2017-06-20 15:55:02 +01:00
|
|
|
/* Copyright (c) 2017, Google Inc.
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
#include <openssl/bytestring.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
|
|
|
#include "internal.h"
|
|
|
|
#include "../crypto/internal.h"
|
|
|
|
|
|
|
|
|
Support symbol prefixes
- In base.h, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols.h
- In all .S files, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols_asm.h
- In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are
defined with appropriate values depending on whether
BORINGSSL_PREFIX is defined; these macros are used in place
of 'namespace bssl {' and '}'
- Add util/make_prefix_headers.go, which takes a list of symbols
and auto-generates the header files mentioned above
- In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS
are defined, run util/make_prefix_headers.go to generate header
files
- In various CMakeLists.txt files, add "global_target" that all
targets depend on to give us a place to hook logic that must run
before all other targets (in particular, the header file generation
logic)
- Document this in BUILDING.md, including the fact that it is
the caller's responsibility to provide the symbol list and keep it
up to date
- Note that this scheme has not been tested on Windows, and likely
does not work on it; Windows support will need to be added in a
future commit
Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2
Reviewed-on: https://boringssl-review.googlesource.com/31364
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-27 02:53:36 +01:00
|
|
|
BSSL_NAMESPACE_BEGIN
|
Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-18 21:34:25 +01:00
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
|
2017-06-20 15:55:02 +01:00
|
|
|
switch (version) {
|
|
|
|
case TLS1_VERSION:
|
|
|
|
case TLS1_1_VERSION:
|
|
|
|
case TLS1_2_VERSION:
|
2018-08-13 15:07:45 +01:00
|
|
|
case TLS1_3_VERSION:
|
2017-06-20 15:55:02 +01:00
|
|
|
*out = version;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
|
2018-01-09 11:18:36 +00:00
|
|
|
case TLS1_3_DRAFT23_VERSION:
|
2018-03-27 18:15:26 +01:00
|
|
|
case TLS1_3_DRAFT28_VERSION:
|
2017-06-20 15:55:02 +01:00
|
|
|
*out = TLS1_3_VERSION;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
|
|
|
|
case DTLS1_VERSION:
|
2017-08-29 21:33:21 +01:00
|
|
|
// DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0.
|
2017-06-20 15:55:02 +01:00
|
|
|
*out = TLS1_1_VERSION;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
|
|
|
|
case DTLS1_2_VERSION:
|
|
|
|
*out = TLS1_2_VERSION;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
|
|
|
|
default:
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-08-29 21:33:21 +01:00
|
|
|
// The follow arrays are the supported versions for TLS and DTLS, in order of
|
|
|
|
// decreasing preference.
|
2017-06-20 15:55:02 +01:00
|
|
|
|
|
|
|
static const uint16_t kTLSVersions[] = {
|
2018-08-13 15:07:45 +01:00
|
|
|
TLS1_3_VERSION,
|
2018-03-27 18:15:26 +01:00
|
|
|
TLS1_3_DRAFT28_VERSION,
|
2018-06-27 18:42:03 +01:00
|
|
|
TLS1_3_DRAFT23_VERSION,
|
2017-06-20 15:55:02 +01:00
|
|
|
TLS1_2_VERSION,
|
|
|
|
TLS1_1_VERSION,
|
|
|
|
TLS1_VERSION,
|
|
|
|
};
|
|
|
|
|
|
|
|
static const uint16_t kDTLSVersions[] = {
|
|
|
|
DTLS1_2_VERSION,
|
|
|
|
DTLS1_VERSION,
|
|
|
|
};
|
|
|
|
|
|
|
|
static void get_method_versions(const SSL_PROTOCOL_METHOD *method,
|
|
|
|
const uint16_t **out, size_t *out_num) {
|
|
|
|
if (method->is_dtls) {
|
|
|
|
*out = kDTLSVersions;
|
|
|
|
*out_num = OPENSSL_ARRAY_SIZE(kDTLSVersions);
|
|
|
|
} else {
|
|
|
|
*out = kTLSVersions;
|
|
|
|
*out_num = OPENSSL_ARRAY_SIZE(kTLSVersions);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-10 23:40:12 +01:00
|
|
|
bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method,
|
|
|
|
uint16_t version) {
|
2017-06-20 15:55:02 +01:00
|
|
|
const uint16_t *versions;
|
|
|
|
size_t num_versions;
|
|
|
|
get_method_versions(method, &versions, &num_versions);
|
|
|
|
for (size_t i = 0; i < num_versions; i++) {
|
|
|
|
if (versions[i] == version) {
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
}
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
2017-10-03 20:06:29 +01:00
|
|
|
// The following functions map between API versions and wire versions. The
|
|
|
|
// public API works on wire versions, except that TLS 1.3 draft versions all
|
|
|
|
// appear as TLS 1.3. This will get collapsed back down when TLS 1.3 is
|
|
|
|
// finalized.
