summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>1999-10-10 21:32:04 +0000
committercvs2svn <admin@example.com>1999-10-10 21:32:04 +0000
commit9b77a555b5e85a4473f23ac7342ddfb4d9ff309d (patch)
treedae5e50679bccd1ed8d7d4041fbb9f3d96bbc98c /src/lib/libssl/ssl
parent3ef9529fbf0c1f8f1c9da1172e92ad3370d5fcfe (diff)
downloadopenbsd-OPENBSD_2_6.tar.gz
openbsd-OPENBSD_2_6.tar.bz2
openbsd-OPENBSD_2_6.zip
This commit was manufactured by cvs2git to create branch 'OPENBSD_2_6'.OPENBSD_2_6
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl.h1484
-rw-r--r--src/lib/libssl/ssl2.h265
-rw-r--r--src/lib/libssl/ssl23.h83
-rw-r--r--src/lib/libssl/ssl3.h459
-rw-r--r--src/lib/libssl/ssl_algs.c103
-rw-r--r--src/lib/libssl/ssl_asn1.c327
-rw-r--r--src/lib/libssl/ssl_cert.c716
-rw-r--r--src/lib/libssl/ssl_ciph.c835
-rw-r--r--src/lib/libssl/ssl_err.c416
-rw-r--r--src/lib/libssl/ssl_err2.c70
-rw-r--r--src/lib/libssl/ssl_lib.c1947
-rw-r--r--src/lib/libssl/ssl_locl.h499
-rw-r--r--src/lib/libssl/ssl_rsa.c815
-rw-r--r--src/lib/libssl/ssl_sess.c637
-rw-r--r--src/lib/libssl/ssl_stat.c454
-rw-r--r--src/lib/libssl/ssl_txt.c171
16 files changed, 0 insertions, 9281 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index fbe4f667fa..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,1484 +0,0 @@
1/* ssl/ssl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL_H
60#define HEADER_SSL_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include <openssl/safestack.h>
67
68/* SSLeay version number for ASN.1 encoding of the session information */
69/* Version 0 - initial version
70 * Version 1 - added the optional peer certificate
71 */
72#define SSL_SESSION_ASN1_VERSION 0x0001
73
74/* text strings for the ciphers */
75#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
76#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
77#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
78#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
79#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
80#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
81#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
82#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
83#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
84#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
85
86#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
87#define SSL_MAX_SID_CTX_LENGTH 32
88
89#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
90#define SSL_MAX_KEY_ARG_LENGTH 8
91#define SSL_MAX_MASTER_KEY_LENGTH 48
92
93/* These are used to specify which ciphers to use and not to use */
94#define SSL_TXT_LOW "LOW"
95#define SSL_TXT_MEDIUM "MEDIUM"
96#define SSL_TXT_HIGH "HIGH"
97#define SSL_TXT_kFZA "kFZA"
98#define SSL_TXT_aFZA "aFZA"
99#define SSL_TXT_eFZA "eFZA"
100#define SSL_TXT_FZA "FZA"
101
102#define SSL_TXT_aNULL "aNULL"
103#define SSL_TXT_eNULL "eNULL"
104#define SSL_TXT_NULL "NULL"
105
106#define SSL_TXT_kRSA "kRSA"
107#define SSL_TXT_kDHr "kDHr"
108#define SSL_TXT_kDHd "kDHd"
109#define SSL_TXT_kEDH "kEDH"
110#define SSL_TXT_aRSA "aRSA"
111#define SSL_TXT_aDSS "aDSS"
112#define SSL_TXT_aDH "aDH"
113#define SSL_TXT_DSS "DSS"
114#define SSL_TXT_DH "DH"
115#define SSL_TXT_EDH "EDH"
116#define SSL_TXT_ADH "ADH"
117#define SSL_TXT_RSA "RSA"
118#define SSL_TXT_DES "DES"
119#define SSL_TXT_3DES "3DES"
120#define SSL_TXT_RC4 "RC4"
121#define SSL_TXT_RC2 "RC2"
122#define SSL_TXT_IDEA "IDEA"
123#define SSL_TXT_MD5 "MD5"
124#define SSL_TXT_SHA1 "SHA1"
125#define SSL_TXT_SHA "SHA"
126#define SSL_TXT_EXP40 "EXP"
127#define SSL_TXT_EXPORT "EXPORT"
128#define SSL_TXT_EXP56 "EXPORT56"
129#define SSL_TXT_SSLV2 "SSLv2"
130#define SSL_TXT_SSLV3 "SSLv3"
131#define SSL_TXT_TLSV1 "TLSv1"
132#define SSL_TXT_ALL "ALL"
133
134/* 'DEFAULT' at the start of the cipher list insert the following string
135 * in addition to this being the default cipher string */
136#ifndef NO_RSA
137#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
138#else
139#define SSL_ALLOW_ADH
140#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
141#endif
142
143/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
144#define SSL_SENT_SHUTDOWN 1
145#define SSL_RECEIVED_SHUTDOWN 2
146
147#include <openssl/crypto.h>
148#include <openssl/lhash.h>
149#include <openssl/buffer.h>
150#include <openssl/bio.h>
151#include <openssl/pem.h>
152#include <openssl/x509.h>
153
154#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
155#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
156
157/* This is needed to stop compilers complaining about the
158 * 'struct ssl_st *' function parameters used to prototype callbacks
159 * in SSL_CTX. */
160typedef struct ssl_st *ssl_crock_st;
161
162/* used to hold info on the particular ciphers used */
163typedef struct ssl_cipher_st
164 {
165 int valid;
166 const char *name; /* text name */
167 unsigned long id; /* id, 4 bytes, first is version */
168 unsigned long algorithms; /* what ciphers are used */
169 unsigned long algorithm2; /* Extra flags */
170 unsigned long mask; /* used for matching */
171 } SSL_CIPHER;
172
173DECLARE_STACK_OF(SSL_CIPHER)
174
175typedef struct ssl_st SSL;
176typedef struct ssl_ctx_st SSL_CTX;
177
178/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
179typedef struct ssl_method_st
180 {
181 int version;
182 int (*ssl_new)(SSL *s);
183 void (*ssl_clear)(SSL *s);
184 void (*ssl_free)(SSL *s);
185 int (*ssl_accept)(SSL *s);
186 int (*ssl_connect)(SSL *s);
187 int (*ssl_read)(SSL *s,void *buf,int len);
188 int (*ssl_peek)(SSL *s,char *buf,int len);
189 int (*ssl_write)(SSL *s,const void *buf,int len);
190 int (*ssl_shutdown)(SSL *s);
191 int (*ssl_renegotiate)(SSL *s);
192 int (*ssl_renegotiate_check)(SSL *s);
193 long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg);
194 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg);
195 SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
196 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
197 int (*ssl_pending)(SSL *s);
198 int (*num_ciphers)(void);
199 SSL_CIPHER *(*get_cipher)(unsigned ncipher);
200 struct ssl_method_st *(*get_ssl_method)(int version);
201 long (*get_timeout)(void);
202 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
203 int (*ssl_version)();
204 } SSL_METHOD;
205
206/* Lets make this into an ASN.1 type structure as follows
207 * SSL_SESSION_ID ::= SEQUENCE {
208 * version INTEGER, -- structure version number
209 * SSLversion INTEGER, -- SSL version number
210 * Cipher OCTET_STRING, -- the 3 byte cipher ID
211 * Session_ID OCTET_STRING, -- the Session ID
212 * Master_key OCTET_STRING, -- the master key
213 * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
214 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
215 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
216 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
217 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
218 * Compression [5] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
219 * }
220 * Look in ssl/ssl_asn1.c for more details
221 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
222 */
223typedef struct ssl_session_st
224 {
225 int ssl_version; /* what ssl version session info is
226 * being kept in here? */
227
228 /* only really used in SSLv2 */
229 unsigned int key_arg_length;
230 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
231 int master_key_length;
232 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
233 /* session_id - valid? */
234 unsigned int session_id_length;
235 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
236 /* this is used to determine whether the session is being reused in
237 * the appropriate context. It is up to the application to set this,
238 * via SSL_new */
239 unsigned int sid_ctx_length;
240 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
241
242 int not_resumable;
243
244 /* The cert is the certificate used to establish this connection */
245 struct sess_cert_st /* SESS_CERT */ *sess_cert;
246
247 /* This is the cert for the other end.
248 * On clients, it will be the same as sess_cert->peer_key->x509
249 * (the latter is not enough as sess_cert is not retained
250 * in the external representation of sessions, see ssl_asn1.c). */
251 X509 *peer;
252
253 int references;
254 long timeout;
255 long time;
256
257 int compress_meth; /* Need to lookup the method */
258
259 SSL_CIPHER *cipher;
260 unsigned long cipher_id; /* when ASN.1 loaded, this
261 * needs to be used to load
262 * the 'cipher' structure */
263
264 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
265
266 CRYPTO_EX_DATA ex_data; /* application specific data */
267
268 /* These are used to make removal of session-ids more
269 * efficient and to implement a maximum cache size. */
270 struct ssl_session_st *prev,*next;
271 } SSL_SESSION;
272
273#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
274#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
275#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
276#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
277#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
278#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
279#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
280#define SSL_OP_TLS_D5_BUG 0x00000100L
281#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
282#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
283
284/* If set, always create a new key when using tmp_dh parameters */
285#define SSL_OP_SINGLE_DH_USE 0x00100000L
286/* Set to also use the tmp_rsa key when doing RSA operations. */
287#define SSL_OP_EPHEMERAL_RSA 0x00200000L
288
289/* The next flag deliberately changes the ciphertest, this is a check
290 * for the PKCS#1 attack */
291#define SSL_OP_PKCS1_CHECK_1 0x08000000L
292#define SSL_OP_PKCS1_CHECK_2 0x10000000L
293#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
294#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
295#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
296#define SSL_OP_ALL 0x000FFFFFL
297
298#define SSL_OP_NO_SSLv2 0x01000000L
299#define SSL_OP_NO_SSLv3 0x02000000L
300#define SSL_OP_NO_TLSv1 0x04000000L
301
302/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
303 * when just a single record has been written): */
304#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
305/* Make it possible to retry SSL_write() with changed buffer location
306 * (buffer contents must stay the same!); this is not the default to avoid
307 * the misconception that non-blocking SSL_write() behaves like
308 * non-blocking write(): */
309#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
310
311/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
312 * they cannot be used to clear bits. */
313
314#define SSL_CTX_set_options(ctx,op) \
315 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
316#define SSL_CTX_get_options(ctx) \
317 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
318#define SSL_set_options(ssl,op) \
319 SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL)
320#define SSL_get_options(ssl) \
321 SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL)
322
323#define SSL_CTX_set_mode(ctx,op) \
324 SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL)
325#define SSL_CTX_get_mode(ctx) \
326 SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL)
327#define SSL_set_mode(ssl,op) \
328 SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL)
329#define SSL_get_mode(ssl) \
330 SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL)
331
332#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
333
334typedef struct ssl_comp_st
335{
336 int id;
337 char *name;
338#ifdef HEADER_COMP_H
339 COMP_METHOD *method;
340#else
341 char *method;
342#endif
343} SSL_COMP;
344
345DECLARE_STACK_OF(SSL_COMP)
346
347struct ssl_ctx_st
348 {
349 SSL_METHOD *method;
350 unsigned long options;
351 unsigned long mode;
352
353 STACK_OF(SSL_CIPHER) *cipher_list;
354 /* same as above but sorted for lookup */
355 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
356
357 struct x509_store_st /* X509_STORE */ *cert_store;
358 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */
359 /* Most session-ids that will be cached, default is
360 * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
361 unsigned long session_cache_size;
362 struct ssl_session_st *session_cache_head;
363 struct ssl_session_st *session_cache_tail;
364
365 /* This can have one of 2 values, ored together,
366 * SSL_SESS_CACHE_CLIENT,
367 * SSL_SESS_CACHE_SERVER,
368 * Default is SSL_SESSION_CACHE_SERVER, which means only
369 * SSL_accept which cache SSL_SESSIONS. */
370 int session_cache_mode;
371
372 /* If timeout is not 0, it is the default timeout value set
373 * when SSL_new() is called. This has been put in to make
374 * life easier to set things up */
375 long session_timeout;
376
377 /* If this callback is not null, it will be called each
378 * time a session id is added to the cache. If this function
379 * returns 1, it means that the callback will do a
380 * SSL_SESSION_free() when it has finished using it. Otherwise,
381 * on 0, it means the callback has finished with it.
382 * If remove_session_cb is not null, it will be called when
383 * a session-id is removed from the cache. Again, a return
384 * of 0 mens that SSLeay should not SSL_SESSION_free() since
385 * the application is doing something with it. */
386 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
387 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
388 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
389 unsigned char *data,int len,int *copy);
390 struct
391 {
392 int sess_connect; /* SSL new conn - started */
393 int sess_connect_renegotiate;/* SSL reneg - requested */
394 int sess_connect_good; /* SSL new conne/reneg - finished */
395 int sess_accept; /* SSL new accept - started */
396 int sess_accept_renegotiate;/* SSL reneg - requested */
397 int sess_accept_good; /* SSL accept/reneg - finished */
398 int sess_miss; /* session lookup misses */
399 int sess_timeout; /* reuse attempt on timeouted session */
400 int sess_cache_full; /* session removed due to full cache */
401 int sess_hit; /* session reuse actually done */
402 int sess_cb_hit; /* session-id that was not
403 * in the cache was
404 * passed back via the callback. This
405 * indicates that the application is
406 * supplying session-id's from other
407 * processes - spooky :-) */
408 } stats;
409
410 int references;
411
412/**/ void (*info_callback)();
413
414 /* if defined, these override the X509_verify_cert() calls */
415/**/ int (*app_verify_callback)();
416/**/ char *app_verify_arg; /* never used; should be void * */
417
418 /* default values to use in SSL structures */
419/**/ struct cert_st /* CERT */ *cert;
420/**/ int read_ahead;
421/**/ int verify_mode;
422/**/ int verify_depth;
423/**/ unsigned int sid_ctx_length;
424/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
425/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
426
427 /* Default password callback. */
428/**/ pem_password_cb *default_passwd_callback;
429
430 /* Default password callback user data. */
431/**/ void *default_passwd_callback_userdata;
432
433 /* get client cert callback */
434/**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
435
436 /* what we put in client requests */
437 STACK_OF(X509_NAME) *client_CA;
438
439/**/ int quiet_shutdown;
440
441 CRYPTO_EX_DATA ex_data;
442
443 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
444 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
445 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
446
447 STACK_OF(X509) *extra_certs;
448 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
449 };
450
451#define SSL_SESS_CACHE_OFF 0x0000
452#define SSL_SESS_CACHE_CLIENT 0x0001
453#define SSL_SESS_CACHE_SERVER 0x0002
454#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
455#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
456/* This one, when set, makes the server session-id lookup not look
457 * in the cache. If there is an application get_session callback
458 * defined, this will still get called. */
459#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
460
461#define SSL_CTX_sess_number(ctx) \
462 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
463#define SSL_CTX_sess_connect(ctx) \
464 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
465#define SSL_CTX_sess_connect_good(ctx) \
466 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
467#define SSL_CTX_sess_connect_renegotiate(ctx) \
468 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
469#define SSL_CTX_sess_accept(ctx) \
470 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
471#define SSL_CTX_sess_accept_renegotiate(ctx) \
472 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
473#define SSL_CTX_sess_accept_good(ctx) \
474 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
475#define SSL_CTX_sess_hits(ctx) \
476 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
477#define SSL_CTX_sess_cb_hits(ctx) \
478 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
479#define SSL_CTX_sess_misses(ctx) \
480 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
481#define SSL_CTX_sess_timeouts(ctx) \
482 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
483#define SSL_CTX_sess_cache_full(ctx) \
484 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
485
486#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
487#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
488#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
489#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
490#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
491#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
492#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
493#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
494#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
495#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
496
497#define SSL_NOTHING 1
498#define SSL_WRITING 2
499#define SSL_READING 3
500#define SSL_X509_LOOKUP 4
501
502/* These will only be used when doing non-blocking IO */
503#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
504#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
505#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
506#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
507
508struct ssl_st
509 {
510 /* protocol version
511 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
512 */
513 int version;
514 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
515
516 SSL_METHOD *method; /* SSLv3 */
517
518 /* There are 2 BIO's even though they are normally both the
519 * same. This is so data can be read and written to different
520 * handlers */
521
522#ifdef HEADER_BIO_H
523 BIO *rbio; /* used by SSL_read */
524 BIO *wbio; /* used by SSL_write */
525 BIO *bbio; /* used during session-id reuse to concatinate
526 * messages */
527#else
528 char *rbio; /* used by SSL_read */
529 char *wbio; /* used by SSL_write */
530 char *bbio;
531#endif
532 /* This holds a variable that indicates what we were doing
533 * when a 0 or -1 is returned. This is needed for
534 * non-blocking IO so we know what request needs re-doing when
535 * in SSL_accept or SSL_connect */
536 int rwstate;
537
538 /* true when we are actually in SSL_accept() or SSL_connect() */
539 int in_handshake;
540 int (*handshake_func)();
541
542 /* Imagine that here's a boolean member "init" that is
543 * switched as soon as SSL_set_{accept/connect}_state
544 * is called for the first time, so that "state" and
545 * "handshake_func" are properly initialized. But as
546 * handshake_func is == 0 until then, we use this
547 * test instead of an "init" member.
548 */
549
550 int server; /* are we the server side? - mostly used by SSL_clear*/
551
552 int new_session;/* 1 if we are to use a new session */
553 int quiet_shutdown;/* don't send shutdown packets */
554 int shutdown; /* we have shut things down, 0x01 sent, 0x02
555 * for received */
556 int state; /* where we are */
557 int rstate; /* where we are when reading */
558
559 BUF_MEM *init_buf; /* buffer used during init */
560 int init_num; /* amount read/written */
561 int init_off; /* amount read/written */
562
563 /* used internally to point at a raw packet */
564 unsigned char *packet;
565 unsigned int packet_length;
566
567 struct ssl2_ctx_st *s2; /* SSLv2 variables */
568 struct ssl3_ctx_st *s3; /* SSLv3 variables */
569
570 int read_ahead; /* Read as many input bytes as possible */
571 int hit; /* reusing a previous session */
572
573 /* crypto */
574 STACK_OF(SSL_CIPHER) *cipher_list;
575 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
576
577 /* These are the ones being used, the ones is SSL_SESSION are
578 * the ones to be 'copied' into these ones */
579
580 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
581 const EVP_MD *read_hash; /* used for mac generation */
582#ifdef HEADER_COMP_H
583 COMP_CTX *expand; /* uncompress */
584#else
585 char *expand;
586#endif
587
588 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
589 const EVP_MD *write_hash; /* used for mac generation */
590#ifdef HEADER_COMP_H
591 COMP_CTX *compress; /* compression */
592#else
593 char *compress;
594#endif
595
596 /* session info */
597
598 /* client cert? */
599 /* This is used to hold the server certificate used */
600 struct cert_st /* CERT */ *cert;
601
602 /* the session_id_context is used to ensure sessions are only reused
603 * in the appropriate context */
604 unsigned int sid_ctx_length;
605 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
606
607 /* This can also be in the session once a session is established */
608 SSL_SESSION *session;
609
610 /* Used in SSL2 and SSL3 */
611 int verify_mode; /* 0 don't care about verify failure.
612 * 1 fail if verify fails */
613 int verify_depth;
614 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
615 void (*info_callback)(); /* optional informational callback */
616
617 int error; /* error bytes to be written */
618 int error_code; /* actual code */
619
620 SSL_CTX *ctx;
621 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
622 * and SSL_write() calls, good for nbio debuging :-) */
623 int debug;
624
625 /* extra application data */
626 long verify_result;
627 CRYPTO_EX_DATA ex_data;
628
629 /* for server side, keep the list of CA_dn we can use */
630 STACK_OF(X509_NAME) *client_CA;
631
632 int references;
633 unsigned long options; /* protocol behaviour */
634 unsigned long mode; /* API behaviour */
635 int first_packet;
636 int client_version; /* what was passed, used for
637 * SSLv3/TLS rolback check */
638 };
639
640#include <openssl/ssl2.h>
641#include <openssl/ssl3.h>
642#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
643#include <openssl/ssl23.h>
644
645/* compatablity */
646#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
647#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
648#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
649#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
650#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
651#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
652
653/* The following are the possible values for ssl->state are are
654 * used to indicate where we are upto in the SSL connection establishment.
655 * The macros that follow are about the only things you should need to use
656 * and even then, only when using non-blocking IO.
