kris
/
boringssl
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
3095 提交
12 分支
38 MiB
 
 
 
 
 
 
目录树: f9bdcc1108
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'f9bdcc1108'
${ noResults }
boringssl/ssl/s3_lib.c

333 行
12 KiB
原始文件 Blame 文件历史 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  112.  *

  113.  * Portions of the attached software ("Contribution") are developed by

  114.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  115.  *

  116.  * The Contribution is licensed pursuant to the OpenSSL open source

  117.  * license provided above.

  118.  *

  119.  * ECC cipher suite support in OpenSSL originally written by

  120.  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

  121.  *

  122.  */

  123. /* ====================================================================

  124.  * Copyright 2005 Nokia. All rights reserved.

  125.  *

  126.  * The portions of the attached software ("Contribution") is developed by

  127.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  128.  * license.

  129.  *

  130.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  131.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  132.  * support (see RFC 4279) to OpenSSL.

  133.  *

  134.  * No patent licenses or other rights except those expressly stated in

  135.  * the OpenSSL open source license shall be deemed granted or received

  136.  * expressly, by implication, estoppel, or otherwise.

  137.  *

  138.  * No assurances are provided by Nokia that the Contribution does not

  139.  * infringe the patent or other intellectual property rights of any third

  140.  * party or that the license provides you with all the necessary rights

  141.  * to make use of the Contribution.

  142.  *

  143.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  144.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  145.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  146.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  147.  * OTHERWISE. */

  148. 

  149. #include <openssl/ssl.h>

  150. 

  151. #include <assert.h>

  152. #include <string.h>

  153. 

  154. #include <openssl/buf.h>

  155. #include <openssl/dh.h>

  156. #include <openssl/digest.h>

  157. #include <openssl/err.h>

  158. #include <openssl/md5.h>

  159. #include <openssl/mem.h>

  160. #include <openssl/nid.h>

  161. 

  162. #include "internal.h"

  163. 

  164. 

  165. int ssl3_supports_cipher(const SSL_CIPHER *cipher) {

  166.   return 1;

  167. }

  168. 

  169. void ssl3_expect_flight(SSL *ssl) {}

  170. 

  171. void ssl3_received_flight(SSL *ssl) {}

  172. 

  173. int ssl3_new(SSL *ssl) {

  174.   SSL3_STATE *s3;

  175. 

  176.   s3 = OPENSSL_malloc(sizeof *s3);

  177.   if (s3 == NULL) {

  178.     goto err;

  179.   }

  180.   memset(s3, 0, sizeof *s3);

  181. 

  182.   EVP_MD_CTX_init(&s3->handshake_hash);

  183.   EVP_MD_CTX_init(&s3->handshake_md5);

  184. 

  185.   ssl->s3 = s3;

  186. 

  187.   /* Set the version to the highest supported version.

  188.    *

  189.    * TODO(davidben): Move this field into |s3|, have it store the normalized

  190.    * protocol version, and implement this pre-negotiation quirk in |SSL_version|

  191.    * at the API boundary rather than in internal state. */

  192.   ssl->version = TLS1_2_VERSION;

  193.   return 1;

  194. err:

  195.   return 0;

  196. }

  197. 

  198. void ssl3_free(SSL *ssl) {

  199.   if (ssl == NULL || ssl->s3 == NULL) {

  200.     return;

  201.   }

  202. 

  203.   ssl3_cleanup_key_block(ssl);

  204.   ssl_read_buffer_clear(ssl);

  205.   ssl_write_buffer_clear(ssl);

  206.   SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx);

  207.   OPENSSL_free(ssl->s3->tmp.peer_key);

  208.   OPENSSL_free(ssl->s3->tmp.server_params);

  209. 

  210.   sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free);

  211.   OPENSSL_free(ssl->s3->tmp.certificate_types);

  212.   OPENSSL_free(ssl->s3->tmp.peer_supported_group_list);

  213.   OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint);

  214.   SSL_SESSION_free(ssl->s3->new_session);

  215.   SSL_SESSION_free(ssl->s3->established_session);

  216.   ssl3_free_handshake_buffer(ssl);

  217.   ssl3_free_handshake_hash(ssl);

  218.   ssl_handshake_free(ssl->s3->hs);

  219.   OPENSSL_free(ssl->s3->next_proto_negotiated);

  220.   OPENSSL_free(ssl->s3->alpn_selected);

  221.   SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);

  222.   SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);

  223.   OPENSSL_free(ssl->s3->pending_message);

  224. 

