65	#define TLS13_ALERT_ILLEGAL_PARAMETER 47
66	#define TLS13_ALERT_UNKNOWN_CA 48
67	#define TLS13_ALERT_ACCESS_DENIED 49
68	#define TLS13_ALERT_DECODE_ERROR 50
69	#define TLS13_ALERT_DECRYPT_ERROR 51
70	#define TLS13_ALERT_PROTOCOL_VERSION 70
71	#define TLS13_ALERT_INSUFFICIENT_SECURITY 71
72	#define TLS13_ALERT_INTERNAL_ERROR 80
73	#define TLS13_ALERT_INAPPROPRIATE_FALLBACK 86
74	#define TLS13_ALERT_USER_CANCELED 90
75	#define TLS13_ALERT_MISSING_EXTENSION 109
76	#define TLS13_ALERT_UNSUPPORTED_EXTENSION 110
77	#define TLS13_ALERT_UNRECOGNIZED_NAME 112
78	#define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113
79	#define TLS13_ALERT_UNKNOWN_PSK_IDENTITY 115
80	#define TLS13_ALERT_CERTIFICATE_REQUIRED 116
81	#define TLS13_ALERT_NO_APPLICATION_PROTOCOL 120
82
83	#define TLS13_INFO_HANDSHAKE_STARTED SSL_CB_HANDSHAKE_START
84	#define TLS13_INFO_HANDSHAKE_COMPLETED SSL_CB_HANDSHAKE_DONE
85	#define TLS13_INFO_ACCEPT_LOOP SSL_CB_ACCEPT_LOOP
86	#define TLS13_INFO_CONNECT_LOOP SSL_CB_CONNECT_LOOP
87	#define TLS13_INFO_ACCEPT_EXIT SSL_CB_ACCEPT_EXIT
88	#define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT
89
90	typedef void (tls13_alert_cb)(uint8_t _alert_desc, void _cb_arg);
91	typedef ssize_t (tls13_phh_recv_cb)(void _cb_arg);
92	typedef void (tls13_phh_sent_cb)(void _cb_arg);
93	typedef void (tls13_handshake_message_cb)(void _cb_arg);
94	typedef void (tls13_info_cb)(void _cb_arg, int _state, int _ret);
95	typedef int (tls13_ocsp_status_cb)(void _cb_arg);
96
97	/*
98	* PSK support.
99	*/
100
101	/*
102	* Known PskKeyExchangeMode values.
103	* https://www.iana.org/assignments/tls-parameters/#tls-pskkeyexchangemode
104	*/
105	#define TLS13_PSK_KE 0
106	#define TLS13_PSK_DHE_KE 1
107
108	/*
109	* Secrets.
110	*/
111	struct tls13_secret {
112	uint8_t *data;
113	size_t len;
114	};
115
116	/* RFC 8446 Section 7.1 Page 92 */
117	struct tls13_secrets {
118	const EVP_MD *digest;
119	int resumption;
120	int init_done;
121	int early_done;
122	int handshake_done;
123	int schedule_done;
124	int insecure; /* Set by tests */
125	struct tls13_secret zeros;
126	struct tls13_secret empty_hash;
127	struct tls13_secret extracted_early;
128	struct tls13_secret binder_key;
129	struct tls13_secret client_early_traffic;
130	struct tls13_secret early_exporter_master;
131	struct tls13_secret derived_early;
132	struct tls13_secret extracted_handshake;
133	struct tls13_secret client_handshake_traffic;
134	struct tls13_secret server_handshake_traffic;
135	struct tls13_secret derived_handshake;
136	struct tls13_secret extracted_master;
137	struct tls13_secret client_application_traffic;
138	struct tls13_secret server_application_traffic;
139	struct tls13_secret exporter_master;
140	struct tls13_secret resumption_master;
141	};
142
143	int tls13_secret_init(struct tls13_secret *secret, size_t len);
144	void tls13_secret_cleanup(struct tls13_secret *secret);
145	struct tls13_secrets tls13_secrets_create(const EVP_MD digest,
146	int resumption);
147	void tls13_secrets_destroy(struct tls13_secrets *secrets);
148
149	int tls13_hkdf_expand_label(struct tls13_secret out, const EVP_MD digest,
150	const struct tls13_secret secret, const char label,
151	const struct tls13_secret *context);
152	int tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
153	const EVP_MD digest, const struct tls13_secret secret,
154	const uint8_t label, size_t label_len, const struct tls13_secret context);
155
156	int tls13_derive_secret(struct tls13_secret out, const EVP_MD digest,
157	const struct tls13_secret secret, const char label,
158	const struct tls13_secret *context);
159	int tls13_derive_secret_with_label_length(struct tls13_secret *out,
160	const EVP_MD digest, const struct tls13_secret secret,
161	const uint8_t label, size_t label_len, const struct tls13_secret context);
162
163	int tls13_derive_early_secrets(struct tls13_secrets secrets, uint8_t psk,
164	size_t psk_len, const struct tls13_secret *context);
165	int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
166	const uint8_t ecdhe, size_t ecdhe_len, const struct tls13_secret context);
167	int tls13_derive_application_secrets(struct tls13_secrets *secrets,
168	const struct tls13_secret *context);
169	int tls13_update_client_traffic_secret(struct tls13_secrets *secrets);
170	int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
171
172	/*
173	* Record Layer.