657 * It can also be useful to work out where you were when the connection
658 * failed */
659
660#define SSL_ST_CONNECT 0x1000
661#define SSL_ST_ACCEPT 0x2000
662#define SSL_ST_MASK 0x0FFF
663#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
664#define SSL_ST_BEFORE 0x4000
665#define SSL_ST_OK 0x03
666#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
667
668#define SSL_CB_LOOP 0x01
669#define SSL_CB_EXIT 0x02
670#define SSL_CB_READ 0x04
671#define SSL_CB_WRITE 0x08
672#define SSL_CB_ALERT 0x4000 /* used in callback */
673#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
674#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
675#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
676#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
677#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
678#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
679#define SSL_CB_HANDSHAKE_START 0x10
680#define SSL_CB_HANDSHAKE_DONE 0x20
681
682/* Is the SSL_connection established? */
683#define SSL_get_state(a) SSL_state(a)
684#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
685#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
686#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
687#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
688#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
689
690/* The following 2 states are kept in ssl->rstate when reads fail,
691 * you should not need these */
692#define SSL_ST_READ_HEADER 0xF0
693#define SSL_ST_READ_BODY 0xF1
694#define SSL_ST_READ_DONE 0xF2
695
696/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
697 * are 'ored' with SSL_VERIFY_PEER if they are desired */
698#define SSL_VERIFY_NONE 0x00
699#define SSL_VERIFY_PEER 0x01
700#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
701#define SSL_VERIFY_CLIENT_ONCE 0x04
702
703#define SSLeay_add_ssl_algorithms() SSL_library_init()
704
705/* this is for backward compatablility */
706#if 0 /* NEW_SSLEAY */
707#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
708#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
709#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
710#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
711#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
712#endif
713/* More backward compatablity */
714#define SSL_get_cipher(s) \
715 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
716#define SSL_get_cipher_bits(s,np) \
717 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
718#define SSL_get_cipher_version(s) \
719 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
720#define SSL_get_cipher_name(s) \
721 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
722#define SSL_get_time(a) SSL_SESSION_get_time(a)
723#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
724#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
725#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
726
727#if 1 /*SSLEAY_MACROS*/
728#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
729 (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
730 (bp),(unsigned char **)(s_id))
731#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
732 bp,(unsigned char *)s_id)
733#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
734 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
735#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
736 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
737#define PEM_write_SSL_SESSION(fp,x) \
738 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
739 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
740#define PEM_write_bio_SSL_SESSION(bp,x) \
741 PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
742 PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
743#endif
744
745#define SSL_AD_REASON_OFFSET 1000
746/* These alert types are for SSLv3 and TLSv1 */
747#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
748#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
749#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
750#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
751#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
752#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
753#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
754#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
755#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
756#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
757#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
758#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
759#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
760#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
761#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
762#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
763#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
764#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
765#define SSL_AD_EXPORT_RESTRICION TLS1_AD_EXPORT_RESTRICION/* fatal */
766#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
767#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
768#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
769#define SSL_AD_USER_CANCLED TLS1_AD_USER_CANCLED
770#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
771
772#define SSL_ERROR_NONE 0
773#define SSL_ERROR_SSL 1
774#define SSL_ERROR_WANT_READ 2
775#define SSL_ERROR_WANT_WRITE 3
776#define SSL_ERROR_WANT_X509_LOOKUP 4
777#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
778#define SSL_ERROR_ZERO_RETURN 6
779#define SSL_ERROR_WANT_CONNECT 7
780
781#define SSL_CTRL_NEED_TMP_RSA 1
782#define SSL_CTRL_SET_TMP_RSA 2
783#define SSL_CTRL_SET_TMP_DH 3
784#define SSL_CTRL_SET_TMP_RSA_CB 4
785#define SSL_CTRL_SET_TMP_DH_CB 5
786/* Add these ones */
787#define SSL_CTRL_GET_SESSION_REUSED 6
788#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7
789#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8
790#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
791#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
792#define SSL_CTRL_GET_FLAGS 11
793#define SSL_CTRL_EXTRA_CHAIN_CERT 12
794
795/* Stats */
796#define SSL_CTRL_SESS_NUMBER 20
797#define SSL_CTRL_SESS_CONNECT 21
798#define SSL_CTRL_SESS_CONNECT_GOOD 22
799#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
800#define SSL_CTRL_SESS_ACCEPT 24
801#define SSL_CTRL_SESS_ACCEPT_GOOD 25
802#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
803#define SSL_CTRL_SESS_HIT 27
804#define SSL_CTRL_SESS_CB_HIT 28
805#define SSL_CTRL_SESS_MISSES 29
806#define SSL_CTRL_SESS_TIMEOUTS 30
807#define SSL_CTRL_SESS_CACHE_FULL 31
808#define SSL_CTRL_OPTIONS 32
809#define SSL_CTRL_MODE 33
810
811#define SSL_CTRL_GET_READ_AHEAD 40
812#define SSL_CTRL_SET_READ_AHEAD 41
813#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
814#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
815#define SSL_CTRL_SET_SESS_CACHE_MODE 44
816#define SSL_CTRL_GET_SESS_CACHE_MODE 45
817
818#define SSL_session_reused(ssl) \
819 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
820#define SSL_num_renegotiations(ssl) \
821 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
822#define SSL_clear_num_renegotiations(ssl) \
823 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
824#define SSL_total_renegotiations(ssl) \
825 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
826
827#define SSL_CTX_need_tmp_RSA(ctx) \
828 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
829#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
830 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
831#define SSL_CTX_set_tmp_dh(ctx,dh) \
832 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
833
834#define SSL_need_tmp_RSA(ssl) \
835 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
836#define SSL_set_tmp_rsa(ssl,rsa) \
837 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
838#define SSL_set_tmp_dh(ssl,dh) \
839 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
840
841#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
842 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
843
844/* VMS uses only 31 characters for symbols. */
845#ifdef VMS
846#undef SSL_CTX_set_cert_verify_callback
847#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
848#undef SSL_CTX_use_certificate_chain_file
849#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
850#undef SSL_CTX_set_default_verify_paths
851#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
852#undef SSL_get_ex_data_X509_STORE_CTX_idx
853#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i
854#undef SSL_add_file_cert_subjects_to_stack
855#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack
856#undef SSL_add_dir_cert_subjects_to_stack
857#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
858#endif
859
860#ifdef HEADER_BIO_H
861BIO_METHOD *BIO_f_ssl(void);
862BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
863BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
864BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
865int BIO_ssl_copy_session_id(BIO *to,BIO *from);
866void BIO_ssl_shutdown(BIO *ssl_bio);
867
868#endif
869
870int SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
871SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
872void SSL_CTX_free(SSL_CTX *);
873long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
874long SSL_CTX_get_timeout(SSL_CTX *ctx);
875X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
876void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
877int SSL_want(SSL *s);
878int SSL_clear(SSL *s);
879
880void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
881
882SSL_CIPHER *SSL_get_current_cipher(SSL *s);
883int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
884char * SSL_CIPHER_get_version(SSL_CIPHER *c);
885const char * SSL_CIPHER_get_name(SSL_CIPHER *c);
886
887int SSL_get_fd(SSL *s);
888const char * SSL_get_cipher_list(SSL *s,int n);
889char * SSL_get_shared_ciphers(SSL *s, char *buf, int len);
890int SSL_get_read_ahead(SSL * s);
891int SSL_pending(SSL *s);
892#ifndef NO_SOCK
893int SSL_set_fd(SSL *s, int fd);
894int SSL_set_rfd(SSL *s, int fd);
895int SSL_set_wfd(SSL *s, int fd);
896#endif
897#ifdef HEADER_BIO_H
898void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
899BIO * SSL_get_rbio(SSL *s);
900BIO * SSL_get_wbio(SSL *s);
901#endif
902int SSL_set_cipher_list(SSL *s, char *str);
903void SSL_set_read_ahead(SSL *s, int yes);
904int SSL_get_verify_mode(SSL *s);
905int SSL_get_verify_depth(SSL *s);
906int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
907void SSL_set_verify(SSL *s, int mode,
908 int (*callback)(int ok,X509_STORE_CTX *ctx));
909void SSL_set_verify_depth(SSL *s, int depth);
910#ifndef NO_RSA
911int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
912#endif
913int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
914int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
915int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
916int SSL_use_certificate(SSL *ssl, X509 *x);
917int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
918
919#ifndef NO_STDIO
920int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
921int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
922int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
923int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
924int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
925int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
926int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
927STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
928int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
929 const char *file);
930int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
931 const char *dir);
932#endif
933
934void ERR_load_SSL_strings(void );
935void SSL_load_error_strings(void );
936char * SSL_state_string(SSL *s);
937char * SSL_rstate_string(SSL *s);
938char * SSL_state_string_long(SSL *s);
939char * SSL_rstate_string_long(SSL *s);
940long SSL_SESSION_get_time(SSL_SESSION *s);
941long SSL_SESSION_set_time(SSL_SESSION *s, long t);
942long SSL_SESSION_get_timeout(SSL_SESSION *s);
943long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
944void SSL_copy_session_id(SSL *to,SSL *from);
945
946SSL_SESSION *SSL_SESSION_new(void);
947unsigned long SSL_SESSION_hash(SSL_SESSION *a);
948int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
949#ifndef NO_FP_API
950int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
951#endif
952#ifdef HEADER_BIO_H
953int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
954#endif
955void SSL_SESSION_free(SSL_SESSION *ses);
956int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
957int SSL_set_session(SSL *to, SSL_SESSION *session);
958int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
959int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
960SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
961
962#ifdef HEADER_X509_H
963X509 * SSL_get_peer_certificate(SSL *s);
964#endif
965
966STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
967
968#ifdef VMS
969#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
970#endif
971
972int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
973int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
974int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
975void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
976 int (*callback)(int, X509_STORE_CTX *));
977void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
978void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
979#ifndef NO_RSA
980int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
981#endif
982int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
983int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
984int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
985 unsigned char *d, long len);
986int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
987int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
988
989void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
990void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
991
992int SSL_CTX_check_private_key(SSL_CTX *ctx);
993int SSL_check_private_key(SSL *ctx);
994
995int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
996 unsigned int sid_ctx_len);
997
998SSL * SSL_new(SSL_CTX *ctx);
999int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1000 unsigned int sid_ctx_len);
1001void SSL_free(SSL *ssl);
1002int SSL_accept(SSL *ssl);
1003int SSL_connect(SSL *ssl);
1004int SSL_read(SSL *ssl,char *buf,int num);
1005int SSL_peek(SSL *ssl,char *buf,int num);
1006int SSL_write(SSL *ssl,const char *buf,int num);
1007long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
1008long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
1009
1010int SSL_get_error(SSL *s,int ret_code);
1011char * SSL_get_version(SSL *s);
1012
1013/* This sets the 'default' SSL version that SSL_new() will create */
1014int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
1015
1016SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1017SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1018SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1019
1020SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1021SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1022SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1023
1024SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1025SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1026SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1027
1028SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1029SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1030SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1031
1032STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
1033
1034int SSL_do_handshake(SSL *s);
1035int SSL_renegotiate(SSL *s);
1036int SSL_shutdown(SSL *s);
1037
1038SSL_METHOD *SSL_get_ssl_method(SSL *s);
1039int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
1040char *SSL_alert_type_string_long(int value);
1041char *SSL_alert_type_string(int value);
1042char *SSL_alert_desc_string_long(int value);
1043char *SSL_alert_desc_string(int value);
1044
1045void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
1046void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
1047STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
1048STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
1049int SSL_add_client_CA(SSL *ssl,X509 *x);
1050int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
1051
1052void SSL_set_connect_state(SSL *s);
1053void SSL_set_accept_state(SSL *s);
1054
1055long SSL_get_default_timeout(SSL *s);
1056
1057int SSL_library_init(void );
1058
1059char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
1060STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1061
1062SSL *SSL_dup(SSL *ssl);
1063
1064X509 *SSL_get_certificate(SSL *ssl);
1065/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1066
1067void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1068int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
1069void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1070int SSL_get_quiet_shutdown(SSL *ssl);
1071void SSL_set_shutdown(SSL *ssl,int mode);
1072int SSL_get_shutdown(SSL *ssl);
1073int SSL_version(SSL *ssl);
1074int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1075int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1076 const char *CApath);
1077SSL_SESSION *SSL_get_session(SSL *ssl);
1078SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
1079void SSL_set_info_callback(SSL *ssl,void (*cb)());
1080void (*SSL_get_info_callback(SSL *ssl))();
1081int SSL_state(SSL *ssl);
1082
1083void SSL_set_verify_result(SSL *ssl,long v);
1084long SSL_get_verify_result(SSL *ssl);
1085
1086int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1087void *SSL_get_ex_data(SSL *ssl,int idx);
1088int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
1089 int (*dup_func)(), void (*free_func)());
1090
1091int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1092void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
1093int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
1094 int (*dup_func)(), void (*free_func)());
1095
1096int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1097void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
1098int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
1099 int (*dup_func)(), void (*free_func)());
1100
1101int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1102
1103#define SSL_CTX_sess_set_cache_size(ctx,t) \
1104 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1105#define SSL_CTX_sess_get_cache_size(ctx) \
1106 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1107#define SSL_CTX_set_session_cache_mode(ctx,m) \
1108 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1109#define SSL_CTX_get_session_cache_mode(ctx) \
1110 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1111
1112#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1113#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1114#define SSL_CTX_get_read_ahead(ctx) \
1115 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1116#define SSL_CTX_set_read_ahead(ctx,m) \
1117 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
1118
1119 /* NB: the keylength is only applicable when is_export is true */
1120#ifndef NO_RSA
1121void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1122 RSA *(*cb)(SSL *ssl,int is_export,
1123 int keylength));
1124
1125void SSL_set_tmp_rsa_callback(SSL *ssl,
1126 RSA *(*cb)(SSL *ssl,int is_export,
1127 int keylength));
1128#endif
1129#ifndef NO_DH
1130void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1131 DH *(*dh)(SSL *ssl,int is_export,
1132 int keylength));
1133void SSL_set_tmp_dh_callback(SSL *ssl,
1134 DH *(*dh)(SSL *ssl,int is_export,
1135 int keylength));
1136#endif
1137
1138#ifdef HEADER_COMP_H
1139int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
1140#else
1141int SSL_COMP_add_compression_method(int id,char *cm);
1142#endif
1143
1144/* BEGIN ERROR CODES */
1145/* The following lines are auto generated by the script mkerr.pl. Any changes
1146 * made after this point may be overwritten when the script is next run.
1147 */
1148
1149/* Error codes for the SSL functions. */
1150
1151/* Function codes. */
1152#define SSL_F_CLIENT_CERTIFICATE 100
1153#define SSL_F_CLIENT_HELLO 101
1154#define SSL_F_CLIENT_MASTER_KEY 102
1155#define SSL_F_D2I_SSL_SESSION 103
1156#define SSL_F_DO_SSL3_WRITE 104
1157#define SSL_F_GET_CLIENT_FINISHED 105
1158#define SSL_F_GET_CLIENT_HELLO 106
1159#define SSL_F_GET_CLIENT_MASTER_KEY 107
1160#define SSL_F_GET_SERVER_FINISHED 108
1161#define SSL_F_GET_SERVER_HELLO 109
1162#define SSL_F_GET_SERVER_VERIFY 110
1163#define SSL_F_I2D_SSL_SESSION 111
1164#define SSL_F_READ_N 112
1165#define SSL_F_REQUEST_CERTIFICATE 113
1166#define SSL_F_SERVER_HELLO 114
1167#define SSL_F_SSL23_ACCEPT 115
1168#define SSL_F_SSL23_CLIENT_HELLO 116
1169#define SSL_F_SSL23_CONNECT 117
1170#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1171#define SSL_F_SSL23_GET_SERVER_HELLO 119
1172#define SSL_F_SSL23_READ 120
1173#define SSL_F_SSL23_WRITE 121
1174#define SSL_F_SSL2_ACCEPT 122
1175#define SSL_F_SSL2_CONNECT 123
1176#define SSL_F_SSL2_ENC_INIT 124
1177#define SSL_F_SSL2_READ 125
1178#define SSL_F_SSL2_SET_CERTIFICATE 126
1179#define SSL_F_SSL2_WRITE 127
1180#define SSL_F_SSL3_ACCEPT 128
1181#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1182#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1183#define SSL_F_SSL3_CLIENT_HELLO 131
1184#define SSL_F_SSL3_CONNECT 132
1185#define SSL_F_SSL3_CTRL 213
1186#define SSL_F_SSL3_CTX_CTRL 133
1187#define SSL_F_SSL3_ENC 134
1188#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1189#define SSL_F_SSL3_GET_CERT_VERIFY 136
1190#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1191#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1192#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1193#define SSL_F_SSL3_GET_FINISHED 140
1194#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1195#define SSL_F_SSL3_GET_MESSAGE 142
1196#define SSL_F_SSL3_GET_RECORD 143
1197#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1198#define SSL_F_SSL3_GET_SERVER_DONE 145
1199#define SSL_F_SSL3_GET_SERVER_HELLO 146
1200#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1201#define SSL_F_SSL3_READ_BYTES 148
1202#define SSL_F_SSL3_READ_N 149
1203#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1204#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1205#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1206#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1207#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1208#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1209#define SSL_F_SSL3_SETUP_BUFFERS 156
1210#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1211#define SSL_F_SSL3_WRITE_BYTES 158
1212#define SSL_F_SSL3_WRITE_PENDING 159
1213#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1214#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1215#define SSL_F_SSL_BAD_METHOD 160
1216#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1217#define SSL_F_SSL_CERT_DUP 221
1218#define SSL_F_SSL_CERT_INST 222
1219#define SSL_F_SSL_CERT_INSTANTIATE 214
1220#define SSL_F_SSL_CERT_NEW 162
1221#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1222#define SSL_F_SSL_CLEAR 164
1223#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1224#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1225#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1226#define SSL_F_SSL_CTX_NEW 169
1227#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1228#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1229#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1230#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1231#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
1232#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
1233#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1234#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1235#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1236#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1237#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1238#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
1239#define SSL_F_SSL_DO_HANDSHAKE 180
1240#define SSL_F_SSL_GET_NEW_SESSION 181
1241#define SSL_F_SSL_GET_PREV_SESSION 217
1242#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
1243#define SSL_F_SSL_GET_SIGN_PKEY 183
1244#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1245#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1246#define SSL_F_SSL_NEW 186
1247#define SSL_F_SSL_READ 223
1248#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1249#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
1250#define SSL_F_SSL_SESSION_NEW 189
1251#define SSL_F_SSL_SESSION_PRINT_FP 190
1252#define SSL_F_SSL_SESS_CERT_NEW 225
1253#define SSL_F_SSL_SET_CERT 191
1254#define SSL_F_SSL_SET_FD 192
1255#define SSL_F_SSL_SET_PKEY 193
1256#define SSL_F_SSL_SET_RFD 194
1257#define SSL_F_SSL_SET_SESSION 195
1258#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1259#define SSL_F_SSL_SET_WFD 196
1260#define SSL_F_SSL_SHUTDOWN 224
1261#define SSL_F_SSL_UNDEFINED_FUNCTION 197
1262#define SSL_F_SSL_USE_CERTIFICATE 198
1263#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
1264#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
1265#define SSL_F_SSL_USE_PRIVATEKEY 201
1266#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
1267#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
1268#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
1269#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
1270#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
1271#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
1272#define SSL_F_SSL_WRITE 208
1273#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
1274#define SSL_F_TLS1_ENC 210
1275#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
1276#define SSL_F_WRITE_PENDING 212
1277
1278/* Reason codes. */
1279#define SSL_R_APP_DATA_IN_HANDSHAKE 100
1280#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
1281#define SSL_R_BAD_ALERT_RECORD 101
1282#define SSL_R_BAD_AUTHENTICATION_TYPE 102
1283#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
1284#define SSL_R_BAD_CHECKSUM 104
1285#define SSL_R_BAD_CLIENT_REQUEST 105
1286#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
1287#define SSL_R_BAD_DECOMPRESSION 107
1288#define SSL_R_BAD_DH_G_LENGTH 108
1289#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
1290#define SSL_R_BAD_DH_P_LENGTH 110
1291#define SSL_R_BAD_DIGEST_LENGTH 111
1292#define SSL_R_BAD_DSA_SIGNATURE 112
1293#define SSL_R_BAD_LENGTH 271
1294#define SSL_R_BAD_MAC_DECODE 113
1295#define SSL_R_BAD_MESSAGE_TYPE 114
1296#define SSL_R_BAD_PACKET_LENGTH 115
1297#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
1298#define SSL_R_BAD_RESPONSE_ARGUMENT 117
1299#define SSL_R_BAD_RSA_DECRYPT 118
1300#define SSL_R_BAD_RSA_ENCRYPT 119
1301#define SSL_R_BAD_RSA_E_LENGTH 120
1302#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
1303#define SSL_R_BAD_RSA_SIGNATURE 122
1304#define SSL_R_BAD_SIGNATURE 123
1305#define SSL_R_BAD_SSL_FILETYPE 124
1306#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
1307#define SSL_R_BAD_STATE 126
1308#define SSL_R_BAD_WRITE_RETRY 127
1309#define SSL_R_BIO_NOT_SET 128
1310#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
1311#define SSL_R_BN_LIB 130
1312#define SSL_R_CA_DN_LENGTH_MISMATCH 131
1313#define SSL_R_CA_DN_TOO_LONG 132
1314#define SSL_R_CCS_RECEIVED_EARLY 133
1315#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
1316#define SSL_R_CERT_LENGTH_MISMATCH 135
1317#define SSL_R_CHALLENGE_IS_DIFFERENT 136
1318#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
1319#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
1320#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
1321#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
1322#define SSL_R_COMPRESSION_FAILURE 141
1323#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
1324#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
1325#define SSL_R_CONNECTION_TYPE_NOT_SET 144
1326#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
1327#define SSL_R_DATA_LENGTH_TOO_LONG 146
1328#define SSL_R_DECRYPTION_FAILED 147
1329#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1330#define SSL_R_DIGEST_CHECK_FAILED 149
1331#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1332#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1333#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1334#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
1335#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
1336#define SSL_R_HTTPS_PROXY_REQUEST 155
1337#define SSL_R_HTTP_REQUEST 156
1338#define SSL_R_INTERNAL_ERROR 157
1339#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1340#define SSL_R_LENGTH_MISMATCH 159
1341#define SSL_R_LENGTH_TOO_SHORT 160
1342#define SSL_R_LIBRARY_BUG 274
1343#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
1344#define SSL_R_MISSING_DH_DSA_CERT 162
1345#define SSL_R_MISSING_DH_KEY 163
1346#define SSL_R_MISSING_DH_RSA_CERT 164
1347#define SSL_R_MISSING_DSA_SIGNING_CERT 165
1348#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
1349#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
1350#define SSL_R_MISSING_RSA_CERTIFICATE 168
1351#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
1352#define SSL_R_MISSING_RSA_SIGNING_CERT 170
1353#define SSL_R_MISSING_TMP_DH_KEY 171
1354#define SSL_R_MISSING_TMP_RSA_KEY 172
1355#define SSL_R_MISSING_TMP_RSA_PKEY 173
1356#define SSL_R_MISSING_VERIFY_MESSAGE 174
1357#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
1358#define SSL_R_NO_CERTIFICATES_RETURNED 176
1359#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
1360#define SSL_R_NO_CERTIFICATE_RETURNED 178
1361#define SSL_R_NO_CERTIFICATE_SET 179
1362#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
1363#define SSL_R_NO_CIPHERS_AVAILABLE 181
1364#define SSL_R_NO_CIPHERS_PASSED 182
1365#define SSL_R_NO_CIPHERS_SPECIFIED 183
1366#define SSL_R_NO_CIPHER_LIST 184
1367#define SSL_R_NO_CIPHER_MATCH 185
1368#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
1369#define SSL_R_NO_COMPRESSION_SPECIFIED 187
1370#define SSL_R_NO_METHOD_SPECIFIED 188
1371#define SSL_R_NO_PRIVATEKEY 189
1372#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
1373#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
1374#define SSL_R_NO_PUBLICKEY 192
1375#define SSL_R_NO_SHARED_CIPHER 193
1376#define SSL_R_NO_VERIFY_CALLBACK 194
1377#define SSL_R_NULL_SSL_CTX 195
1378#define SSL_R_NULL_SSL_METHOD_PASSED 196
1379#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
1380#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1381#define SSL_R_PATH_TOO_LONG 270
1382#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
1383#define SSL_R_PEER_ERROR 200
1384#define SSL_R_PEER_ERROR_CERTIFICATE 201
1385#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
1386#define SSL_R_PEER_ERROR_NO_CIPHER 203
1387#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
1388#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
1389#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
1390#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
1391#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
1392#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
1393#define SSL_R_PUBLIC_KEY_NOT_RSA 210
1394#define SSL_R_READ_BIO_NOT_SET 211
1395#define SSL_R_READ_WRONG_PACKET_TYPE 212
1396#define SSL_R_RECORD_LENGTH_MISMATCH 213
1397#define SSL_R_RECORD_TOO_LARGE 214
1398#define SSL_R_REQUIRED_CIPHER_MISSING 215
1399#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1400#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
1401#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
1402#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
1403#define SSL_R_SHORT_READ 219
1404#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1405#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1406#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1407#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1408#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
1409#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
1410#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
1411#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
1412#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
1413#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
1414#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
1415#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
1416#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
1417#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
1418#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
1419#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
1420#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
1421#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
1422#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
1423#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
1424#define SSL_R_SSL_HANDSHAKE_FAILURE 229
1425#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
1426#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
1427#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
1428#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
1429#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
1430#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
1431#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
1432#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060
1433#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
1434#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
1435#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
1436#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
1437#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
1438#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
1439#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
1440#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
1441#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
1442#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
1443#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
1444#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
1445#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
1446#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
1447#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
1448#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
1449#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
1450#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
1451#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
1452#define SSL_R_UNEXPECTED_MESSAGE 244
1453#define SSL_R_UNEXPECTED_RECORD 245
1454#define SSL_R_UNINITIALIZED 276
1455#define SSL_R_UNKNOWN_ALERT_TYPE 246
1456#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
1457#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
1458#define SSL_R_UNKNOWN_CIPHER_TYPE 249
1459#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
1460#define SSL_R_UNKNOWN_PKEY_TYPE 251
1461#define SSL_R_UNKNOWN_PROTOCOL 252
1462#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
1463#define SSL_R_UNKNOWN_SSL_VERSION 254
1464#define SSL_R_UNKNOWN_STATE 255
1465#define SSL_R_UNSUPPORTED_CIPHER 256
1466#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
1467#define SSL_R_UNSUPPORTED_PROTOCOL 258
1468#define SSL_R_UNSUPPORTED_SSL_VERSION 259
1469#define SSL_R_WRITE_BIO_NOT_SET 260
1470#define SSL_R_WRONG_CIPHER_RETURNED 261
1471#define SSL_R_WRONG_MESSAGE_TYPE 262
1472#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
1473#define SSL_R_WRONG_SIGNATURE_LENGTH 264
1474#define SSL_R_WRONG_SIGNATURE_SIZE 265
1475#define SSL_R_WRONG_SSL_VERSION 266
1476#define SSL_R_WRONG_VERSION_NUMBER 267
1477#define SSL_R_X509_LIB 268
1478#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
1479
1480#ifdef __cplusplus
1481}
1482#endif
1483#endif
1484
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index d7f24ac1b4..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,265 +0,0 @@
1/* ssl/ssl2.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767
137#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/
138
139#define SSL2_CHALLENGE_LENGTH 16
140/*#define SSL2_CHALLENGE_LENGTH 32 */
141#define SSL2_MIN_CHALLENGE_LENGTH 16
142#define SSL2_MAX_CHALLENGE_LENGTH 32
143#define SSL2_CONNECTION_ID_LENGTH 16
144#define SSL2_MAX_CONNECTION_ID_LENGTH 16
145#define SSL2_SSL_SESSION_ID_LENGTH 16
146#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
147#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
148#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
149
150#ifndef HEADER_SSL_LOCL_H
151#define CERT char
152#endif
153
154typedef struct ssl2_ctx_st
155 {
156 int three_byte_header;
157 int clear_text; /* clear text */
158 int escape; /* not used in SSLv2 */
159 int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
160
161 /* non-blocking io info, used to make sure the same
162 * args were passwd */
163 unsigned int wnum; /* number of bytes sent so far */
164 int wpend_tot;
165 const unsigned char *wpend_buf;
166
167 int wpend_off; /* offset to data to write */
168 int wpend_len; /* number of bytes passwd to write */
169 int wpend_ret; /* number of bytes to return to caller */
170
171 /* buffer raw data */
172 int rbuf_left;
173 int rbuf_offs;
174 unsigned char *rbuf;
175 unsigned char *wbuf;
176
177 unsigned char *write_ptr;/* used to point to the start due to
178 * 2/3 byte header. */
179
180 unsigned int padding;
181 unsigned int rlength; /* passed to ssl2_enc */
182 int ract_data_length; /* Set when things are encrypted. */
183 unsigned int wlength; /* passed to ssl2_enc */
184 int wact_data_length; /* Set when things are decrypted. */
185 unsigned char *ract_data;
186 unsigned char *wact_data;
187 unsigned char *mac_data;
188 unsigned char *pad_data;
189
190 unsigned char *read_key;
191 unsigned char *write_key;
192
193 /* Stuff specifically to do with this SSL session */