|
|
|
|
|
|
|
|
static const char *ssl_version_to_string(uint16_t version) {
|
|
|
|
switch (version) {
|
2018-01-09 11:18:36 +00:00
|
|
|
case TLS1_3_DRAFT23_VERSION:
|
2018-03-27 18:15:26 +01:00
|
|
|
case TLS1_3_DRAFT28_VERSION:
|
2018-08-13 15:07:45 +01:00
|
|
|
case TLS1_3_VERSION:
|
2017-10-03 20:06:29 +01:00
|
|
|
return "TLSv1.3";
|
|
|
|
|
|
|
|
case TLS1_2_VERSION:
|
|
|
|
return "TLSv1.2";
|
|
|
|
|
|
|
|
case TLS1_1_VERSION:
|
|
|
|
return "TLSv1.1";
|
|
|
|
|
|
|
|
case TLS1_VERSION:
|
|
|
|
return "TLSv1";
|
|
|
|
|
|
|
|
case DTLS1_VERSION:
|
|
|
|
return "DTLSv1";
|
|
|
|
|
|
|
|
case DTLS1_2_VERSION:
|
|
|
|
return "DTLSv1.2";
|
|
|
|
|
|
|
|
default:
|
|
|
|
return "unknown";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static uint16_t wire_version_to_api(uint16_t version) {
|
|
|
|
switch (version) {
|
|
|
|
// Report TLS 1.3 draft versions as TLS 1.3 in the public API.
|
2018-01-09 11:18:36 +00:00
|
|
|
case TLS1_3_DRAFT23_VERSION:
|
2018-03-27 18:15:26 +01:00
|
|
|
case TLS1_3_DRAFT28_VERSION:
|
2018-08-13 15:07:45 +01:00
|
|
|
case TLS1_3_VERSION:
|
2017-10-03 20:06:29 +01:00
|
|
|
return TLS1_3_VERSION;
|
|
|
|
default:
|
|
|
|
return version;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// api_version_to_wire maps |version| to some representative wire version. In
|
|
|
|
// particular, it picks an arbitrary TLS 1.3 representative. This should only be
|
|
|
|
// used in context where that does not matter.
|
|
|
|
static bool api_version_to_wire(uint16_t *out, uint16_t version) {
|
2018-03-27 18:15:26 +01:00
|
|
|
if (version == TLS1_3_DRAFT23_VERSION ||
|
|
|
|
version == TLS1_3_DRAFT28_VERSION) {
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-29 20:54:58 +01:00
|
|
|
}
|
2017-06-20 15:55:02 +01:00
|
|
|
|
2017-10-03 20:06:29 +01:00
|
|
|
// Check it is a real protocol version.
|
|
|
|
uint16_t unused;
|
|
|
|
if (!ssl_protocol_version_from_wire(&unused, version)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
*out = version;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
|
|
|
|
uint16_t version) {
|
|
|
|
if (!api_version_to_wire(&version, version) ||
|
2018-04-10 23:40:12 +01:00
|
|
|
!ssl_method_supports_version(method, version) ||
|
2017-06-29 20:54:58 +01:00
|
|
|
!ssl_protocol_version_from_wire(out, version)) {
|
|
|
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_SSL_VERSION);
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-29 20:54:58 +01:00
|
|
|
}
|
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
static bool set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
|
|
|
|
uint16_t version) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// Zero is interpreted as the default minimum version.
|
2017-06-20 15:55:02 +01:00
|
|
|
if (version == 0) {
|
2018-07-17 02:34:03 +01:00
|
|
|
// TLS 1.0 does not exist in DTLS.
|
2017-06-20 15:55:02 +01:00
|
|
|
*out = method->is_dtls ? TLS1_1_VERSION : TLS1_VERSION;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return set_version_bound(method, out, version);
|
|
|
|
}
|
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
|
|
|
|
uint16_t version) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// Zero is interpreted as the default maximum version.