174	*/
175	struct tls13_record_layer;
176
177	struct tls13_record_layer_callbacks {
178	/* Wire callbacks. */
179	tls_read_cb wire_read;
180	tls_write_cb wire_write;
181	tls_flush_cb wire_flush;
182
183	/* Interceptors. */
184	tls_handshake_read_cb handshake_read;
185	tls_handshake_write_cb handshake_write;
186	tls_traffic_key_cb set_read_traffic_key;
187	tls_traffic_key_cb set_write_traffic_key;
188	tls_alert_send_cb alert_send;
189
190	/* Notification callbacks. */
191	tls13_alert_cb alert_recv;
192	tls13_alert_cb alert_sent;
193	tls13_phh_recv_cb phh_recv;
194	tls13_phh_sent_cb phh_sent;
195	};
196
197	struct tls13_record_layer *tls13_record_layer_new(
198	const struct tls13_record_layer_callbacks callbacks, void cb_arg);
199	void tls13_record_layer_free(struct tls13_record_layer *rl);
200	void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
201	const struct tls13_record_layer_callbacks callbacks, void cb_arg);
202	void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
203	void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
204	void tls13_record_layer_rcontent(struct tls13_record_layer rl, CBS cbs);
205	void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
206	const EVP_AEAD *aead);
207	void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
208	const EVP_MD *hash);
209	void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
210	uint16_t version);
211	void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry);
212	void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
213	int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
214	struct tls13_secret *read_key, enum ssl_encryption_level_t read_level);
215	int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
216	struct tls13_secret *write_key, enum ssl_encryption_level_t write_level);
217	ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl);
218	ssize_t tls13_record_layer_phh(struct tls13_record_layer rl, CBS cbs);
219	ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl);
220
221	ssize_t tls13_read_handshake_data(struct tls13_record_layer rl, uint8_t buf, size_t n);
222	ssize_t tls13_write_handshake_data(struct tls13_record_layer rl, const uint8_t buf,
223	size_t n);
224	ssize_t tls13_pending_application_data(struct tls13_record_layer *rl);
225	ssize_t tls13_peek_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n);
226	ssize_t tls13_read_application_data(struct tls13_record_layer rl, uint8_t buf, size_t n);
227	ssize_t tls13_write_application_data(struct tls13_record_layer rl, const uint8_t buf,
228	size_t n);
229
230	ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc);
231	ssize_t tls13_send_dummy_ccs(struct tls13_record_layer *rl);
232
233	/*
234	* Handshake Messages.