194 unsigned int challenge_length;
195 unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
196 unsigned int conn_id_length;
197 unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
198 unsigned int key_material_length;
199 unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
200
201 unsigned long read_sequence;
202 unsigned long write_sequence;
203
204 struct {
205 unsigned int conn_id_length;
206 unsigned int cert_type;
207 unsigned int cert_length;
208 int csl;
209 int clear;
210 unsigned int enc;
211 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
212 int cipher_spec_length;
213 unsigned int session_id_length;
214 unsigned int clen;
215 unsigned int rlen;
216 } tmp;
217 } SSL2_CTX;
218
219/* SSLv2 */
220/* client */
221#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
222#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
223#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
224#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
225#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
226#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
227#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
228#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
229#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
230#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
231#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
232#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
233#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
234#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
235#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
236#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
237#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
238#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
239/* server */
240#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
241#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
242#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
243#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
244#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
245#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
246#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
247#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
248#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
249#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
250#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
251#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
252#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
253#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
254#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
255#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
256#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
257#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
258#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
259#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
260
261#ifdef __cplusplus
262}
263#endif
264#endif
265
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
1/* ssl/ssl23.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
83
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 2a9714fc19..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,459 +0,0 @@
1/* ssl/ssl3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL3_H
60#define HEADER_SSL3_H
61
62#include <openssl/buffer.h>
63#include <openssl/evp.h>
64#include <openssl/ssl.h>
65
66#ifdef __cplusplus
67extern "C" {
68#endif
69
70#define SSL3_CK_RSA_NULL_MD5 0x03000001
71#define SSL3_CK_RSA_NULL_SHA 0x03000002
72#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
73#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
74#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
75#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
76#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
77#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
78#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
79#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
80
81#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
82#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
83#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
84#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
85#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
86#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
87
88#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
89#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
90#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
91#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
92#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
93#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
94
95#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
96#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
97#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
98#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
99#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
100
101#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
102#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
103#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
104
105#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
106#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
107#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
108#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
109#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
110#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
111#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
112#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
113#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
114#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
115
116#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
117#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
118#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
119#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
120#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
121#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
122
123#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
124#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
125#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
126#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
127#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
128#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
129
130#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
131#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
132#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
133#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
134#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
135
136#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
137#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
138#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
139
140#define SSL3_SSL_SESSION_ID_LENGTH 32
141#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
142
143#define SSL3_MASTER_SECRET_SIZE 48
144#define SSL3_RANDOM_SIZE 32
145#define SSL3_SESSION_ID_SIZE 32
146#define SSL3_RT_HEADER_LENGTH 5
147
148/* Due to MS stuffing up, this can change.... */
149#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
150#define SSL3_RT_MAX_EXTRA (14000)
151#else
152#define SSL3_RT_MAX_EXTRA (16384)
153#endif
154
155#define SSL3_RT_MAX_PLAIN_LENGTH 16384
156#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
157#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
158#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
159#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
160
161/* the states that a SSL3_RECORD can be in
162 * For SSL_read it goes
163 * rbuf->ENCODED -> read
164 * ENCODED -> we need to decode everything - call decode_record
165 */
166
167#define SSL3_RS_BLANK 1
168#define SSL3_RS_DATA
169
170#define SSL3_RS_ENCODED 2
171#define SSL3_RS_READ_MORE 3
172#define SSL3_RS_WRITE_MORE
173#define SSL3_RS_PLAIN 3
174#define SSL3_RS_PART_READ 4
175#define SSL3_RS_PART_WRITE 5
176
177#define SSL3_MD_CLIENT_FINISHED_CONST {0x43,0x4C,0x4E,0x54}
178#define SSL3_MD_SERVER_FINISHED_CONST {0x53,0x52,0x56,0x52}
179
180#define SSL3_VERSION 0x0300
181#define SSL3_VERSION_MAJOR 0x03
182#define SSL3_VERSION_MINOR 0x00
183
184#define SSL3_RT_CHANGE_CIPHER_SPEC 20
185#define SSL3_RT_ALERT 21
186#define SSL3_RT_HANDSHAKE 22
187#define SSL3_RT_APPLICATION_DATA 23
188
189#define SSL3_AL_WARNING 1
190#define SSL3_AL_FATAL 2
191
192#define SSL3_AD_CLOSE_NOTIFY 0
193#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
194#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
195#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
196#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
197#define SSL3_AD_NO_CERTIFICATE 41
198#define SSL3_AD_BAD_CERTIFICATE 42
199#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
200#define SSL3_AD_CERTIFICATE_REVOKED 44
201#define SSL3_AD_CERTIFICATE_EXPIRED 45
202#define SSL3_AD_CERTIFICATE_UNKNOWN 46
203#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
204
205typedef struct ssl3_record_st
206 {
207/*r */ int type; /* type of record */
208/* */ /*int state;*/ /* any data in it? */
209/*rw*/ unsigned int length; /* How many bytes available */
210/*r */ unsigned int off; /* read/write offset into 'buf' */
211/*rw*/ unsigned char *data; /* pointer to the record data */
212/*rw*/ unsigned char *input; /* where the decode bytes are */
213/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
214 } SSL3_RECORD;
215
216typedef struct ssl3_buffer_st
217 {
218/*r */ int total; /* used in non-blocking writes */
219/*r */ int wanted; /* how many more bytes we need */
220/*rw*/ int left; /* how many bytes left */
221/*rw*/ int offset; /* where to 'copy from' */
222/*rw*/ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes */
223 } SSL3_BUFFER;
224
225#define SSL3_CT_RSA_SIGN 1
226#define SSL3_CT_DSS_SIGN 2
227#define SSL3_CT_RSA_FIXED_DH 3
228#define SSL3_CT_DSS_FIXED_DH 4
229#define SSL3_CT_RSA_EPHEMERAL_DH 5
230#define SSL3_CT_DSS_EPHEMERAL_DH 6
231#define SSL3_CT_FORTEZZA_DMS 20
232#define SSL3_CT_NUMBER 7
233
234#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
235#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
236#define SSL3_FLAGS_POP_BUFFER 0x0004
237#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
238
239#if 0
240#define AD_CLOSE_NOTIFY 0
241#define AD_UNEXPECTED_MESSAGE 1
242#define AD_BAD_RECORD_MAC 2
243#define AD_DECRYPTION_FAILED 3
244#define AD_RECORD_OVERFLOW 4
245#define AD_DECOMPRESSION_FAILURE 5 /* fatal */
246#define AD_HANDSHAKE_FAILURE 6 /* fatal */
247#define AD_NO_CERTIFICATE 7 /* Not under TLS */
248#define AD_BAD_CERTIFICATE 8
249#define AD_UNSUPPORTED_CERTIFICATE 9
250#define AD_CERTIFICATE_REVOKED 10
251#define AD_CERTIFICATE_EXPIRED 11
252#define AD_CERTIFICATE_UNKNOWN 12
253#define AD_ILLEGAL_PARAMETER 13 /* fatal */
254#define AD_UNKNOWN_CA 14 /* fatal */
255#define AD_ACCESS_DENIED 15 /* fatal */
256#define AD_DECODE_ERROR 16 /* fatal */
257#define AD_DECRYPT_ERROR 17
258#define AD_EXPORT_RESTRICION 18 /* fatal */
259#define AD_PROTOCOL_VERSION 19 /* fatal */
260#define AD_INSUFFICIENT_SECURITY 20 /* fatal */
261#define AD_INTERNAL_ERROR 21 /* fatal */
262#define AD_USER_CANCLED 22
263#define AD_NO_RENEGOTIATION 23
264#endif
265
266typedef struct ssl3_ctx_st
267 {
268 long flags;
269 int delay_buf_pop_ret;
270
271 unsigned char read_sequence[8];
272 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
273 unsigned char write_sequence[8];
274 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
275
276 unsigned char server_random[SSL3_RANDOM_SIZE];
277 unsigned char client_random[SSL3_RANDOM_SIZE];
278
279 SSL3_BUFFER rbuf; /* read IO goes into here */
280 SSL3_BUFFER wbuf; /* write IO goes into here */
281 SSL3_RECORD rrec; /* each decoded record goes in here */
282 SSL3_RECORD wrec; /* goes out from here */
283 /* Used by ssl3_read_n to point
284 * to input data packet */
285
286 /* partial write - check the numbers match */
287 unsigned int wnum; /* number of bytes sent so far */
288 int wpend_tot; /* number bytes written */
289 int wpend_type;
290 int wpend_ret; /* number of bytes submitted */
291 const unsigned char *wpend_buf;
292
293 /* used during startup, digest all incoming/outgoing packets */
294 EVP_MD_CTX finish_dgst1;
295 EVP_MD_CTX finish_dgst2;
296
297 /* this is set whenerver we see a change_cipher_spec message
298 * come in when we are not looking for one */
299 int change_cipher_spec;
300
301 int warn_alert;
302 int fatal_alert;
303 /* we alow one fatal and one warning alert to be outstanding,
304 * send close alert via the warning alert */
305 int alert_dispatch;
306 unsigned char send_alert[2];
307
308 /* This flag is set when we should renegotiate ASAP, basically when
309 * there is no more data in the read or write buffers */
310 int renegotiate;
311 int total_renegotiations;
312 int num_renegotiations;
313
314 int in_read_app_data;
315
316 struct {
317 /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
318 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
319
320 unsigned long message_size;
321 int message_type;
322
323 /* used to hold the new cipher we are going to use */
324 SSL_CIPHER *new_cipher;
325#ifndef NO_DH
326 DH *dh;
327#endif
328 /* used when SSL_ST_FLUSH_DATA is entered */
329 int next_state;
330
331 int reuse_message;
332
333 /* used for certificate requests */
334 int cert_req;
335 int ctype_num;
336 char ctype[SSL3_CT_NUMBER];
337 STACK_OF(X509_NAME) *ca_names;
338
339 int use_rsa_tmp;
340
341 int key_block_length;
342 unsigned char *key_block;
343
344 const EVP_CIPHER *new_sym_enc;
345 const EVP_MD *new_hash;
346#ifdef HEADER_COMP_H
347 const SSL_COMP *new_compression;
348#else
349 char *new_compression;
350#endif
351 int cert_request;
352 } tmp;
353
354 } SSL3_CTX;
355
356/* SSLv3 */
357/*client */
358/* extra state */
359#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
360/* write to server */
361#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
362#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
363/* read from server */
364#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
365#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
366#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
367#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
368#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
369#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
370#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
371#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
372#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
373#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
374/* write to server */
375#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
376#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
377#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
378#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
379#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
380#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
381#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
382#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
383#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
384#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
385#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
386#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
387/* read from server */
388#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
389#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
390#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
391#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
392
393/* server */
394/* extra state */
395#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
396/* read from client */
397/* Do not change the number values, they do matter */
398#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
399#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
400#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
401/* write to client */
402#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
403#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
404#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
405#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
406#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
407#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
408#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
409#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
410#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
411#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
412#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
413#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
414#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
415/* read from client */
416#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
417#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
418#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
419#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
420#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
421#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
422#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
423#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
424#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
425#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
426/* write to client */
427#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
428#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
429#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
430#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
431
432#define SSL3_MT_CLIENT_REQUEST 0
433#define SSL3_MT_CLIENT_HELLO 1
434#define SSL3_MT_SERVER_HELLO 2
435#define SSL3_MT_CERTIFICATE 11
436#define SSL3_MT_SERVER_KEY_EXCHANGE 12
437#define SSL3_MT_CERTIFICATE_REQUEST 13
438#define SSL3_MT_SERVER_DONE 14
439#define SSL3_MT_CERTIFICATE_VERIFY 15
440#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
441#define SSL3_MT_FINISHED 20
442
443#define SSL3_MT_CCS 1
444
445/* These are used when changing over to a new cipher */
446#define SSL3_CC_READ 0x01
447#define SSL3_CC_WRITE 0x02
448#define SSL3_CC_CLIENT 0x10
449#define SSL3_CC_SERVER 0x20
450#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
451#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
452#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
453#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
454
455#ifdef __cplusplus
456}
457#endif
458#endif
459
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index a91ee6d22e..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,103 +0,0 @@
1/* ssl/ssl_algs.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/lhash.h>
62#include "ssl_locl.h"
63
64int SSL_library_init(void)
65 {
66#ifndef NO_DES
67 EVP_add_cipher(EVP_des_cbc());
68 EVP_add_cipher(EVP_des_ede3_cbc());
69#endif
70#ifndef NO_IDEA
71 EVP_add_cipher(EVP_idea_cbc());
72#endif
73#ifndef NO_RC4
74 EVP_add_cipher(EVP_rc4());
75#endif
76#ifndef NO_RC2
77 EVP_add_cipher(EVP_rc2_cbc());
78#endif
79
80#ifndef NO_MD2
81 EVP_add_digest(EVP_md2());
82#endif
83#ifndef NO_MD5
84 EVP_add_digest(EVP_md5());
85 EVP_add_digest_alias(SN_md5,"ssl2-md5");
86 EVP_add_digest_alias(SN_md5,"ssl3-md5");
87#endif
88#ifndef NO_SHA
89 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
90 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
91#endif
92#if !defined(NO_SHA) && !defined(NO_DSA)
93 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
94#endif
95
96 /* If you want support for phased out ciphers, add the following */
97#if 0
98 EVP_add_digest(EVP_sha());
99 EVP_add_digest(EVP_dss());
100#endif
101 return(1);
102 }
103
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index 0f6a0884e4..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,327 +0,0 @@
1/* ssl/ssl_asn1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/asn1_mac.h>
62#include <openssl/objects.h>
63#include "ssl_locl.h"
64
65typedef struct ssl_session_asn1_st
66 {
67 ASN1_INTEGER version;
68 ASN1_INTEGER ssl_version;
69 ASN1_OCTET_STRING cipher;
70 ASN1_OCTET_STRING master_key;
71 ASN1_OCTET_STRING session_id;
72 ASN1_OCTET_STRING session_id_context;
73 ASN1_OCTET_STRING key_arg;
74 ASN1_INTEGER time;
75 ASN1_INTEGER timeout;
76 } SSL_SESSION_ASN1;
77
78int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
79 {
80#define LSIZE2 (sizeof(long)*2)
81 int v1=0,v2=0,v3=0,v4=0;
82 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
83 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
84 long l;
85 SSL_SESSION_ASN1 a;
86 M_ASN1_I2D_vars(in);
87
88 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
89 return(0);
90
91 /* Note that I cheat in the following 2 assignments. I know
92 * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
93 * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
94 * This is a bit evil but makes things simple, no dynamic allocation
95 * to clean up :-) */
96 a.version.length=LSIZE2;
97 a.version.type=V_ASN1_INTEGER;
98 a.version.data=ibuf1;
99 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
100
101 a.ssl_version.length=LSIZE2;
102 a.ssl_version.type=V_ASN1_INTEGER;
103 a.ssl_version.data=ibuf2;
104 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
105
106 a.cipher.type=V_ASN1_OCTET_STRING;
107 a.cipher.data=buf;
108
109 if (in->cipher == NULL)
110 l=in->cipher_id;
111 else
112 l=in->cipher->id;
113 if (in->ssl_version == SSL2_VERSION)
114 {
115 a.cipher.length=3;
116 buf[0]=((unsigned char)(l>>16L))&0xff;
117 buf[1]=((unsigned char)(l>> 8L))&0xff;
118 buf[2]=((unsigned char)(l ))&0xff;
119 }
120 else
121 {
122 a.cipher.length=2;
123 buf[0]=((unsigned char)(l>>8L))&0xff;
124 buf[1]=((unsigned char)(l ))&0xff;
125 }
126
127 a.master_key.length=in->master_key_length;
128 a.master_key.type=V_ASN1_OCTET_STRING;
129 a.master_key.data=in->master_key;
130
131 a.session_id.length=in->session_id_length;
132 a.session_id.type=V_ASN1_OCTET_STRING;
133 a.session_id.data=in->session_id;
134
135 a.session_id_context.length=in->sid_ctx_length;
136 a.session_id_context.type=V_ASN1_OCTET_STRING;
137 a.session_id_context.data=in->sid_ctx;
138
139 a.key_arg.length=in->key_arg_length;
140 a.key_arg.type=V_ASN1_OCTET_STRING;
141 a.key_arg.data=in->key_arg;
142
143 if (in->time != 0L)
144 {
145 a.time.length=LSIZE2;
146 a.time.type=V_ASN1_INTEGER;
147 a.time.data=ibuf3;
148 ASN1_INTEGER_set(&(a.time),in->time);
149 }
150
151 if (in->timeout != 0L)
152 {
153 a.timeout.length=LSIZE2;
154 a.timeout.type=V_ASN1_INTEGER;
155 a.timeout.data=ibuf4;
156 ASN1_INTEGER_set(&(a.timeout),in->timeout);
157 }
158
159 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
160 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
161 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
162 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
163 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
164 if (in->key_arg_length > 0)
165 M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
166 if (in->time != 0L)
167 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
168 if (in->timeout != 0L)
169 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
170 if (in->peer != NULL)
171 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
172 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
173
174 M_ASN1_I2D_seq_total();
175
176 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
177 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
178 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
179 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
180 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
181 if (in->key_arg_length > 0)
182 M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
183 if (in->time != 0L)
184 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
185 if (in->timeout != 0L)
186 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
187 if (in->peer != NULL)
188 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
189 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
190 v4);
191
192 M_ASN1_I2D_finish();
193 }
194
195SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
196 long length)
197 {
198 int version,ssl_version=0,i;
199 long id;
200 ASN1_INTEGER ai,*aip;
201 ASN1_OCTET_STRING os,*osp;
202 M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
203
204 aip= &ai;
205 osp= &os;
206
207 M_ASN1_D2I_Init();
208 M_ASN1_D2I_start_sequence();
209
210 ai.data=NULL; ai.length=0;
211 M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
212 version=(int)ASN1_INTEGER_get(aip);
213 if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
214
215 /* we don't care about the version right now :-) */
216 M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
217 ssl_version=(int)ASN1_INTEGER_get(aip);
218 ret->ssl_version=ssl_version;
219 if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
220
221 os.data=NULL; os.length=0;
222 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
223 if (ssl_version == SSL2_VERSION)
224 {
225 if (os.length != 3)
226 {
227 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
228 goto err;
229 }
230 id=0x02000000L|
231 ((unsigned long)os.data[0]<<16L)|
232 ((unsigned long)os.data[1]<< 8L)|
233 (unsigned long)os.data[2];
234 }
235 else if ((ssl_version>>8) == 3)
236 {
237 if (os.length != 2)
238 {
239 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
240 goto err;
241 }
242 id=0x03000000L|
243 ((unsigned long)os.data[0]<<8L)|
244 (unsigned long)os.data[1];
245 }
246 else
247 {
248 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
249 return(NULL);
250 }
251
252 ret->cipher=NULL;
253 ret->cipher_id=id;
254
255 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
256 if ((ssl_version>>8) == SSL3_VERSION)
257 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
258 else /* if (ssl_version == SSL2_VERSION) */
259 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
260
261 if (os.length > i)
262 os.length=i;
263
264 ret->session_id_length=os.length;
265 memcpy(ret->session_id,os.data,os.length);
266
267 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
268 if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
269 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
270 else
271 ret->master_key_length=os.length;
272 memcpy(ret->master_key,os.data,ret->master_key_length);
273
274 os.length=0;
275 M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
276 if (os.length > SSL_MAX_KEY_ARG_LENGTH)
277 ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
278 else
279 ret->key_arg_length=os.length;
280 memcpy(ret->key_arg,os.data,ret->key_arg_length);
281 if (os.data != NULL) Free(os.data);
282
283 ai.length=0;
284 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
285 if (ai.data != NULL)
286 {
287 ret->time=ASN1_INTEGER_get(aip);
288 Free(ai.data); ai.data=NULL; ai.length=0;
289 }
290 else
291 ret->time=time(NULL);
292
293 ai.length=0;
294 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
295 if (ai.data != NULL)
296 {
297 ret->timeout=ASN1_INTEGER_get(aip);
298 Free(ai.data); ai.data=NULL; ai.length=0;
299 }
300 else
301 ret->timeout=3;
302
303 if (ret->peer != NULL)
304 {
305 X509_free(ret->peer);
306 ret->peer=NULL;
307 }
308 M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
309
310 os.length=0;
311 os.data=NULL;
312 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
313
314 if(os.data != NULL)
315 {
316 if (os.length > SSL_MAX_SID_CTX_LENGTH)
317 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
318 ret->sid_ctx_length=os.length;
319 memcpy(ret->sid_ctx,os.data,os.length);
320 Free(os.data); os.data=NULL; os.length=0;
321 }
322 else
323 ret->sid_ctx_length=0;
324
325 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
326 }
327
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 6d2511f76c..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,716 +0,0 @@
1/*! \file ssl/ssl_cert.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@OpenSSL.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 */
106
107#include <stdio.h>
108#include <sys/types.h>
109#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)
110#include <dirent.h>
111#endif
112#ifdef NeXT
113#include <sys/dir.h>
114#define dirent direct
115#endif
116#include <openssl/objects.h>
117#include <openssl/bio.h>
118#include <openssl/pem.h>
119#include "ssl_locl.h"
120
121int SSL_get_ex_data_X509_STORE_CTX_idx(void)
122 {
123 static int ssl_x509_store_ctx_idx= -1;
124
125 if (ssl_x509_store_ctx_idx < 0)
126 {
127 ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
128 0,"SSL for verify callback",NULL,NULL,NULL);
129 }
130 return(ssl_x509_store_ctx_idx);
131 }
132
133CERT *ssl_cert_new(void)
134 {
135 CERT *ret;
136
137 ret=(CERT *)Malloc(sizeof(CERT));
138 if (ret == NULL)
139 {
140 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
141 return(NULL);
142 }
143 memset(ret,0,sizeof(CERT));
144
145 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
146 ret->references=1;
147
148 return(ret);
149 }
150
151CERT *ssl_cert_dup(CERT *cert)
152 {
153 CERT *ret;
154 int i;
155
156 ret = (CERT *)Malloc(sizeof(CERT));
157 if (ret == NULL)
158 {
159 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
160 return(NULL);
161 }
162
163 memset(ret, 0, sizeof(CERT));
164
165 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
166 /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
167 * if you find that more readable */
168
169 ret->valid = cert->valid;
170 ret->mask = cert->mask;
171 ret->export_mask = cert->export_mask;
172
173#ifndef NO_RSA
174 if (cert->rsa_tmp != NULL)
175 {
176 ret->rsa_tmp = cert->rsa_tmp;
177 CRYPTO_add(&ret->rsa_tmp->references, 1, CRYPTO_LOCK_RSA);
178 }
179 ret->rsa_tmp_cb = cert->rsa_tmp_cb;
180#endif
181
182#ifndef NO_DH
183 if (cert->dh_tmp != NULL)
184 {
185 /* DH parameters don't have a reference count (and cannot
186 * reasonably be shared anyway, as the secret exponent may
187 * be created just when it is needed -- earlier library
188 * versions did not pay attention to this) */
189 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
190 if (ret->dh_tmp == NULL)
191 {
192 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB);
193 goto err;
194 }
195 }
196 ret->dh_tmp_cb = cert->dh_tmp_cb;
197#endif
198
199 for (i = 0; i < SSL_PKEY_NUM; i++)
200 {
201 if (cert->pkeys[i].x509 != NULL)
202 {
203 ret->pkeys[i].x509 = cert->pkeys[i].x509;
204 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
205 CRYPTO_LOCK_X509);
206 }
207
208 if (cert->pkeys[i].privatekey != NULL)
209 {
210 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
211 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
212 CRYPTO_LOCK_EVP_PKEY);
213
214 switch(i)
215 {
216 /* If there was anything special to do for
217 * certain types of keys, we'd do it here.
218 * (Nothing at the moment, I think.) */
219
220 case SSL_PKEY_RSA_ENC:
221 case SSL_PKEY_RSA_SIGN:
222 /* We have an RSA key. */
223 break;
224
225 case SSL_PKEY_DSA_SIGN:
226 /* We have a DSA key. */
227 break;
228
229 case SSL_PKEY_DH_RSA:
230 case SSL_PKEY_DH_DSA:
231 /* We have a DH key. */
232 break;
233
234 default:
235 /* Can't happen. */
236 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
237 }
238 }
239 }
240
241 /* ret->extra_certs *should* exist, but currently the own certificate
242 * chain is held inside SSL_CTX */
243
244 ret->references=1;
245
246 return(ret);
247
248err:
249#ifndef NO_RSA
250 if (ret->rsa_tmp != NULL)
251 RSA_free(ret->rsa_tmp);
252#endif
253#ifndef NO_DH
254 if (ret->dh_tmp != NULL)
255 DH_free(ret->dh_tmp);
256#endif
257
258 for (i = 0; i < SSL_PKEY_NUM; i++)
259 {
260 if (ret->pkeys[i].x509 != NULL)
261 X509_free(ret->pkeys[i].x509);
262 if (ret->pkeys[i].privatekey != NULL)
263 EVP_PKEY_free(ret->pkeys[i].privatekey);
264 }
265
266 return NULL;
267 }
268
269
270void ssl_cert_free(CERT *c)
271 {
272 int i;
273
274 if(c == NULL)
275 return;
276
277 i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
278#ifdef REF_PRINT
279 REF_PRINT("CERT",c);
280#endif
281 if (i > 0) return;
282#ifdef REF_CHECK
283 if (i < 0)
284 {
285 fprintf(stderr,"ssl_cert_free, bad reference count\n");
286 abort(); /* ok */
287 }
288#endif
289
290#ifndef NO_RSA
291 if (c->rsa_tmp) RSA_free(c->rsa_tmp);
292#endif
293#ifndef NO_DH
294 if (c->dh_tmp) DH_free(c->dh_tmp);
295#endif
296
297 for (i=0; i<SSL_PKEY_NUM; i++)
298 {
299 if (c->pkeys[i].x509 != NULL)
300 X509_free(c->pkeys[i].x509);
301 if (c->pkeys[i].privatekey != NULL)
302 EVP_PKEY_free(c->pkeys[i].privatekey);
303#if 0
304 if (c->pkeys[i].publickey != NULL)
305 EVP_PKEY_free(c->pkeys[i].publickey);
306#endif
307 }
308 Free(c);
309 }
310
311int ssl_cert_inst(CERT **o)
312 {
313 /* Create a CERT if there isn't already one
314 * (which cannot really happen, as it is initially created in
315 * SSL_CTX_new; but the earlier code usually allows for that one
316 * being non-existant, so we follow that behaviour, as it might
317 * turn out that there actually is a reason for it -- but I'm
318 * not sure that *all* of the existing code could cope with
319 * s->cert being NULL, otherwise we could do without the
320 * initialization in SSL_CTX_new).
321 */
322
323 if (o == NULL)
324 {
325 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
326 return(0);
327 }
328 if (*o == NULL)
329 {
330 if ((*o = ssl_cert_new()) == NULL)
331 {
332 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
333 return(0);
334 }
335 }
336 return(1);
337 }
338
339
340SESS_CERT *ssl_sess_cert_new(void)
341 {
342 SESS_CERT *ret;
343
344 ret = Malloc(sizeof *ret);
345 if (ret == NULL)
346 {
347 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
348 return NULL;
349 }
350
351 memset(ret, 0 ,sizeof *ret);
352 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
353 ret->references = 1;
354
355 return ret;
356 }
357
358void ssl_sess_cert_free(SESS_CERT *sc)
359 {
360 int i;
361
362 if (sc == NULL)
363 return;
364
365 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
366#ifdef REF_PRINT
367 REF_PRINT("SESS_CERT", sc);
368#endif
369 if (i > 0)
370 return;
371#ifdef REF_CHECK
372 if (i < 0)
373 {
374 fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
375 abort(); /* ok */
376 }
377#endif
378
379 /* i == 0 */
380 if (sc->cert_chain != NULL)
381 sk_X509_pop_free(sc->cert_chain, X509_free);
382 for (i = 0; i < SSL_PKEY_NUM; i++)
383 {
384 if (sc->peer_pkeys[i].x509 != NULL)
385 X509_free(sc->peer_pkeys[i].x509);
386#if 0 /* We don't have the peer's private key. These lines are just
387 * here as a reminder that we're still using a not-quite-appropriate
388 * data structure. */
389 if (sc->peer_pkeys[i].privatekey != NULL)
390 EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
391#endif
392 }
393
394#ifndef NO_RSA
395 if (sc->peer_rsa_tmp != NULL)
396 RSA_free(sc->peer_rsa_tmp);
397#endif
398#ifndef NO_DH
399 if (sc->peer_dh_tmp != NULL)
400 DH_free(sc->peer_dh_tmp);
401#endif
402
403 Free(sc);
404 }
405
406int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
407 {
408 sc->peer_cert_type = type;
409 return(1);
410 }
411
412int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
413 {
414 X509 *x;
415 int i;
416 X509_STORE_CTX ctx;
417
418 if ((sk == NULL) || (sk_X509_num(sk) == 0))
419 return(0);
420
421 x=sk_X509_value(sk,0);
422 X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
423 if (SSL_get_verify_depth(s) >= 0)
424 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
425 X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
426 (char *)s);
427
428 if (s->ctx->app_verify_callback != NULL)
429 i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
430 else
431 {
432#ifndef NO_X509_VERIFY
433 i=X509_verify_cert(&ctx);
434#else
435 i=0;
436 ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
437 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
438#endif
439 }
440
441 s->verify_result=ctx.error;
442 X509_STORE_CTX_cleanup(&ctx);
443
444 return(i);
445 }
446
447static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
448 {
449 if (*ca_list != NULL)
450 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
451
452 *ca_list=list;
453 }
454
455STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
456 {
457 int i;
458 STACK_OF(X509_NAME) *ret;
459 X509_NAME *name;
460
461 ret=sk_X509_NAME_new_null();
462 for (i=0; i<sk_X509_NAME_num(sk); i++)
463 {
464 name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
465 if ((name == NULL) || !sk_X509_NAME_push(ret,name))
466 {
467 sk_X509_NAME_pop_free(ret,X509_NAME_free);
468 return(NULL);
469 }
470 }
471 return(ret);
472 }
473
474void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
475 {
476 set_client_CA_list(&(s->client_CA),list);
477 }
478
479void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
480 {
481 set_client_CA_list(&(ctx->client_CA),list);
482 }
483
484STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
485 {
486 return(ctx->client_CA);
487 }
488
489STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
490 {
491 if (s->type == SSL_ST_CONNECT)
492 { /* we are in the client */
493 if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
494 (s->s3 != NULL))
495 return(s->s3->tmp.ca_names);
496 else
497 return(NULL);
498 }
499 else
500 {
501 if (s->client_CA != NULL)
502 return(s->client_CA);
503 else
504 return(s->ctx->client_CA);
505 }
506 }
507
508static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
509 {
510 X509_NAME *name;
511
512 if (x == NULL) return(0);
513 if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
514 return(0);
515
516 if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
517 return(0);
518
519 if (!sk_X509_NAME_push(*sk,name))
520 {
521 X509_NAME_free(name);
522 return(0);
523 }
524 return(1);
525 }
526
527int SSL_add_client_CA(SSL *ssl,X509 *x)
528 {
529 return(add_client_CA(&(ssl->client_CA),x));
530 }
531
532int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
533 {
534 return(add_client_CA(&(ctx->client_CA),x));
535 }
536
537static int name_cmp(X509_NAME **a,X509_NAME **b)
538 {
539 return(X509_NAME_cmp(*a,*b));
540 }
541
542#ifndef NO_STDIO
543/*!