|
2017-06-20 15:55:02 +01:00
|
|
|
if (version == 0) {
|
|
|
|
*out = TLS1_2_VERSION;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return set_version_bound(method, out, version);
|
|
|
|
}
|
|
|
|
|
|
|
|
const struct {
|
|
|
|
uint16_t version;
|
|
|
|
uint32_t flag;
|
|
|
|
} kProtocolVersions[] = {
|
|
|
|
{TLS1_VERSION, SSL_OP_NO_TLSv1},
|
|
|
|
{TLS1_1_VERSION, SSL_OP_NO_TLSv1_1},
|
|
|
|
{TLS1_2_VERSION, SSL_OP_NO_TLSv1_2},
|
|
|
|
{TLS1_3_VERSION, SSL_OP_NO_TLSv1_3},
|
|
|
|
};
|
|
|
|
|
2018-04-13 23:51:30 +01:00
|
|
|
bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version,
|
2017-09-28 00:24:09 +01:00
|
|
|
uint16_t *out_max_version) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// For historical reasons, |SSL_OP_NO_DTLSv1| aliases |SSL_OP_NO_TLSv1|, but
|
|
|
|
// DTLS 1.0 should be mapped to TLS 1.1.
|
2018-04-13 23:51:30 +01:00
|
|
|
uint32_t options = hs->ssl->options;
|
|
|
|
if (SSL_is_dtls(hs->ssl)) {
|
2017-06-20 15:55:02 +01:00
|
|
|
options &= ~SSL_OP_NO_TLSv1_1;
|
|
|
|
if (options & SSL_OP_NO_DTLSv1) {
|
|
|
|
options |= SSL_OP_NO_TLSv1_1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-13 23:51:30 +01:00
|
|
|
uint16_t min_version = hs->config->conf_min_version;
|
|
|
|
uint16_t max_version = hs->config->conf_max_version;
|
2017-06-20 15:55:02 +01:00
|
|
|
|
2018-07-14 16:23:01 +01:00
|
|
|
// QUIC requires TLS 1.3.
|
|
|
|
if (hs->ssl->ctx->quic_method && min_version < TLS1_3_VERSION) {
|
|
|
|
min_version = TLS1_3_VERSION;
|
|
|
|
}
|
|
|
|
|
2017-08-29 21:33:21 +01:00
|
|
|
// OpenSSL's API for controlling versions entails blacklisting individual
|
|
|
|
// protocols. This has two problems. First, on the client, the protocol can
|
|
|
|
// only express a contiguous range of versions. Second, a library consumer
|
|
|
|
// trying to set a maximum version cannot disable protocol versions that get
|
|
|
|
// added in a future version of the library.
|
|
|
|
//
|
|
|
|
// To account for both of these, OpenSSL interprets the client-side bitmask
|
|
|
|
// as a min/max range by picking the lowest contiguous non-empty range of
|
|
|
|
// enabled protocols. Note that this means it is impossible to set a maximum
|
|
|
|
// version of the higest supported TLS version in a future-proof way.
|
2017-09-28 00:24:09 +01:00
|
|
|
bool any_enabled = false;
|
2017-06-20 15:55:02 +01:00
|
|
|
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kProtocolVersions); i++) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// Only look at the versions already enabled.
|
2017-06-20 15:55:02 +01:00
|
|
|
if (min_version > kProtocolVersions[i].version) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (max_version < kProtocolVersions[i].version) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(options & kProtocolVersions[i].flag)) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// The minimum version is the first enabled version.
|
2017-06-20 15:55:02 +01:00
|
|
|
if (!any_enabled) {
|
2017-09-28 00:24:09 +01:00
|
|
|
any_enabled = true;
|
2017-06-20 15:55:02 +01:00
|
|
|
min_version = kProtocolVersions[i].version;
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2017-08-29 21:33:21 +01:00
|
|
|
// If there is a disabled version after the first enabled one, all versions
|
|
|
|
// after it are implicitly disabled.
|
2017-06-20 15:55:02 +01:00
|
|
|
if (any_enabled) {
|
|
|
|
max_version = kProtocolVersions[i-1].version;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!any_enabled) {
|
|
|
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SUPPORTED_VERSIONS_ENABLED);
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
*out_min_version = min_version;
|
|
|
|
*out_max_version = max_version;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
2017-07-07 18:17:19 +01:00
|
|
|
static uint16_t ssl_version(const SSL *ssl) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// In early data, we report the predicted version.
