Przeglądaj źródła
Hide SSL3_STATE.
BUG=6 Change-Id: I463f5daa0bbf0f65269c52da25fa235ee2aa6ffb Reviewed-on: https://boringssl-review.googlesource.com/11240 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
David Benjamin
8 lat temu
committed by
Adam Langley
Adam Langley
2 zmienionych plików z 201 dodań i 201 usunięć
-
+0 -201include/openssl/ssl.h
-
+201 -0ssl/internal.h
+ 0
- 201
include/openssl/ssl.h
Wyświetl plik
| @@ -4202,207 +4202,6 @@ struct ssl_st { | |||
| int tlsext_status_type; | |||
| }; | |||
| typedef struct ssl3_record_st { | |||
| /* type is the record type. */ | |||
| uint8_t type; | |||
| /* length is the number of unconsumed bytes in the record. */ | |||
| uint16_t length; | |||
| /* data is a non-owning pointer to the first unconsumed byte of the record. */ | |||
| uint8_t *data; | |||
| } SSL3_RECORD; | |||
| typedef struct ssl3_buffer_st { | |||
| /* buf is the memory allocated for this buffer. */ | |||
| uint8_t *buf; | |||
| /* offset is the offset into |buf| which the buffer contents start at. */ | |||
| uint16_t offset; | |||
| /* len is the length of the buffer contents from |buf| + |offset|. */ | |||
| uint16_t len; | |||
| /* cap is how much memory beyond |buf| + |offset| is available. */ | |||
| uint16_t cap; | |||
| } SSL3_BUFFER; | |||
| /* An ssl_shutdown_t describes the shutdown state of one end of the connection, | |||
| * whether it is alive or has been shutdown via close_notify or fatal alert. */ | |||
| enum ssl_shutdown_t { | |||
| ssl_shutdown_none = 0, | |||
| ssl_shutdown_close_notify = 1, | |||
| ssl_shutdown_fatal_alert = 2, | |||
| }; | |||
| typedef struct ssl3_state_st { | |||
| uint8_t read_sequence[8]; | |||
| uint8_t write_sequence[8]; | |||
| uint8_t server_random[SSL3_RANDOM_SIZE]; | |||
| uint8_t client_random[SSL3_RANDOM_SIZE]; | |||
| /* have_version is true if the connection's final version is known. Otherwise | |||
| * the version has not been negotiated yet. */ | |||
| unsigned have_version:1; | |||
| /* v2_hello_done is true if the peer's V2ClientHello, if any, has been handled | |||
| * and future messages should use the record layer. */ | |||
| unsigned v2_hello_done:1; | |||
| /* initial_handshake_complete is true if the initial handshake has | |||
| * completed. */ | |||
| unsigned initial_handshake_complete:1; | |||
| /* read_buffer holds data from the transport to be processed. */ | |||
| SSL3_BUFFER read_buffer; | |||
| /* write_buffer holds data to be written to the transport. */ | |||
| SSL3_BUFFER write_buffer; | |||
| SSL3_RECORD rrec; /* each decoded record goes in here */ | |||
| /* partial write - check the numbers match */ | |||
| unsigned int wnum; /* number of bytes sent so far */ | |||
| int wpend_tot; /* number bytes written */ | |||
| int wpend_type; | |||
| int wpend_ret; /* number of bytes submitted */ | |||
| const uint8_t *wpend_buf; | |||
| /* handshake_buffer, if non-NULL, contains the handshake transcript. */ | |||
| BUF_MEM *handshake_buffer; | |||
| /* handshake_hash, if initialized with an |EVP_MD|, maintains the handshake | |||
| * hash. For TLS 1.1 and below, it is the SHA-1 half. */ | |||
| EVP_MD_CTX handshake_hash; | |||
| /* handshake_md5, if initialized with an |EVP_MD|, maintains the MD5 half of | |||
| * the handshake hash for TLS 1.1 and below. */ | |||
| EVP_MD_CTX handshake_md5; | |||
| /* recv_shutdown is the shutdown state for the receive half of the | |||
| * connection. */ | |||
| enum ssl_shutdown_t recv_shutdown; | |||
| /* recv_shutdown is the shutdown state for the send half of the connection. */ | |||
| enum ssl_shutdown_t send_shutdown; | |||
| int alert_dispatch; | |||
| uint8_t send_alert[2]; | |||
| int total_renegotiations; | |||
| /* empty_record_count is the number of consecutive empty records received. */ | |||
| uint8_t empty_record_count; | |||
| /* warning_alert_count is the number of consecutive warning alerts | |||
| * received. */ | |||
| uint8_t warning_alert_count; | |||
| /* key_update_count is the number of consecutive KeyUpdates received. */ | |||
| uint8_t key_update_count; | |||
| /* aead_read_ctx is the current read cipher state. */ | |||
| SSL_AEAD_CTX *aead_read_ctx; | |||