544 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
545 * it doesn't really have anything to do with clients (except that a common use
546 * for a stack of CAs is to send it to the client). Actually, it doesn't have
547 * much to do with CAs, either, since it will load any old cert.
548 * \param file the file containing one or more certs.
549 * \return a ::STACK containing the certs.
550 */
551STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
552 {
553 BIO *in;
554 X509 *x=NULL;
555 X509_NAME *xn=NULL;
556 STACK_OF(X509_NAME) *ret,*sk;
557
558 ret=sk_X509_NAME_new(NULL);
559 sk=sk_X509_NAME_new(name_cmp);
560
561 in=BIO_new(BIO_s_file_internal());
562
563 if ((ret == NULL) || (sk == NULL) || (in == NULL))
564 {
565 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
566 goto err;
567 }
568
569 if (!BIO_read_filename(in,file))
570 goto err;
571
572 for (;;)
573 {
574 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
575 break;
576 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
577 /* check for duplicates */
578 xn=X509_NAME_dup(xn);
579 if (xn == NULL) goto err;
580 if (sk_X509_NAME_find(sk,xn) >= 0)
581 X509_NAME_free(xn);
582 else
583 {
584 sk_X509_NAME_push(sk,xn);
585 sk_X509_NAME_push(ret,xn);
586 }
587 }
588
589 if (0)
590 {
591err:
592 if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
593 ret=NULL;
594 }
595 if (sk != NULL) sk_X509_NAME_free(sk);
596 if (in != NULL) BIO_free(in);
597 if (x != NULL) X509_free(x);
598 return(ret);
599 }
600#endif
601
602/*!
603 * Add a file of certs to a stack.
604 * \param stack the stack to add to.
605 * \param file the file to add from. All certs in this file that are not
606 * already in the stack will be added.
607 * \return 1 for success, 0 for failure. Note that in the case of failure some
608 * certs may have been added to \c stack.
609 */
610
611int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
612 const char *file)
613 {
614 BIO *in;
615 X509 *x=NULL;
616 X509_NAME *xn=NULL;
617 int ret=1;
618 int (*oldcmp)(X509_NAME **a, X509_NAME **b);
619
620 oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);
621
622 in=BIO_new(BIO_s_file_internal());
623
624 if (in == NULL)
625 {
626 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
627 goto err;
628 }
629
630 if (!BIO_read_filename(in,file))
631 goto err;
632
633 for (;;)
634 {
635 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
636 break;
637 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
638 xn=X509_NAME_dup(xn);
639 if (xn == NULL) goto err;
640 if (sk_X509_NAME_find(stack,xn) >= 0)
641 X509_NAME_free(xn);
642 else
643 sk_X509_NAME_push(stack,xn);
644 }
645
646 if (0)
647 {
648err:
649 ret=0;
650 }
651 if(in != NULL)
652 BIO_free(in);
653 if(x != NULL)
654 X509_free(x);
655
656 sk_X509_NAME_set_cmp_func(stack,oldcmp);
657
658 return ret;
659 }
660
661/*!
662 * Add a directory of certs to a stack.
663 * \param stack the stack to append to.
664 * \param dir the directory to append from. All files in this directory will be
665 * examined as potential certs. Any that are acceptable to
666 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
667 * included.
668 * \return 1 for success, 0 for failure. Note that in the case of failure some
669 * certs may have been added to \c stack.
670 */
671
672#ifndef WIN32
673#ifndef VMS /* XXXX This may be fixed in the future */
674
675int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
676 const char *dir)
677 {
678 DIR *d;
679 struct dirent *dstruct;
680 int ret = 0;
681
682 CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
683 d = opendir(dir);
684
685 /* Note that a side effect is that the CAs will be sorted by name */
686 if(!d)
687 {
688 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
689 ERR_add_error_data(3, "opendir('", dir, "')");
690 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
691 goto err;
692 }
693
694 while((dstruct=readdir(d)))
695 {
696 char buf[1024];
697
698 if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
699 {
700 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
701 goto err;
702 }
703
704 sprintf(buf,"%s/%s",dir,dstruct->d_name);
705 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
706 goto err;
707 }
708 ret = 1;
709
710err:
711 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
712 return ret;
713 }
714
715#endif
716#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index 4c2989c47a..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,835 +0,0 @@
1/* ssl/ssl_ciph.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/comp.h>
62#include "ssl_locl.h"
63
64#define SSL_ENC_DES_IDX 0
65#define SSL_ENC_3DES_IDX 1
66#define SSL_ENC_RC4_IDX 2
67#define SSL_ENC_RC2_IDX 3
68#define SSL_ENC_IDEA_IDX 4
69#define SSL_ENC_eFZA_IDX 5
70#define SSL_ENC_NULL_IDX 6
71#define SSL_ENC_NUM_IDX 7
72
73static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
74 NULL,NULL,NULL,NULL,NULL,NULL,
75 };
76
77static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
78
79#define SSL_MD_MD5_IDX 0
80#define SSL_MD_SHA1_IDX 1
81#define SSL_MD_NUM_IDX 2
82static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
83 NULL,NULL,
84 };
85
86typedef struct cipher_sort_st
87 {
88 SSL_CIPHER *cipher;
89 int pref;
90 } CIPHER_SORT;
91
92#define CIPHER_ADD 1
93#define CIPHER_KILL 2
94#define CIPHER_DEL 3
95#define CIPHER_ORD 4
96
97typedef struct cipher_choice_st
98 {
99 int type;
100 unsigned long algorithms;
101 unsigned long mask;
102 long top;
103 } CIPHER_CHOICE;
104
105typedef struct cipher_order_st
106 {
107 SSL_CIPHER *cipher;
108 int active;
109 int dead;
110 struct cipher_order_st *next,*prev;
111 } CIPHER_ORDER;
112
113static SSL_CIPHER cipher_aliases[]={
114 /* Don't include eNULL unless specifically enabled */
115 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */
116 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK},
117 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK},
118 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK},
119 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,SSL_MKEY_MASK},
120 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,SSL_MKEY_MASK},
121 {0,SSL_TXT_DH, 0,SSL_DH, 0,SSL_MKEY_MASK},
122 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,SSL_MKEY_MASK|SSL_AUTH_MASK},
123
124 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,SSL_AUTH_MASK},
125 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,SSL_AUTH_MASK},
126 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,SSL_AUTH_MASK},
127 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK},
128 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,SSL_AUTH_MASK},
129 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,SSL_AUTH_MASK},
130
131 {0,SSL_TXT_DES, 0,SSL_DES, 0,SSL_ENC_MASK},
132 {0,SSL_TXT_3DES,0,SSL_3DES, 0,SSL_ENC_MASK},
133 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,SSL_ENC_MASK},
134 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,SSL_ENC_MASK},
135 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,SSL_ENC_MASK},
136 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK},
137 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,SSL_ENC_MASK},
138
139 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,SSL_MAC_MASK},
140 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,SSL_MAC_MASK},
141 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,SSL_MAC_MASK},
142
143 {0,SSL_TXT_NULL,0,SSL_NULL, 0,SSL_ENC_MASK},
144 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
145 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
146 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
147
148 {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,SSL_EXP_MASK},
149 {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,SSL_EXP_MASK},
150 {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,SSL_EXP_MASK},
151 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
152 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
153 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
154 {0,SSL_TXT_LOW, 0,SSL_LOW, 0,SSL_STRONG_MASK},
155 {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
156 {0,SSL_TXT_HIGH, 0,SSL_HIGH, 0,SSL_STRONG_MASK},
157 };
158
159static int init_ciphers=1;
160static void load_ciphers();
161
162static int cmp_by_name(SSL_CIPHER **a, SSL_CIPHER **b)
163 {
164 return(strcmp((*a)->name,(*b)->name));
165 }
166
167static void load_ciphers(void)
168 {
169 init_ciphers=0;
170 ssl_cipher_methods[SSL_ENC_DES_IDX]=
171 EVP_get_cipherbyname(SN_des_cbc);
172 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
173 EVP_get_cipherbyname(SN_des_ede3_cbc);
174 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
175 EVP_get_cipherbyname(SN_rc4);
176 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
177 EVP_get_cipherbyname(SN_rc2_cbc);
178 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
179 EVP_get_cipherbyname(SN_idea_cbc);
180
181 ssl_digest_methods[SSL_MD_MD5_IDX]=
182 EVP_get_digestbyname(SN_md5);
183 ssl_digest_methods[SSL_MD_SHA1_IDX]=
184 EVP_get_digestbyname(SN_sha1);
185 }
186
187int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
188 const EVP_MD **md, SSL_COMP **comp)
189 {
190 int i;
191 SSL_CIPHER *c;
192
193 c=s->cipher;
194 if (c == NULL) return(0);
195 if (comp != NULL)
196 {
197 SSL_COMP ctmp;
198
199 if (s->compress_meth == 0)
200 *comp=NULL;
201 else if (ssl_comp_methods == NULL)
202 {
203 /* bad */
204 *comp=NULL;
205 }
206 else
207 {
208
209 ctmp.id=s->compress_meth;
210 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
211 if (i >= 0)
212 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
213 else
214 *comp=NULL;
215 }
216 }
217
218 if ((enc == NULL) || (md == NULL)) return(0);
219
220 switch (c->algorithms & SSL_ENC_MASK)
221 {
222 case SSL_DES:
223 i=SSL_ENC_DES_IDX;
224 break;
225 case SSL_3DES:
226 i=SSL_ENC_3DES_IDX;
227 break;
228 case SSL_RC4:
229 i=SSL_ENC_RC4_IDX;
230 break;
231 case SSL_RC2:
232 i=SSL_ENC_RC2_IDX;
233 break;
234 case SSL_IDEA:
235 i=SSL_ENC_IDEA_IDX;
236 break;
237 case SSL_eNULL:
238 i=SSL_ENC_NULL_IDX;
239 break;
240 default:
241 i= -1;
242 break;
243 }
244
245 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
246 *enc=NULL;
247 else
248 {
249 if (i == SSL_ENC_NULL_IDX)
250 *enc=EVP_enc_null();
251 else
252 *enc=ssl_cipher_methods[i];
253 }
254
255 switch (c->algorithms & SSL_MAC_MASK)
256 {
257 case SSL_MD5:
258 i=SSL_MD_MD5_IDX;
259 break;
260 case SSL_SHA1:
261 i=SSL_MD_SHA1_IDX;
262 break;
263 default:
264 i= -1;
265 break;
266 }
267 if ((i < 0) || (i > SSL_MD_NUM_IDX))
268 *md=NULL;
269 else
270 *md=ssl_digest_methods[i];
271
272 if ((*enc != NULL) && (*md != NULL))
273 return(1);
274 else
275 return(0);
276 }
277
278#define ITEM_SEP(a) \
279 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
280
281static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
282 CIPHER_ORDER **tail)
283 {
284 if (curr == *tail) return;
285 if (curr == *head)
286 *head=curr->next;
287 if (curr->prev != NULL)
288 curr->prev->next=curr->next;
289 if (curr->next != NULL) /* should always be true */
290 curr->next->prev=curr->prev;
291 (*tail)->next=curr;
292 curr->prev= *tail;
293 curr->next=NULL;
294 *tail=curr;
295 }
296
297STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method,
298 STACK_OF(SSL_CIPHER) **cipher_list,
299 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
300 char *str)
301 {
302 SSL_CIPHER *c;
303 char *l;
304 STACK_OF(SSL_CIPHER) *ret=NULL,*ok=NULL;
305#define CL_BUF 40
306 char buf[CL_BUF];
307 char *tmp_str=NULL;
308 unsigned long mask,algorithms,ma;
309 char *start;
310 int i,j,k,num=0,ch,multi;
311 unsigned long al;
312 STACK *ca_list=NULL;
313 int current_x,num_x;
314 CIPHER_CHOICE *ops=NULL;
315 CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2;
316 int list_num;
317 int type;
318 SSL_CIPHER c_tmp,*cp;
319
320 if (str == NULL) return(NULL);
321
322 if (strncmp(str,"DEFAULT",7) == 0)
323 {
324 i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST);
325 if ((tmp_str=Malloc(i)) == NULL)
326 {
327 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
328 goto err;
329 }
330 strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST);
331 strcat(tmp_str,":");
332 strcat(tmp_str,&(str[7]));
333 str=tmp_str;
334 }
335 if (init_ciphers) load_ciphers();
336
337 num=ssl_method->num_ciphers();
338
339 if ((ret=sk_SSL_CIPHER_new(NULL)) == NULL) goto err;
340 if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err;
341
342 mask =SSL_kFZA;
343#ifdef NO_RSA
344 mask|=SSL_aRSA|SSL_kRSA;
345#endif
346#ifdef NO_DSA
347 mask|=SSL_aDSS;
348#endif
349#ifdef NO_DH
350 mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
351#endif
352
353#ifdef SSL_FORBID_ENULL
354 mask|=SSL_eNULL;
355#endif
356
357 mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0;
358 mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0;
359 mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0;
360 mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0;
361 mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0;
362 mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0;
363
364 mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0;
365 mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0;
366
367 if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL)
368 goto err;
369
370 /* Get the initial list of ciphers */
371 list_num=0;
372 for (i=0; i<num; i++)
373 {
374 c=ssl_method->get_cipher((unsigned int)i);
375 /* drop those that use any of that is not available */
376 if ((c != NULL) && c->valid && !(c->algorithms & mask))
377 {
378 list[list_num].cipher=c;
379 list[list_num].next=NULL;
380 list[list_num].prev=NULL;
381 list[list_num].active=0;
382 list_num++;
383 if (!sk_push(ca_list,(char *)c)) goto err;
384 }
385 }
386
387 for (i=1; i<list_num-1; i++)
388 {
389 list[i].prev= &(list[i-1]);
390 list[i].next= &(list[i+1]);
391 }
392 if (list_num > 0)
393 {
394 head= &(list[0]);
395 head->prev=NULL;
396 head->next= &(list[1]);
397 tail= &(list[list_num-1]);
398 tail->prev= &(list[list_num-2]);
399 tail->next=NULL;
400 }
401
402 /* special case */
403 cipher_aliases[0].algorithms &= ~mask;
404
405 /* get the aliases */
406 k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
407 for (j=0; j<k; j++)
408 {
409 al=cipher_aliases[j].algorithms;
410 /* Drop those that are not relevent */
411 if ((al & mask) == al) continue;
412 if (!sk_push(ca_list,(char *)&(cipher_aliases[j]))) goto err;
413 }
414
415 /* ca_list now holds a 'stack' of SSL_CIPHERS, some real, some
416 * 'aliases' */
417
418 /* how many parameters are there? */
419 num=1;
420 for (l=str; *l; l++)
421 if (ITEM_SEP(*l))
422 num++;
423 ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num);
424 if (ops == NULL) goto err;
425 memset(ops,0,sizeof(CIPHER_CHOICE)*num);
426
427 /* we now parse the input string and create our operations */
428 l=str;
429 i=0;
430 current_x=0;
431
432 for (;;)
433 {
434 ch= *l;
435
436 if (ch == '\0') break;
437
438 if (ch == '-')
439 { j=CIPHER_DEL; l++; }
440 else if (ch == '+')
441 { j=CIPHER_ORD; l++; }
442 else if (ch == '!')
443 { j=CIPHER_KILL; l++; }
444 else
445 { j=CIPHER_ADD; }
446
447 if (ITEM_SEP(ch))
448 {
449 l++;
450 continue;
451 }
452 ops[current_x].type=j;
453 ops[current_x].algorithms=0;
454 ops[current_x].mask=0;
455
456 start=l;
457 for (;;)
458 {
459 ch= *l;
460 i=0;
461#ifndef CHARSET_EBCDIC
462 while ( ((ch >= 'A') && (ch <= 'Z')) ||
463 ((ch >= '0') && (ch <= '9')) ||
464 ((ch >= 'a') && (ch <= 'z')) ||
465 (ch == '-'))
466#else
467 while ( isalnum(ch) || (ch == '-'))
468#endif
469 {
470 buf[i]=ch;
471 ch= *(++l);
472 i++;
473 if (i >= (CL_BUF-2)) break;
474 }
475 buf[i]='\0';
476
477 /* check for multi-part specification */
478 if (ch == '+')
479 {
480 multi=1;
481 l++;
482 }
483 else
484 multi=0;
485
486 c_tmp.name=buf;
487 j=sk_find(ca_list,(char *)&c_tmp);
488 if (j < 0)
489 goto end_loop;
490
491 cp=(SSL_CIPHER *)sk_value(ca_list,j);
492 ops[current_x].algorithms|=cp->algorithms;
493 /* We add the SSL_SSL_MASK so we can match the
494 * SSLv2 and SSLv3 versions of RC4-MD5 */
495 ops[current_x].mask|=cp->mask;
496 if (!multi) break;
497 }
498 current_x++;
499 if (ch == '\0') break;
500end_loop:
501 /* Make sure we scan until the next valid start point */
502 while ((*l != '\0') && ITEM_SEP(*l))
503 l++;
504 }
505
506 num_x=current_x;
507 current_x=0;
508
509 /* We will now process the list of ciphers, once for each category, to
510 * decide what we should do with it. */
511 for (j=0; j<num_x; j++)
512 {
513 algorithms=ops[j].algorithms;
514 type=ops[j].type;
515 mask=ops[j].mask;
516
517 curr=head;
518 curr2=head;
519 tail2=tail;
520 for (;;)
521 {
522 if ((curr == NULL) || (curr == tail2)) break;
523 curr=curr2;
524 curr2=curr->next;
525
526 cp=curr->cipher;
527 ma=mask & cp->algorithms;
528 if ((ma == 0) || ((ma & algorithms) != ma))
529 {
530 /* does not apply */
531 continue;
532 }
533
534 /* add the cipher if it has not been added yet. */
535 if (type == CIPHER_ADD)
536 {
537 if (!curr->active)
538 {
539 ll_append_tail(&head,curr,&tail);
540 curr->active=1;
541 }
542 }
543 /* Move the added cipher to this location */
544 else if (type == CIPHER_ORD)
545 {
546 if (curr->active)
547 {
548 ll_append_tail(&head,curr,&tail);
549 }
550 }
551 else if (type == CIPHER_DEL)
552 curr->active=0;
553 if (type == CIPHER_KILL)
554 {
555 if (head == curr)
556 head=curr->next;
557 else
558 curr->prev->next=curr->next;
559 if (tail == curr)
560 tail=curr->prev;
561 curr->active=0;
562 if (curr->next != NULL)
563 curr->next->prev=curr->prev;
564 if (curr->prev != NULL)
565 curr->prev->next=curr->next;
566 curr->next=NULL;
567 curr->prev=NULL;
568 }
569 }
570 }
571
572 for (curr=head; curr != NULL; curr=curr->next)
573 {
574 if (curr->active)
575 {
576 sk_SSL_CIPHER_push(ret,curr->cipher);
577#ifdef CIPHER_DEBUG
578 printf("<%s>\n",curr->cipher->name);
579#endif
580 }
581 }
582
583 if (cipher_list != NULL)
584 {
585 if (*cipher_list != NULL)
586 sk_SSL_CIPHER_free(*cipher_list);
587 *cipher_list=ret;
588 }
589
590 if (cipher_list_by_id != NULL)
591 {
592 if (*cipher_list_by_id != NULL)
593 sk_SSL_CIPHER_free(*cipher_list_by_id);
594 *cipher_list_by_id=sk_SSL_CIPHER_dup(ret);
595 }
596
597 if ( (cipher_list_by_id == NULL) ||
598 (*cipher_list_by_id == NULL) ||
599 (cipher_list == NULL) ||
600 (*cipher_list == NULL))
601 goto err;
602 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
603
604 ok=ret;
605 ret=NULL;
606err:
607 if (tmp_str) Free(tmp_str);
608 if (ops != NULL) Free(ops);
609 if (ret != NULL) sk_SSL_CIPHER_free(ret);
610 if (ca_list != NULL) sk_free(ca_list);
611 if (list != NULL) Free(list);
612 return(ok);
613 }
614
615char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
616 {
617 int is_export,pkl,kl;
618 char *ver,*exp;
619 char *kx,*au,*enc,*mac;
620 unsigned long alg,alg2;
621 static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
622
623 alg=cipher->algorithms;
624 alg2=cipher->algorithm2;
625
626 is_export=SSL_IS_EXPORT(alg);
627 pkl=SSL_EXPORT_PKEYLENGTH(alg);
628 kl=SSL_EXPORT_KEYLENGTH(alg);
629 exp=is_export?" export":"";
630
631 if (alg & SSL_SSLV2)
632 ver="SSLv2";
633 else if (alg & SSL_SSLV3)
634 ver="SSLv3";
635 else
636 ver="unknown";
637
638 switch (alg&SSL_MKEY_MASK)
639 {
640 case SSL_kRSA:
641 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
642 break;
643 case SSL_kDHr:
644 kx="DH/RSA";
645 break;
646 case SSL_kDHd:
647 kx="DH/DSS";
648 break;
649 case SSL_kFZA:
650 kx="Fortezza";
651 break;
652 case SSL_kEDH:
653 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
654 break;
655 default:
656 kx="unknown";
657 }
658
659 switch (alg&SSL_AUTH_MASK)
660 {
661 case SSL_aRSA:
662 au="RSA";
663 break;
664 case SSL_aDSS:
665 au="DSS";
666 break;
667 case SSL_aDH:
668 au="DH";
669 break;
670 case SSL_aFZA:
671 case SSL_aNULL:
672 au="None";
673 break;
674 default:
675 au="unknown";
676 break;
677 }
678
679 switch (alg&SSL_ENC_MASK)
680 {
681 case SSL_DES:
682 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
683 break;
684 case SSL_3DES:
685 enc="3DES(168)";
686 break;
687 case SSL_RC4:
688 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
689 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
690 break;
691 case SSL_RC2:
692 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
693 break;
694 case SSL_IDEA:
695 enc="IDEA(128)";
696 break;
697 case SSL_eFZA:
698 enc="Fortezza";
699 break;
700 case SSL_eNULL:
701 enc="None";
702 break;
703 default:
704 enc="unknown";
705 break;
706 }
707
708 switch (alg&SSL_MAC_MASK)
709 {
710 case SSL_MD5:
711 mac="MD5";
712 break;
713 case SSL_SHA1:
714 mac="SHA1";
715 break;
716 default:
717 mac="unknown";
718 break;
719 }
720
721 if (buf == NULL)
722 {
723 buf=Malloc(128);
724 if (buf == NULL) return("Malloc Error");
725 }
726 else if (len < 128)
727 return("Buffer too small");
728
729 sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp);
730 return(buf);
731 }
732
733char *SSL_CIPHER_get_version(SSL_CIPHER *c)
734 {
735 int i;
736
737 if (c == NULL) return("(NONE)");
738 i=(int)(c->id>>24L);
739 if (i == 3)
740 return("TLSv1/SSLv3");
741 else if (i == 2)
742 return("SSLv2");
743 else
744 return("unknown");
745 }
746
747/* return the actual cipher being used */
748const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
749 {
750 if (c != NULL)
751 return(c->name);
752 return("(NONE)");
753 }
754
755/* number of bits for symetric cipher */
756int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
757 {
758 int ret=0,a=0;
759 const EVP_CIPHER *enc;
760 const EVP_MD *md;
761 SSL_SESSION ss;
762
763 if (c != NULL)
764 {
765 ss.cipher=c;
766 if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL))
767 return(0);
768
769 a=EVP_CIPHER_key_length(enc)*8;
770
771 if (SSL_C_IS_EXPORT(c))
772 {
773 ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
774 }
775 else
776 {
777 if (c->algorithm2 & SSL2_CF_8_BYTE_ENC)
778 ret=64;
779 else
780 ret=a;
781 }
782 }
783
784 if (alg_bits != NULL) *alg_bits=a;
785
786 return(ret);
787 }
788
789SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
790 {
791 SSL_COMP *ctmp;
792 int i,nn;
793
794 if ((n == 0) || (sk == NULL)) return(NULL);
795 nn=sk_SSL_COMP_num(sk);
796 for (i=0; i<nn; i++)
797 {
798 ctmp=sk_SSL_COMP_value(sk,i);
799 if (ctmp->id == n)
800 return(ctmp);
801 }
802 return(NULL);
803 }
804
805static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
806 {
807 return((*a)->id-(*b)->id);
808 }
809
810STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
811 {
812 return(ssl_comp_methods);
813 }
814
815int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
816 {
817 SSL_COMP *comp;
818 STACK_OF(SSL_COMP) *sk;
819
820 comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
821 comp->id=id;
822 comp->method=cm;
823 if (ssl_comp_methods == NULL)
824 sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
825 else
826 sk=ssl_comp_methods;
827 if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
828 {
829 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
830 return(0);
831 }
832 else
833 return(1);
834 }
835
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 3ddc805b53..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,416 +0,0 @@
1/* ssl/ssl_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file.