235	*/
236	struct tls13_handshake_msg;
237
238	struct tls13_handshake_msg *tls13_handshake_msg_new(void);
239	void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
240	void tls13_handshake_msg_data(struct tls13_handshake_msg msg, CBS cbs);
241	uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
242	int tls13_handshake_msg_content(struct tls13_handshake_msg msg, CBS cbs);
243	int tls13_handshake_msg_start(struct tls13_handshake_msg msg, CBB body,
244	uint8_t msg_type);
245	int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
246	int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
247	struct tls13_record_layer *rl);
248	int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
249	struct tls13_record_layer *rl);
250
251	struct tls13_handshake_stage {
252	uint8_t hs_type;
253	uint8_t message_number;
254	};
255
256	struct ssl_handshake_tls13_st;
257
258	struct tls13_error {
259	int code;
260	int subcode;
261	int errnum;
262	const char *file;
263	int line;
264	char *msg;
265	};
266
267	struct tls13_ctx {
268	struct tls13_error error;
269
270	SSL *ssl;
271	struct ssl_handshake_st *hs;
272	uint8_t mode;
273	struct tls13_handshake_stage handshake_stage;
274	int handshake_started;
275	int handshake_completed;
276	int need_flush;
277	int middlebox_compat;
278	int send_dummy_ccs;
279	int send_dummy_ccs_after;
280
281	int close_notify_sent;
282	int close_notify_recv;
283
284	const EVP_AEAD *aead;
285	const EVP_MD *hash;
286
287	struct tls13_record_layer *rl;
288	struct tls13_handshake_msg *hs_msg;
289	uint8_t key_update_request;
290	uint8_t alert;
291	int phh_count;
292	time_t phh_last_seen;
293
294	tls13_handshake_message_cb handshake_message_sent_cb;
295	tls13_handshake_message_cb handshake_message_recv_cb;
296	tls13_info_cb info_cb;
297	tls13_ocsp_status_cb ocsp_status_recv_cb;
298	};
299	#ifndef TLS13_PHH_LIMIT_TIME
300	#define TLS13_PHH_LIMIT_TIME 3600
301	#endif
302	#ifndef TLS13_PHH_LIMIT
303	#define TLS13_PHH_LIMIT 100
304	#endif
305
306	struct tls13_ctx tls13_ctx_new(int mode, SSL ssl);
307	void tls13_ctx_free(struct tls13_ctx *ctx);
308
309	const EVP_AEAD tls13_cipher_aead(const SSL_CIPHER cipher);
310	const EVP_MD tls13_cipher_hash(const SSL_CIPHER cipher);
311
312	void tls13_alert_received_cb(uint8_t alert_desc, void *arg);
313	void tls13_alert_sent_cb(uint8_t alert_desc, void *arg);
314	ssize_t tls13_phh_received_cb(void *cb_arg);
315	void tls13_phh_done_cb(void *cb_arg);
316
317	int tls13_quic_init(struct tls13_ctx *ctx);
318
319	/*
320	* Legacy interfaces.
321	*/
322	int tls13_use_legacy_client(struct tls13_ctx *ctx);
323	int tls13_use_legacy_server(struct tls13_ctx *ctx);
324	int tls13_legacy_accept(SSL *ssl);
325	int tls13_legacy_connect(SSL *ssl);
326	int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
327	ssize_t tls13_legacy_wire_read_cb(void buf, size_t n, void arg);
328	ssize_t tls13_legacy_wire_write_cb(const void buf, size_t n, void arg);
329	ssize_t tls13_legacy_wire_flush_cb(void *arg);
330	int tls13_legacy_pending(const SSL *ssl);
331	int tls13_legacy_read_bytes(SSL ssl, int type, unsigned char buf, int len,
332	int peek);
333	int tls13_legacy_write_bytes(SSL ssl, int type, const void buf, int len);
334	int tls13_legacy_shutdown(SSL *ssl);
335	int tls13_legacy_servername_process(struct tls13_ctx ctx, uint8_t alert);
336
337	/*
338	* Message Types - RFC 8446, Section B.3.
339	*
340	* Values listed as "_RESERVED" were used in previous versions of TLS and are
341	* listed here for completeness. TLS 1.3 implementations MUST NOT send them but
342	* might receive them from older TLS implementations.
343	*/
344	#define TLS13_MT_HELLO_REQUEST_RESERVED 0
345	#define TLS13_MT_CLIENT_HELLO 1
346	#define TLS13_MT_SERVER_HELLO 2
347	#define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED 3
348	#define TLS13_MT_NEW_SESSION_TICKET 4
349	#define TLS13_MT_END_OF_EARLY_DATA 5
350	#define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED 6
351	#define TLS13_MT_ENCRYPTED_EXTENSIONS 8
352	#define TLS13_MT_CERTIFICATE 11
353	#define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED 12
354	#define TLS13_MT_CERTIFICATE_REQUEST 13
355	#define TLS13_MT_SERVER_HELLO_DONE_RESERVED 14
356	#define TLS13_MT_CERTIFICATE_VERIFY 15
357	#define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED 16
358	#define TLS13_MT_FINISHED 20
359	#define TLS13_MT_CERTIFICATE_URL_RESERVED 21
360	#define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22