  225.   OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3);

  226.   OPENSSL_free(ssl->s3);

  227.   ssl->s3 = NULL;

  228. }

  229. 

  230. struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl) {

  231.   if (ssl->cipher_list != NULL) {

  232.     return ssl->cipher_list;

  233.   }

  234. 

  235.   if (ssl->version >= TLS1_1_VERSION && ssl->ctx->cipher_list_tls11 != NULL) {

  236.     return ssl->ctx->cipher_list_tls11;

  237.   }

  238. 

  239.   if (ssl->version >= TLS1_VERSION && ssl->ctx->cipher_list_tls10 != NULL) {

  240.     return ssl->ctx->cipher_list_tls10;

  241.   }

  242. 

  243.   if (ssl->ctx->cipher_list != NULL) {

  244.     return ssl->ctx->cipher_list;

  245.   }

  246. 

  247.   return NULL;

  248. }

  249. 

  250. const SSL_CIPHER *ssl3_choose_cipher(

  251.     SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,

  252.     struct ssl_cipher_preference_list_st *server_pref) {

  253.   const SSL_CIPHER *c, *ret = NULL;

  254.   STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;

  255.   size_t i;

  256.   int ok;

  257.   size_t cipher_index;

  258.   uint32_t alg_k, alg_a, mask_k, mask_a;

  259.   /* in_group_flags will either be NULL, or will point to an array of bytes

  260.    * which indicate equal-preference groups in the |prio| stack. See the

  261.    * comment about |in_group_flags| in the |ssl_cipher_preference_list_st|

  262.    * struct. */

  263.   const uint8_t *in_group_flags;

  264.   /* group_min contains the minimal index so far found in a group, or -1 if no

  265.    * such value exists yet. */

  266.   int group_min = -1;

  267. 

  268.   if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {

  269.     prio = srvr;

  270.     in_group_flags = server_pref->in_group_flags;

  271.     allow = clnt;

  272.   } else {

  273.     prio = clnt;

  274.     in_group_flags = NULL;

  275.     allow = srvr;

  276.   }

  277. 

  278.   ssl_get_compatible_server_ciphers(ssl, &mask_k, &mask_a);

  279. 

  280.   for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {

  281.     c = sk_SSL_CIPHER_value(prio, i);

  282. 

  283.     ok = 1;

  284. 

  285.     /* Check the TLS version. */

  286.     if (SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl) ||

  287.         SSL_CIPHER_get_max_version(c) < ssl3_protocol_version(ssl)) {

  288.       ok = 0;

  289.     }

  290. 

  291.     alg_k = c->algorithm_mkey;

  292.     alg_a = c->algorithm_auth;

  293. 

  294.     ok = ok && (alg_k & mask_k) && (alg_a & mask_a);

  295. 

  296.     if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {

  297.       if (in_group_flags != NULL && in_group_flags[i] == 1) {

  298.         /* This element of |prio| is in a group. Update the minimum index found

  299.          * so far and continue looking. */

  300.         if (group_min == -1 || (size_t)group_min > cipher_index) {

  301.           group_min = cipher_index;

  302.         }

  303.       } else {

  304.         if (group_min != -1 && (size_t)group_min < cipher_index) {

  305.           cipher_index = group_min;

  306.         }

  307.         ret = sk_SSL_CIPHER_value(allow, cipher_index);

  308.         break;

  309.       }

  310.     }

  311. 

  312.     if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {

  313.       /* We are about to leave a group, but we found a match in it, so that's

  314.        * our answer. */

  315.       ret = sk_SSL_CIPHER_value(allow, group_min);

  316.       break;

  317.     }

  318.   }

  319. 

  320.   return ret;

  321. }

  322. 

  323. /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and

  324.  * handshake macs if required. */

  325. uint32_t ssl_get_algorithm_prf(const SSL *ssl) {

  326.   uint32_t algorithm_prf = ssl->s3->tmp.new_cipher->algorithm_prf;

  327.   if (algorithm_prf == SSL_HANDSHAKE_MAC_DEFAULT &&

  328.       ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {

  329.     return SSL_HANDSHAKE_MAC_SHA256;

  330.   }

  331.   return algorithm_prf;

  332. }