58 */
59
60#include <stdio.h>
61#include <openssl/err.h>
62#include <openssl/ssl.h>
63
64/* BEGIN ERROR CODES */
65#ifndef NO_ERR
66static ERR_STRING_DATA SSL_str_functs[]=
67 {
68{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
69{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
70{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
71{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
72{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"},
73{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"},
74{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"},
75{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"},
76{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"},
77{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"},
78{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"},
79{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
80{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
81{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
82{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
83{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
84{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
85{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
86{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"},
87{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"},
88{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"},
89{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"},
90{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
91{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
92{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
93{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
94{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
95{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
96{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},
97{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"},
98{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"},
99{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"},
100{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"},
101{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"},
102{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"},
103{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"},
104{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"},
105{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"},
106{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"},
107{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"},
108{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
109{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"},
110{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"},
111{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"},
112{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"},
113{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"},
114{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"},
115{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"},
116{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"},
117{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"},
118{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"},
119{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"},
120{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"},
121{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
122{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
123{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
124{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
125{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
126{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
127{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"},
128{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"},
129{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"},
130{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"},
131{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"},
132{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
133{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"},
134{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"},
135{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"},
136{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"},
137{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"},
138{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
139{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
140{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
141{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
142{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
143{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"},
144{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
145{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"},
146{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"},
147{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"},
148{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"},
149{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"},
150{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"},
151{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"},
152{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"},
153{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"},
154{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"},
155{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"},
156{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"},
157{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"},
158{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"},
159{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"},
160{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"},
161{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"},
162{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"},
163{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"},
164{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"},
165{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"},
166{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"},
167{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"},
168{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"},
169{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"},
170{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"},
171{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"},
172{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"},
173{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"},
174{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"},
175{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"},
176{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"},
177{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"},
178{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"},
179{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"},
180{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"},
181{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"},
182{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"},
183{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"},
184{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"},
185{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"},
186{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"},
187{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"},
188{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
189{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"},
190{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"},
191{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"},
192{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"},
193{0,NULL}
194 };
195
196static ERR_STRING_DATA SSL_str_reasons[]=
197 {
198{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"},
199{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
200{SSL_R_BAD_ALERT_RECORD ,"bad alert record"},
201{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"},
202{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"},
203{SSL_R_BAD_CHECKSUM ,"bad checksum"},
204{SSL_R_BAD_CLIENT_REQUEST ,"bad client request"},
205{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"},
206{SSL_R_BAD_DECOMPRESSION ,"bad decompression"},
207{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"},
208{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"},
209{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"},
210{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"},
211{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"},
212{SSL_R_BAD_LENGTH ,"bad length"},
213{SSL_R_BAD_MAC_DECODE ,"bad mac decode"},
214{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"},
215{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"},
216{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"},
217{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"},
218{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"},
219{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"},
220{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"},
221{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"},
222{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"},
223{SSL_R_BAD_SIGNATURE ,"bad signature"},
224{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"},
225{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"},
226{SSL_R_BAD_STATE ,"bad state"},
227{SSL_R_BAD_WRITE_RETRY ,"bad write retry"},
228{SSL_R_BIO_NOT_SET ,"bio not set"},
229{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"},
230{SSL_R_BN_LIB ,"bn lib"},
231{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"},
232{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"},
233{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"},
234{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"},
235{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"},
236{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"},
237{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"},
238{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"},
239{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"},
240{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"},
241{SSL_R_COMPRESSION_FAILURE ,"compression failure"},
242{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"},
243{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"},
244{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"},
245{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"},
246{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"},
247{SSL_R_DECRYPTION_FAILED ,"decryption failed"},
248{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
249{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
250{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
251{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"},
252{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"},
253{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"},
254{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"},
255{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"},
256{SSL_R_HTTP_REQUEST ,"http request"},
257{SSL_R_INTERNAL_ERROR ,"internal error"},
258{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"},
259{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
260{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
261{SSL_R_LIBRARY_BUG ,"library bug"},
262{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"},
263{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"},
264{SSL_R_MISSING_DH_KEY ,"missing dh key"},
265{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"},
266{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"},
267{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"},
268{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"},
269{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"},
270{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"},
271{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"},
272{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"},
273{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"},
274{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"},
275{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"},
276{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"},
277{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"},
278{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"},
279{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"},
280{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"},
281{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"},
282{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"},
283{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"},
284{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"},
285{SSL_R_NO_CIPHER_LIST ,"no cipher list"},
286{SSL_R_NO_CIPHER_MATCH ,"no cipher match"},
287{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"},
288{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"},
289{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"},
290{SSL_R_NO_PRIVATEKEY ,"no privatekey"},
291{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
292{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
293{SSL_R_NO_PUBLICKEY ,"no publickey"},
294{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"},
295{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"},
296{SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
297{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"},
298{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"},
299{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"},
300{SSL_R_PATH_TOO_LONG ,"path too long"},
301{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
302{SSL_R_PEER_ERROR ,"peer error"},
303{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"},
304{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"},
305{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"},
306{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
307{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"},
308{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
309{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"},
310{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"},
311{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"},
312{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
313{SSL_R_READ_BIO_NOT_SET ,"read bio not set"},
314{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
315{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
316{SSL_R_RECORD_TOO_LARGE ,"record too large"},
317{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
318{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
319{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},
320{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
321{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"},
322{SSL_R_SHORT_READ ,"short read"},
323{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
324{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
325{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
326{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
327{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
328{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"},
329{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"},
330{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"},
331{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
332{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"},
333{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"},
334{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"},
335{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
336{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
337{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"},
338{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
339{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"},
340{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
341{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
342{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
343{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"},
344{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"},
345{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"},
346{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"},
347{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"},
348{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"},
349{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"},
350{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"},
351{SSL_R_TLSV1_ALERT_EXPORT_RESTRICION ,"tlsv1 alert export restricion"},
352{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
353{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"},
354{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"},
355{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"},
356{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"},
357{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"},
358{SSL_R_TLSV1_ALERT_USER_CANCLED ,"tlsv1 alert user cancled"},
359{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
360{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
361{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
362{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"},
363{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"},
364{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"},
365{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"},
366{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
367{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"},
368{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"},
369{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"},
370{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
371{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"},
372{SSL_R_UNEXPECTED_RECORD ,"unexpected record"},
373{SSL_R_UNINITIALIZED ,"uninitialized"},
374{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"},
375{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"},
376{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"},
377{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"},
378{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"},
379{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"},
380{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"},
381{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"},
382{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"},
383{SSL_R_UNKNOWN_STATE ,"unknown state"},
384{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
385{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
386{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"},
387{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"},
388{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"},
389{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"},
390{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"},
391{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
392{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
393{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
394{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
395{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
396{SSL_R_X509_LIB ,"x509 lib"},
397{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
398{0,NULL}
399 };
400
401#endif
402
403void ERR_load_SSL_strings(void)
404 {
405 static int init=1;
406
407 if (init)
408 {
409 init=0;
410#ifndef NO_ERR
411 ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
412 ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
413#endif
414
415 }
416 }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index cc089a612b..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ssl/ssl_err2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/ssl.h>
62
63void SSL_load_error_strings(void)
64 {
65#ifndef NO_ERR
66 ERR_load_crypto_strings();
67 ERR_load_SSL_strings();
68#endif
69 }
70
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index e192fc4cac..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,1947 +0,0 @@
1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * All rights reserved.
6 *
7 * This package is an SSL implementation written
8 * by Eric Young (eay@cryptsoft.com).
9 * The implementation was written so as to conform with Netscapes SSL.
10 *
11 * This library is free for commercial and non-commercial use as long as
12 * the following conditions are aheared to. The following conditions
13 * apply to all code found in this distribution, be it the RC4, RSA,
14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15 * included with this distribution is covered by the same copyright terms
16 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17 *
18 * Copyright remains Eric Young's, and as such any Copyright notices in
19 * the code are not to be removed.
20 * If this package is used in a product, Eric Young should be given attribution
21 * as the author of the parts of the library used.
22 * This can be in the form of a textual message at program startup or
23 * in documentation (online or textual) provided with the package.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. All advertising materials mentioning features or use of this software
34 * must display the following acknowledgement:
35 * "This product includes cryptographic software written by
36 * Eric Young (eay@cryptsoft.com)"
37 * The word 'cryptographic' can be left out if the rouines from the library
38 * being used are not cryptographic related :-).
39 * 4. If you include any Windows specific code (or a derivative thereof) from
40 * the apps directory (application code) you must include an acknowledgement:
41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42 *
43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 * The licence and distribution terms for any publically available version or
56 * derivative of this code cannot be changed. i.e. this code cannot simply be
57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.]
59 */
60
61#include <stdio.h>
62#include <openssl/objects.h>
63#include <openssl/lhash.h>
64#include "ssl_locl.h"
65
66char *SSL_version_str=OPENSSL_VERSION_TEXT;
67
68static STACK *ssl_meth=NULL;
69static STACK *ssl_ctx_meth=NULL;
70static int ssl_meth_num=0;
71static int ssl_ctx_meth_num=0;
72
73OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
74 ssl_undefined_function,
75 ssl_undefined_function,
76 ssl_undefined_function,
77 ssl_undefined_function,
78 ssl_undefined_function,
79 ssl_undefined_function,
80 };
81
82int SSL_clear(SSL *s)
83 {
84 int state;
85
86 if (s->method == NULL)
87 {
88 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
89 return(0);
90 }
91
92 s->error=0;
93 s->hit=0;
94 s->shutdown=0;
95
96#if 0
97 /* This is set if we are doing dynamic renegotiation so keep
98 * the old cipher. It is sort of a SSL_clear_lite :-) */
99 if (s->new_session) return(1);
100#endif
101
102 state=s->state; /* Keep to check if we throw away the session-id */
103 s->type=0;
104
105 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
106
107 s->version=s->method->version;
108 s->client_version=s->version;
109 s->rwstate=SSL_NOTHING;
110 s->rstate=SSL_ST_READ_HEADER;
111 s->read_ahead=s->ctx->read_ahead;
112
113 if (s->init_buf != NULL)
114 {
115 BUF_MEM_free(s->init_buf);
116 s->init_buf=NULL;
117 }
118
119 ssl_clear_cipher_ctx(s);
120
121 if (ssl_clear_bad_session(s))
122 {
123 SSL_SESSION_free(s->session);
124 s->session=NULL;
125 }
126
127 s->first_packet=0;
128
129#if 1
130 /* Check to see if we were changed into a different method, if
131 * so, revert back if we are not doing session-id reuse. */
132 if ((s->session == NULL) && (s->method != s->ctx->method))
133 {
134 s->method->ssl_free(s);
135 s->method=s->ctx->method;
136 if (!s->method->ssl_new(s))
137 return(0);
138 }
139 else
140#endif
141 s->method->ssl_clear(s);
142 return(1);
143 }
144
145/** Used to change an SSL_CTXs default SSL method type */
146int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
147 {
148 STACK_OF(SSL_CIPHER) *sk;
149
150 ctx->method=meth;
151
152 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
153 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
154 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
155 {
156 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
157 return(0);
158 }
159 return(1);
160 }
161
162SSL *SSL_new(SSL_CTX *ctx)
163 {
164 SSL *s;
165
166 if (ctx == NULL)
167 {
168 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
169 return(NULL);
170 }
171 if (ctx->method == NULL)
172 {
173 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
174 return(NULL);
175 }
176
177 s=(SSL *)Malloc(sizeof(SSL));
178 if (s == NULL) goto err;
179 memset(s,0,sizeof(SSL));
180
181 if (ctx->cert != NULL)
182 {
183 /* Earlier library versions used to copy the pointer to
184 * the CERT, not its contents; only when setting new
185 * parameters for the per-SSL copy, ssl_cert_new would be
186 * called (and the direct reference to the per-SSL_CTX
187 * settings would be lost, but those still were indirectly
188 * accessed for various purposes, and for that reason they
189 * used to be known as s->ctx->default_cert).
190 * Now we don't look at the SSL_CTX's CERT after having
191 * duplicated it once. */
192
193 s->cert = ssl_cert_dup(ctx->cert);
194 if (s->cert == NULL)
195 goto err;
196 }
197 else
198 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
199 s->sid_ctx_length=ctx->sid_ctx_length;
200 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
201 s->verify_mode=ctx->verify_mode;
202 s->verify_depth=ctx->verify_depth;
203 s->verify_callback=ctx->default_verify_callback;
204 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
205 s->ctx=ctx;
206
207 s->verify_result=X509_V_OK;
208
209 s->method=ctx->method;
210
211 if (!s->method->ssl_new(s))
212 goto err;
213
214 s->quiet_shutdown=ctx->quiet_shutdown;
215 s->references=1;
216 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
217 s->options=ctx->options;
218 s->mode=ctx->mode;
219 SSL_clear(s);
220
221 CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
222
223 return(s);
224err:
225 if (s != NULL)
226 {
227 if (s->cert != NULL)
228 ssl_cert_free(s->cert);
229 if (s->ctx != NULL)
230 SSL_CTX_free(s->ctx); /* decrement reference count */
231 Free(s);
232 }
233 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
234 return(NULL);
235 }
236
237int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
238 unsigned int sid_ctx_len)
239 {
240 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
241 {
242 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
243 return 0;
244 }
245 ctx->sid_ctx_length=sid_ctx_len;
246 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
247
248 return 1;
249 }
250
251int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
252 unsigned int sid_ctx_len)
253 {
254 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
255 {
256 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
257 return 0;
258 }
259 ssl->sid_ctx_length=sid_ctx_len;
260 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
261
262 return 1;
263 }
264
265void SSL_free(SSL *s)
266 {
267 int i;
268
269 if(s == NULL)
270 return;
271
272 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
273#ifdef REF_PRINT
274 REF_PRINT("SSL",s);
275#endif
276 if (i > 0) return;
277#ifdef REF_CHECK
278 if (i < 0)
279 {
280 fprintf(stderr,"SSL_free, bad reference count\n");
281 abort(); /* ok */
282 }
283#endif
284
285 CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
286
287 if (s->bbio != NULL)
288 {
289 /* If the buffering BIO is in place, pop it off */
290 if (s->bbio == s->wbio)
291 {
292 s->wbio=BIO_pop(s->wbio);
293 }
294 BIO_free(s->bbio);
295 s->bbio=NULL;
296 }
297 if (s->rbio != NULL)
298 BIO_free_all(s->rbio);
299 if ((s->wbio != NULL) && (s->wbio != s->rbio))
300 BIO_free_all(s->wbio);
301
302 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
303
304 /* add extra stuff */
305 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
306 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
307
308 /* Make the next call work :-) */
309 if (s->session != NULL)
310 {
311 ssl_clear_bad_session(s);
312 SSL_SESSION_free(s->session);
313 }
314
315 ssl_clear_cipher_ctx(s);
316
317 if (s->cert != NULL) ssl_cert_free(s->cert);
318 /* Free up if allocated */
319
320 if (s->ctx) SSL_CTX_free(s->ctx);
321
322 if (s->client_CA != NULL)
323 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
324
325 if (s->method != NULL) s->method->ssl_free(s);
326
327 Free((char *)s);
328 }
329
330void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
331 {
332 /* If the output buffering BIO is still in place, remove it
333 */
334 if (s->bbio != NULL)
335 {
336 if (s->wbio == s->bbio)
337 {
338 s->wbio=s->wbio->next_bio;
339 s->bbio->next_bio=NULL;
340 }
341 }
342 if ((s->rbio != NULL) && (s->rbio != rbio))
343 BIO_free_all(s->rbio);
344 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
345 BIO_free_all(s->wbio);
346 s->rbio=rbio;
347 s->wbio=wbio;
348 }
349
350BIO *SSL_get_rbio(SSL *s)
351 { return(s->rbio); }
352
353BIO *SSL_get_wbio(SSL *s)
354 { return(s->wbio); }
355
356int SSL_get_fd(SSL *s)
357 {
358 int ret= -1;
359 BIO *b,*r;
360
361 b=SSL_get_rbio(s);
362 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
363 if (r != NULL)
364 BIO_get_fd(r,&ret);
365 return(ret);
366 }
367
368#ifndef NO_SOCK
369int SSL_set_fd(SSL *s,int fd)
370 {
371 int ret=0;
372 BIO *bio=NULL;
373
374 bio=BIO_new(BIO_s_socket());
375
376 if (bio == NULL)
377 {
378 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
379 goto err;
380 }
381 BIO_set_fd(bio,fd,BIO_NOCLOSE);
382 SSL_set_bio(s,bio,bio);
383 ret=1;
384err:
385 return(ret);
386 }
387
388int SSL_set_wfd(SSL *s,int fd)
389 {
390 int ret=0;
391 BIO *bio=NULL;
392
393 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
394 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
395 {
396 bio=BIO_new(BIO_s_socket());
397
398 if (bio == NULL)
399 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
400 BIO_set_fd(bio,fd,BIO_NOCLOSE);
401 SSL_set_bio(s,SSL_get_rbio(s),bio);
402 }
403 else
404 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
405 ret=1;
406err:
407 return(ret);
408 }
409
410int SSL_set_rfd(SSL *s,int fd)
411 {
412 int ret=0;
413 BIO *bio=NULL;
414
415 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
416 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
417 {
418 bio=BIO_new(BIO_s_socket());
419
420 if (bio == NULL)
421 {
422 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
423 goto err;
424 }
425 BIO_set_fd(bio,fd,BIO_NOCLOSE);
426 SSL_set_bio(s,bio,SSL_get_wbio(s));
427 }
428 else
429 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
430 ret=1;
431err:
432 return(ret);
433 }
434#endif
435
436int SSL_get_verify_mode(SSL *s)
437 {
438 return(s->verify_mode);
439 }
440
441int SSL_get_verify_depth(SSL *s)
442 {
443 return(s->verify_depth);
444 }
445
446int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
447 {
448 return(s->verify_callback);
449 }
450
451int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
452 {
453 return(ctx->verify_mode);
454 }
455
456int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
457 {
458 return(ctx->verify_depth);
459 }
460
461int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
462 {
463 return(ctx->default_verify_callback);
464 }
465
466void SSL_set_verify(SSL *s,int mode,
467 int (*callback)(int ok,X509_STORE_CTX *ctx))
468 {
469 s->verify_mode=mode;
470 if (callback != NULL)
471 s->verify_callback=callback;
472 }
473
474void SSL_set_verify_depth(SSL *s,int depth)
475 {
476 s->verify_depth=depth;
477 }
478
479void SSL_set_read_ahead(SSL *s,int yes)
480 {
481 s->read_ahead=yes;
482 }
483
484int SSL_get_read_ahead(SSL *s)
485 {
486 return(s->read_ahead);
487 }
488
489int SSL_pending(SSL *s)
490 {
491 return(s->method->ssl_pending(s));
492 }
493
494X509 *SSL_get_peer_certificate(SSL *s)
495 {
496 X509 *r;
497
498 if ((s == NULL) || (s->session == NULL))
499 r=NULL;
500 else
501 r=s->session->peer;
502
503 if (r == NULL) return(r);
504
505 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
506
507 return(r);
508 }
509
510STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
511 {
512 STACK_OF(X509) *r;
513
514 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
515 r=NULL;
516 else
517 r=s->session->sess_cert->cert_chain;
518
519 return(r);
520 }
521
522/* Now in theory, since the calling process own 't' it should be safe to
523 * modify. We need to be able to read f without being hassled */
524void SSL_copy_session_id(SSL *t,SSL *f)
525 {
526 CERT *tmp;
527
528 /* Do we need to to SSL locking? */
529 SSL_set_session(t,SSL_get_session(f));
530
531 /* what if we are setup as SSLv2 but want to talk SSLv3 or
532 * vice-versa */
533 if (t->method != f->method)
534 {
535 t->method->ssl_free(t); /* cleanup current */
536 t->method=f->method; /* change method */
537 t->method->ssl_new(t); /* setup new */
538 }
539
540 tmp=t->cert;
541 if (f->cert != NULL)
542 {
543 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
544 t->cert=f->cert;
545 }
546 else
547 t->cert=NULL;
548 if (tmp != NULL) ssl_cert_free(tmp);
549 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
550 }
551
552/* Fix this so it checks all the valid key/cert options */
553int SSL_CTX_check_private_key(SSL_CTX *ctx)
554 {
555 if ( (ctx == NULL) ||
556 (ctx->cert == NULL) ||
557 (ctx->cert->key->x509 == NULL))
558 {
559 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
560 return(0);
561 }
562 if (ctx->cert->key->privatekey == NULL)
563 {
564 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
565 return(0);
566 }
567 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
568 }
569
570/* Fix this function so that it takes an optional type parameter */
571int SSL_check_private_key(SSL *ssl)
572 {
573 if (ssl == NULL)
574 {
575 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
576 return(0);
577 }
578 if (ssl->cert == NULL)
579 {
580 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
581 return 0;
582 }
583 if (ssl->cert->key->x509 == NULL)
584 {
585 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
586 return(0);
587 }
588 if (ssl->cert->key->privatekey == NULL)
589 {
590 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
591 return(0);
592 }
593 return(X509_check_private_key(ssl->cert->key->x509,
594 ssl->cert->key->privatekey));
595 }
596
597int SSL_accept(SSL *s)
598 {
599 if (s->handshake_func == 0)
600 /* Not properly initialized yet */
601 SSL_set_accept_state(s);
602
603 return(s->method->ssl_accept(s));
604 }
605
606int SSL_connect(SSL *s)
607 {
608 if (s->handshake_func == 0)
609 /* Not properly initialized yet */
610 SSL_set_connect_state(s);
611
612 return(s->method->ssl_connect(s));
613 }
614
615long SSL_get_default_timeout(SSL *s)
616 {
617 return(s->method->get_timeout());
618 }
619
620int SSL_read(SSL *s,char *buf,int num)
621 {
622 if (s->handshake_func == 0)
623 {
624 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
625 return -1;
626 }
627
628 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
629 {
630 s->rwstate=SSL_NOTHING;
631 return(0);
632 }
633 return(s->method->ssl_read(s,buf,num));
634 }
635
636int SSL_peek(SSL *s,char *buf,int num)
637 {
638 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
639 {
640 return(0);
641 }
642 return(s->method->ssl_peek(s,buf,num));
643 }
644
645int SSL_write(SSL *s,const char *buf,int num)
646 {
647 if (s->handshake_func == 0)
648 {
649 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
650 return -1;
651 }
652
653 if (s->shutdown & SSL_SENT_SHUTDOWN)
654 {
655 s->rwstate=SSL_NOTHING;
656 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
657 return(-1);
658 }
659 return(s->method->ssl_write(s,buf,num));
660 }
661
662int SSL_shutdown(SSL *s)
663 {
664 /* Note that this function behaves differently from what one might
665 * expect. Return values are 0 for no success (yet),
666 * 1 for success; but calling it once is usually not enough,
667 * even if blocking I/O is used (see ssl3_shutdown).