| /* aead_write_ctx is the current write cipher state. */ | |||
| SSL_AEAD_CTX *aead_write_ctx; | |||
| /* enc_method is the method table corresponding to the current protocol | |||
| * version. */ | |||
| const SSL3_ENC_METHOD *enc_method; | |||
| /* pending_message is the current outgoing handshake message. */ | |||
| uint8_t *pending_message; | |||
| uint32_t pending_message_len; | |||
| /* hs is the handshake state for the current handshake or NULL if there isn't | |||
| * one. */ | |||
| SSL_HANDSHAKE *hs; | |||
| uint8_t write_traffic_secret[EVP_MAX_MD_SIZE]; | |||
| uint8_t write_traffic_secret_len; | |||
| uint8_t read_traffic_secret[EVP_MAX_MD_SIZE]; | |||
| uint8_t read_traffic_secret_len; | |||
| uint8_t exporter_secret[EVP_MAX_MD_SIZE]; | |||
| uint8_t exporter_secret_len; | |||
| /* State pertaining to the pending handshake. | |||
| * | |||
| * TODO(davidben): Move everything not needed after the handshake completes to | |||
| * |hs| and remove this. */ | |||
| struct { | |||
| int message_type; | |||
| /* used to hold the new cipher we are going to use */ | |||
| const SSL_CIPHER *new_cipher; | |||
| /* used when SSL_ST_FLUSH_DATA is entered */ | |||
| int next_state; | |||
| int reuse_message; | |||
| uint8_t *key_block; | |||
| uint8_t key_block_length; | |||
| uint8_t new_mac_secret_len; | |||
| uint8_t new_key_len; | |||
| uint8_t new_fixed_iv_len; | |||
| /* extended_master_secret indicates whether the extended master secret | |||
| * computation is used in this handshake. Note that this is different from | |||
| * whether it was used for the current session. If this is a resumption | |||
| * handshake then EMS might be negotiated in the client and server hello | |||
| * messages, but it doesn't matter if the session that's being resumed | |||
| * didn't use it to create the master secret initially. */ | |||
| char extended_master_secret; | |||
| /* peer_signature_algorithm is the signature algorithm used to authenticate | |||
| * the peer, or zero if not applicable. */ | |||
| uint16_t peer_signature_algorithm; | |||
| } tmp; | |||
| /* new_session is the new mutable session being established by the current | |||
| * handshake. It should not be cached. */ | |||
| SSL_SESSION *new_session; | |||
| /* established_session is the session established by the connection. This | |||
| * session is only filled upon the completion of the handshake and is | |||
| * immutable. */ | |||
| SSL_SESSION *established_session; | |||
| /* session_reused indicates whether a session was resumed. */ | |||
| unsigned session_reused:1; | |||
| /* Connection binding to prevent renegotiation attacks */ | |||
| uint8_t previous_client_finished[12]; | |||
| uint8_t previous_client_finished_len; | |||
| uint8_t previous_server_finished[12]; | |||
| uint8_t previous_server_finished_len; | |||
| int send_connection_binding; | |||
| /* Next protocol negotiation. For the client, this is the protocol that we | |||
| * sent in NextProtocol and is set when handling ServerHello extensions. | |||
| * | |||
| * For a server, this is the client's selected_protocol from NextProtocol and | |||
| * is set when handling the NextProtocol message, before the Finished | |||
| * message. */ | |||
| uint8_t *next_proto_negotiated; | |||
| size_t next_proto_negotiated_len; | |||
| /* ALPN information | |||
| * (we are in the process of transitioning from NPN to ALPN.) */ | |||
| /* In a server these point to the selected ALPN protocol after the | |||
| * ClientHello has been processed. In a client these contain the protocol | |||
| * that the server selected once the ServerHello has been processed. */ | |||
| uint8_t *alpn_selected; | |||
| size_t alpn_selected_len; | |||
| /* In a client, this means that the server supported Channel ID and that a | |||
| * Channel ID was sent. In a server it means that we echoed support for | |||
| * Channel IDs and that tlsext_channel_id will be valid after the | |||
| * handshake. */ | |||
| char tlsext_channel_id_valid; | |||
| /* For a server: | |||
| * If |tlsext_channel_id_valid| is true, then this contains the | |||
| * verified Channel ID from the client: a P256 point, (x,y), where | |||