|
2017-07-07 18:17:19 +01:00
|
|
|
if (SSL_in_early_data(ssl) && !ssl->server) {
|
|
|
|
return ssl->s3->hs->early_session->ssl_version;
|
|
|
|
}
|
|
|
|
return ssl->version;
|
|
|
|
}
|
|
|
|
|
2017-10-06 23:31:15 +01:00
|
|
|
uint16_t ssl_protocol_version(const SSL *ssl) {
|
2017-06-20 15:55:02 +01:00
|
|
|
assert(ssl->s3->have_version);
|
|
|
|
uint16_t version;
|
|
|
|
if (!ssl_protocol_version_from_wire(&version, ssl->version)) {
|
2017-08-29 21:33:21 +01:00
|
|
|
// |ssl->version| will always be set to a valid version.
|
2017-06-20 15:55:02 +01:00
|
|
|
assert(0);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return version;
|
|
|
|
}
|
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
|
2017-06-13 17:45:25 +01:00
|
|
|
SSL *const ssl = hs->ssl;
|
2017-10-11 17:29:36 +01:00
|
|
|
uint16_t protocol_version;
|
2018-04-10 23:40:12 +01:00
|
|
|
if (!ssl_method_supports_version(ssl->method, version) ||
|
2017-10-11 17:29:36 +01:00
|
|
|
!ssl_protocol_version_from_wire(&protocol_version, version) ||
|
|
|
|
hs->min_version > protocol_version ||
|
|
|
|
protocol_version > hs->max_version) {
|
|
|
|
return false;
|
2017-06-13 17:45:25 +01:00
|
|
|
}
|
|
|
|
|
2018-05-10 16:04:53 +01:00
|
|
|
// If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled,
|
|
|
|
// otherwise only the matching version is enabled.
|
|
|
|
if (protocol_version == TLS1_3_VERSION) {
|
|
|
|
switch (ssl->tls13_variant) {
|
|
|
|
case tls13_draft23:
|
|
|
|
return version == TLS1_3_DRAFT23_VERSION;
|
|
|
|
case tls13_draft28:
|
|
|
|
return version == TLS1_3_DRAFT28_VERSION;
|
2018-08-13 15:07:45 +01:00
|
|
|
case tls13_rfc:
|
|
|
|
return version == TLS1_3_VERSION;
|
2018-08-27 22:45:49 +01:00
|
|
|
case tls13_all:
|
2018-05-10 16:04:53 +01:00
|
|
|
return true;
|
|
|
|
}
|
2017-10-11 17:29:36 +01:00
|
|
|
}
|
|
|
|
|
2018-05-10 16:04:53 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) {
|
2017-06-20 15:55:02 +01:00
|
|
|
const uint16_t *versions;
|
|
|
|
size_t num_versions;
|
|
|
|
get_method_versions(hs->ssl->method, &versions, &num_versions);
|
|
|
|
for (size_t i = 0; i < num_versions; i++) {
|
|
|
|
if (ssl_supports_version(hs, versions[i]) &&
|
|
|
|
!CBB_add_u16(cbb, versions[i])) {
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
}
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
2017-09-28 00:24:09 +01:00
|
|
|
bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
|
uint16_t *out_version, const CBS *peer_versions) {
|
2017-06-20 15:55:02 +01:00
|
|
|
const uint16_t *versions;
|
|
|
|
size_t num_versions;
|
|
|
|
get_method_versions(hs->ssl->method, &versions, &num_versions);
|
|
|
|
for (size_t i = 0; i < num_versions; i++) {
|
|
|
|
if (!ssl_supports_version(hs, versions[i])) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2018-11-19 21:49:56 +00:00
|
|
|
// JDK 11, prior to 11.0.2, has a buggy TLS 1.3 implementation which fails
|
|
|
|
// to send SNI when offering 1.3 sessions. Disable TLS 1.3 for such
|
|
|
|
// clients. We apply this logic here rather than |ssl_supports_version| so
|
|
|
|
// the downgrade signal continues to query the true capabilities. (The
|
|
|
|
// workaround is a limitation of the peer's capabilities rather than our
|
|
|
|
// own.)
