1/*
2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*****************************************************************************
11 * *
12 * The following definitions are PRIVATE to the state machine. They should *
13 * NOT be used outside of the state machine. *
14 * *
15 *****************************************************************************/
16
17/* Max message length definitions */
18
19/* The spec allows for a longer length than this, but we limit it */
20#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
21#define END_OF_EARLY_DATA_MAX_LENGTH 0
22#define SERVER_HELLO_MAX_LENGTH 20000
23#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000
24#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
25#define SERVER_KEY_EXCH_MAX_LENGTH 102400
26#define SERVER_HELLO_DONE_MAX_LENGTH 0
27#define KEY_UPDATE_MAX_LENGTH 1
28#define CCS_MAX_LENGTH 1
29/* Max should actually be 36 but we are generous */
30#define FINISHED_MAX_LENGTH 64
31
32/* Dummy message type */
33#define SSL3_MT_DUMMY -1
34
35extern const unsigned char hrrrandom[];
36
37/* Message processing return codes */
38typedef enum {
39 /* Something bad happened */
40 MSG_PROCESS_ERROR,
41 /* We've finished reading - swap to writing */
42 MSG_PROCESS_FINISHED_READING,
43 /*
44 * We've completed the main processing of this message but there is some
45 * post processing to be done.
46 */
47 MSG_PROCESS_CONTINUE_PROCESSING,
48 /* We've finished this message - read the next message */
49 MSG_PROCESS_CONTINUE_READING
50} MSG_PROCESS_RETURN;
51
52typedef int (*confunc_f) (SSL *s, WPACKET *pkt);
53
54int ssl3_take_mac(SSL *s);
55int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
56 size_t num_groups, int checkallow);
57int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
58 size_t hashlen, const unsigned char *hrr,
59 size_t hrrlen);
60int parse_ca_names(SSL *s, PACKET *pkt);
61const STACK_OF(X509_NAME) *get_ca_names(SSL *s);
62int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt);
63size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
64 const void *param, size_t paramlen);
65
66/*
67 * TLS/DTLS client state machine functions
68 */
69int ossl_statem_client_read_transition(SSL *s, int mt);
70WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
71WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
72WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
73int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
74 confunc_f *confunc, int *mt);
75size_t ossl_statem_client_max_message_size(SSL *s);
76MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
77WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
78
79/*
80 * TLS/DTLS server state machine functions
81 */
82int ossl_statem_server_read_transition(SSL *s, int mt);
83WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
84WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
85WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
86int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
87 confunc_f *confunc,int *mt);
88size_t ossl_statem_server_max_message_size(SSL *s);
89MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
90WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
91
92/* Functions for getting new message data */
93__owur int tls_get_message_header(SSL *s, int *mt);
94__owur int tls_get_message_body(SSL *s, size_t *len);
95__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
96
97/* Message construction and processing functions */
98__owur int tls_process_initial_server_flight(SSL *s);
99__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
100__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
101__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
102__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
103
104__owur int tls_construct_finished(SSL *s, WPACKET *pkt);
105__owur int tls_construct_key_update(SSL *s, WPACKET *pkt);
106__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt);
107__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs,
108 int stop);
109__owur WORK_STATE dtls_wait_for_dry(SSL *s);
110
111/* some client-only functions */
112__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
113__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
114__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
115__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
116__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt);
117__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
118__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
119__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt);
120__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst);
121__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt);
122__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
123__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt);
124__owur int tls_client_key_exchange_post_work(SSL *s);
125__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt);
126__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt);
127__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
128__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
129__owur int ssl3_check_cert_and_algorithm(SSL *s);
130#ifndef OPENSSL_NO_NEXTPROTONEG
131__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt);
132#endif
133__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt);
134__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
135__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt);
136
137/* some server-only functions */
138__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
139__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
140__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt);
141__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt);
142__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt);
143__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt);
144__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt);
145__owur int tls_construct_server_done(SSL *s, WPACKET *pkt);
146__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
147__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
148__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
149__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
150#ifndef OPENSSL_NO_NEXTPROTONEG
151__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
152#endif
153__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt);
154MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
155
156
157/* Extension processing */
158
159typedef enum ext_return_en {
160 EXT_RETURN_FAIL,
161 EXT_RETURN_SENT,
162 EXT_RETURN_NOT_SENT
163} EXT_RETURN;
164
165__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx,
166 RAW_EXTENSION *exts);
167__owur int extension_is_relevant(SSL *s, unsigned int extctx,
168 unsigned int thisctx);
169__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
170 RAW_EXTENSION **res, size_t *len, int init);
171__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
172 RAW_EXTENSION *exts, X509 *x, size_t chainidx);
173__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
174 X509 *x, size_t chainidx, int fin);
175__owur int should_add_extension(SSL *s, unsigned int extctx,
176 unsigned int thisctx, int max_version);
177__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
178 X509 *x, size_t chainidx);
179
180__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md,
181 const unsigned char *msgstart,
182 size_t binderoffset, const unsigned char *binderin,
183 unsigned char *binderout,
184 SSL_SESSION *sess, int sign, int external);
185
186/* Server Extension processing */
187int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
188 X509 *x, size_t chainidx);
189int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
190 X509 *x, size_t chainidx);
191int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
192 X509 *x, size_t chainidx);
193#ifndef OPENSSL_NO_SRP
194int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
195 size_t chainidx);
196#endif
197int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
198 X509 *x, size_t chainidx);
199#ifndef OPENSSL_NO_EC
200int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