| * each are big-endian values. */ | |||
| uint8_t tlsext_channel_id[64]; | |||
| } SSL3_STATE; | |||
| /* Nodejs compatibility section (hidden). | |||
| * | |||
+ 201
- 0
ssl/internal.h
Wyświetl plik
| @@ -1262,6 +1262,207 @@ struct ssl3_enc_method { | |||
| int (*final_finish_mac)(SSL *ssl, int from_server, uint8_t *out); | |||
| }; | |||
| typedef struct ssl3_record_st { | |||
| /* type is the record type. */ | |||
| uint8_t type; | |||
| /* length is the number of unconsumed bytes in the record. */ | |||
| uint16_t length; | |||
| /* data is a non-owning pointer to the first unconsumed byte of the record. */ | |||
| uint8_t *data; | |||
| } SSL3_RECORD; | |||
| typedef struct ssl3_buffer_st { | |||
| /* buf is the memory allocated for this buffer. */ | |||
| uint8_t *buf; | |||
| /* offset is the offset into |buf| which the buffer contents start at. */ | |||
| uint16_t offset; | |||
| /* len is the length of the buffer contents from |buf| + |offset|. */ | |||
| uint16_t len; | |||
| /* cap is how much memory beyond |buf| + |offset| is available. */ | |||
| uint16_t cap; | |||
| } SSL3_BUFFER; | |||
| /* An ssl_shutdown_t describes the shutdown state of one end of the connection, | |||
| * whether it is alive or has been shutdown via close_notify or fatal alert. */ | |||
| enum ssl_shutdown_t { | |||
| ssl_shutdown_none = 0, | |||
| ssl_shutdown_close_notify = 1, | |||
| ssl_shutdown_fatal_alert = 2, | |||
| }; | |||
| typedef struct ssl3_state_st { | |||
| uint8_t read_sequence[8]; | |||
| uint8_t write_sequence[8]; | |||
| uint8_t server_random[SSL3_RANDOM_SIZE]; | |||
| uint8_t client_random[SSL3_RANDOM_SIZE]; | |||
| /* have_version is true if the connection's final version is known. Otherwise | |||
| * the version has not been negotiated yet. */ | |||
| unsigned have_version:1; | |||
| /* v2_hello_done is true if the peer's V2ClientHello, if any, has been handled | |||
| * and future messages should use the record layer. */ | |||
| unsigned v2_hello_done:1; | |||
| /* initial_handshake_complete is true if the initial handshake has | |||
| * completed. */ | |||
| unsigned initial_handshake_complete:1; | |||
| /* read_buffer holds data from the transport to be processed. */ | |||
| SSL3_BUFFER read_buffer; | |||
| /* write_buffer holds data to be written to the transport. */ | |||
| SSL3_BUFFER write_buffer; | |||
| SSL3_RECORD rrec; /* each decoded record goes in here */ | |||
| /* partial write - check the numbers match */ | |||
| unsigned int wnum; /* number of bytes sent so far */ | |||
| int wpend_tot; /* number bytes written */ | |||
| int wpend_type; | |||
| int wpend_ret; /* number of bytes submitted */ | |||
| const uint8_t *wpend_buf; | |||
| /* handshake_buffer, if non-NULL, contains the handshake transcript. */ | |||
| BUF_MEM *handshake_buffer; | |||
| /* handshake_hash, if initialized with an |EVP_MD|, maintains the handshake | |||
| * hash. For TLS 1.1 and below, it is the SHA-1 half. */ | |||
| EVP_MD_CTX handshake_hash; | |||
| /* handshake_md5, if initialized with an |EVP_MD|, maintains the MD5 half of | |||
| * the handshake hash for TLS 1.1 and below. */ | |||
| EVP_MD_CTX handshake_md5; | |||
| /* recv_shutdown is the shutdown state for the receive half of the | |||
| * connection. */ | |||
| enum ssl_shutdown_t recv_shutdown; | |||
| /* recv_shutdown is the shutdown state for the send half of the connection. */ | |||
| enum ssl_shutdown_t send_shutdown; | |||
| int alert_dispatch; | |||
| uint8_t send_alert[2]; | |||
| int total_renegotiations; | |||
| /* empty_record_count is the number of consecutive empty records received. */ | |||
| uint8_t empty_record_count; | |||
| /* warning_alert_count is the number of consecutive warning alerts | |||
| * received. */ | |||
| uint8_t warning_alert_count; | |||
| /* key_update_count is the number of consecutive KeyUpdates received. */ | |||
| uint8_t key_update_count; | |||
| /* aead_read_ctx is the current read cipher state. */ | |||
| SSL_AEAD_CTX *aead_read_ctx; | |||
| /* aead_write_ctx is the current write cipher state. */ | |||
| SSL_AEAD_CTX *aead_write_ctx; | |||
| /* enc_method is the method table corresponding to the current protocol | |||