|
|
|
|
//
|
|
|
|
// See https://bugs.openjdk.java.net/browse/JDK-8211806.
|
|
|
|
if (versions[i] == TLS1_3_VERSION && hs->apply_jdk11_workaround) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2017-06-20 15:55:02 +01:00
|
|
|
CBS copy = *peer_versions;
|
|
|
|
while (CBS_len(©) != 0) {
|
|
|
|
uint16_t version;
|
|
|
|
if (!CBS_get_u16(©, &version)) {
|
|
|
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
|
|
*out_alert = SSL_AD_DECODE_ERROR;
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (version == versions[i]) {
|
|
|
|
*out_version = version;
|
2017-09-28 00:24:09 +01:00
|
|
|
return true;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
|
|
|
|
*out_alert = SSL_AD_PROTOCOL_VERSION;
|
2017-09-28 00:24:09 +01:00
|
|
|
return false;
|
2017-06-20 15:55:02 +01:00
|
|
|
}
|
Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-18 21:34:25 +01:00
|
|
|
|
2018-03-27 18:15:26 +01:00
|
|
|
bool ssl_is_draft28(uint16_t version) {
|
2018-08-13 15:07:45 +01:00
|
|
|
return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
|
2018-03-27 18:15:26 +01:00
|
|
|
}
|
|
|
|
|
Support symbol prefixes
- In base.h, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols.h
- In all .S files, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols_asm.h
- In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are
defined with appropriate values depending on whether
BORINGSSL_PREFIX is defined; these macros are used in place
of 'namespace bssl {' and '}'
- Add util/make_prefix_headers.go, which takes a list of symbols
and auto-generates the header files mentioned above
- In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS
are defined, run util/make_prefix_headers.go to generate header
files
- In various CMakeLists.txt files, add "global_target" that all
targets depend on to give us a place to hook logic that must run
before all other targets (in particular, the header file generation
logic)
- Document this in BUILDING.md, including the fact that it is
the caller's responsibility to provide the symbol list and keep it
up to date
- Note that this scheme has not been tested on Windows, and likely
does not work on it; Windows support will need to be added in a
future commit
Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2
Reviewed-on: https://boringssl-review.googlesource.com/31364
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-27 02:53:36 +01:00
|
|
|
BSSL_NAMESPACE_END
|
Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-18 21:34:25 +01:00
|
|
|
|
|
|
|
using namespace bssl;
|
|
|
|
|
|
|
|
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) {
|
|
|
|
return set_min_version(ctx->method, &ctx->conf_min_version, version);
|
|
|
|
}
|
|
|
|
|
|
|
|
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) {
|
|
|
|
return set_max_version(ctx->method, &ctx->conf_max_version, version);
|
|
|
|
}
|
|
|
|
|
|
|
|
int SSL_set_min_proto_version(SSL *ssl, uint16_t version) {
|
2018-04-13 23:51:30 +01:00
|
|
|
if (!ssl->config) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return set_min_version(ssl->method, &ssl->config->conf_min_version, version);
|
Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-18 21:34:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int SSL_set_max_proto_version(SSL *ssl, uint16_t version) {
|
2018-04-13 23:51:30 +01:00
|
|
|
if (!ssl->config) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return set_max_version(ssl->method, &ssl->config->conf_max_version, version);
|
Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-18 21:34:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int SSL_version(const SSL *ssl) {
|
2017-10-03 20:06:29 +01:00
|
|
|
return wire_version_to_api(ssl_version(ssl));
|
Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-18 21:34:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *SSL_get_version(const SSL *ssl) {
|
|
|
|
return ssl_version_to_string(ssl_version(ssl));
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
|
|
|
|
return ssl_version_to_string(session->ssl_version);
|
|
|
|
}
|
2017-10-03 20:06:29 +01:00
|
|
|
|
|
|
|
uint16_t SSL_SESSION_get_protocol_version(const SSL_SESSION *session) {
|
|
|
|
return wire_version_to_api(session->ssl_version);
|
|
|
|
}
|
|
|
|
|
|
|
|
int SSL_SESSION_set_protocol_version(SSL_SESSION *session, uint16_t version) {
|
|
|
|
// This picks a representative TLS 1.3 version, but this API should only be
|
|
|
|
// used on unit test sessions anyway.
|
|
|
|
return api_version_to_wire(&session->ssl_version, version);
|
|
|
|
}
|