201 X509 *x, size_t chainidx);
202#endif
203int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
204 X509 *x, size_t chainidxl);
205int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
206 X509 *x, size_t chainidx);
207int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
208 X509 *x, size_t chainidx);
209int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
210 size_t chainidx);
211#ifndef OPENSSL_NO_OCSP
212int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
213 X509 *x, size_t chainidx);
214#endif
215#ifndef OPENSSL_NO_NEXTPROTONEG
216int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
217 size_t chainidx);
218#endif
219int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
220 size_t chainidx);
221#ifndef OPENSSL_NO_SRTP
222int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
223 size_t chainidx);
224#endif
225int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
226 size_t chainidx);
227int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
228 size_t chainidx);
229int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
230 size_t chainidx);
231int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
232 size_t chainidx);
233int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
234 X509 *x, size_t chainidx);
235int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
236 size_t chainidx);
237int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context,
238 X509 *x, size_t chainidx);
239
240EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
241 unsigned int context, X509 *x,
242 size_t chainidx);
243EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
244 unsigned int context, X509 *x,
245 size_t chainidx);
246EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
247 unsigned int context, X509 *x,
248 size_t chainidx);
249EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
250 unsigned int context, X509 *x,
251 size_t chainidx);
252#ifndef OPENSSL_NO_EC
253EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
254 unsigned int context, X509 *x,
255 size_t chainidx);
256#endif
257EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
258 unsigned int context, X509 *x,
259 size_t chainidx);
260EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
261 unsigned int context, X509 *x,
262 size_t chainidx);
263#ifndef OPENSSL_NO_OCSP
264EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
265 unsigned int context, X509 *x,
266 size_t chainidx);
267#endif
268#ifndef OPENSSL_NO_NEXTPROTONEG
269EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
270 unsigned int context, X509 *x,
271 size_t chainidx);
272#endif
273EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
274 X509 *x, size_t chainidx);
275#ifndef OPENSSL_NO_SRTP
276EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
277 X509 *x, size_t chainidx);
278#endif
279EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
280 X509 *x, size_t chainidx);
281EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
282 X509 *x, size_t chainidx);
283EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
284 unsigned int context, X509 *x,
285 size_t chainidx);
286EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
287 unsigned int context, X509 *x,
288 size_t chainidx);
289EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
290 X509 *x, size_t chainidx);
291/*
292 * Not in public headers as this is not an official extension. Only used when
293 * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
294 */
295#define TLSEXT_TYPE_cryptopro_bug 0xfde8
296EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
297 unsigned int context, X509 *x,
298 size_t chainidx);
299EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
300 X509 *x, size_t chainidx);
301
302/* Client Extension processing */
303EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
304 X509 *x, size_t chainidx);
305EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context,
306 X509 *x, size_t chainidx);
307EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context,
308 X509 *x, size_t chainidx);
309#ifndef OPENSSL_NO_SRP
310EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
311 size_t chainidx);
312#endif
313#ifndef OPENSSL_NO_EC
314EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
315 unsigned int context, X509 *x,
316 size_t chainidx);
317#endif
318EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
319 unsigned int context, X509 *x,
320 size_t chainidx);
321
322EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
323 unsigned int context, X509 *x,
324 size_t chainidx);
325EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
326 unsigned int context, X509 *x,
327 size_t chainidx);
328EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
329 unsigned int context, X509 *x,
330 size_t chainidx);
331#ifndef OPENSSL_NO_OCSP
332EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
333 unsigned int context, X509 *x,
334 size_t chainidx);
335#endif
336#ifndef OPENSSL_NO_NEXTPROTONEG
337EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
338 X509 *x, size_t chainidx);
339#endif
340EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
341 X509 *x, size_t chainidx);
342#ifndef OPENSSL_NO_SRTP
343EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
344 X509 *x, size_t chainidx);
345#endif
346EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
347 X509 *x, size_t chainidx);
348#ifndef OPENSSL_NO_CT
349EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
350 X509 *x, size_t chainidx);
351#endif
352EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
353 X509 *x, size_t chainidx);
354EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
355 unsigned int context, X509 *x,
356 size_t chainidx);
357EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
358 unsigned int context, X509 *x,
359 size_t chainidx);
360EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
361 unsigned int context, X509 *x,
362 size_t chainidx);
363EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
364 X509 *x, size_t chainidx);
365EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
366 unsigned int context, X509 *x,
367 size_t chainidx);
368EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
369 X509 *x, size_t chainidx);
370EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context,
371 X509 *x, size_t chainidx);
372
373int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
374 X509 *x, size_t chainidx);
375int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
376 X509 *x, size_t chainidx);
377int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
378 X509 *x, size_t chainidx);
379int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
380 X509 *x, size_t chainidx);
381#ifndef OPENSSL_NO_EC
382int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
383 X509 *x, size_t chainidx);
384#endif
385int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
386 X509 *x, size_t chainidx);
387#ifndef OPENSSL_NO_OCSP
388int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
389 X509 *x, size_t chainidx);
390#endif
391#ifndef OPENSSL_NO_CT
392int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
393 size_t chainidx);
394#endif
395#ifndef OPENSSL_NO_NEXTPROTONEG
396int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
397 size_t chainidx);
398#endif
399int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
400 size_t chainidx);
401#ifndef OPENSSL_NO_SRTP
402int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
403 size_t chainidx);
404#endif
405int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
406 size_t chainidx);
407int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
408 size_t chainidx);
409int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
410 X509 *x, size_t chainidx);
411int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
412 size_t chainidx);
413int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
414 size_t chainidx);
415int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
416 size_t chainidx);
417
418int tls_handle_alpn(SSL *s);
419
420int tls13_save_handshake_digest_for_pha(SSL *s);
421int tls13_restore_handshake_digest_for_pha(SSL *s);
422