668 */
669
670 if (s->handshake_func == 0)
671 {
672 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
673 return -1;
674 }
675
676 if ((s != NULL) && !SSL_in_init(s))
677 return(s->method->ssl_shutdown(s));
678 else
679 return(1);
680 }
681
682int SSL_renegotiate(SSL *s)
683 {
684 s->new_session=1;
685 return(s->method->ssl_renegotiate(s));
686 }
687
688long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
689 {
690 long l;
691
692 switch (cmd)
693 {
694 case SSL_CTRL_GET_READ_AHEAD:
695 return(s->read_ahead);
696 case SSL_CTRL_SET_READ_AHEAD:
697 l=s->read_ahead;
698 s->read_ahead=larg;
699 return(l);
700 case SSL_CTRL_OPTIONS:
701 return(s->options|=larg);
702 case SSL_CTRL_MODE:
703 return(s->mode|=larg);
704 default:
705 return(s->method->ssl_ctrl(s,cmd,larg,parg));
706 }
707 }
708
709long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
710 {
711 long l;
712
713 switch (cmd)
714 {
715 case SSL_CTRL_GET_READ_AHEAD:
716 return(ctx->read_ahead);
717 case SSL_CTRL_SET_READ_AHEAD:
718 l=ctx->read_ahead;
719 ctx->read_ahead=larg;
720 return(l);
721
722 case SSL_CTRL_SET_SESS_CACHE_SIZE:
723 l=ctx->session_cache_size;
724 ctx->session_cache_size=larg;
725 return(l);
726 case SSL_CTRL_GET_SESS_CACHE_SIZE:
727 return(ctx->session_cache_size);
728 case SSL_CTRL_SET_SESS_CACHE_MODE:
729 l=ctx->session_cache_mode;
730 ctx->session_cache_mode=larg;
731 return(l);
732 case SSL_CTRL_GET_SESS_CACHE_MODE:
733 return(ctx->session_cache_mode);
734
735 case SSL_CTRL_SESS_NUMBER:
736 return(ctx->sessions->num_items);
737 case SSL_CTRL_SESS_CONNECT:
738 return(ctx->stats.sess_connect);
739 case SSL_CTRL_SESS_CONNECT_GOOD:
740 return(ctx->stats.sess_connect_good);
741 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
742 return(ctx->stats.sess_connect_renegotiate);
743 case SSL_CTRL_SESS_ACCEPT:
744 return(ctx->stats.sess_accept);
745 case SSL_CTRL_SESS_ACCEPT_GOOD:
746 return(ctx->stats.sess_accept_good);
747 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
748 return(ctx->stats.sess_accept_renegotiate);
749 case SSL_CTRL_SESS_HIT:
750 return(ctx->stats.sess_hit);
751 case SSL_CTRL_SESS_CB_HIT:
752 return(ctx->stats.sess_cb_hit);
753 case SSL_CTRL_SESS_MISSES:
754 return(ctx->stats.sess_miss);
755 case SSL_CTRL_SESS_TIMEOUTS:
756 return(ctx->stats.sess_timeout);
757 case SSL_CTRL_SESS_CACHE_FULL:
758 return(ctx->stats.sess_cache_full);
759 case SSL_CTRL_OPTIONS:
760 return(ctx->options|=larg);
761 case SSL_CTRL_MODE:
762 return(ctx->mode|=larg);
763 default:
764 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
765 }
766 }
767
768int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
769 {
770 long l;
771
772 l=a->id-b->id;
773 if (l == 0L)
774 return(0);
775 else
776 return((l > 0)?1:-1);
777 }
778
779int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
780 {
781 long l;
782
783 l=(*ap)->id-(*bp)->id;
784 if (l == 0L)
785 return(0);
786 else
787 return((l > 0)?1:-1);
788 }
789
790/** return a STACK of the ciphers available for the SSL and in order of
791 * preference */
792STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
793 {
794 if ((s != NULL) && (s->cipher_list != NULL))
795 {
796 return(s->cipher_list);
797 }
798 else if ((s->ctx != NULL) &&
799 (s->ctx->cipher_list != NULL))
800 {
801 return(s->ctx->cipher_list);
802 }
803 return(NULL);
804 }
805
806/** return a STACK of the ciphers available for the SSL and in order of
807 * algorithm id */
808STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
809 {
810 if ((s != NULL) && (s->cipher_list_by_id != NULL))
811 {
812 return(s->cipher_list_by_id);
813 }
814 else if ((s != NULL) && (s->ctx != NULL) &&
815 (s->ctx->cipher_list_by_id != NULL))
816 {
817 return(s->ctx->cipher_list_by_id);
818 }
819 return(NULL);
820 }
821
822/** The old interface to get the same thing as SSL_get_ciphers() */
823const char *SSL_get_cipher_list(SSL *s,int n)
824 {
825 SSL_CIPHER *c;
826 STACK_OF(SSL_CIPHER) *sk;
827
828 if (s == NULL) return(NULL);
829 sk=SSL_get_ciphers(s);
830 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
831 return(NULL);
832 c=sk_SSL_CIPHER_value(sk,n);
833 if (c == NULL) return(NULL);
834 return(c->name);
835 }
836
837/** specify the ciphers to be used by defaut by the SSL_CTX */
838int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
839 {
840 STACK_OF(SSL_CIPHER) *sk;
841
842 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
843 &ctx->cipher_list_by_id,str);
844/* XXXX */
845 return((sk == NULL)?0:1);
846 }
847
848/** specify the ciphers to be used by the SSL */
849int SSL_set_cipher_list(SSL *s,char *str)
850 {
851 STACK_OF(SSL_CIPHER) *sk;
852
853 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
854 &s->cipher_list_by_id,str);
855/* XXXX */
856 return((sk == NULL)?0:1);
857 }
858
859/* works well for SSLv2, not so good for SSLv3 */
860char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
861 {
862 char *p;
863 const char *cp;
864 STACK_OF(SSL_CIPHER) *sk;
865 SSL_CIPHER *c;
866 int i;
867
868 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
869 (len < 2))
870 return(NULL);
871
872 p=buf;
873 sk=s->session->ciphers;
874 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
875 {
876 /* Decrement for either the ':' or a '\0' */
877 len--;
878 c=sk_SSL_CIPHER_value(sk,i);
879 for (cp=c->name; *cp; )
880 {
881 if (len-- == 0)
882 {
883 *p='\0';
884 return(buf);
885 }
886 else
887 *(p++)= *(cp++);
888 }
889 *(p++)=':';
890 }
891 p[-1]='\0';
892 return(buf);
893 }
894
895int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
896 {
897 int i,j=0;
898 SSL_CIPHER *c;
899 unsigned char *q;
900
901 if (sk == NULL) return(0);
902 q=p;
903
904 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
905 {
906 c=sk_SSL_CIPHER_value(sk,i);
907 j=ssl_put_cipher_by_char(s,c,p);
908 p+=j;
909 }
910 return(p-q);
911 }
912
913STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
914 STACK_OF(SSL_CIPHER) **skp)
915 {
916 SSL_CIPHER *c;
917 STACK_OF(SSL_CIPHER) *sk;
918 int i,n;
919
920 n=ssl_put_cipher_by_char(s,NULL,NULL);
921 if ((num%n) != 0)
922 {
923 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
924 return(NULL);
925 }
926 if ((skp == NULL) || (*skp == NULL))
927 sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
928 else
929 {
930 sk= *skp;
931 sk_SSL_CIPHER_zero(sk);
932 }
933
934 for (i=0; i<num; i+=n)
935 {
936 c=ssl_get_cipher_by_char(s,p);
937 p+=n;
938 if (c != NULL)
939 {
940 if (!sk_SSL_CIPHER_push(sk,c))
941 {
942 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
943 goto err;
944 }
945 }
946 }
947
948 if (skp != NULL)
949 *skp=sk;
950 return(sk);
951err:
952 if ((skp == NULL) || (*skp == NULL))
953 sk_SSL_CIPHER_free(sk);
954 return(NULL);
955 }
956
957unsigned long SSL_SESSION_hash(SSL_SESSION *a)
958 {
959 unsigned long l;
960
961 l=(unsigned long)
962 ((unsigned int) a->session_id[0] )|
963 ((unsigned int) a->session_id[1]<< 8L)|
964 ((unsigned long)a->session_id[2]<<16L)|
965 ((unsigned long)a->session_id[3]<<24L);
966 return(l);
967 }
968
969int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
970 {
971 if (a->ssl_version != b->ssl_version)
972 return(1);
973 if (a->session_id_length != b->session_id_length)
974 return(1);
975 return(memcmp(a->session_id,b->session_id,a->session_id_length));
976 }
977
978SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
979 {
980 SSL_CTX *ret=NULL;
981
982 if (meth == NULL)
983 {
984 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
985 return(NULL);
986 }
987
988 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
989 {
990 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
991 goto err;
992 }
993 ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
994 if (ret == NULL)
995 goto err;
996
997 memset(ret,0,sizeof(SSL_CTX));
998
999 ret->method=meth;
1000
1001 ret->cert_store=NULL;
1002 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1003 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1004 ret->session_cache_head=NULL;
1005 ret->session_cache_tail=NULL;
1006
1007 /* We take the system default */
1008 ret->session_timeout=meth->get_timeout();
1009
1010 ret->new_session_cb=NULL;
1011 ret->remove_session_cb=NULL;
1012 ret->get_session_cb=NULL;
1013
1014 memset((char *)&ret->stats,0,sizeof(ret->stats));
1015
1016 ret->references=1;
1017 ret->quiet_shutdown=0;
1018
1019/* ret->cipher=NULL;*/
1020/* ret->s2->challenge=NULL;
1021 ret->master_key=NULL;
1022 ret->key_arg=NULL;
1023 ret->s2->conn_id=NULL; */
1024
1025 ret->info_callback=NULL;
1026
1027 ret->app_verify_callback=NULL;
1028 ret->app_verify_arg=NULL;
1029
1030 ret->read_ahead=0;
1031 ret->verify_mode=SSL_VERIFY_NONE;
1032 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1033 ret->default_verify_callback=NULL;
1034 if ((ret->cert=ssl_cert_new()) == NULL)
1035 goto err;
1036
1037 ret->default_passwd_callback=NULL;
1038 ret->default_passwd_callback_userdata=NULL;
1039 ret->client_cert_cb=NULL;
1040
1041 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
1042 if (ret->sessions == NULL) goto err;
1043 ret->cert_store=X509_STORE_new();
1044 if (ret->cert_store == NULL) goto err;
1045
1046 ssl_create_cipher_list(ret->method,
1047 &ret->cipher_list,&ret->cipher_list_by_id,
1048 SSL_DEFAULT_CIPHER_LIST);
1049 if (ret->cipher_list == NULL
1050 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1051 {
1052 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1053 goto err2;
1054 }
1055
1056 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1057 {
1058 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1059 goto err2;
1060 }
1061 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1062 {
1063 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1064 goto err2;
1065 }
1066 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1067 {
1068 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1069 goto err2;
1070 }
1071
1072 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1073 goto err;
1074
1075 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
1076
1077 ret->extra_certs=NULL;
1078 ret->comp_methods=SSL_COMP_get_compression_methods();
1079
1080 return(ret);
1081err:
1082 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1083err2:
1084 if (ret != NULL) SSL_CTX_free(ret);
1085 return(NULL);
1086 }
1087
1088static void SSL_COMP_free(SSL_COMP *comp)
1089 { Free(comp); }
1090
1091void SSL_CTX_free(SSL_CTX *a)
1092 {
1093 int i;
1094
1095 if (a == NULL) return;
1096
1097 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1098#ifdef REF_PRINT
1099 REF_PRINT("SSL_CTX",a);
1100#endif
1101 if (i > 0) return;
1102#ifdef REF_CHECK
1103 if (i < 0)
1104 {
1105 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1106 abort(); /* ok */
1107 }
1108#endif
1109 CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
1110
1111 if (a->sessions != NULL)
1112 {
1113 SSL_CTX_flush_sessions(a,0);
1114 lh_free(a->sessions);
1115 }
1116 if (a->cert_store != NULL)
1117 X509_STORE_free(a->cert_store);
1118 if (a->cipher_list != NULL)
1119 sk_SSL_CIPHER_free(a->cipher_list);
1120 if (a->cipher_list_by_id != NULL)
1121 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1122 if (a->cert != NULL)
1123 ssl_cert_free(a->cert);
1124 if (a->client_CA != NULL)
1125 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1126 if (a->extra_certs != NULL)
1127 sk_X509_pop_free(a->extra_certs,X509_free);
1128 if (a->comp_methods != NULL)
1129 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1130 Free((char *)a);
1131 }
1132
1133void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1134 {
1135 ctx->default_passwd_callback=cb;
1136 }
1137
1138void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1139 {
1140 ctx->default_passwd_callback_userdata=u;
1141 }
1142
1143void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
1144 {
1145 /* now
1146 * int (*cb)(X509_STORE_CTX *),
1147 * but should be
1148 * int (*cb)(X509_STORE_CTX *, void *arg)
1149 */
1150 ctx->app_verify_callback=cb;
1151 ctx->app_verify_arg=arg; /* never used */
1152 }
1153
1154void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1155 {
1156 ctx->verify_mode=mode;
1157 ctx->default_verify_callback=cb;
1158 /* This needs cleaning up EAY EAY EAY */
1159 X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1160 }
1161
1162void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1163 {
1164 ctx->verify_depth=depth;
1165 }
1166
1167void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1168 {
1169 CERT_PKEY *cpk;
1170 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1171 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1172 int rsa_tmp_export,dh_tmp_export,kl;
1173 unsigned long mask,emask;
1174
1175 if (c == NULL) return;
1176
1177 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1178
1179#ifndef NO_RSA
1180 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1181 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1182 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1183#else
1184 rsa_tmp=rsa_tmp_export=0;
1185#endif
1186#ifndef NO_DH
1187 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1188 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1189 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1190#else
1191 dh_tmp=dh_tmp_export=0;
1192#endif
1193
1194 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1195 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1196 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1197 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1198 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1199 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1200 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1201 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1202 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1203 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1204 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1205/* FIX THIS EAY EAY EAY */
1206 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1207 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1208
1209 mask=0;
1210 emask=0;
1211
1212#ifdef CIPHER_DEBUG
1213 printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1214 rsa_tmp,rsa_tmp_export,dh_tmp,
1215 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1216#endif
1217
1218 if (rsa_enc || (rsa_tmp && rsa_sign))
1219 mask|=SSL_kRSA;
1220 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1221 emask|=SSL_kRSA;
1222
1223#if 0
1224 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1225 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1226 (rsa_enc || rsa_sign || dsa_sign))
1227 mask|=SSL_kEDH;
1228 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1229 (rsa_enc || rsa_sign || dsa_sign))
1230 emask|=SSL_kEDH;
1231#endif
1232
1233 if (dh_tmp_export)
1234 emask|=SSL_kEDH;
1235
1236 if (dh_tmp)
1237 mask|=SSL_kEDH;
1238
1239 if (dh_rsa) mask|=SSL_kDHr;
1240 if (dh_rsa_export) emask|=SSL_kDHr;
1241
1242 if (dh_dsa) mask|=SSL_kDHd;
1243 if (dh_dsa_export) emask|=SSL_kDHd;
1244
1245 if (rsa_enc || rsa_sign)
1246 {
1247 mask|=SSL_aRSA;
1248 emask|=SSL_aRSA;
1249 }
1250
1251 if (dsa_sign)
1252 {
1253 mask|=SSL_aDSS;
1254 emask|=SSL_aDSS;
1255 }
1256
1257#ifdef SSL_ALLOW_ADH
1258 mask|=SSL_aNULL;
1259 emask|=SSL_aNULL;
1260#endif
1261
1262 c->mask=mask;
1263 c->export_mask=emask;
1264 c->valid=1;
1265 }
1266
1267/* THIS NEEDS CLEANING UP */
1268X509 *ssl_get_server_send_cert(SSL *s)
1269 {
1270 unsigned long alg,mask,kalg;
1271 CERT *c;
1272 int i,is_export;
1273
1274 c=s->cert;
1275 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
1276 alg=s->s3->tmp.new_cipher->algorithms;
1277 is_export=SSL_IS_EXPORT(alg);
1278 mask=is_export?c->export_mask:c->mask;
1279 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1280
1281 if (kalg & SSL_kDHr)
1282 i=SSL_PKEY_DH_RSA;
1283 else if (kalg & SSL_kDHd)
1284 i=SSL_PKEY_DH_DSA;
1285 else if (kalg & SSL_aDSS)
1286 i=SSL_PKEY_DSA_SIGN;
1287 else if (kalg & SSL_aRSA)
1288 {
1289 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1290 i=SSL_PKEY_RSA_SIGN;
1291 else
1292 i=SSL_PKEY_RSA_ENC;
1293 }
1294 else /* if (kalg & SSL_aNULL) */
1295 {
1296 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
1297 return(NULL);
1298 }
1299 if (c->pkeys[i].x509 == NULL) return(NULL);
1300 return(c->pkeys[i].x509);
1301 }
1302
1303EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1304 {
1305 unsigned long alg;
1306 CERT *c;
1307
1308 alg=cipher->algorithms;
1309 c=s->cert;
1310
1311 if ((alg & SSL_aDSS) &&
1312 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1313 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1314 else if (alg & SSL_aRSA)
1315 {
1316 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1317 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
1318 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
1319 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
1320 else
1321 return(NULL);
1322 }
1323 else /* if (alg & SSL_aNULL) */
1324 {
1325 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
1326 return(NULL);
1327 }
1328 }
1329
1330void ssl_update_cache(SSL *s,int mode)
1331 {
1332 int i;
1333
1334 /* If the session_id_length is 0, we are not supposed to cache it,
1335 * and it would be rather hard to do anyway :-) */
1336 if (s->session->session_id_length == 0) return;
1337
1338 if ((s->ctx->session_cache_mode & mode)
1339 && (!s->hit)
1340 && SSL_CTX_add_session(s->ctx,s->session)
1341 && (s->ctx->new_session_cb != NULL))
1342 {
1343 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1344 if (!s->ctx->new_session_cb(s,s->session))
1345 SSL_SESSION_free(s->session);
1346 }
1347
1348 /* auto flush every 255 connections */
1349 i=s->ctx->session_cache_mode;
1350 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1351 ((i & mode) == mode))
1352 {
1353 if ( (((mode & SSL_SESS_CACHE_CLIENT)
1354 ?s->ctx->stats.sess_connect_good
1355 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1356 {
1357 SSL_CTX_flush_sessions(s->ctx,time(NULL));
1358 }
1359 }
1360 }
1361
1362SSL_METHOD *SSL_get_ssl_method(SSL *s)
1363 {
1364 return(s->method);
1365 }
1366
1367int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
1368 {
1369 int conn= -1;
1370 int ret=1;
1371
1372 if (s->method != meth)
1373 {
1374 if (s->handshake_func != NULL)
1375 conn=(s->handshake_func == s->method->ssl_connect);
1376
1377 if (s->method->version == meth->version)
1378 s->method=meth;
1379 else
1380 {
1381 s->method->ssl_free(s);
1382 s->method=meth;
1383 ret=s->method->ssl_new(s);
1384 }
1385
1386 if (conn == 1)
1387 s->handshake_func=meth->ssl_connect;
1388 else if (conn == 0)
1389 s->handshake_func=meth->ssl_accept;
1390 }
1391 return(ret);
1392 }
1393
1394int SSL_get_error(SSL *s,int i)
1395 {
1396 int reason;
1397 unsigned long l;
1398 BIO *bio;
1399
1400 if (i > 0) return(SSL_ERROR_NONE);
1401
1402 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
1403 * etc, where we do encode the error */
1404 if ((l=ERR_peek_error()) != 0)
1405 {
1406 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
1407 return(SSL_ERROR_SYSCALL);
1408 else
1409 return(SSL_ERROR_SSL);
1410 }
1411
1412 if ((i < 0) && SSL_want_read(s))
1413 {
1414 bio=SSL_get_rbio(s);
1415 if (BIO_should_read(bio))
1416 return(SSL_ERROR_WANT_READ);
1417 else if (BIO_should_write(bio))
1418 /* This one doesn't make too much sense ... We never try
1419 * to write to the rbio, and an application program where
1420 * rbio and wbio are separate couldn't even know what it
1421 * should wait for.
1422 * However if we ever set s->rwstate incorrectly
1423 * (so that we have SSL_want_read(s) instead of
1424 * SSL_want_write(s)) and rbio and wbio *are* the same,
1425 * this test works around that bug; so it might be safer
1426 * to keep it. */
1427 return(SSL_ERROR_WANT_WRITE);
1428 else if (BIO_should_io_special(bio))
1429 {
1430 reason=BIO_get_retry_reason(bio);
1431 if (reason == BIO_RR_CONNECT)
1432 return(SSL_ERROR_WANT_CONNECT);
1433 else
1434 return(SSL_ERROR_SYSCALL); /* unknown */
1435 }
1436 }
1437
1438 if ((i < 0) && SSL_want_write(s))
1439 {
1440 bio=SSL_get_wbio(s);
1441 if (BIO_should_write(bio))
1442 return(SSL_ERROR_WANT_WRITE);
1443 else if (BIO_should_read(bio))
1444 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
1445 return(SSL_ERROR_WANT_READ);
1446 else if (BIO_should_io_special(bio))
1447 {
1448 reason=BIO_get_retry_reason(bio);
1449 if (reason == BIO_RR_CONNECT)
1450 return(SSL_ERROR_WANT_CONNECT);
1451 else
1452 return(SSL_ERROR_SYSCALL);
1453 }
1454 }
1455 if ((i < 0) && SSL_want_x509_lookup(s))
1456 {
1457 return(SSL_ERROR_WANT_X509_LOOKUP);
1458 }
1459
1460 if (i == 0)
1461 {
1462 if (s->version == SSL2_VERSION)
1463 {
1464 /* assume it is the socket being closed */
1465 return(SSL_ERROR_ZERO_RETURN);
1466 }
1467 else
1468 {
1469 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
1470 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
1471 return(SSL_ERROR_ZERO_RETURN);
1472 }
1473 }
1474 return(SSL_ERROR_SYSCALL);
1475 }
1476
1477int SSL_do_handshake(SSL *s)
1478 {
1479 int ret=1;
1480
1481 if (s->handshake_func == NULL)
1482 {
1483 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
1484 return(-1);
1485 }
1486
1487 s->method->ssl_renegotiate_check(s);
1488
1489 if (SSL_in_init(s) || SSL_in_before(s))
1490 {
1491 ret=s->handshake_func(s);
1492 }
1493 return(ret);
1494 }
1495
1496/* For the next 2 functions, SSL_clear() sets shutdown and so
1497 * one of these calls will reset it */
1498void SSL_set_accept_state(SSL *s)
1499 {
1500 s->server=1;
1501 s->shutdown=0;
1502 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
1503 s->handshake_func=s->method->ssl_accept;
1504 /* clear the current cipher */
1505 ssl_clear_cipher_ctx(s);
1506 }
1507
1508void SSL_set_connect_state(SSL *s)
1509 {
1510 s->server=0;
1511 s->shutdown=0;
1512 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
1513 s->handshake_func=s->method->ssl_connect;
1514 /* clear the current cipher */
1515 ssl_clear_cipher_ctx(s);
1516 }
1517
1518int ssl_undefined_function(SSL *s)
1519 {
1520 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1521 return(0);
1522 }
1523
1524SSL_METHOD *ssl_bad_method(int ver)
1525 {
1526 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1527 return(NULL);
1528 }
1529
1530char *SSL_get_version(SSL *s)
1531 {
1532 if (s->version == TLS1_VERSION)
1533 return("TLSv1");
1534 else if (s->version == SSL3_VERSION)
1535 return("SSLv3");
1536 else if (s->version == SSL2_VERSION)
1537 return("SSLv2");
1538 else
1539 return("unknown");
1540 }
1541
1542SSL *SSL_dup(SSL *s)
1543 {
1544 STACK_OF(X509_NAME) *sk;
1545 X509_NAME *xn;
1546 SSL *ret;
1547 int i;
1548
1549 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
1550 return(NULL);
1551
1552 if (s->session != NULL)
1553 {
1554 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
1555 SSL_copy_session_id(ret,s);
1556 }
1557 else
1558 {
1559 /* No session has been established yet, so we have to expect
1560 * that s->cert or ret->cert will be changed later --
1561 * they should not both point to the same object,
1562 * and thus we can't use SSL_copy_session_id. */
1563
1564 ret->method = s->method;
1565 ret->method->ssl_new(ret);
1566
1567 if (s->cert != NULL)
1568 {
1569 ret->cert = ssl_cert_dup(s->cert);
1570 if (ret->cert == NULL)
1571 goto err;
1572 }
1573
1574 SSL_set_session_id_context(ret,
1575 s->sid_ctx, s->sid_ctx_length);
1576 }
1577
1578 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1579 SSL_set_verify(ret,SSL_get_verify_mode(s),
1580 SSL_get_verify_callback(s));
1581 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
1582
1583 SSL_set_info_callback(ret,SSL_get_info_callback(s));
1584
1585 ret->debug=s->debug;
1586 ret->options=s->options;
1587
1588 /* copy app data, a little dangerous perhaps */
1589 if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
1590 goto err;
1591
1592 /* setup rbio, and wbio */
1593 if (s->rbio != NULL)
1594 {
1595 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
1596 goto err;
1597 }
1598 if (s->wbio != NULL)
1599 {
1600 if (s->wbio != s->rbio)
1601 {
1602 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
1603 goto err;
1604 }
1605 else
1606 ret->wbio=ret->rbio;
1607 }
1608
1609 /* dup the cipher_list and cipher_list_by_id stacks */
1610 if (s->cipher_list != NULL)
1611 {
1612 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
1613 goto err;
1614 }
1615 if (s->cipher_list_by_id != NULL)
1616 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
1617 == NULL)
1618 goto err;
1619
1620 /* Dup the client_CA list */
1621 if (s->client_CA != NULL)
1622 {
1623 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
1624 ret->client_CA=sk;
1625 for (i=0; i<sk_X509_NAME_num(sk); i++)
1626 {
1627 xn=sk_X509_NAME_value(sk,i);
1628 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
1629 {
1630 X509_NAME_free(xn);
1631 goto err;
1632 }
1633 }
1634 }
1635
1636 ret->shutdown=s->shutdown;
1637 ret->state=s->state;
1638 ret->handshake_func=s->handshake_func;
1639 ret->server=s->server;
1640
1641 if (0)
1642 {
1643err:
1644 if (ret != NULL) SSL_free(ret);
1645 ret=NULL;
1646 }
1647 return(ret);
1648 }
1649
1650void ssl_clear_cipher_ctx(SSL *s)
1651 {
1652 if (s->enc_read_ctx != NULL)
1653 {
1654 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
1655 Free(s->enc_read_ctx);
1656 s->enc_read_ctx=NULL;
1657 }
1658 if (s->enc_write_ctx != NULL)
1659 {
1660 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
1661 Free(s->enc_write_ctx);
1662 s->enc_write_ctx=NULL;
1663 }
1664 if (s->expand != NULL)
1665 {
1666 COMP_CTX_free(s->expand);
1667 s->expand=NULL;
1668 }
1669 if (s->compress != NULL)
1670 {
1671 COMP_CTX_free(s->compress);
1672 s->compress=NULL;
1673 }
1674 }
1675
1676/* Fix this function so that it takes an optional type parameter */
1677X509 *SSL_get_certificate(SSL *s)
1678 {
1679 if (s->cert != NULL)
1680 return(s->cert->key->x509);
1681 else
1682 return(NULL);
1683 }
1684
1685/* Fix this function so that it takes an optional type parameter */
1686EVP_PKEY *SSL_get_privatekey(SSL *s)
1687 {
1688 if (s->cert != NULL)
1689 return(s->cert->key->privatekey);
1690 else
1691 return(NULL);
1692 }
1693
1694SSL_CIPHER *SSL_get_current_cipher(SSL *s)
1695 {
1696 if ((s->session != NULL) && (s->session->cipher != NULL))
1697 return(s->session->cipher);
1698 return(NULL);
1699 }
1700
1701int ssl_init_wbio_buffer(SSL *s,int push)
1702 {
1703 BIO *bbio;
1704
1705 if (s->bbio == NULL)
1706 {
1707 bbio=BIO_new(BIO_f_buffer());
1708 if (bbio == NULL) return(0);
1709 s->bbio=bbio;
1710 }
1711 else
1712 {
1713 bbio=s->bbio;
1714 if (s->bbio == s->wbio)
1715 s->wbio=BIO_pop(s->wbio);
1716 }
1717 (void)BIO_reset(bbio);
1718/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1719 if (!BIO_set_read_buffer_size(bbio,1))
1720 {
1721 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
1722 return(0);
1723 }
1724 if (push)
1725 {
1726 if (s->wbio != bbio)
1727 s->wbio=BIO_push(bbio,s->wbio);
1728 }
1729 else
1730 {
1731 if (s->wbio == bbio)
1732 s->wbio=BIO_pop(bbio);
1733 }
1734 return(1);
1735 }
1736
1737void ssl_free_wbio_buffer(SSL *s)
1738 {
1739 BIO *under;
1740
1741 if (s->bbio == NULL) return;
1742
1743 if (s->bbio == s->wbio)
1744 {
1745 /* remove buffering */
1746 under=BIO_pop(s->wbio);
1747 if (under != NULL)
1748 s->wbio=under;
1749 else
1750 abort(); /* ok */
1751 }
1752 BIO_free(s->bbio);
1753 s->bbio=NULL;
1754 }
1755
1756void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
1757 {
1758 ctx->quiet_shutdown=mode;
1759 }
1760
1761int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
1762 {
1763 return(ctx->quiet_shutdown);
1764 }
1765
1766void SSL_set_quiet_shutdown(SSL *s,int mode)
1767 {
1768 s->quiet_shutdown=mode;
1769 }
1770
1771int SSL_get_quiet_shutdown(SSL *s)
1772 {
1773 return(s->quiet_shutdown);
1774 }
1775
1776void SSL_set_shutdown(SSL *s,int mode)
1777 {
1778 s->shutdown=mode;
1779 }
1780
1781int SSL_get_shutdown(SSL *s)
1782 {
1783 return(s->shutdown);
1784 }
1785
1786int SSL_version(SSL *s)
1787 {
1788 return(s->version);
1789 }
1790
1791SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
1792 {
1793 return(ssl->ctx);
1794 }
1795
1796#ifndef NO_STDIO
1797int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
1798 {
1799 return(X509_STORE_set_default_paths(ctx->cert_store));
1800 }
1801
1802int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1803 const char *CApath)
1804 {
1805 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
1806 }
1807#endif
1808
1809void SSL_set_info_callback(SSL *ssl,void (*cb)())
1810 {
1811 ssl->info_callback=cb;
1812 }
1813
1814void (*SSL_get_info_callback(SSL *ssl))(void)
1815 {
1816 return((void (*)())ssl->info_callback);
1817 }
1818
1819int SSL_state(SSL *ssl)
1820 {
1821 return(ssl->state);
1822 }
1823
1824void SSL_set_verify_result(SSL *ssl,long arg)
1825 {
1826 ssl->verify_result=arg;
1827 }
1828
1829long SSL_get_verify_result(SSL *ssl)
1830 {
1831 return(ssl->verify_result);
1832 }
1833
1834int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
1835 int (*dup_func)(),void (*free_func)())
1836 {
1837 ssl_meth_num++;
1838 return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
1839 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1840 }
1841
1842int SSL_set_ex_data(SSL *s,int idx,void *arg)
1843 {
1844 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1845 }
1846
1847void *SSL_get_ex_data(SSL *s,int idx)
1848 {
1849 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1850 }
1851
1852int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
1853 int (*dup_func)(),void (*free_func)())
1854 {
1855 ssl_ctx_meth_num++;
1856 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
1857 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1858 }
1859
1860int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
1861 {
1862 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1863 }
1864
1865void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
1866 {
1867 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1868 }
1869
1870int ssl_ok(SSL *s)
1871 {
1872 return(1);
1873 }
1874
1875X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
1876 {
1877 return(ctx->cert_store);
1878 }
1879
1880void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
1881 {
1882 if (ctx->cert_store != NULL)
1883 X509_STORE_free(ctx->cert_store);
1884 ctx->cert_store=store;
1885 }
1886
1887int SSL_want(SSL *s)
1888 {
1889 return(s->rwstate);
1890 }
1891
1892/*!
1893 * \brief Set the callback for generating temporary RSA keys.
1894 * \param ctx the SSL context.
1895 * \param cb the callback
1896 */
1897
1898#ifndef NO_RSA
1899void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
1900 int is_export,
1901 int keylength))
1902 { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
1903#endif
1904
1905#ifndef NO_RSA
1906void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
1907 int keylength))
1908 { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
1909#endif
1910
1911#ifdef DOXYGEN
1912/*!
1913 * \brief The RSA temporary key callback function.
1914 * \param ssl the SSL session.
1915 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
1916 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
1917 * of the required key in bits.
1918 * \return the temporary RSA key.
1919 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
1920 */
1921
1922RSA *cb(SSL *ssl,int is_export,int keylength)
1923 {}
1924#endif
1925
1926/*!
1927 * \brief Set the callback for generating temporary DH keys.
1928 * \param ctx the SSL context.