| * version. */ | |||
| const SSL3_ENC_METHOD *enc_method; | |||
| /* pending_message is the current outgoing handshake message. */ | |||
| uint8_t *pending_message; | |||
| uint32_t pending_message_len; | |||
| /* hs is the handshake state for the current handshake or NULL if there isn't | |||
| * one. */ | |||
| SSL_HANDSHAKE *hs; | |||
| uint8_t write_traffic_secret[EVP_MAX_MD_SIZE]; | |||
| uint8_t write_traffic_secret_len; | |||
| uint8_t read_traffic_secret[EVP_MAX_MD_SIZE]; | |||
| uint8_t read_traffic_secret_len; | |||
| uint8_t exporter_secret[EVP_MAX_MD_SIZE]; | |||
| uint8_t exporter_secret_len; | |||
| /* State pertaining to the pending handshake. | |||
| * | |||
| * TODO(davidben): Move everything not needed after the handshake completes to | |||
| * |hs| and remove this. */ | |||
| struct { | |||
| int message_type; | |||
| /* used to hold the new cipher we are going to use */ | |||
| const SSL_CIPHER *new_cipher; | |||
| /* used when SSL_ST_FLUSH_DATA is entered */ | |||
| int next_state; | |||
| int reuse_message; | |||
| uint8_t *key_block; | |||
| uint8_t key_block_length; | |||
| uint8_t new_mac_secret_len; | |||
| uint8_t new_key_len; | |||
| uint8_t new_fixed_iv_len; | |||
| /* extended_master_secret indicates whether the extended master secret | |||
| * computation is used in this handshake. Note that this is different from | |||
| * whether it was used for the current session. If this is a resumption | |||
| * handshake then EMS might be negotiated in the client and server hello | |||
| * messages, but it doesn't matter if the session that's being resumed | |||
| * didn't use it to create the master secret initially. */ | |||
| char extended_master_secret; | |||
| /* peer_signature_algorithm is the signature algorithm used to authenticate | |||
| * the peer, or zero if not applicable. */ | |||
| uint16_t peer_signature_algorithm; | |||
| } tmp; | |||
| /* new_session is the new mutable session being established by the current | |||
| * handshake. It should not be cached. */ | |||
| SSL_SESSION *new_session; | |||
| /* established_session is the session established by the connection. This | |||
| * session is only filled upon the completion of the handshake and is | |||
| * immutable. */ | |||
| SSL_SESSION *established_session; | |||
| /* session_reused indicates whether a session was resumed. */ | |||
| unsigned session_reused:1; | |||
| /* Connection binding to prevent renegotiation attacks */ | |||
| uint8_t previous_client_finished[12]; | |||
| uint8_t previous_client_finished_len; | |||
| uint8_t previous_server_finished[12]; | |||
| uint8_t previous_server_finished_len; | |||
| int send_connection_binding; | |||
| /* Next protocol negotiation. For the client, this is the protocol that we | |||
| * sent in NextProtocol and is set when handling ServerHello extensions. | |||
| * | |||
| * For a server, this is the client's selected_protocol from NextProtocol and | |||
| * is set when handling the NextProtocol message, before the Finished | |||
| * message. */ | |||
| uint8_t *next_proto_negotiated; | |||
| size_t next_proto_negotiated_len; | |||
| /* ALPN information | |||
| * (we are in the process of transitioning from NPN to ALPN.) */ | |||
| /* In a server these point to the selected ALPN protocol after the | |||
| * ClientHello has been processed. In a client these contain the protocol | |||
| * that the server selected once the ServerHello has been processed. */ | |||
| uint8_t *alpn_selected; | |||
| size_t alpn_selected_len; | |||
| /* In a client, this means that the server supported Channel ID and that a | |||
| * Channel ID was sent. In a server it means that we echoed support for | |||
| * Channel IDs and that tlsext_channel_id will be valid after the | |||
| * handshake. */ | |||
| char tlsext_channel_id_valid; | |||
| /* For a server: | |||
| * If |tlsext_channel_id_valid| is true, then this contains the | |||
| * verified Channel ID from the client: a P256 point, (x,y), where | |||
| * each are big-endian values. */ | |||
| uint8_t tlsext_channel_id[64]; | |||
| } SSL3_STATE; | |||
| /* lengths of messages */ | |||
| #define DTLS1_COOKIE_LENGTH 256 | |||