361	#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23
362	#define TLS13_MT_KEY_UPDATE 24
363	#define TLS13_MT_MESSAGE_HASH 254
364
365	int tls13_handshake_msg_record(struct tls13_ctx *ctx);
366	int tls13_handshake_perform(struct tls13_ctx *ctx);
367
368	int tls13_client_init(struct tls13_ctx *ctx);
369	int tls13_server_init(struct tls13_ctx *ctx);
370	int tls13_client_connect(struct tls13_ctx *ctx);
371	int tls13_server_accept(struct tls13_ctx *ctx);
372
373	int tls13_client_hello_send(struct tls13_ctx ctx, CBB cbb);
374	int tls13_client_hello_sent(struct tls13_ctx *ctx);
375	int tls13_client_hello_recv(struct tls13_ctx ctx, CBS cbs);
376	int tls13_client_hello_retry_send(struct tls13_ctx ctx, CBB cbb);
377	int tls13_client_hello_retry_recv(struct tls13_ctx ctx, CBS cbs);
378	int tls13_client_end_of_early_data_send(struct tls13_ctx ctx, CBB cbb);
379	int tls13_client_end_of_early_data_recv(struct tls13_ctx ctx, CBS cbs);
380	int tls13_client_certificate_send(struct tls13_ctx ctx, CBB cbb);
381	int tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs);
382	int tls13_client_certificate_verify_send(struct tls13_ctx ctx, CBB cbb);
383	int tls13_client_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs);
384	int tls13_client_finished_recv(struct tls13_ctx ctx, CBS cbs);
385	int tls13_client_finished_send(struct tls13_ctx ctx, CBB cbb);
386	int tls13_client_finished_sent(struct tls13_ctx *ctx);
387	int tls13_server_hello_recv(struct tls13_ctx ctx, CBS cbs);
388	int tls13_server_hello_send(struct tls13_ctx ctx, CBB cbb);
389	int tls13_server_hello_sent(struct tls13_ctx *ctx);
390	int tls13_server_hello_retry_request_recv(struct tls13_ctx ctx, CBS cbs);
391	int tls13_server_hello_retry_request_send(struct tls13_ctx ctx, CBB cbb);
392	int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx);
393	int tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs);
394	int tls13_server_encrypted_extensions_send(struct tls13_ctx ctx, CBB cbb);
395	int tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs);
396	int tls13_server_certificate_send(struct tls13_ctx ctx, CBB cbb);
397	int tls13_server_certificate_request_recv(struct tls13_ctx ctx, CBS cbs);
398	int tls13_server_certificate_request_send(struct tls13_ctx ctx, CBB cbb);
399	int tls13_server_certificate_verify_send(struct tls13_ctx ctx, CBB cbb);
400	int tls13_server_certificate_verify_recv(struct tls13_ctx ctx, CBS cbs);
401	int tls13_server_finished_recv(struct tls13_ctx ctx, CBS cbs);
402	int tls13_server_finished_send(struct tls13_ctx ctx, CBB cbb);
403	int tls13_server_finished_sent(struct tls13_ctx *ctx);
404
405	void tls13_error_clear(struct tls13_error *error);
406	int tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,
407	int(build_extensions)(SSL s, uint16_t msg_type, CBB *cbb));
408
409	int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
410	int tls13_clienthello_hash_init(struct tls13_ctx *ctx);
411	void tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs);
412	int tls13_clienthello_hash_update_bytes(struct tls13_ctx ctx, void data,
413	size_t len);
414	int tls13_clienthello_hash_update(struct tls13_ctx ctx, CBS cbs);
415	int tls13_clienthello_hash_finalize(struct tls13_ctx *ctx);
416	int tls13_clienthello_hash_validate(struct tls13_ctx *ctx);
417
418	int tls13_error_set(struct tls13_error *error, int code, int subcode,
419	const char file, int line, const char fmt, ...);
420	int tls13_error_setx(struct tls13_error *error, int code, int subcode,
421	const char file, int line, const char fmt, ...);
422
423	#define tls13_set_error(ctx, code, subcode, fmt, ...) \
424	tls13_error_set(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
425	(fmt), __VA_ARGS__)
426	#define tls13_set_errorx(ctx, code, subcode, fmt, ...) \
427	tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
428	(fmt), __VA_ARGS__)
429
430	int tls13_exporter(struct tls13_ctx ctx, const uint8_t label, size_t label_len,
431	const uint8_t context_value, size_t context_value_len, uint8_t out,
432	size_t out_len);
433
434	extern const uint8_t tls13_downgrade_12[8];
435	extern const uint8_t tls13_downgrade_11[8];
436	extern const uint8_t tls13_hello_retry_request_hash[32];
437	extern const uint8_t tls13_cert_verify_pad[64];
438	extern const uint8_t tls13_cert_client_verify_context[];
439	extern const uint8_t tls13_cert_server_verify_context[];
440
441	__END_HIDDEN_DECLS
442
443	#endif