1929 * \param dh the callback
1930 */
1931
1932#ifndef NO_DH
1933void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
1934 int keylength))
1935 { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
1936
1937void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
1938 int keylength))
1939 { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
1940#endif
1941
1942#if defined(_WINDLL) && defined(WIN16)
1943#include "../crypto/bio/bss_file.c"
1944#endif
1945
1946IMPLEMENT_STACK_OF(SSL_CIPHER)
1947IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index 0bfd57db32..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,499 +0,0 @@
1/* ssl/ssl_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL_LOCL_H
60#define HEADER_SSL_LOCL_H
61#include <stdlib.h>
62#include <time.h>
63#include <string.h>
64#include <errno.h>
65
66#include "openssl/e_os.h"
67
68#include <openssl/buffer.h>
69#include <openssl/comp.h>
70#include <openssl/bio.h>
71#include <openssl/crypto.h>
72#include <openssl/evp.h>
73#include <openssl/stack.h>
74#include <openssl/x509.h>
75#include <openssl/err.h>
76#include <openssl/ssl.h>
77
78#define PKCS1_CHECK
79
80#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
81 l|=(((unsigned long)(*((c)++)))<< 8), \
82 l|=(((unsigned long)(*((c)++)))<<16), \
83 l|=(((unsigned long)(*((c)++)))<<24))
84
85/* NOTE - c is not incremented as per c2l */
86#define c2ln(c,l1,l2,n) { \
87 c+=n; \
88 l1=l2=0; \
89 switch (n) { \
90 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
91 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
92 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
93 case 5: l2|=((unsigned long)(*(--(c)))); \
94 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
95 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
96 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
97 case 1: l1|=((unsigned long)(*(--(c)))); \
98 } \
99 }
100
101#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
102 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
103 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
104 *((c)++)=(unsigned char)(((l)>>24)&0xff))
105
106#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
107 l|=((unsigned long)(*((c)++)))<<16, \
108 l|=((unsigned long)(*((c)++)))<< 8, \
109 l|=((unsigned long)(*((c)++))))
110
111#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
112 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
113 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
114 *((c)++)=(unsigned char)(((l) )&0xff))
115
116/* NOTE - c is not incremented as per l2c */
117#define l2cn(l1,l2,c,n) { \
118 c+=n; \
119 switch (n) { \
120 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
121 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
122 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
123 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
124 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
125 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
126 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
127 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
128 } \
129 }
130
131#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
132 (((unsigned int)(c[1])) )),c+=2)
133#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
134 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
135
136#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
137 (((unsigned long)(c[1]))<< 8)| \
138 (((unsigned long)(c[2])) )),c+=3)
139
140#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
141 c[1]=(unsigned char)(((l)>> 8)&0xff), \
142 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
143
144/* LOCAL STUFF */
145
146#define SSL_DECRYPT 0
147#define SSL_ENCRYPT 1
148
149#define TWO_BYTE_BIT 0x80
150#define SEC_ESC_BIT 0x40
151#define TWO_BYTE_MASK 0x7fff
152#define THREE_BYTE_MASK 0x3fff
153
154#define INC32(a) ((a)=((a)+1)&0xffffffffL)
155#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
156#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
157
158#define SSL_MKEY_MASK 0x0000001FL
159#define SSL_kRSA 0x00000001L /* RSA key exchange */
160#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
161#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
162#define SSL_kFZA 0x00000008L
163#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
164#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
165
166#define SSL_AUTH_MASK 0x000003e0L
167#define SSL_aRSA 0x00000020L /* Authenticate with RSA */
168#define SSL_aDSS 0x00000040L /* Authenticate with DSS */
169#define SSL_DSS SSL_aDSS
170#define SSL_aFZA 0x00000080L
171#define SSL_aNULL 0x00000100L /* no Authenticate, ADH */
172#define SSL_aDH 0x00000200L /* no Authenticate, ADH */
173
174#define SSL_NULL (SSL_eNULL)
175#define SSL_ADH (SSL_kEDH|SSL_aNULL)
176#define SSL_RSA (SSL_kRSA|SSL_aRSA)
177#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
178#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
179
180#define SSL_ENC_MASK 0x0001Fc00L
181#define SSL_DES 0x00000400L
182#define SSL_3DES 0x00000800L
183#define SSL_RC4 0x00001000L
184#define SSL_RC2 0x00002000L
185#define SSL_IDEA 0x00004000L
186#define SSL_eFZA 0x00008000L
187#define SSL_eNULL 0x00010000L
188
189#define SSL_MAC_MASK 0x00060000L
190#define SSL_MD5 0x00020000L
191#define SSL_SHA1 0x00040000L
192#define SSL_SHA (SSL_SHA1)
193
194#define SSL_EXP_MASK 0x00300000L
195#define SSL_EXP40 0x00100000L
196#define SSL_NOT_EXP 0x00200000L
197#define SSL_EXP56 0x00300000L
198#define SSL_IS_EXPORT(a) ((a)&SSL_EXP40)
199#define SSL_IS_EXPORT56(a) (((a)&SSL_EXP_MASK) == SSL_EXP56)
200#define SSL_IS_EXPORT40(a) (((a)&SSL_EXP_MASK) == SSL_EXP40)
201#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algorithms)
202#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algorithms)
203#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algorithms)
204#define SSL_EXPORT_KEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 5 : \
205 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
206#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
207#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms)
208#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algorithms)
209
210#define SSL_SSL_MASK 0x00c00000L
211#define SSL_SSLV2 0x00400000L
212#define SSL_SSLV3 0x00800000L
213#define SSL_TLSV1 SSL_SSLV3 /* for now */
214
215#define SSL_STRONG_MASK 0x07000000L
216#define SSL_LOW 0x01000000L
217#define SSL_MEDIUM 0x02000000L
218#define SSL_HIGH 0x04000000L
219
220/* we have used 0fffffff - 4 bits left to go */
221#define SSL_ALL 0xffffffffL
222#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
223 SSL_MAC_MASK|SSL_EXP_MASK)
224
225/* Mostly for SSLv3 */
226#define SSL_PKEY_RSA_ENC 0
227#define SSL_PKEY_RSA_SIGN 1
228#define SSL_PKEY_DSA_SIGN 2
229#define SSL_PKEY_DH_RSA 3
230#define SSL_PKEY_DH_DSA 4
231#define SSL_PKEY_NUM 5
232
233/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
234 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
235 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
236 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
237 * SSL_aRSA <- RSA_ENC | RSA_SIGN
238 * SSL_aDSS <- DSA_SIGN
239 */
240
241/*
242#define CERT_INVALID 0
243#define CERT_PUBLIC_KEY 1
244#define CERT_PRIVATE_KEY 2
245*/
246
247typedef struct cert_pkey_st
248 {
249 X509 *x509;
250 EVP_PKEY *privatekey;
251 } CERT_PKEY;
252
253typedef struct cert_st
254 {
255 /* Current active set */
256 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
257 * Probably it would make more sense to store
258 * an index, not a pointer. */
259
260 /* The following masks are for the key and auth
261 * algorithms that are supported by the certs below */
262 int valid;
263 unsigned long mask;
264 unsigned long export_mask;
265#ifndef NO_RSA
266 RSA *rsa_tmp;
267 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
268#endif
269#ifndef NO_DH
270 DH *dh_tmp;
271 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
272#endif
273
274 CERT_PKEY pkeys[SSL_PKEY_NUM];
275
276 int references; /* >1 only if SSL_copy_session_id is used */
277 } CERT;
278
279
280typedef struct sess_cert_st
281 {
282 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
283
284 /* The 'peer_...' members are used only by clients. */
285 int peer_cert_type;
286
287 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
288 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
289 /* Obviously we don't have the private keys of these,
290 * so maybe we shouldn't even use the CERT_PKEY type here. */
291
292#ifndef NO_RSA
293 RSA *peer_rsa_tmp; /* not used for SSL 2 */
294#endif
295#ifndef NO_DH
296 DH *peer_dh_tmp; /* not used for SSL 2 */
297#endif
298
299 int references; /* actually always 1 at the moment */
300 } SESS_CERT;
301
302
303/*#define MAC_DEBUG */
304
305/*#define ERR_DEBUG */
306/*#define ABORT_DEBUG */
307/*#define PKT_DEBUG 1 */
308/*#define DES_DEBUG */
309/*#define DES_OFB_DEBUG */
310/*#define SSL_DEBUG */
311/*#define RSA_DEBUG */
312/*#define IDEA_DEBUG */
313
314#define FP_ICC (int (*)(const void *,const void *))
315#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
316 ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
317#define ssl_get_cipher_by_char(ssl,ptr) \
318 ((ssl)->method->get_cipher_by_char(ptr))
319
320/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
321 * It is a bit of a mess of functions, but hell, think of it as
322 * an opaque strucute :-) */
323typedef struct ssl3_enc_method
324 {
325 int (*enc)();
326 int (*mac)();
327 int (*setup_key_block)();
328 int (*generate_master_secret)();
329 int (*change_cipher_state)();
330 int (*final_finish_mac)();
331 int finish_mac_length;
332 int (*cert_verify_mac)();
333 unsigned char client_finished[20];
334 int client_finished_len;
335 unsigned char server_finished[20];
336 int server_finished_len;
337 int (*alert_value)();
338 } SSL3_ENC_METHOD;
339
340/* Used for holding the relevant compression methods loaded into SSL_CTX */
341typedef struct ssl3_comp_st
342 {
343 int comp_id; /* The identifer byte for this compression type */
344 char *name; /* Text name used for the compression type */
345 COMP_METHOD *method; /* The method :-) */
346 } SSL3_COMP;
347
348OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
349OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
350OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
351
352#ifdef VMS
353#undef SSL_COMP_get_compression_methods
354#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
355#endif
356
357
358SSL_METHOD *ssl_bad_method(int ver);
359SSL_METHOD *sslv2_base_method(void);
360SSL_METHOD *sslv23_base_method(void);
361SSL_METHOD *sslv3_base_method(void);
362
363void ssl_clear_cipher_ctx(SSL *s);
364int ssl_clear_bad_session(SSL *s);
365CERT *ssl_cert_new(void);
366CERT *ssl_cert_dup(CERT *cert);
367int ssl_cert_inst(CERT **o);
368void ssl_cert_free(CERT *c);
369SESS_CERT *ssl_sess_cert_new(void);
370void ssl_sess_cert_free(SESS_CERT *sc);
371int ssl_set_peer_cert_type(SESS_CERT *c, int type);
372int ssl_get_new_session(SSL *s, int session);
373int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
374int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
375int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
376STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
377 STACK_OF(SSL_CIPHER) **skp);
378int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
379STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *meth,
380 STACK_OF(SSL_CIPHER) **pref,
381 STACK_OF(SSL_CIPHER) **sorted,
382 char *str);
383void ssl_update_cache(SSL *s, int mode);
384int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
385 SSL_COMP **comp);
386int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
387int ssl_undefined_function(SSL *s);
388X509 *ssl_get_server_send_cert(SSL *);
389EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
390int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
391void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
392STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
393int ssl_verify_alarm_type(long type);
394
395int ssl2_enc_init(SSL *s, int client);
396void ssl2_generate_key_material(SSL *s);
397void ssl2_enc(SSL *s,int send_data);
398void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
399SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
400int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
401int ssl2_part_read(SSL *s, unsigned long f, int i);
402int ssl2_do_write(SSL *s);
403int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
404void ssl2_return_error(SSL *s,int reason);
405void ssl2_write_error(SSL *s);
406int ssl2_num_ciphers(void);
407SSL_CIPHER *ssl2_get_cipher(unsigned int u);
408int ssl2_new(SSL *s);
409void ssl2_free(SSL *s);
410int ssl2_accept(SSL *s);
411int ssl2_connect(SSL *s);
412int ssl2_read(SSL *s, void *buf, int len);
413int ssl2_peek(SSL *s, char *buf, int len);
414int ssl2_write(SSL *s, const void *buf, int len);
415int ssl2_shutdown(SSL *s);
416void ssl2_clear(SSL *s);
417long ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
418long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
419int ssl2_pending(SSL *s);
420
421SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
422int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
423void ssl3_init_finished_mac(SSL *s);
424int ssl3_send_server_certificate(SSL *s);
425int ssl3_get_finished(SSL *s,int state_a,int state_b);
426int ssl3_setup_key_block(SSL *s);
427int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
428int ssl3_change_cipher_state(SSL *s,int which);
429void ssl3_cleanup_key_block(SSL *s);
430int ssl3_do_write(SSL *s,int type);
431void ssl3_send_alert(SSL *s,int level, int desc);
432int ssl3_generate_master_secret(SSL *s, unsigned char *out,
433 unsigned char *p, int len);
434int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
435long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
436int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,int slen);
437int ssl3_num_ciphers(void);
438SSL_CIPHER *ssl3_get_cipher(unsigned int u);
439int ssl3_renegotiate(SSL *ssl);
440int ssl3_renegotiate_check(SSL *ssl);
441int ssl3_dispatch_alert(SSL *s);
442int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
443int ssl3_part_read(SSL *s, int i);
444int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
445int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
446 unsigned char *sender, int slen,unsigned char *p);
447int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
448void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
449int ssl3_enc(SSL *s, int send_data);
450int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
451unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
452SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *have,
453 STACK_OF(SSL_CIPHER) *pref);
454int ssl3_setup_buffers(SSL *s);
455int ssl3_new(SSL *s);
456void ssl3_free(SSL *s);
457int ssl3_accept(SSL *s);
458int ssl3_connect(SSL *s);
459int ssl3_read(SSL *s, void *buf, int len);
460int ssl3_peek(SSL *s,char *buf, int len);
461int ssl3_write(SSL *s, const void *buf, int len);
462int ssl3_shutdown(SSL *s);
463void ssl3_clear(SSL *s);
464long ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
465long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
466int ssl3_pending(SSL *s);
467
468int ssl23_accept(SSL *s);
469int ssl23_connect(SSL *s);
470int ssl23_read_bytes(SSL *s, int n);
471int ssl23_write_bytes(SSL *s);
472
473int tls1_new(SSL *s);
474void tls1_free(SSL *s);
475void tls1_clear(SSL *s);
476long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
477SSL_METHOD *tlsv1_base_method(void );
478
479int ssl_init_wbio_buffer(SSL *s, int push);
480void ssl_free_wbio_buffer(SSL *s);
481
482int tls1_change_cipher_state(SSL *s, int which);
483int tls1_setup_key_block(SSL *s);
484int tls1_enc(SSL *s, int snd);
485int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
486 unsigned char *str, int slen, unsigned char *p);
487int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
488int tls1_mac(SSL *ssl, unsigned char *md, int snd);
489int tls1_generate_master_secret(SSL *s, unsigned char *out,
490 unsigned char *p, int len);
491int tls1_alert_code(int code);
492int ssl3_alert_code(int code);
493int ssl_ok(SSL *s);
494
495SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
496STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
497
498
499#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 6ec7a5cdb1..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,815 +0,0 @@
1/* ssl/ssl_rsa.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/bio.h>
61#include <openssl/objects.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64#include <openssl/pem.h>
65#include "ssl_locl.h"
66
67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71 if (x == NULL)
72 {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74 return(0);
75 }
76 if (!ssl_cert_inst(&ssl->cert))
77 {
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 }
83
84#ifndef NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86 {
87 int j;
88 BIO *in;
89 int ret=0;
90 X509 *x=NULL;
91
92 in=BIO_new(BIO_s_file_internal());
93 if (in == NULL)
94 {
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end;
97 }
98
99 if (BIO_read_filename(in,file) <= 0)
100 {
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end;
103 }
104 if (type == SSL_FILETYPE_ASN1)
105 {
106 j=ERR_R_ASN1_LIB;
107 x=d2i_X509_bio(in,NULL);
108 }
109 else if (type == SSL_FILETYPE_PEM)
110 {
111 j=ERR_R_PEM_LIB;
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end;
118 }
119
120 if (x == NULL)
121 {
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end;
124 }
125
126 ret=SSL_use_certificate(ssl,x);
127end:
128 if (x != NULL) X509_free(x);
129 if (in != NULL) BIO_free(in);
130 return(ret);
131 }
132#endif
133
134int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
135 {
136 X509 *x;
137 int ret;
138
139 x=d2i_X509(NULL,&d,(long)len);
140 if (x == NULL)
141 {
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143 return(0);
144 }
145
146 ret=SSL_use_certificate(ssl,x);
147 X509_free(x);
148 return(ret);
149 }
150
151#ifndef NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153 {
154 EVP_PKEY *pkey;
155 int ret;
156
157 if (rsa == NULL)
158 {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160 return(0);
161 }
162 if (!ssl_cert_inst(&ssl->cert))
163 {
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165 return(0);
166 }
167 if ((pkey=EVP_PKEY_new()) == NULL)
168 {
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172
173 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
174 EVP_PKEY_assign_RSA(pkey,rsa);
175
176 ret=ssl_set_pkey(ssl->cert,pkey);
177 EVP_PKEY_free(pkey);
178 return(ret);
179 }
180#endif
181
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183 {
184 int i,ok=0,bad=0;
185
186 i=ssl_cert_type(NULL,pkey);
187 if (i < 0)
188 {
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190 return(0);
191 }
192
193 if (c->pkeys[i].x509 != NULL)
194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
201#ifndef NO_RSA
202 /* Don't check the public/private key, this is mostly
203 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) &
206 RSA_METHOD_FLAG_NO_CHECK))
207 ok=1;
208 else
209#endif
210 if (!X509_check_private_key(c->pkeys[i].x509,pkey))
211 {
212 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
213 {
214 i=(i == SSL_PKEY_DH_RSA)?
215 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
216
217 if (c->pkeys[i].x509 == NULL)
218 ok=1;
219 else
220 {
221 if (!X509_check_private_key(
222 c->pkeys[i].x509,pkey))
223 bad=1;
224 else
225 ok=1;
226 }
227 }
228 else
229 bad=1;
230 }
231 else
232 ok=1;
233 }
234 else
235 ok=1;
236
237 if (bad)
238 {
239 X509_free(c->pkeys[i].x509);
240 c->pkeys[i].x509=NULL;
241 return(0);
242 }
243
244 if (c->pkeys[i].privatekey != NULL)
245 EVP_PKEY_free(c->pkeys[i].privatekey);
246 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
247 c->pkeys[i].privatekey=pkey;
248 c->key= &(c->pkeys[i]);
249
250 c->valid=0;
251 return(1);
252 }
253
254#ifndef NO_RSA
255#ifndef NO_STDIO
256int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
257 {
258 int j,ret=0;
259 BIO *in;
260 RSA *rsa=NULL;
261
262 in=BIO_new(BIO_s_file_internal());
263 if (in == NULL)
264 {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
266 goto end;
267 }
268
269 if (BIO_read_filename(in,file) <= 0)
270 {
271 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
272 goto end;
273 }
274 if (type == SSL_FILETYPE_ASN1)
275 {
276 j=ERR_R_ASN1_LIB;
277 rsa=d2i_RSAPrivateKey_bio(in,NULL);
278 }
279 else if (type == SSL_FILETYPE_PEM)
280 {
281 j=ERR_R_PEM_LIB;
282 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
283 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
284 }
285 else
286 {
287 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
288 goto end;
289 }
290 if (rsa == NULL)
291 {
292 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
293 goto end;
294 }
295 ret=SSL_use_RSAPrivateKey(ssl,rsa);
296 RSA_free(rsa);
297end:
298 if (in != NULL) BIO_free(in);
299 return(ret);
300 }
301#endif
302
303int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
304 {
305 int ret;
306 unsigned char *p;
307 RSA *rsa;
308
309 p=d;
310 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
311 {
312 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
313 return(0);
314 }
315
316 ret=SSL_use_RSAPrivateKey(ssl,rsa);
317 RSA_free(rsa);
318 return(ret);
319 }
320#endif /* !NO_RSA */
321
322int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
323 {
324 int ret;
325
326 if (pkey == NULL)
327 {
328 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
329 return(0);
330 }
331 if (!ssl_cert_inst(&ssl->cert))
332 {
333 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
334 return(0);
335 }
336 ret=ssl_set_pkey(ssl->cert,pkey);
337 return(ret);
338 }
339
340#ifndef NO_STDIO
341int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
342 {
343 int j,ret=0;
344 BIO *in;
345 EVP_PKEY *pkey=NULL;
346
347 in=BIO_new(BIO_s_file_internal());
348 if (in == NULL)
349 {
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
351 goto end;
352 }
353
354 if (BIO_read_filename(in,file) <= 0)
355 {
356 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
357 goto end;
358 }
359 if (type == SSL_FILETYPE_PEM)
360 {
361 j=ERR_R_PEM_LIB;
362 pkey=PEM_read_bio_PrivateKey(in,NULL,
363 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
364 }
365 else
366 {
367 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
368 goto end;
369 }
370 if (pkey == NULL)
371 {
372 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
373 goto end;
374 }
375 ret=SSL_use_PrivateKey(ssl,pkey);
376 EVP_PKEY_free(pkey);
377end:
378 if (in != NULL) BIO_free(in);
379 return(ret);
380 }
381#endif
382
383int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
384 {
385 int ret;
386 unsigned char *p;
387 EVP_PKEY *pkey;
388
389 p=d;
390 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
391 {
392 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
393 return(0);
394 }
395
396 ret=SSL_use_PrivateKey(ssl,pkey);
397 EVP_PKEY_free(pkey);
398 return(ret);
399 }
400
401int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
402 {
403 if (x == NULL)
404 {
405 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
406 return(0);
407 }
408 if (!ssl_cert_inst(&ctx->cert))
409 {
410 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
411 return(0);
412 }
413 return(ssl_set_cert(ctx->cert, x));
414 }
415
416static int ssl_set_cert(CERT *c, X509 *x)
417 {
418 EVP_PKEY *pkey;
419 int i,ok=0,bad=0;
420
421 pkey=X509_get_pubkey(x);
422 if (pkey == NULL)
423 {
424 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
425 return(0);
426 }
427
428 i=ssl_cert_type(x,pkey);
429 if (i < 0)
430 {
431 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
432 EVP_PKEY_free(pkey);
433 return(0);
434 }
435
436 if (c->pkeys[i].privatekey != NULL)
437 {
438 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
439 ERR_clear_error();
440
441#ifndef NO_RSA
442 /* Don't check the public/private key, this is mostly
443 * for smart cards. */
444 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
445 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
446 RSA_METHOD_FLAG_NO_CHECK))
447 ok=1;
448 else
449#endif
450 {
451 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
452 {
453 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
454 {
455 i=(i == SSL_PKEY_DH_RSA)?
456 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
457
458 if (c->pkeys[i].privatekey == NULL)
459 ok=1;
460 else
461 {
462 if (!X509_check_private_key(x,
463 c->pkeys[i].privatekey))
464 bad=1;
465 else
466 ok=1;
467 }
468 }
469 else
470 bad=1;
471 }
472 else
473 ok=1;
474 } /* NO_RSA */
475 }
476 else
477 ok=1;
478
479 EVP_PKEY_free(pkey);
480 if (bad)
481 {
482 EVP_PKEY_free(c->pkeys[i].privatekey);
483 c->pkeys[i].privatekey=NULL;
484 }
485
486 if (c->pkeys[i].x509 != NULL)
487 X509_free(c->pkeys[i].x509);
488 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
489 c->pkeys[i].x509=x;
490 c->key= &(c->pkeys[i]);
491
492 c->valid=0;
493 return(1);
494 }
495
496#ifndef NO_STDIO
497int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
498 {
499 int j;
500 BIO *in;
501 int ret=0;
502 X509 *x=NULL;
503
504 in=BIO_new(BIO_s_file_internal());
505 if (in == NULL)
506 {
507 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
508 goto end;
509 }
510
511 if (BIO_read_filename(in,file) <= 0)
512 {
513 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
514 goto end;
515 }
516 if (type == SSL_FILETYPE_ASN1)
517 {
518 j=ERR_R_ASN1_LIB;
519 x=d2i_X509_bio(in,NULL);
520 }
521 else if (type == SSL_FILETYPE_PEM)
522 {
523 j=ERR_R_PEM_LIB;
524 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
525 }
526 else
527 {
528 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
529 goto end;
530 }
531
532 if (x == NULL)
533 {
534 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
535 goto end;
536 }
537
538 ret=SSL_CTX_use_certificate(ctx,x);
539end:
540 if (x != NULL) X509_free(x);
541 if (in != NULL) BIO_free(in);
542 return(ret);
543 }
544#endif
545
546int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
547 {
548 X509 *x;
549 int ret;
550
551 x=d2i_X509(NULL,&d,(long)len);
552 if (x == NULL)
553 {
554 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
555 return(0);
556 }
557
558 ret=SSL_CTX_use_certificate(ctx,x);
559 X509_free(x);
560 return(ret);
561 }
562
563#ifndef NO_RSA
564int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
565 {
566 int ret;
567 EVP_PKEY *pkey;
568
569 if (rsa == NULL)
570 {
571 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
572 return(0);
573 }
574 if (!ssl_cert_inst(&ctx->cert))
575 {
576 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
577 return(0);
578 }
579 if ((pkey=EVP_PKEY_new()) == NULL)
580 {
581 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
582 return(0);
583 }
584
585 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
586 EVP_PKEY_assign_RSA(pkey,rsa);
587
588 ret=ssl_set_pkey(ctx->cert, pkey);
589 EVP_PKEY_free(pkey);
590 return(ret);
591 }
592
593#ifndef NO_STDIO
594int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
595 {
596 int j,ret=0;
597 BIO *in;
598 RSA *rsa=NULL;
599
600 in=BIO_new(BIO_s_file_internal());
601 if (in == NULL)
602 {
603 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
604 goto end;
605 }
606
607 if (BIO_read_filename(in,file) <= 0)
608 {
609 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
610 goto end;
611 }
612 if (type == SSL_FILETYPE_ASN1)
613 {
614 j=ERR_R_ASN1_LIB;
615 rsa=d2i_RSAPrivateKey_bio(in,NULL);
616 }
617 else if (type == SSL_FILETYPE_PEM)
618 {
619 j=ERR_R_PEM_LIB;
620 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
621 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
622 }
623 else
624 {
625 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
626 goto end;
627 }
628 if (rsa == NULL)
629 {
630 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
631 goto end;
632 }
633 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
634 RSA_free(rsa);
635end:
636 if (in != NULL) BIO_free(in);
637 return(ret);
638 }
639#endif
640
641int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
642 {
643 int ret;
644 unsigned char *p;
645 RSA *rsa;
646
647 p=d;
648 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
649 {
650 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
651 return(0);
652 }
653
654 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
655 RSA_free(rsa);
656 return(ret);
657 }
658#endif /* !NO_RSA */
659
660int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
661 {
662 if (pkey == NULL)
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
665 return(0);
666 }
667 if (!ssl_cert_inst(&ctx->cert))
668 {
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
670 return(0);
671 }
672 return(ssl_set_pkey(ctx->cert,pkey));
673 }
674
675#ifndef NO_STDIO
676int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
677 {
678 int j,ret=0;
679 BIO *in;
680 EVP_PKEY *pkey=NULL;
681
682 in=BIO_new(BIO_s_file_internal());
683 if (in == NULL)
684 {
685 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
686 goto end;
687 }
688
689 if (BIO_read_filename(in,file) <= 0)
690 {
691 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
692 goto end;
693 }
694 if (type == SSL_FILETYPE_PEM)
695 {
696 j=ERR_R_PEM_LIB;
697 pkey=PEM_read_bio_PrivateKey(in,NULL,
698 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
699 }
700 else
701 {
702 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
703 goto end;
704 }
705 if (pkey == NULL)
706 {
707 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
708 goto end;
709 }
710 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
711 EVP_PKEY_free(pkey);
712end:
713 if (in != NULL) BIO_free(in);
714 return(ret);
715 }
716#endif
717
718int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
719 long len)
720 {
721 int ret;
722 unsigned char *p;
723 EVP_PKEY *pkey;
724
725 p=d;
726 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
727 {
728 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
729 return(0);
730 }
731
732 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
733 EVP_PKEY_free(pkey);
734 return(ret);
735 }
736
737
738#ifndef NO_STDIO
739/* Read a file that contains our certificate in "PEM" format,
740 * possibly followed by a sequence of CA certificates that should be
741 * sent to the peer in the Certificate message.
742 */
743int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
744 {
745 BIO *in;
746 int ret=0;
747 X509 *x=NULL;
748
749 in=BIO_new(BIO_s_file_internal());
750 if (in == NULL)
751 {
752 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
753 goto end;
754 }
755
756 if (BIO_read_filename(in,file) <= 0)
757 {
758 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
759 goto end;
760 }
761
762 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
763 if (x == NULL)
764 {
765 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
766 goto end;
767 }
768
769 ret=SSL_CTX_use_certificate(ctx,x);
770 if (ERR_peek_error() != 0)
771 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
772 if (ret)
773 {
774 /* If we could set up our certificate, now proceed to
775 * the CA certificates.
776 */
777 X509 *ca;
778 int r;
779 unsigned long err;
780
781 if (ctx->extra_certs != NULL)
782 {
783 sk_X509_pop_free(ctx->extra_certs, X509_free);
784 ctx->extra_certs = NULL;
785 }
786
787 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
788 != NULL)
789 {
790 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
791 if (!r)
792 {
793 X509_free(ca);
794 ret = 0;
795 goto end;
796 }
797 /* Note that we must not free r if it was successfully
798 * added to the chain (while we must free the main
799 * certificate, since its reference count is increased
800 * by SSL_CTX_use_certificate). */
801 }
802 /* When the while loop ends, it's usually just EOF. */
803 err = ERR_peek_error();
804 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
805 (void) ERR_get_error();
806 else
807 ret = 0; /* some real error */
808 }
809
810end:
811 if (x != NULL) X509_free(x);
812 if (in != NULL) BIO_free(in);
813 return(ret);
814 }
815#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 681499f08a..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,637 +0,0 @@
1/* ssl/ssl_sess.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/lhash.h>
61#include <openssl/rand.h>
62#include "ssl_locl.h"
63
64static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
65static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
66static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
67static int ssl_session_num=0;
68static STACK *ssl_session_meth=NULL;
69
70SSL_SESSION *SSL_get_session(SSL *ssl)
71 {
72 return(ssl->session);
73 }
74
75int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
76 int (*dup_func)(), void (*free_func)())
77 {
78 ssl_session_num++;
79 return(CRYPTO_get_ex_new_index(ssl_session_num-1,
80 &ssl_session_meth,
81 argl,argp,new_func,dup_func,free_func));
82 }
83
84int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
85 {
86 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
87 }
88
89void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
90 {
91 return(CRYPTO_get_ex_data(&s->ex_data,idx));
92 }
93
94SSL_SESSION *SSL_SESSION_new(void)
95 {
96 SSL_SESSION *ss;
97
98 ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
99 if (ss == NULL)
100 {
101 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
102 return(0);
103 }
104 memset(ss,0,sizeof(SSL_SESSION));
105
106 ss->references=1;
107 ss->timeout=60*5+4; /* 5 minute timeout by default */
108 ss->time=time(NULL);
109 ss->prev=NULL;
110 ss->next=NULL;
111 ss->compress_meth=0;
112 CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
113 return(ss);
114 }
115
116int ssl_get_new_session(SSL *s, int session)
117 {
118 /* This gets used by clients and servers. */
119
120 SSL_SESSION *ss=NULL;
121
122 if ((ss=SSL_SESSION_new()) == NULL) return(0);
123
124 /* If the context has a default timeout, use it */
125 if (s->ctx->session_timeout == 0)
126 ss->timeout=SSL_get_default_timeout(s);
127 else
128 ss->timeout=s->ctx->session_timeout;
129
130 if (s->session != NULL)
131 {
132 SSL_SESSION_free(s->session);
133 s->session=NULL;
134 }
135
136 if (session)
137 {
138 if (s->version == SSL2_VERSION)
139 {
140 ss->ssl_version=SSL2_VERSION;
141 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
142 }
143 else if (s->version == SSL3_VERSION)
144 {
145 ss->ssl_version=SSL3_VERSION;
146 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
147 }
148 else if (s->version == TLS1_VERSION)
149 {
150 ss->ssl_version=TLS1_VERSION;
151 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
152 }
153 else
154 {
155 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
156 SSL_SESSION_free(ss);
157 return(0);
158 }
159
160 for (;;)
161 {
162 SSL_SESSION *r;
163
164 RAND_bytes(ss->session_id,ss->session_id_length);
165 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
166 r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
167 (char *)ss);
168 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
169 if (r == NULL) break;
170 /* else - woops a session_id match */
171 /* XXX should also check external cache!
172 * (But the probability of a collision is negligible, anyway...) */
173 }
174 }
175 else
176 {
177 ss->session_id_length=0;
178 }
179
180 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
181 ss->sid_ctx_length=s->sid_ctx_length;
182 s->session=ss;
183 ss->ssl_version=s->version;
184
185 return(1);
186 }
187
188int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
189 {
190 /* This is used only by servers. */
191
192 SSL_SESSION *ret=NULL,data;
193 int fatal = 0;
194
195 /* conn_init();*/
196 data.ssl_version=s->version;
197 data.session_id_length=len;
198 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
199 goto err;
200 memcpy(data.session_id,session_id,len);
201
202 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
203 {
204 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
205 ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
206 if (ret != NULL)
207 /* don't allow other threads to steal it: */
208 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
209 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
210 }
211
212 if (ret == NULL)
213 {
214 int copy=1;
215
216 s->ctx->stats.sess_miss++;
217 ret=NULL;
218 if (s->ctx->get_session_cb != NULL
219 && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
220 != NULL)
221 {
222 s->ctx->stats.sess_cb_hit++;
223
224 /* Increment reference count now if the session callback
225 * asks us to do so (note that if the session structures
226 * returned by the callback are shared between threads,
227 * it must handle the reference count itself [i.e. copy == 0],
228 * or things won't be thread-safe). */
229 if (copy)
230 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
231
232 /* The following should not return 1, otherwise,
233 * things are very strange */
234 SSL_CTX_add_session(s->ctx,ret);
235 }
236 if (ret == NULL)
237 goto err;
238 }
239
240 /* Now ret is non-NULL, and we own one of its reference counts. */
241
242 if((s->verify_mode&SSL_VERIFY_PEER)
243 && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
244 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
245 {
246 /* We've found the session named by the client, but we don't
247 * want to use it in this context. */
248
249 if (s->sid_ctx_length == 0)
250 {
251 /* application should have used SSL[_CTX]_set_session_id_context
252 * -- we could tolerate this and just pretend we never heard
253 * of this session, but then applications could effectively
254 * disable the session cache by accident without anyone noticing */
255
256 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
257 fatal = 1;
258 goto err;
259 }
260 else
261 {
262#if 0 /* The client cannot always know when a session is not appropriate,
263 * so we shouldn't generate an error message. */
264
265 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
266#endif
267 goto err; /* treat like cache miss */
268 }
269 }
270
271 if (ret->cipher == NULL)
272 {
273 unsigned char buf[5],*p;
274 unsigned long l;
275
276 p=buf;
277 l=ret->cipher_id;
278 l2n(l,p);
279 if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
280 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
281 else
282 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
283 if (ret->cipher == NULL)
284 goto err;
285 }
286
287
288#if 0 /* This is way too late. */
289
290 /* If a thread got the session, then 'swaped', and another got
291 * it and then due to a time-out decided to 'Free' it we could
292 * be in trouble. So I'll increment it now, then double decrement
293 * later - am I speaking rubbish?. */
294 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
295#endif
296
297 if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
298 {
299 s->ctx->stats.sess_timeout++;
300 /* remove it from the cache */
301 SSL_CTX_remove_session(s->ctx,ret);
302 goto err;
303 }
304
305 s->ctx->stats.sess_hit++;
306
307 /* ret->time=time(NULL); */ /* rezero timeout? */
308 /* again, just leave the session
309 * if it is the same session, we have just incremented and
310 * then decremented the reference count :-) */
311 if (s->session != NULL)
312 SSL_SESSION_free(s->session);
313 s->session=ret;
314 return(1);
315
316 err:
317 if (ret != NULL)
318 SSL_SESSION_free(ret);
319 if (fatal)
320 return -1;
321 else
322 return 0;
323 }
324
325int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
326 {
327 int ret=0;
328 SSL_SESSION *s;
329
330 /* conn_init(); */
331 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
332
333 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
334 s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
335
336 /* Put on the end of the queue unless it is already in the cache */
337 if (s == NULL)
338 SSL_SESSION_list_add(ctx,c);
339
340 /* If the same session if is being 're-added', Free the old
341 * one when the last person stops using it.
342 * This will also work if it is alread in the cache.
343 * The references will go up and then down :-) */
344 if (s != NULL)
345 {
346 SSL_SESSION_free(s);
347 ret=0;
348 }
349 else
350 {
351 ret=1;
352
353 if (SSL_CTX_sess_get_cache_size(ctx) > 0)
354 {
355 while (SSL_CTX_sess_number(ctx) >
356 SSL_CTX_sess_get_cache_size(ctx))
357 {
358 if (!remove_session_lock(ctx,
359 ctx->session_cache_tail, 0))
360 break;
361 else
362 ctx->stats.sess_cache_full++;
363 }
364 }
365 }
366 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
367 return(ret);
368 }
369
370int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
371{
372 return remove_session_lock(ctx, c, 1);
373}
374
375static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
376 {
377 SSL_SESSION *r;
378 int ret=0;
379
380 if ((c != NULL) && (c->session_id_length != 0))
381 {
382 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
383 r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
384 if (r != NULL)
385 {
386 ret=1;
387 SSL_SESSION_list_remove(ctx,c);
388 }
389
390 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
391
392 if (ret)
393 {
394 r->not_resumable=1;
395 if (ctx->remove_session_cb != NULL)
396 ctx->remove_session_cb(ctx,r);
397 SSL_SESSION_free(r);
398 }
399 }
400 else
401 ret=0;
402 return(ret);
403 }
404
405void SSL_SESSION_free(SSL_SESSION *ss)
406 {
407 int i;
408
409 if(ss == NULL)
410 return;
411
412 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
413#ifdef REF_PRINT
414 REF_PRINT("SSL_SESSION",ss);
415#endif
416 if (i > 0) return;
417#ifdef REF_CHECK
418 if (i < 0)
419 {
420 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
421 abort(); /* ok */
422 }
423#endif
424
425 CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
426
427 memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
428 memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
429 memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
430 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
431 if (ss->peer != NULL) X509_free(ss->peer);
432 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
433 memset(ss,0,sizeof(*ss));
434 Free(ss);
435 }
436
437int SSL_set_session(SSL *s, SSL_SESSION *session)
438 {
439 int ret=0;
440 SSL_METHOD *meth;
441
442 if (session != NULL)
443 {
444 meth=s->ctx->method->get_ssl_method(session->ssl_version);
445 if (meth == NULL)
446 meth=s->method->get_ssl_method(session->ssl_version);
447 if (meth == NULL)
448 {
449 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
450 return(0);
451 }
452
453 if (meth != s->method)
454 {
455 if (!SSL_set_ssl_method(s,meth))
456 return(0);
457 if (s->ctx->session_timeout == 0)
458 session->timeout=SSL_get_default_timeout(s);
459 else
460 session->timeout=s->ctx->session_timeout;
461 }
462
463 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
464 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
465 if (s->session != NULL)
466 SSL_SESSION_free(s->session);
467 s->session=session;
468 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
469 ret=1;
470 }
471 else
472 {
473 if (s->session != NULL)
474 {
475 SSL_SESSION_free(s->session);
476 s->session=NULL;
477 }
478
479 meth=s->ctx->method;
480 if (meth != s->method)
481 {
482 if (!SSL_set_ssl_method(s,meth))
483 return(0);
484 }
485 ret=1;
486 }
487 return(ret);
488 }
489
490long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
491 {
492 if (s == NULL) return(0);
493 s->timeout=t;
494 return(1);
495 }
496
497long SSL_SESSION_get_timeout(SSL_SESSION *s)
498 {
499 if (s == NULL) return(0);
500 return(s->timeout);
501 }
502
503long SSL_SESSION_get_time(SSL_SESSION *s)
504 {
505 if (s == NULL) return(0);
506 return(s->time);
507 }
508
509long SSL_SESSION_set_time(SSL_SESSION *s, long t)
510 {
511 if (s == NULL) return(0);
512 s->time=t;
513 return(t);
514 }
515
516long SSL_CTX_set_timeout(SSL_CTX *s, long t)
517 {
518 long l;
519 if (s == NULL) return(0);
520 l=s->session_timeout;
521 s->session_timeout=t;
522 return(l);
523 }
524
525long SSL_CTX_get_timeout(SSL_CTX *s)
526 {
527 if (s == NULL) return(0);
528 return(s->session_timeout);
529 }
530
531typedef struct timeout_param_st
532 {
533 SSL_CTX *ctx;
534 long time;
535 LHASH *cache;
536 } TIMEOUT_PARAM;
537
538static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
539 {
540 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
541 {
542 /* The reason we don't call SSL_CTX_remove_session() is to
543 * save on locking overhead */
544 lh_delete(p->cache,(char *)s);
545 SSL_SESSION_list_remove(p->ctx,s);
546 s->not_resumable=1;
547 if (p->ctx->remove_session_cb != NULL)
548 p->ctx->remove_session_cb(p->ctx,s);
549 SSL_SESSION_free(s);
550 }
551 }
552
553void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
554 {
555 unsigned long i;
556 TIMEOUT_PARAM tp;
557
558 tp.ctx=s;
559 tp.cache=s->sessions;
560 if (tp.cache == NULL) return;
561 tp.time=t;
562 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
563 i=tp.cache->down_load;
564 tp.cache->down_load=0;
565 lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
566 tp.cache->down_load=i;
567 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
568 }
569
570int ssl_clear_bad_session(SSL *s)
571 {
572 if ( (s->session != NULL) &&
573 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
574 !(SSL_in_init(s) || SSL_in_before(s)))
575 {
576 SSL_CTX_remove_session(s->ctx,s->session);
577 return(1);
578 }
579 else
580 return(0);
581 }
582
583/* locked by SSL_CTX in the calling function */
584static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
585 {
586 if ((s->next == NULL) || (s->prev == NULL)) return;
587
588 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
589 { /* last element in list */
590 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
591 { /* only one element in list */
592 ctx->session_cache_head=NULL;
593 ctx->session_cache_tail=NULL;
594 }
595 else
596 {
597 ctx->session_cache_tail=s->prev;
598 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
599 }
600 }
601 else
602 {
603 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
604 { /* first element in list */
605 ctx->session_cache_head=s->next;
606 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
607 }
608 else
609 { /* middle of list */
610 s->next->prev=s->prev;
611 s->prev->next=s->next;
612 }
613 }
614 s->prev=s->next=NULL;
615 }
616
617static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
618 {
619 if ((s->next != NULL) && (s->prev != NULL))
620 SSL_SESSION_list_remove(ctx,s);
621
622 if (ctx->session_cache_head == NULL)
623 {
624 ctx->session_cache_head=s;
625 ctx->session_cache_tail=s;
626 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
627 s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
628 }
629 else
630 {
631 s->next=ctx->session_cache_head;
632 s->next->prev=s;
633 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
634 ctx->session_cache_head=s;
635 }
636 }
637
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 3eca4ee601..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,454 +0,0 @@
1/* ssl/ssl_stat.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61
62char *SSL_state_string_long(SSL *s)
63 {
64 char *str;
65
66 switch (s->state)
67 {
68case SSL_ST_BEFORE: str="before SSL initialization"; break;
69case SSL_ST_ACCEPT: str="before accept initialization"; break;
70case SSL_ST_CONNECT: str="before connect initialization"; break;
71case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
72case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
73case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
74case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
75case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
76case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
77#ifndef NO_SSL2
78case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
79case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
80case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
81case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
82case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
83case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
84case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
85case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
86case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
87case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
88case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
89case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
90case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
91case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
92case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
93case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
94case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
95case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
96case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
97case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
98case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
99case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
100case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
101case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
102case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
103case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
104case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
105case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
106case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
107case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
108case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
109case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
110case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
111case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
112case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
113case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
114case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
115case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
116#endif
117
118#ifndef NO_SSL3
119/* SSLv3 additions */
120case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
121case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
122case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
123case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
124case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
125case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
126case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
127case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
128case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
129case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
130case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
131case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
132case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
133case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
134case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
135case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
136case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
137case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
138case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
139case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify A"; break;
140
141case SSL3_ST_CW_CHANGE_A:
142case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
143case SSL3_ST_CW_CHANGE_B:
144case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
145case SSL3_ST_CW_FINISHED_A:
146case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
147case SSL3_ST_CW_FINISHED_B:
148case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished A"; break;
149case SSL3_ST_CR_CHANGE_A:
150case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
151case SSL3_ST_CR_CHANGE_B:
152case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
153case SSL3_ST_CR_FINISHED_A:
154case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
155case SSL3_ST_CR_FINISHED_B:
156case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
157
158case SSL3_ST_CW_FLUSH:
159case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
160
161case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
162case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
163case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
164case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
165case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
166case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
167case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
168case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
169case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
170case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
171case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
172case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
173case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
174case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
175case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
176case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
177case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
178case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
179case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
180case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
181case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
182case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
183#endif
184
185#if !defined(NO_SSL2) && !defined(NO_SSL3)
186/* SSLv2/v3 compatablitity states */
187/* client */
188case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
189case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
190case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
191case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
192/* server */
193case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
194case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
195#endif
196
197default: str="unknown state"; break;
198 }
199 return(str);
200 }
201
202char *SSL_rstate_string_long(SSL *s)
203 {
204 char *str;
205
206 switch (s->rstate)
207 {
208 case SSL_ST_READ_HEADER: str="read header"; break;
209 case SSL_ST_READ_BODY: str="read body"; break;
210 case SSL_ST_READ_DONE: str="read done"; break;
211 default: str="unknown"; break;
212 }
213 return(str);
214 }
215
216char *SSL_state_string(SSL *s)
217 {
218 char *str;
219
220 switch (s->state)
221 {
222case SSL_ST_BEFORE: str="PINIT "; break;
223case SSL_ST_ACCEPT: str="AINIT "; break;
224case SSL_ST_CONNECT: str="CINIT "; break;
225case SSL_ST_OK: str="SSLOK "; break;
226#ifndef NO_SSL2
227case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
228case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
229case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
230case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
231case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
232case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
233case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
234case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
235case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
236case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
237case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
238case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
239case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
240case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
241case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
242case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
243case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
244case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
245case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
246case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
247case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
248case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
249case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
250case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
251case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
252case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
253case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
254case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
255case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
256case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
257case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
258case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
259case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
260case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
261case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
262case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
263case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
264case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
265#endif
266
267#ifndef NO_SSL3
268/* SSLv3 additions */
269case SSL3_ST_SW_FLUSH:
270case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
271case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
272case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
273case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
274case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
275case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
276case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
277case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
278case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
279case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
280case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
281case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
282case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
283case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
284case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
285case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
286case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
287case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
288case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
289case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
290case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
291
292case SSL3_ST_SW_CHANGE_A:
293case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
294case SSL3_ST_SW_CHANGE_B:
295case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
296case SSL3_ST_SW_FINISHED_A:
297case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
298case SSL3_ST_SW_FINISHED_B:
299case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
300case SSL3_ST_SR_CHANGE_A:
301case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
302case SSL3_ST_SR_CHANGE_B:
303case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
304case SSL3_ST_SR_FINISHED_A:
305case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
306case SSL3_ST_SR_FINISHED_B:
307case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
308
309case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
310case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
311case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
312case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
313case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
314case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
315case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
316case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
317case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
318case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
319case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
320case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
321case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
322case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
323case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
324case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
325case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
326case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
327case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
328case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
329case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
330case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
331#endif
332
333#if !defined(NO_SSL2) && !defined(NO_SSL3)
334/* SSLv2/v3 compatablitity states */
335/* client */
336case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
337case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
338case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
339case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
340/* server */
341case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
342case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
343#endif
344
345default: str="UNKWN "; break;
346 }
347 return(str);
348 }
349
350char *SSL_alert_type_string_long(int value)
351 {
352 value>>=8;
353 if (value == SSL3_AL_WARNING)
354 return("warning");
355 else if (value == SSL3_AL_FATAL)
356 return("fatal");
357 else
358 return("unknown");
359 }
360
361char *SSL_alert_type_string(int value)
362 {
363 value>>=8;
364 if (value == SSL3_AL_WARNING)
365 return("W");
366 else if (value == SSL3_AL_FATAL)
367 return("F");
368 else
369 return("U");
370 }
371
372char *SSL_alert_desc_string(int value)
373 {
374 char *str;
375
376 switch (value & 0xff)
377 {
378 case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
379 case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
380 case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
381 case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
382 case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
383 case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
384 case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
385 case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
386 case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
387 case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
388 case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
389 case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
390 default: str="UK"; break;
391 }
392 return(str);
393 }
394
395char *SSL_alert_desc_string_long(int value)
396 {
397 char *str;
398
399 switch (value & 0xff)
400 {
401 case SSL3_AD_CLOSE_NOTIFY:
402 str="close notify";
403 break;
404 case SSL3_AD_UNEXPECTED_MESSAGE:
405 str="unexected_message";
406 break;
407 case SSL3_AD_BAD_RECORD_MAC:
408 str="bad record mac";
409 break;
410 case SSL3_AD_DECOMPRESSION_FAILURE:
411 str="decompression failure";
412 break;
413 case SSL3_AD_HANDSHAKE_FAILURE:
414 str="handshake failure";
415 break;
416 case SSL3_AD_NO_CERTIFICATE:
417 str="no certificate";
418 break;
419 case SSL3_AD_BAD_CERTIFICATE:
420 str="bad certificate";
421 break;
422 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
423 str="unsupported certificate";
424 break;
425 case SSL3_AD_CERTIFICATE_REVOKED:
426 str="certificate revoked";
427 break;
428 case SSL3_AD_CERTIFICATE_EXPIRED:
429 str="certificate expired";
430 break;
431 case SSL3_AD_CERTIFICATE_UNKNOWN:
432 str="certifcate unknown";
433 break;
434 case SSL3_AD_ILLEGAL_PARAMETER:
435 str="illegal parameter";
436 break;
437 default: str="unknown"; break;
438 }
439 return(str);
440 }
441
442char *SSL_rstate_string(SSL *s)
443 {
444 char *str;
445
446 switch (s->rstate)
447 {
448 case SSL_ST_READ_HEADER:str="RH"; break;
449 case SSL_ST_READ_BODY: str="RB"; break;
450 case SSL_ST_READ_DONE: str="RD"; break;
451 default: str="unknown"; break;
452 }
453 return(str);
454 }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index ca67a98d89..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,171 +0,0 @@
1/* ssl/ssl_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/buffer.h>
61#include "ssl_locl.h"
62
63#ifndef NO_FP_API
64int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
65 {
66 BIO *b;
67 int ret;
68
69 if ((b=BIO_new(BIO_s_file_internal())) == NULL)
70 {
71 SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
72 return(0);
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=SSL_SESSION_print(b,x);
76 BIO_free(b);
77 return(ret);
78 }
79#endif
80
81int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
82 {
83 unsigned int i;
84 char str[128],*s;
85
86 if (x == NULL) goto err;
87 if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
88 if (x->ssl_version == SSL2_VERSION)
89 s="SSLv2";
90 else if (x->ssl_version == SSL3_VERSION)
91 s="SSLv3";
92 else if (x->ssl_version == TLS1_VERSION)
93 s="TLSv1";
94 else
95 s="unknown";
96 sprintf(str," Protocol : %s\n",s);
97 if (BIO_puts(bp,str) <= 0) goto err;
98
99 if (x->cipher == NULL)
100 {
101 if (((x->cipher_id) & 0xff000000) == 0x02000000)
102 sprintf(str," Cipher : %06lX\n",x->cipher_id&0xffffff);
103 else
104 sprintf(str," Cipher : %04lX\n",x->cipher_id&0xffff);
105 }
106 else
107 sprintf(str," Cipher : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
108 if (BIO_puts(bp,str) <= 0) goto err;
109 if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
110 for (i=0; i<x->session_id_length; i++)
111 {
112 sprintf(str,"%02X",x->session_id[i]);
113 if (BIO_puts(bp,str) <= 0) goto err;
114 }
115 if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err;
116 for (i=0; i<x->sid_ctx_length; i++)
117 {
118 sprintf(str,"%02X",x->sid_ctx[i]);
119 if (BIO_puts(bp,str) <= 0) goto err;
120 }
121 if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
122 for (i=0; i<(unsigned int)x->master_key_length; i++)
123 {
124 sprintf(str,"%02X",x->master_key[i]);
125 if (BIO_puts(bp,str) <= 0) goto err;
126 }
127 if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
128 if (x->key_arg_length == 0)
129 {
130 if (BIO_puts(bp,"None") <= 0) goto err;
131 }
132 else
133 for (i=0; i<x->key_arg_length; i++)
134 {
135 sprintf(str,"%02X",x->key_arg[i]);
136 if (BIO_puts(bp,str) <= 0) goto err;
137 }
138 if (x->compress_meth != 0)
139 {
140 SSL_COMP *comp;
141
142 ssl_cipher_get_evp(x,NULL,NULL,&comp);
143 if (comp == NULL)
144 {
145 sprintf(str,"\n Compression: %d",x->compress_meth);
146 if (BIO_puts(bp,str) <= 0) goto err;
147 }
148 else
149 {
150 sprintf(str,"\n Compression: %d (%s)",
151 comp->id,comp->method->name);
152 if (BIO_puts(bp,str) <= 0) goto err;
153 }
154 }
155 if (x->time != 0L)
156 {
157 sprintf(str,"\n Start Time: %ld",x->time);
158 if (BIO_puts(bp,str) <= 0) goto err;
159 }
160 if (x->timeout != 0L)
161 {
162 sprintf(str,"\n Timeout : %ld (sec)",x->timeout);
163 if (BIO_puts(bp,str) <= 0) goto err;
164 }
165 if (BIO_puts(bp,"\n") <= 0) goto err;
166
167 return(1);
168err:
169 return(0);
170 }
171
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-18 20:46:03 +0000